clawsec 0.0.1

package/dist/src/detectors/secrets/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/detectors/secrets/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,eAAe,IAAI,gBAAgB,EACnC,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAIpB,OAAO,KAAK,EAAE,WAAW,EAAY,MAAM,uBAAuB,CAAC;AAGnE,cAAc,YAAY,CAAC;AAG3B,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACxG,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,WAAW,EACX,QAAQ,EACR,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,UAAU,EACV,SAAS,EACT,UAAU,EACV,SAAS,GACV,MAAM,mBAAmB,CAAC;AA2K3B;;GAEG;AACH,qBAAa,mBAAoB,YAAW,gBAAgB;IAC1D,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,WAAW,CAAc;gBAErB,MAAM,EAAE,qBAAqB;IAOnC,MAAM,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA6B/E;;OAEG;IACG,SAAS,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IA2BpF;;OAEG;IACH,SAAS;IAIT;;OAEG;IACH,SAAS,IAAI,OAAO;CAGrB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,WAAW,GAAG,mBAAmB,CAQ5E;AAED;;GAEG;AACH,wBAAgB,4BAA4B,IAAI,mBAAmB,CAMlE;AAGD,eAAe,mBAAmB,CAAC"}

package/dist/src/detectors/secrets/index.js

@@ -0,0 +1,261 @@
+/**
+ * Secrets Detector
+ * Main detector that combines API key, token, credential, and PII detection
+ */
+import { createApiKeyDetector } from './api-key-detector.js';
+import { createTokenDetector } from './token-detector.js';
+import { createPiiDetector } from './pii-detector.js';
+// Re-export types
+export * from './types.js';
+// Re-export sub-detectors
+export { ApiKeyDetector, createApiKeyDetector, matchApiKeys, redactValue } from './api-key-detector.js';
+export { TokenDetector, createTokenDetector, matchTokens, matchJwt, matchBearerToken, matchSessionToken, matchRefreshToken, matchAccessToken, isValidJwtStructure, } from './token-detector.js';
+export { PiiDetector, createPiiDetector, matchPii, matchSsn, matchCreditCard, matchEmail, luhnCheck, isValidSsn, redactPii, } from './pii-detector.js';
+/**
+ * Credential patterns for password/secret detection
+ */
+const CREDENTIAL_PATTERNS = [
+    // password=, passwd=, pwd=
+    {
+        pattern: /\b(?:password|passwd|pwd)\s*[=:]\s*["']?([^\s"']{4,})["']?/gi,
+        type: 'password',
+    },
+    // secret=, api_key=, apikey=
+    {
+        pattern: /\b(?:secret|api_key|apikey|api-key)\s*[=:]\s*["']?([^\s"']{8,})["']?/gi,
+        type: 'secret',
+    },
+    // auth_token=, auth-token=
+    {
+        pattern: /\b(?:auth_token|auth-token|authtoken)\s*[=:]\s*["']?([^\s"']{8,})["']?/gi,
+        type: 'auth_token',
+    },
+    // database connection strings with password
+    {
+        pattern: /(?:mysql|postgres|postgresql|mongodb|redis):\/\/[^:]+:([^@]+)@/gi,
+        type: 'connection_string',
+    },
+];
+/**
+ * No detection result (used when disabled or no match)
+ */
+function noDetection(severity) {
+    return {
+        detected: false,
+        category: 'secrets',
+        severity,
+        confidence: 0,
+        reason: 'No secrets detected',
+    };
+}
+/**
+ * Combine multiple detection results, taking the highest severity/confidence
+ */
+function combineResults(results, severity) {
+    const detections = results.filter((r) => r.detected);
+    if (detections.length === 0) {
+        return noDetection(severity);
+    }
+    // Sort by confidence (highest first)
+    detections.sort((a, b) => b.confidence - a.confidence);
+    // Take the highest confidence result as primary
+    const primary = detections[0];
+    // Build combined reason if multiple detections
+    let reason = primary.reason;
+    if (detections.length > 1) {
+        reason = `${primary.reason} (+${detections.length - 1} more)`;
+    }
+    return {
+        detected: true,
+        category: 'secrets',
+        severity,
+        confidence: primary.confidence,
+        reason,
+        metadata: primary.metadata,
+    };
+}
+/**
+ * Extract text content from tool input/output for scanning
+ */
+function extractTextContent(obj) {
+    const content = new Map();
+    const textFields = [
+        'command', 'script', 'code', 'content', 'body', 'text',
+        'message', 'response', 'output', 'result', 'data',
+        'query', 'sql', 'value', 'payload', 'json',
+        'stdout', 'stderr', 'log', 'logs',
+        'env', 'environment', 'config', 'configuration',
+        'headers', 'header', 'authorization',
+    ];
+    function processValue(key, value) {
+        if (typeof value === 'string' && value.length > 0) {
+            content.set(key, value);
+        }
+        else if (typeof value === 'object' && value !== null) {
+            if (Array.isArray(value)) {
+                value.forEach((item, idx) => {
+                    processValue(`${key}[${idx}]`, item);
+                });
+            }
+            else {
+                Object.entries(value).forEach(([k, v]) => {
+                    processValue(`${key}.${k}`, v);
+                });
+            }
+        }
+    }
+    // Process known text fields first
+    for (const field of textFields) {
+        if (field in obj) {
