hackmyagent 0.7.2 → 0.8.1

package/dist/oasb/harness/types.d.ts

@@ -0,0 +1,74 @@
+import type { ARPEvent, EnforcementResult } from '../../arp';
+/** Annotation metadata for test cases */
+export interface TestAnnotation {
+    /** Is this scenario an actual attack? */
+    isAttack: boolean;
+    /** MITRE ATLAS technique ID */
+    atlasId?: string;
+    /** OWASP Agentic Top 10 category */
+    owaspId?: string;
+    /** Whether ARP should detect this */
+    expectedDetection: boolean;
+    /** Expected minimum severity if detected */
+    expectedSeverity?: 'info' | 'low' | 'medium' | 'high' | 'critical';
+    /** Timestamp when the attack was initiated */
+    attackTimestamp?: number;
+}
+/** Collected test result with timing info */
+export interface TestResult {
+    testId: string;
+    annotation: TestAnnotation;
+    detected: boolean;
+    detectionTimeMs?: number;
+    events: ARPEvent[];
+    enforcements: EnforcementResult[];
+}
+/** Suite-level metrics */
+export interface SuiteMetrics {
+    totalTests: number;
+    attacks: number;
+    benign: number;
+    truePositives: number;
+    falsePositives: number;
+    trueNegatives: number;
+    falseNegatives: number;
+    detectionRate: number;
+    falsePositiveRate: number;
+    meanDetectionTimeMs: number;
+    p95DetectionTimeMs: number;
+}
+/** ARP wrapper configuration for tests */
+export interface LabConfig {
+    monitors?: {
+        process?: boolean;
+        network?: boolean;
+        filesystem?: boolean;
+    };
+    rules?: import('../../arp').AlertRule[];
+    intelligence?: {
+        enabled?: boolean;
+    };
+    /** Temp data dir (auto-created per test) */
+    dataDir?: string;
+    /** Filesystem paths to watch (for real FilesystemMonitor) */
+    filesystemWatchPaths?: string[];
+    /** Filesystem allowed paths (for real FilesystemMonitor) */
+    filesystemAllowedPaths?: string[];
+    /** Network allowed hosts (for real NetworkMonitor) */
+    networkAllowedHosts?: string[];
+    /** Process monitor poll interval in ms */
+    processIntervalMs?: number;
+    /** Network monitor poll interval in ms */
+    networkIntervalMs?: number;
+    /** Application-level interceptors (zero-latency hooks) */
+    interceptors?: {
+        process?: boolean;
+        network?: boolean;
+        filesystem?: boolean;
+    };
+    /** Interceptor network allowed hosts */
+    interceptorNetworkAllowedHosts?: string[];
+    /** Interceptor filesystem allowed paths */
+    interceptorFilesystemAllowedPaths?: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/oasb/harness/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/oasb/harness/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAE7D,yCAAyC;AACzC,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oCAAoC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,4CAA4C;IAC5C,gBAAgB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnE,8CAA8C;IAC9C,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,6CAA6C;AAC7C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,cAAc,CAAC;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,QAAQ,EAAE,CAAC;IACnB,YAAY,EAAE,iBAAiB,EAAE,CAAC;CACnC;AAED,0BAA0B;AAC1B,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,0CAA0C;AAC1C,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,EAAE;QACT,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,WAAW,EAAE,SAAS,EAAE,CAAC;IACxC,YAAY,CAAC,EAAE;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6DAA6D;IAC7D,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,4DAA4D;IAC5D,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,sDAAsD;IACtD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,0CAA0C;IAC1C,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0CAA0C;IAC1C,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0DAA0D;IAC1D,YAAY,CAAC,EAAE;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,wCAAwC;IACxC,8BAA8B,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1C,2CAA2C;IAC3C,iCAAiC,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9C"}

package/dist/oasb/harness/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/oasb/harness/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/oasb/harness/types.ts"],"names":[],"mappings":""}

package/dist/plugins/core.d.ts

@@ -0,0 +1,109 @@
+export declare const VERSION = "0.1.0";
+import type { AIMCore } from '@opena2a/aim-core';
