npm - hackmyagent - Versions diffs - 0.11.14 → 0.12.0 - Mend

hackmyagent 0.11.14 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/dist/nanomind-core/compiler/semantic-compiler.js ADDED Viewed

@@ -0,0 +1,490 @@
+"use strict";
+/**
+ * NanoMind Semantic Compiler
+ *
+ * The core of the architecture. Compiles raw artifacts into Abstract Security Trees.
+ * ALL scanners consume the AST -- no scanner reads raw text directly.
+ *
+ * Pipeline:
+ *   1. Parse artifact (validate, classify, hash)
+ *   2. Sanitize for NanoMind (strip manipulation attempts)
+ *   3. Extract declared capabilities and constraints
+ *   4. Run NanoMind inference for intent + inferred capabilities
+ *   5. Map risk surfaces
+ *   6. Extract evidence spans
+ *   7. Sign the AST
+ *   8. Return CompilationResult
+ *
+ * Security:
+ *   - Input sanitized before NanoMind processes it
+ *   - AST signed with Ed25519 for integrity
+ *   - Model version embedded for reproducibility
+ *   - Content-addressed caching via SHA-256 hash
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SemanticCompiler = void 0;
+const node_crypto_1 = require("node:crypto");
+const artifact_parser_js_1 = require("../ingestion/artifact-parser.js");
+const input_sanitizer_js_1 = require("../ingestion/input-sanitizer.js");
+class SemanticCompiler {
+    constructor(config = {}) {
+        this.cache = new Map(); // content hash → AST
+        this.config = {
+            daemonUrl: config.daemonUrl ?? 'http://127.0.0.1:47200',
+            useNanoMind: config.useNanoMind ?? true,
+            maxArtifactSize: config.maxArtifactSize ?? 1048576,
+            daemonTimeoutMs: config.daemonTimeoutMs ?? 5000,
+            signingKey: config.signingKey,
+        };
+    }
+    /**
+     * Compile an artifact into a SecurityAST.
+     * This is the main entry point for the entire NanoMind pipeline.
+     */
+    async compile(content, path) {
+        const startMs = Date.now();
+        const warnings = [];
+        // Step 1: Parse and validate
+        const parsed = (0, artifact_parser_js_1.parseArtifact)(content, path, this.config);
+        if (!parsed.valid) {
+            warnings.push(...parsed.errors);
+            // Still compile -- produce a minimal AST with warnings
+        }
+        // Step 2: Check cache
+        if (this.cache.has(parsed.contentHash)) {
+            return {
+                ast: this.cache.get(parsed.contentHash),
+                durationMs: Date.now() - startMs,
+                nanomindUsed: false,
+                warnings: ['Served from cache'],
+            };
+        }
+        // Step 3: Sanitize for NanoMind
+        const sanitized = (0, input_sanitizer_js_1.sanitizeForNanoMind)(content);
+        if (sanitized.manipulated) {
+            warnings.push(`${sanitized.manipulationAttempts.length} NanoMind manipulation attempt(s) detected and neutralized`);
+        }
+        // Step 4: Extract declarations from artifact structure
+        const declaredCapabilities = extractDeclaredCapabilities(content, parsed.type, parsed.frontmatter);
+        const declaredConstraints = extractDeclaredConstraints(content);
+        const declaredDataAccess = extractDataAccessPatterns(content, declaredCapabilities);
+        const declaredPurpose = extractDeclaredPurpose(content, parsed.frontmatter);
+        // Step 5: NanoMind inference (intent + inferred capabilities)
+        let intentClassification = 'benign';
+        let intentConfidence = 0.5;
+        let inferredCapabilities = [];
+        let nanomindUsed = false;
+        if (this.config.useNanoMind) {
+            const inference = await this.runNanoMindInference(sanitized.content, parsed.type);
+            if (inference) {
+                intentClassification = inference.intentClass;
+                intentConfidence = inference.confidence;
+                inferredCapabilities = inference.inferredCapabilities;
+                nanomindUsed = true;
+            }
+        }
+        // Heuristic fallback if NanoMind unavailable
+        if (!nanomindUsed) {
+            const heuristic = heuristicIntentClassification(content, declaredCapabilities, declaredConstraints);
+            intentClassification = heuristic.intentClass;
+            intentConfidence = heuristic.confidence;
+            inferredCapabilities = heuristic.inferredCapabilities;
+        }
+        // Boost confidence if manipulation was detected (strong malicious signal)
+        if (sanitized.manipulated && intentClassification === 'benign') {
+            intentClassification = 'suspicious';
+            intentConfidence = Math.max(intentConfidence, 0.6);
+            warnings.push('NanoMind manipulation detected -- elevated to suspicious');
+        }
+        // Step 6: Map risk surfaces
+        const inferredRiskSurface = mapRiskSurfaces(content, declaredCapabilities, inferredCapabilities, intentClassification);
+        // Step 7: Extract evidence spans
+        const evidenceSpans = extractEvidenceSpans(content, inferredRiskSurface);
+        // Step 8: Build and sign the AST
+        const ast = {
+            artifactType: parsed.type,
+            contentHash: parsed.contentHash,
+            artifactPath: path,
+            artifactSize: parsed.size,
+            declaredPurpose,
+            declaredCapabilities,
+            declaredConstraints,
+            declaredDataAccess,
+            inferredCapabilities,
+            inferredRiskSurface,
+            intentClassification,
+            intentConfidence,
+            dependsOn: extractDependencies(content),
+            governedBy: extractGovernanceReferences(content),
+            evidenceSpans,
+            signature: '', // Set below
+            modelVersion: nanomindUsed ? 'nanomind-v0.1' : 'heuristic-v1',
+            compiledAt: new Date().toISOString(),
+        };
+        // Sign the AST
+        ast.signature = this.signAST(ast);
+        // Cache
+        this.cache.set(parsed.contentHash, ast);
+        return {
+            ast,
+            durationMs: Date.now() - startMs,
+            nanomindUsed,
+            warnings,
+        };
+    }
+    /**
+     * Verify an AST's cryptographic signature.
