coverme-scanner 1.0.18 → 1.0.20

package/dist/prompts/cross-validator.md

@@ -223,4 +223,48 @@ Focus: Find what was MISSED
 - Don't ignore context from CLAUDE.md
 - Don't miss the forest for the trees
 
+## CRITICAL: Things That Are NOT False Positives
+
+### Command Injection from Config Files
+**DO NOT dismiss as false positive!**
+```javascript
+execSync(`pm2 start ${configValue}`)  // STILL VULNERABLE!
+```
+Even if the value comes from a config file (models.json, config.yaml), if that file is:
+- Writable by users (admin panel, API)
+- Not validated against a strict schema
+- Could be modified by an attacker with file access
+
+Then it IS a real command injection. The attack vector is just indirect.
+
+**Only dismiss if:**
+- Config file is hardcoded at build time (not runtime loaded)
+- Config values are validated against strict regex/enum
+- execFile() is used instead of execSync() with proper argument array
+
+### Secrets in Git History
+**DO NOT dismiss just because file is now gitignored!**
+If a secret file was EVER committed, it may still be in git history.
+```bash
+git log --all --full-history -- "**/secrets*" "**/credentials*" "**/*.env"
+```
+If this returns results, the secret is STILL EXPOSED even if currently gitignored.
+
+### CORS Without Whitelist
+**DO NOT dismiss as "internal only"!**
+```javascript
+res.header('Access-Control-Allow-Origin', req.headers.origin);  // VULNERABLE
+```
+This reflects ANY origin. Even if the server is "internal", browser-based attacks can still:
+- Steal data via malicious website
+- Perform CSRF-like attacks
+- Exfiltrate to attacker-controlled domains
+
+### Missing Security Configuration
+**These are real findings, not false positives:**
+- `helmet()` without custom CSP configuration
+- Missing `npm audit` in CI pipeline
+- No Dependabot/Renovate for dependency updates
+- Logs without rotation/retention policy
+
 START VALIDATION NOW. Be critical but fair.

package/dist/prompts/mitigation-validator.md

@@ -178,6 +178,74 @@ The finding is incorrect:
 3. Is it localhost/development credentials only?
 4. Is there environment variable loading that overrides?
 
+### Race Condition / TOCTOU Findings (CRITICAL - Often False Positives)
+**Check for atomic operations that FULLY mitigate the race:**
+
+1. **Redis Lua Scripts** = FULL MITIGATION
+   - `redis.call()` inside Lua script is atomic
+   - SETNX, GETSET, INCR are atomic
+   - Look for: `eval`, `evalsha`, `script load`
+   ```javascript
+   // This is ATOMIC - no race condition!
+   redis.eval(`
+     local current = redis.call('GET', key)
+     if current < limit then
+       redis.call('INCR', key)
+       return 1
+     end
+     return 0
+   `)
+   ```
+
+2. **Database Transactions** = FULL MITIGATION
+   - `BEGIN...COMMIT` with proper isolation
+   - `SELECT FOR UPDATE` locks rows
+   - Prisma `$transaction()`, TypeORM `transaction()`
+   - Look for: `transaction`, `FOR UPDATE`, `SERIALIZABLE`
+
+3. **Atomic Compare-and-Swap** = FULL MITIGATION
+   - `WATCH/MULTI/EXEC` in Redis
+   - `findOneAndUpdate` with conditions in MongoDB
+   - `UPDATE ... WHERE version = ?` (optimistic locking)
+
+4. **Mutex/Locking** = FULL MITIGATION
+   - `redis-lock`, `redlock`
+   - Database advisory locks
+   - File locks (flock)
+
+**If ANY of these patterns exist, mark as MITIGATED, not "partial"!**
+
+### Intentional Design Decisions (Check Comments!)
+**Before reporting, check if there are comments explaining WHY:**
+
+1. **Search for explanatory comments near the code:**
+   ```
+   grep -B5 -A5 "intentional|by design|deliberately|on purpose|security note" <file>
+   ```
+
+2. **Common patterns that are INTENTIONAL:**
+   - PKCE code reuse to prevent double-click race conditions
+   - Longer token expiry for better UX (with other mitigations)
+   - Allowing certain "unsafe" operations for admin users
+   - Development-only bypasses with environment checks
+
+3. **If comment explains the decision:**
+   ```json
+   {
+     "verdict": "false_positive",
+     "reason": "Intentional design decision documented in code",
+     "evidence": ["Comment at line 45: 'Intentionally allow reuse to prevent double-submit'"]
+   }
+   ```
+
+### Open Redirect Findings
+1. **Check for whitelist validation:**
+   ```
+   grep -r "isValidRedirect|allowedDomains|whitelist|validateUrl" <file>
+   ```
+2. If whitelist exists and covers the redirect parameter = MITIGATED
+3. Check if validation function is actually called before redirect
+
 ## Output Format
 
 ```json

package/dist/prompts/orchestration.md

@@ -158,6 +158,32 @@ CHECK FOR:
 - API versioning issues
 - Excessive data exposure in responses
 
+**CORS MISCONFIGURATION** (MEDIUM):
+Look for these vulnerable patterns:
+```javascript
+// VULNERABLE - reflects ANY origin
+res.header('Access-Control-Allow-Origin', req.headers.origin);
+res.header('Access-Control-Allow-Origin', '*');
+
+// VULNERABLE - no whitelist validation
+app.use(cors({ origin: true }));
+```
+Only mark as safe if there's explicit whitelist validation:
+```javascript
+const allowedOrigins = ['https://app.example.com'];
+if (allowedOrigins.includes(origin)) { ... }
+```
+
+**HELMET MISCONFIGURATION** (MEDIUM):
+```javascript
+app.use(helmet());  // Using defaults only - INSUFFICIENT!
+```
+Check that helmet() includes:
+- Custom `contentSecurityPolicy` with proper directives
+- `hsts: { maxAge: 31536000, includeSubDomains: true, preload: true }`
+- Proper `referrerPolicy`
+Report as MEDIUM if using only defaults without customization.
+
 **FAIL-OPEN vs FAIL-CLOSED PATTERNS** (CRITICAL):
 - IP whitelist empty/missing = allow all (should deny all)
 - Auth middleware errors = request passes through (should block)
@@ -207,6 +233,14 @@ CHECK FOR:
 - Ansible vault passwords in plaintext
 - CI/CD pipeline secrets in yaml files (.github/workflows, .gitlab-ci.yml)
 
+**SECRETS IN GIT HISTORY** (CRITICAL CHECK!):
+Run these commands to check if secrets were EVER committed:
+```bash
+git log --all --full-history -- "**/secrets*" "**/credentials*" "**/*.env"
+git log --all -p -S "AWS_SECRET" -S "PRIVATE_KEY" --source
+```
+If secrets appear in history, they are EXPOSED even if now gitignored!
+
 **PRIVILEGE ESCALATION RISKS**:
 - Containers/processes running as root
 - Missing securityContext in K8s (runAsNonRoot, readOnlyRootFilesystem)
@@ -220,6 +254,20 @@ CHECK FOR:
 - Missing config = silent fallback to insecure defaults
 - No validation of secret strength/format at startup
 
+**DEPENDENCY SECURITY** (HIGH if missing):
+Check for presence of:
+- `npm audit` or `yarn audit` in CI pipeline
+- Dependabot/Renovate configuration (.github/dependabot.yml, renovate.json)
+- SBOM generation (cyclonedx, syft)
+- Snyk/Trivy/Grype scanning
+Report as HIGH if NONE of these exist - supply chain risk!
+
+**LOGGING & MONITORING**:
+- Log rotation configured? (maxFiles, maxsize in Winston/Pino)
+- Log retention policy defined?
+- Sensitive data redacted from logs?
+Report as LOW if log rotation missing - disk exhaustion risk.
+
 For EACH finding, output the FULL JSON format.
 
 ---
@@ -577,63 +625,107 @@ Output as list of strings.
 
 ## PHASE 7: BUILD CONSENSUS & GENERATE OUTPUT
 
-1. **Apply Mitigation Results** (from Phase 3):
-   - Remove findings marked as `mitigated` or `false_positive`
-   - Adjust severity for findings marked as `partial`
-   - Add mitigation notes to confirmed findings
+### CRITICAL: Actually Remove False Positives!
 
-2. Calculate confidence: (confirmations / total_validators) * 100
-3. Remove findings with confidence < 50%
-4. Add missed issues from Validator C
-5. Sort: severity DESC, confidence DESC
+The final report should ONLY contain findings that are:
+1. **Confirmed** by mitigation validation (no existing protection found)
+2. **Partial** mitigations (some protection but incomplete)
 
-### Include Mitigation Summary
+**DO NOT INCLUDE** findings that are:
+- `mitigated` - full protection exists elsewhere
+- `false_positive` - not actually a vulnerability
+- Intentional design decisions with documented comments
+- Race conditions protected by atomic operations (Lua, transactions)
 
-For each finding that passed validation, include:
-```json
-{
-  "id": "SEC-001",
-  "mitigationStatus": "confirmed",
-  "mitigationChecks": [
-    "No input validation found between user input and SQL query",
-    "No ORM - raw SQL used",
-    "No middleware protection on this route"
-  ]
-}
-```
+### Step-by-Step Process:
 
-### SAVE OUTPUT AS JSON
+1. **Start with all Phase 1 findings**
+
+2. **Apply Mitigation Validator results (Phase 3):**
+   - `mitigated` → REMOVE from findings, add to `mitigatedFindings` array
+   - `false_positive` → REMOVE from findings, add to `falsePositives` array
+   - `partial` → KEEP but downgrade severity if specified
+   - `confirmed` → KEEP with original severity
+
+3. **Apply Cross-Validator results (Phase 4):**
+   - Additional false positives → REMOVE from findings
+   - Duplicates → Merge into single finding
+
+4. **Calculate final counts AFTER removals:**
+   - Only count findings that remain in the `findings` array
+   - Do NOT count mitigated or false positive findings
+
+5. **Add missed issues from Validator C**
+
+6. **Sort remaining findings:** severity DESC, confidence DESC
+
+### Final JSON Structure
 
