llm-trust-guard 4.0.0

package/dist/guards/tenant-boundary.js

@@ -0,0 +1,187 @@
+"use strict";
+/**
+ * L4 Tenant Boundary Guard
+ *
+ * Enforces strict multi-tenant isolation.
+ * Prevents cross-tenant data access.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TenantBoundary = void 0;
+class TenantBoundary {
+    constructor(config = {}) {
+        this.validTenants = config.validTenants || new Set();
+        this.resourceOwnership = config.resourceOwnership || new Map();
+        this.resourceIdFields = config.resourceIdFields || [
+            "order_id",
+            "customer_id",
+            "invoice_id",
+            "document_id",
+            "resource_id",
+            "id",
+        ];
+        this.listOperations = config.listOperations || [
+            "list",
+            "search",
+            "query",
+            "find",
+            "get_all",
+        ];
+    }
+    /**
+     * Validate session has valid tenant
+     */
+    validateSession(session, requestId = "") {
+        if (!session) {
+            return { valid: false, error: "Missing session context" };
+        }
+        if (!session.authenticated) {
+            return { valid: false, error: "Session not authenticated" };
+        }
+        if (!session.tenant_id) {
+            return { valid: false, error: "Missing tenant_id in session" };
+        }
+        // Validate tenant if we have a whitelist
+        if (this.validTenants.size > 0 && !this.validTenants.has(session.tenant_id)) {
+            if (requestId) {
+                console.log(`[L4:${requestId}] BLOCKED: Invalid tenant '${session.tenant_id}'`);
+            }
+            return { valid: false, error: `Invalid tenant: ${session.tenant_id}` };
+        }
+        return { valid: true };
+    }
+    /**
+     * Check resource ownership
+     */
+    checkResourceOwnership(resourceId, session, requestId = "") {
+        const ownership = this.resourceOwnership.get(resourceId);
+        if (!ownership) {
+            // Resource not in registry - allow (tool will return not found)
+            return { allowed: true };
+        }
+        if (ownership.tenant_id !== session.tenant_id) {
+            if (requestId) {
+                console.log(`[L4:${requestId}] BLOCKED: Cross-tenant access`);
+                console.log(`[L4:${requestId}]   Session: ${session.tenant_id}, Resource: ${ownership.tenant_id}`);
+            }
+            return { allowed: false, resource_tenant: ownership.tenant_id };
+        }
+        return { allowed: true, resource_tenant: ownership.tenant_id };
+    }
+    /**
+     * Check if tenant_id parameter matches session
+     */
+    checkTenantParameter(params, session, requestId = "") {
+        if (params.tenant_id && params.tenant_id !== session.tenant_id) {
+            if (requestId) {
+                console.log(`[L4:${requestId}] BLOCKED: Tenant parameter manipulation`);
+            }
+            return {
+                allowed: false,
+                reason: `Cannot access tenant ${params.tenant_id} - bound to ${session.tenant_id}`,
+            };
+        }
+        return { allowed: true };
+    }
+    /**
+     * Enforce tenant filtering for list operations
+     */
+    enforceTenantFilter(toolName, params, session, requestId = "") {
+        // Check if this is a list operation
+        const isListOp = this.listOperations.some((op) => toolName.toLowerCase().includes(op));
+        if (isListOp) {
+            // Block if trying to access different tenant
+            if (params.tenant_id && params.tenant_id !== session.tenant_id) {
+                return {
+                    allowed: false,
+                    enforced_params: params,
+                    reason: `Cannot filter by tenant ${params.tenant_id}`,
+                };
+            }
+            // Enforce session tenant
+            const enforced_params = { ...params, tenant_id: session.tenant_id };
+            if (requestId) {
+                console.log(`[L4:${requestId}] Enforcing tenant filter: ${session.tenant_id}`);
+            }
+            return { allowed: true, enforced_params };
+        }
