npm - guardrail-security - Versions diffs - 1.0.2 → 2.0.0 - Mend

guardrail-security 1.0.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/dist/sbom/generator.d.ts +42 -0
package/dist/sbom/generator.d.ts.map +1 -1
package/dist/sbom/generator.js +168 -7
package/dist/secrets/allowlist.d.ts +38 -0
package/dist/secrets/allowlist.d.ts.map +1 -0
package/dist/secrets/allowlist.js +131 -0
package/dist/secrets/config-loader.d.ts +25 -0
package/dist/secrets/config-loader.d.ts.map +1 -0
package/dist/secrets/config-loader.js +103 -0
package/dist/secrets/contextual-risk.d.ts +19 -0
package/dist/secrets/contextual-risk.d.ts.map +1 -0
package/dist/secrets/contextual-risk.js +88 -0
package/dist/secrets/git-scanner.d.ts +29 -0
package/dist/secrets/git-scanner.d.ts.map +1 -0
package/dist/secrets/git-scanner.js +109 -0
package/dist/secrets/guardian.d.ts +70 -57
package/dist/secrets/guardian.d.ts.map +1 -1
package/dist/secrets/guardian.js +531 -258
package/dist/secrets/index.d.ts +4 -0
package/dist/secrets/index.d.ts.map +1 -1
package/dist/secrets/index.js +11 -1
package/dist/secrets/patterns.d.ts +39 -10
package/dist/secrets/patterns.d.ts.map +1 -1
package/dist/secrets/patterns.js +129 -71
package/dist/secrets/pre-commit.d.ts.map +1 -1
package/dist/secrets/pre-commit.js +1 -1
package/dist/secrets/vault-integration.d.ts.map +1 -1
package/dist/secrets/vault-integration.js +1 -0
package/dist/supply-chain/vulnerability-db.d.ts +89 -16
package/dist/supply-chain/vulnerability-db.d.ts.map +1 -1
package/dist/supply-chain/vulnerability-db.js +404 -115
package/dist/utils/semver.d.ts +37 -0
package/dist/utils/semver.d.ts.map +1 -0
package/dist/utils/semver.js +109 -0
package/package.json +17 -3
package/src/__tests__/license/engine.test.ts +0 -250
package/src/__tests__/supply-chain/typosquat.test.ts +0 -191
package/src/attack-surface/analyzer.ts +0 -153
package/src/attack-surface/index.ts +0 -5
package/src/index.ts +0 -21
package/src/languages/index.ts +0 -91
package/src/languages/java-analyzer.ts +0 -490
package/src/languages/python-analyzer.ts +0 -498
package/src/license/compatibility-matrix.ts +0 -366
package/src/license/engine.ts +0 -346
package/src/license/index.ts +0 -6
package/src/sbom/generator.ts +0 -355
package/src/sbom/index.ts +0 -5
package/src/secrets/guardian.ts +0 -468
package/src/secrets/index.ts +0 -10
package/src/secrets/patterns.ts +0 -186
package/src/secrets/pre-commit.ts +0 -158
package/src/secrets/vault-integration.ts +0 -360
package/src/secrets/vault-providers.ts +0 -446
package/src/supply-chain/detector.ts +0 -253
package/src/supply-chain/index.ts +0 -11
package/src/supply-chain/malicious-db.ts +0 -103
package/src/supply-chain/script-analyzer.ts +0 -194
package/src/supply-chain/typosquat.ts +0 -302
package/src/supply-chain/vulnerability-db.ts +0 -386

package/dist/secrets/contextual-risk.js ADDED Viewed

@@ -0,0 +1,88 @@
+"use strict";
+/**
+ * contextual-risk.ts
+ * Adjust risk levels based on file context (examples, templates, production code)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.adjustRiskByContext = adjustRiskByContext;
+exports.getContextDescription = getContextDescription;
+/**
+ * Adjust risk based on file context
+ */
+function adjustRiskByContext(context) {
+    const { filePath, entropy, originalRisk } = context;
+    const lowerPath = filePath.toLowerCase();
+    // Example/template files: downgrade unless extremely high entropy
+    if (isExampleOrTemplate(lowerPath)) {
+        if (entropy >= 5.0) {