 ```json
 {
   "projectName": "project-name",
   "scanDate": "{{SCAN_DATE}}",
   "summary": {
-    "total": 0,
-    "critical": 0,
-    "high": 0,
-    "medium": 0,
-    "low": 0,
-    "info": 0
+    "total": 10,
+    "critical": 1,
+    "high": 3,
+    "medium": 4,
+    "low": 2,
+    "info": 0,
+    "mitigatedCount": 5,
+    "falsePositiveCount": 3
   },
   "findings": [
-    "all findings with full fields including mitigationStatus"
+    "ONLY confirmed and partial findings - NOT mitigated or false positives!"
   ],
   "mitigatedFindings": [
-    {"id": "SEC-005", "reason": "Protected by Zod schema validation", "originalSeverity": "high"}
+    {
+      "id": "SEC-005",
+      "title": "Original finding title",
+      "originalSeverity": "high",
+      "reason": "Protected by Zod schema validation at src/routes/user.ts:23",
+      "mitigationType": "input_validation"
+    }
+  ],
+  "falsePositives": [
+    {
+      "id": "BIZ-004",
+      "title": "TOCTOU Race Condition",
+      "reason": "Redis Lua script provides atomic operation - no race condition possible",
+      "evidence": ["Lua script at src/services/rate-limit.js:95-113"]
+    },
+    {
+      "id": "AUTH-003",
+      "title": "PKCE Code Reuse",
+      "reason": "Intentional design decision documented in code comment",
+      "evidence": ["Comment: 'Allow reuse to prevent double-click race condition'"]
+    }
   ],
   "positiveObservations": [
     "Good pattern 1",
     "Good pattern 2"
   ],
-  "falsePositives": [
-    {"id": "...", "reason": "..."}
-  ],
+  "validationSummary": {
+    "totalInitialFindings": 18,
+    "mitigated": 5,
+    "falsePositives": 3,
+    "confirmed": 8,
+    "partial": 2,
+    "accuracy": "Only 56% of initial findings were actual issues"
+  },
   "agentsUsed": ["Security Core", "Auth & Session", "Mitigation Validator"],
   "scanDuration": 0
 }
 ```
 
+### Sanity Check Before Saving
+
+Before saving, verify:
+1. `findings` array does NOT contain any item from `mitigatedFindings` or `falsePositives`
+2. `summary.total` equals `findings.length`
+3. Severity counts match actual findings in array
+4. No duplicate IDs across findings/mitigated/falsePositives
+
 Save as: .coverme/scan.json
 
 Then generate PDF report:

package/dist/prompts/security-scanner.md

@@ -145,12 +145,21 @@ Before reporting ANY secret/credential finding as critical or high:
    - If file matches .gitignore patterns = NOT exposed in repo
    - Mark as "info" severity, not "critical"
 
-3. **Identify environment context**:
+3. **CRITICAL: Check git HISTORY for secrets!**
+   Even if a file is currently gitignored, it may have been committed in the past:
+   ```bash
+   git log --all --full-history -- "**/secrets*" "**/credentials*" "**/*.env"
+   git log --all -p -S "AWS_SECRET" --source --all
+   ```
+   If the secret was EVER committed, it's CRITICAL - secrets in git history are exposed!
+
+4. **Identify environment context**:
    - `localhost`, `127.0.0.1`, `example.com` = development/example credentials
    - `.env.example`, `*.example.json` = template files, not real secrets
    - Mark these as "info" with note: "Development/example credentials"
 
-4. **Severity mapping for secrets**:
+5. **Severity mapping for secrets**:
+   - In git history (even if now removed) = CRITICAL
    - Tracked in git + real credentials = CRITICAL
    - Tracked in git + example/dev credentials = LOW
    - NOT tracked (gitignored) + real credentials = INFO (local only)
@@ -161,10 +170,62 @@ Always include in finding:
 {
   "gitTracked": true/false,
   "gitignored": true/false,
+  "inGitHistory": true/false,
   "appearsToBeDev": true/false
 }
 ```
 
+## Command Injection: Config Files Are NOT Safe!
+
+**DO NOT assume config file values are safe:**
+```javascript
+// STILL VULNERABLE even though pm2Name comes from config!
+const pm2Name = config.models[modelId].pm2Name;
+execSync(`pm2 start ${pm2Name}`);  // Command injection!
+```
+
+Config files (models.json, config.yaml) are attack vectors if:
+- File can be modified via admin panel/API
+- File permissions allow non-root writes
+- No schema validation on config values
+
+**Only mark as safe if:**
+- Using execFile() with argument array (not string interpolation)
+- Config values validated against strict whitelist/regex
+- Config is hardcoded at build time (not runtime loaded)
+
+## Security Misconfiguration Checks
+
+### Helmet Without Proper CSP
+```javascript
+app.use(helmet());  // Defaults only - NOT sufficient!
+```
+Report as MEDIUM if helmet() is called without:
+- Custom `contentSecurityPolicy` configuration
+- `hsts: { preload: true }` for HTTPS enforcement
+- Proper `referrerPolicy`
+
+### CORS Without Whitelist
+```javascript
+// VULNERABLE - reflects any origin!
+res.header('Access-Control-Allow-Origin', req.headers.origin);
+res.header('Access-Control-Allow-Origin', '*');
+```
+Report as MEDIUM unless there's explicit domain whitelist validation.
+
+### Missing Dependency Security
+Check for absence of:
+- `npm audit` in CI/CD pipeline (.github/workflows, .gitlab-ci.yml)
+- Dependabot/Renovate configuration
+- SBOM generation
+Report as HIGH if none exist - supply chain attacks are critical.
+
+### Missing Log Rotation
+Check Winston/Pino/Bunyan configs for:
+- `maxFiles` or `maxsize` settings
+- Log retention policy
+Report as LOW if missing - can lead to disk exhaustion.
+
 ## Files to Focus On
 
