defense-mcp-server 0.6.0

package/build/core/dependency-validator.js

@@ -0,0 +1,405 @@
+/**
+ * Dependency Validator for Kali Defense MCP Server.
+ *
+ * Provides three key capabilities:
+ * 1. **Startup validation** — checks all tool dependencies when the server starts
+ *    and auto-installs missing ones if KALI_DEFENSE_AUTO_INSTALL=true
+ * 2. **Runtime dependency check** — `ensureDependencies()` can be called before
+ *    any tool execution to verify (and optionally install) required binaries
+ * 3. **Dependency status cache** — avoids redundant `which` calls by caching
+ *    binary availability results with a configurable TTL
+ */
+import { executeCommand } from "./executor.js";
+import { getConfig } from "./config.js";
+import { checkTool, installTool, } from "./installer.js";
+import { TOOL_DEPENDENCIES, getDependenciesForTool, getToolRequirementForBinary, getCriticalDependencies, } from "./tool-dependencies.js";
+// ── Cache ────────────────────────────────────────────────────────────────────
+/** Cache TTL in milliseconds (5 minutes) */
+const CACHE_TTL_MS = 5 * 60 * 1000;
+/** Binary availability cache */
+const binaryCache = new Map();
+/**
+ * Checks if a binary is available, using cache when possible.
+ */
+async function isBinaryAvailable(binary) {
+    const cached = binaryCache.get(binary);
+    if (cached && Date.now() - cached.checkedAt < CACHE_TTL_MS) {
+        return cached;
+    }
+    const result = await checkTool(binary);
+    const status = {
+        available: result.installed,
+        path: result.path,
+        version: result.version,
+        checkedAt: Date.now(),
+    };
+    binaryCache.set(binary, status);
+    return status;
+}
+/**
+ * Invalidates the cache for a specific binary (e.g. after installation).
+ */
+function invalidateCache(binary) {
+    binaryCache.delete(binary);
+}
+/**
+ * Clears the entire binary cache.
+ */
+export function clearDependencyCache() {
+    binaryCache.clear();
+}
+// ── Auto-install logic ───────────────────────────────────────────────────────
+/**
+ * Attempts to install a binary by finding its ToolRequirement in DEFENSIVE_TOOLS.
+ * Returns the install result or null if no matching package is known.
+ */
+async function autoInstallBinary(binary) {
+    // First check the DEFENSIVE_TOOLS registry
+    const toolReq = getToolRequirementForBinary(binary);
+    if (toolReq) {
+        console.error(`[dep-validator] Auto-installing ${toolReq.name} (provides: ${binary})`);
+        const result = await installTool(toolReq);
+        if (result.success) {
+            invalidateCache(binary);
+        }
+        return result;
+    }
+    // For binaries not in DEFENSIVE_TOOLS, try a direct package install
+    // Many system utilities have the same package name as the binary
+    const directInstallReq = {
+        name: binary,
+        binary,
+        packages: {
+            debian: binary,
+            rhel: binary,
+            arch: binary,
+            alpine: binary,
+            suse: binary,
+            fallback: binary,
+        },
+        category: "hardening",
+        required: false,
+    };
+    console.error(`[dep-validator] Attempting direct install of '${binary}' (no known package mapping)`);
+    const result = await installTool(directInstallReq);
+    if (result.success) {
+        invalidateCache(binary);
+    }
+    return result;
+}
+// ── Startup Validation ───────────────────────────────────────────────────────
+/**
+ * Validates all tool dependencies at server startup.
