mcp-xray-pilot 0.11.0 → 0.15.0

package/README.md

@@ -30,11 +30,13 @@ a curated SNI suggester per exit-country and a multi-config merge helper.
   tun), per-transport `*Settings` schemas (raw / xhttp / grpc / ws / mkcp /
   httpupgrade / hysteria), TLS / REALITY security blocks, routing tag
   cross-references.
-- **Lints** ~20 best-practice rules: VLESS `decryption: "none"`, REALITY
+- **Lints** ~22 best-practice rules: VLESS `decryption: "none"`, REALITY
   pubkey/shortId/target syntax, XTLS vision flow compatibility, TLS
   fingerprint enum, ALPN collisions, geosite/geoip typo catcher, protocol
   × transport × security incompatibilities, `xhttp.path` leading slash,
-  `geoip:private` block rule, sniffing on 80/443 etc.
+  `geoip:private` block rule, sniffing on 80/443, **DNS-over-proxy leaks
+  on `.ru` direct routing** (v0.12), **`geosite:` categories absent from
+  xray-core release `geosite.dat`** (v0.12) etc.
 - **Geo catalogue**: search ~1500 known geoip/geosite tags by substring (full
   v2fly/domain-list-community catalogue, hydrated from `data/geocatalogue.json`).
 - **REALITY toolbelt**: `xray_generate_reality_keypair` (drop-in replacement
@@ -56,20 +58,22 @@ a curated SNI suggester per exit-country and a multi-config merge helper.
 | `xray_fetch_topic`         | Fetch one topic as markdown. Network → fall back to bundled cache → update cache.     |
 | `xray_search`              | Full-text search over all cached docs. Returns ranked hits + snippets.                |
 | `xray_validate_config`     | Structural+schema validation of an xray JSON config (Zod under the hood).             |
-| `xray_lint`                | ~20 best-practice lint rules. Returns issues with severity, rule id, JSON-pointer.    |
+| `xray_lint`                | ~22 best-practice lint rules. Returns issues with severity, rule id, JSON-pointer.    |
 | `xray_geo_search`          | Substring search over the embedded geosite/geoip catalogue (~1500 tags).              |
 | `xray_diff_protocols`      | Side-by-side feature table for two protocols.                                         |
 | `xray_suggest_alternative` | Recommend protocol+transport+security for a goal (anti-DPI / battery / latency / …). |
 | `xray_generate_short_ids`  | Cryptographically random REALITY shortIds (default `[4,8,16]` bytes, legacy empty prefix). |
 | `xray_generate_reality_keypair` | Fresh REALITY X25519 keypair, base64url 43 chars — drop-in for `xray x25519`. |
 | `xray_validate_sni_target` | Live TLS 1.3 + ALPN h2 + HTTP probe of a candidate REALITY target host.               |
+| `xray_test_reality_live`   | Spin up real local xray server+client, run a full REALITY handshake against the target, probe HTTPS through the cascade. Strictly stronger than `xray_validate_sni_target`. |
+| `xray_whitelist_sni_candidates` | Pull a public RU-traffic whitelist (default: hxehex/russia-mobile-internet-whitelist) and TLS-validate the top N hosts as REALITY SNI front candidates. Returns ranked, sorted by ok desc, latency asc. |
 | `xray_suggest_sni_for_country` | Curated REALITY SNI/target hosts per exit-country (DE/PL/NL/FR/LV/SE/FI/US/UK/JP/SG/AU/CA). |
 | `xray_merge_configs`       | Merge N xray configs with tag-collision resolution and conflict warnings.             |
 | `xray_github_search`       | Search issues/PRs/discussions across XTLS GitHub repos (Xray-core/REALITY/docs).      |
 | `xray_github_fetch_issue`  | Fetch one issue/PR/discussion with full body + top comments.                          |
 | `xray_refresh_cache`       | Bulk re-fetch cached docs (`scope: all/stale/category`). Optional `discover` for new upstream slugs. Optional `refresh_geocatalogue: true` to also re-pull the v2fly category list. |
 
-Total: **16 tools**.
+Total: **18 tools**.
 
 ### Quick toolbelt
 
@@ -96,6 +100,74 @@ Live-check a candidate REALITY SNI:
 }
 ```
 
+Live REALITY handshake (catches what `xray_validate_sni_target` cannot):
+
+```jsonc
+// xray_test_reality_live { "target_host": "2gis.ru" }
+{
+  "ok": true,
+  "target": "2gis.ru:443",
+  "reality_handshake_complete": true,
+  "client_received_real_cert": false,
+  "http_probe_status": 200,
+  "latency_ms": 824,
+  "issues": [],
+  "used_keypair": { "privateKey": "...", "publicKey": "...", "shortId": "a1b2c3d4" },
+  "cached": false,
+  "cached_at": "2026-05-06T12:30:00.000Z"
+}
+```
+
+> Verdicts are persisted to `data/reality-verdicts.json` (LRU cap 50, TTL 24h,
+> key `host:port`). Subsequent calls with the same target return instantly with
+> `cached: true`. Pass `force_refresh: true` to bypass the cache and rerun xray.
