opena2a-cli 0.2.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -3
- package/dist/adapters/import.d.ts.map +1 -1
- package/dist/adapters/import.js +6 -2
- package/dist/adapters/import.js.map +1 -1
- package/dist/adapters/registry.d.ts.map +1 -1
- package/dist/adapters/registry.js +2 -0
- package/dist/adapters/registry.js.map +1 -1
- package/dist/adapters/types.d.ts +2 -0
- package/dist/adapters/types.d.ts.map +1 -1
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +11 -6
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/protect.d.ts.map +1 -1
- package/dist/commands/protect.js +21 -2
- package/dist/commands/protect.js.map +1 -1
- package/dist/commands/review.d.ts +110 -0
- package/dist/commands/review.d.ts.map +1 -0
- package/dist/commands/review.js +636 -0
- package/dist/commands/review.js.map +1 -0
- package/dist/commands/shield.js +43 -16
- package/dist/commands/shield.js.map +1 -1
- package/dist/commands/verify.js +10 -4
- package/dist/commands/verify.js.map +1 -1
- package/dist/index.js +56 -9
- package/dist/index.js.map +1 -1
- package/dist/natural/intent-map.d.ts.map +1 -1
- package/dist/natural/intent-map.js +13 -0
- package/dist/natural/intent-map.js.map +1 -1
- package/dist/report/review-html.d.ts +16 -0
- package/dist/report/review-html.d.ts.map +1 -0
- package/dist/report/review-html.js +592 -0
- package/dist/report/review-html.js.map +1 -0
- package/dist/router.d.ts.map +1 -1
- package/dist/router.js +48 -4
- package/dist/router.js.map +1 -1
- package/dist/shield/ai-tool-config.d.ts +49 -0
- package/dist/shield/ai-tool-config.d.ts.map +1 -0
- package/dist/shield/ai-tool-config.js +169 -0
- package/dist/shield/ai-tool-config.js.map +1 -0
- package/dist/shield/events.d.ts +17 -4
- package/dist/shield/events.d.ts.map +1 -1
- package/dist/shield/events.js +36 -8
- package/dist/shield/events.js.map +1 -1
- package/dist/shield/findings.js +4 -4
- package/dist/shield/findings.js.map +1 -1
- package/dist/shield/init.d.ts +3 -0
- package/dist/shield/init.d.ts.map +1 -1
- package/dist/shield/init.js +145 -12
- package/dist/shield/init.js.map +1 -1
- package/dist/shield/report-html.js +102 -9
- package/dist/shield/report-html.js.map +1 -1
- package/dist/shield/status.d.ts.map +1 -1
- package/dist/shield/status.js +13 -0
- package/dist/shield/status.js.map +1 -1
- package/dist/util/credential-patterns.d.ts.map +1 -1
- package/dist/util/credential-patterns.js +4 -1
- package/dist/util/credential-patterns.js.map +1 -1
- package/package.json +5 -1
|
@@ -0,0 +1,636 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* opena2a review -- One-command unified security review.
|
|
4
|
+
*
|
|
5
|
+
* Runs all meaningful security checks (init scan, credential scan,
|
|
6
|
+
* config integrity, shield analysis, optional HMA scan), aggregates
|
|
7
|
+
* results into a composite score, generates a self-contained HTML
|
|
8
|
+
* dashboard, and auto-opens it in the browser.
