hackmyagent 0.17.1 → 0.17.2

package/dist/nanomind-core/index.d.ts

@@ -29,6 +29,8 @@ export { enforceSeverityFloor, validateEnhancement, requireBenignConsensus, reda
 export { verifyAll, EventChain, generateManifest } from './security/integrity-verifier.js';
 export { TMEClassifier, getTMEClassifier } from './inference/tme-classifier.js';
 export type { TMEClassification } from './inference/tme-classifier.js';
+export { getAnalystStatus, isAnalystReady, setupAnalystModel, runAnalystInference, analyzeThreat, assessCredentialContext, assessFalsePositive, generateIntelReport, } from './inference/security-analyst.js';
+export type { AnalystTaskType, AnalystRequest, AnalystResponse, AnalystBackend, AnalystStatus, ThreatAnalysis, CredentialContext, FalsePositiveAssessment, } from './inference/security-analyst.js';
 export { parseArtifact, classifyArtifactType, computeHash } from './ingestion/artifact-parser.js';
 export { sanitizeForNanoMind, detectManipulation } from './ingestion/input-sanitizer.js';
 export type { ParsedArtifact } from './ingestion/artifact-parser.js';

package/dist/nanomind-core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nanomind-core/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,YAAY,EACV,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAGrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAGnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,YAAY,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAG3D,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAC9D,YAAY,EAAE,mBAAmB,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAGzG,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,aAAa,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC5O,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAG3F,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAChF,YAAY,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAGvE,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACzF,YAAY,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nanomind-core/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,YAAY,EACV,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAGrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAGnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,YAAY,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAG3D,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAC9D,YAAY,EAAE,mBAAmB,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAGzG,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,aAAa,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC5O,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAG3F,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAChF,YAAY,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAGvE,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,iCAAiC,CAAC;AACzC,YAAY,EACV,eAAe,EACf,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACzF,YAAY,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/nanomind-core/index.js

@@ -15,7 +15,7 @@
  *   3. World-class design: compiler architecture, not regex patches
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectManipulation = exports.sanitizeForNanoMind = exports.computeHash = exports.classifyArtifactType = exports.parseArtifact = exports.getTMEClassifier = exports.TMEClassifier = exports.generateManifest = exports.EventChain = exports.verifyAll = exports.getAuditEvents = exports.logSecurityEvent = exports.verifyTrainingProvenance = exports.SecurityError = exports.assertASTIntegrity = exports.redactSecretsForNanoMind = exports.requireBenignConsensus = exports.validateEnhancement = exports.enforceSeverityFloor = exports.validateAST = exports.analyzeCode = exports.analyzePrompt = exports.analyzeScope = exports.analyzeGovernance = exports.analyzeCredentials = exports.analyzeCapabilities = exports.SemanticCompiler = exports.DEFAULT_COMPILER_CONFIG = void 0;
+exports.detectManipulation = exports.sanitizeForNanoMind = exports.computeHash = exports.classifyArtifactType = exports.parseArtifact = exports.generateIntelReport = exports.assessFalsePositive = exports.assessCredentialContext = exports.analyzeThreat = exports.runAnalystInference = exports.setupAnalystModel = exports.isAnalystReady = exports.getAnalystStatus = exports.getTMEClassifier = exports.TMEClassifier = exports.generateManifest = exports.EventChain = exports.verifyAll = exports.getAuditEvents = exports.logSecurityEvent = exports.verifyTrainingProvenance = exports.SecurityError = exports.assertASTIntegrity = exports.redactSecretsForNanoMind = exports.requireBenignConsensus = exports.validateEnhancement = exports.enforceSeverityFloor = exports.validateAST = exports.analyzeCode = exports.analyzePrompt = exports.analyzeScope = exports.analyzeGovernance = exports.analyzeCredentials = exports.analyzeCapabilities = exports.SemanticCompiler = exports.DEFAULT_COMPILER_CONFIG = void 0;
 var types_js_1 = require("./types.js");