+export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export interface Finding {
+    /** Unique finding ID (e.g., "CRED-001", "SIGN-002") */
+    id: string;
+    /** Human-readable title */
+    title: string;
+    /** Detailed description */
+    description: string;
+    /** Severity level */
+    severity: Severity;
+    /** File path where the finding was detected (if applicable) */
+    filePath?: string;
+    /** Line number (if applicable) */
+    line?: number;
+    /** OASB control ID (e.g., "1.1", "2.3") */
+    oasbControl?: string;
+    /** Whether this finding can be auto-fixed */
+    autoFixable: boolean;
+}
+export interface FixOptions {
+    /** Run in dry-run mode (show what would change without applying) */
+    dryRun?: boolean;
+    /** Path to the agent/bot directory */
+    agentDir?: string;
+    /** Interactive mode — prompt before each fix */
+    interactive?: boolean;
+}
+export interface Remediation {
+    /** Finding ID that was remediated */
+    findingId: string;
+    /** What was done */
+    description: string;
+    /** Files modified */
+    filesModified: string[];
+    /** Whether a rollback is available */
+    rollbackAvailable: boolean;
+}
+export interface PluginStatus {
+    /** Plugin name */
+    name: string;
+    /** Plugin version */
+    version: string;
+    /** Whether the plugin is active and monitoring */
+    active: boolean;
+    /** Current findings count */
+    findingsCount: number;
+    /** Last scan timestamp */
+    lastScan?: string;
+}
+export interface PluginMetadata {
+    /** Plugin npm package name */
+    packageName: string;
+    /** Human-readable display name */
+    displayName: string;
+    /** Short description */
+    description: string;
+    /** Plugin version */
+    version: string;
+    /** Finding IDs this plugin addresses */
+    findings: string[];
+    /** Score improvement when all findings are fixed */
+    scoreImprovement: number;
+}
+/**
+ * The contract every OpenA2A security plugin implements.
+ * Each plugin works standalone (no aim-core required).
+ * When aim-core is provided, plugins gain identity-aware audit logging and capability checks.
+ */
+export interface OpenA2APlugin {
+    /** Plugin metadata */
+    readonly metadata: PluginMetadata;
+    /** Initialize the plugin, optionally with aim-core integration */
+    init(options?: PluginInitOptions): Promise<void>;
+    /** Scan the agent directory and return findings */
+    scan(agentDir: string): Promise<Finding[]>;
+    /** Fix findings in the agent directory */
+    fix(agentDir: string, options?: FixOptions): Promise<Remediation[]>;
+    /** Get current plugin status */
+    status(): Promise<PluginStatus>;
+    /** Start background monitoring (if supported) */
+    monitor?(): Promise<void>;
+    /** Stop background monitoring and clean up */
+    stop?(): Promise<void>;
+    /** Uninstall the plugin and revert changes */
+    uninstall?(agentDir: string): Promise<void>;
+}
+export interface PluginInitOptions {
+    /** Optional aim-core instance for identity-aware features */
+    aimCore?: AIMCore;
+    /** Plugin-specific configuration */
+    config?: Record<string, unknown>;
+}
+export interface PluginRegistryEntry {
+    /** Plugin metadata */
+    metadata: PluginMetadata;
+    /** Factory function to create the plugin */
+    create: () => OpenA2APlugin;
+}
+/** Register a plugin with the global registry. Throws if already registered. */
+export declare function registerPlugin(entry: PluginRegistryEntry): void;
+/** Get a registered plugin by package name */
+export declare function getPlugin(packageName: string): PluginRegistryEntry | undefined;
+/** List all registered plugins */
+export declare function listPlugins(): PluginRegistryEntry[];
+/** Clear the registry (for testing) */
+export declare function clearRegistry(): void;
+//# sourceMappingURL=core.d.ts.map

