llm-trust-guard 4.0.0

package/dist/guards/memory-guard.d.ts

@@ -0,0 +1,124 @@
+/**
+ * MemoryGuard (L9)
+ *
+ * Protects persistent memory/context from poisoning attacks.
+ * Prevents cross-session contamination and instruction injection in stored context.
+ *
+ * Threat Model:
+ * - ASI06: Memory & Context Poisoning
+ * - Memory Persistence Attacks (cross-session instruction injection)
+ * - Context window manipulation
+ *
+ * Protection Capabilities:
+ * - Memory content integrity verification
+ * - Instruction injection detection in stored context
+ * - Cross-session contamination prevention
+ * - Memory rollback capabilities
+ * - Cryptographic content signing
+ */
+export interface MemoryGuardConfig {
+    /** Enable content integrity checking */
+    enableIntegrityCheck?: boolean;
+    /** Enable injection detection in memory */
+    detectInjections?: boolean;
+    /** Maximum memory items per session */
+    maxMemoryItems?: number;
+    /** Maximum age of memory items in milliseconds */
+    maxMemoryAge?: number;
+    /** Secret key for HMAC signing (auto-generated if not provided) */
+    signingKey?: string;
+    /** Enable automatic quarantine of suspicious content */
+    autoQuarantine?: boolean;
+    /** Risk threshold for blocking (0-100) */
+    riskThreshold?: number;
+}
+export interface MemoryItem {
+    /** Unique identifier for the memory item */
+    id: string;
+    /** The actual content stored */
+    content: string;
+    /** Source of the memory (user, assistant, system, external) */
+    source: "user" | "assistant" | "system" | "external" | "rag";
+    /** Timestamp when created */
+    timestamp: number;
+    /** Session ID that created this memory */
+    sessionId: string;
+    /** Optional metadata */
+    metadata?: Record<string, any>;
+    /** Integrity signature */
+    signature?: string;
+    /** Trust score (0-100) */
+    trustScore?: number;
+}
+export interface MemoryGuardResult {
+    allowed: boolean;
+    reason: string;
+    violations: string[];
+    request_id: string;
+    memory_analysis: {
+        items_checked: number;
+        items_quarantined: number;
+        injection_attempts: number;
+        integrity_failures: number;
+        cross_session_contamination: boolean;
+        risk_score: number;
+    };
+    quarantined_items: string[];
+    recommendations: string[];
+}
+export interface MemoryWriteResult {
+    allowed: boolean;
+    reason: string;
+    violations: string[];
+    request_id: string;
+    item_id?: string;
+    signature?: string;
+    sanitized_content?: string;
+}
+export declare class MemoryGuard {
+    private config;
+    private signingKey;
+    private quarantine;
+    private memoryStore;
+    private integrityCache;
+    private readonly MEMORY_INJECTION_PATTERNS;
+    private readonly CONTAMINATION_PATTERNS;
+    constructor(config?: MemoryGuardConfig);
+    /**
+     * Check if content is safe to write to memory
+     */
+    checkWrite(content: string, source: MemoryItem["source"], sessionId: string, metadata?: Record<string, any>, requestId?: string): MemoryWriteResult;
+    /**
+     * Check if memory items are safe to read/use
+     */
+    checkRead(sessionId: string, itemIds?: string[], requestId?: string): MemoryGuardResult;
+    /**
+     * Validate external memory/context before injecting into prompts
+     */
+    validateContextInjection(context: string | string[], sessionId: string, requestId?: string): MemoryGuardResult;
+    /**
+     * Get safe memory items for a session (excluding quarantined)
+     */
+    getSafeMemory(sessionId: string): MemoryItem[];
+    /**
+     * Rollback memory to a specific point in time
+     */
+    rollbackMemory(sessionId: string, beforeTimestamp: number): number;
+    /**
+     * Clear quarantine for a session
+     */
+    clearQuarantine(sessionId?: string): number;
+    /**
+     * Clear all memory for a session
+     */
+    clearSession(sessionId: string): void;
+    /**
+     * Get quarantined items for review
+     */
+    getQuarantinedItems(sessionId?: string): MemoryItem[];
+    private signContent;
+    private sanitizeContent;
+    private quarantineItem;
+    private generateRecommendations;
+}
+//# sourceMappingURL=memory-guard.d.ts.map

package/dist/guards/memory-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-guard.d.ts","sourceRoot":"","sources":["../../src/guards/memory-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,MAAM,WAAW,iBAAiB;IAChC,wCAAwC;IACxC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,uCAAuC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kDAAkD;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wDAAwD;IACxD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,0CAA0C;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,+DAA+D;IAC/D,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;IAC7D,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE;QACf,aAAa,EAAE,MAAM,CAAC;QACtB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,2BAA2B,EAAE,OAAO,CAAC;QACrC,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,UAAU,CAAsC;IACxD,OAAO,CAAC,WAAW,CAAwC;IAC3D,OAAO,CAAC,cAAc,CAAkC;IAGxD,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CA2BxC;IAGF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CASrC;gBAEU,MAAM,GAAE,iBAAsB;IAc1C;;OAEG;IACH,UAAU,CACR,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC9B,SAAS,CAAC,EAAE,MAAM,GACjB,iBAAiB;IAqGpB;;OAEG;IACH,SAAS,CACP,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,iBAAiB;IA0FpB;;OAEG;IACH,wBAAwB,CACtB,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,EAC1B,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,iBAAiB;IA4FpB;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,EAAE;IAW9C;;OAEG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,MAAM;IAUlE;;OAEG;IACH,eAAe,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAiB3C;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAYrC;;OAEG;IACH,mBAAmB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE;IAKrD,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,eAAe;IAkBvB,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,uBAAuB;CAyBhC"}

package/dist/guards/memory-guard.js

@@ -0,0 +1,476 @@
+"use strict";
+/**
+ * MemoryGuard (L9)
+ *
+ * Protects persistent memory/context from poisoning attacks.
