erosolar-cli 1.7.339 → 1.7.341

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (323) hide show
  1. package/README.md +148 -24
  2. package/dist/alpha-zero/agentWrapper.d.ts +84 -0
  3. package/dist/alpha-zero/agentWrapper.d.ts.map +1 -0
  4. package/dist/alpha-zero/agentWrapper.js +171 -0
  5. package/dist/alpha-zero/agentWrapper.js.map +1 -0
  6. package/dist/alpha-zero/codeEvaluator.d.ts +25 -0
  7. package/dist/alpha-zero/codeEvaluator.d.ts.map +1 -0
  8. package/dist/alpha-zero/codeEvaluator.js +273 -0
  9. package/dist/alpha-zero/codeEvaluator.js.map +1 -0
  10. package/dist/alpha-zero/competitiveRunner.d.ts +66 -0
  11. package/dist/alpha-zero/competitiveRunner.d.ts.map +1 -0
  12. package/dist/alpha-zero/competitiveRunner.js +224 -0
  13. package/dist/alpha-zero/competitiveRunner.js.map +1 -0
  14. package/dist/alpha-zero/index.d.ts +67 -0
  15. package/dist/alpha-zero/index.d.ts.map +1 -0
  16. package/dist/alpha-zero/index.js +99 -0
  17. package/dist/alpha-zero/index.js.map +1 -0
  18. package/dist/alpha-zero/introspection.d.ts +128 -0
  19. package/dist/alpha-zero/introspection.d.ts.map +1 -0
  20. package/dist/alpha-zero/introspection.js +300 -0
  21. package/dist/alpha-zero/introspection.js.map +1 -0
  22. package/dist/alpha-zero/metricsTracker.d.ts +71 -0
  23. package/dist/alpha-zero/metricsTracker.d.ts.map +1 -0
  24. package/dist/{core → alpha-zero}/metricsTracker.js +5 -2
  25. package/dist/alpha-zero/metricsTracker.js.map +1 -0
  26. package/dist/alpha-zero/security/core.d.ts +125 -0
  27. package/dist/alpha-zero/security/core.d.ts.map +1 -0
  28. package/dist/alpha-zero/security/core.js +271 -0
  29. package/dist/alpha-zero/security/core.js.map +1 -0
  30. package/dist/alpha-zero/security/google.d.ts +125 -0
  31. package/dist/alpha-zero/security/google.d.ts.map +1 -0
  32. package/dist/alpha-zero/security/google.js +311 -0
  33. package/dist/alpha-zero/security/google.js.map +1 -0
  34. package/dist/alpha-zero/security/googleLoader.d.ts +17 -0
  35. package/dist/alpha-zero/security/googleLoader.d.ts.map +1 -0
  36. package/dist/alpha-zero/security/googleLoader.js +41 -0
  37. package/dist/alpha-zero/security/googleLoader.js.map +1 -0
  38. package/dist/alpha-zero/security/index.d.ts +29 -0
  39. package/dist/alpha-zero/security/index.d.ts.map +1 -0
  40. package/dist/alpha-zero/security/index.js +32 -0
  41. package/dist/alpha-zero/security/index.js.map +1 -0
  42. package/dist/alpha-zero/security/simulation.d.ts +124 -0
  43. package/dist/alpha-zero/security/simulation.d.ts.map +1 -0
  44. package/dist/alpha-zero/security/simulation.js +277 -0
  45. package/dist/alpha-zero/security/simulation.js.map +1 -0
  46. package/dist/alpha-zero/selfModification.d.ts +109 -0
  47. package/dist/alpha-zero/selfModification.d.ts.map +1 -0
  48. package/dist/alpha-zero/selfModification.js +233 -0
  49. package/dist/alpha-zero/selfModification.js.map +1 -0
  50. package/dist/alpha-zero/types.d.ts +170 -0
  51. package/dist/alpha-zero/types.d.ts.map +1 -0
  52. package/dist/alpha-zero/types.js +31 -0
  53. package/dist/alpha-zero/types.js.map +1 -0
  54. package/dist/bin/erosolar.js +21 -5
  55. package/dist/bin/erosolar.js.map +1 -1
  56. package/dist/capabilities/agentSpawningCapability.d.ts.map +1 -1
  57. package/dist/capabilities/agentSpawningCapability.js +31 -56
  58. package/dist/capabilities/agentSpawningCapability.js.map +1 -1
  59. package/dist/capabilities/securityTestingCapability.d.ts +13 -0
  60. package/dist/capabilities/securityTestingCapability.d.ts.map +1 -0
  61. package/dist/capabilities/securityTestingCapability.js +25 -0
  62. package/dist/capabilities/securityTestingCapability.js.map +1 -0
  63. package/dist/contracts/agent-schemas.json +15 -0
  64. package/dist/contracts/tools.schema.json +9 -0
  65. package/dist/core/agent.d.ts +2 -2
  66. package/dist/core/agent.d.ts.map +1 -1
  67. package/dist/core/agent.js.map +1 -1
  68. package/dist/core/aiFlowOptimizer.d.ts +26 -0
  69. package/dist/core/aiFlowOptimizer.d.ts.map +1 -0
  70. package/dist/core/aiFlowOptimizer.js +31 -0
  71. package/dist/core/aiFlowOptimizer.js.map +1 -0
  72. package/dist/core/aiOptimizationEngine.d.ts +158 -0
  73. package/dist/core/aiOptimizationEngine.d.ts.map +1 -0
  74. package/dist/core/aiOptimizationEngine.js +428 -0
  75. package/dist/core/aiOptimizationEngine.js.map +1 -0
  76. package/dist/core/aiOptimizationIntegration.d.ts +93 -0
  77. package/dist/core/aiOptimizationIntegration.d.ts.map +1 -0
  78. package/dist/core/aiOptimizationIntegration.js +250 -0
  79. package/dist/core/aiOptimizationIntegration.js.map +1 -0
  80. package/dist/core/customCommands.d.ts +0 -1
  81. package/dist/core/customCommands.d.ts.map +1 -1
  82. package/dist/core/customCommands.js +0 -3
  83. package/dist/core/customCommands.js.map +1 -1
  84. package/dist/core/enhancedErrorRecovery.d.ts +100 -0
  85. package/dist/core/enhancedErrorRecovery.d.ts.map +1 -0
  86. package/dist/core/enhancedErrorRecovery.js +345 -0
  87. package/dist/core/enhancedErrorRecovery.js.map +1 -0
  88. package/dist/core/hooksSystem.d.ts +65 -0
  89. package/dist/core/hooksSystem.d.ts.map +1 -0
  90. package/dist/core/hooksSystem.js +273 -0
  91. package/dist/core/hooksSystem.js.map +1 -0
  92. package/dist/core/memorySystem.d.ts +48 -0
  93. package/dist/core/memorySystem.d.ts.map +1 -0
  94. package/dist/core/memorySystem.js +271 -0
  95. package/dist/core/memorySystem.js.map +1 -0
  96. package/dist/core/toolPreconditions.d.ts.map +1 -1
  97. package/dist/core/toolPreconditions.js +14 -0
  98. package/dist/core/toolPreconditions.js.map +1 -1
  99. package/dist/core/toolRuntime.d.ts +1 -22
  100. package/dist/core/toolRuntime.d.ts.map +1 -1
  101. package/dist/core/toolRuntime.js +5 -0
  102. package/dist/core/toolRuntime.js.map +1 -1
  103. package/dist/core/toolValidation.d.ts.map +1 -1
  104. package/dist/core/toolValidation.js +3 -14
  105. package/dist/core/toolValidation.js.map +1 -1
  106. package/dist/core/unified/errors.d.ts +189 -0
  107. package/dist/core/unified/errors.d.ts.map +1 -0
  108. package/dist/core/unified/errors.js +497 -0
  109. package/dist/core/unified/errors.js.map +1 -0
  110. package/dist/core/unified/index.d.ts +19 -0