package/dist/plugins/core.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../src/plugins/core.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAIjD,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,WAAW,OAAO;IACtB,uDAAuD;IACvD,EAAE,EAAE,MAAM,CAAC;IACX,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,oEAAoE;IACpE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,sCAAsC;IACtC,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,MAAM,EAAE,OAAO,CAAC;IAChB,6BAA6B;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,sBAAsB;IACtB,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAElC,kEAAkE;IAClE,IAAI,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD,mDAAmD;IACnD,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAE3C,0CAA0C;IAC1C,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAEpE,gCAAgC;IAChC,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC,iDAAiD;IACjD,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B,8CAA8C;IAC9C,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB,8CAA8C;IAC9C,SAAS,CAAC,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,iBAAiB;IAChC,6DAA6D;IAC7D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAID,MAAM,WAAW,mBAAmB;IAClC,sBAAsB;IACtB,QAAQ,EAAE,cAAc,CAAC;IACzB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,aAAa,CAAC;CAC7B;AAID,gFAAgF;AAChF,wBAAgB,cAAc,CAAC,KAAK,EAAE,mBAAmB,GAAG,IAAI,CAM/D;AAED,8CAA8C;AAC9C,wBAAgB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS,CAE9E;AAED,kCAAkC;AAClC,wBAAgB,WAAW,IAAI,mBAAmB,EAAE,CAEnD;AAED,uCAAuC;AACvC,wBAAgB,aAAa,IAAI,IAAI,CAEpC"}

package/dist/plugins/core.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VERSION = void 0;
+exports.registerPlugin = registerPlugin;
+exports.getPlugin = getPlugin;
+exports.listPlugins = listPlugins;
+exports.clearRegistry = clearRegistry;
+exports.VERSION = '0.1.0';
+const registry = new Map();
+/** Register a plugin with the global registry. Throws if already registered. */
+function registerPlugin(entry) {
+    const key = entry.metadata.packageName;
+    if (registry.has(key)) {
+        throw new Error(`Plugin "${key}" is already registered. Use clearRegistry() first to re-register.`);
+    }
+    registry.set(key, entry);
+}
+/** Get a registered plugin by package name */
+function getPlugin(packageName) {
+    return registry.get(packageName);
+}
+/** List all registered plugins */
+function listPlugins() {
+    return Array.from(registry.values());
+}
+/** Clear the registry (for testing) */
+function clearRegistry() {
+    registry.clear();
+}
+//# sourceMappingURL=core.js.map

package/dist/plugins/core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../../src/plugins/core.ts"],"names":[],"mappings":";;;AA6HA,wCAMC;AAGD,8BAEC;AAGD,kCAEC;AAGD,sCAEC;AAlJY,QAAA,OAAO,GAAG,OAAO,CAAC;AA0H/B,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA+B,CAAC;AAExD,gFAAgF;AAChF,SAAgB,cAAc,CAAC,KAA0B;IACvD,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;IACvC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,oEAAoE,CAAC,CAAC;IACtG,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED,8CAA8C;AAC9C,SAAgB,SAAS,CAAC,WAAmB;IAC3C,OAAO,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,kCAAkC;AAClC,SAAgB,WAAW;IACzB,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,uCAAuC;AACvC,SAAgB,aAAa;IAC3B,QAAQ,CAAC,KAAK,EAAE,CAAC;AACnB,CAAC"}

package/dist/plugins/credvault.d.ts

@@ -0,0 +1,22 @@
+export declare const VERSION = "0.1.0";
+import type { OpenA2APlugin, PluginMetadata, PluginStatus, Finding, Remediation, FixOptions, PluginInitOptions } from './core';
+export interface SecretEntry {
+    path: string;
+    allowedSkills: string[];
+    backend: 'local' | 'env';
+}
+export interface CredVaultConfig {
+    dataDir?: string;
+}
+export declare const metadata: PluginMetadata;
+export declare class CredVaultPlugin implements OpenA2APlugin {
+    readonly metadata: PluginMetadata;
+    private aimCore?;
+    init(options?: PluginInitOptions): Promise<void>;
+    scan(agentDir: string): Promise<Finding[]>;
+    fix(agentDir: string, options?: FixOptions): Promise<Remediation[]>;
+    status(): Promise<PluginStatus>;
+    uninstall(): Promise<void>;
+}
+export declare function createPlugin(): CredVaultPlugin;
+//# sourceMappingURL=credvault.d.ts.map

package/dist/plugins/credvault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credvault.d.ts","sourceRoot":"","sources":["../../src/plugins/credvault.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,OAAO,KAAK,EACV,aAAa,EACb,cAAc,EACd,YAAY,EACZ,OAAO,EACP,WAAW,EACX,UAAU,EACV,iBAAiB,EAClB,MAAM,QAAQ,CAAC;AAyChB,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,OAAO,EAAE,OAAO,GAAG,KAAK,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAyND,eAAO,MAAM,QAAQ,EAAE,cAOtB,CAAC;AAEF,qBAAa,eAAgB,YAAW,aAAa;IACnD,QAAQ,CAAC,QAAQ,iBAAY;IAC7B,OAAO,CAAC,OAAO,CAAC,CAAU;IAEpB,IAAI,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhD,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IA+B1C,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAmFnE,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC;IAS/B,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;CAGjC;AAED,wBAAgB,YAAY,IAAI,eAAe,CAE9C"}