 Object.defineProperty(exports, "DEFAULT_COMPILER_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_COMPILER_CONFIG; } });
 // Compiler
@@ -52,10 +52,20 @@ var integrity_verifier_js_1 = require("./security/integrity-verifier.js");
 Object.defineProperty(exports, "verifyAll", { enumerable: true, get: function () { return integrity_verifier_js_1.verifyAll; } });
 Object.defineProperty(exports, "EventChain", { enumerable: true, get: function () { return integrity_verifier_js_1.EventChain; } });
 Object.defineProperty(exports, "generateManifest", { enumerable: true, get: function () { return integrity_verifier_js_1.generateManifest; } });
-// Inference
+// Inference -- TME Classifier (ONNX, 10-class labels)
 var tme_classifier_js_1 = require("./inference/tme-classifier.js");
 Object.defineProperty(exports, "TMEClassifier", { enumerable: true, get: function () { return tme_classifier_js_1.TMEClassifier; } });
 Object.defineProperty(exports, "getTMEClassifier", { enumerable: true, get: function () { return tme_classifier_js_1.getTMEClassifier; } });
+// Inference -- Security Analyst (generative, structured JSON)
+var security_analyst_js_1 = require("./inference/security-analyst.js");
+Object.defineProperty(exports, "getAnalystStatus", { enumerable: true, get: function () { return security_analyst_js_1.getAnalystStatus; } });
+Object.defineProperty(exports, "isAnalystReady", { enumerable: true, get: function () { return security_analyst_js_1.isAnalystReady; } });
+Object.defineProperty(exports, "setupAnalystModel", { enumerable: true, get: function () { return security_analyst_js_1.setupAnalystModel; } });
+Object.defineProperty(exports, "runAnalystInference", { enumerable: true, get: function () { return security_analyst_js_1.runAnalystInference; } });
+Object.defineProperty(exports, "analyzeThreat", { enumerable: true, get: function () { return security_analyst_js_1.analyzeThreat; } });
+Object.defineProperty(exports, "assessCredentialContext", { enumerable: true, get: function () { return security_analyst_js_1.assessCredentialContext; } });
+Object.defineProperty(exports, "assessFalsePositive", { enumerable: true, get: function () { return security_analyst_js_1.assessFalsePositive; } });
+Object.defineProperty(exports, "generateIntelReport", { enumerable: true, get: function () { return security_analyst_js_1.generateIntelReport; } });
 // Ingestion
 var artifact_parser_js_1 = require("./ingestion/artifact-parser.js");
 Object.defineProperty(exports, "parseArtifact", { enumerable: true, get: function () { return artifact_parser_js_1.parseArtifact; } });

package/dist/nanomind-core/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nanomind-core/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAgBH,uCAAqD;AAA5C,mHAAA,uBAAuB,OAAA;AAEhC,WAAW;AACX,wEAAmE;AAA1D,wHAAA,gBAAgB,OAAA;AAEzB,YAAY;AACZ,6EAAyE;AAAhE,6HAAA,mBAAmB,OAAA;AAE5B,6EAAwE;AAA/D,4HAAA,kBAAkB,OAAA;AAC3B,6EAAuE;AAA9D,2HAAA,iBAAiB,OAAA;AAC1B,mEAA6D;AAApD,iHAAA,YAAY,OAAA;AACrB,qEAA+D;AAAtD,mHAAA,aAAa,OAAA;AACtB,iEAA2D;AAAlD,+GAAA,WAAW,OAAA;AAEpB,eAAe;AACf,oEAA8D;AAArD,+GAAA,WAAW,OAAA;AAGpB,WAAW;AACX,sEAA4O;AAAnO,2HAAA,oBAAoB,OAAA;AAAE,0HAAA,mBAAmB,OAAA;AAAE,6HAAA,sBAAsB,OAAA;AAAE,+HAAA,wBAAwB,OAAA;AAAE,yHAAA,kBAAkB,OAAA;AAAE,oHAAA,aAAa,OAAA;AAAE,+HAAA,wBAAwB,OAAA;AAAE,uHAAA,gBAAgB,OAAA;AAAE,qHAAA,cAAc,OAAA;AACnM,0EAA2F;AAAlF,kHAAA,SAAS,OAAA;AAAE,mHAAA,UAAU,OAAA;AAAE,yHAAA,gBAAgB,OAAA;AAEhD,YAAY;AACZ,mEAAgF;AAAvE,kHAAA,aAAa,OAAA;AAAE,qHAAA,gBAAgB,OAAA;AAGxC,YAAY;AACZ,qEAAkG;AAAzF,mHAAA,aAAa,OAAA;AAAE,0HAAA,oBAAoB,OAAA;AAAE,iHAAA,WAAW,OAAA;AACzD,qEAAyF;AAAhF,yHAAA,mBAAmB,OAAA;AAAE,wHAAA,kBAAkB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nanomind-core/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAgBH,uCAAqD;AAA5C,mHAAA,uBAAuB,OAAA;AAEhC,WAAW;AACX,wEAAmE;AAA1D,wHAAA,gBAAgB,OAAA;AAEzB,YAAY;AACZ,6EAAyE;AAAhE,6HAAA,mBAAmB,OAAA;AAE5B,6EAAwE;AAA/D,4HAAA,kBAAkB,OAAA;AAC3B,6EAAuE;AAA9D,2HAAA,iBAAiB,OAAA;AAC1B,mEAA6D;AAApD,iHAAA,YAAY,OAAA;AACrB,qEAA+D;AAAtD,mHAAA,aAAa,OAAA;AACtB,iEAA2D;AAAlD,+GAAA,WAAW,OAAA;AAEpB,eAAe;AACf,oEAA8D;AAArD,+GAAA,WAAW,OAAA;AAGpB,WAAW;AACX,sEAA4O;AAAnO,2HAAA,oBAAoB,OAAA;AAAE,0HAAA,mBAAmB,OAAA;AAAE,6HAAA,sBAAsB,OAAA;AAAE,+HAAA,wBAAwB,OAAA;AAAE,yHAAA,kBAAkB,OAAA;AAAE,oHAAA,aAAa,OAAA;AAAE,+HAAA,wBAAwB,OAAA;AAAE,uHAAA,gBAAgB,OAAA;AAAE,qHAAA,cAAc,OAAA;AACnM,0EAA2F;AAAlF,kHAAA,SAAS,OAAA;AAAE,mHAAA,UAAU,OAAA;AAAE,yHAAA,gBAAgB,OAAA;AAEhD,sDAAsD;AACtD,mEAAgF;AAAvE,kHAAA,aAAa,OAAA;AAAE,qHAAA,gBAAgB,OAAA;AAGxC,8DAA8D;AAC9D,uEASyC;AARvC,uHAAA,gBAAgB,OAAA;AAChB,qHAAA,cAAc,OAAA;AACd,wHAAA,iBAAiB,OAAA;AACjB,0HAAA,mBAAmB,OAAA;AACnB,oHAAA,aAAa,OAAA;AACb,8HAAA,uBAAuB,OAAA;AACvB,0HAAA,mBAAmB,OAAA;AACnB,0HAAA,mBAAmB,OAAA;AAarB,YAAY;AACZ,qEAAkG;AAAzF,mHAAA,aAAa,OAAA;AAAE,0HAAA,oBAAoB,OAAA;AAAE,iHAAA,WAAW,OAAA;AACzD,qEAAyF;AAAhF,yHAAA,mBAAmB,OAAA;AAAE,wHAAA,kBAAkB,OAAA"}

package/dist/nanomind-core/inference/analm-infer.py

@@ -0,0 +1,104 @@
+"""
+AnaLM inference helper -- invoked as subprocess by security-analyst.ts.