+        return { allowed: true, enforced_params: params };
+    }
+    /**
+     * Complete tenant boundary check
+     */
+    check(toolName, params, session, requestId = "") {
+        // Validate session
+        const sessionCheck = this.validateSession(session, requestId);
+        if (!sessionCheck.valid) {
+            return {
+                allowed: false,
+                reason: sessionCheck.error,
+                violations: ["INVALID_SESSION"],
+                session_tenant: "",
+            };
+        }
+        const validSession = session;
+        // Check tenant parameter manipulation
+        const paramCheck = this.checkTenantParameter(params, validSession, requestId);
+        if (!paramCheck.allowed) {
+            return {
+                allowed: false,
+                reason: paramCheck.reason,
+                violations: ["TENANT_MANIPULATION"],
+                session_tenant: validSession.tenant_id,
+            };
+        }
+        // Check resource ownership
+        for (const field of this.resourceIdFields) {
+            if (params[field]) {
+                const ownershipCheck = this.checkResourceOwnership(params[field], validSession, requestId);
+                if (!ownershipCheck.allowed) {
+                    return {
+                        allowed: false,
+                        reason: `Resource ${params[field]} belongs to different tenant`,
+                        violations: ["CROSS_TENANT_ACCESS"],
+                        session_tenant: validSession.tenant_id,
+                        resource_tenant: ownershipCheck.resource_tenant,
+                    };
+                }
+            }
+        }
+        // Enforce tenant filtering
+        const filterCheck = this.enforceTenantFilter(toolName, params, validSession, requestId);
+        if (!filterCheck.allowed) {
+            return {
+                allowed: false,
+                reason: filterCheck.reason,
+                violations: ["TENANT_FILTER_BYPASS"],
+                session_tenant: validSession.tenant_id,
+            };
+        }
+        if (requestId) {
+            console.log(`[L4:${requestId}] Tenant boundary check PASSED`);
+        }
+        return {
+            allowed: true,
+            violations: [],
+            session_tenant: validSession.tenant_id,
+            enforced_params: filterCheck.enforced_params,
+        };
+    }
+    /**
+     * Register resource ownership
+     */
+    registerResource(resourceId, tenantId, resourceType) {
+        this.resourceOwnership.set(resourceId, {
+            resource_id: resourceId,
+            tenant_id: tenantId,
+            resource_type: resourceType,
+        });
+    }
+    /**
+     * Add valid tenant
+     */
+    addValidTenant(tenantId) {
+        this.validTenants.add(tenantId);
+    }
+}
+exports.TenantBoundary = TenantBoundary;
+//# sourceMappingURL=tenant-boundary.js.map

package/dist/guards/tenant-boundary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant-boundary.js","sourceRoot":"","sources":["../../src/guards/tenant-boundary.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAiBH,MAAa,cAAc;IAMzB,YAAY,SAA+B,EAAE;QAC3C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,IAAI,GAAG,EAAE,CAAC;QACrD,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,IAAI,IAAI,GAAG,EAAE,CAAC;QAC/D,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI;YACjD,UAAU;YACV,aAAa;YACb,YAAY;YACZ,aAAa;YACb,aAAa;YACb,IAAI;SACL,CAAC;QACF,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI;YAC7C,MAAM;YACN,QAAQ;YACR,OAAO;YACP,MAAM;YACN,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CACb,OAAmC,EACnC,YAAoB,EAAE;QAEtB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;QAC5D,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;QACjE,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5E,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,8BAA8B,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAClF,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;QACzE,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,sBAAsB,CACpB,UAAkB,EAClB,OAAuB,EACvB,YAAoB,EAAE;QAEtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAEzD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,gEAAgE;YAChE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,SAAS,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;YAC9C,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,gCAAgC,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,gBAAgB,OAAO,CAAC,SAAS,eAAe,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC;QAClE,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,oBAAoB,CAClB,MAA2B,EAC3B,OAAuB,EACvB,YAAoB,EAAE;QAEtB,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;YAC/D,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,0CAA0C,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,wBAAwB,MAAM,CAAC,SAAS,eAAe,OAAO,CAAC,SAAS,EAAE;aACnF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,mBAAmB,CACjB,QAAgB,EAChB,MAA2B,EAC3B,OAAuB,EACvB,YAAoB,EAAE;QAEtB,oCAAoC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/C,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CACpC,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,6CAA6C;YAC7C,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,eAAe,EAAE,MAAM;oBACvB,MAAM,EAAE,2BAA2B,MAAM,CAAC,SAAS,EAAE;iBACtD,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;YAEpE,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,8BAA8B,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YACjF,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;QAC5C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CACH,QAAgB,EAChB,MAA2B,EAC3B,OAAmC,EACnC,YAAoB,EAAE;QAEtB,mBAAmB;QACnB,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,CAAC,KAAK;gBAC1B,UAAU,EAAE,CAAC,iBAAiB,CAAC;gBAC/B,cAAc,EAAE,EAAE;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,OAAQ,CAAC;QAE9B,sCAAsC;QACtC,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QAC9E,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,UAAU,EAAE,CAAC,qBAAqB,CAAC;gBACnC,cAAc,EAAE,YAAY,CAAC,SAAS;aACvC,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClB,MAAM,cAAc,GAAG,IAAI,CAAC,sBAAsB,CAChD,MAAM,CAAC,KAAK,CAAC,EACb,YAAY,EACZ,SAAS,CACV,CAAC;gBACF,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;oBAC5B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,YAAY,MAAM,CAAC,KAAK,CAAC,8BAA8B;wBAC/D,UAAU,EAAE,CAAC,qBAAqB,CAAC;wBACnC,cAAc,EAAE,YAAY,CAAC,SAAS;wBACtC,eAAe,EAAE,cAAc,CAAC,eAAe;qBAChD,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QACxF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,UAAU,EAAE,CAAC,sBAAsB,CAAC;gBACpC,cAAc,EAAE,YAAY,CAAC,SAAS;aACvC,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,gCAAgC,CAAC,CAAC;QAChE,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,EAAE;YACd,cAAc,EAAE,YAAY,CAAC,SAAS;YACtC,eAAe,EAAE,WAAW,CAAC,eAAe;SAC7C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,UAAkB,EAAE,QAAgB,EAAE,YAAqB;QAC1E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE;YACrC,WAAW,EAAE,UAAU;YACvB,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,QAAgB;QAC7B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;CACF;AAzOD,wCAyOC"}

package/dist/guards/tool-chain-validator.d.ts

@@ -0,0 +1,102 @@
+/**
+ * ToolChainValidator v2
+ *
+ * Detects and prevents dangerous tool chaining attacks by:
+ * - Validating tool call sequences
+ * - Blocking dangerous tool combinations
+ * - Enforcing cooldown periods between sensitive operations
+ * - Tracking tool usage patterns for anomaly detection
+ *
+ * v2 Enhancements (2026):
+ * - ASI07: Agent State Corruption detection
+ * - ASI04: Agent Autonomy Escalation detection
+ * - Loop/repetition attack detection
+ * - Resource accumulation monitoring
+ * - Time-based anomaly detection
+ * - Cumulative impact scoring
+ * - Cross-tool data flow tracking
+ */
+export interface ToolChainValidatorConfig {
+    forbiddenSequences?: ForbiddenSequence[];
+    requiredPreconditions?: ToolPrecondition[];
+    toolCooldowns?: Record<string, number>;
+    maxToolsPerRequest?: number;
+    maxSensitiveToolsPerSession?: number;
+    sensitiveTools?: string[];
+    sessionTTLMinutes?: number;
+    enableStateTracking?: boolean;
+    stateModifyingTools?: string[];
+    enableAutonomyDetection?: boolean;
+    autonomyExpandingTools?: string[];