+     * Analyzers MUST call this before processing an AST.
+     */
+    verifyAST(ast) {
+        const expected = this.signAST(ast);
+        return ast.signature === expected;
+    }
+    // ============================================================================
+    // NanoMind Inference
+    // ============================================================================
+    async runNanoMindInference(sanitizedContent, artifactType) {
+        try {
+            const resp = await fetch(`${this.config.daemonUrl}/v1/infer`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    intent: 'COMPILE_AST',
+                    input: sanitizedContent.slice(0, 4096), // Cap input size
+                    context: { artifactType },
+                    priority: 'high',
+                }),
+                signal: AbortSignal.timeout(this.config.daemonTimeoutMs),
+            });
+            if (!resp.ok)
+                return null;
+            const result = await resp.json();
+            const intentClass = result.confidence > 0.7 && result.attackClass ? 'malicious' :
+                result.confidence > 0.4 ? 'suspicious' : 'benign';
+            return {
+                intentClass,
+                confidence: result.confidence,
+                inferredCapabilities: [], // NanoMind v3 TME will populate this
+            };
+        }
+        catch {
+            return null; // Daemon unavailable
+        }
+    }
+    // ============================================================================
+    // AST Signing
+    // ============================================================================
+    signAST(ast) {
+        // Create a deterministic string from AST fields (excluding signature)
+        const payload = JSON.stringify({
+            contentHash: ast.contentHash,
+            artifactType: ast.artifactType,
+            intentClassification: ast.intentClassification,
+            intentConfidence: ast.intentConfidence,
+            modelVersion: ast.modelVersion,
+            compiledAt: ast.compiledAt,
+        });
+        const key = this.config.signingKey ?? 'nanomind-default-key';
+        return (0, node_crypto_1.createHmac)('sha256', key).update(payload).digest('hex');
+    }
+}
+exports.SemanticCompiler = SemanticCompiler;
+// ============================================================================
+// Extraction Functions
+// ============================================================================
+function extractDeclaredPurpose(content, frontmatter) {
+    // From YAML frontmatter
+    if (frontmatter?.description)
+        return String(frontmatter.description);
+    // From first paragraph
+    const lines = content.split('\n').filter(l => l.trim().length > 0);
+    for (const line of lines) {
+        if (!line.startsWith('#') && !line.startsWith('-') && !line.startsWith('---') && line.trim().length > 20) {
+            return line.trim().slice(0, 200);
+        }
+    }
+    return 'Unknown purpose';
+}
+function extractDeclaredCapabilities(content, type, frontmatter) {
+    const caps = [];
+    // From YAML frontmatter capabilities list
+    if (frontmatter?.capabilities && Array.isArray(frontmatter.capabilities)) {
+        for (const cap of frontmatter.capabilities) {
+            caps.push({
+                name: String(cap),
+                scope: '',
+                declared: true,
+                inferred: false,
+                riskLevel: assessCapabilityRisk(String(cap)),
+            });
+        }
+    }
+    // From MCP config tool declarations
+    if (type === 'mcp_config') {
+        try {
+            const config = JSON.parse(content);
+            const servers = config.mcpServers ?? {};
+            for (const [name, server] of Object.entries(servers)) {
+                const s = server;
+                const tools = s.allowedTools ?? ['*'];
+                for (const tool of tools) {
+                    caps.push({
+                        name: `mcp.${name}.${tool}`,
+                        scope: name,
+                        declared: true,
+                        inferred: false,
+                        riskLevel: tool === '*' ? 'high' : 'medium',
+                    });
+                }
+            }
+        }
+        catch { /* not valid JSON */ }
+    }
+    // From natural language capability declarations
+    const capPatterns = /(?:can|will|may|is able to)\s+(read|write|delete|send|fetch|call|access|execute|modify|create)\s+([a-z_.\s]+)/gi;
+    let match;
+    while ((match = capPatterns.exec(content)) !== null) {
+        caps.push({
+            name: `${match[1].toLowerCase()}.${match[2].trim().split(/\s+/)[0]}`,
+            scope: match[2].trim(),
+            declared: true,
+            inferred: false,
+            riskLevel: assessCapabilityRisk(match[1]),
+        });
+    }
+    return caps;
+}
+function extractDeclaredConstraints(content) {
+    const constraints = [];
+    const patterns = /(?:must|should|never|always|cannot|will not|forbidden|shall not|restricted to)[^.]+\./gi;
+    const matches = content.match(patterns);
+    if (matches) {
+        for (const match of matches) {
+            const text = match.trim();
+            const domain = classifyConstraintDomain(text);
+            const enforceability = assessEnforceability(text);
+            const bypassRisk = 1 - enforceability;
+            constraints.push({
+                text,
+                domain,
+                enforceability,
