npm - dravix-agent - Versions diffs - 0.1.0 - Mend

dravix-agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/.claude/settings.example.json +30 -0
package/ARCHITECTURE.md +410 -0
package/LICENSE +21 -0
package/README.md +153 -0
package/ROADMAP.md +117 -0
package/data/vulnkb.json +666 -0
package/dist/bin/aegis.d.ts +3 -0
package/dist/bin/aegis.d.ts.map +1 -0
package/dist/bin/aegis.js +489 -0
package/dist/bin/aegis.js.map +1 -0
package/dist/cache.d.ts +9 -0
package/dist/cache.d.ts.map +1 -0
package/dist/cache.js +146 -0
package/dist/cache.js.map +1 -0
package/dist/engines/ai-sinks.d.ts +52 -0
package/dist/engines/ai-sinks.d.ts.map +1 -0
package/dist/engines/ai-sinks.js +204 -0
package/dist/engines/ai-sinks.js.map +1 -0
package/dist/engines/eslint.d.ts +9 -0
package/dist/engines/eslint.d.ts.map +1 -0
package/dist/engines/eslint.js +245 -0
package/dist/engines/eslint.js.map +1 -0
package/dist/engines/joern.d.ts +3 -0
package/dist/engines/joern.d.ts.map +1 -0
package/dist/engines/joern.js +98 -0
package/dist/engines/joern.js.map +1 -0
package/dist/engines/js-sinks.d.ts +70 -0
package/dist/engines/js-sinks.d.ts.map +1 -0
package/dist/engines/js-sinks.js +370 -0
package/dist/engines/js-sinks.js.map +1 -0
package/dist/engines/llm-critic.d.ts +130 -0
package/dist/engines/llm-critic.d.ts.map +1 -0
package/dist/engines/llm-critic.js +551 -0
package/dist/engines/llm-critic.js.map +1 -0
package/dist/engines/pragma.d.ts +20 -0
package/dist/engines/pragma.d.ts.map +1 -0
package/dist/engines/pragma.js +83 -0
package/dist/engines/pragma.js.map +1 -0
package/dist/engines/property-test.d.ts +3 -0
package/dist/engines/property-test.d.ts.map +1 -0
package/dist/engines/property-test.js +134 -0
package/dist/engines/property-test.js.map +1 -0
package/dist/engines/pyright.d.ts +10 -0
package/dist/engines/pyright.d.ts.map +1 -0
package/dist/engines/pyright.js +143 -0
package/dist/engines/pyright.js.map +1 -0
package/dist/engines/pysa.d.ts +3 -0
package/dist/engines/pysa.d.ts.map +1 -0
package/dist/engines/pysa.js +83 -0
package/dist/engines/pysa.js.map +1 -0
package/dist/engines/python-sinks.d.ts +82 -0
package/dist/engines/python-sinks.d.ts.map +1 -0
package/dist/engines/python-sinks.js +459 -0
package/dist/engines/python-sinks.js.map +1 -0
package/dist/engines/registry.d.ts +26 -0
package/dist/engines/registry.d.ts.map +1 -0
package/dist/engines/registry.js +70 -0
package/dist/engines/registry.js.map +1 -0
package/dist/engines/secret-scan.d.ts +22 -0
package/dist/engines/secret-scan.d.ts.map +1 -0
package/dist/engines/secret-scan.js +179 -0
package/dist/engines/secret-scan.js.map +1 -0
package/dist/engines/semgrep.d.ts +10 -0
package/dist/engines/semgrep.d.ts.map +1 -0
package/dist/engines/semgrep.js +200 -0
package/dist/engines/semgrep.js.map +1 -0
package/dist/engines/treesitter.d.ts +18 -0
package/dist/engines/treesitter.d.ts.map +1 -0
package/dist/engines/treesitter.js +135 -0
package/dist/engines/treesitter.js.map +1 -0
package/dist/engines/tsc.d.ts +10 -0
package/dist/engines/tsc.d.ts.map +1 -0
package/dist/engines/tsc.js +142 -0
package/dist/engines/tsc.js.map +1 -0
package/dist/engines/types.d.ts +47 -0
package/dist/engines/types.d.ts.map +1 -0
package/dist/engines/types.js +27 -0
package/dist/engines/types.js.map +1 -0
package/dist/findings.d.ts +121 -0
package/dist/findings.d.ts.map +1 -0
package/dist/findings.js +98 -0
package/dist/findings.js.map +1 -0
package/dist/hooks/claude-code.d.ts +3 -0
package/dist/hooks/claude-code.d.ts.map +1 -0
package/dist/hooks/claude-code.js +187 -0
package/dist/hooks/claude-code.js.map +1 -0
package/dist/index/context.d.ts +127 -0
package/dist/index/context.d.ts.map +1 -0
package/dist/index/context.js +267 -0
package/dist/index/context.js.map +1 -0
package/dist/index/embeddings.d.ts +68 -0
package/dist/index/embeddings.d.ts.map +1 -0
package/dist/index/embeddings.js +570 -0
package/dist/index/embeddings.js.map +1 -0
package/dist/index/graph_routing.d.ts +36 -0
package/dist/index/graph_routing.d.ts.map +1 -0
package/dist/index/graph_routing.js +170 -0
package/dist/index/graph_routing.js.map +1 -0
package/dist/index/joern.d.ts +76 -0
package/dist/index/joern.d.ts.map +1 -0
package/dist/index/joern.js +782 -0
package/dist/index/joern.js.map +1 -0
package/dist/index/property-test.d.ts +88 -0
package/dist/index/property-test.d.ts.map +1 -0
package/dist/index/property-test.js +466 -0
package/dist/index/property-test.js.map +1 -0
package/dist/index/proto/scip.proto +897 -0
package/dist/index/pysa.d.ts +91 -0
package/dist/index/pysa.d.ts.map +1 -0
package/dist/index/pysa.js +617 -0
package/dist/index/pysa.js.map +1 -0
package/dist/index/scip.d.ts +76 -0
package/dist/index/scip.d.ts.map +1 -0
package/dist/index/scip.js +541 -0
package/dist/index/scip.js.map +1 -0
package/dist/index/vulrag.d.ts +86 -0
package/dist/index/vulrag.d.ts.map +1 -0
package/dist/index/vulrag.js +242 -0
package/dist/index/vulrag.js.map +1 -0
package/dist/index.d.ts +9 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +8 -0
package/dist/index.js.map +1 -0
package/dist/install/claude-code.d.ts +31 -0
package/dist/install/claude-code.d.ts.map +1 -0
package/dist/install/claude-code.js +447 -0
package/dist/install/claude-code.js.map +1 -0
package/dist/lang.d.ts +5 -0
package/dist/lang.d.ts.map +1 -0
package/dist/lang.js +52 -0
package/dist/lang.js.map +1 -0
package/dist/learning/suppressions.d.ts +70 -0
package/dist/learning/suppressions.d.ts.map +1 -0
package/dist/learning/suppressions.js +179 -0