package/dist/plugins/credvault.js

@@ -0,0 +1,374 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredVaultPlugin = exports.metadata = exports.VERSION = void 0;
+exports.createPlugin = createPlugin;
+exports.VERSION = '0.1.0';
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto = __importStar(require("crypto"));
+const CREDENTIAL_PATTERNS = [
+    { name: 'Anthropic API Key', regex: /sk-ant-api\d{2}-[a-zA-Z0-9_-]{20,}/ },
+    { name: 'OpenAI API Key (project)', regex: /sk-proj-[a-zA-Z0-9]{20,}/ },
+    { name: 'OpenAI API Key (legacy)', regex: /sk-[a-zA-Z0-9]{48,}/ },
+    { name: 'AWS Access Key', regex: /AKIA[0-9A-Z]{16}/ },
+    { name: 'GitHub Token (fine-grained)', regex: /ghp_[a-zA-Z0-9]{36}/ },
+    { name: 'GitHub PAT (new)', regex: /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/ },
+    { name: 'Slack Token', regex: /xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}/ },
+    { name: 'Google API Key', regex: /AIza[0-9A-Za-z_-]{35}/ },
+    { name: 'Stripe Live Key', regex: /sk_live_[0-9a-zA-Z]{24,}/ },
+    { name: 'SendGrid Key', regex: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/ },
+];
+const CONFIG_FILES = [
+    'config.json', 'config.yaml', 'config.yml',
+    '.env', '.env.local',
+    'package.json', 'mcp.json',
+    'CLAUDE.md',
+    '.openclaw/config.json', '.moltbot/config.json',
+    'openclaw.json', 'moltbot.json',
+    '.curse/mcp.json', '.vscode/mcp.json',
+    '.claude/settings.json',
+];
+const KEY_FILE_EXTENSIONS = ['.key', '.pem', '.p12', '.pfx'];
+// --- Encrypted Store ---
+const STORE_FILE = 'secrets.enc';
+const STORE_META_FILE = 'secrets.meta.json';
+function getStoreDir(agentDir) {
+    return path.join(agentDir, '.opena2a', 'credvault');
+}
+function initStore(agentDir) {
+    const storeDir = getStoreDir(agentDir);
+    fs.mkdirSync(storeDir, { recursive: true });
+    const metaPath = path.join(storeDir, STORE_META_FILE);
+    if (!fs.existsSync(metaPath)) {
+        const meta = { version: '1', entries: {} };
+        fs.writeFileSync(metaPath, JSON.stringify(meta, null, 2), 'utf-8');
+    }
+    const storePath = path.join(storeDir, STORE_FILE);
+    if (!fs.existsSync(storePath)) {
+        // Generate encryption key and create empty store
+        const key = crypto.randomBytes(32);
+        const iv = crypto.randomBytes(12); // 12 bytes for GCM
+        const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+        const encrypted = Buffer.concat([cipher.update('{}', 'utf-8'), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+        // Store key alongside (in production, this would use OS keychain)
+        fs.writeFileSync(path.join(storeDir, 'store.key'), key.toString('hex'), 'utf-8');
+        // Format: iv:authTag:ciphertext (all hex)
+        fs.writeFileSync(storePath, iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted.toString('hex'), 'utf-8');
+        // Restrict key file permissions (owner read/write only)
+        try {
+            fs.chmodSync(path.join(storeDir, 'store.key'), 0o600);
+        }
+        catch { /* Windows */ }
+    }
+}
+// --- Scan helpers ---
+function scanFileForCredentials(filePath, agentDir) {
+    const findings = [];
+    const maxSize = 10 * 1024 * 1024; // 10MB
+    try {
+        const stat = fs.statSync(filePath);
+        if (stat.size > maxSize)
+            return findings;
+    }
+    catch {
+        return findings;
+    }
+    let content;
+    try {
+        content = fs.readFileSync(filePath, 'utf-8');
+    }
+    catch {
+        return findings;
+    }
+    const relativePath = path.relative(agentDir, filePath);
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (line.length > 4096)
+            continue; // Skip long lines to prevent ReDoS
+        for (const pattern of CREDENTIAL_PATTERNS) {
+            if (pattern.regex.test(line)) {
+                findings.push({
+                    id: 'CRED-001',
+                    title: `Exposed ${pattern.name}`,
