circle-ir-ai 1.1.0

package/dist/agents/mastra/workflow.js

@@ -0,0 +1,460 @@
+/**
+ * Mastra Security Analysis Workflow
+ *
+ * Orchestrates the security analysis pipeline.
+ * Pipeline: Pattern Match → Enrich → Merge → Verify → Report
+ *
+ * This module provides convenience functions for running the complete
+ * analysis pipeline using the core analysis logic.
+ */
+// Re-export the Mastra step definitions
+export { patternMatchStep, enrichStep, mergeStep, verifyStep, reportStep, } from './steps.js';
+// ============================================================================
+// Core Pipeline Functions (non-Mastra)
+// ============================================================================
+/**
+ * Run pattern matching step
+ */
+async function runPatternMatch(filePath, sourceCode, language) {
+    const { analyze, initAnalyzer, isAnalyzerInitialized } = await import('circle-ir');
+    if (!isAnalyzerInitialized()) {
+        await initAnalyzer();
+    }
+    const result = await analyze(sourceCode, filePath, language);
+    return {
+        patternSources: result.taint.sources,
+        patternSinks: result.taint.sinks,
+        types: result.types,
+        imports: result.imports.map((i) => i.from_package || i.imported_name),
+    };
+}
+/**
+ * Run LLM enrichment step with language-aware prompts
+ * Runs all 3 LLM calls in parallel for better performance
+ */
+async function runEnrich(filePath, sourceCode, types, imports, patternSources, patternSinks, enableEnrichment, language = 'java') {
+    if (!enableEnrichment) {
+        return {
+            enrichmentResult: null,
+            processingTimeMs: 0,
+        };
+    }
+    const startTime = Date.now();
+    const { getAxLLMClient } = await import('../../llm/ax-client.js');
+    const client = getAxLLMClient();
+    const moduleName = types[0]?.name || 'Unknown';
+    const functionNames = types[0]?.methods?.map((m) => m.name).join(', ') || '';
+    const attributes = types[0]?.annotations?.join(', ') || '';
+    const functionName = functionNames.split(',')[0]?.trim() || 'main';
+    // Map language to LLM language type
+    const llmLanguage = (language === 'rust' || language === 'java') ? language : 'java';
+    // Run all 3 LLM calls in parallel for better performance
+    // This reduces latency from 3 sequential calls to 1 parallel batch
+    const [roleResult, additionalSources, additionalSinks] = await Promise.all([
+        // Role classification
+        client.classifyRoleForLanguage(llmLanguage, {
+            moduleName,
+            functionNames,
+            attributes,
+            uses: imports.join('\n'),
+        }),
+        // Source discovery
+        client.discoverSourcesForLanguage(llmLanguage, {
+            code: sourceCode,
+            functionName,
+            moduleRole: 'unknown', // Role not available yet in parallel mode
+            existingSources: patternSources.map((s) => `${s.type}:${s.line}`).join(', '),
+        }),
+        // Sink discovery
+        client.discoverSinksForLanguage(llmLanguage, {
+            code: sourceCode,
+            functionName,
+            methodCalls: '',
+            existingSinks: patternSinks.map((s) => `${s.type}:${s.line}`).join(', '),
+        }),
+    ]);
+    return {
+        enrichmentResult: {
+            role: {
+                role: roleResult.role,
+                confidence: roleResult.confidence,
+                reasoning: roleResult.reasoning,
+            },
+            additionalSources,
+            additionalSinks,
+        },
+        processingTimeMs: Date.now() - startTime,
+    };
+}
+/**
+ * Run merge step
+ */
+function runMerge(patternSources, patternSinks, enrichmentResult, confidenceThreshold) {
+    const sourcesByLine = new Map();
+    const sinksByLine = new Map();
+    for (const source of patternSources) {
+        sourcesByLine.set(source.line, { ...source });
+    }
+    if (enrichmentResult) {
+        for (const llmSource of enrichmentResult.additionalSources) {
+            const existing = sourcesByLine.get(llmSource.line);
+            if (existing) {
+                sourcesByLine.set(llmSource.line, {
+                    ...existing,
+                    confidence: Math.min(1.0, (existing.confidence || 0.8) + 0.2),
+                });
+            }
+            else if (llmSource.confidence >= confidenceThreshold) {
+                sourcesByLine.set(llmSource.line, {
+                    line: llmSource.line,
+                    type: llmSource.type,
+                    location: `LLM-discovered at line ${llmSource.line}`,
+                    severity: 'medium',
+                    confidence: llmSource.confidence,
+                    variable: llmSource.variable,
+                    method: llmSource.method,
+                });
+            }
+        }
+    }
+    for (const sink of patternSinks) {
