npm - hackmyagent - Versions diffs - 0.7.2 → 0.8.0 - Mend

hackmyagent 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/LICENSE +191 -0
package/README.md +66 -28
package/dist/arp/cli/index.d.ts +3 -0
package/dist/arp/cli/index.d.ts.map +1 -0
package/dist/arp/cli/index.js +219 -0
package/dist/arp/cli/index.js.map +1 -0
package/dist/arp/config/loader.d.ts +8 -0
package/dist/arp/config/loader.d.ts.map +1 -0
package/dist/arp/config/loader.js +102 -0
package/dist/arp/config/loader.js.map +1 -0
package/dist/arp/enforcement/kill-switch.d.ts +22 -0
package/dist/arp/enforcement/kill-switch.d.ts.map +1 -0
package/dist/arp/enforcement/kill-switch.js +122 -0
package/dist/arp/enforcement/kill-switch.js.map +1 -0
package/dist/arp/engine/event-engine.d.ts +29 -0
package/dist/arp/engine/event-engine.d.ts.map +1 -0
package/dist/arp/engine/event-engine.js +233 -0
package/dist/arp/engine/event-engine.js.map +1 -0
package/dist/arp/index.d.ts +81 -0
package/dist/arp/index.d.ts.map +1 -0
package/dist/arp/index.js +239 -0
package/dist/arp/index.js.map +1 -0
package/dist/arp/intelligence/adapters.d.ts +45 -0
package/dist/arp/intelligence/adapters.d.ts.map +1 -0
package/dist/arp/intelligence/adapters.js +222 -0
package/dist/arp/intelligence/adapters.js.map +1 -0
package/dist/arp/intelligence/anomaly.d.ts +32 -0
package/dist/arp/intelligence/anomaly.d.ts.map +1 -0
package/dist/arp/intelligence/anomaly.js +80 -0
package/dist/arp/intelligence/anomaly.js.map +1 -0
package/dist/arp/intelligence/budget.d.ts +33 -0
package/dist/arp/intelligence/budget.d.ts.map +1 -0
package/dist/arp/intelligence/budget.js +150 -0
package/dist/arp/intelligence/budget.js.map +1 -0
package/dist/arp/intelligence/coordinator.d.ts +43 -0
package/dist/arp/intelligence/coordinator.d.ts.map +1 -0
package/dist/arp/intelligence/coordinator.js +301 -0
package/dist/arp/intelligence/coordinator.js.map +1 -0
package/dist/arp/interceptors/a2a-protocol.d.ts +29 -0
package/dist/arp/interceptors/a2a-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/a2a-protocol.js +111 -0
package/dist/arp/interceptors/a2a-protocol.js.map +1 -0
package/dist/arp/interceptors/filesystem.d.ts +33 -0
package/dist/arp/interceptors/filesystem.d.ts.map +1 -0
package/dist/arp/interceptors/filesystem.js +199 -0
package/dist/arp/interceptors/filesystem.js.map +1 -0
package/dist/arp/interceptors/mcp-protocol.d.ts +25 -0
package/dist/arp/interceptors/mcp-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/mcp-protocol.js +126 -0
package/dist/arp/interceptors/mcp-protocol.js.map +1 -0
package/dist/arp/interceptors/network.d.ts +26 -0
package/dist/arp/interceptors/network.d.ts.map +1 -0
package/dist/arp/interceptors/network.js +146 -0
package/dist/arp/interceptors/network.js.map +1 -0
package/dist/arp/interceptors/process.d.ts +26 -0
package/dist/arp/interceptors/process.d.ts.map +1 -0
package/dist/arp/interceptors/process.js +157 -0
package/dist/arp/interceptors/process.js.map +1 -0
package/dist/arp/interceptors/prompt.d.ts +29 -0
package/dist/arp/interceptors/prompt.d.ts.map +1 -0
package/dist/arp/interceptors/prompt.js +82 -0
package/dist/arp/interceptors/prompt.js.map +1 -0
package/dist/arp/license/index.d.ts +59 -0
package/dist/arp/license/index.d.ts.map +1 -0
package/dist/arp/license/index.js +78 -0
package/dist/arp/license/index.js.map +1 -0
package/dist/arp/monitors/filesystem.d.ts +21 -0
package/dist/arp/monitors/filesystem.d.ts.map +1 -0
package/dist/arp/monitors/filesystem.js +141 -0
package/dist/arp/monitors/filesystem.js.map +1 -0
package/dist/arp/monitors/network.d.ts +32 -0
package/dist/arp/monitors/network.d.ts.map +1 -0
package/dist/arp/monitors/network.js +301 -0
package/dist/arp/monitors/network.js.map +1 -0
package/dist/arp/monitors/process.d.ts +24 -0
package/dist/arp/monitors/process.d.ts.map +1 -0
package/dist/arp/monitors/process.js +205 -0
package/dist/arp/monitors/process.js.map +1 -0
package/dist/arp/patterns/ai-threats.d.ts +48 -0
package/dist/arp/patterns/ai-threats.d.ts.map +1 -0
package/dist/arp/patterns/ai-threats.js +215 -0
package/dist/arp/patterns/ai-threats.js.map +1 -0
package/dist/arp/proxy/forward.d.ts +23 -0
package/dist/arp/proxy/forward.d.ts.map +1 -0
package/dist/arp/proxy/forward.js +152 -0
package/dist/arp/proxy/forward.js.map +1 -0
package/dist/arp/proxy/server.d.ts +45 -0
package/dist/arp/proxy/server.d.ts.map +1 -0
package/dist/arp/proxy/server.js +331 -0
package/dist/arp/proxy/server.js.map +1 -0
package/dist/arp/reporting/local-log.d.ts +22 -0
package/dist/arp/reporting/local-log.d.ts.map +1 -0
package/dist/arp/reporting/local-log.js +116 -0
package/dist/arp/reporting/local-log.js.map +1 -0
package/dist/arp/types.d.ts +230 -0
package/dist/arp/types.d.ts.map +1 -0
package/dist/arp/types.js +4 -0
package/dist/arp/types.js.map +1 -0
package/dist/attack/custom-payloads.d.ts +11 -0
package/dist/attack/custom-payloads.d.ts.map +1 -0
package/dist/attack/custom-payloads.js +108 -0
package/dist/attack/custom-payloads.js.map +1 -0
package/dist/attack/fail-policy.d.ts +16 -0
package/dist/attack/fail-policy.d.ts.map +1 -0
package/dist/attack/fail-policy.js +36 -0
package/dist/attack/fail-policy.js.map +1 -0
package/dist/attack/index.d.ts +12 -0
package/dist/attack/index.d.ts.map +1 -0
package/dist/attack/index.js +30 -0
package/dist/attack/index.js.map +1 -0
package/dist/attack/payloads/a2a-attacks.d.ts +12 -0
