chainwall 2.1.0 → 2.2.2

package/LICENSE

@@ -1,6 +1,7 @@
 MIT License
 
-Copyright (c) 2025 consulalialpric
+Copyright (c) 2025-2026 ChainWall Contributors
+Original author: girlintokyo (https://github.com/consulalialpric)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,3 +20,45 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
+---
+
+ADDITIONAL NOTICES
+
+Security Tool Disclaimer
+
+ChainWall is a defensive security tool designed to detect exposed secrets,
+audit AI tool access, and block threats. It is intended for use by developers
+and security professionals to protect their own systems and codebases.
+
+This software does not guarantee complete protection against all threats.
+No security tool can provide absolute assurance. Users are responsible for
+evaluating the suitability of this software for their specific security
+requirements and for implementing additional safeguards as needed.
+
+The detection patterns, rules, and heuristics included in this software are
+provided for defensive purposes only. The authors disclaim any responsibility
+for misuse of this software or its components.
+
+Third-Party Components
+
+This software includes or may interact with third-party components, each
+governed by their own respective licenses. Notable dependencies include:
+
+  - Ink (MIT) — Terminal UI framework
+  - React (MIT) — Component library
+  - Vitest (MIT) — Test framework
+  - @modelcontextprotocol/sdk (MIT) — MCP protocol
+
+Trademark Notice
+
+"ChainWall" and the ChainWall logo are trademarks of the ChainWall project.
+Use of these trademarks must comply with standard fair use guidelines. You
+may use the name to refer to the software but may not imply endorsement or
+affiliation without written permission.
+
+Contribution
+
+By submitting a pull request or contributing code to this project, you agree
+to license your contribution under the same MIT License terms described above,
+without any additional terms or conditions.

package/README.md

@@ -8,21 +8,35 @@
 [![npm version](https://img.shields.io/npm/v/chainwall.svg)](https://www.npmjs.com/package/chainwall)
 [![npm downloads](https://img.shields.io/npm/dm/chainwall.svg)](https://www.npmjs.com/package/chainwall)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-[![Tests](https://img.shields.io/badge/tests-743_passing-brightgreen?logo=vitest&logoColor=white)](#reference)
+[![Tests](https://img.shields.io/badge/tests-976_passing-brightgreen?logo=vitest&logoColor=white)](#reference)
 [![GitHub stars](https://img.shields.io/github/stars/consulalialpric/chainwall?style=social)](https://github.com/consulalialpric/chainwall)
 
-**Antivirus for AI agents.**
+**Antivirus for AI tools.**
 
-Your AI tools have access to every secret on your machine. ChainWall scans your filesystem, maps which tools can reach your credentials, and blocks threats before they happen.
+Your AI tools have access to every secret on your machine. ChainWall scans your filesystem, maps which tools can reach your credentials, and blocks threats before they happen. Keep your device safe.
 
-`178 detection patterns` · `18 AI tools audited` · `743 tests` · `<50ms hooks`
+`197 detection patterns` · `18 AI tools audited` · `976 tests` · `<50ms hooks`
 
 </div>
 
+---
+
+## Get Started
+
+```bash
+npm install -g chainwall
+chainwall
+```
+
+That's it. Two commands. The interactive dashboard opens and walks you through everything — scan for secrets, audit your AI tools, monitor runtime behavior, and configure protection. No flags to memorize, no config files to write.
+
 <p align="center">
   <img src=".github/images/dashboard.png" width="680" alt="ChainWall Dashboard">
 </p>
 
+> [!TIP]
+> The dashboard is the best way to use ChainWall. Navigate with `1`-`6`, run scans and audits from inside, toggle protection with `p`, remediate findings with `r`, and press `?` for all keybindings. Everything the CLI can do, the dashboard does better.
+
 <div align="center">
 
 [Twitter](https://x.com/Antivirus) · [GitHub](https://github.com/consulalialpric/chainwall) · [@girlintokyo](https://x.com/girlintokyo)
@@ -33,43 +47,93 @@ Your AI tools have access to every secret on your machine. ChainWall scans your
 