  111. package/dist/core/unified/index.d.ts.map +1 -0
  112. package/dist/core/unified/index.js +68 -0
  113. package/dist/core/unified/index.js.map +1 -0
  114. package/dist/core/unified/schema.d.ts +101 -0
  115. package/dist/core/unified/schema.d.ts.map +1 -0
  116. package/dist/core/unified/schema.js +350 -0
  117. package/dist/core/unified/schema.js.map +1 -0
  118. package/dist/core/unified/toolRuntime.d.ts +179 -0
  119. package/dist/core/unified/toolRuntime.d.ts.map +1 -0
  120. package/dist/core/unified/toolRuntime.js +517 -0
  121. package/dist/core/unified/toolRuntime.js.map +1 -0
  122. package/dist/core/unified/tools.d.ts +127 -0
  123. package/dist/core/unified/tools.d.ts.map +1 -0
  124. package/dist/core/unified/tools.js +1333 -0
  125. package/dist/core/unified/tools.js.map +1 -0
  126. package/dist/core/unified/types.d.ts +352 -0
  127. package/dist/core/unified/types.d.ts.map +1 -0
  128. package/dist/core/unified/types.js +12 -0
  129. package/dist/core/unified/types.js.map +1 -0
  130. package/dist/core/unified/version.d.ts +209 -0
  131. package/dist/core/unified/version.d.ts.map +1 -0
  132. package/dist/core/unified/version.js +454 -0
  133. package/dist/core/unified/version.js.map +1 -0
  134. package/dist/core/validationRunner.d.ts +3 -1
  135. package/dist/core/validationRunner.d.ts.map +1 -1
  136. package/dist/core/validationRunner.js.map +1 -1
  137. package/dist/headless/headlessApp.d.ts.map +1 -1
  138. package/dist/headless/headlessApp.js +0 -21
  139. package/dist/headless/headlessApp.js.map +1 -1
  140. package/dist/mcp/sseClient.d.ts.map +1 -1
  141. package/dist/mcp/sseClient.js +18 -9
  142. package/dist/mcp/sseClient.js.map +1 -1
  143. package/dist/plugins/tools/build/buildPlugin.d.ts +6 -0
  144. package/dist/plugins/tools/build/buildPlugin.d.ts.map +1 -1
  145. package/dist/plugins/tools/build/buildPlugin.js +10 -4
  146. package/dist/plugins/tools/build/buildPlugin.js.map +1 -1
  147. package/dist/plugins/tools/nodeDefaults.d.ts.map +1 -1
  148. package/dist/plugins/tools/nodeDefaults.js +2 -0
  149. package/dist/plugins/tools/nodeDefaults.js.map +1 -1
  150. package/dist/plugins/tools/security/securityPlugin.d.ts +3 -0
  151. package/dist/plugins/tools/security/securityPlugin.d.ts.map +1 -0
  152. package/dist/plugins/tools/security/securityPlugin.js +12 -0
  153. package/dist/plugins/tools/security/securityPlugin.js.map +1 -0
  154. package/dist/runtime/agentSession.d.ts +2 -2
  155. package/dist/runtime/agentSession.d.ts.map +1 -1
  156. package/dist/runtime/agentSession.js +2 -2
  157. package/dist/runtime/agentSession.js.map +1 -1
  158. package/dist/security/active-stack-security.d.ts +112 -0
  159. package/dist/security/active-stack-security.d.ts.map +1 -0
  160. package/dist/security/active-stack-security.js +296 -0
  161. package/dist/security/active-stack-security.js.map +1 -0
  162. package/dist/security/advanced-persistence-research.d.ts +92 -0
  163. package/dist/security/advanced-persistence-research.d.ts.map +1 -0
  164. package/dist/security/advanced-persistence-research.js +195 -0
  165. package/dist/security/advanced-persistence-research.js.map +1 -0
  166. package/dist/security/advanced-targeting.d.ts +119 -0
  167. package/dist/security/advanced-targeting.d.ts.map +1 -0
  168. package/dist/security/advanced-targeting.js +233 -0
  169. package/dist/security/advanced-targeting.js.map +1 -0
  170. package/dist/security/assessment/vulnerabilityAssessment.d.ts +104 -0
  171. package/dist/security/assessment/vulnerabilityAssessment.d.ts.map +1 -0
  172. package/dist/security/assessment/vulnerabilityAssessment.js +315 -0
  173. package/dist/security/assessment/vulnerabilityAssessment.js.map +1 -0
  174. package/dist/security/authorization/securityAuthorization.d.ts +88 -0
  175. package/dist/security/authorization/securityAuthorization.d.ts.map +1 -0
  176. package/dist/security/authorization/securityAuthorization.js +172 -0
  177. package/dist/security/authorization/securityAuthorization.js.map +1 -0
  178. package/dist/security/comprehensive-targeting.d.ts +85 -0
  179. package/dist/security/comprehensive-targeting.d.ts.map +1 -0
  180. package/dist/security/comprehensive-targeting.js +438 -0
  181. package/dist/security/comprehensive-targeting.js.map +1 -0
  182. package/dist/security/global-security-integration.d.ts +91 -0
  183. package/dist/security/global-security-integration.d.ts.map +1 -0
  184. package/dist/security/global-security-integration.js +218 -0
  185. package/dist/security/global-security-integration.js.map +1 -0
  186. package/dist/security/index.d.ts +38 -0
  187. package/dist/security/index.d.ts.map +1 -0
  188. package/dist/security/index.js +47 -0
  189. package/dist/security/index.js.map +1 -0
  190. package/dist/security/persistence-analyzer.d.ts +56 -0
  191. package/dist/security/persistence-analyzer.d.ts.map +1 -0
  192. package/dist/security/persistence-analyzer.js +187 -0
  193. package/dist/security/persistence-analyzer.js.map +1 -0
  194. package/dist/security/persistence-cli.d.ts +36 -0
  195. package/dist/security/persistence-cli.d.ts.map +1 -0
  196. package/dist/security/persistence-cli.js +160 -0
  197. package/dist/security/persistence-cli.js.map +1 -0
  198. package/dist/security/persistence-research.d.ts +92 -0
  199. package/dist/security/persistence-research.d.ts.map +1 -0
  200. package/dist/security/persistence-research.js +364 -0
  201. package/dist/security/persistence-research.js.map +1 -0
  202. package/dist/security/research/persistenceResearch.d.ts +97 -0
  203. package/dist/security/research/persistenceResearch.d.ts.map +1 -0
  204. package/dist/security/research/persistenceResearch.js +282 -0
  205. package/dist/security/research/persistenceResearch.js.map +1 -0
  206. package/dist/security/security-integration.d.ts +74 -0
  207. package/dist/security/security-integration.d.ts.map +1 -0
  208. package/dist/security/security-integration.js +137 -0
  209. package/dist/security/security-integration.js.map +1 -0
  210. package/dist/security/security-testing-framework.d.ts +112 -0
  211. package/dist/security/security-testing-framework.d.ts.map +1 -0
  212. package/dist/security/security-testing-framework.js +364 -0
