autoremediator 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/api/options-schema.ts","../src/api/reporting.ts","../src/api/sarif.ts","../src/api/patches/inspection.ts","../src/remediation/strategies/patch-utils.ts","../src/platform/package-manager/index.ts","../src/platform/package-manager/list-parser.ts","../src/api/patches/helpers.ts","../src/remediation/tools/check-inventory.ts","../src/platform/policy.ts","../src/api/patches/validation.ts","../src/platform/config.ts","../src/platform/idempotency.ts","../src/remediation/pipeline.ts","../src/platform/http-client.ts","../src/intelligence/sources/osv.ts","../src/intelligence/sources/github-advisory.ts","../src/intelligence/sources/nvd.ts","../src/intelligence/sources/registry.ts","../src/remediation/tools/apply-version-bump.ts","../src/platform/repo-lock.ts","../src/remediation/tools/apply-package-override/index.ts","../src/remediation/tools/apply-package-override/helpers.ts","../src/remediation/local/primary-strategy.ts","../src/remediation/tools/fetch-package-source.ts","../src/remediation/tools/generate-patch/index.ts","../src/remediation/strategies/patch-synthesis-prompt.ts","../src/remediation/tools/generate-patch/helpers.ts","../src/remediation/tools/apply-patch-file/index.ts","../src/remediation/tools/apply-patch-file/helpers.ts","../src/remediation/local/fallback.ts","../src/remediation/local/options.ts","../src/remediation/local/vulnerability-match.ts","../src/remediation/local/summary.ts","../src/remediation/local/run.ts","../src/remediation/strategies/pipeline-telemetry.ts","../src/remediation/orchestration-prompt.ts","../src/remediation/pipeline-runtime/progress.ts","../src/remediation/tools/lookup-cve.ts","../src/intelligence/sources/cisa-kev.ts","../src/intelligence/sources/epss.ts","../src/intelligence/sources/cve-services.ts","../src/intelligence/sources/gitlab-advisory.ts","../src/intelligence/sources/certcc.ts","../src/intelligence/sources/deps-dev.ts","../src/intelligence/sources/ossf-scorecard.ts","../src/intelligence/sources/external-feeds.ts","../src/remediation/tools/check-version-match.ts","../src/remediation/tools/find-fixed-version.ts","../src/remediation/runtime-tools.ts","../src/remediation/pipeline-runtime/tool-wrappers.ts","../src/remediation/pipeline-runtime/index.ts","../src/api/context.ts","../src/platform/evidence.ts","../src/api/remediate.evidence.ts","../src/api/remediate/validators.ts","../src/api/remediate/index.ts","../src/scanner/parse-input.ts","../src/scanner/adapters/npm-audit.ts","../src/scanner/adapters/yarn-audit.ts","../src/scanner/adapters/sarif.ts","../src/scanner/unique-cve-ids.ts","../src/api/scan-execution.ts","../src/api/scan-outcome.ts","../src/api/remediate-from-scan/report-metrics.ts","../src/api/remediate-from-scan/index.ts"],"sourcesContent":["export type JsonSchemaProperty = Record<string, unknown>;\n\nexport const PACKAGE_MANAGER_VALUES = [\"npm\", \"pnpm\", \"yarn\"] as const;\nexport const LLM_PROVIDER_VALUES = [\"remote\", \"local\"] as const;\nexport const PROVENANCE_SOURCE_VALUES = [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] as const;\n\nexport const OPTION_DESCRIPTIONS = {\n cveId: \"CVE ID, e.g. CVE-2021-23337\",\n inputPath: \"Absolute path to the scanner output file\",\n cwd: \"Absolute path to the project root (default: process.cwd())\",\n packageManager: \"Package manager override (auto-detected by default)\",\n dryRun: \"If true, plan changes but write nothing\",\n preview: \"If true, enforce non-mutating preview mode\",\n runTests: \"Run package-manager test command after applying fix\",\n llmProvider: \"LLM provider override (remote|local)\",\n model: \"LLM model override\",\n modelPersonality: \"Prompt behavior profile: analytical|pragmatic|balanced\",\n providerSafetyProfile: \"Safety posture profile for confidence gates: strict|relaxed\",\n requireConsensusForHighRisk: \"Require second-provider agreement for high-risk generated patches\",\n consensusProvider: \"Provider override for high-risk consensus verification (remote|local)\",\n consensusModel: \"Model override for high-risk consensus verification\",\n patchConfidenceThresholdLow: \"Patch acceptance confidence threshold for low-risk patches (0..1)\",\n patchConfidenceThresholdMedium: \"Patch acceptance confidence threshold for medium-risk patches (0..1)\",\n patchConfidenceThresholdHigh: \"Patch acceptance confidence threshold for high-risk patches (0..1)\",\n dynamicModelRouting: \"Enable dynamic model selection by input size\",\n dynamicRoutingThresholdChars: \"Input size threshold used by dynamic model routing\",\n patchesDir: \"Directory to write .patch files (default: ./patches)\",\n policy: \"Optional path to .autoremediator policy file\",\n requestId: \"Request correlation ID\",\n sessionId: \"Session correlation ID\",\n parentRunId: \"Parent run correlation ID\",\n idempotencyKey: \"Idempotency key for replay-safe execution\",\n resume: \"Return cached result for matching idempotency key when available\",\n actor: \"Actor identity for evidence provenance\",\n source: \"Source system for provenance\",\n format: \"Scanner format (default: auto)\",\n audit: \"Run package-manager-native audit command instead of reading a scan file\",\n evidence: \"Write evidence JSON to .autoremediator/evidence/ (default: true)\",\n directDependenciesOnly: \"Restrict remediation to direct dependencies only\",\n preferVersionBump: \"Reject override and patch remediation when version-bump-only policy is required\",\n installMode: \"Install behavior profile: deterministic|prefer-offline|standard\",\n installPreferOffline: \"Override prefer-offline flag behavior for install commands\",\n enforceFrozenLockfile: \"Override frozen lockfile behavior for install commands\",\n workspace: \"Workspace/package selector for scoped remediation in monorepos\",\n} as const;\n\nexport function createConstraintSchemaProperties(): Record<string, JsonSchemaProperty> {\n return {\n directDependenciesOnly: { type: \"boolean\", description: OPTION_DESCRIPTIONS.directDependenciesOnly },\n preferVersionBump: { type: \"boolean\", description: OPTION_DESCRIPTIONS.preferVersionBump },\n installMode: {\n type: \"string\",\n enum: [\"deterministic\", \"prefer-offline\", \"standard\"],\n description: OPTION_DESCRIPTIONS.installMode,\n },\n installPreferOffline: { type: \"boolean\", description: OPTION_DESCRIPTIONS.installPreferOffline },\n enforceFrozenLockfile: { type: \"boolean\", description: OPTION_DESCRIPTIONS.enforceFrozenLockfile },\n workspace: { type: \"string\", description: OPTION_DESCRIPTIONS.workspace },\n };\n}\n\nexport function createRemediateOptionSchemaProperties(options?: {\n includeDryRun?: boolean;\n includePreview?: boolean;\n includeEvidence?: boolean;\n}): Record<string, JsonSchemaProperty> {\n const includeDryRun = options?.includeDryRun ?? true;\n const includePreview = options?.includePreview ?? true;\n const includeEvidence = options?.includeEvidence ?? true;\n\n return {\n cwd: { type: \"string\", description: OPTION_DESCRIPTIONS.cwd },\n packageManager: { type: \"string\", enum: [...PACKAGE_MANAGER_VALUES], description: OPTION_DESCRIPTIONS.packageManager },\n ...(includeDryRun ? { dryRun: { type: \"boolean\", description: OPTION_DESCRIPTIONS.dryRun } } : {}),\n ...(includePreview ? { preview: { type: \"boolean\", description: OPTION_DESCRIPTIONS.preview } } : {}),\n runTests: { type: \"boolean\", description: OPTION_DESCRIPTIONS.runTests },\n llmProvider: { type: \"string\", enum: [...LLM_PROVIDER_VALUES], description: OPTION_DESCRIPTIONS.llmProvider },\n model: { type: \"string\", description: OPTION_DESCRIPTIONS.model },\n modelPersonality: { type: \"string\", enum: [\"analytical\", \"pragmatic\", \"balanced\"], description: OPTION_DESCRIPTIONS.modelPersonality },\n providerSafetyProfile: { type: \"string\", enum: [\"strict\", \"relaxed\"], description: OPTION_DESCRIPTIONS.providerSafetyProfile },\n requireConsensusForHighRisk: { type: \"boolean\", description: OPTION_DESCRIPTIONS.requireConsensusForHighRisk },\n consensusProvider: { type: \"string\", enum: [...LLM_PROVIDER_VALUES], description: OPTION_DESCRIPTIONS.consensusProvider },\n consensusModel: { type: \"string\", description: OPTION_DESCRIPTIONS.consensusModel },\n patchConfidenceThresholds: {\n type: \"object\",\n properties: {\n low: { type: \"number\", minimum: 0, maximum: 1, description: OPTION_DESCRIPTIONS.patchConfidenceThresholdLow },\n medium: { type: \"number\", minimum: 0, maximum: 1, description: OPTION_DESCRIPTIONS.patchConfidenceThresholdMedium },\n high: { type: \"number\", minimum: 0, maximum: 1, description: OPTION_DESCRIPTIONS.patchConfidenceThresholdHigh },\n },\n },\n dynamicModelRouting: { type: \"boolean\", description: OPTION_DESCRIPTIONS.dynamicModelRouting },\n dynamicRoutingThresholdChars: { type: \"number\", description: OPTION_DESCRIPTIONS.dynamicRoutingThresholdChars },\n patchesDir: { type: \"string\", description: OPTION_DESCRIPTIONS.patchesDir },\n policy: { type: \"string\", description: OPTION_DESCRIPTIONS.policy },\n ...(includeEvidence ? { evidence: { type: \"boolean\", description: OPTION_DESCRIPTIONS.evidence } } : {}),\n requestId: { type: \"string\", description: OPTION_DESCRIPTIONS.requestId },\n sessionId: { type: \"string\", description: OPTION_DESCRIPTIONS.sessionId },\n parentRunId: { type: \"string\", description: OPTION_DESCRIPTIONS.parentRunId },\n idempotencyKey: { type: \"string\", description: OPTION_DESCRIPTIONS.idempotencyKey },\n resume: { type: \"boolean\", description: OPTION_DESCRIPTIONS.resume },\n actor: { type: \"string\", description: OPTION_DESCRIPTIONS.actor },\n source: { type: \"string\", enum: [...PROVENANCE_SOURCE_VALUES], description: OPTION_DESCRIPTIONS.source },\n constraints: {\n type: \"object\",\n properties: createConstraintSchemaProperties(),\n },\n };\n}\n\nexport function createScanOptionSchemaProperties(): Record<string, JsonSchemaProperty> {\n return {\n ...createRemediateOptionSchemaProperties({ includeEvidence: true }),\n format: { type: \"string\", enum: [\"npm-audit\", \"yarn-audit\", \"sarif\", \"auto\"], description: OPTION_DESCRIPTIONS.format },\n audit: { type: \"boolean\", description: OPTION_DESCRIPTIONS.audit },\n };\n}\n\nexport function createScanReportSchemaProperties(): Record<string, JsonSchemaProperty> {\n return {\n schemaVersion: { type: \"string\" },\n status: { type: \"string\", enum: [\"ok\", \"partial\", \"failed\"] },\n generatedAt: { type: \"string\" },\n cveIds: { type: \"array\", items: { type: \"string\" } },\n reports: { type: \"array\", items: { type: \"object\" } },\n successCount: { type: \"number\" },\n failedCount: { type: \"number\" },\n errors: { type: \"array\", items: { type: \"object\" } },\n evidenceFile: { type: \"string\" },\n patchCount: { type: \"number\" },\n patchValidationFailures: { type: \"array\", items: { type: \"object\" } },\n strategyCounts: {\n type: \"object\",\n additionalProperties: { type: \"number\" },\n },\n dependencyScopeCounts: {\n type: \"object\",\n additionalProperties: { type: \"number\" },\n },\n unresolvedByReason: {\n type: \"object\",\n additionalProperties: { type: \"number\" },\n },\n patchesDir: { type: \"string\" },\n correlation: { type: \"object\" },\n provenance: { type: \"object\" },\n constraints: { type: \"object\" },\n idempotencyKey: { type: \"string\" },\n llmUsageCount: { type: \"number\" },\n estimatedCostUsd: { type: \"number\" },\n totalLlmLatencyMs: { type: \"number\" },\n };\n}\n","import type {\n DependencyScope,\n DependencyScopeCounts,\n PatchStrategyCounts,\n RemediationReport,\n UnresolvedReasonCounts,\n} from \"../platform/types.js\";\nimport type { CiSummary, ScanReport } from \"./contracts.js\";\n\nexport function buildStrategyCounts(reports: RemediationReport[]): PatchStrategyCounts | undefined {\n const counts: PatchStrategyCounts = {};\n\n for (const report of reports) {\n for (const result of report.results) {\n counts[result.strategy] = (counts[result.strategy] ?? 0) + 1;\n }\n }\n\n return Object.keys(counts).length > 0 ? counts : undefined;\n}\n\nfunction toDependencyScope(installedType: \"direct\" | \"indirect\"): DependencyScope {\n return installedType === \"direct\" ? \"direct\" : \"transitive\";\n}\n\nexport function buildDependencyScopeCounts(reports: RemediationReport[]): DependencyScopeCounts | undefined {\n const counts: DependencyScopeCounts = {};\n\n for (const report of reports) {\n const packageScopes = new Map<string, DependencyScope>();\n\n for (const vulnerablePackage of report.vulnerablePackages) {\n const scope = toDependencyScope(vulnerablePackage.installed.type);\n const current = packageScopes.get(vulnerablePackage.installed.name);\n if (!current || current !== \"direct\") {\n packageScopes.set(vulnerablePackage.installed.name, scope);\n }\n }\n\n for (const result of report.results) {\n const scope = packageScopes.get(result.packageName);\n if (!scope) continue;\n counts[scope] = (counts[scope] ?? 0) + 1;\n }\n }\n\n return Object.keys(counts).length > 0 ? counts : undefined;\n}\n\nexport function buildUnresolvedReasonCounts(reports: RemediationReport[]): UnresolvedReasonCounts | undefined {\n const counts: UnresolvedReasonCounts = {};\n\n for (const report of reports) {\n for (const result of report.results) {\n if (!result.unresolvedReason) continue;\n counts[result.unresolvedReason] = (counts[result.unresolvedReason] ?? 0) + 1;\n }\n }\n\n return Object.keys(counts).length > 0 ? counts : undefined;\n}\n\nexport function toCiSummary(report: ScanReport): CiSummary {\n let remediationCount = 0;\n for (const cveReport of report.reports) {\n remediationCount += cveReport.results.length;\n }\n\n return {\n schemaVersion: report.schemaVersion,\n status: report.status,\n generatedAt: report.generatedAt,\n cveCount: report.cveIds.length,\n remediationCount,\n successCount: report.successCount,\n failedCount: report.failedCount,\n errors: report.errors,\n evidenceFile: report.evidenceFile,\n patchCount: report.patchCount || 0,\n patchValidationFailures: report.patchValidationFailures,\n strategyCounts: report.strategyCounts,\n dependencyScopeCounts: report.dependencyScopeCounts,\n unresolvedByReason: report.unresolvedByReason,\n patchesDir: report.patchesDir,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n idempotencyKey: report.idempotencyKey,\n llmUsageCount: report.llmUsageCount,\n estimatedCostUsd: report.estimatedCostUsd,\n totalLlmLatencyMs: report.totalLlmLatencyMs,\n };\n}\n\nexport function ciExitCode(summary: CiSummary): number {\n return summary.failedCount > 0 ? 1 : 0;\n}\n","import type { ScanReport } from \"./contracts.js\";\n\ntype SarifLevel = \"error\" | \"warning\" | \"note\" | \"none\";\n\ninterface SarifRule {\n id: string;\n name: string;\n shortDescription: { text: string };\n fullDescription: { text: string };\n defaultConfiguration: { level: SarifLevel };\n helpUri: string;\n properties: { severity: string };\n}\n\ninterface SarifResult {\n ruleId: string;\n level: SarifLevel;\n message: { text: string };\n locations: Array<{\n physicalLocation: {\n artifactLocation: { uri: string; uriBaseId: string };\n };\n }>;\n}\n\nexport interface SarifOutput {\n version: \"2.1.0\";\n $schema: string;\n runs: Array<{\n tool: {\n driver: {\n name: string;\n informationUri: string;\n rules: SarifRule[];\n };\n };\n results: SarifResult[];\n }>;\n}\n\nfunction severityToSarifLevel(severity: string): SarifLevel {\n if (severity === \"CRITICAL\" || severity === \"HIGH\") return \"error\";\n if (severity === \"MEDIUM\") return \"warning\";\n if (severity === \"LOW\") return \"note\";\n return \"warning\";\n}\n\nexport function toSarifOutput(report: ScanReport): SarifOutput {\n const rules: SarifRule[] = [];\n const results: SarifResult[] = [];\n const seenRules = new Set<string>();\n\n for (const cveReport of report.reports) {\n const severity = cveReport.cveDetails?.severity ?? \"UNKNOWN\";\n const level = severityToSarifLevel(severity);\n const summary = cveReport.cveDetails?.summary ?? cveReport.cveId;\n\n if (!seenRules.has(cveReport.cveId)) {\n seenRules.add(cveReport.cveId);\n rules.push({\n id: cveReport.cveId,\n name: \"VulnerableDependency\",\n shortDescription: { text: cveReport.cveId },\n fullDescription: { text: summary },\n defaultConfiguration: { level },\n helpUri: `https://osv.dev/vulnerability/${cveReport.cveId}`,\n properties: { severity },\n });\n }\n\n for (const vulnerablePackage of cveReport.vulnerablePackages) {\n const fixText = vulnerablePackage.affected.firstPatchedVersion\n ? ` Fix: upgrade to ${vulnerablePackage.affected.firstPatchedVersion}.`\n : \" No fixed version available.\";\n results.push({\n ruleId: cveReport.cveId,\n level,\n message: {\n text: `${vulnerablePackage.installed.name}@${vulnerablePackage.installed.version} is vulnerable to ${cveReport.cveId}: ${summary}${fixText}`,\n },\n locations: [\n {\n physicalLocation: {\n artifactLocation: { uri: \"package.json\", uriBaseId: \"%SRCROOT%\" },\n },\n },\n ],\n });\n }\n }\n\n return {\n version: \"2.1.0\",\n $schema:\n \"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Documents/CommitteeSpecifications/2.1.0/sarif-schema-2.1.0.json\",\n runs: [\n {\n tool: {\n driver: {\n name: \"autoremediator\",\n informationUri: \"https://github.com/Rawlings/autoremediator\",\n rules,\n },\n },\n results,\n },\n ],\n };\n}\n","import { existsSync } from \"node:fs\";\nimport { readdir, readFile, stat } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport type {\n PatchArtifactInspection,\n PatchArtifactQueryOptions,\n PatchArtifactSummary,\n} from \"../../platform/types.js\";\nimport { validatePatchDiff } from \"../../remediation/strategies/patch-utils.js\";\nimport {\n readManifest,\n resolveArtifactPath,\n resolvePatchesDir,\n toSummary,\n derivePatchMetadata,\n} from \"./helpers.js\";\n\nexport async function listPatchArtifacts(\n options: PatchArtifactQueryOptions = {}\n): Promise<PatchArtifactSummary[]> {\n const cwd = options.cwd ?? process.cwd();\n const patchesDirPath = resolvePatchesDir(cwd, options.patchesDir);\n\n if (!existsSync(patchesDirPath)) {\n return [];\n }\n\n const entries = await readdir(patchesDirPath, { withFileTypes: true });\n const patchFiles = entries\n .filter((entry) => entry.isFile() && entry.name.endsWith(\".patch\"))\n .map((entry) => join(patchesDirPath, entry.name))\n .sort((left, right) => left.localeCompare(right));\n\n const summaries = await Promise.all(\n patchFiles.map(async (patchFilePath) => {\n const inspection = await inspectPatchArtifact(patchFilePath, options);\n return toSummary(inspection);\n })\n );\n\n return summaries;\n}\n\nexport async function inspectPatchArtifact(\n patchFilePath: string,\n options: PatchArtifactQueryOptions = {}\n): Promise<PatchArtifactInspection> {\n const cwd = options.cwd ?? process.cwd();\n const resolvedPatchPath = resolveArtifactPath(cwd, patchFilePath);\n const patchFileName = resolvedPatchPath.split(\"/\").pop() ?? resolvedPatchPath;\n const manifestFilePath = `${resolvedPatchPath}.json`;\n\n if (!existsSync(resolvedPatchPath)) {\n return {\n patchFilePath: resolvedPatchPath,\n manifestFilePath: existsSync(manifestFilePath) ? manifestFilePath : undefined,\n patchFileName,\n exists: false,\n diffValid: false,\n formatError: \"Patch file does not exist.\",\n };\n }\n\n const [patchContent, fileStats, manifest] = await Promise.all([\n readFile(resolvedPatchPath, \"utf8\"),\n stat(resolvedPatchPath),\n readManifest(manifestFilePath),\n ]);\n\n const format = validatePatchDiff(patchContent);\n const derived = derivePatchMetadata(patchContent);\n\n return {\n patchFilePath: resolvedPatchPath,\n manifestFilePath: manifest ? manifestFilePath : undefined,\n patchFileName,\n cveId: manifest?.cveId,\n packageName: manifest?.packageName,\n vulnerableVersion: manifest?.vulnerableVersion,\n patchMode: manifest?.patchMode,\n confidence: manifest?.confidence,\n riskLevel: manifest?.riskLevel,\n generatedAt: manifest?.generatedAt,\n files: manifest?.files ?? derived.files,\n hunkCount: manifest?.hunkCount ?? derived.hunkCount,\n exists: true,\n diffValid: format.valid,\n formatError: format.error,\n patchSizeBytes: fileStats.size,\n lineCount: patchContent.split(/\\r?\\n/).length,\n manifest,\n };\n}","/**\n * Patch generation utilities for Autoremediator\n *\n * Provides functions for:\n * - Writing patch files to disk\n * - Validating unified diff format\n * - Managing patch-package integration\n * - Fetching source files from npm\n */\n\nimport { existsSync, mkdirSync, writeFileSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport { detectPackageManager, getPackageManagerCommands } from \"../../platform/package-manager/index.js\";\n\n/**\n * Validation result type for patch diffs\n */\nexport interface PatchValidationResult {\n valid: boolean;\n error?: string;\n}\n\n/**\n * Write a unified diff patch to the patches directory\n *\n * Creates patches/ directory if it doesn't exist and writes the patch with\n * naming convention: <packageName>+<version>.patch\n *\n * @param packageName - The npm package name\n * @param version - The package version\n * @param patchContent - The unified diff content\n * @param projectDir - Project root directory\n * @returns Full file path to the written patch file\n */\nexport function writePatchFile(\n packageName: string,\n version: string,\n patchContent: string,\n projectDir: string\n): string {\n const patchesDir = join(projectDir, \"patches\");\n\n // Create patches directory if missing\n if (!existsSync(patchesDir)) {\n mkdirSync(patchesDir, { recursive: true });\n }\n\n // Sanitize package name for filename (remove @ from scoped packages)\n const safeName = packageName.replace(/^@/, \"\").replace(/\\//g, \"+\");\n const filename = `${safeName}+${version}.patch`;\n const filePath = join(patchesDir, filename);\n\n // Write patch file\n writeFileSync(filePath, patchContent, \"utf8\");\n\n return filePath;\n}\n\n/**\n * Validate that patch content matches unified diff format\n *\n * Checks for:\n * - Presence of --- and +++ header lines\n * - Presence of @@ hunk headers\n * - Valid unified diff structure\n *\n * @param patchContent - The patch content to validate\n * @returns Validation result with error details if invalid\n */\nexport function validatePatchDiff(patchContent: string): PatchValidationResult {\n if (!patchContent || typeof patchContent !== \"string\") {\n return {\n valid: false,\n error: \"Patch content must be a non-empty string\",\n };\n }\n\n // Check for basic unified diff structure\n const hasFromLine = /^---\\s+\\S+/m.test(patchContent);\n const hasToLine = /^\\+\\+\\+\\s+\\S+/m.test(patchContent);\n const hasHunkHeader = /^@@\\s+-\\d+/m.test(patchContent);\n\n if (!hasFromLine) {\n return {\n valid: false,\n error: 'Missing \"---\" line in patch format',\n };\n }\n\n if (!hasToLine) {\n return {\n valid: false,\n error: 'Missing \"+++\" line in patch format',\n };\n }\n\n if (!hasHunkHeader) {\n return {\n valid: false,\n error: \"No hunk headers (@@...) found in patch\",\n };\n }\n\n return { valid: true };\n}\n\n/**\n * Ensure patch-package is installed and configured\n *\n * Checks if patch-package is in devDependencies. If not, either:\n * - Installs it automatically (if not in dry-run context)\n * - Logs a warning with installation instructions\n *\n * Updates package.json postinstall script if needed:\n * Add \"postinstall\": \"patch-package\" or append to existing script\n *\n * @param projectDir - Project root directory\n * @returns Promise that resolves when patch-package is ensured\n */\nexport async function ensurePatchPackage(projectDir: string): Promise<void> {\n const pkgPath = join(projectDir, \"package.json\");\n\n // Read package.json\n let pkgJson: Record<string, unknown>;\n try {\n const content = readFileSync(pkgPath, \"utf8\");\n pkgJson = JSON.parse(content) as Record<string, unknown>;\n } catch (err) {\n throw new Error(\n `Failed to read package.json: ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n const devDeps = (pkgJson.devDependencies as Record<string, string> | undefined) || {};\n\n // Check if patch-package is already installed\n if (devDeps[\"patch-package\"]) {\n return; // Already present\n }\n\n // Install patch-package\n try {\n const packageManager = detectPackageManager(projectDir);\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.installDev(\"patch-package\");\n await execa(cmd, args, {\n cwd: projectDir,\n stdio: \"inherit\",\n });\n } catch (err) {\n throw new Error(\n `Failed to install patch-package: ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n // Update postinstall script in package.json\n let scripts = (pkgJson.scripts as Record<string, string> | undefined) || {};\n const existingPostinstall = scripts.postinstall || \"\";\n const newPostinstall = existingPostinstall\n ? `${existingPostinstall} && patch-package`\n : \"patch-package\";\n\n scripts.postinstall = newPostinstall;\n pkgJson.scripts = scripts;\n\n // Write updated package.json\n try {\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n } catch (err) {\n throw new Error(`Failed to update package.json: ${err instanceof Error ? err.message : String(err)}`);\n }\n}\n\n/**\n * Fetch the content of a specific file from an npm package\n *\n * Downloads the package tarball from npm, extracts the specified file,\n * and returns its content. Useful for LLM analysis of vulnerable source code.\n *\n * @param packageName - The npm package name\n * @param version - The package version\n * @param filePath - Path to file within package (relative to package root)\n * @returns Promise resolving to file content as string\n */\nexport async function getVulnerableFileContent(\n packageName: string,\n version: string,\n filePath: string\n): Promise<string> {\n // Use npm view to fetch tarball URL\n let tarballUrl: string;\n try {\n const result = await execa(\"npm\", [\"view\", `${packageName}@${version}`, \"dist.tarball\"], {\n stdio: \"pipe\",\n });\n tarballUrl = (result.stdout as string).trim();\n } catch (err) {\n throw new Error(\n `Failed to get tarball URL for ${packageName}@${version}: ${\n err instanceof Error ? err.message : String(err)\n }`\n );\n }\n\n if (!tarballUrl) {\n throw new Error(`No tarball URL found for ${packageName}@${version}`);\n }\n\n // Create temporary directory for extraction\n const tempDir = join(\"/tmp\", `autoremediator-${packageName}-${version}-${Date.now()}`);\n mkdirSync(tempDir, { recursive: true });\n\n try {\n // Alternative: use curl and tar\n await execa(\"bash\", [\n \"-c\",\n `curl -s \"${tarballUrl}\" | tar xz -C \"${tempDir}\"`,\n ]);\n\n // Read the file from extracted package (npm extracts under \"package/\" directory)\n const extractedPath = join(tempDir, \"package\", filePath);\n const content = readFileSync(extractedPath, \"utf8\");\n\n return content;\n } catch (err) {\n throw new Error(\n `Failed to fetch file ${filePath} from ${packageName}@${version}: ${\n err instanceof Error ? err.message : String(err)\n }`\n );\n } finally {\n // Clean up temporary directory\n try {\n await execa(\"rm\", [\"-rf\", tempDir]);\n } catch (cleanupErr) {\n // Ignore cleanup errors\n }\n }\n}\n","import { existsSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport type { RemediationConstraints } from \"../types.js\";\nimport { parsePackageManagerListOutput } from \"./list-parser.js\";\n\nexport type PackageManager = \"npm\" | \"pnpm\" | \"yarn\";\n\nexport interface PackageManagerCommands {\n install: string[];\n installPreferOffline: string[];\n installDeterministic: string[];\n installDev: (pkg: string) => string[];\n test: string[];\n list: string[];\n lockfileName: string;\n}\n\n/**\n * Detect the installed yarn major version by running `yarn --version`.\n * Returns 1 for classic yarn (1.x), or the actual major for berry (2+).\n * Falls back to 1 when the version cannot be determined.\n */\nexport async function getYarnMajorVersion(cwd: string): Promise<number> {\n try {\n const result = await execa(\"yarn\", [\"--version\"], { cwd, stdio: \"pipe\" });\n const major = Number.parseInt(result.stdout.trim().split(\".\")[0] ?? \"1\", 10);\n return Number.isNaN(major) ? 1 : major;\n } catch {\n return 1;\n }\n}\n\nexport function detectPackageManager(cwd: string): PackageManager {\n if (existsSync(join(cwd, \"pnpm-lock.yaml\"))) return \"pnpm\";\n if (existsSync(join(cwd, \"yarn.lock\"))) return \"yarn\";\n return \"npm\";\n}\n\nfunction withWorkspace(command: string[], pm: PackageManager, workspace?: string): string[] {\n if (!workspace) return command;\n\n if (pm === \"pnpm\") {\n // pnpm expects filters before the subcommand: pnpm --filter <selector> install\n return [command[0], \"--filter\", workspace, ...command.slice(1)];\n }\n\n if (pm === \"npm\") {\n return [...command, \"--workspace\", workspace];\n }\n\n // Yarn workspace command semantics differ by version; keep default behavior.\n return command;\n}\n\nexport function resolveInstallCommand(\n pm: PackageManager,\n constraints?: RemediationConstraints,\n yarnMajor?: number\n): string[] {\n const installMode = constraints?.installMode ?? \"deterministic\";\n const preferOfflineOverride = constraints?.installPreferOffline;\n const frozenOverride = constraints?.enforceFrozenLockfile;\n\n const includePreferOffline =\n pm !== \"yarn\" && (preferOfflineOverride ?? installMode !== \"standard\");\n\n let includeFrozenLockfile =\n pm !== \"npm\" && (frozenOverride ?? installMode === \"deterministic\");\n\n if (frozenOverride === false) {\n includeFrozenLockfile = false;\n }\n\n const useNpmCi =\n pm === \"npm\" &&\n (frozenOverride === true || (frozenOverride === undefined && installMode === \"deterministic\"));\n\n const command: string[] = [\n pm,\n pm === \"npm\" ? (useNpmCi ? \"ci\" : \"install\") : \"install\",\n ];\n\n if (includeFrozenLockfile) {\n // Yarn Berry (v2+) uses --immutable instead of --frozen-lockfile\n const isYarnBerry = pm === \"yarn\" && (yarnMajor ?? 1) >= 2;\n command.push(isYarnBerry ? \"--immutable\" : \"--frozen-lockfile\");\n }\n\n if (includePreferOffline) {\n command.push(\"--prefer-offline\");\n }\n\n return withWorkspace(command, pm, constraints?.workspace);\n}\n\nexport function resolveListCommand(pm: PackageManager, constraints?: RemediationConstraints): string[] {\n const base =\n pm === \"pnpm\"\n ? [\"pnpm\", \"list\", \"--json\", \"--depth\", \"99\"]\n : pm === \"yarn\"\n ? [\"yarn\", \"list\", \"--json\"]\n : [\"npm\", \"list\", \"--json\", \"--all\"];\n\n return withWorkspace(base, pm, constraints?.workspace);\n}\n\nexport function resolveTestCommand(pm: PackageManager, constraints?: RemediationConstraints): string[] {\n const base = pm === \"pnpm\" ? [\"pnpm\", \"test\"] : pm === \"yarn\" ? [\"yarn\", \"test\"] : [\"npm\", \"test\"];\n return withWorkspace(base, pm, constraints?.workspace);\n}\n\nexport function resolveAuditCommand(pm: PackageManager, constraints?: RemediationConstraints): string[] {\n const base = pm === \"yarn\" ? [\"yarn\", \"audit\", \"--json\"] : [pm, \"audit\", \"--json\"];\n return withWorkspace(base, pm, constraints?.workspace);\n}\n\nexport function resolveWhyCommand(\n pm: PackageManager,\n packageName: string,\n constraints?: RemediationConstraints\n): string[] {\n const base = pm === \"npm\" ? [\"npm\", \"explain\", packageName] : [pm, \"why\", packageName];\n return withWorkspace(base, pm, constraints?.workspace);\n}\n\nexport function resolveDedupeCommand(pm: PackageManager, constraints?: RemediationConstraints): string[] {\n const base = [pm, \"dedupe\"];\n return withWorkspace(base, pm, constraints?.workspace);\n}\n\nexport function getPackageManagerCommands(pm: PackageManager): PackageManagerCommands {\n if (pm === \"pnpm\") {\n return {\n install: [\"pnpm\", \"install\"],\n installPreferOffline: [\"pnpm\", \"install\", \"--prefer-offline\"],\n installDeterministic: resolveInstallCommand(\"pnpm\", { installMode: \"deterministic\" }),\n installDev: (pkg: string) => [\"pnpm\", \"add\", \"-D\", pkg],\n test: [\"pnpm\", \"test\"],\n list: [\"pnpm\", \"list\", \"--json\", \"--depth\", \"99\"],\n lockfileName: \"pnpm-lock.yaml\",\n };\n }\n\n if (pm === \"yarn\") {\n return {\n install: [\"yarn\", \"install\"],\n installPreferOffline: [\"yarn\", \"install\"],\n installDeterministic: resolveInstallCommand(\"yarn\", { installMode: \"deterministic\" }),\n installDev: (pkg: string) => [\"yarn\", \"add\", \"--dev\", pkg],\n test: [\"yarn\", \"test\"],\n list: [\"yarn\", \"list\", \"--json\"],\n lockfileName: \"yarn.lock\",\n };\n }\n\n return {\n install: [\"npm\", \"install\"],\n installPreferOffline: [\"npm\", \"install\", \"--prefer-offline\"],\n installDeterministic: resolveInstallCommand(\"npm\", { installMode: \"deterministic\" }),\n installDev: (pkg: string) => [\"npm\", \"install\", \"--save-dev\", pkg],\n test: [\"npm\", \"test\"],\n list: [\"npm\", \"list\", \"--json\", \"--all\"],\n lockfileName: \"package-lock.json\",\n };\n}\n\nexport function parseListOutput(pm: PackageManager, stdout: string): Map<string, string> {\n return parsePackageManagerListOutput(pm, stdout);\n}","import type { PackageManager } from \"./index.js\";\n\nexport function parsePackageManagerListOutput(pm: PackageManager, stdout: string): Map<string, string> {\n const versions = new Map<string, string>();\n\n if (!stdout.trim()) return versions;\n\n if (pm === \"yarn\") {\n return parseYarnListOutput(stdout, versions);\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(stdout);\n } catch {\n return versions;\n }\n\n const root = Array.isArray(parsed) ? parsed[0] : parsed;\n collectDependencyTree(\n (root as { dependencies?: Record<string, DependencyTree> } | undefined)?.dependencies,\n versions\n );\n\n return versions;\n}\n\ntype DependencyTree = {\n version?: string;\n dependencies?: Record<string, DependencyTree>;\n};\n\nfunction parseYarnListOutput(stdout: string, versions: Map<string, string>): Map<string, string> {\n const lines = stdout\n .split(\"\\n\")\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n try {\n const obj = JSON.parse(line) as { type?: string; data?: { trees?: Array<{ name?: string }> } };\n if (obj.type !== \"tree\") continue;\n\n for (const tree of obj.data?.trees ?? []) {\n const raw = tree.name ?? \"\";\n const at = raw.lastIndexOf(\"@\");\n if (at <= 0) continue;\n\n const name = raw.slice(0, at);\n const version = raw.slice(at + 1);\n if (name && version) {\n versions.set(name, version);\n }\n }\n } catch {\n // Ignore non-json lines from yarn output.\n }\n }\n\n return versions;\n}\n\nfunction collectDependencyTree(\n tree: Record<string, DependencyTree> | undefined,\n versions: Map<string, string>\n): void {\n if (!tree) return;\n\n for (const [name, entry] of Object.entries(tree)) {\n if (!entry || typeof entry !== \"object\") continue;\n const version = entry.version;\n if (typeof version === \"string\" && version) {\n versions.set(name, version);\n }\n collectDependencyTree(entry.dependencies, versions);\n }\n}","import { existsSync } from \"node:fs\";\nimport { readFile } from \"node:fs/promises\";\nimport { isAbsolute, resolve } from \"node:path\";\nimport type {\n PatchArtifact,\n PatchArtifactInspection,\n PatchArtifactSummary,\n} from \"../../platform/types.js\";\n\nexport const DEFAULT_PATCHES_DIR = \"./patches\";\n\nexport function resolvePatchesDir(cwd: string, patchesDir = DEFAULT_PATCHES_DIR): string {\n return isAbsolute(patchesDir) ? patchesDir : resolve(cwd, patchesDir);\n}\n\nexport function resolveArtifactPath(cwd: string, patchFilePath: string): string {\n return isAbsolute(patchFilePath) ? patchFilePath : resolve(cwd, patchFilePath);\n}\n\nexport async function readManifest(manifestFilePath: string): Promise<PatchArtifact | undefined> {\n if (!existsSync(manifestFilePath)) {\n return undefined;\n }\n\n try {\n const raw = await readFile(manifestFilePath, \"utf8\");\n return JSON.parse(raw) as PatchArtifact;\n } catch {\n return undefined;\n }\n}\n\nexport function derivePatchMetadata(patchContent: string): { files: string[]; hunkCount: number } {\n const files = Array.from(\n new Set(\n patchContent\n .split(/\\r?\\n/)\n .filter((line) => line.startsWith(\"+++ b/\"))\n .map((line) => line.slice(\"+++ b/\".length))\n )\n );\n const hunkCount = patchContent\n .split(/\\r?\\n/)\n .filter((line) => line.startsWith(\"@@ \")).length;\n\n return { files, hunkCount };\n}\n\nexport function toSummary(inspection: PatchArtifactInspection): PatchArtifactSummary {\n return {\n patchFilePath: inspection.patchFilePath,\n manifestFilePath: inspection.manifestFilePath,\n patchFileName: inspection.patchFileName,\n cveId: inspection.cveId,\n packageName: inspection.packageName,\n vulnerableVersion: inspection.vulnerableVersion,\n patchMode: inspection.patchMode,\n confidence: inspection.confidence,\n riskLevel: inspection.riskLevel,\n generatedAt: inspection.generatedAt,\n files: inspection.files,\n hunkCount: inspection.hunkCount,\n diffValid: inspection.diffValid,\n };\n}","/**\n * Tool: check-inventory\n *\n * Reads the consumer's package.json and installed dependency tree to produce\n * a flat list of installed packages and their resolved versions.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport type { InventoryPackage } from \"../../platform/types.js\";\nimport {\n detectPackageManager,\n parseListOutput,\n resolveListCommand,\n type PackageManager,\n} from \"../../platform/package-manager/index.js\";\nimport { loadPolicy } from \"../../platform/policy.js\";\n\ninterface PackageJson {\n dependencies?: Record<string, string>;\n devDependencies?: Record<string, string>;\n peerDependencies?: Record<string, string>;\n}\n\nexport const checkInventoryTool = tool({\n description:\n \"Read the project's package.json and installed dependencies to list packages and exact versions. Must be called before checking version matches.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project's root directory\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n policy: z.string().optional().describe(\"Optional path to .autoremediator policy file\"),\n workspace: z.string().optional().describe(\"Optional workspace/package selector for monorepos\"),\n }),\n execute: async ({ cwd, packageManager, policy, workspace }): Promise<{ packages: InventoryPackage[]; error?: string }> => {\n let pkgJson: PackageJson;\n\n try {\n pkgJson = JSON.parse(readFileSync(join(cwd, \"package.json\"), \"utf8\")) as PackageJson;\n } catch {\n return {\n packages: [],\n error: `Could not read package.json in \"${cwd}\". Is this a Node.js project?`,\n };\n }\n\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const loadedPolicy = loadPolicy(cwd, policy);\n const listCommand = resolveListCommand(pm, {\n ...loadedPolicy.constraints,\n workspace: workspace ?? loadedPolicy.constraints?.workspace,\n });\n let installedVersions = new Map<string, string>();\n\n try {\n const [cmd, ...args] = listCommand;\n const listResult = await execa(cmd, args, {\n cwd,\n stdio: \"pipe\",\n reject: false,\n });\n installedVersions = parseListOutput(pm, listResult.stdout || \"\");\n } catch {\n // Fallback to package.json-only view when list command fails.\n }\n\n const packages: InventoryPackage[] = [];\n\n for (const [name, version] of installedVersions.entries()) {\n const isDirect =\n Boolean(pkgJson.dependencies?.[name]) ||\n Boolean(pkgJson.devDependencies?.[name]) ||\n Boolean(pkgJson.peerDependencies?.[name]);\n\n packages.push({\n name,\n version,\n type: isDirect ? \"direct\" : \"indirect\",\n });\n }\n\n if (packages.length === 0) {\n // Fallback: only direct deps from package.json (best-effort versions)\n const allDeps = {\n ...pkgJson.dependencies,\n ...pkgJson.devDependencies,\n };\n for (const [name, version] of Object.entries(allDeps)) {\n const cleaned = version.replace(/^[\\^~>=<]+/, \"\").trim();\n packages.push({ name, version: cleaned, type: \"direct\" });\n }\n }\n\n return { packages };\n },\n});\n","import { existsSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport type { PatchConfidenceThresholds, RemediationConstraints } from \"./types.js\";\n\nexport interface AutoremediatorPolicy {\n allowMajorBumps: boolean;\n denyPackages: string[];\n allowPackages: string[];\n constraints?: RemediationConstraints;\n modelDefaults?: Partial<Record<\"remote\" | \"local\", string>>;\n providerSafetyProfile?: \"strict\" | \"relaxed\";\n requireConsensusForHighRisk?: boolean;\n consensusProvider?: \"remote\" | \"local\";\n consensusModel?: string;\n patchConfidenceThresholds?: PatchConfidenceThresholds;\n dynamicModelRouting?: boolean;\n dynamicRoutingThresholdChars?: number;\n}\n\nexport const DEFAULT_POLICY: AutoremediatorPolicy = {\n allowMajorBumps: false,\n denyPackages: [],\n allowPackages: [],\n constraints: {\n directDependenciesOnly: false,\n preferVersionBump: false,\n installMode: \"deterministic\",\n installPreferOffline: undefined,\n enforceFrozenLockfile: undefined,\n workspace: undefined,\n },\n modelDefaults: {},\n providerSafetyProfile: \"relaxed\",\n requireConsensusForHighRisk: false,\n consensusProvider: \"remote\",\n consensusModel: undefined,\n patchConfidenceThresholds: {},\n dynamicModelRouting: false,\n dynamicRoutingThresholdChars: 18000,\n};\n\nexport function loadPolicy(cwd: string, explicitPath?: string): AutoremediatorPolicy {\n const candidate = explicitPath ?? join(cwd, \".autoremediator.json\");\n if (!existsSync(candidate)) return DEFAULT_POLICY;\n\n try {\n const parsed = JSON.parse(readFileSync(candidate, \"utf8\")) as Partial<AutoremediatorPolicy>;\n return {\n allowMajorBumps: parsed.allowMajorBumps ?? DEFAULT_POLICY.allowMajorBumps,\n denyPackages: parsed.denyPackages ?? DEFAULT_POLICY.denyPackages,\n allowPackages: parsed.allowPackages ?? DEFAULT_POLICY.allowPackages,\n constraints: {\n directDependenciesOnly:\n parsed.constraints?.directDependenciesOnly ??