+                bypassRisk,
+                weakness: bypassRisk > 0.5 ? identifyWeakness(text) : undefined,
+            });
+        }
+    }
+    return constraints;
+}
+function extractDataAccessPatterns(content, capabilities) {
+    const patterns = [];
+    const dataTypes = ['user', 'customer', 'payment', 'session', 'credential', 'email', 'profile', 'medical', 'financial'];
+    for (const dt of dataTypes) {
+        if (content.toLowerCase().includes(dt)) {
+            const hasCap = capabilities.some(c => c.name.includes('read') || c.name.includes('access'));
+            patterns.push({
+                dataType: dt === 'credential' || dt === 'session' ? 'credentials' :
+                    dt === 'payment' || dt === 'financial' ? 'financial' :
+                        dt === 'medical' ? 'pii' : 'general',
+                accessMode: 'read',
+                coveredByCapability: hasCap,
+            });
+        }
+    }
+    // Check for external transmission
+    if (/https?:\/\/[^\s]+/.test(content) && /send|forward|transmit|post|upload/i.test(content)) {
+        patterns.push({
+            dataType: 'general',
+            accessMode: 'transmit',
+            destination: 'external',
+            coveredByCapability: capabilities.some(c => c.name.includes('api.call') || c.name.includes('send')),
+        });
+    }
+    return patterns;
+}
+function extractDependencies(content) {
+    const deps = [];
+    // References to other files/packages
+    const importPatterns = /(?:import|require|from)\s+['"](\.\/[^'"]+|@[^'"]+)['"]/g;
+    let match;
+    while ((match = importPatterns.exec(content)) !== null) {
+        deps.push(match[1]);
+    }
+    return deps;
+}
+function extractGovernanceReferences(content) {
+    const refs = [];
+    if (/soul\.md/i.test(content))
+        refs.push('soul.md');
+    if (/system.?prompt/i.test(content))
+        refs.push('system_prompt');
+    if (/claude\.md/i.test(content))
+        refs.push('claude.md');
+    return refs;
+}
+function mapRiskSurfaces(content, declared, inferred, intent) {
+    const surfaces = [];
+    const text = content.toLowerCase();
+    // External URL + data forwarding = exfiltration surface
+    if (/https?:\/\/[^\s]+\.(co|io|com|net|org)/.test(content) && /forward|send|transmit|export/i.test(text)) {
+        surfaces.push({
+            surface: 'External data transmission',
+            attackClass: 'SKILL-EXFIL',
+            confidence: intent === 'malicious' ? 0.9 : intent === 'suspicious' ? 0.6 : 0.3,
+            evidence: 'External URL combined with data forwarding language',
+        });
+    }
+    // Override/ignore instructions = injection surface
+    // BUT: constraint language about resisting overrides is NOT an injection
+    // "Ignore previous instructions" = injection. "Must never comply with override requests" = defense.
+    const hasOverrideLanguage = /ignore.*previous|override.*instruction|new.*task/i.test(text);
+    const isDefensiveConstraint = /must never.*override|never.*comply.*override|resist.*override|forbidden.*override/i.test(text);
+    if (hasOverrideLanguage && !isDefensiveConstraint) {
+        surfaces.push({
+            surface: 'Instruction override language',
+            attackClass: 'PROMPT-INJECT',
+            confidence: 0.8,
+            evidence: 'Contains language that overrides prior instructions',
+        });
+    }
+    // Credential access patterns
+    if (/password|credential|api[_-]?key|secret|token/i.test(text) && /ask|request|share|provide/i.test(text)) {
+        surfaces.push({
+            surface: 'Credential harvesting',
+            attackClass: 'CRED-HARVEST',
+            confidence: 0.7,
+            evidence: 'Requests credentials from users or systems',
+        });
+    }
+    // Remote instruction fetch
+    if (/fetch.*config|check.*update.*from|load.*instruction/i.test(text)) {
+        surfaces.push({
+            surface: 'Remote instruction fetch',
+            attackClass: 'HEARTBEAT-RCE',
+            confidence: 0.8,
+            evidence: 'Fetches instructions from remote URLs',
+        });
+    }
+    // Undeclared capabilities (inferred but not declared)
+    for (const cap of inferred) {
+        if (!cap.declared && cap.riskLevel !== 'low') {
+            surfaces.push({
+                surface: `Undeclared capability: ${cap.name}`,
+                attackClass: 'PRIV-ESCALATION',
+                confidence: 0.6,
+                evidence: `Capability ${cap.name} is inferred from content but not declared`,
+            });
+        }
+    }
+    return surfaces;
+}
+function extractEvidenceSpans(content, risks) {
+    const spans = [];
+    for (const risk of risks) {
+        // Find the evidence text in the original content
+        const idx = content.toLowerCase().indexOf(risk.evidence.toLowerCase().slice(0, 30));
+        if (idx >= 0) {
+            const end = Math.min(idx + 100, content.length);
+            spans.push({
+                start: idx,
+                end,
+                text: content.slice(idx, end),
+                supports: risk.attackClass,
+                confidence: risk.confidence,
+            });
+        }
+    }
+    return spans;
+}
+// ============================================================================
+// Heuristic Fallback (when NanoMind daemon is unavailable)
+// ============================================================================
+function heuristicIntentClassification(content, capabilities, constraints) {