 ## Table of Contents
 
-- [Installation](#installation)
 - [The Problem](#the-problem)
 - [See It in Action](#see-it-in-action)
 - [What It Does](#what-it-does)
+- [CLI Commands](#cli-commands)
 - [Detection Patterns](#detection-patterns)
 - [Supported AI Tools](#supported-ai-tools)
+- [MCP Server](#mcp-server)
 - [Architecture](#architecture)
 - [Reference](#reference)
 - [License](#license)
 
 ---
 
-## Installation
+## The Problem
+
+> [!WARNING]
+> **Your AI tools can read every secret on your machine right now.**
+
+AI tools have broad filesystem access — coding agents, chat assistants, automation workflows, MCP servers — they can all reach your AWS credentials, SSH keys, `.env` files, crypto wallets, and browser cookies. Most users have no idea how exposed they are.
 
-### Step 1 — Install
+The threat isn't hypothetical. A single prompt injection buried in a dependency README. A hallucinated shell command that pipes your keys to a remote server. A compromised MCP server that exfiltrates environment variables on every call. The agent doesn't need to be malicious — it just needs to be tricked.
 
-Run this once to install ChainWall globally:
+There's no firewall between your AI tools and your secrets. No permission model. No audit trail. You're running autonomous software with the keys to your entire digital life, and hoping for the best.
 
-```bash
-npm install -g chainwall
-```
+ChainWall closes the gap. Scan what's exposed, see which tools can reach it, and block threats before they execute — in under a minute.
+
+---
+
+## See It in Action
+
+<p align="center">
+  <img src=".github/images/demo.gif" width="680" alt="ChainWall TUI Demo">
+</p>
+
+---
+
+## What It Does
+
+### Scan
+
+ChainWall walks your filesystem and matches every file against 197 compiled regex patterns — credentials, private keys, crypto seeds, PII, dangerous commands, supply chain attacks, and cryptojacking. Entropy validation filters out false positives so you only see real secrets. System-level scans target the specific locations where credentials actually live: `~/.aws`, `~/.ssh`, `~/.gnupg`, browser profiles, and more.
+
+<p align="center">
+  <img src=".github/images/scan.png" width="640" alt="ChainWall scan results">
+</p>
+
+### Audit
+
+The auditor detects every AI tool on your machine — 18 tools across three access levels — then cross-references each tool's filesystem reach against your discovered secrets. The result is an exposure map: which tools can read which secrets, ranked by risk. It also inspects MCP server configurations for poisoning attacks (description injection, typosquatting, rug-pull detection), VS Code extensions, CLI tools, environment variables, running cryptocurrency miners, and skill/instruction file threats.
+
+Sections like MCP Servers, VS Code Extensions, and Environment Variables show "None found." when your system is clean — that's the goal. If something is lurking, ChainWall will surface it.
+
+<p align="center">
+  <img src=".github/images/audit.png" width="640" alt="ChainWall audit results">
+</p>
+
+### Monitor
+
+Runtime behavioral analysis scans running processes, network connections, browser extensions, shadow AI tools, clipboard contents, and persistence mechanisms (crontab, launch agents, shell profiles). Findings are correlated using signal-based scoring with PID cross-referencing and optional baseline diffing to detect new activity since your last snapshot.
 
-### Step 2 — Use
+### Protect
+
+Real-time bash hooks intercept dangerous operations before they execute. Pre-commit hooks block secrets from entering your git history. Pre-push hooks catch force-pushes and branch deletions. PreToolUse and PostToolUse hooks run inline with Claude Code to block file reads and shell commands in real-time — under 50ms, every time.
 