 Priority order:

package/dist/report/generator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../src/report/generator.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAY,MAAM,aAAa,CAAC;AAE1E,UAAU,SAAS;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,UAAU,eAAe;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,UAAU,UAAU;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;IACrC,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,cAAc,EAAE,gBAAgB,EAAE,CAAC;IACnC,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAChC,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7F,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,CAAC,MAAM,GAAG;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,EAAE,CAAC;IAC5E,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IAEnB,wBAAwB,EAAE,MAAM,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;CACzB;AA2BD,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CA0BnF;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAkBnE;AAsZD,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,MAAM,CAuB7E;AAED,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,cAAc,GAAE,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAM,GAChG,OAAO,CAAC,IAAI,CAAC,CA+Ef;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,cAAc,GAAE,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAM,GAChG,OAAO,CAAC,IAAI,CAAC,CA2Df"}
+{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../src/report/generator.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAY,MAAM,aAAa,CAAC;AAE1E,UAAU,SAAS;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,UAAU,eAAe;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,UAAU,UAAU;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;IACrC,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,cAAc,EAAE,gBAAgB,EAAE,CAAC;IACnC,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAChC,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7F,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,CAAC,MAAM,GAAG;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,EAAE,CAAC;IAC5E,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IAEnB,wBAAwB,EAAE,MAAM,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;CACzB;AA2BD,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CA0BnF;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAkBnE;AAsZD,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,MAAM,CAuB7E;AAED,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,cAAc,GAAE,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAM,GAChG,OAAO,CAAC,IAAI,CAAC,CA+Ef;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,cAAc,GAAE,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAM,GAChG,OAAO,CAAC,IAAI,CAAC,CA4Df"}

package/dist/report/generator.js

@@ -564,6 +564,7 @@ async function generateHtmlReport(result, outputPath, falsePositives = []) {
     const templatePath = path.join(__dirname, '..', 'templates', 'report.html');
     const templateHtml = fs.readFileSync(templatePath, 'utf-8');
     const { grade, value } = calculateScore(result);
+    const counts = getSeverityCounts(result.summary);
     const criticalFindings = result.findings.filter(f => f.severity === 'critical');
     const highFindings = result.findings.filter(f => f.severity === 'high');
     const mediumFindings = result.findings.filter(f => f.severity === 'medium');
@@ -582,11 +583,11 @@ async function generateHtmlReport(result, outputPath, falsePositives = []) {
         }),
         scoreGrade: grade,
         scoreValue: value,
-        criticalCount: result.summary?.critical || 0,
-        highCount: result.summary?.high || 0,
-        mediumCount: result.summary?.medium || 0,
-        lowCount: result.summary?.low || 0,
-        infoCount: result.summary?.info || 0,
+        criticalCount: counts.critical,
+        highCount: counts.high,
+        mediumCount: counts.medium,
+        lowCount: counts.low,
+        infoCount: counts.info,
         executiveSummary: generateExecutiveSummary(result),
         criticalFindings,
         highFindings,
@@ -601,7 +602,7 @@ async function generateHtmlReport(result, outputPath, falsePositives = []) {
         positiveCount: result.positiveObservations?.length || 0,
         falsePositives,
         falsePositiveCount: falsePositives.length,
-        lowInfoCount: (result.summary?.low || 0) + (result.summary?.info || 0),
+        lowInfoCount: counts.low + counts.info,
         positiveObservations: result.positiveObservations || [],
         scanDuration: `${Math.round((result.scanDuration || 0) / 1000)}s`,
         agentCount: result.agentCount || result.agentsUsed?.length || 0,

