observability-toolkit 1.8.0 → 1.8.4

package/dist/lib/query-sanitizer.test.js

@@ -0,0 +1,400 @@
+/**
+ * Unit tests for query-sanitizer.ts
+ */
+import { describe, it } from 'node:test';
+import assert from 'node:assert';
+import { escapeClickHouseString, escapeClickHouseLike, sanitizeIdentifier, containsDangerousPattern, validateQueryInput, escapeFilterValueSafe, escapeLikeValueSafe, sanitizeValue, DANGEROUS_PATTERNS, } from './query-sanitizer.js';
+describe('query-sanitizer', () => {
+    describe('DANGEROUS_PATTERNS', () => {
+        it('should be a non-empty array', () => {
+            assert.ok(Array.isArray(DANGEROUS_PATTERNS));
+            assert.ok(DANGEROUS_PATTERNS.length > 0);
+        });
+        it('should include common SQL injection keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('DROP'));
+            assert.ok(DANGEROUS_PATTERNS.includes('DELETE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('INSERT'));
+            assert.ok(DANGEROUS_PATTERNS.includes('UPDATE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('UNION'));
+        });
+        it('should include DDL keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('ALTER'));
+            assert.ok(DANGEROUS_PATTERNS.includes('CREATE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('TRUNCATE'));
+        });
+        it('should include comment markers', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('--'));
+            assert.ok(DANGEROUS_PATTERNS.includes('/*'));
+            assert.ok(DANGEROUS_PATTERNS.includes('*/'));
+        });
+        it('should include statement terminator', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes(';'));
+        });
+        it('should include file operation keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('INTO OUTFILE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('INTO DUMPFILE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('LOAD_FILE'));
+        });
+        it('should include ClickHouse-specific dangerous keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('SYSTEM'));
+            assert.ok(DANGEROUS_PATTERNS.includes('ATTACH'));
+            assert.ok(DANGEROUS_PATTERNS.includes('DETACH'));
+        });
+    });
+    describe('escapeClickHouseString', () => {
+        it('should return empty string for empty input', () => {
+            assert.strictEqual(escapeClickHouseString(''), '');
+        });
+        it('should return unchanged string with no special characters', () => {
+            assert.strictEqual(escapeClickHouseString('hello'), 'hello');
+            assert.strictEqual(escapeClickHouseString('test123'), 'test123');
+        });
+        it('should escape single quotes', () => {
+            assert.strictEqual(escapeClickHouseString("it's"), "it\\'s");
+            assert.strictEqual(escapeClickHouseString("test'value"), "test\\'value");
+            assert.strictEqual(escapeClickHouseString("''"), "\\'\\'");
+        });
+        it('should escape backslashes', () => {
+            assert.strictEqual(escapeClickHouseString('path\\to\\file'), 'path\\\\to\\\\file');
+            assert.strictEqual(escapeClickHouseString('\\'), '\\\\');
+        });
+        it('should escape backslashes before single quotes', () => {
+            // Important: backslash followed by quote should become \\'
+            assert.strictEqual(escapeClickHouseString("\\'"), "\\\\\\'");
+        });
+        it('should escape null bytes', () => {
+            assert.strictEqual(escapeClickHouseString('test\0value'), 'test\\0value');
+            assert.strictEqual(escapeClickHouseString('\0'), '\\0');
+        });
+        it('should escape newlines', () => {
+            assert.strictEqual(escapeClickHouseString('line1\nline2'), 'line1\\nline2');
+            assert.strictEqual(escapeClickHouseString('\n'), '\\n');
+        });
+        it('should escape carriage returns', () => {
+            assert.strictEqual(escapeClickHouseString('line1\rline2'), 'line1\\rline2');
+            assert.strictEqual(escapeClickHouseString('\r\n'), '\\r\\n');
+        });
+        it('should escape tabs', () => {
+            assert.strictEqual(escapeClickHouseString('col1\tcol2'), 'col1\\tcol2');
+            assert.strictEqual(escapeClickHouseString('\t'), '\\t');
+        });
+        it('should handle multiple special characters', () => {
+            const input = "test'\n\\\t\0";
+            const expected = "test\\'\\n\\\\\\t\\0";
+            assert.strictEqual(escapeClickHouseString(input), expected);
+        });
+        it('should handle unicode characters unchanged', () => {
+            assert.strictEqual(escapeClickHouseString('unicode: \u00E9\u00F1'), 'unicode: \u00E9\u00F1');
+            assert.strictEqual(escapeClickHouseString('emoji: \uD83D\uDE00'), 'emoji: \uD83D\uDE00');
+        });
+    });