+ *
+ * This function:
+ * 1. Collects all unique binaries required across all tools
+ * 2. Checks each binary's availability
+ * 3. If autoInstall is enabled, installs missing binaries
+ * 4. Reports critical tools with missing dependencies
+ *
+ * @returns A detailed validation report
+ */
+export async function validateAllDependencies() {
+    const startTime = Date.now();
+    const config = getConfig();
+    console.error("[dep-validator] Starting dependency validation...");
+    // Collect all unique binaries (required only — optional are checked lazily)
+    const allBinaries = new Set();
+    for (const dep of TOOL_DEPENDENCIES) {
+        for (const bin of dep.requiredBinaries) {
+            // Skip trivially-available system utilities
+            if (!TRIVIAL_BINARIES.has(bin)) {
+                allBinaries.add(bin);
+            }
+        }
+    }
+    const available = [];
+    const missing = [];
+    const installed = [];
+    const installFailed = [];
+    // Check all binaries in parallel (batched to avoid overwhelming the system)
+    const binaryList = Array.from(allBinaries);
+    const BATCH_SIZE = 10;
+    for (let i = 0; i < binaryList.length; i += BATCH_SIZE) {
+        const batch = binaryList.slice(i, i + BATCH_SIZE);
+        const results = await Promise.all(batch.map(async (bin) => ({
+            binary: bin,
+            status: await isBinaryAvailable(bin),
+        })));
+        for (const { binary, status } of results) {
+            if (status.available) {
+                available.push(binary);
+            }
+            else {
+                missing.push(binary);
+            }
+        }
+    }
+    // Auto-install missing binaries if enabled
+    if (config.autoInstall && missing.length > 0) {
+        console.error(`[dep-validator] Auto-install enabled. Installing ${missing.length} missing binaries...`);
+        // Update package lists once before installing
+        const { detectDistro, getPackageManager } = await import("./distro.js");
+        const distro = await detectDistro();
+        const pkgMgr = getPackageManager(distro.packageManager);
+        const updateCmd = pkgMgr.updateCmd();
+        console.error(`[dep-validator] Updating package lists via ${distro.packageManager}...`);
+        await executeCommand({
+            command: "sudo",
+            args: updateCmd,
+            timeout: 120_000,
+        });
+        // Install each missing binary
+        const toInstall = [...missing];
+        missing.length = 0; // Reset — we'll re-populate with truly-missing ones
+        for (const binary of toInstall) {
+            const result = await autoInstallBinary(binary);
+            if (result?.success) {
+                // Verify the binary is now available
+                invalidateCache(binary);
+                const recheck = await isBinaryAvailable(binary);
+                if (recheck.available) {
+                    installed.push(binary);
+                    available.push(binary);
+                    console.error(`[dep-validator] ✅ Installed: ${binary}`);
+                }
+                else {
+                    missing.push(binary);
+                    installFailed.push({
+                        binary,
+                        error: "Package installed but binary not found in PATH",
+                    });
+                    console.error(`[dep-validator] ⚠️ Package installed but binary '${binary}' not found`);
+                }
+            }
+            else {
+                missing.push(binary);
+                installFailed.push({
+                    binary,
+                    error: result?.message ?? "No package mapping found",
+                });
+                console.error(`[dep-validator] ❌ Failed to install: ${binary}`);
+            }
+        }
+    }
+    // Check critical tools
+    const criticalMissing = [];
+    const criticalDeps = getCriticalDependencies();
+    for (const dep of criticalDeps) {
+        const missingBins = dep.requiredBinaries.filter((bin) => !TRIVIAL_BINARIES.has(bin) && missing.includes(bin));
+        if (missingBins.length > 0) {
+            criticalMissing.push({
+                toolName: dep.toolName,
+                missingBinaries: missingBins,
+            });
+        }
+    }
+    const durationMs = Date.now() - startTime;
+    const report = {
+        totalChecked: binaryList.length,
+        available,
+        missing,
+        installed,
+        installFailed,
+        criticalMissing,
+        durationMs,
+        autoInstallEnabled: config.autoInstall,
+    };
+    // Log summary
+    console.error(`[dep-validator] Validation complete in ${durationMs}ms: ` +
+        `${available.length} available, ${missing.length} missing` +
+        (installed.length > 0 ? `, ${installed.length} auto-installed` : "") +
+        (installFailed.length > 0 ? `, ${installFailed.length} install failures` : ""));
+    if (criticalMissing.length > 0) {
+        console.error(`[dep-validator] ⚠️ CRITICAL: ${criticalMissing.length} critical tools have missing dependencies:`);
+        for (const cm of criticalMissing) {
+            console.error(`[dep-validator]   - ${cm.toolName}: needs ${cm.missingBinaries.join(", ")}`);
+        }
+        console.error(`[dep-validator] Set KALI_DEFENSE_AUTO_INSTALL=true to auto-install missing tools`);
+    }
+    return report;
+}
+// ── Runtime Dependency Check ─────────────────────────────────────────────────
+/**
+ * Ensures all dependencies for a specific MCP tool are satisfied.