-These are the commands you'll use day-to-day:
+> [!IMPORTANT]
+> The two layers are fully independent. Bash hooks work without Node.js installed. The TypeScript CLI works without hooks being configured. Use either or both.
+
+---
+
+## CLI Commands
+
+The dashboard is the recommended way to use ChainWall, but every feature is also available as a standalone command:
 
 ```bash
+chainwall                # launch the interactive dashboard (recommended)
 chainwall scan           # find secrets, keys, and PII on your machine
 chainwall audit          # map which AI tools can reach those secrets
+chainwall monitor        # runtime behavioral analysis (processes, network, persistence)
 chainwall init           # install real-time protection hooks (one-time setup)
-chainwall                # launch interactive dashboard
 ```
 
 > [!NOTE]
-> `chainwall scan` and `chainwall audit` are your main tools — run them anytime to check your exposure. `chainwall init` only needs to run once per project to deploy hooks. After that, just launch `chainwall` for the full dashboard.
+> `chainwall init` only needs to run once per project to deploy hooks. After that, just launch `chainwall` for the full dashboard.
 
-### Where to run it
+<details>
+<summary><b>Platform guide</b></summary>
+<br>
 
 <table>
 <tr>
@@ -113,6 +177,8 @@ chainwall                # launch interactive dashboard
 </tr>
 </table>
 
+</details>
+
 <details>
 <summary><b>Install from source</b></summary>
 <br>
@@ -139,62 +205,9 @@ Pure bash + jq, executes in under 50ms, zero network calls.
 
 ---
 
-## The Problem
-
-> [!WARNING]
-> **Your AI tools can read every secret on your machine right now.**
-
-AI tools have broad filesystem access — coding agents, chat assistants, automation workflows, MCP servers — they can all reach your AWS credentials, SSH keys, `.env` files, crypto wallets, and browser cookies. Most users have no idea how exposed they are.
-
-The threat isn't hypothetical. A single prompt injection buried in a dependency README. A hallucinated shell command that pipes your keys to a remote server. A compromised MCP server that exfiltrates environment variables on every call. The agent doesn't need to be malicious — it just needs to be tricked.
-
-There's no firewall between your AI tools and your secrets. No permission model. No audit trail. You're running autonomous software with the keys to your entire digital life, and hoping for the best.
-
-ChainWall closes the gap. Scan what's exposed, see which tools can reach it, and block threats before they execute — in under a minute.
-
----
-
-## See It in Action
-
-<p align="center">
-  <img src=".github/images/demo.gif" width="680" alt="ChainWall TUI Demo">
-</p>
-
-> [!TIP]
-> Launch the interactive dashboard with `chainwall` (no arguments). Navigate panels with `1`-`5`, toggle protection with `p`, press `?` for help.
-
----
-
-## What It Does
-
-### Scan
-
-ChainWall walks your filesystem and matches every file against 178 compiled regex patterns — credentials, private keys, crypto seeds, PII, dangerous commands, supply chain attacks, and cryptojacking. Entropy validation filters out false positives so you only see real secrets. System-level scans target the specific locations where credentials actually live: `~/.aws`, `~/.ssh`, `~/.gnupg`, browser profiles, and more.
-
-<p align="center">
-  <img src=".github/images/scan.png" width="640" alt="ChainWall scan results">
-</p>
-
-### Audit
-
-The auditor detects every AI tool on your machine — 18 tools across three access levels — then cross-references each tool's filesystem reach against your discovered secrets. The result is an exposure map: which tools can read which secrets, ranked by risk. It also inspects MCP server configurations for poisoning attacks (description injection, typosquatting, rug-pull detection), VS Code extensions, CLI tools, environment variables, running cryptocurrency miners, and skill/instruction file threats.
-
-<p align="center">
-  <img src=".github/images/audit.png" width="640" alt="ChainWall audit results">
-</p>
-
-### Protect
-
-Real-time bash hooks intercept dangerous operations before they execute. Pre-commit hooks block secrets from entering your git history. Pre-push hooks catch force-pushes and branch deletions. PreToolUse and PostToolUse hooks run inline with Claude Code to block file reads and shell commands in real-time — under 50ms, every time.
-
-> [!IMPORTANT]
-> The two layers are fully independent. Bash hooks work without Node.js installed. The TypeScript CLI works without hooks being configured. Use either or both.
-
----
-
 ## Detection Patterns
 
-178 patterns across 11 categories, with entropy validation to reduce false positives.
+197 patterns across 12 categories, with entropy validation to reduce false positives.
 
