guardrail-compliance 1.0.0

package/dist/iac/scanner.js

@@ -0,0 +1,343 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.iacSecurityScanner = exports.IaCSecurityScanner = void 0;
+const database_1 = require("@guardrail/database");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const rules_1 = require("./rules");
+const drift_detector_1 = require("./drift-detector");
+class IaCSecurityScanner {
+    /**
+     * Main scan function
+     */
+    async scan(projectPath, projectId) {
+        const providers = [];
+        const allResources = [];
+        // Find and parse Terraform files
+        const tfFiles = this.findFiles(projectPath, '.tf');
+        if (tfFiles.length > 0) {
+            providers.push('terraform');
+            for (const file of tfFiles) {
+                const resources = await this.parseTerraform([file]);
+                resources.forEach(r => allResources.push({ resource: r, filePath: file, provider: 'terraform' }));
+            }
+        }
+        // Find and parse CloudFormation templates
+        const cfnFiles = this.findFiles(projectPath, '.yaml', '.yml', '.json').filter(f => f.includes('cloudformation') || f.includes('template'));
+        if (cfnFiles.length > 0) {
+            providers.push('cloudformation');
+            for (const file of cfnFiles) {
+                const resources = await this.parseCloudFormation(file);
+                resources.forEach(r => allResources.push({ resource: r, filePath: file, provider: 'cloudformation' }));
+            }
+        }
+        // Find and parse Kubernetes manifests
+        const k8sFiles = this.findFiles(projectPath, '.yaml', '.yml').filter(f => !f.includes('cloudformation') && !f.includes('template'));
+        if (k8sFiles.length > 0) {
+            const k8sResources = await this.parseKubernetes(k8sFiles);
+            if (k8sResources.length > 0) {
+                providers.push('kubernetes');
+                k8sResources.forEach((r, i) => allResources.push({ resource: r, filePath: k8sFiles[i % k8sFiles.length] || 'unknown', provider: 'kubernetes' }));
+            }
+        }
+        // Scan all resources against rules
+        const findings = this.scanResources(allResources);
+        // Calculate summary
+        const summary = {
+            total: findings.length,
+            critical: findings.filter(f => f.severity === 'critical').length,
+            high: findings.filter(f => f.severity === 'high').length,
+            medium: findings.filter(f => f.severity === 'medium').length,
+            low: findings.filter(f => f.severity === 'low').length
+        };
+        // Detect drift if Terraform is used
+        let driftReport;
+        if (providers.includes('terraform')) {
+            driftReport = await drift_detector_1.driftDetector.detectDrift(projectPath);
+        }
+        // Analyze costs
+        const costAnalysis = await this.analyzeCosts(findings);
+        // Save to database
+        try {
+            await database_1.prisma.iaCScan.create({
+                data: {
+                    projectId
+                }
+            });
+        }
+        catch (error) {
+            // Table may not exist - continue
+        }
+        return {
+            projectId,
+            providers,
+            summary,
+            findings,
+            driftReport,
+            costAnalysis
+        };
+    }
+    /**
+     * Parse Terraform files
+     */
+    async parseTerraform(files) {
+        const resources = [];
+        for (const file of files) {
+            try {
+                const content = (0, fs_1.readFileSync)(file, 'utf-8');
+                // Simple HCL parsing (in production, use proper HCL parser)
+                const resourceMatches = content.matchAll(/resource\s+"([^"]+)"\s+"([^"]+)"\s+{([^}]*)}/gs);
+                for (const match of resourceMatches) {
+                    const [, type, name, configBlock] = match;
+                    if (!type || !name)
+                        continue;
+                    // Parse config block (simplified)
+                    const config = {};
+                    const lines = (configBlock || '').split('\n');
+                    for (const line of lines) {
+                        const keyValue = line.match(/^\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.+)$/);
+                        if (keyValue) {
+                            const [, key, value] = keyValue;
+                            if (key && value) {
+                                config[key.trim()] = this.parseValue(value.trim());
+                            }
+                        }
+                    }
+                    resources.push({
+                        type,
+                        name,
+                        provider: type.split('_')[0] || 'unknown', // e.g., 'aws' from 'aws_s3_bucket'
+                        config
+                    });
+                }
+            }
+            catch (error) {
+                console.error(`Error parsing Terraform file ${file}:`, error);
+            }
+        }
+        return resources;
+    }
+    /**
+     * Parse CloudFormation template
+     */
+    async parseCloudFormation(file) {
+        const resources = [];
+        try {
+            const content = (0, fs_1.readFileSync)(file, 'utf-8');
+            const template = file.endsWith('.json') ? JSON.parse(content) : this.parseYAML(content);
+            if (template.Resources) {
+                for (const [logicalId, resource] of Object.entries(template.Resources)) {
+                    resources.push({
+                        type: resource.Type,
+                        logicalId,
+                        properties: resource.Properties || {}
+                    });
+                }
+            }
+        }
+        catch (error) {
+            console.error(`Error parsing CloudFormation file ${file}:`, error);
+        }
+        return resources;
+    }
+    /**
+     * Parse Kubernetes manifests
+     */
+    async parseKubernetes(files) {
+        const resources = [];
+        for (const file of files) {
+            try {
+                const content = (0, fs_1.readFileSync)(file, 'utf-8');
+                const manifests = this.parseYAML(content);
+                // Handle both single manifest and array of manifests
+                const manifestArray = Array.isArray(manifests) ? manifests : [manifests];
+                for (const manifest of manifestArray) {
+                    if (manifest && manifest.kind && manifest.metadata) {
+                        resources.push({