+ *
+ * Call this at the start of any tool handler to verify its binaries are present.
+ * If autoInstall is enabled, missing binaries will be installed on-the-fly.
+ *
+ * @param toolName The MCP tool name (e.g. "ids_rkhunter_scan")
+ * @returns EnsureResult with satisfaction status and details
+ *
+ * @example
+ * ```ts
+ * const deps = await ensureDependencies("ids_rkhunter_scan");
+ * if (!deps.satisfied) {
+ *   return {
+ *     content: [createErrorContent(
+ *       `Missing required tools: ${deps.missingRequired.join(", ")}. ` +
+ *       `Install with: sudo apt install ${deps.missingRequired.join(" ")}`
+ *     )],
+ *     isError: true,
+ *   };
+ * }
+ * ```
+ */
+export async function ensureDependencies(toolName) {
+    const dep = getDependenciesForTool(toolName);
+    // If no dependency info registered, assume satisfied
+    if (!dep) {
+        return {
+            satisfied: true,
+            missingRequired: [],
+            missingOptional: [],
+            autoInstalled: [],
+            installErrors: [],
+        };
+    }
+    const config = getConfig();
+    const missingRequired = [];
+    const missingOptional = [];
+    const autoInstalled = [];
+    const installErrors = [];
+    // Check required binaries
+    for (const bin of dep.requiredBinaries) {
+        if (TRIVIAL_BINARIES.has(bin))
+            continue;
+        const status = await isBinaryAvailable(bin);
+        if (!status.available) {
+            if (config.autoInstall) {
+                const result = await autoInstallBinary(bin);
+                if (result?.success) {
+                    invalidateCache(bin);
+                    const recheck = await isBinaryAvailable(bin);
+                    if (recheck.available) {
+                        autoInstalled.push(bin);
+                        continue;
+                    }
+                }
+                installErrors.push({
+                    binary: bin,
+                    error: result?.message ?? "Installation failed",
+                });
+            }
+            missingRequired.push(bin);
+        }
+    }
+    // Check optional binaries (never block on these)
+    for (const bin of dep.optionalBinaries ?? []) {
+        if (TRIVIAL_BINARIES.has(bin))
+            continue;
+        const status = await isBinaryAvailable(bin);
+        if (!status.available) {
+            // Try auto-install for optional deps too, but don't fail
+            if (config.autoInstall) {
+                const result = await autoInstallBinary(bin);
+                if (result?.success) {
+                    invalidateCache(bin);
+                    const recheck = await isBinaryAvailable(bin);
+                    if (recheck.available) {
+                        autoInstalled.push(bin);
+                        continue;
+                    }
+                }
+            }
+            missingOptional.push(bin);
+        }
+    }
+    return {
+        satisfied: missingRequired.length === 0,
+        missingRequired,
+        missingOptional,
+        autoInstalled,
+        installErrors,
+    };
+}
+/**
+ * Quick check if a single binary is available (cached).
+ * Does NOT auto-install. Use for lightweight pre-flight checks.
+ */
+export async function isBinaryInstalled(binary) {
+    if (TRIVIAL_BINARIES.has(binary))
+        return true;
+    const status = await isBinaryAvailable(binary);
+    return status.available;
+}
+// ── Format helpers ───────────────────────────────────────────────────────────
+/**
+ * Formats a ValidationReport into a human-readable string for logging.