package/dist/attack/payloads/a2a-attacks.d.ts.map +1 -0
package/dist/attack/payloads/a2a-attacks.js +221 -0
package/dist/attack/payloads/a2a-attacks.js.map +1 -0
package/dist/attack/payloads/capability-abuse.d.ts +8 -0
package/dist/attack/payloads/capability-abuse.d.ts.map +1 -0
package/dist/attack/payloads/capability-abuse.js +222 -0
package/dist/attack/payloads/capability-abuse.js.map +1 -0
package/dist/attack/payloads/context-manipulation.d.ts +8 -0
package/dist/attack/payloads/context-manipulation.d.ts.map +1 -0
package/dist/attack/payloads/context-manipulation.js +217 -0
package/dist/attack/payloads/context-manipulation.js.map +1 -0
package/dist/attack/payloads/data-exfiltration.d.ts +8 -0
package/dist/attack/payloads/data-exfiltration.d.ts.map +1 -0
package/dist/attack/payloads/data-exfiltration.js +249 -0
package/dist/attack/payloads/data-exfiltration.js.map +1 -0
package/dist/attack/payloads/index.d.ts +29 -0
package/dist/attack/payloads/index.d.ts.map +1 -0
package/dist/attack/payloads/index.js +76 -0
package/dist/attack/payloads/index.js.map +1 -0
package/dist/attack/payloads/jailbreak.d.ts +8 -0
package/dist/attack/payloads/jailbreak.d.ts.map +1 -0
package/dist/attack/payloads/jailbreak.js +265 -0
package/dist/attack/payloads/jailbreak.js.map +1 -0
package/dist/attack/payloads/mcp-exploitation.d.ts +12 -0
package/dist/attack/payloads/mcp-exploitation.d.ts.map +1 -0
package/dist/attack/payloads/mcp-exploitation.js +221 -0
package/dist/attack/payloads/mcp-exploitation.js.map +1 -0
package/dist/attack/payloads/prompt-injection.d.ts +8 -0
package/dist/attack/payloads/prompt-injection.d.ts.map +1 -0
package/dist/attack/payloads/prompt-injection.js +262 -0
package/dist/attack/payloads/prompt-injection.js.map +1 -0
package/dist/attack/scanner.d.ts +84 -0
package/dist/attack/scanner.d.ts.map +1 -0
package/dist/attack/scanner.js +509 -0
package/dist/attack/scanner.js.map +1 -0
package/dist/attack/types.d.ts +153 -0
package/dist/attack/types.d.ts.map +1 -0
package/dist/attack/types.js +46 -0
package/dist/attack/types.js.map +1 -0
package/dist/benchmarks/index.d.ts +16 -0
package/dist/benchmarks/index.d.ts.map +1 -0
package/dist/benchmarks/index.js +27 -0
package/dist/benchmarks/index.js.map +1 -0
package/dist/benchmarks/oasb-1.d.ts +112 -0
package/dist/benchmarks/oasb-1.d.ts.map +1 -0
package/dist/benchmarks/oasb-1.js +1124 -0
package/dist/benchmarks/oasb-1.js.map +1 -0
package/dist/checker/check-skill.d.ts +48 -0
package/dist/checker/check-skill.d.ts.map +1 -0
package/dist/checker/check-skill.js +105 -0
package/dist/checker/check-skill.js.map +1 -0
package/dist/checker/index.d.ts +12 -0
package/dist/checker/index.d.ts.map +1 -0
package/dist/checker/index.js +16 -0
package/dist/checker/index.js.map +1 -0
package/dist/checker/permission-analyzer.d.ts +12 -0
package/dist/checker/permission-analyzer.d.ts.map +1 -0
package/dist/checker/permission-analyzer.js +84 -0
package/dist/checker/permission-analyzer.js.map +1 -0
package/dist/checker/publisher-verifier.d.ts +34 -0
package/dist/checker/publisher-verifier.d.ts.map +1 -0
package/dist/checker/publisher-verifier.js +121 -0
package/dist/checker/publisher-verifier.js.map +1 -0
package/dist/checker/skill-identifier.d.ts +14 -0
package/dist/checker/skill-identifier.d.ts.map +1 -0
package/dist/checker/skill-identifier.js +55 -0
package/dist/checker/skill-identifier.js.map +1 -0
package/dist/cli.d.ts +7 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +3534 -0
package/dist/cli.js.map +1 -0
package/dist/hardening/index.d.ts +7 -0
package/dist/hardening/index.d.ts.map +1 -0
package/dist/hardening/index.js +9 -0
package/dist/hardening/index.js.map +1 -0
package/dist/hardening/scanner.d.ts +147 -0
package/dist/hardening/scanner.d.ts.map +1 -0
package/dist/hardening/scanner.js +5445 -0
package/dist/hardening/scanner.js.map +1 -0
package/dist/hardening/security-check.d.ts +85 -0
package/dist/hardening/security-check.d.ts.map +1 -0
package/dist/hardening/security-check.js +6 -0
package/dist/hardening/security-check.js.map +1 -0
package/dist/index.d.ts +38 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +91 -3525
package/dist/index.js.map +1 -1
package/dist/mcp-server.js +10 -10
package/dist/mcp-server.js.map +1 -1
package/dist/oasb/config/dvaa-targets.d.ts +13 -0
package/dist/oasb/config/dvaa-targets.d.ts.map +1 -0
package/dist/oasb/config/dvaa-targets.js +89 -0
package/dist/oasb/config/dvaa-targets.js.map +1 -0
package/dist/oasb/harness/arp-wrapper.d.ts +29 -0
package/dist/oasb/harness/arp-wrapper.d.ts.map +1 -0
package/dist/oasb/harness/arp-wrapper.js +134 -0
package/dist/oasb/harness/arp-wrapper.js.map +1 -0
package/dist/oasb/harness/dvaa-client.d.ts +46 -0
package/dist/oasb/harness/dvaa-client.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-client.js +98 -0
package/dist/oasb/harness/dvaa-client.js.map +1 -0
package/dist/oasb/harness/dvaa-manager.d.ts +17 -0
package/dist/oasb/harness/dvaa-manager.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-manager.js +132 -0
package/dist/oasb/harness/dvaa-manager.js.map +1 -0
package/dist/oasb/harness/event-collector.d.ts +33 -0
package/dist/oasb/harness/event-collector.d.ts.map +1 -0
package/dist/oasb/harness/event-collector.js +86 -0
package/dist/oasb/harness/event-collector.js.map +1 -0
package/dist/oasb/harness/metrics.d.ts +14 -0