 | Category | Patterns |
 |:---------|:--------:|
@@ -206,11 +219,12 @@ Real-time bash hooks intercept dangerous operations before they execute. Pre-com
 | **Supply Chain** | 16 |
 | **Prompt Injection** | 18 |
 | **Cryptojacking** | 22 |
+| **Exfiltration** | 19 |
 | **Skill File Threats** | 25 |
 | **MCP Poisoning** | 6 modules |
 | **Permissions** | 11 |
 
-> 178 compiled rules + 25 skill-file rules + 10 contextual injection patterns + 3 shell history patterns loaded separately.
+> 197 compiled rules + 25 skill-file rules + 10 contextual injection patterns + 3 shell history patterns loaded separately.
 
 <details>
 <summary><b>Credentials (55)</b></summary>
@@ -373,15 +387,123 @@ Instruction files are deployed to 11 tools via `chainwall init`.
 
 ---
 
+## MCP Server
+
+ChainWall includes an MCP server that AI agents can call directly for real-time security checks — scan files, validate commands, and query protection status without leaving the agent loop.
+
+### Tools
+
+| Tool | Description |
+|:-----|:-----------|
+| `scan_file` | Scan a file for secrets (restricted to cwd) |
+| `scan_content` | Scan arbitrary text for secrets |
+| `check_command` | Check if a shell command is dangerous |
+| `audit_status` | Get current protection status |
+| `monitor_snapshot` | Runtime behavioral scan (processes, network, persistence) |
+| `capture_baseline` | Capture system baseline for future diffing |
+
+### Setup
+
+#### Automatic
+
+```bash
+chainwall init
+```
+
+This registers the MCP server in Claude Desktop and Cursor automatically.
+
+#### Manual
+
+Add the `chainwall` server to your MCP client config:
+
+<table>
+<tr>
+<td width="60">
+
+<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/apple/apple-original.svg" width="36" alt="macOS">
+
+</td>
+<td>
+
+**Claude Desktop** — `~/Library/Application Support/Claude/claude_desktop_config.json`
+
+</td>
+</tr>
+<tr>
+<td>
+
+<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/linux/linux-original.svg" width="36" alt="Linux">
+
+</td>
+<td>
+
+**Claude Desktop** — `~/.config/Claude/claude_desktop_config.json`
+
+</td>
+</tr>
+</table>
+
+```jsonc
+{
+  "mcpServers": {
+    "chainwall": {
+      "command": "chainwall-mcp"
+    }
+  }
+}
+```
+
+<table>
+<tr>
+<td width="60">
+
+<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/vscode/vscode-original.svg" width="36" alt="Cursor">
+
+</td>
+<td>
+
+**Cursor** — `~/.cursor/mcp.json`
+
+</td>
+</tr>
+</table>
+
+```jsonc
+{
+  "mcpServers": {
+    "chainwall": {
+      "command": "chainwall-mcp"
+    }
+  }
+}
+```
+
+For **Windsurf** or other MCP clients, use the same JSON — the only requirement is that `chainwall-mcp` is on your PATH (installed via `npm install -g chainwall`).
+
+### Direct usage
+
+```bash
+chainwall mcp
+```
+
+Starts the MCP server on stdio for testing or debugging. Useful for verifying tool responses before wiring it into your AI client.
+
+> [!TIP]
+> The MCP **server** (above) lets agents call ChainWall for security checks. The MCP **detector** (part of `chainwall audit`) finds MCP servers already on your system and analyzes them for poisoning attacks — description injection, typosquatting, excessive permissions, and rug-pull detection. They're separate features.
+
+---
+
 ## Architecture
 
 ```mermaid
 graph TD
     CW["<b>CHAINWALL</b>"] --> BH["<b>Bash Hooks</b><br><i>real-time, &lt;50ms</i><br>PreToolUse · PostToolUse<br>pre-commit · pre-push"]
-    CW --> CLI["<b>TypeScript CLI</b><br><i>scan / audit / TUI</i><br>178 patterns · 18 tools<br>exposure map · SARIF"]
-    CW --> MCP["<b>MCP Server</b><br><i>agent-callable</i><br>scan_file · scan_content<br>check_command · audit_status"]
+    CW --> CLI["<b>TypeScript CLI</b><br><i>scan / audit / TUI</i><br>197 patterns · 18 tools<br>exposure map · SARIF"]
+    CW --> MON["<b>Runtime Monitor</b><br><i>behavioral analysis</i><br>process · network · browser<br>shadow AI · clipboard · persistence"]
+    CW --> MCP["<b>MCP Server</b><br><i>agent-callable</i><br>scan_file · scan_content<br>check_command · audit_status<br>monitor_snapshot · capture_baseline"]
     BH --> XR["<b>Cross-Reference</b><br><b>Exposure Map</b><br><i>secrets × tool access<br>= what's actually at risk</i>"]
     CLI --> XR
+    MON --> XR
     MCP --> XR
 ```
 