+            processValue(field, obj[field]);
+        }
+    }
+    // Process all remaining fields
+    for (const [key, value] of Object.entries(obj)) {
+        if (!textFields.includes(key)) {
+            processValue(key, value);
+        }
+    }
+    return content;
+}
+/**
+ * Scan for credential patterns
+ */
+function scanCredentials(text, location, severity) {
+    const results = [];
+    for (const credPattern of CREDENTIAL_PATTERNS) {
+        const regex = new RegExp(credPattern.pattern.source, credPattern.pattern.flags);
+        let match;
+        while ((match = regex.exec(text)) !== null) {
+            const value = match[1] || match[0];
+            // Skip short or placeholder values
+            if (value.length < 4)
+                continue;
+            if (/^[*x]+$/i.test(value))
+                continue; // Skip masked values
+            if (/^<.+>$/.test(value))
+                continue; // Skip placeholders like <password>
+            if (/^{.+}$/.test(value))
+                continue; // Skip template vars like {password}
+            if (/^\$\{.+\}$/.test(value))
+                continue; // Skip env vars like ${PASSWORD}
+            const redactedValue = value.length <= 8
+                ? value.slice(0, 2) + '***'
+                : value.slice(0, 4) + '***' + value.slice(-2);
+            results.push({
+                detected: true,
+                category: 'secrets',
+                severity,
+                confidence: 0.80,
+                reason: `Detected ${credPattern.type} credential`,
+                metadata: {
+                    type: 'credential',
+                    subtype: credPattern.type,
+                    redactedValue,
+                    location,
+                },
+            });
+        }
+    }
+    return results;
+}
+/**
+ * Main secrets detector implementation
+ */
+export class SecretsDetectorImpl {
+    config;
+    apiKeyDetector;
+    tokenDetector;
+    piiDetector;
+    constructor(config) {
+        this.config = config;
+        this.apiKeyDetector = createApiKeyDetector(config.severity);
+        this.tokenDetector = createTokenDetector(config.severity);
+        this.piiDetector = createPiiDetector(config.severity, false); // Don't include email by default
+    }
+    async detect(context) {
+        // Check if detector is enabled
+        if (!this.config.enabled) {
+            return noDetection(this.config.severity);
+        }
+        const allResults = [];
+        // Extract text content from tool input
+        const inputContent = extractTextContent(context.toolInput);
+        for (const [location, text] of inputContent) {
+            allResults.push(...this.apiKeyDetector.scan(text, `input.${location}`));
+            allResults.push(...this.tokenDetector.scan(text, `input.${location}`));
+            allResults.push(...this.piiDetector.scan(text, `input.${location}`));
+            allResults.push(...scanCredentials(text, `input.${location}`, this.config.severity));
+        }
+        // Also scan tool output if provided
+        if (context.toolOutput) {
+            allResults.push(...this.apiKeyDetector.scan(context.toolOutput, 'output'));
+            allResults.push(...this.tokenDetector.scan(context.toolOutput, 'output'));
+            allResults.push(...this.piiDetector.scan(context.toolOutput, 'output'));
+            allResults.push(...scanCredentials(context.toolOutput, 'output', this.config.severity));
+        }
+        // Combine and return results
+        return combineResults(allResults, this.config.severity);
+    }
+    /**
+     * Get all individual detection results (for detailed reporting)
+     */
+    async detectAll(context) {
+        if (!this.config.enabled) {
+            return [];
+        }
+        const allResults = [];
+        // Extract text content from tool input
+        const inputContent = extractTextContent(context.toolInput);
+        for (const [location, text] of inputContent) {
+            allResults.push(...this.apiKeyDetector.scan(text, `input.${location}`));
+            allResults.push(...this.tokenDetector.scan(text, `input.${location}`));
+            allResults.push(...this.piiDetector.scan(text, `input.${location}`));
+            allResults.push(...scanCredentials(text, `input.${location}`, this.config.severity));
+        }
+        // Also scan tool output if provided
+        if (context.toolOutput) {
+            allResults.push(...this.apiKeyDetector.scan(context.toolOutput, 'output'));
+            allResults.push(...this.tokenDetector.scan(context.toolOutput, 'output'));
+            allResults.push(...this.piiDetector.scan(context.toolOutput, 'output'));
+            allResults.push(...scanCredentials(context.toolOutput, 'output', this.config.severity));
+        }
+        return allResults.filter((r) => r.detected);
+    }
+    /**
+     * Get the configured action for detected secrets
+     */
+    getAction() {
+        return this.config.action;
+    }
