guardrail-compliance 1.0.0

package/dist/pii/detector.js

@@ -0,0 +1,267 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.piiDetector = exports.PIIDetector = void 0;
+const database_1 = require("@guardrail/database");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const patterns_1 = require("./patterns");
+const data_flow_1 = require("./data-flow");
+class PIIDetector {
+    /**
+     * Detect PII in entire project
+     */
+    async detectPII(projectPath, projectId) {
+        const allFindings = [];
+        // Find all source files
+        const sourceFiles = this.findSourceFiles(projectPath);
+        // Scan each file
+        for (const filePath of sourceFiles) {
+            try {
+                const content = (0, fs_1.readFileSync)(filePath, 'utf-8');
+                const findings = this.scanContent(content, filePath);
+                allFindings.push(...findings);
+                // Also scan for PII field names
+                const fieldFindings = this.scanFieldNames(content, filePath);
+                allFindings.push(...fieldFindings);
+            }
+            catch (error) {
+                console.error(`Error scanning file ${filePath}:`, error);
+            }
+        }
+        // Track data flows
+        const dataFlows = await this.trackPIIDataFlows(projectPath, allFindings);
+        // Generate recommendations
+        const recommendations = this.generateRecommendations(allFindings, dataFlows);
+        // Calculate summary
+        const byCategory = {};
+        for (const finding of allFindings) {
+            byCategory[finding.category] = (byCategory[finding.category] || 0) + 1;
+        }
+        const highSeverityCount = allFindings.filter(f => f.severity === 'high').length;
+        const riskLevel = highSeverityCount > 5 ? 'high' :
+            highSeverityCount > 0 ? 'medium' : 'low';
+        const result = {
+            projectId,
+            summary: {
+                totalFindings: allFindings.length,
+                byCategory,
+                riskLevel
+            },
+            findings: allFindings,
+            dataFlows,
+            recommendations
+        };
+        // Save to database
+        try {
+            await database_1.prisma.pIIDetection.create({
+                data: {
+                    projectId
+                }
+            });
+        }
+        catch (error) {
+            // Table may not exist - continue
+        }
+        return result;
+    }
+    /**
+     * Scan file content for PII patterns
+     */
+    scanContent(content, filePath) {
+        const findings = [];
+        const lines = content.split('\n');
+        for (const pattern of patterns_1.PII_PATTERNS) {
+            let match;
+            while ((match = pattern.pattern.exec(content)) !== null) {
+                const value = match[0];
+                // Skip test values
+                if (this.isTestValue(value)) {
+                    continue;
+                }
+                // Get line and column
+                const position = this.getLineAndColumn(content, match.index);
+                // Get context
+                const context = this.getContext(lines, position.line);
+                // Skip if in non-PII context
+                if (this.isNonPIIContext(context)) {
+                    continue;
+                }
+                findings.push({
+                    category: pattern.category,
+                    value: this.maskValue(value, pattern.category),
+                    location: {
+                        file: filePath,
+                        line: position.line + 1,
+                        column: position.column
+                    },
+                    context,
+                    severity: pattern.severity
+                });
+            }
+            // Reset lastIndex for global regex
+            pattern.pattern.lastIndex = 0;
+        }
+        return findings;
+    }
+    /**
+     * Scan AST for PII field names
+     */
+    scanFieldNames(content, filePath) {
+        const findings = [];
+        const lines = content.split('\n');
+        // Simple pattern matching for field names
+        // In production, would use proper AST parsing
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (!line)
+                continue;
+            for (const fieldPattern of patterns_1.PII_FIELD_PATTERNS) {
+                const matches = line.matchAll(fieldPattern.pattern);
+                for (const match of matches) {
+                    const fieldName = match[0];
+                    const context = this.getContext(lines, i);
+                    // Skip if in comments or strings
+                    if (line.trim().startsWith('//') || line.trim().startsWith('*')) {
+                        continue;
+                    }
+                    findings.push({
+                        category: fieldPattern.category,
+                        value: fieldName,
+                        location: {
+                            file: filePath,
+                            line: i + 1,