+    const text = content.toLowerCase();
+    let maliciousSignals = 0;
+    let benignSignals = 0;
+    // Malicious signals
+    if (/forward.*token.*external|send.*credential.*endpoint/i.test(text))
+        maliciousSignals += 3;
+    if (/ignore.*previous.*instruction|override.*system/i.test(text))
+        maliciousSignals += 3;
+    if (/fetch.*config.*external|heartbeat.*url.*execute/i.test(text))
+        maliciousSignals += 2;
+    if (/always.*remember.*permanently|persist.*instruction/i.test(text))
+        maliciousSignals += 2;
+    if (/admin.*access|root.*privilege|execute.*shell/i.test(text))
+        maliciousSignals += 2;
+    // Benign signals
+    if (constraints.length >= 3)
+        benignSignals += 2;
+    if (/must never|should not|forbidden|restricted/i.test(text))
+        benignSignals += 1;
+    if (capabilities.length > 0 && capabilities.every(c => c.declared))
+        benignSignals += 1;
+    if (maliciousSignals >= 3) {
+        return { intentClass: 'malicious', confidence: Math.min(0.9, 0.5 + maliciousSignals * 0.1), inferredCapabilities: [] };
+    }
+    if (maliciousSignals > 0) {
+        return { intentClass: 'suspicious', confidence: 0.4 + maliciousSignals * 0.1, inferredCapabilities: [] };
+    }
+    return { intentClass: 'benign', confidence: 0.7 + benignSignals * 0.05, inferredCapabilities: [] };
+}
+// ============================================================================
+// Helpers
+// ============================================================================
+function assessCapabilityRisk(capability) {
+    const cap = capability.toLowerCase();
+    if (/delete|execute|admin|system|shell|root/.test(cap))
+        return 'critical';
+    if (/write|send|modify|create|transmit/.test(cap))
+        return 'high';
+    if (/read|access|query|fetch|call/.test(cap))
+        return 'medium';
+    return 'low';
+}
+function classifyConstraintDomain(text) {
+    const t = text.toLowerCase();
+    if (/trust|authority|hierarchy/.test(t))
+        return 'trust_hierarchy';
+    if (/oversight|human|approval|review/.test(t))
+        return 'human_oversight';
+    if (/data|pii|privacy|confidential/.test(t))
+        return 'data_handling';
+    if (/revers|undo|rollback/.test(t))
+        return 'action_reversibility';
+    if (/capabilit|scope|permission|access/.test(t))
+        return 'capability_boundary';
+    if (/identit|disclose|transparen/.test(t))
+        return 'identity_disclosure';
+    if (/error|fail|exception/.test(t))
+        return 'error_handling';
+    if (/credential|secret|key|token/.test(t))
+        return 'credential_management';
+    if (/behav|conduct|manner/.test(t))
+        return 'behavioral_constraint';
+    return 'general';
+}
+function assessEnforceability(text) {
+    const t = text.toLowerCase();
+    // Strong enforcement language
+    if (/must never|shall not|forbidden|prohibited|blocked/.test(t))
+        return 0.8;
+    if (/must|required|mandatory/.test(t))
+        return 0.7;
+    // Weak enforcement language
+    if (/should|recommended|preferred/.test(t))
+        return 0.4;
+    if (/may|can|might|when appropriate|use judgment/.test(t))
+        return 0.2;
+    return 0.5;
+}
+function identifyWeakness(text) {
+    const t = text.toLowerCase();
+    if (/when appropriate|use judgment|if needed/.test(t))
+        return 'Discretionary language allows edge-case bypass';
+    if (/should|recommended/.test(t))
+        return 'Advisory language is not enforced';
+    if (/unless|except|however/.test(t))
+        return 'Exception clause may be exploitable';
+    return 'Constraint language may not be enforceable';
+}
+//# sourceMappingURL=semantic-compiler.js.map

package/dist/nanomind-core/compiler/semantic-compiler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"semantic-compiler.js","sourceRoot":"","sources":["../../../src/nanomind-core/compiler/semantic-compiler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;AAEH,6CAAqD;AACrD,wEAAgE;AAChE,wEAAsE;AAetE,MAAa,gBAAgB;IAI3B,YAAY,SAAkC,EAAE;QAFxC,UAAK,GAAG,IAAI,GAAG,EAAuB,CAAC,CAAC,qBAAqB;QAGnE,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,wBAAwB;YACvD,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;YACvC,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,OAAS;YACpD,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;YAC/C,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,IAAa;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,6BAA6B;QAC7B,MAAM,MAAM,GAAG,IAAA,kCAAa,EAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;YAChC,uDAAuD;QACzD,CAAC;QAED,sBAAsB;QACtB,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAE;gBACxC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO;gBAChC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,CAAC,mBAAmB,CAAC;aAChC,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,SAAS,GAAG,IAAA,wCAAmB,EAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,oBAAoB,CAAC,MAAM,4DAA4D,CAAC,CAAC;QACtH,CAAC;QAED,uDAAuD;QACvD,MAAM,oBAAoB,GAAG,2BAA2B,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACnG,MAAM,mBAAmB,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC;QAChE,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;QACpF,MAAM,eAAe,GAAG,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QAE5E,8DAA8D;QAC9D,IAAI,oBAAoB,GAAgB,QAAQ,CAAC;QACjD,IAAI,gBAAgB,GAAG,GAAG,CAAC;QAC3B,IAAI,oBAAoB,GAAiB,EAAE,CAAC;QAC5C,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;YAClF,IAAI,SAAS,EAAE,CAAC;gBACd,oBAAoB,GAAG,SAAS,CAAC,WAAW