indigiarmor 0.1.0

package/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2024-present IndigiArmor
+
+Permission is hereby granted to any person or organization obtaining a copy of
+this software and associated documentation files (the "Software") to use the
+Software solely in connection with an active IndigiArmor subscription or
+authorized evaluation. You may install, copy, and integrate the Software into
+your applications for that purpose.
+
+You may NOT:
+
+  - Redistribute, sublicense, sell, or otherwise transfer the Software as a
+    standalone product.
+  - Remove or alter any proprietary notices, labels, or marks.
+  - Use the Software to build a competing service or product.
+  - Reverse-engineer, decompile, or disassemble the Software beyond what is
+    permitted by applicable law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,257 @@
+# IndigiArmor SDK
+
+Official JavaScript/TypeScript client for the IndigiArmor API -- real-time prompt scanning for PII, FERPA, Indigenous cultural knowledge, re-identification, and injection attacks.
+
+## Install
+
+```bash
+npm install indigiarmor
+```
+
+## Quick Start
+
+```typescript
+import { IndigiArmor } from 'indigiarmor';
+
+const ia = new IndigiArmor('ia_sk_your_key_here');
+
+const result = await ia.scan('Send me John Smith SSN 123-45-6789');
+console.log(result.tier);   // 'red'
+console.log(result.action); // 'block'
+```
+
+## Features
+
+- **Prompt scanning** -- detect PII, FERPA violations, cultural knowledge exposure, re-identification risk, and prompt injection before prompts reach an LLM
+- **Response scanning** -- scan LLM output for PII leaks and sensitive data
+- **Document scanning** -- scan extracted text from PDFs, DOCX, and other documents
+- **Human-in-the-loop** -- confirm yellow-tier (flagged) prompts via token-based approval
+- **Policy management** -- create, update, and delete detection policies; apply compliance templates
+- **Allowlisting** -- mark safe terms to suppress false positives
+- **Usage and audit logs** -- query scan statistics and paginated audit history
+- **Webhooks** -- receive real-time notifications on scan events (Professional+)
+- **Teams** -- organize users into teams with scoped access (Professional+)
+- **Custom entities** -- define custom detection patterns and keywords (Enterprise)
+- **Compliance reports** -- generate audit exports and compliance summaries (Education+)
+- **Red team simulation** -- run attack simulations against your current policy (Enterprise)
+- **Convenience layers** -- `guard()`, `protect()`, Express middleware, Next.js handler wrapper, and LLM client wrappers for OpenAI, Anthropic, and Gemini
+- **Zero dependencies** -- works in Node.js 18+, browsers, Deno, Cloudflare Workers, and Edge runtimes
+
+## Convenience Layers
+
+Every convenience layer accepts a `yellowStrategy` option that controls how yellow-tier (flagged) results are handled:
+
+| Strategy     | Behavior                                      |
+|--------------|-----------------------------------------------|
+| `'sanitize'` | Allow, using the sanitized prompt (default)   |
+| `'allow'`    | Allow, using the original prompt              |
+| `'block'`    | Reject the prompt                             |
+
+### `guard()` -- Scan and Decide
+
+Scan a prompt and get a simple safe/unsafe decision in one call.
+
+```typescript
+const { safe, prompt, result } = await ia.guard('user input here');
+
+if (safe) {
+  // `prompt` is the sanitized version when applicable
+  await callLLM(prompt);
+} else {
+  console.log('Blocked:', result.explanation);
+}
+```
+
+Override the yellow strategy per call:
+
+```typescript
+const { safe } = await ia.guard('user input', { yellowStrategy: 'block' });
+```
+
+### `protect()` -- Wrap Any Function
+
+Scan input, call your function with the safe prompt, and optionally scan the output.
+
+```typescript
+const { output, inputScan, outputScan } = await ia.protect(
+  'user input here',
+  async (safePrompt) => {
+    return await callLLM(safePrompt);
+  },
+  { scanOutput: true },
+);
+```
+
+Throws `IndigiArmorError` with code `PROMPT_BLOCKED` if the input is blocked, or `RESPONSE_BLOCKED` if output scanning detects sensitive data.
+
+### `middleware()` -- Express Middleware
+
+Drop-in Express middleware that scans request bodies before your route handler runs.