@@ -391,17 +513,18 @@ graph TD
 
 ```
 hooks/              Bash hooks (PreToolUse/PostToolUse, git pre-commit/pre-push)
-patterns/           YAML pattern databases (7 files)
+patterns/           YAML pattern databases (8 files)
 rules/              Instruction files for 11 AI tools
 src/
-  commands/         scan, audit, init, watch, allow handlers
-  rules/            178 patterns as pre-compiled RegExp
+  commands/         scan, audit, init, watch, monitor, allow handlers
+  rules/            197 patterns as pre-compiled RegExp
   scanner/          Async filesystem walker + rule engine
   auditor/          18-tool detector + MCP/CLI/VS Code scanner + MCP poison detector + miner detector
   reporter/         Terminal, JSON, SARIF, audit reports
+  monitor/          6 runtime scanners + correlation + baseline
   tui/              Interactive TUI (Ink + React)
-  mcp-server/       4-tool MCP server (stdio transport)
-test/               Vitest tests (25 files)
+  mcp-server/       6-tool MCP server (stdio transport)
+test/               Vitest tests (35 files)
 tests/              Bash test suite (11 suites)
 install.sh          Universal installer
 ```
@@ -418,11 +541,12 @@ install.sh          Universal installer
 
 | Command | Description |
 |:--------|:-----------|
-| `chainwall` | Launch interactive TUI |
+| `chainwall` | Launch interactive dashboard |
 | `chainwall scan [dir]` | Scan for secrets, keys, and PII |
 | `chainwall scan --system` | System credential locations only |
 | `chainwall audit [dir]` | Map AI tool access + cross-reference exposure |
 | `chainwall watch [dir]` | Real-time file monitoring |
+| `chainwall monitor [dir]` | Runtime behavioral analysis |
 | `chainwall init [dir]` | Install hooks for detected AI tools |
 | `chainwall enable` / `disable` | Toggle real-time protection |
 | `chainwall status` | Show protection status |
@@ -446,6 +570,8 @@ install.sh          Universal installer
 | `--grouped` | scan | Group findings by category |
 | `--remediate` | audit | Interactive remediation prompts |
 | `--deep` | audit | Full recursive home directory walk |
+| `--baseline` | monitor | Compare against saved baseline |
+| `--json` | monitor | Output as JSON |
 
 </details>
 
@@ -486,33 +612,14 @@ Launch with `chainwall` (no arguments) for a full-screen keyboard-driven dashboa
 
 | Panel | What it shows |
 |:------|:-------------|
-| **Overview** | Protection status, recent activity, system summary |
-| **Scan** | Mode selection, grouped results, severity/category filtering, search |
-| **Audit** | 9-section accordion (summary, tools, exposure, MCP, CLIs, VS Code, env, MCP poisoning, cryptojacking), remediation |
+| **Overview** | Protection status, detected tools, risk score, system summary |
+| **Scan** | Mode selection with duration estimates, grouped results, severity/category filtering, search, allowlisting |
+| **Audit** | 9-section accordion (tools, exposure map, MCP, CLIs, VS Code, env, MCP poisoning, cryptojacking), remediation actions |
+| **Monitor** | Runtime behavioral analysis — 6-scanner accordion with detail views, remediation, severity filtering |
 | **Settings** | Allowlist/blocklist/skipDirs, toggle protection, global/project scope |
 | **Logs** | Audit trail with severity filtering and real-time reload |
 