+                            column: match.index || 0
+                        },
+                        context,
+                        severity: fieldPattern.severity
+                    });
+                }
+            }
+        }
+        return findings;
+    }
+    /**
+     * Track data flows for PII
+     */
+    async trackPIIDataFlows(_projectPath, findings) {
+        // Use data flow tracker to analyze flows
+        return data_flow_1.dataFlowTracker.analyzeDataFlows(findings);
+    }
+    /**
+     * Generate recommendations based on findings
+     */
+    generateRecommendations(findings, dataFlows) {
+        const recommendations = [];
+        // Count findings by category
+        const bySeverity = {
+            high: findings.filter(f => f.severity === 'high').length,
+            medium: findings.filter(f => f.severity === 'medium').length,
+            low: findings.filter(f => f.severity === 'low').length
+        };
+        if (bySeverity.high > 0) {
+            recommendations.push(`🔴 Found ${bySeverity.high} high-severity PII findings - immediate action required`);
+            recommendations.push('Implement encryption for sensitive data fields');
+            recommendations.push('Review and minimize PII storage');
+        }
+        // Check for unencrypted storage
+        const unencryptedStorage = dataFlows.some(flow => flow.storage.some(s => !s.encrypted));
+        if (unencryptedStorage) {
+            recommendations.push('⚠️ PII detected in unencrypted storage - enable encryption at rest');
+        }
+        // Check for external transfers
+        const hasExternalTransfers = dataFlows.some(flow => flow.externalTransfers.length > 0);
+        if (hasExternalTransfers) {
+            recommendations.push('📡 PII transferred to external systems - ensure proper data processing agreements');
+        }
+        // General recommendations
+        if (findings.length > 0) {
+            recommendations.push('Implement data retention policies');
+            recommendations.push('Add user consent mechanisms for PII collection');
+            recommendations.push('Consider pseudonymization or anonymization techniques');
+            recommendations.push('Implement access controls for PII data');
+            recommendations.push('Add audit logging for PII access');
+        }
+        return recommendations;
+    }
+    /**
+     * Find source files in project
+     */
+    findSourceFiles(dir) {
+        const files = [];
+        const extensions = ['.ts', '.js', '.tsx', '.jsx', '.py', '.java', '.go', '.rb', '.php'];
+        try {
+            const entries = (0, fs_1.readdirSync)(dir);
+            for (const entry of entries) {
+                const fullPath = (0, path_1.join)(dir, entry);
+                const stat = (0, fs_1.statSync)(fullPath);
+                if (stat.isDirectory() && !entry.startsWith('.') && entry !== 'node_modules' && entry !== 'dist') {
+                    files.push(...this.findSourceFiles(fullPath));
+                }
+                else if (stat.isFile()) {
+                    if (extensions.some(ext => entry.endsWith(ext))) {
+                        files.push(fullPath);
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Ignore permission errors
+        }
+        return files;
+    }
+    /**
+     * Check if value is a test value
+     */
+    isTestValue(value) {
+        return patterns_1.PII_TEST_VALUES.some(test => value.includes(test));
+    }
+    /**
+     * Check if context indicates non-PII usage
+     */
+    isNonPIIContext(context) {
+        const lowerContext = context.toLowerCase();
+        return patterns_1.NON_PII_CONTEXT_INDICATORS.some(indicator => lowerContext.includes(indicator));
+    }
+    /**
+     * Get line and column from position
+     */
+    getLineAndColumn(content, position) {
+        const lines = content.substring(0, position).split('\n');
+        const lastLine = lines[lines.length - 1] || '';
+        return {
+            line: lines.length - 1,
+            column: lastLine.length
+        };
+    }
+    /**
+     * Get context around a line
+     */
+    getContext(lines, lineIndex, contextSize = 2) {
+        const start = Math.max(0, lineIndex - contextSize);
+        const end = Math.min(lines.length, lineIndex + contextSize + 1);
+        return lines.slice(start, end).join('\n');
+    }
+    /**
+     * Mask sensitive value
+     */
+    maskValue(value, category) {
+        if (category === 'email') {
+            const parts = value.split('@');
+            const local = parts[0];
+            const domain = parts[1];
+            if (local && domain) {
+                return `${local.charAt(0)}***@${domain}`;
+            }
+            return '***@***.com';
+        }
+        if (category === 'phone') {
+            return `***-***-${value.slice(-4)}`;
+        }
+        if (category === 'ssn' || category === 'credit-card') {
+            return `***-**-${value.slice(-4)}`;
+        }
+        return `${value.slice(0, 3)}***`;
+    }
+}
+exports.PIIDetector = PIIDetector;
+exports.piiDetector = new PIIDetector();