+
+```typescript
+import express from 'express';
+
+const app = express();
+app.use(express.json());
+
+app.post('/api/chat', ia.middleware({ promptField: 'prompt' }), (req, res) => {
+  // req.body.prompt is now sanitized
+  // req.scanResult contains the full scan result
+  res.json({ reply: 'ok' });
+});
+```
+
+Blocked prompts receive a 400 response with `{ error: 'blocked', explanation, tier }`. Requests without the specified prompt field pass through without scanning.
+
+### `nextHandler()` -- Next.js App Router
+
+Wrap a Next.js App Router route handler with automatic prompt scanning.
+
+```typescript
+// app/api/chat/route.ts
+import { IndigiArmor } from 'indigiarmor';
+
+const ia = new IndigiArmor(process.env.INDIGIARMOR_API_KEY!);
+
+export const POST = ia.nextHandler(
+  async (req, scanResult) => {
+    const { prompt } = await req.json();
+    // prompt is already sanitized in the cloned request body
+    return Response.json({ answer: await callLLM(prompt) });
+  },
+  { promptField: 'prompt' },
+);
+```
+
+Returns a 400 JSON response for blocked prompts. Non-JSON requests and requests without the prompt field pass through. Uses Web standard `Request`/`Response` -- no Next.js dependency required.
+
+### `wrapOpenAI()` -- OpenAI Client Wrapper
+
+Proxy-wrap an OpenAI client so every `chat.completions.create()` call is automatically scanned.
+
+```typescript
+import OpenAI from 'openai';
+
+const openai = ia.wrapOpenAI(new OpenAI(), {
+  yellowStrategy: 'sanitize',
+  scanOutput: true,
+});
+
+// All user messages are scanned before reaching OpenAI
+const completion = await openai.chat.completions.create({
+  model: 'gpt-4o',
+  messages: [{ role: 'user', content: 'Hello' }],
+});
+```
+
+Scans each user message individually. Handles both `content: string` and `content: ContentPart[]` formats. Works with OpenAI-compatible providers (Groq, Together, Azure OpenAI).
+
+### `wrapAnthropic()` -- Anthropic Client Wrapper
+
+Proxy-wrap an Anthropic client so every `messages.create()` call is scanned, including the top-level `system` parameter.
+
+```typescript
+import Anthropic from '@anthropic-ai/sdk';
+
+const anthropic = ia.wrapAnthropic(new Anthropic(), { scanOutput: true });
+
+const message = await anthropic.messages.create({
+  model: 'claude-sonnet-4-20250514',
+  max_tokens: 1024,
+  system: 'You are a helpful assistant.',
+  messages: [{ role: 'user', content: 'Hello' }],
+});
+```
+
+### `wrapGemini()` -- Google GenAI Client Wrapper
+
+Proxy-wrap a Google GenAI client so every `models.generateContent()` call is scanned, including `config.systemInstruction`.
+
+```typescript
+import { GoogleGenAI } from '@google/genai';
+
+const genai = ia.wrapGemini(new GoogleGenAI({ apiKey: '...' }), {
+  scanOutput: true,
+});
+
+const response = await genai.models.generateContent({
+  model: 'gemini-2.5-flash',
+  contents: 'Hello',
+});
+```
+
+Handles string contents and `{ role, parts }` arrays.
+
+**LLM wrapper limitations:** Output scanning only works with non-streaming responses. Only text content is scanned; images pass through unchanged.