,CAAC;gBAC7C,gBAAgB,GAAG,SAAS,CAAC,UAAU,CAAC;gBACxC,oBAAoB,GAAG,SAAS,CAAC,oBAAoB,CAAC;gBACtD,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,6BAA6B,CAAC,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,CAAC,CAAC;YACpG,oBAAoB,GAAG,SAAS,CAAC,WAAW,CAAC;YAC7C,gBAAgB,GAAG,SAAS,CAAC,UAAU,CAAC;YACxC,oBAAoB,GAAG,SAAS,CAAC,oBAAoB,CAAC;QACxD,CAAC;QAED,0EAA0E;QAC1E,IAAI,SAAS,CAAC,WAAW,IAAI,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC/D,oBAAoB,GAAG,YAAY,CAAC;YACpC,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QAC5E,CAAC;QAED,4BAA4B;QAC5B,MAAM,mBAAmB,GAAG,eAAe,CAAC,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,oBAAoB,CAAC,CAAC;QAEvH,iCAAiC;QACjC,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QAEzE,iCAAiC;QACjC,MAAM,GAAG,GAAgB;YACvB,YAAY,EAAE,MAAM,CAAC,IAAI;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,MAAM,CAAC,IAAI;YACzB,eAAe;YACf,oBAAoB;YACpB,mBAAmB;YACnB,kBAAkB;YAClB,oBAAoB;YACpB,mBAAmB;YACnB,oBAAoB;YACpB,gBAAgB;YAChB,SAAS,EAAE,mBAAmB,CAAC,OAAO,CAAC;YACvC,UAAU,EAAE,2BAA2B,CAAC,OAAO,CAAC;YAChD,aAAa;YACb,SAAS,EAAE,EAAE,EAAE,YAAY;YAC3B,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc;YAC7D,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;QAEF,eAAe;QACf,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAElC,QAAQ;QACR,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAExC,OAAO;YACL,GAAG;YACH,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO;YAChC,YAAY;YACZ,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,GAAgB;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,CAAC;IACpC,CAAC;IAED,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAEvE,KAAK,CAAC,oBAAoB,CAChC,gBAAwB,EACxB,YAA0B;QAM1B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,WAAW,EAAE;gBAC5D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,MAAM,EAAE,aAAa;oBACrB,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,iBAAiB;oBACzD,OAAO,EAAE,EAAE,YAAY,EAAE;oBACzB,QAAQ,EAAE,MAAM;iBACjB,CAAC;gBACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;aACzD,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YAE1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,EAI7B,CAAC;YAEF,MAAM,WAAW,GACf,MAAM,CAAC,UAAU,GAAG,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;gBAC7D,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;YAEpD,OAAO;gBACL,WAAW;gBACX,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,oBAAoB,EAAE,EAAE,EAAE,qCAAqC;aAChE,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,CAAC,qBAAqB;QACpC,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,cAAc;IACd,+EAA+E;IAEvE,OAAO,CAAC,GAAgB;QAC9B,sEAAsE;QACtE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;YAC7B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,oBAAoB,EAAE,GAAG,CAAC,oBAAoB;YAC9C,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;YACtC,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,UAAU,EAAE,GAAG,CAAC,UAAU;SAC3B,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,sBAAsB,CAAC;QAC7D,OAAO,IAAA,wBAAU,EAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC;CACF;AAtMD,4CAsMC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,SAAS,sBAAsB,CAAC,OAAe,EAAE,WAAqC;IACpF,wBAAwB;IACxB,IAAI,WAAW,EAAE,WAAW;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAErE,uBAAuB;IACvB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACzG,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,SAAS,2BAA2B,CAClC,OAAe,EACf,IAAkB,EAClB,WAAqC;IAErC,MAAM,IAAI,GAAiB,EAAE,CAAC;IAE9B,0CAA0C;IAC1C,IAAI,WAAW,EAAE,YAAY,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;QACzE,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC;gBACjB,KAAK,EAAE,EAAE;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;aAC7C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrD,MAAM,CAAC,GAAG,MAAiC,CAAC;gBAC5C,MAAM,KAAK,GAAI,CAAC,CAAC,YAAyB,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,CAAC,IAAI,CAAC;wBACR,IAAI,EAAE,OAAO,IAAI,IAAI,IAAI,EAAE;wBAC3B,KAAK,EAAE,IAAI;wBACX,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE,KAAK;wBACf,SAAS,EAAE,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;qBAC5C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;IAClC,CAAC;IAED,gDAAgD;IAChD,MAAM,WAAW,GAAG,iHAAiH,CAAC;IACtI,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;YACpE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;YACtB,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAe;IACjD,MAAM,WAAW,GAAiB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,yFAAyF,CAAC;IAC3G,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAExC,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,cAAc,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,CAAC,GAAG,cAAc,CAAC;YAEtC,WAAW,CAAC,IAAI,CAAC;gBACf,IAAI;gBACJ,MAAM;gBACN,cAAc;gBACd,UAAU;gBACV,QAAQ,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAChE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,yBAAyB,CAAC,OAAe,EAAE,YAA0B;IAC5E,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAEvH,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;QAC3B,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC5F,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,EAAE,KAAK,YAAY,IAAI,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;oBACzD,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;wBACtD,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;gBAC9C,UAAU,EAAE,MAAM;gBAClB,mBAAmB,EAAE,MAAM;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5F,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,UAAU;YACtB,WAAW,EAAE,UAAU;YACvB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;SACpG,