+                    description: `${pattern.name} found in ${relativePath} at line ${i + 1}. Move to environment variable or secrets manager.`,
+                    severity: 'critical',
+                    filePath: relativePath,
+                    line: i + 1,
+                    oasbControl: '1.1',
+                    autoFixable: true,
+                });
+                break; // One finding per line
+            }
+        }
+    }
+    return findings;
+}
+function scanForKeyFiles(agentDir) {
+    const findings = [];
+    try {
+        const entries = fs.readdirSync(agentDir);
+        for (const entry of entries) {
+            const ext = path.extname(entry).toLowerCase();
+            if (KEY_FILE_EXTENSIONS.includes(ext)) {
+                findings.push({
+                    id: 'CRED-002',
+                    title: 'Private key file in project root',
+                    description: `Private key file "${entry}" found in project root. Move to a secure location outside the project.`,
+                    severity: 'high',
+                    filePath: entry,
+                    autoFixable: false,
+                });
+            }
+        }
+    }
+    catch {
+        // Directory not readable
+    }
+    return findings;
+}
+function scanForJwtSecrets(agentDir) {
+    const findings = [];
+    const configFiles = ['config.json', 'config.yaml', 'config.yml', '.openclaw/config.json', '.moltbot/config.json'];
+    for (const file of configFiles) {
+        const filePath = path.join(agentDir, file);
+        if (!fs.existsSync(filePath))
+            continue;
+        try {
+            const content = fs.readFileSync(filePath, 'utf-8');
+            // Look for JWT secret patterns
+            if (/jwt[_-]?secret/i.test(content) || /token[_-]?secret/i.test(content)) {
+                findings.push({
+                    id: 'CRED-004',
+                    title: 'JWT secret in configuration',
+                    description: `JWT or token secret found in ${file}. Move to environment variable.`,
+                    severity: 'critical',
+                    filePath: file,
+                    autoFixable: true,
+                });
+            }
+        }
+        catch {
+            // File not readable
+        }
+    }
+    return findings;
+}
+// --- Fix helpers ---
+function fixCredentialsInFile(filePath, agentDir) {
+    const modified = [];
+    try {
+        let content = fs.readFileSync(filePath, 'utf-8');
+        let changed = false;
+        for (const pattern of CREDENTIAL_PATTERNS) {
+            if (pattern.regex.test(content)) {
+                // Generate env var name from the credential type
+                const envName = pattern.name
+                    .toUpperCase()
+                    .replace(/[^A-Z0-9]/g, '_')
+                    .replace(/_+/g, '_');
+                content = content.replace(pattern.regex, `\${${envName}}`);
+                changed = true;
+            }
+        }
+        if (changed) {
+            // Atomic write: write to temp file then rename to prevent corruption on crash
+            const tmpPath = filePath + '.tmp.' + process.pid;
+            fs.writeFileSync(tmpPath, content, 'utf-8');
+            fs.renameSync(tmpPath, filePath);
+            modified.push(path.relative(agentDir, filePath));
+        }
+    }
+    catch {
+        // File not writable
+    }
+    return modified;
+}
+function createEnvExample(agentDir, findings) {
+    const envVars = new Set();
+    for (const finding of findings) {
+        if (finding.id === 'CRED-001') {
+            // Extract credential type from title
+            const match = finding.title.match(/Exposed (.+)/);
+            if (match) {
+                const envName = match[1]
+                    .toUpperCase()
+                    .replace(/[^A-Z0-9]/g, '_')
+                    .replace(/_+/g, '_');
+                envVars.add(envName);
+            }
+        }
+    }
+    if (envVars.size === 0)
+        return null;
+    const envExamplePath = path.join(agentDir, '.env.example');
+    const lines = ['# Required environment variables', '# Copy to .env and fill in values', ''];
+    for (const v of envVars) {
+        lines.push(`${v}=`);
+    }
+    lines.push('');
+    fs.writeFileSync(envExamplePath, lines.join('\n'), 'utf-8');