+
+Usage: python3 analm-infer.py <hf_repo> <task_type> <system_prompt_json> <user_message_json>
+
+Loads the model, runs inference, extracts JSON from the response.
+Falls back to constructing structured data from prose if JSON extraction fails.
+"""
+import json
+import sys
+import re
+
+def extract_json(text, task):
+    """Try multiple strategies to extract JSON from model output."""
+    # Strategy 1: direct parse
+    try:
+        return json.loads(text)
+    except Exception:
+        pass
+
+    # Strategy 2: markdown code fence
+    fence = re.search(r'```(?:json)?\s*(.+?)```', text, re.DOTALL)
+    if fence:
+        try:
+            return json.loads(fence.group(1).strip())
+        except Exception:
+            pass
+
+    # Strategy 3: find JSON object via brace matching
+    depth = 0
+    start = -1
+    for i, c in enumerate(text):
+        if c == '{':
+            if depth == 0:
+                start = i
+            depth += 1
+        elif c == '}':
+            depth -= 1
+            if depth == 0 and start >= 0:
+                try:
+                    return json.loads(text[start:i+1])
+                except Exception:
+                    start = -1
+
+    # Strategy 4: construct structured data from prose
+    if task == "threatAnalysis":
+        r = {"confidence": 0.6, "description": text[:300].strip(), "mitigations": []}
+        low = text.lower()
+        for lv in ["critical", "high", "medium", "low", "none"]:
+            if lv in low:
+                r["threatLevel"] = lv
+                break
+        for line in text.split("\n"):
+            s = line.strip()
+            if s.startswith(("-", "*")) and len(s) > 12:
+                r["mitigations"].append(re.sub(r'^[-*]\s*', '', s))
+        if r.get("threatLevel"):
+            return r
+
+    if task == "credentialContextClassification":
+        low = text.lower()
+        for cls in ["real", "test", "example", "placeholder"]:
+            if cls in low:
+                return {"classification": cls, "reasoning": text[:300].strip(), "confidence": 0.6}
+
+    if task == "falsePositiveDetection":
+        low = text.lower()
+        is_fp = "false positive" in low or "not a real" in low or "benign" in low
+        return {"isFalsePositive": is_fp, "reasoning": text[:300].strip(), "confidence": 0.5}
+
+    return None
+
+
+def main():
+    if len(sys.argv) != 5:
+        print(json.dumps({"ok": False, "error": "usage: analm-infer.py <repo> <task> <system_json> <user_json>"}))
+        sys.exit(1)
+
+    hf_repo = sys.argv[1]
+    task_type = sys.argv[2]
+    system_prompt = json.loads(sys.argv[3])
+    user_message = json.loads(sys.argv[4])
+
+    from mlx_lm import load, generate
+
+    model, tokenizer = load(hf_repo)
+
+    messages = [
+        {"role": "system", "content": system_prompt},
+        {"role": "user", "content": user_message},
+    ]
+
+    prompt = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
+    response = generate(model, tokenizer, prompt=prompt, max_tokens=512, verbose=False)
+
+    parsed = extract_json(response, task_type)
+    if parsed:
+        print(json.dumps({"ok": True, "result": parsed}))
+    else:
+        print(json.dumps({"ok": False, "raw": response[:500]}))
+
+
+if __name__ == "__main__":
+    main()

package/dist/nanomind-core/inference/security-analyst.d.ts

@@ -0,0 +1,95 @@
+/**
+ * NanoMind Security Analyst -- Generative model inference
+ *
+ * Runs the nanomind-security-analyst model (SmolLM2-1.7B 12L SFT)
+ * for structured security analysis. This is a GENERATIVE model that
+ * produces JSON output, NOT a replacement for the TME classifier.