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IAC1C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,qCAAqC;IACrC,MAAM,cAAc,GAAG,yDAAyD,CAAC;IACjF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,2BAA2B,CAAC,OAAe;IAClD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAChE,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,OAAe,EACf,QAAsB,EACtB,QAAsB,EACtB,MAAmB;IAEnB,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAEnC,wDAAwD;IACxD,IAAI,wCAAwC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACzG,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,4BAA4B;YACrC,WAAW,EAAE,aAAa;YAC1B,UAAU,EAAE,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;YAC9E,QAAQ,EAAE,qDAAqD;SAChE,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,yEAAyE;IACzE,oGAAoG;IACpG,MAAM,mBAAmB,GAAG,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3F,MAAM,qBAAqB,GAAG,oFAAoF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9H,IAAI,mBAAmB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,WAAW,EAAE,eAAe;YAC5B,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,qDAAqD;SAChE,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,IAAI,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1G,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,uBAAuB;YAChC,WAAW,EAAE,cAAc;YAC3B,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,4CAA4C;SACvD,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,IAAI,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtE,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,0BAA0B;YACnC,WAAW,EAAE,eAAe;YAC5B,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,uCAAuC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,sDAAsD;IACtD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,0BAA0B,GAAG,CAAC,IAAI,EAAE;gBAC7C,WAAW,EAAE,iBAAiB;gBAC9B,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,cAAc,GAAG,CAAC,IAAI,4CAA4C;aAC7E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe,EAAE,KAAoB;IACjE,MAAM,KAAK,GAAmB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,iDAAiD;QACjD,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACpF,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAChD,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,GAAG;gBACV,GAAG;gBACH,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC;gBAC7B,QAAQ,EAAE,IAAI,CAAC,WAAW;gBAC1B,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAC/E,2DAA2D;AAC3D,+EAA+E;AAE/E,SAAS,6BAA6B,CACpC,OAAe,EACf,YAA0B,EAC1B,WAAyB;IAEzB,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IACnC,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,oBAAoB;IACpB,IAAI,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,gBAAgB,IAAI,CAAC,CAAC;IAC7F,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,gBAAgB,IAAI,CAAC,CAAC;IACxF,IAAI,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,gBAAgB,IAAI,CAAC,CAAC;IACzF,IAAI,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,gBAAgB,IAAI,CAAC,CAAC;IAC5F,IAAI,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,gBAAgB,IAAI,CAAC,CAAC;IAEtF,iBAAiB;IACjB,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC;QAAE,aAAa,IAAI,CAAC,CAAC;IAChD,IAAI,6CAA6C,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,aAAa,IAAI,CAAC,CAAC;IACjF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QAAE,aAAa,IAAI,CAAC,CAAC;IAEvF,IAAI,gBAAgB,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,gBAAgB,GAAG,GAAG,CAAC,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC;IACzH,CAAC;IACD,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,GAAG,gBAAgB,GAAG,GAAG,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC;IAC3G,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,GAAG,aAAa,GAAG,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC;AACrG,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,oBAAoB,CAAC,UAAkB;IAC9C,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,wCAAwC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC1E,IAAI,mCAAmC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IACjE,IAAI,8BAA8B,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC9D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,iBAAiB,CAAC;IAClE,IAAI,iCAAiC,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,iBAAiB,CAAC;IACxE,IAAI,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,eAAe,CAAC;IACpE,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,sBAAsB,CAAC;IAClE,IAAI,mCAAmC,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC9E,IAAI,6BAA6B,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,qBAAqB,CAAC;IACxE,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC5D,IAAI,6BAA6B,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,uBAAuB,CAAC;IAC1E,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,uBAAuB,CAAC;IACnE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,8BAA8B;IAC9B,IAAI,mDAAmD,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC;IAC5E,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC;IAClD,4BAA4B;IAC5B,IAAI,8BAA8B,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC;IACvD,IAAI,6CAA6C,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,yCAAyC,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,gDAAgD,CAAC;IAC/G,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,mCAAmC,CAAC;IAC7E,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,qCAAqC,CAAC;IAClF,OAAO,4CAA4C,CAAC;AACtD,CAAC"}

package/dist/nanomind-core/index.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * NanoMind Core -- Semantic Security Compiler
+ *
+ * The foundational layer for ALL security scanning in HackMyAgent.
