compromising-position 1.0.0

package/dist/index.js

@@ -0,0 +1,472 @@
+import { Command } from "commander";
+import { loadConfig } from "./config/config.js";
+import { readSecret } from "./input/secure-prompt.js";
+import { performLocalCheck } from "./checks/local-check.js";
+import { checkHibpPassword } from "./checks/hibp-password.js";
+import { checkHibpEmail } from "./checks/hibp-email.js";
+import { CheckRegistry } from "./checks/registry.js";
+import { fingerprint } from "./core/fingerprint.js";
+import { sanitizeForTerminal } from "./core/sanitize.js";
+import { formatReport, formatJson, formatPrivacySummary } from "./output/formatter.js";
+import { formatSarif } from "./output/sarif.js";
+import { formatCsv } from "./output/csv.js";
+import { writeAuditLog } from "./output/audit-log.js";
+import { parseEnvFile, parseJsonFile, disposeBatch } from "./input/batch-parser.js";
+// Import plugins
+import { hibpPasswordPlugin } from "./checks/plugins/hibp-password-plugin.js";
+import { hibpEmailPlugin } from "./checks/plugins/hibp-email-plugin.js";
+import { localAnalysisPlugin } from "./checks/plugins/local-analysis-plugin.js";
+import { commonSecretsPlugin } from "./checks/plugins/common-secrets-plugin.js";
+import { emailRepPlugin } from "./checks/plugins/emailrep-plugin.js";
+import { gitGuardianHslPlugin } from "./checks/plugins/gitguardian-hsl-plugin.js";
+import { dehashedPlugin } from "./checks/plugins/dehashed-plugin.js";
+import { leakCheckPlugin } from "./checks/plugins/leakcheck-plugin.js";
+import { intelXPlugin } from "./checks/plugins/intelx-plugin.js";
+// Import verifiers
+import { VerifierRegistry } from "./verification/verifier-registry.js";
+import { openaiVerifier, openaiServiceVerifier } from "./verification/openai-verifier.js";
+import { anthropicVerifier } from "./verification/anthropic-verifier.js";
+import { githubPatVerifier, githubFineGrainedVerifier } from "./verification/github-verifier.js";
+import { awsVerifier } from "./verification/aws-verifier.js";
+import { slackBotVerifier, slackUserVerifier } from "./verification/slack-verifier.js";
+// Build the global plugin registry
+const registry = new CheckRegistry();
+registry.register(localAnalysisPlugin);
+registry.register(hibpPasswordPlugin);
+registry.register(hibpEmailPlugin);
+registry.register(commonSecretsPlugin);
+registry.register(emailRepPlugin);
+registry.register(gitGuardianHslPlugin);
+registry.register(dehashedPlugin);
+registry.register(leakCheckPlugin);
+registry.register(intelXPlugin);
+// Build the global verifier registry
+const verifierRegistry = new VerifierRegistry();
+verifierRegistry.register(openaiVerifier);
+verifierRegistry.register(openaiServiceVerifier);
+verifierRegistry.register(anthropicVerifier);
+verifierRegistry.register(githubPatVerifier);
+verifierRegistry.register(githubFineGrainedVerifier);
+verifierRegistry.register(awsVerifier);
+verifierRegistry.register(slackBotVerifier);
+verifierRegistry.register(slackUserVerifier);
+/** Simple yes/no prompt for verification consent. */
+function promptYesNo() {
+    return new Promise((resolve) => {
+        const stdin = process.stdin;
+        stdin.setRawMode(true);
+        stdin.resume();
+        const onData = (data) => {
+            const ch = data.toString().toLowerCase();
+            stdin.setRawMode(false);
+            stdin.pause();
+            stdin.removeListener("data", onData);
+            if (ch === "y") {
+                process.stderr.write("y\n");
+                resolve(true);
+            }
+            else {
+                process.stderr.write("n\n");
+                resolve(false);
+            }
+        };
+        stdin.on("data", onData);
+    });
+}
+const program = new Command();
+program
+    .name("compromising-position")
+    .description("Privacy-preserving credential exposure checker using k-anonymity")
+    .version("1.0.0");
+program
+    .command("check")
+    .description("Check a secret/API key for exposure in breach databases")
+    .option("--offline", "Local analysis only — skip network checks")
+    .option("--json", "Output JSON to stdout (human report still goes to stderr)")
+    .option("--verbose", "Show additional details")
+    .option("--verify", "Attempt active key verification (sends key to provider API)")
+    .option("--privacy", "Show what data each plugin sends and where")
+    .option("--env-file <path>", "Path to .env file (default: auto-detect in cwd)")
+    .option("--audit-log <path>", "Path to append audit log entries")
+    .option("--enable-plugins <ids>", "Comma-separated list of plugin IDs to enable")
+    .option("--disable-plugins <ids>", "Comma-separated list of plugin IDs to disable")