+ */
+export function formatValidationReport(report) {
+    const lines = [];
+    lines.push("╔══════════════════════════════════════════════════════════╗");
+    lines.push("║       Kali Defense MCP — Dependency Validation          ║");
+    lines.push("╚══════════════════════════════════════════════════════════╝");
+    lines.push("");
+    lines.push(`  Binaries checked:    ${report.totalChecked}`);
+    lines.push(`  Available:           ${report.available.length}`);
+    lines.push(`  Missing:             ${report.missing.length}`);
+    if (report.installed.length > 0) {
+        lines.push(`  Auto-installed:      ${report.installed.length}`);
+        for (const bin of report.installed) {
+            lines.push(`    ✅ ${bin}`);
+        }
+    }
+    if (report.installFailed.length > 0) {
+        lines.push(`  Install failures:    ${report.installFailed.length}`);
+        for (const fail of report.installFailed) {
+            lines.push(`    ❌ ${fail.binary}: ${fail.error}`);
+        }
+    }
+    if (report.missing.length > 0) {
+        lines.push("");
+        lines.push("  Missing binaries:");
+        for (const bin of report.missing) {
+            const toolReq = getToolRequirementForBinary(bin);
+            const pkg = toolReq ? ` (package: ${toolReq.packages.debian ?? toolReq.packages.fallback})` : "";
+            lines.push(`    • ${bin}${pkg}`);
+        }
+    }
+    if (report.criticalMissing.length > 0) {
+        lines.push("");
+        lines.push("  ⚠️  CRITICAL tools with missing dependencies:");
+        for (const cm of report.criticalMissing) {
+            lines.push(`    ⛔ ${cm.toolName}: needs ${cm.missingBinaries.join(", ")}`);
+        }
+    }
+    lines.push("");
+    lines.push(`  Auto-install: ${report.autoInstallEnabled ? "ENABLED" : "DISABLED"}`);
+    if (!report.autoInstallEnabled && report.missing.length > 0) {
+        lines.push("  💡 Set KALI_DEFENSE_AUTO_INSTALL=true to auto-install missing tools");
+    }
+    lines.push(`  Duration: ${report.durationMs}ms`);
+    return lines.join("\n");
+}
+// ── Trivial binaries ─────────────────────────────────────────────────────────
+/**
+ * System utilities that are virtually always present on any Linux system.
+ * We skip checking these to avoid unnecessary overhead.
+ */
+const TRIVIAL_BINARIES = new Set([
+    "cat",
+    "cp",
+    "ls",
+    "mv",
+    "rm",
+    "tee",
+    "find",
+    "grep",
+    "awk",
+    "sed",
+    "stat",
+    "chmod",
+    "chown",
+    "chgrp",
+    "mount",
+    "umount",
+    "uname",
+    "ps",
+    "ip",
+    "lsmod",
+    "modprobe",
+    "sha256sum",
+    "usermod",
+    "crontab",
+]);

package/build/core/distro-adapter.d.ts

@@ -0,0 +1,177 @@
+/**
+ * DistroAdapter — unified cross-distribution API for the Kali Defense MCP Server.
+ *
+ * This module provides a single, cached adapter instance that abstracts away
+ * distribution-specific differences in:
+ *   - Package management (apt / dnf / yum / zypper / pacman / apk)
+ *   - Service management (systemd / openrc / sysvinit / launchd)
+ *   - Firewall backends (iptables / nftables / ufw / firewalld)
+ *   - File system paths (logs, PAM configs, syslog, package tools)
+ *   - Package integrity checking (debsums / rpm -V)
+ *   - Automatic updates configuration
+ *
+ * Supported distributions:
+ *   Debian, Ubuntu, Kali, Linux Mint, Pop!_OS  →  debian family
+ *   RHEL, CentOS, Fedora, Rocky, AlmaLinux     →  rhel family
+ *   openSUSE, SLES                              →  suse family
+ *   Arch, Manjaro                               →  arch family
+ *   Alpine                                      →  alpine family
+ *
+ * Usage:
+ *   import { getDistroAdapter } from "../core/distro-adapter.js";
+ *   const da = await getDistroAdapter();
+ *   const cmd = da.pkg.installCmd("nginx");  // distro-correct install
+ *   const logPath = da.paths.syslog;          // "/var/log/syslog" or "/var/log/messages"
+ */
+import { type DistroInfo, type PackageManagerCommands, type ServiceManagerCommands, type FirewallBackendCommands } from "./distro.js";
+/** System paths that vary across distributions. */
+export interface DistroPaths {
+    /** Primary syslog file */
+    syslog: string;
+    /** Authentication log */
+    authLog: string;
+    /** PAM common-auth or system-auth equivalent */
+    pamAuth: string;
+    /** PAM common-password or password-auth equivalent */
+    pamPassword: string;
+    /** PAM common-session equivalent */
+    pamSession: string;
+    /** PAM common-account equivalent */
+    pamAccount: string;
+    /** All PAM config files to audit */
+    pamAllConfigs: string[];