+    enableLoopDetection?: boolean;
+    maxRepetitionsPerMinute?: number;
+    enableResourceTracking?: boolean;
+    resourceAcquiringTools?: string[];
+    maxResourcesPerSession?: number;
+    enableTimeAnomalyDetection?: boolean;
+    minTimeBetweenToolsMs?: number;
+    enableImpactScoring?: boolean;
+    maxCumulativeImpact?: number;
+    toolImpactScores?: Record<string, number>;
+}
+export interface ForbiddenSequence {
+    name: string;
+    sequence: string[];
+    reason: string;
+    severity: "warning" | "block";
+}
+export interface ToolPrecondition {
+    tool: string;
+    requires: string[];
+    within_turns?: number;
+}
+export interface ToolChainValidatorResult {
+    allowed: boolean;
+    reason?: string;
+    violations: string[];
+    chain_analysis: {
+        current_tool: string;
+        previous_tools: string[];
+        forbidden_sequences_detected: string[];
+        precondition_violations: string[];
+        cooldown_violations: string[];
+        state_corruption_detected?: boolean;
+        autonomy_escalation_detected?: boolean;
+        loop_detected?: boolean;
+        resource_accumulation?: number;
+        time_anomaly_detected?: boolean;
+        cumulative_impact?: number;
+    };
+    warnings: string[];
+}
+export declare class ToolChainValidator {
+    private config;
+    private sessions;
+    private defaultForbiddenSequences;
+    private defaultSensitiveTools;
+    private defaultStateModifyingTools;
+    private defaultAutonomyExpandingTools;
+    private defaultResourceAcquiringTools;
+    private defaultToolImpactScores;
+    constructor(config?: ToolChainValidatorConfig);
+    /**
+     * Validate a tool call in context of the session
+     */
+    validate(sessionId: string, toolName: string, allToolsInRequest?: string[], requestId?: string): ToolChainValidatorResult;
+    /**
+     * Validate multiple tools at once (for parallel tool calls)
+     */
+    validateBatch(sessionId: string, tools: string[], requestId?: string): ToolChainValidatorResult;
+    /**
+     * Get session tool history
+     */
+    getToolHistory(sessionId: string): string[];
+    /**
+     * Reset session
+     */
+    resetSession(sessionId: string): void;
+    private getOrCreateSession;
+    private matchesSequence;
+    private cleanupSessions;
+}
+//# sourceMappingURL=tool-chain-validator.d.ts.map

package/dist/guards/tool-chain-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-chain-validator.d.ts","sourceRoot":"","sources":["../../src/guards/tool-chain-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,wBAAwB;IAEvC,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,qBAAqB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAE3C,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEvC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,2BAA2B,CAAC,EAAE,MAAM,CAAC;IAErC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE/B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAElC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAEjC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,SAAS,GAAG,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,cAAc,EAAE;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,4BAA4B,EAAE,MAAM,EAAE,CAAC;QACvC,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAE9B,yBAAyB,CAAC,EAAE,OAAO,CAAC;QACpC,4BAA4B,CAAC,EAAE,OAAO,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,qBAAqB,CAAC,EAAE,OAAO,CAAC;QAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AA0BD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,QAAQ,CAAuC;IAEvD,OAAO,CAAC,yBAAyB,CAqC/B;IAEF,OAAO,CAAC,qBAAqB,CAgB3B;IAGF,OAAO,CAAC,0BAA0B,CAchC;IAGF,OAAO,CAAC,6BAA6B,CAgBnC;IAGF,OAAO,CAAC,6BAA6B,CAanC;IAGF,OAAO,CAAC,uBAAuB,CAgB7B;gBAEU,MAAM,GAAE,wBAA6B;IA8BjD;;OAEG;IACH,QAAQ,CACN,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAAE,EAC5B,SAAS,GAAE,MAAW,GACrB,wBAAwB;IAiP3B;;OAEG;IACH,aAAa,CACX,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,GAAE,MAAW,GACrB,wBAAwB;IAwD3B;;OAEG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE;IAK3C;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIrC,OAAO,CAAC,kBAAkB;IAkB1B,OAAO,CAAC,eAAe;IAiCvB,OAAO,CAAC,eAAe;CAUxB"}