+        sinksByLine.set(sink.line, { ...sink });
+    }
+    if (enrichmentResult) {
+        for (const llmSink of enrichmentResult.additionalSinks) {
+            const existing = sinksByLine.get(llmSink.line);
+            if (existing) {
+                sinksByLine.set(llmSink.line, {
+                    ...existing,
+                    confidence: Math.min(1.0, (existing.confidence || 0.8) + 0.2),
+                });
+            }
+            else if (llmSink.confidence >= confidenceThreshold) {
+                sinksByLine.set(llmSink.line, {
+                    line: llmSink.line,
+                    type: llmSink.type,
+                    cwe: llmSink.cwe,
+                    location: `LLM-discovered at line ${llmSink.line}`,
+                    confidence: llmSink.confidence,
+                    method: llmSink.method,
+                    argPositions: llmSink.argPositions,
+                });
+            }
+        }
+    }
+    return {
+        mergedSources: Array.from(sourcesByLine.values()),
+        mergedSinks: Array.from(sinksByLine.values()),
+    };
+}
+/**
+ * Prioritize sources for verification
+ * Ensures critical sources are checked first when sampling
+ */
+function prioritizeSources(sources) {
+    return sources.slice().sort((a, b) => {
+        // 1. High confidence first
+        const confA = a.confidence || 0.5;
+        const confB = b.confidence || 0.5;
+        if (confA > confB)
+            return -1;
+        if (confA < confB)
+            return 1;
+        // 2. HTTP/user input sources prioritized (most common attack vector)
+        const aIsHTTP = a.type.toLowerCase().includes('http') || a.type.toLowerCase().includes('param') || a.type.toLowerCase().includes('request');
+        const bIsHTTP = b.type.toLowerCase().includes('http') || b.type.toLowerCase().includes('param') || b.type.toLowerCase().includes('request');
+        if (aIsHTTP && !bIsHTTP)
+            return -1;
+        if (!aIsHTTP && bIsHTTP)
+            return 1;
+        // 3. Fall back to line number for determinism
+        return a.line - b.line;
+    });
+}
+/**
+ * Prioritize sinks for verification
+ * Ensures critical sinks are checked first when sampling
+ */
+function prioritizeSinks(sinks) {
+    // Critical sink types (OWASP Top 10 vulnerabilities)
+    const criticalTypes = [
+        'sql', 'sqli', 'injection', // SQL Injection (CWE-89)
+        'xss', 'cross_site', // XSS (CWE-79)
+        'command', 'exec', 'shell', // Command Injection (CWE-78)
+        'path_traversal', 'path', // Path Traversal (CWE-22)
+        'deserialization', 'deserialize', // Insecure Deserialization (CWE-502)
+        'xxe', 'xml', // XXE (CWE-611)
+        'ssrf', 'request_forgery', // SSRF (CWE-918)
+        'code_injection', 'eval', // Code Injection (CWE-94)
+    ];
+    return sinks.slice().sort((a, b) => {
+        // 1. Critical vulnerability types first
+        const aTypeLower = a.type.toLowerCase();
+        const bTypeLower = b.type.toLowerCase();
+        const aIsCritical = criticalTypes.some(ct => aTypeLower.includes(ct));
+        const bIsCritical = criticalTypes.some(ct => bTypeLower.includes(ct));
+        if (aIsCritical && !bIsCritical)
+            return -1;
+        if (!aIsCritical && bIsCritical)
+            return 1;
+        // 2. High confidence
+        const confA = a.confidence || 0.5;
+        const confB = b.confidence || 0.5;
+        if (confA > confB)
+            return -1;
+        if (confA < confB)
+            return 1;
+        // 3. Fall back to line number for determinism
+        return a.line - b.line;
+    });
+}
+/**
+ * Run verification step - uses BATCH verification (1 LLM call instead of N×M)
+ *
+ * Supports multiple verification strategies:
+ * - 'complete': Verify all source-sink pairs (thorough but expensive)
+ * - 'sampled': Verify up to sqrt(maxTargets) sources/sinks (fast but may miss vulnerabilities)
+ * - 'prioritized': Smart sampling with priority-based selection (balanced)
+ */
+async function runVerify(filePath, sourceCode, mergedSources, mergedSinks, types, enableVerification, maxTargets, strategy = 'prioritized') {
+    if (!enableVerification || mergedSources.length === 0 || mergedSinks.length === 0) {
+        return {
+            verificationResults: [],
+            truePositives: 0,
+            falsePositives: 0,
+            uncertain: 0,
+            processingTimeMs: 0,
+        };
+    }
+    const startTime = Date.now();
+    const { verifyTaintPathsBatch } = await import('../../llm/verification.js');
+    const className = types[0]?.name || 'Unknown';
+    // Select sources and sinks based on strategy
+    let limitedSources;
+    let limitedSinks;
+    switch (strategy) {
+        case 'complete':
+            // Verify ALL source-sink pairs (no sampling)
+            limitedSources = mergedSources;
+            limitedSinks = mergedSinks;
