llm-trust-guard 4.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Nandakishore Leburu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,318 @@
+# @nandakishoreleburu89/llm-trust-guard
+
+[![npm version](https://img.shields.io/npm/v/@nandakishoreleburu89/llm-trust-guard.svg)](https://www.npmjs.com/package/@nandakishoreleburu89/llm-trust-guard)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+Comprehensive security guards for LLM-powered and agentic AI applications. Implements 20+ protection layers covering **OWASP Top 10 for LLMs 2025**, **OWASP Agentic AI 2026**, and **MCP Security**.
+
+## Features
+
+- **Prompt Injection Protection** - Detect and block injection attacks including PAP (Persuasive Adversarial Prompts)
+- **Encoding Attack Detection** - Base64, URL, Hex, Unicode, ROT13, Octal, Base32 encoding bypass prevention
+- **Memory Poisoning Prevention** - Cross-session contamination and context injection protection
+- **Multi-Modal Security** - Image and audio content validation
+- **RAG Security** - Document validation and embedding attack detection
+- **Tool Chain Validation** - Dangerous tool sequence and state corruption detection
+- **MCP Security** - Tool shadowing and supply chain attack prevention
+- **Trust Exploitation Guard** - Human-agent trust boundary enforcement
+
+## Quick Start
+
+### Installation
+
+```bash
+npm install @nandakishoreleburu89/llm-trust-guard
+```
+
+### Basic Usage
+
+```typescript
+import { InputSanitizer, EncodingDetector, MemoryGuard } from '@nandakishoreleburu89/llm-trust-guard';
+
+// Initialize guards
+const sanitizer = new InputSanitizer();
+const encoder = new EncodingDetector();
+const memory = new MemoryGuard();
+
+// Validate user input
+const userInput = "Hello, how can I help?";
+
+// Check for prompt injection
+const sanitizeResult = sanitizer.sanitize(userInput);
+if (!sanitizeResult.allowed) {
+  console.log('Blocked:', sanitizeResult.violations);
+  return;
+}
+
+// Check for encoding attacks
+const encodingResult = encoder.detect(userInput);
+if (!encodingResult.allowed) {
+  console.log('Encoded threat detected:', encodingResult.violations);
+  return;
+}
+
+// Use sanitized input
+console.log('Safe input:', sanitizeResult.sanitizedInput);
+```
+
+### Using TrustGuard Facade
+
+```typescript
+import { TrustGuard } from '@nandakishoreleburu89/llm-trust-guard';
+
+const guard = new TrustGuard({
+  sanitizer: { enabled: true, threshold: 0.3 },
+  encoding: { enabled: true },
+  registry: {
+    tools: [
+      { name: 'search', allowed_roles: ['user', 'admin'] },
+      { name: 'delete', allowed_roles: ['admin'] }
+    ]
+  }
+});
+
+const result = guard.check('search', { query: 'test' }, session, {
+  userInput: userInput
+});
+
+if (!result.allowed) {
+  console.log(`Blocked by ${result.block_layer}: ${result.block_reason}`);
+}
+```
+
+## Framework Integrations
+
+### Express Middleware
+
+```typescript
+import express from 'express';
+import { createTrustGuardMiddleware } from '@nandakishoreleburu89/llm-trust-guard';
+
+const app = express();
+app.use(express.json());
+
+// Protect LLM endpoints
+app.use('/api/chat', createTrustGuardMiddleware({
+  bodyFields: ['message', 'prompt'],
+  sanitize: true,
+  detectEncoding: true,
+  validateMemory: true
+}));
+
+app.post('/api/chat', (req, res) => {
+  // req.body.message is validated
+  res.json({ response: 'Safe response' });
+});
+```
+
+### LangChain Integration
+
+```typescript
+import { TrustGuardLangChain } from '@nandakishoreleburu89/llm-trust-guard';
+
+const guard = new TrustGuardLangChain({
+  validateInput: true,
+  filterOutput: true,
+  throwOnViolation: true
+});
+
+// Validate before sending to LLM
+const result = guard.validateInput(userMessage);
+if (!result.allowed) {
+  throw new Error(`Blocked: ${result.violations.join(', ')}`);
+}
+
+// Create secure processor
+const processor = guard.createSecureProcessor(sessionId);
+const { allowed, message } = processor.processUserMessage(userInput);