+
+Compare a list of candidates in one shot — runs sequentially, each entry hits
+the cache, results are sorted by `ok desc, latency_ms asc`:
+
+```jsonc
+// xray_test_reality_live {
+//   "multi_targets": ["2gis.ru", "yandex.ru", "vk.com", "mail.ru"]
+// }
+{
+  "results": [
+    { "target": "2gis.ru:443",   "ok": true,  "latency_ms": 824, "cached": true,  "cached_at": "..." },
+    { "target": "mail.ru:443",   "ok": true,  "latency_ms": 1102, "cached": false, "cached_at": "..." },
+    { "target": "yandex.ru:443", "ok": false, "latency_ms": 0,    "cached": false, "cached_at": "...", "issues": ["client received a real certificate ..."] },
+    { "target": "vk.com:443",    "ok": false, "latency_ms": 0,    "cached": false, "cached_at": "...", "issues": ["target unreachable"] }
+  ],
+  "summary": { "ok_count": 2, "total": 4 }
+}
+```
+
+Pull a public RU-traffic whitelist and rank live SNI candidates for an
+inbound RU-relay node:
+
+```jsonc
+// xray_whitelist_sni_candidates { "max_candidates": 10 }
+{
+  "source_url": "https://raw.githubusercontent.com/hxehex/russia-mobile-internet-whitelist/main/whitelist.txt",
+  "fetched_at": "2026-05-06T12:34:00.000Z",
+  "total_domains": 412,
+  "tested": 10,
+  "candidates": [
+    { "host": "ya.ru",      "ok": true,  "tls_version": "TLSv1.3", "alpn": "h2", "http_status": 200, "latency_ms": 41,  "cert_subject": "ya.ru",      "issues": [] },
+    { "host": "vk.com",     "ok": true,  "tls_version": "TLSv1.3", "alpn": "h2", "http_status": 200, "latency_ms": 78,  "cert_subject": "*.vk.com",   "issues": [] },
+    { "host": "ozon.ru",    "ok": false, "tls_version": "TLSv1.3", "alpn": "h2", "http_status": 200, "latency_ms": 134, "cert_subject": "*.ozon.ru",  "issues": [] }
+  ],
+  "summary": { "ok_count": 8, "failed_count": 2 },
+  "cache":   { "used": false, "age_seconds": null },
+  "notes":   ["latency_ms is measured from the MCP host (your laptop), not from the relay node — re-test from the node for geo-accurate values"]
+}
+```
+
+> The whitelist body is cached on disk in `data/whitelist-cache.json`
+> (default TTL 24h, override via `cache_ttl_hours`). Verdicts are NOT cached
+> — every call re-probes its slice live so latency numbers stay fresh.
+> NB: the probe runs from your laptop, not from the РФ relay; for
+> geo-accurate latency, use `xray_test_reality_live` from the actual
+> node (or ssh + curl on it).
+
 It also exposes a single MCP **resource**: `xray://docs/index` — the raw
 `_index.json` of cached topics.
 
@@ -293,6 +365,58 @@ $env:GITHUB_TOKEN = "ghp_xxx"         # PowerShell
 When `X-RateLimit-Remaining` drops below 10, the tool surfaces an inline
 warning in the response.
 
+## Security model
+
+This package runs entirely in the MCP host's process and the only
+"interesting" thing it does on disk/network is `xray_test_reality_live`,
+which downloads the official **xray-core** binary from
+[XTLS/Xray-core releases](https://github.com/XTLS/Xray-core/releases/latest)
+into `~/.cache/mcp-xray-pilot/xray-bin/` and spawns it locally on
+ephemeral ports.
+
+**Approvals.** There is no in-package permission prompt by design — all
+tool invocations are gated by the MCP host (Claude Code / Claude Desktop
+/ Cursor). Each host has its own permission UX (per-call confirm,
+allowlist, etc.). Pin a specific version in your MCP config
+(`mcp-xray-pilot@0.15.0`, not `mcp-xray-pilot`) so a malicious npm
+release cannot silently roll in.
+
+**Integrity of the xray binary.** Since v0.15:
+
+1. The matching `<asset>.zip.dgst` from the same GitHub release is
+   downloaded alongside the zip, and the zip is verified against its
+   `SHA2-256=` line **before** extraction. Mismatched payloads are
+   renamed to `xray.rejected-<timestamp>.zip` for inspection and the
+   tool aborts.
+2. If you want a stronger guarantee than "trust whatever XTLS ships
+   right now", set `XRAY_PILOT_PINNED_HASH` to a known SHA-256 — the
+   `.dgst` is then ignored and the pinned value is enforced. This
+   defends against a hypothetical compromised XTLS release that ships a
+   matching `.dgst`.