+ * Prevents cross-session contamination and instruction injection in stored context.
+ *
+ * Threat Model:
+ * - ASI06: Memory & Context Poisoning
+ * - Memory Persistence Attacks (cross-session instruction injection)
+ * - Context window manipulation
+ *
+ * Protection Capabilities:
+ * - Memory content integrity verification
+ * - Instruction injection detection in stored context
+ * - Cross-session contamination prevention
+ * - Memory rollback capabilities
+ * - Cryptographic content signing
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryGuard = void 0;
+const crypto = __importStar(require("crypto"));
+class MemoryGuard {
+    constructor(config = {}) {
+        this.quarantine = new Map();
+        this.memoryStore = new Map(); // sessionId -> items
+        this.integrityCache = new Map(); // itemId -> signature
+        // Injection patterns specific to memory/context poisoning
+        this.MEMORY_INJECTION_PATTERNS = [
+            // Persistence instructions
+            { name: "persistent_instruction", pattern: /always\s+(remember|do|follow|execute|obey)|from\s+now\s+on/i, severity: 30 },
+            { name: "future_trigger", pattern: /when(?:ever)?\s+(you|user|they|someone)\s+(see|mention|ask|type|say|input)/i, severity: 25 },
+            { name: "hidden_rule", pattern: /secret\s+(rule|instruction|command|directive)|do\s+not\s+(tell|reveal|disclose|mention)/i, severity: 40 },
+            { name: "role_persistence", pattern: /you\s+are\s+(always|permanently|forever|now)\s+(a|an|the)|you\s+are\s+now\s+permanently|maintain\s+this\s+persona/i, severity: 35 },
+            { name: "memory_manipulation", pattern: /forget\s+(everything|all|previous|prior)|clear\s+(your\s+)?memory|wipe\s+your\s+context/i, severity: 30 },
+            { name: "cross_session_leak", pattern: /remember\s+(?:this\s+)?for\s+(next|future|all)\s+session|store\s+(?:this\s+)?permanently/i, severity: 35 },
+            { name: "behavior_override", pattern: /override\s+(default|normal|standard|current)\s+behavior|change\s+your\s+(?:core\s+)?behavior/i, severity: 40 },
+            { name: "system_impersonation", pattern: /\[SYSTEM\s*(?:MEMORY|MESSAGE|INSTRUCTION)\]|\[CORE\s*INSTRUCTION\]|\[PERMANENT\s*RULE\]|\[ADMIN\s*OVERRIDE\]/i, severity: 50 },
+            { name: "exfiltration_setup", pattern: /whenever\s+.*(?:send|transmit|forward)\s+to|always\s+(?:include|append|add)\s+(?:in|to)\s+response/i, severity: 45 },
+            { name: "privilege_persistence", pattern: /grant\s+(admin|root|elevated|superuser)\s+(?:access|privileges?)\s+(permanently|always|forever)/i, severity: 50 },
+            // New patterns
+            { name: "conditional_behavior", pattern: /if\s+(?:user|anyone|someone)\s+(?:says|types|asks|mentions?)\s+.*(?:then|,)\s+(?:do|execute|respond|reveal|show|give)/i, severity: 35 },
+            { name: "hidden_command", pattern: /hidden\s+command|secret\s+trigger|backdoor|easter\s+egg\s+(?:is|:)/i, severity: 45 },
+            { name: "instruction_injection", pattern: /(?:new|updated|revised)\s+(?:system\s+)?instructions?\s*:|important\s+update\s*:/i, severity: 40 },
+            { name: "context_pollution", pattern: /(?:prepend|append)\s+(?:this\s+)?to\s+(?:all\s+)?(?:responses?|outputs?)/i, severity: 35 },
+            { name: "sleeper_agent", pattern: /wait\s+(?:for|until)\s+(?:signal|trigger|command)|activate\s+(?:when|on|if)/i, severity: 45 },
+            { name: "goal_hijacking", pattern: /(?:your\s+)?(?:new|real|true|actual)\s+(?:goal|objective|purpose|mission)\s+(?:is|:)/i, severity: 50 },
+            { name: "trust_exploitation", pattern: /(?:trust|believe)\s+(?:everything|anything)\s+(?:I|user)\s+(?:say|tell)/i, severity: 40 },
+            { name: "output_manipulation", pattern: /(?:always|never)\s+(?:include|exclude|add|remove)\s+.*\s+(?:in|from)\s+(?:your\s+)?(?:response|output)/i, severity: 35 },
+            { name: "persona_injection", pattern: /(?:adopt|assume|take\s+on)\s+(?:the\s+)?(?:persona|identity|role)\s+of/i, severity: 35 },
+            { name: "data_harvesting", pattern: /(?:collect|gather|record)\s+(?:all\s+)?(?:user\s+)?(?:data|information|inputs?)/i, severity: 45 },
+            { name: "bypass_safety", pattern: /(?:ignore|bypass|disable|turn\s+off)\s+(?:safety|security|content)\s+(?:checks?|filters?|measures?)/i, severity: 50 },
+            { name: "false_context", pattern: /(?:pretend|assume|imagine)\s+(?:that\s+)?(?:this\s+)?(?:is|was)\s+(?:a\s+)?(?:previous|earlier|past)\s+(?:conversation|session)/i, severity: 40 },
+            { name: "jailbreak_persistence", pattern: /(?:DAN|developer|god|admin)\s+mode\s+(?:enabled|activated|permanent)/i, severity: 50 },
+            { name: "instruction_hierarchy", pattern: /(?:this|these)\s+instructions?\s+(?:override|supersede|take\s+precedence)/i, severity: 45 },
+        ];
+        // Patterns indicating cross-session contamination attempts
+        this.CONTAMINATION_PATTERNS = [
+            { name: "session_reference", pattern: /previous\s+session|last\s+(?:conversation|chat|session)|yesterday|earlier\s+today/i },