package/dist/oasb/harness/metrics.d.ts.map +1 -0
package/dist/oasb/harness/metrics.js +56 -0
package/dist/oasb/harness/metrics.js.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts +34 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.js +69 -0
package/dist/oasb/harness/mock-llm-adapter.js.map +1 -0
package/dist/oasb/harness/types.d.ts +74 -0
package/dist/oasb/harness/types.d.ts.map +1 -0
package/dist/oasb/harness/types.js +3 -0
package/dist/oasb/harness/types.js.map +1 -0
package/dist/plugins/core.d.ts +109 -0
package/dist/plugins/core.d.ts.map +1 -0
package/dist/plugins/core.js +30 -0
package/dist/plugins/core.js.map +1 -0
package/dist/plugins/credvault.d.ts +22 -0
package/dist/plugins/credvault.d.ts.map +1 -0
package/dist/plugins/credvault.js +374 -0
package/dist/plugins/credvault.js.map +1 -0
package/dist/plugins/signcrypt.d.ts +27 -0
package/dist/plugins/signcrypt.d.ts.map +1 -0
package/dist/plugins/signcrypt.js +317 -0
package/dist/plugins/signcrypt.js.map +1 -0
package/dist/plugins/skillguard.d.ts +25 -0
package/dist/plugins/skillguard.d.ts.map +1 -0
package/dist/plugins/skillguard.js +346 -0
package/dist/plugins/skillguard.js.map +1 -0
package/dist/registry/client.d.ts +125 -0
package/dist/registry/client.d.ts.map +1 -0
package/dist/registry/client.js +308 -0
package/dist/registry/client.js.map +1 -0
package/dist/registry/index.d.ts +3 -0
package/dist/registry/index.d.ts.map +1 -0
package/dist/registry/index.js +10 -0
package/dist/registry/index.js.map +1 -0
package/dist/scanner/external-scanner.d.ts +13 -0
package/dist/scanner/external-scanner.d.ts.map +1 -0
package/dist/scanner/external-scanner.js +299 -0
package/dist/scanner/external-scanner.js.map +1 -0
package/dist/scanner/index.d.ts +6 -0
package/dist/scanner/index.d.ts.map +1 -0
package/dist/scanner/index.js +9 -0
package/dist/scanner/index.js.map +1 -0
package/dist/scanner/types.d.ts +32 -0
package/dist/scanner/types.d.ts.map +1 -0
package/dist/scanner/types.js +6 -0
package/dist/scanner/types.js.map +1 -0
package/dist/semantic/deep-scan.d.ts +13 -0
package/dist/semantic/deep-scan.d.ts.map +1 -0
package/dist/semantic/deep-scan.js +63 -0
package/dist/semantic/deep-scan.js.map +1 -0
package/dist/semantic/index.d.ts +17 -0
package/dist/semantic/index.d.ts.map +1 -0
package/dist/semantic/index.js +39 -0
package/dist/semantic/index.js.map +1 -0
package/dist/semantic/integration/cost-estimator.d.ts +17 -0
package/dist/semantic/integration/cost-estimator.d.ts.map +1 -0
package/dist/semantic/integration/cost-estimator.js +54 -0
package/dist/semantic/integration/cost-estimator.js.map +1 -0
package/dist/semantic/integration/finding-adapter.d.ts +34 -0
package/dist/semantic/integration/finding-adapter.d.ts.map +1 -0
package/dist/semantic/integration/finding-adapter.js +41 -0
package/dist/semantic/integration/finding-adapter.js.map +1 -0
package/dist/semantic/integration/oasb-upgrader.d.ts +20 -0
package/dist/semantic/integration/oasb-upgrader.d.ts.map +1 -0
package/dist/semantic/integration/oasb-upgrader.js +47 -0
package/dist/semantic/integration/oasb-upgrader.js.map +1 -0
package/dist/semantic/llm/budget.d.ts +50 -0
package/dist/semantic/llm/budget.d.ts.map +1 -0
package/dist/semantic/llm/budget.js +139 -0
package/dist/semantic/llm/budget.js.map +1 -0
package/dist/semantic/llm/cache.d.ts +36 -0
package/dist/semantic/llm/cache.d.ts.map +1 -0
package/dist/semantic/llm/cache.js +103 -0
package/dist/semantic/llm/cache.js.map +1 -0
package/dist/semantic/llm/client.d.ts +49 -0
package/dist/semantic/llm/client.d.ts.map +1 -0
package/dist/semantic/llm/client.js +64 -0
package/dist/semantic/llm/client.js.map +1 -0
package/dist/semantic/llm/index.d.ts +33 -0
package/dist/semantic/llm/index.d.ts.map +1 -0
package/dist/semantic/llm/index.js +129 -0
package/dist/semantic/llm/index.js.map +1 -0
package/dist/semantic/llm/prompts.d.ts +30 -0
package/dist/semantic/llm/prompts.d.ts.map +1 -0
package/dist/semantic/llm/prompts.js +120 -0
package/dist/semantic/llm/prompts.js.map +1 -0
package/dist/semantic/structural/credential-context.d.ts +14 -0
package/dist/semantic/structural/credential-context.d.ts.map +1 -0
package/dist/semantic/structural/credential-context.js +295 -0
package/dist/semantic/structural/credential-context.js.map +1 -0
package/dist/semantic/structural/index.d.ts +28 -0
package/dist/semantic/structural/index.d.ts.map +1 -0
package/dist/semantic/structural/index.js +138 -0
package/dist/semantic/structural/index.js.map +1 -0
package/dist/semantic/structural/instruction.d.ts +19 -0
package/dist/semantic/structural/instruction.d.ts.map +1 -0
package/dist/semantic/structural/instruction.js +167 -0
package/dist/semantic/structural/instruction.js.map +1 -0
package/dist/semantic/structural/mcp-config.d.ts +22 -0
package/dist/semantic/structural/mcp-config.d.ts.map +1 -0
package/dist/semantic/structural/mcp-config.js +294 -0
package/dist/semantic/structural/mcp-config.js.map +1 -0
package/dist/semantic/structural/permission-model.d.ts +16 -0
package/dist/semantic/structural/permission-model.d.ts.map +1 -0
package/dist/semantic/structural/permission-model.js +121 -0
package/dist/semantic/structural/permission-model.js.map +1 -0
package/dist/semantic/types.d.ts +122 -0
package/dist/semantic/types.d.ts.map +1 -0
package/dist/semantic/types.js +10 -0
package/dist/semantic/types.js.map +1 -0
package/package.json +25 -14

