guardlink 1.0.0

package/dist/mcp/server.js

@@ -0,0 +1,388 @@
+/**
+ * GuardLink MCP Server — Model Context Protocol integration (§8.2).
+ *
+ * Tools:
+ *   guardlink_parse    — Parse annotations, return threat model
+ *   guardlink_status   — Coverage stats and unmitigated exposures
+ *   guardlink_validate — Syntax errors and dangling references
+ *   guardlink_suggest  — Given a code diff or file, suggest annotations
+ *   guardlink_lookup   — Query the threat model graph
+ *   guardlink_threat_report — AI threat report generation (STRIDE, DREAD, etc.)
+ *   guardlink_annotate — Build annotation prompt for the calling agent
+ *   guardlink_report   — Generate markdown report + JSON
+ *   guardlink_dashboard — Generate HTML threat model dashboard
+ *   guardlink_sarif    — Export SARIF 2.1.0
+ *   guardlink_diff     — Compare threat model against a git ref
+ *   guardlink_threat_reports — List saved AI threat report files
+ *
+ * Resources:
+ *   guardlink://model        — Full ThreatModel JSON
+ *   guardlink://definitions  — Assets, threats, controls
+ *   guardlink://unmitigated  — Unmitigated exposures list
+ *
+ * Transport: stdio (for Claude Code .mcp.json, Cursor, etc.)
+ *
+ * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "All tools accept root param from external AI agents"
+ * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "guardlink_suggest output fed back to calling LLM"
+ * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "guardlink_report and guardlink_dashboard write files"
+ * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Exposes threat model details to connected agents"
+ * @accepts #path-traversal on #mcp -- "MCP clients (Claude Code, Cursor) are trusted local agents"
+ * @accepts #arbitrary-write on #mcp -- "MCP clients are trusted local agents with filesystem access"
+ * @accepts #prompt-injection on #mcp -- "Suggest output is intended for LLM consumption"
+ * @accepts #data-exposure on #mcp -- "Exposing threat model to agents is the core MCP feature"
+ * @boundary between #mcp and External_AI_Agents (#mcp-boundary) -- "Primary trust boundary: external AI agents invoke tools over stdio"
+ * @flows External_AI_Agents -> #mcp via stdio -- "Tool calls received from AI agent over stdio transport"
+ * @flows #mcp -> #parser via getModel -- "MCP tools invoke parser to build threat model"
+ * @flows #mcp -> External_AI_Agents via response -- "Tool results returned to calling agent"
+ * @handles internal on #mcp -- "Processes and exposes security-sensitive threat model data"
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { z } from 'zod';
+import { parseProject } from '../parser/index.js';
+import { generateSarif } from '../analyzer/index.js';
+import { generateReport } from '../report/index.js';
+import { generateDashboardHTML } from '../dashboard/index.js';
+import { diffModels, parseAtRef } from '../diff/index.js';
+import { lookup } from './lookup.js';
+import { suggestAnnotations } from './suggest.js';
+import { generateThreatReport, listThreatReports, loadThreatReportsForDashboard, buildConfig, serializeModelCompact, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage } from '../analyze/index.js';
+import { buildAnnotatePrompt } from '../agents/prompts.js';
+// ─── Cached model ────────────────────────────────────────────────────
+let cachedModel = null;
+let cachedDiagnostics = [];
+let cachedRoot = '';
+async function getModel(root) {
+    if (cachedModel && cachedRoot === root) {
+        return { model: cachedModel, diagnostics: cachedDiagnostics };
+    }
+    const result = await parseProject({ root, project: 'unknown' });
+    cachedModel = result.model;
+    cachedDiagnostics = result.diagnostics;
+    cachedRoot = root;
+    return result;
+}
+function invalidateCache() {
+    cachedModel = null;
+    cachedDiagnostics = [];
+}
+// ─── Server setup ────────────────────────────────────────────────────
+export function createServer() {
+    const server = new McpServer({
+        name: 'guardlink',
+        version: '1.0.0',
+    });
+    // ── Tool: guardlink_parse ──
+    server.tool('guardlink_parse', 'Parse GuardLink annotations from the project and return the full threat model as JSON', { root: z.string().describe('Project root directory').default('.') }, async ({ root }) => {
+        invalidateCache();
+        const { model } = await getModel(root);
+        return {
+            content: [{ type: 'text', text: JSON.stringify(model, null, 2) }],
+        };
+    });
+    // ── Tool: guardlink_status ──
+    server.tool('guardlink_status', 'Return coverage statistics: asset/threat/control counts, unmitigated exposures, coverage percentage', { root: z.string().describe('Project root directory').default('.') }, async ({ root }) => {
+        const { model } = await getModel(root);
+        const mitigated = new Set();
+        const accepted = new Set();
+        for (const m of model.mitigations)