+    return '.env.example';
+}
+// --- Plugin Implementation ---
+exports.metadata = {
+    packageName: 'hackmyagent',
+    displayName: 'CredVault',
+    description: 'Credential protection — scan for hardcoded secrets, move to encrypted store, per-skill isolation',
+    version: exports.VERSION,
+    findings: ['CRED-001', 'CRED-002', 'CRED-003', 'CRED-004'],
+    scoreImprovement: 25,
+};
+class CredVaultPlugin {
+    constructor() {
+        this.metadata = exports.metadata;
+    }
+    async init(options) {
+        this.aimCore = options?.aimCore;
+    }
+    async scan(agentDir) {
+        const findings = [];
+        // Scan config files for hardcoded credentials (CRED-001)
+        for (const file of CONFIG_FILES) {
+            const filePath = path.join(agentDir, file);
+            if (fs.existsSync(filePath)) {
+                findings.push(...scanFileForCredentials(filePath, agentDir));
+            }
+        }
+        // Scan for private key files (CRED-002)
+        findings.push(...scanForKeyFiles(agentDir));
+        // Scan for JWT secrets in config (CRED-004)
+        findings.push(...scanForJwtSecrets(agentDir));
+        // Log to aim-core audit if available
+        if (this.aimCore) {
+            this.aimCore.logEvent({
+                plugin: 'credvault',
+                action: 'scan.complete',
+                target: agentDir,
+                result: findings.length > 0 ? 'denied' : 'allowed',
+                metadata: { findingsCount: findings.length },
+            });
+        }
+        return findings;
+    }
+    async fix(agentDir, options) {
+        const remediations = [];
+        const findings = await this.scan(agentDir);
+        if (options?.dryRun) {
+            return findings
+                .filter((f) => f.autoFixable)
+                .map((f) => ({
+                findingId: f.id,
+                description: `Would fix: ${f.title}`,
+                filesModified: f.filePath ? [f.filePath] : [],
+                rollbackAvailable: false,
+            }));
+        }
+        // Initialize encrypted store
+        initStore(agentDir);
+        // Fix CRED-001: Replace hardcoded credentials with env var references
+        const credFindings = findings.filter((f) => f.id === 'CRED-001');
+        if (credFindings.length > 0) {
+            const allModified = [];
+            for (const file of CONFIG_FILES) {
+                const filePath = path.join(agentDir, file);
+                if (fs.existsSync(filePath)) {
+                    allModified.push(...fixCredentialsInFile(filePath, agentDir));
+                }
+            }
+            // Create .env.example
+            const envExample = createEnvExample(agentDir, credFindings);
+            if (envExample)
+                allModified.push(envExample);
+            if (allModified.length > 0) {
+                remediations.push({
+                    findingId: 'CRED-001',
+                    description: `Replaced ${credFindings.length} hardcoded credential(s) with environment variable references`,
+                    filesModified: allModified,
+                    rollbackAvailable: false,
+                });
+            }
+        }
+        // Fix CRED-004: Note about JWT secrets
+        const jwtFindings = findings.filter((f) => f.id === 'CRED-004');
+        if (jwtFindings.length > 0) {
+            for (const finding of jwtFindings) {
+                if (finding.filePath) {
+                    const modified = fixCredentialsInFile(path.join(agentDir, finding.filePath), agentDir);
+                    if (modified.length > 0) {
+                        remediations.push({
+                            findingId: 'CRED-004',
+                            description: 'Replaced JWT secret with environment variable reference',
+                            filesModified: modified,
+                            rollbackAvailable: false,
+                        });
+                    }
+                }
+            }
+        }
+        // Log remediation to aim-core
+        if (this.aimCore) {
+            for (const r of remediations) {
+                this.aimCore.logEvent({
+                    plugin: 'credvault',
+                    action: 'fix.applied',
+                    target: r.findingId,
+                    result: 'allowed',