+    describe('escapeClickHouseLike', () => {
+        it('should return empty string for empty input', () => {
+            assert.strictEqual(escapeClickHouseLike(''), '');
+        });
+        it('should return unchanged string with no special characters', () => {
+            assert.strictEqual(escapeClickHouseLike('hello'), 'hello');
+            assert.strictEqual(escapeClickHouseLike('test123'), 'test123');
+        });
+        it('should escape percent sign', () => {
+            assert.strictEqual(escapeClickHouseLike('100%'), '100\\%');
+            assert.strictEqual(escapeClickHouseLike('%value%'), '\\%value\\%');
+        });
+        it('should escape underscore', () => {
+            assert.strictEqual(escapeClickHouseLike('test_value'), 'test\\_value');
+            assert.strictEqual(escapeClickHouseLike('_'), '\\_');
+        });
+        it('should escape backslashes', () => {
+            assert.strictEqual(escapeClickHouseLike('path\\file'), 'path\\\\file');
+        });
+        it('should escape backslash before wildcards', () => {
+            assert.strictEqual(escapeClickHouseLike('\\%'), '\\\\\\%');
+            assert.strictEqual(escapeClickHouseLike('\\_'), '\\\\\\_');
+        });
+        it('should handle multiple wildcards', () => {
+            assert.strictEqual(escapeClickHouseLike('%_%'), '\\%\\_\\%');
+        });
+        it('should not escape other special characters', () => {
+            // Single quotes, etc. are handled by escapeClickHouseString
+            assert.strictEqual(escapeClickHouseLike("it's"), "it's");
+        });
+    });
+    describe('sanitizeIdentifier', () => {
+        it('should return empty string for empty input', () => {
+            assert.strictEqual(sanitizeIdentifier(''), '');
+        });
+        it('should allow alphanumeric characters', () => {
+            assert.strictEqual(sanitizeIdentifier('abc123'), 'abc123');
+            assert.strictEqual(sanitizeIdentifier('ABC123'), 'ABC123');
+        });
+        it('should allow underscores', () => {
+            assert.strictEqual(sanitizeIdentifier('my_column'), 'my_column');
+            assert.strictEqual(sanitizeIdentifier('_private'), '_private');
+        });
+        it('should allow dots for qualified names', () => {
+            assert.strictEqual(sanitizeIdentifier('table.column'), 'table.column');
+            assert.strictEqual(sanitizeIdentifier('db.table.column'), 'db.table.column');
+        });
+        it('should remove spaces', () => {
+            assert.strictEqual(sanitizeIdentifier('my column'), 'mycolumn');
+            assert.strictEqual(sanitizeIdentifier(' column '), 'column');
+        });
+        it('should remove special characters', () => {
+            assert.strictEqual(sanitizeIdentifier('column;DROP'), 'columnDROP');
+            assert.strictEqual(sanitizeIdentifier('col--comment'), 'colcomment');
+            assert.strictEqual(sanitizeIdentifier("col'name"), 'colname');
+        });
+        it('should remove SQL injection attempts', () => {
+            assert.strictEqual(sanitizeIdentifier('column; DROP TABLE users'), 'columnDROPTABLEusers');
+            assert.strictEqual(sanitizeIdentifier('column/*comment*/'), 'columncomment');
+        });
+        it('should handle unicode by removing it', () => {
+            assert.strictEqual(sanitizeIdentifier('column\u00E9'), 'column');
+            assert.strictEqual(sanitizeIdentifier('\u4E2D\u6587'), '');
+        });
+    });
+    describe('containsDangerousPattern', () => {
+        it('should return false for empty string', () => {
+            assert.strictEqual(containsDangerousPattern(''), false);
+        });
+        it('should return false for normal strings', () => {
+            assert.strictEqual(containsDangerousPattern('hello'), false);
+            assert.strictEqual(containsDangerousPattern('test123'), false);
+            assert.strictEqual(containsDangerousPattern('my-service-name'), false);
+        });
+        it('should detect DROP keyword', () => {
+            assert.strictEqual(containsDangerousPattern('DROP TABLE'), true);
+            assert.strictEqual(containsDangerousPattern('drop table'), true);
+            assert.strictEqual(containsDangerousPattern('DrOp TaBlE'), true);
+        });
+        it('should detect DELETE keyword', () => {
+            assert.strictEqual(containsDangerousPattern('DELETE FROM'), true);
+            assert.strictEqual(containsDangerousPattern('delete from users'), true);
+        });
+        it('should detect INSERT keyword', () => {
+            assert.strictEqual(containsDangerousPattern('INSERT INTO'), true);
+            assert.strictEqual(containsDangerousPattern('insert values'), true);
+        });
+        it('should detect UPDATE keyword', () => {