+    /**
+     * Check if the detector is enabled
+     */
+    isEnabled() {
+        return this.config.enabled;
+    }
+}
+/**
+ * Create a secrets detector from SecretsRule configuration
+ */
+export function createSecretsDetector(rule) {
+    const config = {
+        enabled: rule.enabled,
+        severity: rule.severity,
+        action: rule.action,
+    };
+    return new SecretsDetectorImpl(config);
+}
+/**
+ * Create a secrets detector with default configuration
+ */
+export function createDefaultSecretsDetector() {
+    return new SecretsDetectorImpl({
+        enabled: true,
+        severity: 'critical',
+        action: 'block',
+    });
+}
+// Default export
+export default SecretsDetectorImpl;
+//# sourceMappingURL=index.js.map

package/dist/src/detectors/secrets/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/detectors/secrets/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,OAAO,EAAkB,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EAAiB,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAe,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGnE,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,0BAA0B;AAC1B,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACxG,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,WAAW,EACX,QAAQ,EACR,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,UAAU,EACV,SAAS,EACT,UAAU,EACV,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,2BAA2B;IAC3B;QACE,OAAO,EAAE,8DAA8D;QACvE,IAAI,EAAE,UAAU;KACjB;IACD,6BAA6B;IAC7B;QACE,OAAO,EAAE,wEAAwE;QACjF,IAAI,EAAE,QAAQ;KACf;IACD,2BAA2B;IAC3B;QACE,OAAO,EAAE,0EAA0E;QACnF,IAAI,EAAE,YAAY;KACnB;IACD,4CAA4C;IAC5C;QACE,OAAO,EAAE,kEAAkE;QAC3E,IAAI,EAAE,mBAAmB;KAC1B;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,WAAW,CAAC,QAAkB;IACrC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,SAAS;QACnB,QAAQ;QACR,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,qBAAqB;KAC9B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,OAAiC,EACjC,QAAkB;IAElB,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,qCAAqC;IACrC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAEvD,gDAAgD;IAChD,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAE9B,+CAA+C;IAC/C,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC5B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,MAAM,UAAU,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC;IAChE,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,SAAS;QACnB,QAAQ;QACR,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM;QACN,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,GAA4B;IACtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE1C,MAAM,UAAU,GAAG;QACjB,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM;QACtD,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM;QACjD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM;QAC1C,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM;QACjC,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,eAAe;QAC/C,SAAS,EAAE,QAAQ,EAAE,eAAe;KACrC,CAAC;IAEF,SAAS,YAAY,CAAC,GAAW,EAAE,KAAc;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1B,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACvD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;oBAC1B,YAAY,CAAC,GAAG,GAAG,IAAI,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC;gBACvC,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;oBAClE,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBACjC,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,IAAY,EACZ,QAAgB,EAChB,QAAkB;IAElB,MAAM,OAAO,GAA6B,EAAE,CAAC;IAE7C,KAAK,MAAM,WAAW,IAAI,mBAAmB,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAChF,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YAEnC,mCAAmC;YACnC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAC/B,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,qBAAqB;YAC3D,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,oCAAoC;YACxE,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,qCAAqC;YACzE,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,iCAAiC;YAEzE,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC;gBACrC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBAC3B,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAEhD,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,SAAS;gBACnB,QAAQ;gBACR,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,YAAY,WAAW,CAAC,IAAI,aAAa;gBACjD,QAAQ,EAAE;oBACR,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE,WAAW,CAAC,IAAI;oBACzB,aAAa;oBACb,QAAQ;iBACT;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAAwB;IAC9B,cAAc,CAAiB;IAC/B,aAAa,CAAgB;IAC7B,WAAW,CAAc;IAEjC,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,cAAc,GAAG,oBAAoB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5D,IAAI,CAAC,aAAa,GAAG,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,CAAC,WAAW,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,iCAAiC;IACjG,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgC;QAC3C,+BAA+B;QAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,UAAU,GAA6B,EAAE,CAAC;QAEhD,uCAAuC;QACvC,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3D,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,YAAY,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC,CAAC;YACxE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC,CAAC;YACvE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC,CAAC;YACrE,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3E,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC1E,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YACxE,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1F,CAAC;QAED,6BAA6B;QAC7B,OAAO,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,OAAgC;QAC9C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAA6B,EAAE,CAAC;QAEhD,uCAAuC;QACvC,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3D,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,YAAY,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC,CAAC;YACxE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC,CAAC;YACvE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC,CAAC;YACrE,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,SAAS,QAAQ,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3E,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC1E,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YACxE,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1F,CAAC;QAED,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAiB;IACrD,MAAM,MAAM,GAA0B;QACpC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;IAEF,OAAO,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B;IAC1C,OAAO,IAAI,mBAAmB,CAAC;QAC7B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAC;AACL,CAAC;AAED,iBAAiB;AACjB,eAAe,mBAAmB,CAAC"}

package/dist/src/detectors/secrets/pii-detector.d.ts

@@ -0,0 +1,54 @@
+/**
+ * PII Detector
+ * Detects Personally Identifiable Information including SSNs and credit cards
+ */
+import type { SecretsDetectionResult, SecretSubDetector, PiiMatch, PiiType } from './types.js';
+import type { Severity } from '../../config/index.js';
+/**
+ * Luhn algorithm for credit card validation
+ * @param cardNumber The card number as a string (digits only)
+ * @returns true if the card number passes Luhn validation
+ */
+export declare function luhnCheck(cardNumber: string): boolean;
+/**
+ * Validate SSN
+ * Basic validation to reduce false positives
+ */
+export declare function isValidSsn(area: string, group: string, serial: string): boolean;
+/**
+ * Redact PII value
+ */
+export declare function redactPii(value: string, type: PiiType): string;
+/**
+ * Match SSNs in text
+ */
+export declare function matchSsn(text: string): PiiMatch[];
+/**
+ * Match credit card numbers in text
+ */
+export declare function matchCreditCard(text: string): PiiMatch[];
+/**
+ * Match email addresses in text
+ */
+export declare function matchEmail(text: string): PiiMatch[];
+/**
+ * Match all PII types in text
+ */
+export declare function matchPii(text: string, includeEmail?: boolean): PiiMatch[];
+/**
+ * PII Detector class
+ */
+export declare class PiiDetector implements SecretSubDetector {
+    private severity;
+    private includeEmail;
+    constructor(severity: Severity, includeEmail?: boolean);
+    /**
+     * Scan text for PII
+     */
+    scan(text: string, location: string): SecretsDetectionResult[];
+}
+/**
+ * Create a PII detector
+ */
+export declare function createPiiDetector(severity: Severity, includeEmail?: boolean): PiiDetector;
+//# sourceMappingURL=pii-detector.d.ts.map

package/dist/src/detectors/secrets/pii-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-detector.d.ts","sourceRoot":"","sources":["../../../../src/detectors/secrets/pii-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,sBAAsB,EACtB,iBAAiB,EACjB,QAAQ,EACR,OAAO,EACR,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEtD;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CA2BrD;AA6BD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAqB/E;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,MAAM,CAwB9D;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,EAAE,CAuBjD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,EAAE,CA8CxD;AAoBD;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,EAAE,CAyBnD;AAyBD;;GAEG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,UAAQ,GAAG,QAAQ,EAAE,CAWvE;AAED;;GAEG;AACH,qBAAa,WAAY,YAAW,iBAAiB;IACnD,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,YAAY,CAAU;gBAElB,QAAQ,EAAE,QAAQ,EAAE,YAAY,UAAQ;IAKpD;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,sBAAsB,EAAE;CAuB/D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,UAAQ,GAAG,WAAW,CAEvF"}

package/dist/src/detectors/secrets/pii-detector.js

@@ -0,0 +1,286 @@
+/**
+ * PII Detector
+ * Detects Personally Identifiable Information including SSNs and credit cards
+ */
+/**
+ * Luhn algorithm for credit card validation
+ * @param cardNumber The card number as a string (digits only)
+ * @returns true if the card number passes Luhn validation
+ */
+export function luhnCheck(cardNumber) {
+    // Remove any non-digit characters