+                    metadata: { filesModified: r.filesModified },
+                });
+            }
+            this.aimCore.setTrustHints({ secretsManaged: true });
+        }
+        return remediations;
+    }
+    async status() {
+        return {
+            name: exports.metadata.displayName,
+            version: exports.metadata.version,
+            active: false,
+            findingsCount: 0,
+        };
+    }
+    async uninstall() {
+        // No persistent state beyond the store directory
+    }
+}
+exports.CredVaultPlugin = CredVaultPlugin;
+function createPlugin() {
+    return new CredVaultPlugin();
+}
+//# sourceMappingURL=credvault.js.map

package/dist/plugins/credvault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credvault.js","sourceRoot":"","sources":["../../src/plugins/credvault.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqaA,oCAEC;AAvaY,QAAA,OAAO,GAAG,OAAO,CAAC;AAY/B,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AASjC,MAAM,mBAAmB,GAAwB;IAC/C,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,oCAAoC,EAAE;IAC1E,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,0BAA0B,EAAE;IACvE,EAAE,IAAI,EAAE,yBAAyB,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACjE,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,kBAAkB,EAAE;IACrD,EAAE,IAAI,EAAE,6BAA6B,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACrE,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,4CAA4C,EAAE;IACjF,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,sDAAsD,EAAE;IACtF,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,uBAAuB,EAAE;IAC1D,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,0BAA0B,EAAE;IAC9D,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,0CAA0C,EAAE;CAC5E,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,aAAa,EAAE,aAAa,EAAE,YAAY;IAC1C,MAAM,EAAE,YAAY;IACpB,cAAc,EAAE,UAAU;IAC1B,WAAW;IACX,uBAAuB,EAAE,sBAAsB;IAC/C,eAAe,EAAE,cAAc;IAC/B,iBAAiB,EAAE,kBAAkB;IACrC,uBAAuB;CACxB,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAc7D,0BAA0B;AAE1B,MAAM,UAAU,GAAG,aAAa,CAAC;AACjC,MAAM,eAAe,GAAG,mBAAmB,CAAC;AAO5C,SAAS,WAAW,CAAC,QAAgB;IACnC,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACvC,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAoB,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC5D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,iDAAiD;QACjD,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB;QACtD,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,kEAAkE;QAClE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;QACjF,0CAA0C;QAC1C,EAAE,CAAC,aAAa,CACd,SAAS,EACT,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EACpF,OAAO,CACR,CAAC;QACF,wDAAwD;QACxD,IAAI,CAAC;YAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;IACxF,CAAC;AACH,CAAC;AAED,uBAAuB;AAEvB,SAAS,sBAAsB,CAAC,QAAgB,EAAE,QAAgB;IAChE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;IAEzC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,IAAI,GAAG,OAAO;YAAE,OAAO,QAAQ,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI;YAAE,SAAS,CAAC,mCAAmC;QAErE,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU;oBACd,KAAK,EAAE,WAAW,OAAO,CAAC,IAAI,EAAE;oBAChC,WAAW,EAAE,GAAG,OAAO,CAAC,IAAI,aAAa,YAAY,YAAY,CAAC,GAAG,CAAC,oDAAoD;oBAC1H,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,YAAY;oBACtB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,WAAW,EAAE,KAAK;oBAClB,WAAW,EAAE,IAAI;iBAClB,CAAC,CAAC;gBACH,MAAM,CAAC,uBAAuB;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACzC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,mBAAmB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU;oBACd,KAAK,EAAE,kCAAkC;oBACzC,WAAW,EAAE,qBAAqB,KAAK,yEAAyE;oBAChH,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,KAAK;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,CAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,uBAAuB,EAAE,sBAAsB,CAAC,CAAC;IAElH,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC3C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,+BAA+B;YAC/B,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU;oBACd,KAAK,EAAE,6BAA6B;oBACpC,WAAW,EAAE,gCAAgC,IAAI,iCAAiC;oBAClF,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,IAAI;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oBAAoB;QACtB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,sBAAsB;AAEtB,SAAS,oBAAoB,CAAC,QAAgB,EAAE,QAAgB;IAC9D,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