+            assert.strictEqual(containsDangerousPattern('UPDATE users SET'), true);
+            assert.strictEqual(containsDangerousPattern('update table'), true);
+        });
+        it('should detect UNION keyword', () => {
+            assert.strictEqual(containsDangerousPattern('UNION SELECT'), true);
+            assert.strictEqual(containsDangerousPattern('union all'), true);
+        });
+        it('should detect comment markers', () => {
+            assert.strictEqual(containsDangerousPattern('value -- comment'), true);
+            assert.strictEqual(containsDangerousPattern('value /* comment */'), true);
+            assert.strictEqual(containsDangerousPattern('*/'), true);
+        });
+        it('should detect semicolon', () => {
+            assert.strictEqual(containsDangerousPattern('value; DROP'), true);
+            assert.strictEqual(containsDangerousPattern(';'), true);
+        });
+        it('should detect file operations', () => {
+            assert.strictEqual(containsDangerousPattern("INTO OUTFILE '/tmp/file'"), true);
+            assert.strictEqual(containsDangerousPattern('INTO DUMPFILE'), true);
+            assert.strictEqual(containsDangerousPattern('LOAD_FILE()'), true);
+        });
+        it('should detect ClickHouse system commands', () => {
+            assert.strictEqual(containsDangerousPattern('SYSTEM RELOAD'), true);
+            assert.strictEqual(containsDangerousPattern('ATTACH TABLE'), true);
+            assert.strictEqual(containsDangerousPattern('DETACH TABLE'), true);
+        });
+        it('should not flag words containing keywords', () => {
+            // "DROPPED" contains "DROP" but is not the DROP command
+            assert.strictEqual(containsDangerousPattern('DROPPED'), false);
+            assert.strictEqual(containsDangerousPattern('DELETED'), false);
+            assert.strictEqual(containsDangerousPattern('UPDATED'), false);
+            assert.strictEqual(containsDangerousPattern('INSERTED'), false);
+        });
+        it('should detect keywords at word boundaries', () => {
+            assert.strictEqual(containsDangerousPattern('DROP'), true);
+            assert.strictEqual(containsDangerousPattern('(DROP)'), true);
+            assert.strictEqual(containsDangerousPattern('x DROP x'), true);
+        });
+    });
+    describe('validateQueryInput', () => {
+        it('should not throw for safe input', () => {
+            assert.doesNotThrow(() => validateQueryInput('hello', 'serviceName'));
+            assert.doesNotThrow(() => validateQueryInput('test-123', 'traceId'));
+            assert.doesNotThrow(() => validateQueryInput('my.service.name', 'serviceName'));
+        });
+        it('should throw for dangerous input', () => {
+            assert.throws(() => validateQueryInput('DROP TABLE', 'serviceName'), /Invalid serviceName: contains potentially dangerous SQL pattern/);
+        });
+        it('should include field name in error message', () => {
+            assert.throws(() => validateQueryInput('DROP TABLE', 'traceId'), /Invalid traceId/);
+            assert.throws(() => validateQueryInput('DELETE FROM', 'spanName'), /Invalid spanName/);
+        });
+        it('should throw for comment injection', () => {
+            assert.throws(() => validateQueryInput('value -- comment', 'search'), /Invalid search/);
+        });
+        it('should throw for semicolon injection', () => {
+            assert.throws(() => validateQueryInput('value; DROP', 'filter'), /Invalid filter/);
+        });
+    });
+    describe('escapeFilterValueSafe', () => {
+        it('should escape and validate safe input', () => {
+            assert.strictEqual(escapeFilterValueSafe('hello', 'field'), 'hello');
+            assert.strictEqual(escapeFilterValueSafe("it's", 'field'), "it\\'s");
+        });
+        it('should throw for dangerous input', () => {
+            assert.throws(() => escapeFilterValueSafe('DROP TABLE', 'serviceName'), /Invalid serviceName/);
+        });
+        it('should escape special characters in safe input', () => {
+            assert.strictEqual(escapeFilterValueSafe("test\nvalue", 'field'), 'test\\nvalue');
+            assert.strictEqual(escapeFilterValueSafe('test\\path', 'field'), 'test\\\\path');
+        });
+    });
+    describe('escapeLikeValueSafe', () => {
+        it('should escape LIKE wildcards and validate', () => {
+            // 100% -> escapeClickHouseLike -> 100\% -> escapeClickHouseString -> 100\\%
+            assert.strictEqual(escapeLikeValueSafe('100%', 'field'), '100\\\\%');
+            // test_value -> escapeClickHouseLike -> test\_value -> escapeClickHouseString -> test\\_value
+            assert.strictEqual(escapeLikeValueSafe('test_value', 'field'), 'test\\\\_value');
+        });
+        it('should throw for dangerous input', () => {