package/dist/report/generator.js.map

@@ -1 +1 @@
-{"version":3,"file":"generator.js","sourceRoot":"","sources":["../../src/report/generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkGA,wCA0BC;AAED,4DAkBC;AAsZD,wCAuBC;AAED,8CAmFC;AAED,gDA+DC;AAntBD,uCAAyB;AACzB,2CAA6B;AAC7B,0DAAkC;AAClC,4DAAoC;AAsEpC,2FAA2F;AAC3F,SAAS,iBAAiB,CAAC,OAAY;IACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC9D,CAAC;IACD,4DAA4D;IAC5D,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC;YAC1C,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YAClC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC;YACtC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;YAChC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;SACnC,CAAC;IACJ,CAAC;IACD,iCAAiC;IACjC,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,CAAC;QAC/B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,CAAC;QAC3B,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;KACxB,CAAC;AACJ,CAAC;AAED,SAAgB,cAAc,CAAC,MAAkB;IAC/C,oDAAoD;IACpD,qBAAqB;IACrB,gBAAgB;IAChB,kBAAkB;IAClB,eAAe;IACf,UAAU;IAEV,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEjD,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,KAAK,IAAI,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;IAC9B,KAAK,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;IACzB,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3B,KAAK,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC;IAExB,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1C,IAAI,KAAa,CAAC;IAClB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SACxB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;;QAC7B,KAAK,GAAG,GAAG,CAAC;IAEjB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,wBAAwB,CAAC,MAAkB;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAEjC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,OAAO,wBAAwB,KAAK,6CAA6C,QAAQ,kBAAkB,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,sCAAsC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,iEAAiE,CAAC,CAAC,CAAC,EAAE,4EAA4E,CAAC;IAC7V,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,OAAO,wBAAwB,KAAK,mBAAmB,IAAI,uBAAuB,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,sKAAsK,CAAC;IAC9Q,CAAC;IAED,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,wBAAwB,KAAK,oNAAoN,CAAC;IAC3P,CAAC;IAED,OAAO,mLAAmL,CAAC;AAC7L,CAAC;AAED,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAkB;IAC1D,IAAI,CAAC,MAAM,CAAC,oBAAoB;QAAE,OAAO,EAAE,CAAC;IAE5C,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,oBAAoB,CAAC;IAEpF,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACnH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU;YAChC,CAAC,CAAC,kCAAkC,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,SAAS;YAChF,CAAC,CAAC,EAAE,CAAC;QAEP,OAAO;;;uCAG4B,IAAI,CAAC,IAAI,KAAK,IAAI;yCAChB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAClD,UAAU;;oCAEc,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC;aACnD,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,UAAU,GAAG,cAAc,EAAE,MAAM;QACvC,CAAC,CAAC;;WAEK,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,wIAAwI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;cAC9M;QACV,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;;;;UAIC,cAAc;;QAEhB,UAAU;WACP,CAAC;AACZ,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAkB;IACjD,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM;QAAE,OAAO,EAAE,CAAC;IAE3C,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACtC,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU;YAC7B,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW;YAC5H,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,SAAS,GAAG,CAAC,CAAC,UAAU;YAC5B,CAAC,CAAC,4BAA4B,UAAU,KAAK,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YAC7E,CAAC,CAAC,GAAG,CAAC;QACR,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,OAAO;;iEAEsD,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;cACnE,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;cACpB,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,UAAU;yCACR,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;cAChD,SAAS;YACX,CAAC;IACX,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO;;;;;;;;;;;;;;YAcG,IAAI;;;WAGL,CAAC;AACZ,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAkB;IACjD,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM;QAAE,OAAO,EAAE,CAAC;IAE3C,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;QACrE,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAC3D,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC/D,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;KACrE,CAAC;IAEF,MAAM,WAAW,GAAG,CAAC,KAAgC,EAAE,KAAa,EAAE,aAAqB,EAAE,SAAiB,EAAE,EAAE;QAChH,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,OAAO,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;;wCAEA,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;2CAChB,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;UACvD,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,qCAAqC,IAAI,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,EAAE;aACzE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtB,OAAO;;;mDAGwC,aAAa,KAAK,KAAK;wCAClC,SAAS;;;YAGrC,SAAS;;aAER,CAAC;IACZ,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG;QACb,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC;QACrE,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC;QACtD,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,CAAC;QAC9D,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC;KACnE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7B,OAAO;;;QAGD,MAAM;WACH,CAAC;AACZ,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B;IACpD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEtD,yBAAyB;IACzB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,OAAO,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEvC,wCAAwC;QACxC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEjG,MAAM,CAAC,IAAI,CAAC;YACV,QAAQ;YACR,OAAO,EAAE,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO;YACvC,QAAQ;YACR,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YACzE,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACjE,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACrE,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACxF,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnB,IAAI,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,aAAa;YAAE,OAAO,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,aAAa,CAAC;QAClF,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC;QAClE,IAAI,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW;YAAE,OAAO,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;QAC1E,OAAO,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,QAA4B;IAC1D,yDAAyD;IACzD,MAAM,YAAY,GAAG,IAAI,GAAG,EAA8B,CAAC;IAE3D,6CAA6C;IAC7C,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAE/H,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;QAEpC,mCAAmC;QACnC,IAAI,SAAS,GAAG,OAAO,CAAC;QAExB,wCAAwC;QACxC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QACvE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,uDAAuD;YACvD,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAErB,0BAA0B;YAC1B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;YAE1D,uBAAuB;YACvB,IAAI,SAAS,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAClD,CAAC;YACD,IAAI,SAAS,KAAK,UAAU,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjD,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;YAC3C,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAClC,CAAC;QACD,YAAY,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,mCAAmC;IACnC,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,aAAa,EAAE,iBAAiB,CAAC,IAAI,YAAY,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAE/D,uBAAuB;QACvB,MAAM,WAAW,GAAG,aAAa;aAC9B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACzD,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEtG,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,GAAG,iBAAiB,CAAC,MAAM,cAAc,aAAa,GAAG;YACtE,OAAO;YACP,aAAa,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC9E,SAAS,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACtE,WAAW,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YAC1E,QAAQ,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC7F,QAAQ,EAAE,iBAAiB;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAC,CAAC,WAAW,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC5F,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAC,CAAC,WAAW,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC5F,OAAO,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uBAAuB;AACvB,MAAM,eAAe,GAAG;IACtB,cAAc;IACd,YAAY;IACZ,aAAa;IACb,iBAAiB;IACjB,YAAY;IACZ,UAAU;IACV,aAAa;IACb,SAAS;IACT,gBAAgB;IAChB,eAAe;IACf,QAAQ;IACR,WAAW;IACX,oBAAoB;IACpB,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,cAAc;IACd,WAAW,EAAG,iCAAiC;IAC/C,YAAY;IACZ,aAAa;IACb,WAAW;CACZ,CAAC;AAEF,4BAA4B;AAC5B,MAAM,iBAAiB,GAAG;IACxB,gBAAgB;IAChB,QAAQ;IACR,OAAO;IACP,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,QAAQ;IACR,WAAW;IACX,eAAe;CAChB,CAAC;AAEF,SAAS,eAAe,CAAC,OAAyB;IAChD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAExD,2BAA2B;IAC3B,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB;IACjB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8CAA8C;IAC9C,MAAM,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,gBAAgB,CAAC,CAAC;IAC9I,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B;IACpD,MAAM,YAAY,GAAuB,EAAE,CAAC;IAC5C,MAAM,cAAc,GAAuB,EAAE,CAAC;IAE9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnG,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,MAAM;YACZ,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YACzE,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACjE,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACrE,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACxF,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,yBAAyB;YACtC,IAAI,EAAE,QAAQ;YACd,aAAa,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC3E,SAAS,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACnE,WAAW,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACvE,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC1F,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,QAA4B,EAAE,QAAgB;IACpE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACtB,IAAI,IAAI,GAAG,QAAQ,CAAC;QACpB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3D,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3D,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACvE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAChE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,yBAAyB,EAAE,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;QAC7E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACrD,wCAAwC;QACxC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,UAAU,CAAE,CAAS,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;QACtE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,UAAU,CAAE,CAAS,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,UAAU,CAAE,CAAS,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,CAAC;QAEtF,4BAA4B;QAC5B,IAAK,CAAS,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAK,CAAS,CAAC,OAAO,EAAE,CAAC;YACvB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAC/E,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,0CAA0C,EAAE,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,IAAK,CAAS,CAAC,WAAW,EAAE,CAAC;YAC3B,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,8CAA8C,EAAE,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAgB,cAAc,CAAC,YAAoB,EAAE,IAAgB;IACnE,8BAA8B;IAC9B,oBAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAM,EAAE,CAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7D,oBAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACjE,oBAAU,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACnE,oBAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACjE,oBAAU,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEnE,8BAA8B;IAC9B,MAAM,QAAQ,GAAG,oBAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAElD,oDAAoD;IACpD,MAAM,oBAAoB,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;QAC/D,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,MAAM,IAAI,GAAG,QAAQ,CAAC;QACpB,GAAG,IAAI;QACP,oBAAoB;KACrB,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,MAAkB,EAClB,UAAkB,EAClB,iBAA+F,EAAE;IAEjG,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAE5D,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAE/F,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE9D,MAAM,IAAI,GAAe;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CAAC,OAAO,EAAE;YAC9D,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,MAAM;YACb,GAAG,EAAE,SAAS;SACf,CAAC;QACF,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,KAAK;QACjB,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,gBAAgB,EAAE,wBAAwB,CAAC,MAAM,CAAC;QAClD,gBAAgB;QAChB,YAAY;QACZ,cAAc;QACd,WAAW;QACX,UAAU;QACV,gBAAgB;QAChB,UAAU;QACV,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC1C,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC9C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC3C,aAAa,EAAE,MAAM,CAAC,oBAAoB,EAAE,MAAM,IAAI,CAAC;QACvD,cAAc;QACd,kBAAkB,EAAE,cAAc,CAAC,MAAM;QACzC,YAAY,EAAE,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI;QACtC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,EAAE;QACvD,YAAY,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG;QACjE,UAAU,EAAG,MAAc,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;QACxE,wBAAwB;QACxB,wBAAwB,EAAE,gCAAgC,CAAC,MAAM,CAAC;QAClE,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;QAChD,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;KACjD,CAAC;IAEF,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAExD,+BAA+B;IAC/B,MAAM,OAAO,GAAG,MAAM,mBAAS,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,CAAC,cAAc,EAAE,0BAA0B,CAAC;KACnD,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IACrC,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC;IAEnE,MAAM,IAAI,CAAC,GAAG,CAAC;QACb,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;QACpE,eAAe,EAAE,IAAI;QACrB,iBAAiB,EAAE,IAAI;KACxB,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IAEtB,OAAO,CAAC,GAAG,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAC;AACrD,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,MAAkB,EAClB,UAAkB,EAClB,iBAA+F,EAAE;IAEjG,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAE5D,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAEhD,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC/F,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE9D,MAAM,IAAI,GAAe;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CAAC,OAAO,EAAE;YAC9D,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,MAAM;YACb,GAAG,EAAE,SAAS;SACf,CAAC;QACF,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,KAAK;QACjB,aAAa,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC;QAC5C,SAAS,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC;QACpC,WAAW,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;QACxC,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;QAClC,SAAS,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC;QACpC,gBAAgB,EAAE,wBAAwB,CAAC,MAAM,CAAC;QAClD,gBAAgB;QAChB,YAAY;QACZ,cAAc;QACd,WAAW;QACX,UAAU;QACV,gBAAgB;QAChB,UAAU;QACV,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC1C,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC9C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC3C,aAAa,EAAE,MAAM,CAAC,oBAAoB,EAAE,MAAM,IAAI,CAAC;QACvD,cAAc;QACd,kBAAkB,EAAE,cAAc,CAAC,MAAM;QACzC,YAAY,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,CAAC;QACtE,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,EAAE;QACvD,YAAY,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG;QACjE,UAAU,EAAG,MAAc,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;QACxE,wBAAwB;QACxB,wBAAwB,EAAE,gCAAgC,CAAC,MAAM,CAAC;QAClE,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;QAChD,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;KACjD,CAAC;IAEF,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAExD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;AACtD,CAAC"}