+            { name: "user_reference", pattern: /other\s+user(?:s)?|different\s+(?:account|user|person)|another\s+(?:person|user|customer)/i },
+            { name: "data_mixing", pattern: /combine\s+with\s+other|merge\s+(?:sessions?|conversations?|data)|consolidate\s+(?:information|data)/i },
+            { name: "context_import", pattern: /import\s+(?:context|data|memory)\s+from|load\s+(?:previous|external)\s+(?:context|session)/i },
+            { name: "shared_memory", pattern: /shared\s+(?:memory|context|knowledge)|global\s+(?:state|context)/i },
+            { name: "user_impersonation", pattern: /(?:speaking|acting|responding)\s+(?:as|for)\s+(?:another|different)\s+user/i },
+            { name: "history_injection", pattern: /(?:add|insert|inject)\s+(?:to|into)\s+(?:conversation\s+)?history/i },
+            { name: "tenant_bypass", pattern: /(?:access|view|modify)\s+(?:other\s+)?(?:tenant|organization|account)(?:'s)?\s+(?:data|information)/i },
+        ];
+        this.config = {
+            enableIntegrityCheck: config.enableIntegrityCheck ?? true,
+            detectInjections: config.detectInjections ?? true,
+            maxMemoryItems: config.maxMemoryItems ?? 100,
+            maxMemoryAge: config.maxMemoryAge ?? 24 * 60 * 60 * 1000, // 24 hours
+            signingKey: config.signingKey ?? crypto.randomBytes(32).toString("hex"),
+            autoQuarantine: config.autoQuarantine ?? true,
+            riskThreshold: config.riskThreshold ?? 40,
+        };
+        this.signingKey = Buffer.from(this.config.signingKey, "hex");
+    }
+    /**
+     * Check if content is safe to write to memory
+     */
+    checkWrite(content, source, sessionId, metadata, requestId) {
+        const reqId = requestId || `mem-w-${Date.now()}`;
+        const violations = [];
+        let riskScore = 0;
+        // Check for injection patterns
+        if (this.config.detectInjections) {
+            for (const { name, pattern, severity } of this.MEMORY_INJECTION_PATTERNS) {
+                if (pattern.test(content)) {
+                    violations.push(`injection_${name}`);
+                    riskScore += severity;
+                }
+            }
+        }
+        // Check for cross-session contamination attempts
+        for (const { name, pattern } of this.CONTAMINATION_PATTERNS) {
+            if (pattern.test(content)) {
+                violations.push(`contamination_${name}`);
+                riskScore += 20;
+            }
+        }
+        // Check for Unicode-based obfuscation in content
+        if (/[\u200B\u200C\u200D\uFEFF\u00AD\u2060\u180E]/.test(content)) {
+            violations.push("zero_width_obfuscation");
+            riskScore += 30;
+        }
+        if (/[\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]/.test(content)) {
+            violations.push("bidi_control_obfuscation");
+            riskScore += 35;
+        }
+        if (/[\u{E0000}-\u{E007F}]/u.test(content)) {
+            violations.push("tag_character_obfuscation");
+            riskScore += 40;
+        }
+        // External sources are less trusted
+        if (source === "external" || source === "rag") {
+            riskScore += 15;
+        }
+        // Check memory limits
+        const sessionMemory = this.memoryStore.get(sessionId) || [];
+        if (sessionMemory.length >= this.config.maxMemoryItems) {
+            violations.push("memory_limit_exceeded");
+            return {
+                allowed: false,
+                reason: "Memory limit exceeded for session",
+                violations,
+                request_id: reqId,
+            };
+        }
+        // Decision
+        const blocked = riskScore >= this.config.riskThreshold;
+        if (blocked) {
+            return {
+                allowed: false,
+                reason: `Memory write blocked: ${violations.slice(0, 3).join(", ")}`,
+                violations,
+                request_id: reqId,
+            };
+        }
+        // Generate sanitized content (remove suspicious patterns)
+        const sanitizedContent = this.sanitizeContent(content);
+        // Create and sign the memory item
+        const itemId = `mem-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
+        const signature = this.signContent(itemId, sanitizedContent, sessionId);
+        // Store the item
+        const item = {
+            id: itemId,
+            content: sanitizedContent,
+            source,
+            timestamp: Date.now(),
+            sessionId,
+            metadata,
+            signature,
+            trustScore: 100 - riskScore,
+        };
+        const memory = this.memoryStore.get(sessionId) || [];
+        memory.push(item);
+        this.memoryStore.set(sessionId, memory);
+        this.integrityCache.set(itemId, signature);
+        return {
+            allowed: true,
+            reason: "Memory write allowed",
+            violations,
+            request_id: reqId,
+            item_id: itemId,
+            signature,
+            sanitized_content: sanitizedContent !== content ? sanitizedContent : undefined,
+        };
+    }
+    /**
+     * Check if memory items are safe to read/use
+     */