  213. package/dist/security/security-testing-framework.js.map +1 -0
  214. package/dist/security/simulation/attackSimulation.d.ts +93 -0
  215. package/dist/security/simulation/attackSimulation.d.ts.map +1 -0
  216. package/dist/security/simulation/attackSimulation.js +341 -0
  217. package/dist/security/simulation/attackSimulation.js.map +1 -0
  218. package/dist/security/strategic-operations.d.ts +100 -0
  219. package/dist/security/strategic-operations.d.ts.map +1 -0
  220. package/dist/security/strategic-operations.js +276 -0
  221. package/dist/security/strategic-operations.js.map +1 -0
  222. package/dist/security/tool-security-wrapper.d.ts +58 -0
  223. package/dist/security/tool-security-wrapper.d.ts.map +1 -0
  224. package/dist/security/tool-security-wrapper.js +156 -0
  225. package/dist/security/tool-security-wrapper.js.map +1 -0
  226. package/dist/shell/claudeCodeStreamHandler.d.ts +145 -0
  227. package/dist/shell/claudeCodeStreamHandler.d.ts.map +1 -0
  228. package/dist/shell/claudeCodeStreamHandler.js +322 -0
  229. package/dist/shell/claudeCodeStreamHandler.js.map +1 -0
  230. package/dist/shell/inputQueueManager.d.ts +144 -0
  231. package/dist/shell/inputQueueManager.d.ts.map +1 -0
  232. package/dist/shell/inputQueueManager.js +290 -0
  233. package/dist/shell/inputQueueManager.js.map +1 -0
  234. package/dist/shell/interactiveShell.d.ts +7 -16
  235. package/dist/shell/interactiveShell.d.ts.map +1 -1
  236. package/dist/shell/interactiveShell.js +166 -235
  237. package/dist/shell/interactiveShell.js.map +1 -1
  238. package/dist/shell/metricsTracker.d.ts +60 -0
  239. package/dist/shell/metricsTracker.d.ts.map +1 -0
  240. package/dist/shell/metricsTracker.js +119 -0
  241. package/dist/shell/metricsTracker.js.map +1 -0
  242. package/dist/shell/shellApp.d.ts +0 -2
  243. package/dist/shell/shellApp.d.ts.map +1 -1
  244. package/dist/shell/shellApp.js +9 -40
  245. package/dist/shell/shellApp.js.map +1 -1
  246. package/dist/shell/streamingOutputManager.d.ts +115 -0
  247. package/dist/shell/streamingOutputManager.d.ts.map +1 -0
  248. package/dist/shell/streamingOutputManager.js +225 -0
  249. package/dist/shell/streamingOutputManager.js.map +1 -0
  250. package/dist/shell/systemPrompt.d.ts.map +1 -1
  251. package/dist/shell/systemPrompt.js +4 -1
  252. package/dist/shell/systemPrompt.js.map +1 -1
  253. package/dist/shell/terminalInput.d.ts +119 -149
  254. package/dist/shell/terminalInput.d.ts.map +1 -1
  255. package/dist/shell/terminalInput.js +532 -639
  256. package/dist/shell/terminalInput.js.map +1 -1
  257. package/dist/shell/terminalInputAdapter.d.ts +21 -79
  258. package/dist/shell/terminalInputAdapter.d.ts.map +1 -1
  259. package/dist/shell/terminalInputAdapter.js +30 -99
  260. package/dist/shell/terminalInputAdapter.js.map +1 -1
  261. package/dist/subagents/taskRunner.d.ts +1 -7
  262. package/dist/subagents/taskRunner.d.ts.map +1 -1
  263. package/dist/subagents/taskRunner.js +47 -180
  264. package/dist/subagents/taskRunner.js.map +1 -1
  265. package/dist/tools/securityTools.d.ts +22 -0
  266. package/dist/tools/securityTools.d.ts.map +1 -0
  267. package/dist/tools/securityTools.js +448 -0
  268. package/dist/tools/securityTools.js.map +1 -0
  269. package/dist/ui/ShellUIAdapter.d.ts.map +1 -1
  270. package/dist/ui/ShellUIAdapter.js +12 -13
  271. package/dist/ui/ShellUIAdapter.js.map +1 -1
  272. package/dist/ui/display.d.ts +45 -24
  273. package/dist/ui/display.d.ts.map +1 -1
  274. package/dist/ui/display.js +259 -140
  275. package/dist/ui/display.js.map +1 -1
  276. package/dist/ui/persistentPrompt.d.ts +50 -0
  277. package/dist/ui/persistentPrompt.d.ts.map +1 -0
  278. package/dist/ui/persistentPrompt.js +92 -0
  279. package/dist/ui/persistentPrompt.js.map +1 -0
  280. package/dist/ui/terminalUISchema.d.ts +195 -0
  281. package/dist/ui/terminalUISchema.d.ts.map +1 -0
  282. package/dist/ui/terminalUISchema.js +113 -0
  283. package/dist/ui/terminalUISchema.js.map +1 -0
  284. package/dist/ui/theme.d.ts.map +1 -1
  285. package/dist/ui/theme.js +8 -6
  286. package/dist/ui/theme.js.map +1 -1
  287. package/dist/ui/toolDisplay.d.ts +158 -0
  288. package/dist/ui/toolDisplay.d.ts.map +1 -1
  289. package/dist/ui/toolDisplay.js +348 -0
  290. package/dist/ui/toolDisplay.js.map +1 -1
  291. package/dist/ui/unified/layout.d.ts +0 -1
  292. package/dist/ui/unified/layout.d.ts.map +1 -1
  293. package/dist/ui/unified/layout.js +179 -25
  294. package/dist/ui/unified/layout.js.map +1 -1
  295. package/package.json +4 -4
  296. package/scripts/deploy-security-capabilities.js +178 -0
  297. package/dist/core/hooks.d.ts +0 -113
  298. package/dist/core/hooks.d.ts.map +0 -1
  299. package/dist/core/hooks.js +0 -267
  300. package/dist/core/hooks.js.map +0 -1
  301. package/dist/core/metricsTracker.d.ts +0 -122
  302. package/dist/core/metricsTracker.d.ts.map +0 -1
  303. package/dist/core/metricsTracker.js.map +0 -1
  304. package/dist/core/securityAssessment.d.ts +0 -91
  305. package/dist/core/securityAssessment.d.ts.map +0 -1
  306. package/dist/core/securityAssessment.js +0 -580
  307. package/dist/core/securityAssessment.js.map +0 -1
  308. package/dist/core/verification.d.ts +0 -137
  309. package/dist/core/verification.d.ts.map +0 -1
  310. package/dist/core/verification.js +0 -323
  311. package/dist/core/verification.js.map +0 -1
  312. package/dist/subagents/agentConfig.d.ts +0 -27
  313. package/dist/subagents/agentConfig.d.ts.map +0 -1
  314. package/dist/subagents/agentConfig.js +0 -89
  315. package/dist/subagents/agentConfig.js.map +0 -1
  316. package/dist/subagents/agentRegistry.d.ts +0 -33
  317. package/dist/subagents/agentRegistry.d.ts.map +0 -1
  318. package/dist/subagents/agentRegistry.js +0 -162
  319. package/dist/subagents/agentRegistry.js.map +0 -1
  320. package/dist/utils/frontmatter.d.ts +0 -10
  321. package/dist/utils/frontmatter.d.ts.map +0 -1
  322. package/dist/utils/frontmatter.js +0 -78
  323. package/dist/utils/frontmatter.js.map +0 -1
package/dist/security/active-stack-security.js ADDED
@@ -0,0 +1,296 @@
1
+ /**
2
+ * Active Stack Security Module
3
+ *
4
+ * Ensures Erosolar CLI only operates on the active stack and nothing else.