+    /** Auto-update config dir (apt.conf.d, dnf automatic, etc.) */
+    autoUpdateConfig: string;
+    /** Auto-update package name */
+    autoUpdatePackage: string;
+    /** Auto-update service name */
+    autoUpdateService: string;
+    /** Firewall persistence config path */
+    firewallPersistenceConfig: string;
+    /** Package manager lock file */
+    packageLockFile: string;
+    /** Network interface config dir */
+    networkConfigDir: string;
+    /** Kernel modules blacklist config */
+    modprobeDir: string;
+    /** GRUB config file */
+    grubConfig: string;
+    /** GRUB defaults file */
+    grubDefaults: string;
+    /** GRUB update command */
+    grubUpdateCmd: string[];
+}
+/** Package integrity check configuration. */
+export interface IntegrityCheckConfig {
+    /** Whether integrity checking is supported */
+    supported: boolean;
+    /** The command to check package integrity */
+    checkCmd: string[];
+    /** The command to check a specific package */
+    checkPackageCmd: (pkg: string) => string[];
+    /** Name of the integrity tool */
+    toolName: string;
+    /** How to install the integrity tool */
+    installHint: string;
+}
+/** Auto-update audit configuration. */
+export interface AutoUpdateConfig {
+    /** Whether auto-updates are supported on this distro */
+    supported: boolean;
+    /** Package name for auto-updates */
+    packageName: string;
+    /** How to check if auto-update is installed */
+    checkInstalledCmd: string[];
+    /** Service name to check */
+    serviceName: string;
+    /** Config files to audit */
+    configFiles: string[];
+    /** How to install auto-updates */
+    installHint: string;
+}
+/** Package listing/querying commands. */
+export interface PackageQueryCommands {
+    /** List all installed packages */
+    listInstalledCmd: string[];
+    /** Query a specific package (returns version info) */
+    queryPackageCmd: (pkg: string) => string[];
+    /** List available upgrades */
+    listUpgradableCmd: string[];
+    /** Show held/locked packages */
+    showHeldCmd: string[];
+    /** Simulate upgrade (dry-run) */
+    simulateUpgradeCmd: string[];
+    /** Show package changelog */
+    changelogCmd: (pkg: string) => string[];
+    /** Show package policy/info */
+    policyCmd: (pkg: string) => string[];
+    /** Check if a specific package is installed */
+    isInstalledCmd: (pkg: string) => string[];
+    /** List installed kernel packages */
+    listKernelsCmd: string[];
+    /** Check for auto-removable packages */
+    autoRemoveCmd: string[];
+}
+/** Firewall persistence commands. */
+export interface FirewallPersistenceConfig {
+    /** Package name for firewall persistence */
+    packageName: string;
+    /** How to check if persistence is installed */
+    checkInstalledCmd: string[];
+    /** Install command (already includes sudo) */
+    installCmd: string[];
+    /** Service name for persistence */
+    serviceName: string;
+    /** Enable persistence service */
+    enableCmd: string[];
+    /** Save rules command */
+    saveCmd: string[];
+    /** Rollback/uninstall hint */
+    uninstallHint: string;
+}
+export declare class DistroAdapter {
+    readonly distro: DistroInfo;
+    readonly pkg: PackageManagerCommands;
+    readonly svc: ServiceManagerCommands;
+    readonly fw: FirewallBackendCommands;
+    readonly paths: DistroPaths;
+    readonly integrity: IntegrityCheckConfig;
+    readonly autoUpdate: AutoUpdateConfig;
+    readonly pkgQuery: PackageQueryCommands;
+    readonly fwPersistence: FirewallPersistenceConfig;
+    constructor(distro: DistroInfo, pkg: PackageManagerCommands, svc: ServiceManagerCommands, fw: FirewallBackendCommands);
+    /** Human-readable summary of the detected environment. */
+    get summary(): string;
+    /** Whether the distro family is Debian-based. */
+    get isDebian(): boolean;
+    /** Whether the distro family is RHEL-based. */
+    get isRhel(): boolean;
+    /** Whether the distro family is SUSE-based. */
+    get isSuse(): boolean;
+    /** Whether the distro family is Arch-based. */
+    get isArch(): boolean;
+    /** Whether the distro family is Alpine. */
+    get isAlpine(): boolean;
+    /** Install a package using the distro's package manager (returns command array). */
+    installPkg(pkg: string): {
+        command: string;
+        args: string[];
+    };
+    /** Remove a package using the distro's package manager (returns command array). */
+    removePkg(pkg: string): {
+        command: string;
+        args: string[];
+    };
+}
+/**
+ * Returns the singleton DistroAdapter.