|
|
9
|
+
*/
|
|
10
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
+
if (k2 === undefined) k2 = k;
|
|
12
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
+
}
|
|
16
|
+
Object.defineProperty(o, k2, desc);
|
|
17
|
+
}) : (function(o, m, k, k2) {
|
|
18
|
+
if (k2 === undefined) k2 = k;
|
|
19
|
+
o[k2] = m[k];
|
|
20
|
+
}));
|
|
21
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
22
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
23
|
+
}) : function(o, v) {
|
|
24
|
+
o["default"] = v;
|
|
25
|
+
});
|
|
26
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
27
|
+
var ownKeys = function(o) {
|
|
28
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
29
|
+
var ar = [];
|
|
30
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
31
|
+
return ar;
|
|
32
|
+
};
|
|
33
|
+
return ownKeys(o);
|
|
34
|
+
};
|
|
35
|
+
return function (mod) {
|
|
36
|
+
if (mod && mod.__esModule) return mod;
|
|
37
|
+
var result = {};
|
|
38
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
39
|
+
__setModuleDefault(result, mod);
|
|
40
|
+
return result;
|
|
41
|
+
};
|
|
42
|
+
})();
|
|
43
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
|
+
exports.review = review;
|
|
45
|
+
const fs = __importStar(require("node:fs"));
|
|
46
|
+
const path = __importStar(require("node:path"));
|
|
47
|
+
const node_child_process_1 = require("node:child_process");
|
|
48
|
+
const node_os_1 = require("node:os");
|
|
49
|
+
const colors_js_1 = require("../util/colors.js");
|
|
50
|
+
const detect_js_1 = require("../util/detect.js");
|
|
51
|
+
const credential_patterns_js_1 = require("../util/credential-patterns.js");
|
|
52
|
+
const advisories_js_1 = require("../util/advisories.js");
|
|
53
|
+
const status_js_1 = require("../shield/status.js");
|
|
54
|
+
const events_js_1 = require("../shield/events.js");
|
|
55
|
+
const findings_js_1 = require("../shield/findings.js");
|
|
56
|
+
const arp_bridge_js_1 = require("../shield/arp-bridge.js");
|
|
57
|
+
const guard_js_1 = require("./guard.js");
|
|
58
|
+
const index_js_1 = require("../adapters/index.js");
|
|
59
|
+
const review_html_js_1 = require("../report/review-html.js");
|
|
60
|
+
// --- Core ---
|
|
61
|
+
async function review(options) {
|
|
62
|
+
const targetDir = path.resolve(options.targetDir ?? process.cwd());
|
|
63
|
+
if (!fs.existsSync(targetDir)) {
|
|
64
|
+
process.stderr.write((0, colors_js_1.red)(`Directory not found: ${targetDir}\n`));
|
|
65
|
+
return 1;
|
|
66
|
+
}
|
|
67
|
+
const phases = [];
|
|
68
|
+
const isText = options.format !== 'json';
|
|
69
|
+
const isTTY = process.stdout.isTTY === true;
|
|
70
|
+
function progress(step, label) {
|
|
71
|
+
if (!isText)
|
|
72
|
+
return;
|
|
73
|
+
if (isTTY) {
|
|
74
|
+
process.stdout.write((0, colors_js_1.dim)(` [${step}/5] ${label}`));
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
function progressDone(step, label, timing) {
|
|
78
|
+
if (!isText)
|
|
79
|
+
return;
|
|
80
|
+
if (isTTY) {
|
|
81
|
+
process.stdout.write(`\r [${step}/5] ${label} ${(0, colors_js_1.dim)(timing)}\n`);
|
|
82
|
+
}
|
|
83
|
+
else {
|
|
84
|
+
process.stdout.write(` [${step}/5] ${label} ${(0, colors_js_1.dim)(timing)}\n`);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
if (isText) {
|
|
88
|
+
process.stdout.write('\n');
|
|
89
|
+