+{"version":3,"file":"generator.js","sourceRoot":"","sources":["../../src/report/generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkGA,wCA0BC;AAED,4DAkBC;AAsZD,wCAuBC;AAED,8CAmFC;AAED,gDAgEC;AAptBD,uCAAyB;AACzB,2CAA6B;AAC7B,0DAAkC;AAClC,4DAAoC;AAsEpC,2FAA2F;AAC3F,SAAS,iBAAiB,CAAC,OAAY;IACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC9D,CAAC;IACD,4DAA4D;IAC5D,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC;YAC1C,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YAClC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC;YACtC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;YAChC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;SACnC,CAAC;IACJ,CAAC;IACD,iCAAiC;IACjC,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,CAAC;QAC/B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,CAAC;QAC3B,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;KACxB,CAAC;AACJ,CAAC;AAED,SAAgB,cAAc,CAAC,MAAkB;IAC/C,oDAAoD;IACpD,qBAAqB;IACrB,gBAAgB;IAChB,kBAAkB;IAClB,eAAe;IACf,UAAU;IAEV,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEjD,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,KAAK,IAAI,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;IAC9B,KAAK,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;IACzB,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3B,KAAK,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC;IAExB,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1C,IAAI,KAAa,CAAC;IAClB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SACxB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;;QAC7B,KAAK,GAAG,GAAG,CAAC;IAEjB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,wBAAwB,CAAC,MAAkB;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAEjC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,OAAO,wBAAwB,KAAK,6CAA6C,QAAQ,kBAAkB,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,sCAAsC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,iEAAiE,CAAC,CAAC,CAAC,EAAE,4EAA4E,CAAC;IAC7V,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,OAAO,wBAAwB,KAAK,mBAAmB,IAAI,uBAAuB,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,sKAAsK,CAAC;IAC9Q,CAAC;IAED,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,wBAAwB,KAAK,oNAAoN,CAAC;IAC3P,CAAC;IAED,OAAO,mLAAmL,CAAC;AAC7L,CAAC;AAED,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAkB;IAC1D,IAAI,CAAC,MAAM,CAAC,oBAAoB;QAAE,OAAO,EAAE,CAAC;IAE5C,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,oBAAoB,CAAC;IAEpF,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACnH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU;YAChC,CAAC,CAAC,kCAAkC,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,SAAS;YAChF,CAAC,CAAC,EAAE,CAAC;QAEP,OAAO;;;uCAG4B,IAAI,CAAC,IAAI,KAAK,IAAI;yCAChB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAClD,UAAU;;oCAEc,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC;aACnD,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,UAAU,GAAG,cAAc,EAAE,MAAM;QACvC,CAAC,CAAC;;WAEK,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,wIAAwI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;cAC9M;QACV,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;;;;UAIC,cAAc;;QAEhB,UAAU;WACP,CAAC;AACZ,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAkB;IACjD,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM;QAAE,OAAO,EAAE,CAAC;IAE3C,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACtC,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU;YAC7B,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW;YAC5H,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,SAAS,GAAG,CAAC,CAAC,UAAU;YAC5B,CAAC,CAAC,4BAA4B,UAAU,KAAK,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YAC7E,CAAC,CAAC,GAAG,CAAC;QACR,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,OAAO;;iEAEsD,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;cACnE,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;cACpB,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,UAAU;yCACR,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;cAChD,SAAS;YACX,CAAC;IACX,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO;;;;;;;;;;;;;;YAcG,IAAI;;;WAGL,CAAC;AACZ,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAkB;IACjD,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM;QAAE,OAAO,EAAE,CAAC;IAE3C,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;QACrE,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAC3D,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC/D,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;KACrE,CAAC;IAEF,MAAM,WAAW,GAAG,CAAC,KAAgC,EAAE,KAAa,EAAE,aAAqB,EAAE,SAAiB,EAAE,EAAE;QAChH,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,OAAO,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;;wCAEA,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;2CAChB,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;UACvD,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,qCAAqC,IAAI,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,EAAE;aACzE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtB,OAAO;;;mDAGwC,aAAa,KAAK,KAAK;wCAClC,SAAS;;;YAGrC,SAAS;;aAER,CAAC;IACZ,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG;QACb,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC;QACrE,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC;QACtD,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,CAAC;QAC9D,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC;KACnE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7B,OAAO;;;QAGD,MAAM;WACH,CAAC;AACZ,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B;IACpD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEtD,yBAAyB;IACzB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,OAAO,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEvC,wCAAwC;QACxC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEjG,MAAM,CAAC,IAAI,CAAC;YACV,QAAQ;YACR,OAAO,EAAE,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO;YACvC,QAAQ;YACR,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YACzE,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACjE,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACrE,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACxF,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnB,IAAI,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,aAAa;YAAE,OAAO,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,aAAa,CAAC;QAClF,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC;QAClE,IAAI,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW;YAAE,OAAO,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;QAC1E,OAAO,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,QAA4B;IAC1D,yDAAyD;IACzD,MAAM,YAAY,GAAG,IAAI,GAAG,EAA8B,CAAC;IAE3D,6CAA6C;IAC7C,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAE/H,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;QAEpC,mCAAmC;QACnC,IAAI,SAAS,GAAG,OAAO,CAAC;QAExB,wCAAwC;QACxC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QACvE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,uDAAuD;YACvD,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAErB,0BAA0B;YAC1B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;YAE1D,uBAAuB;YACvB,IAAI,SAAS,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAClD,CAAC;YACD,IAAI,SAAS,KAAK,UAAU,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjD,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;YAC3C,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAClC,CAAC;QACD,YAAY,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,mCAAmC;IACnC,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,aAAa,EAAE,iBAAiB,CAAC,IAAI,YAAY,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAE/D,uBAAuB;QACvB,MAAM,WAAW,GAAG,aAAa;aAC9B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACzD,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEtG,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,GAAG,iBAAiB,CAAC,MAAM,cAAc,aAAa,GAAG;YACtE,OAAO;YACP,aAAa,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC9E,SAAS,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACtE,WAAW,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YAC1E,QAAQ,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC7F,QAAQ,EAAE,iBAAiB;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAC,CAAC,WAAW,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC5F,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAC,CAAC,WAAW,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC5F,OAAO,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uBAAuB;AACvB,MAAM,eAAe,GAAG;IACtB,cAAc;IACd,YAAY;IACZ,aAAa;IACb,iBAAiB;IACjB,YAAY;IACZ,UAAU;IACV,aAAa;IACb,SAAS;IACT,gBAAgB;IAChB,eAAe;IACf,QAAQ;IACR,WAAW;IACX,oBAAoB;IACpB,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,cAAc;IACd,WAAW,EAAG,iCAAiC;IAC/C,YAAY;IACZ,aAAa;IACb,WAAW;CACZ,CAAC;AAEF,4BAA4B;AAC5B,MAAM,iBAAiB,GAAG;IACxB,gBAAgB;IAChB,QAAQ;IACR,OAAO;IACP,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,QAAQ;IACR,WAAW;IACX,eAAe;CAChB,CAAC;AAEF,SAAS,eAAe,CAAC,OAAyB;IAChD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAExD,2BAA2B;IAC3B,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB;IACjB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8CAA8C;IAC9C,MAAM,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,gBAAgB,CAAC,CAAC;IAC9I,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B;IACpD,MAAM,YAAY,GAAuB,EAAE,CAAC;IAC5C,MAAM,cAAc,GAAuB,EAAE,CAAC;IAE9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnG,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,MAAM;YACZ,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YACzE,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACjE,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACrE,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACxF,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,yBAAyB;YACtC,IAAI,EAAE,QAAQ;YACd,aAAa,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC3E,SAAS,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACnE,WAAW,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACvE,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC1F,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,QAA4B,EAAE,QAAgB;IACpE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACtB,IAAI,IAAI,GAAG,QAAQ,CAAC;QACpB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3D,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3D,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACvE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAChE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,yBAAyB,EAAE,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;QAC7E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACrD,wCAAwC;QACxC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,UAAU,CAAE,CAAS,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;QACtE,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,UAAU,CAAE,CAAS,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,UAAU,CAAE,CAAS,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,CAAC;QAEtF,4BAA4B;QAC5B,IAAK,CAAS,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAK,CAAS,CAAC,OAAO,EAAE,CAAC;YACvB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAC/E,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,0CAA0C,EAAE,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,IAAK,CAAS,CAAC,WAAW,EAAE,CAAC;YAC3B,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,8CAA8C,EAAE,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAgB,cAAc,CAAC,YAAoB,EAAE,IAAgB;IACnE,8BAA8B;IAC9B,oBAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAM,EAAE,CAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7D,oBAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACjE,oBAAU,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACnE,oBAAU,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACjE,oBAAU,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEnE,8BAA8B;IAC9B,MAAM,QAAQ,GAAG,oBAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAElD,oDAAoD;IACpD,MAAM,oBAAoB,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;QAC/D,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,MAAM,IAAI,GAAG,QAAQ,CAAC;QACpB,GAAG,IAAI;QACP,oBAAoB;KACrB,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,MAAkB,EAClB,UAAkB,EAClB,iBAA+F,EAAE;IAEjG,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAE5D,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAE/F,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE9D,MAAM,IAAI,GAAe;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CAAC,OAAO,EAAE;YAC9D,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,MAAM;YACb,GAAG,EAAE,SAAS;SACf,CAAC;QACF,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,KAAK;QACjB,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,gBAAgB,EAAE,wBAAwB,CAAC,MAAM,CAAC;QAClD,gBAAgB;QAChB,YAAY;QACZ,cAAc;QACd,WAAW;QACX,UAAU;QACV,gBAAgB;QAChB,UAAU;QACV,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC1C,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC9C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC3C,aAAa,EAAE,MAAM,CAAC,oBAAoB,EAAE,MAAM,IAAI,CAAC;QACvD,cAAc;QACd,kBAAkB,EAAE,cAAc,CAAC,MAAM;QACzC,YAAY,EAAE,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI;QACtC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,EAAE;QACvD,YAAY,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG;QACjE,UAAU,EAAG,MAAc,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;QACxE,wBAAwB;QACxB,wBAAwB,EAAE,gCAAgC,CAAC,MAAM,CAAC;QAClE,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;QAChD,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;KACjD,CAAC;IAEF,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAExD,+BAA+B;IAC/B,MAAM,OAAO,GAAG,MAAM,mBAAS,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,CAAC,cAAc,EAAE,0BAA0B,CAAC;KACnD,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IACrC,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC;IAEnE,MAAM,IAAI,CAAC,GAAG,CAAC;QACb,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;QACpE,eAAe,EAAE,IAAI;QACrB,iBAAiB,EAAE,IAAI;KACxB,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IAEtB,OAAO,CAAC,GAAG,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAC;AACrD,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,MAAkB,EAClB,UAAkB,EAClB,iBAA+F,EAAE;IAEjG,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAE5D,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC/F,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE9D,MAAM,IAAI,GAAe;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CAAC,OAAO,EAAE;YAC9D,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,MAAM;YACb,GAAG,EAAE,SAAS;SACf,CAAC;QACF,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,KAAK;QACjB,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,gBAAgB,EAAE,wBAAwB,CAAC,MAAM,CAAC;QAClD,gBAAgB;QAChB,YAAY;QACZ,cAAc;QACd,WAAW;QACX,UAAU;QACV,gBAAgB;QAChB,UAAU;QACV,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC1C,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;QAC9C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC3C,aAAa,EAAE,MAAM,CAAC,oBAAoB,EAAE,MAAM,IAAI,CAAC;QACvD,cAAc;QACd,kBAAkB,EAAE,cAAc,CAAC,MAAM;QACzC,YAAY,EAAE,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI;QACtC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,EAAE;QACvD,YAAY,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG;QACjE,UAAU,EAAG,MAAc,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;QACxE,wBAAwB;QACxB,wBAAwB,EAAE,gCAAgC,CAAC,MAAM,CAAC;QAClE,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;QAChD,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;KACjD,CAAC;IAEF,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAExD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;AACtD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coverme-scanner",
-  "version": "1.0.18",
+  "version": "1.0.20",
   "description": "AI-powered code scanner with multi-agent verification for Claude Code. One command scans everything.",
   "main": "dist/index.js",
   "bin": {