+                            apiVersion: manifest.apiVersion || '',
+                            kind: manifest.kind,
+                            metadata: manifest.metadata,
+                            spec: manifest.spec || {}
+                        });
+                    }
+                }
+            }
+            catch (error) {
+                console.error(`Error parsing Kubernetes file ${file}:`, error);
+            }
+        }
+        return resources;
+    }
+    /**
+     * Scan resources against rules
+     */
+    scanResources(resources) {
+        const findings = [];
+        for (const { resource, filePath, provider } of resources) {
+            // Get applicable rules
+            const rules = rules_1.ALL_RULES.filter(rule => {
+                if (provider === 'terraform') {
+                    const tfResource = resource;
+                    return rule.provider === 'terraform' && rule.resourceType === tfResource.type;
+                }
+                else if (provider === 'kubernetes') {
+                    const k8sResource = resource;
+                    return rule.provider === 'kubernetes' && rule.resourceType === k8sResource.kind;
+                }
+                else if (provider === 'cloudformation') {
+                    const cfnResource = resource;
+                    return rule.resourceType === cfnResource.type;
+                }
+                return false;
+            });
+            // Check each rule
+            for (const rule of rules) {
+                try {
+                    const resourceData = this.getResourceData(resource, provider);
+                    const violates = rule.check(resourceData);
+                    if (violates) {
+                        findings.push({
+                            ruleId: rule.id,
+                            severity: rule.severity,
+                            category: rule.category,
+                            title: rule.title,
+                            description: rule.description,
+                            resourceType: this.getResourceType(resource, provider),
+                            resourceName: this.getResourceName(resource, provider),
+                            filePath,
+                            recommendation: rule.recommendation
+                        });
+                    }
+                }
+                catch (error) {
+                    console.error(`Error checking rule ${rule.id}:`, error);
+                }
+            }
+        }
+        return findings;
+    }
+    /**
+     * Analyze costs based on findings
+     */
+    async analyzeCosts(findings) {
+        const costByService = {};
+        const suggestions = [];
+        // Estimate costs based on security findings
+        // In production, this would use cloud provider pricing APIs
+        // Example: unencrypted resources cost more due to compliance requirements
+        const encryptionFindings = findings.filter(f => f.description.toLowerCase().includes('encryption'));
+        if (encryptionFindings.length > 0) {
+            suggestions.push(`Enable encryption on ${encryptionFindings.length} resources to reduce compliance costs`);
+        }
+        // Public resources may incur data transfer costs
+        const publicFindings = findings.filter(f => f.description.toLowerCase().includes('public'));
+        if (publicFindings.length > 0) {
+            suggestions.push(`Restrict ${publicFindings.length} public resources to reduce data transfer costs`);
+        }
+        return {
+            estimatedMonthlyCost: 0, // Would calculate actual costs in production
+            costByService,
+            costOptimizationSuggestions: suggestions
+        };
+    }
+    /**
+     * Find files with specific extensions recursively
+     */
+    findFiles(dir, ...extensions) {
+        const files = [];
+        try {
+            const entries = (0, fs_1.readdirSync)(dir);
+            for (const entry of entries) {
+                const fullPath = (0, path_1.join)(dir, entry);
+                const stat = (0, fs_1.statSync)(fullPath);
+                if (stat.isDirectory() && !entry.startsWith('.') && entry !== 'node_modules') {
+                    files.push(...this.findFiles(fullPath, ...extensions));
+                }
+                else if (stat.isFile()) {
+                    if (extensions.some(ext => entry.endsWith(ext))) {
+                        files.push(fullPath);
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Ignore permission errors
+        }
+        return files;
+    }
+    /**
+     * Parse HCL value (simplified)
+     */
+    parseValue(value) {
+        value = value.trim();
+        if (value === 'true')
+            return true;
+        if (value === 'false')
+            return false;
+        if (value.startsWith('"') && value.endsWith('"')) {
+            return value.slice(1, -1);
+        }
+        if (value.match(/^\d+$/)) {
+            return parseInt(value, 10);
+        }
+        return value;
+    }
+    /**
+     * Simple YAML parser (in production, use proper YAML library)
+     */
+    parseYAML(content) {
+        try {
+            return JSON.parse(content);
+        }
+        catch {
+            return {};
+        }
+    }
+    /**
+     * Get resource data for rule checking
+     */
+    getResourceData(resource, provider) {
+        if (provider === 'terraform') {
+            return resource.config;
+        }
+        else if (provider === 'kubernetes') {
+            return resource;
+        }
+        else if (provider === 'cloudformation') {
+            return resource.properties;
+        }
+        return {};
+    }
+    /**
+     * Get resource type
+     */
+    getResourceType(resource, provider) {
+        if (provider === 'terraform') {
+            return resource.type;
+        }
+        else if (provider === 'kubernetes') {
+            return resource.kind;
+        }
+        else if (provider === 'cloudformation') {
+            return resource.type;
+        }
+        return 'unknown';
+    }
+    /**
+     * Get resource name
+     */
+    getResourceName(resource, provider) {
+        if (provider === 'terraform') {
+            return resource.name;
+        }
+        else if (provider === 'kubernetes') {
+            return resource.metadata.name;
+        }
+        else if (provider === 'cloudformation') {
+            return resource.logicalId;
+        }
+        return 'unknown';
+    }
+}
+exports.IaCSecurityScanner = IaCSecurityScanner;
+exports.iacSecurityScanner = new IaCSecurityScanner();