+            console.log(`✓ Verification strategy: complete (checking all ${mergedSources.length} sources × ${mergedSinks.length} sinks = ${mergedSources.length * mergedSinks.length} pairs)`);
+            break;
+        case 'prioritized':
+            // Smart sampling: prioritize critical vulnerabilities, then sample
+            const maxPerSide = Math.ceil(Math.sqrt(maxTargets));
+            const prioritizedSources = prioritizeSources(mergedSources);
+            const prioritizedSinks = prioritizeSinks(mergedSinks);
+            limitedSources = prioritizedSources.slice(0, maxPerSide);
+            limitedSinks = prioritizedSinks.slice(0, maxPerSide);
+            if (mergedSources.length > maxPerSide || mergedSinks.length > maxPerSide) {
+                console.warn(`⚠️  Verification sampling active (prioritized): checking ${limitedSources.length} sources × ${limitedSinks.length} sinks = ${limitedSources.length * limitedSinks.length} pairs`);
+                console.warn(`   Found ${mergedSources.length} total sources and ${mergedSinks.length} total sinks`);
+                console.warn(`   Critical vulnerabilities prioritized, but some may not be verified`);
+                console.warn(`   To verify all pairs, use: { verificationStrategy: 'complete' }`);
+            }
+            break;
+        case 'sampled':
+            // Legacy behavior: sample first N without prioritization
+            const maxSampled = Math.ceil(Math.sqrt(maxTargets));
+            limitedSources = mergedSources.slice(0, maxSampled);
+            limitedSinks = mergedSinks.slice(0, maxSampled);
+            if (mergedSources.length > maxSampled || mergedSinks.length > maxSampled) {
+                console.warn(`⚠️  Verification sampling active (random): checking ${limitedSources.length} sources × ${limitedSinks.length} sinks = ${limitedSources.length * limitedSinks.length} pairs`);
+                console.warn(`   Found ${mergedSources.length} total sources and ${mergedSinks.length} total sinks`);
+                console.warn(`   Some vulnerabilities may not be verified (non-deterministic)`);
+                console.warn(`   Recommended: use { verificationStrategy: 'prioritized' } or 'complete'`);
+            }
+            break;
+        default:
+            throw new Error(`Unknown verification strategy: ${strategy}`);
+    }
+    try {
+        // BATCH verification - ONE LLM call for all pairs
+        const batchResult = await verifyTaintPathsBatch({
+            code: sourceCode,
+            className,
+            sources: limitedSources.map(s => ({
+                line: s.line,
+                type: s.type,
+                variable: s.variable,
+            })),
+            sinks: limitedSinks.map(s => ({
+                line: s.line,
+                type: s.type,
+                cwe: s.cwe,
+                method: s.method,
+            })),
+        });
+        // Convert batch results to individual results format for compatibility
+        const results = [];
+        for (const pair of batchResult.pairs) {
+            const source = limitedSources.find(s => s.line === pair.source_line);
+            const sink = limitedSinks.find(s => s.line === pair.sink_line);
+            if (source && sink) {
+                results.push({
+                    sourceId: `src:${pair.source_line}:${source.type}`,
+                    sinkId: `sink:${pair.sink_line}:${sink.type}`,
+                    result: {
+                        verdict: pair.verdict,
+                        confidence: pair.confidence,
+                        reasoning: pair.reasoning,
+                        exploitability: pair.exploitability,
+                    },
+                });
+            }
+        }
+        return {
+            verificationResults: results,
+            truePositives: batchResult.summary.true_positives,
+            falsePositives: batchResult.summary.false_positives,
+            uncertain: batchResult.summary.uncertain,
+            processingTimeMs: batchResult.processingTimeMs,
+        };
+    }
+    catch (error) {
+        console.error('Batch verification failed:', error);
+        return {
+            verificationResults: [],
+            truePositives: 0,
+            falsePositives: 0,
+            uncertain: mergedSources.length * mergedSinks.length,
+            processingTimeMs: Date.now() - startTime,
+        };
+    }
+}
+/**
+ * Run report generation step
+ */
+function runReport(filePath, mergedSources, mergedSinks, verificationResults, patternMatchTimeMs, enrichTimeMs, verifyTimeMs, verificationEnabled = true) {
+    const vulnerabilities = [];
+    if (verificationEnabled && verificationResults.length > 0) {
+        // Use verified results - only TRUE_POSITIVE
+        for (const vr of verificationResults) {
+            if (vr.result.verdict === 'TRUE_POSITIVE') {
+                const sourceParts = vr.sourceId.split(':');