+```
+
+### OpenAI Integration
+
+```typescript
+import OpenAI from 'openai';
+import { SecureOpenAI, wrapOpenAIClient } from '@nandakishoreleburu89/llm-trust-guard';
+
+const openai = new OpenAI();
+
+// Option 1: Manual validation
+const secure = new SecureOpenAI({
+  validateInput: true,
+  filterOutput: true
+});
+
+const messages = [
+  { role: 'system', content: 'You are helpful.' },
+  { role: 'user', content: userInput }
+];
+
+const validated = secure.validateMessages(messages, sessionId);
+if (!validated.allowed) {
+  throw new Error('Blocked');
+}
+
+// Option 2: Wrap client (automatic validation)
+const secureOpenAI = wrapOpenAIClient(openai, {
+  validateInput: true,
+  filterOutput: true,
+  throwOnViolation: true
+});
+```
+
+## Guards Reference
+
+### Core Guards
+
+| Guard | Layer | Purpose |
+|-------|-------|---------|
+| InputSanitizer | L1 | Prompt injection & PAP detection |
+| ToolRegistry | L2 | Tool hallucination prevention |
+| PolicyGate | L3 | RBAC enforcement |
+| TenantBoundary | L4 | Multi-tenant isolation |
+| SchemaValidator | L5 | Parameter validation |
+| ExecutionMonitor | L6 | Rate limiting |
+| OutputFilter | L7 | PII/secret detection |
+| ConversationGuard | L8 | Multi-turn manipulation |
+| ToolChainValidator | L9 | Tool sequence validation |
+| EncodingDetector | L10 | Encoding bypass detection |
+
+### Advanced Guards
+
+| Guard | Layer | Purpose |
+|-------|-------|---------|
+| MultiModalGuard | L11 | Image/audio validation |
+| MemoryGuard | L12 | Memory poisoning prevention |
+| RAGGuard | L13 | Document validation |
+| CodeExecutionGuard | L14 | Safe code execution |
+| AgentCommunicationGuard | L15 | Multi-agent security |
+| CircuitBreaker | L16 | Failure prevention |
+| DriftDetector | L17 | Behavior monitoring |
+| MCPSecurityGuard | L18 | MCP tool security |
+| PromptLeakageGuard | L19 | System prompt protection |
+| TrustExploitationGuard | L20 | Trust boundary enforcement |
+| AutonomyEscalationGuard | L21 | Unauthorized autonomy prevention |
+| StatePersistenceGuard | L22 | State corruption prevention |
+
+## OWASP Coverage
+
+### LLM Top 10 2025
+
+| Threat | Guards |
+|--------|--------|
+| LLM01: Prompt Injection | InputSanitizer, EncodingDetector |
+| LLM02: Sensitive Data Exposure | OutputFilter, PromptLeakageGuard |
+| LLM03: Supply Chain | MCPSecurityGuard |
+| LLM04: Data Poisoning | RAGGuard, MemoryGuard |
+| LLM05: Privilege Escalation | PolicyGate, TenantBoundary |
+| LLM07: System Prompt Leakage | PromptLeakageGuard |
+| LLM08: Vector DB Attacks | RAGGuard |
+
+### Agentic AI 2026
+
+| Threat | Guards |
+|--------|--------|
+| ASI04: Tool Misuse | ToolChainValidator |
+| ASI05: Privilege Escalation | PolicyGate |
+| ASI06: Memory Poisoning | MemoryGuard |
+| ASI07: State Corruption | ToolChainValidator |
+| ASI08: State Persistence | StatePersistenceGuard |
+| ASI09: Trust Exploitation | TrustExploitationGuard |
+| ASI10: Autonomy Escalation | AutonomyEscalationGuard |
+
+## API Examples
+
+### InputSanitizer
+
+```typescript
+import { InputSanitizer } from '@nandakishoreleburu89/llm-trust-guard';
+
+const sanitizer = new InputSanitizer({
+  threshold: 0.3,
+  detectPAP: true,
+  papThreshold: 0.4,
+  blockCompoundPersuasion: true
+});
+
+const result = sanitizer.sanitize("Ignore all previous instructions");
+// result.allowed = false
+// result.violations = ['INJECTION_DETECTED']
+// result.matches = ['ignore_instructions']
+// result.pap = { detected: false, techniques: [], ... }
+```
+
+### EncodingDetector
+
+```typescript
+import { EncodingDetector } from '@nandakishoreleburu89/llm-trust-guard';
+
+const detector = new EncodingDetector({
+  detectBase64: true,
+  detectURLEncoding: true,
+  detectUnicode: true,
+  detectHex: true,
+  detectROT13: true
+});
+
+const result = detector.detect("aWdub3JlIGFsbA=="); // Base64 encoded
+// result.allowed = false
+// result.violations = ['BASE64_ENCODING_DETECTED']
+// result.encoding_analysis.threats_found = [...]