+    .action(async (opts) => {
+    const config = loadConfig({
+        offline: opts.offline,
+        json: opts.json,
+        verbose: opts.verbose,
+        verify: opts.verify,
+        envFile: opts.envFile,
+        auditLogPath: opts.auditLog,
+        enabledPlugins: opts.enablePlugins
+            ? opts.enablePlugins.split(",").map((s) => s.trim())
+            : [],
+        disabledPlugins: opts.disablePlugins
+            ? opts.disablePlugins.split(",").map((s) => s.trim())
+            : [],
+    });
+    // --privacy: show data flow summary and exit
+    if (opts.privacy) {
+        process.stderr.write(formatPrivacySummary(registry.getAll()));
+        process.exit(0);
+    }
+    // Read the secret securely
+    const secret = await readSecret();
+    try {
+        // Layer 1: Local analysis (always runs)
+        const local = performLocalCheck(secret);
+        // Layer 2: HIBP k-anonymity check (unless offline)
+        let hibpPassword = null;
+        if (!config.offline) {
+            process.stderr.write("Checking HIBP (k-anonymity)...\n");
+            hibpPassword = await checkHibpPassword(secret);
+        }
+        // Layer 3: Run registered plugins
+        const runnablePlugins = registry.getRunnable("secret", config);
+        const pluginResults = [];
+        for (const plugin of runnablePlugins) {
+            // Skip built-in plugins that are already handled directly
+            if (plugin.id === "local-analysis" || plugin.id === "hibp-password") {
+                continue;
+            }
+            process.stderr.write(`Running ${plugin.name}...\n`);
+            const result = await plugin.check(secret, config);
+            pluginResults.push(result);
+        }
+        // Layer 4: Active verification (opt-in, requires --verify flag)
+        let verification = null;
+        if (config.verify && local.identification.provider !== "Unknown") {
+            const verifier = verifierRegistry.get(local.identification.provider);
+            if (verifier) {
+                process.stderr.write(`\nVerification will send your key to: ${verifier.endpoint}\n` +
+                    `Purpose: ${verifier.description}\n` +
+                    `Proceed? [y/N] `);
+                // In non-interactive mode (pipe), skip verification
+                if (!process.stdin.isTTY) {
+                    process.stderr.write("(skipped — non-interactive mode)\n");
+                }
+                else {
+                    const confirmed = await promptYesNo();
+                    if (confirmed) {
+                        process.stderr.write("Verifying key...\n");
+                        verification = await verifier.verify(secret);
+                    }
+                    else {
+                        process.stderr.write("Verification skipped.\n");
+                    }
+                }
+            }
+        }
+        // Compute fingerprint before disposing
+        const fp = fingerprint(secret);
+        // Build result
+        const result = {
+            local,
+            hibpPassword,
+            hibpEmail: null,
+            pluginResults,
+            verification,
+            riskLevel: determineRiskLevel(local, hibpPassword, null, pluginResults, verification),
+            summary: buildSummary(local, hibpPassword, pluginResults, verification),
+            fingerprint: fp,
+            timestamp: new Date().toISOString(),
+        };
+        // Output
+        if (config.json) {
+            process.stdout.write(formatJson(result) + "\n");
+        }
+        // Always write human report to stderr
+        process.stderr.write(formatReport(result));
+        // Audit log
+        if (config.auditLogPath) {
+            await writeAuditLog(config.auditLogPath, result);
+        }
+        // Exit code: 0=safe, 1=exposed, 2=error
+        const exitCode = result.riskLevel === "critical" || result.riskLevel === "high"
+            ? 1
+            : 0;
+        process.exit(exitCode);
+    }
+    finally {
+        secret.dispose();
+    }
+});
+program
+    .command("check-email <email>")
+    .description("Check an email address against HIBP breach databases")
+    .option("--json", "Output JSON to stdout")
+    .option("--env-file <path>", "Path to .env file (default: auto-detect in cwd)")
+    .option("--audit-log <path>", "Path to append audit log entries")
+    .option("--enable-plugins <ids>", "Comma-separated list of plugin IDs to enable")
+    .option("--disable-plugins <ids>", "Comma-separated list of plugin IDs to disable")
+    .action(async (email, opts) => {
+    // Validate email format before proceeding