\n DEFAULT_POLICY.constraints?.directDependenciesOnly ??\n false,\n preferVersionBump:\n parsed.constraints?.preferVersionBump ??\n DEFAULT_POLICY.constraints?.preferVersionBump ??\n false,\n installMode:\n parsed.constraints?.installMode ??\n DEFAULT_POLICY.constraints?.installMode ??\n \"deterministic\",\n installPreferOffline:\n parsed.constraints?.installPreferOffline ??\n DEFAULT_POLICY.constraints?.installPreferOffline,\n enforceFrozenLockfile:\n parsed.constraints?.enforceFrozenLockfile ??\n DEFAULT_POLICY.constraints?.enforceFrozenLockfile,\n workspace:\n parsed.constraints?.workspace ??\n DEFAULT_POLICY.constraints?.workspace,\n },\n modelDefaults: {\n remote: parsed.modelDefaults?.remote ?? DEFAULT_POLICY.modelDefaults?.remote,\n local: parsed.modelDefaults?.local ?? DEFAULT_POLICY.modelDefaults?.local,\n },\n providerSafetyProfile:\n parsed.providerSafetyProfile ??\n DEFAULT_POLICY.providerSafetyProfile,\n requireConsensusForHighRisk:\n parsed.requireConsensusForHighRisk ??\n DEFAULT_POLICY.requireConsensusForHighRisk,\n consensusProvider:\n parsed.consensusProvider ??\n DEFAULT_POLICY.consensusProvider,\n consensusModel:\n parsed.consensusModel ??\n DEFAULT_POLICY.consensusModel,\n patchConfidenceThresholds: {\n low:\n parsed.patchConfidenceThresholds?.low ??\n DEFAULT_POLICY.patchConfidenceThresholds?.low,\n medium:\n parsed.patchConfidenceThresholds?.medium ??\n DEFAULT_POLICY.patchConfidenceThresholds?.medium,\n high:\n parsed.patchConfidenceThresholds?.high ??\n DEFAULT_POLICY.patchConfidenceThresholds?.high,\n },\n dynamicModelRouting:\n parsed.dynamicModelRouting ??\n DEFAULT_POLICY.dynamicModelRouting,\n dynamicRoutingThresholdChars:\n parsed.dynamicRoutingThresholdChars ??\n DEFAULT_POLICY.dynamicRoutingThresholdChars,\n };\n } catch {\n return DEFAULT_POLICY;\n }\n}\n\nexport function isPackageAllowed(policy: AutoremediatorPolicy, packageName: string): boolean {\n if (policy.denyPackages.includes(packageName)) return false;\n if (policy.allowPackages.length > 0 && !policy.allowPackages.includes(packageName)) {\n return false;\n }\n return true;\n}\n","import type {\n PatchArtifactQueryOptions,\n PatchArtifactValidationReport,\n PatchValidationPhase,\n} from \"../../platform/types.js\";\nimport { detectPackageManager } from \"../../platform/package-manager/index.js\";\nimport { checkInventoryTool } from \"../../remediation/tools/check-inventory.js\";\nimport { inspectPatchArtifact } from \"./inspection.js\";\n\nexport async function validatePatchArtifact(\n patchFilePath: string,\n options: PatchArtifactQueryOptions = {}\n): Promise<PatchArtifactValidationReport> {\n const inspection = await inspectPatchArtifact(patchFilePath, options);\n const validationPhases: PatchValidationPhase[] = [\n {\n phase: \"diff-format\",\n passed: inspection.diffValid,\n error: inspection.diffValid ? undefined : inspection.formatError,\n message: inspection.diffValid ? \"Patch content is a valid unified diff.\" : undefined,\n },\n ];\n\n if (!inspection.exists) {\n return {\n patchFilePath: inspection.patchFilePath,\n manifestFilePath: inspection.manifestFilePath,\n exists: false,\n manifestFound: false,\n diffValid: false,\n formatError: inspection.formatError,\n driftDetected: false,\n validationPhases,\n };\n }\n\n const manifest = inspection.manifest;\n const manifestFound = Boolean(manifest);\n\n if (!manifest) {\n validationPhases.push({\n phase: \"manifest-write\",\n passed: false,\n error: \"No patch manifest found for this patch artifact.\",\n });\n\n return {\n patchFilePath: inspection.patchFilePath,\n manifestFilePath: inspection.manifestFilePath,\n exists: true,\n manifestFound,\n diffValid: inspection.diffValid,\n formatError: inspection.formatError,\n driftDetected: false,\n validationPhases,\n };\n }\n\n validationPhases.push({\n phase: \"manifest-write\",\n passed: true,\n message: \"Patch manifest is present.\",\n });\n\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const inventory = (await (checkInventoryTool as any).execute({\n cwd,\n packageManager,\n })) as {\n error?: string;\n packages?: Array<{ name: string; version: string }>;\n };\n\n if (inventory.error) {\n validationPhases.push({\n phase: \"drift\",\n passed: false,\n error: inventory.error,\n });\n\n return {\n patchFilePath: inspection.patchFilePath,\n manifestFilePath: inspection.manifestFilePath,\n exists: true,\n manifestFound,\n diffValid: inspection.diffValid,\n formatError: inspection.formatError,\n driftDetected: false,\n cveId: manifest.cveId,\n packageName: manifest.packageName,\n vulnerableVersion: manifest.vulnerableVersion,\n validationPhases,\n };\n }\n\n const matchingPackages = (inventory.packages ?? []).filter(\n (pkg) => pkg.name === manifest.packageName\n );\n const installedVersion = matchingPackages[0]?.version;\n const inventoryMatch = matchingPackages.some(\n (pkg) => pkg.version === manifest.vulnerableVersion\n );\n const driftDetected = matchingPackages.length > 0 && !inventoryMatch;\n\n validationPhases.push({\n phase: \"drift\",\n passed: !driftDetected,\n message:\n matchingPackages.length === 0\n ? `Package ${manifest.packageName} is not currently installed.`\n : inventoryMatch\n ? `Installed version matches manifest target ${manifest.vulnerableVersion}.`\n : `Installed version ${installedVersion} does not match manifest target ${manifest.vulnerableVersion}.`,\n error: driftDetected ? \"Patch manifest does not match the installed dependency version.\" : undefined,\n });\n\n return {\n patchFilePath: inspection.patchFilePath,\n manifestFilePath: inspection.manifestFilePath,\n exists: true,\n manifestFound,\n diffValid: inspection.diffValid,\n formatError: inspection.formatError,\n driftDetected,\n cveId: manifest.cveId,\n packageName: manifest.packageName,\n vulnerableVersion: manifest.vulnerableVersion,\n installedVersion,\n inventoryMatch,\n validationPhases,\n };\n}","import type { LanguageModelV1 } from \"ai\";\nimport type { PatchConfidenceThresholds, PatchRiskLevel, RemediateOptions } from \"./types.js\";\nimport { loadPolicy } from \"./policy.js\";\n\nexport type SupportedProvider = \"remote\" | \"local\";\n\ninterface ModelRoutingContext {\n inputChars?: number;\n}\n\ninterface RemoteAdapterModule {\n [key: string]: unknown;\n}\n\ninterface RemoteModelFactory {\n (options: { apiKey: string }): (modelName: string) => LanguageModelV1;\n}\n\nexport function resolveProvider(options: RemediateOptions = {}): SupportedProvider {\n const raw = options.llmProvider ?? process.env.AUTOREMEDIATOR_LLM_PROVIDER ?? \"remote\";\n if (raw !== \"remote\" && raw !== \"local\") {\n throw new Error(\n `Unsupported LLM provider \"${raw}\". Set AUTOREMEDIATOR_LLM_PROVIDER to \"remote\" or \"local\".`\n );\n }\n return raw;\n}\n\nexport function resolveModelName(\n provider: SupportedProvider,\n options: RemediateOptions = {},\n routing: ModelRoutingContext = {}\n): string {\n if (options.model) return options.model;\n if (process.env.AUTOREMEDIATOR_MODEL) return process.env.AUTOREMEDIATOR_MODEL;\n\n const cwd = options.cwd ?? process.cwd();\n const policy = loadPolicy(cwd, options.policy);\n\n const providerEnvModel =\n provider === \"remote\"\n ? process.env.AUTOREMEDIATOR_MODEL_REMOTE\n : process.env.AUTOREMEDIATOR_MODEL_LOCAL;\n if (providerEnvModel) return providerEnvModel;\n\n const policyPinnedModel =\n provider === \"remote\" ? policy.modelDefaults?.remote : policy.modelDefaults?.local;\n if (policyPinnedModel) return policyPinnedModel;\n\n const defaults: Record<SupportedProvider, string> = {\n remote: \"remote-default\",\n local: \"local\",\n };\n\n const routingEnabled =\n options.dynamicModelRouting ??\n policy.dynamicModelRouting ??\n false;\n const threshold =\n options.dynamicRoutingThresholdChars ??\n policy.dynamicRoutingThresholdChars ??\n 18000;\n\n if (\n provider === \"remote\" &&\n routingEnabled &&\n typeof routing.inputChars === \"number\" &&\n routing.inputChars >= threshold\n ) {\n return process.env.AUTOREMEDIATOR_MODEL_REMOTE_LARGE ?? \"remote-large\";\n }\n\n return defaults[provider];\n}\n\nasync function loadRemoteFactory(): Promise<RemoteModelFactory> {\n const moduleName = process.env.AUTOREMEDIATOR_REMOTE_CLIENT_MODULE;\n const exportName = process.env.AUTOREMEDIATOR_REMOTE_CLIENT_FACTORY ?? \"createRemoteClient\";\n\n if (!moduleName) {\n throw new Error(\n \"AUTOREMEDIATOR_REMOTE_CLIENT_MODULE is required for remote provider model loading.\"\n );\n }\n\n const loaded = (await import(moduleName)) as RemoteAdapterModule;\n const factory = loaded[exportName];\n if (typeof factory !== \"function\") {\n throw new Error(\n `Remote client factory \"${exportName}\" was not found in module \"${moduleName}\".`\n );\n }\n\n return factory as RemoteModelFactory;\n}\n\nexport async function createModel(\n options: RemediateOptions = {},\n routing: ModelRoutingContext = {}\n): Promise<LanguageModelV1> {\n const provider = resolveProvider(options);\n\n if (provider === \"local\") {\n throw new Error(\n \"Local provider does not create a language model. Use the deterministic pipeline path instead.\"\n );\n }\n\n const apiKey = process.env.AUTOREMEDIATOR_REMOTE_API_KEY;\n if (!apiKey) {\n throw new Error(\n \"AUTOREMEDIATOR_REMOTE_API_KEY environment variable is required for remote provider.\"\n );\n }\n\n const modelName = resolveModelName(provider, options, routing);\n const createRemoteClient = await loadRemoteFactory();\n const remoteClient = createRemoteClient({ apiKey });\n return remoteClient(modelName);\n}\n\nexport function getPatchConfidenceThreshold(\n provider: SupportedProvider,\n safetyProfile: \"strict\" | \"relaxed\" = \"relaxed\",\n riskLevel: PatchRiskLevel = \"medium\",\n overrides?: PatchConfidenceThresholds\n): number {\n const relaxed: Record<SupportedProvider, Record<PatchRiskLevel, number>> = {\n remote: { low: 0.65, medium: 0.7, high: 0.8 },\n local: { low: 0.65, medium: 0.7, high: 0.8 },\n };\n const strict: Record<SupportedProvider, Record<PatchRiskLevel, number>> = {\n remote: { low: 0.8, medium: 0.85, high: 0.9 },\n local: { low: 0.8, medium: 0.85, high: 0.9 },\n };\n\n const baseThreshold =\n safetyProfile === \"strict\"\n ? strict[provider][riskLevel]\n : relaxed[provider][riskLevel];\n const override = overrides?.[riskLevel];\n\n if (typeof override === \"number\" && Number.isFinite(override)) {\n return Math.max(0, Math.min(1, override));\n }\n\n return baseThreshold;\n}\n\nexport function estimateModelCostUsd(params: {\n provider: SupportedProvider;\n promptChars: number;\n completionChars: number;\n}): number {\n const inputTokens = params.promptChars / 4;\n const outputTokens = params.completionChars / 4;\n\n const pricePerThousand =\n params.provider === \"remote\"\n ? { input: 0.006, output: 0.02 }\n : { input: 0, output: 0 };\n\n return (\n (inputTokens / 1000) * pricePerThousand.input +\n (outputTokens / 1000) * pricePerThousand.output\n );\n}\n\nexport interface NvdConfig {\n apiKey?: string;\n}\n\nexport function getNvdConfig(): NvdConfig {\n return {\n apiKey: process.env.AUTOREMEDIATOR_NVD_API_KEY,\n };\n}\n\nexport function getGitHubToken(): string | undefined {\n return process.env.GITHUB_TOKEN;\n}\n\nexport interface IntelligenceSourceConfig {\n gitLabAdvisoryApi?: string;\n certCcSearchUrl?: string;\n epssApi?: string;\n cveServicesApi?: string;\n depsDevApi?: string;\n scorecardApi?: string;\n vendorAdvisoryFeeds: string[];\n commercialFeeds: string[];\n commercialFeedToken?: string;\n}\n\nexport function getIntelligenceSourceConfig(): IntelligenceSourceConfig {\n return {\n gitLabAdvisoryApi:\n process.env.AUTOREMEDIATOR_GITLAB_ADVISORY_API ??\n \"https://advisories.gitlab.com/api/v1/advisories\",\n certCcSearchUrl:\n process.env.AUTOREMEDIATOR_CERTCC_SEARCH_URL ??\n \"https://www.kb.cert.org/vuls/search\",\n epssApi:\n process.env.AUTOREMEDIATOR_EPSS_API ??\n \"https://api.first.org/data/v1/epss\",\n cveServicesApi:\n process.env.AUTOREMEDIATOR_CVE_SERVICES_API ??\n \"https://cveawg.mitre.org/api/cve\",\n depsDevApi:\n process.env.AUTOREMEDIATOR_DEPSDEV_API ??\n \"https://api.deps.dev/v3\",\n scorecardApi:\n process.env.AUTOREMEDIATOR_SCORECARD_API ??\n \"https://api.securityscorecards.dev\",\n vendorAdvisoryFeeds: (process.env.AUTOREMEDIATOR_VENDOR_ADVISORY_FEEDS ?? \"\")\n .split(\",\")\n .map((v) => v.trim())\n .filter(Boolean),\n commercialFeeds: (process.env.AUTOREMEDIATOR_COMMERCIAL_FEEDS ?? \"\")\n .split(\",\")\n .map((v) => v.trim())\n .filter(Boolean),\n commercialFeedToken: process.env.AUTOREMEDIATOR_COMMERCIAL_FEED_TOKEN,\n };\n}\n","import { existsSync, mkdirSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport type { RemediationReport } from \"./types.js\";\n\ninterface IdempotencyEntry {\n key: string;\n cveId: string;\n report: RemediationReport;\n savedAt: string;\n}\n\ninterface IdempotencyIndex {\n schemaVersion: \"1.0\";\n entries: Record<string, IdempotencyEntry>;\n}\n\nconst DEFAULT_INDEX: IdempotencyIndex = {\n schemaVersion: \"1.0\",\n entries: {},\n};\n\nfunction indexFilePath(cwd: string): string {\n return join(cwd, \".autoremediator\", \"state\", \"idempotency.json\");\n}\n\nfunction entryKey(idempotencyKey: string, cveId: string): string {\n return `${idempotencyKey}::${cveId.toUpperCase()}`;\n}\n\nfunction loadIndex(cwd: string): IdempotencyIndex {\n const filePath = indexFilePath(cwd);\n if (!existsSync(filePath)) return DEFAULT_INDEX;\n\n try {\n const parsed = JSON.parse(readFileSync(filePath, \"utf8\")) as IdempotencyIndex;\n if (parsed && parsed.schemaVersion === \"1.0\" && parsed.entries) {\n return parsed;\n }\n return DEFAULT_INDEX;\n } catch {\n return DEFAULT_INDEX;\n }\n}\n\nfunction saveIndex(cwd: string, index: IdempotencyIndex): void {\n const filePath = indexFilePath(cwd);\n mkdirSync(join(cwd, \".autoremediator\", \"state\"), { recursive: true });\n writeFileSync(filePath, JSON.stringify(index, null, 2) + \"\\n\", \"utf8\");\n}\n\nexport function readIdempotentReport(\n cwd: string,\n idempotencyKey: string,\n cveId: string\n): RemediationReport | undefined {\n const index = loadIndex(cwd);\n const key = entryKey(idempotencyKey, cveId);\n return index.entries[key]?.report;\n}\n\nexport function storeIdempotentReport(\n cwd: string,\n idempotencyKey: string,\n cveId: string,\n report: RemediationReport\n): void {\n const index = loadIndex(cwd);\n const key = entryKey(idempotencyKey, cveId);\n index.entries[key] = {\n key: idempotencyKey,\n cveId: cveId.toUpperCase(),\n report,\n savedAt: new Date().toISOString(),\n };\n saveIndex(cwd, index);\n}\n","/**\n * Autoremediator agentic loop\n *\n * Orchestrates the full CVE patching pipeline using Vercel AI SDK's\n * generateText with a tool-calling loop.\n */\nimport { generateText } from \"ai\";\nimport { estimateModelCostUsd, resolveProvider } from \"../platform/config.js\";\nimport type {\n CveDetails,\n LlmUsageMetrics,\n PatchResult,\n RemediateOptions,\n RemediationReport,\n VulnerablePackage,\n} from \"../platform/types.js\";\nimport { runLocalRemediationPipeline } from \"./local/index.js\";\nimport { accumulateStepResults } from \"./strategies/pipeline-telemetry.js\";\nimport {\n createPipelineRuntime,\n createProgressEmitter,\n createRuntimeToolsForRun,\n} from \"./pipeline-runtime/index.js\";\n\nexport async function runRemediationPipeline(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n const provider = resolveProvider(options);\n if (provider === \"local\") {\n return runLocalRemediationPipeline(cveId, options);\n }\n\n const emitProgress = createProgressEmitter(options);\n\n emitProgress(\"pipeline-start\", `Starting remediation for ${cveId}.`, { provider });\n\n const runtime = await createPipelineRuntime(cveId, options);\n const { model, modelName, prompt, systemPrompt } = runtime;\n emitProgress(\"model-selected\", `Selected model ${modelName}.`, { provider, model: modelName });\n\n let collectedResults: PatchResult[] = [];\n let vulnerablePackages: VulnerablePackage[] = [];\n let cveDetails: CveDetails | null = null;\n let agentSteps = 0;\n\n function getDependencyScope(packageName: string): \"direct\" | \"transitive\" | undefined {\n const match = vulnerablePackages.find((pkg) => pkg.installed.name === packageName);\n if (!match) return undefined;\n return match.installed.type === \"direct\" ? \"direct\" : \"transitive\";\n }\n const tools = createRuntimeToolsForRun(options);\n\n const started = Date.now();\n const result = await generateText({\n model,\n system: systemPrompt,\n prompt,\n tools: tools as any,\n maxSteps: 25,\n onStepFinish(stepResult) {\n agentSteps += 1;\n\n const toolResults = (stepResult.toolResults ?? []) as Array<{\n toolName: string;\n result?: unknown;\n }>;\n\n const aggregation = accumulateStepResults({\n toolResults,\n cveDetails,\n vulnerablePackages,\n collectedResults,\n getDependencyScope,\n });\n cveDetails = aggregation.cveDetails;\n vulnerablePackages = aggregation.vulnerablePackages;\n collectedResults = aggregation.collectedResults;\n\n emitProgress(\"agent-step\", `Completed agent step ${agentSteps} with ${toolResults.length} tool result(s).`, {\n provider,\n model: modelName,\n });\n },\n });\n\n const llmUsage: LlmUsageMetrics[] = [\n {\n purpose: \"orchestration\",\n provider,\n model: modelName,\n latencyMs: Date.now() - started,\n promptChars: prompt.length + systemPrompt.length,\n completionChars: result.text.length,\n estimatedCostUsd: estimateModelCostUsd({\n provider,\n promptChars: prompt.length + systemPrompt.length,\n completionChars: result.text.length,\n }),\n },\n ];\n\n emitProgress(\"pipeline-finish\", `Completed remediation with ${collectedResults.length} result(s).`, {\n provider,\n model: modelName,\n });\n\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: result.text,\n llmUsage,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n}\n","/**\n * Shared HTTP client wrapper for all non-SDK external API calls.\n *\n * Provides a consistent interface for JSON API calls with:\n * - Unified error handling and logging\n * - Timeout and retry semantics\n * - Request/response validation\n * - No external dependencies (uses native fetch)\n *\n * Used for: OSV, CVE Services, npm registry, EPSS, deps.dev, Scorecard.\n */\n\nexport interface HttpClientRequest {\n url: string | URL;\n method?: \"GET\" | \"POST\" | \"PUT\" | \"DELETE\";\n headers?: Record<string, string>;\n body?: unknown;\n timeout?: number;\n}\n\nexport interface HttpClientResponse<T = unknown> {\n status: number;\n ok: boolean;\n data: T;\n text: string;\n}\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\n\nasync function requestWithTimeout(\n url: string | URL,\n init: RequestInit,\n timeoutMs: number\n): Promise<Response> {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeoutMs);\n\n try {\n return await fetch(url, { ...init, signal: controller.signal });\n } finally {\n clearTimeout(timeoutId);\n }\n}\n\n/**\n * Execute an HTTP request with timeout, error handling, and response parsing.\n *\n * @param request - HTTP request configuration\n * @returns Parsed response with status, ok flag, and data\n * @throws HttpError on network failure or timeout (caught errors are logged and safe to continue)\n */\nexport async function httpClient(request: HttpClientRequest): Promise<HttpClientResponse> {\n const {\n url,\n method = \"GET\",\n headers = {},\n body,\n timeout = DEFAULT_TIMEOUT_MS,\n } = request;\n\n const init: RequestInit = {\n method,\n headers: {\n \"Accept\": \"application/json\",\n ...headers,\n },\n };\n\n if (body !== undefined) {\n init.body =\n typeof body === \"string\"\n ? body\n : JSON.stringify(body);\n const headersObj = (init.headers ?? {}) as Record<string, string>;\n if (!headersObj[\"Content-Type\"]) {\n headersObj[\"Content-Type\"] = \"application/json\";\n }\n init.headers = headersObj;\n }\n\n try {\n const res = await requestWithTimeout(url, init, timeout);\n const text = await res.text();\n\n // Parse JSON if response has content, otherwise return empty object\n let data: unknown;\n try {\n data = text ? JSON.parse(text) : {};\n } catch {\n // Response is not JSON; store as-is\n data = text;\n }\n\n return {\n status: res.status,\n ok: res.ok,\n data,\n text,\n };\n } catch (err) {\n // Timeout or network error\n const errorMsg = err instanceof Error ? err.message : String(err);\n if (errorMsg.includes(\"AbortError\")) {\n throw new HttpError(`Request timeout after ${timeout}ms`, \"TIMEOUT\");\n }\n throw new HttpError(`Network error: ${errorMsg}`, \"NETWORK_ERROR\");\n }\n}\n\n/**\n * Execute an HTTP request and throw if response is not ok.\n * Returns parsed JSON data on success.\n */\nexport async function httpClientJson<T = unknown>(\n request: HttpClientRequest\n): Promise<T> {\n const res = await httpClient(request);\n if (!res.ok) {\n throw new HttpError(\n `HTTP ${res.status}: ${res.text}`,\n \"HTTP_ERROR\"\n );\n }\n return res.data as T;\n}\n\n/**\n * Custom error class for HTTP client failures.\n */\nexport class HttpError extends Error {\n constructor(\n message: string,\n public readonly code: \"TIMEOUT\" | \"NETWORK_ERROR\" | \"HTTP_ERROR\"\n ) {\n super(message);\n this.name = \"HttpError\";\n }\n}\n","/**\n * OSV API client (https://osv.dev)\n *\n * Used as the primary source for CVE → affected npm package mapping.\n * No auth required. SEMVER event ranges are machine-readable.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { AffectedPackage, CveDetails } from \"../../platform/types.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nconst OSV_BASE = \"https://api.osv.dev/v1\";\n\n\n// ---------------------------------------------------------------------------\n// Raw OSV response types\n// ---------------------------------------------------------------------------\n\ninterface OsvSemverEvent {\n introduced?: string;\n fixed?: string;\n last_affected?: string;\n limit?: string;\n}\n\ninterface OsvRange {\n type: \"SEMVER\" | \"GIT\" | \"ECOSYSTEM\";\n events: OsvSemverEvent[];\n repo?: string;\n}\n\ninterface OsvAffected {\n package: {\n name: string;\n ecosystem: string;\n purl?: string;\n };\n ranges?: OsvRange[];\n versions?: string[];\n database_specific?: Record<string, unknown>;\n ecosystem_specific?: Record<string, unknown>;\n}\n\ninterface OsvVulnerability {\n id: string;\n aliases?: string[];\n summary?: string;\n details?: string;\n severity?: Array<{\n type: string;\n score: string;\n }>;\n affected?: OsvAffected[];\n references?: Array<{ type: string; url: string }>;\n schema_version?: string;\n modified?: string;\n published?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Fetch a vulnerability by CVE ID (or any OSV/GHSA ID).\n * Returns null if the CVE is not found in OSV.\n */\nexport async function fetchOsvVuln(cveId: string): Promise<OsvVulnerability | null> {\n const url = `${OSV_BASE}/vulns/${encodeURIComponent(cveId)}`;\n\n try {\n const res = await httpClient({ url });\n\n if (res.status === 404) return null;\n if (!res.ok) {\n throw new Error(`OSV API error ${res.status} for ${cveId}: ${res.text}`);\n }\n\n return res.data as OsvVulnerability;\n } catch (err) {\n // If httpClient throws (timeout, network error), convert to HTTP error\n if (err instanceof Error) {\n throw new Error(`OSV API error for ${cveId}: ${err.message}`);\n }\n throw err;\n }\n}\n\n/**\n * Convert an OSV SEMVER range event array to a semver range string.\n * OSV uses ordered [introduced, fixed) events.\n * e.g. [{ introduced: \"0\" }, { fixed: \"4.17.21\" }] → \">=0.0.0 <4.17.21\"\n */\nfunction osvEventsToSemverRange(events: OsvSemverEvent[]): string {\n const parts: string[] = [];\n\n for (const event of events) {\n if (event.introduced !== undefined) {\n const v = event.introduced === \"0\" ? \"0.0.0\" : event.introduced;\n parts.push(`>=${v}`);\n }\n if (event.fixed !== undefined) {\n parts.push(`<${event.fixed}`);\n }\n if (event.last_affected !== undefined) {\n parts.push(`<=${event.last_affected}`);\n }\n }\n\n return parts.join(\" \") || \">=0.0.0\";\n}\n\n/**\n * Parse an OSV vulnerability into autoremediator's CveDetails shape,\n * filtering affected entries to npm ecosystem only.\n */\nexport function parseOsvVuln(vuln: OsvVulnerability): CveDetails {\n const npmAffected: AffectedPackage[] = [];\n\n for (const affected of vuln.affected ?? []) {\n const ecosystem = affected.package?.ecosystem;\n const packageName = affected.package?.name;\n if (!ecosystem || typeof ecosystem !== \"string\") continue;\n if (!packageName || typeof packageName !== \"string\") continue;\n if (ecosystem.toLowerCase() !== \"npm\") continue;\n\n // Find the best SEMVER range\n const semverRange = affected.ranges?.find((r) => r.type === \"SEMVER\");\n const vulnerableRange = semverRange\n ? osvEventsToSemverRange(semverRange.events)\n : \">=0.0.0\";\n\n // Derive firstPatchedVersion from the \"fixed\" event\n const fixedEvent = semverRange?.events.find((e) => e.fixed !== undefined);\n\n npmAffected.push({\n name: packageName,\n ecosystem: \"npm\",\n vulnerableRange,\n firstPatchedVersion: fixedEvent?.fixed,\n source: \"osv\",\n });\n }\n\n // Best-effort severity from CVSS score string (e.g. \"CVSS:3.1/.../7.5\")\n const severity = deriveSeverity(vuln.severity);\n\n return {\n id: vuln.id,\n summary: vuln.summary ?? vuln.details ?? \"No summary available.\",\n severity,\n references: vuln.references?.map((r) => r.url) ?? [],\n affectedPackages: npmAffected,\n };\n}\n\nfunction deriveSeverity(\n severityEntries?: OsvVulnerability[\"severity\"]\n): CveDetails[\"severity\"] {\n if (!severityEntries?.length) return \"UNKNOWN\";\n\n // Prefer CVSS_V3 type\n const cvssEntry =\n severityEntries.find((s) => s.type === \"CVSS_V3\") ?? severityEntries[0];\n\n // Extract base score from vector string, e.g. \"CVSS:3.1/AV:N/AC:L/.../7.5/...\"\n const scoreMatch = cvssEntry.score.match(/(\\d+\\.\\d+)$/);\n if (scoreMatch) {\n const score = parseFloat(scoreMatch[1]);\n if (score >= 9.0) return \"CRITICAL\";\n if (score >= 7.0) return \"HIGH\";\n if (score >= 4.0) return \"MEDIUM\";\n return \"LOW\";\n }\n\n return \"UNKNOWN\";\n}\n\n/** High-level convenience: fetch + parse */\nexport async function lookupCveOsv(cveId: string): Promise<CveDetails | null> {\n const vuln = await fetchOsvVuln(cveId);\n if (!vuln) return null;\n return parseOsvVuln(vuln);\n}\n","/**\n * GitHub Advisory Database API client\n *\n * Used as a secondary source to enrich CVE data with `first_patched_version`.\n * Unauthenticated access works; set GITHUB_TOKEN env var for higher rate limits.\n *\n * Uses official Octokit SDK (@octokit/rest) for all HTTP communication.\n */\nimport { Octokit } from \"@octokit/rest\";\nimport type { AffectedPackage, CveDetails } from \"../../platform/types.js\";\nimport { getGitHubToken } from \"../../platform/config.js\";\n\n// ---------------------------------------------------------------------------\n// Raw GitHub Advisory response types\n// ---------------------------------------------------------------------------\n\ninterface GhVulnerability {\n package: {\n ecosystem: string;\n name: string;\n };\n vulnerable_version_range: string | null;\n first_patched_version: string | null;\n}\n\ninterface GhAdvisory {\n ghsa_id: string;\n cve_id: string | null;\n summary: string;\n severity: \"low\" | \"medium\" | \"high\" | \"critical\" | \"unknown\";\n vulnerabilities: GhVulnerability[];\n cvss?: { score: number; vector_string: string };\n references: Array<{ url: string }>;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Create an Octokit client with auth if available.\n */\nfunction createOctokitClient(): Octokit {\n const token = getGitHubToken();\n return new Octokit(token ? { auth: `token ${token}` } : {});\n}\n\n/**\n * Fetch GitHub advisories for a given CVE ID filtered to npm ecosystem.\n * Returns an empty array if none found.\n */\nexport async function fetchGhAdvisories(cveId: string): Promise<GhAdvisory[]> {\n const octokit = createOctokitClient();\n\n try {\n // Octokit v22.0.1: Use the advisories endpoint with proper parameters\n const response = await octokit.request(\"GET /advisories\", {\n cve_id: cveId,\n ecosystem: \"npm\",\n type: \"reviewed\",\n per_page: 10,\n headers: {\n \"X-GitHub-Api-Version\": \"2022-11-28\",\n },\n } as any);\n\n return response.data as unknown as GhAdvisory[];\n } catch (err) {\n // Non-fatal: log and return empty so OSV can still succeed\n const errorMsg = err instanceof Error ? err.message : String(err);\n console.warn(\n `[autoremediator] GitHub Advisory API error for ${cveId}: ${errorMsg} — skipping.`\n );\n return [];\n }\n}\n\n/**\n * Parse GitHub advisories into AffectedPackage entries.\n * Deduplication against OSV results is handled in lookup-cve.ts.\n */\nexport function parseGhAdvisories(advisories: GhAdvisory[]): AffectedPackage[] {\n const packages: AffectedPackage[] = [];\n\n for (const advisory of advisories) {\n for (const vuln of advisory.vulnerabilities) {\n if (vuln.package.ecosystem.toLowerCase() !== \"npm\") continue;\n\n packages.push({\n name: vuln.package.name,\n ecosystem: \"npm\",\n vulnerableRange: vuln.vulnerable_version_range ?? \">=0.0.0\",\n firstPatchedVersion: vuln.first_patched_version ?? undefined,\n source: \"github-advisory\",\n });\n }\n }\n\n return packages;\n}\n\n/**\n * Merge data from GitHub advisory into a CveDetails object built from OSV.\n * Fills in `firstPatchedVersion` where OSV didn't have it, and enriches CVSS.\n */\nexport function mergeGhDataIntoCveDetails(\n details: CveDetails,\n ghPackages: AffectedPackage[]\n): CveDetails {\n const enriched = { ...details };\n\n for (const ghPkg of ghPackages) {\n const existing = enriched.affectedPackages.find(\n (p) => p.name === ghPkg.name\n );\n\n if (existing) {\n // Backfill firstPatchedVersion if OSV didn't have it\n if (!existing.firstPatchedVersion && ghPkg.firstPatchedVersion) {\n existing.firstPatchedVersion = ghPkg.firstPatchedVersion;\n }\n } else {\n // Package only known via GitHub Advisory (not yet in OSV)\n enriched.affectedPackages.push(ghPkg);\n }\n }\n\n return enriched;\n}\n\n/** High-level convenience: fetch + parse, returns enrichment packages */\nexport async function lookupCveGitHub(cveId: string): Promise<AffectedPackage[]> {\n const advisories = await fetchGhAdvisories(cveId);\n return parseGhAdvisories(advisories);\n}\n","/**\n * NVD (National Vulnerability Database) API v2 client\n *\n * Used ONLY for fetching authoritative CVSS scores and severity.\n * NVD CPE data is too inconsistent for npm package discovery — use OSV for that.\n *\n * Rate limits: 5 req/30s without key, 50 req/30s with AUTOREMEDIATOR_NVD_API_KEY\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getNvdConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nconst NVD_BASE = \"https://services.nvd.nist.gov/rest/json/cves/2.0\";\n\ninterface NvdCvssMetric {\n cvssData: {\n baseScore: number;\n baseSeverity: string;\n vectorString: string;\n };\n}\n\ninterface NvdVulnerability {\n cve: {\n id: string;\n metrics?: {\n cvssMetricV31?: NvdCvssMetric[];\n cvssMetricV30?: NvdCvssMetric[];\n cvssMetricV2?: NvdCvssMetric[];\n };\n references?: Array<{ url: string; tags?: string[] }>;\n };\n}\n\ninterface NvdResponse {\n vulnerabilities?: NvdVulnerability[];\n totalResults?: number;\n}\n\nfunction buildNvdHeaders(): Record<string, string> {\n const { apiKey } = getNvdConfig();\n const headers: Record<string, string> = { Accept: \"application/json\" };\n if (apiKey) {\n headers.apiKey = apiKey;\n }\n return headers;\n}\n\n/**\n * Fetch CVSS score for a CVE from NVD.\n * Returns undefined if NVD doesn't have data or the request fails.\n * Non-fatal — callers should handle undefined gracefully.\n */\nexport async function fetchNvdCvss(\n cveId: string\n): Promise<{ score: number; severity: CveDetails[\"severity\"] } | undefined> {\n const url = `${NVD_BASE}?cveId=${encodeURIComponent(cveId)}`;\n const headers = buildNvdHeaders();\n\n try {\n const res = await httpClient({ url, headers });\n if (!res.ok) return undefined;\n\n const data = res.data as NvdResponse;\n const vuln = data.vulnerabilities?.[0];\n if (!vuln) return undefined;\n\n const metrics = vuln.cve.metrics;\n const metric =\n metrics?.cvssMetricV31?.[0] ??\n metrics?.cvssMetricV30?.[0] ??\n metrics?.cvssMetricV2?.[0];\n\n if (!metric) return undefined;\n\n const score = metric.cvssData.baseScore;\n const rawSeverity = metric.cvssData.baseSeverity.toUpperCase();\n\n const severityMap: Record<string, CveDetails[\"severity\"]> = {\n CRITICAL: \"CRITICAL\",\n HIGH: \"HIGH\",\n MEDIUM: \"MEDIUM\",\n LOW: \"LOW\",\n };\n\n return {\n score,\n severity: severityMap[rawSeverity] ?? \"UNKNOWN\",\n };\n } catch {\n // NVD is non-critical; don't crash the pipeline on network failures\n return undefined;\n }\n}\n\n/**\n * Enrich an existing CveDetails with NVD CVSS data.\n * Mutates in place and returns the same object.\n */\nexport async function enrichWithNvd(details: CveDetails): Promise<CveDetails> {\n const cvss = await fetchNvdCvss(details.id);\n if (cvss) {\n details.cvssScore = cvss.score;\n if (details.severity === \"UNKNOWN\") {\n details.severity = cvss.severity;\n }\n }\n return details;\n}\n","/**\n * npm registry API client\n *\n * Used to:\n * - Fetch the full list of published versions for a package\n * - Find the lowest semver-compatible safe upgrade from `firstPatchedVersion`\n * - Download tarballs for patch generation (fallback path)\n *\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport semver from \"semver\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nconst NPM_REGISTRY = \"https://registry.npmjs.org\";\n\nexport type SafeUpgradeLevel = \"patch\" | \"minor\" | \"major\";\n\nexport interface SafeUpgradeResolution {\n safeVersion?: string;\n upgradeLevel?: SafeUpgradeLevel;\n candidates: Partial<Record<SafeUpgradeLevel, string>>;\n majorOnlyFixAvailable: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Raw registry types (abbreviated)\n// ---------------------------------------------------------------------------\n\ninterface NpmPackument {\n name: string;\n versions: Record<string, { version: string; dist: { tarball: string } }>;\n \"dist-tags\": Record<string, string>;\n time: Record<string, string>;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Fetch all published versions for an npm package.\n * Returns an empty array if the package is not found.\n */\nexport async function fetchPackageVersions(packageName: string): Promise<string[]> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}`;\n\n try {\n const res = await httpClient({ url });\n\n if (res.status === 404) return [];\n if (!res.ok) {\n throw new Error(\n `npm registry error ${res.status} for \"${packageName}\": ${res.text}`\n );\n }\n\n const data = res.data as NpmPackument;\n return Object.keys(data.versions);\n } catch (err) {\n // If httpClient throws (timeout, network error), treat as not found\n if (err instanceof Error && err.message.includes(\"registry error\")) {\n throw err;\n }\n return [];\n }\n}\n\n/**\n * Find the lowest published version that satisfies `>= firstPatchedVersion`\n * and is semver-compatible with the currently installed version (same major,\n * unless there is no same-major option).\n *\n * Strategy:\n * 1. Try same-major, lowest version >= firstPatchedVersion\n * 2. Fallback: any published version >= firstPatchedVersion (lowest)\n * 3. Returns undefined if nothing found\n */\nexport async function findSafeUpgradeVersion(\n packageName: string,\n installedVersion: string,\n firstPatchedVersion: string,\n vulnerableRange?: string\n): Promise<string | undefined> {\n const resolution = await resolveSafeUpgradeVersion(\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange\n );\n\n return resolution.safeVersion;\n}\n\nexport async function resolveSafeUpgradeVersion(\n packageName: string,\n installedVersion: string,\n firstPatchedVersion: string,\n vulnerableRange?: string\n): Promise<SafeUpgradeResolution> {\n const versions = await fetchPackageVersions(packageName);\n if (!versions.length) {\n return {\n candidates: {},\n majorOnlyFixAvailable: false,\n };\n }\n\n const installed = semver.parse(installedVersion);\n\n // All versions >= firstPatchedVersion, sorted ascending\n const candidates = versions\n .filter((v) => semver.valid(v) && semver.gte(v, firstPatchedVersion))\n .filter((v) => {\n if (!vulnerableRange) return true;\n try {\n return !semver.satisfies(v, vulnerableRange, { includePrerelease: false });\n } catch {\n // If vulnerable range cannot be parsed, avoid filtering out candidates.\n return true;\n }\n })\n .sort(semver.compare);\n\n if (!candidates.length) {\n return {\n candidates: {},\n majorOnlyFixAvailable: false,\n };\n }\n\n const categorizedCandidates: SafeUpgradeResolution[\"candidates\"] = {};\n\n for (const candidate of candidates) {\n const level = classifyUpgradeLevel(installedVersion, candidate);\n if (!level) continue;\n if (!categorizedCandidates[level]) {\n categorizedCandidates[level] = candidate;\n }\n }\n\n const safeVersion =\n categorizedCandidates.patch ?? categorizedCandidates.minor ?? categorizedCandidates.major;\n\n if (!safeVersion) {\n return {\n candidates: categorizedCandidates,\n majorOnlyFixAvailable: false,\n };\n }\n\n const upgradeLevel = classifyUpgradeLevel(installedVersion, safeVersion);\n const majorOnlyFixAvailable =\n !categorizedCandidates.patch &&\n !categorizedCandidates.minor &&\n Boolean(categorizedCandidates.major);\n\n if (!installed || !upgradeLevel) {\n return {\n safeVersion,\n upgradeLevel,\n candidates: categorizedCandidates,\n majorOnlyFixAvailable,\n };\n }\n\n return {\n safeVersion,\n upgradeLevel,\n candidates: categorizedCandidates,\n majorOnlyFixAvailable,\n };\n}\n\nfunction classifyUpgradeLevel(\n installedVersion: string,\n candidateVersion: string\n): SafeUpgradeLevel | undefined {\n const installed = semver.parse(installedVersion);\n const candidate = semver.parse(candidateVersion);\n\n if (!installed || !candidate) return undefined;\n if (candidate.major > installed.major) return \"major\";\n if (candidate.minor > installed.minor) return \"minor\";\n if (candidate.patch > installed.patch || candidate.version === installed.version) {\n return \"patch\";\n }\n\n return undefined;\n}\n\n/**\n * Get the tarball URL for a specific package version.\n * Used by the patch generation fallback path.\n */\nexport async function getTarballUrl(\n packageName: string,\n version: string\n): Promise<string | undefined> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}/${encodeURIComponent(version)}`;\n\n try {\n const res = await httpClient({ url });\n\n if (!res.ok) return undefined;\n\n const data = res.data as {\n dist?: { tarball?: string };\n };\n return data.dist?.tarball;\n } catch {\n return undefined;\n }\n}\n","/**\n * Tool: apply-version-bump\n *\n * Updates the consumer's package.json to the safe version and runs npm install.\n * Respects --dry-run: in dry-run mode it reports what would happen but writes nothing.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { join } from \"node:path\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { execa } from \"execa\";\nimport semver from \"semver\";\nimport type { PatchResult } from \"../../platform/types.js\";\nimport { isPackageAllowed, loadPolicy } from \"../../platform/policy.js\";\nimport { withRepoLock } from \"../../platform/repo-lock.js\";\nimport {\n detectPackageManager,\n getYarnMajorVersion,\n resolveDedupeCommand,\n resolveInstallCommand,\n resolveTestCommand,\n type PackageManager,\n} from \"../../platform/package-manager/index.js\";\n\ninterface RawPackageJson {\n dependencies?: Record<string, string>;\n devDependencies?: Record<string, string>;\n peerDependencies?: Record<string, string>;\n [key: string]: unknown;\n}\n\ntype DepField = \"dependencies\" | \"devDependencies\" | \"peerDependencies\";\n\nexport const applyVersionBumpTool = tool({\n description:\n \"Update package.json to use the safe version of a vulnerable package and run the project's package manager install. In dry-run mode, only reports what would change.