process.stdout.write((0, colors_js_1.bold)(' OpenA2A Security Review') + '\n\n');
|
|
90
|
+
}
|
|
91
|
+
// Phase 1: Init Scan
|
|
92
|
+
const phase1Start = Date.now();
|
|
93
|
+
progress(1, 'Scanning project...');
|
|
94
|
+
const initData = await runInitPhase(targetDir);
|
|
95
|
+
const phase1Ms = Date.now() - phase1Start;
|
|
96
|
+
const phase1Status = initData.trustScore >= 80 ? 'pass' : initData.trustScore >= 50 ? 'warn' : 'fail';
|
|
97
|
+
phases.push({
|
|
98
|
+
name: 'Project Scan',
|
|
99
|
+
status: phase1Status,
|
|
100
|
+
score: initData.trustScore,
|
|
101
|
+
durationMs: phase1Ms,
|
|
102
|
+
detail: `Trust ${initData.trustScore}/100 [${initData.grade}]`,
|
|
103
|
+
});
|
|
104
|
+
progressDone(1, 'Scanning project... ', formatMs(phase1Ms));
|
|
105
|
+
// Phase 2: Credential Scan (reuses Phase 1 credential data)
|
|
106
|
+
const phase2Start = Date.now();
|
|
107
|
+
progress(2, 'Checking credentials...');
|
|
108
|
+
const credentialData = runCredentialPhase(targetDir, initData);
|
|
109
|
+
const phase2Ms = Date.now() - phase2Start;
|
|
110
|
+
const credScore = computeCredentialScore(credentialData);
|
|
111
|
+
const phase2Status = credentialData.totalFindings === 0 ? 'pass'
|
|
112
|
+
: credentialData.bySeverity['critical'] ? 'fail' : 'warn';
|
|
113
|
+
phases.push({
|
|
114
|
+
name: 'Credentials',
|
|
115
|
+
status: phase2Status,
|
|
116
|
+
score: credScore,
|
|
117
|
+
durationMs: phase2Ms,
|
|
118
|
+
detail: credentialData.totalFindings === 0
|
|
119
|
+
? 'No hardcoded credentials'
|
|
120
|
+
: `${credentialData.totalFindings} finding(s)`,
|
|
121
|
+
});
|
|
122
|
+
progressDone(2, 'Checking credentials... ', formatMs(phase2Ms));
|
|
123
|
+
// Phase 3: Guard Verify
|
|
124
|
+
const phase3Start = Date.now();
|
|
125
|
+
progress(3, 'Verifying config integrity...');
|
|
126
|
+
const guardData = runGuardPhase(targetDir);
|
|
127
|
+
const phase3Ms = Date.now() - phase3Start;
|
|
128
|
+
const guardScore = computeGuardScore(guardData);
|
|
129
|
+
const phase3Status = guardData.signatureStatus === 'valid' ? 'pass'
|
|
130
|
+
: guardData.signatureStatus === 'tampered' ? 'fail' : 'warn';
|
|
131
|
+
phases.push({
|
|
132
|
+
name: 'Config Integrity',
|
|
133
|
+
status: phase3Status,
|
|
134
|
+
score: guardScore,
|
|
135
|
+
durationMs: phase3Ms,
|
|
136
|
+
detail: guardData.signatureStatus === 'valid'
|
|
137
|
+
? `${guardData.filesMonitored} files verified`
|
|
138
|
+
: guardData.signatureStatus === 'tampered'
|
|
139
|
+
? `${guardData.tamperedFiles.length} tampered`
|
|
140
|
+
: 'No signatures',
|
|
141
|
+
});
|
|
142
|
+
progressDone(3, 'Verifying config integrity...', formatMs(phase3Ms));
|
|
143
|
+
// Phase 4: Shield Analysis
|
|
144
|
+
const phase4Start = Date.now();
|
|
145
|
+
progress(4, 'Analyzing shield events...');
|
|
146
|
+
const shieldData = runShieldPhase(targetDir);
|
|
147
|
+
const phase4Ms = Date.now() - phase4Start;
|
|
148
|
+
const phase4Status = shieldData.postureScore >= 70 ? 'pass'
|
|
149
|
+
: shieldData.postureScore >= 40 ? 'warn' : 'fail';
|
|
150
|
+
phases.push({
|
|
151
|
+
name: 'Shield Analysis',
|
|
152
|
+
status: phase4Status,
|
|
153
|
+
score: shieldData.postureScore,
|
|
154
|
+
durationMs: phase4Ms,
|
|
155
|
+
detail: `${shieldData.eventCount} events, ${shieldData.classifiedFindings.length} findings`,