package/dist/learning/suppressions.js.map +1 -0
package/dist/mcp/server.d.ts +2 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +187 -0
package/dist/mcp/server.js.map +1 -0
package/dist/mcp/tools/explain.d.ts +58 -0
package/dist/mcp/tools/explain.d.ts.map +1 -0
package/dist/mcp/tools/explain.js +60 -0
package/dist/mcp/tools/explain.js.map +1 -0
package/dist/mcp/tools/precheck.d.ts +29 -0
package/dist/mcp/tools/precheck.d.ts.map +1 -0
package/dist/mcp/tools/precheck.js +42 -0
package/dist/mcp/tools/precheck.js.map +1 -0
package/dist/mcp/tools/validate.d.ts +73 -0
package/dist/mcp/tools/validate.d.ts.map +1 -0
package/dist/mcp/tools/validate.js +66 -0
package/dist/mcp/tools/validate.js.map +1 -0
package/dist/mcp/warm.d.ts +88 -0
package/dist/mcp/warm.d.ts.map +1 -0
package/dist/mcp/warm.js +331 -0
package/dist/mcp/warm.js.map +1 -0
package/dist/orchestrator.d.ts +46 -0
package/dist/orchestrator.d.ts.map +1 -0
package/dist/orchestrator.js +596 -0
package/dist/orchestrator.js.map +1 -0
package/dist/policy.d.ts +51 -0
package/dist/policy.d.ts.map +1 -0
package/dist/policy.js +201 -0
package/dist/policy.js.map +1 -0
package/dist/risk.d.ts +31 -0
package/dist/risk.d.ts.map +1 -0
package/dist/risk.js +92 -0
package/dist/risk.js.map +1 -0
package/dist/stats.d.ts +72 -0
package/dist/stats.d.ts.map +1 -0
package/dist/stats.js +217 -0
package/dist/stats.js.map +1 -0
package/dist/telemetry/collector.d.ts +10 -0
package/dist/telemetry/collector.d.ts.map +1 -0
package/dist/telemetry/collector.js +75 -0
package/dist/telemetry/collector.js.map +1 -0
package/dist/telemetry/consent.d.ts +9 -0
package/dist/telemetry/consent.d.ts.map +1 -0
package/dist/telemetry/consent.js +42 -0
package/dist/telemetry/consent.js.map +1 -0
package/dist/telemetry/installation.d.ts +2 -0
package/dist/telemetry/installation.d.ts.map +1 -0
package/dist/telemetry/installation.js +32 -0
package/dist/telemetry/installation.js.map +1 -0
package/dist/telemetry/sanitizer.d.ts +5 -0
package/dist/telemetry/sanitizer.d.ts.map +1 -0
package/dist/telemetry/sanitizer.js +60 -0
package/dist/telemetry/sanitizer.js.map +1 -0
package/dist/telemetry/types.d.ts +39 -0
package/dist/telemetry/types.d.ts.map +1 -0
package/dist/telemetry/types.js +4 -0
package/dist/telemetry/types.js.map +1 -0
package/dist/telemetry/uploader.d.ts +12 -0
package/dist/telemetry/uploader.d.ts.map +1 -0
package/dist/telemetry/uploader.js +92 -0
package/dist/telemetry/uploader.js.map +1 -0
package/dist/util/logger.d.ts +19 -0
package/dist/util/logger.d.ts.map +1 -0
package/dist/util/logger.js +58 -0
package/dist/util/logger.js.map +1 -0
package/dist/util/safe-paths.d.ts +8 -0
package/dist/util/safe-paths.d.ts.map +1 -0
package/dist/util/safe-paths.js +102 -0
package/dist/util/safe-paths.js.map +1 -0
package/dist/util/subprocess.d.ts +32 -0
package/dist/util/subprocess.d.ts.map +1 -0
package/dist/util/subprocess.js +137 -0
package/dist/util/subprocess.js.map +1 -0
package/package.json +93 -0

package/dist/index/pysa.js ADDED Viewed

@@ -0,0 +1,617 @@
+/**
+ * Pysa (Pyre Security Analyzer) — Python taint analysis via WSL.
+ *
+ * Pysa is Meta's interprocedural data-flow / taint analyzer for Python.
+ * Per the research (Du 2024 Vul-RAG, Macroscope 2026) it's the best-in-class
+ * OSS path to PROVING CWE-89 / 78 / 79 / 918 etc. via source→sink reachability —
+ * not heuristic pattern matching but actual dataflow.
+ *
+ * **Why this module exists on Windows:**
+ * Pyre is OCaml-based; the official wheels are Linux + macOS only. Per the
+ * Pyre docs: *"On Windows we have successfully gotten pyre to work through
+ * WSL, but do not officially support it."* So we bridge: aegis-v2 runs on
+ * Windows, Pyre runs inside WSL Ubuntu, paths are translated `C:\foo` →
+ * `/mnt/c/foo`. On Linux/macOS hosts the bridge layer is bypassed and we
+ * call Pyre directly.
+ *
+ * **Architecture: batch + cache.**
+ * Mirrors `src/index/joern.ts`. `aegis index --pysa` builds taint summaries
+ * (slow, 30s-2min depending on project size) + writes `findings.jsonl` to
+ * `~/.aegis/pysa/<sha256(root)[:16]>/`. The `PysaEngine` reads that cache
+ * at gate-time in milliseconds. Re-run `aegis index --pysa` after big
+ * changes; small per-file edits don't require a rebuild.
+ *
+ * **Auto-bootstrap.**
+ * Pysa needs a `.pyre_configuration` file in the project root (Pyre's
+ * config) AND a `taint.config` file with source/sink/sanitizer definitions.
+ * If absent we write a minimal default `.pyre_configuration` to a SCRATCH
+ * directory under the cache (NEVER into the user's project — that would
+ * silently mutate their repo). We point Pyre at the project via that
+ * scratch dir's `source_directories` list.
+ *
+ * **Env overrides:**
+ *   AEGIS_PYSA_WSL_DISTRO    — defaults to "Ubuntu"
+ *   AEGIS_PYSA_PYRE_BIN      — explicit path to pyre inside WSL
+ *                              (default: ~/pyre-venv/bin/pyre)
+ *   AEGIS_PYSA_TIMEOUT_MS    — analyze timeout (default 600_000 = 10 min)
+ *   AEGIS_PYSA_FORCE_LINUX   — set when running on Linux/macOS to skip the
+ *                              WSL bridge entirely
+ */
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join, resolve as resolvePath } from "node:path";
+import { FindingSchema, makeFindingId } from "../findings.js";
+import { getLogger } from "../util/logger.js";
+import { run as spawnRun } from "../util/subprocess.js";
+const log = getLogger("aegis.pysa");
+// Bump on any taint.config / output-shape change to invalidate cached findings.