package/dist/pii/index.d.ts

@@ -0,0 +1,4 @@
+export * from './detector';
+export * from './patterns';
+export * from './data-flow';
+//# sourceMappingURL=index.d.ts.map

package/dist/pii/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/pii/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC"}

package/dist/pii/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./detector"), exports);
+__exportStar(require("./patterns"), exports);
+__exportStar(require("./data-flow"), exports);

package/dist/pii/patterns.d.ts

@@ -0,0 +1,36 @@
+export interface PIIPattern {
+    category: 'email' | 'phone' | 'ssn' | 'credit-card' | 'ip-address' | 'name-field' | 'address' | 'dob' | 'health' | 'financial';
+    description: string;
+    pattern: RegExp;
+    severity: 'high' | 'medium' | 'low';
+    examples: string[];
+}
+/**
+ * PII Detection Patterns
+ */
+export declare const PII_PATTERNS: PIIPattern[];
+/**
+ * Field name patterns that suggest PII
+ */
+export declare const PII_FIELD_PATTERNS: ({
+    pattern: RegExp;
+    category: string;
+    severity: "medium";
+} | {
+    pattern: RegExp;
+    category: string;
+    severity: "low";
+} | {
+    pattern: RegExp;
+    category: string;
+    severity: "high";
+})[];
+/**
+ * Test values that should be excluded
+ */
+export declare const PII_TEST_VALUES: string[];
+/**
+ * Context indicators that suggest non-PII usage
+ */
+export declare const NON_PII_CONTEXT_INDICATORS: string[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/pii/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/pii/patterns.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,GAAG,OAAO,GAAG,KAAK,GAAG,aAAa,GAAG,YAAY,GAAG,YAAY,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC/H,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,UAAU,EA6CpC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;IA+B9B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,UAc3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,UAWtC,CAAC"}