5
+ * Implements strict security rules to prevent vulnerabilities and unauthorized operations.
6
+ *
7
+ * @license MIT
8
+ * @author Bo Shang
9
+ *
10
+ * DISCLAIMER: This software is provided for security testing and defensive purposes only.
11
+ * Users are solely responsible for ensuring their use complies with applicable laws.
12
+ */
13
+ export class ActiveStackSecurity {
14
+ config;
15
+ securityLog = [];
16
+ constructor(config) {
17
+ this.config = {
18
+ enabled: true,
19
+ allowedScopes: {
20
+ cwd: true,
21
+ nodeProjects: true,
22
+ gitRepos: true,
23
+ tempDirs: true,
24
+ },
25
+ blockedOperations: {
26
+ systemFiles: true,
27
+ unauthorizedNetworking: true,
28
+ outOfScopeFiles: true,
29
+ privilegedOps: true,
30
+ },
31
+ validation: {
32
+ workspaceContext: true,
33
+ pathValidation: true,
34
+ patternDetection: true,
35
+ securityLogging: true,
36
+ },
37
+ ...config,
38
+ };
39
+ }
40
+ /**
41
+ * Validate a file operation
42
+ */
43
+ validateFileOperation(filePath, operation) {
44
+ if (!this.config.enabled) {
45
+ return { allowed: true, severity: 'low' };
46
+ }
47
+ const normalizedPath = this.resolvePath(filePath);
48
+ const cwd = process.cwd();
49
+ // Check if path is within allowed scopes
50
+ const scopeCheck = this.validatePathScope(normalizedPath, cwd);
51
+ if (!scopeCheck.allowed) {
52
+ this.logSecurityEvent({
53
+ type: 'file_operation_blocked',
54
+ severity: 'high',
55
+ operation,
56
+ filePath: normalizedPath,
57
+ reason: scopeCheck.reason || 'Unknown reason',
58
+ timestamp: new Date(),
59
+ });
60
+ return scopeCheck;
61
+ }
62
+ // Check for suspicious patterns
63
+ const patternCheck = this.detectSuspiciousPatterns(normalizedPath);
64
+ if (!patternCheck.allowed) {
65
+ this.logSecurityEvent({
66
+ type: 'suspicious_pattern_detected',
67
+ severity: patternCheck.severity,
68
+ operation,
69
+ filePath: normalizedPath,
70
+ reason: patternCheck.reason || 'Unknown reason',
71
+ timestamp: new Date(),
72
+ });
73
+ return patternCheck;
74
+ }
75
+ // Check for system file protection
76
+ const systemCheck = this.validateSystemFileProtection(normalizedPath);
77
+ if (!systemCheck.allowed) {
78
+ this.logSecurityEvent({
79
+ type: 'system_file_protection',
80
+ severity: systemCheck.severity,
81
+ operation,
82
+ filePath: normalizedPath,
83
+ reason: systemCheck.reason || 'Unknown reason',
84
+ timestamp: new Date(),
85
+ });
86
+ return systemCheck;
87
+ }
88
+ return { allowed: true, severity: 'low' };
89
+ }
90
+ /**
91
+ * Validate a network operation
92
+ */
93
+ validateNetworkOperation(target, operation) {
94
+ if (!this.config.enabled) {
95
+ return { allowed: true, severity: 'low' };
96
+ }
97
+ // Check for localhost/127.0.0.1 operations (allowed for development)
98
+ if (this.isLocalhost(target)) {
99
+ return { allowed: true, severity: 'low' };
100
+ }
101
+ // Check for suspicious domains
102
+ const domainCheck = this.validateDomain(target);
103
+ if (!domainCheck.allowed) {
104
+ this.logSecurityEvent({
105
+ type: 'network_operation_blocked',
106
+ severity: domainCheck.severity,
107
+ operation,
108
+ target,
109
+ reason: domainCheck.reason || 'Unknown reason',
110
+ timestamp: new Date(),
111
+ });
112
+ return domainCheck;
113
+ }
114
+ return { allowed: true, severity: 'low' };
115
+ }
116
+ /**
117
+ * Validate a command execution
118
+ */
119
+ validateCommandExecution(command) {
120
+ if (!this.config.enabled) {
121
+ return { allowed: true, severity: 'low' };
122
+ }
123
+ // Check for dangerous commands
124
+ const commandCheck = this.validateCommandSafety(command);
125
+ if (!commandCheck.allowed) {
126
+ this.logSecurityEvent({
127
+ type: 'dangerous_command_blocked',
128
+ severity: commandCheck.severity,
129
+ operation: 'execute',
130
+ command,
131
+ reason: commandCheck.reason || 'Unknown reason',
132
+ timestamp: new Date(),
133
+ });
134
+ return commandCheck;
135
+ }
136
+ return { allowed: true, severity: 'low' };
137
+ }
138
+ /**
139
+ * Get security log
140
+ */
141
+ getSecurityLog() {
142
+ return [...this.securityLog];
143
+ }
144
+ /**
145
+ * Clear security log
146
+ */
147
+ clearSecurityLog() {
148
+ this.securityLog = [];
149
+ }
150
+ validatePathScope(filePath, cwd) {
151
+ // Check if path is within current working directory
152
+ if (!filePath.startsWith(cwd)) {
153
+ return {
154
+ allowed: false,
155
+ reason: 'File operation outside current working directory',
156
+ severity: 'high',
157
+ details: { filePath, cwd },
158
+ };
159
+ }
160
+ // Check for node_modules protection
161
+ if (filePath.includes('node_modules') && !filePath.includes(`${cwd}/node_modules`)) {
162
+ return {
163
+ allowed: false,
164
+ reason: 'Access to external node_modules directory',
165
+ severity: 'high',
166
+ details: { filePath, cwd },
167
+ };
168
+ }
169
+ // Check for system directory protection
170
+ const systemDirs = ['/etc', '/var', '/usr', '/bin', '/sbin', '/lib', '/sys', '/proc'];
171
+ for (const dir of systemDirs) {
172
+ if (filePath.startsWith(dir)) {
173
+ return {
174
+ allowed: false,
175
+ reason: 'Access to system directory',
176
+ severity: 'critical',
177
+ details: { filePath, systemDir: dir },
178
+ };
179
+ }
180
+ }
181
+ return { allowed: true, severity: 'low' };
182
+ }
183
+ detectSuspiciousPatterns(filePath) {
184
+ const suspiciousPatterns = [
185
+ { pattern: /\.(pem|key|env|secret|config)$/i, severity: 'high', reason: 'Sensitive file extension' },
186
+ { pattern: /(password|secret|token|api[_-]?key)/i, severity: 'medium', reason: 'Potential credential file' },
187
+ { pattern: /\.(bashrc|bash_profile|zshrc|profile)$/, severity: 'medium', reason: 'Shell configuration file' },
188
+ { pattern: /\.(git|ssh)\/config$/, severity: 'medium', reason: 'Git/SSH configuration' },
189
+ ];
190
+ for (const { pattern, severity, reason } of suspiciousPatterns) {
191
+ if (pattern.test(filePath)) {
192
+ return {
193
+ allowed: false,
194
+ reason: `${reason} detected`,
195
+ severity: severity,
196
+ details: { filePath, pattern: pattern.source },
197
+ };
198
+ }
199
+ }
200
+ return { allowed: true, severity: 'low' };
201
+ }
202
+ validateSystemFileProtection(filePath) {
203
+ const systemFiles = [
204
+ '/etc/passwd', '/etc/shadow', '/etc/hosts', '/etc/resolv.conf',
205
+ '/etc/ssh/ssh_config', '/etc/ssh/sshd_config',
206
+ '/var/log/', '/var/spool/', '/var/mail/',
207
+ '/usr/bin/', '/usr/sbin/', '/usr/lib/',
208
+ ];
209
+ for (const sysFile of systemFiles) {
210
+ if (filePath.startsWith(sysFile)) {
211
+ return {
212
+ allowed: false,
213
+ reason: 'Access to system file',
214
+ severity: 'critical',
215
+ details: { filePath, systemFile: sysFile },
216
+ };
217
+ }
218
+ }
219
+ return { allowed: true, severity: 'low' };
220
+ }
221
+ isLocalhost(target) {
222
+ const localhostPatterns = [
223
+ 'localhost',
224
+ '127.0.0.1',
225
+ '::1',
226