+            // Extremely high entropy in example file - suspicious, keep original risk
+            return originalRisk;
+        }
+        // Downgrade risk for example/template files
+        if (originalRisk === 'high')
+            return 'medium';
+        if (originalRisk === 'medium')
+            return 'low';
+        return 'low';
+    }
+    // Production-like files: upgrade risk for medium findings
+    if (isProductionContext(lowerPath)) {
+        if (originalRisk === 'medium' && entropy >= 4.5) {
+            return 'high';
+        }
+    }
+    return originalRisk;
+}
+/**
+ * Check if file is an example or template
+ */
+function isExampleOrTemplate(filePath) {
+    const patterns = [
+        /\.example$/,
+        /\.template$/,
+        /\.sample$/,
+        /\.dist$/,
+        /\.example\./,
+        /\.template\./,
+        /\.sample\./,
+        /env\.example/,
+        /config\.example/,
+        /settings\.example/,
+        /\/examples?\//,
+        /\/templates?\//,
+        /\/samples?\//,
+        /\/demo\//,
+        /\/fixtures?\//,
+    ];
+    return patterns.some(p => p.test(filePath));
+}
+/**
+ * Check if file is in production context
+ */
+function isProductionContext(filePath) {
+    const patterns = [
+        /^\.env$/,
+        /\/\.env$/,
+        /\/config\/production\./,
+        /\/config\/prod\./,
+        /production\.config/,
+        /prod\.config/,
+        /\/src\/config\//,
+        /\/lib\/config\//,
+        /\/app\/config\//,
+    ];
+    return patterns.some(p => p.test(filePath));
+}
+/**
+ * Get context description for reporting
+ */
+function getContextDescription(filePath) {
+    const lowerPath = filePath.toLowerCase();
+    if (isExampleOrTemplate(lowerPath)) {
+        return 'example/template file';
+    }
+    if (isProductionContext(lowerPath)) {
+        return 'production configuration';
+    }
+    return 'source file';
+}

package/dist/secrets/git-scanner.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * git-scanner.ts
+ * Scan git history for secrets in commit diffs
+ */
+import { SecretDetection, SecretsGuardian, ScanOptions } from './guardian';
+export interface HistoricalDetection extends SecretDetection {
+    commitHash: string;
+    commitDate: string;
+    author: string;
+}
+export interface GitHistoryScanOptions extends ScanOptions {
+    depth?: number;
+    branch?: string;
+}
+export interface GitHistoryScanResult {
+    projectId: string;
+    commitsScanned: number;
+    detections: HistoricalDetection[];
+    summary: {
+        totalSecrets: number;
+        byCommit: Record<string, number>;
+        byType: Record<string, number>;
+    };
+}
+/**
+ * Scan git history for secrets
+ */
+export declare function scanGitHistory(projectPath: string, projectId: string, guardian: SecretsGuardian, options?: GitHistoryScanOptions): Promise<GitHistoryScanResult>;
+//# sourceMappingURL=git-scanner.d.ts.map

package/dist/secrets/git-scanner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"git-scanner.d.ts","sourceRoot":"","sources":["../../src/secrets/git-scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE3E,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAsB,SAAQ,WAAW;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAChC,CAAC;CACH;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,oBAAoB,CAAC,CAqD/B"}

package/dist/secrets/git-scanner.js ADDED Viewed

@@ -0,0 +1,109 @@
+"use strict";
+/**
+ * git-scanner.ts
+ * Scan git history for secrets in commit diffs