+
+## Error Handling
+
+All API errors are thrown as typed subclasses of `IndigiArmorError`:
+
+```typescript
+import {
+  IndigiArmorError,
+  AuthenticationError,
+  RateLimitError,
+  ValidationError,
+  NotFoundError,
+} from 'indigiarmor';
+
+try {
+  await ia.scan(prompt);
+} catch (err) {
+  if (err instanceof RateLimitError) {
+    // err.retryAfter -- seconds until retry (when provided by server)
+    console.log(`Rate limited. Retry after ${err.retryAfter}s`);
+  } else if (err instanceof AuthenticationError) {
+    // Invalid or revoked API key (401)
+  } else if (err instanceof ValidationError) {
+    // Bad request payload (400)
+  } else if (err instanceof NotFoundError) {
+    // Resource not found (404)
+  } else if (err instanceof IndigiArmorError) {
+    // err.code      -- machine-readable error code
+    // err.status    -- HTTP status (0 for network/timeout errors)
+    // err.requestId -- server request ID for support
+  }
+}
+```
+
+Error codes from convenience layers:
+
+| Code               | Meaning                                                              |
+|--------------------|----------------------------------------------------------------------|
+| `PROMPT_BLOCKED`   | Input blocked (red tier, or yellow with `'block'` strategy)          |
+| `RESPONSE_BLOCKED` | LLM output failed response scanning                                 |
+| `TIMEOUT`          | Request exceeded the configured timeout                              |
+| `NETWORK_ERROR`    | Network-level failure (DNS, connection refused, etc.)                |
+
+## Configuration
+
+```typescript
+const ia = new IndigiArmor('ia_sk_...', {
+  // Base URL of the IndigiArmor API (default: 'https://indigiarmor.com')
+  baseUrl: 'https://indigiarmor.com',
+
+  // Request timeout in milliseconds (default: 30000)
+  timeout: 10_000,
+
+  // Custom fetch implementation (default: globalThis.fetch)
+  fetch: customFetch,
+
+  // Lifecycle callbacks triggered after each scan() call
+  callbacks: {
+    onBlock: (result) => console.error('Blocked:', result.explanation),
+    onFlag:  (result) => console.warn('Flagged:', result.explanation),
+    onAllow: (result) => {},
+  },
+});
+```
+
+Callbacks are invoked based on the result tier after every `scan()` call. Errors thrown inside callbacks are swallowed and never break the scan flow. Async callbacks are awaited.
+
+## Links
+
+- [API Documentation](https://indigiarmor.com/docs/sdk)
+- [Website](https://indigiarmor.com)
+- [GitHub Issues](https://github.com/rschance1/indigiarmor/issues)

package/dist/client.d.ts

@@ -0,0 +1,117 @@
+import type { IndigiArmorOptions, ScanResult, ScanResponseResult, ConfirmResult, DocumentMetadata, Policy, CreatePolicyRequest, UpdatePolicyRequest, PolicyTemplate, CreateFromTemplateRequest, ApiKey, CreateKeyRequest, CreateKeyResult, UsageResult, UsageQuery, AuditLog, AuditQuery, AuditListResult, AllowlistEntry, CreateAllowlistRequest, Webhook, CreateWebhookRequest, UpdateWebhookRequest, Team, CreateTeamRequest, TeamMember, CustomEntity, CreateCustomEntityRequest, UpdateCustomEntityRequest, AuditExportQuery, ComplianceReport, AttackCase, SimulationRunResult, GuardOptions, GuardResult, ProtectOptions, ProtectResult, MiddlewareOptions, NextHandlerOptions, WrapLLMOptions } from './types.js';
+export declare class IndigiArmor {
+    private readonly apiKey;
+    private readonly baseUrl;
+    private readonly fetchFn;
+    private readonly timeout;
+    private readonly callbacks;
+    constructor(apiKey: string, options?: IndigiArmorOptions);
+    /** Scan a prompt for risk signals before sending to an LLM. */
+    scan(prompt: string): Promise<ScanResult>;
+    private invokeCallback;
+    /** Scan document content (extracted text from PDF, DOCX, etc.) for risk signals. */
+    scanDocument(content: string, documentMetadata?: DocumentMetadata): Promise<ScanResult>;
+    /** Scan an LLM response for PII leaks and sensitive data. */
+    scanResponse(response: string): Promise<ScanResponseResult>;
+    /** Confirm a yellow-tier token (human-in-the-loop approval). */
+    confirm(tokenId: string): Promise<ConfirmResult>;
+    /** List all policies for your organization. */
+    listPolicies(): Promise<Policy[]>;
+    /** Create a new detection policy. */
+    createPolicy(data: CreatePolicyRequest): Promise<Policy>;
+    /** Update an existing policy. */
+    updatePolicy(id: string, data: UpdatePolicyRequest): Promise<Policy>;
+    /** Delete a policy. */
+    deletePolicy(id: string): Promise<void>;