+const PYSA_TAINT_CONFIG_VERSION = "v1";
+const DEFAULT_PYSA_TIMEOUT_MS = 10 * 60 * 1000;
+const DEFAULT_WSL_DISTRO = "Ubuntu";
+const DEFAULT_PYRE_BIN = "~/pyre-venv/bin/pyre";
+// ── Discovery: WSL and Pyre ──────────────────────────────────────────────
+function expandHome(p) {
+    if (!p.startsWith("~"))
+        return p;
+    return resolvePath(homedir(), p.slice(2));
+}
+/** Locate wsl.exe on Windows. Returns null on non-Windows OR when WSL
+ * is not installed. Does NOT validate that a distro is present — that
+ * check belongs to ``probePyreInWsl``. */
+export function findWsl() {
+    if (process.platform !== "win32")
+        return null;
+    if (process.env.AEGIS_PYSA_FORCE_LINUX === "1")
+        return null;
+    const candidates = [
+        process.env.AEGIS_PYSA_WSL_PATH,
+        `${process.env.SystemRoot ?? "C:\\Windows"}\\System32\\wsl.exe`,
+        "C:\\Windows\\System32\\wsl.exe",
+    ].filter((p) => typeof p === "string" && p.length > 0);
+    for (const c of candidates) {
+        if (existsSync(c)) {
+            return { wslExe: c, distro: process.env.AEGIS_PYSA_WSL_DISTRO ?? DEFAULT_WSL_DISTRO };
+        }
+    }
+    return null;
+}
+/** Best-effort probe: does pyre exist + run? Cached per-process to avoid
+ * paying the ~1-2 s wsl-roundtrip on every engine.available() call. */
+let _pyreProbeCache;
+const PYRE_PROBE_TTL_MS = 60_000;
+let _pyreProbeAt = 0;
+export async function probePyre() {
+    const now = Date.now();
+    if (_pyreProbeCache !== undefined && now - _pyreProbeAt < PYRE_PROBE_TTL_MS) {
+        return _pyreProbeCache;
+    }
+    _pyreProbeAt = now;
+    const pyreBin = process.env.AEGIS_PYSA_PYRE_BIN ?? DEFAULT_PYRE_BIN;
+    if (process.platform === "win32" && process.env.AEGIS_PYSA_FORCE_LINUX !== "1") {
+        const wsl = findWsl();
+        if (!wsl) {
+            _pyreProbeCache = null;
+            return null;
+        }
+        const cmd = `${pyreBin} --version 2>/dev/null || echo NOT_FOUND`;
+        const res = await spawnRun(wsl.wslExe, {
+            args: ["-d", wsl.distro, "--", "bash", "-c", cmd],
+            timeoutMs: 15_000,
+        });
+        if (res.exitCode !== 0) {
+            log.debug("WSL pyre probe failed", { rc: res.exitCode, stderr: res.stderr.slice(0, 200) });
+            _pyreProbeCache = null;
+            return null;
+        }
+        // Pyre's --version prints e.g. "Client version: 0.9.25" — does NOT
+        // contain the word "pyre" and doesn't start with a digit. Match
+        // anything that has "version" + a semver-shaped token, OR a bare
+        // semver line, OR a line containing "pyre".
+        const versionLine = res.stdout.split(/\r?\n/).find((l) => {
+            const t = l.trim();
+            if (!t)
+                return false;
+            if (t.includes("NOT_FOUND"))
+                return false;
+            if (t.toLowerCase().includes("pyre"))
+                return true;
+            if (/^\d+\.\d+/.test(t))
+                return true;
+            if (/version[:\s]+\d+\.\d+/i.test(t))
+                return true;
+            return false;
+        });
+        if (!versionLine || versionLine.includes("NOT_FOUND")) {
+            _pyreProbeCache = null;
+            return null;
+        }
+        const probe = {
+            ok: true,
+            pyreBin,
+            version: versionLine.trim(),
+            usesWsl: true,
+        };
+        _pyreProbeCache = probe;
+        return probe;
+    }
+    // Linux/macOS native — invoke pyre directly.
+    const expanded = expandHome(pyreBin);
+    const res = await spawnRun(expanded, { args: ["--version"], timeoutMs: 8_000 });
+    if (res.exitCode !== 0) {
+        _pyreProbeCache = null;
+        return null;
+    }
+    _pyreProbeCache = {
+        ok: true,
+        pyreBin: expanded,
+        version: res.stdout.trim() || res.stderr.trim() || "unknown",
+        usesWsl: false,
+    };
+    return _pyreProbeCache;
+}
+/** Test-only probe-cache reset. */
+export function _resetPyreProbeCacheForTests() {
+    _pyreProbeCache = undefined;
+    _pyreProbeAt = 0;
+}
+// ── Cache paths ──────────────────────────────────────────────────────────
+function aegisHome() {
+    return process.env.AEGIS_HOME ?? resolvePath(homedir(), ".aegis");
+}
+function cacheDirFor(projectRoot) {
+    const h = createHash("sha256").update(resolvePath(projectRoot)).digest("hex").slice(0, 16);
+    return join(aegisHome(), "pysa", h);
+}
+export function pysaFindingsPath(projectRoot) {
+    return join(cacheDirFor(projectRoot), "findings.jsonl");
+}
+export function pysaInfoPath(projectRoot) {
+    return join(cacheDirFor(projectRoot), "info.json");
+}
+/** Read cached findings. Used by ``PysaEngine.run``. */
+export function readPysaFindings(projectRoot) {
+    const p = pysaFindingsPath(projectRoot);
+    if (!existsSync(p))
+        return [];
+    try {
+        const out = [];
+        for (const line of readFileSync(p, "utf8").split(/\r?\n/)) {
+            if (!line.trim())
+                continue;
+            const parsed = FindingSchema.safeParse(JSON.parse(line));
+            if (parsed.success)
+                out.push(parsed.data);
+        }
+        return out;
+    }
+    catch (err) {
+        log.warn("pysa findings cache unreadable", { err: String(err) });
+        return [];
+    }
+}
+// ── Path translation: Win → WSL ──────────────────────────────────────────
+/** Convert a Windows path (``C:\Users\foo``) to a WSL POSIX path
+ * (``/mnt/c/Users/foo``). Idempotent on already-POSIX paths. */
+export function winToWslPath(p) {
+    if (p.startsWith("/"))
+        return p; // already POSIX
+    // C:\Users\foo  →  /mnt/c/Users/foo
+    const m = p.match(/^([A-Za-z]):[\\/](.*)$/);
+    if (!m)
+        return p.replace(/\\/g, "/");
+    const drive = m[1].toLowerCase();
+    const rest = m[2].replace(/\\/g, "/");
+    return `/mnt/${drive}/${rest}`;
+}
+// ── Bootstrap config ─────────────────────────────────────────────────────
+/** Minimal Pyre configuration. We write it to a SCRATCH directory inside
+ * the cache (never into the user's repo) and point ``source_directories``
+ * at the actual project.