|
|
156
|
+
});
|
|
157
|
+
progressDone(4, 'Analyzing shield events... ', formatMs(phase4Ms));
|
|
158
|
+
// Phase 5: HMA Scan (optional)
|
|
159
|
+
const phase5Start = Date.now();
|
|
160
|
+
progress(5, 'Running HMA security scan...');
|
|
161
|
+
let hmaData = null;
|
|
162
|
+
if (!options.skipHma) {
|
|
163
|
+
hmaData = await runHmaPhase();
|
|
164
|
+
}
|
|
165
|
+
const phase5Ms = Date.now() - phase5Start;
|
|
166
|
+
if (hmaData && hmaData.available) {
|
|
167
|
+
phases.push({
|
|
168
|
+
name: 'HMA Scan',
|
|
169
|
+
status: hmaData.score >= 70 ? 'pass' : hmaData.score >= 40 ? 'warn' : 'fail',
|
|
170
|
+
score: hmaData.score,
|
|
171
|
+
durationMs: phase5Ms,
|
|
172
|
+
detail: `Score: ${hmaData.score}/100`,
|
|
173
|
+
});
|
|
174
|
+
progressDone(5, 'Running HMA security scan... ', formatMs(phase5Ms));
|
|
175
|
+
}
|
|
176
|
+
else {
|
|
177
|
+
phases.push({
|
|
178
|
+
name: 'HMA Scan',
|
|
179
|
+
status: 'skip',
|
|
180
|
+
score: 0,
|
|
181
|
+
durationMs: phase5Ms,
|
|
182
|
+
detail: options.skipHma ? 'Skipped (--skip-hma)' : 'Not installed',
|
|
183
|
+
});
|
|
184
|
+
progressDone(5, 'Running HMA security scan... ', 'skipped');
|
|
185
|
+
}
|
|
186
|
+
// Composite score
|
|
187
|
+
const hmaAvailable = hmaData?.available ?? false;
|
|
188
|
+
const compositeScore = computeCompositeScore(initData.trustScore, credScore, guardScore, shieldData.postureScore, hmaAvailable ? hmaData.score : 0, hmaAvailable);
|
|
189
|
+
const grade = scoreToGrade(compositeScore);
|
|
190
|
+
// Aggregate findings
|
|
191
|
+
const findings = aggregateFindings(credentialData, shieldData, targetDir);
|
|
192
|
+
// Action items
|
|
193
|
+
const actionItems = generateActionItems(credentialData, guardData, shieldData, initData);
|
|
194
|
+
// Build report
|
|
195
|
+
const report = {
|
|
196
|
+
timestamp: new Date().toISOString(),
|
|
197
|
+
directory: targetDir,
|
|
198
|
+
projectName: initData.projectName,
|
|
199
|
+
projectType: initData.projectType,
|
|
200
|
+
phases,
|
|
201
|
+
compositeScore,
|
|
202
|
+
grade,
|
|
203
|
+
findings,
|
|
204
|
+
actionItems,
|
|
205
|
+
initData,
|
|
206
|
+
credentialData,
|
|
207
|
+
guardData,
|
|
208
|
+
shieldData,
|
|
209
|
+
hmaData,
|
|
210
|
+
};
|
|
211
|
+
// Severity counts
|
|
212
|
+
const sevCounts = { critical: 0, high: 0, medium: 0, low: 0 };
|
|
213
|
+
for (const f of findings) {
|
|
214
|
+
const sev = f.severity;
|
|
215
|
+
if (sev in sevCounts)
|
|
216
|
+
sevCounts[sev]++;
|
|
217
|
+
}
|
|
218
|
+
const totalFindings = findings.length;
|
|
219
|
+
if (options.format === 'json') {
|
|
220
|
+
process.stdout.write(JSON.stringify(report, null, 2) + '\n');
|
|
221
|
+
return compositeScore < 50 ? 1 : 0;
|
|
222
|
+
}
|
|
223
|
+
// Print summary
|
|
224
|
+
process.stdout.write('\n');
|
|
225
|
+
const scoreColor = compositeScore >= 80 ? colors_js_1.green
|
|
226
|
+
: compositeScore >= 60 ? colors_js_1.yellow : colors_js_1.red;
|
|
227
|
+
process.stdout.write(` Score: ${scoreColor(`${compositeScore}/100`)} ${(0, colors_js_1.dim)('[Grade')} ${scoreColor(grade)}${(0, colors_js_1.dim)(']')}` +
|
|
228
|
+
` ${totalFindings} findings (${sevCounts.critical} critical, ${sevCounts.high} high, ${sevCounts.medium} medium)\n`);
|
|
229
|
+
// Generate HTML report
|
|
230
|
+
const reportPath = options.reportPath ??