+
+   ```bash
+   # Linux / macOS — read the hash once, then pin it.
+   curl -sL https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-64.zip.dgst \
+     | awk '/^SHA2-256=/ {print $2}'
+   export XRAY_PILOT_PINNED_HASH=23cd9af9...
+   ```
+
+   ```powershell
+   $env:XRAY_PILOT_PINNED_HASH = "23cd9af9..."
+   ```
+
+**What this does NOT do.** XTLS does not GPG-sign `.dgst` files, so an
+attacker with write access to the releases page can ship a coherent
+zip+dgst pair. The pinned-hash path is your defense against that. The
+package does not sandbox the spawned xray binary — it runs with the
+permissions of the MCP host process. If you need stronger isolation,
+run the MCP host inside a container or a dedicated user account.
+
+**`GITHUB_TOKEN`.** Optional, used only by `xray_github_search` /
+`xray_github_fetch_issue`. A **fine-grained PAT with read-only public
+repo scope** is recommended over classic PATs. The token is read from
+the process env at call time and never persisted by the package.
+
 ## Roadmap
 
 See [ROADMAP.md](./ROADMAP.md). All v0.1–v0.11 milestones are checked off.
@@ -327,11 +451,13 @@ MCP-сервер, дающий LLM офлайн-доступ к официаль
   tun), per-transport `*Settings` (raw / xhttp / grpc / ws / mkcp /
   httpupgrade / hysteria), security блоки TLS/REALITY, routing tag
   cross-references.
-- **Lint** ~20 правил: VLESS `decryption: "none"`, REALITY pubkey/shortId/
+- **Lint** ~22 правил: VLESS `decryption: "none"`, REALITY pubkey/shortId/
   target syntax, XTLS vision flow compatibility, TLS fingerprint enum,
   ALPN collisions, geo typo catcher, protocol × transport × security
   несовместимости, `xhttp.path` слеш, `geoip:private` block, sniffing на
-  80/443 и т.д.
+  80/443, **утечка DNS через прокси ломает `.ru` direct routing** (v0.12),
+  **`geosite:` категории, которых нет в xray-core release `geosite.dat`**
+  (v0.12) и т.д.
 - **Geo catalogue**: поиск по ~1500 известным geoip/geosite тегам (полный
   v2fly/domain-list-community каталог, гидратируется из `data/geocatalogue.json`).
 - **REALITY toolbelt**: `xray_generate_reality_keypair` (drop-in замена
@@ -360,13 +486,15 @@ MCP-сервер, дающий LLM офлайн-доступ к официаль
 | `xray_generate_short_ids`  | Криптослучайные REALITY shortIds (default `[4,8,16]` байт, с empty-prefix для легаси).  |
 | `xray_generate_reality_keypair` | Свежая X25519 пара REALITY, base64url 43 chars — drop-in для `xray x25519`.        |
 | `xray_validate_sni_target` | Live проба TLS 1.3 + ALPN h2 + HTTP кандидата на REALITY target.                        |
+| `xray_test_reality_live`   | Поднимает локальную пару xray (server+client), реально гоняет REALITY handshake к target, probe HTTPS сквозь каскад. Строго сильнее `xray_validate_sni_target`. |
+| `xray_whitelist_sni_candidates` | Тянет публичный whitelist РФ-трафика (default: hxehex/russia-mobile-internet-whitelist), TLS-валидирует топ-N как REALITY SNI-кандидаты. Сортировка ok desc, latency asc. |
 | `xray_suggest_sni_for_country` | Курируемые REALITY-фронты по стране exit'а (DE/PL/NL/FR/LV/SE/FI/US/UK/JP/SG/AU/CA). |
 | `xray_merge_configs`       | Слить N конфигов с разрешением коллизий тегов.                                          |
 | `xray_github_search`       | Поиск issues/PR/discussions по XTLS GitHub репозиториям.                                |
 | `xray_github_fetch_issue`  | Получить одну issue/PR/discussion с полным body + топ комментариев.                     |
 | `xray_refresh_cache`       | Bulk перезатяжка кеша доков (`scope: all/stale/category`). Опц. `discover` + `refresh_geocatalogue: true` (заодно перетянет v2fly категории). |
 
-Всего: **16 тулов**.
+Всего: **18 тулов**.
 
 ### Quick toolbelt
 
@@ -395,6 +523,71 @@ Live-проверить кандидата на REALITY SNI:
 
 > ⚠️ Проба идёт с локальной машины, где запущен `mcp-xray-pilot`. Для решения «работает ли SNI из РФ» — гоняй с РФ-IP отдельно.