+            mitigated.add(`${m.asset}::${m.threat}`);
+        for (const a of model.acceptances)
+            accepted.add(`${a.asset}::${a.threat}`);
+        const unmitigated = model.exposures.filter(e => !mitigated.has(`${e.asset}::${e.threat}`) && !accepted.has(`${e.asset}::${e.threat}`));
+        const status = {
+            assets: model.assets.length,
+            threats: model.threats.length,
+            controls: model.controls.length,
+            mitigations: model.mitigations.length,
+            exposures: model.exposures.length,
+            acceptances: model.acceptances.length,
+            flows: model.flows.length,
+            boundaries: model.boundaries.length,
+            unmitigated: unmitigated.map(e => ({
+                asset: e.asset,
+                threat: e.threat,
+                severity: e.severity,
+                file: e.location.file,
+                line: e.location.line,
+            })),
+            coverage: model.coverage,
+        };
+        return {
+            content: [{ type: 'text', text: JSON.stringify(status, null, 2) }],
+        };
+    });
+    // ── Tool: guardlink_validate ──
+    server.tool('guardlink_validate', 'Check annotations for syntax errors, duplicate IDs, and dangling references. Returns structured error list.', { root: z.string().describe('Project root directory').default('.') }, async ({ root }) => {
+        invalidateCache();
+        const { model, diagnostics } = await getModel(root);
+        // Compute dangling refs
+        const definedIds = new Set();
+        for (const a of model.assets) {
+            if (a.id)
+                definedIds.add(a.id);
+            definedIds.add(a.path.join('.'));
+        }
+        for (const t of model.threats) {
+            if (t.id)
+                definedIds.add(t.id);
+        }
+        for (const c of model.controls) {
+            if (c.id)
+                definedIds.add(c.id);
+        }
+        const errors = diagnostics.filter(d => d.level === 'error');
+        const warnings = diagnostics.filter(d => d.level === 'warning');
+        const result = {
+            valid: errors.length === 0,
+            errors: errors.map(d => ({ file: d.file, line: d.line, message: d.message })),
+            warnings: warnings.map(d => ({ file: d.file, line: d.line, message: d.message })),
+            summary: `${errors.length} error(s), ${warnings.length} warning(s)`,
+        };
+        return {
+            content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+    });
+    // ── Tool: guardlink_suggest ──
+    server.tool('guardlink_suggest', 'Given a file path or code diff, suggest appropriate GuardLink annotations based on code patterns, imports, and function signatures', {
+        root: z.string().describe('Project root directory').default('.'),
+        file: z.string().describe('File path relative to root to analyze').optional(),
+        diff: z.string().describe('Git diff text to analyze for new code needing annotations').optional(),
+    }, async ({ root, file, diff }) => {
+        const { model } = await getModel(root);
+        const suggestions = await suggestAnnotations({ root, model, file, diff });
+        return {
+            content: [{ type: 'text', text: JSON.stringify(suggestions, null, 2) }],
+        };
+    });
+    // ── Tool: guardlink_lookup ──
+    server.tool('guardlink_lookup', 'Query the threat model graph. Find assets, threats, controls, flows, exposures by ID or relationship. Examples: "what threats target #auth?", "flows into Scanner", "unmitigated exposures"', {
+        root: z.string().describe('Project root directory').default('.'),
+        query: z.string().describe('Natural language or structured query: asset ID, threat ID, "flows into X", "threats for X", "unmitigated", "controls for X"'),
+    }, async ({ root, query }) => {
+        const { model } = await getModel(root);
+        const result = lookup(model, query);
+        return {
+            content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+    });
+    // ── Tool: guardlink_threat_report ──
+    server.tool('guardlink_threat_report', 'Generate an AI threat report using a security framework (STRIDE, DREAD, PASTA, attacker, rapid, general). If an LLM API key is set in environment, runs analysis internally and saves result. If no API key is set, returns the framework prompt and serialized threat model for the calling agent to analyze directly — write the result as markdown to .guardlink/threat-reports/.', {
+        root: z.string().describe('Project root directory').default('.'),
+        framework: z.enum(['stride', 'dread', 'pasta', 'attacker', 'rapid', 'general']).describe('Analysis framework').default('general'),
+        provider: z.string().describe('LLM provider: anthropic, openai, openrouter, deepseek (auto-detected from env)').optional(),
+        model: z.string().describe('Model name override').optional(),