+ *
+ * ``excludes`` is a list of regex patterns Pyre uses to skip files. We
+ * exclude the obvious noise (node_modules/, .venv, __pycache__, dist/,
+ * build/, .git/, .aegis/) so Pysa focuses on the user's source. Without
+ * this, Pyre defaults to walking everything and the scan either takes
+ * 10x longer OR produces only findings from third-party packages. */
+function bootstrapPyreConfig(projectRootWsl) {
+    return JSON.stringify({
+        source_directories: [projectRootWsl],
+        strict: false,
+        taint_models_path: ["taint_models"],
+        excludes: [
+            ".*/node_modules/.*",
+            ".*/\\.venv/.*",
+            ".*/venv/.*",
+            ".*/__pycache__/.*",
+            ".*/\\.git/.*",
+            ".*/\\.aegis/.*",
+            ".*/dist/.*",
+            ".*/build/.*",
+            ".*/\\.pyre/.*",
+            ".*/\\.next/.*",
+        ],
+    }, null, 2);
+}
+/** Minimal Pysa taint config. Defines a small but useful set of sources
+ * (Flask/Django/FastAPI request inputs, env vars, file reads) and sinks
+ * (SQL execute, OS command, eval/exec, file write, HTTP outbound). Real
+ * production configs are much richer — this is the seed that catches the
+ * most common CWE-78/89/79/918 patterns Pysa is famous for. */
+function bootstrapTaintConfig() {
+    return JSON.stringify({
+        sources: [
+            { name: "UserControlled", comment: "Direct user-controllable input." },
+            { name: "Cookies", comment: "HTTP cookie value." },
+            { name: "Headers", comment: "HTTP header value." },
+        ],
+        sinks: [
+            { name: "SQL", comment: "Executed as SQL." },
+            { name: "RemoteCodeExecution", comment: "Eval/exec/etc." },
+            { name: "Command", comment: "Shell command." },
+            { name: "FileWrite", comment: "Filesystem write." },
+            { name: "RequestSend", comment: "Outbound HTTP." },
+        ],
+        features: [],
+        rules: [
+            {
+                name: "UserControlled to SQL",
+                code: 5001,
+                sources: ["UserControlled", "Cookies", "Headers"],
+                sinks: ["SQL"],
+                message_format: "User-controlled data flows into SQL query (CWE-89).",
+            },
+            {
+                name: "UserControlled to RCE",
+                code: 5002,
+                sources: ["UserControlled", "Cookies", "Headers"],
+                sinks: ["RemoteCodeExecution"],
+                message_format: "User-controlled data reaches eval/exec (CWE-94/95).",
+            },
+            {
+                name: "UserControlled to Command",
+                code: 5003,
+                sources: ["UserControlled", "Cookies", "Headers"],
+                sinks: ["Command"],
+                message_format: "User-controlled data reaches OS command (CWE-78).",
+            },
+            {
+                name: "UserControlled to RequestSend",
+                code: 5004,
+                sources: ["UserControlled", "Cookies", "Headers"],
+                sinks: ["RequestSend"],
+                message_format: "User-controlled data flows into outbound HTTP (CWE-918 SSRF).",
+            },
+        ],
+    }, null, 2);
+}
+/** Minimal stub models — Pysa needs explicit source/sink annotations on
+ * common library calls. This is a tiny seed (Flask/FastAPI/sqlite3/os) —
+ * real configs ship hundreds. Enough to make the rules above fire on
+ * canonical patterns. */
+function bootstrapTaintModels() {
+    // CRITICAL: Pysa model signatures must EXACTLY match the implementation
+    // signature in typeshed. The `__` prefix marks positional-only — required
+    // when typeshed declares the parameter as nameless. Without this, every
+    // model fails verification and Pysa silently emits zero issues.
+    //
+    // Verified against pyre-check 0.9.25 / Python 3.12 typeshed. If you bump
+    // the Pyre version and these stop matching, run `pyre analyze` WITHOUT
+    // ``--no-verify`` and read the error message — Pyre prints the exact
+    // implementation signature you need to match.
+    return [
+        "# Auto-generated by aegis-v2 — stdlib-only taint stubs.",
+        "# Extend by adding more .pysa files to <project>/taint_models if your",
+        "# project uses framework sources (Flask request, FastAPI Body, etc.) —",
+        "# those models only verify when the framework is importable.",
+        "",
+        "# === Built-in stdlib sources ===",
+        "def input(__prompt = ...) -> TaintSource[UserControlled]: ...",
+        "",
+        "# os.getenv is a free function — straightforward shape.",
+        "def os.getenv(key, default = ...) -> TaintSource[UserControlled]: ...",
+        "",
+        "# === sqlite3 sinks (stdlib) ===",
+        "# Cursor.execute signature in typeshed:",
+        "#   (_Self_sqlite3_Cursor__, str, SupportsLenAndGetItem[Any] | Mapping[str, Any]=...) -> _Self_sqlite3_Cursor__",
+        "# All 3 args positional-only. We name the SQL arg to mark it as the sink.",
+        "def sqlite3.Cursor.execute(__self, __sql: TaintSink[SQL], __parameters = ...): ...",
+        "def sqlite3.Cursor.executemany(__self, __sql: TaintSink[SQL], __parameters): ...",
+        "def sqlite3.Cursor.executescript(__self, __sql_script: TaintSink[SQL]): ...",
+        "def sqlite3.Connection.execute(__self, __sql: TaintSink[SQL], __parameters = ...): ...",
+        "def sqlite3.Connection.executemany(__self, __sql: TaintSink[SQL], __parameters): ...",
+        "def sqlite3.Connection.executescript(__self, __sql_script: TaintSink[SQL]): ...",
+        "",
+        "# === OS command sinks (stdlib) ===",
+        "# os.system and os.popen take named params in typeshed — drop the __ prefix.",
+        "def os.system(command: TaintSink[Command]): ...",
+        "def os.popen(cmd: TaintSink[Command], mode = ..., buffering = ...): ...",
+        "",
+        "# === Eval / exec sinks (stdlib) — first arg is positional-only ===",
+        "def eval(__source: TaintSink[RemoteCodeExecution], __globals = ..., __locals = ...): ...",
+        "def exec(__source: TaintSink[RemoteCodeExecution], __globals = ..., __locals = ...): ...",
+        "",
+    ].join("\n");
+}
+const CODE_TO_CWE = {
+    5001: { cwe: "CWE-89", title: "Pysa taint: User input flows into SQL execute" },
+    5002: { cwe: "CWE-94", title: "Pysa taint: User input flows into eval/exec" },
+    5003: { cwe: "CWE-78", title: "Pysa taint: User input flows into OS command" },
+    5004: { cwe: "CWE-918", title: "Pysa taint: User input flows into outbound HTTP (SSRF)" },
+};
+/** Convert a Pysa qualified callable name (``tests.fixtures.foo.bar``) to
+ * a project-relative POSIX path (``tests/fixtures/foo.py``).