+                const sinkParts = vr.sinkId.split(':');
+                const sourceLine = parseInt(sourceParts[1], 10);
+                const sinkLine = parseInt(sinkParts[1], 10);
+                const source = mergedSources.find((s) => s.line === sourceLine);
+                const sink = mergedSinks.find((s) => s.line === sinkLine);
+                if (source && sink) {
+                    const exploitabilityMap = {
+                        high: 'critical',
+                        medium: 'high',
+                        low: 'medium',
+                        none: 'low',
+                    };
+                    vulnerabilities.push({
+                        id: `vuln:${vr.sourceId}:${vr.sinkId}`,
+                        source,
+                        sink,
+                        severity: exploitabilityMap[vr.result.exploitability] || 'low',
+                        cwe: sink.cwe,
+                        description: `User input from ${source.type} at line ${source.line} flows to dangerous ${sink.type} operation at line ${sink.line}.`,
+                        verification: vr.result,
+                    });
+                }
+            }
+        }
+    }
+    else {
+        // No verification - report all source-sink pairs as potential vulnerabilities
+        for (const source of mergedSources) {
+            for (const sink of mergedSinks) {
+                vulnerabilities.push({
+                    id: `potential:${source.line}:${sink.line}`,
+                    source,
+                    sink,
+                    severity: 'medium', // Default severity without verification
+                    cwe: sink.cwe,
+                    description: `Potential: User input from ${source.type} at line ${source.line} may flow to ${sink.type} at line ${sink.line}.`,
+                    verification: null, // Not verified
+                });
+            }
+        }
+    }
+    const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+    vulnerabilities.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+    return {
+        vulnerabilities,
+        stats: {
+            totalSources: mergedSources.length,
+            totalSinks: mergedSinks.length,
+            verifiedVulnerabilities: verificationResults.filter((v) => v.result?.verdict === 'TRUE_POSITIVE').length,
+            truePositives: verificationResults.filter((v) => v.result?.verdict === 'TRUE_POSITIVE').length,
+            falsePositives: verificationResults.filter((v) => v.result?.verdict === 'FALSE_POSITIVE').length,
+            uncertain: verificationResults.filter((v) => v.result?.verdict === 'UNCERTAIN').length,
+            totalTimeMs: patternMatchTimeMs + enrichTimeMs + verifyTimeMs,
+        },
+    };
+}
+// ============================================================================
+// Pipeline Execution
+// ============================================================================
+/**
+ * Run security analysis on a single file
+ *
+ * This function orchestrates the complete analysis pipeline:
+ * 1. Pattern matching (static analysis)
+ * 2. LLM enrichment (discover additional sources/sinks)
+ * 3. Merge results
+ * 4. LLM verification (confirm exploitability)
+ * 5. Generate report
+ *
+ * NOTE: Verification strategies:
+ * - 'prioritized' (default): Smart sampling with critical vulnerabilities first (sqrt(200) = 15×15 = 225 pairs)
+ * - 'complete': Verify ALL source-sink pairs (thorough but expensive, may be 100s-1000s of LLM calls)
+ * - 'sampled': Legacy random sampling (not recommended, non-deterministic)
+ *
+ * For production security audits, use verificationStrategy: 'complete'
+ * For CI/CD fast scans, use verificationStrategy: 'prioritized' (default)
+ */
+export async function analyzeFile(filePath, sourceCode, options) {
+    const language = options?.language ?? 'java';
+    const enableEnrichment = options?.enableEnrichment ?? true;
+    const enableVerification = options?.enableVerification ?? true;
+    const confidenceThreshold = options?.confidenceThreshold ?? 0.7;
+    const maxVerificationTargets = options?.maxVerificationTargets ?? 200; // Increased from 50 to 200 (Solution 3)
+    const verificationStrategy = options?.verificationStrategy ?? 'prioritized'; // Solution 2: default to smart sampling
+    const patternStartTime = Date.now();
+    const patternResult = await runPatternMatch(filePath, sourceCode, language);
+    const patternMatchTimeMs = Date.now() - patternStartTime;
+    const enrichResult = await runEnrich(filePath, sourceCode, patternResult.types, patternResult.imports, patternResult.patternSources, patternResult.patternSinks, enableEnrichment, language);
+    const mergeResult = runMerge(patternResult.patternSources, patternResult.patternSinks, enrichResult.enrichmentResult, confidenceThreshold);