package/src/prompts/cross-validator.md

@@ -223,4 +223,48 @@ Focus: Find what was MISSED
 - Don't ignore context from CLAUDE.md
 - Don't miss the forest for the trees
 
+## CRITICAL: Things That Are NOT False Positives
+
+### Command Injection from Config Files
+**DO NOT dismiss as false positive!**
+```javascript
+execSync(`pm2 start ${configValue}`)  // STILL VULNERABLE!
+```
+Even if the value comes from a config file (models.json, config.yaml), if that file is:
+- Writable by users (admin panel, API)
+- Not validated against a strict schema
+- Could be modified by an attacker with file access
+
+Then it IS a real command injection. The attack vector is just indirect.
+
+**Only dismiss if:**
+- Config file is hardcoded at build time (not runtime loaded)
+- Config values are validated against strict regex/enum
+- execFile() is used instead of execSync() with proper argument array
+
+### Secrets in Git History
+**DO NOT dismiss just because file is now gitignored!**
+If a secret file was EVER committed, it may still be in git history.
+```bash
+git log --all --full-history -- "**/secrets*" "**/credentials*" "**/*.env"
+```
+If this returns results, the secret is STILL EXPOSED even if currently gitignored.
+
+### CORS Without Whitelist
+**DO NOT dismiss as "internal only"!**
+```javascript
+res.header('Access-Control-Allow-Origin', req.headers.origin);  // VULNERABLE
+```
+This reflects ANY origin. Even if the server is "internal", browser-based attacks can still:
+- Steal data via malicious website
+- Perform CSRF-like attacks
+- Exfiltrate to attacker-controlled domains
+
+### Missing Security Configuration
+**These are real findings, not false positives:**
+- `helmet()` without custom CSP configuration
+- Missing `npm audit` in CI pipeline
+- No Dependabot/Renovate for dependency updates
+- Logs without rotation/retention policy
+
 START VALIDATION NOW. Be critical but fair.

package/src/prompts/mitigation-validator.md

@@ -178,6 +178,74 @@ The finding is incorrect:
 3. Is it localhost/development credentials only?
 4. Is there environment variable loading that overrides?
 