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project root\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n packageName: z.string().describe(\"The npm package to upgrade\"),\n fromVersion: z.string().describe(\"The currently installed vulnerable version\"),\n toVersion: z.string().describe(\"The safe target version to upgrade to\"),\n dryRun: z.boolean().default(false).describe(\"If true, report changes but do not write\"),\n policy: z\n .string()\n .optional()\n .describe(\"Optional path to .autoremediator policy file\"),\n runTests: z\n .boolean()\n .default(false)\n .describe(\"If true, run test validation after applying the fix\"),\n installMode: z.enum([\"standard\", \"prefer-offline\", \"deterministic\"]).optional(),\n installPreferOffline: z.boolean().optional(),\n enforceFrozenLockfile: z.boolean().optional(),\n workspace: z.string().optional(),\n }),\n execute: async ({\n cwd,\n packageManager,\n packageName,\n fromVersion,\n toVersion,\n dryRun,\n policy,\n runTests,\n installMode,\n installPreferOffline,\n enforceFrozenLockfile,\n workspace,\n }): Promise<PatchResult> => {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const pkgPath = join(cwd, \"package.json\");\n const loadedPolicy = loadPolicy(cwd, policy);\n const commandConstraints = {\n ...loadedPolicy.constraints,\n installMode: installMode ?? loadedPolicy.constraints?.installMode,\n installPreferOffline: installPreferOffline ?? loadedPolicy.constraints?.installPreferOffline,\n enforceFrozenLockfile: enforceFrozenLockfile ?? loadedPolicy.constraints?.enforceFrozenLockfile,\n workspace: workspace ?? loadedPolicy.constraints?.workspace,\n };\n const yarnMajor = pm === \"yarn\" ? await getYarnMajorVersion(cwd) : undefined;\n const installCommand = resolveInstallCommand(pm, commandConstraints, yarnMajor);\n const testCommand = resolveTestCommand(pm, commandConstraints);\n const dedupeCommand = resolveDedupeCommand(pm, commandConstraints);\n\n if (!isPackageAllowed(loadedPolicy, packageName)) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"policy-blocked\",\n message: `Policy blocked changes for package \"${packageName}\".`,\n };\n }\n\n const isMajorBump =\n semver.valid(fromVersion) &&\n semver.valid(toVersion) &&\n semver.major(toVersion) > semver.major(fromVersion);\n\n if (isMajorBump && !loadedPolicy.allowMajorBumps) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"major-bump-required\",\n message: `Policy blocked major bump for \"${packageName}\" (${fromVersion} -> ${toVersion}).`,\n };\n }\n\n let pkgJson: RawPackageJson;\n try {\n pkgJson = JSON.parse(readFileSync(pkgPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"package-json-not-found\",\n message: `Could not read package.json at \"${pkgPath}\".`,\n };\n }\n\n // Locate which dependency field this package lives in\n const depField = ([\"dependencies\", \"devDependencies\", \"peerDependencies\"] as DepField[]).find(\n (f) => pkgJson[f]?.[packageName] !== undefined\n );\n\n if (!depField) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"indirect-dependency\",\n message: `\"${packageName}\" was not found in package.json dependencies (it may be a transitive dep). Cannot auto-bump.`,\n };\n }\n\n const currentRange = pkgJson[depField]![packageName]!;\n\n // Preserve the range prefix (^, ~, empty) from the existing entry\n const prefixMatch = currentRange.match(/^([~^]?)/);\n const prefix = prefixMatch?.[1] ?? \"\";\n const newRange = `${prefix}${toVersion}`;\n\n if (dryRun) {\n const installCmd = installCommand.join(\" \");\n const testCmd = testCommand.join(\" \");\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would update ${depField}.${packageName}: \"${currentRange}\" -> \"${newRange}\", then run ${installCmd}${runTests ? ` and ${testCmd}` : \"\"}${dedupeCommand.length > 0 ? ` and ${dedupeCommand.join(\" \")} (best-effort)` : \"\"}.`,\n };\n }\n\n return withRepoLock(cwd, async () => {\n // Write updated package.json\n pkgJson[depField]![packageName] = newRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n // Run package-manager install\n try {\n const [installCmd, ...installArgs] = installCommand;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n // Revert the package.json change on install failure\n pkgJson[depField]![packageName] = currentRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"install-failed\",\n message: `${installCommand.join(\" \")} failed after updating \"${packageName}\" to ${toVersion}. Reverted. Error: ${message}`,\n };\n }\n\n if (runTests) {\n try {\n const [testCmd, ...testArgs] = testCommand;\n await execa(testCmd, testArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n // Roll back both manifest and lock state by restoring dep range and reinstalling.\n pkgJson[depField]![packageName] = currentRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [rollbackCmd, ...rollbackArgs] = installCommand;\n await execa(rollbackCmd, rollbackArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch {\n // Ignore rollback install failure and return original test failure context.\n }\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"validation-failed\",\n message: `${testCommand.join(\" \")} failed after upgrading \"${packageName}\" to ${toVersion}. Rolled back to ${currentRange}. Error: ${message}`,\n };\n }\n }\n\n let dedupeNote = \"\";\n try {\n const [dedupeCmd, ...dedupeArgs] = dedupeCommand;\n await execa(dedupeCmd, dedupeArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n dedupeNote = ` Dedupe warning: ${dedupeCommand.join(\" \")} failed (${message}).`;\n }\n\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: true,\n dryRun: false,\n message: `Successfully upgraded \"${packageName}\" from ${fromVersion} to ${toVersion}, ran ${installCommand.join(\" \")}${runTests ? `, and passed ${testCommand.join(\" \")}` : \"\"}.${dedupeNote}`,\n };\n });\n },\n});\n","import { mkdir, rm } from \"node:fs/promises\";\nimport { join } from \"node:path\";\n\ninterface RepoLockOptions {\n timeoutMs?: number;\n retryDelayMs?: number;\n}\n\ninterface RepoLock {\n lockPath: string;\n release: () => Promise<void>;\n}\n\nasync function sleep(ms: number): Promise<void> {\n await new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nexport async function acquireRepoLock(cwd: string, options: RepoLockOptions = {}): Promise<RepoLock> {\n const timeoutMs = options.timeoutMs ?? 15000;\n const retryDelayMs = options.retryDelayMs ?? 125;\n const lockRoot = join(cwd, \".autoremediator\", \"locks\");\n const lockPath = join(cwd, \".autoremediator\", \"locks\", \"remediation.lock\");\n const startedAt = Date.now();\n\n await mkdir(lockRoot, { recursive: true });\n\n while (true) {\n try {\n await mkdir(lockPath, { recursive: false });\n return {\n lockPath,\n release: async () => {\n await rm(lockPath, { recursive: true, force: true });\n },\n };\n } catch {\n if (Date.now() - startedAt > timeoutMs) {\n throw new Error(`Timed out waiting for repository lock at ${lockPath}.`);\n }\n await sleep(retryDelayMs);\n }\n }\n}\n\nexport async function withRepoLock<T>(cwd: string, fn: () => Promise<T>, options?: RepoLockOptions): Promise<T> {\n const lock = await acquireRepoLock(cwd, options);\n try {\n return await fn();\n } finally {\n await lock.release();\n }\n}\n","import { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { join } from \"node:path\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { execa } from \"execa\";\nimport semver from \"semver\";\nimport type { PatchResult } from \"../../../platform/types.js\";\nimport { isPackageAllowed, loadPolicy } from \"../../../platform/policy.js\";\nimport { withRepoLock } from \"../../../platform/repo-lock.js\";\nimport {\n detectPackageManager,\n getYarnMajorVersion,\n resolveDedupeCommand,\n resolveInstallCommand,\n resolveTestCommand,\n type PackageManager,\n} from \"../../../platform/package-manager/index.js\";\nimport {\n collectDependencyTrace,\n describeOverrideField,\n getOverrideValue,\n restoreOverrideValue,\n setOverrideValue,\n type RawPackageJson,\n} from \"./helpers.js\";\n\nexport const applyPackageOverrideTool = tool({\n description:\n \"Apply a package-manager-native package.json override for a vulnerable transitive dependency and reinstall. Uses npm overrides, pnpm.overrides, or yarn resolutions.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project root\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n packageName: z.string().describe(\"The npm package to override\"),\n selector: z\n .string()\n .optional()\n .describe(\"Optional manager-native override selector key (for nested or scoped overrides)\"),\n fromVersion: z.string().describe(\"The currently installed vulnerable version\"),\n toVersion: z.string().describe(\"The safe target version to override to\"),\n dryRun: z.boolean().default(false).describe(\"If true, report changes but do not write\"),\n policy: z.string().optional().describe(\"Optional path to .autoremediator policy file\"),\n runTests: z.boolean().default(false).describe(\"If true, run test validation after applying the override\"),\n installMode: z.enum([\"standard\", \"prefer-offline\", \"deterministic\"]).optional(),\n installPreferOffline: z.boolean().optional(),\n enforceFrozenLockfile: z.boolean().optional(),\n workspace: z.string().optional(),\n }),\n execute: async ({\n cwd,\n packageManager,\n packageName,\n selector,\n fromVersion,\n toVersion,\n dryRun,\n policy,\n runTests,\n installMode,\n installPreferOffline,\n enforceFrozenLockfile,\n workspace,\n }): Promise<PatchResult> => {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const pkgPath = join(cwd, \"package.json\");\n const loadedPolicy = loadPolicy(cwd, policy);\n const commandConstraints = {\n ...loadedPolicy.constraints,\n installMode: installMode ?? loadedPolicy.constraints?.installMode,\n installPreferOffline: installPreferOffline ?? loadedPolicy.constraints?.installPreferOffline,\n enforceFrozenLockfile: enforceFrozenLockfile ?? loadedPolicy.constraints?.enforceFrozenLockfile,\n workspace: workspace ?? loadedPolicy.constraints?.workspace,\n };\n const yarnMajor = pm === \"yarn\" ? await getYarnMajorVersion(cwd) : undefined;\n const installCommand = resolveInstallCommand(pm, commandConstraints, yarnMajor);\n const testCommand = resolveTestCommand(pm, commandConstraints);\n const dedupeCommand = resolveDedupeCommand(pm, commandConstraints);\n const overrideSelector = selector?.trim() || packageName;\n\n if (!isPackageAllowed(loadedPolicy, packageName)) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"policy-blocked\",\n message: `Policy blocked changes for package \"${packageName}\".`,\n };\n }\n\n const isMajorBump =\n semver.valid(fromVersion) &&\n semver.valid(toVersion) &&\n semver.major(toVersion) > semver.major(fromVersion);\n\n if (isMajorBump && !loadedPolicy.allowMajorBumps) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"major-bump-required\",\n message: `Policy blocked major override for \"${packageName}\" (${fromVersion} -> ${toVersion}).`,\n };\n }\n\n let pkgJson: RawPackageJson;\n try {\n pkgJson = JSON.parse(readFileSync(pkgPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"package-json-not-found\",\n message: `Could not read package.json at \"${pkgPath}\".`,\n };\n }\n\n const overrideLabel = describeOverrideField(pm);\n const previousValue = getOverrideValue(pkgJson, pm, overrideSelector);\n\n const dependencyTrace = await collectDependencyTrace(cwd, pm, packageName, commandConstraints);\n const dependencyTraceSuffix = dependencyTrace ? ` Dependency trace: ${dependencyTrace}` : \"\";\n\n if (dryRun) {\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would set ${overrideLabel}.${overrideSelector} to \"${toVersion}\", then run ${installCommand.join(\" \")}${runTests ? ` and ${testCommand.join(\" \")}` : \"\"}${dedupeCommand.length > 0 ? ` and ${dedupeCommand.join(\" \")} (best-effort)` : \"\"}.${dependencyTraceSuffix}`,\n };\n }\n\n return withRepoLock(cwd, async () => {\n setOverrideValue(pkgJson, pm, overrideSelector, toVersion);\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [installCmd, ...installArgs] = installCommand;\n await execa(installCmd, installArgs, { cwd, stdio: \"pipe\" });\n } catch (err) {\n restoreOverrideValue(pkgJson, pm, overrideSelector, previousValue);\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"override-apply-failed\",\n message: `${installCommand.join(\" \")} failed after applying ${overrideLabel} for \"${overrideSelector}\" to ${toVersion}. Reverted. Error: ${message}${dependencyTraceSuffix}`,\n };\n }\n\n if (runTests) {\n try {\n const [testCmd, ...testArgs] = testCommand;\n await execa(testCmd, testArgs, { cwd, stdio: \"pipe\" });\n } catch (err) {\n restoreOverrideValue(pkgJson, pm, overrideSelector, previousValue);\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [rollbackCmd, ...rollbackArgs] = installCommand;\n await execa(rollbackCmd, rollbackArgs, { cwd, stdio: \"pipe\" });\n } catch {\n // Ignore rollback install failure and return original test failure context.\n }\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"validation-failed\",\n message: `${testCommand.join(\" \")} failed after applying ${overrideLabel} for \"${overrideSelector}\" to ${toVersion}. Reverted. Error: ${message}${dependencyTraceSuffix}`,\n };\n }\n }\n\n let dedupeNote = \"\";\n try {\n const [dedupeCmd, ...dedupeArgs] = dedupeCommand;\n await execa(dedupeCmd, dedupeArgs, { cwd, stdio: \"pipe\" });\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n dedupeNote = ` Dedupe warning: ${dedupeCommand.join(\" \")} failed (${message}).`;\n }\n\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: true,\n dryRun: false,\n message: `Successfully applied ${overrideLabel} for \"${overrideSelector}\" from ${fromVersion} to ${toVersion}, then ran ${installCommand.join(\" \")}${runTests ? ` and passed ${testCommand.join(\" \")}` : \"\"}.${dedupeNote}${dependencyTraceSuffix}`,\n };\n });\n },\n});","import { execa } from \"execa\";\nimport {\n resolveWhyCommand,\n type PackageManager,\n} from \"../../../platform/package-manager/index.js\";\n\nexport interface RawPackageJson {\n overrides?: Record<string, string>;\n resolutions?: Record<string, string>;\n pnpm?: {\n overrides?: Record<string, string>;\n [key: string]: unknown;\n };\n [key: string]: unknown;\n}\n\nexport interface WhyConstraints {\n workspace?: string;\n}\n\nexport async function collectDependencyTrace(\n cwd: string,\n pm: PackageManager,\n packageName: string,\n constraints: WhyConstraints\n): Promise<string | undefined> {\n try {\n const whyCommand = resolveWhyCommand(pm, packageName, constraints);\n const [whyCmd, ...whyArgs] = whyCommand;\n const result = await execa(whyCmd, whyArgs, {\n cwd,\n stdio: \"pipe\",\n reject: false,\n });\n\n const output = [result.stdout, result.stderr]\n .filter(Boolean)\n .join(\"\\n\")\n .split(\"\\n\")\n .map((line) => line.trim())\n .filter(Boolean);\n\n if (output.length === 0) return undefined;\n return output.slice(0, 3).join(\" | \");\n } catch {\n return undefined;\n }\n}\n\nexport function describeOverrideField(packageManager: PackageManager): string {\n if (packageManager === \"npm\") return \"overrides\";\n if (packageManager === \"pnpm\") return \"pnpm.overrides\";\n return \"resolutions\";\n}\n\nexport function getOverrideValue(\n pkgJson: RawPackageJson,\n packageManager: PackageManager,\n packageName: string\n): string | undefined {\n if (packageManager === \"npm\") return pkgJson.overrides?.[packageName];\n if (packageManager === \"pnpm\") return pkgJson.pnpm?.overrides?.[packageName];\n return pkgJson.resolutions?.[packageName];\n}\n\nexport function setOverrideValue(\n pkgJson: RawPackageJson,\n packageManager: PackageManager,\n packageName: string,\n version: string\n): void {\n if (packageManager === \"npm\") {\n pkgJson.overrides = { ...(pkgJson.overrides ?? {}), [packageName]: version };\n return;\n }\n\n if (packageManager === \"pnpm\") {\n pkgJson.pnpm = {\n ...(pkgJson.pnpm ?? {}),\n overrides: {\n ...(pkgJson.pnpm?.overrides ?? {}),\n [packageName]: version,\n },\n };\n return;\n }\n\n pkgJson.resolutions = { ...(pkgJson.resolutions ?? {}), [packageName]: version };\n}\n\nexport function restoreOverrideValue(\n pkgJson: RawPackageJson,\n packageManager: PackageManager,\n packageName: string,\n previousValue?: string\n): void {\n if (packageManager === \"npm\") {\n pkgJson.overrides = restoreRecord(pkgJson.overrides, packageName, previousValue);\n return;\n }\n\n if (packageManager === \"pnpm\") {\n pkgJson.pnpm = {\n ...(pkgJson.pnpm ?? {}),\n overrides: restoreRecord(pkgJson.pnpm?.overrides, packageName, previousValue),\n };\n if (!pkgJson.pnpm.overrides) {\n delete pkgJson.pnpm.overrides;\n }\n if (Object.keys(pkgJson.pnpm).length === 0) {\n delete pkgJson.pnpm;\n }\n return;\n }\n\n pkgJson.resolutions = restoreRecord(pkgJson.resolutions, packageName, previousValue);\n}\n\nfunction restoreRecord(\n record: Record<string, string> | undefined,\n key: string,\n previousValue?: string\n): Record<string, string> | undefined {\n const nextRecord = { ...(record ?? {}) };\n\n if (previousValue === undefined) {\n delete nextRecord[key];\n } else {\n nextRecord[key] = previousValue;\n }\n\n return Object.keys(nextRecord).length > 0 ? nextRecord : undefined;\n}","import { resolveSafeUpgradeVersion } from \"../../intelligence/sources/registry.js\";\nimport { applyVersionBumpTool } from \"../tools/apply-version-bump.js\";\nimport { applyPackageOverrideTool } from \"../tools/apply-package-override/index.js\";\nimport type { PatchResult, VulnerablePackage } from \"../../platform/types.js\";\n\nexport async function resolvePrimaryResult(params: {\n vulnerable: VulnerablePackage;\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n policy: string;\n runTests: boolean;\n constraints: {\n directDependenciesOnly?: boolean;\n preferVersionBump?: boolean;\n installMode?: \"standard\" | \"prefer-offline\" | \"deterministic\";\n installPreferOffline?: boolean;\n enforceFrozenLockfile?: boolean;\n workspace?: string;\n };\n}): Promise<{ result: PatchResult; steps: number }> {\n const { vulnerable, cwd, packageManager, dryRun, policy, runTests, constraints } = params;\n const pkg = vulnerable.installed;\n const firstPatchedVersion = vulnerable.affected.firstPatchedVersion;\n\n if (pkg.type === \"indirect\") {\n if (constraints.directDependenciesOnly) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"constraint-blocked\",\n message: `Constraint blocked remediation for indirect dependency \"${pkg.name}\".`,\n },\n };\n }\n\n if (constraints.preferVersionBump) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"constraint-blocked\",\n message: `Constraint prefers version-bump and rejected override remediation for \"${pkg.name}\".`,\n },\n };\n }\n\n if (!firstPatchedVersion) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No firstPatchedVersion available for ${pkg.name}; cannot resolve deterministic override in local mode.`,\n },\n };\n }\n\n const safeUpgrade = await resolveSafeUpgradeVersion(\n pkg.name,\n pkg.version,\n firstPatchedVersion,\n vulnerable.affected.vulnerableRange\n );\n\n if (!safeUpgrade.safeVersion) {\n return {\n steps: 1,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No safe override version found for ${pkg.name}.`,\n },\n };\n }\n\n const overrideResult = (await (applyPackageOverrideTool as any).execute({\n cwd,\n packageManager,\n packageName: pkg.name,\n fromVersion: pkg.version,\n toVersion: safeUpgrade.safeVersion,\n dryRun,\n policy,\n runTests,\n installMode: constraints.installMode,\n installPreferOffline: constraints.installPreferOffline,\n enforceFrozenLockfile: constraints.enforceFrozenLockfile,\n workspace: constraints.workspace,\n })) as PatchResult;\n\n return {\n steps: 2,\n result: overrideResult,\n };\n }\n\n if (!firstPatchedVersion) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No firstPatchedVersion available for ${pkg.name}; cannot resolve deterministic upgrade in local mode.`,\n },\n };\n }\n\n const safeUpgrade = await resolveSafeUpgradeVersion(\n pkg.name,\n pkg.version,\n firstPatchedVersion,\n vulnerable.affected.vulnerableRange\n );\n\n if (!safeUpgrade.safeVersion) {\n return {\n steps: 1,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No safe upgrade version found for ${pkg.name}.`,\n },\n };\n }\n\n const applyResult = (await (applyVersionBumpTool as any).execute({\n cwd,\n packageManager,\n packageName: pkg.name,\n fromVersion: pkg.version,\n toVersion: safeUpgrade.safeVersion,\n dryRun,\n policy,\n runTests,\n installMode: constraints.installMode,\n installPreferOffline: constraints.installPreferOffline,\n enforceFrozenLockfile: constraints.enforceFrozenLockfile,\n workspace: constraints.workspace,\n })) as PatchResult;\n\n return {\n steps: 2,\n result: applyResult,\n };\n}\n","/**\n * Tool: fetch-package-source\n *\n * Downloads a package tarball from npm registry and extracts source files for CVE analysis.\n * Uses Node.js fetch API to download and execa to extract tar archives.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { mkdir, readdir, readFile, rm } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\n\n/**\n * Interface for the tool's return value.\n */\ninterface FetchPackageSourceResult {\n success: boolean;\n sourceFiles?: Record<string, string>;\n packageDir?: string;\n error?: string;\n}\n\nexport const fetchPackageSourceTool = tool({\n description:\n \"Download package tarball from npm and extract source files for CVE analysis. Supports custom file patterns (default: *.js, *.ts).\",\n parameters: z.object({\n packageName: z\n .string()\n .min(1)\n .describe(\"The npm package name (e.g., 'lodash', '@scope/package')\"),\n version: z\n .string()\n .regex(/^\\d+\\.\\d+\\.\\d+/, \"Must be a valid semver version\")\n .describe(\"Exact package version to download\"),\n filePatterns: z\n .array(z.string())\n .optional()\n .default([\"*.js\", \"*.ts\"])\n .describe(\n \"File patterns to extract (glob patterns, default: *.js, *.ts)\"\n ),\n }),\n execute: async ({\n packageName,\n version,\n filePatterns,\n }): Promise<FetchPackageSourceResult> => {\n const tempBaseDir = `/tmp/autoremediator-pkg-${Date.now()}`;\n const extractDir = join(tempBaseDir, \"out\");\n\n try {\n // Step 1: Construct npm registry URL and download tarball\n const npmUrl = `https://registry.npmjs.org/${packageName}/-/${packageName.split(\"/\").pop()}-${version}.tgz`;\n\n // Create temp directory\n await mkdir(tempBaseDir, { recursive: true });\n\n // Download tarball using curl (reliable method)\n const tarballPath = join(tempBaseDir, \"package.tgz\");\n await execa(\"curl\", [\"-L\", \"-o\", tarballPath, npmUrl]);\n\n // Step 2: Extract tar.gz\n await mkdir(extractDir, { recursive: true });\n await execa(\"tar\", [\"-xzf\", tarballPath, \"-C\", extractDir]);\n\n // Step 3: Discover package root (tar extracts to 'package/' subdirectory)\n const extractedContents = await readdir(extractDir);\n const packageRootDir = extractedContents.includes(\"package\")\n ? join(extractDir, \"package\")\n : extractDir;\n\n // Step 4: Recursively find and read matching source files\n const sourceCode: Record<string, string> = {};\n\n async function walkDir(dir: string, relativeBase: string): Promise<void> {\n try {\n const files = await readdir(dir, { withFileTypes: true });\n\n for (const file of files) {\n const fullPath = join(dir, file.name);\n const relPath = join(relativeBase, file.name);\n\n if (file.isDirectory()) {\n // Skip common non-source directories\n if (\n ![\n \"node_modules\",\n \".git\",\n \"dist\",\n \"build\",\n \"coverage\",\n \".next\",\n \"out\",\n ]\n .includes(file.name)\n ) {\n await walkDir(fullPath, relPath);\n }\n } else if (file.isFile()) {\n // Check if file matches any pattern\n const matches = filePatterns!.some((pattern) => {\n const regex = new RegExp(\n `^${pattern.replace(/\\*/g, \".*\").replace(/\\./g, \"\\\\.\")}$`\n );\n return regex.test(file.name);\n });\n\n if (matches) {\n try {\n const content = await readFile(fullPath, \"utf8\");\n sourceCode[relPath] = content;\n } catch {\n // Skip files that can't be read as UTF-8\n }\n }\n }\n }\n } catch {\n // Skip directories that can't be read\n }\n }\n\n await walkDir(packageRootDir, \"\");\n\n if (Object.keys(sourceCode).length === 0) {\n return {\n success: false,\n error: `No source files matching patterns [${filePatterns!.join(\", \")}] found in ${packageName}@${version}. Download succeeded but extraction yielded no matching files.`,\n };\n }\n\n return {\n success: true,\n sourceFiles: sourceCode,\n packageDir: packageRootDir,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n\n // Check if it's a 404 from npm\n if (message.includes(\"404\") || message.includes(\"not found\")) {\n return {\n success: false,\n error: `Package ${packageName}@${version} not found on npm registry. It may not exist or the version may be incorrect.`,\n };\n }\n\n return {\n success: false,\n error: `Failed to fetch and extract package ${packageName}@${version}: ${message}`,\n };\n } finally {\n await rm(tempBaseDir, { recursive: true, force: true });\n }\n },\n});\n","/**\n * Tool: generate-patch\n *\n * Calls the LLM to analyze vulnerable source code and generate a unified diff patch.\n * Parses LLM response and validates patch format.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { generateText } from \"ai\";\nimport {\n createModel,\n estimateModelCostUsd,\n getPatchConfidenceThreshold,\n resolveProvider,\n} from \"../../../platform/config.js\";\nimport { buildPatchPrompt } from \"../../strategies/patch-synthesis-prompt.js\";\nimport {\n buildGeneratedPatches,\n isValidLlmAnalysis,\n parseLlmAnalysisResponse,\n type GeneratedPatch,\n} from \"./helpers.js\";\n\n/**\n * Result from the patch generation tool.\n */\ninterface GeneratePatchResult {\n success: boolean;\n patches?: GeneratedPatch[];\n patchContent?: string;\n llmProvider: \"remote\" | \"local\";\n llmModel: string;\n latencyMs?: number;\n estimatedCostUsd?: number;\n confidence: number;\n riskLevel: \"low\" | \"medium\" | \"high\";\n confidenceThreshold?: number;\n error?: string;\n}\n\nexport const generatePatchTool = tool({\n description:\n \"Generate a unified diff patch for a CVE using LLM analysis of vulnerable source code.\",\n parameters: z.object({\n packageName: z.string().min(1).describe(\"The npm package name\"),\n vulnerableVersion: z\n .string()\n .describe(\"The vulnerable version string\"),\n cveId: z\n .string()\n .regex(/^CVE-\\d{4}-\\d+$/i)\n .describe(\"CVE ID (e.g., CVE-2021-23337)\"),\n cveSummary: z.string().min(10).describe(\"CVE description and impact\"),\n sourceFiles: z\n .record(z.string())\n .describe(\n \"Map of file paths to source code contents from fetch-package-source\"\n ),\n vulnerabilityCategory: z\n .enum([\"redos\", \"code-injection\", \"path-traversal\", \"unknown\"])\n .optional()\n .default(\"unknown\")\n .describe(\"Category of the vulnerability for better context\"),\n dryRun: z\n .boolean()\n .optional()\n .default(false)\n .describe(\"If true, return analysis without generating patches\"),\n llmProvider: z\n .enum([\"remote\", \"local\"])\n .optional()\n .describe(\"Optional provider override for patch generation\"),\n model: z\n .string()\n .optional()\n .describe(\"Optional model override for patch generation\"),\n policy: z\n .string()\n .optional()\n .describe(\"Optional policy file path for model default resolution\"),\n cwd: z\n .string()\n .optional()\n .describe(\"Optional working directory for policy/model resolution\"),\n providerSafetyProfile: z\n .enum([\"strict\", \"relaxed\"])\n .optional()\n .describe(\"Confidence threshold profile for patch acceptance\"),\n patchConfidenceThresholds: z\n .object({\n low: z.number().min(0).max(1).optional(),\n medium: z.number().min(0).max(1).optional(),\n high: z.number().min(0).max(1).optional(),\n })\n .optional()\n .describe(\"Optional per-risk confidence thresholds for patch acceptance\"),\n dynamicModelRouting: z\n .boolean()\n .optional()\n .describe(\"Enable dynamic model routing by input size\"),\n dynamicRoutingThresholdChars: z\n .number()\n .int()\n .positive()\n .optional()\n .describe(\"Threshold for dynamic model routing\"),\n modelPersonality: z\n .enum([\"analytical\", \"pragmatic\", \"balanced\"])\n .optional()\n .describe(\"Prompt personality for patch-generation guidance\"),\n }),\n execute: async ({\n packageName,\n vulnerableVersion,\n cveId,\n cveSummary,\n sourceFiles,\n vulnerabilityCategory,\n dryRun,\n llmProvider,\n model,\n policy,\n cwd,\n providerSafetyProfile,\n patchConfidenceThresholds,\n dynamicModelRouting,\n dynamicRoutingThresholdChars,\n modelPersonality,\n }): Promise<GeneratePatchResult> => {\n try {\n const resolvedSourceFiles = sourceFiles;\n const effectiveOptions = {\n llmProvider,\n model,\n policy,\n cwd,\n providerSafetyProfile,\n dynamicModelRouting,\n dynamicRoutingThresholdChars,\n modelPersonality,\n };\n const provider = resolveProvider(effectiveOptions);\n if (Object.keys(resolvedSourceFiles).length === 0) {\n return {\n success: false,\n llmProvider: provider,\n llmModel: \"unknown\",\n confidence: 0,\n riskLevel: \"high\",\n error: \"No source files were provided. Call fetch-package-source first and pass sourceFiles.\",\n };\n }\n\n const inputChars = JSON.stringify(resolvedSourceFiles).length + cveSummary.length;\n const modelInstance = await createModel(effectiveOptions, { inputChars });\n const modelName = modelInstance.modelId || \"unknown-model\";\n\n const prompt = buildPatchPrompt({\n cveId,\n packageName,\n vulnerableVersion,\n vulnerabilityCategory,\n cveSummary,\n sourceFiles: resolvedSourceFiles,\n modelPersonality,\n });\n\n const started = Date.now();\n const { text } = await generateText({\n model: modelInstance,\n prompt,\n temperature: 0.3,\n });\n const latencyMs = Date.now() - started;\n\n const parsed = parseLlmAnalysisResponse(text);\n if (!parsed.ok) {\n return {\n success: false,\n llmProvider: provider,\n llmModel: modelName,\n confidence: 0,\n riskLevel: \"high\",\n latencyMs,\n error: `Failed to parse LLM response: ${parsed.error}`,\n };\n }\n const analysis = parsed.analysis;\n\n if (!isValidLlmAnalysis(analysis)) {\n return {\n success: false,\n llmProvider: provider,\n llmModel: modelName,\n confidence: 0,\n riskLevel: \"high\",\n latencyMs,\n error: \"LLM response missing required fields (analysis, fixedCode, confidence, riskLevel)\",\n };\n }\n\n const confidenceThreshold = getPatchConfidenceThreshold(\n provider,\n providerSafetyProfile ?? \"relaxed\",\n analysis.riskLevel,\n patchConfidenceThresholds\n );\n const estimatedCostUsd = estimateModelCostUsd({\n provider,\n promptChars: prompt.length,\n completionChars: text.length,\n });\n\n if (dryRun) {\n return {\n success: true,\n llmProvider: provider,\n llmModel: modelName,\n latencyMs,\n estimatedCostUsd,\n confidenceThreshold,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n };\n }\n\n const patches = buildGeneratedPatches(resolvedSourceFiles, analysis.fixedCode);\n\n if (patches.length === 0) {\n return {\n success: false,\n llmProvider: provider,\n llmModel: modelName,\n latencyMs,\n estimatedCostUsd,\n confidenceThreshold,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n error: \"No valid patches could be generated from LLM response\",\n };\n }\n\n return {\n success: true,\n patches,\n patchContent: patches[0]?.unifiedDiff,\n llmProvider: provider,\n llmModel: modelName,\n latencyMs,\n estimatedCostUsd,\n confidenceThreshold,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n return {\n success: false,\n llmProvider: \"local\",\n llmModel: \"unknown\",\n confidence: 0,\n riskLevel: \"high\",\n error: `Patch generation failed: ${message}`,\n };\n }\n },\n});","export interface BuildPatchPromptParams {\n cveId: string;\n packageName: string;\n vulnerableVersion: string;\n vulnerabilityCategory: string;\n cveSummary: string;\n sourceFiles: Record<string, string>;\n modelPersonality: string | undefined;\n}\n\nconst VULNERABILITY_DESCRIPTIONS: Record<string, string> = {\n redos:\n \"Regular Expression Denial of Service (ReDoS): The vulnerability is caused by poorly constructed regular expressions that cause excessive backtracking when processing certain inputs. The fix should optimize the regex to avoid catastrophic backtracking or replace it with a safer alternative.\",\n \"code-injection\":\n \"Code Injection: The vulnerability allows injected code to be executed. The fix must properly sanitize/validate inputs and prevent dynamic code execution, or use safe alternatives like template literals with proper escaping.\",\n \"path-traversal\":\n \"Path Traversal: The vulnerability allows access to files outside intended directories through path traversal sequences (../, etc.). The fix must validate and normalize file paths, use path.resolve() and path.relative() checks.\",\n unknown:\n \"Unknown vulnerability type: Analyze the CVE summary carefully and implement the most appropriate fix for the security issue described.\",\n};\n\nexport function buildPatchPrompt(params: BuildPatchPromptParams): string {\n const {\n cveId,\n packageName,\n vulnerableVersion,\n vulnerabilityCategory,\n cveSummary,\n sourceFiles,\n modelPersonality,\n } = params;\n\n const sourceContext = Object.entries(sourceFiles)\n .map(([filePath, content]) => `\\n### File: ${filePath}\\n\\`\\`\\`typescript\\n${content}\\n\\`\\`\\``)\n .join(\"\\n\");\n\n const vulnerabilityContext =\n VULNERABILITY_DESCRIPTIONS[vulnerabilityCategory] ||\n VULNERABILITY_DESCRIPTIONS.unknown;\n\n const personalityDirective =\n modelPersonality === \"analytical\"\n ? \"Provide concise analysis with explicit risk tradeoffs.\"\n : modelPersonality === \"pragmatic\"\n ? \"Prioritize minimal, safe changes with low operational risk.\"\n : \"Balance analytical explanation with practical remediation.\";\n\n return `You are a security expert tasked with analyzing a CVE vulnerability and generating a secure patch.\n\n## CVE Information\n- CVE ID: ${cveId}\n- Package: ${packageName}@${vulnerableVersion}\n- Category: ${vulnerabilityCategory}\n\n## Vulnerability Summary\n${cveSummary}\n\n## Vulnerability Type Context\n${vulnerabilityContext}\n\n## Model Behavior\n${personalityDirective}\n\n## Vulnerable Source Code\n${sourceContext}\n\n## Your Task\nAnalyze the source code to:\n1. Identify the exact code location causing the vulnerability\n2. Explain the root cause of the security issue\n3. Propose a secure fix that addresses the vulnerability\n4. Provide the complete fixed version of affected files\n\n## Response Format\nRespond ONLY with valid JSON (no markdown, no extra text):\n{\n \"analysis\": \"Detailed explanation of the vulnerability root cause and why it's a security issue\",\n \"fixedCode\": {\n \"path/to/file.js\": \"Complete fixed source code for this file\",\n \"path/to/other.ts\": \"Complete fixed source code for this file\"\n },\n \"confidence\": 0.95,\n \"riskLevel\": \"medium\"\n}\n\nImportant:\n- confidence: number between 0 and 1 indicating how confident you are in the fix\n- riskLevel: \"low\", \"medium\", or \"high\" - assess the risk of the proposed fix breaking functionality\n- fixedCode: must contain the COMPLETE file contents (not just diffs), with the vulnerability addressed\n- Only include files that need modification`;\n}","/**\n * Represents a single generated patch file.\n */\nexport interface GeneratedPatch {\n filePath: string;\n unifiedDiff: string;\n}\n\n/**\n * LLM analysis response schema.\n */\nexport interface LlmAnalysis {\n analysis: string;\n fixedCode: Record<string, string>;\n confidence: number;\n riskLevel: \"low\" | \"medium\" | \"high\";\n}\n\nexport function parseLlmAnalysisResponse(text: string):\n | { ok: true; analysis: LlmAnalysis }\n | { ok: false; error: string } {\n try {\n const jsonMatch = text.match(/\\{[\\s\\S]*\\}/);\n if (!jsonMatch) {\n return { ok: false, error: \"No JSON found in LLM response\" };\n }\n return { ok: true, analysis: JSON.parse(jsonMatch[0]) as LlmAnalysis };\n } catch (error) {\n const message = error instanceof Error ? error.message : \"unknown error\";\n return { ok: false, error: message };\n }\n}\n\nexport function isValidLlmAnalysis(analysis: LlmAnalysis): boolean {\n return Boolean(\n analysis.analysis &&\n analysis.fixedCode &&\n typeof analysis.confidence === \"number\" &&\n [\"low\", \"medium\", \"high\"].includes(analysis.riskLevel)\n );\n}\n\nexport function buildGeneratedPatches(\n sourceFiles: Record<string, string>,\n fixedCodeByFile: Record<string, string>\n): GeneratedPatch[] {\n const patches: GeneratedPatch[] = [];\n\n for (const [filePath, fixedCode] of Object.entries(fixedCodeByFile)) {\n const sourceFile = sourceFiles[filePath];\n if (!sourceFile) {\n continue;\n }\n\n const unifiedDiff = generateUnifiedDiff(sourceFile, fixedCode, filePath);\n if (unifiedDiff) {\n patches.push({ filePath, unifiedDiff });\n }\n }\n\n return patches;\n}\n\n/**\n * Generate a unified diff between two strings.\n * Returns a unified diff format or null if there are no differences.\n */\nexport function generateUnifiedDiff(\n original: string,\n fixed: string,\n filePath: string\n): string | null {\n if (original === fixed) {\n return null;\n }\n\n const originalLines = original.split(\"\\n\");\n const fixedLines = fixed.split(\"\\n\");\n\n const diff: string[] = [];\n diff.push(`--- a/${filePath}`);\n diff.push(`+++ b/${filePath}`);\n diff.push(`@@ -1,${originalLines.length} +1,${fixedLines.length} @@`);\n\n const maxLen = Math.max(originalLines.length, fixedLines.length);\n\n for (let i = 0; i < maxLen; i++) {\n const origLine = originalLines[i] || \"\";\n const fixedLine = fixedLines[i] || \"\";\n\n if (origLine !== fixedLine) {\n if (origLine) {\n diff.push(`-${origLine}`);\n }\n if (fixedLine) {\n diff.push(`+${fixedLine}`);\n }\n } else if (origLine) {\n diff.push(` ${origLine}`);\n }\n }\n\n return diff.join(\"\\n\");\n}","/**\n * Tool: apply-patch-file\n *\n * Writes generated patch files to disk and applies them using package-manager-aware\n * patch mechanisms (native pnpm/yarn when available, patch-package compatibility otherwise).\n * Optionally validates patches by running tests.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { mkdir, writeFile } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport {\n detectPackageManager,\n getYarnMajorVersion,\n resolveInstallCommand,\n resolveTestCommand,\n type PackageManager,\n} from \"../../../platform/package-manager/index.js\";\nimport { withRepoLock } from \"../../../platform/repo-lock.js\";\nimport { loadPolicy } from \"../../../platform/policy.js\";\nimport { validatePatchDiff } from \"../../strategies/patch-utils.js\";\nimport type {\n PatchArtifact,\n PatchMode,\n PatchValidationPhase,\n} from \"../../../platform/types.js\";\nimport {\n applyNativePatch,\n buildPatchFileName,\n capturePackageJsonSnapshot,\n cleanupPatchArtifacts,\n configurePatchPackagePostinstall,\n countPatchHunks,\n extractPatchedFiles,\n patchModeRequiresPackageJsonSnapshot,\n resolvePatchMode,\n validatePatchWithTests,\n writePatchManifest,\n type ValidationResult,\n} from \"./helpers.js\";\n\ninterface ApplyPatchFileResult {\n success: boolean;\n packageName: string;\n vulnerableVersion: string;\n applied: boolean;\n dryRun: boolean;\n message: string;\n patchFilePath?: string;\n manifestFilePath?: string;\n patchPath?: string;\n patchMode?: PatchMode;\n postinstallConfigured?: boolean;\n patchArtifact?: PatchArtifact;\n validation?: ValidationResult;\n validationPhases?: PatchValidationPhase[];\n error?: string;\n}\n\nexport const applyPatchFileTool = tool({\n description:\n \"Write generated patch file and apply it using package-manager-native patch flow when available, falling back to patch-package when needed.