 
+Реальный REALITY handshake (ловит то, что `xray_validate_sni_target` пропускает):
+
+```jsonc
+// xray_test_reality_live { "target_host": "2gis.ru" }
+{
+  "ok": true,
+  "target": "2gis.ru:443",
+  "reality_handshake_complete": true,
+  "client_received_real_cert": false,
+  "http_probe_status": 200,
+  "latency_ms": 824,
+  "issues": [],
+  "used_keypair": { "privateKey": "...", "publicKey": "...", "shortId": "a1b2c3d4" },
+  "cached": false,
+  "cached_at": "2026-05-06T12:30:00.000Z"
+}
+```
+
+> При первом вызове скачивает xray-binary в `~/.cache/mcp-xray-pilot/xray-bin/` (~30MB), дальше переиспользует. Если REALITY несовместим с target (как `outlook.live.com` или `www.ozon.ru` — реальные кейсы Flare VPN), `client_received_real_cert: true` и `ok: false`.
+
+> Вердикты пишутся на диск в `data/reality-verdicts.json` (LRU 50, TTL 24h, ключ `host:port`). Повторный вызов на тот же таргет возвращается мгновенно с `cached: true`. Чтобы прогнать заново — `force_refresh: true`.
+
+Сравнить пачку кандидатов одним вызовом — запускаются последовательно, каждый через кэш, сорт `ok desc, latency_ms asc`:
+
+```jsonc
+// xray_test_reality_live {
+//   "multi_targets": ["2gis.ru", "yandex.ru", "vk.com", "mail.ru"]
+// }
+{
+  "results": [
+    { "target": "2gis.ru:443",   "ok": true,  "latency_ms": 824, "cached": true },
+    { "target": "mail.ru:443",   "ok": true,  "latency_ms": 1102, "cached": false },
+    { "target": "yandex.ru:443", "ok": false, "issues": ["client received a real certificate ..."] },
+    { "target": "vk.com:443",    "ok": false, "issues": ["target unreachable"] }
+  ],
+  "summary": { "ok_count": 2, "total": 4 }
+}
+```
+
+Затянуть публичный whitelist РФ-трафика и проранжировать кандидатов на REALITY SNI для inbound РФ-relay-ноды:
+
+```jsonc
+// xray_whitelist_sni_candidates { "max_candidates": 10 }
+{
+  "source_url": "https://raw.githubusercontent.com/hxehex/russia-mobile-internet-whitelist/main/whitelist.txt",
+  "fetched_at": "2026-05-06T12:34:00.000Z",
+  "total_domains": 412,
+  "tested": 10,
+  "candidates": [
+    { "host": "ya.ru",   "ok": true,  "tls_version": "TLSv1.3", "alpn": "h2", "http_status": 200, "latency_ms": 41,  "cert_subject": "ya.ru",     "issues": [] },
+    { "host": "vk.com",  "ok": true,  "tls_version": "TLSv1.3", "alpn": "h2", "http_status": 200, "latency_ms": 78,  "cert_subject": "*.vk.com",  "issues": [] }
+  ],
+  "summary": { "ok_count": 8, "failed_count": 2 },
+  "cache":   { "used": false, "age_seconds": null },
+  "notes":   ["latency_ms is measured from the MCP host (your laptop), not from the relay node — re-test from the node for geo-accurate values"]
+}
+```
+
+> Тело whitelist кешируется на диск в `data/whitelist-cache.json` (TTL по
+> умолчанию 24h, переопределение через `cache_ttl_hours`). Verdicts НЕ
+> кешируются — каждый вызов делает свежие пробы на своём срезе. NB:
+> latency меряется с тачки где запущен MCP, а НЕ с РФ-relay-ноды; для
+> гео-релевантной задержки используй `xray_test_reality_live` прямо с
+> ноды (или ssh + curl на ней).
+
 Также один MCP **ресурс**: `xray://docs/index`.
 
 ## Примеры
@@ -573,6 +766,56 @@ $env:GITHUB_TOKEN = "ghp_xxx"         # PowerShell
 Когда `X-RateLimit-Remaining` падает ниже 10, тул возвращает inline-warning
 в ответе.
 
+## Модель безопасности
+
+Пакет крутится внутри процесса MCP-хоста, и единственное «опасное»
+действие на диск/сеть — `xray_test_reality_live`, который скачивает
+официальный бинарь **xray-core** из
+[XTLS/Xray-core releases](https://github.com/XTLS/Xray-core/releases/latest)
+в `~/.cache/mcp-xray-pilot/xray-bin/` и запускает его локально на
+ephemeral портах.
+
+**Approvals.** Встроенного permission-prompt'а в пакете нет — это by
+design. Все тулколлы гейтятся MCP-хостом (Claude Code / Claude Desktop /
+Cursor) — у каждого хоста свой UX (per-call confirm, allowlist и т.д.).
+Пиньте конкретную версию в MCP-конфиге (`mcp-xray-pilot@0.15.0`, а не
+просто `mcp-xray-pilot`), чтобы вредоносный npm-релиз не подкатился
+тихо.