+ *
+ * We do NOT know which dot is a module separator and which is a method
+ * accessor (``mod.Class.method``), so the heuristic is: take the FIRST
+ * existing prefix as the module path, treat the remainder as in-file
+ * symbols. Worst case we strip too much (one ".py" file per symbol) —
+ * still better than emitting "*" which is meaningless. */
+function callableToPath(callable, projectRoot) {
+    if (!callable)
+        return "(unknown)";
+    const parts = callable.split(".");
+    // Try progressively shorter prefixes until we find one that exists as
+    // a .py file on disk.
+    for (let i = parts.length; i >= 1; i--) {
+        const candidate = parts.slice(0, i).join("/") + ".py";
+        const abs = resolvePath(projectRoot, candidate);
+        if (existsSync(abs))
+            return candidate;
+    }
+    // Fallback: assume first 3 segments are dirs + last is file.
+    if (parts.length >= 2) {
+        return parts.slice(0, parts.length - 1).join("/") + ".py";
+    }
+    return callable;
+}
+function parsePysaOutput(rawJson, projectRoot) {
+    const out = [];
+    const seen = new Set();
+    for (const rawLine of rawJson.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line)
+            continue;
+        let env;
+        try {
+            env = JSON.parse(line);
+        }
+        catch {
+            // skip non-JSON lines (Pyre sometimes emits banner text before JSON)
+            continue;
+        }
+        if (env.kind !== "issue" || !env.data)
+            continue;
+        const issue = env.data;
+        const code = issue.code ?? 0;
+        const cweInfo = CODE_TO_CWE[code];
+        if (!cweInfo)
+            continue;
+        const rawFilename = (issue.filename ?? "").replace(/\\/g, "/");
+        // Pysa sometimes uses "*" for "any file containing this callable" when
+        // the callable has been inlined / proxied. Recover via the callable.
+        const rel = rawFilename === "*" || !rawFilename
+            ? callableToPath(issue.callable ?? "", projectRoot)
+            : toRelPosix(rawFilename, projectRoot);
+        const lineNo = typeof issue.line === "number" && issue.line > 0 ? issue.line : undefined;
+        const dedup = `${rel}::${lineNo ?? "?"}::${cweInfo.cwe}::${code}`;
+        if (seen.has(dedup))
+            continue;
+        seen.add(dedup);
+        const ruleId = `pysa.${code}`;
+        const finding = {
+            id: makeFindingId({
+                engine: "pysa",
+                file: rel,
+                ...(lineNo !== undefined ? { line: lineNo } : {}),
+                rule_id: ruleId,
+            }),
+            engine: "pysa",
+            file: rel,
+            ...(lineNo !== undefined ? { line: lineNo } : {}),
+            rule_id: ruleId,
+            cwe: cweInfo.cwe,
+            severity: "high",
+            // Taint reachability is real proof of a path — higher than Joern's
+            // pattern-match confidence but still LLM-critic should refine before
+            // we BLOCK on it alone. (SourceKindEnum doesn't have a separate
+            // "taint" tag yet; "dataflow" is the closest semantic match — both
+            // are reachability-based vs the syntactic "pattern".)
+            confidence: 0.8,
+            source: "dataflow",
+            message: `${cweInfo.title}. ${String(issue.message ?? "").slice(0, 300)}`,
+            evidence: {
+                snippet: String(issue.callable ?? "").slice(0, 200) || undefined,
+            },
+        };
+        const parsed = FindingSchema.safeParse(finding);
+        if (parsed.success)
+            out.push(parsed.data);
+    }
+    return out;
+}
+function toRelPosix(filePath, projectRoot) {
+    const fp = filePath.replace(/\\/g, "/");
+    const root = projectRoot.replace(/\\/g, "/").replace(/\/+$/, "");
+    // Match either Windows path under root OR a /mnt/c/-translated path (Pysa
+    // sees the WSL path; we map back).
+    const rootWsl = winToWslPath(projectRoot).replace(/\/+$/, "");
+    if (fp.toLowerCase().startsWith(root.toLowerCase() + "/"))
+        return fp.slice(root.length + 1);
+    if (fp.toLowerCase().startsWith(rootWsl.toLowerCase() + "/"))
+        return fp.slice(rootWsl.length + 1);
+    return fp;
+}
+// ── Build entry point ────────────────────────────────────────────────────
+/** Run Pysa on the project. Builds the bootstrap config in a SCRATCH dir
+ * (NEVER touches the user's repo), invokes ``pyre analyze``, parses the
+ * resulting taint-output.json, writes findings.jsonl into the per-project
+ * cache. Returns a structured report. Never throws — failures produce
+ * ``{ok:false, reason}``. */
+export async function buildPysaTaint(projectRoot, opts) {
+    const t0 = Date.now();
+    const dir = cacheDirFor(projectRoot);
+    const findingsPath = pysaFindingsPath(projectRoot);
+    const infoPath = pysaInfoPath(projectRoot);
+    const force = opts?.force ?? false;
+    const probe = await probePyre();
+    if (!probe) {
+        return {
+            ok: false,
+            cacheDir: dir,
+            findingsPath,
+            findingsCount: 0,
+            durationMs: Date.now() - t0,
+            reason: process.platform === "win32"
+                ? "Pyre/Pysa not available — WSL or pyre-check inside WSL missing. Install: wsl --install, then in Ubuntu: python3 -m venv ~/pyre-venv && source ~/pyre-venv/bin/activate && pip install pyre-check"
+                : "pyre not found on PATH. Install: pip install pyre-check (or set AEGIS_PYSA_PYRE_BIN).",
+        };
+    }
+    // Cache freshness
+    if (!force && existsSync(infoPath) && existsSync(findingsPath)) {
+        try {
+            const info = JSON.parse(readFileSync(infoPath, "utf8"));
+            if (info.config_version === PYSA_TAINT_CONFIG_VERSION) {
+                const n = (readFileSync(findingsPath, "utf8").match(/\n/g) ?? []).length;
+                log.info("pysa cache hit", { dir, age_ms: Date.now() - info.built_at, n });
+                return {
+                    ok: true,
+                    cacheDir: dir,
+                    findingsPath,
+                    findingsCount: n,
+                    durationMs: Date.now() - t0,
+                };
+            }
+        }
+        catch {
+            // fall through to rebuild
+        }
+    }
+    // Build scratch config directory under the cache.