+            assert.throws(() => escapeLikeValueSafe('UNION SELECT', 'search'), /Invalid search/);
+        });
+        it('should handle combined escaping', () => {
+            // Input: test%'value
+            // After LIKE escape: test\%'value (% escaped for LIKE)
+            // After string escape: test\\%\'value (\ and ' escaped for string)
+            const result = escapeLikeValueSafe("test%'value", 'field');
+            assert.strictEqual(result, "test\\\\%\\'value");
+        });
+    });
+    describe('sanitizeValue (composable API)', () => {
+        it('should validate and escape by default', () => {
+            assert.strictEqual(sanitizeValue('hello'), 'hello');
+            assert.strictEqual(sanitizeValue("it's"), "it\\'s");
+        });
+        it('should throw for dangerous input with validation enabled', () => {
+            assert.throws(() => sanitizeValue('DROP TABLE', { fieldName: 'test' }), /Invalid test/);
+        });
+        it('should skip validation when validate: false', () => {
+            // Dangerous pattern but validation disabled - only escapes
+            assert.doesNotThrow(() => sanitizeValue('DROP TABLE', { validate: false }));
+            assert.strictEqual(sanitizeValue('DROP TABLE', { validate: false }), 'DROP TABLE');
+        });
+        it('should skip escaping when escapeString: false', () => {
+            // Only validates, no escaping
+            assert.strictEqual(sanitizeValue("it's", { escapeString: false }), "it's");
+        });
+        it('should escape LIKE wildcards when escapeLike: true', () => {
+            // 100% -> LIKE escape -> 100\% -> string escape -> 100\\%
+            assert.strictEqual(sanitizeValue('100%', { escapeLike: true }), '100\\\\%');
+            assert.strictEqual(sanitizeValue('test_value', { escapeLike: true }), 'test\\\\_value');
+        });
+        it('should allow validation-only mode', () => {
+            // validate: true (default), escapeString: false
+            assert.strictEqual(sanitizeValue('safe', { escapeString: false }), 'safe');
+            assert.throws(() => sanitizeValue('DROP TABLE', { escapeString: false, fieldName: 'input' }), /Invalid input/);
+        });
+        it('should allow escape-only mode', () => {
+            // validate: false, escapeString: true (default)
+            assert.strictEqual(sanitizeValue("it's", { validate: false }), "it\\'s");
+            assert.strictEqual(sanitizeValue('DROP TABLE', { validate: false }), 'DROP TABLE');
+        });
+        it('should match escapeFilterValueSafe behavior', () => {
+            const testCases = ['hello', "it's", 'test\\path', "test\nvalue"];
+            for (const input of testCases) {
+                assert.strictEqual(sanitizeValue(input, { fieldName: 'field' }), escapeFilterValueSafe(input, 'field'));
+            }
+        });
+        it('should match escapeLikeValueSafe behavior', () => {
+            const testCases = ['hello', '100%', 'test_value', "test%'value"];
+            for (const input of testCases) {
+                assert.strictEqual(sanitizeValue(input, { escapeLike: true, fieldName: 'field' }), escapeLikeValueSafe(input, 'field'));
+            }
+        });
+        it('should use default fieldName in error message', () => {
+            assert.throws(() => sanitizeValue('DROP TABLE'), /Invalid value/);
+        });
+        it('should handle all options disabled', () => {
+            // No validation, no escaping - passthrough
+            const result = sanitizeValue("it's DROP TABLE", {
+                validate: false,
+                escapeString: false,
+            });
+            assert.strictEqual(result, "it's DROP TABLE");
+        });
+        it('should allow empty strings by default', () => {
+            assert.strictEqual(sanitizeValue(''), '');
+            assert.strictEqual(sanitizeValue('', { allowEmpty: true }), '');
+        });
+        it('should throw for empty strings when allowEmpty: false', () => {
+            assert.throws(() => sanitizeValue('', { allowEmpty: false }), /Invalid value: empty string not allowed/);
+        });
+        it('should include fieldName in allowEmpty error message', () => {
+            assert.throws(() => sanitizeValue('', { allowEmpty: false, fieldName: 'searchTerm' }), /Invalid searchTerm: empty string not allowed/);
+        });
+        it('should allow non-empty strings when allowEmpty: false', () => {
+            assert.strictEqual(sanitizeValue('hello', { allowEmpty: false }), 'hello');
+        });
+    });
+    describe('security regression tests', () => {
+        it('should freeze input to prevent TOCTOU attacks (security regression)', () => {
+            // Regression test for TOCTOU vulnerability fix
+            // The function now uses String() to freeze the input as a primitive
+            let callCount = 0;