+ * Compiles raw artifacts into Abstract Security Trees (ASTs) that
+ * analyzers query instead of raw text.
+ *
+ * Architecture:
+ *   Artifact → Ingestion (validate, sanitize) → Compiler (AST) → Analyzers (findings)
+ *
+ * Three principles:
+ *   1. NanoMind is the foundation, not a post-processor
+ *   2. Security-first: signed ASTs, input sanitization, sandboxed execution
+ *   3. World-class design: compiler architecture, not regex patches
+ */
+export type { SecurityAST, CompilationResult, CompilerConfig, ArtifactType, Capability, Constraint, ConstraintDomain, DataAccessPattern, RiskSurface, IntentClass, EvidenceSpan, } from './types.js';
+export { DEFAULT_COMPILER_CONFIG } from './types.js';
+export { SemanticCompiler } from './compiler/semantic-compiler.js';
+export { analyzeCapabilities } from './analyzers/capability-analyzer.js';
+export type { ASTFinding } from './analyzers/capability-analyzer.js';
+export { analyzeCredentials } from './analyzers/credential-analyzer.js';
+export { analyzeGovernance } from './analyzers/governance-analyzer.js';
+export { analyzeScope } from './analyzers/scope-analyzer.js';
+export { analyzePrompt } from './analyzers/prompt-analyzer.js';
+export { analyzeCode } from './analyzers/code-analyzer.js';
+export { parseArtifact, classifyArtifactType, computeHash } from './ingestion/artifact-parser.js';
+export { sanitizeForNanoMind, detectManipulation } from './ingestion/input-sanitizer.js';
+export type { ParsedArtifact } from './ingestion/artifact-parser.js';
+export type { SanitizationResult, ManipulationAttempt } from './ingestion/input-sanitizer.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/nanomind-core/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nanomind-core/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,YAAY,EACV,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAGrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAGnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,YAAY,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAG3D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACzF,YAAY,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/nanomind-core/index.js ADDED Viewed

@@ -0,0 +1,45 @@
+"use strict";
+/**
+ * NanoMind Core -- Semantic Security Compiler
+ *
+ * The foundational layer for ALL security scanning in HackMyAgent.
+ * Compiles raw artifacts into Abstract Security Trees (ASTs) that
+ * analyzers query instead of raw text.
+ *
+ * Architecture:
+ *   Artifact → Ingestion (validate, sanitize) → Compiler (AST) → Analyzers (findings)
+ *
+ * Three principles:
+ *   1. NanoMind is the foundation, not a post-processor
+ *   2. Security-first: signed ASTs, input sanitization, sandboxed execution
+ *   3. World-class design: compiler architecture, not regex patches
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectManipulation = exports.sanitizeForNanoMind = exports.computeHash = exports.classifyArtifactType = exports.parseArtifact = exports.analyzeCode = exports.analyzePrompt = exports.analyzeScope = exports.analyzeGovernance = exports.analyzeCredentials = exports.analyzeCapabilities = exports.SemanticCompiler = exports.DEFAULT_COMPILER_CONFIG = void 0;
+var types_js_1 = require("./types.js");
+Object.defineProperty(exports, "DEFAULT_COMPILER_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_COMPILER_CONFIG; } });
+// Compiler
+var semantic_compiler_js_1 = require("./compiler/semantic-compiler.js");
+Object.defineProperty(exports, "SemanticCompiler", { enumerable: true, get: function () { return semantic_compiler_js_1.SemanticCompiler; } });
+// Analyzers
+var capability_analyzer_js_1 = require("./analyzers/capability-analyzer.js");
+Object.defineProperty(exports, "analyzeCapabilities", { enumerable: true, get: function () { return capability_analyzer_js_1.analyzeCapabilities; } });
+var credential_analyzer_js_1 = require("./analyzers/credential-analyzer.js");
+Object.defineProperty(exports, "analyzeCredentials", { enumerable: true, get: function () { return credential_analyzer_js_1.analyzeCredentials; } });
+var governance_analyzer_js_1 = require("./analyzers/governance-analyzer.js");
+Object.defineProperty(exports, "analyzeGovernance", { enumerable: true, get: function () { return governance_analyzer_js_1.analyzeGovernance; } });
+var scope_analyzer_js_1 = require("./analyzers/scope-analyzer.js");
+Object.defineProperty(exports, "analyzeScope", { enumerable: true, get: function () { return scope_analyzer_js_1.analyzeScope; } });