+    /** List available compliance policy templates (Education+). */
+    listPolicyTemplates(): Promise<PolicyTemplate[]>;
+    /** Create a policy from a compliance template (Education+). */
+    createPolicyFromTemplate(data: CreateFromTemplateRequest): Promise<Policy>;
+    /** List all API keys (hashes are never returned). */
+    listKeys(): Promise<ApiKey[]>;
+    /** Create a new API key. The raw key is only returned once. */
+    createKey(data: CreateKeyRequest): Promise<CreateKeyResult>;
+    /** Revoke an API key (soft-delete). */
+    revokeKey(id: string): Promise<void>;
+    /** Get scan usage statistics, optionally filtered by date range. */
+    getUsage(query?: UsageQuery): Promise<UsageResult>;
+    /** Query paginated audit logs with optional filters. */
+    listAuditLogs(query?: AuditQuery): Promise<AuditListResult>;
+    /** Get a single audit log entry by ID. */
+    getAuditLog(id: string): Promise<AuditLog>;
+    /** List all allowlisted terms for your organization. */
+    listAllowlist(): Promise<AllowlistEntry[]>;
+    /** Add a term to the allowlist. */
+    addAllowlistEntry(data: CreateAllowlistRequest): Promise<AllowlistEntry>;
+    /** Remove an allowlist entry. */
+    removeAllowlistEntry(id: string): Promise<void>;
+    /** List all webhooks. */
+    listWebhooks(): Promise<Webhook[]>;
+    /** Create a webhook endpoint. */
+    createWebhook(data: CreateWebhookRequest): Promise<Webhook>;
+    /** Update a webhook. */
+    updateWebhook(id: string, data: UpdateWebhookRequest): Promise<Webhook>;
+    /** Delete a webhook. */
+    deleteWebhook(id: string): Promise<void>;
+    /** Send a test event to a webhook. */
+    testWebhook(id: string): Promise<{
+        success: boolean;
+        status?: number;
+    }>;
+    /** List all teams. */
+    listTeams(): Promise<Team[]>;
+    /** Create a team. */
+    createTeam(data: CreateTeamRequest): Promise<Team>;
+    /** Update a team. */
+    updateTeam(id: string, data: {
+        name: string;
+    }): Promise<Team>;
+    /** Delete a team. */
+    deleteTeam(id: string): Promise<void>;
+    /** List team members. */
+    listTeamMembers(teamId: string): Promise<TeamMember[]>;
+    /** Add a member to a team. */
+    addTeamMember(teamId: string, userId: string): Promise<void>;
+    /** List custom entity types. */
+    listCustomEntities(): Promise<CustomEntity[]>;
+    /** Create a custom entity type. */
+    createCustomEntity(data: CreateCustomEntityRequest): Promise<CustomEntity>;
+    /** Update a custom entity type. */
+    updateCustomEntity(id: string, data: UpdateCustomEntityRequest): Promise<CustomEntity>;
+    /** Delete a custom entity type. */
+    deleteCustomEntity(id: string): Promise<void>;
+    /** Export audit logs as JSON. */
+    exportAuditLogs(query: AuditExportQuery): Promise<{
+        export: {
+            logs: AuditLog[];
+            total: number;
+        };
+    }>;
+    /** Generate a compliance summary report. */
+    getComplianceReport(from: string, to: string): Promise<ComplianceReport>;
+    /** Run a red team attack simulation against current policy. */
+    runRedTeam(): Promise<SimulationRunResult>;
+    /** List available attack cases (without executing). */
+    listAttackCases(): Promise<AttackCase[]>;
+    /** Simple boolean gate — scan and decide in one call. */
+    guard(prompt: string, options?: GuardOptions): Promise<GuardResult>;
+    /** Scan input, call function with safe prompt, optionally scan output. */
+    protect<T>(prompt: string, fn: (safePrompt: string) => Promise<T>, options?: ProtectOptions): Promise<ProtectResult<T>>;
+    /** Express-compatible middleware that scans prompts from request bodies. */
+    middleware(options?: MiddlewareOptions): (req: import("./middleware.js").MiddlewareRequest, res: import("./middleware.js").MiddlewareResponse, next: import("./middleware.js").NextFunction) => Promise<void>;
+    /** Next.js App Router handler wrapper that scans prompts before processing. */
+    nextHandler(handler: (req: Request, scanResult: ScanResult | undefined) => Promise<Response>, options?: NextHandlerOptions): (req: Request) => Promise<Response>;
+    /** Proxy-wrap an OpenAI client to auto-scan all chat completions. */
+    wrapOpenAI<T extends object>(client: T, options?: WrapLLMOptions): T;
+    /** Proxy-wrap an Anthropic client to auto-scan all messages. */
+    wrapAnthropic<T extends object>(client: T, options?: WrapLLMOptions): T;
+    /** Proxy-wrap a Google GenAI client to auto-scan all generateContent calls. */