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export * from './iac';
+export * from './frameworks';
+export * from './pii';
+export * from './container';
+export * from './automation';
+export * from './audit';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,OAAO,CAAC;AAGtB,cAAc,cAAc,CAAC;AAG7B,cAAc,OAAO,CAAC;AAGtB,cAAc,aAAa,CAAC;AAG5B,cAAc,cAAc,CAAC;AAG7B,cAAc,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,28 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// IaC Security
+__exportStar(require("./iac"), exports);
+// Compliance Frameworks
+__exportStar(require("./frameworks"), exports);
+// PII Detection
+__exportStar(require("./pii"), exports);
+// Container Security
+__exportStar(require("./container"), exports);
+// Automation Components
+__exportStar(require("./automation"), exports);
+// Audit Trail (Compliance+ feature)
+__exportStar(require("./audit"), exports);

package/dist/pii/data-flow.d.ts

@@ -0,0 +1,58 @@
+export interface PIIFinding {
+    category: string;
+    value: string;
+    location: {
+        file: string;
+        line: number;
+        column: number;
+    };
+    context: string;
+    severity: 'high' | 'medium' | 'low';
+}
+export interface Origin {
+    type: 'input' | 'database' | 'api' | 'file' | 'environment';
+    location: string;
+    description: string;
+}
+export interface FlowPath {
+    from: string;
+    to: string;
+    operation: string;
+    line: number;
+}
+export interface Storage {
+    type: 'database' | 'file' | 'memory' | 'cache' | 'external';
+    location: string;
+    encrypted: boolean;
+}
+export interface DataFlow {
+    piiCategory: string;
+    origins: Origin[];
+    paths: FlowPath[];
+    storage: Storage[];
+    externalTransfers: string[];
+}
+export declare class DataFlowTracker {
+    /**
+     * Track where PII originates
+     */
+    trackOrigin(_finding: PIIFinding, _ast: any): Origin[];
+    /**
+     * Track where PII flows through the codebase
+     */
+    trackFlow(_finding: PIIFinding, _ast: any): FlowPath[];
+    /**
+     * Track where PII is stored
+     */
+    trackStorage(_finding: PIIFinding, _ast: any): Storage[];
+    /**
+     * Generate Mermaid diagram for data flows
+     */
+    generateDiagram(flows: DataFlow[]): string;
+    /**
+     * Analyze data flows for a project
+     */
+    analyzeDataFlows(findings: PIIFinding[]): DataFlow[];
+}
+export declare const dataFlowTracker: DataFlowTracker;
+//# sourceMappingURL=data-flow.d.ts.map

