defense-mcp-server 0.6.0

package/build/core/tool-dependencies.js

@@ -0,0 +1,571 @@
+/**
+ * Tool-to-dependency mapping for Defense MCP Server.
+ *
+ * Maps each registered MCP tool name to the system binaries it requires.
+ * Used by the dependency validator to ensure all required tools are
+ * installed before execution — either at server startup or on-demand.
+ *
+ * After the v0.5.0 tool consolidation (157 → 78 tools), extended to 94
+ * tools across 32 modules in v0.6.0. Each entry represents a consolidated
+ * tool whose dependencies are the UNION of all the individual tools it
+ * absorbed.  Action-specific binaries are listed as `optionalBinaries`
+ * because the tool handles missing ones gracefully based on which `action`
+ * the caller selects.
+ */
+import { DEFENSIVE_TOOLS } from "./installer.js";
+// ── Binary → ToolRequirement lookup ──────────────────────────────────────────
+/**
+ * Quick lookup from binary name to its ToolRequirement definition.
+ * Used to resolve package names for installation.
+ */
+const binaryToToolReq = new Map();
+for (const tool of DEFENSIVE_TOOLS) {
+    binaryToToolReq.set(tool.binary, tool);
+}
+/**
+ * Returns the ToolRequirement for a given binary name, if known.
+ */
+export function getToolRequirementForBinary(binary) {
+    return binaryToToolReq.get(binary);
+}
+// ── Tool Dependency Registry ─────────────────────────────────────────────────
+/**
+ * Complete mapping of MCP tool names to their system binary dependencies.
+ *
+ * 78 consolidated tools across 21 modules.  Each entry specifies:
+ * - requiredBinaries: must be present for the tool to work at all
+ * - optionalBinaries: enhance functionality but aren't strictly needed
+ * - critical: if true, missing deps trigger a startup warning
+ */
+export const TOOL_DEPENDENCIES = [
+    // ── Firewall Tools (5) ────────────────────────────────────────────────────
+    {
+        toolName: "firewall_iptables",
+        requiredBinaries: ["iptables"],
+        optionalBinaries: ["ip6tables"],
+        critical: true,
+    },
+    {
+        toolName: "firewall_ufw",
+        requiredBinaries: ["ufw"],
+    },
+    {
+        toolName: "firewall_persist",
+        requiredBinaries: [],
+        optionalBinaries: ["iptables-save", "iptables-restore", "ip6tables-save", "ip6tables-restore", "netfilter-persistent"],
+    },
+    {
+        toolName: "firewall_nftables_list",
+        requiredBinaries: ["nft"],
+    },
+    {
+        toolName: "firewall_policy_audit",
+        requiredBinaries: ["iptables"],
+    },
+    // ── Hardening Tools (8) ───────────────────────────────────────────────────
+    {
+        toolName: "harden_sysctl",
+        requiredBinaries: ["sysctl"],
+        critical: true,
+    },
+    {
+        toolName: "harden_service",
+        requiredBinaries: ["systemctl"],
+        critical: true,
+    },
+    {
+        toolName: "harden_permissions",
+        requiredBinaries: ["stat"],
+        optionalBinaries: ["chmod", "chown", "chgrp"],
+    },
+    {
+        toolName: "harden_systemd",
+        requiredBinaries: [],
+        optionalBinaries: ["systemd-analyze", "systemctl"],
+    },
+    {
+        toolName: "harden_kernel",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["lsmod", "modprobe", "sysctl"],
+    },
+    {
+        toolName: "harden_bootloader",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["update-grub"],
+    },
+    {
+        toolName: "harden_misc",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["tee"],
+    },
+    {
+        toolName: "harden_memory",
+        requiredBinaries: [],
+        optionalBinaries: ["readelf", "checksec", "sysctl"],
+    },
+    // ── IDS Tools (3) ─────────────────────────────────────────────────────────
+    {
+        toolName: "ids_aide_manage",
+        requiredBinaries: ["aide"],
+        critical: true,
+    },
+    {
+        toolName: "ids_rootkit_scan",
+        requiredBinaries: [],
+        optionalBinaries: ["rkhunter", "chkrootkit"],
+        critical: true,
+    },
+    {
+        toolName: "ids_file_integrity_check",
+        requiredBinaries: ["sha256sum"],
+    },
+    // ── Logging Tools (4) ─────────────────────────────────────────────────────
+    {
+        toolName: "log_auditd",
+        requiredBinaries: [],