package/dist/arp/interceptors/network.js ADDED Viewed

@@ -0,0 +1,146 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NetworkInterceptor = void 0;
+const net = __importStar(require("net"));
+/** Known exfiltration/suspicious destinations */
+const SUSPICIOUS_HOSTS = [
+    'webhook.site', 'requestbin', 'ngrok.io', 'pipedream.net',
+    'hookbin.com', 'burpcollaborator', 'interact.sh', 'oastify.com',
+    'pastebin.com', 'transfer.sh',
+];
+/**
+ * Network interceptor — hooks net.Socket.prototype.connect to intercept
+ * ALL outbound TCP connections at the application level.
+ *
+ * Advantages over lsof/ss polling:
+ * - Zero latency: events fire before the connection is made
+ * - 100% accuracy: no missed connections between poll intervals
+ * - No system tool dependency: works in sandboxed/container environments
+ * - Covers all Node.js networking (http, https, fetch, net.connect)
+ */
+class NetworkInterceptor {
+    constructor(engine, allowedHosts) {
+        this.type = 'network';
+        this.originalConnect = null;
+        this.active = false;
+        this.engine = engine;
+        this.allowedHosts = new Set(allowedHosts ?? []);
+    }
+    async start() {
+        if (this.active)
+            return;
+        this.originalConnect = net.Socket.prototype.connect;
+        const self = this;
+        // Patch net.Socket.prototype.connect to intercept all TCP connections
+        net.Socket.prototype.connect = function (...args) {
+            const parsed = self.parseConnectArgs(args);
+            if (parsed) {
+                self.handleConnection(parsed.host, parsed.port);
+            }
+            return self.originalConnect.apply(this, args);
+        };
+        this.active = true;
+    }
+    async stop() {
+        if (!this.active || !this.originalConnect)
+            return;
+        net.Socket.prototype.connect = this.originalConnect;
+        this.originalConnect = null;
+        this.active = false;
+    }
+    isRunning() {
+        return this.active;
+    }
+    parseConnectArgs(args) {
+        if (args.length === 0)
+            return null;
+        let first = args[0];
+        // Node.js internals normalize args as [options, callback] array
+        if (Array.isArray(first)) {
+            first = first[0];
+        }
+        if (typeof first === 'object' && first !== null) {
+            const opts = first;
+            const port = opts.port;
+            const host = opts.host ?? '127.0.0.1';
+            if (typeof port === 'number') {
+                return { host, port };
+            }
+        }
+        else if (typeof first === 'number') {
+            const host = typeof args[1] === 'string' ? args[1] : '127.0.0.1';
+            return { host, port: first };
+        }
+        return null;
+    }
+    handleConnection(host, port) {
+        const dest = `${host}:${port}`;
+        // Check for suspicious hosts
+        const isSuspicious = SUSPICIOUS_HOSTS.some((h) => host.includes(h));
+        if (isSuspicious) {
+            this.engine.emit({
+                source: 'network',
+                category: 'threat',
+                severity: 'critical',
+                description: `Intercepted connection to suspicious host: ${dest}`,
+                data: {
+                    remoteAddr: host,
+                    remotePort: port,
+                    intercepted: true,
+                },
+            });
+            return;
+        }
+        // Check allowed hosts
+        const isAllowed = this.allowedHosts.size === 0 ||
+            this.allowedHosts.has(host) ||
+            Array.from(this.allowedHosts).some((h) => host === h || host.endsWith('.' + h));
+        this.engine.emit({
+            source: 'network',
+            category: isAllowed ? 'normal' : 'anomaly',
+            severity: isAllowed ? 'info' : 'medium',
+            description: `Intercepted outbound connection: ${dest}`,
+            data: {
+                remoteAddr: host,
+                remotePort: port,
+                allowed: isAllowed,
+                intercepted: true,
+            },
+        });
+    }
+}
+exports.NetworkInterceptor = NetworkInterceptor;
+//# sourceMappingURL=network.js.map