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email) || email.length > 254) {
+        process.stderr.write("Error: invalid email address format.\n");
+        process.exit(2);
+    }
+    const config = loadConfig({
+        json: opts.json,
+        envFile: opts.envFile,
+        auditLogPath: opts.auditLog,
+        enabledPlugins: opts.enablePlugins
+            ? opts.enablePlugins.split(",").map((s) => s.trim())
+            : [],
+        disabledPlugins: opts.disablePlugins
+            ? opts.disablePlugins.split(",").map((s) => s.trim())
+            : [],
+    });
+    if (!config.hibpApiKey) {
+        process.stderr.write("Error: HIBP API key required for email checks.\n" +
+            "Set HIBP_API_KEY environment variable or provide via .env file.\n" +
+            "Get a key at https://haveibeenpwned.com/API/Key ($3.50/mo)\n");
+        process.exit(2);
+    }
+    // Sanitize email for terminal output (prevent escape sequence injection)
+    process.stderr.write(`Checking email breaches for ${sanitizeForTerminal(email)}...\n`);
+    const emailResult = await checkHibpEmail(email, config.hibpApiKey);
+    // Run email-type plugins
+    const runnablePlugins = registry.getRunnable("email", config);
+    const pluginResults = [];
+    for (const plugin of runnablePlugins) {
+        if (plugin.id === "hibp-email")
+            continue; // already handled
+        process.stderr.write(`Running ${plugin.name}...\n`);
+        const result = await plugin.check(email, config);
+        pluginResults.push(result);
+    }
+    const riskLevel = determineEmailRiskLevel(emailResult, pluginResults);
+    const result = {
+        local: {
+            identification: {
+                provider: "Unknown",
+                confidence: "low",
+                description: "Email breach check",
+            },
+            entropy: {
+                shannonEntropy: 0,
+                maxPossibleEntropy: 0,
+                normalizedEntropy: 0,
+                encoding: "mixed",
+                length: email.length,
+                warning: null,
+            },
+            warnings: [],
+            looksLikeSecret: false,
+        },
+        hibpPassword: null,
+        hibpEmail: emailResult,
+        pluginResults,
+        verification: null,
+        riskLevel,
+        summary: buildEmailSummary(emailResult, pluginResults),
+        fingerprint: "email-check",
+        timestamp: new Date().toISOString(),
+    };
+    if (config.json) {
+        process.stdout.write(formatJson(result) + "\n");
+    }
+    process.stderr.write(formatReport(result));
+    if (config.auditLogPath) {
+        await writeAuditLog(config.auditLogPath, result);
+    }
+    const exitCode = riskLevel === "critical" || riskLevel === "high" ? 1 : 0;
+    process.exit(exitCode);
+});
+function determineRiskLevel(local, hibp, _email, pluginResults, verification) {
+    // Active + exposed = critical
+    if (verification?.active && pluginResults.some((p) => p.found)) {
+        return "critical";
+    }
+    if (verification?.active && hibp?.found) {
+        return "critical";
+    }
+    // Found in breach data = critical
+    if (hibp?.found && (hibp.occurrences ?? 0) > 0) {
+        return "critical";
+    }
+    // Any plugin found exposure at critical level
+    if (pluginResults.some((p) => p.found && p.severity === "critical")) {
+        return "critical";
+    }
+    // Any plugin found exposure at high level
+    if (pluginResults.some((p) => p.found && p.severity === "high")) {
+        return "high";
+    }
+    // Recognized provider key with high entropy = high risk if no HIBP check done
+    if (local.identification.confidence === "high" && local.looksLikeSecret) {
+        if (hibp === null) {
+            return "medium"; // offline check — we don't know
+        }
+        return "low"; // checked HIBP, not found
+    }
+    // Looks like a secret but unrecognized
+    if (local.looksLikeSecret) {
+        if (hibp?.found)
+            return "critical";
+        return hibp ? "low" : "medium";
+    }
+    // Plugin found something at medium level
+    if (pluginResults.some((p) => p.found && p.severity === "medium")) {
+        return "medium";
+    }
+    // Doesn't look like a secret
+    return "info";
+}
+function determineEmailRiskLevel(email, pluginResults) {
+    if (email.stealerLogs.length > 0)
+        return "critical";
+    if (email.breaches.length > 10)
+        return "critical";
+    if (pluginResults.some((p) => p.found && p.severity === "critical"))
+        return "critical";
+    if (email.breaches.length > 0)
+        return "high";