+        custom_prompt: z.string().describe('Custom analysis prompt to replace the framework header').optional(),
+    }, async ({ root, framework, provider, model: modelName, custom_prompt }) => {
+        const { model: threatModel } = await getModel(root);
+        if (threatModel.annotations_parsed === 0) {
+            return {
+                content: [{ type: 'text', text: JSON.stringify({
+                            error: 'No annotations found. Add GuardLink annotations to your code first.',
+                        }) }],
+            };
+        }
+        const fw = framework;
+        const llmConfig = buildConfig({ provider, model: modelName });
+        // Agent mode: no API key — return prompt + compact model for the calling agent
+        if (!llmConfig) {
+            const serialized = serializeModelCompact(threatModel);
+            const systemPrompt = FRAMEWORK_PROMPTS[fw] || FRAMEWORK_PROMPTS.general;
+            const userMessage = buildUserMessage(serialized, fw, custom_prompt);
+            return {
+                content: [{ type: 'text', text: JSON.stringify({
+                            mode: 'agent',
+                            message: 'No LLM API key found. Returning the threat report prompt and threat model for you to generate directly. Write the report as markdown and save it to .guardlink/threat-reports/. Call guardlink_parse or read guardlink://model for full detail if needed.',
+                            framework,
+                            label: FRAMEWORK_LABELS[fw],
+                            system_prompt: systemPrompt,
+                            user_prompt: userMessage,
+                            save_to: `.guardlink/threat-reports/${new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19)}-${framework}.md`,
+                        }, null, 2) }],
+            };
+        }
+        // API mode: call LLM internally
+        try {
+            const result = await generateThreatReport({
+                root,
+                model: threatModel,
+                framework: fw,
+                llmConfig,
+                customPrompt: custom_prompt,
+                stream: false,
+            });
+            return {
+                content: [{ type: 'text', text: JSON.stringify({
+                            mode: 'api',
+                            framework: result.framework,
+                            label: result.label,
+                            model: result.model,
+                            savedTo: result.savedTo,
+                            inputTokens: result.inputTokens,
+                            outputTokens: result.outputTokens,
+                            content: result.content,
+                        }, null, 2) }],
+            };
+        }
+        catch (err) {
+            return {
+                content: [{ type: 'text', text: JSON.stringify({ error: err.message }) }],
+            };
+        }
+    });
+    // ── Tool: guardlink_annotate ──
+    server.tool('guardlink_annotate', 'Build an annotation prompt with project context, GuardLink reference docs, and GAL syntax guidelines. The calling agent should use this prompt to read source files and add security annotations directly. Returns the prompt text — the agent should then read files, decide annotation placement, and write comments.', {
+        root: z.string().describe('Project root directory').default('.'),
+        prompt: z.string().describe('Annotation instructions (e.g., "annotate auth endpoints for OWASP Top 10")'),
+    }, async ({ root, prompt }) => {
+        let model = null;
+        try {
+            const result = await getModel(root);
+            if (result.model.annotations_parsed > 0) {
+                model = result.model;
+            }
+        }
+        catch { /* no model yet — fine */ }
+        const annotatePrompt = buildAnnotatePrompt(prompt, root, model);
+        return {
+            content: [{ type: 'text', text: JSON.stringify({
+                        mode: 'agent',
+                        message: 'Annotation prompt built with project context. Read the source files in the project directory, then add GuardLink annotations as code comments following the guidelines in the prompt. After annotating, call guardlink_parse to verify the annotations were parsed correctly.',
+                        prompt: annotatePrompt,
+                        guidelines: [
+                            'Add annotations as comments directly above security-relevant code',
+                            'Use the project\'s comment style (// for TS/JS/Rust/Go, # for Python/Ruby/Shell)',
+                            'After annotating, call guardlink_parse to verify results',
+                        ],
+                    }, null, 2) }],
+        };
+    });
+    // ── Tool: guardlink_report ──
+    server.tool('guardlink_report', 'Generate a markdown threat model report with Mermaid diagram. Also writes threat-model.json alongside.', {