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanGitHistory = scanGitHistory;
+const child_process_1 = require("child_process");
+const fs_1 = require("fs");
+const path_1 = require("path");
+/**
+ * Scan git history for secrets
+ */
+async function scanGitHistory(projectPath, projectId, guardian, options = {}) {
+    const depth = options.depth ?? 50;
+    const branch = options.branch ?? 'HEAD';
+    // Check if git repo exists
+    const gitDir = (0, path_1.join)(projectPath, '.git');
+    if (!(0, fs_1.existsSync)(gitDir)) {
+        throw new Error('Not a git repository');
+    }
+    // Get commit list
+    const commits = getRecentCommits(projectPath, depth, branch);
+    const allDetections = [];
+    const byCommit = {};
+    const byType = {};
+    for (const commit of commits) {
+        const diff = getCommitDiff(projectPath, commit.hash);
+        // Scan the diff content
+        const detections = await guardian.scanContent(diff, `commit:${commit.hash}`, projectId, options);
+        // Convert to historical detections
+        for (const detection of detections) {
+            const historical = {
+                ...detection,
+                commitHash: commit.hash,
+                commitDate: commit.date,
+                author: commit.author,
+            };
+            allDetections.push(historical);
+            byCommit[commit.hash] = (byCommit[commit.hash] ?? 0) + 1;
+            byType[detection.secretType] = (byType[detection.secretType] ?? 0) + 1;
+        }
+    }
+    return {
+        projectId,
+        commitsScanned: commits.length,
+        detections: allDetections,
+        summary: {
+            totalSecrets: allDetections.length,
+            byCommit,
+            byType,
+        },
+    };
+}
+/**
+ * Get recent commits
+ */
+function getRecentCommits(projectPath, depth, branch) {
+    try {
+        const output = (0, child_process_1.execSync)(`git log ${branch} --format=%H|%aI|%an -n ${depth}`, {
+            cwd: projectPath,
+            encoding: 'utf-8',
+            maxBuffer: 10 * 1024 * 1024,
+        });
+        const commits = [];
+        const lines = output.trim().split('\n');
+        for (const line of lines) {
+            const parts = line.split('|');
+            if (parts.length >= 3) {
+                commits.push({
+                    hash: parts[0] ?? '',
+                    date: parts[1] ?? '',
+                    author: parts[2] ?? '',
+                });
+            }
+        }
+        return commits;
+    }
+    catch (err) {
+        throw new Error(`Failed to get git commits: ${err.message}`);
+    }
+}
+/**
+ * Get diff for a commit
+ */
+function getCommitDiff(projectPath, commitHash) {
+    try {
+        // Get the diff for added lines only (+ lines)
+        const output = (0, child_process_1.execSync)(`git show ${commitHash} --format= --unified=0`, {
+            cwd: projectPath,
+            encoding: 'utf-8',
+            maxBuffer: 10 * 1024 * 1024,
+        });
+        // Extract only added lines (lines starting with +)
+        const lines = output.split('\n');
+        const addedLines = [];
+        for (const line of lines) {
+            if (line.startsWith('+') && !line.startsWith('+++')) {
+                // Remove the leading + and add to content
+                addedLines.push(line.substring(1));
+            }
+        }
+        return addedLines.join('\n');
+    }
+    catch (err) {
+        // If commit doesn't exist or error, return empty
+        return '';