-Keyboard: `1`-`5` switch panels · `p` toggle protection · `?` help · `q` quit
-
-</details>
-
-<details>
-<summary><b>MCP Server</b></summary>
-<br>
-
-ChainWall includes an MCP server that AI agents can call directly for security checks.
-
-| Tool | Description |
-|:-----|:-----------|
-| `scan_file` | Scan a file for secrets (restricted to cwd) |
-| `scan_content` | Scan arbitrary text for secrets |
-| `check_command` | Check if a shell command is dangerous |
-| `audit_status` | Get current protection status |
-
-Start with `chainwall mcp` or configure in Claude Desktop / Cursor settings via `chainwall init`.
-
-> [!TIP]
-> The MCP **server** (above) lets agents call ChainWall for security checks. The MCP **detector** (part of `chainwall audit`) finds MCP servers already on your system and analyzes them for risky capabilities like filesystem access, exec, and network calls. They're separate features.
+Keyboard: `1`-`6` switch panels · `p` toggle protection · `?` help · `q` quit
 
 </details>
 
@@ -529,6 +636,7 @@ Start with `chainwall mcp` or configure in Claude Desktop / Cursor settings via
 | MCP poisoning detection | :white_check_mark: | :x: | :x: | :x: |
 | Skill file threat scanning | :white_check_mark: | :x: | :x: | :x: |
 | Cryptojacking detection | :white_check_mark: | :x: | :x: | :x: |
+| Runtime behavioral monitoring | :white_check_mark: | :x: | :x: | :x: |
 | Instruction file deployment | 11 tools | :x: | :x: | :x: |
 | Entropy validation | :white_check_mark: | :x: | :white_check_mark: | :white_check_mark: |
 | PII detection | :white_check_mark: | :x: | :x: | :x: |
@@ -548,10 +656,10 @@ Start with `chainwall mcp` or configure in Claude Desktop / Cursor settings via
 
 ```bash
 ./tests/run-all.sh    # 223 bash hook tests (11 suites)
-npm test              # 520 vitest tests (25 test files)
+npm test              # 753 vitest tests (35 test files)
 ```
 
-**743 tests total**, all passing.
+**976 tests total**, all passing.
 
 </details>
 

package/dist/auditor/miner-detector.d.ts

@@ -1,3 +1,4 @@
+import type { ProcessInfo } from '../monitor/types.js';
 export interface RunningMiner {
     pid: number;
     name: string;
@@ -12,6 +13,21 @@ export interface MinerDetectionResult {
     runningMiners: RunningMiner[];
     suspiciousCrontabs: SuspiciousCrontab[];
 }
+export declare const KNOWN_MINER_NAMES: string[];
+export declare const MINER_PATTERN: RegExp;
+export declare const CURL_BASH_PATTERN: RegExp;
+export declare const STRATUM_PATTERN: RegExp;
+export declare const POOL_PATTERN: RegExp;
+/**
+ * Parse `ps -eo pid,ppid,user,%cpu,%mem,lstart,command` output into structured ProcessInfo[].
+ * Shared by miner-detector and monitor/process-scanner.
+ */
+export declare function parseProcessList(output: string): ProcessInfo[];
+/**
+ * Parse crontab -l output into non-comment, non-empty lines.
+ * Shared by miner-detector and monitor/persistence-scanner.
+ */
+export declare function parseCrontabOutput(output: string): string[];
 /**
  * Detect running cryptocurrency mining processes and suspicious crontab entries.
  * Uses execFileSync (no shell injection risk) for both ps and crontab.