\",\n parameters: z.object({\n packageName: z.string().min(1).describe(\"The npm package name\"),\n vulnerableVersion: z\n .string()\n .describe(\"The vulnerable version string\"),\n patchContent: z\n .string()\n .min(10)\n .optional()\n .describe(\"Unified diff patch content from generate-patch\"),\n cveId: z.string().optional().describe(\"Optional CVE ID associated with this patch artifact\"),\n confidence: z.number().min(0).max(1).optional().describe(\"Optional patch confidence score from generate-patch\"),\n riskLevel: z.enum([\"low\", \"medium\", \"high\"]).optional().describe(\"Optional risk level from generate-patch\"),\n patches: z\n .array(\n z.object({\n filePath: z.string().min(1),\n unifiedDiff: z.string().min(10),\n })\n )\n .optional()\n .describe(\"Patch list from generate-patch; first patch is applied\"),\n patchesDir: z\n .string()\n .optional()\n .default(\"./patches\")\n .describe(\"Directory to store patch files\"),\n cwd: z.string().describe(\"Project root directory (for package.json)\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n policy: z.string().optional().describe(\"Optional path to .autoremediator policy file\"),\n installMode: z.enum([\"standard\", \"prefer-offline\", \"deterministic\"]).optional(),\n installPreferOffline: z.boolean().optional(),\n enforceFrozenLockfile: z.boolean().optional(),\n workspace: z.string().optional(),\n validateWithTests: z\n .boolean()\n .optional()\n .default(true)\n .describe(\"Run package manager test command to validate patch doesn't break anything\"),\n dryRun: z.boolean().optional().default(false).describe(\"If true, report but do not mutate files\"),\n }).refine((value) => Boolean(value.patchContent || (value.patches && value.patches.length > 0)), {\n message: \"Either patchContent or patches must be provided\",\n }),\n execute: async ({\n packageName,\n vulnerableVersion,\n patchContent,\n cveId,\n confidence,\n patches,\n patchesDir,\n cwd,\n packageManager,\n policy,\n installMode,\n installPreferOffline,\n enforceFrozenLockfile,\n workspace,\n riskLevel,\n validateWithTests,\n dryRun,\n }): Promise<ApplyPatchFileResult> => {\n try {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const loadedPolicy = loadPolicy(cwd, policy);\n const commandConstraints = {\n ...loadedPolicy.constraints,\n installMode: installMode ?? loadedPolicy.constraints?.installMode,\n installPreferOffline: installPreferOffline ?? loadedPolicy.constraints?.installPreferOffline,\n enforceFrozenLockfile: enforceFrozenLockfile ?? loadedPolicy.constraints?.enforceFrozenLockfile,\n workspace: workspace ?? loadedPolicy.constraints?.workspace,\n };\n const yarnMajor = pm === \"yarn\" ? await getYarnMajorVersion(cwd) : undefined;\n const installCommand = resolveInstallCommand(pm, commandConstraints, yarnMajor);\n const testCommand = resolveTestCommand(pm, commandConstraints);\n const selectedPatch = patchContent ?? patches?.[0]?.unifiedDiff;\n const patchFiles = extractPatchedFiles(selectedPatch ?? \"\");\n const hunkCount = countPatchHunks(selectedPatch ?? \"\");\n const validationPhases: PatchValidationPhase[] = [];\n\n if (!selectedPatch) {\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: \"No patch content provided.\",\n error: \"No patch content provided.\",\n };\n }\n\n const patchValidation = validatePatchDiff(selectedPatch);\n validationPhases.push({\n phase: \"diff-format\",\n passed: patchValidation.valid,\n error: patchValidation.valid ? undefined : patchValidation.error,\n message: patchValidation.valid ? \"Patch content is a valid unified diff.\" : undefined,\n });\n\n if (!patchValidation.valid) {\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: patchValidation.error ?? \"Patch content is not a valid unified diff.\",\n validationPhases,\n error: patchValidation.error ?? \"Patch content is not a valid unified diff.\",\n };\n }\n\n const patchFileName = buildPatchFileName(packageName, vulnerableVersion);\n const patchFilePath = join(cwd, patchesDir, patchFileName);\n const manifestFilePath = `${patchFilePath}.json`;\n const generatedAt = new Date().toISOString();\n const baseArtifact: PatchArtifact = {\n schemaVersion: \"1.0\",\n cveId,\n packageName,\n vulnerableVersion,\n patchFilePath,\n manifestFilePath,\n patchFileName,\n patchesDir,\n confidence,\n riskLevel,\n generatedAt,\n files: patchFiles,\n hunkCount,\n applied: false,\n dryRun,\n validationPhases,\n };\n\n if (dryRun) {\n return {\n success: true,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would write and configure patch at ${patchFilePath}.`,\n patchFilePath,\n manifestFilePath,\n patchPath: patchFilePath,\n patchArtifact: baseArtifact,\n validationPhases,\n };\n }\n\n return withRepoLock(cwd, async () => {\n const packageJsonSnapshot =\n patchModeRequiresPackageJsonSnapshot(pm)\n ? await capturePackageJsonSnapshot(cwd)\n : undefined;\n\n const patchesDirPath = join(cwd, patchesDir);\n await mkdir(patchesDirPath, { recursive: true });\n\n await writeFile(patchFilePath, selectedPatch, \"utf8\");\n validationPhases.push({\n phase: \"patch-write\",\n passed: true,\n message: `Patch file written to ${patchFilePath}.`,\n });\n\n let validationResult: ValidationResult | undefined;\n const patchMode = await resolvePatchMode(pm, cwd);\n const artifact: PatchArtifact = {\n ...baseArtifact,\n patchMode,\n validationPhases,\n };\n\n await writePatchManifest(manifestFilePath, artifact);\n validationPhases.push({\n phase: \"manifest-write\",\n passed: true,\n message: `Patch manifest written to ${manifestFilePath}.`,\n });\n artifact.validationPhases = validationPhases;\n await writePatchManifest(manifestFilePath, artifact);\n\n const applyResult =\n patchMode === \"patch-package\"\n ? await configurePatchPackagePostinstall(cwd, pm)\n : await applyNativePatch({\n cwd,\n packageName,\n vulnerableVersion,\n patchContent: selectedPatch,\n patchMode,\n validationPhases,\n });\n\n if (!applyResult.success) {\n await cleanupPatchArtifacts({\n cwd,\n patchFilePath,\n manifestFilePath,\n patchMode,\n packageJsonSnapshot,\n installCommand,\n rerunInstall: patchMode === \"patch-package\",\n });\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: applyResult.error,\n patchFilePath,\n manifestFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\" ? false : undefined,\n patchArtifact: {\n ...artifact,\n applied: false,\n validationPhases,\n },\n validationPhases,\n error: applyResult.error,\n };\n }\n\n validationPhases.push({\n phase: \"apply\",\n passed: true,\n message: `Patch applied using ${patchMode}.`,\n });\n\n if (patchMode === \"patch-package\") {\n try {\n const [installCmd, ...installArgs] = installCommand;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n validationPhases.push({\n phase: \"install\",\n passed: true,\n message: `${installCommand.join(\" \")} completed successfully.`,\n });\n } catch (err) {\n await cleanupPatchArtifacts({\n cwd,\n patchFilePath,\n manifestFilePath,\n patchMode,\n packageJsonSnapshot,\n installCommand,\n rerunInstall: true,\n });\n const error = err instanceof Error ? err.message : String(err);\n validationPhases.push({\n phase: \"install\",\n passed: false,\n error,\n });\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: `Failed to apply patch-package workflow for ${packageName}@${vulnerableVersion}: ${error}`,\n patchFilePath,\n manifestFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: false,\n patchArtifact: {\n ...artifact,\n applied: false,\n validationPhases,\n },\n validationPhases,\n error: `Failed to apply patch-package workflow for ${packageName}@${vulnerableVersion}: ${error}`,\n };\n }\n }\n\n if (validateWithTests) {\n validationResult = await validatePatchWithTests(cwd, testCommand);\n if (!validationResult.passed) {\n await cleanupPatchArtifacts({\n cwd,\n patchFilePath,\n manifestFilePath,\n patchMode,\n packageJsonSnapshot,\n installCommand,\n rerunInstall: patchMode === \"patch-package\",\n });\n const validationError = \"Patch validation failed after apply; patch marked unresolved.\";\n validationPhases.push({\n phase: \"test\",\n passed: false,\n error: validationResult.error,\n });\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: validationError,\n patchFilePath,\n manifestFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: false,\n patchArtifact: {\n ...artifact,\n applied: false,\n validationPhases,\n },\n validation: validationResult,\n validationPhases,\n error: validationError,\n };\n }\n\n validationPhases.push({\n phase: \"test\",\n passed: true,\n message: \"Patch validation tests passed.\",\n });\n }\n\n const finalArtifact: PatchArtifact = {\n ...artifact,\n applied: true,\n dryRun: false,\n validationPhases,\n };\n await writePatchManifest(manifestFilePath, finalArtifact);\n\n return {\n success: true,\n packageName,\n vulnerableVersion,\n applied: true,\n dryRun: false,\n message: `Patch applied successfully for ${packageName}@${vulnerableVersion}.`,\n patchFilePath,\n manifestFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\",\n patchArtifact: finalArtifact,\n validation: validationResult,\n validationPhases,\n };\n });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: `Failed to apply patch file: ${message}`,\n error: `Failed to apply patch file: ${message}`,\n };\n }\n },\n});","import { existsSync } from \"node:fs\";\nimport { mkdtemp, readFile, rm, writeFile } from \"node:fs/promises\";\nimport { tmpdir } from \"node:os\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport {\n getPackageManagerCommands,\n getYarnMajorVersion,\n type PackageManager,\n} from \"../../../platform/package-manager/index.js\";\nimport type {\n PatchArtifact,\n PatchMode,\n PatchValidationPhase,\n} from \"../../../platform/types.js\";\n\nexport interface ValidationResult {\n passed: boolean;\n error?: string;\n output?: string;\n failedTests?: string[];\n}\n\nexport interface RawPackageJson {\n devDependencies?: Record<string, string>;\n scripts?: Record<string, string>;\n [key: string]: unknown;\n}\n\nexport interface PackageJsonSnapshot {\n path: string;\n content: string;\n}\n\nexport async function resolvePatchMode(packageManager: PackageManager, cwd: string): Promise<PatchMode> {\n if (packageManager === \"npm\") return \"patch-package\";\n if (packageManager === \"pnpm\") return \"native-pnpm\";\n\n const major = await getYarnMajorVersion(cwd);\n return major >= 2 ? \"native-yarn\" : \"patch-package\";\n}\n\nexport function patchModeRequiresPackageJsonSnapshot(packageManager: PackageManager): boolean {\n if (packageManager === \"npm\") return true;\n if (packageManager === \"pnpm\") return false;\n return true;\n}\n\nexport function buildPatchFileName(packageName: string, vulnerableVersion: string): string {\n const safeName = packageName.replace(/^@/, \"\").replace(/\\//g, \"+\");\n return `${safeName}+${vulnerableVersion}.patch`;\n}\n\nexport function extractPatchedFiles(patchContent: string): string[] {\n return Array.from(\n new Set(\n patchContent\n .split(/\\r?\\n/)\n .filter((line) => line.startsWith(\"+++ b/\"))\n .map((line) => line.slice(\"+++ b/\".length))\n )\n );\n}\n\nexport function countPatchHunks(patchContent: string): number {\n return patchContent\n .split(/\\r?\\n/)\n .filter((line) => line.startsWith(\"@@ \")).length;\n}\n\nexport async function writePatchManifest(manifestFilePath: string, artifact: PatchArtifact): Promise<void> {\n await writeFile(manifestFilePath, JSON.stringify(artifact, null, 2) + \"\\n\", \"utf8\");\n}\n\nexport async function configurePatchPackagePostinstall(\n cwd: string,\n packageManager: PackageManager\n): Promise<{ success: true } | { success: false; error: string }> {\n const pkgJsonPath = join(cwd, \"package.json\");\n let pkgJson: RawPackageJson;\n\n try {\n pkgJson = JSON.parse(await readFile(pkgJsonPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n success: false,\n error: `Could not read package.json at ${pkgJsonPath}`,\n };\n }\n\n const devDependencies = pkgJson.devDependencies ?? {};\n if (!devDependencies[\"patch-package\"]) {\n try {\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.installDev(\"patch-package\");\n await execa(cmd, args, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n return {\n success: false,\n error: `Failed to install patch-package: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n }\n\n if (!pkgJson.scripts) {\n pkgJson.scripts = {};\n }\n\n const patchApplyCmd = \"patch-package\";\n const currentPostinstall = pkgJson.scripts.postinstall || \"\";\n\n if (currentPostinstall && !currentPostinstall.includes(\"patch-package\")) {\n pkgJson.scripts.postinstall = `${currentPostinstall} && ${patchApplyCmd}`;\n } else if (!currentPostinstall) {\n pkgJson.scripts.postinstall = patchApplyCmd;\n }\n\n await writeFile(pkgJsonPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n return { success: true };\n}\n\nexport async function capturePackageJsonSnapshot(cwd: string): Promise<PackageJsonSnapshot | undefined> {\n const path = join(cwd, \"package.json\");\n\n try {\n const content = await readFile(path, \"utf8\");\n return { path, content };\n } catch {\n return undefined;\n }\n}\n\nexport async function cleanupPatchArtifacts(params: {\n cwd: string;\n patchFilePath: string;\n manifestFilePath?: string;\n patchMode: PatchMode;\n packageJsonSnapshot?: PackageJsonSnapshot;\n installCommand: string[];\n rerunInstall: boolean;\n}): Promise<void> {\n const {\n cwd,\n patchFilePath,\n manifestFilePath,\n patchMode,\n packageJsonSnapshot,\n installCommand,\n rerunInstall,\n } = params;\n\n await rm(patchFilePath, { force: true }).catch(() => undefined);\n if (manifestFilePath) {\n await rm(manifestFilePath, { force: true }).catch(() => undefined);\n }\n\n if (patchMode === \"patch-package\" && packageJsonSnapshot) {\n await writeFile(packageJsonSnapshot.path, packageJsonSnapshot.content, \"utf8\").catch(() => undefined);\n }\n\n if (!rerunInstall) return;\n\n try {\n const [installCmd, ...installArgs] = installCommand;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch {\n // Ignore cleanup install failures and preserve the original remediation error.\n }\n}\n\nexport async function applyNativePatch(params: {\n cwd: string;\n packageName: string;\n vulnerableVersion: string;\n patchContent: string;\n patchMode: \"native-pnpm\" | \"native-yarn\";\n validationPhases: PatchValidationPhase[];\n}): Promise<{ success: true } | { success: false; error: string }> {\n const { cwd, packageName, vulnerableVersion, patchContent, patchMode, validationPhases } = params;\n const packageSpec = `${packageName}@${vulnerableVersion}`;\n\n const createCommand = patchMode === \"native-pnpm\" ? \"pnpm\" : \"yarn\";\n const createArgs = [\"patch\", packageSpec];\n\n let patchDir: string;\n try {\n const createResult = await execa(createCommand, createArgs, {\n cwd,\n stdio: \"pipe\",\n });\n patchDir = extractPatchDirectory(`${createResult.stdout}\\n${createResult.stderr}`);\n } catch (err) {\n validationPhases.push({\n phase: \"apply\",\n passed: false,\n error: err instanceof Error ? err.message : String(err),\n });\n return {\n success: false,\n error: `Failed to create native patch workspace for ${packageSpec}: ${\n err instanceof Error ? err.message : String(err)\n }`,\n };\n }\n\n if (!patchDir) {\n validationPhases.push({\n phase: \"apply\",\n passed: false,\n error: `Could not determine native patch directory for ${packageSpec}.`,\n });\n return {\n success: false,\n error: `Could not determine native patch directory for ${packageSpec}.`,\n };\n }\n\n const tempPatchDir = await mkdtemp(join(tmpdir(), \"autoremediator-native-patch-\"));\n const tempPatchFile = join(tempPatchDir, \"change.patch\");\n\n try {\n await writeFile(tempPatchFile, patchContent, \"utf8\");\n await execa(\"patch\", [\"-p1\", \"-i\", tempPatchFile], {\n cwd: patchDir,\n stdio: \"pipe\",\n });\n\n const commitCommand = patchMode === \"native-pnpm\" ? \"pnpm\" : \"yarn\";\n const commitArgs =\n patchMode === \"native-pnpm\"\n ? [\"patch-commit\", patchDir]\n : [\"patch-commit\", \"-s\", patchDir];\n\n await execa(commitCommand, commitArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n validationPhases.push({\n phase: \"apply\",\n passed: false,\n error: err instanceof Error ? err.message : String(err),\n });\n return {\n success: false,\n error: `Failed to apply native patch for ${packageSpec}: ${\n err instanceof Error ? err.message : String(err)\n }`,\n };\n } finally {\n await rm(tempPatchDir, { recursive: true, force: true });\n }\n\n return { success: true };\n}\n\nfunction extractPatchDirectory(output: string): string {\n const lines = output\n .split(/\\r?\\n/)\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n if (existsSync(line)) {\n return line;\n }\n\n const tokens = line.split(/\\s+/).map((token) => token.replace(/^['\"]|['\"]$/g, \"\"));\n for (const token of tokens) {\n if (token.startsWith(\"/\") && existsSync(token)) {\n return token;\n }\n }\n }\n\n return \"\";\n}\n\nexport async function validatePatchWithTests(cwd: string, testCommand: string[]): Promise<ValidationResult> {\n try {\n const [cmd, ...args] = testCommand;\n const result = await execa(cmd, args, {\n cwd,\n timeout: 60000,\n stdio: \"pipe\",\n });\n\n return {\n passed: true,\n output: result.stdout,\n };\n } catch (err) {\n const errorOutput =\n typeof err === \"object\" && err !== null && \"stdout\" in err\n ? String((err as Record<string, unknown>).stdout ?? \"\")\n : \"\";\n const failedTests = extractFailedTests(errorOutput);\n\n return {\n passed: false,\n error:\n failedTests.length > 0\n ? `Failed tests: ${failedTests.join(\", \")}`\n : \"Package-manager test validation failed.\",\n output: errorOutput,\n failedTests,\n };\n }\n}\n\nfunction extractFailedTests(output: string): string[] {\n const failedTests: string[] = [];\n const patterns = [\n /✖\\s+(.+?)(?:\\n|$)/g,\n /●\\s+(.+)(?:\\n|$)/g,\n /^FAIL\\s+(.+?)(?:\\n|$)/gm,\n ];\n\n for (const pattern of patterns) {\n let match;\n while ((match = pattern.exec(output)) !== null) {\n if (match[1]) {\n failedTests.push(match[1].trim());\n }\n }\n }\n\n return failedTests.slice(0, 5);\n}","import { fetchPackageSourceTool } from \"../tools/fetch-package-source.js\";\nimport { generatePatchTool } from \"../tools/generate-patch/index.js\";\nimport { applyPatchFileTool } from \"../tools/apply-patch-file/index.js\";\nimport type {\n LlmUsageMetrics,\n PatchConfidenceThresholds,\n PatchResult,\n UnresolvedReason,\n} from \"../../platform/types.js\";\nimport { getPatchConfidenceThreshold } from \"../../platform/config.js\";\n\nfunction resolvePatchProvider(provider: \"remote\" | \"local\"): \"remote\" | \"local\" {\n if (provider === \"local\") {\n return \"remote\";\n }\n return provider;\n}\n\nexport function shouldAttemptPatchFallback(result: PatchResult, preferVersionBump: boolean): boolean {\n if (preferVersionBump) return false;\n if (result.applied || result.dryRun) return false;\n\n return (\n result.unresolvedReason === \"no-safe-version\" ||\n result.unresolvedReason === \"install-failed\" ||\n result.unresolvedReason === \"override-apply-failed\" ||\n result.unresolvedReason === \"validation-failed\" ||\n result.unresolvedReason === \"major-bump-required\" ||\n result.unresolvedReason === \"indirect-dependency\"\n );\n}\n\nexport async function tryLocalPatchFallback(params: {\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n packageName: string;\n vulnerableVersion: string;\n cveId: string;\n cveSummary: string;\n dependencyScope: \"direct\" | \"transitive\";\n dryRun: boolean;\n runTests: boolean;\n patchesDir: string;\n llmProvider: \"remote\" | \"local\";\n model?: string;\n policy?: string;\n modelPersonality?: \"analytical\" | \"pragmatic\" | \"balanced\";\n providerSafetyProfile?: \"strict\" | \"relaxed\";\n requireConsensusForHighRisk?: boolean;\n consensusProvider?: \"remote\" | \"local\";\n consensusModel?: string;\n patchConfidenceThresholds?: PatchConfidenceThresholds;\n dynamicModelRouting?: boolean;\n dynamicRoutingThresholdChars?: number;\n installMode?: \"standard\" | \"prefer-offline\" | \"deterministic\";\n installPreferOffline?: boolean;\n enforceFrozenLockfile?: boolean;\n workspace?: string;\n}): Promise<{ result: PatchResult; steps: number; usage: LlmUsageMetrics[] }> {\n const usage: LlmUsageMetrics[] = [];\n let steps = 0;\n\n const sourceResult = (await (fetchPackageSourceTool as any).execute({\n packageName: params.packageName,\n version: params.vulnerableVersion,\n })) as {\n success?: boolean;\n sourceFiles?: Record<string, string>;\n error?: string;\n };\n steps += 1;\n\n if (!sourceResult?.success || !sourceResult.sourceFiles) {\n return {\n steps,\n usage,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n dependencyScope: params.dependencyScope,\n unresolvedReason: \"source-fetch-failed\",\n message: sourceResult?.error ?? `Failed to fetch source for ${params.packageName}@${params.vulnerableVersion}.`,\n },\n };\n }\n\n const primaryProvider = resolvePatchProvider(params.llmProvider);\n const patchResult = (await (generatePatchTool as any).execute({\n packageName: params.packageName,\n vulnerableVersion: params.vulnerableVersion,\n cveId: params.cveId,\n cveSummary: params.cveSummary,\n sourceFiles: sourceResult.sourceFiles,\n vulnerabilityCategory: \"unknown\",\n dryRun: params.dryRun,\n llmProvider: primaryProvider,\n model: params.model,\n policy: params.policy,\n cwd: params.cwd,\n modelPersonality: params.modelPersonality,\n providerSafetyProfile: params.providerSafetyProfile,\n patchConfidenceThresholds: params.patchConfidenceThresholds,\n dynamicModelRouting: params.dynamicModelRouting,\n dynamicRoutingThresholdChars: params.dynamicRoutingThresholdChars,\n })) as {\n success?: boolean;\n patches?: Array<{ filePath: string; unifiedDiff: string }>;\n patchContent?: string;\n llmProvider?: \"remote\" | \"local\";\n llmModel?: string;\n latencyMs?: number;\n estimatedCostUsd?: number;\n confidenceThreshold?: number;\n confidence?: number;\n riskLevel?: \"low\" | \"medium\" | \"high\";\n error?: string;\n };\n steps += 1;\n\n if (!patchResult?.success) {\n const error = patchResult?.error ?? \"Patch generation failed.\";\n const unresolvedReason: UnresolvedReason =\n error.includes(\"API_KEY\") || error.includes(\"does not create a language model\")\n ? \"requires-llm-fallback\"\n : \"patch-generation-failed\";\n return {\n steps,\n usage,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n dependencyScope: params.dependencyScope,\n unresolvedReason,\n message: error,\n },\n };\n }\n\n const effectiveProvider = patchResult.llmProvider ?? primaryProvider;\n const confidenceThreshold =\n patchResult.confidenceThreshold ??\n getPatchConfidenceThreshold(\n effectiveProvider,\n params.providerSafetyProfile ?? \"relaxed\",\n patchResult.riskLevel ?? \"medium\",\n params.patchConfidenceThresholds\n );\n\n if (typeof patchResult.confidence === \"number\" && patchResult.confidence < confidenceThreshold) {\n return {\n steps,\n usage,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n dependencyScope: params.dependencyScope,\n confidence: patchResult.confidence,\n riskLevel: patchResult.riskLevel,\n unresolvedReason: \"patch-confidence-too-low\",\n message: `Patch confidence ${patchResult.confidence.toFixed(2)} is below threshold ${confidenceThreshold.toFixed(2)}.`,\n },\n };\n }\n\n if (\n params.requireConsensusForHighRisk &&\n patchResult.riskLevel === \"high\" &&\n !params.dryRun\n ) {\n const consensusProvider = resolvePatchProvider(params.consensusProvider ?? primaryProvider);\n const consensus = (await (generatePatchTool as any).execute({\n packageName: params.packageName,\n vulnerableVersion: params.vulnerableVersion,\n cveId: params.cveId,\n cveSummary: params.cveSummary,\n sourceFiles: sourceResult.sourceFiles,\n vulnerabilityCategory: \"unknown\",\n dryRun: false,\n llmProvider: consensusProvider,\n model: params.consensusModel,\n policy: params.policy,\n cwd: params.cwd,\n modelPersonality: params.modelPersonality,\n providerSafetyProfile: params.providerSafetyProfile,\n patchConfidenceThresholds: params.patchConfidenceThresholds,\n dynamicModelRouting: params.dynamicModelRouting,\n dynamicRoutingThresholdChars: params.dynamicRoutingThresholdChars,\n })) as {\n success?: boolean;\n patches?: Array<{ filePath: string; unifiedDiff: string }>;\n llmProvider?: \"remote\" | \"local\";\n llmModel?: string;\n latencyMs?: number;\n estimatedCostUsd?: number;\n confidence?: number;\n error?: string;\n };\n steps += 1;\n\n const primaryDiff = patchResult.patches?.[0]?.unifiedDiff;\n const secondaryDiff = consensus.patches?.[0]?.unifiedDiff;\n if (!consensus.success || !primaryDiff || !secondaryDiff || primaryDiff !== secondaryDiff) {\n return {\n steps,\n usage,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n dependencyScope: params.dependencyScope,\n unresolvedReason: \"consensus-failed\",\n message: consensus.error ?? \"High-risk patch did not pass consensus verification.\",\n },\n };\n }\n\n if (consensus.llmProvider && consensus.llmModel) {\n usage.push({\n purpose: \"patch-consensus\",\n provider: consensus.llmProvider,\n model: consensus.llmModel,\n latencyMs: consensus.latencyMs,\n estimatedCostUsd: consensus.estimatedCostUsd,\n });\n }\n }\n\n const applyResult = (await (applyPatchFileTool as any).execute({\n packageName: params.packageName,\n vulnerableVersion: params.vulnerableVersion,\n cveId: params.cveId,\n confidence: patchResult.confidence,\n patchContent: patchResult.patchContent,\n patches: patchResult.patches,\n patchesDir: params.patchesDir,\n cwd: params.cwd,\n packageManager: params.packageManager,\n policy: params.policy,\n installMode: params.installMode,\n installPreferOffline: params.installPreferOffline,\n enforceFrozenLockfile: params.enforceFrozenLockfile,\n workspace: params.workspace,\n riskLevel: patchResult.riskLevel,\n validateWithTests: params.runTests,\n dryRun: params.dryRun,\n })) as {\n applied?: boolean;\n dryRun?: boolean;\n message?: string;\n error?: string;\n patchFilePath?: string;\n patchPath?: string;\n patchArtifact?: PatchResult[\"patchArtifact\"];\n validationPhases?: PatchResult[\"validationPhases\"];\n validation?: { passed?: boolean; error?: string };\n };\n steps += 1;\n\n if (patchResult.llmProvider && patchResult.llmModel) {\n usage.push({\n purpose: \"patch-generation\",\n provider: patchResult.llmProvider,\n model: patchResult.llmModel,\n latencyMs: patchResult.latencyMs,\n estimatedCostUsd: patchResult.estimatedCostUsd,\n });\n }\n\n return {\n steps,\n usage,\n result: {\n packageName: params.packageName,\n strategy: \"patch-file\",\n fromVersion: params.vulnerableVersion,\n patchFilePath: applyResult.patchFilePath ?? applyResult.patchPath,\n patchArtifact: applyResult.patchArtifact,\n applied: Boolean(applyResult.applied),\n dryRun: Boolean(applyResult.dryRun),\n dependencyScope: params.dependencyScope,\n confidence: patchResult.confidence,\n riskLevel: patchResult.riskLevel,\n unresolvedReason:\n !Boolean(applyResult.applied) && !Boolean(applyResult.dryRun)\n ? applyResult.validation?.passed === false\n ? \"patch-validation-failed\"\n : \"patch-apply-failed\"\n : undefined,\n message: applyResult.message ?? applyResult.error ?? \"Patch-file strategy finished.\",\n validation:\n typeof applyResult.validation?.passed === \"boolean\"\n ? {\n passed: applyResult.validation.passed,\n error: applyResult.validation.error,\n }\n : undefined,\n validationPhases: applyResult.validationPhases,\n },\n };\n}\n","import { resolveProvider } from \"../../platform/config.js\";\nimport { loadPolicy } from \"../../platform/policy.js\";\nimport type { PatchConfidenceThresholds, RemediateOptions } from \"../../platform/types.js\";\nimport { detectPackageManager } from \"../../platform/package-manager/index.js\";\n\nexport interface LocalRunOptions {\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n preview: boolean;\n dryRun: boolean;\n runTests: boolean;\n policy: string;\n patchesDir: string;\n constraints: NonNullable<RemediateOptions[\"constraints\"]>;\n llmProvider: \"remote\" | \"local\";\n providerSafetyProfile: \"strict\" | \"relaxed\";\n requireConsensusForHighRisk: boolean;\n consensusProvider: \"remote\" | \"local\";\n consensusModel?: string;\n patchConfidenceThresholds?: PatchConfidenceThresholds;\n dynamicModelRouting: boolean;\n dynamicRoutingThresholdChars?: number;\n}\n\nexport function resolveLocalRunOptions(options: RemediateOptions): LocalRunOptions {\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const preview = options.preview ?? false;\n const dryRun = (options.dryRun ?? false) || preview;\n const runTests = options.runTests ?? false;\n const policy = options.policy ?? \"\";\n const patchesDir = options.patchesDir || \"./patches\";\n const constraints = options.constraints ?? {};\n const loadedPolicy = loadPolicy(cwd, options.policy);\n const llmProvider = resolveProvider(options);\n\n return {\n cwd,\n packageManager,\n preview,\n dryRun,\n runTests,\n policy,\n patchesDir,\n constraints,\n llmProvider,\n providerSafetyProfile:\n options.providerSafetyProfile ?? loadedPolicy.providerSafetyProfile ?? \"relaxed\",\n requireConsensusForHighRisk:\n options.requireConsensusForHighRisk ?? loadedPolicy.requireConsensusForHighRisk ?? false,\n consensusProvider: options.consensusProvider ?? loadedPolicy.consensusProvider ?? \"remote\",\n consensusModel: options.consensusModel ?? loadedPolicy.consensusModel,\n patchConfidenceThresholds: {\n ...loadedPolicy.patchConfidenceThresholds,\n ...options.patchConfidenceThresholds,\n },\n dynamicModelRouting: options.dynamicModelRouting ?? loadedPolicy.dynamicModelRouting ?? false,\n dynamicRoutingThresholdChars:\n options.dynamicRoutingThresholdChars ?? loadedPolicy.dynamicRoutingThresholdChars,\n };\n}\n","import semver from \"semver\";\nimport type { CveDetails, VulnerablePackage } from \"../../platform/types.js\";\n\ninterface InstalledPackage {\n name: string;\n version: string;\n type: \"direct\" | \"indirect\";\n}\n\nexport function findVulnerablePackages(\n cveDetails: CveDetails,\n installedPackages: InstalledPackage[]\n): VulnerablePackage[] {\n const vulnerablePackages: VulnerablePackage[] = [];\n\n for (const affected of cveDetails.affectedPackages) {\n if (!affected || typeof affected !== \"object\") continue;\n if (!affected.name || !affected.vulnerableRange) continue;\n if (affected.ecosystem !== \"npm\") continue;\n\n const matches = installedPackages.filter((pkg) => pkg.name === affected.name);\n for (const installed of matches) {\n if (!semver.valid(installed.version)) continue;\n\n let isVulnerable = false;\n try {\n isVulnerable = semver.satisfies(installed.version, affected.vulnerableRange, {\n includePrerelease: false,\n });\n } catch {\n continue;\n }\n\n if (isVulnerable) {\n vulnerablePackages.push({ installed, affected });\n }\n }\n }\n\n return vulnerablePackages;\n}\n","import type { PatchResult, VulnerablePackage } from \"../../platform/types.js\";\n\nexport function buildLocalSummary(\n vulnerablePackages: VulnerablePackage[],\n collectedResults: PatchResult[]\n): string {\n const appliedCount = collectedResults.filter((result) => result.applied).length;\n const unresolvedCount = collectedResults.filter((result) => !result.applied && !result.dryRun).length;\n const dryRunCount = collectedResults.filter((result) => result.dryRun).length;\n\n return `Local mode completed: vulnerable=${vulnerablePackages.length}, applied=${appliedCount}, dryRun=${dryRunCount}, unresolved=${unresolvedCount}`;\n}\n","import { lookupCveOsv } from \"../../intelligence/sources/osv.js\";\nimport { lookupCveGitHub, mergeGhDataIntoCveDetails } from \"../../intelligence/sources/github-advisory.js\";\nimport { enrichWithNvd } from \"../../intelligence/sources/nvd.js\";\nimport type {\n CveDetails,\n LlmUsageMetrics,\n PatchResult,\n RemediateOptions,\n RemediationReport,\n VulnerablePackage,\n} from \"../../platform/types.js\";\nimport { checkInventoryTool } from \"../tools/check-inventory.js\";\nimport { resolvePrimaryResult } from \"./primary-strategy.js\";\nimport { shouldAttemptPatchFallback, tryLocalPatchFallback } from \"./fallback.js\";\nimport { resolveLocalRunOptions } from \"./options.js\";\nimport { findVulnerablePackages } from \"./vulnerability-match.js\";\nimport { buildLocalSummary } from \"./summary.js\";\n\nexport async function runLocalRemediationPipeline(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n const resolved = resolveLocalRunOptions(options);\n const {\n cwd,\n packageManager,\n dryRun,\n runTests,\n policy,\n patchesDir,\n constraints,\n llmProvider,\n providerSafetyProfile,\n requireConsensusForHighRisk,\n consensusProvider,\n consensusModel,\n patchConfidenceThresholds,\n dynamicModelRouting,\n dynamicRoutingThresholdChars,\n } = resolved;\n\n const collectedResults: PatchResult[] = [];\n const llmUsage: LlmUsageMetrics[] = [];\n let vulnerablePackages: VulnerablePackage[] = [];\n let cveDetails: CveDetails | null = null;\n let agentSteps = 0;\n\n const normalizedId = cveId.toUpperCase();\n const [osvDetails, ghPackages] = await Promise.all([\n lookupCveOsv(normalizedId),\n lookupCveGitHub(normalizedId).catch(() => []),\n ]);\n agentSteps += 2;\n\n if (!osvDetails && ghPackages.length === 0) {\n return {\n cveId,\n cveDetails: null,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode failed at lookup-cve: ${normalizedId} not found in OSV or GitHub advisory data.`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n }\n\n cveDetails = osvDetails ?? {\n id: normalizedId,\n summary: \"Details sourced from GitHub Advisory Database.\",\n severity: \"UNKNOWN\",\n references: [],\n affectedPackages: [],\n };\n\n if (ghPackages.length > 0) {\n cveDetails = mergeGhDataIntoCveDetails(cveDetails, ghPackages);\n }\n cveDetails = await enrichWithNvd(cveDetails);\n\n if (cveDetails.affectedPackages.length === 0) {\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode lookup succeeded but no npm affected packages were found for ${normalizedId}.`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n }\n\n const inventory = await (checkInventoryTool as any).execute({\n cwd,\n packageManager,\n policy: options.policy,\n workspace: constraints.workspace,\n });\n agentSteps += 1;\n\n if (inventory?.error) {\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode failed at check-inventory: ${inventory.error}`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n }\n\n const installedPackages = (inventory.packages ?? []) as Array<{\n name: string;\n version: string;\n type: \"direct\" | \"indirect\";\n }>;\n\n vulnerablePackages = findVulnerablePackages(cveDetails, installedPackages);\n agentSteps += 1;\n\n for (const vulnerable of vulnerablePackages) {\n const primary = await resolvePrimaryResult({\n vulnerable,\n cwd,\n packageManager,\n dryRun,\n policy,\n runTests,\n constraints,\n });\n agentSteps += primary.steps;\n\n if (shouldAttemptPatchFallback(primary.result, constraints.preferVersionBump ?? false)) {\n const fallback = await tryLocalPatchFallback({\n cwd,\n packageManager,\n packageName: vulnerable.installed.name,\n vulnerableVersion: vulnerable.installed.version,\n cveId: normalizedId,\n cveSummary: cveDetails?.summary ?? normalizedId,\n dependencyScope: vulnerable.installed.type === \"direct\" ? \"direct\" : \"transitive\",\n dryRun,\n runTests,\n patchesDir,\n llmProvider,\n model: options.model,\n policy: options.policy,\n modelPersonality: options.modelPersonality,\n providerSafetyProfile,\n requireConsensusForHighRisk,\n consensusProvider,\n consensusModel,\n patchConfidenceThresholds,\n dynamicModelRouting,\n dynamicRoutingThresholdChars,\n installMode: constraints.installMode,\n installPreferOffline: constraints.installPreferOffline,\n enforceFrozenLockfile: constraints.enforceFrozenLockfile,\n workspace: constraints.workspace,\n });\n agentSteps += fallback.steps;\n collectedResults.push(fallback.result);\n if (fallback.usage) {\n llmUsage.push(...fallback.usage);\n }\n continue;\n }\n\n collectedResults.push({\n ...primary.result,\n dependencyScope: vulnerable.installed.type === \"direct\" ? \"direct\" : \"transitive\",\n });\n }\n\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: buildLocalSummary(vulnerablePackages, collectedResults),\n llmUsage: llmUsage.length > 0 ? llmUsage : undefined,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n}\n","import type {\n CveDetails,\n PatchResult,\n VulnerablePackage,\n} from \"../../platform/types.js\";\n\ninterface StepToolResult {\n toolName: string;\n result?: unknown;\n}\n\ninterface AccumulateStepResultsParams {\n toolResults: StepToolResult[];\n cveDetails: CveDetails | null;\n vulnerablePackages: VulnerablePackage[];\n collectedResults: PatchResult[];\n getDependencyScope: (packageName: string) => \"direct\" | \"transitive\" | undefined;\n}\n\ninterface AccumulateStepResultsOutput {\n cveDetails: CveDetails | null;\n vulnerablePackages: VulnerablePackage[];\n collectedResults: PatchResult[];\n}\n\nexport function accumulateStepResults(\n params: AccumulateStepResultsParams\n): AccumulateStepResultsOutput {\n const {\n toolResults,\n cveDetails,\n vulnerablePackages,\n collectedResults,\n getDependencyScope,\n } = params;\n\n let nextCveDetails = cveDetails;\n const nextVulnerablePackages = [...vulnerablePackages];\n const nextCollectedResults = [...collectedResults];\n\n for (const tr of toolResults) {\n const toolResult = tr.result as Record<string, unknown> | undefined;\n\n if (tr.toolName === \"lookup-cve\" && toolResult?.data) {\n nextCveDetails = toolResult.data as CveDetails;\n }\n\n if (tr.toolName === \"check-version-match\" && toolResult?.vulnerablePackages) {\n nextVulnerablePackages.push(...(toolResult.vulnerablePackages as VulnerablePackage[]));\n }\n\n if (tr.toolName === \"apply-version-bump\") {\n const typed = toolResult as unknown as PatchResult;\n nextCollectedResults.push({\n ...typed,\n dependencyScope: typed.packageName\n ? getDependencyScope(typed.packageName)\n : typed.dependencyScope,\n });\n }\n\n if (tr.toolName === \"apply-package-override\") {\n const typed = toolResult as unknown as PatchResult;\n nextCollectedResults.push({\n ...typed,\n dependencyScope: typed.packageName\n ? getDependencyScope(typed.packageName)\n : typed.dependencyScope,\n });\n }\n\n if (tr.toolName === \"apply-patch-file\" && toolResult) {\n const validation = toolResult.validation as\n | { passed?: boolean; error?: string }\n | undefined;\n const message =\n typeof toolResult.message === \"string\"\n ? toolResult.message\n : typeof toolResult.error === \"string\"\n ? toolResult.error\n : \"Patch-file strategy finished.\";\n\n nextCollectedResults.push({\n packageName:\n typeof toolResult.packageName === \"string\"\n ? toolResult.packageName\n : \"unknown-package\",\n strategy: \"patch-file\",\n fromVersion:\n typeof toolResult.vulnerableVersion === \"string\"\n ? toolResult.vulnerableVersion\n : \"unknown\",\n patchFilePath:\n typeof toolResult.patchFilePath === \"string\"\n ? toolResult.patchFilePath\n : typeof toolResult.patchPath === \"string\"\n ? toolResult.patchPath\n : undefined,\n patchArtifact:\n typeof toolResult.patchArtifact === \"object\" && toolResult.patchArtifact !== null\n ? (toolResult.patchArtifact as PatchResult[\"patchArtifact\"])\n : undefined,\n applied: Boolean(toolResult.applied),\n dryRun: Boolean(toolResult.dryRun),\n dependencyScope:\n typeof toolResult.packageName === \"string\"\n ? getDependencyScope(toolResult.packageName)\n : undefined,\n confidence:\n typeof toolResult.patchArtifact === \"object\" &&\n toolResult.patchArtifact !== null &&\n typeof (toolResult.patchArtifact as Record<string, unknown>).confidence === \"number\"\n ? ((toolResult.patchArtifact as Record<string, unknown>).confidence as number)\n : undefined,\n riskLevel:\n typeof toolResult.patchArtifact === \"object\" &&\n toolResult.patchArtifact !== null &&\n typeof (toolResult.patchArtifact as Record<string, unknown>).riskLevel === \"string\"\n ? ((toolResult.patchArtifact as Record<string, unknown>).riskLevel as PatchResult[\"riskLevel\"])\n : undefined,\n unresolvedReason:\n !Boolean(toolResult.applied) && !Boolean(toolResult.dryRun)\n ? validation && validation.passed === false\n ? \"patch-validation-failed\"\n : \"patch-apply-failed\"\n : undefined,\n message,\n validation:\n validation && typeof validation.passed === \"boolean\"\n ? {\n passed: validation.passed,\n error: typeof validation.error === \"string\" ? validation.error : undefined,\n }\n : undefined,\n validationPhases:\n Array.isArray(toolResult.validationPhases)\n ? (toolResult.validationPhases as PatchResult[\"validationPhases\"])\n : undefined,\n });\n }\n }\n\n return {\n cveDetails: nextCveDetails,\n vulnerablePackages: nextVulnerablePackages,\n collectedResults: nextCollectedResults,\n };\n}","import { existsSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\n\ninterface PromptContext {\n cveId: string;\n cwd: string;\n llmProvider: \"remote\" | \"local\";\n modelPersonality?: \"analytical\" | \"pragmatic\" | \"balanced\";\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n runTests: boolean;\n policy: string;\n patchesDir: string;\n constraints: {\n directDependenciesOnly?: boolean;\n preferVersionBump?: boolean;\n };\n}\n\nfunction buildProviderAddendum(\n provider: \"remote\" | \"local\",\n personality: \"analytical\" | \"pragmatic\" | \"balanced\" = \"balanced\"\n): string {\n const personalityDirective =\n personality === \"analytical\"\n ? \"Use concise, explicit rationale for tool decisions and unresolved outcomes.