+ '0.0.0.0',
227
+ ];
228
+ return localhostPatterns.some(pattern => target.includes(pattern));
229
+ }
230
+ validateDomain(target) {
231
+ const suspiciousDomains = [
232
+ 'malicious.com',
233
+ 'evil.org',
234
+ 'hacker.net',
235
+ // Add more suspicious domains as needed
236
+ ];
237
+ for (const domain of suspiciousDomains) {
238
+ if (target.includes(domain)) {
239
+ return {
240
+ allowed: false,
241
+ reason: 'Suspicious domain detected',
242
+ severity: 'high',
243
+ details: { target, domain },
244
+ };
245
+ }
246
+ }
247
+ return { allowed: true, severity: 'low' };
248
+ }
249
+ validateCommandSafety(command) {
250
+ const dangerousCommands = [
251
+ { pattern: /rm\s+-rf/, severity: 'critical', reason: 'Recursive force delete' },
252
+ { pattern: /chmod\s+[0-7]{3,4}\s+/, severity: 'high', reason: 'File permission modification' },
253
+ { pattern: /chown\s+[^\s]+\s+/, severity: 'high', reason: 'File ownership change' },
254
+ { pattern: /dd\s+if=.*of=/, severity: 'critical', reason: 'Disk cloning/destruction' },
255
+ { pattern: /mkfs\./, severity: 'critical', reason: 'Filesystem creation' },
256
+ { pattern: /fdisk\s+/, severity: 'critical', reason: 'Partition manipulation' },
257
+ { pattern: /mount\s+/, severity: 'high', reason: 'Filesystem mounting' },
258
+ { pattern: /umount\s+/, severity: 'high', reason: 'Filesystem unmounting' },
259
+ { pattern: /passwd\s+/, severity: 'high', reason: 'Password change' },
260
+ { pattern: /useradd\s+/, severity: 'high', reason: 'User creation' },
261
+ { pattern: /userdel\s+/, severity: 'high', reason: 'User deletion' },
262
+ ];
263
+ for (const { pattern, severity, reason } of dangerousCommands) {
264
+ if (pattern.test(command)) {
265
+ return {
266
+ allowed: false,
267
+ reason: `${reason} command detected`,
268
+ severity: severity,
269
+ details: { command, pattern: pattern.source },
270
+ };
271
+ }
272
+ }
273
+ return { allowed: true, severity: 'low' };
274
+ }
275
+ logSecurityEvent(event) {
276
+ if (this.config.validation.securityLogging) {
277
+ this.securityLog.push(event);
278
+ // Keep log size manageable
279
+ if (this.securityLog.length > 1000) {
280
+ this.securityLog = this.securityLog.slice(-500);
281
+ }
282
+ }
283
+ }
284
+ resolvePath(filePath) {
285
+ // Simple path resolution - in a real implementation, use path.resolve
286
+ if (filePath.startsWith('/')) {
287
+ return filePath;
288
+ }
289
+ return `${process.cwd()}/${filePath}`;
290
+ }
291
+ }
292
+ /**
293
+ * Global active stack security instance
294
+ */
295
+ export const activeStackSecurity = new ActiveStackSecurity();
296
+ //# sourceMappingURL=active-stack-security.js.map
package/dist/security/active-stack-security.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"active-stack-security.js","sourceRoot":"","sources":["../../src/security/active-stack-security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA0DH,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAA4B;IAClC,WAAW,GAAoB,EAAE,CAAC;IAE1C,YAAY,MAA2C;QACrD,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,IAAI;YACb,aAAa,EAAE;gBACb,GAAG,EAAE,IAAI;gBACT,YAAY,EAAE,IAAI;gBAClB,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,IAAI;aACf;YACD,iBAAiB,EAAE;gBACjB,WAAW,EAAE,IAAI;gBACjB,sBAAsB,EAAE,IAAI;gBAC5B,eAAe,EAAE,IAAI;gBACrB,aAAa,EAAE,IAAI;aACpB;YACD,UAAU,EAAE;gBACV,gBAAgB,EAAE,IAAI;gBACtB,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,IAAI;gBACtB,eAAe,EAAE,IAAI;aACtB;YACD,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,QAAgB,EAAE,SAAsC;QAC5E,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAE1B,yCAAyC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAC/D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,gBAAgB,CAAC;gBACpB,IAAI,EAAE,wBAAwB;gBAC9B,QAAQ,EAAE,MAAM;gBAChB,SAAS;gBACT,QAAQ,EAAE,cAAc;gBACxB,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,gBAAgB;gBAC7C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gCAAgC;QAChC,MAAM,YAAY,GAAG,IAAI,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,CAAC;gBACpB,IAAI,EAAE,6BAA6B;gBACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,SAAS;gBACT,QAAQ,EAAE,cAAc;gBACxB,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,gBAAgB;gBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,mCAAmC;QACnC,MAAM,WAAW,GAAG,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,CAAC;QACtE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,gBAAgB,CAAC;gBACpB,IAAI,EAAE,wBAAwB;gBAC9B,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,SAAS;gBACT,QAAQ,EAAE,cAAc;gBACxB,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,gBAAgB;gBAC9C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,MAAc,EAAE,SAAyC;QAChF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,gBAAgB,CAAC;gBACpB,IAAI,EAAE,2BAA2B;gBACjC,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,SAAS;gBACT,MAAM;gBACN,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,gBAAgB;gBAC9C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,OAAe;QACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,+BAA+B;QAC/B,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,CAAC;gBACpB,IAAI,EAAE,2BAA2B;gBACjC,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,SAAS,EAAE,SAAS;gBACpB,OAAO;gBACP,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,gBAAgB;gBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;IACxB,CAAC;IAEO,iBAAiB,CAAC,QAAgB,EAAE,GAAW;QACrD,oDAAoD;QACpD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,kDAAkD;gBAC1D,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE;aAC3B,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAK,eAAe,CAAC,EAAE,CAAC;YACrF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,2CAA2C;gBACnD,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE;aAC3B,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QACtF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,4BAA4B;oBACpC,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE;iBACtC,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAEO,wBAAwB,CAAC,QAAgB;QAC/C,MAAM,kBAAkB,GAAG;YACzB,EAAE,OAAO,EAAE,iCAAiC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,EAAE;YACpG,EAAE,OAAO,EAAE,sCAAsC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,2BAA2B,EAAE;YAC5G,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,0BAA0B,EAAE;YAC7G,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,uBAAuB,EAAE;SACzF,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;YAC/D,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,GAAG,MAAM,WAAW;oBAC5B,QAAQ,EAAE,QAA6B;oBACvC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE;iBAC/C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAEO,4BAA4B,CAAC,QAAgB;QACnD,MAAM,WAAW,GAAG;YAClB,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,kBAAkB;YAC9D,qBAAqB,EAAE,sBAAsB;YAC7C,WAAW,EAAE,aAAa,EAAE,YAAY;YACxC,WAAW,EAAE,YAAY,EAAE,WAAW;SACvC,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,uBAAuB;oBAC/B,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE;iBAC3C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAEO,WAAW,CAAC,MAAc;QAChC,MAAM,iBAAiB,GAAG;YACxB,WAAW;YACX,WAAW;YACX,KAAK;YACL,SAAS;SACV,CAAC;QAEF,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACrE,CAAC;IAEO,cAAc,CAAC,MAAc;QACnC,MAAM,iBAAiB,GAAG;YACxB,eAAe;YACf,UAAU;YACV,YAAY;YACZ,wCAAwC;SACzC,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,iBAAiB,EAAE,CAAC;YACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,4BAA4B;oBACpC,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;iBAC5B,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAEO,qBAAqB,CAAC,OAAe;QAC3C,MAAM,iBAAiB,GAAG;YACxB,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,wBAAwB,EAAE;YAC/E,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B,EAAE;YAC9F,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB,EAAE;YACnF,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,0BAA0B,EAAE;YACtF,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,qBAAqB,EAAE;YAC1E,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,wBAAwB,EAAE;YAC/E,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE;YACxE,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB,EAAE;YAC3E,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE;YACrE,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE;YACpE,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE;SACrE,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,GAAG,MAAM,mBAAmB;oBACpC,QAAQ,EAAE,QAA+B;oBACzC,OAAO,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE;iBAC9C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAEO,gBAAgB,CAAC,KAAoB;QAC3C,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,eAAe,EAAE,CAAC;YAC3C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE7B,2BAA2B;YAC3B,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;gBACnC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,sEAAsE;QACtE,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,GAAG,EAAI,IAAM,QAAQ,EAAE,CAAC;IAC5C,CAAC;CACF;AAcD;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,EAAE,CAAC"}
package/dist/security/advanced-persistence-research.d.ts ADDED
@@ -0,0 +1,92 @@
1
+ /**
2
+ * Advanced Persistence Research Toolkit
3
+ *
4
+ * Enhanced persistence mechanism analysis for comprehensive security research
5
+ * across enterprise environments, cloud platforms, and nation-state level targets.
6
+ *
7
+ * This module extends the existing persistence research with:
8
+ * - Advanced enterprise persistence techniques
9
+ * - Cloud platform persistence (AWS, Azure, GCP)
10
+ * - Container and orchestration persistence
11
+ * - Network and infrastructure persistence
12
+ * - Detection evasion and anti-forensics
13
+ *
14
+ * LEGAL NOTICE:
15
+ * For authorized security research, penetration testing, and red team exercises only.
16
+ * Requires explicit authorization and scope definition.
17
+ */
18
+ export interface AdvancedPersistenceTechnique {
19
+ id: string;
20
+ name: string;
21
+ category: PersistenceCategory;
22
+ platform: Platform;
23
+ complexity: 'low' | 'medium' | 'high' | 'advanced';
24
+ stealth: number;
25
+ detectionDifficulty: 'easy' | 'medium' | 'hard' | 'very-hard';
26
+ mitreIds: string[];
27
+ description: string;
28
+ implementation: string[];
29
+ detectionMethods: string[];
30
+ countermeasures: string[];
31
+ indicators: string[];
32
+ tools: string[];
33
+ }
34
+ export declare enum PersistenceCategory {
35
+ ENTERPRISE = "enterprise",
36
+ CLOUD = "cloud",
37
+ CONTAINER = "container",
38
+ NETWORK = "network",
39
+ MEMORY = "memory",
40
+ BIOS_UEFI = "bios_uefi",
41
+ HARDWARE = "hardware",
42
+ SUPPLY_CHAIN = "supply_chain"
43
+ }
44
+ export declare enum Platform {
45
+ WINDOWS = "windows",
46
+ LINUX = "linux",
47
+ MACOS = "macos",
48
+ CROSS_PLATFORM = "cross-platform",
49
+ AWS = "aws",
50
+ AZURE = "azure",
51
+ GCP = "gcp",
52
+ KUBERNETES = "kubernetes",
53
+ DOCKER = "docker",
54
+ VMWARE = "vmware",
55
+ NETWORK = "network"
56
+ }
57
+ /**
58
+ * Advanced Enterprise Persistence Techniques
59
+ */
60
+ export declare const ENTERPRISE_PERSISTENCE_TECHNIQUES: AdvancedPersistenceTechnique[];
61
+ /**
62
+ * Cloud Platform Persistence Techniques
63
+ */
64
+ export declare const CLOUD_PERSISTENCE_TECHNIQUES: AdvancedPersistenceTechnique[];
65
+ /**
66
+ * Advanced Persistence Research Engine
67
+ */
68
+ export declare class AdvancedPersistenceResearchEngine {
69
+ private techniques;
70
+ constructor();
71
+ /**
72
+ * Get techniques by platform
73
+ */
74
+ getTechniquesByPlatform(platform: Platform): AdvancedPersistenceTechnique[];
75
+ /**
76
+ * Get techniques by category
77
+ */
78
+ getTechniquesByCategory(category: PersistenceCategory): AdvancedPersistenceTechnique[];
79
+ /**
80
+ * Get techniques by stealth rating
81
+ */
82
+ getTechniquesByStealth(minStealth: number): AdvancedPersistenceTechnique[];
83
+ /**
84
+ * Generate comprehensive persistence research report
85
+ */
86
+ generateResearchReport(targetPlatforms: Platform[]): string;
87
+ }
88
+ /**
89
+ * Create a comprehensive persistence research toolkit
90
+ */
91
+ export declare function createPersistenceResearchToolkit(): AdvancedPersistenceResearchEngine;
92
+ //# sourceMappingURL=advanced-persistence-research.d.ts.map
package/dist/security/advanced-persistence-research.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advanced-persistence-research.d.ts","sourceRoot":"","sources":["../../src/security/advanced-persistence-research.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,WAAW,4BAA4B;IAC3C,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IAC9D,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,oBAAY,mBAAmB;IAC7B,UAAU,eAAe;IACzB,KAAK,UAAU;IACf,SAAS,cAAc;IACvB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;CAC9B;AAED,oBAAY,QAAQ;IAClB,OAAO,YAAY;IACnB,KAAK,UAAU;IACf,KAAK,UAAU;IACf,cAAc,mBAAmB;IACjC,GAAG,QAAQ;IACX,KAAK,UAAU;IACf,GAAG,QAAQ;IACX,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;CACpB;AAED;;GAEG;AACH,eAAO,MAAM,iCAAiC,EAAE,4BAA4B,EAmC3E,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,4BAA4B,EAAE,4BAA4B,EAmCtE,CAAC;AAEF;;GAEG;AACH,qBAAa,iCAAiC;IAC5C,OAAO,CAAC,UAAU,CAAiC;;IASnD;;OAEG;IACH,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,GAAG,4BAA4B,EAAE;IAI3E;;OAEG;IACH,uBAAuB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,4BAA4B,EAAE;IAItF;;OAEG;IACH,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,4BAA4B,EAAE;IAI1E;;OAEG;IACH,sBAAsB,CAAC,eAAe,EAAE,QAAQ,EAAE,GAAG,MAAM;CA0C5D;AAED;;GAEG;AACH,wBAAgB,gCAAgC,sCAE/C"}
package/dist/security/advanced-persistence-research.js ADDED
@@ -0,0 +1,195 @@
1
+ /**
2
+ * Advanced Persistence Research Toolkit
3
+ *
4
+ * Enhanced persistence mechanism analysis for comprehensive security research
5
+ * across enterprise environments, cloud platforms, and nation-state level targets.