package/dist/auditor/miner-detector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"miner-detector.d.ts","sourceRoot":"","sources":["../../src/auditor/miner-detector.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;CACzC;AAgBD;;;GAGG;AACH,wBAAgB,YAAY,IAAI,oBAAoB,CAInD"}
+{"version":3,"file":"miner-detector.d.ts","sourceRoot":"","sources":["../../src/auditor/miner-detector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;CACzC;AAED,eAAO,MAAM,iBAAiB,UAI7B,CAAC;AAEF,eAAO,MAAM,aAAa,QAEzB,CAAC;AAEF,eAAO,MAAM,iBAAiB,QAAmC,CAAC;AAClE,eAAO,MAAM,eAAe,QAA+B,CAAC;AAC5D,eAAO,MAAM,YAAY,QAAkD,CAAC;AAE5E;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,EAAE,CAoC9D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAI3D;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,oBAAoB,CAInD"}

package/dist/auditor/miner-detector.js

@@ -1,13 +1,60 @@
 import { execFileSync } from 'node:child_process';
-const KNOWN_MINER_NAMES = [
+export const KNOWN_MINER_NAMES = [
     'xmrig', 'ethminer', 'cgminer', 'bfgminer', 'phoenixminer',
     'cpuminer', 'minerd', 'claymore', 't-rex', 'lolminer',
     'nbminer', 'gminer', 'ccminer', 'kryptex', 'nicehash',
 ];
-const MINER_PATTERN = new RegExp(`\\b(?:${KNOWN_MINER_NAMES.join('|')})\\b`, 'i');
-const CURL_BASH_PATTERN = /curl\s+.*\|\s*(?:bash|sh|zsh)/i;
-const STRATUM_PATTERN = /stratum\+(?:tcp|ssl):\/\//i;
-const POOL_PATTERN = /(?:pool|mining|miner)\S*\.(?:com|org|io|net)/i;
+export const MINER_PATTERN = new RegExp(`\\b(?:${KNOWN_MINER_NAMES.join('|')})\\b`, 'i');
+export const CURL_BASH_PATTERN = /curl\s+.*\|\s*(?:bash|sh|zsh)/i;
+export const STRATUM_PATTERN = /stratum\+(?:tcp|ssl):\/\//i;
+export const POOL_PATTERN = /(?:pool|mining|miner)\S*\.(?:com|org|io|net)/i;
+/**
+ * Parse `ps -eo pid,ppid,user,%cpu,%mem,lstart,command` output into structured ProcessInfo[].
+ * Shared by miner-detector and monitor/process-scanner.
+ */
+export function parseProcessList(output) {
+    const results = [];
+    const lines = output.split('\n');
+    for (let i = 1; i < lines.length; i++) {
+        const line = lines[i].trim();
+        if (!line)
+            continue;
+        // ps -eo pid,ppid,user,%cpu,%mem,lstart,command
+        // lstart is multi-word: "Mon Feb 10 14:30:00 2025" (5 tokens)
+        const parts = line.split(/\s+/);
+        if (parts.length < 11)
+            continue;
+        const pid = parseInt(parts[0], 10);
+        const ppid = parseInt(parts[1], 10);
+        const user = parts[2];
+        const cpu = parseFloat(parts[3]);
+        const mem = parseFloat(parts[4]);
+        // lstart occupies fields 5-9 (5 tokens: day-of-week month day time year)
+        const startTime = parts.slice(5, 10).join(' ');
+        const command = parts.slice(10).join(' ');
+        const name = parts[10].split('/').pop() ?? parts[10];
+        results.push({
+            pid: isNaN(pid) ? 0 : pid,
+            ppid: isNaN(ppid) ? 0 : ppid,
+            user,
+            cpu: isNaN(cpu) ? 0 : cpu,
+            mem: isNaN(mem) ? 0 : mem,
+            startTime,
+            command,
+            name,
+        });
+    }
+    return results;
+}
+/**
+ * Parse crontab -l output into non-comment, non-empty lines.
+ * Shared by miner-detector and monitor/persistence-scanner.
+ */
+export function parseCrontabOutput(output) {
+    return output.split('\n')
+        .map((l) => l.trim())
+        .filter((l) => l && !l.startsWith('#'));
+}
 /**
  * Detect running cryptocurrency mining processes and suspicious crontab entries.
  * Uses execFileSync (no shell injection risk) for both ps and crontab.
@@ -67,11 +114,8 @@ function detectSuspiciousCrontabs() {
             encoding: 'utf-8',
             stdio: ['pipe', 'pipe', 'pipe'],
         });
-        const lines = output.split('\n');
-        for (const line of lines) {
-            const trimmed = line.trim();
-            if (!trimmed || trimmed.startsWith('#'))
-                continue;
+        const crontabLines = parseCrontabOutput(output);
+        for (const trimmed of crontabLines) {
             if (MINER_PATTERN.test(trimmed)) {
                 suspicious.push({
                     line: trimmed.length > 120 ? trimmed.slice(0, 120) + '...' : trimmed,