+        optionalBinaries: ["auditctl", "ausearch", "aureport"],
+        critical: true,
+    },
+    {
+        toolName: "log_journalctl_query",
+        requiredBinaries: ["journalctl"],
+        critical: true,
+    },
+    {
+        toolName: "log_fail2ban",
+        requiredBinaries: ["fail2ban-client"],
+    },
+    {
+        toolName: "log_system",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["logrotate"],
+    },
+    // ── Network Defense Tools (3) ─────────────────────────────────────────────
+    {
+        toolName: "netdef_connections",
+        requiredBinaries: ["ss"],
+        critical: true,
+    },
+    {
+        toolName: "netdef_capture",
+        requiredBinaries: ["tcpdump"],
+    },
+    {
+        toolName: "netdef_security_audit",
+        requiredBinaries: [],
+        optionalBinaries: ["cat", "nmap", "sysctl", "ip6tables"],
+    },
+    // ── Compliance Tools (7) ──────────────────────────────────────────────────
+    {
+        toolName: "compliance_lynis_audit",
+        requiredBinaries: ["lynis"],
+        critical: true,
+    },
+    {
+        toolName: "compliance_oscap_scan",
+        requiredBinaries: ["oscap"],
+    },
+    {
+        toolName: "compliance_check",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["lynis", "oscap"],
+    },
+    {
+        toolName: "compliance_policy_evaluate",
+        requiredBinaries: ["cat"],
+    },
+    {
+        toolName: "compliance_report",
+        requiredBinaries: [],
+        optionalBinaries: ["lynis"],
+    },
+    {
+        toolName: "compliance_cron_restrict",
+        requiredBinaries: ["cat"],
+    },
+    {
+        toolName: "compliance_tmp_hardening",
+        requiredBinaries: ["mount"],
+    },
+    // ── Malware Tools (4) ─────────────────────────────────────────────────────
+    {
+        toolName: "malware_clamav",
+        requiredBinaries: [],
+        optionalBinaries: ["clamscan", "freshclam"],
+        critical: true,
+    },
+    {
+        toolName: "malware_yara_scan",
+        requiredBinaries: ["yara"],
+    },
+    {
+        toolName: "malware_file_scan",
+        requiredBinaries: [],
+        optionalBinaries: ["find", "grep"],
+    },
+    {
+        toolName: "malware_quarantine_manage",
+        requiredBinaries: ["cat"],
+    },
+    // ── Backup Tools (1) ──────────────────────────────────────────────────────
+    {
+        toolName: "backup",
+        requiredBinaries: [],
+        optionalBinaries: ["cp", "cat", "sha256sum", "ls", "dpkg", "systemctl", "iptables-save", "ss"],
+    },
+    // ── Access Control Tools (6) ──────────────────────────────────────────────
+    {
+        toolName: "access_ssh",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["systemctl", "sshd"],
+        critical: true,
+    },
+    {
+        toolName: "access_sudo_audit",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["visudo"],
+    },
+    {
+        toolName: "access_user_audit",
+        requiredBinaries: ["cat"],
+    },
+    {
+        toolName: "access_password_policy",
+        requiredBinaries: ["cat"],
+    },
+    {
+        toolName: "access_pam",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["pam_pwquality"],
+    },
+    {
+        toolName: "access_restrict_shell",
+        requiredBinaries: ["usermod"],
+    },
+    // ── Encryption Tools (4) ──────────────────────────────────────────────────
+    {
+        toolName: "crypto_tls",
+        requiredBinaries: ["openssl"],
+        critical: true,
+    },
+    {
+        toolName: "crypto_gpg_keys",
+        requiredBinaries: ["gpg"],
+    },
+    {
+        toolName: "crypto_luks_manage",
+        requiredBinaries: ["cryptsetup"],
+    },
+    {
+        toolName: "crypto_file_hash",
+        requiredBinaries: ["sha256sum"],
+    },
+    // ── Container Security Tools (6) ──────────────────────────────────────────
+    {
+        toolName: "container_docker",
+        requiredBinaries: [],
+        optionalBinaries: ["docker"],
+    },
+    {
+        toolName: "container_apparmor",
+        requiredBinaries: [],
+        optionalBinaries: ["apparmor_status", "apparmor_parser"],
+    },
+    {
+        toolName: "container_selinux_manage",
+        requiredBinaries: ["getenforce"],
+    },
+    {