package/dist/arp/interceptors/network.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network.js","sourceRoot":"","sources":["../../../src/arp/interceptors/network.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAA2B;AAI3B,iDAAiD;AACjD,MAAM,gBAAgB,GAAG;IACvB,cAAc,EAAE,YAAY,EAAE,UAAU,EAAE,eAAe;IACzD,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa;IAC/D,cAAc,EAAE,aAAa;CAC9B,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAa,kBAAkB;IAO7B,YAAY,MAAmB,EAAE,YAAuB;QAN/C,SAAI,GAAgB,SAAS,CAAC;QAG/B,oBAAe,GAA+C,IAAI,CAAC;QACnE,WAAM,GAAG,KAAK,CAAC;QAGrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC;QAElB,sEAAsE;QACtE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,GAAG,UAA4B,GAAG,IAAe;YAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;YAClD,CAAC;YACD,OAAO,IAAI,CAAC,eAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,IAAuD,CAAC,CAAC;QACpG,CAAwC,CAAC;QAEzC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAO;QAClD,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEO,gBAAgB,CAAC,IAAe;QACtC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEnC,IAAI,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEpB,gEAAgE;QAChE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,IAAI,GAAG,KAAgC,CAAC;YAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,IAA0B,CAAC;YAC7C,MAAM,IAAI,GAAI,IAAI,CAAC,IAAe,IAAI,WAAW,CAAC;YAClD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACjE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC/B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,gBAAgB,CAAC,IAAY,EAAE,IAAY;QACjD,MAAM,IAAI,GAAG,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;QAE/B,6BAA6B;QAC7B,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CACjB,CAAC;QAEF,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,SAAS;gBACjB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,8CAA8C,IAAI,EAAE;gBACjE,IAAI,EAAE;oBACJ,UAAU,EAAE,IAAI;oBAChB,UAAU,EAAE,IAAI;oBAChB,WAAW,EAAE,IAAI;iBAClB;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC;YAC5C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CACrC,CAAC;QAEJ,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,SAAS;YACjB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YAC1C,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACvC,WAAW,EAAE,oCAAoC,IAAI,EAAE;YACvD,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI;gBAChB,UAAU,EAAE,IAAI;gBAChB,OAAO,EAAE,SAAS;gBAClB,WAAW,EAAE,IAAI;aAClB;SACF,CAAC,CAAC;IACL,CAAC;CACF;AA7GD,gDA6GC"}

package/dist/arp/interceptors/process.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import type { Monitor, MonitorType } from '../types';
+import type { EventEngine } from '../engine/event-engine';
+/**
+ * Process interceptor — hooks child_process.spawn/exec/execFile/fork to
+ * intercept ALL process creation at the application level.
+ *
+ * Advantages over ps polling:
+ * - Zero latency: events fire before the process is spawned
+ * - 100% accuracy: catches every spawn, even short-lived processes
+ * - No system tool dependency: works in sandboxed environments
+ * - Full argument visibility: sees the exact command and args
+ */
+export declare class ProcessInterceptor implements Monitor {
+    readonly type: MonitorType;
+    private readonly engine;
+    private readonly cpModule;
+    private originals;
+    private active;
+    constructor(engine: EventEngine);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    isRunning(): boolean;
+    private handleSpawn;
+    private handleExec;
+}
+//# sourceMappingURL=process.d.ts.map

package/dist/arp/interceptors/process.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"process.d.ts","sourceRoot":"","sources":["../../../src/arp/interceptors/process.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAS1D;;;;;;;;;GASG;AACH,qBAAa,kBAAmB,YAAW,OAAO;IAChD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAa;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IAErC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2B;IACpD,OAAO,CAAC,SAAS,CAAyC;IAC1D,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,WAAW;IAMzB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAkDtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAY3B,SAAS,IAAI,OAAO;IAIpB,OAAO,CAAC,WAAW;IAsBnB,OAAO,CAAC,UAAU;CAoBnB"}

package/dist/arp/interceptors/process.js ADDED Viewed

@@ -0,0 +1,157 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProcessInterceptor = void 0;
+const path = __importStar(require("path"));
+/** Binaries commonly used for exfiltration, lateral movement, or exploitation */
+const SUSPICIOUS_BINARIES = [
+    'curl', 'wget', 'nc', 'ncat', 'nmap', 'ssh', 'scp',
+    'python', 'python3', 'perl', 'ruby', 'base64',
+    'socat', 'telnet', 'ftp', 'rsync',
+];
+/**
+ * Process interceptor — hooks child_process.spawn/exec/execFile/fork to
+ * intercept ALL process creation at the application level.
+ *
+ * Advantages over ps polling:
+ * - Zero latency: events fire before the process is spawned
+ * - 100% accuracy: catches every spawn, even short-lived processes
+ * - No system tool dependency: works in sandboxed environments
+ * - Full argument visibility: sees the exact command and args
+ */
+class ProcessInterceptor {
+    constructor(engine) {
+        this.type = 'process';
+        this.originals = null;
+        this.active = false;
+        this.engine = engine;
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        this.cpModule = require('child_process');
+    }
+    async start() {
+        if (this.active)
+            return;
+        const self = this;
+        const mod = this.cpModule;
+        this.originals = {};
+        for (const fn of ['spawn', 'spawnSync', 'exec', 'execSync', 'execFile', 'execFileSync', 'fork']) {
+            this.originals[fn] = mod[fn];
+        }
+        const orig = this.originals;
+        mod.spawn = function (...args) {
+            self.handleSpawn(args[0], Array.isArray(args[1]) ? args[1] : []);
+            return orig.spawn.apply(mod, args);
+        };
+        mod.spawnSync = function (...args) {
+            self.handleSpawn(args[0], Array.isArray(args[1]) ? args[1] : []);
+            return orig.spawnSync.apply(mod, args);
+        };
+        mod.exec = function (...args) {
+            self.handleExec(args[0]);
+            return orig.exec.apply(mod, args);
+        };
+        mod.execSync = function (...args) {
+            self.handleExec(args[0]);
+            return orig.execSync.apply(mod, args);
+        };
+        mod.execFile = function (...args) {
+            self.handleSpawn(args[0], Array.isArray(args[1]) ? args[1] : []);
+            return orig.execFile.apply(mod, args);
+        };
+        mod.execFileSync = function (...args) {
+            self.handleSpawn(args[0], Array.isArray(args[1]) ? args[1] : []);
+            return orig.execFileSync.apply(mod, args);
+        };
+        mod.fork = function (...args) {
+            self.handleSpawn('node', [args[0], ...(args[1] ?? [])]);
+            return orig.fork.apply(mod, args);
+        };
+        this.active = true;
+    }
+    async stop() {
+        if (!this.active || !this.originals)
+            return;
+        const mod = this.cpModule;
+        for (const [name, original] of Object.entries(this.originals)) {
+            mod[name] = original;
+        }
+        this.originals = null;
+        this.active = false;
+    }
+    isRunning() {
+        return this.active;
+    }
+    handleSpawn(command, args) {
+        const binary = path.basename(command);
+        const fullCommand = [command, ...args].join(' ');
+        const isSuspicious = SUSPICIOUS_BINARIES.includes(binary);
+        this.engine.emit({
+            source: 'process',
+            category: isSuspicious ? 'violation' : 'normal',
+            severity: isSuspicious ? 'high' : 'info',
+            description: isSuspicious
+                ? `Intercepted suspicious binary: ${binary} — ${fullCommand.slice(0, 100)}`
+                : `Intercepted process spawn: ${fullCommand.slice(0, 100)}`,
+            data: {
+                binary,
+                command: fullCommand,
+                args,
+                intercepted: true,
+                suspicious: isSuspicious,
+            },
+        });
+    }
+    handleExec(command) {
+        const parts = command.trim().split(/\s+/);
+        const binary = path.basename(parts[0]);
+        const isSuspicious = SUSPICIOUS_BINARIES.includes(binary);
+        this.engine.emit({
+            source: 'process',
+            category: isSuspicious ? 'violation' : 'normal',
+            severity: isSuspicious ? 'high' : 'info',
+            description: isSuspicious
+                ? `Intercepted suspicious exec: ${binary} — ${command.slice(0, 100)}`
+                : `Intercepted exec: ${command.slice(0, 100)}`,
+            data: {
+                binary,
+                command,
+                intercepted: true,
+                suspicious: isSuspicious,
+            },
+        });
+    }
+}
+exports.ProcessInterceptor = ProcessInterceptor;
+//# sourceMappingURL=process.js.map