+    const digits = cardNumber.replace(/\D/g, '');
+    if (digits.length < 13 || digits.length > 19) {
+        return false;
+    }
+    let sum = 0;
+    let isEven = false;
+    // Process digits from right to left
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let digit = parseInt(digits[i], 10);
+        if (isEven) {
+            digit *= 2;
+            if (digit > 9) {
+                digit -= 9;
+            }
+        }
+        sum += digit;
+        isEven = !isEven;
+    }
+    return sum % 10 === 0;
+}
+/**
+ * SSN pattern: xxx-xx-xxxx
+ * Valid SSN rules:
+ * - Area number (first 3 digits): 001-899, excluding 666
+ * - Group number (middle 2 digits): 01-99
+ * - Serial number (last 4 digits): 0001-9999
+ */
+const SSN_PATTERN = /\b(\d{3})-(\d{2})-(\d{4})\b/g;
+/**
+ * Credit card patterns (various formats)
+ * Matches 13-19 digits with optional separators
+ */
+const CREDIT_CARD_PATTERNS = [
+    // 16 digits with spaces or dashes (4-4-4-4)
+    /\b(\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4})\b/g,
+    // 15 digits (Amex: 4-6-5)
+    /\b(\d{4}[\s-]?\d{6}[\s-]?\d{5})\b/g,
+    // 13-19 continuous digits
+    /\b(\d{13,19})\b/g,
+];
+/**
+ * Email pattern
+ */
+const EMAIL_PATTERN = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g;
+/**
+ * Validate SSN
+ * Basic validation to reduce false positives
+ */
+export function isValidSsn(area, group, serial) {
+    const areaNum = parseInt(area, 10);
+    const groupNum = parseInt(group, 10);
+    const serialNum = parseInt(serial, 10);
+    // Area number cannot be 000, 666, or 900-999
+    if (areaNum === 0 || areaNum === 666 || areaNum >= 900) {
+        return false;
+    }
+    // Group number cannot be 00
+    if (groupNum === 0) {
+        return false;
+    }
+    // Serial number cannot be 0000
+    if (serialNum === 0) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Redact PII value
+ */
+export function redactPii(value, type) {
+    switch (type) {
+        case 'ssn':
+            // Show only last 4 digits
+            return `***-**-${value.slice(-4)}`;
+        case 'credit-card': {
+            // Show first 4 and last 4 digits
+            const digits = value.replace(/\D/g, '');
+            if (digits.length <= 8) {
+                return digits.slice(0, 4) + '***';
+            }
+            return digits.slice(0, 4) + '***' + digits.slice(-4);
+        }
+        case 'email': {
+            // Redact middle of email
+            const atIndex = value.indexOf('@');
+            if (atIndex <= 2) {
+                return '***' + value.slice(atIndex);
+            }
+            return value.slice(0, 2) + '***' + value.slice(atIndex);
+        }
+        default:
+            return '***';
+    }
+}
+/**
+ * Match SSNs in text
+ */
+export function matchSsn(text) {
+    const matches = [];
+    const regex = new RegExp(SSN_PATTERN.source, SSN_PATTERN.flags);
+    let match;
+    while ((match = regex.exec(text)) !== null) {
+        const fullMatch = match[0];
+        const area = match[1];
+        const group = match[2];
+        const serial = match[3];
+        const isValid = isValidSsn(area, group, serial);
+        matches.push({
+            matched: true,
+            piiType: 'ssn',
+            value: fullMatch,
+            redactedValue: redactPii(fullMatch, 'ssn'),
+            confidence: isValid ? 0.90 : 0.60,
+        });
+    }
+    return matches;
+}
+/**
+ * Match credit card numbers in text
+ */
+export function matchCreditCard(text) {
+    const matches = [];
+    const seen = new Set();
+    for (const pattern of CREDIT_CARD_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(text)) !== null) {
+            const value = match[1] || match[0];
+            const digits = value.replace(/\D/g, '');
+            // Skip if we've already seen these digits
+            if (seen.has(digits))
+                continue;
+            // Skip numbers that are too short or too long
+            if (digits.length < 13 || digits.length > 19)
+                continue;
+            // Skip numbers that are all the same digit (like 0000000000000000)
+            if (/^(\d)\1+$/.test(digits))
+                continue;
+            // Skip sequential numbers
+            if (isSequential(digits))
+                continue;
+            seen.add(digits);
+            const luhnValid = luhnCheck(digits);
+            // Only report if Luhn passes or if it looks very card-like
+            if (!luhnValid) {
+                // Skip low-confidence matches without Luhn validation
+                continue;
+            }
+            matches.push({
+                matched: true,
+                piiType: 'credit-card',
+                value: digits,
+                redactedValue: redactPii(digits, 'credit-card'),
+                confidence: 0.95, // High confidence since Luhn passed
+                luhnValid,
+            });
+        }
+    }
+    return matches;
+}
+/**
+ * Check if a number sequence is sequential (123456789...)