+            const maliciousProxy = {
+                toString() {
+                    callCount++;
+                    // Return safe string first time, dangerous second time
+                    return callCount === 1 ? 'safe-value' : 'DROP TABLE';
+                },
+                get length() {
+                    return 10;
+                },
+            };
+            // With frozen input, the result should be consistent
+            // The function should only access the value once via String()
+            const result = containsDangerousPattern(maliciousProxy);
+            // Should have called toString exactly once (via String())
+            assert.strictEqual(callCount, 1, 'Input should be frozen via String()');
+            assert.strictEqual(result, false, 'Frozen value should be "safe-value"');
+        });
+        it('should validate SQL_KEYWORDS do not contain unescaped alternation', () => {
+            // Regression test for regex injection vulnerability fix
+            // All SQL_KEYWORDS should be properly escaped
+            for (const keyword of DANGEROUS_PATTERNS) {
+                // After escaping, should not have bare pipe characters
+                const escaped = keyword.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+                assert.ok(!(/(?<!\\)\|/.test(escaped)), `Pattern "${keyword}" contains unescaped alternation after escaping`);
+            }
+        });
+    });
+    describe('edge cases', () => {
+        it('should handle strings at max length boundary', () => {
+            const longString = 'a'.repeat(10000);
+            assert.strictEqual(escapeClickHouseString(longString), longString);
+            // Exactly at MAX_QUERY_INPUT_LENGTH (10000) should pass
+            assert.strictEqual(containsDangerousPattern(longString), false);
+        });
+        it('should reject strings exceeding max length as dangerous (defense in depth)', () => {
+            const tooLongString = 'a'.repeat(10001);
+            // Exceeds MAX_QUERY_INPUT_LENGTH - treated as dangerous for defense in depth
+            assert.strictEqual(containsDangerousPattern(tooLongString), true);
+        });
+        it('should reject very long strings even if they contain safe content', () => {
+            // 15K of safe characters should still be rejected
+            const safeButLong = 'safe-string-'.repeat(1250);
+            assert.strictEqual(containsDangerousPattern(safeButLong), true);
+        });
+        it('should handle strings with only special characters', () => {
+            assert.strictEqual(escapeClickHouseString("'''"), "\\'\\'\\'");
+            assert.strictEqual(escapeClickHouseLike('%%%'), '\\%\\%\\%');
+        });
+        it('should handle null byte injection attempts', () => {
+            assert.strictEqual(escapeClickHouseString("test\0'DROP"), "test\\0\\'DROP");
+        });
+        it('should handle mixed case dangerous patterns', () => {
+            assert.strictEqual(containsDangerousPattern('DrOp TaBlE'), true);
+            assert.strictEqual(containsDangerousPattern('uNiOn SeLeCt'), true);
+        });
+    });
+});
+//# sourceMappingURL=query-sanitizer.test.js.map

package/dist/lib/query-sanitizer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query-sanitizer.test.js","sourceRoot":"","sources":["../../src/lib/query-sanitizer.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAChD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;YACnE,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,YAAY,CAAC,EAAE,cAAc,CAAC,CAAC;YACzE,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,oBAAoB,CAAC,CAAC;YACnF,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,2DAA2D;YAC3D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,aAAa,CAAC,EAAE,cAAc,CAAC,CAAC;YAC1E,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,cAAc,CAAC,EAAE,eAAe,CAAC,CAAC;YAC5E,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,cAAc,CAAC,EAAE,eAAe,CAAC,CAAC;YAC5E,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;YAC5B,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,YAAY,CAAC,EAAE,aAAa,CAAC,CAAC;YACxE,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,KAAK,GAAG,eAAe,CAAC;YAC9B,MAAM,QAAQ,GAAG,sBAAsB,CAAC;YACxC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,uBAAuB,CAAC,EAAE,uBAAuB,CAAC,CAAC;YAC7F,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,qBAAqB,CAAC,EAAE,qBAAqB,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;YACnE,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,YAAY,CAAC,EAAE,cAAc,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,YAAY,CAAC,EAAE,cAAc,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,4DAA4D;YAC5D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,UAAU,CAAC,CAAC;YAChE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,aAAa,CAAC,EAAE,YAAY,CAAC,CAAC;YACpE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,YAAY,CAAC,CAAC;YACrE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,EAAE,sBAAsB,CAAC,CAAC;YAC3F,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,EAAE,eAAe,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,CAAC;YAC1E,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,0BAA0B,CAAC,EAAE,IAAI,CAAC,CAAC;YAC/E,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;YACpE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;YACpE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,wDAAwD;YACxD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;YACtE,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,YAAY,EAAE,aAAa,CAAC,EACrD,iEAAiE,CAClE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,YAAY,EAAE,SAAS,CAAC,EACjD,iBAAiB,CAClB,CAAC;YACF,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,UAAU,CAAC,EACnD,kBAAkB,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EACtD,gBAAgB,CACjB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,EACjD,gBAAgB,CACjB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YACrE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,qBAAqB,CAAC,YAAY,EAAE,aAAa,CAAC,EACxD,qBAAqB,CACtB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,cAAc,CAAC,CAAC;YAClF,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,cAAc,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,4EAA4E;YAC5E,MAAM,CAAC,WAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,UAAU,CAAC,CAAC;YACrE,8FAA8F;YAC9F,MAAM,CAAC,WAAW,CAAC,mBAAmB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,mBAAmB,CAAC,cAAc,EAAE,QAAQ,CAAC,EACnD,gBAAgB,CACjB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,qBAAqB;YACrB,uDAAuD;YACvD,mEAAmE;YACnE,MAAM,MAAM,GAAG,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;QAC9C,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EACxD,cAAc,CACf,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,2DAA2D;YAC3D,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5E,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,8BAA8B;YAC9B,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,0DAA0D;YAC1D,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,gDAAgD;YAChD,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;YAC3E,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAC9E,eAAe,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,gDAAgD;YAChD,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;YACzE,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;YACjE,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,MAAM,CAAC,WAAW,CAChB,aAAa,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAC5C,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CACtC,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;YACjE,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,MAAM,CAAC,WAAW,CAChB,aAAa,CAAC,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAC9D,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CACpC,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,EACjC,eAAe,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,2CAA2C;YAC3C,MAAM,MAAM,GAAG,aAAa,CAAC,iBAAiB,EAAE;gBAC9C,QAAQ,EAAE,KAAK;gBACf,YAAY,EAAE,KAAK;aACpB,CAAC,CAAC;YACH,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1C,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAC9C,yCAAyC,CAC1C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,EACvE,8CAA8C,CAC/C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;YAC7E,+CAA+C;YAC/C,oEAAoE;YAEpE,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,MAAM,cAAc,GAAG;gBACrB,QAAQ;oBACN,SAAS,EAAE,CAAC;oBACZ,uDAAuD;oBACvD,OAAO,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;gBACvD,CAAC;gBACD,IAAI,MAAM;oBACR,OAAO,EAAE,CAAC;gBACZ,CAAC;aACF,CAAC;YAEF,qDAAqD;YACrD,8DAA8D;YAC9D,MAAM,MAAM,GAAG,wBAAwB,CAAC,cAAmC,CAAC,CAAC;YAE7E,0DAA0D;YAC1D,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC,EAAE,qCAAqC,CAAC,CAAC;YACxE,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,qCAAqC,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,wDAAwD;YACxD,8CAA8C;YAC9C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;gBACzC,uDAAuD;gBACvD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;gBAC/D,MAAM,CAAC,EAAE,CACP,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAC5B,YAAY,OAAO,iDAAiD,CACrE,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;YACnE,wDAAwD;YACxD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;YACpF,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxC,6EAA6E;YAC7E,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,kDAAkD;YAClD,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,aAAa,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/lib/server-utils.d.ts

@@ -0,0 +1,80 @@
+/**
+ * Server utilities - Rate limiter and error classes
+ *
+ * Extracted from server.ts to allow importing in tests without starting the MCP server.