+ *
+ * Two inference backends (auto-detected):
+ *   1. MLX (mlx_lm)     -- Apple Silicon only, safetensors (1.8GB)
+ *   2. llama.cpp         -- Cross-platform, GGUF Q4_K_M (~1GB) [planned]
+ *
+ * Task types:
+ *   - threatAnalysis, credentialContextClassification, falsePositiveDetection,
+ *     artifactClassification, checkExplanation, governanceReasoning, intelReport
+ *
+ * Gated behind --analm flag. Model downloaded on-demand via `analm setup`.
+ */
+export type AnalystTaskType = 'threatAnalysis' | 'credentialContextClassification' | 'falsePositiveDetection' | 'artifactClassification' | 'checkExplanation' | 'governanceReasoning' | 'intelReport';
+export interface AnalystRequest {
+    taskType: AnalystTaskType;
+    content: string;
+    context?: string;
+}
+export interface AnalystResponse {
+    taskType: AnalystTaskType;
+    result: Record<string, unknown>;
+    confidence: number;
+    modelVersion: string;
+    durationMs: number;
+    backend: AnalystBackend;
+}
+export interface ThreatAnalysis {
+    threatLevel: string;
+    attackVector: string;
+    description: string;
+    mitigations: string[];
+    confidence: number;
+}
+export interface CredentialContext {
+    classification: 'real' | 'test' | 'example' | 'placeholder' | 'unknown';
+    reasoning: string;
+    confidence: number;
+}
+export interface FalsePositiveAssessment {
+    isFalsePositive: boolean;
+    reasoning: string;
+    confidence: number;
+}
+export type AnalystBackend = 'mlx' | 'llamacpp' | 'none';
+export interface AnalystStatus {
+    available: boolean;
+    backend: AnalystBackend;
+    modelCached: boolean;
+    platform: string;
+    setupCommand: string;
+}
+/**
+ * Get the full status of the analyst subsystem.
+ * Used by `analyst status` and scan hints.
+ */
+export declare function getAnalystStatus(): Promise<AnalystStatus>;
+/**
+ * Quick check: is the analyst ready to run right now?
+ * Does NOT trigger downloads. Used by orchestrator to decide whether
+ * to show the "run analyst setup" hint.
+ */
+export declare function isAnalystReady(): Promise<boolean>;
+/**
+ * Download the AnaLM model. Called by `analm setup` command.
+ * Returns true on success.
+ */
+export declare function setupAnalystModel(quiet?: boolean): Promise<boolean>;
+/**
+ * Run analyst inference on the given request.
+ * Returns null if the analyst is unavailable or inference fails.
+ * Caller must gate behind --analyze flag.
+ */
+export declare function runAnalystInference(request: AnalystRequest): Promise<AnalystResponse | null>;
+/**
+ * Run threat analysis on content flagged as suspicious/malicious.
+ */
+export declare function analyzeThreat(content: string, attackClass: string): Promise<ThreatAnalysis | null>;
+/**
+ * Assess whether a credential finding is a real credential or test/example.
+ */
+export declare function assessCredentialContext(content: string): Promise<CredentialContext | null>;
+/**
+ * Assess whether a finding is a false positive.
+ */
+export declare function assessFalsePositive(content: string, findingDescription: string): Promise<FalsePositiveAssessment | null>;
+/**
+ * Generate an intelligence report summarizing scan findings.
+ */
+export declare function generateIntelReport(findingsSummary: string): Promise<AnalystResponse | null>;
+//# sourceMappingURL=security-analyst.d.ts.map

package/dist/nanomind-core/inference/security-analyst.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-analyst.d.ts","sourceRoot":"","sources":["../../../src/nanomind-core/inference/security-analyst.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAUH,MAAM,MAAM,eAAe,GACvB,gBAAgB,GAChB,iCAAiC,GACjC,wBAAwB,GACxB,wBAAwB,GACxB,kBAAkB,GAClB,qBAAqB,GACrB,aAAa,CAAC;AAElB,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,eAAe,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,eAAe,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,cAAc,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,aAAa,GAAG,SAAS,CAAC;IACxE,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACtC,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,cAAc,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,CAAC;AAEzD,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,cAAc,CAAC;IACxB,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAmFD;;;GAGG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,aAAa,CAAC,CAW/D;AAED;;;;GAIG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC,CAIvD;AAMD;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,UAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CA0DvE;AAMD;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAajC;AAqDD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAgBhC;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAkBnC;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,MAAM,EACf,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAczC;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAKjC"}

package/dist/nanomind-core/inference/security-analyst.js

@@ -0,0 +1,372 @@
+"use strict";
+/**
+ * NanoMind Security Analyst -- Generative model inference
+ *
+ * Runs the nanomind-security-analyst model (SmolLM2-1.7B 12L SFT)
+ * for structured security analysis. This is a GENERATIVE model that
+ * produces JSON output, NOT a replacement for the TME classifier.