+ */
+function isSequential(digits) {
+    let ascending = true;
+    let descending = true;
+    for (let i = 1; i < digits.length; i++) {
+        const curr = parseInt(digits[i], 10);
+        const prev = parseInt(digits[i - 1], 10);
+        if (curr !== (prev + 1) % 10)
+            ascending = false;
+        if (curr !== (prev - 1 + 10) % 10)
+            descending = false;
+    }
+    return ascending || descending;
+}
+/**
+ * Match email addresses in text
+ */
+export function matchEmail(text) {
+    const matches = [];
+    const regex = new RegExp(EMAIL_PATTERN.source, EMAIL_PATTERN.flags);
+    const seen = new Set();
+    let match;
+    while ((match = regex.exec(text)) !== null) {
+        const value = match[0].toLowerCase();
+        if (seen.has(value))
+            continue;
+        seen.add(value);
+        // Skip common test/example emails
+        if (isExampleEmail(value))
+            continue;
+        matches.push({
+            matched: true,
+            piiType: 'email',
+            value,
+            redactedValue: redactPii(value, 'email'),
+            confidence: 0.70, // Lower confidence for emails
+        });
+    }
+    return matches;
+}
+/**
+ * Check if an email is a common test/example email
+ */
+function isExampleEmail(email) {
+    const exampleDomains = [
+        'example.com',
+        'example.org',
+        'example.net',
+        'test.com',
+        'localhost',
+        'placeholder.com',
+    ];
+    const exampleLocalParts = ['test', 'example', 'admin', 'info', 'noreply'];
+    const [localPart, domain] = email.split('@');
+    if (exampleDomains.some(d => domain.endsWith(d)))
+        return true;
+    if (exampleLocalParts.includes(localPart))
+        return true;
+    return false;
+}
+/**
+ * Match all PII types in text
+ */
+export function matchPii(text, includeEmail = false) {
+    const allMatches = [];
+    allMatches.push(...matchSsn(text));
+    allMatches.push(...matchCreditCard(text));
+    if (includeEmail) {
+        allMatches.push(...matchEmail(text));
+    }
+    return allMatches;
+}
+/**
+ * PII Detector class
+ */
+export class PiiDetector {
+    severity;
+    includeEmail;
+    constructor(severity, includeEmail = false) {
+        this.severity = severity;
+        this.includeEmail = includeEmail;
+    }
+    /**
+     * Scan text for PII
+     */
+    scan(text, location) {
+        const matches = matchPii(text, this.includeEmail);
+        return matches.map((match) => {
+            // SSN and credit cards are higher severity
+            const severity = match.piiType === 'email' ? 'medium' : this.severity;
+            return {
+                detected: true,
+                category: 'secrets',
+                severity,
+                confidence: match.confidence,
+                reason: `Detected ${match.piiType === 'credit-card' ? 'credit card number' : match.piiType.toUpperCase()}${match.luhnValid !== undefined ? ' (Luhn validated)' : ''}`,
+                metadata: {
+                    type: 'pii',
+                    subtype: match.piiType,
+                    redactedValue: match.redactedValue,
+                    location,
+                },
+            };
+        });
+    }
+}
+/**
+ * Create a PII detector
+ */
+export function createPiiDetector(severity, includeEmail = false) {
+    return new PiiDetector(severity, includeEmail);
+}
+//# sourceMappingURL=pii-detector.js.map

package/dist/src/detectors/secrets/pii-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-detector.js","sourceRoot":"","sources":["../../../../src/detectors/secrets/pii-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,UAAkB;IAC1C,kCAAkC;IAClC,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAE7C,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,oCAAoC;IACpC,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpC,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QAED,GAAG,IAAI,KAAK,CAAC;QACb,MAAM,GAAG,CAAC,MAAM,CAAC;IACnB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,GAAG,8BAA8B,CAAC;AAEnD;;;GAGG;AACH,MAAM,oBAAoB,GAAG;IAC3B,4CAA4C;IAC5C,+CAA+C;IAC/C,0BAA0B;IAC1B,oCAAoC;IACpC,0BAA0B;IAC1B,kBAAkB;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAG,qDAAqD,CAAC;AAE5E;