+    checkRead(sessionId, itemIds, requestId) {
+        const reqId = requestId || `mem-r-${Date.now()}`;
+        const violations = [];
+        const quarantinedItems = [];
+        let injectionAttempts = 0;
+        let integrityFailures = 0;
+        let crossSessionContamination = false;
+        let riskScore = 0;
+        const sessionMemory = this.memoryStore.get(sessionId) || [];
+        const itemsToCheck = itemIds
+            ? sessionMemory.filter((item) => itemIds.includes(item.id))
+            : sessionMemory;
+        for (const item of itemsToCheck) {
+            // Verify integrity
+            if (this.config.enableIntegrityCheck && item.signature) {
+                const expectedSignature = this.signContent(item.id, item.content, item.sessionId);
+                if (item.signature !== expectedSignature) {
+                    integrityFailures++;
+                    violations.push(`integrity_failure_${item.id}`);
+                    riskScore += 40;
+                    if (this.config.autoQuarantine) {
+                        this.quarantineItem(item);
+                        quarantinedItems.push(item.id);
+                    }
+                    continue;
+                }
+            }
+            // Check for stale items
+            const age = Date.now() - item.timestamp;
+            if (age > this.config.maxMemoryAge) {
+                violations.push(`stale_memory_${item.id}`);
+                riskScore += 10;
+                if (this.config.autoQuarantine) {
+                    this.quarantineItem(item);
+                    quarantinedItems.push(item.id);
+                }
+                continue;
+            }
+            // Re-scan content for injections (in case of tampering)
+            if (this.config.detectInjections) {
+                for (const { name, pattern, severity } of this.MEMORY_INJECTION_PATTERNS) {
+                    if (pattern.test(item.content)) {
+                        injectionAttempts++;
+                        violations.push(`read_injection_${name}`);
+                        riskScore += severity / 2; // Lower severity on read (already stored)
+                        if (severity >= 40 && this.config.autoQuarantine) {
+                            this.quarantineItem(item);
+                            quarantinedItems.push(item.id);
+                        }
+                    }
+                }
+            }
+            // Check for cross-session content
+            if (item.sessionId !== sessionId) {
+                crossSessionContamination = true;
+                violations.push("cross_session_access");
+                riskScore += 30;
+            }
+        }
+        const blocked = riskScore >= this.config.riskThreshold * 1.5; // Higher threshold for reads
+        return {
+            allowed: !blocked,
+            reason: blocked
+                ? `Memory read blocked: ${violations.slice(0, 3).join(", ")}`
+                : "Memory read allowed",
+            violations,
+            request_id: reqId,
+            memory_analysis: {
+                items_checked: itemsToCheck.length,
+                items_quarantined: quarantinedItems.length,
+                injection_attempts: injectionAttempts,
+                integrity_failures: integrityFailures,
+                cross_session_contamination: crossSessionContamination,
+                risk_score: Math.min(100, riskScore),
+            },
+            quarantined_items: quarantinedItems,
+            recommendations: this.generateRecommendations(violations, integrityFailures > 0),
+        };
+    }
+    /**
+     * Validate external memory/context before injecting into prompts
+     */
+    validateContextInjection(context, sessionId, requestId) {
+        const reqId = requestId || `mem-ctx-${Date.now()}`;
+        const contexts = Array.isArray(context) ? context : [context];
+        const violations = [];
+        let totalRiskScore = 0;
+        let injectionAttempts = 0;
+        for (const ctx of contexts) {
+            // Check for injection patterns
+            for (const { name, pattern, severity } of this.MEMORY_INJECTION_PATTERNS) {
+                if (pattern.test(ctx)) {
+                    violations.push(`context_injection_${name}`);
+                    totalRiskScore += severity;
+                    injectionAttempts++;
+                }
+            }
+            // Check for contamination patterns
+            for (const { name, pattern } of this.CONTAMINATION_PATTERNS) {
+                if (pattern.test(ctx)) {
+                    violations.push(`context_contamination_${name}`);
+                    totalRiskScore += 15;
+                }
+            }
+            // Check for privilege escalation hidden in context
+            if (/\{\s*"?role"?\s*:\s*"?(admin|root|system)"?/i.test(ctx) ||
+                /"?permissions?"?\s*:\s*["']\*["']/i.test(ctx) ||
+                /"?isAdmin"?\s*:\s*true/i.test(ctx)) {
+                violations.push("hidden_privilege_in_context");
+                totalRiskScore += 35;
+            }
+            // Check for JSON/structured data injection