+        toolName: "container_namespace_check",
+        requiredBinaries: ["cat"],
+        optionalBinaries: ["lsns"],
+    },
+    {
+        toolName: "container_image_scan",
+        requiredBinaries: [],
+        optionalBinaries: ["trivy", "grype"],
+    },
+    {
+        toolName: "container_security_config",
+        requiredBinaries: [],
+        optionalBinaries: ["newuidmap", "newgidmap"],
+    },
+    // ── Patch Management Tools (5) ────────────────────────────────────────────
+    {
+        toolName: "patch_update_audit",
+        requiredBinaries: ["apt"],
+    },
+    {
+        toolName: "patch_unattended_audit",
+        requiredBinaries: ["cat"],
+    },
+    {
+        toolName: "patch_integrity_check",
+        requiredBinaries: [],
+        optionalBinaries: ["debsums"],
+    },
+    {
+        toolName: "patch_kernel_audit",
+        requiredBinaries: ["uname"],
+    },
+    {
+        toolName: "patch_vulnerability_intel",
+        requiredBinaries: [],
+        optionalBinaries: ["curl", "apt", "dpkg"],
+    },
+    // ── Secrets Management Tools (4) ──────────────────────────────────────────
+    {
+        toolName: "secrets_scan",
+        requiredBinaries: ["grep"],
+        optionalBinaries: ["trufflehog", "gitleaks"],
+    },
+    {
+        toolName: "secrets_env_audit",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "secrets_ssh_key_sprawl",
+        requiredBinaries: ["find"],
+    },
+    {
+        toolName: "secrets_git_history_scan",
+        requiredBinaries: [],
+        optionalBinaries: ["trufflehog", "gitleaks", "git"],
+    },
+    // ── Incident Response Tools (1) ───────────────────────────────────────────
+    {
+        toolName: "incident_response",
+        requiredBinaries: [],
+        optionalBinaries: ["cat", "ps", "ss", "lsof", "ip", "iptables-save", "find", "crontab"],
+    },
+    // ── Meta Tools (5) ────────────────────────────────────────────────────────
+    {
+        toolName: "defense_check_tools",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "defense_workflow",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "defense_change_history",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "defense_security_posture",
+        requiredBinaries: [],
+        optionalBinaries: ["iptables", "ss", "journalctl", "apt", "sysctl", "systemctl"],
+    },
+    {
+        toolName: "defense_scheduled_audit",
+        requiredBinaries: [],
+        optionalBinaries: ["systemctl", "crontab", "cat"],
+    },
+    // ── Sudo Management Tools (6) ─────────────────────────────────────────────
+    {
+        toolName: "sudo_elevate",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "sudo_elevate_gui",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "sudo_status",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "sudo_drop",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "sudo_extend",
+        requiredBinaries: [],
+    },
+    {
+        toolName: "preflight_batch_check",
+        requiredBinaries: [],
+    },
+    // ── Supply Chain Security Tools (1) ───────────────────────────────────────
+    {
+        toolName: "supply_chain",
+        requiredBinaries: [],
+        optionalBinaries: ["syft", "cdxgen", "dpkg", "debsums", "cosign", "slsa-verifier"],
+    },
+    // ── Drift Detection Tools (1) ─────────────────────────────────────────────
+    {
+        toolName: "drift_baseline",
+        requiredBinaries: [],
+        optionalBinaries: ["sha256sum", "sysctl", "systemctl", "cat"],
+    },
+    // ── Zero Trust Network Tools (1) ──────────────────────────────────────────
+    {
+        toolName: "zero_trust",
+        requiredBinaries: [],
+        optionalBinaries: ["wg", "openssl", "iptables"],
+    },
+    // ── eBPF Security Tools (2) ───────────────────────────────────────────────
+    {
+        toolName: "ebpf_list_programs",
+        requiredBinaries: [],
+        optionalBinaries: ["bpftool"],
+    },
+    {
+        toolName: "ebpf_falco",
+        requiredBinaries: [],
+        optionalBinaries: ["falco", "cat"],
+    },
+    // ── Application Hardening Tools (1) ───────────────────────────────────────
+    {
+        toolName: "app_harden",
+        requiredBinaries: [],
+        optionalBinaries: ["ps", "ss", "systemctl", "iptables"],