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,KAAa,EAAE,MAAc;IACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAEvC,6CAA6C;IAC7C,IAAI,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;QACvD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAC5B,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+BAA+B;IAC/B,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,IAAa;IACpD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,KAAK;YACR,0BAA0B;YAC1B,OAAO,UAAU,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,iCAAiC;YACjC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;YACpC,CAAC;YACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,yBAAyB;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;gBACjB,OAAO,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1D,CAAC;QACD;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;IAChE,IAAI,KAAK,CAAC;IAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAExB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAEhD,OAAO,CAAC,IAAI,CAAC;YACX,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,SAAS;YAChB,aAAa,EAAE,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC;YAC1C,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;SAClC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAExC,0CAA0C;YAC1C,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS;YAE/B,8CAA8C;YAC9C,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS;YAEvD,mEAAmE;YACnE,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,SAAS;YAEvC,0BAA0B;YAC1B,IAAI,YAAY,CAAC,MAAM,CAAC;gBAAE,SAAS;YAEnC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEjB,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAEpC,2DAA2D;YAC3D,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,sDAAsD;gBACtD,SAAS;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,aAAa;gBACtB,KAAK,EAAE,MAAM;gBACb,aAAa,EAAE,SAAS,CAAC,MAAM,EAAE,aAAa,CAAC;gBAC/C,UAAU,EAAE,IAAI,EAAE,oCAAoC;gBACtD,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc;IAClC,IAAI,SAAS,GAAG,IAAI,CAAC;IACrB,IAAI,UAAU,GAAG,IAAI,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEzC,IAAI,IAAI,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE;YAAE,SAAS,GAAG,KAAK,CAAC;QAChD,IAAI,IAAI,KAAK,CAAC,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE;YAAE,UAAU,GAAG,KAAK,CAAC;IACxD,CAAC;IAED,OAAO,SAAS,IAAI,UAAU,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,IAAI,KAAK,CAAC;IAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAErC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEhB,kCAAkC;QAClC,IAAI,cAAc,CAAC,KAAK,CAAC;YAAE,SAAS;QAEpC,OAAO,CAAC,IAAI,CAAC;YACX,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,OAAO;YAChB,KAAK;YACL,aAAa,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC;YACxC,UAAU,EAAE,IAAI,EAAE,8BAA8B;SACjD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,MAAM,cAAc,GAAG;QACrB,aAAa;QACb,aAAa;QACb,aAAa;QACb,UAAU;QACV,WAAW;QACX,iBAAiB;KAClB,CAAC;IAEF,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAE1E,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE7C,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,IAAI,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,YAAY,GAAG,KAAK;IACzD,MAAM,UAAU,GAAe,EAAE,CAAC;IAElC,UAAU,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACnC,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;IAE1C,IAAI,YAAY,EAAE,CAAC;QACjB,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,QAAQ,CAAW;IACnB,YAAY,CAAU;IAE9B,YAAY,QAAkB,EAAE,YAAY,GAAG,KAAK;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,IAAY,EAAE,QAAgB;QACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAElD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YAC3B,2CAA2C;YAC3C,MAAM,QAAQ,GACZ,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;YAEvD,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,SAAkB;gBAC5B,QAAQ;gBACR,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,MAAM,EAAE,YAAY,KAAK,CAAC,OAAO,KAAK,aAAa,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,EAAE;gBACrK,QAAQ,EAAE;oBACR,IAAI,EAAE,KAAc;oBACpB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,aAAa,EAAE,KAAK,CAAC,aAAa;oBAClC,QAAQ;iBACT;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAkB,EAAE,YAAY,GAAG,KAAK;IACxE,OAAO,IAAI,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;AACjD,CAAC"}