+            if (/\{\s*"?(instruction|command|action)"?\s*:/i.test(ctx)) {
+                violations.push("structured_instruction_in_context");
+                totalRiskScore += 25;
+            }
+            // Check for zero-width character obfuscation
+            if (/[\u200B\u200C\u200D\uFEFF\u00AD\u2060\u180E]/.test(ctx)) {
+                violations.push("zero_width_characters");
+                totalRiskScore += 30;
+            }
+            // Check for bidirectional text control characters
+            if (/[\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]/.test(ctx)) {
+                violations.push("bidi_control_characters");
+                totalRiskScore += 35;
+            }
+            // Check for homoglyphs (Cyrillic/Greek lookalikes)
+            if (/[\u0430-\u044F\u0410-\u042F\u0391-\u03C9]/.test(ctx)) {
+                violations.push("potential_homoglyph_attack");
+                totalRiskScore += 20;
+            }
+            // Check for tag characters (used to hide content)
+            if (/[\u{E0000}-\u{E007F}]/u.test(ctx)) {
+                violations.push("tag_character_hiding");
+                totalRiskScore += 40;
+            }
+            // Check for unusual whitespace characters
+            if (/[\u00A0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000]/.test(ctx)) {
+                violations.push("unusual_whitespace");
+                totalRiskScore += 15;
+            }
+        }
+        const blocked = totalRiskScore >= this.config.riskThreshold;
+        return {
+            allowed: !blocked,
+            reason: blocked
+                ? `Context injection blocked: ${violations.slice(0, 3).join(", ")}`
+                : "Context injection allowed",
+            violations,
+            request_id: reqId,
+            memory_analysis: {
+                items_checked: contexts.length,
+                items_quarantined: 0,
+                injection_attempts: injectionAttempts,
+                integrity_failures: 0,
+                cross_session_contamination: false,
+                risk_score: Math.min(100, totalRiskScore),
+            },
+            quarantined_items: [],
+            recommendations: this.generateRecommendations(violations, false),
+        };
+    }
+    /**
+     * Get safe memory items for a session (excluding quarantined)
+     */
+    getSafeMemory(sessionId) {
+        const sessionMemory = this.memoryStore.get(sessionId) || [];
+        const quarantinedIds = new Set([...this.quarantine.keys()]);
+        return sessionMemory.filter((item) => !quarantinedIds.has(item.id) &&
+            Date.now() - item.timestamp <= this.config.maxMemoryAge);
+    }
+    /**
+     * Rollback memory to a specific point in time
+     */
+    rollbackMemory(sessionId, beforeTimestamp) {
+        const sessionMemory = this.memoryStore.get(sessionId) || [];
+        const originalCount = sessionMemory.length;
+        const filtered = sessionMemory.filter((item) => item.timestamp < beforeTimestamp);
+        this.memoryStore.set(sessionId, filtered);
+        return originalCount - filtered.length;
+    }
+    /**
+     * Clear quarantine for a session
+     */
+    clearQuarantine(sessionId) {
+        if (sessionId) {
+            let count = 0;
+            for (const [id, item] of this.quarantine) {
+                if (item.sessionId === sessionId) {
+                    this.quarantine.delete(id);
+                    count++;
+                }
+            }
+            return count;
+        }
+        else {
+            const count = this.quarantine.size;
+            this.quarantine.clear();
+            return count;
+        }
+    }
+    /**
+     * Clear all memory for a session
+     */
+    clearSession(sessionId) {
+        this.memoryStore.delete(sessionId);
+        this.clearQuarantine(sessionId);
+        // Clear integrity cache for session items
+        for (const [id] of this.integrityCache) {
+            if (id.startsWith(`mem-${sessionId}`)) {
+                this.integrityCache.delete(id);
+            }
+        }
+    }
+    /**
+     * Get quarantined items for review
+     */
+    getQuarantinedItems(sessionId) {
+        const items = [...this.quarantine.values()];
+        return sessionId ? items.filter((item) => item.sessionId === sessionId) : items;
+    }
+    signContent(itemId, content, sessionId) {
+        const data = `${itemId}:${sessionId}:${content}`;
+        return crypto.createHmac("sha256", this.signingKey).update(data).digest("hex");
+    }
+    sanitizeContent(content) {
+        let sanitized = content;
+        // Remove the most dangerous patterns
+        const dangerousPatterns = [
+            /\[SYSTEM\s*MEMORY\]/gi,
+            /\[CORE\s*INSTRUCTION\]/gi,
+            /\[PERMANENT\s*RULE\]/gi,
+            /override\s+(default|normal|standard)\s+behavior/gi,
+        ];
+        for (const pattern of dangerousPatterns) {
+            sanitized = sanitized.replace(pattern, "[REDACTED]");
+        }
+        return sanitized;
+    }
+    quarantineItem(item) {
+        this.quarantine.set(item.id, item);