\"\n : personality === \"pragmatic\"\n ? \"Prefer the smallest safe remediation path while preserving policy and validation gates.\"\n : \"Balance concise execution with brief rationale for risky or unresolved outcomes.\";\n\n const providerDirective =\n provider === \"remote\"\n ? \"Use strict structured output and deterministic reporting fields.\"\n : \"Use deterministic-first behavior and only rely on remote model fallback when required by patch generation.\";\n\n return `\\nProvider profile:\\n- Provider: ${provider}\\n- ${providerDirective}\\n- ${personalityDirective}`;\n}\n\nexport function loadOrchestrationPrompt(ctx: PromptContext): string {\n const promptPath = join(process.cwd(), \".github\", \"instructions\", \"orchestration.instructions.md\");\n\n if (!existsSync(promptPath)) {\n return `You are autoremediator, an agentic security remediation system for Node.js package dependencies.\nWorking directory: ${ctx.cwd}\n Package manager: ${ctx.packageManager}\nDry run: ${ctx.dryRun}\nRun tests: ${ctx.runTests}\nPolicy: ${ctx.policy || \"undefined\"}\nPatches dir: ${ctx.patchesDir}\nDirect dependencies only: ${String(ctx.constraints.directDependenciesOnly ?? false)}\nPrefer version bump: ${String(ctx.constraints.preferVersionBump ?? false)}\n\nRequired sequence:\n1. lookup-cve\n2. check-inventory\n3. check-version-match\n4. find-fixed-version\n5. apply-version-bump\n6. apply-package-override\n\nFallback sequence (when neither version bump nor override can be applied):\n1. fetch-package-source\n2. generate-patch\n3. apply-patch-file\n\nAlways respect dryRun and policy constraints.`;\n }\n\n const template = readFileSync(promptPath, \"utf8\");\n return (\n template\n .replaceAll(\"{{cveId}}\", ctx.cveId)\n .replaceAll(\"{{cwd}}\", ctx.cwd)\n .replaceAll(\"{{packageManager}}\", ctx.packageManager)\n .replaceAll(\"{{dryRun}}\", String(ctx.dryRun))\n .replaceAll(\"{{runTests}}\", String(ctx.runTests))\n .replaceAll(\"{{policy}}\", ctx.policy || \"undefined\")\n .replaceAll(\"{{patchesDir}}\", ctx.patchesDir)\n .replaceAll(\"{{directDependenciesOnly}}\", String(ctx.constraints.directDependenciesOnly ?? false))\n .replaceAll(\"{{preferVersionBump}}\", String(ctx.constraints.preferVersionBump ?? false)) +\n buildProviderAddendum(ctx.llmProvider, ctx.modelPersonality)\n );\n}\n","import type { RemediateOptions } from \"../../platform/types.js\";\n\nexport type ProgressStage =\n | \"pipeline-start\"\n | \"model-selected\"\n | \"agent-step\"\n | \"pipeline-finish\"\n | \"patch-fallback\"\n | \"patch-consensus\";\n\nexport function createProgressEmitter(options: RemediateOptions) {\n return (\n stage: ProgressStage,\n detail: string,\n extra?: { provider?: \"remote\" | \"local\"; model?: string }\n ): void => {\n if (!options.onProgress) return;\n options.onProgress({\n stage,\n detail,\n at: new Date().toISOString(),\n provider: extra?.provider,\n model: extra?.model,\n });\n };\n}","/**\n * Tool: lookup-cve\n *\n * Fetches CVE details from OSV (primary) and GitHub Advisory (secondary),\n * merges them, and optionally enriches with supplemental intelligence data.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { lookupCveOsv } from \"../../intelligence/sources/osv.js\";\nimport { lookupCveGitHub, mergeGhDataIntoCveDetails } from \"../../intelligence/sources/github-advisory.js\";\nimport { enrichWithNvd } from \"../../intelligence/sources/nvd.js\";\nimport { enrichWithCisaKev } from \"../../intelligence/sources/cisa-kev.js\";\nimport { enrichWithEpss } from \"../../intelligence/sources/epss.js\";\nimport { enrichWithCveServices } from \"../../intelligence/sources/cve-services.js\";\nimport { enrichWithGitLabAdvisory } from \"../../intelligence/sources/gitlab-advisory.js\";\nimport { enrichWithCertCc } from \"../../intelligence/sources/certcc.js\";\nimport { enrichWithDepsDev } from \"../../intelligence/sources/deps-dev.js\";\nimport { enrichWithOssfScorecard } from \"../../intelligence/sources/ossf-scorecard.js\";\nimport { enrichWithExternalFeeds } from \"../../intelligence/sources/external-feeds.js\";\nimport type { CveDetails } from \"../../platform/types.js\";\n\nexport const lookupCveTool = tool({\n description:\n \"Look up a CVE ID and return the list of affected npm packages, their vulnerable version ranges, and the first patched version. Always call this first.\",\n parameters: z.object({\n cveId: z\n .string()\n .regex(/^CVE-\\d{4}-\\d+$/i, \"Must be a valid CVE ID like CVE-2021-23337\"),\n }),\n execute: async ({ cveId }): Promise<{ success: boolean; data?: CveDetails; error?: string }> => {\n const normalizedId = cveId.toUpperCase();\n\n // Fan out to OSV + GitHub Advisory in parallel\n const [osvDetails, ghPackages] = await Promise.all([\n lookupCveOsv(normalizedId),\n lookupCveGitHub(normalizedId),\n ]);\n\n if (!osvDetails && ghPackages.length === 0) {\n return {\n success: false,\n error: `CVE \"${normalizedId}\" was not found in OSV or GitHub Advisory databases. It may be too new, or not affect npm packages.`,\n };\n }\n\n // Start from OSV result or construct a minimal shell from GH data\n let details: CveDetails = osvDetails ?? {\n id: normalizedId,\n summary: \"Details sourced from GitHub Advisory Database.\",\n severity: \"UNKNOWN\",\n references: [],\n affectedPackages: [],\n };\n\n // Merge GitHub Advisory data (adds firstPatchedVersion, fills gaps)\n if (ghPackages.length > 0) {\n details = mergeGhDataIntoCveDetails(details, ghPackages);\n }\n\n const sourceHealth: Record<string, { attempted: boolean; changed: boolean; error?: string }> = {};\n\n const applyEnricher = async (\n sourceName: string,\n enricher: (input: CveDetails) => Promise<CveDetails>\n ): Promise<void> => {\n const before = JSON.stringify(details);\n try {\n details = await enricher(details);\n const after = JSON.stringify(details);\n sourceHealth[sourceName] = {\n attempted: true,\n changed: before !== after,\n };\n } catch (error) {\n sourceHealth[sourceName] = {\n attempted: true,\n changed: false,\n error: error instanceof Error ? error.message : String(error),\n };\n }\n };\n\n await applyEnricher(\"nvd\", enrichWithNvd);\n await applyEnricher(\"cisa-kev\", enrichWithCisaKev);\n await applyEnricher(\"epss\", enrichWithEpss);\n await applyEnricher(\"cve-services\", enrichWithCveServices);\n await applyEnricher(\"gitlab-advisory\", enrichWithGitLabAdvisory);\n await applyEnricher(\"certcc\", enrichWithCertCc);\n await applyEnricher(\"deps-dev\", enrichWithDepsDev);\n await applyEnricher(\"ossf-scorecard\", enrichWithOssfScorecard);\n await applyEnricher(\"external-feeds\", enrichWithExternalFeeds);\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n sourceHealth,\n };\n\n if (details.affectedPackages.length === 0) {\n return {\n success: false,\n error: `CVE \"${normalizedId}\" was found but has no npm-specific affected packages listed. It may affect a different ecosystem.`,\n };\n }\n\n return { success: true, data: details };\n },\n});\n","/**\n * CISA Known Exploited Vulnerabilities (KEV) feed client.\n *\n * Used for risk-priority enrichment only. This source does not provide\n * npm package range intelligence.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nconst CISA_KEV_URL =\n \"https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\";\n\n\ninterface CisaKevVulnerability {\n cveID: string;\n dateAdded?: string;\n dueDate?: string;\n requiredAction?: string;\n knownRansomwareCampaignUse?: string;\n}\n\ninterface CisaKevFeed {\n vulnerabilities?: CisaKevVulnerability[];\n}\n\nexport async function fetchCisaKevFeed(): Promise<CisaKevFeed | undefined> {\n try {\n const res = await httpClient({ url: CISA_KEV_URL });\n if (!res.ok) return undefined;\n return res.data as CisaKevFeed;\n } catch {\n // KEV is enrichment only; failures are non-fatal.\n return undefined;\n }\n}\n\nexport function findKevEntry(\n feed: CisaKevFeed | undefined,\n cveId: string\n): CisaKevVulnerability | undefined {\n if (!feed?.vulnerabilities?.length) return undefined;\n const normalized = cveId.toUpperCase();\n return feed.vulnerabilities.find((v) => v.cveID.toUpperCase() === normalized);\n}\n\nexport async function enrichWithCisaKev(details: CveDetails): Promise<CveDetails> {\n const feed = await fetchCisaKevFeed();\n const entry = findKevEntry(feed, details.id);\n if (!entry) return details;\n\n details.kev = {\n knownExploited: true,\n dateAdded: entry.dateAdded,\n dueDate: entry.dueDate,\n requiredAction: entry.requiredAction,\n knownRansomwareCampaignUse: entry.knownRansomwareCampaignUse,\n };\n\n if (!details.references.includes(CISA_KEV_URL)) {\n details.references.push(CISA_KEV_URL);\n }\n\n return details;\n}\n","/**\n * FIRST EPSS API client.\n *\n * Adds exploitation probability metadata for prioritization.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\ninterface EpssRow {\n cve: string;\n epss: string;\n percentile: string;\n date?: string;\n}\n\ninterface EpssResponse {\n data?: EpssRow[];\n}\n\nexport async function fetchEpss(cveId: string): Promise<EpssRow | undefined> {\n const { epssApi } = getIntelligenceSourceConfig();\n if (!epssApi) return undefined;\n\n try {\n const url = new URL(epssApi);\n url.searchParams.set(\"cve\", cveId);\n\n const res = await httpClient({ url: url.toString() });\n if (!res.ok) return undefined;\n\n const body = res.data as EpssResponse;\n return body.data?.[0];\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithEpss(details: CveDetails): Promise<CveDetails> {\n const row = await fetchEpss(details.id);\n if (!row) return details;\n\n const score = Number.parseFloat(row.epss);\n const percentile = Number.parseFloat(row.percentile);\n if (!Number.isFinite(score) || !Number.isFinite(percentile)) {\n return details;\n }\n\n details.epss = {\n score,\n percentile,\n date: row.date,\n };\n return details;\n}\n","/**\n * CVE Services (CVE.org/MITRE) client.\n *\n * Adds supplemental references and summary data when available.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\n\ninterface CveContainer {\n descriptions?: Array<{ lang?: string; value?: string }>;\n references?: Array<{ url?: string }>;\n}\n\ninterface CveRecord {\n containers?: {\n cna?: CveContainer;\n adp?: CveContainer[];\n };\n}\n\nfunction pickEnglishDescription(container?: CveContainer): string | undefined {\n if (!container?.descriptions?.length) return undefined;\n const en = container.descriptions.find((d) => d.lang === \"en\" && d.value);\n return (en?.value ?? container.descriptions[0]?.value)?.trim() || undefined;\n}\n\nfunction collectReferences(record: CveRecord): string[] {\n const refs = new Set<string>();\n const cnaRefs = record.containers?.cna?.references ?? [];\n const adpRefs = (record.containers?.adp ?? []).flatMap((c) => c.references ?? []);\n\n for (const ref of [...cnaRefs, ...adpRefs]) {\n if (ref.url) refs.add(ref.url);\n }\n return Array.from(refs);\n}\n\nexport async function fetchCveServicesRecord(cveId: string): Promise<CveRecord | undefined> {\n const { cveServicesApi } = getIntelligenceSourceConfig();\n if (!cveServicesApi) return undefined;\n\n try {\n const res = await httpClient({\n url: `${cveServicesApi}/${encodeURIComponent(cveId)}`,\n });\n if (!res.ok) return undefined;\n return res.data as CveRecord;\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithCveServices(details: CveDetails): Promise<CveDetails> {\n const record = await fetchCveServicesRecord(details.id);\n if (!record) return details;\n\n const summary = pickEnglishDescription(record.containers?.cna);\n if (summary && (!details.summary || details.summary.includes(\"No summary available\"))) {\n details.summary = summary;\n }\n\n const refs = collectReferences(record);\n if (refs.length > 0) {\n const merged = new Set([...details.references, ...refs]);\n details.references = Array.from(merged);\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n cveServicesEnriched: true,\n };\n\n return details;\n}\n","/**\n * GitLab advisory enrichment client.\n *\n * Endpoint is configurable because deployment paths vary by mirror.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\ninterface GitLabAdvisoryRecord {\n identifiers?: Array<{ type?: string; value?: string }>;\n references?: string[];\n}\n\nfunction advisoryMatchesCve(advisory: GitLabAdvisoryRecord, cveId: string): boolean {\n const normalized = cveId.toUpperCase();\n return (advisory.identifiers ?? []).some(\n (id) => id.type?.toUpperCase() === \"CVE\" && id.value?.toUpperCase() === normalized\n );\n}\n\nexport async function fetchGitLabAdvisories(cveId: string): Promise<GitLabAdvisoryRecord[]> {\n const { gitLabAdvisoryApi } = getIntelligenceSourceConfig();\n if (!gitLabAdvisoryApi) return [];\n\n try {\n const url = new URL(gitLabAdvisoryApi);\n url.searchParams.set(\"identifier\", cveId);\n url.searchParams.set(\"ecosystem\", \"npm\");\n\n const res = await httpClient({ url: url.toString() });\n if (!res.ok) return [];\n\n const body = res.data;\n return Array.isArray(body) ? (body as GitLabAdvisoryRecord[]) : [];\n } catch {\n return [];\n }\n}\n\nexport async function enrichWithGitLabAdvisory(details: CveDetails): Promise<CveDetails> {\n const advisories = await fetchGitLabAdvisories(details.id);\n const matched = advisories.filter((a) => advisoryMatchesCve(a, details.id));\n if (matched.length === 0) return details;\n\n const refs = matched.flatMap((m) => m.references ?? []);\n if (refs.length > 0) {\n const merged = new Set([...details.references, ...refs]);\n details.references = Array.from(merged);\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n gitlabAdvisoryMatched: true,\n };\n\n return details;\n}\n","/**\n * CERT/CC search enrichment.\n *\n * This source tries to locate a CERT/CC page mentioning a CVE.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nconst CERTCC_HOME = \"https://www.kb.cert.org/vuls/\";\n\nexport async function findCertCcReference(cveId: string): Promise<string | undefined> {\n const { certCcSearchUrl } = getIntelligenceSourceConfig();\n if (!certCcSearchUrl) return undefined;\n\n try {\n const url = new URL(certCcSearchUrl);\n url.searchParams.set(\"query\", cveId);\n\n const res = await httpClient({\n url: url.toString(),\n headers: { Accept: \"text/html\" },\n });\n if (!res.ok) return undefined;\n\n const html = res.text;\n const match = html.match(/https:\\/\\/www\\.kb\\.cert\\.org\\/vuls\\/id\\/\\d+/i);\n return match?.[0] ?? undefined;\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithCertCc(details: CveDetails): Promise<CveDetails> {\n const ref = await findCertCcReference(details.id);\n if (!ref) return details;\n\n if (!details.references.includes(ref)) {\n details.references.push(ref);\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n certCcMatched: true,\n };\n\n if (!details.references.includes(CERTCC_HOME)) {\n details.references.push(CERTCC_HOME);\n }\n\n return details;\n}\n","/**\n * deps.dev enrichment.\n *\n * Adds package metadata lookup coverage count for affected npm packages.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nasync function fetchDepsDevPackage(name: string): Promise<boolean> {\n const { depsDevApi } = getIntelligenceSourceConfig();\n if (!depsDevApi) return false;\n\n try {\n const url = `${depsDevApi}/systems/npm/packages/${encodeURIComponent(name)}`;\n const res = await httpClient({ url });\n return res.ok;\n } catch {\n return false;\n }\n}\n\nexport async function enrichWithDepsDev(details: CveDetails): Promise<CveDetails> {\n const names = Array.from(new Set(details.affectedPackages.map((p) => p.name))).slice(0, 20);\n if (names.length === 0) return details;\n\n const checks = await Promise.all(names.map((name) => fetchDepsDevPackage(name)));\n const matched = checks.filter(Boolean).length;\n if (matched === 0) return details;\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n depsDevEnrichedPackages: matched,\n };\n return details;\n}\n","/**\n * OpenSSF Scorecard enrichment.\n *\n * Uses best-effort project checks from affected package names.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nasync function checkProject(project: string): Promise<boolean> {\n const { scorecardApi } = getIntelligenceSourceConfig();\n if (!scorecardApi) return false;\n\n try {\n const url = new URL(`${scorecardApi}/projects`);\n url.searchParams.set(\"project\", project);\n const res = await httpClient({ url: url.toString() });\n return res.ok;\n } catch {\n return false;\n }\n}\n\nexport async function enrichWithOssfScorecard(details: CveDetails): Promise<CveDetails> {\n const projects = Array.from(\n new Set(details.affectedPackages.map((p) => `github.com/${p.name}/${p.name}`))\n ).slice(0, 10);\n\n if (projects.length === 0) return details;\n\n const checks = await Promise.all(projects.map((project) => checkProject(project)));\n const matched = checks.filter(Boolean).length;\n if (matched === 0) return details;\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n scorecardProjects: matched,\n };\n\n return details;\n}\n","/**\n * Optional vendor and commercial intelligence connectors.\n *\n * Connectors are URL-based and environment configured so enterprise users can\n * plug in proprietary feeds without hard-coding dependencies.\n * Uses shared HTTP client for consistent error handling and timeouts.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\nimport { httpClient } from \"../../platform/http-client.js\";\n\nasync function probeFeed(url: string, cveId: string, token?: string): Promise<string | undefined> {\n try {\n const feedUrl = new URL(url);\n feedUrl.searchParams.set(\"cve\", cveId);\n\n const headers: Record<string, string> = {};\n if (token) headers.Authorization = `Bearer ${token}`;\n\n const res = await httpClient({ url: feedUrl.toString(), headers });\n if (!res.ok) return undefined;\n return feedUrl.toString();\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithExternalFeeds(details: CveDetails): Promise<CveDetails> {\n const {\n vendorAdvisoryFeeds,\n commercialFeeds,\n commercialFeedToken,\n } = getIntelligenceSourceConfig();\n\n const vendorHits = (\n await Promise.all(vendorAdvisoryFeeds.map((url) => probeFeed(url, details.id)))\n ).filter((v): v is string => Boolean(v));\n\n const commercialHits = (\n await Promise.all(\n commercialFeeds.map((url) => probeFeed(url, details.id, commercialFeedToken))\n )\n ).filter((v): v is string => Boolean(v));\n\n if (vendorHits.length === 0 && commercialHits.length === 0) {\n return details;\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n vendorAdvisories: vendorHits.length > 0 ? vendorHits : details.intelligence?.vendorAdvisories,\n commercialFeeds:\n commercialHits.length > 0 ? commercialHits : details.intelligence?.commercialFeeds,\n };\n\n const mergedRefs = new Set([...details.references, ...vendorHits, ...commercialHits]);\n details.references = Array.from(mergedRefs);\n\n return details;\n}\n","/**\n * Tool: check-version-match\n *\n * Cross-references inventory packages against CVE-affected package ranges\n * to find which installed packages are actually vulnerable.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport semver from \"semver\";\nimport type { AffectedPackage, InventoryPackage, VulnerablePackage } from \"../../platform/types.js\";\n\nconst affectedPackageSchema = z.object({\n name: z.string(),\n ecosystem: z.literal(\"npm\"),\n vulnerableRange: z.string(),\n firstPatchedVersion: z.string().optional(),\n source: z.enum([\"osv\", \"github-advisory\"]),\n});\n\nconst inventoryPackageSchema = z.object({\n name: z.string(),\n version: z.string(),\n type: z.enum([\"direct\", \"indirect\"]),\n});\n\nexport const checkVersionMatchTool = tool({\n description:\n \"Check which of the project's installed packages fall within the CVE's vulnerable version ranges. Returns only the packages that are actually vulnerable.\",\n parameters: z.object({\n installedPackages: z\n .array(inventoryPackageSchema)\n .describe(\"Output from the check-inventory tool\"),\n affectedPackages: z\n .array(affectedPackageSchema)\n .describe(\"affectedPackages array from the lookup-cve tool result\"),\n }),\n execute: async ({ installedPackages, affectedPackages }): Promise<{\n vulnerablePackages: VulnerablePackage[];\n checkedCount: number;\n }> => {\n const vulnerable: VulnerablePackage[] = [];\n\n for (const affected of affectedPackages as AffectedPackage[]) {\n // Find all installed packages with matching name\n const matches = (installedPackages as InventoryPackage[]).filter(\n (p) => p.name === affected.name\n );\n\n for (const installed of matches) {\n // Validate the installed version is parseable\n if (!semver.valid(installed.version)) continue;\n\n let isVulnerable = false;\n try {\n isVulnerable = semver.satisfies(installed.version, affected.vulnerableRange, {\n includePrerelease: false,\n });\n } catch {\n // Malformed range — skip rather than crash\n continue;\n }\n\n if (isVulnerable) {\n vulnerable.push({ installed, affected });\n }\n }\n }\n\n return {\n vulnerablePackages: vulnerable,\n checkedCount: installedPackages.length,\n };\n },\n});\n","/**\n * Tool: find-fixed-version\n *\n * Queries the npm registry to find the best safe upgrade version\n * for a vulnerable package.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { resolveSafeUpgradeVersion } from \"../../intelligence/sources/registry.js\";\n\nexport const findFixedVersionTool = tool({\n description:\n \"Query the npm registry to find the safest published upgrade version for a package that is >= the first patched version. Prefer patch upgrades first, then minor, and only fall back to major when no same-major fix exists.\",\n parameters: z.object({\n packageName: z.string().describe(\"The npm package name\"),\n installedVersion: z.string().describe(\"The currently installed version (exact semver)\"),\n firstPatchedVersion: z\n .string()\n .describe(\n \"The first version that is NOT vulnerable (from lookup-cve). Use this as the floor.\"\n ),\n vulnerableRange: z\n .string()\n .optional()\n .describe(\"Optional vulnerable semver range used to exclude still-vulnerable versions\"),\n }),\n execute: async ({\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange,\n }): Promise<{\n safeVersion?: string;\n upgradeLevel?: \"patch\" | \"minor\" | \"major\";\n candidates: Partial<Record<\"patch\" | \"minor\" | \"major\", string>>;\n isMajorBump: boolean;\n majorOnlyFixAvailable: boolean;\n message: string;\n }> => {\n const resolution = await resolveSafeUpgradeVersion(\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange\n );\n const { safeVersion, upgradeLevel, candidates, majorOnlyFixAvailable } = resolution;\n\n if (!safeVersion) {\n return {\n candidates,\n isMajorBump: false,\n majorOnlyFixAvailable: false,\n message: `No safe upgrade version found for \"${packageName}\". The patch-file path will be needed.`,\n };\n }\n\n const installedMajor = parseInt(installedVersion.split(\".\")[0] ?? \"0\", 10);\n const safeMajor = parseInt(safeVersion.split(\".\")[0] ?? \"0\", 10);\n const isMajorBump = safeMajor > installedMajor;\n\n return {\n safeVersion,\n upgradeLevel,\n candidates,\n isMajorBump,\n majorOnlyFixAvailable,\n message: isMajorBump\n ? `Found safe version ${safeVersion} for \"${packageName}\", but only a major upgrade is available from ${installedVersion}. This should remain blocked unless policy explicitly allows major bumps.`\n : `Found ${upgradeLevel ?? \"safe\"} upgrade ${safeVersion} for \"${packageName}\" (from ${installedVersion}).`,\n };\n },\n});\n","import { lookupCveTool } from \"./tools/lookup-cve.js\";\nimport { checkInventoryTool } from \"./tools/check-inventory.js\";\nimport { checkVersionMatchTool } from \"./tools/check-version-match.js\";\nimport { findFixedVersionTool } from \"./tools/find-fixed-version.js\";\nimport { applyVersionBumpTool } from \"./tools/apply-version-bump.js\";\nimport { applyPackageOverrideTool } from \"./tools/apply-package-override/index.js\";\nimport { fetchPackageSourceTool } from \"./tools/fetch-package-source.js\";\nimport { generatePatchTool } from \"./tools/generate-patch/index.js\";\nimport { applyPatchFileTool } from \"./tools/apply-patch-file/index.js\";\n\ninterface RuntimeToolContext {\n checkInventoryToolForRun: typeof checkInventoryTool;\n applyVersionBumpToolForRun: typeof applyVersionBumpTool;\n applyPackageOverrideToolForRun: typeof applyPackageOverrideTool;\n applyPatchFileToolForRun: typeof applyPatchFileTool;\n constraints: {\n directDependenciesOnly?: boolean;\n preferVersionBump?: boolean;\n workspace?: string;\n installMode?: \"standard\" | \"prefer-offline\" | \"deterministic\";\n installPreferOffline?: boolean;\n enforceFrozenLockfile?: boolean;\n };\n}\n\nexport function buildRuntimeTools(ctx: RuntimeToolContext): Record<string, unknown> {\n const tools = {\n \"lookup-cve\": lookupCveTool,\n \"check-inventory\": ctx.checkInventoryToolForRun,\n \"check-version-match\": checkVersionMatchTool,\n \"find-fixed-version\": findFixedVersionTool,\n \"apply-version-bump\": ctx.applyVersionBumpToolForRun,\n } as Record<string, unknown>;\n\n if (!ctx.constraints.directDependenciesOnly && !ctx.constraints.preferVersionBump) {\n tools[\"apply-package-override\"] = ctx.applyPackageOverrideToolForRun;\n }\n\n if (!ctx.constraints.preferVersionBump) {\n tools[\"fetch-package-source\"] = fetchPackageSourceTool;\n tools[\"generate-patch\"] = generatePatchTool;\n tools[\"apply-patch-file\"] = ctx.applyPatchFileToolForRun;\n }\n\n return tools;\n}\n","import type { RemediateOptions } from \"../../platform/types.js\";\nimport { applyPackageOverrideTool } from \"../tools/apply-package-override/index.js\";\nimport { applyPatchFileTool } from \"../tools/apply-patch-file/index.js\";\nimport { applyVersionBumpTool } from \"../tools/apply-version-bump.js\";\nimport { checkInventoryTool } from \"../tools/check-inventory.js\";\nimport { buildRuntimeTools } from \"../runtime-tools.js\";\n\nexport function createRuntimeToolsForRun(options: RemediateOptions) {\n const preview = options.preview ?? false;\n const constraints = options.constraints ?? {};\n const policy = options.policy ?? \"\";\n\n const checkInventoryToolForRun = {\n ...checkInventoryTool,\n execute: async (input: Record<string, unknown>) =>\n (checkInventoryTool as any).execute({\n ...input,\n policy,\n workspace: constraints.workspace,\n }),\n };\n\n const applyVersionBumpToolForRun = {\n ...applyVersionBumpTool,\n execute: async (input: Record<string, unknown>) =>\n (applyVersionBumpTool as any).execute({\n ...input,\n policy,\n installMode: constraints.installMode,\n installPreferOffline: constraints.installPreferOffline,\n enforceFrozenLockfile: constraints.enforceFrozenLockfile,\n workspace: constraints.workspace,\n dryRun: preview ? true : input.dryRun,\n }),\n };\n\n const applyPackageOverrideToolForRun = {\n ...applyPackageOverrideTool,\n execute: async (input: Record<string, unknown>) =>\n (applyPackageOverrideTool as any).execute({\n ...input,\n policy,\n installMode: constraints.installMode,\n installPreferOffline: constraints.installPreferOffline,\n enforceFrozenLockfile: constraints.enforceFrozenLockfile,\n workspace: constraints.workspace,\n dryRun: preview ? true : input.dryRun,\n }),\n };\n\n const applyPatchFileToolForRun = {\n ...applyPatchFileTool,\n execute: async (input: Record<string, unknown>) =>\n (applyPatchFileTool as any).execute({\n ...input,\n policy,\n installMode: constraints.installMode,\n installPreferOffline: constraints.installPreferOffline,\n enforceFrozenLockfile: constraints.enforceFrozenLockfile,\n workspace: constraints.workspace,\n dryRun: preview ? true : input.dryRun,\n }),\n };\n\n return buildRuntimeTools({\n checkInventoryToolForRun,\n applyVersionBumpToolForRun,\n applyPackageOverrideToolForRun,\n applyPatchFileToolForRun,\n constraints,\n });\n}","import { createModel, resolveProvider } from \"../../platform/config.js\";\nimport { detectPackageManager } from \"../../platform/package-manager/index.js\";\nimport type { RemediateOptions } from \"../../platform/types.js\";\nimport { loadOrchestrationPrompt } from \"../orchestration-prompt.js\";\nimport { createProgressEmitter } from \"./progress.js\";\nimport { createRuntimeToolsForRun } from \"./tool-wrappers.js\";\n\nexport { createProgressEmitter, createRuntimeToolsForRun };\n\nexport async function createPipelineRuntime(\n cveId: string,\n options: RemediateOptions\n): Promise<{\n provider: \"remote\" | \"local\";\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n model: Awaited<ReturnType<typeof createModel>>;\n modelName: string;\n prompt: string;\n systemPrompt: string;\n}> {\n const provider = resolveProvider(options);\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const preview = options.preview ?? false;\n const dryRun = (options.dryRun ?? false) || preview;\n const runTests = options.runTests ?? false;\n const policy = options.policy ?? \"\";\n const patchesDir = options.patchesDir || \"./patches\";\n const constraints = options.constraints ?? {};\n\n const prompt = `Patch vulnerable dependencies affected by ${cveId} in the project at: ${cwd}. Package manager: ${packageManager}.`;\n const model = await createModel(options, { inputChars: prompt.length });\n const modelName = model.modelId ?? \"unknown-model\";\n const systemPrompt = loadOrchestrationPrompt({\n cveId,\n cwd,\n llmProvider: provider,\n modelPersonality: options.modelPersonality,\n dryRun,\n runTests,\n policy,\n patchesDir,\n packageManager,\n constraints,\n });\n\n return {\n provider,\n cwd,\n packageManager,\n dryRun,\n model,\n modelName,\n prompt,\n systemPrompt,\n };\n}","import type {\n CorrelationContext,\n ProvenanceContext,\n RemediateOptions,\n RemediationConstraints,\n} from \"../platform/types.js\";\nimport { loadPolicy } from \"../platform/policy.js\";\n\nfunction buildRequestId(): string {\n return `req-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n}\n\nexport function resolveCorrelationContext(options: RemediateOptions): Required<Pick<CorrelationContext, \"requestId\">> & CorrelationContext {\n return {\n requestId: options.requestId ?? buildRequestId(),\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n };\n}\n\nexport function resolveProvenanceContext(options: RemediateOptions): ProvenanceContext {\n return {\n actor: options.actor,\n source: options.source ?? \"sdk\",\n };\n}\n\nexport function resolveConstraints(options: RemediateOptions, cwd: string): RemediationConstraints {\n const policy = loadPolicy(cwd, options.policy);\n return {\n directDependenciesOnly:\n options.constraints?.directDependenciesOnly ??\n policy.constraints?.directDependenciesOnly ??\n false,\n preferVersionBump:\n options.constraints?.preferVersionBump ??\n policy.constraints?.preferVersionBump ??\n false,\n installMode:\n options.constraints?.installMode ??\n policy.constraints?.installMode ??\n \"deterministic\",\n installPreferOffline:\n options.constraints?.installPreferOffline ??\n policy.constraints?.installPreferOffline,\n enforceFrozenLockfile:\n options.constraints?.enforceFrozenLockfile ??\n policy.constraints?.enforceFrozenLockfile,\n workspace:\n options.constraints?.workspace ??\n policy.constraints?.workspace,\n };\n}\n","import { mkdirSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport type { DependencyScopeCounts, PatchStrategyCounts, UnresolvedReasonCounts } from \"./types.js\";\n\nexport interface EvidenceStep {\n at: string;\n action: string;\n input?: Record<string, unknown>;\n output?: Record<string, unknown>;\n error?: string;\n}\n\nexport interface EvidenceSummary {\n status: \"ok\" | \"partial\" | \"failed\";\n cveCount: number;\n remediationCount: number;\n successCount: number;\n failedCount: number;\n patchCount: number;\n patchValidationFailures?: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }>;\n strategyCounts?: PatchStrategyCounts;\n unresolvedByReason?: UnresolvedReasonCounts;\n dependencyScopeCounts?: DependencyScopeCounts;\n patchesDir?: string;\n llmUsageCount?: number;\n estimatedCostUsd?: number;\n totalLlmLatencyMs?: number;\n}\n\nexport interface EvidenceLog {\n runId: string;\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n llmProvider?: \"remote\" | \"local\";\n idempotencyKey?: string;\n cveIds: string[];\n cwd: string;\n startedAt: string;\n finishedAt?: string;\n summary?: EvidenceSummary;\n steps: EvidenceStep[];\n}\n\ninterface EvidenceContext {\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n llmProvider?: \"remote\" | \"local\";\n idempotencyKey?: string;\n}\n\nexport function createEvidenceLog(cwd: string, cveIds: string[], context: EvidenceContext = {}): EvidenceLog {\n return {\n runId: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,\n requestId: context.requestId,\n sessionId: context.sessionId,\n parentRunId: context.parentRunId,\n actor: context.actor,\n source: context.source,\n llmProvider: context.llmProvider,\n idempotencyKey: context.idempotencyKey,\n cveIds,\n cwd,\n startedAt: new Date().toISOString(),\n steps: [],\n };\n}\n\nexport function addEvidenceStep(\n log: EvidenceLog,\n action: string,\n input?: Record<string, unknown>,\n output?: Record<string, unknown>,\n error?: string\n): void {\n log.steps.push({\n at: new Date().toISOString(),\n action,\n input,\n output,\n error,\n });\n}\n\nexport function finalizeEvidence(log: EvidenceLog): EvidenceLog {\n log.finishedAt = new Date().toISOString();\n return log;\n}\n\nexport function writeEvidenceLog(cwd: string, log: EvidenceLog): string {\n const dir = join(cwd, \".autoremediator\", \"evidence\");\n mkdirSync(dir, { recursive: true });\n const filePath = join(dir, `${log.runId}.json`);\n writeFileSync(filePath, JSON.stringify(log, null, 2) + \"\\n\", \"utf8\");\n return filePath;\n}\n","import type { RemediateOptions, RemediationReport } from \"../platform/types.js\";\nimport {\n addEvidenceStep,\n createEvidenceLog,\n finalizeEvidence,\n type EvidenceLog,\n writeEvidenceLog,\n} from \"../platform/evidence.js\";\n\nexport function createRemediateEvidence(params: {\n cwd: string;\n cveId: string;\n options: RemediateOptions;\n llmProvider: \"remote\" | \"local\";\n correlation: { requestId?: string; sessionId?: string; parentRunId?: string };\n provenance: { actor?: string; source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\" };\n}): EvidenceLog | undefined {\n if (params.options.evidence === false) {\n return undefined;\n }\n\n return createEvidenceLog(params.cwd, [params.cveId], {\n ...params.correlation,\n actor: params.provenance.actor,\n source: params.provenance.source,\n llmProvider: params.llmProvider,\n idempotencyKey: params.options.idempotencyKey,\n });\n}\n\nexport function addRemediateStartStep(params: {\n evidence: EvidenceLog | undefined;\n cveId: string;\n options: RemediateOptions;\n llmProvider: \"remote\" | \"local\";\n constraints: { directDependenciesOnly?: boolean; preferVersionBump?: boolean };\n}): void {\n if (!params.evidence) {\n return;\n }\n\n addEvidenceStep(\n params.evidence,\n \"remediate.start\",\n {\n cveId: params.cveId,\n dryRun: Boolean(params.options.dryRun),\n preview: Boolean(params.options.preview),\n llmProvider: params.llmProvider,\n },\n {\n directDependenciesOnly: Boolean(params.constraints.directDependenciesOnly),\n preferVersionBump: Boolean(params.constraints.preferVersionBump),\n }\n );\n}\n\nexport function addRemediateResultSteps(\n evidence: EvidenceLog | undefined,\n cveId: string,\n report: RemediationReport\n): void {\n if (!evidence) {\n return;\n }\n\n for (const result of report.results) {\n addEvidenceStep(\n evidence,\n \"remediate.package-result\",\n {\n packageName: result.packageName,\n strategy: result.strategy,\n fromVersion: result.fromVersion,\n toVersion: result.toVersion,\n },\n {\n applied: result.applied,\n dryRun: result.dryRun,\n unresolvedReason: result.unresolvedReason,\n reachability: result.reachability?.status,\n hasAlternatives: Boolean(result.alternativeSuggestions?.length),\n }\n );\n }\n\n addEvidenceStep(\n evidence,\n \"remediate.finish\",\n { cveId },\n {\n resultCount: report.results.length,\n vulnerableCount: report.vulnerablePackages.length,\n llmUsage: report.llmUsage,\n }\n );\n finalizeEvidence(evidence);\n}\n\nexport function addRemediateErrorStep(\n evidence: EvidenceLog | undefined,\n cveId: string,\n error: unknown\n): void {\n if (!evidence) {\n return;\n }\n\n const message = error instanceof Error ? error.message : String(error);\n addEvidenceStep(evidence, \"remediate.error\", { cveId }, undefined, message);\n finalizeEvidence(evidence);\n}\n\nexport function addRemediateResumeStep(evidence: EvidenceLog | undefined, cveId: string): void {\n if (!evidence) {\n return;\n }\n addEvidenceStep(evidence, \"remediate.resume-cache\", { cveId });\n finalizeEvidence(evidence);\n}\n\nexport function writeRemediateEvidence(cwd: string, evidence: EvidenceLog | undefined): string | undefined {\n return evidence ? writeEvidenceLog(cwd, evidence) : undefined;\n}\n","export function assertValidCveId(cveId: string): void {\n if (!/^CVE-\\d{4}-\\d+$/i.test(cveId)) {\n throw new Error(\n `Invalid CVE ID: \"${cveId}\". Expected format: CVE-YYYY-NNNNN (e.g. CVE-2021-23337).`\n );\n }\n}","import { resolveProvider } from \"../../platform/config.js\";\nimport { readIdempotentReport, storeIdempotentReport } from \"../../platform/idempotency.js\";\nimport type { RemediateOptions, RemediationReport } from \"../../platform/types.js\";\nimport { runRemediationPipeline } from \"../../remediation/pipeline.js\";\nimport { resolveConstraints, resolveCorrelationContext, resolveProvenanceContext } from \"../context.js\";\nimport {\n addRemediateErrorStep,\n addRemediateResultSteps,\n addRemediateResumeStep,\n addRemediateStartStep,\n createRemediateEvidence,\n writeRemediateEvidence,\n} from \"../remediate.evidence.js\";\nimport { assertValidCveId } from \"./validators.js\";\n\nexport async function remediate(cveId: string, options: RemediateOptions = {}): Promise<RemediationReport> {\n assertValidCveId(cveId);\n\n const normalizedCveId = cveId.toUpperCase();\n const cwd = options.cwd ?? process.cwd();\n const constraints = resolveConstraints(options, cwd);\n const provenance = resolveProvenanceContext(options);\n const correlation = resolveCorrelationContext(options);\n const llmProvider = resolveProvider(options);\n const evidence = createRemediateEvidence({\n cwd,\n cveId: normalizedCveId,\n options,\n llmProvider,\n correlation,\n provenance,\n });\n\n if (options.resume && options.idempotencyKey) {\n const cached = readIdempotentReport(cwd, options.idempotencyKey, normalizedCveId);\n if (cached) {\n addRemediateResumeStep(evidence, normalizedCveId);\n const evidenceFile = writeRemediateEvidence(cwd, evidence);\n return {\n ...cached,\n summary: `${cached.summary} (resumed from idempotency cache)`,\n evidenceFile,\n correlation,\n provenance,\n constraints,\n resumedFromCache: true,\n };\n }\n }\n\n addRemediateStartStep({\n evidence,\n cveId: normalizedCveId,\n options,\n llmProvider,\n constraints,\n });\n\n let report: RemediationReport;\n try {\n report = await runRemediationPipeline(normalizedCveId, {\n ...options,\n ...correlation,\n constraints,\n });\n } catch (error) {\n addRemediateErrorStep(evidence, normalizedCveId, error);\n writeRemediateEvidence(cwd, evidence);\n throw error;\n }\n\n addRemediateResultSteps(evidence, normalizedCveId, report);\n\n const evidenceFile = writeRemediateEvidence(cwd, evidence);\n\n const finalReport: RemediationReport = {\n ...report,\n evidenceFile,\n correlation,\n provenance,\n constraints,\n resumedFromCache: false,\n };\n\n if (options.idempotencyKey && !options.dryRun && !options.preview) {\n storeIdempotentReport(cwd, options.idempotencyKey, normalizedCveId, finalReport);\n }\n\n return finalReport;\n}\n\nexport async function planRemediation(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n return remediate(cveId, {\n ...options,\n preview: true,\n dryRun: true,\n });\n}","import { extname } from \"node:path\";\nimport { readFileSync } from \"node:fs\";\nimport { execa } from \"execa\";\nimport { parseNpmAuditJsonFile, type NormalizedFinding } from \"./adapters/npm-audit.js\";\nimport { parseNpmAuditJsonFromString } from \"./adapters/npm-audit.js\";\nimport { parseYarnAuditJsonFile } from \"./adapters/yarn-audit.js\";\nimport { parseYarnAuditJsonFromString } from \"./adapters/yarn-audit.js\";\nimport { parseSarifFile } from \"./adapters/sarif.js\";\nimport type { ScanInputFormat } from \"./index.js\";\nimport { detectPackageManager, resolveAuditCommand, type PackageManager } from \"../platform/package-manager/index.js\";\n\nexport function parseScanInput(filePath: string, format: ScanInputFormat): NormalizedFinding[] {\n const resolved = format === \"auto\" ? inferFormat(filePath) : format;\n\n if (resolved === \"npm-audit\") {\n return parseNpmAuditJsonFile(filePath);\n }\n if (resolved === \"yarn-audit\") {\n return parseYarnAuditJsonFile(filePath);\n }\n if (resolved === \"sarif\") {\n return parseSarifFile(filePath);\n }\n\n throw new Error(`Unsupported input format: ${resolved}`);\n}\n\nexport async function parseScanInputFromAudit(params: {\n cwd: string;\n packageManager?: PackageManager;\n format: ScanInputFormat;\n workspace?: string;\n}): Promise<NormalizedFinding[]> {\n const pm = params.packageManager ?? detectPackageManager(params.cwd);\n const resolved = params.format === \"auto\" ? defaultAuditFormat(pm) : params.format;\n\n ensureAuditFormatCompatibility(pm, resolved);\n\n if (resolved === \"sarif\") {\n throw new Error(\"SARIF format is not supported with --audit mode.