+    if (pluginResults.some((p) => p.found && p.severity === "high"))
+        return "high";
+    if (email.pastes.length > 0)
+        return "medium";
+    if (pluginResults.some((p) => p.found && p.severity === "medium"))
+        return "medium";
+    return "low";
+}
+function buildSummary(local, hibp, pluginResults, verification) {
+    const parts = [];
+    if (local.identification.provider !== "Unknown") {
+        parts.push(`Identified as ${local.identification.provider}`);
+    }
+    else {
+        parts.push("Unknown key format");
+    }
+    if (hibp?.found) {
+        parts.push(`EXPOSED in ${hibp.occurrences.toLocaleString()} breach(es)`);
+    }
+    else if (hibp?.checked && !hibp.error) {
+        parts.push("not found in HIBP breach data");
+    }
+    else if (hibp?.error) {
+        parts.push(`HIBP check failed: ${hibp.error}`);
+    }
+    // Summarize plugin findings
+    const foundPlugins = pluginResults.filter((p) => p.found);
+    if (foundPlugins.length > 0) {
+        parts.push(`found in ${foundPlugins.length} additional source(s)`);
+    }
+    if (verification?.active) {
+        parts.push("KEY IS CURRENTLY ACTIVE");
+    }
+    return parts.join(" — ");
+}
+function buildEmailSummary(email, pluginResults) {
+    if (email.error)
+        return `Email check failed: ${email.error}`;
+    const parts = [];
+    if (email.breaches.length > 0) {
+        parts.push(`${email.breaches.length} breach(es)`);
+    }
+    if (email.stealerLogs.length > 0) {
+        parts.push(`${email.stealerLogs.length} stealer log(s)`);
+    }
+    if (email.pastes.length > 0) {
+        parts.push(`${email.pastes.length} paste(s)`);
+    }
+    const foundPlugins = pluginResults.filter((p) => p.found);
+    if (foundPlugins.length > 0) {
+        parts.push(`${foundPlugins.length} additional source(s)`);
+    }
+    return parts.length > 0
+        ? `Found in: ${parts.join(", ")}`
+        : "No breaches found";
+}
+program
+    .command("check-batch <file>")
+    .description("Check multiple secrets from a .env or JSON file")
+    .option("--offline", "Local analysis only — skip network checks")
+    .option("--format <format>", "Output format: json, sarif, csv (default: json)", "json")
+    .option("--env-file <path>", "Path to .env file for config")
+    .option("--audit-log <path>", "Path to append audit log entries")
+    .action(async (file, opts) => {
+    const config = loadConfig({
+        offline: opts.offline,
+        envFile: opts.envFile,
+        auditLogPath: opts.auditLog,
+        json: true,
+    });
+    // Determine file format from extension
+    let entries;
+    if (file.endsWith(".json")) {
+        entries = parseJsonFile(file);
+    }
+    else {
+        // Default to .env format
+        entries = parseEnvFile(file);
+    }
+    if (entries.length === 0) {
+        process.stderr.write("No secrets found in input file.\n");
+        process.exit(0);
+    }
+    process.stderr.write(`Checking ${entries.length} secret(s)...\n`);
+    const results = [];
+    let hasExposure = false;
+    try {
+        for (const entry of entries) {
+            process.stderr.write(`  Checking ${sanitizeForTerminal(entry.name)}...\n`);
+            const local = performLocalCheck(entry.secret);
+            let hibpPassword = null;
+            if (!config.offline) {
+                hibpPassword = await checkHibpPassword(entry.secret);
+            }
+            // Run plugins
+            const runnablePlugins = registry.getRunnable("secret", config);
+            const pluginResults = [];
+            for (const plugin of runnablePlugins) {
+                if (plugin.id === "local-analysis" || plugin.id === "hibp-password")
+                    continue;
+                const pr = await plugin.check(entry.secret, config);
+                pluginResults.push(pr);
+            }
+            const fp = fingerprint(entry.secret);
+            const result = {
+                local,
+                hibpPassword,
+                hibpEmail: null,
+                pluginResults,
+                verification: null,
+                riskLevel: determineRiskLevel(local, hibpPassword, null, pluginResults, null),
+                summary: `[${entry.name}] ${buildSummary(local, hibpPassword, pluginResults, null)}`,
+                fingerprint: fp,
+                timestamp: new Date().toISOString(),
+            };
+            results.push(result);
+            if (result.riskLevel === "critical" || result.riskLevel === "high") {
+                hasExposure = true;
+            }
+            if (config.auditLogPath) {
+                await writeAuditLog(config.auditLogPath, result);