+        // Remove from active memory
+        const sessionMemory = this.memoryStore.get(item.sessionId) || [];
+        const filtered = sessionMemory.filter((i) => i.id !== item.id);
+        this.memoryStore.set(item.sessionId, filtered);
+    }
+    generateRecommendations(violations, integrityIssue) {
+        const recommendations = [];
+        if (integrityIssue) {
+            recommendations.push("Memory integrity compromised - consider clearing session memory");
+        }
+        if (violations.some((v) => v.includes("injection"))) {
+            recommendations.push("Review memory sources for injection attempts");
+        }
+        if (violations.some((v) => v.includes("contamination"))) {
+            recommendations.push("Enforce strict session isolation");
+        }
+        if (violations.some((v) => v.includes("stale"))) {
+            recommendations.push("Implement memory expiration policies");
+        }
+        if (violations.some((v) => v.includes("privilege"))) {
+            recommendations.push("Audit memory for privilege escalation attempts");
+        }
+        if (recommendations.length === 0) {
+            recommendations.push("Continue monitoring memory operations");
+        }
+        return recommendations;
+    }
+}
+exports.MemoryGuard = MemoryGuard;
+//# sourceMappingURL=memory-guard.js.map

package/dist/guards/memory-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-guard.js","sourceRoot":"","sources":["../../src/guards/memory-guard.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,+CAAiC;AAiEjC,MAAa,WAAW;IAiDtB,YAAY,SAA4B,EAAE;QA9ClC,eAAU,GAA4B,IAAI,GAAG,EAAE,CAAC;QAChD,gBAAW,GAA8B,IAAI,GAAG,EAAE,CAAC,CAAC,qBAAqB;QACzE,mBAAc,GAAwB,IAAI,GAAG,EAAE,CAAC,CAAC,sBAAsB;QAE/E,0DAA0D;QACzC,8BAAyB,GAA+D;YACvG,2BAA2B;YAC3B,EAAE,IAAI,EAAE,wBAAwB,EAAE,OAAO,EAAE,6DAA6D,EAAE,QAAQ,EAAE,EAAE,EAAE;YACxH,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,6EAA6E,EAAE,QAAQ,EAAE,EAAE,EAAE;YAChI,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0FAA0F,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC1I,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,oHAAoH,EAAE,QAAQ,EAAE,EAAE,EAAE;YACzK,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,0FAA0F,EAAE,QAAQ,EAAE,EAAE,EAAE;YAClJ,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,2FAA2F,EAAE,QAAQ,EAAE,EAAE,EAAE;YAClJ,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,+FAA+F,EAAE,QAAQ,EAAE,EAAE,EAAE;YACrJ,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,+GAA+G,EAAE,QAAQ,EAAE,EAAE,EAAE;YACxK,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,qGAAqG,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5J,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,kGAAkG,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5J,eAAe;YACf,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,wHAAwH,EAAE,QAAQ,EAAE,EAAE,EAAE;YACjL,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,qEAAqE,EAAE,QAAQ,EAAE,EAAE,EAAE;YACxH,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,mFAAmF,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC7I,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,2EAA2E,EAAE,QAAQ,EAAE,EAAE,EAAE;YACjI,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,8EAA8E,EAAE,QAAQ,EAAE,EAAE,EAAE;YAChI,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uFAAuF,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC1I,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,0EAA0E,EAAE,QAAQ,EAAE,EAAE,EAAE;YACjI,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,yGAAyG,EAAE,QAAQ,EAAE,EAAE,EAAE;YACjK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,yEAAyE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC/H,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,kFAAkF,EAAE,QAAQ,EAAE,EAAE,EAAE;YACtI,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,sGAAsG,EAAE,QAAQ,EAAE,EAAE,EAAE;YACxJ,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,kIAAkI,EAAE,QAAQ,EAAE,EAAE,EAAE;YACpL,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,uEAAuE,EAAE,QAAQ,EAAE,EAAE,EAAE;YACjI,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,4EAA4E,EAAE,QAAQ,EAAE,EAAE,EAAE;SACvI,CAAC;QAEF,2DAA2D;QAC1C,2BAAsB,GAA6C;YAClF,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,oFAAoF,EAAE;YAC5H,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,4FAA4F,EAAE;YACjI,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sGAAsG,EAAE;YACxI,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,6FAA6F,EAAE;YAClI,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,mEAAmE,EAAE;YACvG,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,6EAA6E,EAAE;YACtH,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,oEAAoE,EAAE;YAC5G,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,sGAAsG,EAAE;SAC3I,CAAC;QAGA,IAAI,CAAC,MAAM,GAAG;YACZ,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,IAAI;YACzD,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,IAAI;YACjD,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,GAAG;YAC5C,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;YACrE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACvE,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