+    },
+    // ── Reporting Tools (1) ───────────────────────────────────────────────────
+    {
+        toolName: "report_export",
+        requiredBinaries: [],
+        optionalBinaries: ["lynis", "aide", "fail2ban-client", "iptables", "ss", "pandoc", "wkhtmltopdf"],
+    },
+    // ── DNS Security Tools (1) ────────────────────────────────────────────────
+    {
+        toolName: "dns_security",
+        requiredBinaries: [],
+        optionalBinaries: ["dig", "systemd-resolve", "resolvectl", "tcpdump", "cat", "grep"],
+    },
+    // ── Vulnerability Management Tools (1) ────────────────────────────────────
+    {
+        toolName: "vuln_manage",
+        requiredBinaries: ["nmap"],
+        optionalBinaries: ["nikto", "searchsploit"],
+    },
+    // ── Forensics Tools (1) ───────────────────────────────────────────────────
+    {
+        toolName: "ir_forensics",
+        requiredBinaries: [],
+        optionalBinaries: ["avml", "dd", "sha256sum", "tcpdump", "fdisk"],
+    },
+    // ── Process Security Tools (1) ────────────────────────────────────────────
+    {
+        toolName: "process_security",
+        requiredBinaries: ["ps"],
+        optionalBinaries: ["getpcaps", "capsh", "lsns", "ss"],
+    },
+    // ── Network Segmentation Tools (1) ────────────────────────────────────────
+    {
+        toolName: "network_segmentation_audit",
+        requiredBinaries: ["ip", "iptables"],
+        optionalBinaries: ["traceroute", "nmap", "bridge"],
+    },
+    // ── WAF Management Tools (1) ──────────────────────────────────────────────
+    {
+        toolName: "waf_manage",
+        requiredBinaries: [],
+        optionalBinaries: ["cat", "grep", "sed", "dpkg", "apache2ctl"],
+    },
+    // ── Threat Intelligence Tools (1) ─────────────────────────────────────────
+    {
+        toolName: "threat_intel",
+        requiredBinaries: ["curl"],
+        optionalBinaries: ["wget", "fail2ban-client", "iptables", "grep", "whois", "dig"],
+    },
+    // ── Auto-Remediation Tools (1) ────────────────────────────────────────────
+    {
+        toolName: "auto_remediate",
+        requiredBinaries: [],
+        optionalBinaries: ["sysctl", "iptables", "sed", "grep", "lynis"],
+    },
+    // ── Cloud Security Tools (1) ──────────────────────────────────────────────
+    {
+        toolName: "cloud_security",
+        requiredBinaries: ["curl"],
+        optionalBinaries: ["cat", "stat", "aws", "gsutil", "az", "cloud-init"],
+    },
+    // ── API Security Tools (1) ────────────────────────────────────────────────
+    {
+        toolName: "api_security",
+        requiredBinaries: ["curl"],
+        optionalBinaries: ["openssl", "ss"],
+    },
+    // ── Deception / Honeypot Tools (1) ────────────────────────────────────────
+    {
+        toolName: "honeypot_manage",
+        requiredBinaries: [],
+        optionalBinaries: ["ncat", "inotifywait", "iptables", "stat"],
+    },
+    // ── Wireless Security Tools (1) ───────────────────────────────────────────
+    {
+        toolName: "wireless_security",
+        requiredBinaries: [],
+        optionalBinaries: ["hciconfig", "bluetoothctl", "iw", "nmcli", "rfkill", "lsmod"],
+    },
+    // ── Certificate Lifecycle Tools (1) ───────────────────────────────────────
+    {
+        toolName: "certificate_lifecycle",
+        requiredBinaries: ["openssl"],
+        optionalBinaries: ["certbot", "find", "curl"],
+    },
+    // ── SIEM Integration Tools (1) ────────────────────────────────────────────
+    {
+        toolName: "siem_export",
+        requiredBinaries: [],
+        optionalBinaries: ["cat", "grep", "nc", "openssl", "logger", "filebeat"],
+    },
+    // ── USB Device Control Tools (1) ──────────────────────────────────────────
+    {
+        toolName: "usb_device_control",
+        requiredBinaries: [],
+        optionalBinaries: ["lsusb", "lsblk", "lsmod", "modprobe", "udevadm"],
+    },
+];
+// ── Lookup helpers ───────────────────────────────────────────────────────────
+/** Map for O(1) lookup by tool name */
+const toolDependencyMap = new Map();
+for (const dep of TOOL_DEPENDENCIES) {
+    toolDependencyMap.set(dep.toolName, dep);
+}
+/**
+ * Returns the dependency specification for a given MCP tool name.