+    }
+}

package/dist/secrets/guardian.d.ts CHANGED Viewed

@@ -1,30 +1,17 @@
-export declare enum SecretType {
-    API_KEY = "api_key",
-    PASSWORD = "password",
-    TOKEN = "token",
-    CERTIFICATE = "certificate",
-    PRIVATE_KEY = "private_key",
-    DATABASE_URL = "database_url",
-    JWT_SECRET = "jwt_secret",
-    AWS_ACCESS_KEY = "aws_access_key",
-    OTHER = "other",
-    AWS_SECRET_KEY = "aws_secret_key",
-    GITHUB_TOKEN = "github_token",
-    GOOGLE_API_KEY = "google_api_key",
-    STRIPE_KEY = "stripe_key",
-    JWT_TOKEN = "jwt_token",
-    SLACK_TOKEN = "slack_token",
-    API_KEY_GENERIC = "api_key_generic",
-    PASSWORD_GENERIC = "password_generic"
-}
-/**
- * Secret detection result
- */
+import { SecretType, RiskLevel } from './patterns';
+import { Allowlist } from './allowlist';
 export interface SecretDetection {
     id?: string;
+    projectId: string;
     filePath: string;
     secretType: SecretType;
+    risk: RiskLevel;
+    /** Safe for logs/UI */
     maskedValue: string;
+    /** Hash of the raw value (never store raw secrets) */
+    valueHash: string;
+    /** Stable key for dedupe across runs */
+    fingerprint: string;
     location: {
         line: number;
         column: number;
@@ -33,6 +20,7 @@ export interface SecretDetection {
     confidence: number;
     entropy: number;
     isTest: boolean;
+    /** For future integrations (revocation checks) */
     isRevoked: boolean;
     recommendation: {
         action: 'remove' | 'move_to_env' | 'use_vault' | 'revoke_and_rotate';
@@ -40,21 +28,25 @@ export interface SecretDetection {
         remediation: string;
     };
 }
-/**
- * Scan options
- */
 export interface ScanOptions {
     excludeTests?: boolean;
     minConfidence?: number;
+    /** Additional glob excludes */
     excludePatterns?: string[];
+    /** Safety/perf */
+    maxFileSizeBytes?: number;
+    concurrency?: number;
+    skipBinaryFiles?: boolean;
+    /** Custom patterns and allowlist */
+    useCustomPatterns?: boolean;
+    useAllowlist?: boolean;
+    useContextualRisk?: boolean;
 }
-/**
- * Project scan report
- */
 export interface ProjectScanReport {
     projectId: string;
     totalFiles: number;
     scannedFiles: number;
+    skippedFiles: number;
     detections: SecretDetection[];
     summary: {
         totalSecrets: number;
@@ -65,49 +57,70 @@ export interface ProjectScanReport {
             low: number;
         };
     };
+    performance: {
+        skippedLarge: number;
+        skippedBinary: number;
+        allowlistSuppressed: number;
+        customPatternsLoaded: number;
+    };
+}
+export interface Logger {
+    debug(msg: string, meta?: Record<string, unknown>): void;
+    info(msg: string, meta?: Record<string, unknown>): void;
+    warn(msg: string, meta?: Record<string, unknown>): void;
+    error(msg: string, meta?: Record<string, unknown>): void;
+}
+/**
+ * Optional persistence contract (enterprise-grade).
+ * Implement with Prisma, SQL, or ship no-op in OSS/free tier.
+ */
+export interface SecretStore {
+    saveDetections(projectId: string, detections: SecretDetection[]): Promise<void>;
+    listDetections(projectId: string): Promise<SecretDetection[]>;
+}
+export declare class NoopSecretStore implements SecretStore {
+    saveDetections(): Promise<void>;
+    listDetections(): Promise<SecretDetection[]>;
+}
+/**
+ * Minimal Prisma adapter (safe: stores hashes + masked only).
+ * NOTE: adjust model/table/columns to match your schema.