+ *
+ * Two inference backends (auto-detected):
+ *   1. MLX (mlx_lm)     -- Apple Silicon only, safetensors (1.8GB)
+ *   2. llama.cpp         -- Cross-platform, GGUF Q4_K_M (~1GB) [planned]
+ *
+ * Task types:
+ *   - threatAnalysis, credentialContextClassification, falsePositiveDetection,
+ *     artifactClassification, checkExplanation, governanceReasoning, intelReport
+ *
+ * Gated behind --analm flag. Model downloaded on-demand via `analm setup`.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAnalystStatus = getAnalystStatus;
+exports.isAnalystReady = isAnalystReady;
+exports.setupAnalystModel = setupAnalystModel;
+exports.runAnalystInference = runAnalystInference;
+exports.analyzeThreat = analyzeThreat;
+exports.assessCredentialContext = assessCredentialContext;
+exports.assessFalsePositive = assessFalsePositive;
+exports.generateIntelReport = generateIntelReport;
+const node_path_1 = require("node:path");
+const node_os_1 = require("node:os");
+const node_child_process_1 = require("node:child_process");
+// ============================================================================
+// Constants
+// ============================================================================
+const HF_REPO = 'opena2a/nanomind-security-analyst';
+const MODEL_VERSION = '0.1.0';
+/** Maximum input length sent to the analyst (tokens are ~4 chars avg) */
+const MAX_INPUT_CHARS = 2048;
+/** Inference timeout. The 1.7B model runs ~2-5s per request on M-series. */
+const INFERENCE_TIMEOUT_MS = 30000;
+// ============================================================================
+// Backend Detection
+// ============================================================================
+let _detectedBackend;
+let _modelCached;
+/**
+ * Detect the best available inference backend.
+ * MLX is preferred (Apple Silicon), llama.cpp is cross-platform fallback.
+ */
+async function detectBackend() {
+    if (_detectedBackend !== undefined)
+        return _detectedBackend;
+    // Try MLX (Apple Silicon only)
+    if (process.platform === 'darwin') {
+        try {
+            await execAsync('uv', [
+                'run', '--with', 'mlx-lm', 'python3', '-c',
+                'import mlx_lm; print("ok")',
+            ], { timeout: 15000 });
+            _detectedBackend = 'mlx';
+            return _detectedBackend;
+        }
+        catch {
+            // MLX not available, try llama.cpp
+        }
+    }
+    // Try llama.cpp (cross-platform) -- planned for future release
+    // When implemented, check for llama-cpp-python or llamafile binary
+    // try {
+    //   await execAsync('uv', [
+    //     'run', '--with', 'llama-cpp-python', 'python3', '-c',
+    //     'from llama_cpp import Llama; print("ok")',
+    //   ], { timeout: 15_000 });
+    //   _detectedBackend = 'llamacpp';
+    //   return _detectedBackend;
+    // } catch { /* not available */ }
+    _detectedBackend = 'none';
+    return _detectedBackend;
+}
+/**
+ * Check if the model is already cached locally.
+ */
+async function isModelCached() {
+    if (_modelCached !== undefined)
+        return _modelCached;
+    try {
+        const checkScript = `
+from huggingface_hub import try_to_load_from_cache
+import json
+path = try_to_load_from_cache("${HF_REPO}", "config.json")
+print(json.dumps({"cached": path is not None}))
+`;
+        const result = await execAsync('uv', [
+            'run', '--with', 'huggingface-hub', 'python3', '-c', checkScript,
+        ], { timeout: 10000 });
+        const parsed = JSON.parse(result.stdout.trim());
+        _modelCached = Boolean(parsed.cached);
+    }
+    catch {
+        _modelCached = false;
+    }
+    return _modelCached;
+}
+/**
+ * Get the full status of the analyst subsystem.
+ * Used by `analyst status` and scan hints.
+ */
+async function getAnalystStatus() {
+    const backend = await detectBackend();
+    const cached = backend !== 'none' ? await isModelCached() : false;
+    return {
+        available: backend !== 'none' && cached,
+        backend,
+        modelCached: cached,
+        platform: process.platform === 'darwin' ? 'Apple Silicon (MLX)' : process.platform,
+        setupCommand: 'hackmyagent analm setup',
+    };
+}
+/**
+ * Quick check: is the analyst ready to run right now?
+ * Does NOT trigger downloads. Used by orchestrator to decide whether
+ * to show the "run analyst setup" hint.
+ */
+async function isAnalystReady() {
+    const backend = await detectBackend();
+    if (backend === 'none')
+        return false;
+    return isModelCached();
+}
+// ============================================================================
+// Model Setup
+// ============================================================================
+/**
+ * Download the AnaLM model. Called by `analm setup` command.
+ * Returns true on success.