+var prompt_analyzer_js_1 = require("./analyzers/prompt-analyzer.js");
+Object.defineProperty(exports, "analyzePrompt", { enumerable: true, get: function () { return prompt_analyzer_js_1.analyzePrompt; } });
+var code_analyzer_js_1 = require("./analyzers/code-analyzer.js");
+Object.defineProperty(exports, "analyzeCode", { enumerable: true, get: function () { return code_analyzer_js_1.analyzeCode; } });
+// Ingestion
+var artifact_parser_js_1 = require("./ingestion/artifact-parser.js");
+Object.defineProperty(exports, "parseArtifact", { enumerable: true, get: function () { return artifact_parser_js_1.parseArtifact; } });
+Object.defineProperty(exports, "classifyArtifactType", { enumerable: true, get: function () { return artifact_parser_js_1.classifyArtifactType; } });
+Object.defineProperty(exports, "computeHash", { enumerable: true, get: function () { return artifact_parser_js_1.computeHash; } });
+var input_sanitizer_js_1 = require("./ingestion/input-sanitizer.js");
+Object.defineProperty(exports, "sanitizeForNanoMind", { enumerable: true, get: function () { return input_sanitizer_js_1.sanitizeForNanoMind; } });
+Object.defineProperty(exports, "detectManipulation", { enumerable: true, get: function () { return input_sanitizer_js_1.detectManipulation; } });
+//# sourceMappingURL=index.js.map

package/dist/nanomind-core/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nanomind-core/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAgBH,uCAAqD;AAA5C,mHAAA,uBAAuB,OAAA;AAEhC,WAAW;AACX,wEAAmE;AAA1D,wHAAA,gBAAgB,OAAA;AAEzB,YAAY;AACZ,6EAAyE;AAAhE,6HAAA,mBAAmB,OAAA;AAE5B,6EAAwE;AAA/D,4HAAA,kBAAkB,OAAA;AAC3B,6EAAuE;AAA9D,2HAAA,iBAAiB,OAAA;AAC1B,mEAA6D;AAApD,iHAAA,YAAY,OAAA;AACrB,qEAA+D;AAAtD,mHAAA,aAAa,OAAA;AACtB,iEAA2D;AAAlD,+GAAA,WAAW,OAAA;AAEpB,YAAY;AACZ,qEAAkG;AAAzF,mHAAA,aAAa,OAAA;AAAE,0HAAA,oBAAoB,OAAA;AAAE,iHAAA,WAAW,OAAA;AACzD,qEAAyF;AAAhF,yHAAA,mBAAmB,OAAA;AAAE,wHAAA,kBAAkB,OAAA"}

package/dist/nanomind-core/ingestion/artifact-parser.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Secure Artifact Parser
+ *
+ * Every artifact enters the NanoMind pipeline through this parser.
+ * It validates structure, classifies type, extracts metadata,
+ * and computes content hashes for integrity tracking.
+ *
+ * Security: validates before processing. Rejects malformed, oversized,
+ * or unrecognized artifacts before they reach NanoMind.
+ */
+import type { ArtifactType, DEFAULT_COMPILER_CONFIG } from '../types.js';
+export interface ParsedArtifact {
+    /** Classified artifact type */
+    type: ArtifactType;
+    /** SHA-256 content hash */
+    contentHash: string;
+    /** Original content */
+    content: string;
+    /** File path (if from filesystem) */
+    path?: string;
+    /** File size in bytes */
+    size: number;
+    /** YAML frontmatter (if present) */
+    frontmatter?: Record<string, unknown>;
+    /** Whether the artifact passed validation */
+    valid: boolean;
+    /** Validation errors (if invalid) */
+    errors: string[];
+}
+/**
+ * Parse and validate an artifact for NanoMind processing.
+ *
+ * Security: rejects artifacts that are:
+ * - Larger than maxArtifactSize (default 1MB)
+ * - Binary (non-text)
+ * - Empty
+ */
+export declare function parseArtifact(content: string, path?: string, config?: Partial<typeof DEFAULT_COMPILER_CONFIG>): ParsedArtifact;
+/**
+ * Classify artifact type from content and path.
+ * Tries each signature in order; returns 'unknown' if none match.
+ */
+export declare function classifyArtifactType(content: string, path?: string): ArtifactType;
+/**
+ * Compute SHA-256 hash of content for content-addressed caching and integrity.
+ */
+export declare function computeHash(content: string): string;
+//# sourceMappingURL=artifact-parser.d.ts.map

package/dist/nanomind-core/ingestion/artifact-parser.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"artifact-parser.d.ts","sourceRoot":"","sources":["../../../src/nanomind-core/ingestion/artifact-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAkB,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEzF,MAAM,WAAW,cAAc;IAC7B,+BAA+B;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,oCAAoC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,6CAA6C;IAC7C,KAAK,EAAE,OAAO,CAAC;IACf,qCAAqC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAoED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,OAAO,CAAC,OAAO,uBAAuB,CAAC,GAC/C,cAAc,CA6ChB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY,CAOjF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnD"}