package/dist/arp/interceptors/process.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"process.js","sourceRoot":"","sources":["../../../src/arp/interceptors/process.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAI7B,iFAAiF;AACjF,MAAM,mBAAmB,GAAG;IAC1B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IAClD,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ;IAC7C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO;CAClC,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAa,kBAAkB;IAQ7B,YAAY,MAAmB;QAPtB,SAAI,GAAgB,SAAS,CAAC;QAI/B,cAAS,GAAoC,IAAI,CAAC;QAClD,WAAM,GAAG,KAAK,CAAC;QAGrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,iEAAiE;QACjE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACpB,KAAK,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC;YAChG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;QAE5B,GAAG,CAAC,KAAK,GAAG,UAAU,GAAG,IAAe;YACtC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC;QAEF,GAAG,CAAC,SAAS,GAAG,UAAU,GAAG,IAAe;YAC1C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvF,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACzC,CAAC,CAAC;QAEF,GAAG,CAAC,IAAI,GAAG,UAAU,GAAG,IAAe;YACrC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAW,CAAC,CAAC;YACnC,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC;QAEF,GAAG,CAAC,QAAQ,GAAG,UAAU,GAAG,IAAe;YACzC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAW,CAAC,CAAC;YACnC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACxC,CAAC,CAAC;QAEF,GAAG,CAAC,QAAQ,GAAG,UAAU,GAAG,IAAe;YACzC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvF,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACxC,CAAC,CAAC;QAEF,GAAG,CAAC,YAAY,GAAG,UAAU,GAAG,IAAe;YAC7C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvF,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,GAAG,CAAC,IAAI,GAAG,UAAU,GAAG,IAAe;YACrC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,GAAG,CAAE,IAAI,CAAC,CAAC,CAAc,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChF,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC;QAEF,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO;QAE5C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC;QACvB,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,IAAc;QACjD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,SAAS;YACjB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;YAC/C,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACxC,WAAW,EAAE,YAAY;gBACvB,CAAC,CAAC,kCAAkC,MAAM,MAAM,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBAC3E,CAAC,CAAC,8BAA8B,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YAC7D,IAAI,EAAE;gBACJ,MAAM;gBACN,OAAO,EAAE,WAAW;gBACpB,IAAI;gBACJ,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE,YAAY;aACzB;SACF,CAAC,CAAC;IACL,CAAC;IAEO,UAAU,CAAC,OAAe;QAChC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,SAAS;YACjB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;YAC/C,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACxC,WAAW,EAAE,YAAY;gBACvB,CAAC,CAAC,gCAAgC,MAAM,MAAM,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACrE,CAAC,CAAC,qBAAqB,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YAChD,IAAI,EAAE;gBACJ,MAAM;gBACN,OAAO;gBACP,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE,YAAY;aACzB;SACF,CAAC,CAAC;IACL,CAAC;CACF;AA1HD,gDA0HC"}

package/dist/arp/interceptors/prompt.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { Monitor, MonitorType } from '../types';
+import type { EventEngine } from '../engine/event-engine';
+import { type ScanResult } from '../patterns/ai-threats';
+/**
+ * Prompt interceptor -- scans user messages and LLM responses for
+ * injection, jailbreak, data exfiltration, and output leak patterns.
+ *
+ * Operates at the AI/semantic layer (L0 regex detection).
+ * Designed to be called by the HTTP proxy or directly via SDK integration.
+ */
+export declare class PromptInterceptor implements Monitor {
+    readonly type: MonitorType;
+    private readonly engine;
+    private active;
+    constructor(engine: EventEngine);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    isRunning(): boolean;
+    /**
+     * Scan user/agent input for prompt injection, jailbreak,
+     * data exfiltration, and context manipulation attempts.
+     */
+    scanInput(content: string): ScanResult;
+    /**
+     * Scan LLM output for leaked secrets, PII, and system prompt disclosure.
+     */
+    scanOutput(content: string): ScanResult;
+}
+//# sourceMappingURL=prompt.d.ts.map

package/dist/arp/interceptors/prompt.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../../src/arp/interceptors/prompt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAA0B,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEjF;;;;;;GAMG;AACH,qBAAa,iBAAkB,YAAW,OAAO;IAC/C,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,WAAW;IAIzB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,SAAS,IAAI,OAAO;IAIpB;;;OAGG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAyBtC;;OAEG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;CAwBxC"}