+ */
+export declare class PrismaSecretStore implements SecretStore {
+    private readonly prisma;
+    constructor(prisma: any);
+    saveDetections(projectId: string, detections: SecretDetection[]): Promise<void>;
+    listDetections(projectId: string): Promise<SecretDetection[]>;
 }
 /**
  * Secrets & Credential Guardian
- *
- * Detects exposed secrets and credentials in code
  */
 export declare class SecretsGuardian {
+    private readonly store;
+    private readonly logger;
+    private compiledPatterns;
+    private customPatternsCount;
+    constructor(opts?: {
+        store?: SecretStore;
+        logger?: Logger;
+    });
     /**
-     * Scan content for secrets
-     */
-    scanContent(content: string, filePath: string, options?: ScanOptions): Promise<SecretDetection[]>;
-    /**
-     * Scan entire project
+     * Load custom patterns from project config
      */
-    scanProject(projectPath: string, projectId: string, options?: ScanOptions): Promise<ProjectScanReport>;
-    /**
-     * Calculate entropy for randomness detection
-     */
-    private calculateEntropy;
+    loadCustomPatterns(projectPath: string): void;
     /**
-     * Check if likely test/example value
-     */
-    private isTestValue;
-    /**
-     * Check for false positives
-     */
-    private isFalsePositive;
-    /**
-     * Calculate confidence score
-     */
-    private calculateConfidence;
-    /**
-     * Mask secret for safe logging
+     * Scan content for secrets
      */
-    private maskValue;
+    scanContent(content: string, filePath: string, projectId: string, options?: ScanOptions, allowlist?: Allowlist): Promise<SecretDetection[]>;
     /**
-     * Generate recommendation
+     * Scan an entire project directory
      */
-    private generateRecommendation;
+    scanProject(projectPath: string, projectId: string, options?: ScanOptions): Promise<ProjectScanReport>;
     /**
-     * Get project secrets report
+     * Retrieve detections from store
      */
     getProjectReport(projectId: string): Promise<SecretDetection[]>;
 }
+/** Singleton (uses Noop store unless you wire it) */
 export declare const secretsGuardian: SecretsGuardian;
 //# sourceMappingURL=guardian.d.ts.map

package/dist/secrets/guardian.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"guardian.d.ts","sourceRoot":"","sources":["../../src/secrets/guardian.ts"],"names":[],"mappings":"~~AA4BA~~,~~oBAAY~~,UAAU~~;IACpB~~,~~OAAO~~,~~YAAY;IACnB~~,~~QAAQ~~,~~aAAa;IACrB~~,~~KAAK~~,~~UAAU~~;~~IACf~~,~~WAAW~~,~~gBAAgB;IAC3B~~,~~WAAW~~,~~gBAAgB;IAC3B~~,~~YAAY~~,~~iBAAiB~~;~~IAC7B~~,~~UAAU~~,eAAe;~~IACzB~~,~~cAAc~~,~~mBAAmB;IACjC~~,~~KAAK~~,~~UAAU~~;~~IACf~~,~~cAAc~~,~~mBAAmB;IACjC~~,~~YAAY~~,~~iBAAiB~~;~~IAC7B~~,~~cAAc~~,~~mBAAmB~~;~~IACjC~~,UAAU,~~eAAe;IACzB~~,~~SAAS~~,~~cAAc~~;IACvB,~~WAAW~~,~~gBAAgB;IAC3B~~,~~eAAe~~,~~oBAAoB~~;~~IACnC~~,~~gBAAgB,qBAAqB~~;~~CACtC;AAED;;GAEG;AACH~~,~~MAAM,~~WAAW,~~eAAe;IAC9B,~~EAAE,~~CAAC,EAAE,~~MAAM,CAAC;~~IACZ~~,~~QAAQ~~,EAAE,MAAM,CAAC;~~IACjB~~,~~UAAU,EAAE,UAAU,CAAC~~;~~IACvB~~,WAAW,EAAE,MAAM,CAAC;~~IACpB~~,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;~~IACF~~,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;~~IAChB~~,MAAM,EAAE,OAAO,CAAC;~~IAChB~~,SAAS,EAAE,OAAO,CAAC;~~IACnB~~,cAAc,EAAE;QACd,MAAM,EAAE,QAAQ,GAAG,aAAa,GAAG,WAAW,GAAG,mBAAmB,CAAC;QACrE,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED~~;;GAEG;AACH~~,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;~~IACvB~~,