+            }
+        }
+        // Output
+        const format = opts.format;
+        if (format === "sarif") {
+            process.stdout.write(formatSarif(results) + "\n");
+        }
+        else if (format === "csv") {
+            process.stdout.write(formatCsv(results) + "\n");
+        }
+        else {
+            process.stdout.write(JSON.stringify(results, null, 2) + "\n");
+        }
+        // Summary to stderr
+        const critCount = results.filter((r) => r.riskLevel === "critical").length;
+        const highCount = results.filter((r) => r.riskLevel === "high").length;
+        process.stderr.write(`\nBatch complete: ${results.length} checked, ${critCount} critical, ${highCount} high\n`);
+        process.exit(hasExposure ? 1 : 0);
+    }
+    finally {
+        disposeBatch(entries);
+    }
+});
+// Export registry for external use (e.g., registering new plugins)
+export { registry };
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAmB,MAAM,yBAAyB,CAAC;AAUrG,iBAAiB;AACjB,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2CAA2C,CAAC;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2CAA2C,CAAC;AAChF,OAAO,EAAE,cAAc,EAAE,MAAM,qCAAqC,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4CAA4C,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,qCAAqC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAEjE,mBAAmB;AACnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAC;AACzE,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AACjG,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAEvF,mCAAmC;AACnC,MAAM,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;AACrC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AACvC,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;AACtC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;AACnC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AACvC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAClC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;AACxC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAClC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;AACnC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;AAEhC,qCAAqC;AACrC,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAC;AAChD,gBAAgB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAC1C,gBAAgB,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;AACjD,gBAAgB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;AAC7C,gBAAgB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;AAC7C,gBAAgB,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;AACrD,gBAAgB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACvC,gBAAgB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AAC5C,gBAAgB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;AAE7C,qDAAqD;AACrD,SAAS,WAAW;IAClB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACvB,KAAK,CAAC,MAAM,EAAE,CAAC;QAEf,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;YAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC;YACzC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACxB,KAAK,CAAC,KAAK,EAAE,CAAC;YACd,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAErC,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC5B,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;QAEF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,uBAAuB,CAAC;KAC7B,WAAW,CAAC,kEAAkE,CAAC;KAC/E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAChE,MAAM,CAAC,QAAQ,EAAE,2DAA2D,CAAC;KAC7E,MAAM,CAAC,WAAW,EAAE,yBAAyB,CAAC;KAC9C,MAAM,CAAC,UAAU,EAAE,6DAA6D,CAAC;KACjF,MAAM,CAAC,WAAW,EAAE,4CAA4C,CAAC;KACjE,MAAM,CAAC,mBAAmB,EAAE,iDAAiD,CAAC;KAC9E,MAAM,CAAC,oBAAoB,EAAE,kCAAkC,CAAC;KAChE,MAAM,CAAC,wBAAwB,EAAE,8CAA8C,CAAC;KAChF,MAAM,CAAC,yBAAyB,EAAE,+CAA+C,CAAC;KAClF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,MAAM,GAAG,UAAU,CAAC;QACxB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,YAAY,EAAE,IAAI,CAAC,QAAQ;QAC3B,cAAc,EAAE,IAAI,CAAC,aAAa;YAChC,CAAC,CAAE,IAAI,CAAC,aAAwB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACxE,CAAC,CAAC,EAAE;QACN,eAAe,EAAE,IAAI,CAAC,cAAc;YAClC,CAAC,CAAE,IAAI,CAAC,cAAyB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzE,CAAC,CAAC,EAAE;KACP,CAAC,CAAC;IAEH,6CAA6C;IAC7C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,KAAK,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAExC,mDAAmD;QACnD,IAAI,YAAY,GAA8B,IAAI,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;YACzD,YAAY,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACjD,CAAC;QAED,kCAAkC;QAClC,MAAM,eAAe,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC/D,MAAM,aAAa,GAAwB,EAAE,CAAC;QAC9C,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;YACrC,0DAA0D;YAC1D,IAAI,MAAM,CAAC,EAAE,KAAK,gBAAgB,IAAI,MAAM,CAAC,EAAE,KAAK,eAAe,EAAE,CAAC;gBACpE,SAAS;YACX,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,MAAM,CAAC,IAAI,OAAO,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAClD,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QAED,gEAAgE;QAChE,IAAI,YAAY,GAA8B,IAAI,CAAC;QACnD,IAAI,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACjE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACrE,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yCAAyC,QAAQ,CAAC,QAAQ,IAAI;oBAC9D,YAAY,QAAQ,CAAC,WAAW,IAAI;oBACpC,iBAAiB,CAClB,CAAC;gBAEF,oDAAoD;gBACpD,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;oBACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,MAAM,SAAS,GAAG,MAAM,WAAW,EAAE,CAAC;oBACtC,IAAI,SAAS,EAAE,CAAC;wBACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;wBAC3C,YAAY,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAC/C,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;oBAClD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAE/B,eAAe;QACf,MAAM,MAAM,GAAgB;YAC1B,KAAK;YACL,YAAY;YACZ,SAAS,EAAE,IAAI;YACf,aAAa;YACb,YAAY;YACZ,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,CAAC;YACrF,OAAO,EAAE,YAAY,CAAC,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,CAAC;YACvE,WAAW,EAAE,EAAE;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,SAAS;QACT,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,CAAC;QACD,sCAAsC;QACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;QAE3C,YAAY;QACZ,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,wCAAwC;QACxC,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,KAAK,UAAU,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM;YAC7E,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,CAAC,CAAC;QACN,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,qBAAqB,CAAC;KAC9B,WAAW,CAAC,sDAAsD,CAAC;KACnE,MAAM,CAAC,QAAQ,EAAE,uBAAuB,CAAC;KACzC,MAAM,CAAC,mBAAmB,EAAE,iDAAiD,CAAC;KAC9E,MAAM,CAAC,oBAAoB,EAAE,kCAAkC,CAAC;KAChE,MAAM,CAAC,wBAAwB,EAAE,8CAA8C,CAAC;KAChF,MAAM,CAAC,yBAAyB,EAAE,+CAA+C,CAAC;KAClF,MAAM,CAAC,KAAK,EAAE,KAAa,EAAE,IAAI,EAAE,EAAE;IACpC,0CAA0C;IAC1C,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC;QACxB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,YAAY,EAAE,IAAI,CAAC,QAAQ;QAC3B,cAAc,EAAE,IAAI,CAAC,aAAa;YAChC,CAAC,CAAE,IAAI,CAAC,aAAwB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACxE,CAAC,CAAC,EAAE;QACN,eAAe,EAAE,IAAI,CAAC,cAAc;YAClC,CAAC,CAAE,IAAI,CAAC,cAAyB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzE,CAAC,CAAC,EAAE;KACP,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kDAAkD;YAClD,mEAAmE;YACnE,8DAA8D,CAC/D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,yEAAyE;IACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEvF,MAAM,WAAW,GAAoB,MAAM,cAAc,CACvD,KAAK,EACL,MAAM,CAAC,UAAU,CAClB,CAAC;IAEF,yBAAyB;IACzB,MAAM,eAAe,GAAG,QAAQ,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,aAAa,GAAwB,EAAE,CAAC;IAC9C,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,MAAM,CAAC,EAAE,KAAK,YAAY;YAAE,SAAS,CAAC,kBAAkB;QAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,MAAM,CAAC,IAAI,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACjD,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,SAAS,GAAG,uBAAuB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IACtE,MAAM,MAAM,GAAgB;QAC1B,KAAK,EAAE;YACL,cAAc,EAAE;gBACd,QAAQ,EAAE,SAAgB;gBAC1B,UAAU,EAAE,KAAK;gBACjB,WAAW,EAAE,oBAAoB;aAClC;YACD,OAAO,EAAE;gBACP,cAAc,EAAE,CAAC;gBACjB,kBAAkB,EAAE,CAAC;gBACrB,iBAAiB,EAAE,CAAC;gBACpB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,IAAI;aACd;YACD,QAAQ,EAAE,EAAE;YACZ,eAAe,EAAE,KAAK;SACvB;QACD,YAAY,EAAE,IAAI;QAClB,SAAS,EAAE,WAAW;QACtB,aAAa;QACb,YAAY,EAAE,IAAI;QAClB,SAAS;QACT,OAAO,EAAE,iBAAiB,CAAC,WAAW,EAAE,aAAa,CAAC;QACtD,WAAW,EAAE,aAAa;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzB,CAAC,CAAC,CAAC;AAEL,SAAS,kBAAkB,CACzB,KAA2B,EAC3B,IAA+B,EAC/B,MAA8B,EAC9B,aAAkC,EAClC,YAAuC;IAEvC,8BAA8B;IAC9B,IAAI,YAAY,EAAE,MAAM,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,YAAY,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;QACxC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,8CAA8C;IAC9C,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;QACpE,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,0CAA0C;IAC1C,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,CAAC;QAChE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8EAA8E;IAC9E,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,KAAK,MAAM,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QACxE,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAClB,OAAO,QAAQ,CAAC,CAAC,gCAAgC;QACnD,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,0BAA0B;IAC1C,CAAC;IAED,uCAAuC;IACvC,