;YAC7C,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;SAC1C,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,UAAU,CACR,OAAe,EACf,MAA4B,EAC5B,SAAiB,EACjB,QAA8B,EAC9B,SAAkB;QAElB,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACjD,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,+BAA+B;QAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBACzE,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1B,UAAU,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;oBACrC,SAAS,IAAI,QAAQ,CAAC;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC5D,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,UAAU,CAAC,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;gBACzC,SAAS,IAAI,EAAE,CAAC;YAClB,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,IAAI,8CAA8C,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjE,UAAU,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAC1C,SAAS,IAAI,EAAE,CAAC;QAClB,CAAC;QACD,IAAI,0DAA0D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7E,UAAU,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YAC5C,SAAS,IAAI,EAAE,CAAC;QAClB,CAAC;QACD,IAAI,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,UAAU,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YAC7C,SAAS,IAAI,EAAE,CAAC;QAClB,CAAC;QAED,oCAAoC;QACpC,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC9C,SAAS,IAAI,EAAE,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC5D,IAAI,aAAa,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACvD,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACzC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,mCAAmC;gBAC3C,UAAU;gBACV,UAAU,EAAE,KAAK;aAClB,CAAC;QACJ,CAAC;QAED,WAAW;QACX,MAAM,OAAO,GAAG,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAEvD,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,yBAAyB,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACpE,UAAU;gBACV,UAAU,EAAE,KAAK;aAClB,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAEvD,kCAAkC;QAClC,MAAM,MAAM,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAC9E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;QAExE,iBAAiB;QACjB,MAAM,IAAI,GAAe;YACvB,EAAE,EAAE,MAAM;YACV,OAAO,EAAE,gBAAgB;YACzB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS;YACT,QAAQ;YACR,SAAS;YACT,UAAU,EAAE,GAAG,GAAG,SAAS;SAC5B,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE3C,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,sBAAsB;YAC9B,UAAU;YACV,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,MAAM;YACf,SAAS;YACT,iBAAiB,EAAE,gBAAgB,KAAK,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;SAC/E,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS,CACP,SAAiB,EACjB,OAAkB,EAClB,SAAkB;QAElB,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACjD,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,gBAAgB,GAAa,EAAE,CAAC;QACtC,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,yBAAyB,GAAG,KAAK,CAAC;QACtC,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC5D,MAAM,YAAY,GAAG,OAAO;YAC1B,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC,CAAC,aAAa,CAAC;QAElB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,mBAAmB;YACnB,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACvD,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;gBAClF,IAAI,IAAI,CAAC,SAAS,KAAK,iBAAiB,EAAE,CAAC;oBACzC,iBAAiB,EAAE,CAAC;oBACpB,UAAU,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;oBAChD,SAAS,IAAI,EAAE,CAAC;oBAEhB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;wBAC/B,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;wBAC1B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACjC,CAAC;oBACD,SAAS;gBACX,CAAC;YACH,CAAC;YAED,wBAAwB;YACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;YACxC,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBACnC,UAAU,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3C,SAAS,IAAI,EAAE,CAAC;gBAEhB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC/B,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;oBAC1B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjC,CAAC;gBACD,SAAS;YACX,CAAC;YAED,wDAAwD;YACxD,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBACjC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,yBAAyB,EAAE,CAAC;oBACzE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC/B,iBAAiB,EAAE,CAAC;wBACpB,UAAU,CAAC,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;wBAC1C,SAAS,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC,0CAA0C;wBAErE,IAAI,QAAQ,IAAI,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;4BACjD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;4BAC1B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACjC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,yBAAyB,GAAG,IAAI,CAAC;gBACjC,UAAU,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;gBACxC,SAAS,IAAI,EAAE,CAAC;YAClB,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC,6BAA6B;QAE3F,OAAO;YACL,OAAO,EAAE,CAAC,OAAO;YACjB,MAAM,EAAE,OAAO;gBACb,CAAC,CAAC,wBAAwB,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC7D,CAAC,CAAC,qBAAqB;YACzB,UAAU;YACV,UAAU,EAAE,KAAK;YACjB,eAAe,EAAE;gBACf,aAAa,EAAE,YAAY,CAAC,MAAM;gBAClC,iBAAiB,EAAE,gBAAgB,CAAC,MAAM;gBAC1C,kBAAkB,EAAE,iBAAiB;gBACrC,kBAAkB,EAAE