+    wrapGemini<T extends object>(client: T, options?: WrapLLMOptions): T;
+    private get;
+    private post;
+    private put;
+    private del;
+    private request;
+    private handleError;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAElB,UAAU,EACV,kBAAkB,EAClB,aAAa,EACb,gBAAgB,EAChB,MAAM,EACN,mBAAmB,EACnB,mBAAmB,EACnB,cAAc,EACd,yBAAyB,EACzB,MAAM,EACN,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,UAAU,EACV,QAAQ,EACR,UAAU,EACV,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,OAAO,EACP,oBAAoB,EACpB,oBAAoB,EACpB,IAAI,EACJ,iBAAiB,EACjB,UAAU,EACV,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,UAAU,EACV,mBAAmB,EAEnB,YAAY,EACZ,WAAW,EACX,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACf,MAAM,YAAY,CAAC;AAqBpB,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA0B;IAClD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAuB;gBAErC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,kBAAuB;IAc5D,+DAA+D;IACzD,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;YAMjC,cAAc;IAY5B,oFAAoF;IAC9E,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAU7F,6DAA6D;IACvD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAIjE,gEAAgE;IAC1D,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAMtD,+CAA+C;IACzC,YAAY,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAKvC,qCAAqC;IAC/B,YAAY,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAK9D,iCAAiC;IAC3B,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAK1E,uBAAuB;IACjB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,+DAA+D;IACzD,mBAAmB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKtD,+DAA+D;IACzD,wBAAwB,CAAC,IAAI,EAAE,yBAAyB,GAAG,OAAO,CAAC,MAAM,CAAC;IAOhF,qDAAqD;IAC/C,QAAQ,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAKnC,+DAA+D;IACzD,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAIjE,uCAAuC;IACjC,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1C,oEAAoE;IAC9D,QAAQ,CAAC,KAAK,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC;IAUxD,wDAAwD;IAClD,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC;IAWjE,0CAA0C;IACpC,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAOhD,wDAAwD;IAClD,aAAa,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKhD,mCAAmC;IAC7B,iBAAiB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC;IAK9E,iCAAiC;IAC3B,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMrD,yBAAyB;IACnB,YAAY,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAKxC,iCAAiC;IAC3B,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC;IAKjE,wBAAwB;IAClB,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7E,wBAAwB;IAClB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,sCAAsC;IAChC,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAM7E,sBAAsB;IAChB,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAKlC,qBAAqB;IACf,UAAU,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAKxD,qBAAqB;IACf,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAKnE,qBAAqB;IACf,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,yBAAyB;IACnB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK5D,8BAA8B;IACxB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMlE,gCAAgC;IAC1B,kBAAkB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAKnD,mCAAmC;IAC7B,kBAAkB,CAAC,IAAI,EAAE,yBAAyB,GAAG,OAAO,CAAC,YAAY,CAAC;IAKhF,mCAAmC;IAC7B,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,GAAG,OAAO,CAAC,YAAY,CAAC;IAK5F,mCAAmC;IAC7B,kBAAkB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnD,iCAAiC;IAC3B,eAAe,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE;YAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;IAMxG,4CAA4C;IACtC,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAQ9E,+DAA+D;IACzD,UAAU,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAIhD,uDAAuD;IACjD,eAAe,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAO9C,yDAAyD;IACnD,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;IAIzE,0EAA0E;IACpE,OAAO,CAAC,CAAC,EACb,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,EACtC,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAI5B,4EAA4E;IAC5E,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB;IAItC,+EAA+E;IAC/E,WAAW,CACT,OAAO,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,GAAG,SAAS,KAAK,OAAO,CAAC,QAAQ,CAAC,EAChF,OAAO,CAAC,EAAE,kBAAkB;IAK9B,qEAAqE;IACrE,UAAU,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,CAAC;IAIpE,gEAAgE;IAChE,aAAa,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,CAAC;IAIvE,+EAA+E;IAC/E,UAAU,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,CAAC;YAMtD,GAAG;YAIH,IAAI;YAIJ,GAAG;YAIH,GAAG;YAIH,OAAO;YAqDP,WAAW;CAgC1B"}