+### Race Condition / TOCTOU Findings (CRITICAL - Often False Positives)
+**Check for atomic operations that FULLY mitigate the race:**
+
+1. **Redis Lua Scripts** = FULL MITIGATION
+   - `redis.call()` inside Lua script is atomic
+   - SETNX, GETSET, INCR are atomic
+   - Look for: `eval`, `evalsha`, `script load`
+   ```javascript
+   // This is ATOMIC - no race condition!
+   redis.eval(`
+     local current = redis.call('GET', key)
+     if current < limit then
+       redis.call('INCR', key)
+       return 1
+     end
+     return 0
+   `)
+   ```
+
+2. **Database Transactions** = FULL MITIGATION
+   - `BEGIN...COMMIT` with proper isolation
+   - `SELECT FOR UPDATE` locks rows
+   - Prisma `$transaction()`, TypeORM `transaction()`
+   - Look for: `transaction`, `FOR UPDATE`, `SERIALIZABLE`
+
+3. **Atomic Compare-and-Swap** = FULL MITIGATION
+   - `WATCH/MULTI/EXEC` in Redis
+   - `findOneAndUpdate` with conditions in MongoDB
+   - `UPDATE ... WHERE version = ?` (optimistic locking)
+
+4. **Mutex/Locking** = FULL MITIGATION
+   - `redis-lock`, `redlock`
+   - Database advisory locks
+   - File locks (flock)
+
+**If ANY of these patterns exist, mark as MITIGATED, not "partial"!**
+
+### Intentional Design Decisions (Check Comments!)
+**Before reporting, check if there are comments explaining WHY:**
+
+1. **Search for explanatory comments near the code:**
+   ```
+   grep -B5 -A5 "intentional|by design|deliberately|on purpose|security note" <file>
+   ```
+
+2. **Common patterns that are INTENTIONAL:**
+   - PKCE code reuse to prevent double-click race conditions
+   - Longer token expiry for better UX (with other mitigations)
+   - Allowing certain "unsafe" operations for admin users
+   - Development-only bypasses with environment checks
+
+3. **If comment explains the decision:**
+   ```json
+   {
+     "verdict": "false_positive",
+     "reason": "Intentional design decision documented in code",
+     "evidence": ["Comment at line 45: 'Intentionally allow reuse to prevent double-submit'"]
+   }
+   ```
+
+### Open Redirect Findings
+1. **Check for whitelist validation:**
+   ```
+   grep -r "isValidRedirect|allowedDomains|whitelist|validateUrl" <file>
+   ```
+2. If whitelist exists and covers the redirect parameter = MITIGATED
+3. Check if validation function is actually called before redirect
+
 ## Output Format
 
 ```json

package/src/prompts/orchestration.md

@@ -158,6 +158,32 @@ CHECK FOR:
 - API versioning issues
 - Excessive data exposure in responses
 
+**CORS MISCONFIGURATION** (MEDIUM):
+Look for these vulnerable patterns:
+```javascript
+// VULNERABLE - reflects ANY origin
+res.header('Access-Control-Allow-Origin', req.headers.origin);
+res.header('Access-Control-Allow-Origin', '*');
+
+// VULNERABLE - no whitelist validation
+app.use(cors({ origin: true }));
+```
+Only mark as safe if there's explicit whitelist validation:
+```javascript
+const allowedOrigins = ['https://app.example.com'];
+if (allowedOrigins.includes(origin)) { ... }
+```
+
+**HELMET MISCONFIGURATION** (MEDIUM):
+```javascript
+app.use(helmet());  // Using defaults only - INSUFFICIENT!
+```
+Check that helmet() includes:
+- Custom `contentSecurityPolicy` with proper directives
+- `hsts: { maxAge: 31536000, includeSubDomains: true, preload: true }`
+- Proper `referrerPolicy`
+Report as MEDIUM if using only defaults without customization.
+
 **FAIL-OPEN vs FAIL-CLOSED PATTERNS** (CRITICAL):
 - IP whitelist empty/missing = allow all (should deny all)
 - Auth middleware errors = request passes through (should block)
@@ -207,6 +233,14 @@ CHECK FOR:
 - Ansible vault passwords in plaintext
 - CI/CD pipeline secrets in yaml files (.github/workflows, .gitlab-ci.yml)
 
+**SECRETS IN GIT HISTORY** (CRITICAL CHECK!):
+Run these commands to check if secrets were EVER committed:
+```bash
+git log --all --full-history -- "**/secrets*" "**/credentials*" "**/*.env"
+git log --all -p -S "AWS_SECRET" -S "PRIVATE_KEY" --source
+```
+If secrets appear in history, they are EXPOSED even if now gitignored!
+
 **PRIVILEGE ESCALATION RISKS**:
 - Containers/processes running as root
 - Missing securityContext in K8s (runAsNonRoot, readOnlyRootFilesystem)
@@ -220,6 +254,20 @@ CHECK FOR:
 - Missing config = silent fallback to insecure defaults
 - No validation of secret strength/format at startup
 
+**DEPENDENCY SECURITY** (HIGH if missing):
+Check for presence of:
+- `npm audit` or `yarn audit` in CI pipeline
+- Dependabot/Renovate configuration (.github/dependabot.yml, renovate.json)
+- SBOM generation (cyclonedx, syft)
+- Snyk/Trivy/Grype scanning
+Report as HIGH if NONE of these exist - supply chain risk!
+
+**LOGGING & MONITORING**:
+- Log rotation configured? (maxFiles, maxsize in Winston/Pino)
+- Log retention policy defined?
+- Sensitive data redacted from logs?
+Report as LOW if log rotation missing - disk exhaustion risk.
+
 For EACH finding, output the FULL JSON format.
 
 ---
@@ -577,63 +625,107 @@ Output as list of strings.
 
 ## PHASE 7: BUILD CONSENSUS & GENERATE OUTPUT
 
-1. **Apply Mitigation Results** (from Phase 3):
-   - Remove findings marked as `mitigated` or `false_positive`
-   - Adjust severity for findings marked as `partial`
-   - Add mitigation notes to confirmed findings
+### CRITICAL: Actually Remove False Positives!
 
-2. Calculate confidence: (confirmations / total_validators) * 100
-3. Remove findings with confidence < 50%
-4. Add missed issues from Validator C
-5. Sort: severity DESC, confidence DESC
+The final report should ONLY contain findings that are:
+1. **Confirmed** by mitigation validation (no existing protection found)
+2. **Partial** mitigations (some protection but incomplete)
 
-### Include Mitigation Summary
+**DO NOT INCLUDE** findings that are:
+- `mitigated` - full protection exists elsewhere
+- `false_positive` - not actually a vulnerability
+- Intentional design decisions with documented comments
+- Race conditions protected by atomic operations (Lua, transactions)
 
-For each finding that passed validation, include:
-```json
-{
-  "id": "SEC-001",
-  "mitigationStatus": "confirmed",
-  "mitigationChecks": [
-    "No input validation found between user input and SQL query",
-    "No ORM - raw SQL used",
-    "No middleware protection on this route"
-  ]
-}
-```
+### Step-by-Step Process:
 
-### SAVE OUTPUT AS JSON
+1. **Start with all Phase 1 findings**
+
+2. **Apply Mitigation Validator results (Phase 3):**
+   - `mitigated` → REMOVE from findings, add to `mitigatedFindings` array
+   - `false_positive` → REMOVE from findings, add to `falsePositives` array
+   - `partial` → KEEP but downgrade severity if specified
+   - `confirmed` → KEEP with original severity
+
+3. **Apply Cross-Validator results (Phase 4):**
+   - Additional false positives → REMOVE from findings
+   - Duplicates → Merge into single finding
+
+4. **Calculate final counts AFTER removals:**
+   - Only count findings that remain in the `findings` array
+   - Do NOT count mitigated or false positive findings
+
+5. **Add missed issues from Validator C**
+
+6. **Sort remaining findings:** severity DESC, confidence DESC
+
+### Final JSON Structure
 