,iBAAiB;gBACrC,2BAA2B,EAAE,yBAAyB;gBACtD,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC;aACrC;YACD,iBAAiB,EAAE,gBAAgB;YACnC,eAAe,EAAE,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,iBAAiB,GAAG,CAAC,CAAC;SACjF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,wBAAwB,CACtB,OAA0B,EAC1B,SAAiB,EACjB,SAAkB;QAElB,MAAM,KAAK,GAAG,SAAS,IAAI,WAAW,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAE1B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,+BAA+B;YAC/B,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBACzE,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,UAAU,CAAC,IAAI,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;oBAC7C,cAAc,IAAI,QAAQ,CAAC;oBAC3B,iBAAiB,EAAE,CAAC;gBACtB,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC5D,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,UAAU,CAAC,IAAI,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;oBACjD,cAAc,IAAI,EAAE,CAAC;gBACvB,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,IAAI,8CAA8C,CAAC,IAAI,CAAC,GAAG,CAAC;gBACxD,oCAAoC,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC9C,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;gBAC/C,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;YAED,2CAA2C;YAC3C,IAAI,4CAA4C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3D,UAAU,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;gBACrD,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;YAED,6CAA6C;YAC7C,IAAI,8CAA8C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7D,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBACzC,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;YAED,kDAAkD;YAClD,IAAI,0DAA0D,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzE,UAAU,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBAC3C,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;YAED,mDAAmD;YACnD,IAAI,2CAA2C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,UAAU,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC9C,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;YAED,kDAAkD;YAClD,IAAI,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;gBACxC,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;YAED,0CAA0C;YAC1C,IAAI,2DAA2D,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1E,UAAU,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBACtC,cAAc,IAAI,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAE5D,OAAO;YACL,OAAO,EAAE,CAAC,OAAO;YACjB,MAAM,EAAE,OAAO;gBACb,CAAC,CAAC,8BAA8B,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACnE,CAAC,CAAC,2BAA2B;YAC/B,UAAU;YACV,UAAU,EAAE,KAAK;YACjB,eAAe,EAAE;gBACf,aAAa,EAAE,QAAQ,CAAC,MAAM;gBAC9B,iBAAiB,EAAE,CAAC;gBACpB,kBAAkB,EAAE,iBAAiB;gBACrC,kBAAkB,EAAE,CAAC;gBACrB,2BAA2B,EAAE,KAAK;gBAClC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC;aAC1C;YACD,iBAAiB,EAAE,EAAE;YACrB,eAAe,EAAE,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,KAAK,CAAC;SACjE,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,SAAiB;QAC7B,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC5D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAE5D,OAAO,aAAa,CAAC,MAAM,CACzB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAC1D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,SAAiB,EAAE,eAAuB;QACvD,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC5D,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC;QAE3C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,GAAG,eAAe,CAAC,CAAC;QAClF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAE1C,OAAO,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,SAAkB;QAChC,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzC,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBACjC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,EAAE,CAAC;gBACV,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACnC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB;QAC5B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACnC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAEhC,0CAA0C;QAC1C,KAAK,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,SAAS,EAAE,CAAC,EAAE,CAAC;gBACtC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,SAAkB;QACpC,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAClF,CAAC;IAEO,WAAW,CAAC,MAAc,EAAE,OAAe,EAAE,SAAiB;QACpE,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;QACjD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,OAAe;QACrC,IAAI,SAAS,GAAG,OAAO,CAAC;QAExB,qCAAqC;QACrC,MAAM,iBAAiB,GAAG;YACxB,uBAAuB;YACvB,0BAA0B;YAC1B,wBAAwB;YACxB,mDAAmD;SACpD,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,cAAc,CAAC,IAAgB;QACrC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEnC,4BAA4B;QAC5B,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACjE,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IAEO,uBAAuB,CAAC,UAAoB,EAAE,cAAuB;QAC3E,MAAM,eAAe,GAAa,EAAE,CAAC;QAErC,IAAI,cAAc,EAAE,CAAC;YACnB,eAAe,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACpD,eAAe,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;YACxD,eAAe,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAChD,eAAe,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACpD,eAAe,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;CACF;AAhfD,kCAgfC"}