+        root: z.string().describe('Project root directory').default('.'),
+        output: z.string().describe('Output filename (default: threat-model.md)').default('threat-model.md'),
+    }, async ({ root, output }) => {
+        const { model } = await getModel(root);
+        if (model.annotations_parsed === 0) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'No annotations found.' }) }] };
+        }
+        const { writeFile } = await import('node:fs/promises');
+        const { resolve } = await import('node:path');
+        const report = generateReport(model);
+        await writeFile(resolve(root, output), report + '\n');
+        const jsonFile = output.replace(/\.md$/, '.json');
+        await writeFile(resolve(root, jsonFile), JSON.stringify(model, null, 2) + '\n');
+        return {
+            content: [{ type: 'text', text: JSON.stringify({
+                        report: output,
+                        json: jsonFile,
+                        annotations: model.annotations_parsed,
+                        exposures: model.exposures.length,
+                    }) }],
+        };
+    });
+    // ── Tool: guardlink_dashboard ──
+    server.tool('guardlink_dashboard', 'Generate an interactive HTML threat model dashboard with diagrams, charts, code annotations, and heatmap.', {
+        root: z.string().describe('Project root directory').default('.'),
+        output: z.string().describe('Output filename (default: threat-dashboard.html)').default('threat-dashboard.html'),
+    }, async ({ root, output }) => {
+        const { model } = await getModel(root);
+        if (model.annotations_parsed === 0) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'No annotations found.' }) }] };
+        }
+        const { writeFile } = await import('node:fs/promises');
+        const { resolve } = await import('node:path');
+        const analyses = loadThreatReportsForDashboard(root);
+        const html = generateDashboardHTML(model, root, analyses);
+        await writeFile(resolve(root, output), html);
+        return {
+            content: [{ type: 'text', text: JSON.stringify({
+                        dashboard: output,
+                        annotations: model.annotations_parsed,
+                        exposures: model.exposures.length,
+                    }) }],
+        };
+    });
+    // ── Tool: guardlink_sarif ──
+    server.tool('guardlink_sarif', 'Export findings as SARIF 2.1.0 for GitHub Advanced Security, VS Code, and other SARIF consumers.', {
+        root: z.string().describe('Project root directory').default('.'),
+        output: z.string().describe('Output filename (default: guardlink.sarif.json)').default('guardlink.sarif.json'),
+    }, async ({ root, output }) => {
+        invalidateCache();
+        const { model, diagnostics } = await getModel(root);
+        const { writeFile } = await import('node:fs/promises');
+        const { resolve } = await import('node:path');
+        const sarif = generateSarif(model, diagnostics, [], { includeDiagnostics: true, includeDanglingRefs: true });
+        await writeFile(resolve(root, output), JSON.stringify(sarif, null, 2) + '\n');
+        const resultCount = sarif.runs[0]?.results?.length ?? 0;
+        return {
+            content: [{ type: 'text', text: JSON.stringify({
+                        sarif: output,
+                        results: resultCount,
+                    }) }],
+        };
+    });
+    // ── Tool: guardlink_diff ──
+    server.tool('guardlink_diff', 'Compare the current threat model against a git ref (commit, branch, tag). Shows added/removed/changed annotations, new unmitigated exposures.', {
+        root: z.string().describe('Project root directory').default('.'),
+        ref: z.string().describe('Git ref to compare against (e.g. HEAD~1, main, v1.0)').default('HEAD~1'),
+    }, async ({ root, ref }) => {
+        try {
+            const { model: current } = await getModel(root);
+            const previous = await parseAtRef(root, ref, 'unknown');
+            const diff = diffModels(previous, current);
+            return {
+                content: [{ type: 'text', text: JSON.stringify(diff, null, 2) }],
+            };
+        }
+        catch (err) {
+            return {
+                content: [{ type: 'text', text: JSON.stringify({ error: err.message }) }],
+            };
+        }
+    });
+    // ── Tool: guardlink_threat_reports ──
+    server.tool('guardlink_threat_reports', 'List saved AI threat reports from .guardlink/threat-reports/ (and legacy .guardlink/analyses/). Returns filename, framework, timestamp, and model used.', {
+        root: z.string().describe('Project root directory').default('.'),
+    }, async ({ root }) => {
+        const reports = listThreatReports(root);
+        return {
+            content: [{ type: 'text', text: JSON.stringify(reports, null, 2) }],