+
+**Целостность бинаря xray.** Начиная с v0.15:
+
+1. Рядом со скачиванием zip-а тянется `<asset>.zip.dgst` из того же
+   GitHub-релиза, и **до** распаковки zip проверяется против строки
+   `SHA2-256=`. Если хэши не совпали — payload переименовывается в
+   `xray.rejected-<timestamp>.zip` для разбора, и тул abort'ится.
+2. Если хочется жёстче чем «доверяю тому что XTLS залил прямо сейчас» —
+   задайте `XRAY_PILOT_PINNED_HASH` с известным SHA-256. Тогда `.dgst`
+   игнорируется, проверяется ваше захардкоженное значение. Это защищает
+   от гипотетического compromised XTLS-релиза, где злоумышленник залил
+   согласованную пару zip+dgst.
+
+   ```bash
+   # Linux / macOS — снять хэш один раз, потом пиннуть.
+   curl -sL https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-64.zip.dgst \
+     | awk '/^SHA2-256=/ {print $2}'
+   export XRAY_PILOT_PINNED_HASH=23cd9af9...
+   ```
+
+   ```powershell
+   $env:XRAY_PILOT_PINNED_HASH = "23cd9af9..."
+   ```
+
+**Чего пакет НЕ делает.** XTLS не GPG-подписывает `.dgst`, поэтому
+атакер с правами на releases-страницу может выкатить согласованную пару
+zip+dgst. Защита от этого — pinned-hash. Sandbox для запущенного xray
+пакет не делает — бинарь работает с правами процесса MCP-хоста. Хотите
+жёстче — запускайте MCP-хост в контейнере или под отдельным юзером.
+
+**`GITHUB_TOKEN`.** Опционально, используется только
+`xray_github_search` / `xray_github_fetch_issue`. Рекомендуется
+**fine-grained PAT с read-only scope для публичных репо** вместо
+classic PAT. Токен читается из env при вызове и пакетом не сохраняется.
+
 ## Roadmap
 
 См. [ROADMAP.md](./ROADMAP.md) — все вехи v0.1–v0.11 закрыты.

package/data/geocatalogue.json

@@ -1,5 +1,5 @@
 {
-  "fetched_at": "2026-05-04T23:52:15.069Z",
+  "fetched_at": "2026-05-05T01:29:27.654Z",
   "source": "github.com/v2fly/domain-list-community/tree/master/data",
   "count": 1464,
   "names": [
@@ -1467,5 +1467,166 @@
     "zto-express",
     "zuoyebang",
     "zynga"
+  ],
+  "release_source": "hand-curated fallback (network fetch failed)",
+  "release_count": 157,
+  "release_names": [
+    "1c",
+    "alfabank",
+    "alibaba",
+    "amazon",
+    "amazon-aws",
+    "amazon-cn",
+    "anthropic",
+    "apple",
+    "apple-cn",
+    "archive",
+    "atlassian",
+    "baidu",
+    "bilibili",
+    "binance",
+    "bitbucket",
+    "blizzard",
+    "bybit",
+    "category-ads",
+    "category-ads-all",
+    "category-ads-ir",
+    "category-ai-!cn",
+    "category-ai-chat-!cn",
+    "category-ai-chat-cn",
+    "category-anticn",
+    "category-banks-ru",
+    "category-bittorrent",
+    "category-cdn",
+    "category-cryptocurrency",
+    "category-cryptocurrency-!cn",
+    "category-cryptocurrency-cn",
+    "category-dev",
+    "category-forums",
+    "category-game-platforms",
+    "category-game-platforms-download",
+    "category-games-cn",
+    "category-gov-ru",
+    "category-ir",
+    "category-kp",
+    "category-media-ru",
+    "category-porn",
+    "category-public-cdn",
+    "category-public-tracker",
+    "category-ru",
+    "category-scholar-!cn",
+    "category-scholar-cn",
+    "category-social",
+    "category-social-!cn",
+    "category-social-cn",
+    "claude",
+    "cloudflare",
+    "cloudfront",
+    "cn",
+    "coinbase",
+    "discord",
+    "docker",
+    "dropbox",
+    "ea",
+    "ea-games",
+    "epicgames",
+    "ethereum",
+    "facebook",
+    "fastly",
+    "figma",
+    "geolocation-!cn",
+    "geolocation-cn",
+    "geolocation-ir",
+    "gfw",
+    "github",
+    "gitlab",
+    "golang",
+    "google",
+    "google-cn",
+    "googleads",
+    "googleapis",
+    "googlefcm",
+    "googleplay",
+    "googlescholar",
+    "gosuslugi",
+    "greatfire",
+    "habr",
+    "huggingface",