package/dist/pii/data-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-flow.d.ts","sourceRoot":"","sources":["../../src/pii/data-flow.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACrC;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,aAAa,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAU,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,qBAAa,eAAe;IAC1B;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,GAAG,MAAM,EAAE;IAoDtD;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,GAAG,QAAQ,EAAE;IAStD;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,EAAE;IAiCxD;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM;IA6B1C;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE;CAmCrD;AAED,eAAO,MAAM,eAAe,iBAAwB,CAAC"}

package/dist/pii/data-flow.js

@@ -0,0 +1,154 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dataFlowTracker = exports.DataFlowTracker = void 0;
+class DataFlowTracker {
+    /**
+     * Track where PII originates
+     */
+    trackOrigin(_finding, _ast) {
+        const origins = [];
+        // Simplified - in production would analyze AST deeply
+        // Check if in request handler
+        if (_finding.context.includes('req.body') || _finding.context.includes('request')) {
+            origins.push({
+                type: 'input',
+                location: _finding.location.file,
+                description: 'User input from HTTP request'
+            });
+        }
+        // Check if from database query
+        if (_finding.context.includes('db.') || _finding.context.includes('query') || _finding.context.includes('findMany')) {
+            origins.push({
+                type: 'database',
+                location: _finding.location.file,
+                description: 'Retrieved from database'
+            });
+        }
+        // Check if from API call
+        if (_finding.context.includes('fetch') || _finding.context.includes('axios') || _finding.context.includes('http.get')) {
+            origins.push({
+                type: 'api',
+                location: _finding.location.file,
+                description: 'Fetched from external API'
+            });
+        }
+        // Check if from file
+        if (_finding.context.includes('readFile') || _finding.context.includes('fs.')) {
+            origins.push({
+                type: 'file',
+                location: _finding.location.file,
+                description: 'Read from file system'
+            });
+        }
+        // Check if from environment
+        if (_finding.context.includes('process.env') || _finding.context.includes('env.')) {
+            origins.push({
+                type: 'environment',
+                location: 'Environment variables',
+                description: 'Loaded from environment variables'
+            });
+        }
+        return origins;
+    }
+    /**
+     * Track where PII flows through the codebase
+     */
+    trackFlow(_finding, _ast) {
+        const paths = [];
+        // Simplified - would analyze actual data flow in AST
+        // This is a placeholder implementation
+        return paths;
+    }
+    /**
+     * Track where PII is stored
+     */
+    trackStorage(_finding, _ast) {
+        const storage = [];
+        // Check for database storage
+        if (_finding.context.includes('save') || _finding.context.includes('insert') || _finding.context.includes('create')) {
+            storage.push({
+                type: 'database',
+                location: 'Database (inferred)',
+                encrypted: false // Would check encryption settings
+            });
+        }
+        // Check for file storage
+        if (_finding.context.includes('writeFile') || _finding.context.includes('fs.write')) {
+            storage.push({
+                type: 'file',
+                location: _finding.location.file,
+                encrypted: false
+            });
+        }
+        // Check for cache storage
+        if (_finding.context.includes('cache') || _finding.context.includes('redis')) {
+            storage.push({
+                type: 'cache',
+                location: 'Cache (inferred)',
+                encrypted: false
+            });
+        }
+        return storage;
+    }
+    /**
+     * Generate Mermaid diagram for data flows
+     */
+    generateDiagram(flows) {
+        let diagram = 'graph LR\n';
+        for (const flow of flows) {
+            const piiNode = `PII_${flow.piiCategory.replace(/[^a-zA-Z0-9]/g, '_')}`;
+            // Origins
+            for (const origin of flow.origins) {
+                const originNode = `${origin.type}_${flow.piiCategory}`;
+                diagram += `    ${originNode}[${origin.type}: ${origin.description}] --> ${piiNode}[${flow.piiCategory}]\n`;
+            }
+            // Storage
+            for (const store of flow.storage) {
+                const storeNode = `${store.type}_${flow.piiCategory}`;
+                const encrypted = store.encrypted ? '🔒' : '🔓';
+                diagram += `    ${piiNode} --> ${storeNode}[${encrypted} ${store.type}]\n`;
+            }
+            // External transfers
+            for (const transfer of flow.externalTransfers) {
+                const transferNode = `EXT_${transfer.replace(/[^a-zA-Z0-9]/g, '_')}`;
+                diagram += `    ${piiNode} --> ${transferNode}[External: ${transfer}]\n`;
+            }
+        }
+        return diagram;
+    }
+    /**
+     * Analyze data flows for a project
+     */
+    analyzeDataFlows(findings) {
+        const flowsByCategory = new Map();
+        for (const finding of findings) {
+            if (!flowsByCategory.has(finding.category)) {
+                flowsByCategory.set(finding.category, {
+                    piiCategory: finding.category,
+                    origins: [],
+                    paths: [],
+                    storage: [],
+                    externalTransfers: []
+                });
+            }
+            const flow = flowsByCategory.get(finding.category);
+            // Track origins (simplified without AST)
+            const origins = this.trackOrigin(finding, null);
+            for (const origin of origins) {
+                if (!flow.origins.some(o => o.type === origin.type && o.location === origin.location)) {
+                    flow.origins.push(origin);
+                }
+            }
+            // Track storage (simplified without AST)
+            const storage = this.trackStorage(finding, null);
+            for (const store of storage) {
+                if (!flow.storage.some(s => s.type === store.type && s.location === store.location)) {
+                    flow.storage.push(store);
+                }
+            }
+        }
+        return Array.from(flowsByCategory.values());
+    }
+}
+exports.DataFlowTracker = DataFlowTracker;
+exports.dataFlowTracker = new DataFlowTracker();