 ```json
 {
   "projectName": "project-name",
   "scanDate": "{{SCAN_DATE}}",
   "summary": {
-    "total": 0,
-    "critical": 0,
-    "high": 0,
-    "medium": 0,
-    "low": 0,
-    "info": 0
+    "total": 10,
+    "critical": 1,
+    "high": 3,
+    "medium": 4,
+    "low": 2,
+    "info": 0,
+    "mitigatedCount": 5,
+    "falsePositiveCount": 3
   },
   "findings": [
-    "all findings with full fields including mitigationStatus"
+    "ONLY confirmed and partial findings - NOT mitigated or false positives!"
   ],
   "mitigatedFindings": [
-    {"id": "SEC-005", "reason": "Protected by Zod schema validation", "originalSeverity": "high"}
+    {
+      "id": "SEC-005",
+      "title": "Original finding title",
+      "originalSeverity": "high",
+      "reason": "Protected by Zod schema validation at src/routes/user.ts:23",
+      "mitigationType": "input_validation"
+    }
+  ],
+  "falsePositives": [
+    {
+      "id": "BIZ-004",
+      "title": "TOCTOU Race Condition",
+      "reason": "Redis Lua script provides atomic operation - no race condition possible",
+      "evidence": ["Lua script at src/services/rate-limit.js:95-113"]
+    },
+    {
+      "id": "AUTH-003",
+      "title": "PKCE Code Reuse",
+      "reason": "Intentional design decision documented in code comment",
+      "evidence": ["Comment: 'Allow reuse to prevent double-click race condition'"]
+    }
   ],
   "positiveObservations": [
     "Good pattern 1",
     "Good pattern 2"
   ],
-  "falsePositives": [
-    {"id": "...", "reason": "..."}
-  ],
+  "validationSummary": {
+    "totalInitialFindings": 18,
+    "mitigated": 5,
+    "falsePositives": 3,
+    "confirmed": 8,
+    "partial": 2,
+    "accuracy": "Only 56% of initial findings were actual issues"
+  },
   "agentsUsed": ["Security Core", "Auth & Session", "Mitigation Validator"],
   "scanDuration": 0
 }
 ```
 
+### Sanity Check Before Saving
+
+Before saving, verify:
+1. `findings` array does NOT contain any item from `mitigatedFindings` or `falsePositives`
+2. `summary.total` equals `findings.length`
+3. Severity counts match actual findings in array
+4. No duplicate IDs across findings/mitigated/falsePositives
+
 Save as: .coverme/scan.json
 
 Then generate PDF report:

package/src/prompts/security-scanner.md

@@ -145,12 +145,21 @@ Before reporting ANY secret/credential finding as critical or high:
    - If file matches .gitignore patterns = NOT exposed in repo
    - Mark as "info" severity, not "critical"
 
-3. **Identify environment context**:
+3. **CRITICAL: Check git HISTORY for secrets!**
+   Even if a file is currently gitignored, it may have been committed in the past:
+   ```bash
+   git log --all --full-history -- "**/secrets*" "**/credentials*" "**/*.env"
+   git log --all -p -S "AWS_SECRET" --source --all
+   ```
+   If the secret was EVER committed, it's CRITICAL - secrets in git history are exposed!
+
+4. **Identify environment context**:
    - `localhost`, `127.0.0.1`, `example.com` = development/example credentials
    - `.env.example`, `*.example.json` = template files, not real secrets
    - Mark these as "info" with note: "Development/example credentials"
 
-4. **Severity mapping for secrets**:
+5. **Severity mapping for secrets**:
+   - In git history (even if now removed) = CRITICAL
    - Tracked in git + real credentials = CRITICAL
    - Tracked in git + example/dev credentials = LOW
    - NOT tracked (gitignored) + real credentials = INFO (local only)
@@ -161,10 +170,62 @@ Always include in finding:
 {
   "gitTracked": true/false,
   "gitignored": true/false,
+  "inGitHistory": true/false,
   "appearsToBeDev": true/false
 }
 ```
 
+## Command Injection: Config Files Are NOT Safe!
+
+**DO NOT assume config file values are safe:**
+```javascript
+// STILL VULNERABLE even though pm2Name comes from config!
+const pm2Name = config.models[modelId].pm2Name;
+execSync(`pm2 start ${pm2Name}`);  // Command injection!
+```
+
+Config files (models.json, config.yaml) are attack vectors if:
+- File can be modified via admin panel/API
+- File permissions allow non-root writes
+- No schema validation on config values
+
+**Only mark as safe if:**
+- Using execFile() with argument array (not string interpolation)
+- Config values validated against strict whitelist/regex
+- Config is hardcoded at build time (not runtime loaded)
+
+## Security Misconfiguration Checks
+
+### Helmet Without Proper CSP
+```javascript
+app.use(helmet());  // Defaults only - NOT sufficient!
+```
+Report as MEDIUM if helmet() is called without:
+- Custom `contentSecurityPolicy` configuration
+- `hsts: { preload: true }` for HTTPS enforcement
+- Proper `referrerPolicy`
+
+### CORS Without Whitelist
+```javascript
+// VULNERABLE - reflects any origin!
+res.header('Access-Control-Allow-Origin', req.headers.origin);
+res.header('Access-Control-Allow-Origin', '*');
+```
+Report as MEDIUM unless there's explicit domain whitelist validation.
+
+### Missing Dependency Security
+Check for absence of:
+- `npm audit` in CI/CD pipeline (.github/workflows, .gitlab-ci.yml)
+- Dependabot/Renovate configuration
+- SBOM generation
+Report as HIGH if none exist - supply chain attacks are critical.
+
+### Missing Log Rotation
+Check Winston/Pino/Bunyan configs for:
+- `maxFiles` or `maxsize` settings
+- Log retention policy
+Report as LOW if missing - can lead to disk exhaustion.
+
 ## Files to Focus On
 
 Priority order:

package/src/report/generator.ts

@@ -667,6 +667,7 @@ export async function generateHtmlReport(
   const templateHtml = fs.readFileSync(templatePath, 'utf-8');
 
   const { grade, value } = calculateScore(result);
+  const counts = getSeverityCounts(result.summary);
 
   const criticalFindings = result.findings.filter(f => f.severity === 'critical');
   const highFindings = result.findings.filter(f => f.severity === 'high');
@@ -688,11 +689,11 @@ export async function generateHtmlReport(
     }),
     scoreGrade: grade,
     scoreValue: value,
-    criticalCount: result.summary?.critical || 0,
-    highCount: result.summary?.high || 0,
-    mediumCount: result.summary?.medium || 0,
-    lowCount: result.summary?.low || 0,
-    infoCount: result.summary?.info || 0,
+    criticalCount: counts.critical,
+    highCount: counts.high,
+    mediumCount: counts.medium,
+    lowCount: counts.low,
+    infoCount: counts.info,
     executiveSummary: generateExecutiveSummary(result),
     criticalFindings,
     highFindings,
@@ -707,7 +708,7 @@ export async function generateHtmlReport(
     positiveCount: result.positiveObservations?.length || 0,
     falsePositives,
     falsePositiveCount: falsePositives.length,
-    lowInfoCount: (result.summary?.low || 0) + (result.summary?.info || 0),
+    lowInfoCount: counts.low + counts.info,
     positiveObservations: result.positiveObservations || [],
     scanDuration: `${Math.round((result.scanDuration || 0) / 1000)}s`,
     agentCount: (result as any).agentCount || result.agentsUsed?.length || 0,