+    "icloud",
+    "imgur",
+    "instagram",
+    "jetbrains",
+    "kinopoisk",
+    "kucoin",
+    "linkedin",
+    "mail-ru",
+    "medium",
+    "meta",
+    "metamask",
+    "microsoft",
+    "microsoft-cn",
+    "miscellaneous",
+    "netflix",
+    "nicovideo",
+    "nintendo",
+    "nodejs",
+    "notion",
+    "npmjs",
+    "okx",
+    "onedrive",
+    "openai",
+    "ozon",
+    "pinterest",
+    "pixiv",
+    "playstation",
+    "private",
+    "pypi",
+    "python",
+    "qq",
+    "reddit",
+    "riot-games",
+    "rockstargames",
+    "rust-lang",
+    "rutracker",
+    "rutube",
+    "sberbank",
+    "slack",
+    "snapchat",
+    "speedtest",
+    "spotify",
+    "stackexchange",
+    "steam",
+    "steam@cn",
+    "substack",
+    "taobao",
+    "telegram",
+    "test",
+    "tiktok",
+    "tinkoff",
+    "tld-!cn",
+    "tld-cn",
+    "tld-net",
+    "tld-proxy",
+    "tron",
+    "twitch",
+    "twitter",
+    "ubisoft",
+    "vk",
+    "vscode",
+    "vtb",
+    "wechat",
+    "weibo",
+    "whatsapp",
+    "wikipedia",
+    "wildberries",
+    "win-extra",
+    "win-spy",
+    "win-update",
+    "windowsupdate",
+    "xboxlive",
+    "yandex",
+    "yapomogu",
+    "youtube",
+    "zoom"
   ]
 }

package/dist/data/geocatalogue.js

@@ -18,6 +18,7 @@
 import { readFileSync } from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { RELEASE_FALLBACK_NAMES } from "../tools_impl/geocatalogue_fetch.js";
 /* All ISO 3166-1 alpha-2 country codes (lowercase). Most are valid geoip:* /
  * geosite:geolocation-* tags. */
 export const ISO_COUNTRY_CODES = [
@@ -155,7 +156,7 @@ for (const code of ISO_COUNTRY_CODES) {
     const human = COUNTRY_NAMES[code] ?? code.toUpperCase();
     entries.push(geosite(`geolocation-${code}`, `Domains geolocated to ${human}`));
 }
-function loadFullGeositeNames() {
+function loadCataloguePayload() {
     /* Resolve relative to this module's filesystem location.
      * - source (tsx): src/data/geocatalogue.ts → ../../data/geocatalogue.json
      * - dist (node):  dist/data/geocatalogue.js → ../../data/geocatalogue.json
@@ -165,18 +166,16 @@ function loadFullGeositeNames() {
         const here = path.dirname(fileURLToPath(import.meta.url));
         const jsonPath = path.resolve(here, "..", "..", "data", "geocatalogue.json");
         const raw = readFileSync(jsonPath, "utf8");
-        const data = JSON.parse(raw);
-        if (Array.isArray(data.names))
-            return data.names;
-        return [];
+        return JSON.parse(raw);
     }
     catch {
         /* No JSON yet → fall back to curated list only. Silent: the lint warning
          * "geo_unknown_category" still works, just with a smaller corpus. */
-        return [];
+        return {};
     }
 }
-const fullNames = loadFullGeositeNames();
+const payload = loadCataloguePayload();
+const fullNames = Array.isArray(payload.names) ? payload.names : [];
 const seenGeosite = new Set(GEOSITE_NAMES);
 for (const code of ISO_COUNTRY_CODES)
     seenGeosite.add(`geolocation-${code}`);
@@ -202,6 +201,35 @@ export function isKnownGeoTag(tag) {
         return GEOSITE_SET.has(name);
     return false;
 }
+/* ---- v0.12: which categories actually ship in xray-core's geosite.dat ----
+ *
+ * v2fly source has ~1500 categories, but the published xray-core release
+ * geosite.dat only carries a curated subset (~150). Routing rules that
+ * reference a v2fly-source-only category will make xray refuse to start.
+ *
+ * Source priority:
+ *   1. data/geocatalogue.json's release_names[] (kept fresh by
+ *      `npm run fetch-geocatalogue` from Loyalsoldier release asset).
+ *   2. RELEASE_FALLBACK_NAMES — hand-curated whitelist used when the JSON
+ *      lacks the field (older format, or fetch failed in the past).