+    const verifyResult = await runVerify(filePath, sourceCode, mergeResult.mergedSources, mergeResult.mergedSinks, patternResult.types, enableVerification, maxVerificationTargets, verificationStrategy);
+    return runReport(filePath, mergeResult.mergedSources, mergeResult.mergedSinks, verifyResult.verificationResults, patternMatchTimeMs, enrichResult.processingTimeMs, verifyResult.processingTimeMs, enableVerification);
+}
+/**
+ * Stream security analysis with progress updates
+ */
+export async function* analyzeFileStream(filePath, sourceCode, options) {
+    const language = options?.language ?? 'java';
+    const enableEnrichment = options?.enableEnrichment ?? true;
+    const enableVerification = options?.enableVerification ?? true;
+    const maxVerificationTargets = options?.maxVerificationTargets ?? 200;
+    const verificationStrategy = options?.verificationStrategy ?? 'prioritized';
+    yield { step: 'pattern-match', status: 'running' };
+    const patternStartTime = Date.now();
+    const patternResult = await runPatternMatch(filePath, sourceCode, language);
+    const patternMatchTimeMs = Date.now() - patternStartTime;
+    yield { step: 'pattern-match', status: 'completed', data: patternResult };
+    yield { step: 'enrich', status: 'running' };
+    const enrichResult = await runEnrich(filePath, sourceCode, patternResult.types, patternResult.imports, patternResult.patternSources, patternResult.patternSinks, enableEnrichment, language);
+    yield { step: 'enrich', status: 'completed', data: enrichResult };
+    yield { step: 'merge', status: 'running' };
+    const mergeResult = runMerge(patternResult.patternSources, patternResult.patternSinks, enrichResult.enrichmentResult, 0.7);
+    yield { step: 'merge', status: 'completed', data: mergeResult };
+    yield { step: 'verify', status: 'running' };
+    const verifyResult = await runVerify(filePath, sourceCode, mergeResult.mergedSources, mergeResult.mergedSinks, patternResult.types, enableVerification, maxVerificationTargets, verificationStrategy);
+    yield { step: 'verify', status: 'completed', data: verifyResult };
+    yield { step: 'report', status: 'running' };
+    const reportResult = runReport(filePath, mergeResult.mergedSources, mergeResult.mergedSinks, verifyResult.verificationResults, patternMatchTimeMs, enrichResult.processingTimeMs, verifyResult.processingTimeMs, enableVerification);
+    yield { step: 'report', status: 'completed', data: reportResult };
+}
+// Legacy export for compatibility
+export const securityAnalysisWorkflow = {
+    id: 'security-analysis',
+    run: analyzeFile,
+    stream: analyzeFileStream,
+};
+//# sourceMappingURL=workflow.js.map

package/dist/agents/mastra/workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow.js","sourceRoot":"","sources":["../../../src/agents/mastra/workflow.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,wCAAwC;AACxC,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,SAAS,EACT,UAAU,EACV,UAAU,GACX,MAAM,YAAY,CAAC;AAkCpB,+EAA+E;AAC/E,uCAAuC;AACvC,+EAA+E;AAE/E;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,QAAgB,EAChB,UAAkB,EAClB,QAAgB;IAEhB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAEnF,IAAI,CAAC,qBAAqB,EAAE,EAAE,CAAC;QAC7B,MAAM,YAAY,EAAE,CAAC;IACvB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAkF,CAAC,CAAC;IAEvI,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,OAAwB;QACrD,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,KAAoB;QAC/C,KAAK,EAAE,MAAM,CAAC,KAAmB;QACjC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,CAAC;KAC3E,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,SAAS,CACtB,QAAgB,EAChB,UAAkB,EAClB,KAAY,EACZ,OAAiB,EACjB,cAAqB,EACrB,YAAmB,EACnB,gBAAyB,EACzB,WAAmB,MAAM;IAEzB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,gBAAgB,EAAE,CAAC;SACpB,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAEhC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,SAAS,CAAC;IAC/C,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAClF,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC3D,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,MAAM,CAAC;IAEnE,oCAAoC;IACpC,MAAM,WAAW,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;IAErF,yDAAyD;IACzD,mEAAmE;IACnE,MAAM,CAAC,UAAU,EAAE,iBAAiB,EAAE,eAAe,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACzE,sBAAsB;QACtB,MAAM,CAAC,uBAAuB,CAAC,WAAkB,EAAE;YACjD,UAAU;YACV,aAAa;YACb,UAAU;YACV,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;SACzB,CAAC;QAEF,mBAAmB;QACnB,MAAM,CAAC,0BAA0B,CAAC,WAAkB,EAAE;YACpD,IAAI,EAAE,UAAU;YAChB,YAAY;YACZ,UAAU,EAAE,SAAS,EAAE,0CAA0C;YACjE,eAAe,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;SAClF,CAAC;QAEF,iBAAiB;QACjB,MAAM,CAAC,wBAAwB,CAAC,WAAkB,EAAE;YAClD,IAAI,EAAE,UAAU;YAChB,YAAY;YACZ,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;SAC9E,CAAC;KACH,CAAC,CAAC;IAEH,OAAO;QACL,gBAAgB,EAAE;YAChB,IAAI,EAAE;gBACJ,IAAI,EAAE,UAAU,CAAC,IAAI;gBACrB,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,SAAS,