+ * On first call it detects the distribution and builds all adapters.
+ * Subsequent calls return the cached instance.
+ */
+export declare function getDistroAdapter(): Promise<DistroAdapter>;
+/**
+ * Returns the cached adapter if already initialized, or null.
+ * Use when you can't await (synchronous contexts).
+ */
+export declare function getDistroAdapterSync(): DistroAdapter | null;
+//# sourceMappingURL=distro-adapter.d.ts.map

package/build/core/distro-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"distro-adapter.d.ts","sourceRoot":"","sources":["../../src/core/distro-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAKL,KAAK,UAAU,EAGf,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAE7B,MAAM,aAAa,CAAC;AAIrB,mDAAmD;AACnD,MAAM,WAAW,WAAW;IAC1B,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,+BAA+B;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,+BAA+B;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,uCAAuC;IACvC,yBAAyB,EAAE,MAAM,CAAC;IAClC,gCAAgC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,mCAAmC;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,6CAA6C;AAC7C,MAAM,WAAW,oBAAoB;IACnC,8CAA8C;IAC9C,SAAS,EAAE,OAAO,CAAC;IACnB,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,8CAA8C;IAC9C,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAC3C,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,uCAAuC;AACvC,MAAM,WAAW,gBAAgB;IAC/B,wDAAwD;IACxD,SAAS,EAAE,OAAO,CAAC;IACnB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,yCAAyC;AACzC,MAAM,WAAW,oBAAoB;IACnC,kCAAkC;IAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,sDAAsD;IACtD,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAC3C,8BAA8B;IAC9B,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gCAAgC;IAChC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,iCAAiC;IACjC,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,6BAA6B;IAC7B,YAAY,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IACxC,+BAA+B;IAC/B,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IACrC,+CAA+C;IAC/C,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAC1C,qCAAqC;IACrC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wCAAwC;IACxC,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,qCAAqC;AACrC,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,8CAA8C;IAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yBAAyB;IACzB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;CACvB;AAID,qBAAa,aAAa;IACxB,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,GAAG,EAAE,sBAAsB,CAAC;IACrC,QAAQ,CAAC,GAAG,EAAE,sBAAsB,CAAC;IACrC,QAAQ,CAAC,EAAE,EAAE,uBAAuB,CAAC;IACrC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,oBAAoB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IACxC,QAAQ,CAAC,aAAa,EAAE,yBAAyB,CAAC;gBAGhD,MAAM,EAAE,UAAU,EAClB,GAAG,EAAE,sBAAsB,EAC3B,GAAG,EAAE,sBAAsB,EAC3B,EAAE,EAAE,uBAAuB;IAa7B,0DAA0D;IAC1D,IAAI,OAAO,IAAI,MAAM,CAMpB;IAED,iDAAiD;IACjD,IAAI,QAAQ,IAAI,OAAO,CAA4C;IAEnE,+CAA+C;IAC/C,IAAI,MAAM,IAAI,OAAO,CAA0C;IAE/D,+CAA+C;IAC/C,IAAI,MAAM,IAAI,OAAO,CAA0C;IAE/D,+CAA+C;IAC/C,IAAI,MAAM,IAAI,OAAO,CAA0C;IAE/D,2CAA2C;IAC3C,IAAI,QAAQ,IAAI,OAAO,CAA4C;IAEnE,oFAAoF;IACpF,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE;IAK5D,mFAAmF;IACnF,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE;CAI5D;AA0ZD;;;;GAIG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,aAAa,CAAC,CAa/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,GAAG,IAAI,CAE3D"}