+ */
+const releaseNamesFromJson = Array.isArray(payload.release_names)
+    ? payload.release_names
+    : [];
+const RELEASE_GEOSITE_SET = new Set((releaseNamesFromJson.length > 0 ? releaseNamesFromJson : RELEASE_FALLBACK_NAMES).map((s) => s.toLowerCase()));
+export const releaseCatalogueSize = () => RELEASE_GEOSITE_SET.size;
+/* "geosite:category-ru" → known to ship in xray release? Returns false for
+ * geoip:* (release vs source distinction doesn't apply there), and for
+ * tags whose category is missing from the release set. */
+export function isGeositeInXrayRelease(tag) {
+    if (!tag.startsWith("geosite:"))
+        return false;
+    const raw = tag.slice("geosite:".length);
+    /* Strip "@cn" attribute suffix (steam@cn) for matching, treat negation
+     * "geolocation-!cn" as-is — it is its own category in the dat file. */
+    const name = raw.split("@")[0].toLowerCase();
+    return RELEASE_GEOSITE_SET.has(name);
+}
 export function searchGeoCatalogue(query, limit = 30) {
     const q = query.toLowerCase().trim();
     if (!q)
@@ -226,6 +254,8 @@ export function searchGeoCatalogue(query, limit = 30) {
         name: e.name,
         description: e.description,
         tag: `${e.prefix}:${e.name}`,
+        in_v2fly_source: true,
+        in_xray_release: e.prefix === "geosite" && RELEASE_GEOSITE_SET.has(e.name.split("@")[0].toLowerCase()),
     }));
 }
 //# sourceMappingURL=geocatalogue.js.map

package/dist/data/geocatalogue.js.map

@@ -1 +1 @@
-{"version":3,"file":"geocatalogue.js","sourceRoot":"","sources":["../../src/data/geocatalogue.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC;iCACiC;AACjC,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACjE,CAAC;AAEF,yBAAyB;AACzB,MAAM,aAAa,GAAG;IACpB,SAAS;IACT,KAAK;IACL,UAAU;IACV,UAAU;IACV,QAAQ;IACR,SAAS;IACT,SAAS;IACT,YAAY;IACZ,QAAQ;IACR,YAAY;CACb,CAAC;AAEF,4EAA4E;AAC5E,MAAM,aAAa,GAAG;IACpB,UAAU;IACV,cAAc;IACd,kBAAkB;IAClB,yBAAyB;IACzB,gBAAgB;IAChB,iBAAiB;IACjB,iCAAiC;IACjC,aAAa;IACb,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,qBAAqB;IACrB,OAAO;IACP,QAAQ;IACR,WAAW;IACX,WAAW;IACX,WAAW;IACX,eAAe;IACf,WAAW;IACX,QAAQ;IACR,YAAY;IACZ,WAAW;IACX,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,WAAW;IACX,UAAU;IACV,UAAU;IACV,SAAS;IACT,SAAS;IACT,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,aAAa;IACb,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,UAAU;IACV,WAAW;IACX,IAAI;IACJ,UAAU;IACV,YAAY;IACZ,SAAS;IACT,2BAA2B;IAC3B,cAAc;IACd,yBAAyB;IACzB,kCAAkC;IAClC,mBAAmB;IACnB,cAAc;IACd,0BAA0B;IAC1B,qBAAqB;IACrB,QAAQ;IACR,iBAAiB;IACjB,sBAAsB;IACtB,qBAAqB;IACrB,UAAU;IACV,SAAS;IACT,IAAI;CACL,CAAC;AAUF,SAAS,KAAK,CAAC,IAAY,EAAE,WAAmB;IAC9C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAChD,CAAC;AACD,SAAS,OAAO,CAAC,IAAY,EAAE,WAAmB;IAChD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,aAAa,GAA2B;IAC5C,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS;IAC1E,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,WAAW;IACtE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ;IACpE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,QAAQ;IAC9D,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS;IACvE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,sBAAsB;IACxE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW;IACrE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW;IAC3E,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,YAAY;CACpE,CAAC;AAEF,MAAM,OAAO,GAAe,EAAE,CAAC;AAE/B,uBAAuB;AACvB,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;IACxD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,KAAK,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AACD,mBAAmB;AACnB,KAAK,MAAM,CAAC,IAAI,aAAa;IAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC;AAE9E,0EAA0E;AAC1E,KAAK,MAAM,CAAC,IAAI,aAAa;IAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC;AAC7E,0CAA0C;AAC1C,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;IACxD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,EAAE,yBAAyB,KAAK,EAAE,CAAC,CAAC,CAAC;AACjF,CAAC;AAWD,SAAS,oBAAoB;IAC3B;;;;OAIG;IACH,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAC;QAC7E,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QACpD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC;QACjD,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP;6EACqE;QACrE,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;AACzC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;AAC3C,KAAK,MAAM,IAAI,IAAI,iBAAiB;IAAE,WAAW,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;AAC7E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;IAC7B,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,SAAS;IACpC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,iCAAiC,IAAI,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAA4B,OAAO,CAAC;AAE9D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAE9F,6CAA6C;AAC7C,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC5C,kFAAkF;IAClF,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACvD,OAAO,KAAK,CAAC;AACf,CAAC;AAUD,MAAM,UAAU,kBAAkB,CAAC,KAAa,EAAE,KAAK,GAAG,EAAE;IAC1D,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,MAAM,IAAI,GAAqC,EAAE,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;YAAE,KAAK,IAAI,GAAG,CAAC;aAC1B,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;aACtC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,KAAK,GAAG,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,GAAG,EAAE,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE;KAC7B,CAAC,CAAC,CAAC;AACN,CAAC"}