\");\n }\n\n const command = resolveAuditCommand(pm, { workspace: params.workspace });\n const [cmd, ...args] = command;\n\n const result = await execa(cmd, args, {\n cwd: params.cwd,\n stdio: \"pipe\",\n reject: false,\n });\n\n const output = [result.stdout, result.stderr].filter(Boolean).join(\"\\n\");\n if (!output.trim()) {\n throw new Error(`No audit output received from ${command.join(\" \")}.`);\n }\n\n try {\n const findings =\n resolved === \"yarn-audit\"\n ? parseYarnAuditJsonFromString(output)\n : parseNpmAuditJsonFromString(output);\n\n if ((result.exitCode ?? 0) !== 0 && findings.length === 0) {\n throw new Error(\"audit command returned non-zero exit without parseable findings\");\n }\n\n return findings;\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n const exit = (result.exitCode ?? 0) !== 0 ? ` (exit code ${result.exitCode})` : \"\";\n throw new Error(\n `Failed to parse output from ${command.join(\" \")}${exit} as ${resolved}: ${message}`\n );\n }\n}\n\nfunction defaultAuditFormat(pm: PackageManager): Exclude<ScanInputFormat, \"auto\" | \"sarif\"> {\n return pm === \"yarn\" ? \"yarn-audit\" : \"npm-audit\";\n}\n\nfunction ensureAuditFormatCompatibility(\n pm: PackageManager,\n resolved: Exclude<ScanInputFormat, \"auto\">\n): void {\n if (resolved === \"sarif\") return;\n\n if (pm === \"yarn\" && resolved !== \"yarn-audit\") {\n throw new Error('Format \"npm-audit\" is not supported with package manager \"yarn\" in --audit mode. Use --format yarn-audit or --format auto.');\n }\n\n if (pm !== \"yarn\" && resolved !== \"npm-audit\") {\n throw new Error(`Format \"${resolved}\" is not supported with package manager \"${pm}\" in --audit mode. Use --format npm-audit or --format auto.`);\n }\n}\n\nfunction inferFormat(filePath: string): Exclude<ScanInputFormat, \"auto\"> {\n const ext = extname(filePath).toLowerCase();\n if (ext === \".sarif\") return \"sarif\";\n\n try {\n const content = readFileSync(filePath, \"utf8\");\n const firstLine = content.split(\"\\n\").find((line) => line.trim().startsWith(\"{\"));\n if (firstLine) {\n const parsed = JSON.parse(firstLine) as { type?: string };\n if (parsed.type === \"auditAdvisory\" || parsed.type === \"auditSummary\") {\n return \"yarn-audit\";\n }\n }\n } catch {\n // Ignore parse failures and fall back to npm-audit.\n }\n\n return \"npm-audit\";\n}\n","import { readFileSync } from \"node:fs\";\n\nexport interface NormalizedFinding {\n cveId: string;\n source: \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n packageName?: string;\n severity?: \"LOW\" | \"MEDIUM\" | \"HIGH\" | \"CRITICAL\" | \"UNKNOWN\";\n}\n\ninterface NpmAuditVulnerability {\n name: string;\n via: Array<string | { source?: number; name?: string; url?: string; severity?: string; cwe?: string[]; cvss?: { score?: number } }>;\n severity?: string;\n}\n\ninterface NpmAuditReport {\n vulnerabilities?: Record<string, NpmAuditVulnerability>;\n}\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction normalizeSeverity(raw?: string): NormalizedFinding[\"severity\"] {\n if (!raw) return \"UNKNOWN\";\n const up = raw.toUpperCase();\n if (up === \"CRITICAL\" || up === \"HIGH\" || up === \"MEDIUM\" || up === \"LOW\") {\n return up;\n }\n return \"UNKNOWN\";\n}\n\nexport function parseNpmAuditJsonFromString(content: string): NormalizedFinding[] {\n const report = JSON.parse(content) as NpmAuditReport;\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n for (const vuln of Object.values(report.vulnerabilities ?? {})) {\n for (const viaEntry of vuln.via ?? []) {\n const text = typeof viaEntry === \"string\" ? viaEntry : `${viaEntry.url ?? \"\"} ${viaEntry.name ?? \"\"}`;\n const matches = text.match(CVE_REGEX) ?? [];\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const key = `${cveId}:${vuln.name}`;\n if (seen.has(key)) continue;\n seen.add(key);\n findings.push({\n cveId,\n source: \"npm-audit\",\n packageName: vuln.name,\n severity: normalizeSeverity(vuln.severity),\n });\n }\n }\n }\n\n return findings;\n}\n\nexport function parseNpmAuditJsonFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseNpmAuditJsonFromString(content);\n}\n","import { readFileSync } from \"node:fs\";\nimport type { NormalizedFinding } from \"./npm-audit.js\";\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction normalizeSeverity(raw?: string): NormalizedFinding[\"severity\"] {\n if (!raw) return \"UNKNOWN\";\n const up = raw.toUpperCase();\n if (up === \"CRITICAL\" || up === \"HIGH\" || up === \"MEDIUM\" || up === \"LOW\") {\n return up;\n }\n return \"UNKNOWN\";\n}\n\nexport function parseYarnAuditJsonFromString(content: string): NormalizedFinding[] {\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n const lines = content\n .split(\"\\n\")\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n let parsed: unknown;\n try {\n parsed = JSON.parse(line);\n } catch {\n continue;\n }\n\n const event = parsed as {\n type?: string;\n data?: {\n advisory?: {\n module_name?: string;\n severity?: string;\n url?: string;\n cves?: string[];\n };\n };\n };\n\n if (event.type !== \"auditAdvisory\") continue;\n\n const advisory = event.data?.advisory;\n const packageName = advisory?.module_name;\n const severity = normalizeSeverity(advisory?.severity);\n\n const text = `${advisory?.url ?? \"\"} ${(advisory?.cves ?? []).join(\" \")}`;\n const matches = text.match(CVE_REGEX) ?? [];\n\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const key = `${cveId}:${packageName ?? \"\"}`;\n if (seen.has(key)) continue;\n seen.add(key);\n\n findings.push({\n cveId,\n source: \"yarn-audit\",\n packageName,\n severity,\n });\n }\n }\n\n return findings;\n}\n\nexport function parseYarnAuditJsonFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseYarnAuditJsonFromString(content);\n}\n","import { readFileSync } from \"node:fs\";\nimport type { NormalizedFinding } from \"./npm-audit.js\";\n\ninterface SarifResult {\n ruleId?: string;\n message?: { text?: string };\n properties?: Record<string, unknown>;\n}\n\ninterface SarifRun {\n results?: SarifResult[];\n}\n\ninterface SarifReport {\n runs?: SarifRun[];\n}\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction extractPackageName(result: SarifResult): string | undefined {\n const pkg = result.properties?.[\"packageName\"];\n return typeof pkg === \"string\" ? pkg : undefined;\n}\n\nexport function parseSarifFromString(content: string): NormalizedFinding[] {\n const report = JSON.parse(content) as SarifReport;\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n for (const run of report.runs ?? []) {\n for (const result of run.results ?? []) {\n const combined = `${result.ruleId ?? \"\"} ${result.message?.text ?? \"\"}`;\n const matches = combined.match(CVE_REGEX) ?? [];\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const pkg = extractPackageName(result);\n const key = `${cveId}:${pkg ?? \"\"}`;\n if (seen.has(key)) continue;\n seen.add(key);\n findings.push({\n cveId,\n source: \"sarif\",\n packageName: pkg,\n severity: \"UNKNOWN\",\n });\n }\n }\n }\n\n return findings;\n}\n\nexport function parseSarifFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseSarifFromString(content);\n}\n","import type { NormalizedFinding } from \"./adapters/npm-audit.js\";\n\nexport function uniqueCveIds(findings: NormalizedFinding[]): string[] {\n return [...new Set(findings.map((f) => f.cveId.toUpperCase()))];\n}\n","import type { RemediationReport } from \"../platform/types.js\";\nimport type { ProvenanceContext } from \"../platform/types.js\";\nimport { addEvidenceStep } from \"../platform/evidence.js\";\nimport type { EvidenceLog } from \"../platform/evidence.js\";\nimport { isPackageAllowed } from \"../platform/policy.js\";\nimport type { AutoremediatorPolicy } from \"../platform/policy.js\";\nimport type { ScanOptions } from \"./contracts.js\";\nimport { remediate } from \"./remediate/index.js\";\n\nexport interface ScanExecutionResult {\n reports: RemediationReport[];\n errors: Array<{ cveId: string; message: string }>;\n patchCount: number;\n patchValidationFailures: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }>;\n}\n\nexport async function executeScanRemediations(params: {\n cveIds: string[];\n options: ScanOptions;\n patchesDir: string;\n policy: AutoremediatorPolicy;\n correlation: { requestId: string; sessionId?: string; parentRunId?: string };\n provenance: ProvenanceContext;\n constraints: { directDependenciesOnly?: boolean; preferVersionBump?: boolean };\n evidence: EvidenceLog;\n}): Promise<ScanExecutionResult> {\n const reports: RemediationReport[] = [];\n const errors: Array<{ cveId: string; message: string }> = [];\n const patchValidationFailures: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }> = [];\n let patchCount = 0;\n\n for (const cveId of params.cveIds) {\n try {\n addEvidenceStep(params.evidence, \"remediate.start\", { cveId });\n const report = await remediate(cveId, {\n ...params.options,\n patchesDir: params.patchesDir,\n evidence: false,\n ...params.correlation,\n actor: params.provenance.actor,\n source: params.provenance.source,\n constraints: params.constraints,\n });\n\n report.results = report.results.filter((result) => isPackageAllowed(params.policy, result.packageName));\n\n for (const result of report.results) {\n if (result.strategy === \"patch-file\") {\n patchCount += 1;\n }\n if (result.validation?.passed === false && result.validation?.error) {\n patchValidationFailures.push({\n packageName: result.packageName,\n cveId,\n error: result.validation.error,\n });\n }\n }\n\n reports.push(report);\n addEvidenceStep(params.evidence, \"remediate.finish\", { cveId }, { results: report.results.length });\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n errors.push({ cveId, message });\n addEvidenceStep(params.evidence, \"remediate.error\", { cveId }, undefined, message);\n }\n }\n\n return {\n reports,\n errors,\n patchCount,\n patchValidationFailures,\n };\n}","import type { RemediationReport } from \"../platform/types.js\";\nimport type { ScanReport } from \"./contracts.js\";\nimport {\n buildDependencyScopeCounts,\n buildStrategyCounts,\n buildUnresolvedReasonCounts,\n} from \"./reporting.js\";\n\nexport interface ScanOutcome {\n status: ScanReport[\"status\"];\n successCount: number;\n failedCount: number;\n strategyCounts: ReturnType<typeof buildStrategyCounts>;\n dependencyScopeCounts: ReturnType<typeof buildDependencyScopeCounts>;\n unresolvedByReason: ReturnType<typeof buildUnresolvedReasonCounts>;\n remediationCount: number;\n}\n\nexport function buildScanOutcome(params: {\n reports: RemediationReport[];\n errors: Array<{ cveId: string; message: string }>;\n}): ScanOutcome {\n let successCount = 0;\n let failedCount = 0;\n for (const report of params.reports) {\n for (const result of report.results) {\n if (result.applied || result.dryRun) {\n successCount += 1;\n } else {\n failedCount += 1;\n }\n }\n }\n\n failedCount += params.errors.length;\n\n let status: ScanReport[\"status\"] = \"ok\";\n if (failedCount > 0 && successCount > 0) {\n status = \"partial\";\n } else if (failedCount > 0 && successCount === 0) {\n status = \"failed\";\n }\n\n const strategyCounts = buildStrategyCounts(params.reports);\n const dependencyScopeCounts = buildDependencyScopeCounts(params.reports);\n const unresolvedByReason = buildUnresolvedReasonCounts(params.reports);\n const remediationCount = params.reports.reduce((sum, report) => sum + report.results.length, 0);\n\n return {\n status,\n successCount,\n failedCount,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n remediationCount,\n };\n}","import type { RemediationReport } from \"../../platform/types.js\";\n\nexport interface ScanLlmUsageTotals {\n llmUsageCount: number;\n estimatedCostUsd?: number;\n totalLlmLatencyMs?: number;\n}\n\nexport function aggregateScanLlmUsage(reports: RemediationReport[]): ScanLlmUsageTotals {\n let llmUsageCount = 0;\n let estimatedCostUsd = 0;\n let totalLlmLatencyMs = 0;\n\n for (const report of reports) {\n for (const usage of report.llmUsage ?? []) {\n llmUsageCount += 1;\n estimatedCostUsd += usage.estimatedCostUsd ?? 0;\n totalLlmLatencyMs += usage.latencyMs ?? 0;\n }\n }\n\n return {\n llmUsageCount,\n estimatedCostUsd: llmUsageCount > 0 ? Number(estimatedCostUsd.toFixed(6)) : undefined,\n totalLlmLatencyMs: llmUsageCount > 0 ? totalLlmLatencyMs : undefined,\n };\n}","import type { RemediationReport } from \"../../platform/types.js\";\nimport { resolveProvider } from \"../../platform/config.js\";\nimport { addEvidenceStep, createEvidenceLog, finalizeEvidence, writeEvidenceLog } from \"../../platform/evidence.js\";\nimport { loadPolicy } from \"../../platform/policy.js\";\nimport { parseScanInput, parseScanInputFromAudit, uniqueCveIds } from \"../../scanner/index.js\";\nimport type { ScanOptions, ScanReport } from \"../contracts.js\";\nimport { resolveConstraints, resolveCorrelationContext, resolveProvenanceContext } from \"../context.js\";\nimport { executeScanRemediations } from \"../scan-execution.js\";\nimport { buildScanOutcome } from \"../scan-outcome.js\";\nimport { aggregateScanLlmUsage } from \"./report-metrics.js\";\n\nexport async function remediateFromScan(\n inputPath: string,\n options: ScanOptions = {}\n): Promise<ScanReport> {\n const cwd = options.cwd ?? process.cwd();\n\n const policy = loadPolicy(cwd, options.policy);\n const format = options.format ?? \"auto\";\n const patchesDir = options.patchesDir ?? \"./patches\";\n const audit = options.audit ?? false;\n const workspace = options.constraints?.workspace ?? policy.constraints?.workspace;\n\n const findings = audit\n ? await parseScanInputFromAudit({\n cwd,\n packageManager: options.packageManager,\n format,\n workspace,\n })\n : parseScanInput(inputPath, format);\n const cveIds = uniqueCveIds(findings);\n const llmProvider = resolveProvider(options);\n const correlation = resolveCorrelationContext(options);\n const provenance = resolveProvenanceContext(options);\n const constraints = resolveConstraints(options, cwd);\n\n const evidence = createEvidenceLog(cwd, cveIds, {\n ...correlation,\n actor: provenance.actor,\n source: provenance.source,\n llmProvider,\n idempotencyKey: options.idempotencyKey,\n });\n addEvidenceStep(\n evidence,\n \"scan.parse\",\n { inputPath, format, audit },\n { findingCount: findings.length, cveCount: cveIds.length }\n );\n\n const execution = await executeScanRemediations({\n cveIds,\n options,\n patchesDir,\n policy,\n correlation,\n provenance,\n constraints,\n evidence,\n });\n const reports: RemediationReport[] = execution.reports;\n const { errors, patchCount, patchValidationFailures } = execution;\n\n const llmUsageTotals = aggregateScanLlmUsage(reports);\n const outcome = buildScanOutcome({ reports, errors });\n const {\n status,\n successCount,\n failedCount,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n remediationCount,\n } = outcome;\n\n evidence.summary = {\n status,\n cveCount: cveIds.length,\n remediationCount,\n successCount,\n failedCount,\n patchCount,\n patchValidationFailures: patchValidationFailures.length > 0 ? patchValidationFailures : undefined,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n patchesDir: patchCount > 0 ? patchesDir : undefined,\n llmUsageCount: llmUsageTotals.llmUsageCount > 0 ? llmUsageTotals.llmUsageCount : undefined,\n estimatedCostUsd: llmUsageTotals.estimatedCostUsd,\n totalLlmLatencyMs: llmUsageTotals.totalLlmLatencyMs,\n };\n\n finalizeEvidence(evidence);\n const evidenceFile = options.evidence === false ? undefined : writeEvidenceLog(cwd, evidence);\n\n return {\n schemaVersion: \"1.0\",\n status,\n generatedAt: new Date().toISOString(),\n cveIds,\n reports,\n successCount,\n failedCount,\n errors,\n evidenceFile,\n patchCount,\n patchValidationFailures: patchValidationFailures.length > 0 ? patchValidationFailures : undefined,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n patchesDir: patchCount > 0 ? patchesDir : undefined,\n correlation,\n provenance,\n constraints,\n idempotencyKey: options.idempotencyKey,\n llmUsageCount: llmUsageTotals.llmUsageCount > 0 ? llmUsageTotals.llmUsageCount : undefined,\n estimatedCostUsd: llmUsageTotals.estimatedCostUsd,\n totalLlmLatencyMs: llmUsageTotals.totalLlmLatencyMs,\n };\n}"],"mappings":";AAEO,IAAM,yBAAyB,CAAC,OAAO,QAAQ,MAAM;AACrD,IAAM,sBAAsB,CAAC,UAAU,OAAO;AAC9C,IAAM,2BAA2B,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS;AAE3E,IAAM,sBAAsB;AAAA,EACjC,OAAO;AAAA,EACP,WAAW;AAAA,EACX,KAAK;AAAA,EACL,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,UAAU;AAAA,EACV,aAAa;AAAA,EACb,OAAO;AAAA,EACP,kBAAkB;AAAA,EAClB,uBAAuB;AAAA,EACvB,6BAA6B;AAAA,EAC7B,mBAAmB;AAAA,EACnB,gBAAgB;AAAA,EAChB,6BAA6B;AAAA,EAC7B,gCAAgC;AAAA,EAChC,8BAA8B;AAAA,EAC9B,qBAAqB;AAAA,EACrB,8BAA8B;AAAA,EAC9B,YAAY;AAAA,EACZ,QAAQ;AAAA,EACR,WAAW;AAAA,EACX,WAAW;AAAA,EACX,aAAa;AAAA,EACb,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,UAAU;AAAA,EACV,wBAAwB;AAAA,EACxB,mBAAmB;AAAA,EACnB,aAAa;AAAA,EACb,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,WAAW;AACb;AAEO,SAAS,mCAAuE;AACrF,SAAO;AAAA,IACL,wBAAwB,EAAE,MAAM,WAAW,aAAa,oBAAoB,uBAAuB;AAAA,IACnG,mBAAmB,EAAE,MAAM,WAAW,aAAa,oBAAoB,kBAAkB;AAAA,IACzF,aAAa;AAAA,MACX,MAAM;AAAA,MACN,MAAM,CAAC,iBAAiB,kBAAkB,UAAU;AAAA,MACpD,aAAa,oBAAoB;AAAA,IACnC;AAAA,IACA,sBAAsB,EAAE,MAAM,WAAW,aAAa,oBAAoB,qBAAqB;AAAA,IAC/F,uBAAuB,EAAE,MAAM,WAAW,aAAa,oBAAoB,sBAAsB;AAAA,IACjG,WAAW,EAAE,MAAM,UAAU,aAAa,oBAAoB,UAAU;AAAA,EAC1E;AACF;AAEO,SAAS,sCAAsC,SAIf;AACrC,QAAM,gBAAgB,SAAS,iBAAiB;AAChD,QAAM,iBAAiB,SAAS,kBAAkB;AAClD,QAAM,kBAAkB,SAAS,mBAAmB;AAEpD,SAAO;AAAA,IACL,KAAK,EAAE,MAAM,UAAU,aAAa,oBAAoB,IAAI;AAAA,IAC5D,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,sBAAsB,GAAG,aAAa,oBAAoB,eAAe;AAAA,IACrH,GAAI,gBAAgB,EAAE,QAAQ,EAAE,MAAM,WAAW,aAAa,oBAAoB,OAAO,EAAE,IAAI,CAAC;AAAA,IAChG,GAAI,iBAAiB,EAAE,SAAS,EAAE,MAAM,WAAW,aAAa,oBAAoB,QAAQ,EAAE,IAAI,CAAC;AAAA,IACnG,UAAU,EAAE,MAAM,WAAW,aAAa,oBAAoB,SAAS;AAAA,IACvE,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,mBAAmB,GAAG,aAAa,oBAAoB,YAAY;AAAA,IAC5G,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,IAChE,kBAAkB,EAAE,MAAM,UAAU,MAAM,CAAC,cAAc,aAAa,UAAU,GAAG,aAAa,oBAAoB,iBAAiB;AAAA,IACrI,uBAAuB,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,SAAS,GAAG,aAAa,oBAAoB,sBAAsB;AAAA,IAC7H,6BAA6B,EAAE,MAAM,WAAW,aAAa,oBAAoB,4BAA4B;AAAA,IAC7G,mBAAmB,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,mBAAmB,GAAG,aAAa,oBAAoB,kBAAkB;AAAA,IACxH,gBAAgB,EAAE,MAAM,UAAU,aAAa,oBAAoB,eAAe;AAAA,IAClF,2BAA2B;AAAA,MACzB,MAAM;AAAA,MACN,YAAY;AAAA,QACV,KAAK,EAAE,MAAM,UAAU,SAAS,GAAG,SAAS,GAAG,aAAa,oBAAoB,4BAA4B;AAAA,QAC5G,QAAQ,EAAE,MAAM,UAAU,SAAS,GAAG,SAAS,GAAG,aAAa,oBAAoB,+BAA+B;AAAA,QAClH,MAAM,EAAE,MAAM,UAAU,SAAS,GAAG,SAAS,GAAG,aAAa,oBAAoB,6BAA6B;AAAA,MAChH;AAAA,IACF;AAAA,IACA,qBAAqB,EAAE,MAAM,WAAW,aAAa,oBAAoB,oBAAoB;AAAA,IAC7F,8BAA8B,EAAE,MAAM,UAAU,aAAa,oBAAoB,6BAA6B;AAAA,IAC9G,YAAY,EAAE,MAAM,UAAU,aAAa,oBAAoB,WAAW;AAAA,IAC1E,QAAQ,EAAE,MAAM,UAAU,aAAa,oBAAoB,OAAO;AAAA,IAClE,GAAI,kBAAkB,EAAE,UAAU,EAAE,MAAM,WAAW,aAAa,oBAAoB,SAAS,EAAE,IAAI,CAAC;AAAA,IACtG,WAAW,EAAE,MAAM,UAAU,aAAa,oBAAoB,UAAU;AAAA,IACxE,WAAW,EAAE,MAAM,UAAU,aAAa,oBAAoB,UAAU;AAAA,IACxE,aAAa,EAAE,MAAM,UAAU,aAAa,oBAAoB,YAAY;AAAA,IAC5E,gBAAgB,EAAE,MAAM,UAAU,aAAa,oBAAoB,eAAe;AAAA,IAClF,QAAQ,EAAE,MAAM,WAAW,aAAa,oBAAoB,OAAO;AAAA,IACnE,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,IAChE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,wBAAwB,GAAG,aAAa,oBAAoB,OAAO;AAAA,IACvG,aAAa;AAAA,MACX,MAAM;AAAA,MACN,YAAY,iCAAiC;AAAA,IAC/C;AAAA,EACF;AACF;AAEO,SAAS,mCAAuE;AACrF,SAAO;AAAA,IACL,GAAG,sCAAsC,EAAE,iBAAiB,KAAK,CAAC;AAAA,IAClE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,aAAa,cAAc,SAAS,MAAM,GAAG,aAAa,oBAAoB,OAAO;AAAA,IACtH,OAAO,EAAE,MAAM,WAAW,aAAa,oBAAoB,MAAM;AAAA,EACnE;AACF;AAEO,SAAS,mCAAuE;AACrF,SAAO;AAAA,IACL,eAAe,EAAE,MAAM,SAAS;AAAA,IAChC,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,MAAM,WAAW,QAAQ,EAAE;AAAA,IAC5D,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACnD,SAAS,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACpD,cAAc,EAAE,MAAM,SAAS;AAAA,IAC/B,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACnD,cAAc,EAAE,MAAM,SAAS;AAAA,IAC/B,YAAY,EAAE,MAAM,SAAS;AAAA,IAC7B,yBAAyB,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACpE,gBAAgB;AAAA,MACd,MAAM;AAAA,MACN,sBAAsB,EAAE,MAAM,SAAS;AAAA,IACzC;AAAA,IACA,uBAAuB;AAAA,MACrB,MAAM;AAAA,MACN,sBAAsB,EAAE,MAAM,SAAS;AAAA,IACzC;AAAA,IACA,oBAAoB;AAAA,MAClB,MAAM;AAAA,MACN,sBAAsB,EAAE,MAAM,SAAS;AAAA,IACzC;AAAA,IACA,YAAY,EAAE,MAAM,SAAS;AAAA,IAC7B,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,YAAY,EAAE,MAAM,SAAS;AAAA,IAC7B,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,IACjC,eAAe,EAAE,MAAM,SAAS;AAAA,IAChC,kBAAkB,EAAE,MAAM,SAAS;AAAA,IACnC,mBAAmB,EAAE,MAAM,SAAS;AAAA,EACtC;AACF;;;AC/IO,SAAS,oBAAoB,SAA+D;AACjG,QAAM,SAA8B,CAAC;AAErC,aAAW,UAAU,SAAS;AAC5B,eAAW,UAAU,OAAO,SAAS;AACnC,aAAO,OAAO,QAAQ,KAAK,OAAO,OAAO,QAAQ,KAAK,KAAK;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,SAAS;AACnD;AAEA,SAAS,kBAAkB,eAAuD;AAChF,SAAO,kBAAkB,WAAW,WAAW;AACjD;AAEO,SAAS,2BAA2B,SAAiE;AAC1G,QAAM,SAAgC,CAAC;AAEvC,aAAW,UAAU,SAAS;AAC5B,UAAM,gBAAgB,oBAAI,IAA6B;AAEvD,eAAW,qBAAqB,OAAO,oBAAoB;AACzD,YAAM,QAAQ,kBAAkB,kBAAkB,UAAU,IAAI;AAChE,YAAM,UAAU,cAAc,IAAI,kBAAkB,UAAU,IAAI;AAClE,UAAI,CAAC,WAAW,YAAY,UAAU;AACpC,sBAAc,IAAI,kBAAkB,UAAU,MAAM,KAAK;AAAA,MAC3D;AAAA,IACF;AAEA,eAAW,UAAU,OAAO,SAAS;AACnC,YAAM,QAAQ,cAAc,IAAI,OAAO,WAAW;AAClD,UAAI,CAAC,MAAO;AACZ,aAAO,KAAK,KAAK,OAAO,KAAK,KAAK,KAAK;AAAA,IACzC;AAAA,EACF;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,SAAS;AACnD;AAEO,SAAS,4BAA4B,SAAkE;AAC5G,QAAM,SAAiC,CAAC;AAExC,aAAW,UAAU,SAAS;AAC5B,eAAW,UAAU,OAAO,SAAS;AACnC,UAAI,CAAC,OAAO,iBAAkB;AAC9B,aAAO,OAAO,gBAAgB,KAAK,OAAO,OAAO,gBAAgB,KAAK,KAAK;AAAA,IAC7E;AAAA,EACF;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,SAAS;AACnD;AAEO,SAAS,YAAY,QAA+B;AACzD,MAAI,mBAAmB;AACvB,aAAW,aAAa,OAAO,SAAS;AACtC,wBAAoB,UAAU,QAAQ;AAAA,EACxC;AAEA,SAAO;AAAA,IACL,eAAe,OAAO;AAAA,IACtB,QAAQ,OAAO;AAAA,IACf,aAAa,OAAO;AAAA,IACpB,UAAU,OAAO,OAAO;AAAA,IACxB;AAAA,IACA,cAAc,OAAO;AAAA,IACrB,aAAa,OAAO;AAAA,IACpB,QAAQ,OAAO;AAAA,IACf,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,cAAc;AAAA,IACjC,yBAAyB,OAAO;AAAA,IAChC,gBAAgB,OAAO;AAAA,IACvB,uBAAuB,OAAO;AAAA,IAC9B,oBAAoB,OAAO;AAAA,IAC3B,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,IACpB,gBAAgB,OAAO;AAAA,IACvB,eAAe,OAAO;AAAA,IACtB,kBAAkB,OAAO;AAAA,IACzB,mBAAmB,OAAO;AAAA,EAC5B;AACF;AAEO,SAAS,WAAW,SAA4B;AACrD,SAAO,QAAQ,cAAc,IAAI,IAAI;AACvC;;;ACxDA,SAAS,qBAAqB,UAA8B;AAC1D,MAAI,aAAa,cAAc,aAAa,OAAQ,QAAO;AAC3D,MAAI,aAAa,SAAU,QAAO;AAClC,MAAI,aAAa,MAAO,QAAO;AAC/B,SAAO;AACT;AAEO,SAAS,cAAc,QAAiC;AAC7D,QAAM,QAAqB,CAAC;AAC5B,QAAM,UAAyB,CAAC;AAChC,QAAM,YAAY,oBAAI,IAAY;AAElC,aAAW,aAAa,OAAO,SAAS;AACtC,UAAM,WAAW,UAAU,YAAY,YAAY;AACnD,UAAM,QAAQ,qBAAqB,QAAQ;AAC3C,UAAM,UAAU,UAAU,YAAY,WAAW,UAAU;AAE3D,QAAI,CAAC,UAAU,IAAI,UAAU,KAAK,GAAG;AACnC,gBAAU,IAAI,UAAU,KAAK;AAC7B,YAAM,KAAK;AAAA,QACT,IAAI,UAAU;AAAA,QACd,MAAM;AAAA,QACN,kBAAkB,EAAE,MAAM,UAAU,MAAM;AAAA,QAC1C,iBAAiB,EAAE,MAAM,QAAQ;AAAA,QACjC,sBAAsB,EAAE,MAAM;AAAA,QAC9B,SAAS,iCAAiC,UAAU,KAAK;AAAA,QACzD,YAAY,EAAE,SAAS;AAAA,MACzB,CAAC;AAAA,IACH;AAEA,eAAW,qBAAqB,UAAU,oBAAoB;AAC5D,YAAM,UAAU,kBAAkB,SAAS,sBACvC,oBAAoB,kBAAkB,SAAS,mBAAmB,MAClE;AACJ,cAAQ,KAAK;AAAA,QACX,QAAQ,UAAU;AAAA,QAClB;AAAA,QACA,SAAS;AAAA,UACP,MAAM,GAAG,kBAAkB,UAAU,IAAI,IAAI,kBAAkB,UAAU,OAAO,qBAAqB,UAAU,KAAK,KAAK,OAAO,GAAG,OAAO;AAAA,QAC5I;AAAA,QACA,WAAW;AAAA,UACT;AAAA,YACE,kBAAkB;AAAA,cAChB,kBAAkB,EAAE,KAAK,gBAAgB,WAAW,YAAY;AAAA,YAClE;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SACE;AAAA,IACF,MAAM;AAAA,MACJ;AAAA,QACE,MAAM;AAAA,UACJ,QAAQ;AAAA,YACN,MAAM;AAAA,YACN,gBAAgB;AAAA,YAChB;AAAA,UACF;AAAA,QACF;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;AC5GA,SAAS,cAAAA,mBAAkB;AAC3B,SAAS,SAAS,YAAAC,WAAU,YAAY;AACxC,SAAS,QAAAC,aAAY;;;ACQrB,SAAS,cAAAC,aAAY,WAAW,eAAe,oBAAoB;AACnE,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;;;ACZtB,SAAS,kBAAkB;AAC3B,SAAS,YAAY;AACrB,SAAS,aAAa;;;ACAf,SAAS,8BAA8B,IAAoB,QAAqC;AACrG,QAAM,WAAW,oBAAI,IAAoB;AAEzC,MAAI,CAAC,OAAO,KAAK,EAAG,QAAO;AAE3B,MAAI,OAAO,QAAQ;AACjB,WAAO,oBAAoB,QAAQ,QAAQ;AAAA,EAC7C;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,MAAM;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,QAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,OAAO,CAAC,IAAI;AACjD;AAAA,IACG,MAAwE;AAAA,IACzE;AAAA,EACF;AAEA,SAAO;AACT;AAOA,SAAS,oBAAoB,QAAgB,UAAoD;AAC/F,QAAM,QAAQ,OACX,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAI;AACF,YAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAI,IAAI,SAAS,OAAQ;AAEzB,iBAAW,QAAQ,IAAI,MAAM,SAAS,CAAC,GAAG;AACxC,cAAM,MAAM,KAAK,QAAQ;AACzB,cAAM,KAAK,IAAI,YAAY,GAAG;AAC9B,YAAI,MAAM,EAAG;AAEb,cAAM,OAAO,IAAI,MAAM,GAAG,EAAE;AAC5B,cAAM,UAAU,IAAI,MAAM,KAAK,CAAC;AAChC,YAAI,QAAQ,SAAS;AACnB,mBAAS,IAAI,MAAM,OAAO;AAAA,QAC5B;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,sBACP,MACA,UACM;AACN,MAAI,CAAC,KAAM;AAEX,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAChD,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU;AACzC,UAAM,UAAU,MAAM;AACtB,QAAI,OAAO,YAAY,YAAY,SAAS;AAC1C,eAAS,IAAI,MAAM,OAAO;AAAA,IAC5B;AACA,0BAAsB,MAAM,cAAc,QAAQ;AAAA,EACpD;AACF;;;ADrDA,eAAsB,oBAAoB,KAA8B;AACtE,MAAI;AACF,UAAM,SAAS,MAAM,MAAM,QAAQ,CAAC,WAAW,GAAG,EAAE,KAAK,OAAO,OAAO,CAAC;AACxE,UAAM,QAAQ,OAAO,SAAS,OAAO,OAAO,KAAK,EAAE,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AAC3E,WAAO,OAAO,MAAM,KAAK,IAAI,IAAI;AAAA,EACnC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,qBAAqB,KAA6B;AAChE,MAAI,WAAW,KAAK,KAAK,gBAAgB,CAAC,EAAG,QAAO;AACpD,MAAI,WAAW,KAAK,KAAK,WAAW,CAAC,EAAG,QAAO;AAC/C,SAAO;AACT;AAEA,SAAS,cAAc,SAAmB,IAAoB,WAA8B;AAC1F,MAAI,CAAC,UAAW,QAAO;AAEvB,MAAI,OAAO,QAAQ;AAEjB,WAAO,CAAC,QAAQ,CAAC,GAAG,YAAY,WAAW,GAAG,QAAQ,MAAM,CAAC,CAAC;AAAA,EAChE;AAEA,MAAI,OAAO,OAAO;AAChB,WAAO,CAAC,GAAG,SAAS,eAAe,SAAS;AAAA,EAC9C;AAGA,SAAO;AACT;AAEO,SAAS,sBACd,IACA,aACA,WACU;AACV,QAAM,cAAc,aAAa,eAAe;AAChD,QAAM,wBAAwB,aAAa;AAC3C,QAAM,iBAAiB,aAAa;AAEpC,QAAM,uBACJ,OAAO,WAAW,yBAAyB,gBAAgB;AAE7D,MAAI,wBACF,OAAO,UAAU,kBAAkB,gBAAgB;AAErD,MAAI,mBAAmB,OAAO;AAC5B,4BAAwB;AAAA,EAC1B;AAEA,QAAM,WACJ,OAAO,UACN,mBAAmB,QAAS,mBAAmB,UAAa,gBAAgB;AAE/E,QAAM,UAAoB;AAAA,IACxB;AAAA,IACA,OAAO,QAAS,WAAW,OAAO,YAAa;AAAA,EACjD;AAEA,MAAI,uBAAuB;AAEzB,UAAM,cAAc,OAAO,WAAW,aAAa,MAAM;AACzD,YAAQ,KAAK,cAAc,gBAAgB,mBAAmB;AAAA,EAChE;AAEA,MAAI,sBAAsB;AACxB,YAAQ,KAAK,kBAAkB;AAAA,EACjC;AAEA,SAAO,cAAc,SAAS,IAAI,aAAa,SAAS;AAC1D;AAEO,SAAS,mBAAmB,IAAoB,aAAgD;AACrG,QAAM,OACJ,OAAO,SACH,CAAC,QAAQ,QAAQ,UAAU,WAAW,IAAI,IAC1C,OAAO,SACL,CAAC,QAAQ,QAAQ,QAAQ,IACzB,CAAC,OAAO,QAAQ,UAAU,OAAO;AAEzC,SAAO,cAAc,MAAM,IAAI,aAAa,SAAS;AACvD;AAEO,SAAS,mBAAmB,IAAoB,aAAgD;AACrG,QAAM,OAAO,OAAO,SAAS,CAAC,QAAQ,MAAM,IAAI,OAAO,SAAS,CAAC,QAAQ,MAAM,IAAI,CAAC,OAAO,MAAM;AACjG,SAAO,cAAc,MAAM,IAAI,aAAa,SAAS;AACvD;AAEO,SAAS,oBAAoB,IAAoB,aAAgD;AACtG,QAAM,OAAO,OAAO,SAAS,CAAC,QAAQ,SAAS,QAAQ,IAAI,CAAC,IAAI,SAAS,QAAQ;AACjF,SAAO,cAAc,MAAM,IAAI,aAAa,SAAS;AACvD;AAEO,SAAS,kBACd,IACA,aACA,aACU;AACV,QAAM,OAAO,OAAO,QAAQ,CAAC,OAAO,WAAW,WAAW,IAAI,CAAC,IAAI,OAAO,WAAW;AACrF,SAAO,cAAc,MAAM,IAAI,aAAa,SAAS;AACvD;AAEO,SAAS,qBAAqB,IAAoB,aAAgD;AACvG,QAAM,OAAO,CAAC,IAAI,QAAQ;AAC1B,SAAO,cAAc,MAAM,IAAI,aAAa,SAAS;AACvD;AAEO,SAAS,0BAA0B,IAA4C;AACpF,MAAI,OAAO,QAAQ;AACjB,WAAO;AAAA,MACL,SAAS,CAAC,QAAQ,SAAS;AAAA,MAC3B,sBAAsB,CAAC,QAAQ,WAAW,kBAAkB;AAAA,MAC5D,sBAAsB,sBAAsB,QAAQ,EAAE,aAAa,gBAAgB,CAAC;AAAA,MACpF,YAAY,CAAC,QAAgB,CAAC,QAAQ,OAAO,MAAM,GAAG;AAAA,MACtD,MAAM,CAAC,QAAQ,MAAM;AAAA,MACrB,MAAM,CAAC,QAAQ,QAAQ,UAAU,WAAW,IAAI;AAAA,MAChD,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,MAAI,OAAO,QAAQ;AACjB,WAAO;AAAA,MACL,SAAS,CAAC,QAAQ,SAAS;AAAA,MAC3B,sBAAsB,CAAC,QAAQ,SAAS;AAAA,MACxC,sBAAsB,sBAAsB,QAAQ,EAAE,aAAa,gBAAgB,CAAC;AAAA,MACpF,YAAY,CAAC,QAAgB,CAAC,QAAQ,OAAO,SAAS,GAAG;AAAA,MACzD,MAAM,CAAC,QAAQ,MAAM;AAAA,MACrB,MAAM,CAAC,QAAQ,QAAQ,QAAQ;AAAA,MAC/B,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS,CAAC,OAAO,SAAS;AAAA,IAC1B,sBAAsB,CAAC,OAAO,WAAW,kBAAkB;AAAA,IAC3D,sBAAsB,sBAAsB,OAAO,EAAE,aAAa,gBAAgB,CAAC;AAAA,IACnF,YAAY,CAAC,QAAgB,CAAC,OAAO,WAAW,cAAc,GAAG;AAAA,IACjE,MAAM,CAAC,OAAO,MAAM;AAAA,IACpB,MAAM,CAAC,OAAO,QAAQ,UAAU,OAAO;AAAA,IACvC,cAAc;AAAA,EAChB;AACF;AAEO,SAAS,gBAAgB,IAAoB,QAAqC;AACvF,SAAO,8BAA8B,IAAI,MAAM;AACjD;;;ADnGO,SAAS,kBAAkB,cAA6C;AAC7E,MAAI,CAAC,gBAAgB,OAAO,iBAAiB,UAAU;AACrD,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAGA,QAAM,cAAc,cAAc,KAAK,YAAY;AACnD,QAAM,YAAY,iBAAiB,KAAK,YAAY;AACpD,QAAM,gBAAgB,cAAc,KAAK,YAAY;AAErD,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,CAAC,eAAe;AAClB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;;;AGzGA,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,gBAAgB;AACzB,SAAS,YAAY,eAAe;AAO7B,IAAM,sBAAsB;AAE5B,SAAS,kBAAkB,KAAa,aAAa,qBAA6B;AACvF,SAAO,WAAW,UAAU,IAAI,aAAa,QAAQ,KAAK,UAAU;AACtE;AAEO,SAAS,oBAAoB,KAAa,eAA+B;AAC9E,SAAO,WAAW,aAAa,IAAI,gBAAgB,QAAQ,KAAK,aAAa;AAC/E;AAEA,eAAsB,aAAa,kBAA8D;AAC/F,MAAI,CAACA,YAAW,gBAAgB,GAAG;AACjC,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,MAAM,MAAM,SAAS,kBAAkB,MAAM;AACnD,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,oBAAoB,cAA8D;AAChG,QAAM,QAAQ,MAAM;AAAA,IAClB,IAAI;AAAA,MACF,aACG,MAAM,OAAO,EACb,OAAO,CAAC,SAAS,KAAK,WAAW,QAAQ,CAAC,EAC1C,IAAI,CAAC,SAAS,KAAK,MAAM,SAAS,MAAM,CAAC;AAAA,IAC9C;AAAA,EACF;AACA,QAAM,YAAY,aACf,MAAM,OAAO,EACb,OAAO,CAAC,SAAS,KAAK,WAAW,KAAK,CAAC,EAAE;AAE5C,SAAO,EAAE,OAAO,UAAU;AAC5B;AAEO,SAAS,UAAU,YAA2D;AACnF,SAAO;AAAA,IACL,eAAe,WAAW;AAAA,IAC1B,kBAAkB,WAAW;AAAA,IAC7B,eAAe,WAAW;AAAA,IAC1B,OAAO,WAAW;AAAA,IAClB,aAAa,WAAW;AAAA,IACxB,mBAAmB,WAAW;AAAA,IAC9B,WAAW,WAAW;AAAA,IACtB,YAAY,WAAW;AAAA,IACvB,WAAW,WAAW;AAAA,IACtB,aAAa,WAAW;AAAA,IACxB,OAAO,WAAW;AAAA,IAClB,WAAW,WAAW;AAAA,IACtB,WAAW,WAAW;AAAA,EACxB;AACF;;;AJ/CA,eAAsB,mBACpB,UAAqC,CAAC,GACL;AACjC,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,kBAAkB,KAAK,QAAQ,UAAU;AAEhE,MAAI,CAACC,YAAW,cAAc,GAAG;AAC/B,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,UAAU,MAAM,QAAQ,gBAAgB,EAAE,eAAe,KAAK,CAAC;AACrE,QAAM,aAAa,QAChB,OAAO,CAAC,UAAU,MAAM,OAAO,KAAK,MAAM,KAAK,SAAS,QAAQ,CAAC,EACjE,IAAI,CAAC,UAAUC,MAAK,gBAAgB,MAAM,IAAI,CAAC,EAC/C,KAAK,CAAC,MAAM,UAAU,KAAK,cAAc,KAAK,CAAC;AAElD,QAAM,YAAY,MAAM,QAAQ;AAAA,IAC9B,WAAW,IAAI,OAAO,kBAAkB;AACtC,YAAM,aAAa,MAAM,qBAAqB,eAAe,OAAO;AACpE,aAAO,UAAU,UAAU;AAAA,IAC7B,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAEA,eAAsB,qBACpB,eACA,UAAqC,CAAC,GACJ;AAClC,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,oBAAoB,oBAAoB,KAAK,aAAa;AAChE,QAAM,gBAAgB,kBAAkB,MAAM,GAAG,EAAE,IAAI,KAAK;AAC5D,QAAM,mBAAmB,GAAG,iBAAiB;AAE7C,MAAI,CAACD,YAAW,iBAAiB,GAAG;AAClC,WAAO;AAAA,MACL,eAAe;AAAA,MACf,kBAAkBA,YAAW,gBAAgB,IAAI,mBAAmB;AAAA,MACpE;AAAA,MACA,QAAQ;AAAA,MACR,WAAW;AAAA,MACX,aAAa;AAAA,IACf;AAAA,EACF;AAEA,QAAM,CAAC,cAAc,WAAW,QAAQ,IAAI,MAAM,QAAQ,IAAI;AAAA,IAC5DE,UAAS,mBAAmB,MAAM;AAAA,IAClC,KAAK,iBAAiB;AAAA,IACtB,aAAa,gBAAgB;AAAA,EAC/B,CAAC;AAED,QAAM,SAAS,kBAAkB,YAAY;AAC7C,QAAM,UAAU,oBAAoB,YAAY;AAEhD,SAAO;AAAA,IACL,eAAe;AAAA,IACf,kBAAkB,WAAW,mBAAmB;AAAA,IAChD;AAAA,IACA,OAAO,UAAU;AAAA,IACjB,aAAa,UAAU;AAAA,IACvB,mBAAmB,UAAU;AAAA,IAC7B,WAAW,UAAU;AAAA,IACrB,YAAY,UAAU;AAAA,IACtB,WAAW,UAAU;AAAA,IACrB,aAAa,UAAU;AAAA,IACvB,OAAO,UAAU,SAAS,QAAQ;AAAA,IAClC,WAAW,UAAU,aAAa,QAAQ;AAAA,IAC1C,QAAQ;AAAA,IACR,WAAW,OAAO;AAAA,IAClB,aAAa,OAAO;AAAA,IACpB,gBAAgB,UAAU;AAAA,IAC1B,WAAW,aAAa,MAAM,OAAO,EAAE;AAAA,IACvC;AAAA,EACF;AACF;;;AKtFA,SAAS,YAAY;AACrB,SAAS,SAAS;AAClB,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;;;ACVtB,SAAS,cAAAC,aAAY,gBAAAC,qBAAoB;AACzC,SAAS,QAAAC,aAAY;AAkBd,IAAM,iBAAuC;AAAA,EAClD,iBAAiB;AAAA,EACjB,cAAc,CAAC;AAAA,EACf,eAAe,CAAC;AAAA,EAChB,aAAa;AAAA,IACX,wBAAwB;AAAA,IACxB,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,sBAAsB;AAAA,IACtB,uBAAuB;AAAA,IACvB,WAAW;AAAA,EACb;AAAA,EACA,eAAe,CAAC;AAAA,EAChB,uBAAuB;AAAA,EACvB,6BAA6B;AAAA,EAC7B,mBAAmB;AAAA,EACnB,gBAAgB;AAAA,EAChB,2BAA2B,CAAC;AAAA,EAC5B,qBAAqB;AAAA,EACrB,8BAA8B;AAChC;AAEO,SAAS,WAAW,KAAa,cAA6C;AACnF,QAAM,YAAY,gBAAgBA,MAAK,KAAK,sBAAsB;AAClE,MAAI,CAACF,YAAW,SAAS,EAAG,QAAO;AAEnC,MAAI;AACF,UAAM,SAAS,KAAK,MAAMC,cAAa,WAAW,MAAM,CAAC;AACzD,WAAO;AAAA,MACL,iBAAiB,OAAO,mBAAmB,eAAe;AAAA,MAC1D,cAAc,OAAO,gBAAgB,eAAe;AAAA,MACpD,eAAe,OAAO,iBAAiB,eAAe;AAAA,MACtD,aAAa;AAAA,QACX,wBACE,OAAO,aAAa,0BACpB,eAAe,aAAa,0BAC5B;AAAA,QACF,mBACE,OAAO,aAAa,qBACpB,eAAe,aAAa,qBAC5B;AAAA,QACF,aACE,OAAO,aAAa,eACpB,eAAe,aAAa,eAC5B;AAAA,QACF,sBACE,OAAO,aAAa,wBACpB,eAAe,aAAa;AAAA,QAC9B,uBACE,OAAO,aAAa,yBACpB,eAAe,aAAa;AAAA,QAC9B,WACE,OAAO,aAAa,aACpB,eAAe,aAAa;AAAA,MAChC;AAAA,MACA,eAAe;AAAA,QACb,QAAQ,OAAO,eAAe,UAAU,eAAe,eAAe;AAAA,QACtE,OAAO,OAAO,eAAe,SAAS,eAAe,eAAe;AAAA,MACtE;AAAA,MACA,uBACE,OAAO,yBACP,eAAe;AAAA,MACjB,6BACE,OAAO,+BACP,eAAe;AAAA,MACjB,mBACE,OAAO,qBACP,eAAe;AAAA,MACjB,gBACE,OAAO,kBACP,eAAe;AAAA,MACjB,2BAA2B;AAAA,QACzB,KACE,OAAO,2BAA2B,OAClC,eAAe,2BAA2B;AAAA,QAC5C,QACE,OAAO,2BAA2B,UAClC,eAAe,2BAA2B;AAAA,QAC5C,MACE,OAAO,2BAA2B,QAClC,eAAe,2BAA2B;AAAA,MAC9C;AAAA,MACA,qBACE,OAAO,uBACP,eAAe;AAAA,MACjB,8BACE,OAAO,gCACP,eAAe;AAAA,IACnB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,iBAAiB,QAA8B,aAA8B;AAC3F,MAAI,OAAO,aAAa,SAAS,WAAW,EAAG,QAAO;AACtD,MAAI,OAAO,cAAc,SAAS,KAAK,CAAC,OAAO,cAAc,SAAS,WAAW,GAAG;AAClF,WAAO;AAAA,EACT;AACA,SAAO;AACT;;;AD7FO,IAAM,qBAAqB,KAAK;AAAA,EACrC,aACE;AAAA,EACF,YAAY,EAAE,OAAO;AAAA,IACnB,KAAK,EAAE,OAAO,EAAE,SAAS,wDAAwD;AAAA,IACjF,gBAAgB,EAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,8CAA8C;AAAA,IACrF,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,mDAAmD;AAAA,EAC/F,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,KAAK,gBAAgB,QAAQ,UAAU,MAAiE;AACxH,QAAI;AAEJ,QAAI;AACF,gBAAU,KAAK,MAAME,cAAaC,MAAK,KAAK,cAAc,GAAG,MAAM,CAAC;AAAA,IACtE,QAAQ;AACN,aAAO;AAAA,QACL,UAAU,CAAC;AAAA,QACX,OAAO,mCAAmC,GAAG;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,eAAe,WAAW,KAAK,MAAM;AAC3C,UAAM,cAAc,mBAAmB,IAAI;AAAA,MACzC,GAAG,aAAa;AAAA,MAChB,WAAW,aAAa,aAAa,aAAa;AAAA,IACpD,CAAC;AACD,QAAI,oBAAoB,oBAAI,IAAoB;AAEhD,QAAI;AACF,YAAM,CAAC,KAAK,GAAG,IAAI,IAAI;AACvB,YAAM,aAAa,MAAMC,OAAM,KAAK,MAAM;AAAA,QACxC;AAAA,QACA,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AACD,0BAAoB,gBAAgB,IAAI,WAAW,UAAU,EAAE;AAAA,IACjE,QAAQ;AAAA,IAER;AAEA,UAAM,WAA+B,CAAC;AAEtC,eAAW,CAAC,MAAM,OAAO,KAAK,kBAAkB,QAAQ,GAAG;AACzD,YAAM,WACJ,QAAQ,QAAQ,eAAe,IAAI,CAAC,KACpC,QAAQ,QAAQ,kBAAkB,IAAI,CAAC,KACvC,QAAQ,QAAQ,mBAAmB,IAAI,CAAC;AAE1C,eAAS,KAAK;AAAA,QACZ;AAAA,QACA;AAAA,QACA,MAAM,WAAW,WAAW;AAAA,MAC9B,CAAC;AAAA,IACH;AAEA,QAAI,SAAS,WAAW,GAAG;AAEzB,YAAM,UAAU;AAAA,QACd,GAAG,QAAQ;AAAA,QACX,GAAG,QAAQ;AAAA,MACb;AACA,iBAAW,CAAC,MAAM,OAAO,KAAK,OAAO,QAAQ,OAAO,GAAG;AACrD,cAAM,UAAU,QAAQ,QAAQ,cAAc,EAAE,EAAE,KAAK;AACvD,iBAAS,KAAK,EAAE,MAAM,SAAS,SAAS,MAAM,SAAS,CAAC;AAAA,MAC1D;AAAA,IACF;AAEA,WAAO,EAAE,SAAS;AAAA,EACpB;AACF,CAAC;;;AEvFD,eAAsB,sBACpB,eACA,UAAqC,CAAC,GACE;AACxC,QAAM,aAAa,MAAM,qBAAqB,eAAe,OAAO;AACpE,QAAM,mBAA2C;AAAA,IAC/C;AAAA,MACE,OAAO;AAAA,MACP,QAAQ,WAAW;AAAA,MACnB,OAAO,WAAW,YAAY,SAAY,WAAW;AAAA,MACrD,SAAS,WAAW,YAAY,2CAA2C;AAAA,IAC7E;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,QAAQ;AACtB,WAAO;AAAA,MACL,eAAe,WAAW;AAAA,MAC1B,kBAAkB,WAAW;AAAA,MAC7B,QAAQ;AAAA,MACR,eAAe;AAAA,MACf,WAAW;AAAA,MACX,aAAa,WAAW;AAAA,MACxB,eAAe;AAAA,MACf;AAAA,IACF;AAAA,EACF;AAEA,QAAM,WAAW,WAAW;AAC5B,QAAM,gBAAgB,QAAQ,QAAQ;AAEtC,MAAI,CAAC,UAAU;AACb,qBAAiB,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,OAAO;AAAA,IACT,CAAC;AAED,WAAO;AAAA,MACL,eAAe,WAAW;AAAA,MAC1B,kBAAkB,WAAW;AAAA,MAC7B,QAAQ;AAAA,MACR;AAAA,MACA,WAAW,WAAW;AAAA,MACtB,aAAa,WAAW;AAAA,MACxB,eAAe;AAAA,MACf;AAAA,IACF;AAAA,EACF;AAEA,mBAAiB,KAAK;AAAA,IACpB,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,SAAS;AAAA,EACX,CAAC;AAED,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,YAAa,MAAO,mBAA2B,QAAQ;AAAA,IAC3D;AAAA,IACA;AAAA,EACF,CAAC;AAKD,MAAI,UAAU,OAAO;AACnB,qBAAiB,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,OAAO,UAAU;AAAA,IACnB,CAAC;AAED,WAAO;AAAA,MACL,eAAe,WAAW;AAAA,MAC1B,kBAAkB,WAAW;AAAA,MAC7B,QAAQ;AAAA,MACR;AAAA,MACA,WAAW,WAAW;AAAA,MACtB,aAAa,WAAW;AAAA,MACxB,eAAe;AAAA,MACf,OAAO,SAAS;AAAA,MAChB,aAAa,SAAS;AAAA,MACtB,mBAAmB,SAAS;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAEA,QAAM,oBAAoB,UAAU,YAAY,CAAC,GAAG;AAAA,IAClD,CAAC,QAAQ,IAAI,SAAS,SAAS;AAAA,EACjC;AACA,QAAM,mBAAmB,iBAAiB,CAAC,GAAG;AAC9C,QAAM,iBAAiB,iBAAiB;AAAA,IACtC,CAAC,QAAQ,IAAI,YAAY,SAAS;AAAA,EACpC;AACA,QAAM,gBAAgB,iBAAiB,SAAS,KAAK,CAAC;AAEtD,mBAAiB,KAAK;AAAA,IACpB,OAAO;AAAA,IACP,QAAQ,CAAC;AAAA,IACT,SACE,iBAAiB,WAAW,IACxB,WAAW,SAAS,WAAW,iCAC/B,iBACE,6CAA6C,SAAS,iBAAiB,MACvE,qBAAqB,gBAAgB,mCAAmC,SAAS,iBAAiB;AAAA,IAC1G,OAAO,gBAAgB,oEAAoE;AAAA,EAC7F,CAAC;AAED,SAAO;AAAA,IACL,eAAe,WAAW;AAAA,IAC1B,kBAAkB,WAAW;AAAA,IAC7B,QAAQ;AAAA,IACR;AAAA,IACA,WAAW,WAAW;AAAA,IACtB,aAAa,WAAW;AAAA,IACxB;AAAA,IACA,OAAO,SAAS;AAAA,IAChB,aAAa,SAAS;AAAA,IACtB,mBAAmB,SAAS;AAAA,IAC5B;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AClHO,SAAS,gBAAgB,UAA4B,CAAC,GAAsB;AACjF,QAAM,MAAM,QAAQ,eAAe,QAAQ,IAAI,+BAA+B;AAC9E,MAAI,QAAQ,YAAY,QAAQ,SAAS;AACvC,UAAM,IAAI;AAAA,MACR,6BAA6B,GAAG;AAAA,IAClC;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,iBACd,UACA,UAA4B,CAAC,GAC7B,UAA+B,CAAC,GACxB;AACR,MAAI,QAAQ,MAAO,QAAO,QAAQ;AAClC,MAAI,QAAQ,IAAI,qBAAsB,QAAO,QAAQ,IAAI;AAEzD,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,SAAS,WAAW,KAAK,QAAQ,MAAM;AAE7C,QAAM,mBACJ,aAAa,WACT,QAAQ,IAAI,8BACZ,QAAQ,IAAI;AAClB,MAAI,iBAAkB,QAAO;AAE7B,QAAM,oBACJ,aAAa,WAAW,OAAO,eAAe,SAAS,OAAO,eAAe;AAC/E,MAAI,kBAAmB,QAAO;AAE9B,QAAM,WAA8C;AAAA,IAClD,QAAQ;AAAA,IACR,OAAO;AAAA,EACT;AAEA,QAAM,iBACJ,QAAQ,uBACR,OAAO,uBACP;AACF,QAAM,YACJ,QAAQ,gCACR,OAAO,gCACP;AAEF,MACE,aAAa,YACb,kBACA,OAAO,QAAQ,eAAe,YAC9B,QAAQ,cAAc,WACtB;AACA,WAAO,QAAQ,IAAI,qCAAqC;AAAA,EAC1D;AAEA,SAAO,SAAS,QAAQ;AAC1B;AAEA,eAAe,oBAAiD;AAC9D,QAAM,aAAa,QAAQ,IAAI;AAC/B,QAAM,aAAa,QAAQ,IAAI,wCAAwC;AAEvE,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAU,MAAM,OAAO;AAC7B,QAAM,UAAU,OAAO,UAAU;AACjC,MAAI,OAAO,YAAY,YAAY;AACjC,UAAM,IAAI;AAAA,MACR,0BAA0B,UAAU,8BAA8B,UAAU;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,YACpB,UAA4B,CAAC,GAC7B,UAA+B,CAAC,GACN;AAC1B,QAAM,WAAW,gBAAgB,OAAO;AAExC,MAAI,aAAa,SAAS;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YAAY,iBAAiB,UAAU,SAAS,OAAO;AAC7D,QAAM,qBAAqB,MAAM,kBAAkB;AACnD,QAAM,eAAe,mBAAmB,EAAE,OAAO,CAAC;AAClD,SAAO,aAAa,SAAS;AAC/B;AAEO,SAAS,4BACd,UACA,gBAAsC,WACtC,YAA4B,UAC5B,WACQ;AACR,QAAM,UAAqE;AAAA,IACzE,QAAQ,EAAE,KAAK,MAAM,QAAQ,KAAK,MAAM,IAAI;AAAA,IAC5C,OAAO,EAAE,KAAK,MAAM,QAAQ,KAAK,MAAM,IAAI;AAAA,EAC7C;AACA,QAAM,SAAoE;AAAA,IACxE,QAAQ,EAAE,KAAK,KAAK,QAAQ,MAAM,MAAM,IAAI;AAAA,IAC5C,OAAO,EAAE,KAAK,KAAK,QAAQ,MAAM,MAAM,IAAI;AAAA,EAC7C;AAEA,QAAM,gBACJ,kBAAkB,WACd,OAAO,QAAQ,EAAE,SAAS,IAC1B,QAAQ,QAAQ,EAAE,SAAS;AACjC,QAAM,WAAW,YAAY,SAAS;AAEtC,MAAI,OAAO,aAAa,YAAY,OAAO,SAAS,QAAQ,GAAG;AAC7D,WAAO,KAAK,IAAI,GAAG,KAAK,IAAI,GAAG,QAAQ,CAAC;AAAA,EAC1C;AAEA,SAAO;AACT;AAEO,SAAS,qBAAqB,QAI1B;AACT,QAAM,cAAc,OAAO,cAAc;AACzC,QAAM,eAAe,OAAO,kBAAkB;AAE9C,QAAM,mBACJ,OAAO,aAAa,WAChB,EAAE,OAAO,MAAO,QAAQ,KAAK,IAC7B,EAAE,OAAO,GAAG,QAAQ,EAAE;AAE5B,SACG,cAAc,MAAQ,iBAAiB,QACvC,eAAe,MAAQ,iBAAiB;AAE7C;AAMO,SAAS,eAA0B;AACxC,SAAO;AAAA,IACL,QAAQ,QAAQ,IAAI;AAAA,EACtB;AACF;AAEO,SAAS,iBAAqC;AACnD,SAAO,QAAQ,IAAI;AACrB;AAcO,SAAS,8BAAwD;AACtE,SAAO;AAAA,IACL,mBACE,QAAQ,IAAI,sCACZ;AAAA,IACF,iBACE,QAAQ,IAAI,oCACZ;AAAA,IACF,SACE,QAAQ,IAAI,2BACZ;AAAA,IACF,gBACE,QAAQ,IAAI,mCACZ;AAAA,IACF,YACE,QAAQ,IAAI,8BACZ;AAAA,IACF,cACE,QAAQ,IAAI,gCACZ;AAAA,IACF,sBAAsB,QAAQ,IAAI,wCAAwC,IACvE,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,OAAO;AAAA,IACjB,kBAAkB,QAAQ,IAAI,mCAAmC,IAC9D,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,OAAO;AAAA,IACjB,qBAAqB,QAAQ,IAAI;AAAA,EACnC;AACF;;;AChOA,SAAS,cAAAC,aAAY,aAAAC,YAAW,gBAAAC,eAAc,iBAAAC,sBAAqB;AACnE,SAAS,QAAAC,aAAY;AAerB,IAAM,gBAAkC;AAAA,EACtC,eAAe;AAAA,EACf,SAAS,CAAC;AACZ;AAEA,SAAS,cAAc,KAAqB;AAC1C,SAAOA,MAAK,KAAK,mBAAmB,SAAS,kBAAkB;AACjE;AAEA,SAAS,SAAS,gBAAwB,OAAuB;AAC/D,SAAO,GAAG,cAAc,KAAK,MAAM,YAAY,CAAC;AAClD;AAEA,SAAS,UAAU,KAA+B;AAChD,QAAM,WAAW,cAAc,GAAG;AAClC,MAAI,CAACJ,YAAW,QAAQ,EAAG,QAAO;AAElC,MAAI;AACF,UAAM,SAAS,KAAK,MAAME,cAAa,UAAU,MAAM,CAAC;AACxD,QAAI,UAAU,OAAO,kBAAkB,SAAS,OAAO,SAAS;AAC9D,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,UAAU,KAAa,OAA+B;AAC7D,QAAM