+        };
+    });
+    // ── Resource: guardlink://model ──
+    server.resource('threat-model', 'guardlink://model', { description: 'Full ThreatModel JSON for the current project' }, async () => {
+        const { model } = await getModel(cachedRoot || '.');
+        return {
+            contents: [{ uri: 'guardlink://model', mimeType: 'application/json', text: JSON.stringify(model, null, 2) }],
+        };
+    });
+    // ── Resource: guardlink://definitions ──
+    server.resource('definitions', 'guardlink://definitions', { description: 'All defined assets, threats, and controls with their IDs' }, async () => {
+        const { model } = await getModel(cachedRoot || '.');
+        const defs = {
+            assets: model.assets.map(a => ({ id: a.id, path: a.path.join('.'), description: a.description })),
+            threats: model.threats.map(t => ({ id: t.id, name: t.canonical_name, severity: t.severity, description: t.description })),
+            controls: model.controls.map(c => ({ id: c.id, name: c.canonical_name, description: c.description })),
+        };
+        return {
+            contents: [{ uri: 'guardlink://definitions', mimeType: 'application/json', text: JSON.stringify(defs, null, 2) }],
+        };
+    });
+    // ── Resource: guardlink://unmitigated ──
+    server.resource('unmitigated', 'guardlink://unmitigated', { description: 'List of unmitigated exposures — assets exposed to threats with no @mitigates or @accepts' }, async () => {
+        const { model } = await getModel(cachedRoot || '.');
+        const covered = new Set();
+        for (const m of model.mitigations)
+            covered.add(`${m.asset}::${m.threat}`);
+        for (const a of model.acceptances)
+            covered.add(`${a.asset}::${a.threat}`);
+        const unmitigated = model.exposures
+            .filter(e => !covered.has(`${e.asset}::${e.threat}`))
+            .map(e => ({ asset: e.asset, threat: e.threat, severity: e.severity, file: e.location.file, line: e.location.line }));
+        return {
+            contents: [{ uri: 'guardlink://unmitigated', mimeType: 'application/json', text: JSON.stringify(unmitigated, null, 2) }],
+        };
+    });
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/mcp/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAsB,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,MAAM,EAAoB,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,WAAW,EAAkB,qBAAqB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,EAA0B,MAAM,qBAAqB,CAAC;AAChP,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG3D,wEAAwE;AAExE,IAAI,WAAW,GAAuB,IAAI,CAAC;AAC3C,IAAI,iBAAiB,GAAU,EAAE,CAAC;AAClC,IAAI,UAAU,GAAW,EAAE,CAAC;AAE5B,KAAK,UAAU,QAAQ,CAAC,IAAY;IAClC,IAAI,WAAW,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IAChE,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IAChE,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC;IAC3B,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAAC;IACvC,UAAU,GAAG,IAAI,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe;IACtB,WAAW,GAAG,IAAI,CAAC;IACnB,iBAAiB,GAAG,EAAE,CAAC;AACzB,CAAC;AAED,wEAAwE;AAExE,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,8BAA8B;IAC9B,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,uFAAuF,EACvF,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EACpE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,eAAe,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvC,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SAClE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,+BAA+B;IAC/B,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB,qGAAqG,EACrG,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EACpE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEvC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;YAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;YAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAC3F,CAAC;QAEF,MAAM,MAAM,GAAG;YACb,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM;YAC3B,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM;YAC7B,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,MAAM;YAC/B,WAAW,EAAE,KAAK,CAAC,WAAW,CAAC,MAAM;YACrC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM;YACjC,WAAW,EAAE,KAAK,CAAC,WAAW,CAAC,MAAM;YACrC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;YACzB,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,MAAM;YACnC,WAAW,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACjC,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;gBACrB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;aACtB,CAAC,CAAC;YACH,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,iCAAiC;IACjC,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,6GAA6G,EAC7G,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EACpE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,eAAe,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEpD,wBAAwB;QACxB