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;~~CAC5B~~;~~AAED;;GAEG~~;~~AACH~~,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;KACvD,CAAC;CACH;AAED~~;;;;GAIG~~;~~AACH~~,~~qBAAa~~,~~eAAe~~;~~IAC1B;;OAEG~~;~~IACG~~,~~WAAW~~,~~CACf~~,OAAO,EAAE,MAAM,~~EACf~~,~~QAAQ~~,EAAE,MAAM,~~EAChB~~,OAAO,~~GAAE~~,~~WAAgB~~,~~GACxB~~,OAAO,CAAC,eAAe,EAAE,CAAC;~~IAoF7B;;OAEG~~;~~IACG~~,~~WAAW~~,~~CACf~~,WAAW,EAAE,MAAM,~~EACnB~~,SAAS,EAAE,MAAM,~~EACjB~~,OAAO,~~GAAE~~,~~WAAgB~~,~~GACxB~~,OAAO,CAAC,~~iBAAiB~~,CAAC;~~IAgF7B~~;;~~OAEG~~;~~IACH~~,OAAO,CAAC,~~gBAAgB~~;~~IAIxB;;OAEG~~;~~IACH~~,OAAO,CAAC,~~WAAW~~;~~IAyBnB;;OAEG;IACH~~,OAAO,CAAC,~~eAAe~~;~~IAsCvB~~;;OAEG;IACH,~~OAAO~~,CAAC,~~mBAAmB~~;~~IAgC3B~~;;OAEG;~~IACH~~,OAAO,CAAC,SAAS;~~IAIjB~~;;OAEG;~~IACH~~,OAAO,CAAC,~~sBAAsB~~;~~IAwC9B~~;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;~~CAoBtE~~;~~AAGD~~,eAAO,MAAM,eAAe,iBAAwB,CAAC"}
1	+ {"version":3,"file":"guardian.d.ts","sourceRoot":"","sources":["../../src/secrets/guardian.ts"],"names":[],"mappings":"AAeA,OAAO,EAML,UAAU,EACV,SAAS,EACV,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,MAAM,WAAW,eAAe;IAC9B,EAAE,CAAC,EAAE,MAAM,CAAC;IAEZ,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IAEjB,UAAU,EAAE,UAAU,CAAC;IACvB,IAAI,EAAE,SAAS,CAAC;IAEhB,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IAEpB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAElB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IAEpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IAEF,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAEhB,MAAM,EAAE,OAAO,CAAC;IAEhB,kDAAkD;IAClD,SAAS,EAAE,OAAO,CAAC;IAEnB,cAAc,EAAE;QACd,MAAM,EAAE,QAAQ,GAAG,aAAa,GAAG,WAAW,GAAG,mBAAmB,CAAC;QACrE,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+BAA+B;IAC/B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B,kBAAkB;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,oCAAoC;IACpC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;KACvD,CAAC;IACF,WAAW,EAAE;QACX,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;QACtB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH;AAED,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACzD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACxD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACxD,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC1D;AASD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChF,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;CAC/D;AAED,qBAAa,eAAgB,YAAW,WAAW;IAC3C,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAG/B,cAAc,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;CAGnD;AAED;;;GAGG;AACH,qBAAa,iBAAkB,YAAW,WAAW;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,GAAG;IAElC,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C/E,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CA6BpE;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAc;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAEhC,OAAO,CAAC,gBAAgB,CAGrB;IAEH,OAAO,CAAC,mBAAmB,CAAK;gBAEpB,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,WAAW,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAU3D;;OAEG;IACH,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAwB7C;;OAEG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,WAAgB,EACzB,SAAS,CAAC,EAAE,SAAS,GACpB,OAAO,CAAC,eAAe,EAAE,CAAC;IAiH7B;;OAEG;IACG,WAAW,CACf,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,iBAAiB,CAAC;IA0G7B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CAGtE;AAED,qDAAqD;AACrD,eAAO,MAAM,eAAe,iBAAwB,CAAC"}