+ */
+export declare const RATE_LIMIT: {
+    windowMs: number;
+    maxRequests: number;
+    bucketCount: number;
+    /** Maximum allowed bucketCount to prevent memory exhaustion */
+    maxBucketCount: number;
+};
+/**
+ * Sliding window counter rate limiter with O(1) operations and bounded memory.
+ * Uses fixed-size bucket array to track request counts per time slice.
+ *
+ * Memory usage: O(bucketCount) - fixed regardless of request volume
+ * Time complexity: O(bucketCount) for sum, but bucketCount is constant (60)
+ */
+export declare class RateLimiter {
+    private buckets;
+    private bucketTimestamps;
+    private readonly bucketMs;
+    private readonly windowMs;
+    private readonly maxRequests;
+    private readonly bucketCount;
+    constructor(windowMs?: number, maxRequests?: number, bucketCount?: number);
+    /**
+     * Get the bucket index for a given timestamp.
+     * Uses modulo to create circular buffer behavior.
+     */
+    private getBucketIndex;
+    /**
+     * Clear expired buckets and return the current valid count.
+     * A bucket is expired if its timestamp is older than windowMs ago.
+     */
+    private cleanAndCount;
+    /**
+     * Check if a request is allowed and record it if so.
+     * O(bucketCount) time complexity where bucketCount is constant.
+     */
+    isAllowed(): boolean;
+    /**
+     * Get the number of remaining allowed requests in the current window.
+     */
+    getRemainingRequests(): number;
+    /**
+     * Get the current memory footprint (for testing).
+     * Returns the fixed size of internal arrays.
+     */
+    getMemoryFootprint(): {
+        bucketCount: number;
+        arraySize: number;
+    };
+    /**
+     * Reset the rate limiter state.
+     * @internal For testing ONLY - not thread-safe, do not use in production
+     */
+    reset(): void;
+}
+/**
+ * Valid server initialization steps.
+ * Used for type-safe error reporting during server startup.
+ */
+export type ServerInitStep = 'tool-validation' | 'server-creation' | 'handler-registration' | 'transport-connection';
+/**
+ * Server initialization error with explicit step information.
+ *
+ * Steps:
+ * - tool-validation: Validating tool configuration
+ * - server-creation: Creating MCP server instance
+ * - handler-registration: Registering request handlers
+ * - transport-connection: Connecting stdio transport
+ */
+export declare class ServerInitError extends Error {
+    readonly step: ServerInitStep;
+    readonly cause: unknown;
+    constructor(step: ServerInitStep, cause: unknown, message?: string);
+}
+//# sourceMappingURL=server-utils.d.ts.map

package/dist/lib/server-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-utils.d.ts","sourceRoot":"","sources":["../../src/lib/server-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,eAAO,MAAM,UAAU;;;;IAIrB,+DAA+D;;CAEhE,CAAC;AAEF;;;;;;GAMG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,gBAAgB,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAGnC,QAAQ,GAAE,MAA4B,EACtC,WAAW,GAAE,MAA+B,EAC5C,WAAW,GAAE,MAA+B;IAwB9C;;;OAGG;IACH,OAAO,CAAC,cAAc;IAItB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAiBrB;;;OAGG;IACH,SAAS,IAAI,OAAO;IAuBpB;;OAEG;IACH,oBAAoB,IAAI,MAAM;IAM9B;;;OAGG;IACH,kBAAkB,IAAI;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE;IAOhE;;;OAGG;IACH,KAAK,IAAI,IAAI;CAId;AAED;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,iBAAiB,GACjB,iBAAiB,GACjB,sBAAsB,GACtB,sBAAsB,CAAC;AAE3B;;;;;;;;GAQG;AACH,qBAAa,eAAgB,SAAQ,KAAK;aAEtB,IAAI,EAAE,cAAc;aACpB,KAAK,EAAE,OAAO;gBADd,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE,OAAO,EAC9B,OAAO,CAAC,EAAE,MAAM;CAKnB"}