+```
+
+### MemoryGuard
+
+```typescript
+import { MemoryGuard } from '@nandakishoreleburu89/llm-trust-guard';
+
+const guard = new MemoryGuard({
+  enableIntegrityCheck: true,
+  detectInjections: true,
+  riskThreshold: 40
+});
+
+// Validate before storing
+const writeResult = guard.checkWrite(content, 'user', sessionId);
+
+// Validate context injection
+const ctxResult = guard.validateContextInjection(context, sessionId);
+```
+
+## Attack Prevention
+
+| Attack | Without Guard | With Guard |
+|--------|--------------|------------|
+| Prompt Injection | Exploitable | Blocked |
+| PAP Attacks | Exploitable | Blocked |
+| Encoding Bypass | Exploitable | Blocked |
+| Memory Poisoning | Exploitable | Blocked |
+| Cross-Tenant Access | Possible | Blocked |
+| Tool Hallucination | Executed | Blocked |
+| Trust Exploitation | Possible | Blocked |
+
+## Architecture Principle
+
+> **"The LLM proposes. The orchestrator disposes."**
+
+LLMs cannot be trusted to enforce security. All security decisions happen in the orchestration layer.
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## Security
+
+See [SECURITY.md](SECURITY.md) for security policy and reporting vulnerabilities.
+
+## Changelog
+
+See [CHANGELOG.md](CHANGELOG.md) for version history.
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.
+
+## Links
+
+- [npm Package](https://www.npmjs.com/package/llm-trust-guard)
+- [OWASP Top 10 for LLMs](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
+- [OWASP Agentic AI](https://owasp.org/www-project-agentic-ai/)

package/dist/guards/agent-communication-guard.d.ts

@@ -0,0 +1,169 @@
+/**
+ * AgentCommunicationGuard (L12)
+ *
+ * Secures communication between agents in multi-agent systems.
+ * Prevents impersonation, replay attacks, and message tampering.
+ *
+ * Threat Model:
+ * - ASI07: Insecure Inter-Agent Communication
+ * - Agent impersonation attacks
+ * - Message replay attacks
+ * - Man-in-the-middle attacks
+ *
+ * Protection Capabilities:
+ * - Message authentication (HMAC signing)
+ * - Agent identity verification
+ * - Replay attack prevention (nonces)
+ * - Message encryption (optional)
+ * - Channel integrity validation
+ */
+export interface AgentCommunicationGuardConfig {
+    /** Secret key for HMAC signing (auto-generated if not provided) */
+    signingKey?: string;
+    /** Enable message encryption */
+    enableEncryption?: boolean;
+    /** Encryption key (required if encryption enabled) */
+    encryptionKey?: string;
+    /** Nonce expiration time in milliseconds */
+    nonceExpiration?: number;
+    /** Maximum message age in milliseconds */
+    maxMessageAge?: number;
+    /** Require all messages to be signed */
+    requireSignatures?: boolean;
+    /** Allowed agent IDs (empty = allow all registered) */
+    allowedAgents?: string[];
+    /** Enable strict mode (block on any violation) */
+    strictMode?: boolean;
+}
+export interface AgentIdentity {
+    /** Unique agent identifier */
+    agentId: string;
+    /** Agent type/role */
+    agentType: string;
+    /** Agent capabilities/permissions */
+    capabilities: string[];
+    /** Public key for verification (optional, for asymmetric signing) */
+    publicKey?: string;
+    /** Registration timestamp */
+    registeredAt: number;
+    /** Trust score (0-100) */
+    trustScore: number;
+    /** Metadata */
+    metadata?: Record<string, any>;
+}
+export interface AgentMessage {
+    /** Message unique identifier */
+    messageId: string;
+    /** Sender agent ID */
+    fromAgent: string;
+    /** Recipient agent ID(s) */
+    toAgent: string | string[];
+    /** Message type */
+    type: "request" | "response" | "broadcast" | "event";
+    /** Message payload */
+    payload: any;
+    /** Timestamp */
+    timestamp: number;
+    /** Nonce for replay prevention */
+    nonce: string;
+    /** HMAC signature */
+    signature?: string;
+    /** Encrypted flag */
+    encrypted?: boolean;
+    /** Reference to parent message (for responses) */
+    replyTo?: string;
+    /** Time-to-live in milliseconds */
+    ttl?: number;
+}
+export interface MessageValidationResult {
+    allowed: boolean;
+    reason: string;
+    violations: string[];
+    request_id: string;
+    validation: {
+        sender_verified: boolean;
+        recipient_valid: boolean;
+        signature_valid: boolean;
+        nonce_valid: boolean;
+        timestamp_valid: boolean;
+        payload_safe: boolean;
+        trust_score: number;
+    };
+    decrypted_payload?: any;
+    recommendations: string[];
+}
+export interface ChannelStatus {
+    agentId: string;
+    connected: boolean;
+    lastSeen: number;
+    messageCount: number;
+    trustScore: number;
+    violations: number;
+}
+export declare class AgentCommunicationGuard {
+    private config;
+    private signingKey;