+ */
+async function setupAnalystModel(quiet = false) {
+    const backend = await detectBackend();
+    if (backend === 'none') {
+        if (!quiet) {
+            process.stderr.write('No supported inference backend found.\n' +
+                (process.platform === 'darwin'
+                    ? 'Install uv (https://docs.astral.sh/uv/) and run again.\n'
+                    : 'Cross-platform support (llama.cpp) coming soon.\n' +
+                        'Currently requires Apple Silicon Mac with MLX.\n'));
+        }
+        return false;
+    }
+    if (await isModelCached()) {
+        if (!quiet)
+            process.stderr.write('AnaLM model already downloaded.\n');
+        return true;
+    }
+    if (!quiet) {
+        process.stderr.write(`Downloading AnaLM v${MODEL_VERSION} ` +
+            `(${backend === 'mlx' ? '1.8GB safetensors' : '~1GB GGUF'})...\n`);
+    }
+    try {
+        const downloadScript = `
+from huggingface_hub import snapshot_download
+import json
+path = snapshot_download("${HF_REPO}")
+print(json.dumps({"status": "ok", "path": path}))
+`;
+        const result = await execAsync('uv', [
+            'run', '--with', 'huggingface-hub', 'python3', '-c', downloadScript,
+        ], { timeout: 600000 }); // 10 min for large model
+        const parsed = JSON.parse(result.stdout.trim());
+        if (parsed.status === 'ok') {
+            _modelCached = true;
+            if (!quiet) {
+                process.stderr.write('AnaLM model ready.\n');
+                process.stderr.write('Use --analm with any scan command for AI-powered analysis.\n');
+            }
+            return true;
+        }
+    }
+    catch (err) {
+        if (!quiet) {
+            process.stderr.write(`Download failed: ${err?.message ?? 'unknown error'}\n` +
+                'Check your network connection and try again.\n');
+        }
+    }
+    return false;
+}
+// ============================================================================
+// Inference
+// ============================================================================
+/**
+ * Run analyst inference on the given request.
+ * Returns null if the analyst is unavailable or inference fails.
+ * Caller must gate behind --analyze flag.
+ */
+async function runAnalystInference(request) {
+    const backend = await detectBackend();
+    if (backend === 'none')
+        return null;
+    const cached = await isModelCached();
+    if (!cached)
+        return null;
+    if (backend === 'mlx') {
+        return runMlxInference(request);
+    }
+    // llamacpp backend -- planned
+    return null;
+}
+async function runMlxInference(request) {
+    const startMs = Date.now();
+    const truncatedContent = request.content.slice(0, MAX_INPUT_CHARS);
+    const systemPrompt = getSystemPrompt(request.taskType);
+    const userMessage = request.context
+        ? `Context: ${request.context}\n\nContent:\n${truncatedContent}`
+        : truncatedContent;
+    // Use external Python script to avoid template literal escaping issues
+    const scriptPath = (0, node_path_1.join)(__dirname, 'analm-infer.py');
+    try {
+        const result = await execAsync('uv', [
+            'run', '--with', 'mlx-lm', 'python3', scriptPath,
+            HF_REPO,
+            request.taskType,
+            JSON.stringify(systemPrompt),
+            JSON.stringify(userMessage),
+        ], { timeout: INFERENCE_TIMEOUT_MS });
+        // stdout may contain HuggingFace progress bars before the JSON line
+        const jsonLine = result.stdout.trim().split('\n')
+            .reverse()
+            .find(line => line.trim().startsWith('{'));
+        if (!jsonLine)
+            return null;
+        const parsed = JSON.parse(jsonLine.trim());
+        const durationMs = Date.now() - startMs;
+        if (parsed.ok && parsed.result) {
+            return {
+                taskType: request.taskType,
+                result: parsed.result,
+                confidence: typeof parsed.result.confidence === 'number' ? parsed.result.confidence : 0.5,
+                modelVersion: `nanomind-analyst-v${MODEL_VERSION}`,
+                durationMs,
+                backend: 'mlx',
+            };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+// ============================================================================
+// Task-Specific Runners
+// ============================================================================
+/**
+ * Run threat analysis on content flagged as suspicious/malicious.
+ */
+async function analyzeThreat(content, attackClass) {
+    const response = await runAnalystInference({
+        taskType: 'threatAnalysis',
+        content,
+        context: `Detected attack class: ${attackClass}`,
+    });
+    if (!response)
+        return null;
+    const r = response.result;
+    return {
+        threatLevel: String(r.threatLevel ?? 'unknown'),
+        attackVector: String(r.attackVector ?? attackClass),
+        description: String(r.description ?? ''),
+        mitigations: Array.isArray(r.mitigations) ? r.mitigations.map(String) : [],
+        confidence: response.confidence,
+    };
+}
+/**
+ * Assess whether a credential finding is a real credential or test/example.
+ */
+async function assessCredentialContext(content) {
+    const response = await runAnalystInference({
+        taskType: 'credentialContextClassification',
+        content,
+    });
+    if (!response)
+        return null;
+    const r = response.result;
+    const validClasses = ['real', 'test', 'example', 'placeholder', 'unknown'];
+    const classification = validClasses.includes(r.classification)
+        ? r.classification
+        : 'unknown';
+    return {
+        classification,
+        reasoning: String(r.reasoning ?? ''),
+        confidence: response.confidence,
+    };
+}
+/**
+ * Assess whether a finding is a false positive.
+ */
+async function assessFalsePositive(content, findingDescription) {
+    const response = await runAnalystInference({
+        taskType: 'falsePositiveDetection',
+        content,
+        context: `Finding: ${findingDescription}`,
+    });
+    if (!response)
+        return null;
+    const r = response.result;
+    return {
+        isFalsePositive: Boolean(r.isFalsePositive),
+        reasoning: String(r.reasoning ?? ''),
+        confidence: response.confidence,
+    };
+}
+/**
+ * Generate an intelligence report summarizing scan findings.