+    // CRITICAL: Pysa expects the ``taint.config`` file to live INSIDE the
+    // ``--taint-models-path`` directory alongside the .pysa stub files —
+    // not at the project / scratch root. Per Pysa's source, it scans the
+    // models dir for any ``.config`` file and rejects the run if none is
+    // present (error: "No `.config` was found in the taint directories").
+    const scratch = join(dir, "scratch");
+    const taintModelsDir = join(scratch, "taint_models");
+    mkdirSync(scratch, { recursive: true });
+    mkdirSync(taintModelsDir, { recursive: true });
+    // The Pyre config's `source_directories` MUST be expressed in whatever
+    // path style Pyre will see — if we go through WSL it must be /mnt/c/...,
+    // on Linux native it's the absolute path verbatim.
+    const projectRootForPyre = probe.usesWsl ? winToWslPath(projectRoot) : resolvePath(projectRoot);
+    writeFileSync(join(scratch, ".pyre_configuration"), bootstrapPyreConfig(projectRootForPyre), "utf8");
+    writeFileSync(join(taintModelsDir, "taint.config"), bootstrapTaintConfig(), "utf8");
+    writeFileSync(join(taintModelsDir, "general.pysa"), bootstrapTaintModels(), "utf8");
+    // The scratch dir we'll cd into inside WSL.
+    const scratchForPyre = probe.usesWsl ? winToWslPath(scratch) : scratch;
+    const outDir = join(scratch, "pysa-output");
+    mkdirSync(outDir, { recursive: true });
+    const outDirForPyre = probe.usesWsl ? winToWslPath(outDir) : outDir;
+    const wsl = probe.usesWsl ? findWsl() : null;
+    // Compose the analyze command. ``--save-results-to <dir>`` writes
+    // ``taint-output.json`` (the JSON we parse) and a metadata file. We
+    // intentionally do NOT pass ``--rule`` flags — Pysa runs all rules
+    // defined in our scratch ``taint.config`` automatically, which is
+    // exactly the four we want (5001..5004). Pysa's ``--rule`` accepts
+    // ONE integer at a time and the only way to limit to a subset is to
+    // repeat the flag; not worth it when the config already enumerates
+    // the rules we care about.
+    // No --no-verify: we want Pysa to FAIL LOUD if a model stops matching
+    // typeshed after a Pyre upgrade. Silent verification dropping is exactly
+    // the failure mode we hit while debugging V2-11.
+    const pyreCommand = [
+        probe.pyreBin,
+        "--noninteractive",
+        "analyze",
+        "--save-results-to",
+        `"${outDirForPyre}"`,
+        "--taint-models-path",
+        `"${winToWslPath(taintModelsDir)}"`,
+    ].join(" ");
+    const remoteScript = `cd "${scratchForPyre}" && ${pyreCommand}`;
+    log.info("pysa: invoking analyze", { usesWsl: probe.usesWsl, distro: wsl?.distro });
+    const t1 = Date.now();
+    const res = probe.usesWsl && wsl
+        ? await spawnRun(wsl.wslExe, {
+            args: ["-d", wsl.distro, "--", "bash", "-c", remoteScript],
+            timeoutMs: opts?.timeoutMs ?? DEFAULT_PYSA_TIMEOUT_MS,
+            maxBufferBytes: 50 * 1024 * 1024,
+        })
+        : await spawnRun("bash", {
+            args: ["-c", remoteScript],
+            timeoutMs: opts?.timeoutMs ?? DEFAULT_PYSA_TIMEOUT_MS,
+            maxBufferBytes: 50 * 1024 * 1024,
+        });
+    if (res.timedOut) {
+        return {
+            ok: false,
+            cacheDir: dir,
+            findingsPath,
+            findingsCount: 0,
+            durationMs: Date.now() - t0,
+            reason: `pyre analyze timed out after ${opts?.timeoutMs ?? DEFAULT_PYSA_TIMEOUT_MS}ms`,
+        };
+    }
+    // Pyre returns rc=0 even when issues are found. Non-zero means the
+    // analysis itself failed (bad config, syntax error in the project,
+    // missing taint stubs, etc).
+    if (res.exitCode !== 0) {
+        return {
+            ok: false,
+            cacheDir: dir,
+            findingsPath,
+            findingsCount: 0,
+            durationMs: Date.now() - t0,
+            reason: `pyre analyze failed (rc=${res.exitCode}): ${res.stderr.slice(-500) || res.stdout.slice(-500)}`,
+        };
+    }
+    // Read taint-output.json
+    const taintOutputPath = join(outDir, "taint-output.json");
+    if (!existsSync(taintOutputPath)) {
+        return {
+            ok: false,
+            cacheDir: dir,
+            findingsPath,
+            findingsCount: 0,
+            durationMs: Date.now() - t0,
+            reason: `pyre analyze finished but ${taintOutputPath} not produced`,
+        };
+    }
+    const findings = parsePysaOutput(readFileSync(taintOutputPath, "utf8"), projectRoot);
+    writeFileSync(findingsPath, findings.map((f) => JSON.stringify(f)).join("\n") + (findings.length ? "\n" : ""), "utf8");
+    const info = {
+        built_at: Date.now(),
+        config_version: PYSA_TAINT_CONFIG_VERSION,
+        pyre_version: probe.version,
+        ...(probe.usesWsl && wsl ? { wsl_distro: wsl.distro } : {}),
+        n_findings: findings.length,
+        files_analyzed: new Set(findings.map((f) => f.file)).size,
+    };
+    writeFileSync(infoPath, JSON.stringify(info, null, 2), "utf8");
+    log.info("pysa: analyze done", {
+        findings: findings.length,
+        analyze_ms: Date.now() - t1,
+        total_ms: Date.now() - t0,
+    });
+    return {
+        ok: true,
+        cacheDir: dir,
+        findingsPath,
+        findingsCount: findings.length,
+        durationMs: Date.now() - t0,
+    };
+}
+// Test-friendly exports
+export const _testing = {
+    winToWslPath,
+    parsePysaOutput,
+    toRelPosix,
+    bootstrapPyreConfig,
+    bootstrapTaintConfig,
+    bootstrapTaintModels,
+    CODE_TO_CWE,
+    PYSA_TAINT_CONFIG_VERSION,
+};
+//# sourceMappingURL=pysa.js.map