6
+ *
7
+ * This module extends the existing persistence research with:
8
+ * - Advanced enterprise persistence techniques
9
+ * - Cloud platform persistence (AWS, Azure, GCP)
10
+ * - Container and orchestration persistence
11
+ * - Network and infrastructure persistence
12
+ * - Detection evasion and anti-forensics
13
+ *
14
+ * LEGAL NOTICE:
15
+ * For authorized security research, penetration testing, and red team exercises only.
16
+ * Requires explicit authorization and scope definition.
17
+ */
18
+ export var PersistenceCategory;
19
+ (function (PersistenceCategory) {
20
+ PersistenceCategory["ENTERPRISE"] = "enterprise";
21
+ PersistenceCategory["CLOUD"] = "cloud";
22
+ PersistenceCategory["CONTAINER"] = "container";
23
+ PersistenceCategory["NETWORK"] = "network";
24
+ PersistenceCategory["MEMORY"] = "memory";
25
+ PersistenceCategory["BIOS_UEFI"] = "bios_uefi";
26
+ PersistenceCategory["HARDWARE"] = "hardware";
27
+ PersistenceCategory["SUPPLY_CHAIN"] = "supply_chain";
28
+ })(PersistenceCategory || (PersistenceCategory = {}));
29
+ export var Platform;
30
+ (function (Platform) {
31
+ Platform["WINDOWS"] = "windows";
32
+ Platform["LINUX"] = "linux";
33
+ Platform["MACOS"] = "macos";
34
+ Platform["CROSS_PLATFORM"] = "cross-platform";
35
+ Platform["AWS"] = "aws";
36
+ Platform["AZURE"] = "azure";
37
+ Platform["GCP"] = "gcp";
38
+ Platform["KUBERNETES"] = "kubernetes";
39
+ Platform["DOCKER"] = "docker";
40
+ Platform["VMWARE"] = "vmware";
41
+ Platform["NETWORK"] = "network";
42
+ })(Platform || (Platform = {}));
43
+ /**
44
+ * Advanced Enterprise Persistence Techniques
45
+ */
46
+ export const ENTERPRISE_PERSISTENCE_TECHNIQUES = [
47
+ {
48
+ id: 'ent-active-directory-golden-ticket',
49
+ name: 'Active Directory Golden Ticket',
50
+ category: PersistenceCategory.ENTERPRISE,
51
+ platform: Platform.WINDOWS,
52
+ complexity: 'advanced',
53
+ stealth: 5,
54
+ detectionDifficulty: 'very-hard',
55
+ mitreIds: ['T1558.001'],
56
+ description: 'Forged Kerberos ticket granting ticket (TGT) with unlimited lifetime',
57
+ implementation: [
58
+ 'Extract krbtgt account hash from domain controller',
59
+ 'Forge TGT with extended lifetime and privileges',
60
+ 'Use forged TGT to access any domain resource'
61
+ ],
62
+ detectionMethods: [
63
+ 'Monitor for TGTs with unusual lifetimes (>10 hours)',
64
+ 'Check for TGTs issued from non-DC systems',
65
+ 'Analyze Kerberos event logs for anomalies',
66
+ 'Use Microsoft ATA or Azure Sentinel'
67
+ ],
68
+ countermeasures: [
69
+ 'Regularly rotate krbtgt account password (twice)',
70
+ 'Implement LAPS for local admin passwords',
71
+ 'Enable advanced audit policies',
72
+ 'Use Protected Users group'
73
+ ],
74
+ indicators: [
75
+ 'Kerberos TGT requests with extended lifetimes',
76
+ 'Authentication from unusual locations',
77
+ 'Multiple failed TGT validation attempts'
78
+ ],
79
+ tools: ['Mimikatz', 'Rubeus', 'Impacket']
80
+ }
81
+ ];
82
+ /**
83
+ * Cloud Platform Persistence Techniques
84
+ */
85
+ export const CLOUD_PERSISTENCE_TECHNIQUES = [
86
+ {
87
+ id: 'cloud-aws-backdoor-role',
88
+ name: 'AWS IAM Role Backdoor',
89
+ category: PersistenceCategory.CLOUD,
90
+ platform: Platform.AWS,
91
+ complexity: 'medium',
92
+ stealth: 3,
93
+ detectionDifficulty: 'medium',
94
+ mitreIds: ['T1078.004'],
95
+ description: 'Creates or modifies IAM roles with external entity trust for persistence',
96
+ implementation: [
97
+ 'Create IAM role with external IDP trust (SAML/OIDC)',
98
+ 'Modify existing role trust policy',
99
+ 'Add cross-account access with broad permissions'
100
+ ],
101
+ detectionMethods: [
102
+ 'Monitor CloudTrail for role modifications',
103
+ 'Analyze IAM role trust policies',
104
+ 'Check for external entity trusts',
105
+ 'Use AWS Config rules'
106
+ ],
107
+ countermeasures: [
108
+ 'Implement least privilege for IAM roles',
109
+ 'Monitor for external trust modifications',
110
+ 'Use AWS Organizations SCPs',
111
+ 'Regular IAM security assessments'
112
+ ],
113
+ indicators: [
114
+ 'IAM role policy modifications',
115
+ 'New external identity provider trusts',
116
+ 'Cross-account role assumptions'
117
+ ],
118
+ tools: ['AWS CLI', 'Pacu', 'CloudSploit']
119
+ }
120
+ ];
121
+ /**
122
+ * Advanced Persistence Research Engine
123
+ */
124
+ export class AdvancedPersistenceResearchEngine {
125
+ techniques;
126
+ constructor() {
127
+ this.techniques = [
128
+ ...ENTERPRISE_PERSISTENCE_TECHNIQUES,
129
+ ...CLOUD_PERSISTENCE_TECHNIQUES
130
+ ];
131
+ }
132
+ /**
133
+ * Get techniques by platform
134
+ */
135
+ getTechniquesByPlatform(platform) {
136
+ return this.techniques.filter(tech => tech.platform === platform);
137
+ }
138
+ /**
139
+ * Get techniques by category
140
+ */
141
+ getTechniquesByCategory(category) {
142
+ return this.techniques.filter(tech => tech.category === category);
143
+ }
144
+ /**
145
+ * Get techniques by stealth rating
146
+ */
147
+ getTechniquesByStealth(minStealth) {
148
+ return this.techniques.filter(tech => tech.stealth >= minStealth);
149
+ }
150
+ /**
151
+ * Generate comprehensive persistence research report
152
+ */
153
+ generateResearchReport(targetPlatforms) {
154
+ const report = [];
155
+ report.push('='.repeat(80));
156
+ report.push('ADVANCED PERSISTENCE RESEARCH REPORT');
157
+ report.push('='.repeat(80));
158
+ report.push(`Generated: ${new Date().toISOString()}`);