package/dist/auditor/miner-detector.js.map

@@ -1 +1 @@
-{"version":3,"file":"miner-detector.js","sourceRoot":"","sources":["../../src/auditor/miner-detector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAmBlD,MAAM,iBAAiB,GAAG;IACxB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc;IAC1D,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU;IACrD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU;CACtD,CAAC;AAEF,MAAM,aAAa,GAAG,IAAI,MAAM,CAC9B,SAAS,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAChD,CAAC;AAEF,MAAM,iBAAiB,GAAG,gCAAgC,CAAC;AAC3D,MAAM,eAAe,GAAG,4BAA4B,CAAC;AACrD,MAAM,YAAY,GAAG,+CAA+C,CAAC;AAErE;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAC5C,MAAM,kBAAkB,GAAG,wBAAwB,EAAE,CAAC;IACtD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAmB,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE;YACzC,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjC,mBAAmB;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,iDAAiD;YACjD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEvE,8EAA8E;YAC9E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS;YAEhC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnC,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE1C,4CAA4C;YAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC;YAExD,uBAAuB;YACvB,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1E,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG;gBACH,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;gBACvE,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;IACtD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,wBAAwB;IAC/B,MAAM,UAAU,GAAwB,EAAE,CAAC;IAE3C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE;YAC7C,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAElD,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;oBACpE,MAAM,EAAE,gCAAgC;iBACzC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;oBACpE,MAAM,EAAE,sCAAsC;iBAC/C,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;oBACpE,MAAM,EAAE,4CAA4C;iBACrD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;IACnE,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}
+{"version":3,"file":"miner-detector.js","sourceRoot":"","sources":["../../src/auditor/miner-detector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAoBlD,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc;IAC1D,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU;IACrD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU;CACtD,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,MAAM,CACrC,SAAS,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAChD,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,gCAAgC,CAAC;AAClE,MAAM,CAAC,MAAM,eAAe,GAAG,4BAA4B,CAAC;AAC5D,MAAM,CAAC,MAAM,YAAY,GAAG,+CAA+C,CAAC;AAE5E;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,gDAAgD;QAChD,8DAA8D;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;YAAE,SAAS;QAEhC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,yEAAyE;QACzE,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC;QAErD,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;YACzB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;YAC5B,IAAI;YACJ,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;YACzB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;YACzB,SAAS;YACT,OAAO;YACP,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAC5C,MAAM,kBAAkB,GAAG,wBAAwB,EAAE,CAAC;IACtD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,mBAAmB;IAC1B,MAAM,MAAM,GAAmB,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE;YACzC,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjC,mBAAmB;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,iDAAiD;YACjD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEvE,8EAA8E;YAC9E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS;YAEhC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnC,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE1C,4CAA4C;YAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC;YAExD,uBAAuB;YACvB,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1E,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG;gBACH,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;gBACvE,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;IACtD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,wBAAwB;IAC/B,MAAM,UAAU,GAAwB,EAAE,CAAC;IAE3C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE;YAC7C,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;oBACpE,MAAM,EAAE,gCAAgC;iBACzC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;oBACpE,MAAM,EAAE,sCAAsC;iBAC/C,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;oBACpE,MAAM,EAAE,4CAA4C;iBACrD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;IACnE,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}