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,CAAC,EAAE;gBAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAAC,CAAC;QACnG,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAAC,IAAI,CAAC,CAAC,EAAE;gBAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAAC,CAAC;QAClE,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAAC,IAAI,CAAC,CAAC,EAAE;gBAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAAC,CAAC;QAEnE,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7E,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACjF,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,cAAc,QAAQ,CAAC,MAAM,aAAa;SACpE,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,gCAAgC;IAChC,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,oIAAoI,EACpI;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC,CAAC,QAAQ,EAAE;QAC7E,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2DAA2D,CAAC,CAAC,QAAQ,EAAE;KAClG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE;QAC7B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1E,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,+BAA+B;IAC/B,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB,6LAA6L,EAC7L;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6HAA6H,CAAC;KAC1J,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;QACxB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACpC,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,IAAI,CACT,yBAAyB,EACzB,sXAAsX,EACtX;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;QACjI,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gFAAgF,CAAC,CAAC,QAAQ,EAAE;QAC1H,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;QAC5D,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC,CAAC,QAAQ,EAAE;KACxG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,EAAE,EAAE;QACvE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,WAAW,CAAC,kBAAkB,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BAC7C,KAAK,EAAE,qEAAqE;yBAC7E,CAAC,EAAE,CAAC;aACN,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,SAA8B,CAAC;QAC1C,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAE9D,+EAA+E;QAC/E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,UAAU,GAAG,qBAAqB,CAAC,WAAW,CAAC,CAAC;YACtD,MAAM,YAAY,GAAG,iBAAiB,CAAC,EAAE,CAAC,IAAI,iBAAiB,CAAC,OAAO,CAAC;YACxE,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;YAEpE,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BAC7C,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,2PAA2P;4BACpQ,SAAS;4BACT,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC;4BAC3B,aAAa,EAAE,YAAY;4BAC3B,WAAW,EAAE,WAAW;4BACxB,OAAO,EAAE,6BAA6B,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,SAAS,KAAK;yBACpH,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACf,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC;gBACxC,IAAI;gBACJ,KAAK,EAAE,WAAW;gBAClB,SAAS,EAAE,EAAE;gBACb,SAAS;gBACT,YAAY,EAAE,aAAa;gBAC3B,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BAC7C,IAAI,EAAE,KAAK;4BACX,SAAS,EAAE,MAAM,CAAC,SAAS;4BAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;4BACnB,KAAK,EAAE,MAAM,CAAC,KAAK;4BACnB,OAAO,EAAE,MAAM,CAAC,OAAO;4BACvB,WAAW,EAAE,MAAM,CAAC,WAAW;4BAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;4BACjC,OAAO,EAAE,MAAM,CAAC,OAAO;yBACxB,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACf,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;aAC1E,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,iCAAiC;IACjC,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,yTAAyT,EACzT;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4EAA4E,CAAC;KAC1G,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE;QACzB,IAAI,KAAK,GAAuB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,MAAM,CAAC,KAAK,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;gBACxC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;QAErC,MAAM,cAAc,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAEhE,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBAC7C,IAAI,EAAE,OAAO;wBACb,OAAO,EAAE,+QAA+Q;wBACxR,MAAM,EAAE,cAAc;wBACtB,UAAU,EAAE;4BACV,mEAAmE;4BACnE,kFAAkF;4BAClF,0DAA0D;yBAC3D;qBACF,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACf,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,+BAA+B;IAC/B,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB,wGAAwG,EACxG;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC;KACrG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE;QACzB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,kBAAkB,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QACnG,CAAC;QACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACvD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAChF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBAC7C,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,KAAK,CAAC,kBAAkB;wBACrC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM;qBAClC,CAAC,EAAE,CAAC;SACN,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,kCAAkC;IAClC,MAAM,CAAC,IAAI,CACT,qBAAqB,EACrB,2GAA2G,EAC3G;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC;KACjH,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE;QACzB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,kBAAkB,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QACnG,CAAC;QACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACvD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1D,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;QAC7C,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBAC7C,SAAS,EAAE,MAAM;wBACjB,WAAW,EAAE,KAAK,CAAC,kBAAkB;wBACrC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM;qBAClC,CAAC,EAAE,CAAC;SACN,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,8BAA8B;IAC9B,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,kGAAkG,EAClG;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC;KAC/G,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE;QACzB,eAAe,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACvD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7G,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBAC7C,KAAK,EAAE,MAAM;wBACb,OAAO,EAAE,WAAW;qBACrB,CAAC,EAAE,CAAC;SACN,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6BAA6B;IAC7B,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,+IAA+I,EAC/I;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAChE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sDAAsD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;KACnG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;YACxD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACjE,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;aAC1E,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,uCAAuC;IACvC,MAAM,CAAC,IAAI,CACT,0BAA0B,EAC1B,yJAAyJ,EACzJ;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;KACjE,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACpE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,oCAAoC;IACpC,MAAM,CAAC,QAAQ,CACb,cAAc,EACd,mBAAmB,EACnB,EAAE,WAAW,EAAE,+CAA+C,EAAE,EAChE,KAAK,IAAI,EAAE;QACT,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;QACpD,OAAO;YACL,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,mBAAmB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SAC7G,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,0CAA0C;IAC1C,MAAM,CAAC,QAAQ,CACb,aAAa,EACb,yBAAyB,EACzB,EAAE,WAAW,EAAE,0DAA0D,EAAE,EAC3E,KAAK,IAAI,EAAE;QACT,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACjG,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACzH,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;SACtG,CAAC;QACF,OAAO;YACL,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,yBAAyB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SAClH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,0CAA0C;IAC1C,MAAM,CAAC,QAAQ,CACb,aAAa,EACb,yBAAyB,EACzB,EAAE,WAAW,EAAE,0FAA0F,EAAE,EAC3G,KAAK,IAAI,EAAE;QACT,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACxH,OAAO;YACL,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,yBAAyB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACzH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/mcp/suggest.d.ts

@@ -0,0 +1,35 @@
+/**
+ * GuardLink Suggest — Annotation suggestion engine.
+ *
+ * Analyzes code for patterns that warrant security annotations:
+ *   - Function names suggesting security-relevant operations
+ *   - Dangerous imports/patterns (eval, exec, SQL, file I/O, crypto)
+ *   - HTTP handlers, auth checks, input parsing
+ *   - Missing annotations on files that handle sensitive data
+ *
+ * Designed for both file-based and diff-based analysis (§8.2).
+ *
+ * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "Reads files from user-specified paths for analysis"
+ * @exposes #suggest to #prompt-injection [medium] cwe:CWE-77 -- "Suggestion output may be fed back to LLM agents"
+ * @accepts #prompt-injection on #suggest -- "Suggestions are intended for LLM consumption"
+ * @mitigates #suggest against #path-traversal using #path-validation -- "join() combines root with relative file paths"
+ * @flows #mcp -> #suggest via suggestAnnotations -- "MCP tool passes file path from agent request"
+ * @flows #suggest -> #mcp via suggestions -- "Suggestions returned to calling agent"
+ */
+import type { ThreatModel } from '../types/index.js';
+export interface SuggestOptions {
+    root: string;
+    model: ThreatModel;
+    file?: string;
+    diff?: string;
+}
+export interface Suggestion {
+    file: string;
+    line?: number;
+    annotation: string;
+    reason: string;
+    confidence: 'high' | 'medium' | 'low';
+    category: string;
+}
+export declare function suggestAnnotations(opts: SuggestOptions): Promise<Suggestion[]>;
+//# sourceMappingURL=suggest.d.ts.map

package/dist/mcp/suggest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"suggest.d.ts","sourceRoot":"","sources":["../../src/mcp/suggest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,WAAW,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAwBpF"}