+ */
+async function generateIntelReport(findingsSummary) {
+    return runAnalystInference({
+        taskType: 'intelReport',
+        content: findingsSummary,
+    });
+}
+// ============================================================================
+// System Prompts
+// ============================================================================
+function getSystemPrompt(taskType) {
+    const prompts = {
+        threatAnalysis: 'You are a security analyst. Analyze the given content for threats. ' +
+            'Respond with JSON: {"threatLevel": "critical|high|medium|low|none", ' +
+            '"attackVector": "string", "description": "string", "mitigations": ["string"], ' +
+            '"confidence": 0.0-1.0}',
+        credentialContextClassification: 'You are a credential context classifier. Determine if the credential in the content ' +
+            'is real, test, example, or placeholder. ' +
+            'Respond with JSON: {"classification": "real|test|example|placeholder|unknown", ' +
+            '"reasoning": "string", "confidence": 0.0-1.0}',
+        falsePositiveDetection: 'You are a false positive detector for security findings. ' +
+            'Determine if the described finding is a false positive based on the content. ' +
+            'Respond with JSON: {"isFalsePositive": true|false, "reasoning": "string", ' +
+            '"confidence": 0.0-1.0}',
+        artifactClassification: 'You are a security artifact classifier. Classify the type of the given artifact. ' +
+            'Respond with JSON: {"artifactType": "string", "reasoning": "string", ' +
+            '"confidence": 0.0-1.0}',
+        checkExplanation: 'You are a security check explainer. Explain what the security check found and why it matters. ' +
+            'Respond with JSON: {"explanation": "string", "impact": "string", ' +
+            '"recommendation": "string", "confidence": 0.0-1.0}',
+        governanceReasoning: 'You are a governance analyst. Analyze the governance posture of the given artifact. ' +
+            'Respond with JSON: {"gaps": ["string"], "strengths": ["string"], ' +
+            '"recommendations": ["string"], "confidence": 0.0-1.0}',
+        intelReport: 'You are a security intelligence analyst. Generate an intelligence report for the scan results. ' +
+            'Respond with JSON: {"summary": "string", "keyFindings": ["string"], ' +
+            '"riskAssessment": "string", "recommendations": ["string"], "confidence": 0.0-1.0}',
+    };
+    return prompts[taskType];
+}
+// ============================================================================
+// Subprocess Helper
+// ============================================================================
+function execAsync(cmd, args, options = {}) {
+    return new Promise((resolve, reject) => {
+        (0, node_child_process_1.execFile)(cmd, args, {
+            timeout: options.timeout ?? 30000,
+            maxBuffer: 10 * 1024 * 1024, // 10MB
+            env: {
+                ...process.env,
+                HF_HOME: (0, node_path_1.join)((0, node_os_1.homedir)(), '.cache', 'huggingface'),
+            },
+        }, (error, stdout, stderr) => {
+            if (error) {
+                reject(error);
+            }
+            else {
+                resolve({ stdout: String(stdout), stderr: String(stderr) });
+            }
+        });
+    });
+}
+//# sourceMappingURL=security-analyst.js.map

package/dist/nanomind-core/inference/security-analyst.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-analyst.js","sourceRoot":"","sources":["../../../src/nanomind-core/inference/security-analyst.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;AAqJH,4CAWC;AAOD,wCAIC;AAUD,8CA0DC;AAWD,kDAeC;AAwDD,sCAmBC;AAKD,0DAoBC;AAKD,kDAiBC;AAKD,kDAOC;AA7YD,yCAAiC;AACjC,qCAAkC;AAClC,2DAA8C;AA4D9C,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,MAAM,OAAO,GAAG,mCAAmC,CAAC;AACpD,MAAM,aAAa,GAAG,OAAO,CAAC;AAE9B,yEAAyE;AACzE,MAAM,eAAe,GAAG,IAAI,CAAC;AAE7B,4EAA4E;AAC5E,MAAM,oBAAoB,GAAG,KAAM,CAAC;AAEpC,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,IAAI,gBAA4C,CAAC;AACjD,IAAI,YAAiC,CAAC;AAEtC;;;GAGG;AACH,KAAK,UAAU,aAAa;IAC1B,IAAI,gBAAgB,KAAK,SAAS;QAAE,OAAO,gBAAgB,CAAC;IAE5D,+BAA+B;IAC/B,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,EAAE;gBACpB,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI;gBAC1C,4BAA4B;aAC7B,EAAE,EAAE,OAAO,EAAE,KAAM,EAAE,CAAC,CAAC;YACxB,gBAAgB,GAAG,KAAK,CAAC;YACzB,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,mEAAmE;IACnE,QAAQ;IACR,4BAA4B;IAC5B,4DAA4D;IAC5D,kDAAkD;IAClD,6BAA6B;IAC7B,mCAAmC;IACnC,6BAA6B;IAC7B,kCAAkC;IAElC,gBAAgB,GAAG,MAAM,CAAC;IAC1B,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa;IAC1B,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,YAAY,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,WAAW,GAAG;;;iCAGS,OAAO;;CAEvC,CAAC;QACE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE;YACnC,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW;SACjE,EAAE,EAAE,OAAO,EAAE,KAAM,EAAE,CAAC,CAAC;QACxB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,gBAAgB;IACpC,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,aAAa,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAElE,OAAO;QACL,SAAS,EAAE,OAAO,KAAK,MAAM,IAAI,MAAM;QACvC,OAAO;QACP,WAAW,EAAE,MAAM;QACnB,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClF,YAAY,EAAE,yBAAyB;KACxC