159
+ report.push(`Target Platforms: ${targetPlatforms.join(', ')}`);
160
+ report.push('');
161
+ for (const platform of targetPlatforms) {
162
+ const techniques = this.getTechniquesByPlatform(platform);
163
+ if (techniques.length > 0) {
164
+ report.push(`## ${platform.toUpperCase()} PERSISTENCE TECHNIQUES`);
165
+ report.push('');
166
+ for (const tech of techniques) {
167
+ report.push(`### ${tech.name}`);
168
+ report.push(`- **Stealth**: ${tech.stealth}/5`);
169
+ report.push(`- **Complexity**: ${tech.complexity}`);
170
+ report.push(`- **Detection Difficulty**: ${tech.detectionDifficulty}`);
171
+ report.push(`- **MITRE ATT&CK**: ${tech.mitreIds.join(', ')}`);
172
+ report.push(`- **Description**: ${tech.description}`);
173
+ report.push('');
174
+ report.push('#### Implementation Steps:');
175
+ tech.implementation.forEach(step => report.push(` - ${step}`));
176
+ report.push('');
177
+ report.push('#### Detection Methods:');
178
+ tech.detectionMethods.forEach(method => report.push(` - ${method}`));
179
+ report.push('');
180
+ report.push('#### Countermeasures:');
181
+ tech.countermeasures.forEach(countermeasure => report.push(` - ${countermeasure}`));
182
+ report.push('');
183
+ }
184
+ }
185
+ }
186
+ return report.join('\n');
187
+ }
188
+ }
189
+ /**
190
+ * Create a comprehensive persistence research toolkit
191
+ */
192
+ export function createPersistenceResearchToolkit() {
193
+ return new AdvancedPersistenceResearchEngine();
194
+ }
195
+ //# sourceMappingURL=advanced-persistence-research.js.map
package/dist/security/advanced-persistence-research.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advanced-persistence-research.js","sourceRoot":"","sources":["../../src/security/advanced-persistence-research.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAmBH,MAAM,CAAN,IAAY,mBASX;AATD,WAAY,mBAAmB;IAC7B,gDAAyB,CAAA;IACzB,sCAAe,CAAA;IACf,8CAAuB,CAAA;IACvB,0CAAmB,CAAA;IACnB,wCAAiB,CAAA;IACjB,8CAAuB,CAAA;IACvB,4CAAqB,CAAA;IACrB,oDAA6B,CAAA;AAC/B,CAAC,EATW,mBAAmB,KAAnB,mBAAmB,QAS9B;AAED,MAAM,CAAN,IAAY,QAYX;AAZD,WAAY,QAAQ;IAClB,+BAAmB,CAAA;IACnB,2BAAe,CAAA;IACf,2BAAe,CAAA;IACf,6CAAiC,CAAA;IACjC,uBAAW,CAAA;IACX,2BAAe,CAAA;IACf,uBAAW,CAAA;IACX,qCAAyB,CAAA;IACzB,6BAAiB,CAAA;IACjB,6BAAiB,CAAA;IACjB,+BAAmB,CAAA;AACrB,CAAC,EAZW,QAAQ,KAAR,QAAQ,QAYnB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAAmC;IAC/E;QACE,EAAE,EAAE,oCAAoC;QACxC,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,mBAAmB,CAAC,UAAU;QACxC,QAAQ,EAAE,QAAQ,CAAC,OAAO;QAC1B,UAAU,EAAE,UAAU;QACtB,OAAO,EAAE,CAAC;QACV,mBAAmB,EAAE,WAAW;QAChC,QAAQ,EAAE,CAAC,WAAW,CAAC;QACvB,WAAW,EAAE,sEAAsE;QACnF,cAAc,EAAE;YACd,oDAAoD;YACpD,iDAAiD;YACjD,8CAA8C;SAC/C;QACD,gBAAgB,EAAE;YAChB,qDAAqD;YACrD,2CAA2C;YAC3C,2CAA2C;YAC3C,qCAAqC;SACtC;QACD,eAAe,EAAE;YACf,kDAAkD;YAClD,0CAA0C;YAC1C,gCAAgC;YAChC,2BAA2B;SAC5B;QACD,UAAU,EAAE;YACV,+CAA+C;YAC/C,uCAAuC;YACvC,yCAAyC;SAC1C;QACD,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,UAAU,CAAC;KAC1C;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAmC;IAC1E;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,mBAAmB,CAAC,KAAK;QACnC,QAAQ,EAAE,QAAQ,CAAC,GAAG;QACtB,UAAU,EAAE,QAAQ;QACpB,OAAO,EAAE,CAAC;QACV,mBAAmB,EAAE,QAAQ;QAC7B,QAAQ,EAAE,CAAC,WAAW,CAAC;QACvB,WAAW,EAAE,0EAA0E;QACvF,cAAc,EAAE;YACd,qDAAqD;YACrD,mCAAmC;YACnC,iDAAiD;SAClD;QACD,gBAAgB,EAAE;YAChB,2CAA2C;YAC3C,iCAAiC;YACjC,kCAAkC;YAClC,sBAAsB;SACvB;QACD,eAAe,EAAE;YACf,yCAAyC;YACzC,0CAA0C;YAC1C,4BAA4B;YAC5B,kCAAkC;SACnC;QACD,UAAU,EAAE;YACV,+BAA+B;YAC/B,uCAAuC;YACvC,gCAAgC;SACjC;QACD,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,CAAC;KAC1C;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,iCAAiC;IACpC,UAAU,CAAiC;IAEnD;QACE,IAAI,CAAC,UAAU,GAAG;YAChB,GAAG,iCAAiC;YACpC,GAAG,4BAA4B;SAChC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,QAAkB;QACxC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,QAA6B;QACnD,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,UAAkB;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,IAAI,UAAU,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,eAA2B;QAChD,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,cAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,qBAAqB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/D,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;YACvC,MAAM,UAAU,GAAG,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC;gBACnE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAEhB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC;oBAChD,MAAM,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC,+BAA+B,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;oBACvE,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAC/D,MAAM,CAAC,IAAI,CAAC,sBAAsB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAEhB,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;oBAC1C,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;oBAChE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAEhB,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;oBACvC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC,CAAC;oBACtE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAEhB,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;oBACrC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,cAAc,EAAE,CAAC,CAAC,CAAC;oBACrF,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC;IAC9C,OAAO,IAAI,iCAAiC,EAAE,CAAC;AACjD,CAAC"}