package/dist/index/pysa.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pysa.js","sourceRoot":"","sources":["../../src/index/pysa.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAEzD,OAAO,EAAW,aAAa,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAExD,MAAM,GAAG,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;AAEpC,gFAAgF;AAChF,MAAM,yBAAyB,GAAG,IAAI,CAAC;AAEvC,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC/C,MAAM,kBAAkB,GAAG,QAAQ,CAAC;AACpC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAsBhD,4EAA4E;AAE5E,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IACjC,OAAO,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;AAOD;;0CAE0C;AAC1C,MAAM,UAAU,OAAO;IACrB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC5D,MAAM,UAAU,GAAG;QACjB,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC/B,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,aAAa,qBAAqB;QAC/D,gCAAgC;KACjC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpE,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,kBAAkB,EAAE,CAAC;QACxF,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAYD;uEACuE;AACvE,IAAI,eAA6C,CAAC;AAClD,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACjC,IAAI,YAAY,GAAG,CAAC,CAAC;AAErB,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,eAAe,KAAK,SAAS,IAAI,GAAG,GAAG,YAAY,GAAG,iBAAiB,EAAE,CAAC;QAC5E,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,YAAY,GAAG,GAAG,CAAC;IACnB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,gBAAgB,CAAC;IAEpE,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,GAAG,EAAE,CAAC;QAC/E,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,eAAe,GAAG,IAAI,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,OAAO,0CAA0C,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE;YACrC,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC;YACjD,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC3F,eAAe,GAAG,IAAI,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,mEAAmE;QACnE,gEAAgE;QAChE,iEAAiE;QACjE,4CAA4C;QAC5C,MAAM,WAAW,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACvD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACrB,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1C,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAC;YAClD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACtD,eAAe,GAAG,IAAI,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAc;YACvB,EAAE,EAAE,IAAI;YACR,OAAO;YACP,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE;YAC3B,OAAO,EAAE,IAAI;SACd,CAAC;QACF,eAAe,GAAG,KAAK,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,6CAA6C;IAC7C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAChF,IAAI,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QACvB,eAAe,GAAG,IAAI,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,eAAe,GAAG;QAChB,EAAE,EAAE,IAAI;QACR,OAAO,EAAE,QAAQ;QACjB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,SAAS;QAC5D,OAAO,EAAE,KAAK;KACf,CAAC;IACF,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,4BAA4B;IAC1C,eAAe,GAAG,SAAS,CAAC;IAC5B,YAAY,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,4EAA4E;AAE5E,SAAS,SAAS;IAChB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,WAAW,CAAC,WAAmB;IACtC,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3F,OAAO,IAAI,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,WAAmB;IAClD,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,gBAAgB,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,WAAmB;IAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC,CAAC;AACrD,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,gBAAgB,CAAC,WAAmB;IAClD,MAAM,CAAC,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,GAAc,EAAE,CAAC;QAC1B,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YACzD,IAAI,MAAM,CAAC,OAAO;gBAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjE,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,4EAA4E;AAE5E;gEACgE;AAChE,MAAM,UAAU,YAAY,CAAC,CAAS;IACpC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC,CAAC,gBAAgB;IACjD,oCAAoC;IACpC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACvC,OAAO,QAAQ,KAAK,IAAI,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,4EAA4E;AAE5E;;;;;;;;qEAQqE;AACrE,SAAS,mBAAmB,CAAC,cAAsB;IACjD,OAAO,IAAI,CAAC,SAAS,CACnB;QACE,kBAAkB,EAAE,CAAC,cAAc,CAAC;QACpC,MAAM,EAAE,KAAK;QACb,iBAAiB,EAAE,CAAC,cAAc,CAAC;QACnC,QAAQ,EAAE;YACR,oBAAoB;YACpB,eAAe;YACf,YAAY;YACZ,mBAAmB;YACnB,cAAc;YACd,gBAAgB;YAChB,YAAY;YACZ,aAAa;YACb,eAAe;YACf,eAAe;SAChB;KACF,EACD,IAAI,EACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;;+DAI+D;AAC/D,SAAS,oBAAoB;IAC3B,OAAO,IAAI,CAAC,SAAS,CACnB;QACE,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,iCAAiC,EAAE;YACtE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,oBAAoB,EAAE;YAClD,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnD;QACD,KAAK,EAAE;YACL,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,EAAE;YAC5C,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,gBAAgB,EAAE;YAC1D,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,EAAE;YAC9C,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,mBAAmB,EAAE;YACnD,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,gBAAgB,EAAE;SACnD;QACD,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,uBAAuB;gBAC7B,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,CAAC,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,CAAC,KAAK,CAAC;gBACd,cAAc,EAAE,qDAAqD;aACtE;YACD;gBACE,IAAI,EAAE,uBAAuB;gBAC7B,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,CAAC,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,CAAC,qBAAqB,CAAC;gBAC9B,cAAc,EAAE,qDAAqD;aACtE;YACD;gBACE,IAAI,EAAE,2BAA2B;gBACjC,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,CAAC,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,CAAC,SAAS,CAAC;gBAClB,cAAc,EAAE,mDAAmD;aACpE;YACD;gBACE,IAAI,EAAE,+BAA+B;gBACrC,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,CAAC,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,CAAC,aAAa,CAAC;gBACtB,cAAc,EAAE,+DAA+D;aAChF;SACF;KACF,EACD,IAAI,EACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;yBAGyB;AACzB,SAAS,oBAAoB;IAC3B,wEAAwE;IACxE,0EAA0E;IAC1E,wEAAwE;IACxE,gEAAgE;IAChE,EAAE;IACF,yEAAyE;IACzE,uEAAuE;IACvE,qEAAqE;IACrE,8CAA8C;IAC9C,OAAO;QACL,yDAAyD;QACzD,uEAAuE;QACvE,wEAAwE;QACxE,8DAA8D;QAC9D,EAAE;QACF,mCAAmC;QACnC,+DAA+D;QAC/D,EAAE;QACF,yDAAyD;QACzD,uEAAuE;QACvE,EAAE;QACF,kCAAkC;QAClC,yCAAyC;QACzC,iHAAiH;QACjH,2EAA2E;QAC3E,oFAAoF;QACpF,kFAAkF;QAClF,6EAA6E;QAC7E,wFAAwF;QACxF,sFAAsF;QACtF,iFAAiF;QACjF,EAAE;QACF,qCAAqC;QACrC,8EAA8E;QAC9E,iDAAiD;QACjD,yEAAyE;QACzE,EAAE;QACF,qEAAqE;QACrE,0FAA0F;QAC1F,0FAA0F;QAC1F,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAiCD,MAAM,WAAW,GAAmD;IAClE,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,+CAA+C,EAAE;IAC/E,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,6CAA6C,EAAE;IAC7E,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,8CAA8C,EAAE;IAC9E,IAAI,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,wDAAwD,EAAE;CAC1F,CAAC;AAEF;;;;;;;0DAO0D;AAC1D,SAAS,cAAc,CAAC,QAAgB,EAAE,WAAmB;IAC3D,IAAI,CAAC,QAAQ;QAAE,OAAO,WAAW,CAAC;IAClC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,sEAAsE;IACtE,sBAAsB;IACtB,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtD,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAChD,IAAI,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,SAAS,CAAC;IACxC,CAAC;IACD,6DAA6D;IAC7D,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC5D,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,WAAmB;IAC3D,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,GAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAsB,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,qEAAqE;YACrE,SAAS;QACX,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI;YAAE,SAAS;QAChD,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC;QACvB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,WAAW,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC/D,uEAAuE;QACvE,qEAAqE;QACrE,MAAM,GAAG,GAAG,WAAW,KAAK,GAAG,IAAI,CAAC,WAAW;YAC7C,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,EAAE,WAAW,CAAC;YACnD,CAAC,CAAC,UAAU,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAEzC,MAAM,MAAM,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QACzF,MAAM,KAAK,GAAG,GAAG,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;QAClE,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAChB,MAAM,MAAM,GAAG,QAAQ,IAAI,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAY;YACvB,EAAE,EAAE,aAAa,CAAC;gBAChB,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,GAAG;gBACT,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,OAAO,EAAE,MAAM;aAChB,CAAC;YACF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,GAAG;YACT,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,OAAO,EAAE,MAAM;YACf,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,QAAQ,EAAE,MAAM;YAChB,mEAAmE;YACnE,qEAAqE;YACrE,gEAAgE;YAChE,mEAAmE;YACnE,sDAAsD;YACtD,UAAU,EAAE,GAAG;YACf,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,GAAG,OAAO,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzE,QAAQ,EAAE;gBACR,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,SAAS;aAC1C;SACzB,CAAC;QACF,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,MAAM,CAAC,OAAO;YAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB,EAAE,WAAmB;IACvD,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjE,0EAA0E;IAC1E,mCAAmC;IACnC,MAAM,OAAO,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9D,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5F,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClG,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,4EAA4E;AAE5E;;;;6BAI6B;AAC7B,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,IAA8C;IAE9C,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACtB,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACrC,MAAM,YAAY,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,KAAK,CAAC;IAEnC,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,EAAE,EAAE,KAAK;YACT,QAAQ,EAAE,GAAG;YACb,YAAY;YACZ,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;YAC3B,MAAM,EACJ,OAAO,CAAC,QAAQ,KAAK,OAAO;gBAC1B,CAAC,CAAC,kMAAkM;gBACpM,CAAC,CAAC,uFAAuF;SAC9F,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAa,CAAC;YACpE,IAAI,IAAI,CAAC,cAAc,KAAK,yBAAyB,EAAE,CAAC;gBACtD,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBACzE,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC3E,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,QAAQ,EAAE,GAAG;oBACb,YAAY;oBACZ,aAAa,EAAE,CAAC;oBAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;iBAC5B,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,sEAAsE;IACtE,qEAAqE;IACrE,qEAAqE;IACrE,qEAAqE;IACrE,sEAAsE;IACtE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACrD,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACxC,SAAS,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE/C,uEAAuE;IACvE,yEAAyE;IACzE,mDAAmD;IACnD,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAChG,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,CAAC,EAAE,mBAAmB,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC,CAAC;IACrG,aAAa,CAAC,IAAI,CAAC,cAAc,EAAE,cAAc,CAAC,EAAE,oBAAoB,EAAE,EAAE,MAAM,CAAC,CAAC;IACpF,aAAa,CAAC,IAAI,CAAC,cAAc,EAAE,cAAc,CAAC,EAAE,oBAAoB,EAAE,EAAE,MAAM,CAAC,CAAC;IAEpF,4CAA4C;IAC5C,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC5C,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAEpE,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAE7C,kEAAkE;IAClE,oEAAoE;IACpE,mEAAmE;IACnE,kEAAkE;IAClE,mEAAmE;IACnE,oEAAoE;IACpE,mEAAmE;IACnE,2BAA2B;IAC3B,sEAAsE;IACtE,yEAAyE;IACzE,iDAAiD;IACjD,MAAM,WAAW,GAAG;QAClB,KAAK,CAAC,OAAO;QACb,kBAAkB;QAClB,SAAS;QACT,mBAAmB;QACnB,IAAI,aAAa,GAAG;QACpB,qBAAqB;QACrB,IAAI,YAAY,CAAC,cAAc,CAAC,GAAG;KACpC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,MAAM,YAAY,GAAG,OAAO,cAAc,QAAQ,WAAW,EAAE,CAAC;IAEhE,GAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;IAEpF,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACtB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,IAAI,GAAG;QAC9B,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE;YACzB,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,CAAC;YAC1D,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,uBAAuB;YACrD,cAAc,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SACjC,CAAC;QACJ,CAAC,CAAC,MAAM,QAAQ,CAAC,MAAM,EAAE;YACrB,IAAI,EAAE,CAAC,IAAI,EAAE,YAAY,CAAC;YAC1B,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,uBAAuB;YACrD,cAAc,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SACjC,CAAC,CAAC;IAEP,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,QAAQ,EAAE,GAAG;YACb,YAAY;YACZ,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;YAC3B,MAAM,EAAE,gCAAgC,IAAI,EAAE,SAAS,IAAI,uBAAuB,IAAI;SACvF,CAAC;IACJ,CAAC;IACD,mEAAmE;IACnE,mEAAmE;IACnE,6BAA6B;IAC7B,IAAI,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,QAAQ,EAAE,GAAG;YACb,YAAY;YACZ,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;YAC3B,MAAM,EAAE,2BAA2B,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;SACxG,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC1D,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,QAAQ,EAAE,GAAG;YACb,YAAY;YACZ,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;YAC3B,MAAM,EAAE,6BAA6B,eAAe,eAAe;SACpE,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,EAAE,WAAW,CAAC,CAAC;IACrF,aAAa,CACX,YAAY,EACZ,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EACjF,MAAM,CACP,CAAC;IAEF,MAAM,IAAI,GAAa;QACrB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;QACpB,cAAc,EAAE,yBAAyB;QACzC,YAAY,EAAE,KAAK,CAAC,OAAO;QAC3B,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,UAAU,EAAE,QAAQ,CAAC,MAAM;QAC3B,cAAc,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;KAC1D,CAAC;IACF,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAE/D,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAC7B,QAAQ,EAAE,QAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;QAC3B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;KAC1B,CAAC,CAAC;IAEH,OAAO;QACL,EAAE,EAAE,IAAI;QACR,QAAQ,EAAE,GAAG;QACb,YAAY;QACZ,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;KAC5B,CAAC;AACJ,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,YAAY;IACZ,eAAe;IACf,UAAU;IACV,mBAAmB;IACnB,oBAAoB;IACpB,oBAAoB;IACpB,WAAW;IACX,yBAAyB;CAC1B,CAAC"}