+{"version":3,"file":"geocatalogue.js","sourceRoot":"","sources":["../../src/data/geocatalogue.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAE7E;iCACiC;AACjC,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAClF,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACjE,CAAC;AAEF,yBAAyB;AACzB,MAAM,aAAa,GAAG;IACpB,SAAS;IACT,KAAK;IACL,UAAU;IACV,UAAU;IACV,QAAQ;IACR,SAAS;IACT,SAAS;IACT,YAAY;IACZ,QAAQ;IACR,YAAY;CACb,CAAC;AAEF,4EAA4E;AAC5E,MAAM,aAAa,GAAG;IACpB,UAAU;IACV,cAAc;IACd,kBAAkB;IAClB,yBAAyB;IACzB,gBAAgB;IAChB,iBAAiB;IACjB,iCAAiC;IACjC,aAAa;IACb,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,qBAAqB;IACrB,OAAO;IACP,QAAQ;IACR,WAAW;IACX,WAAW;IACX,WAAW;IACX,eAAe;IACf,WAAW;IACX,QAAQ;IACR,YAAY;IACZ,WAAW;IACX,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,WAAW;IACX,UAAU;IACV,UAAU;IACV,SAAS;IACT,SAAS;IACT,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,aAAa;IACb,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,UAAU;IACV,WAAW;IACX,IAAI;IACJ,UAAU;IACV,YAAY;IACZ,SAAS;IACT,2BAA2B;IAC3B,cAAc;IACd,yBAAyB;IACzB,kCAAkC;IAClC,mBAAmB;IACnB,cAAc;IACd,0BAA0B;IAC1B,qBAAqB;IACrB,QAAQ;IACR,iBAAiB;IACjB,sBAAsB;IACtB,qBAAqB;IACrB,UAAU;IACV,SAAS;IACT,IAAI;CACL,CAAC;AAUF,SAAS,KAAK,CAAC,IAAY,EAAE,WAAmB;IAC9C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAChD,CAAC;AACD,SAAS,OAAO,CAAC,IAAY,EAAE,WAAmB;IAChD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,aAAa,GAA2B;IAC5C,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS;IAC1E,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,WAAW;IACtE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ;IACpE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,QAAQ;IAC9D,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS;IACvE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,sBAAsB;IACxE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW;IACrE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW;IAC3E,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,YAAY;CACpE,CAAC;AAEF,MAAM,OAAO,GAAe,EAAE,CAAC;AAE/B,uBAAuB;AACvB,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;IACxD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,KAAK,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AACD,mBAAmB;AACnB,KAAK,MAAM,CAAC,IAAI,aAAa;IAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC;AAE9E,0EAA0E;AAC1E,KAAK,MAAM,CAAC,IAAI,aAAa;IAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC;AAC7E,0CAA0C;AAC1C,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;IACxD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,EAAE,yBAAyB,KAAK,EAAE,CAAC,CAAC,CAAC;AACjF,CAAC;AAcD,SAAS,oBAAoB;IAC3B;;;;OAIG;IACH,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAC;QAC7E,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP;6EACqE;QACrE,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,OAAO,GAAG,oBAAoB,EAAE,CAAC;AACvC,MAAM,SAAS,GAAa,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9E,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;AAC3C,KAAK,MAAM,IAAI,IAAI,iBAAiB;IAAE,WAAW,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;AAC7E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;IAC7B,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,SAAS;IACpC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,iCAAiC,IAAI,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAA4B,OAAO,CAAC;AAE9D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAE9F,6CAA6C;AAC7C,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC5C,kFAAkF;IAClF,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACvD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,oBAAoB,GAAa,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;IACzE,CAAC,CAAC,OAAO,CAAC,aAAa;IACvB,CAAC,CAAC,EAAE,CAAC;AACP,MAAM,mBAAmB,GAAG,IAAI,GAAG,CACjC,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,GAAG,CACnF,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CACvB,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAW,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC;AAE3E;;0DAE0D;AAC1D,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACzC;2EACuE;IACvE,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,OAAO,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAeD,MAAM,UAAU,kBAAkB,CAAC,KAAa,EAAE,KAAK,GAAG,EAAE;IAC1D,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,MAAM,IAAI,GAAqC,EAAE,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;YAAE,KAAK,IAAI,GAAG,CAAC;aAC1B,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;aACtC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,KAAK,GAAG,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,GAAG,EAAE,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE;QAC5B,eAAe,EAAE,IAAI;QACrB,eAAe,EACb,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;KACxF,CAAC,CAAC,CAAC;AACN,CAAC"}