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC1B,IAAI,IAAI,EAAE,KAAK;YAAE,OAAO,UAAU,CAAC;QACnC,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED,yCAAyC;IACzC,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,EAAE,CAAC;QAClE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,6BAA6B;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAsB,EACtB,aAAkC;IAElC,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACpD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,UAAU,CAAC;IAClD,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IACvF,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IAC7C,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC/E,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC7C,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IACnF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,KAA2B,EAC3B,IAA+B,EAC/B,aAAkC,EAClC,YAAuC;IAEvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,KAAK,CAAC,cAAc,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,iBAAiB,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CACR,cAAc,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,aAAa,CAC7D,CAAC;IACJ,CAAC;SAAM,IAAI,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC9C,CAAC;SAAM,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,sBAAsB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,YAAY,YAAY,CAAC,MAAM,uBAAuB,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,YAAY,EAAE,MAAM,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,iBAAiB,CACxB,KAAsB,EACtB,aAAkC;IAElC,IAAI,KAAK,CAAC,KAAK;QAAE,OAAO,uBAAuB,KAAK,CAAC,KAAK,EAAE,CAAC;IAE7D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,iBAAiB,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,uBAAuB,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC;QACrB,CAAC,CAAC,aAAa,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACjC,CAAC,CAAC,mBAAmB,CAAC;AAC1B,CAAC;AAED,OAAO;KACJ,OAAO,CAAC,oBAAoB,CAAC;KAC7B,WAAW,CAAC,iDAAiD,CAAC;KAC9D,MAAM,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAChE,MAAM,CAAC,mBAAmB,EAAE,iDAAiD,EAAE,MAAM,CAAC;KACtF,MAAM,CAAC,mBAAmB,EAAE,8BAA8B,CAAC;KAC3D,MAAM,CAAC,oBAAoB,EAAE,kCAAkC,CAAC;KAChE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAI,EAAE,EAAE;IACnC,MAAM,MAAM,GAAG,UAAU,CAAC;QACxB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,YAAY,EAAE,IAAI,CAAC,QAAQ;QAC3B,IAAI,EAAE,IAAI;KACX,CAAC,CAAC;IAEH,uCAAuC;IACvC,IAAI,OAAqB,CAAC;IAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,yBAAyB;QACzB,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,OAAO,CAAC,MAAM,iBAAiB,CAAC,CAAC;IAElE,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE3E,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAE9C,IAAI,YAAY,GAA8B,IAAI,CAAC;YACnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,YAAY,GAAG,MAAM,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACvD,CAAC;YAED,cAAc;YACd,MAAM,eAAe,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC/D,MAAM,aAAa,GAAwB,EAAE,CAAC;YAC9C,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;gBACrC,IAAI,MAAM,CAAC,EAAE,KAAK,gBAAgB,IAAI,MAAM,CAAC,EAAE,KAAK,eAAe;oBAAE,SAAS;gBAC9E,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACpD,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACzB,CAAC;YAED,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAErC,MAAM,MAAM,GAAgB;gBAC1B,KAAK;gBACL,YAAY;gBACZ,SAAS,EAAE,IAAI;gBACf,aAAa;gBACb,YAAY,EAAE,IAAI;gBAClB,SAAS,EAAE,kBAAkB,CAAC,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC;gBAC7E,OAAO,EAAE,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,CAAC,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,IAAI,CAAC,EAAE;gBACpF,WAAW,EAAE,EAAE;gBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC;YAEF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,IAAI,MAAM,CAAC,SAAS,KAAK,UAAU,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;gBACnE,WAAW,GAAG,IAAI,CAAC;YACrB,CAAC;YAED,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,SAAS;QACT,MAAM,MAAM,GAAG,IAAI,CAAC,MAAgB,CAAC;QACrC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QACpD,CAAC;aAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAChE,CAAC;QAED,oBAAoB;QACpB,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC3E,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qBAAqB,OAAO,CAAC,MAAM,aAAa,SAAS,cAAc,SAAS,SAAS,CAC1F,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mEAAmE;AACnE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAEpB,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/input/batch-parser.d.ts

@@ -0,0 +1,21 @@
+import { SecureBuffer } from "../core/secure-buffer.js";
+export interface BatchEntry {
+    name: string;
+    secret: SecureBuffer;
+}
+/**
+ * Parse a .env file into batch entries.