package/dist/pii/detector.d.ts

@@ -0,0 +1,60 @@
+import { PIIFinding, DataFlow } from './data-flow';
+export interface PIIDetectionResult {
+    projectId: string;
+    summary: {
+        totalFindings: number;
+        byCategory: Record<string, number>;
+        riskLevel: 'high' | 'medium' | 'low';
+    };
+    findings: PIIFinding[];
+    dataFlows: DataFlow[];
+    recommendations: string[];
+}
+export declare class PIIDetector {
+    /**
+     * Detect PII in entire project
+     */
+    detectPII(projectPath: string, projectId: string): Promise<PIIDetectionResult>;
+    /**
+     * Scan file content for PII patterns
+     */
+    private scanContent;
+    /**
+     * Scan AST for PII field names
+     */
+    private scanFieldNames;
+    /**
+     * Track data flows for PII
+     */
+    private trackPIIDataFlows;
+    /**
+     * Generate recommendations based on findings
+     */
+    private generateRecommendations;
+    /**
+     * Find source files in project
+     */
+    private findSourceFiles;
+    /**
+     * Check if value is a test value
+     */
+    private isTestValue;
+    /**
+     * Check if context indicates non-PII usage
+     */
+    private isNonPIIContext;
+    /**
+     * Get line and column from position
+     */
+    private getLineAndColumn;
+    /**
+     * Get context around a line
+     */
+    private getContext;
+    /**
+     * Mask sensitive value
+     */
+    private maskValue;
+}
+export declare const piiDetector: PIIDetector;
+//# sourceMappingURL=detector.d.ts.map

package/dist/pii/detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../src/pii/detector.ts"],"names":[],"mappings":"AAIA,OAAO,EAAmB,UAAU,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEpE,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;KACtC,CAAC;IACF,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,qBAAa,WAAW;IACtB;;OAEG;IACG,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAgEpF;;OAEG;IACH,OAAO,CAAC,WAAW;IA6CnB;;OAEG;IACH,OAAO,CAAC,cAAc;IAyCtB;;OAEG;YACW,iBAAiB;IAK/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4C/B;;OAEG;IACH,OAAO,CAAC,eAAe;IA0BvB;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IASxB;;OAEG;IACH,OAAO,CAAC,UAAU;IAMlB;;OAEG;IACH,OAAO,CAAC,SAAS;CAqBlB;AAED,eAAO,MAAM,WAAW,aAAoB,CAAC"}