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,CAAC;IACtC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACrC,OAAO,aAAa,EAAE,CAAC;AACzB,CAAC;AAED,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;;GAGG;AACI,KAAK,UAAU,iBAAiB,CAAC,KAAK,GAAG,KAAK;IACnD,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,CAAC;IAEtC,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yCAAyC;gBACzC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;oBAC5B,CAAC,CAAC,0DAA0D;oBAC5D,CAAC,CAAC,mDAAmD;wBACnD,kDAAkD,CAAC,CACxD,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,aAAa,EAAE,EAAE,CAAC;QAC1B,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sBAAsB,aAAa,GAAG;YACtC,IAAI,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,WAAW,QAAQ,CAClE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,cAAc,GAAG;;;4BAGC,OAAO;;CAElC,CAAC;QACE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE;YACnC,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc;SACpE,EAAE,EAAE,OAAO,EAAE,MAAO,EAAE,CAAC,CAAC,CAAC,yBAAyB;QAEnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YAC3B,YAAY,GAAG,IAAI,CAAC;YACpB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;gBAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;YACvF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oBAAoB,GAAG,EAAE,OAAO,IAAI,eAAe,IAAI;gBACvD,gDAAgD,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E;;;;GAIG;AACI,KAAK,UAAU,mBAAmB,CACvC,OAAuB;IAEvB,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,CAAC;IACtC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,MAAM,GAAG,MAAM,aAAa,EAAE,CAAC;IACrC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;QACtB,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,8BAA8B;IAC9B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,OAAuB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE3B,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO;QACjC,CAAC,CAAC,YAAY,OAAO,CAAC,OAAO,iBAAiB,gBAAgB,EAAE;QAChE,CAAC,CAAC,gBAAgB,CAAC;IAErB,uEAAuE;IACvE,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE;YACnC,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU;YAChD,OAAO;YACP,OAAO,CAAC,QAAQ;YAChB,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;YAC5B,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;SAC5B,EAAE,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAEtC,oEAAoE;QACpE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;aAC9C,OAAO,EAAE;aACT,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QAExC,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAC/B,OAAO;gBACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,UAAU,EAAE,OAAO,MAAM,CAAC,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG;gBACzF,YAAY,EAAE,qBAAqB,aAAa,EAAE;gBAClD,UAAU;gBACV,OAAO,EAAE,KAAK;aACf,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,WAAmB;IAEnB,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC;QACzC,QAAQ,EAAE,gBAAgB;QAC1B,OAAO;QACP,OAAO,EAAE,0BAA0B,WAAW,EAAE;KACjD,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC1B,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,IAAI,SAAS,CAAC;QAC/C,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,YAAY,IAAI,WAAW,CAAC;QACnD,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;QACxC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;QAC1E,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB,CAC3C,OAAe;IAEf,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC;QACzC,QAAQ,EAAE,iCAAiC;QAC3C,OAAO;KACR,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC1B,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,SAAS,CAAU,CAAC;IACpF,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAqB,CAAC;QACnE,CAAC,CAAE,CAAC,CAAC,cAAsD;QAC3D,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO;QACL,cAAc;QACd,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;QACpC,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,OAAe,EACf,kBAA0B;IAE1B,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC;QACzC,QAAQ,EAAE,wBAAwB;QAClC,OAAO;QACP,OAAO,EAAE,YAAY,kBAAkB,EAAE;KAC1C,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC1B,OAAO;QACL,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QAC3C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;QACpC,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,eAAuB;IAEvB,OAAO,mBAAmB,CAAC;QACzB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,eAAe;KACzB,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,SAAS,eAAe,CAAC,QAAyB;IAChD,MAAM,OAAO,GAAoC;QAC/C,cAAc,EACZ,qEAAqE;YACrE,sEAAsE;YACtE,gFAAgF;YAChF,wBAAwB;QAC1B,+BAA+B,EAC7B,sFAAsF;YACtF,0CAA0C;YAC1C,iFAAiF;YACjF,+CAA+C;QACjD,sBAAsB,EACpB,2DAA2D;YAC3D,+EAA+E;YAC/E,4EAA4E;YAC5E,wBAAwB;QAC1B,sBAAsB,EACpB,mFAAmF;YACnF,uEAAuE;YACvE,wBAAwB;QAC1B,gBAAgB,EACd,gGAAgG;YAChG,mEAAmE;YACnE,oDAAoD;QACtD,mBAAmB,EACjB,sFAAsF;YACtF,mEAAmE;YACnE,uDAAuD;QACzD,WAAW,EACT,iGAAiG;YACjG,sEAAsE;YACtE,mFAAmF;KACtF,CAAC;IAEF,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,SAAS,SAAS,CAChB,GAAW,EACX,IAAc,EACd,UAAgC,EAAE;IAElC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAA,6BAAQ,EAAC,GAAG,EAAE,IAAI,EAAE;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,KAAM;YAClC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;YACpC,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,OAAO,EAAE,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,QAAQ,EAAE,aAAa,CAAC;aAClD;SACF,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YAC3B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}