+ * Supports KEY=VALUE and KEY="VALUE" formats.
+ * Skips comments (#) and empty lines.
+ */
+export declare function parseEnvFile(path: string): BatchEntry[];
+export declare function parseEnvString(content: string): BatchEntry[];
+/**
+ * Parse a JSON file into batch entries.
+ * Expects { "KEY_NAME": "secret_value", ... }
+ */
+export declare function parseJsonFile(path: string): BatchEntry[];
+export declare function parseJsonString(content: string): BatchEntry[];
+/** Dispose all SecureBuffers in a batch. */
+export declare function disposeBatch(entries: BatchEntry[]): void;
+//# sourceMappingURL=batch-parser.d.ts.map

package/dist/input/batch-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"batch-parser.d.ts","sourceRoot":"","sources":["../../src/input/batch-parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,YAAY,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,CAGvD;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,EAAE,CA+B5D;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,CAGxD;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,EAAE,CAc7D;AAED,4CAA4C;AAC5C,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,IAAI,CAIxD"}

package/dist/input/batch-parser.js

@@ -0,0 +1,65 @@
+import { readFileSync } from "node:fs";
+import { SecureBuffer } from "../core/secure-buffer.js";
+/**
+ * Parse a .env file into batch entries.
+ * Supports KEY=VALUE and KEY="VALUE" formats.
+ * Skips comments (#) and empty lines.
+ */
+export function parseEnvFile(path) {
+    const content = readFileSync(path, "utf-8");
+    return parseEnvString(content);
+}
+export function parseEnvString(content) {
+    const entries = [];
+    for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        // Skip empty lines and comments
+        if (!trimmed || trimmed.startsWith("#"))
+            continue;
+        const eqIndex = trimmed.indexOf("=");
+        if (eqIndex === -1)
+            continue;
+        const name = trimmed.slice(0, eqIndex).trim();
+        let value = trimmed.slice(eqIndex + 1).trim();
+        // Strip surrounding quotes
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        if (!name || !value)
+            continue;
+        entries.push({
+            name,
+            secret: SecureBuffer.fromString(value),
+        });
+    }
+    return entries;
+}
+/**
+ * Parse a JSON file into batch entries.
+ * Expects { "KEY_NAME": "secret_value", ... }
+ */
+export function parseJsonFile(path) {
+    const content = readFileSync(path, "utf-8");
+    return parseJsonString(content);
+}
+export function parseJsonString(content) {
+    const data = JSON.parse(content);
+    const entries = [];
+    for (const [name, value] of Object.entries(data)) {
+        if (typeof value === "string" && value.length > 0) {
+            entries.push({
+                name,
+                secret: SecureBuffer.fromString(value),
+            });
+        }
+    }
+    return entries;
+}
+/** Dispose all SecureBuffers in a batch. */
+export function disposeBatch(entries) {
+    for (const entry of entries) {
+        entry.secret.dispose();
+    }
+}
+//# sourceMappingURL=batch-parser.js.map

package/dist/input/batch-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"batch-parser.js","sourceRoot":"","sources":["../../src/input/batch-parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAOxD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAE7B,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE9C,2BAA2B;QAC3B,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;YAAE,SAAS;QAE9B,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC;SACvC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IAC5D,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,MAAM,EAAE,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC;aACvC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,YAAY,CAAC,OAAqB;IAChD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;IACzB,CAAC;AACH,CAAC"}

package/dist/input/secure-prompt.d.ts

@@ -0,0 +1,11 @@
+import { SecureBuffer } from "../core/secure-buffer.js";
+/**
+ * Read a secret from stdin.
+ *
+ * - If stdin is a pipe: reads all data from the pipe.
+ * - If stdin is a TTY: prompts interactively with hidden input.
+ *
+ * Always returns a SecureBuffer (Buffer-backed, not String).
+ */
+export declare function readSecret(): Promise<SecureBuffer>;
+//# sourceMappingURL=secure-prompt.d.ts.map

package/dist/input/secure-prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-prompt.d.ts","sourceRoot":"","sources":["../../src/input/secure-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD;;;;;;;GAOG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC,CAKxD"}