EAAE,UAAU,CAAC,SAAS;aAChC;YACD,iBAAiB;YACjB,eAAe;SAChB;QACD,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;KACzC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CACf,cAAqB,EACrB,YAAmB,EACnB,gBAA4B,EAC5B,mBAA2B;IAE3B,MAAM,aAAa,GAAG,IAAI,GAAG,EAAe,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAe,CAAC;IAE3C,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,SAAS,IAAI,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE;oBAChC,GAAG,QAAQ;oBACX,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC;iBAC9D,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,SAAS,CAAC,UAAU,IAAI,mBAAmB,EAAE,CAAC;gBACvD,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE;oBAChC,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,QAAQ,EAAE,0BAA0B,SAAS,CAAC,IAAI,EAAE;oBACpD,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,SAAS,CAAC,UAAU;oBAChC,QAAQ,EAAE,SAAS,CAAC,QAAQ;oBAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,OAAO,IAAI,gBAAgB,CAAC,eAAe,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,QAAQ,EAAE,CAAC;gBACb,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBAC5B,GAAG,QAAQ;oBACX,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC;iBAC9D,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,IAAI,mBAAmB,EAAE,CAAC;gBACrD,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,0BAA0B,OAAO,CAAC,IAAI,EAAE;oBAClD,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,aAAa,EAAE,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QACjD,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAc;IACvC,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnC,2BAA2B;QAC3B,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC;QAClC,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,CAAC,CAAC,CAAC;QAC7B,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,CAAC,CAAC;QAE5B,qEAAqE;QACrE,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC5I,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC5I,IAAI,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,IAAI,OAAO;YAAE,OAAO,CAAC,CAAC;QAElC,8CAA8C;QAC9C,OAAO,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAY;IACnC,qDAAqD;IACrD,MAAM,aAAa,GAAG;QACpB,KAAK,EAAE,MAAM,EAAE,WAAW,EAAY,yBAAyB;QAC/D,KAAK,EAAE,YAAY,EAAmB,eAAe;QACrD,SAAS,EAAE,MAAM,EAAE,OAAO,EAAY,6BAA6B;QACnE,gBAAgB,EAAE,MAAM,EAAc,0BAA0B;QAChE,iBAAiB,EAAE,aAAa,EAAM,qCAAqC;QAC3E,KAAK,EAAE,KAAK,EAA0B,gBAAgB;QACtD,MAAM,EAAE,iBAAiB,EAAa,iBAAiB;QACvD,gBAAgB,EAAE,MAAM,EAAc,0BAA0B;KACjE,CAAC;IAEF,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,wCAAwC;QACxC,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QACtE,IAAI,WAAW,IAAI,CAAC,WAAW;YAAE,OAAO,CAAC,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,IAAI,WAAW;YAAE,OAAO,CAAC,CAAC;QAE1C,qBAAqB;QACrB,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC;QAClC,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,CAAC,CAAC,CAAC;QAC7B,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,CAAC,CAAC;QAE5B,8CAA8C;QAC9C,OAAO,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,SAAS,CACtB,QAAgB,EAChB,UAAkB,EAClB,aAAoB,EACpB,WAAkB,EAClB,KAAY,EACZ,kBAA2B,EAC3B,UAAkB,EAClB,WAAiC,aAAa;IAE9C,IAAI,CAAC,kBAAkB,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,mBAAmB,EAAE,EAAE;YACvB,aAAa,EAAE,CAAC;YAChB,cAAc,EAAE,CAAC;YACjB,SAAS,EAAE,CAAC;YACZ,gBAAgB,EAAE,CAAC;SACpB,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,SAAS,CAAC;IAE9C,6CAA6C;IAC7C,IAAI,cAAqB,CAAC;IAC1B,IAAI,YAAmB,CAAC;IAExB,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,6CAA6C;YAC7C,cAAc,GAAG,aAAa,CAAC;YAC/B,YAAY,GAAG,WAAW,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,mDAAmD,aAAa,CAAC,MAAM,cAAc,WAAW,CAAC,MAAM,YAAY,aAAa,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC;YACnL,MAAM;QAER,KAAK,aAAa;YAChB,mEAAmE;YACnE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YACpD,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;YAC5D,MAAM,gBAAgB,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;YACtD,cAAc,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACzD,YAAY,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YAErD,IAAI,aAAa,CAAC,MAAM,GAAG,UAAU,IAAI,WAAW,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;gBACzE,OAAO,CAAC,IAAI,CAAC,4DAA4D,cAAc,CAAC,MAAM,cAAc,YAAY,CAAC,MAAM,YAAY,cAAc,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAC;gBAChM,OAAO,CAAC,IAAI,CAAC,YAAY,aAAa,CAAC,MAAM,sBAAsB,WAAW,CAAC,MAAM,cAAc,CAAC,CAAC;gBACrG,OAAO,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;gBACtF,OAAO,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACpF,CAAC;YACD,MAAM;QAER,KAAK,SAAS;YACZ,yDAAyD;YACzD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YACpD,cAAc,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACpD,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YAEhD,IAAI,aAAa,CAAC,MAAM,GAAG,UAAU,IAAI,WAAW,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;gBACzE,OAAO,CAAC,IAAI,CAAC,uDAAuD,cAAc,CAAC,MAAM,cAAc,YAAY,CAAC,MAAM,YAAY,cAAc,