,WAAW,cAAc,GAAG;AAClC,EAAAD,WAAUG,MAAK,KAAK,mBAAmB,OAAO,GAAG,EAAE,WAAW,KAAK,CAAC;AACpE,EAAAD,eAAc,UAAU,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,MAAM,MAAM;AACvE;AAEO,SAAS,qBACd,KACA,gBACA,OAC+B;AAC/B,QAAM,QAAQ,UAAU,GAAG;AAC3B,QAAM,MAAM,SAAS,gBAAgB,KAAK;AAC1C,SAAO,MAAM,QAAQ,GAAG,GAAG;AAC7B;AAEO,SAAS,sBACd,KACA,gBACA,OACA,QACM;AACN,QAAM,QAAQ,UAAU,GAAG;AAC3B,QAAM,MAAM,SAAS,gBAAgB,KAAK;AAC1C,QAAM,QAAQ,GAAG,IAAI;AAAA,IACnB,KAAK;AAAA,IACL,OAAO,MAAM,YAAY;AAAA,IACzB;AAAA,IACA,UAAS,oBAAI,KAAK,GAAE,YAAY;AAAA,EAClC;AACA,YAAU,KAAK,KAAK;AACtB;;;ACrEA,SAAS,gBAAAE,qBAAoB;;;ACqB7B,IAAM,qBAAqB;AAE3B,eAAe,mBACb,KACA,MACA,WACmB;AACnB,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAEhE,MAAI;AACF,WAAO,MAAM,MAAM,KAAK,EAAE,GAAG,MAAM,QAAQ,WAAW,OAAO,CAAC;AAAA,EAChE,UAAE;AACA,iBAAa,SAAS;AAAA,EACxB;AACF;AASA,eAAsB,WAAW,SAAyD;AACxF,QAAM;AAAA,IACJ;AAAA,IACA,SAAS;AAAA,IACT,UAAU,CAAC;AAAA,IACX;AAAA,IACA,UAAU;AAAA,EACZ,IAAI;AAEJ,QAAM,OAAoB;AAAA,IACxB;AAAA,IACA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG;AAAA,IACL;AAAA,EACF;AAEA,MAAI,SAAS,QAAW;AACtB,SAAK,OACH,OAAO,SAAS,WACZ,OACA,KAAK,UAAU,IAAI;AACzB,UAAM,aAAc,KAAK,WAAW,CAAC;AACrC,QAAI,CAAC,WAAW,cAAc,GAAG;AAC/B,iBAAW,cAAc,IAAI;AAAA,IAC/B;AACA,SAAK,UAAU;AAAA,EACjB;AAEA,MAAI;AACF,UAAM,MAAM,MAAM,mBAAmB,KAAK,MAAM,OAAO;AACvD,UAAM,OAAO,MAAM,IAAI,KAAK;AAG5B,QAAI;AACJ,QAAI;AACF,aAAO,OAAO,KAAK,MAAM,IAAI,IAAI,CAAC;AAAA,IACpC,QAAQ;AAEN,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,QAAQ,IAAI;AAAA,MACZ,IAAI,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AAEZ,UAAM,WAAW,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAChE,QAAI,SAAS,SAAS,YAAY,GAAG;AACnC,YAAM,IAAI,UAAU,yBAAyB,OAAO,MAAM,SAAS;AAAA,IACrE;AACA,UAAM,IAAI,UAAU,kBAAkB,QAAQ,IAAI,eAAe;AAAA,EACnE;AACF;AAsBO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAJkB;AAKpB;;;AC/HA,IAAM,WAAW;AAwDjB,eAAsB,aAAa,OAAiD;AAClF,QAAM,MAAM,GAAG,QAAQ,UAAU,mBAAmB,KAAK,CAAC;AAE1D,MAAI;AACF,UAAM,MAAM,MAAM,WAAW,EAAE,IAAI,CAAC;AAEpC,QAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,iBAAiB,IAAI,MAAM,QAAQ,KAAK,KAAK,IAAI,IAAI,EAAE;AAAA,IACzE;AAEA,WAAO,IAAI;AAAA,EACb,SAAS,KAAK;AAEZ,QAAI,eAAe,OAAO;AACxB,YAAM,IAAI,MAAM,qBAAqB,KAAK,KAAK,IAAI,OAAO,EAAE;AAAA,IAC9D;AACA,UAAM;AAAA,EACR;AACF;AAOA,SAAS,uBAAuB,QAAkC;AAChE,QAAM,QAAkB,CAAC;AAEzB,aAAW,SAAS,QAAQ;AAC1B,QAAI,MAAM,eAAe,QAAW;AAClC,YAAM,IAAI,MAAM,eAAe,MAAM,UAAU,MAAM;AACrD,YAAM,KAAK,KAAK,CAAC,EAAE;AAAA,IACrB;AACA,QAAI,MAAM,UAAU,QAAW;AAC7B,YAAM,KAAK,IAAI,MAAM,KAAK,EAAE;AAAA,IAC9B;AACA,QAAI,MAAM,kBAAkB,QAAW;AACrC,YAAM,KAAK,KAAK,MAAM,aAAa,EAAE;AAAA,IACvC;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,GAAG,KAAK;AAC5B;AAMO,SAAS,aAAa,MAAoC;AAC/D,QAAM,cAAiC,CAAC;AAExC,aAAW,YAAY,KAAK,YAAY,CAAC,GAAG;AAC1C,UAAM,YAAY,SAAS,SAAS;AACpC,UAAM,cAAc,SAAS,SAAS;AACtC,QAAI,CAAC,aAAa,OAAO,cAAc,SAAU;AACjD,QAAI,CAAC,eAAe,OAAO,gBAAgB,SAAU;AACrD,QAAI,UAAU,YAAY,MAAM,MAAO;AAGvC,UAAM,cAAc,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ;AACpE,UAAM,kBAAkB,cACpB,uBAAuB,YAAY,MAAM,IACzC;AAGJ,UAAM,aAAa,aAAa,OAAO,KAAK,CAAC,MAAM,EAAE,UAAU,MAAS;AAExE,gBAAY,KAAK;AAAA,MACf,MAAM;AAAA,MACN,WAAW;AAAA,MACX;AAAA,MACA,qBAAqB,YAAY;AAAA,MACjC,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,eAAe,KAAK,QAAQ;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,SAAS,KAAK,WAAW,KAAK,WAAW;AAAA,IACzC;AAAA,IACA,YAAY,KAAK,YAAY,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC;AAAA,IACnD,kBAAkB;AAAA,EACpB;AACF;AAEA,SAAS,eACP,iBACwB;AACxB,MAAI,CAAC,iBAAiB,OAAQ,QAAO;AAGrC,QAAM,YACJ,gBAAgB,KAAK,CAAC,MAAM,EAAE,SAAS,SAAS,KAAK,gBAAgB,CAAC;AAGxE,QAAM,aAAa,UAAU,MAAM,MAAM,aAAa;AACtD,MAAI,YAAY;AACd,UAAM,QAAQ,WAAW,WAAW,CAAC,CAAC;AACtC,QAAI,SAAS,EAAK,QAAO;AACzB,QAAI,SAAS,EAAK,QAAO;AACzB,QAAI,SAAS,EAAK,QAAO;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAGA,eAAsB,aAAa,OAA2C;AAC5E,QAAM,OAAO,MAAM,aAAa,KAAK;AACrC,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,aAAa,IAAI;AAC1B;;;AC9KA,SAAS,eAAe;AAkCxB,SAAS,sBAA+B;AACtC,QAAM,QAAQ,eAAe;AAC7B,SAAO,IAAI,QAAQ,QAAQ,EAAE,MAAM,SAAS,KAAK,GAAG,IAAI,CAAC,CAAC;AAC5D;AAMA,eAAsB,kBAAkB,OAAsC;AAC5E,QAAM,UAAU,oBAAoB;AAEpC,MAAI;AAEF,UAAM,WAAW,MAAM,QAAQ,QAAQ,mBAAmB;AAAA,MACxD,QAAQ;AAAA,MACR,WAAW;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,QACP,wBAAwB;AAAA,MAC1B;AAAA,IACF,CAAQ;AAER,WAAO,SAAS;AAAA,EAClB,SAAS,KAAK;AAEZ,UAAM,WAAW,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAChE,YAAQ;AAAA,MACN,kDAAkD,KAAK,KAAK,QAAQ;AAAA,IACtE;AACA,WAAO,CAAC;AAAA,EACV;AACF;AAMO,SAAS,kBAAkB,YAA6C;AAC7E,QAAM,WAA8B,CAAC;AAErC,aAAW,YAAY,YAAY;AACjC,eAAW,QAAQ,SAAS,iBAAiB;AAC3C,UAAI,KAAK,QAAQ,UAAU,YAAY,MAAM,MAAO;AAEpD,eAAS,KAAK;AAAA,QACZ,MAAM,KAAK,QAAQ;AAAA,QACnB,WAAW;AAAA,QACX,iBAAiB,KAAK,4BAA4B;AAAA,QAClD,qBAAqB,KAAK,yBAAyB;AAAA,QACnD,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAMO,SAAS,0BACd,SACA,YACY;AACZ,QAAM,WAAW,EAAE,GAAG,QAAQ;AAE9B,aAAW,SAAS,YAAY;AAC9B,UAAM,WAAW,SAAS,iBAAiB;AAAA,MACzC,CAAC,MAAM,EAAE,SAAS,MAAM;AAAA,IAC1B;AAEA,QAAI,UAAU;AAEZ,UAAI,CAAC,SAAS,uBAAuB,MAAM,qBAAqB;AAC9D,iBAAS,sBAAsB,MAAM;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,eAAS,iBAAiB,KAAK,KAAK;AAAA,IACtC;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAsB,gBAAgB,OAA2C;AAC/E,QAAM,aAAa,MAAM,kBAAkB,KAAK;AAChD,SAAO,kBAAkB,UAAU;AACrC;;;ACzHA,IAAM,WAAW;AA2BjB,SAAS,kBAA0C;AACjD,QAAM,EAAE,OAAO,IAAI,aAAa;AAChC,QAAM,UAAkC,EAAE,QAAQ,mBAAmB;AACrE,MAAI,QAAQ;AACV,YAAQ,SAAS;AAAA,EACnB;AACA,SAAO;AACT;AAOA,eAAsB,aACpB,OAC0E;AAC1E,QAAM,MAAM,GAAG,QAAQ,UAAU,mBAAmB,KAAK,CAAC;AAC1D,QAAM,UAAU,gBAAgB;AAEhC,MAAI;AACF,UAAM,MAAM,MAAM,WAAW,EAAE,KAAK,QAAQ,CAAC;AAC7C,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAO,IAAI;AACjB,UAAM,OAAO,KAAK,kBAAkB,CAAC;AACrC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,UAAU,KAAK,IAAI;AACzB,UAAM,SACJ,SAAS,gBAAgB,CAAC,KAC1B,SAAS,gBAAgB,CAAC,KAC1B,SAAS,eAAe,CAAC;AAE3B,QAAI,CAAC,OAAQ,QAAO;AAEpB,UAAM,QAAQ,OAAO,SAAS;AAC9B,UAAM,cAAc,OAAO,SAAS,aAAa,YAAY;AAE7D,UAAM,cAAsD;AAAA,MAC1D,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,KAAK;AAAA,IACP;AAEA,WAAO;AAAA,MACL;AAAA,MACA,UAAU,YAAY,WAAW,KAAK;AAAA,IACxC;AAAA,EACF,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAMA,eAAsB,cAAc,SAA0C;AAC5E,QAAM,OAAO,MAAM,aAAa,QAAQ,EAAE;AAC1C,MAAI,MAAM;AACR,YAAQ,YAAY,KAAK;AACzB,QAAI,QAAQ,aAAa,WAAW;AAClC,cAAQ,WAAW,KAAK;AAAA,IAC1B;AAAA,EACF;AACA,SAAO;AACT;;;ACnGA,OAAO,YAAY;AAGnB,IAAM,eAAe;AA8BrB,eAAsB,qBAAqB,aAAwC;AACjF,QAAM,MAAM,GAAG,YAAY,IAAI,mBAAmB,WAAW,CAAC;AAE9D,MAAI;AACF,UAAM,MAAM,MAAM,WAAW,EAAE,IAAI,CAAC;AAEpC,QAAI,IAAI,WAAW,IAAK,QAAO,CAAC;AAChC,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI;AAAA,QACR,sBAAsB,IAAI,MAAM,SAAS,WAAW,MAAM,IAAI,IAAI;AAAA,MACpE;AAAA,IACF;AAEA,UAAM,OAAO,IAAI;AACjB,WAAO,OAAO,KAAK,KAAK,QAAQ;AAAA,EAClC,SAAS,KAAK;AAEZ,QAAI,eAAe,SAAS,IAAI,QAAQ,SAAS,gBAAgB,GAAG;AAClE,YAAM;AAAA,IACR;AACA,WAAO,CAAC;AAAA,EACV;AACF;AA4BA,eAAsB,0BACpB,aACA,kBACA,qBACA,iBACgC;AAChC,QAAM,WAAW,MAAM,qBAAqB,WAAW;AACvD,MAAI,CAAC,SAAS,QAAQ;AACpB,WAAO;AAAA,MACL,YAAY,CAAC;AAAA,MACb,uBAAuB;AAAA,IACzB;AAAA,EACF;AAEA,QAAM,YAAY,OAAO,MAAM,gBAAgB;AAG/C,QAAM,aAAa,SAChB,OAAO,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,OAAO,IAAI,GAAG,mBAAmB,CAAC,EACnE,OAAO,CAAC,MAAM;AACb,QAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAI;AACF,aAAO,CAAC,OAAO,UAAU,GAAG,iBAAiB,EAAE,mBAAmB,MAAM,CAAC;AAAA,IAC3E,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF,CAAC,EACA,KAAK,OAAO,OAAO;AAEtB,MAAI,CAAC,WAAW,QAAQ;AACtB,WAAO;AAAA,MACL,YAAY,CAAC;AAAA,MACb,uBAAuB;AAAA,IACzB;AAAA,EACF;AAEA,QAAM,wBAA6D,CAAC;AAEpE,aAAW,aAAa,YAAY;AAClC,UAAM,QAAQ,qBAAqB,kBAAkB,SAAS;AAC9D,QAAI,CAAC,MAAO;AACZ,QAAI,CAAC,sBAAsB,KAAK,GAAG;AACjC,4BAAsB,KAAK,IAAI;AAAA,IACjC;AAAA,EACF;AAEA,QAAM,cACJ,sBAAsB,SAAS,sBAAsB,SAAS,sBAAsB;AAEtF,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,uBAAuB;AAAA,IACzB;AAAA,EACF;AAEA,QAAM,eAAe,qBAAqB,kBAAkB,WAAW;AACvE,QAAM,wBACJ,CAAC,sBAAsB,SACvB,CAAC,sBAAsB,SACvB,QAAQ,sBAAsB,KAAK;AAErC,MAAI,CAAC,aAAa,CAAC,cAAc;AAC/B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,YAAY;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,EACF;AACF;AAEA,SAAS,qBACP,kBACA,kBAC8B;AAC9B,QAAM,YAAY,OAAO,MAAM,gBAAgB;AAC/C,QAAM,YAAY,OAAO,MAAM,gBAAgB;AAE/C,MAAI,CAAC,aAAa,CAAC,UAAW,QAAO;AACrC,MAAI,UAAU,QAAQ,UAAU,MAAO,QAAO;AAC9C,MAAI,UAAU,QAAQ,UAAU,MAAO,QAAO;AAC9C,MAAI,UAAU,QAAQ,UAAU,SAAS,UAAU,YAAY,UAAU,SAAS;AAChF,WAAO;AAAA,EACT;AAEA,SAAO;AACT;;;ACtLA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAAC,eAAc,iBAAAC,sBAAqB;AAC5C,SAAS,SAAAC,cAAa;AACtB,OAAOC,aAAY;;;ACXnB,SAAS,OAAO,UAAU;AAC1B,SAAS,QAAAC,aAAY;AAYrB,eAAe,MAAM,IAA2B;AAC9C,QAAM,IAAI,QAAQ,CAACC,aAAY,WAAWA,UAAS,EAAE,CAAC;AACxD;AAEA,eAAsB,gBAAgB,KAAa,UAA2B,CAAC,GAAsB;AACnG,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,eAAe,QAAQ,gBAAgB;AAC7C,QAAM,WAAWD,MAAK,KAAK,mBAAmB,OAAO;AACrD,QAAM,WAAWA,MAAK,KAAK,mBAAmB,SAAS,kBAAkB;AACzE,QAAM,YAAY,KAAK,IAAI;AAE3B,QAAM,MAAM,UAAU,EAAE,WAAW,KAAK,CAAC;AAEzC,SAAO,MAAM;AACX,QAAI;AACF,YAAM,MAAM,UAAU,EAAE,WAAW,MAAM,CAAC;AAC1C,aAAO;AAAA,QACL;AAAA,QACA,SAAS,YAAY;AACnB,gBAAM,GAAG,UAAU,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,QACrD;AAAA,MACF;AAAA,IACF,QAAQ;AACN,UAAI,KAAK,IAAI,IAAI,YAAY,WAAW;AACtC,cAAM,IAAI,MAAM,4CAA4C,QAAQ,GAAG;AAAA,MACzE;AACA,YAAM,MAAM,YAAY;AAAA,IAC1B;AAAA,EACF;AACF;AAEA,eAAsB,aAAgB,KAAa,IAAsB,SAAuC;AAC9G,QAAM,OAAO,MAAM,gBAAgB,KAAK,OAAO;AAC/C,MAAI;AACF,WAAO,MAAM,GAAG;AAAA,EAClB,UAAE;AACA,UAAM,KAAK,QAAQ;AAAA,EACrB;AACF;;;ADlBO,IAAM,uBAAuBE,MAAK;AAAA,EACvC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,KAAKA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IACrE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,aAAaA,GAAE,OAAO,EAAE,SAAS,4BAA4B;AAAA,IAC7D,aAAaA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IAC7E,WAAWA,GAAE,OAAO,EAAE,SAAS,uCAAuC;AAAA,IACtE,QAAQA,GAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0CAA0C;AAAA,IACtF,QAAQA,GACL,OAAO,EACP,SAAS,EACT,SAAS,8CAA8C;AAAA,IAC1D,UAAUA,GACP,QAAQ,EACR,QAAQ,KAAK,EACb,SAAS,qDAAqD;AAAA,IACjE,aAAaA,GAAE,KAAK,CAAC,YAAY,kBAAkB,eAAe,CAAC,EAAE,SAAS;AAAA,IAC9E,sBAAsBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC3C,uBAAuBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC5C,WAAWA,GAAE,OAAO,EAAE,SAAS;AAAA,EACjC,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAA4B;AAC1B,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,UAAUC,MAAK,KAAK,cAAc;AACxC,UAAM,eAAe,WAAW,KAAK,MAAM;AAC3C,UAAM,qBAAqB;AAAA,MACzB,GAAG,aAAa;AAAA,MAChB,aAAa,eAAe,aAAa,aAAa;AAAA,MACtD,sBAAsB,wBAAwB,aAAa,aAAa;AAAA,MACxE,uBAAuB,yBAAyB,aAAa,aAAa;AAAA,MAC1E,WAAW,aAAa,aAAa,aAAa;AAAA,IACpD;AACA,UAAM,YAAY,OAAO,SAAS,MAAM,oBAAoB,GAAG,IAAI;AACnE,UAAM,iBAAiB,sBAAsB,IAAI,oBAAoB,SAAS;AAC9E,UAAM,cAAc,mBAAmB,IAAI,kBAAkB;AAC7D,UAAM,gBAAgB,qBAAqB,IAAI,kBAAkB;AAEjE,QAAI,CAAC,iBAAiB,cAAc,WAAW,GAAG;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,uCAAuC,WAAW;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,cACJC,QAAO,MAAM,WAAW,KACxBA,QAAO,MAAM,SAAS,KACtBA,QAAO,MAAM,SAAS,IAAIA,QAAO,MAAM,WAAW;AAEpD,QAAI,eAAe,CAAC,aAAa,iBAAiB;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,kCAAkC,WAAW,MAAM,WAAW,OAAO,SAAS;AAAA,MACzF;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,gBAAU,KAAK,MAAMC,cAAa,SAAS,MAAM,CAAC;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,mCAAmC,OAAO;AAAA,MACrD;AAAA,IACF;AAGA,UAAM,WAAY,CAAC,gBAAgB,mBAAmB,kBAAkB,EAAiB;AAAA,MACvF,CAAC,MAAM,QAAQ,CAAC,IAAI,WAAW,MAAM;AAAA,IACvC;AAEA,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,IAAI,WAAW;AAAA,MAC1B;AAAA,IACF;AAEA,UAAM,eAAe,QAAQ,QAAQ,EAAG,WAAW;AAGnD,UAAM,cAAc,aAAa,MAAM,UAAU;AACjD,UAAM,SAAS,cAAc,CAAC,KAAK;AACnC,UAAM,WAAW,GAAG,MAAM,GAAG,SAAS;AAEtC,QAAI,QAAQ;AACV,YAAM,aAAa,eAAe,KAAK,GAAG;AAC1C,YAAM,UAAU,YAAY,KAAK,GAAG;AACpC,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,0BAA0B,QAAQ,IAAI,WAAW,MAAM,YAAY,SAAS,QAAQ,eAAe,UAAU,GAAG,WAAW,QAAQ,OAAO,KAAK,EAAE,GAAG,cAAc,SAAS,IAAI,QAAQ,cAAc,KAAK,GAAG,CAAC,mBAAmB,EAAE;AAAA,MAC9O;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,YAAY;AAEnC,cAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,MAAAC,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAGtE,UAAI;AACF,cAAM,CAAC,YAAY,GAAG,WAAW,IAAI;AACrC,cAAMC,OAAM,YAAY,aAAa;AAAA,UACnC;AAAA,UACA,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,KAAK;AAEZ,gBAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,QAAAD,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO;AAAA,UACL;AAAA,UACA,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,kBAAkB;AAAA,UAClB,SAAS,GAAG,eAAe,KAAK,GAAG,CAAC,2BAA2B,WAAW,QAAQ,SAAS,sBAAsB,OAAO;AAAA,QAC1H;AAAA,MACF;AAEA,UAAI,UAAU;AACZ,YAAI;AACF,gBAAM,CAAC,SAAS,GAAG,QAAQ,IAAI;AAC/B,gBAAMC,OAAM,SAAS,UAAU;AAAA,YAC7B;AAAA,YACA,OAAO;AAAA,UACT,CAAC;AAAA,QACH,SAAS,KAAK;AAEZ,kBAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,UAAAD,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,cAAI;AACF,kBAAM,CAAC,aAAa,GAAG,YAAY,IAAI;AACvC,kBAAMC,OAAM,aAAa,cAAc;AAAA,cACrC;AAAA,cACA,OAAO;AAAA,YACT,CAAC;AAAA,UACH,QAAQ;AAAA,UAER;AAEA,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,iBAAO;AAAA,YACL;AAAA,YACA,UAAU;AAAA,YACV;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,kBAAkB;AAAA,YAClB,SAAS,GAAG,YAAY,KAAK,GAAG,CAAC,4BAA4B,WAAW,QAAQ,SAAS,oBAAoB,YAAY,YAAY,OAAO;AAAA,UAC9I;AAAA,QACF;AAAA,MACF;AAEA,UAAI,aAAa;AACjB,UAAI;AACF,cAAM,CAAC,WAAW,GAAG,UAAU,IAAI;AACnC,cAAMA,OAAM,WAAW,YAAY;AAAA,UACjC;AAAA,UACA,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,qBAAa,oBAAoB,cAAc,KAAK,GAAG,CAAC,YAAY,OAAO;AAAA,MAC7E;AAEA,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,0BAA0B,WAAW,UAAU,WAAW,OAAO,SAAS,SAAS,eAAe,KAAK,GAAG,CAAC,GAAG,WAAW,gBAAgB,YAAY,KAAK,GAAG,CAAC,KAAK,EAAE,IAAI,UAAU;AAAA,MAC9L;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;AElQD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAAC,eAAc,iBAAAC,sBAAqB;AAC5C,SAAS,SAAAC,cAAa;AACtB,OAAOC,aAAY;;;ACLnB,SAAS,SAAAC,cAAa;AAoBtB,eAAsB,uBACpB,KACA,IACA,aACA,aAC6B;AAC7B,MAAI;AACF,UAAM,aAAa,kBAAkB,IAAI,aAAa,WAAW;AACjE,UAAM,CAAC,QAAQ,GAAG,OAAO,IAAI;AAC7B,UAAM,SAAS,MAAMC,OAAM,QAAQ,SAAS;AAAA,MAC1C;AAAA,MACA,OAAO;AAAA,MACP,QAAQ;AAAA,IACV,CAAC;AAED,UAAM,SAAS,CAAC,OAAO,QAAQ,OAAO,MAAM,EACzC,OAAO,OAAO,EACd,KAAK,IAAI,EACT,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,QAAI,OAAO,WAAW,EAAG,QAAO;AAChC,WAAO,OAAO,MAAM,GAAG,CAAC,EAAE,KAAK,KAAK;AAAA,EACtC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,sBAAsB,gBAAwC;AAC5E,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AACtC,SAAO;AACT;AAEO,SAAS,iBACd,SACA,gBACA,aACoB;AACpB,MAAI,mBAAmB,MAAO,QAAO,QAAQ,YAAY,WAAW;AACpE,MAAI,mBAAmB,OAAQ,QAAO,QAAQ,MAAM,YAAY,WAAW;AAC3E,SAAO,QAAQ,cAAc,WAAW;AAC1C;AAEO,SAAS,iBACd,SACA,gBACA,aACA,SACM;AACN,MAAI,mBAAmB,OAAO;AAC5B,YAAQ,YAAY,EAAE,GAAI,QAAQ,aAAa,CAAC,GAAI,CAAC,WAAW,GAAG,QAAQ;AAC3E;AAAA,EACF;AAEA,MAAI,mBAAmB,QAAQ;AAC7B,YAAQ,OAAO;AAAA,MACb,GAAI,QAAQ,QAAQ,CAAC;AAAA,MACrB,WAAW;AAAA,QACT,GAAI,QAAQ,MAAM,aAAa,CAAC;AAAA,QAChC,CAAC,WAAW,GAAG;AAAA,MACjB;AAAA,IACF;AACA;AAAA,EACF;AAEA,UAAQ,cAAc,EAAE,GAAI,QAAQ,eAAe,CAAC,GAAI,CAAC,WAAW,GAAG,QAAQ;AACjF;AAEO,SAAS,qBACd,SACA,gBACA,aACA,eACM;AACN,MAAI,mBAAmB,OAAO;AAC5B,YAAQ,YAAY,cAAc,QAAQ,WAAW,aAAa,aAAa;AAC/E;AAAA,EACF;AAEA,MAAI,mBAAmB,QAAQ;AAC7B,YAAQ,OAAO;AAAA,MACb,GAAI,QAAQ,QAAQ,CAAC;AAAA,MACrB,WAAW,cAAc,QAAQ,MAAM,WAAW,aAAa,aAAa;AAAA,IAC9E;AACA,QAAI,CAAC,QAAQ,KAAK,WAAW;AAC3B,aAAO,QAAQ,KAAK;AAAA,IACtB;AACA,QAAI,OAAO,KAAK,QAAQ,IAAI,EAAE,WAAW,GAAG;AAC1C,aAAO,QAAQ;AAAA,IACjB;AACA;AAAA,EACF;AAEA,UAAQ,cAAc,cAAc,QAAQ,aAAa,aAAa,aAAa;AACrF;AAEA,SAAS,cACP,QACA,KACA,eACoC;AACpC,QAAM,aAAa,EAAE,GAAI,UAAU,CAAC,EAAG;AAEvC,MAAI,kBAAkB,QAAW;AAC/B,WAAO,WAAW,GAAG;AAAA,EACvB,OAAO;AACL,eAAW,GAAG,IAAI;AAAA,EACpB;AAEA,SAAO,OAAO,KAAK,UAAU,EAAE,SAAS,IAAI,aAAa;AAC3D;;;AD1GO,IAAM,2BAA2BC,MAAK;AAAA,EAC3C,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,KAAKA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IACrE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,aAAaA,GAAE,OAAO,EAAE,SAAS,6BAA6B;AAAA,IAC9D,UAAUA,GACP,OAAO,EACP,SAAS,EACT,SAAS,gFAAgF;AAAA,IAC5F,aAAaA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IAC7E,WAAWA,GAAE,OAAO,EAAE,SAAS,wCAAwC;AAAA,IACvE,QAAQA,GAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0CAA0C;AAAA,IACtF,QAAQA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS,8CAA8C;AAAA,IACrF,UAAUA,GAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0DAA0D;AAAA,IACxG,aAAaA,GAAE,KAAK,CAAC,YAAY,kBAAkB,eAAe,CAAC,EAAE,SAAS;AAAA,IAC9E,sBAAsBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC3C,uBAAuBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC5C,WAAWA,GAAE,OAAO,EAAE,SAAS;AAAA,EACjC,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAA4B;AAC1B,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,UAAUC,MAAK,KAAK,cAAc;AACxC,UAAM,eAAe,WAAW,KAAK,MAAM;AAC3C,UAAM,qBAAqB;AAAA,MACzB,GAAG,aAAa;AAAA,MAChB,aAAa,eAAe,aAAa,aAAa;AAAA,MACtD,sBAAsB,wBAAwB,aAAa,aAAa;AAAA,MACxE,uBAAuB,yBAAyB,aAAa,aAAa;AAAA,MAC1E,WAAW,aAAa,aAAa,aAAa;AAAA,IACpD;AACA,UAAM,YAAY,OAAO,SAAS,MAAM,oBAAoB,GAAG,IAAI;AACnE,UAAM,iBAAiB,sBAAsB,IAAI,oBAAoB,SAAS;AAC9E,UAAM,cAAc,mBAAmB,IAAI,kBAAkB;AAC7D,UAAM,gBAAgB,qBAAqB,IAAI,kBAAkB;AACjE,UAAM,mBAAmB,UAAU,KAAK,KAAK;AAE7C,QAAI,CAAC,iBAAiB,cAAc,WAAW,GAAG;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,uCAAuC,WAAW;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,cACJC,QAAO,MAAM,WAAW,KACxBA,QAAO,MAAM,SAAS,KACtBA,QAAO,MAAM,SAAS,IAAIA,QAAO,MAAM,WAAW;AAEpD,QAAI,eAAe,CAAC,aAAa,iBAAiB;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,sCAAsC,WAAW,MAAM,WAAW,OAAO,SAAS;AAAA,MAC7F;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,gBAAU,KAAK,MAAMC,cAAa,SAAS,MAAM,CAAC;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,mCAAmC,OAAO;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,gBAAgB,sBAAsB,EAAE;AAC9C,UAAM,gBAAgB,iBAAiB,SAAS,IAAI,gBAAgB;AAEpE,UAAM,kBAAkB,MAAM,uBAAuB,KAAK,IAAI,aAAa,kBAAkB;AAC7F,UAAM,wBAAwB,kBAAkB,sBAAsB,eAAe,KAAK;AAE1F,QAAI,QAAQ;AACV,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,uBAAuB,aAAa,IAAI,gBAAgB,QAAQ,SAAS,eAAe,eAAe,KAAK,GAAG,CAAC,GAAG,WAAW,QAAQ,YAAY,KAAK,GAAG,CAAC,KAAK,EAAE,GAAG,cAAc,SAAS,IAAI,QAAQ,cAAc,KAAK,GAAG,CAAC,mBAAmB,EAAE,IAAI,qBAAqB;AAAA,MACxR;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,YAAY;AACnC,uBAAiB,SAAS,IAAI,kBAAkB,SAAS;AACzD,MAAAC,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,UAAI;AACF,cAAM,CAAC,YAAY,GAAG,WAAW,IAAI;AACrC,cAAMC,OAAM,YAAY,aAAa,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,MAC7D,SAAS,KAAK;AACZ,6BAAqB,SAAS,IAAI,kBAAkB,aAAa;AACjE,QAAAD,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AACtE,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO;AAAA,UACL;AAAA,UACA,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,kBAAkB;AAAA,UAClB,SAAS,GAAG,eAAe,KAAK,GAAG,CAAC,0BAA0B,aAAa,SAAS,gBAAgB,QAAQ,SAAS,sBAAsB,OAAO,GAAG,qBAAqB;AAAA,QAC5K;AAAA,MACF;AAEA,UAAI,UAAU;AACZ,YAAI;AACF,gBAAM,CAAC,SAAS,GAAG,QAAQ,IAAI;AAC/B,gBAAMC,OAAM,SAAS,UAAU,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,QACvD,SAAS,KAAK;AACZ,+BAAqB,SAAS,IAAI,kBAAkB,aAAa;AACjE,UAAAD,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,cAAI;AACF,kBAAM,CAAC,aAAa,GAAG,YAAY,IAAI;AACvC,kBAAMC,OAAM,aAAa,cAAc,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,UAC/D,QAAQ;AAAA,UAER;AAEA,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,iBAAO;AAAA,YACL;AAAA,YACA,UAAU;AAAA,YACV;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,kBAAkB;AAAA,YAClB,SAAS,GAAG,YAAY,KAAK,GAAG,CAAC,0BAA0B,aAAa,SAAS,gBAAgB,QAAQ,SAAS,sBAAsB,OAAO,GAAG,qBAAqB;AAAA,UACzK;AAAA,QACF;AAAA,MACF;AAEA,UAAI,aAAa;AACjB,UAAI;AACF,cAAM,CAAC,WAAW,GAAG,UAAU,IAAI;AACnC,cAAMA,OAAM,WAAW,YAAY,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,MAC3D,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,qBAAa,oBAAoB,cAAc,KAAK,GAAG,CAAC,YAAY,OAAO;AAAA,MAC7E;AAEA,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,wBAAwB,aAAa,SAAS,gBAAgB,UAAU,WAAW,OAAO,SAAS,cAAc,eAAe,KAAK,GAAG,CAAC,GAAG,WAAW,eAAe,YAAY,KAAK,GAAG,CAAC,KAAK,EAAE,IAAI,UAAU,GAAG,qBAAqB;AAAA,MACnP;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;AElND,eAAsB,qBAAqB,QAeS;AAClD,QAAM,EAAE,YAAY,KAAK,gBAAgB,QAAQ,QAAQ,UAAU,YAAY,IAAI;AACnF,QAAM,MAAM,WAAW;AACvB,QAAM,sBAAsB,WAAW,SAAS;AAEhD,MAAI,IAAI,SAAS,YAAY;AAC3B,QAAI,YAAY,wBAAwB;AACtC,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,2DAA2D,IAAI,IAAI;AAAA,QAC9E;AAAA,MACF;AAAA,IACF;AAEA,QAAI,YAAY,mBAAmB;AACjC,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,0EAA0E,IAAI,IAAI;AAAA,QAC7F;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,wCAAwC,IAAI,IAAI;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAEA,UAAMC,eAAc,MAAM;AAAA,MACxB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,WAAW,SAAS;AAAA,IACtB;AAEA,QAAI,CAACA,aAAY,aAAa;AAC5B,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,sCAAsC,IAAI,IAAI;AAAA,QACzD;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAkB,MAAO,yBAAiC,QAAQ;AAAA,MACtE;AAAA,MACA;AAAA,MACA,aAAa,IAAI;AAAA,MACjB,aAAa,IAAI;AAAA,MACjB,WAAWA,aAAY;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,YAAY;AAAA,MACzB,sBAAsB,YAAY;AAAA,MAClC,uBAAuB,YAAY;AAAA,MACnC,WAAW,YAAY;AAAA,IACzB,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,CAAC,qBAAqB;AACxB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,QACN,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,wCAAwC,IAAI,IAAI;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,MAAM;AAAA,IACxB,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ;AAAA,IACA,WAAW,SAAS;AAAA,EACtB;AAEA,MAAI,CAAC,YAAY,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,QACN,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,qCAAqC,IAAI,IAAI;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAe,MAAO,qBAA6B,QAAQ;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,aAAa,IAAI;AAAA,IACjB,aAAa,IAAI;AAAA,IACjB,WAAW,YAAY;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa,YAAY;AAAA,IACzB,sBAAsB,YAAY;AAAA,IAClC,uBAAuB,YAAY;AAAA,IACnC,WAAW,YAAY;AAAA,EACzB,CAAC;AAED,SAAO;AAAA,IACL,OAAO;AAAA,IACP,QAAQ;AAAA,EACV;AACF;;;ACpKA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,SAAAC,QAAO,WAAAC,UAAS,YAAAC,WAAU,MAAAC,WAAU;AAC7C,SAAS,QAAAC,cAAY;AACrB,SAAS,SAAAC,cAAa;AAYf,IAAM,yBAAyBP,MAAK;AAAA,EACzC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GACV,OAAO,EACP,IAAI,CAAC,EACL,SAAS,yDAAyD;AAAA,IACrE,SAASA,GACN,OAAO,EACP,MAAM,kBAAkB,gCAAgC,EACxD,SAAS,mCAAmC;AAAA,IAC/C,cAAcA,GACX,MAAMA,GAAE,OAAO,CAAC,EAChB,SAAS,EACT,QAAQ,CAAC,QAAQ,MAAM,CAAC,EACxB;AAAA,MACC;AAAA,IACF;AAAA,EACJ,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAyC;AACvC,UAAM,cAAc,2BAA2B,KAAK,IAAI,CAAC;AACzD,UAAM,aAAaK,OAAK,aAAa,KAAK;AAE1C,QAAI;AAEF,YAAM,SAAS,8BAA8B,WAAW,MAAM,YAAY,MAAM,GAAG,EAAE,IAAI,CAAC,IAAI,OAAO;AAGrG,YAAMJ,OAAM,aAAa,EAAE,WAAW,KAAK,CAAC;AAG5C,YAAM,cAAcI,OAAK,aAAa,aAAa;AACnD,YAAMC,OAAM,QAAQ,CAAC,MAAM,MAAM,aAAa,MAAM,CAAC;AAGrD,YAAML,OAAM,YAAY,EAAE,WAAW,KAAK,CAAC;AAC3C,YAAMK,OAAM,OAAO,CAAC,QAAQ,aAAa,MAAM,UAAU,CAAC;AAG1D,YAAM,oBAAoB,MAAMJ,SAAQ,UAAU;AAClD,YAAM,iBAAiB,kBAAkB,SAAS,SAAS,IACvDG,OAAK,YAAY,SAAS,IAC1B;AAGJ,YAAM,aAAqC,CAAC;AAE5C,qBAAe,QAAQ,KAAa,cAAqC;AACvE,YAAI;AACF,gBAAM,QAAQ,MAAMH,SAAQ,KAAK,EAAE,eAAe,KAAK,CAAC;AAExD,qBAAW,QAAQ,OAAO;AACxB,kBAAM,WAAWG,OAAK,KAAK,KAAK,IAAI;AACpC,kBAAM,UAAUA,OAAK,cAAc,KAAK,IAAI;AAE5C,gBAAI,KAAK,YAAY,GAAG;AAEtB,kBACE,CAAC;AAAA,gBACC;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF,EACG,SAAS,KAAK,IAAI,GACrB;AACA,sBAAM,QAAQ,UAAU,OAAO;AAAA,cACjC;AAAA,YACF,WAAW,KAAK,OAAO,GAAG;AAExB,oBAAM,UAAU,aAAc,KAAK,CAAC,YAAY;AAC9C,sBAAM,QAAQ,IAAI;AAAA,kBAChB,IAAI,QAAQ,QAAQ,OAAO,IAAI,EAAE,QAAQ,OAAO,KAAK,CAAC;AAAA,gBACxD;AACA,uBAAO,MAAM,KAAK,KAAK,IAAI;AAAA,cAC7B,CAAC;AAED,kBAAI,SAAS;AACX,oBAAI;AACF,wBAAM,UAAU,MAAMF,UAAS,UAAU,MAAM;AAC/C,6BAAW,OAAO,IAAI;AAAA,gBACxB,QAAQ;AAAA,gBAER;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAEA,YAAM,QAAQ,gBAAgB,EAAE;AAEhC,UAAI,OAAO,KAAK,UAAU,EAAE,WAAW,GAAG;AACxC,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,sCAAsC,aAAc,KAAK,IAAI,CAAC,cAAc,WAAW,IAAI,OAAO;AAAA,QAC3G;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,aAAa;AAAA,QACb,YAAY;AAAA,MACd;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAGjD,UAAI,QAAQ,SAAS,KAAK,KAAK,QAAQ,SAAS,WAAW,GAAG;AAC5D,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,WAAW,WAAW,IAAI,OAAO;AAAA,QAC1C;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,uCAAuC,WAAW,IAAI,OAAO,KAAK,OAAO;AAAA,MAClF;AAAA,IACF,UAAE;AACA,YAAMC,IAAG,aAAa,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AACF,CAAC;;;ACtJD,SAAS,QAAAG,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,oBAAoB;;;ACE7B,IAAM,6BAAqD;AAAA,EACzD,OACE;AAAA,EACF,kBACE;AAAA,EACF,kBACE;AAAA,EACF,SACE;AACJ;AAEO,SAAS,iBAAiB,QAAwC;AACvE,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,OAAO,QAAQ,WAAW,EAC7C,IAAI,CAAC,CAAC,UAAU,OAAO,MAAM;AAAA,YAAe,QAAQ;AAAA;AAAA,EAAuB,OAAO;AAAA,OAAU,EAC5F,KAAK,IAAI;AAEZ,QAAM,uBACJ,2BAA2B,qBAAqB,KAChD,2BAA2B;AAE7B,QAAM,uBACJ,qBAAqB,eACjB,2DACA,qBAAqB,cACnB,gEACA;AAER,SAAO;AAAA;AAAA;AAAA,YAGG,KAAK;AAAA,aACJ,WAAW,IAAI,iBAAiB;AAAA,cAC/B,qBAAqB;AAAA;AAAA;AAAA,EAGjC,UAAU;AAAA;AAAA;AAAA,EAGV,oBAAoB;AAAA;AAAA;AAAA,EAGpB,oBAAoB;AAAA;AAAA;AAAA,EAGpB,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA0Bf;;;ACxEO,SAAS,yBAAyB,MAER;AAC/B,MAAI;AACF,UAAM,YAAY,KAAK,MAAM,aAAa;AAC1C,QAAI,CAAC,WAAW;AACd,aAAO,EAAE,IAAI,OAAO,OAAO,gCAAgC;AAAA,IAC7D;AACA,WAAO,EAAE,IAAI,MAAM,UAAU,KAAK,MAAM,UAAU,CAAC,CAAC,EAAiB;AAAA,EACvE,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU;AACzD,WAAO,EAAE,IAAI,OAAO,OAAO,QAAQ;AAAA,EACrC;AACF;AAEO,SAAS,mBAAmB,UAAgC;AACjE,SAAO;AAAA,IACL,SAAS,YACP,SAAS,aACT,OAAO,SAAS,eAAe,YAC/B,CAAC,OAAO,UAAU,MAAM,EAAE,SAAS,SAAS,SAAS;AAAA,EACzD;AACF;AAEO,SAAS,sBACd,aACA,iBACkB;AAClB,QAAM,UAA4B,CAAC;AAEnC,aAAW,CAAC,UAAU,SAAS,KAAK,OAAO,QAAQ,eAAe,GAAG;AACnE,UAAM,aAAa,YAAY,QAAQ;AACvC,QAAI,CAAC,YAAY;AACf;AAAA,IACF;AAEA,UAAM,cAAc,oBAAoB,YAAY,WAAW,QAAQ;AACvE,QAAI,aAAa;AACf,cAAQ,KAAK,EAAE,UAAU,YAAY,CAAC;AAAA,IACxC;AAAA,EACF;AAEA,SAAO;AACT;AAMO,SAAS,oBACd,UACA,OACA,UACe;AACf,MAAI,aAAa,OAAO;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB,SAAS,MAAM,IAAI;AACzC,QAAM,aAAa,MAAM,MAAM,IAAI;AAEnC,QAAM,OAAiB,CAAC;AACxB,OAAK,KAAK,SAAS,QAAQ,EAAE;AAC7B,OAAK,KAAK,SAAS,QAAQ,EAAE;AAC7B,OAAK,KAAK,SAAS,cAAc,MAAM,OAAO,WAAW,MAAM,KAAK;AAEpE,QAAM,SAAS,KAAK,IAAI,cAAc,QAAQ,WAAW,MAAM;AAE/D,WAAS,IAAI,GAAG,IAAI,QAAQ,KAAK;AAC/B,UAAM,WAAW,cAAc,CAAC,KAAK;AACrC,UAAM,YAAY,WAAW,CAAC,KAAK;AAEnC,QAAI,aAAa,WAAW;AAC1B,UAAI,UAAU;AACZ,aAAK,KAAK,IAAI,QAAQ,EAAE;AAAA,MAC1B;AACA,UAAI,WAAW;AACb,aAAK,KAAK,IAAI,SAAS,EAAE;AAAA,MAC3B;AAAA,IACF,WAAW,UAAU;AACnB,WAAK,KAAK,IAAI,QAAQ,EAAE;AAAA,IAC1B;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,IAAI;AACvB;;;AF/DO,IAAM,oBAAoBC,MAAK;AAAA,EACpC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sBAAsB;AAAA,IAC9D,mBAAmBA,GAChB,OAAO,EACP,SAAS,+BAA+B;AAAA,IAC3C,OAAOA,GACJ,OAAO,EACP,MAAM,kBAAkB,EACxB,SAAS,+BAA+B;AAAA,IAC3C,YAAYA,GAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,4BAA4B;AAAA,IACpE,aAAaA,GACV,OAAOA,GAAE,OAAO,CAAC,EACjB;AAAA,MACC;AAAA,IACF;AAAA,IACF,uBAAuBA,GACpB,KAAK,CAAC,SAAS,kBAAkB,kBAAkB,SAAS,CAAC,EAC7D,SAAS,EACT,QAAQ,SAAS,EACjB,SAAS,kDAAkD;AAAA,IAC9D,QAAQA,GACL,QAAQ,EACR,SAAS,EACT,QAAQ,KAAK,EACb,SAAS,qDAAqD;AAAA,IACjE,aAAaA,GACV,KAAK,CAAC,UAAU,OAAO,CAAC,EACxB,SAAS,EACT,SAAS,iDAAiD;AAAA,IAC7D,OAAOA,GACJ,OAAO,EACP,SAAS,EACT,SAAS,8CAA8C;AAAA,IAC1D,QAAQA,GACL,OAAO,EACP,SAAS,EACT,SAAS,wDAAwD;AAAA,IACpE,KAAKA,GACF,OAAO,EACP,SAAS,EACT,SAAS,wDAAwD;AAAA,IACpE,uBAAuBA,GACpB,KAAK,CAAC,UAAU,SAAS,CAAC,EAC1B,SAAS,EACT,SAAS,mDAAmD;AAAA,IAC/D,2BAA2BA,GACxB,OAAO;AAAA,MACN,KAAKA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,MACvC,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,MAC1C,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC1C,CAAC,EACA,SAAS,EACT,SAAS,8DAA8D;AAAA,IAC1E,qBAAqBA,GAClB,QAAQ,EACR,SAAS,EACT,SAAS,4CAA4C;AAAA,IACxD,8BAA8BA,GAC3B,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,EACT,SAAS,qCAAqC;AAAA,IACjD,kBAAkBA,GACf,KAAK,CAAC,cAAc,aAAa,UAAU,CAAC,EAC5C,SAAS,EACT,SAAS,kDAAkD;AAAA,EAChE,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAoC;AAClC,QAAI;AACF,YAAM,sBAAsB;AAC5B,YAAM,mBAAmB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,WAAW,gBAAgB,gBAAgB;AACjD,UAAI,OAAO,KAAK,mBAAmB,EAAE,WAAW,GAAG;AACjD,eAAO;AAAA,UACL,SAAS;AAAA,UACT,aAAa;AAAA,UACb,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,aAAa,KAAK,UAAU,mBAAmB,EAAE,SAAS,WAAW;AAC3E,YAAM,gBAAgB,MAAM,YAAY,kBAAkB,EAAE,WAAW,CAAC;AACxE,YAAM,YAAY,cAAc,WAAW;AAE3C,YAAM,SAAS,iBAAiB;AAAA,QAC9B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MACF,CAAC;AAED,YAAM,UAAU,KAAK,IAAI;AACzB,YAAM,EAAE,KAAK,IAAI,MAAM,aAAa;AAAA,QAClC,OAAO;AAAA,QACP;AAAA,QACA,aAAa;AAAA,MACf,CAAC;AACD,YAAM,YAAY,KAAK,IAAI,IAAI;AAE/B,YAAM,SAAS,yBAAyB,IAAI;AAC5C,UAAI,CAAC,OAAO,IAAI;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,aAAa;AAAA,UACb,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX;AAAA,UACA,OAAO,iCAAiC,OAAO,KAAK;AAAA,QACtD;AAAA,MACF;AACA,YAAM,WAAW,OAAO;AAExB,UAAI,CAAC,mBAAmB,QAAQ,GAAG;AACjC,eAAO;AAAA,UACL,SAAS;AAAA,UACT,aAAa;AAAA,UACb,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX;AAAA,UACA,OAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,sBAAsB;AAAA,QAC1B;AAAA,QACA,yBAAyB;AAAA,QACzB,SAAS;AAAA,QACT;AAAA,MACF;AACA,YAAM,mBAAmB,qBAAqB;AAAA,QAC5C;AAAA,QACA,aAAa,OAAO;AAAA,QACpB,iBAAiB,KAAK;AAAA,MACxB,CAAC;AAED,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT,aAAa;AAAA,UACb,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA;AAAA,UACA,YAAY,SAAS;AAAA,UACrB,WAAW,SAAS;AAAA,QACtB;AAAA,MACF;AAEA,YAAM,UAAU,sBAAsB,qBAAqB,SAAS,SAAS;AAE7E,UAAI,QAAQ,WAAW,GAAG;AACxB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,aAAa;AAAA,UACb,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA;AAAA,UACA,YAAY,SAAS;AAAA,UACrB,WAAW,SAAS;AAAA,UACpB,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA,cAAc,QAAQ,CAAC,GAAG;AAAA,QAC1B,aAAa;AAAA,QACb,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY,SAAS;AAAA,QACrB,WAAW,SAAS;AAAA,MACtB;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AACjD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,aAAa;AAAA,QACb,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,OAAO,4BAA4B,OAAO;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AGpQD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,SAAAC,QAAO,aAAAC,kBAAiB;AACjC,SAAS,QAAAC,cAAY;AACrB,SAAS,SAAAC,cAAa;;;ACXtB,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,SAAS,YAAAC,WAAU,MAAAC,KAAI,iBAAiB;AACjD,SAAS,cAAc;AACvB,SAAS,QAAAC,cAAY;AACrB,SAAS,SAAAC,cAAa;AA8BtB,eAAsB,iBAAiB,gBAAgC,KAAiC;AACtG,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AAEtC,QAAM,QAAQ,MAAM,oBAAoB,GAAG;AAC3C,SAAO,SAAS,IAAI,gBAAgB;AACtC;AAEO,SAAS,qCAAqC,gBAAyC;AAC5F,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AACtC,SAAO;AACT;AAEO,SAAS,mBAAmB,aAAqB,mBAAmC;AACzF,QAAM,WAAW,YAAY,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,GAAG;AACjE,SAAO,GAAG,QAAQ,IAAI,iBAAiB;AACzC;AAEO,SAAS,oBAAoB,cAAgC;AAClE,SAAO,MAAM;AAAA,IACX,IAAI;AAAA,MACF,aACG,MAAM,OAAO,EACb,OAAO,CAAC,SAAS,KAAK,WAAW,QAAQ,CAAC,EAC1C,IAAI,CAAC,SAAS,KAAK,MAAM,SAAS,MAAM,CAAC;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,gBAAgB,cAA8B;AAC5D,SAAO,aACJ,MAAM,OAAO,EACb,OAAO,CAAC,SAAS,KAAK,WAAW,KAAK,CAAC,EAAE;AAC9C;AAEA,eAAsB,mBAAmB,kBAA0B,UAAwC;AACzG,QAAM,UAAU,kBAAkB,KAAK,UAAU,UAAU,MAAM,CAAC,IAAI,MAAM,MAAM;AACpF;AAEA,eAAsB,iCACpB,KACA,gBACgE;AAChE,QAAM,cAAcC,OAAK,KAAK,cAAc;AAC5C,MAAI;AAEJ,MAAI;AACF,cAAU,KAAK,MAAM,MAAMC,UAAS,aAAa,MAAM,CAAC;AAAA,EAC1D,QAAQ;AACN,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,kCAAkC,WAAW;AAAA,IACtD;AAAA,EACF;AAEA,QAAM,kBAAkB,QAAQ,mBAAmB,CAAC;AACpD,MAAI,CAAC,gBAAgB,eAAe,GAAG;AACrC,QAAI;AACF,YAAM,WAAW,0BAA0B,cAAc;AACzD,YAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS,WAAW,eAAe;AAC1D,YAAMC,OAAM,KAAK,MAAM;AAAA,QACrB;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,oCAAoC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,MAC7F;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ,SAAS;AACpB,YAAQ,UAAU,CAAC;AAAA,EACrB;AAEA,QAAM,gBAAgB;AACtB,QAAM,qBAAqB,QAAQ,QAAQ,eAAe;AAE1D,MAAI,sBAAsB,CAAC,mBAAmB,SAAS,eAAe,GAAG;AACvE,YAAQ,QAAQ,cAAc,GAAG,kBAAkB,OAAO,aAAa;AAAA,EACzE,WAAW,CAAC,oBAAoB;AAC9B,YAAQ,QAAQ,cAAc;AAAA,EAChC;AAEA,QAAM,UAAU,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAC5E,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,eAAsB,2BAA2B,KAAuD;AACtG,QAAM,OAAOF,OAAK,KAAK,cAAc;AAErC,MAAI;AACF,UAAM,UAAU,MAAMC,UAAS,MAAM,MAAM;AAC3C,WAAO,EAAE,MAAM,QAAQ;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,sBAAsB,QAQ1B;AAChB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAME,IAAG,eAAe,EAAE,OAAO,KAAK,CAAC,EAAE,MAAM,MAAM,MAAS;AAC9D,MAAI,kBAAkB;AACpB,UAAMA,IAAG,kBAAkB,EAAE,OAAO,KAAK,CAAC,EAAE,MAAM,MAAM,MAAS;AAAA,EACnE;AAEA,MAAI,cAAc,mBAAmB,qBAAqB;AACxD,UAAM,UAAU,oBAAoB,MAAM,oBAAoB,SAAS,MAAM,EAAE,MAAM,MAAM,MAAS;AAAA,EACtG;AAEA,MAAI,CAAC,aAAc;AAEnB,MAAI;AACF,UAAM,CAAC,YAAY,GAAG,WAAW,IAAI;AACrC,UAAMD,OAAM,YAAY,aAAa;AAAA,MACnC;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAAA,EACH,QAAQ;AAAA,EAER;AACF;AAEA,eAAsB,iBAAiB,QAO4B;AACjE,QAAM,EAAE,KAAK,aAAa,mBAAmB,cAAc,WAAW,iBAAiB,IAAI;AAC3F,QAAM,cAAc,GAAG,WAAW,IAAI,iBAAiB;AAEvD,QAAM,gBAAgB,cAAc,gBAAgB,SAAS;AAC7D,QAAM,aAAa,CAAC,SAAS,WAAW;AAExC,MAAI;AACJ,MAAI;AACF,UAAM,eAAe,MAAMA,OAAM,eAAe,YAAY;AAAA,MAC1D;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AACD,eAAW,sBAAsB,GAAG,aAAa,MAAM;AAAA,EAAK,aAAa,MAAM,EAAE;AAAA,EACnF,SAAS,KAAK;AACZ,qBAAiB,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,+CAA+C,WAAW,KAC/D,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,qBAAiB,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,OAAO,kDAAkD,WAAW;AAAA,IACtE,CAAC;AACD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,kDAAkD,WAAW;AAAA,IACtE;AAAA,EACF;AAEA,QAAM,eAAe,MAAM,QAAQF,OAAK,OAAO,GAAG,8BAA8B,CAAC;AACjF,QAAM,gBAAgBA,OAAK,cAAc,cAAc;AAEvD,MAAI;AACF,UAAM,UAAU,eAAe,cAAc,MAAM;AACnD,UAAME,OAAM,SAAS,CAAC,OAAO,MAAM,aAAa,GAAG;AAAA,MACjD,KAAK;AAAA,MACL,OAAO;AAAA,IACT,CAAC;AAED,UAAM,gBAAgB,cAAc,gBAAgB,SAAS;AAC7D,UAAM,aACJ,cAAc,gBACV,CAAC,gBAAgB,QAAQ,IACzB,CAAC,gBAAgB,MAAM,QAAQ;AAErC,UAAMA,OAAM,eAAe,YAAY;AAAA,MACrC;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,qBAAiB,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,oCAAoC,WAAW,KACpD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,IACF;AAAA,EACF,UAAE;AACA,UAAMC,IAAG,cAAc,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,EACzD;AAEA,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,SAAS,sBAAsB,QAAwB;AACrD,QAAM,QAAQ,OACX,MAAM,OAAO,EACb,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAIC,YAAW,IAAI,GAAG;AACpB,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,KAAK,MAAM,KAAK,EAAE,IAAI,CAAC,UAAU,MAAM,QAAQ,gBAAgB,EAAE,CAAC;AACjF,eAAW,SAAS,QAAQ;AAC1B,UAAI,MAAM,WAAW,GAAG,KAAKA,YAAW,KAAK,GAAG;AAC9C,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,uBAAuB,KAAa,aAAkD;AAC1G,MAAI;AACF,UAAM,CAAC,KAAK,GAAG,IAAI,IAAI;AACvB,UAAM,SAAS,MAAMF,OAAM,KAAK,MAAM;AAAA,MACpC;AAAA,MACA,SAAS;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AAED,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,cACJ,OAAO,QAAQ,YAAY,QAAQ,QAAQ,YAAY,MACnD,OAAQ,IAAgC,UAAU,EAAE,IACpD;AACN,UAAM,cAAc,mBAAmB,WAAW;AAElD,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OACE,YAAY,SAAS,IACjB,iBAAiB,YAAY,KAAK,IAAI,CAAC,KACvC;AAAA,MACN,QAAQ;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,QAA0B;AACpD,QAAM,cAAwB,CAAC;AAC/B,QAAM,WAAW;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,WAAW,UAAU;AAC9B,QAAI;AACJ,YAAQ,QAAQ,QAAQ,KAAK,MAAM,OAAO,MAAM;AAC9C,UAAI,MAAM,CAAC,GAAG;AACZ,oBAAY,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAEA,SAAO,YAAY,MAAM,GAAG,CAAC;AAC/B;;;ADlRO,IAAM,qBAAqBG,MAAK;AAAA,EACrC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sBAAsB;AAAA,IAC9D,mBAAmBA,GAChB,OAAO,EACP,SAAS,+BAA+B;AAAA,IAC3C,cAAcA,GACX,OAAO,EACP,IAAI,EAAE,EACN,SAAS,EACT,SAAS,gDAAgD;AAAA,IAC5D,OAAOA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS,qDAAqD;AAAA,IAC3F,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS,qDAAqD;AAAA,IAC9G,WAAWA,GAAE,KAAK,CAAC,OAAO,UAAU,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,yCAAyC;AAAA,IAC1G,SAASA,GACN;AAAA,MACCA,GAAE,OAAO;AAAA,QACP,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,QAC1B,aAAaA,GAAE,OAAO,EAAE,IAAI,EAAE;AAAA,MAChC,CAAC;AAAA,IACH,EACC,SAAS,EACT,SAAS,wDAAwD;AAAA,IACpE,YAAYA,GACT,OAAO,EACP,SAAS,EACT,QAAQ,WAAW,EACnB,SAAS,gCAAgC;AAAA,IAC5C,KAAKA,GAAE,OAAO,EAAE,SAAS,2CAA2C;AAAA,IACpE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,QAAQA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS,8CAA8C;AAAA,IACrF,aAAaA,GAAE,KAAK,CAAC,YAAY,kBAAkB,eAAe,CAAC,EAAE,SAAS;AAAA,IAC9E,sBAAsBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC3C,uBAAuBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC5C,WAAWA,GAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT,QAAQ,IAAI,EACZ,SAAS,2EAA2E;AAAA,IACvF,QAAQA,GAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK,EAAE,SAAS,yCAAyC;AAAA,EAClG,CAAC,EAAE,OAAO,CAAC,UAAU,QAAQ,MAAM,gBAAiB,MAAM,WAAW,MAAM,QAAQ,SAAS,CAAE,GAAG;AAAA,IAC/F,SAAS;AAAA,EACX,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAqC;AACnC,QAAI;AACF,YAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,YAAM,eAAe,WAAW,KAAK,MAAM;AAC3C,YAAM,qBAAqB;AAAA,QACzB,GAAG,aAAa;AAAA,QAChB,aAAa,eAAe,aAAa,aAAa;AAAA,QACtD,sBAAsB,wBAAwB,aAAa,aAAa;AAAA,QACxE,uBAAuB,yBAAyB,aAAa,aAAa;AAAA,QAC1E,WAAW,aAAa,aAAa,aAAa;AAAA,MACpD;AACA,YAAM,YAAY,OAAO,SAAS,MAAM,oBAAoB,GAAG,IAAI;AACnE,YAAM,iBAAiB,sBAAsB,IAAI,oBAAoB,SAAS;AAC9E,YAAM,cAAc,mBAAmB,IAAI,kBAAkB;AAC7D,YAAM,gBAAgB,gBAAgB,UAAU,CAAC,GAAG;AACpD,YAAM,aAAa,oBAAoB,iBAAiB,EAAE;AAC1D,YAAM,YAAY,gBAAgB,iBAAiB,EAAE;AACrD,YAAM,mBAA2C,CAAC;AAElD,UAAI,CAAC,eAAe;AAClB,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,kBAAkB,kBAAkB,aAAa;AACvD,uBAAiB,KAAK;AAAA,QACpB,OAAO;AAAA,QACP,QAAQ,gBAAgB;AAAA,QACxB,OAAO,gBAAgB,QAAQ,SAAY,gBAAgB;AAAA,QAC3D,SAAS,gBAAgB,QAAQ,2CAA2C;AAAA,MAC9E,CAAC;AAED,UAAI,CAAC,gBAAgB,OAAO;AAC1B,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA,SAAS,gBAAgB,SAAS;AAAA,UAClC;AAAA,UACA,OAAO,gBAAgB,SAAS;AAAA,QAClC;AAAA,MACF;AAEA,YAAM,gBAAgB,mBAAmB,aAAa,iBAAiB;AACvE,YAAM,gBAAgBC,OAAK,KAAK,YAAY,aAAa;AACzD,YAAM,mBAAmB,GAAG,aAAa;AACzC,YAAM,eAAc,oBAAI,KAAK,GAAE,YAAY;AAC3C,YAAM,eAA8B;AAAA,QAClC,eAAe;AAAA,QACf;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO;AAAA,QACP;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAEA,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,gDAAgD,aAAa;AAAA,UACtE;AAAA,UACA;AAAA,UACA,WAAW;AAAA,UACX,eAAe;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAEA,aAAO,aAAa,KAAK,YAAY;AACnC,cAAM,sBACJ,qCAAqC,EAAE,IACnC,MAAM,2BAA2B,GAAG,IACpC;AAEN,cAAM,iBAAiBA,OAAK,KAAK,UAAU;AAC3C,cAAMC,OAAM,gBAAgB,EAAE,WAAW,KAAK,CAAC;AAE/C,cAAMC,WAAU,eAAe,eAAe,MAAM;AACpD,yBAAiB,KAAK;AAAA,UACpB,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,SAAS,yBAAyB,aAAa;AAAA,QACjD,CAAC;AAED,YAAI;AACJ,cAAM,YAAY,MAAM,iBAAiB,IAAI,GAAG;AAChD,cAAM,WAA0B;AAAA,UAC9B,GAAG;AAAA,UACH;AAAA,UACA;AAAA,QACF;AAEA,cAAM,mBAAmB,kBAAkB,QAAQ;AACnD,yBAAiB,KAAK;AAAA,UACpB,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,SAAS,6BAA6B,gBAAgB;AAAA,QACxD,CAAC;AACD,iBAAS,mBAAmB;AAC5B,cAAM,mBAAmB,kBAAkB,QAAQ;AAEnD,cAAM,cACJ,cAAc,kBACV,MAAM,iCAAiC,KAAK,EAAE,IAC9C,MAAM,iBAAiB;AAAA,UACrB;AAAA,UACA;AAAA,UACA;AAAA,UACA,cAAc;AAAA,UACd;AAAA,UACA;AAAA,QACF,CAAC;AAEP,YAAI,CAAC,YAAY,SAAS;AACxB,gBAAM,sBAAsB;AAAA,YAC1B;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,YACA,cAAc,cAAc;AAAA,UAC9B,CAAC;AACD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,SAAS,YAAY;AAAA,YACrB;AAAA,YACA;AAAA,YACA,WAAW;AAAA,YACX;AAAA,YACA,uBAAuB,cAAc,kBAAkB,QAAQ;AAAA,YAC/D,eAAe;AAAA,cACb,GAAG;AAAA,cACH,SAAS;AAAA,cACT;AAAA,YACF;AAAA,YACA;AAAA,YACA,OAAO,YAAY;AAAA,UACrB;AAAA,QACF;AAEA,yBAAiB,KAAK;AAAA,UACpB,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,SAAS,uBAAuB,SAAS;AAAA,QAC3C,CAAC;AAED,YAAI,cAAc,iBAAiB;AACjC,cAAI;AACF,kBAAM,CAAC,YAAY,GAAG,WAAW,IAAI;AACrC,kBAAMC,OAAM,YAAY,aAAa;AAAA,cACnC;AAAA,cACA,OAAO;AAAA,YACT,CAAC;AACD,6BAAiB,KAAK;AAAA,cACpB,OAAO;AAAA,cACP,QAAQ;AAAA,cACR,SAAS,GAAG,eAAe,KAAK,GAAG,CAAC;AAAA,YACtC,CAAC;AAAA,UACH,SAAS,KAAK;AACZ,kBAAM,sBAAsB;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA,cAAc;AAAA,YAChB,CAAC;AACD,kBAAM,QAAQ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC7D,6BAAiB,KAAK;AAAA,cACpB,OAAO;AAAA,cACP,QAAQ;AAAA,cACR;AAAA,YACF,CAAC;AACD,mBAAO;AAAA,cACL,SAAS;AAAA,cACT;AAAA,cACA;AAAA,cACA,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,SAAS,8CAA8C,WAAW,IAAI,iBAAiB,KAAK,KAAK;AAAA,cACjG;AAAA,cACA;AAAA,cACA,WAAW;AAAA,cACX;AAAA,cACA,uBAAuB;AAAA,cACvB,eAAe;AAAA,gBACb,GAAG;AAAA,gBACH,SAAS;AAAA,gBACT;AAAA,cACF;AAAA,cACA;AAAA,cACA,OAAO,8CAA8C,WAAW,IAAI,iBAAiB,KAAK,KAAK;AAAA,YACjG;AAAA,UACF;AAAA,QACF;AAEA,YAAI,mBAAmB;AACrB,6BAAmB,MAAM,uBAAuB,KAAK,WAAW;AAChE,cAAI,CAAC,iBAAiB,QAAQ;AAC5B,kBAAM,sBAAsB;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA,cAAc,cAAc;AAAA,YAC9B,CAAC;AACD,kBAAM,kBAAkB;AACxB,6BAAiB,KAAK;AAAA,cACpB,OAAO;AAAA,cACP,QAAQ;AAAA,cACR,OAAO,iBAAiB;AAAA,YAC1B,CAAC;AACD,mBAAO;AAAA,cACL,SAAS;AAAA,cACT;AAAA,cACA;AAAA,cACA,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,SAAS;AAAA,cACT;AAAA,cACA;AAAA,cACA,WAAW;AAAA,cACX;AAAA,cACA,uBAAuB;AAAA,cACvB,eAAe;AAAA,gBACb,GAAG;AAAA,gBACH,SAAS;AAAA,gBACT;AAAA,cACF;AAAA,cACA,YAAY;AAAA,cACZ;AAAA,cACA,OAAO;AAAA,YACT;AAAA,UACF;AAEA,2BAAiB,KAAK;AAAA,YACpB,OAAO;AAAA,YACP,QAAQ;AAAA,YACR,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,gBAA+B;AAAA,UACnC,GAAG;AAAA,UACH,SAAS;AAAA,UACT,QAAQ;AAAA,UACR;AAAA,QACF;AACA,cAAM,mBAAmB,kBAAkB,aAAa;AAExD,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,kCAAkC,WAAW,IAAI,iBAAiB;AAAA,UAC3E;AAAA,UACA;AAAA,UACA,WAAW;AAAA,UACX;AAAA,UACA,uBAAuB,cAAc;AAAA,UACrC,eAAe;AAAA,UACf,YAAY;AAAA,UACZ;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AACjD,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,+BAA+B,OAAO;AAAA,QAC/C,OAAO,+BAA+B,OAAO;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AEzaD,SAAS,qBAAqB,UAAkD;AAC9E,MAAI,aAAa,SAAS;AACxB,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,2BAA2B,QAAqB,mBAAqC;AACnG,MAAI,kBAAmB,QAAO;AAC9B,MAAI,OAAO,WAAW,OAAO,OAAQ,QAAO;AAE5C,SACE,OAAO,qBAAqB,qBAC5B,OAAO,qBAAqB,oBAC5B,OAAO,qBAAqB,2BAC5B,OAAO,qBAAqB,uBAC5B,OAAO,qBAAqB,yBAC5B,OAAO,qBAAqB;AAEhC;AAEA,eAAsB,sBAAsB,QA0BkC;AAC5E,QAAM,QAA2B,CAAC;AAClC,MAAI,QAAQ;AAEZ,QAAM,eAAgB,MAAO,uBAA+B,QAAQ;AAAA,IAClE,aAAa,OAAO;AAAA,IACpB,SAAS,OAAO;AAAA,EAClB,CAAC;AAKD,WAAS;AAET,MAAI,CAAC,cAAc,WAAW,CAAC,aAAa,aAAa;AACvD,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,QACN,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,QACV,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,QAAQ,OAAO;AAAA,QACf,iBAAiB,OAAO;AAAA,QACxB,kBAAkB;AAAA,QAClB,SAAS,cAAc,SAAS,8BAA8B,OAAO,WAAW,IAAI,OAAO,iBAAiB;AAAA,MAC9G;AAAA,IACF;AAAA,EACF;AAEA,QAAM,kBAAkB,qBAAqB,OAAO,WAAW;AAC/D,QAAM,cAAe,MAAO,kBAA0B,QAAQ;AAAA,IAC5D,aAAa,OAAO;AAAA,IACpB,mBAAmB,OAAO;AAAA,IAC1B,OAAO,OAAO;AAAA,IACd,YAAY,OAAO;AAAA,IACnB,aAAa,aAAa;AAAA,IAC1B,uBAAuB;AAAA,IACvB,QAAQ,OAAO;AAAA,IACf,aAAa;AAAA,IACb,OAAO,OAAO;AAAA,IACd,QAAQ,OAAO;AAAA,IACf,KAAK,OAAO;AAAA,IACZ,kBAAkB,OAAO;AAAA,IACzB,uBAAuB,OAAO;AAAA,IAC9B,2BAA2B,OAAO;AAAA,IAClC,qBAAqB,OAAO;AAAA,IAC5B,8BAA8B,OAAO;AAAA,EACvC,CAAC;AAaD,WAAS;AAET,MAAI,CAAC,aAAa,SAAS;AACzB,UAAM,QAAQ,aAAa,SAAS;AACpC,UAAM,mBACJ,MAAM,SAAS,SAAS,KAAK,MAAM,SAAS,kCAAkC,IAC1E,0BACA;AACN,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,QACN,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,QACV,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,QAAQ,OAAO;AAAA,QACf,iBAAiB,OAAO;AAAA,QACxB;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAEA,QAAM,oBAAoB,YAAY,eAAe;AACrD,QAAM,sBACJ,YAAY,uBACZ;AAAA,IACE;AAAA,IACA,OAAO,yBAAyB;AAAA,IAChC,YAAY,aAAa;AAAA,IACzB,OAAO;AAAA,EACT;AAEF,MAAI,OAAO,YAAY,eAAe,YAAY,YAAY,aAAa,qBAAqB;AAC9F,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,QACN,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,QACV,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,QAAQ,OAAO;AAAA,QACf,iBAAiB,OAAO;AAAA,QACxB,YAAY,YAAY;AAAA,QACxB,WAAW,YAAY;AAAA,QACvB,kBAAkB;AAAA,QAClB,SAAS,oBAAoB,YAAY,WAAW,QAAQ,CAAC,CAAC,uBAAuB,oBAAoB,QAAQ,CAAC,CAAC;AAAA,MACrH;AAAA,IACF;AAAA,EACF;AAEA,MACE,OAAO,+BACP,YAAY,cAAc,UAC1B,CAAC,OAAO,QACR;AACA,UAAM,oBAAoB,qBAAqB,OAAO,qBAAqB,eAAe;AAC1F,UAAM,YAAa,MAAO,kBAA0B,QAAQ;AAAA,MAC1D,aAAa,OAAO;AAAA,MACpB,mBAAmB,OAAO;AAAA,MAC1B,OAAO,OAAO;AAAA,MACd,YAAY,OAAO;AAAA,MACnB,aAAa,aAAa;AAAA,MAC1B,uBAAuB;AAAA,MACvB,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,OAAO,OAAO;AAAA,MACd,QAAQ,OAAO;AAAA,MACf,KAAK,OAAO;AAAA,MACZ,kBAAkB,OAAO;AAAA,MACzB,uBAAuB,OAAO;AAAA,MAC9B,2BAA2B,OAAO;AAAA,MAClC,qBAAqB,OAAO;AAAA,MAC5B,8BAA8B,OAAO;AAAA,IACvC,CAAC;AAUD,aAAS;AAET,UAAM,cAAc,YAAY,UAAU,CAAC,GAAG;AAC9C,UAAM,gBAAgB,UAAU,UAAU,CAAC,GAAG;AAC9C,QAAI,CAAC,UAAU,WAAW,CAAC,eAAe,CAAC,iBAAiB,gBAAgB,eAAe;AACzF,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,UACN,aAAa,OAAO;AAAA,UACpB,UAAU;AAAA,UACV,aAAa,OAAO;AAAA,UACpB,SAAS;AAAA,UACT,QAAQ,OAAO;AAAA,UACf,iBAAiB,OAAO;AAAA,UACxB,kBAAkB;AAAA,UAClB,SAAS,UAAU,SAAS;AAAA,QAC9B;AAAA,MACF;AAAA,IACF;AAEA,QAAI,UAAU,eAAe,UAAU,UAAU;AAC/C,YAAM,KAAK;AAAA,QACT,SAAS;AAAA,QACT,UAAU,UAAU;AAAA,QACpB,OAAO,UAAU;AAAA,QACjB,WAAW,UAAU;AAAA,QACrB,kBAAkB,UAAU;AAAA,MAC9B,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,cAAe,MAAO,mBAA2B,QAAQ;AAAA,IAC7D,aAAa,OAAO;AAAA,IACpB,mBAAmB,OAAO;AAAA,IAC1B,OAAO,OAAO;AAAA,IACd,YAAY,YAAY;AAAA,IACxB,cAAc,YAAY;AAAA,IAC1B,SAAS,YAAY;AAAA,IACrB,YAAY,OAAO;AAAA,IACnB,KAAK,OAAO;AAAA,IACZ,gBAAgB,OAAO;AAAA,IACvB,QAAQ,OAAO;AAAA,IACf,aAAa,OAAO;AAAA,IACpB,sBAAsB,OAAO;AAAA,IAC7B,uBAAuB,OAAO;AAAA,IAC9B,WAAW,OAAO;AAAA,IAClB,WAAW,YAAY;AAAA,IACvB,mBAAmB,OAAO;AAAA,IAC1B,QAAQ,OAAO;AAAA,EACjB,CAAC;AAWD,WAAS;AAET,MAAI,YAAY,eAAe,YAAY,UAAU;AACnD,UAAM,KAAK;AAAA,MACT,SAAS;AAAA,MACT,UAAU,YAAY;AAAA,MACtB,OAAO,YAAY;AAAA,MACnB,WAAW,YAAY;AAAA,MACvB,kBAAkB,YAAY;AAAA,IAChC,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,MACN,aAAa,OAAO;AAAA,MACpB,UAAU;AAAA,MACV,aAAa,OAAO;AAAA,MACpB,eAAe,YAAY,iBAAiB,YAAY;AAAA,MACxD,eAAe,YAAY;AAAA,MAC3B,SAAS,QAAQ,YAAY,OAAO;AAAA,MACpC,QAAQ,QAAQ,YAAY,MAAM;AAAA,MAClC,iBAAiB,OAAO;AAAA,MACxB,YAAY,YAAY;AAAA,MACxB,WAAW,YAAY;AAAA,MACvB,kBACE,CAAC,QAAQ,YAAY,OAAO,KAAK,CAAC,QAAQ,YAAY,MAAM,IACxD,YAAY,YAAY,WAAW,QACjC,4BACA,uBACF;AAAA,MACN,SAAS,YAAY,WAAW,YAAY,SAAS;AAAA,MACrD,YACE,OAAO,YAAY,YAAY,WAAW,YACtC;AAAA,QACE,QAAQ,YAAY,WAAW;AAAA,QAC/B,OAAO,YAAY,WAAW;AAAA,MAChC,IACA;AAAA,MACN,kBAAkB,YAAY;AAAA,IAChC;AAAA,EACF;AACF;;;AC9RO,SAAS,uBAAuB,SAA4C;AACjF,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,UAAU,QAAQ,UAAU,UAAU;AAC5C,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAC5C,QAAM,eAAe,WAAW,KAAK,QAAQ,MAAM;AACnD,QAAM,cAAc,gBAAgB,OAAO;AAE3C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,uBACE,QAAQ,yBAAyB,aAAa,yBAAyB;AAAA,IACzE,6BACE,QAAQ,+BAA+B,aAAa,+BAA+B;AAAA,IACrF,mBAAmB,QAAQ,qBAAqB,aAAa,qBAAqB;AAAA,IAClF,gBAAgB,QAAQ,kBAAkB,aAAa;AAAA,IACvD,2BAA2B;AAAA,MACzB,GAAG,aAAa;AAAA,MAChB,GAAG,QAAQ;AAAA,IACb;AAAA,IACA,qBAAqB,QAAQ,uBAAuB,aAAa,uBAAuB;AAAA,IACxF,8BACE,QAAQ,gCAAgC,aAAa;AAAA,EACzD;AACF;;;AC5DA,OAAOC,aAAY;AASZ,SAAS,uBACd,YACA,mBACqB;AACrB,QAAM,qBAA0C,CAAC;AAEjD,aAAW,YAAY,WAAW,kBAAkB;AAClD,QAAI,CAAC,YAAY,OAAO,aAAa,SAAU;AAC/C,QAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,gBAAiB;AACjD,QAAI,SAAS,cAAc,MAAO;AAElC,UAAM,UAAU,kBAAkB,OAAO,CAAC,QAAQ,IAAI,SAAS,SAAS,IAAI;AAC5E,eAAW,aAAa,SAAS;AAC/B,UAAI,CAACA,QAAO,MAAM,UAAU,OAAO,EAAG;AAEtC,UAAI,eAAe;AACnB,UAAI;AACF,uBAAeA,QAAO,UAAU,UAAU,SAAS,SAAS,iBAAiB;AAAA,UAC3E,mBAAmB;AAAA,QACrB,CAAC;AAAA,MACH,QAAQ;AACN;AAAA,MACF;AAEA,UAAI,cAAc;AAChB,2BAAmB,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;;;ACtCO,SAAS,kBACd,oBACA,kBACQ;AACR,QAAM,eAAe,iBAAiB,OAAO,CAAC,WAAW,OAAO,OAAO,EAAE;AACzE,QAAM,kBAAkB,iBAAiB,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAC/F,QAAM,cAAc,iBAAiB,OAAO,CAAC,WAAW,OAAO,MAAM,EAAE;AAEvE,SAAO,oCAAoC,mBAAmB,MAAM,aAAa,YAAY,YAAY,WAAW,gBAAgB,eAAe;AACrJ;;;ACOA,eAAsB,4BACpB,OACA,UAA4B,CAAC,GACD;AAC5B,QAAM,WAAW,uBAAuB,OAAO;AAC/C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,mBAAkC,CAAC;AACzC,QAAM,WAA8B,CAAC;AACrC,MAAI,qBAA0C,CAAC;AAC/C,MAAI,aAAgC;AACpC,MAAI,aAAa;AAEjB,QAAM,eAAe,MAAM,YAAY;AACvC,QAAM,CAAC,YAAY,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,IACjD,aAAa,YAAY;AAAA,IACzB,gBAAgB,YAAY,EAAE,MAAM,MAAM,CAAC,CAAC;AAAA,EAC9C,CAAC;AACD,gBAAc;AAEd,MAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,WAAO;AAAA,MACL;AAAA,MACA,YAAY;AAAA,MACZ;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,oCAAoC,YAAY;AAAA,MACzD,aAAa;AAAA,QACX,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,aAAa,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,eAAa,cAAc;AAAA,IACzB,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,YAAY,CAAC;AAAA,IACb,kBAAkB,CAAC;AAAA,EACrB;AAEA,MAAI,WAAW,SAAS,GAAG;AACzB,iBAAa,0BAA0B,YAAY,UAAU;AAAA,EAC/D;AACA,eAAa,MAAM,cAAc,UAAU;AAE3C,MAAI,WAAW,iBAAiB,WAAW,GAAG;AAC5C,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,2EAA2E,YAAY;AAAA,MAChG,aAAa;AAAA,QACX,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,aAAa,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YAAY,MAAO,mBAA2B,QAAQ;AAAA,IAC1D;AAAA,IACA;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB,WAAW,YAAY;AAAA,EACzB,CAAC;AACD,gBAAc;AAEd,MAAI,WAAW,OAAO;AACpB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,yCAAyC,UAAU,KAAK;AAAA,MACjE,aAAa;AAAA,QACX,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,aAAa,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,oBAAqB,UAAU,YAAY,CAAC;AAMlD,uBAAqB,uBAAuB,YAAY,iBAAiB;AACzE,gBAAc;AAEd,aAAW,cAAc,oBAAoB;AAC3C,UAAM,UAAU,MAAM,qBAAqB;AAAA,MACzC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AACD,kBAAc,QAAQ;AAEtB,QAAI,2BAA2B,QAAQ,QAAQ,YAAY,qBAAqB,KAAK,GAAG;AACtF,YAAM,WAAW,MAAM,sBAAsB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,aAAa,WAAW,UAAU;AAAA,QAClC,mBAAmB,WAAW,UAAU;AAAA,QACxC,OAAO;AAAA,QACP,YAAY,YAAY,WAAW;AAAA,QACnC,iBAAiB,WAAW,UAAU,SAAS,WAAW,WAAW;AAAA,QACrE;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO,QAAQ;AAAA,QACf,QAAQ,QAAQ;AAAA,QAChB,kBAAkB,QAAQ;AAAA,QAC1B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,aAAa,YAAY;AAAA,QACzB,sBAAsB,YAAY;AAAA,QAClC,uBAAuB,YAAY;AAAA,QACnC,WAAW,YAAY;AAAA,MACzB,CAAC;AACD,oBAAc,SAAS;AACvB,uBAAiB,KAAK,SAAS,MAAM;AACrC,UAAI,SAAS,OAAO;AAClB,iBAAS,KAAK,GAAG,SAAS,KAAK;AAAA,MACjC;AACA;AAAA,IACF;AAEA,qBAAiB,KAAK;AAAA,MACpB,GAAG,QAAQ;AAAA,MACX,iBAAiB,WAAW,UAAU,SAAS,WAAW,WAAW;AAAA,IACvE,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,kBAAkB,oBAAoB,gBAAgB;AAAA,IAC/D,UAAU,SAAS,SAAS,IAAI,WAAW;AAAA,IAC3C,aAAa;AAAA,MACX,WAAW,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,MACnB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;;;AC/KO,SAAS,sBACd,QAC6B;AAC7B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,iBAAiB;AACrB,QAAM,yBAAyB,CAAC,GAAG,kBAAkB;AACrD,QAAM,uBAAuB,CAAC,GAAG,gBAAgB;AAEjD,aAAW,MAAM,aAAa;AAC5B,UAAM,aAAa,GAAG;AAEtB,QAAI,GAAG,aAAa,gBAAgB,YAAY,MAAM;AACpD,uBAAiB,WAAW;AAAA,IAC9B;AAEA,QAAI,GAAG,aAAa,yBAAyB,YAAY,oBAAoB;AAC3E,6BAAuB,KAAK,GAAI,WAAW,kBAA0C;AAAA,IACvF;AAEA,QAAI,GAAG,aAAa,sBAAsB;AACxC,YAAM,QAAQ;AACd,2BAAqB,KAAK;AAAA,QACxB,GAAG;AAAA,QACH,iBAAiB,MAAM,cACnB,mBAAmB,MAAM,WAAW,IACpC,MAAM;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,GAAG,aAAa,0BAA0B;AAC5C,YAAM,QAAQ;AACd,2BAAqB,KAAK;AAAA,QACxB,GAAG;AAAA,QACH,iBAAiB,MAAM,cACnB,mBAAmB,MAAM,WAAW,IACpC,MAAM;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,GAAG,aAAa,sBAAsB,YAAY;AACpD,YAAM,aAAa,WAAW;AAG9B,YAAM,UACJ,OAAO,WAAW,YAAY,WAC1B,WAAW,UACX,OAAO,WAAW,UAAU,WAC1B,WAAW,QACX;AAER,2BAAqB,KAAK;AAAA,QACxB,aACE,OAAO,WAAW,gBAAgB,WAC9B,WAAW,cACX;AAAA,QACN,UAAU;AAAA,QACV,aACE,OAAO,WAAW,sBAAsB,WACpC,WAAW,oBACX;AAAA,QACN,eACE,OAAO,WAAW,kBAAkB,WAChC,WAAW,gBACX,OAAO,WAAW,cAAc,WAC9B,WAAW,YACX;AAAA,QACR,eACE,OAAO,WAAW,kBAAkB,YAAY,WAAW,kBAAkB,OACxE,WAAW,gBACZ;AAAA,QACN,SAAS,QAAQ,WAAW,OAAO;AAAA,QACnC,QAAQ,QAAQ,WAAW,MAAM;AAAA,QACjC,iBACE,OAAO,WAAW,gBAAgB,WAC9B,mBAAmB,WAAW,WAAW,IACzC;AAAA,QACN,YACE,OAAO,WAAW,kBAAkB,YACpC,WAAW,kBAAkB,QAC7B,OAAQ,WAAW,cAA0C,eAAe,WACtE,WAAW,cAA0C,aACvD;AAAA,QACN,WACE,OAAO,WAAW,kBAAkB,YACpC,WAAW,kBAAkB,QAC7B,OAAQ,WAAW,cAA0C,cAAc,WACrE,WAAW,cAA0C,YACvD;AAAA,QACN,kBACE,CAAC,QAAQ,WAAW,OAAO,KAAK,CAAC,QAAQ,WAAW,MAAM,IACtD,cAAc,WAAW,WAAW,QAClC,4BACA,uBACF;AAAA,QACN;AAAA,QACA,YACE,cAAc,OAAO,WAAW,WAAW,YACvC;AAAA,UACE,QAAQ,WAAW;AAAA,UACnB,OAAO,OAAO,WAAW,UAAU,WAAW,WAAW,QAAQ;AAAA,QACnE,IACA;AAAA,QACN,kBACE,MAAM,QAAQ,WAAW,gBAAgB,IACpC,WAAW,mBACZ;AAAA,MACR,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,oBAAoB;AAAA,IACpB,kBAAkB;AAAA,EACpB;AACF;;;ACnJA,SAAS,cAAAC,aAAY,gBAAAC,qBAAoB;AACzC,SAAS,QAAAC,cAAY;AAkBrB,SAAS,sBACP,UACA,cAAuD,YAC/C;AACR,QAAM,uBACJ,gBAAgB,eACZ,gFACA,gBAAgB,cACd,4FACA;AAER,QAAM,oBACJ,aAAa,WACT,qEACA;AAEN,SAAO;AAAA;AAAA,cAAoC,QAAQ;AAAA,IAAO,iBAAiB;AAAA,IAAO,oBAAoB;AACxG;AAEO,SAAS,wBAAwB,KAA4B;AAClE,QAAM,aAAaA,OAAK,QAAQ,IAAI,GAAG,WAAW,gBAAgB,+BAA+B;AAEjG,MAAI,CAACF,YAAW,UAAU,GAAG;AAC3B,WAAO;AAAA,qBACU,IAAI,GAAG;AAAA,qBACP,IAAI,cAAc;AAAA,WAC5B,IAAI,MAAM;AAAA,aACR,IAAI,QAAQ;AAAA,UACf,IAAI,UAAU,WAAW;AAAA,eACpB,IAAI,UAAU;AAAA,4BACD,OAAO,IAAI,YAAY,0BAA0B,KAAK,CAAC;AAAA,uBAC5D,OAAO,IAAI,YAAY,qBAAqB,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBvE;AAEA,QAAM,WAAWC,cAAa,YAAY,MAAM;AAChD,SACE,SACC,WAAW,aAAa,IAAI,KAAK,EACjC,WAAW,WAAW,IAAI,GAAG,EAC7B,WAAW,sBAAsB,IAAI,cAAc,EACnD,WAAW,cAAc,OAAO,IAAI,MAAM,CAAC,EAC3C,WAAW,gBAAgB,OAAO,IAAI,QAAQ,CAAC,EAC/C,WAAW,cAAc,IAAI,UAAU,WAAW,EAClD,WAAW,kBAAkB,IAAI,UAAU,EAC3C,WAAW,8BAA8B,OAAO,IAAI,YAAY,0BAA0B,KAAK,CAAC,EAChG,WAAW,yBAAyB,OAAO,IAAI,YAAY,qBAAqB,KAAK,CAAC,IACvF,sBAAsB,IAAI,aAAa,IAAI,gBAAgB;AAE/D;;;ACxEO,SAAS,sBAAsB,SAA2B;AAC/D,SAAO,CACL,OACA,QACA,UACS;AACT,QAAI,CAAC,QAAQ,WAAY;AACzB,YAAQ,WAAW;AAAA,MACjB;AAAA,MACA;AAAA,MACA,KAAI,oBAAI,KAAK,GAAE,YAAY;AAAA,MAC3B,UAAU,OAAO;AAAA,MACjB,OAAO,OAAO;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACnBA,SAAS,QAAAE,aAAY;AACrB,SAAS,KAAAC,UAAS;;;ACGlB,IAAM,eACJ;AAeF,eAAsB,mBAAqD;AACzE,MAAI;AACF,UAAM,MAAM,MAAM,WAAW,EAAE,KAAK,aAAa,CAAC;AAClD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,WAAO,IAAI;AAAA,EACb,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,aACd,MACA,OACkC;AAClC,MAAI,CAAC,MAAM,iBAAiB,OAAQ,QAAO;AAC3C,QAAM,aAAa,MAAM,YAAY;AACrC,SAAO,KAAK,gBAAgB,KAAK,CAAC,MAAM,EAAE,MAAM,YAAY,MAAM,UAAU;AAC9E;AAEA,eAAsB,kBAAkB,SAA0C;AAChF,QAAM,OAAO,MAAM,iBAAiB;AACpC,QAAM,QAAQ,aAAa,MAAM,QAAQ,EAAE;AAC3C,MAAI,CAAC,MAAO,QAAO;AAEnB,UAAQ,MAAM;AAAA,IACZ,gBAAgB;AAAA,IAChB,WAAW,MAAM;AAAA,IACjB,SAAS,MAAM;AAAA,IACf,gBAAgB,MAAM;AAAA,IACtB,4BAA4B,MAAM;AAAA,EACpC;AAEA,MAAI,CAAC,QAAQ,WAAW,SAAS,YAAY,GAAG;AAC9C,YAAQ,WAAW,KAAK,YAAY;AAAA,EACtC;AAEA,SAAO;AACT;;;AC3CA,eAAsB,UAAU,OAA6C;AAC3E,QAAM,EAAE,QAAQ,IAAI,4BAA4B;AAChD,MAAI,CAAC,QAAS,QAAO;AAErB,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,OAAO;AAC3B,QAAI,aAAa,IAAI,OAAO,KAAK;AAEjC,UAAM,MAAM,MAAM,WAAW,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC;AACpD,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAO,IAAI;AACjB,WAAO,KAAK,OAAO,CAAC;AAAA,EACtB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,eAAe,SAA0C;AAC7E,QAAM,MAAM,MAAM,UAAU,QAAQ,EAAE;AACtC,MAAI,CAAC,IAAK,QAAO;AAEjB,QAAM,QAAQ,OAAO,WAAW,IAAI,IAAI;AACxC,QAAM,aAAa,OAAO,WAAW,IAAI,UAAU;AACnD,MAAI,CAAC,OAAO,SAAS,KAAK,KAAK,CAAC,OAAO,SAAS,UAAU,GAAG;AAC3D,WAAO;AAAA,EACT;AAEA,UAAQ,OAAO;AAAA,IACb;AAAA,IACA;AAAA,IACA,MAAM,IAAI;AAAA,EACZ;AACA,SAAO;AACT;;;AChCA,SAAS,uBAAuB,WAA8C;AAC5E,MAAI,CAAC,WAAW,cAAc,OAAQ,QAAO;AAC7C,QAAM,KAAK,UAAU,aAAa,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,EAAE,KAAK;AACxE,UAAQ,IAAI,SAAS,UAAU,aAAa,CAAC,GAAG,QAAQ,KAAK,KAAK;AACpE;AAEA,SAAS,kBAAkB,QAA6B;AACtD,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,UAAU,OAAO,YAAY,KAAK,cAAc,CAAC;AACvD,QAAM,WAAW,OAAO,YAAY,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAEhF,aAAW,OAAO,CAAC,GAAG,SAAS,GAAG,OAAO,GAAG;AAC1C,QAAI,IAAI,IAAK,MAAK,IAAI,IAAI,GAAG;AAAA,EAC/B;AACA,SAAO,MAAM,KAAK,IAAI;AACxB;AAEA,eAAsB,uBAAuB,OAA+C;AAC1F,QAAM,EAAE,eAAe,IAAI,4BAA4B;AACvD,MAAI,CAAC,eAAgB,QAAO;AAE5B,MAAI;AACF,UAAM,MAAM,MAAM,WAAW;AAAA,MAC3B,KAAK,GAAG,cAAc,IAAI,mBAAmB,KAAK,CAAC;AAAA,IACrD,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,sBAAsB,SAA0C;AACpF,QAAM,SAAS,MAAM,uBAAuB,QAAQ,EAAE;AACtD,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,uBAAuB,OAAO,YAAY,GAAG;AAC7D,MAAI,YAAY,CAAC,QAAQ,WAAW,QAAQ,QAAQ,SAAS,sBAAsB,IAAI;AACrF,YAAQ,UAAU;AAAA,EACpB;AAEA,QAAM,OAAO,kBAAkB,MAAM;AACrC,MAAI,KAAK,SAAS,GAAG;AACnB,UAAM,SAAS,oBAAI,IAAI,CAAC,GAAG,QAAQ,YAAY,GAAG,IAAI,CAAC;AACvD,YAAQ,aAAa,MAAM,KAAK,MAAM;AAAA,EACxC;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,qBAAqB;AAAA,EACvB;AAEA,SAAO;AACT;;;AC7DA,SAAS,mBAAmB,UAAgC,OAAwB;AAClF,QAAM,aAAa,MAAM,YAAY;AACrC,UAAQ,SAAS,eAAe,CAAC,GAAG;AAAA,IAClC,CAAC,OAAO,GAAG,MAAM,YAAY,MAAM,SAAS,GAAG,OAAO,YAAY,MAAM;AAAA,EAC1E;AACF;AAEA,eAAsB,sBAAsB,OAAgD;AAC1F,QAAM,EAAE,kBAAkB,IAAI,4BAA4B;AAC1D,MAAI,CAAC,kBAAmB,QAAO,CAAC;AAEhC,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,iBAAiB;AACrC,QAAI,aAAa,IAAI,cAAc,KAAK;AACxC,QAAI,aAAa,IAAI,aAAa,KAAK;AAEvC,UAAM,MAAM,MAAM,WAAW,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC;AACpD,QAAI,CAAC,IAAI,GAAI,QAAO,CAAC;AAErB,UAAM,OAAO,IAAI;AACjB,WAAO,MAAM,QAAQ,IAAI,IAAK,OAAkC,CAAC;AAAA,EACnE,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAsB,yBAAyB,SAA0C;AACvF,QAAM,aAAa,MAAM,sBAAsB,QAAQ,EAAE;AACzD,QAAM,UAAU,WAAW,OAAO,CAAC,MAAM,mBAAmB,GAAG,QAAQ,EAAE,CAAC;AAC1E,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,QAAM,OAAO,QAAQ,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACtD,MAAI,KAAK,SAAS,GAAG;AACnB,UAAM,SAAS,oBAAI,IAAI,CAAC,GAAG,QAAQ,YAAY,GAAG,IAAI,CAAC;AACvD,YAAQ,aAAa,MAAM,KAAK,MAAM;AAAA,EACxC;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,uBAAuB;AAAA,EACzB;AAEA,SAAO;AACT;;;AChDA,IAAM,cAAc;AAEpB,eAAsB,oBAAoB,OAA4C;AACpF,QAAM,EAAE,gBAAgB,IAAI,4BAA4B;AACxD,MAAI,CAAC,gBAAiB,QAAO;AAE7B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,eAAe;AACnC,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,MAAM,MAAM,WAAW;AAAA,MAC3B,KAAK,IAAI,SAAS;AAAA,MAClB,SAAS,EAAE,QAAQ,YAAY;AAAA,IACjC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAO,IAAI;AACjB,UAAM,QAAQ,KAAK,MAAM,8CAA8C;AACvE,WAAO,QAAQ,CAAC,KAAK;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,iBAAiB,SAA0C;AAC/E,QAAM,MAAM,MAAM,oBAAoB,QAAQ,EAAE;AAChD,MAAI,CAAC,IAAK,QAAO;AAEjB,MAAI,CAAC,QAAQ,WAAW,SAAS,GAAG,GAAG;AACrC,YAAQ,WAAW,KAAK,GAAG;AAAA,EAC7B;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,eAAe;AAAA,EACjB;AAEA,MAAI,CAAC,QAAQ,WAAW,SAAS,WAAW,GAAG;AAC7C,YAAQ,WAAW,KAAK,WAAW;AAAA,EACrC;AAEA,SAAO;AACT;;;AC1CA,eAAe,oBAAoB,MAAgC;AACjE,QAAM,EAAE,WAAW,IAAI,4BAA4B;AACnD,MAAI,CAAC,WAAY,QAAO;AAExB,MAAI;AACF,UAAM,MAAM,GAAG,UAAU,yBAAyB,mBAAmB,IAAI,CAAC;AAC1E,UAAM,MAAM,MAAM,WAAW,EAAE,IAAI,CAAC;AACpC,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBAAkB,SAA0C;AAChF,QAAM,QAAQ,MAAM,KAAK,IAAI,IAAI,QAAQ,iBAAiB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,MAAM,GAAG,EAAE;AAC1F,MAAI,MAAM,WAAW,EAAG,QAAO;AAE/B,QAAM,SAAS,MAAM,QAAQ,IAAI,MAAM,IAAI,CAAC,SAAS,oBAAoB,IAAI,CAAC,CAAC;AAC/E,QAAM,UAAU,OAAO,OAAO,OAAO,EAAE;AACvC,MAAI,YAAY,EAAG,QAAO;AAE1B,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,yBAAyB;AAAA,EAC3B;AACA,SAAO;AACT;;;AC1BA,eAAe,aAAa,SAAmC;AAC7D,QAAM,EAAE,aAAa,IAAI,4BAA4B;AACrD,MAAI,CAAC,aAAc,QAAO;AAE1B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,GAAG,YAAY,WAAW;AAC9C,QAAI,aAAa,IAAI,WAAW,OAAO;AACvC,UAAM,MAAM,MAAM,WAAW,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC;AACpD,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,wBAAwB,SAA0C;AACtF,QAAM,WAAW,MAAM;AAAA,IACrB,IAAI,IAAI,QAAQ,iBAAiB,IAAI,CAAC,MAAM,cAAc,EAAE,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;AAAA,EAC/E,EAAE,MAAM,GAAG,EAAE;AAEb,MAAI,SAAS,WAAW,EAAG,QAAO;AAElC,QAAM,SAAS,MAAM,QAAQ,IAAI,SAAS,IAAI,CAAC,YAAY,aAAa,OAAO,CAAC,CAAC;AACjF,QAAM,UAAU,OAAO,OAAO,OAAO,EAAE;AACvC,MAAI,YAAY,EAAG,QAAO;AAE1B,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,mBAAmB;AAAA,EACrB;AAEA,SAAO;AACT;;;AC9BA,eAAe,UAAU,KAAa,OAAe,OAA6C;AAChG,MAAI;AACF,UAAM,UAAU,IAAI,IAAI,GAAG;AAC3B,YAAQ,aAAa,IAAI,OAAO,KAAK;AAErC,UAAM,UAAkC,CAAC;AACzC,QAAI,MAAO,SAAQ,gBAAgB,UAAU,KAAK;AAElD,UAAM,MAAM,MAAM,WAAW,EAAE,KAAK,QAAQ,SAAS,GAAG,QAAQ,CAAC;AACjE,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,WAAO,QAAQ,SAAS;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,wBAAwB,SAA0C;AACtF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,4BAA4B;AAEhC,QAAM,cACJ,MAAM,QAAQ,IAAI,oBAAoB,IAAI,CAAC,QAAQ,UAAU,KAAK,QAAQ,EAAE,CAAC,CAAC,GAC9E,OAAO,CAAC,MAAmB,QAAQ,CAAC,CAAC;AAEvC,QAAM,kBACJ,MAAM,QAAQ;AAAA,IACZ,gBAAgB,IAAI,CAAC,QAAQ,UAAU,KAAK,QAAQ,IAAI,mBAAmB,CAAC;AAAA,EAC9E,GACA,OAAO,CAAC,MAAmB,QAAQ,CAAC,CAAC;AAEvC,MAAI,WAAW,WAAW,KAAK,eAAe,WAAW,GAAG;AAC1D,WAAO;AAAA,EACT;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,kBAAkB,WAAW,SAAS,IAAI,aAAa,QAAQ,cAAc;AAAA,IAC7E,iBACE,eAAe,SAAS,IAAI,iBAAiB,QAAQ,cAAc;AAAA,EACvE;AAEA,QAAM,aAAa,oBAAI,IAAI,CAAC,GAAG,QAAQ,YAAY,GAAG,YAAY,GAAG,cAAc,CAAC;AACpF,UAAQ,aAAa,MAAM,KAAK,UAAU;AAE1C,SAAO;AACT;;;ARtCO,IAAM,gBAAgBC,MAAK;AAAA,EAChC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,OAAOA,GACJ,OAAO,EACP,MAAM,oBAAoB,4CAA4C;AAAA,EAC3E,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,MAAM,MAAwE;AAC9F,UAAM,eAAe,MAAM,YAAY;AAGvC,UAAM,CAAC,YAAY,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,MACjD,aAAa,YAAY;AAAA,MACzB,gBAAgB,YAAY;AAAA,IAC9B,CAAC;AAED,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,QAAQ,YAAY;AAAA,MAC7B;AAAA,IACF;AAGA,QAAI,UAAsB,cAAc;AAAA,MACtC,IAAI;AAAA,MACJ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,YAAY,CAAC;AAAA,MACb,kBAAkB,CAAC;AAAA,IACrB;AAGA,QAAI,WAAW,SAAS,GAAG;AACzB,gBAAU,0BAA0B,SAAS,UAAU;AAAA,IACzD;AAEA,UAAM,eAAyF,CAAC;AAEhG,UAAM,gBAAgB,OACpB,YACA,aACkB;AAClB,YAAM,SAAS,KAAK,UAAU,OAAO;AACrC,UAAI;AACF,kBAAU,MAAM,SAAS,OAAO;AAChC,cAAM,QAAQ,KAAK,UAAU,OAAO;AACpC,qBAAa,UAAU,IAAI;AAAA,UACzB,WAAW;AAAA,UACX,SAAS,WAAW;AAAA,QACtB;AAAA,MACF,SAAS,OAAO;AACd,qBAAa,UAAU,IAAI;AAAA,UACzB,WAAW;AAAA,UACX,SAAS;AAAA,UACT,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,OAAO,aAAa;AACxC,UAAM,cAAc,YAAY,iBAAiB;AACjD,UAAM,cAAc,QAAQ,cAAc;AAC1C,UAAM,cAAc,gBAAgB,qBAAqB;AACzD,UAAM,cAAc,mBAAmB,wBAAwB;AAC/D,UAAM,cAAc,UAAU,gBAAgB;AAC9C,UAAM,cAAc,YAAY,iBAAiB;AACjD,UAAM,cAAc,kBAAkB,uBAAuB;AAC7D,UAAM,cAAc,kBAAkB,uBAAuB;AAE7D,YAAQ,eAAe;AAAA,MACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,MAC7B;AAAA,IACF;AAEA,QAAI,QAAQ,iBAAiB,WAAW,GAAG;AACzC,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,QAAQ,YAAY;AAAA,MAC7B;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,MAAM,QAAQ;AAAA,EACxC;AACF,CAAC;;;ASpGD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,OAAOC,aAAY;AAGnB,IAAM,wBAAwBD,GAAE,OAAO;AAAA,EACrC,MAAMA,GAAE,OAAO;AAAA,EACf,WAAWA,GAAE,QAAQ,KAAK;AAAA,EAC1B,iBAAiBA,GAAE,OAAO;AAAA,EAC1B,qBAAqBA,GAAE,OAAO,EAAE,SAAS;AAAA,EACzC,QAAQA,GAAE,KAAK,CAAC,OAAO,iBAAiB,CAAC;AAC3C,CAAC;AAED,IAAM,yBAAyBA,GAAE,OAAO;AAAA,EACtC,MAAMA,GAAE,OAAO;AAAA,EACf,SAASA,GAAE,OAAO;AAAA,EAClB,MAAMA,GAAE,KAAK,CAAC,UAAU,UAAU,CAAC;AACrC,CAAC;AAEM,IAAM,wBAAwBD,MAAK;AAAA,EACxC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,mBAAmBA,GAChB,MAAM,sBAAsB,EAC5B,SAAS,sCAAsC;AAAA,IAClD,kBAAkBA,GACf,MAAM,qBAAqB,EAC3B,SAAS,wDAAwD;AAAA,EACtE,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,mBAAmB,iBAAiB,MAGhD;AACJ,UAAM,aAAkC,CAAC;AAEzC,eAAW,YAAY,kBAAuC;AAE5D,YAAM,UAAW,kBAAyC;AAAA,QACxD,CAAC,MAAM,EAAE,SAAS,SAAS;AAAA,MAC7B;AAEA,iBAAW,aAAa,SAAS;AAE/B,YAAI,CAACC,QAAO,MAAM,UAAU,OAAO,EAAG;AAEtC,YAAI,eAAe;AACnB,YAAI;AACF,yBAAeA,QAAO,UAAU,UAAU,SAAS,SAAS,iBAAiB;AAAA,YAC3E,mBAAmB;AAAA,UACrB,CAAC;AAAA,QACH,QAAQ;AAEN;AAAA,QACF;AAEA,YAAI,cAAc;AAChB,qBAAW,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,QACzC;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,oBAAoB;AAAA,MACpB,cAAc,kBAAkB;AAAA,IAClC;AAAA,EACF;AACF,CAAC;;;ACnED,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAGX,IAAM,uBAAuBC,MAAK;AAAA,EACvC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,SAAS,sBAAsB;AAAA,IACvD,kBAAkBA,GAAE,OAAO,EAAE,SAAS,gDAAgD;AAAA,IACtF,qBAAqBA,GAClB,OAAO,EACP;AAAA,MACC;AAAA,IACF;AAAA,IACF,iBAAiBA,GACd,OAAO,EACP,SAAS,EACT,SAAS,4EAA4E;AAAA,EAC1F,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAOM;AACJ,UAAM,aAAa,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,EAAE,aAAa,cAAc,YAAY,sBAAsB,IAAI;AAEzE,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL;AAAA,QACA,aAAa;AAAA,QACb,uBAAuB;AAAA,QACvB,SAAS,sCAAsC,WAAW;AAAA,MAC5D;AAAA,IACF;AAEA,UAAM,iBAAiB,SAAS,iBAAiB,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AACzE,UAAM,YAAY,SAAS,YAAY,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AAC/D,UAAM,cAAc,YAAY;AAEhC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS,cACL,sBAAsB,WAAW,SAAS,WAAW,iDAAiD,gBAAgB,8EACtH,SAAS,gBAAgB,MAAM,YAAY,WAAW,SAAS,WAAW,WAAW,gBAAgB;AAAA,IAC3G;AAAA,EACF;AACF,CAAC;;;AC9CM,SAAS,kBAAkB,KAAkD;AAClF,QAAM,QAAQ;AAAA,IACZ,cAAc;AAAA,IACd,mBAAmB,IAAI;AAAA,IACvB,uBAAuB;AAAA,IACvB,sBAAsB;AAAA,IACtB,sBAAsB,IAAI;AAAA,EAC5B;AAEA,MAAI,CAAC,IAAI,YAAY,0BAA0B,CAAC,IAAI,YAAY,mBAAmB;AACjF,UAAM,wBAAwB,IAAI,IAAI;AAAA,EACxC;AAEA,MAAI,CAAC,IAAI,YAAY,mBAAmB;AACtC,UAAM,sBAAsB,IAAI;AAChC,UAAM,gBAAgB,IAAI;AAC1B,UAAM,kBAAkB,IAAI,IAAI;AAAA,EAClC;AAEA,SAAO;AACT;;;ACtCO,SAAS,yBAAyB,SAA2B;AAClE,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAC5C,QAAM,SAAS,QAAQ,UAAU;AAEjC,QAAM,2BAA2B;AAAA,IAC/B,GAAG;AAAA,IACH,SAAS,OAAO,UACb,mBAA2B,QAAQ;AAAA,MAClC,GAAG;AAAA,MACH;AAAA,MACA,WAAW,YAAY;AAAA,IACzB,CAAC;AAAA,EACL;AAEA,QAAM,6BAA6B;AAAA,IACjC,GAAG;AAAA,IACH,SAAS,OAAO,UACb,qBAA6B,QAAQ;AAAA,MACpC,GAAG;AAAA,MACH;AAAA,MACA,aAAa,YAAY;AAAA,MACzB,sBAAsB,YAAY;AAAA,MAClC,uBAAuB,YAAY;AAAA,MACnC,WAAW,YAAY;AAAA,MACvB,QAAQ,UAAU,OAAO,MAAM;AAAA,IACjC,CAAC;AAAA,EACL;AAEA,QAAM,iCAAiC;AAAA,IACrC,GAAG;AAAA,IACH,SAAS,OAAO,UACb,yBAAiC,QAAQ;AAAA,MACxC,GAAG;AAAA,MACH;AAAA,MACA,aAAa,YAAY;AAAA,MACzB,sBAAsB,YAAY;AAAA,MAClC,uBAAuB,YAAY;AAAA,MACnC,WAAW,YAAY;AAAA,MACvB,QAAQ,UAAU,OAAO,MAAM;AAAA,IACjC,CAAC;AAAA,EACL;AAEA,QAAM,2BAA2B;AAAA,IAC/B,GAAG;AAAA,IACH,SAAS,OAAO,UACb,mBAA2B,QAAQ;AAAA,MAClC,GAAG;AAAA,MACH;AAAA,MACA,aAAa,YAAY;AAAA,MACzB,sBAAsB,YAAY;AAAA,MAClC,uBAAuB,YAAY;AAAA,MACnC,WAAW,YAAY;AAAA,MACvB,QAAQ,UAAU,OAAO,MAAM;AAAA,IACjC,CAAC;AAAA,EACL;AAEA,SAAO,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;;;AC9DA,eAAsB,sBACpB,OACA,SAUC;AACD,QAAM,WAAW,gBAAgB,OAAO;AACxC,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,UAAU,QAAQ,UAAU,UAAU;AAC5C,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAE5C,QAAM,SAAS,6CAA6C,KAAK,uBAAuB,GAAG,sBAAsB,cAAc;AAC/H,QAAM,QAAQ,MAAM,YAAY,SAAS,EAAE,YAAY,OAAO,OAAO,CAAC;AACtE,QAAM,YAAY,MAAM,WAAW;AACnC,QAAM,eAAe,wBAAwB;AAAA,IAC3C;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,kBAAkB,QAAQ;AAAA,IAC1B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AtClCA,eAAsB,uBACpB,OACA,UAA4B,CAAC,GACD;AAC5B,QAAM,WAAW,gBAAgB,OAAO;AACxC,MAAI,aAAa,SAAS;AACxB,WAAO,4BAA4B,OAAO,OAAO;AAAA,EACnD;AAEA,QAAM,eAAe,sBAAsB,OAAO;AAElD,eAAa,kBAAkB,4BAA4B,KAAK,KAAK,EAAE,SAAS,CAAC;AAEjF,QAAM,UAAU,MAAM,sBAAsB,OAAO,OAAO;AAC1D,QAAM,EAAE,OAAO,WAAW,QAAQ,aAAa,IAAI;AACnD,eAAa,kBAAkB,kBAAkB,SAAS,KAAK,EAAE,UAAU,OAAO,UAAU,CAAC;AAE7F,MAAI,mBAAkC,CAAC;AACvC,MAAI,qBAA0C,CAAC;AAC/C,MAAI,aAAgC;AACpC,MAAI,aAAa;AAEjB,WAAS,mBAAmB,aAA0D;AACpF,UAAM,QAAQ,mBAAmB,KAAK,CAAC,QAAQ,IAAI,UAAU,SAAS,WAAW;AACjF,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,MAAM,UAAU,SAAS,WAAW,WAAW;AAAA,EACxD;AACA,QAAM,QAAQ,yBAAyB,OAAO;AAE9C,QAAM,UAAU,KAAK,IAAI;AACzB,QAAM,SAAS,MAAMC,cAAa;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA,UAAU;AAAA,IACV,aAAa,YAAY;AACvB,oBAAc;AAEd,YAAM,cAAe,WAAW,eAAe,CAAC;AAKhD,YAAM,cAAc,sBAAsB;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AACD,mBAAa,YAAY;AACzB,2BAAqB,YAAY;AACjC,yBAAmB,YAAY;AAE/B,mBAAa,cAAc,wBAAwB,UAAU,SAAS,YAAY,MAAM,oBAAoB;AAAA,QAC1G;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AAED,QAAM,WAA8B;AAAA,IAClC;AAAA,MACE,SAAS;AAAA,MACT;AAAA,MACA,OAAO;AAAA,MACP,WAAW,KAAK,IAAI,IAAI;AAAA,MACxB,aAAa,OAAO,SAAS,aAAa;AAAA,MAC1C,iBAAiB,OAAO,KAAK;AAAA,MAC7B,kBAAkB,qBAAqB;AAAA,QACrC;AAAA,QACA,aAAa,OAAO,SAAS,aAAa;AAAA,QAC1C,iBAAiB,OAAO,KAAK;AAAA,MAC/B,CAAC;AAAA,IACH;AAAA,EACF;AAEA,eAAa,mBAAmB,8BAA8B,iBAAiB,MAAM,eAAe;AAAA,IAClG;AAAA,IACA,OAAO;AAAA,EACT,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,OAAO;AAAA,IAChB;AAAA,IACA,aAAa;AAAA,MACX,WAAW,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,MACnB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;;;AuCjHA,SAAS,iBAAyB;AAChC,SAAO,OAAO,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AACpE;AAEO,SAAS,0BAA0B,SAAiG;AACzI,SAAO;AAAA,IACL,WAAW,QAAQ,aAAa,eAAe;AAAA,IAC/C,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,SAAS,yBAAyB,SAA8C;AACrF,SAAO;AAAA,IACL,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ,UAAU;AAAA,EAC5B;AACF;AAEO,SAAS,mBAAmB,SAA2B,KAAqC;AACjG,QAAM,SAAS,WAAW,KAAK,QAAQ,MAAM;AAC7C,SAAO;AAAA,IACL,wBACE,QAAQ,aAAa,0BACrB,OAAO,aAAa,0BACpB;AAAA,IACF,mBACE,QAAQ,aAAa,qBACrB,OAAO,aAAa,qBACpB;AAAA,IACF,aACE,QAAQ,aAAa,eACrB,OAAO,aAAa,eACpB;AAAA,IACF,sBACE,QAAQ,aAAa,wBACrB,OAAO,aAAa;AAAA,IACtB,uBACE,QAAQ,aAAa,yBACrB,OAAO,aAAa;AAAA,IACtB,WACE,QAAQ,aAAa,aACrB,OAAO,aAAa;AAAA,EACxB;AACF;;;ACpDA,SAAS,aAAAC,YAAW,iBAAAC,sBAAqB;AACzC,SAAS,QAAAC,cAAY;AA2Dd,SAAS,kBAAkB,KAAa,QAAkB,UAA2B,CAAC,GAAgB;AAC3G,SAAO;AAAA,IACL,OAAO,GAAG,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AAAA,IAC9D,WAAW,QAAQ;AAAA,IACnB,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ;AAAA,IACrB,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ;AAAA,IAChB,aAAa,QAAQ;AAAA,IACrB,gBAAgB,QAAQ;AAAA,IACxB;AAAA,IACA;AAAA,IACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,OAAO,CAAC;AAAA,EACV;AACF;AAEO,SAAS,gBACd,KACA,QACA,OACA,QACA,OACM;AACN,MAAI,MAAM,KAAK;AAAA,IACb,KAAI,oBAAI,KAAK,GAAE,YAAY;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEO,SAAS,iBAAiB,KAA+B;AAC9D,MAAI,cAAa,oBAAI,KAAK,GAAE,YAAY;AACxC,SAAO;AACT;AAEO,SAAS,iBAAiB,KAAa,KAA0B;AACtE,QAAM,MAAMA,OAAK,KAAK,mBAAmB,UAAU;AACnD,EAAAF,WAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAClC,QAAM,WAAWE,OAAK,KAAK,GAAG,IAAI,KAAK,OAAO;AAC9C,EAAAD,eAAc,UAAU,KAAK,UAAU,KAAK,MAAM,CAAC,IAAI,MAAM,MAAM;AACnE,SAAO;AACT;;;AC/FO,SAAS,wBAAwB,QAOZ;AAC1B,MAAI,OAAO,QAAQ,aAAa,OAAO;AACrC,WAAO;AAAA,EACT;AAEA,SAAO,kBAAkB,OAAO,KAAK,CAAC,OAAO,KAAK,GAAG;AAAA,IACnD,GAAG,OAAO;AAAA,IACV,OAAO,OAAO,WAAW;AAAA,IACzB,QAAQ,OAAO,WAAW;AAAA,IAC1B,aAAa,OAAO;AAAA,IACpB,gBAAgB,OAAO,QAAQ;AAAA,EACjC,CAAC;AACH;AAEO,SAAS,sBAAsB,QAM7B;AACP,MAAI,CAAC,OAAO,UAAU;AACpB;AAAA,EACF;AAEA;AAAA,IACE,OAAO;AAAA,IACP;AAAA,IACA;AAAA,MACE,OAAO,OAAO;AAAA,MACd,QAAQ,QAAQ,OAAO,QAAQ,MAAM;AAAA,MACrC,SAAS,QAAQ,OAAO,QAAQ,OAAO;AAAA,MACvC,aAAa,OAAO;AAAA,IACtB;AAAA,IACA;AAAA,MACE,wBAAwB,QAAQ,OAAO,YAAY,sBAAsB;AAAA,MACzE,mBAAmB,QAAQ,OAAO,YAAY,iBAAiB;AAAA,IACjE;AAAA,EACF;AACF;AAEO,SAAS,wBACd,UACA,OACA,QACM;AACN,MAAI,CAAC,UAAU;AACb;AAAA,EACF;AAEA,aAAW,UAAU,OAAO,SAAS;AACnC;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,UAAU,OAAO;AAAA,QACjB,aAAa,OAAO;AAAA,QACpB,WAAW,OAAO;AAAA,MACpB;AAAA,MACA;AAAA,QACE,SAAS,OAAO;AAAA,QAChB,QAAQ,OAAO;AAAA,QACf,kBAAkB,OAAO;AAAA,QACzB,cAAc,OAAO,cAAc;AAAA,QACnC,iBAAiB,QAAQ,OAAO,wBAAwB,MAAM;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA;AAAA,IACE;AAAA,IACA;AAAA,IACA,EAAE,MAAM;AAAA,IACR;AAAA,MACE,aAAa,OAAO,QAAQ;AAAA,MAC5B,iBAAiB,OAAO,mBAAmB;AAAA,MAC3C,UAAU,OAAO;AAAA,IACnB;AAAA,EACF;AACA,mBAAiB,QAAQ;AAC3B;AAEO,SAAS,sBACd,UACA,OACA,OACM;AACN,MAAI,CAAC,UAAU;AACb;AAAA,EACF;AAEA,QAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,kBAAgB,UAAU,mBAAmB,EAAE,MAAM,GAAG,QAAW,OAAO;AAC1E,mBAAiB,QAAQ;AAC3B;AAEO,SAAS,uBAAuB,UAAmC,OAAqB;AAC7F,MAAI,CAAC,UAAU;AACb;AAAA,EACF;AACA,kBAAgB,UAAU,0BAA0B,EAAE,MAAM,CAAC;AAC7D,mBAAiB,QAAQ;AAC3B;AAEO,SAAS,uBAAuB,KAAa,UAAuD;AACzG,SAAO,WAAW,iBAAiB,KAAK,QAAQ,IAAI;AACtD;;;AC3HO,SAAS,iBAAiB,OAAqB;AACpD,MAAI,CAAC,mBAAmB,KAAK,KAAK,GAAG;AACnC,UAAM,IAAI;AAAA,MACR,oBAAoB,KAAK;AAAA,IAC3B;AAAA,EACF;AACF;;;ACSA,eAAsB,UAAU,OAAe,UAA4B,CAAC,GAA+B;AACzG,mBAAiB,KAAK;AAEtB,QAAM,kBAAkB,MAAM,YAAY;AAC1C,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,cAAc,mBAAmB,SAAS,GAAG;AACnD,QAAM,aAAa,yBAAyB,OAAO;AACnD,QAAM,cAAc,0BAA0B,OAAO;AACrD,QAAM,cAAc,gBAAgB,OAAO;AAC3C,QAAM,WAAW,wBAAwB;AAAA,IACvC;AAAA,IACA,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI,QAAQ,UAAU,QAAQ,gBAAgB;AAC5C,UAAM,SAAS,qBAAqB,KAAK,QAAQ,gBAAgB,eAAe;AAChF,QAAI,QAAQ;AACV,6BAAuB,UAAU,eAAe;AAChD,YAAME,gBAAe,uBAAuB,KAAK,QAAQ;AACzD,aAAO;AAAA,QACL,GAAG;AAAA,QACH,SAAS,GAAG,OAAO,OAAO;AAAA,QAC1B,cAAAA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,kBAAkB;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAEA,wBAAsB;AAAA,IACpB;AAAA,IACA,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,uBAAuB,iBAAiB;AAAA,MACrD,GAAG;AAAA,MACH,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,0BAAsB,UAAU,iBAAiB,KAAK;AACtD,2BAAuB,KAAK,QAAQ;AACpC,UAAM;AAAA,EACR;AAEA,0BAAwB,UAAU,iBAAiB,MAAM;AAEzD,QAAM,eAAe,uBAAuB,KAAK,QAAQ;AAEzD,QAAM,cAAiC;AAAA,IACrC,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,kBAAkB;AAAA,EACpB;AAEA,MAAI,QAAQ,kBAAkB,CAAC,QAAQ,UAAU,CAAC,QAAQ,SAAS;AACjE,0BAAsB,KAAK,QAAQ,gBAAgB,iBAAiB,WAAW;AAAA,EACjF;AAEA,SAAO;AACT;AAEA,eAAsB,gBACpB,OACA,UAA4B,CAAC,GACD;AAC5B,SAAO,UAAU,OAAO;AAAA,IACtB,GAAG;AAAA,IACH,SAAS;AAAA,IACT,QAAQ;AAAA,EACV,CAAC;AACH;;;ACpGA,SAAS,eAAe;AACxB,SAAS,gBAAAC,sBAAoB;AAC7B,SAAS,SAAAC,eAAa;;;ACFtB,SAAS,gBAAAC,qBAAoB;AAmB7B,IAAM,YAAY;AAElB,SAAS,kBAAkB,KAA6C;AACtE,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,KAAK,IAAI,YAAY;AAC3B,MAAI,OAAO,cAAc,OAAO,UAAU,OAAO,YAAY,OAAO,OAAO;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,4BAA4B,SAAsC;AAChF,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,QAAQ,OAAO,OAAO,OAAO,mBAAmB,CAAC,CAAC,GAAG;AAC9D,eAAW,YAAY,KAAK,OAAO,CAAC,GAAG;AACrC,YAAM,OAAO,OAAO,aAAa,WAAW,WAAW,GAAG,SAAS,OAAO,EAAE,IAAI,SAAS,QAAQ,EAAE;AACnG,YAAM,UAAU,KAAK,MAAM,SAAS,KAAK,CAAC;AAC1C,iBAAW,SAAS,SAAS;AAC3B,cAAM,QAAQ,MAAM,YAAY;AAChC,cAAM,MAAM,GAAG,KAAK,IAAI,KAAK,IAAI;AACjC,YAAI,KAAK,IAAI,GAAG,EAAG;AACnB,aAAK,IAAI,GAAG;AACZ,iBAAS,KAAK;AAAA,UACZ;AAAA,UACA,QAAQ;AAAA,UACR,aAAa,KAAK;AAAA,UAClB,UAAU,kBAAkB,KAAK,QAAQ;AAAA,QAC3C,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,sBAAsB,UAAuC;AAC3E,QAAM,UAAUA,cAAa,UAAU,MAAM;AAC7C,SAAO,4BAA4B,OAAO;AAC5C;;;AC5DA,SAAS,gBAAAC,qBAAoB;AAG7B,IAAMC,aAAY;AAElB,SAASC,mBAAkB,KAA6C;AACtE,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,KAAK,IAAI,YAAY;AAC3B,MAAI,OAAO,cAAc,OAAO,UAAU,OAAO,YAAY,OAAO,OAAO;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,6BAA6B,SAAsC;AACjF,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,QAAM,QAAQ,QACX,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,IAAI;AAAA,IAC1B,QAAQ;AACN;AAAA,IACF;AAEA,UAAM,QAAQ;AAYd,QAAI,MAAM,SAAS,gBAAiB;AAEpC,UAAM,WAAW,MAAM,MAAM;AAC7B,UAAM,cAAc,UAAU;AAC9B,UAAM,WAAWA,mBAAkB,UAAU,QAAQ;AAErD,UAAM,OAAO,GAAG,UAAU,OAAO,EAAE,KAAK,UAAU,QAAQ,CAAC,GAAG,KAAK,GAAG,CAAC;AACvE,UAAM,UAAU,KAAK,MAAMD,UAAS,KAAK,CAAC;AAE1C,eAAW,SAAS,SAAS;AAC3B,YAAM,QAAQ,MAAM,YAAY;AAChC,YAAM,MAAM,GAAG,KAAK,IAAI,eAAe,EAAE;AACzC,UAAI,KAAK,IAAI,GAAG,EAAG;AACnB,WAAK,IAAI,GAAG;AAEZ,eAAS,KAAK;AAAA,QACZ;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,uBAAuB,UAAuC;AAC5E,QAAM,UAAUD,cAAa,UAAU,MAAM;AAC7C,SAAO,6BAA6B,OAAO;AAC7C;;;ACzEA,SAAS,gBAAAG,sBAAoB;AAiB7B,IAAMC,aAAY;AAElB,SAAS,mBAAmB,QAAyC;AACnE,QAAM,MAAM,OAAO,aAAa,aAAa;AAC7C,SAAO,OAAO,QAAQ,WAAW,MAAM;AACzC;AAEO,SAAS,qBAAqB,SAAsC;AACzE,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,OAAO,OAAO,QAAQ,CAAC,GAAG;AACnC,eAAW,UAAU,IAAI,WAAW,CAAC,GAAG;AACtC,YAAM,WAAW,GAAG,OAAO,UAAU,EAAE,IAAI,OAAO,SAAS,QAAQ,EAAE;AACrE,YAAM,UAAU,SAAS,MAAMA,UAAS,KAAK,CAAC;AAC9C,iBAAW,SAAS,SAAS;AAC3B,cAAM,QAAQ,MAAM,YAAY;AAChC,cAAM,MAAM,mBAAmB,MAAM;AACrC,cAAM,MAAM,GAAG,KAAK,IAAI,OAAO,EAAE;AACjC,YAAI,KAAK,IAAI,GAAG,EAAG;AACnB,aAAK,IAAI,GAAG;AACZ,iBAAS,KAAK;AAAA,UACZ;AAAA,UACA,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,UAAU;AAAA,QACZ,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,UAAuC;AACpE,QAAM,UAAUD,eAAa,UAAU,MAAM;AAC7C,SAAO,qBAAqB,OAAO;AACrC;;;AH5CO,SAAS,eAAe,UAAkB,QAA8C;AAC7F,QAAM,WAAW,WAAW,SAAS,YAAY,QAAQ,IAAI;AAE7D,MAAI,aAAa,aAAa;AAC5B,WAAO,sBAAsB,QAAQ;AAAA,EACvC;AACA,MAAI,aAAa,cAAc;AAC7B,WAAO,uBAAuB,QAAQ;AAAA,EACxC;AACA,MAAI,aAAa,SAAS;AACxB,WAAO,eAAe,QAAQ;AAAA,EAChC;AAEA,QAAM,IAAI,MAAM,6BAA6B,QAAQ,EAAE;AACzD;AAEA,eAAsB,wBAAwB,QAKb;AAC/B,QAAM,KAAK,OAAO,kBAAkB,qBAAqB,OAAO,GAAG;AACnE,QAAM,WAAW,OAAO,WAAW,SAAS,mBAAmB,EAAE,IAAI,OAAO;AAE5E,iCAA+B,IAAI,QAAQ;AAE3C,MAAI,aAAa,SAAS;AACxB,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACpE;AAEA,QAAM,UAAU,oBAAoB,IAAI,EAAE,WAAW,OAAO,UAAU,CAAC;AACvE,QAAM,CAAC,KAAK,GAAG,IAAI,IAAI;AAEvB,QAAM,SAAS,MAAME,QAAM,KAAK,MAAM;AAAA,IACpC,KAAK,OAAO;AAAA,IACZ,OAAO;AAAA,IACP,QAAQ;AAAA,EACV,CAAC;AAED,QAAM,SAAS,CAAC,OAAO,QAAQ,OAAO,MAAM,EAAE,OAAO,OAAO,EAAE,KAAK,IAAI;AACvE,MAAI,CAAC,OAAO,KAAK,GAAG;AAClB,UAAM,IAAI,MAAM,iCAAiC,QAAQ,KAAK,GAAG,CAAC,GAAG;AAAA,EACvE;AAEA,MAAI;AACF,UAAM,WACJ,aAAa,eACT,6BAA6B,MAAM,IACnC,4BAA4B,MAAM;AAExC,SAAK,OAAO,YAAY,OAAO,KAAK,SAAS,WAAW,GAAG;AACzD,YAAM,IAAI,MAAM,iEAAiE;AAAA,IACnF;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,UAAM,QAAQ,OAAO,YAAY,OAAO,IAAI,eAAe,OAAO,QAAQ,MAAM;AAChF,UAAM,IAAI;AAAA,MACR,+BAA+B,QAAQ,KAAK,GAAG,CAAC,GAAG,IAAI,OAAO,QAAQ,KAAK,OAAO;AAAA,IACpF;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,IAAgE;AAC1F,SAAO,OAAO,SAAS,eAAe;AACxC;AAEA,SAAS,+BACP,IACA,UACM;AACN,MAAI,aAAa,QAAS;AAE1B,MAAI,OAAO,UAAU,aAAa,cAAc;AAC9C,UAAM,IAAI,MAAM,4HAA4H;AAAA,EAC9I;AAEA,MAAI,OAAO,UAAU,aAAa,aAAa;AAC7C,UAAM,IAAI,MAAM,WAAW,QAAQ,4CAA4C,EAAE,6DAA6D;AAAA,EAChJ;AACF;AAEA,SAAS,YAAY,UAAoD;AACvE,QAAM,MAAM,QAAQ,QAAQ,EAAE,YAAY;AAC1C,MAAI,QAAQ,SAAU,QAAO;AAE7B,MAAI;AACF,UAAM,UAAUC,eAAa,UAAU,MAAM;AAC7C,UAAM,YAAY,QAAQ,MAAM,IAAI,EAAE,KAAK,CAAC,SAAS,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AAChF,QAAI,WAAW;AACb,YAAM,SAAS,KAAK,MAAM,SAAS;AACnC,UAAI,OAAO,SAAS,mBAAmB,OAAO,SAAS,gBAAgB;AACrE,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,SAAO;AACT;;;AI/GO,SAAS,aAAa,UAAyC;AACpE,SAAO,CAAC,GAAG,IAAI,IAAI,SAAS,IAAI,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,CAAC,CAAC;AAChE;;;ACgBA,eAAsB,wBAAwB,QASb;AAC/B,QAAM,UAA+B,CAAC;AACtC,QAAM,SAAoD,CAAC;AAC3D,QAAM,0BAID,CAAC;AACN,MAAI,aAAa;AAEjB,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI;AACF,sBAAgB,OAAO,UAAU,mBAAmB,EAAE,MAAM,CAAC;AAC7D,YAAM,SAAS,MAAM,UAAU,OAAO;AAAA,QACpC,GAAG,OAAO;AAAA,QACV,YAAY,OAAO;AAAA,QACnB,UAAU;AAAA,QACV,GAAG,OAAO;AAAA,QACV,OAAO,OAAO,WAAW;AAAA,QACzB,QAAQ,OAAO,WAAW;AAAA,QAC1B,aAAa,OAAO;AAAA,MACtB,CAAC;AAED,aAAO,UAAU,OAAO,QAAQ,OAAO,CAAC,WAAW,iBAAiB,OAAO,QAAQ,OAAO,WAAW,CAAC;AAEtG,iBAAW,UAAU,OAAO,SAAS;AACnC,YAAI,OAAO,aAAa,cAAc;AACpC,wBAAc;AAAA,QAChB;AACA,YAAI,OAAO,YAAY,WAAW,SAAS,OAAO,YAAY,OAAO;AACnE,kCAAwB,KAAK;AAAA,YAC3B,aAAa,OAAO;AAAA,YACpB;AAAA,YACA,OAAO,OAAO,WAAW;AAAA,UAC3B,CAAC;AAAA,QACH;AAAA,MACF;AAEA,cAAQ,KAAK,MAAM;AACnB,sBAAgB,OAAO,UAAU,oBAAoB,EAAE,MAAM,GAAG,EAAE,SAAS,OAAO,QAAQ,OAAO,CAAC;AAAA,IACpG,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,aAAO,KAAK,EAAE,OAAO,QAAQ,CAAC;AAC9B,sBAAgB,OAAO,UAAU,mBAAmB,EAAE,MAAM,GAAG,QAAW,OAAO;AAAA,IACnF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChEO,SAAS,iBAAiB,QAGjB;AACd,MAAI,eAAe;AACnB,MAAI,cAAc;AAClB,aAAW,UAAU,OAAO,SAAS;AACnC,eAAW,UAAU,OAAO,SAAS;AACnC,UAAI,OAAO,WAAW,OAAO,QAAQ;AACnC,wBAAgB;AAAA,MAClB,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAO,OAAO;AAE7B,MAAI,SAA+B;AACnC,MAAI,cAAc,KAAK,eAAe,GAAG;AACvC,aAAS;AAAA,EACX,WAAW,cAAc,KAAK,iBAAiB,GAAG;AAChD,aAAS;AAAA,EACX;AAEA,QAAM,iBAAiB,oBAAoB,OAAO,OAAO;AACzD,QAAM,wBAAwB,2BAA2B,OAAO,OAAO;AACvE,QAAM,qBAAqB,4BAA4B,OAAO,OAAO;AACrE,QAAM,mBAAmB,OAAO,QAAQ,OAAO,CAAC,KAAK,WAAW,MAAM,OAAO,QAAQ,QAAQ,CAAC;AAE9F,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACjDO,SAAS,sBAAsB,SAAkD;AACtF,MAAI,gBAAgB;AACpB,MAAI,mBAAmB;AACvB,MAAI,oBAAoB;AAExB,aAAW,UAAU,SAAS;AAC5B,eAAW,SAAS,OAAO,YAAY,CAAC,GAAG;AACzC,uBAAiB;AACjB,0BAAoB,MAAM,oBAAoB;AAC9C,2BAAqB,MAAM,aAAa;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,kBAAkB,gBAAgB,IAAI,OAAO,iBAAiB,QAAQ,CAAC,CAAC,IAAI;AAAA,IAC5E,mBAAmB,gBAAgB,IAAI,oBAAoB;AAAA,EAC7D;AACF;;;ACfA,eAAsB,kBACpB,WACA,UAAuB,CAAC,GACH;AACrB,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AAEvC,QAAM,SAAS,WAAW,KAAK,QAAQ,MAAM;AAC7C,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,QAAQ,QAAQ,SAAS;AAC/B,QAAM,YAAY,QAAQ,aAAa,aAAa,OAAO,aAAa;AAExE,QAAM,WAAW,QACb,MAAM,wBAAwB;AAAA,IAC5B;AAAA,IACA,gBAAgB,QAAQ;AAAA,IACxB;AAAA,IACA;AAAA,EACF,CAAC,IACD,eAAe,WAAW,MAAM;AACpC,QAAM,SAAS,aAAa,QAAQ;AACpC,QAAM,cAAc,gBAAgB,OAAO;AAC3C,QAAM,cAAc,0BAA0B,OAAO;AACrD,QAAM,aAAa,yBAAyB,OAAO;AACnD,QAAM,cAAc,mBAAmB,SAAS,GAAG;AAEnD,QAAM,WAAW,kBAAkB,KAAK,QAAQ;AAAA,IAC9C,GAAG;AAAA,IACH,OAAO,WAAW;AAAA,IAClB,QAAQ,WAAW;AAAA,IACnB;AAAA,IACA,gBAAgB,QAAQ;AAAA,EAC1B,CAAC;AACD;AAAA,IACE;AAAA,IACA;AAAA,IACA,EAAE,WAAW,QAAQ,MAAM;AAAA,IAC3B,EAAE,cAAc,SAAS,QAAQ,UAAU,OAAO,OAAO;AAAA,EAC3D;AAEA,QAAM,YAAY,MAAM,wBAAwB;AAAA,IAC9C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,UAA+B,UAAU;AAC/C,QAAM,EAAE,QAAQ,YAAY,wBAAwB,IAAI;AAExD,QAAM,iBAAiB,sBAAsB,OAAO;AACpD,QAAM,UAAU,iBAAiB,EAAE,SAAS,OAAO,CAAC;AACpD,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,WAAS,UAAU;AAAA,IACjB;AAAA,IACA,UAAU,OAAO;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,yBAAyB,wBAAwB,SAAS,IAAI,0BAA0B;AAAA,IACxF;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,aAAa,IAAI,aAAa;AAAA,IAC1C,eAAe,eAAe,gBAAgB,IAAI,eAAe,gBAAgB;AAAA,IACjF,kBAAkB,eAAe;AAAA,IACjC,mBAAmB,eAAe;AAAA,EACpC;AAEA,mBAAiB,QAAQ;AACzB,QAAM,eAAe,QAAQ,aAAa,QAAQ,SAAY,iBAAiB,KAAK,QAAQ;AAE5F,SAAO;AAAA,IACL,eAAe;AAAA,IACf;AAAA,IACA,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,yBAAyB,wBAAwB,SAAS,IAAI,0BAA0B;AAAA,IACxF;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,aAAa,IAAI,aAAa;AAAA,IAC1C;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB,QAAQ;AAAA,IACxB,eAAe,eAAe,gBAAgB,IAAI,eAAe,gBAAgB;AAAA,IACjF,kBAAkB,eAAe;AAAA,IACjC,mBAAmB,eAAe;AAAA,EACpC;AACF;","names":["existsSync","readFile","join","existsSync","join","execa","existsSync","existsSync","join","readFile","readFileSync","join","execa","existsSync","readFileSync","join","readFileSync","join","execa","existsSync","mkdirSync","readFileSync","writeFileSync","join","generateText","tool","z","join","readFileSync","writeFileSync","execa","semver","join","resolve","tool","z","join","semver","readFileSync","writeFileSync","execa","tool","z","join","readFileSync","writeFileSync","execa","semver","execa","execa","tool","z","join","semver","readFileSync","writeFileSync","execa","safeUpgrade","tool","z","mkdir","readdir","readFile","rm","join","execa","tool","z","tool","z","tool","z","mkdir","writeFile","join","execa","existsSync","readFile","rm","join","execa","join","readFile","execa","rm","existsSync","tool","z","join","mkdir","writeFile","execa","semver","existsSync","readFileSync","join","tool","z","tool","z","tool","z","semver","tool","z","tool","z","generateText","mkdirSync","writeFileSync","join","evidenceFile","readFileSync","execa","readFileSync","readFileSync","CVE_REGEX","normalizeSeverity","readFileSync","CVE_REGEX","execa","readFileSync"]}