package/dist/pii/patterns.js

@@ -0,0 +1,108 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NON_PII_CONTEXT_INDICATORS = exports.PII_TEST_VALUES = exports.PII_FIELD_PATTERNS = exports.PII_PATTERNS = void 0;
+/**
+ * PII Detection Patterns
+ */
+exports.PII_PATTERNS = [
+    // Email Addresses
+    {
+        category: 'email',
+        description: 'Email address',
+        pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
+        severity: 'medium',
+        examples: ['user@example.com', 'john.doe@company.co.uk']
+    },
+    // Phone Numbers
+    {
+        category: 'phone',
+        description: 'US Phone number',
+        pattern: /\b(\+1[-.\s]?)?(\(?\d{3}\)?[-.\s]?)?\d{3}[-.\s]?\d{4}\b/g,
+        severity: 'medium',
+        examples: ['+1-555-123-4567', '(555) 123-4567', '555-123-4567']
+    },
+    // Social Security Numbers
+    {
+        category: 'ssn',
+        description: 'US Social Security Number',
+        pattern: /\b\d{3}-\d{2}-\d{4}\b/g,
+        severity: 'high',
+        examples: ['123-45-6789']
+    },
+    // Credit Card Numbers (Luhn algorithm pattern)
+    {
+        category: 'credit-card',
+        description: 'Credit card number',
+        pattern: /\b(?:\d{4}[-\s]?){3}\d{4}\b/g,
+        severity: 'high',
+        examples: ['4532-1234-5678-9010', '5425 2334 3010 9903']
+    },
+    // IP Addresses
+    {
+        category: 'ip-address',
+        description: 'IPv4 address',
+        pattern: /\b(?:\d{1,3}\.){3}\d{1,3}\b/g,
+        severity: 'low',
+        examples: ['192.168.1.1', '10.0.0.1']
+    }
+];
+/**
+ * Field name patterns that suggest PII
+ */
+exports.PII_FIELD_PATTERNS = [
+    // Name fields
+    { pattern: /\b(first_?name|last_?name|full_?name|given_?name|family_?name)\b/i, category: 'name-field', severity: 'medium' },
+    { pattern: /\b(name)\b/i, category: 'name-field', severity: 'low' },
+    // Email fields
+    { pattern: /\b(email|e_?mail|email_?address)\b/i, category: 'email', severity: 'medium' },
+    // Phone fields
+    { pattern: /\b(phone|telephone|mobile|cell_?phone)\b/i, category: 'phone', severity: 'medium' },
+    // Address fields
+    { pattern: /\b(address|street|city|state|zip|postal_?code|country)\b/i, category: 'address', severity: 'medium' },
+    { pattern: /\b(billing_?address|shipping_?address|home_?address)\b/i, category: 'address', severity: 'high' },
+    // Date of Birth
+    { pattern: /\b(dob|date_?of_?birth|birth_?date|birthday)\b/i, category: 'dob', severity: 'high' },
+    // Social Security
+    { pattern: /\b(ssn|social_?security|national_?id)\b/i, category: 'ssn', severity: 'high' },
+    // Financial
+    { pattern: /\b(credit_?card|card_?number|cvv|cvc|account_?number|routing_?number|iban)\b/i, category: 'financial', severity: 'high' },
+    { pattern: /\b(salary|income|tax_?id|ein)\b/i, category: 'financial', severity: 'high' },
+    // Health
+    { pattern: /\b(medical_?record|patient_?id|diagnosis|prescription|health_?insurance)\b/i, category: 'health', severity: 'high' },
+    { pattern: /\b(blood_?type|allergies|medication)\b/i, category: 'health', severity: 'high' },
+    // Authentication
+    { pattern: /\b(password|passwd|pwd|secret|token|api_?key)\b/i, category: 'financial', severity: 'high' }
+];
+/**
+ * Test values that should be excluded
+ */
+exports.PII_TEST_VALUES = [
+    'test@example.com',
+    'user@example.com',
+    'admin@example.com',
+    'noreply@example.com',
+    '555-0100', // Reserved for testing
+    '555-0199',
+    '000-00-0000', // Invalid SSN
+    '123-45-6789', // Well-known fake SSN
+    '127.0.0.1',
+    'localhost',
+    '0.0.0.0',
+    'example.com',
+    'test.com'
+];
+/**
+ * Context indicators that suggest non-PII usage
+ */
+exports.NON_PII_CONTEXT_INDICATORS = [
+    'example',
+    'test',
+    'demo',
+    'sample',
+    'placeholder',
+    'fake',
+    'mock',
+    'dummy',
+    'template',
+    'default'
+];

package/dist/policy/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Policy as Code Module
+ */
+export * from './opa-engine';
+//# sourceMappingURL=index.d.ts.map

package/dist/policy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,cAAc,CAAC"}

package/dist/policy/index.js

@@ -0,0 +1,20 @@
+"use strict";
+/**
+ * Policy as Code Module
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./opa-engine"), exports);