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAC;gBAC3L,OAAO,CAAC,IAAI,CAAC,YAAY,aAAa,CAAC,MAAM,sBAAsB,WAAW,CAAC,MAAM,cAAc,CAAC,CAAC;gBACrG,OAAO,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;gBAChF,OAAO,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;YAC5F,CAAC;YACD,MAAM;QAER;YACE,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,CAAC;QACH,kDAAkD;QAClD,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC;YAC9C,IAAI,EAAE,UAAU;YAChB,SAAS;YACT,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAChC,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;YACH,KAAK,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,MAAM,EAAE,CAAC,CAAC,MAAM;aACjB,CAAC,CAAC;SACJ,CAAC,CAAC;QAEH,uEAAuE;QACvE,MAAM,OAAO,GAA6D,EAAE,CAAC;QAE7E,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,CAAC,CAAC;YACrE,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC;YAE/D,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,OAAO,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,EAAE;oBAClD,MAAM,EAAE,QAAQ,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE;oBAC7C,MAAM,EAAE;wBACN,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,UAAU,EAAE,IAAI,CAAC,UAAU;wBAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,cAAc,EAAE,IAAI,CAAC,cAAc;qBACpC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,mBAAmB,EAAE,OAAO;YAC5B,aAAa,EAAE,WAAW,CAAC,OAAO,CAAC,cAAc;YACjD,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,eAAe;YACnD,SAAS,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS;YACxC,gBAAgB,EAAE,WAAW,CAAC,gBAAgB;SAC/C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO;YACL,mBAAmB,EAAE,EAAE;YACvB,aAAa,EAAE,CAAC;YAChB,cAAc,EAAE,CAAC;YACjB,SAAS,EAAE,aAAa,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM;YACpD,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACzC,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAChB,QAAgB,EAChB,aAAoB,EACpB,WAAkB,EAClB,mBAA0B,EAC1B,kBAA0B,EAC1B,YAAoB,EACpB,YAAoB,EACpB,sBAA+B,IAAI;IAEnC,MAAM,eAAe,GAAU,EAAE,CAAC;IAElC,IAAI,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,4CAA4C;QAC5C,KAAK,MAAM,EAAE,IAAI,mBAAmB,EAAE,CAAC;YACrC,IAAI,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;gBAC1C,MAAM,WAAW,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3C,MAAM,SAAS,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAChD,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAE5C,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;gBACrE,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;gBAE/D,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;oBACnB,MAAM,iBAAiB,GAA2B;wBAChD,IAAI,EAAE,UAAU;wBAChB,MAAM,EAAE,MAAM;wBACd,GAAG,EAAE,QAAQ;wBACb,IAAI,EAAE,KAAK;qBACZ,CAAC;oBAEF,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,QAAQ,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,MAAM,EAAE;wBACtC,MAAM;wBACN,IAAI;wBACJ,QAAQ,EAAE,iBAAiB,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,KAAK;wBAC9D,GAAG,EAAE,IAAI,CAAC,GAAG;wBACb,WAAW,EAAE,mBAAmB,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,IAAI,uBAAuB,IAAI,CAAC,IAAI,sBAAsB,IAAI,CAAC,IAAI,GAAG;wBACpI,YAAY,EAAE,EAAE,CAAC,MAAM;qBACxB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,8EAA8E;QAC9E,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,aAAa,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;oBAC3C,MAAM;oBACN,IAAI;oBACJ,QAAQ,EAAE,QAAQ,EAAE,wCAAwC;oBAC5D,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,WAAW,EAAE,8BAA8B,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,IAAI,gBAAgB,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,IAAI,GAAG;oBAC9H,YAAY,EAAE,IAAI,EAAE,eAAe;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC1F,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEtF,OAAO;QACL,eAAe;QACf,KAAK,EAAE;YACL,YAAY,EAAE,aAAa,CAAC,MAAM;YAClC,UAAU,EAAE,WAAW,CAAC,MAAM;YAC9B,uBAAuB,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,KAAK,eAAe,CAAC,CAAC,MAAM;YAC7G,aAAa,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,KAAK,eAAe,CAAC,CAAC,MAAM;YACnG,cAAc,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,KAAK,gBAAgB,CAAC,CAAC,MAAM;YACrG,SAAS,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,KAAK,WAAW,CAAC,CAAC,MAAM;YAC3F,WAAW,EAAE,kBAAkB,GAAG,YAAY,GAAG,YAAY;SAC9D;KACF,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAgB,EAChB,UAAkB,EAClB,OAOC;IAED,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC;IAC7C,MAAM,gBAAgB,GAAG,OAAO,EAAE,gBAAgB,IAAI,IAAI,CAAC;IAC3D,MAAM,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,IAAI,IAAI,CAAC;IAC/D,MAAM,mBAAmB,GAAG,OAAO,EAAE,mBAAmB,IAAI,GAAG,CAAC;IAChE,MAAM,sBAAsB,GAAG,OAAO,EAAE,sBAAsB,IAAI,GAAG,CAAC,CAAE,wCAAwC;IAChH,MAAM,oBAAoB,GAAG,OAAO,EAAE,oBAAoB,IAAI,aAAa,CAAC,CAAE,wCAAwC;IAEtH,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC5E,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;IAEzD,MAAM,YAAY,GAAG,MAAM,SAAS,CAClC,QAAQ,EACR,UAAU,EACV,aAAa,CAAC,KAAK,EACnB,aAAa,CAAC,OAAO,EACrB,aAAa,CAAC,cAAc,EAC5B,aAAa,CAAC,YAAY,EAC1B,gBAAgB,EAChB,QAAQ,CACT,CAAC;IAEF,MAAM,WAAW,GAAG,QAAQ,CAC1B,aAAa,CAAC,cAAc,EAC5B,aAAa,CAAC,YAAY,EAC1B,YAAY,CAAC,gBAAgB,EAC7B,mBAAmB,CACpB,CAAC;IAEF,MAAM,YAAY,GAAG,MAAM,SAAS,CAClC,QAAQ,EACR,UAAU,EACV,WAAW,CAAC,aAAa,EACzB,WAAW,CAAC,WAAW,EACvB,aAAa,CAAC,KAAK,EACnB,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,CACrB,CAAC;IAEF,OAAO,SAAS,CACd,QAAQ,EACR,WAAW,CAAC,aAAa,EACzB,WAAW,CAAC,WAAW,EACvB,YAAY,CAAC,mBAAmB,EAChC,kBAAkB,EAClB,YAAY,CAAC,gBAAgB,EAC7B,YAAY,CAAC,gBAAgB,EAC7B,kBAAkB,CACnB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,SAAS,CAAC,CAAC,iBAAiB,CACtC,QAAgB,EAChB,UAAkB,EAClB,OAMC;IAED,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC;IAC7C,MAAM,gBAAgB,GAAG,OAAO,EAAE,gBAAgB,IAAI,IAAI,CAAC;IAC3D,MAAM,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,IAAI,IAAI,CAAC;IAC/D,MAAM,sBAAsB,GAAG,OAAO,EAAE,sBAAsB,IAAI,GAAG,CAAC;IACtE,MAAM,oBAAoB,GAAG,OAAO,EAAE,oBAAoB,IAAI,aAAa,CAAC;IAE5E,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC5E,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;IACzD,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;IAE1E,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,MAAM,SAAS,CAClC,QAAQ,EACR,UAAU,EACV,aAAa,CAAC,KAAK,EACnB,aAAa,CAAC,OAAO,EACrB,aAAa,CAAC,cAAc,EAC5B,aAAa,CAAC,YAAY,EAC1B,gBAAgB,EAChB,QAAQ,CACT,CAAC;IACF,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;IAElE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC3C,MAAM,WAAW,GAAG,QAAQ,CAC1B,aAAa,CAAC,cAAc,EAC5B,aAAa,CAAC,YAAY,EAC1B,YAAY,CAAC,gBAAgB,EAC7B,GAAG,CACJ,CAAC;IACF,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAEhE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,MAAM,SAAS,CAClC,QAAQ,EACR,UAAU,EACV,WAAW,CAAC,aAAa,EACzB,WAAW,CAAC,WAAW,EACvB,aAAa,CAAC,KAAK,EACnB,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,CACrB,CAAC;IACF,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;IAElE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,SAAS,CAC5B,QAAQ,EACR,WAAW,CAAC,aAAa,EACzB,WAAW,CAAC,WAAW,EACvB,YAAY,CAAC,mBAAmB,EAChC,kBAAkB,EAClB,YAAY,CAAC,gBAAgB,EAC7B,YAAY,CAAC,gBAAgB,EAC7B,kBAAkB,CACnB,CAAC;IACF,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;AACpE,CAAC;AAED,kCAAkC;AAClC,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,EAAE,EAAE,mBAAmB;IACvB,GAAG,EAAE,WAAW;IAChB,MAAM,EAAE,iBAAiB;CAC1B,CAAC"}

package/dist/agents/multi/agents/security.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Security Agents
+ *
+ * Specialized agents for detecting security vulnerabilities.
+ * These agents analyze the enriched IR for different vulnerability types.
+ */
+import type { PluggableAgent, SecurityFinding } from '../../types.js';
+export declare const sqlInjectionAgent: PluggableAgent<SecurityFinding>;
+export declare const xssAgent: PluggableAgent<SecurityFinding>;
+export declare const commandInjectionAgent: PluggableAgent<SecurityFinding>;
+export declare const pathTraversalAgent: PluggableAgent<SecurityFinding>;
+export declare const deserializationAgent: PluggableAgent<SecurityFinding>;
+export declare const xxeAgent: PluggableAgent<SecurityFinding>;
+export declare const ldapInjectionAgent: PluggableAgent<SecurityFinding>;
+export declare const xpathInjectionAgent: PluggableAgent<SecurityFinding>;
+export declare const ssrfAgent: PluggableAgent<SecurityFinding>;
+export declare const codeInjectionAgent: PluggableAgent<SecurityFinding>;
+export declare const hardcodedSecretsAgent: PluggableAgent<SecurityFinding>;
+export declare const insecureCryptoAgent: PluggableAgent<SecurityFinding>;
+export declare const endpointSecurityAgent: PluggableAgent<SecurityFinding>;
+/**
+ * All security agents.
+ */
+export declare const securityAgents: PluggableAgent<SecurityFinding>[];
+/**
+ * Register all security agents with the runner.
+ */
+export declare function registerSecurityAgents(): void;
+//# sourceMappingURL=security.d.ts.map

package/dist/agents/multi/agents/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../src/agents/multi/agents/security.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAEV,cAAc,EAGd,eAAe,EAChB,MAAM,gBAAgB,CAAC;AAOxB,eAAO,MAAM,iBAAiB,EAAE,cAAc,CAAC,eAAe,CA+E7D,CAAC;AAMF,eAAO,MAAM,QAAQ,EAAE,cAAc,CAAC,eAAe,CAwEpD,CAAC;AAMF,eAAO,MAAM,qBAAqB,EAAE,cAAc,CAAC,eAAe,CA+CjE,CAAC;AAMF,eAAO,MAAM,kBAAkB,EAAE,cAAc,CAAC,eAAe,CAmE9D,CAAC;AAMF,eAAO,MAAM,oBAAoB,EAAE,cAAc,CAAC,eAAe,CAmEhE,CAAC;AAMF,eAAO,MAAM,QAAQ,EAAE,cAAc,CAAC,eAAe,CAmEpD,CAAC;AAMF,eAAO,MAAM,kBAAkB,EAAE,cAAc,CAAC,eAAe,CA8C9D,CAAC;AAMF,eAAO,MAAM,mBAAmB,EAAE,cAAc,CAAC,eAAe,CA8C/D,CAAC;AAMF,eAAO,MAAM,SAAS,EAAE,cAAc,CAAC,eAAe,CAuErD,CAAC;AAMF,eAAO,MAAM,kBAAkB,EAAE,cAAc,CAAC,eAAe,CAiE9D,CAAC;AAMF,eAAO,MAAM,qBAAqB,EAAE,cAAc,CAAC,eAAe,CAyDjE,CAAC;AAMF,eAAO,MAAM,mBAAmB,EAAE,cAAc,CAAC,eAAe,CAuE/D,CAAC;AAMF,eAAO,MAAM,qBAAqB,EAAE,cAAc,CAAC,eAAe,CA8EjE,CAAC;AAwBF;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,cAAc,CAAC,eAAe,CAAC,EAc3D,CAAC;AAEF;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,IAAI,CAI7C"}