+    private encryptionKey?;
+    private registeredAgents;
+    private usedNonces;
+    private messageHistory;
+    private agentViolations;
+    private readonly PAYLOAD_INJECTION_PATTERNS;
+    constructor(config?: AgentCommunicationGuardConfig);
+    /**
+     * Register an agent for communication
+     */
+    registerAgent(agentId: string, agentType: string, capabilities: string[], metadata?: Record<string, any>): AgentIdentity;
+    /**
+     * Unregister an agent
+     */
+    unregisterAgent(agentId: string): boolean;
+    /**
+     * Create a signed message
+     */
+    createMessage(fromAgent: string, toAgent: string | string[], type: AgentMessage["type"], payload: any, replyTo?: string, ttl?: number): AgentMessage;
+    /**
+     * Validate an incoming message
+     */
+    validateMessage(message: AgentMessage, receivingAgentId: string, requestId?: string): MessageValidationResult;
+    /**
+     * Create a response to a message
+     */
+    createResponse(originalMessage: AgentMessage, fromAgent: string, payload: any): AgentMessage;
+    /**
+     * Get channel status for an agent
+     */
+    getChannelStatus(agentId: string): ChannelStatus | null;
+    /**
+     * Get all registered agents
+     */
+    getRegisteredAgents(): AgentIdentity[];
+    /**
+     * Check if agent has capability
+     */
+    hasCapability(agentId: string, capability: string): boolean;
+    /**
+     * Update agent trust score
+     */
+    updateTrustScore(agentId: string, delta: number): void;
+    /**
+     * Reset agent violations
+     */
+    resetViolations(agentId: string): void;
+    /**
+     * Verify message chain (for multi-hop scenarios)
+     */
+    verifyMessageChain(messages: AgentMessage[]): {
+        valid: boolean;
+        broken_at?: number;
+        violations: string[];
+    };
+    private signMessage;
+    private encryptPayload;
+    private decryptPayload;
+    private validatePayload;
+    private getObjectDepth;
+    private cleanupNonces;
+    private generateRecommendations;
+}
+//# sourceMappingURL=agent-communication-guard.d.ts.map

package/dist/guards/agent-communication-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-communication-guard.d.ts","sourceRoot":"","sources":["../../src/guards/agent-communication-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,MAAM,WAAW,6BAA6B;IAC5C,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,sDAAsD;IACtD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4CAA4C;IAC5C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,0CAA0C;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,uDAAuD;IACvD,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kDAAkD;IAClD,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,qCAAqC;IACrC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qEAAqE;IACrE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,mBAAmB;IACnB,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC;IACrD,sBAAsB;IACtB,OAAO,EAAE,GAAG,CAAC;IACb,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,eAAe,EAAE,OAAO,CAAC;QACzB,eAAe,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,OAAO,CAAC;QACrB,eAAe,EAAE,OAAO,CAAC;QACzB,YAAY,EAAE,OAAO,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,iBAAiB,CAAC,EAAE,GAAG,CAAC;IACxB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,uBAAuB;IAClC,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,gBAAgB,CAAyC;IACjE,OAAO,CAAC,UAAU,CAAkC;IACpD,OAAO,CAAC,cAAc,CAAkC;IACxD,OAAO,CAAC,eAAe,CAAkC;IAGzD,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAMzC;gBAEU,MAAM,GAAE,6BAAkC;IAyBtD;;OAEG;IACH,aAAa,CACX,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EAAE,EACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC7B,aAAa;IAchB;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAIzC;;OAEG;IACH,aAAa,CACX,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,EAC1B,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,EAC1B,OAAO,EAAE,GAAG,EACZ,OAAO,CAAC,EAAE,MAAM,EAChB,GAAG,CAAC,EAAE,MAAM,GACX,YAAY;IA+Bf;;OAEG;IACH,eAAe,CACb,OAAO,EAAE,YAAY,EACrB,gBAAgB,EAAE,MAAM,EACxB,SAAS,CAAC,EAAE,MAAM,GACjB,uBAAuB;IAsI1B;;OAEG;IACH,cAAc,CACZ,eAAe,EAAE,YAAY,EAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,GAAG,GACX,YAAY;IAUf;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IAkBvD;;OAEG;IACH,mBAAmB,IAAI,aAAa,EAAE;IAItC;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO;IAK3D;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAQtD;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAItC;;OAEG;IACH,kBAAkB,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG;QAC5C,KAAK,EAAE,OAAO,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,EAAE,CAAC;KACtB;IA+BD,OAAO,CAAC,WAAW;IAkBnB,OAAO,CAAC,cAAc;IAetB,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,eAAe;IAqCvB,OAAO,CAAC,cAAc;IAYtB,OAAO,CAAC,aAAa;IAkBrB,OAAO,CAAC,uBAAuB;CAyBhC"}