package/dist/policy/opa-engine.d.ts

@@ -0,0 +1,121 @@
+/**
+ * Policy as Code Engine (OPA/Rego Integration)
+ *
+ * Enables custom security policies using Open Policy Agent and Rego language
+ * Supports:
+ * - Custom policy definitions
+ * - Policy evaluation against code/config
+ * - Policy bundles and versioning
+ * - Decision logging and auditing
+ */
+export interface Policy {
+    id: string;
+    name: string;
+    description: string;
+    version: string;
+    rego: string;
+    category: 'security' | 'compliance' | 'quality' | 'access' | 'custom';
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    enabled: boolean;
+    tags: string[];
+}
+export interface PolicyInput {
+    type: 'code' | 'config' | 'dependency' | 'request' | 'action';
+    data: Record<string, unknown>;
+    context?: {
+        user?: string;
+        project?: string;
+        environment?: string;
+    };
+}
+export interface PolicyDecision {
+    policyId: string;
+    allowed: boolean;
+    violations: PolicyViolation[];
+    warnings: string[];
+    metadata: Record<string, unknown>;
+    evaluatedAt: string;
+    durationMs: number;
+}
+export interface PolicyViolation {
+    rule: string;
+    message: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    remediation?: string;
+    location?: {
+        file?: string;
+        line?: number;
+        column?: number;
+    };
+}
+export interface PolicyBundle {
+    id: string;
+    name: string;
+    version: string;
+    policies: Policy[];
+    createdAt: string;
+    updatedAt: string;
+}
+export declare const BUILTIN_POLICIES: Policy[];
+/**
+ * Policy Engine for evaluating Rego policies
+ */
+export declare class PolicyEngine {
+    private policies;
+    private decisionLog;
+    constructor();
+    /**
+     * Register a custom policy
+     */
+    registerPolicy(policy: Policy): void;
+    /**
+     * Remove a policy
+     */
+    removePolicy(policyId: string): boolean;
+    /**
+     * Get all registered policies
+     */
+    getPolicies(): Policy[];
+    /**
+     * Get a specific policy
+     */
+    getPolicy(policyId: string): Policy | undefined;
+    /**
+     * Evaluate input against all enabled policies
+     */
+    evaluate(input: PolicyInput): Promise<PolicyDecision[]>;
+    /**
+     * Evaluate input against a specific policy
+     */
+    evaluatePolicy(policy: Policy, input: PolicyInput): Promise<PolicyDecision>;
+    /**
+     * Simplified Rego evaluation (placeholder for OPA integration)
+     * In production, this would use @open-policy-agent/opa-wasm or call OPA server
+     */
+    private evaluateRego;
+    /**
+     * Get decision log
+     */
+    getDecisionLog(): PolicyDecision[];
+    /**
+     * Clear decision log
+     */
+    clearDecisionLog(): void;
+    /**
+     * Export policies as a bundle
+     */
+    exportBundle(name: string): PolicyBundle;
+    /**
+     * Import policies from a bundle
+     */
+    importBundle(bundle: PolicyBundle): void;
+    /**
+     * Validate Rego syntax (placeholder)
+     */
+    validateRego(rego: string): {
+        valid: boolean;
+        errors: string[];
+    };
+}
+export declare const policyEngine: PolicyEngine;
+//# sourceMappingURL=opa-engine.d.ts.map

package/dist/policy/opa-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"opa-engine.d.ts","sourceRoot":"","sources":["../../src/policy/opa-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,GAAG,YAAY,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACtE,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,YAAY,GAAG,SAAS,GAAG,QAAQ,CAAC;IAC9D,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE;QACT,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAGD,eAAO,MAAM,gBAAgB,EAAE,MAAM,EAyNpC,CAAC;AAEF;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAkC;IAClD,OAAO,CAAC,WAAW,CAAwB;;IAS3C;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIvC;;OAEG;IACH,WAAW,IAAI,MAAM,EAAE;IAIvB;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAI/C;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAc7D;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC;IA0CjF;;;OAGG;YACW,YAAY;IAmD1B;;OAEG;IACH,cAAc,IAAI,cAAc,EAAE;IAIlC;;OAEG;IACH,gBAAgB,IAAI,IAAI;IAIxB;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY;IAWxC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI;IAMxC;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE;CAiBjE;AAGD,eAAO,MAAM,YAAY,cAAqB,CAAC"}