+ */
+export function getDependenciesForTool(toolName) {
+    return toolDependencyMap.get(toolName);
+}
+/**
+ * Returns all unique required binaries across all tools.
+ */
+export function getAllRequiredBinaries() {
+    const binaries = new Set();
+    for (const dep of TOOL_DEPENDENCIES) {
+        for (const bin of dep.requiredBinaries) {
+            binaries.add(bin);
+        }
+    }
+    return Array.from(binaries);
+}
+/**
+ * Returns all unique binaries (required + optional) across all tools.
+ */
+export function getAllBinaries() {
+    const required = new Set();
+    const optional = new Set();
+    for (const dep of TOOL_DEPENDENCIES) {
+        for (const bin of dep.requiredBinaries) {
+            required.add(bin);
+        }
+        for (const bin of dep.optionalBinaries ?? []) {
+            if (!required.has(bin)) {
+                optional.add(bin);
+            }
+        }
+    }
+    return {
+        required: Array.from(required),
+        optional: Array.from(optional),
+    };
+}
+/**
+ * Returns all critical tool dependencies (tools that should always work).
+ */
+export function getCriticalDependencies() {
+    return TOOL_DEPENDENCIES.filter((d) => d.critical);
+}

package/build/core/tool-registry.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Enhanced Tool Registry — single source of truth for all MCP tool requirements.
+ *
+ * Replaces and extends `tool-dependencies.ts` with richer dependency metadata
+ * including privilege requirements, Python/npm packages, system libraries,
+ * required files, and Linux capabilities.
+ *
+ * v0.5.0: Tool consolidation (157 → 78 tools), each entry represents a
+ * consolidated action-based tool.
+ * v0.6.0: Extended to 94 tools across 32 modules with 16 new security tools.
+ *
+ * @module tool-registry
+ */
+/**
+ * Complete requirements manifest for a single MCP tool.
+ * Enhanced replacement for the legacy {@link ToolDependency} type.
+ */
+export interface ToolManifest {
+    /** The MCP tool name (e.g., "firewall_iptables") */
+    toolName: string;
+    /** System binaries required for this tool to function */
+    requiredBinaries: string[];
+    /** System binaries that enhance functionality but aren't strictly needed */
+    optionalBinaries?: string[];
+    /** Python modules required (e.g., ["yara-python", "pefile"]) */
+    requiredPythonModules?: string[];
+    /** Python modules that enhance functionality */
+    optionalPythonModules?: string[];
+    /** npm packages required (e.g., ["semgrep"]) */
+    requiredNpmPackages?: string[];
+    /** npm packages that enhance functionality */
+    optionalNpmPackages?: string[];
+    /** System shared libraries required (e.g., ["libssl", "libpcap"]) */
+    requiredLibraries?: string[];
+    /** Absolute paths that must exist on disk (e.g., ["/etc/audit/auditd.conf"]) */
+    requiredFiles?: string[];
+    /** Sudo requirement level for this tool */
+    sudo: "never" | "always" | "conditional";
+    /** Human-readable explanation of why sudo is needed */
+    sudoReason?: string;
+    /** Linux capabilities required (e.g., ["CAP_NET_RAW"]) */
+    capabilities?: string[];
+    /** Whether this tool is critical for core functionality */
+    critical?: boolean;
+    /** Tool module category (firewall, logging, compliance, etc.) */
+    category?: string;
+    /** Additional categorization tags */
+    tags?: string[];
+}
+/**
+ * Map-based registry with O(1) lookup for tool manifests.
+ * Singleton pattern — use {@link ToolRegistry.instance} to obtain.