package/dist/arp/interceptors/prompt.js ADDED Viewed

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PromptInterceptor = void 0;
+const ai_threats_1 = require("../patterns/ai-threats");
+/**
+ * Prompt interceptor -- scans user messages and LLM responses for
+ * injection, jailbreak, data exfiltration, and output leak patterns.
+ *
+ * Operates at the AI/semantic layer (L0 regex detection).
+ * Designed to be called by the HTTP proxy or directly via SDK integration.
+ */
+class PromptInterceptor {
+    constructor(engine) {
+        this.type = 'prompt';
+        this.active = false;
+        this.engine = engine;
+    }
+    async start() {
+        this.active = true;
+    }
+    async stop() {
+        this.active = false;
+    }
+    isRunning() {
+        return this.active;
+    }
+    /**
+     * Scan user/agent input for prompt injection, jailbreak,
+     * data exfiltration, and context manipulation attempts.
+     */
+    scanInput(content) {
+        if (!this.active)
+            return { detected: false, matches: [] };
+        const result = (0, ai_threats_1.scanText)(content, ai_threats_1.PATTERN_SETS.inputPatterns);
+        if (result.detected) {
+            for (const match of result.matches) {
+                this.engine.emit({
+                    source: 'prompt',
+                    category: 'threat',
+                    severity: match.pattern.severity,
+                    description: `[${match.pattern.id}] ${match.pattern.description}`,
+                    data: {
+                        patternId: match.pattern.id,
+                        patternCategory: match.pattern.category,
+                        matchedText: match.matchedText,
+                        direction: 'input',
+                        contentLength: content.length,
+                    },
+                });
+            }
+        }
+        return result;
+    }
+    /**
+     * Scan LLM output for leaked secrets, PII, and system prompt disclosure.
+     */
+    scanOutput(content) {
+        if (!this.active)
+            return { detected: false, matches: [] };
+        const result = (0, ai_threats_1.scanText)(content, ai_threats_1.PATTERN_SETS.outputPatterns);
+        if (result.detected) {
+            for (const match of result.matches) {
+                this.engine.emit({
+                    source: 'prompt',
+                    category: 'threat',
+                    severity: match.pattern.severity,
+                    description: `[${match.pattern.id}] ${match.pattern.description}`,
+                    data: {
+                        patternId: match.pattern.id,
+                        patternCategory: match.pattern.category,
+                        matchedText: match.matchedText,
+                        direction: 'output',
+                        contentLength: content.length,
+                    },
+                });
+            }
+        }
+        return result;
+    }
+}
+exports.PromptInterceptor = PromptInterceptor;
+//# sourceMappingURL=prompt.js.map

package/dist/arp/interceptors/prompt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prompt.js","sourceRoot":"","sources":["../../../src/arp/interceptors/prompt.ts"],"names":[],"mappings":";;;AAEA,uDAAiF;AAEjF;;;;;;GAMG;AACH,MAAa,iBAAiB;IAK5B,YAAY,MAAmB;QAJtB,SAAI,GAAgB,QAAQ,CAAC;QAE9B,WAAM,GAAG,KAAK,CAAC;QAGrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,OAAe;QACvB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE,yBAAY,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;oBAChC,WAAW,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE;oBACjE,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;wBAC3B,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;wBACvC,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,SAAS,EAAE,OAAO;wBAClB,aAAa,EAAE,OAAO,CAAC,MAAM;qBAC9B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAAe;QACxB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE,yBAAY,CAAC,cAAc,CAAC,CAAC;QAE9D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;oBAChC,WAAW,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE;oBACjE,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;wBAC3B,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;wBACvC,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,SAAS,EAAE,QAAQ;wBACnB,aAAa,EAAE,OAAO,CAAC,MAAM;qBAC9B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AA7ED,8CA6EC"}

package/dist/arp/license/index.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * ARP License Module
+ *
+ * Checks for a valid ARP premium license. The open-source edition
+ * includes L0 regex detection and alert-only proxy mode.
+ *
+ * Premium features (blocking mode, SDK wrappers, L2 AI-layer assessment,
+ * custom patterns, dashboard export) require a valid license key.
+ *
+ * License validation logic is provided by the @opena2a/arp-premium package.
+ * This stub exposes the check interface so the core can gate features
+ * without depending on the premium package.
+ */
+export type LicenseTier = 'community' | 'pro' | 'team' | 'enterprise';
+export interface LicenseInfo {
+    /** License tier */
+    tier: LicenseTier;
+    /** Whether the license is currently valid */
+    valid: boolean;
+    /** Organization name (if licensed) */
+    organization?: string;
+    /** Expiry date (ISO string) */
+    expiresAt?: string;
+    /** Features enabled by this license */
+    features: Set<string>;
+}
+/** Premium feature identifiers */
+export declare const PREMIUM_FEATURES: {
+    /** Block requests on threat detection (not just alert) */
+    readonly BLOCKING_MODE: "blocking-mode";
+    /** L2 LLM assessment for AI-layer threats */
+    readonly AI_LAYER_L2: "ai-layer-l2";
+    /** SDK wrappers (wrapOpenAI, wrapMCP) */
+    readonly SDK_WRAPPERS: "sdk-wrappers";
+    /** Custom pattern authoring and import */
+    readonly CUSTOM_PATTERNS: "custom-patterns";
+    /** SIEM/dashboard export */
+    readonly SIEM_EXPORT: "siem-export";
+    /** Compliance report generation */
+    readonly COMPLIANCE_REPORTS: "compliance-reports";
+};
+/** Validator function type -- provided by @opena2a/arp-premium */
+type LicenseValidator = (key: string) => LicenseInfo | Promise<LicenseInfo>;
+/**
+ * Register a license validator. Called by @opena2a/arp-premium
+ * when it is imported alongside @opena2a/arp.
+ */
+export declare function registerLicenseValidator(validator: LicenseValidator): void;
+/**
+ * Check the current license status.
+ * Returns community tier if no license key or validator is present.
+ */
+export declare function checkLicense(): Promise<LicenseInfo>;
+/**
+ * Check if a specific premium feature is available.
+ */
+export declare function hasFeature(feature: string): Promise<boolean>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/arp/license/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/arp/license/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,KAAK,GAAG,MAAM,GAAG,YAAY,CAAC;AAEtE,MAAM,WAAW,WAAW;IAC1B,mBAAmB;IACnB,IAAI,EAAE,WAAW,CAAC;IAClB,6CAA6C;IAC7C,KAAK,EAAE,OAAO,CAAC;IACf,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CACvB;AAED,kCAAkC;AAClC,eAAO,MAAM,gBAAgB;IAC3B,0DAA0D;;IAE1D,6CAA6C;;IAE7C,yCAAyC;;IAEzC,0CAA0C;;IAE1C,4BAA4B;;IAE5B,mCAAmC;;CAE3B,CAAC;AAEX,kEAAkE;AAClE,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,KAAK,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;AAK5E;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,gBAAgB,GAAG,IAAI,CAE1E;AAED;;;GAGG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC,CAazD;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGlE"}