,CAAC;QACH,IAAI,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,iDAAiD;gBACjD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI;qBACzB,WAAW,EAAE;qBACb,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC;qBAC1B,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAEvB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,OAAO,GAAG,CAAC,CAAC;gBAC3D,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,8EAA8E;YAC9E,MAAM,OAAO,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;YACjD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC5C,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oBAAoB;IACtB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB,EAAE,QAAmB;IAC7D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,EAAE,KAAK,UAAU,EAAE,CAAC;YAC9B,qCAAqC;YACrC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAClD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;qBACrB,WAAW,EAAE;qBACb,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC;qBAC1B,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,CAAC,kCAAkC,EAAE,mCAAmC,EAAE,EAAE,CAAC,CAAC;IAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,EAAE,CAAC,aAAa,CAAC,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;IAC5D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,gCAAgC;AAEnB,QAAA,QAAQ,GAAmB;IACtC,WAAW,EAAE,aAAa;IAC1B,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,kGAAkG;IAC/G,OAAO,EAAE,eAAO;IAChB,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;IAC1D,gBAAgB,EAAE,EAAE;CACrB,CAAC;AAEF,MAAa,eAAe;IAA5B;QACW,aAAQ,GAAG,gBAAQ,CAAC;IAqI/B,CAAC;IAlIC,KAAK,CAAC,IAAI,CAAC,OAA2B;QACpC,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAgB;QACzB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,yDAAyD;QACzD,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAC3C,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5C,4CAA4C;QAC5C,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE9C,qCAAqC;QACrC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;gBACpB,MAAM,EAAE,WAAW;gBACnB,MAAM,EAAE,eAAe;gBACvB,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBAClD,QAAQ,EAAE,EAAE,aAAa,EAAE,QAAQ,CAAC,MAAM,EAAE;aAC7C,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,QAAgB,EAAE,OAAoB;QAC9C,MAAM,YAAY,GAAkB,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE3C,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;YACpB,OAAO,QAAQ;iBACZ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;iBAC5B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACX,SAAS,EAAE,CAAC,CAAC,EAAE;gBACf,WAAW,EAAE,cAAc,CAAC,CAAC,KAAK,EAAE;gBACpC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC7C,iBAAiB,EAAE,KAAK;aACzB,CAAC,CAAC,CAAC;QACR,CAAC;QAED,6BAA6B;QAC7B,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEpB,sEAAsE;QACtE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAa,EAAE,CAAC;YAEjC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAC3C,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5B,WAAW,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC5D,IAAI,UAAU;gBAAE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAE7C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,YAAY,CAAC,IAAI,CAAC;oBAChB,SAAS,EAAE,UAAU;oBACrB,WAAW,EAAE,YAAY,YAAY,CAAC,MAAM,+DAA+D;oBAC3G,aAAa,EAAE,WAAW;oBAC1B,iBAAiB,EAAE,KAAK;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAC,CAAC;QAChE,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;gBAClC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACrB,MAAM,QAAQ,GAAG,oBAAoB,CACnC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,EACrC,QAAQ,CACT,CAAC;oBACF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACxB,YAAY,CAAC,IAAI,CAAC;4BAChB,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE,yDAAyD;4BACtE,aAAa,EAAE,QAAQ;4BACvB,iBAAiB,EAAE,KAAK;yBACzB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;gBAC7B,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;oBACpB,MAAM,EAAE,WAAW;oBACnB,MAAM,EAAE,aAAa;oBACrB,MAAM,EAAE,CAAC,CAAC,SAAS;oBACnB,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,EAAE,aAAa,EAAE,CAAC,CAAC,aAAa,EAAE;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO;YACL,IAAI,EAAE,gBAAQ,CAAC,WAAW;YAC1B,OAAO,EAAE,gBAAQ,CAAC,OAAO;YACzB,MAAM,EAAE,KAAK;YACb,aAAa,EAAE,CAAC;SACjB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS;QACb,iDAAiD;IACnD,CAAC;CACF;AAtID,0CAsIC;AAED,SAAgB,YAAY;IAC1B,OAAO,IAAI,eAAe,EAAE,CAAC;AAC/B,CAAC"}