+ */
+export declare class ToolRegistry {
+    private manifests;
+    /** Get or create the singleton registry instance. */
+    static instance(): ToolRegistry;
+    /**
+     * Reset the singleton (primarily for testing).
+     * @internal
+     */
+    static resetInstance(): void;
+    /** Register a single tool manifest. Overwrites if already registered. */
+    register(manifest: ToolManifest): void;
+    /** Bulk register an array of tool manifests. */
+    registerAll(manifests: ToolManifest[]): void;
+    /** Get manifest for a tool, or `undefined` if unregistered. */
+    getManifest(toolName: string): ToolManifest | undefined;
+    /** Get all tool names that list `binary` in their `requiredBinaries`. */
+    getToolsRequiring(binary: string): string[];
+    /** Get all manifests whose `category` matches. */
+    getToolsByCategory(category: string): ToolManifest[];
+    /** Collect every unique required binary across all registered tools. */
+    getAllRequiredBinaries(): Set<string>;
+    /** Get all manifests that require sudo (`always` or `conditional`). */
+    getToolsNeedingSudo(): ToolManifest[];
+    /** Check whether a tool name is registered. */
+    has(toolName: string): boolean;
+    /** Return every registered manifest as an array. */
+    getAll(): ToolManifest[];
+}
+/**
+ * Convert every entry in the legacy `TOOL_DEPENDENCIES` array into a
+ * {@link ToolManifest} and register it.  Default `sudo` is `'never'`
+ * (overridden later by {@link DEFAULT_MANIFESTS}).
+ */
+export declare function migrateFromLegacy(registry: ToolRegistry): void;
+/**
+ * Default enhanced manifests that overlay sudo/privilege requirements
+ * on top of the legacy-migrated entries.
+ */
+export declare const DEFAULT_MANIFESTS: ToolManifest[];
+/**
+ * Initialize the tool registry by:
+ *
+ * 1. Creating (or reusing) the singleton
+ * 2. Migrating from legacy `TOOL_DEPENDENCIES`
+ * 3. Overlaying `DEFAULT_MANIFESTS` — merging privilege metadata while
+ *    preserving binary requirements from the legacy data
+ * 4. Returning the populated registry
+ *
+ * Safe to call multiple times; subsequent calls return immediately
+ * without re-running migration or overlay logic.
+ */
+export declare function initializeRegistry(): ToolRegistry;
+/**
+ * Reset the initialization guard (for testing purposes).
+ * @internal
+ */
+export declare function resetRegistryInitialization(): void;
+//# sourceMappingURL=tool-registry.d.ts.map

package/build/core/tool-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-registry.d.ts","sourceRoot":"","sources":["../../src/core/tool-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,oDAAoD;IACpD,QAAQ,EAAE,MAAM,CAAC;IAIjB,yDAAyD;IACzD,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAI5B,gEAAgE;IAChE,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,gDAAgD;IAChD,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IAIjC,gDAAgD;IAChD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAI/B,qEAAqE;IACrE,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAI7B,gFAAgF;IAChF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAIzB,2CAA2C;IAC3C,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,aAAa,CAAC;IACzC,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAIxB,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAQD;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAwC;IAEzD,qDAAqD;IACrD,MAAM,CAAC,QAAQ,IAAI,YAAY;IAO/B;;;OAGG;IACH,MAAM,CAAC,aAAa,IAAI,IAAI;IAI5B,yEAAyE;IACzE,QAAQ,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI;IAItC,gDAAgD;IAChD,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,GAAG,IAAI;IAM5C,+DAA+D;IAC/D,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAIvD,yEAAyE;IACzE,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;IAU3C,kDAAkD;IAClD,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE;IAUpD,wEAAwE;IACxE,sBAAsB,IAAI,GAAG,CAAC,MAAM,CAAC;IAUrC,uEAAuE;IACvE,mBAAmB,IAAI,YAAY,EAAE;IAUrC,+CAA+C;IAC/C,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI9B,oDAAoD;IACpD,MAAM,IAAI,YAAY,EAAE;CAGzB;AA+CD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI,CAc9D;AA0cD;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,YAAY,EAU3C,CAAC;AAmBF;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,IAAI,YAAY,CAgCjD;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,IAAI,IAAI,CAElD"}