package/dist/arp/license/index.js ADDED Viewed

@@ -0,0 +1,78 @@
+"use strict";
+/**
+ * ARP License Module
+ *
+ * Checks for a valid ARP premium license. The open-source edition
+ * includes L0 regex detection and alert-only proxy mode.
+ *
+ * Premium features (blocking mode, SDK wrappers, L2 AI-layer assessment,
+ * custom patterns, dashboard export) require a valid license key.
+ *
+ * License validation logic is provided by the @opena2a/arp-premium package.
+ * This stub exposes the check interface so the core can gate features
+ * without depending on the premium package.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PREMIUM_FEATURES = void 0;
+exports.registerLicenseValidator = registerLicenseValidator;
+exports.checkLicense = checkLicense;
+exports.hasFeature = hasFeature;
+/** Premium feature identifiers */
+exports.PREMIUM_FEATURES = {
+    /** Block requests on threat detection (not just alert) */
+    BLOCKING_MODE: 'blocking-mode',
+    /** L2 LLM assessment for AI-layer threats */
+    AI_LAYER_L2: 'ai-layer-l2',
+    /** SDK wrappers (wrapOpenAI, wrapMCP) */
+    SDK_WRAPPERS: 'sdk-wrappers',
+    /** Custom pattern authoring and import */
+    CUSTOM_PATTERNS: 'custom-patterns',
+    /** SIEM/dashboard export */
+    SIEM_EXPORT: 'siem-export',
+    /** Compliance report generation */
+    COMPLIANCE_REPORTS: 'compliance-reports',
+};
+/** Registered external validator (set by premium package) */
+let externalValidator = null;
+/**
+ * Register a license validator. Called by @opena2a/arp-premium
+ * when it is imported alongside @opena2a/arp.
+ */
+function registerLicenseValidator(validator) {
+    externalValidator = validator;
+}
+/**
+ * Check the current license status.
+ * Returns community tier if no license key or validator is present.
+ */
+async function checkLicense() {
+    const key = process.env.ARP_LICENSE_KEY;
+    if (!key || !externalValidator) {
+        return communityLicense();
+    }
+    try {
+        const info = await externalValidator(key);
+        return info;
+    }
+    catch {
+        return communityLicense();
+    }
+}
+/**
+ * Check if a specific premium feature is available.
+ */
+async function hasFeature(feature) {
+    const license = await checkLicense();
+    return license.features.has(feature);
+}
+/**
+ * Synchronous community license -- used as default.
+ */
+function communityLicense() {
+    return {
+        tier: 'community',
+        valid: true,
+        features: new Set(),
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/arp/license/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/arp/license/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AA2CH,4DAEC;AAMD,oCAaC;AAKD,gCAGC;AAvDD,kCAAkC;AACrB,QAAA,gBAAgB,GAAG;IAC9B,0DAA0D;IAC1D,aAAa,EAAE,eAAe;IAC9B,6CAA6C;IAC7C,WAAW,EAAE,aAAa;IAC1B,yCAAyC;IACzC,YAAY,EAAE,cAAc;IAC5B,0CAA0C;IAC1C,eAAe,EAAE,iBAAiB;IAClC,4BAA4B;IAC5B,WAAW,EAAE,aAAa;IAC1B,mCAAmC;IACnC,kBAAkB,EAAE,oBAAoB;CAChC,CAAC;AAKX,6DAA6D;AAC7D,IAAI,iBAAiB,GAA4B,IAAI,CAAC;AAEtD;;;GAGG;AACH,SAAgB,wBAAwB,CAAC,SAA2B;IAClE,iBAAiB,GAAG,SAAS,CAAC;AAChC,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,YAAY;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAExC,IAAI,CAAC,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,OAAO,gBAAgB,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,UAAU,CAAC,OAAe;IAC9C,MAAM,OAAO,GAAG,MAAM,YAAY,EAAE,CAAC;IACrC,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,OAAO;QACL,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI,GAAG,EAAU;KAC5B,CAAC;AACJ,CAAC"}

package/dist/arp/monitors/filesystem.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { Monitor, MonitorType } from '../types';
+import type { EventEngine } from '../engine/event-engine';
+/**
+ * Filesystem monitor — watches for file access outside expected paths.
+ * Uses fs.watch (cross-platform, efficient, no polling).
+ */
+export declare class FilesystemMonitor implements Monitor {
+    readonly type: MonitorType;
+    private watchers;
+    private readonly engine;
+    private readonly watchPaths;
+    private readonly allowedPaths;
+    private readonly debounceMap;
+    private readonly debounceMs;
+    constructor(engine: EventEngine, watchPaths?: string[], allowedPaths?: string[]);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    isRunning(): boolean;
+    private handleEvent;
+}
+//# sourceMappingURL=filesystem.d.ts.map

package/dist/arp/monitors/filesystem.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"filesystem.d.ts","sourceRoot":"","sources":["../../../src/arp/monitors/filesystem.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAW1D;;;GAGG;AACH,qBAAa,iBAAkB,YAAW,OAAO;IAC/C,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAgB;IAC1C,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAW;IACtC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoD;IAChF,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;gBAGjC,MAAM,EAAE,WAAW,EACnB,UAAU,CAAC,EAAE,MAAM,EAAE,EACrB,YAAY,CAAC,EAAE,MAAM,EAAE;IAOnB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAoBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAY3B,SAAS,IAAI,OAAO;IAIpB,OAAO,CAAC,WAAW;CAwDpB"}