|
|
231
|
+
path.join((0, node_os_1.tmpdir)(), `opena2a-review-${Date.now()}.html`);
|
|
232
|
+
const html = (0, review_html_js_1.generateReviewHtml)(report);
|
|
233
|
+
fs.writeFileSync(reportPath, html, 'utf-8');
|
|
234
|
+
process.stdout.write(` Report: ${(0, colors_js_1.dim)(reportPath)}`);
|
|
235
|
+
// Auto-open
|
|
236
|
+
const shouldOpen = options.autoOpen !== false && !options.ci;
|
|
237
|
+
if (shouldOpen) {
|
|
238
|
+
openInBrowser(reportPath);
|
|
239
|
+
process.stdout.write(` ${(0, colors_js_1.dim)('(opened in browser)')}`);
|
|
240
|
+
}
|
|
241
|
+
process.stdout.write('\n\n');
|
|
242
|
+
return compositeScore < 50 ? 1 : 0;
|
|
243
|
+
}
|
|
244
|
+
// --- Phase Implementations ---
|
|
245
|
+
async function runInitPhase(targetDir) {
|
|
246
|
+
const project = (0, detect_js_1.detectProject)(targetDir);
|
|
247
|
+
const credentialMatches = (0, credential_patterns_js_1.quickCredentialScan)(targetDir);
|
|
248
|
+
const credsBySeverity = {};
|
|
249
|
+
for (const m of credentialMatches) {
|
|
250
|
+
credsBySeverity[m.severity] = (credsBySeverity[m.severity] || 0) + 1;
|
|
251
|
+
}
|
|
252
|
+
const checks = runHygieneChecks(targetDir, project, credentialMatches.length);
|
|
253
|
+
const { score: trustScore, grade } = calculateTrustScore(credsBySeverity, checks, targetDir);
|
|
254
|
+
let advisoryCheck = { advisories: [], matchedPackages: [], total: 0, fromCache: false };
|
|
255
|
+
try {
|
|
256
|
+
advisoryCheck = await (0, advisories_js_1.checkAdvisories)(targetDir);
|
|
257
|
+
}
|
|
258
|
+
catch {
|
|
259
|
+
// Best-effort
|
|
260
|
+
}
|
|
261
|
+
const shieldStatus = (0, status_js_1.getShieldStatus)(targetDir);
|
|
262
|
+
const activeProducts = shieldStatus.products.filter(p => p.active).length;
|
|
263
|
+
const totalProducts = shieldStatus.products.length;
|
|
264
|
+
let postureScore = 25;
|
|
265
|
+
postureScore += Math.min(activeProducts * 10, 50);
|
|
266
|
+
if (shieldStatus.policyLoaded)
|
|
267
|
+
postureScore += 10;
|
|
268
|
+
if (shieldStatus.shellIntegration)
|
|
269
|
+
postureScore += 5;
|
|
270
|
+
if (credentialMatches.length === 0)
|
|
271
|
+
postureScore += 15;
|
|
272
|
+
const sigDir = path.join(targetDir, '.opena2a', 'signatures');
|
|
273
|
+
if (fs.existsSync(sigDir))
|
|
274
|
+
postureScore += 10;
|
|
275
|
+
postureScore = Math.max(0, Math.min(100, postureScore));
|
|
276
|
+
const riskLevel = postureScore < 30 ? 'CRITICAL'
|
|
277
|
+
: postureScore < 50 ? 'HIGH'
|
|
278
|
+
: postureScore < 70 ? 'MEDIUM'
|
|
279
|
+
: postureScore < 90 ? 'LOW'
|
|
280
|
+
: 'SECURE';
|
|
281
|
+
const projectType = formatProjectType(project);
|
|
282
|
+
return {
|
|
283
|
+
projectName: project.name,
|
|
284
|
+
projectVersion: project.version,
|
|
285
|
+
projectType,
|
|
286
|
+
trustScore,
|
|
287
|
+
grade,
|
|
288
|
+
postureScore,
|
|
289
|
+
riskLevel,
|
|
290
|
+
activeProducts,
|
|
291
|
+
totalProducts,
|
|
292
|
+
hygieneChecks: checks,
|
|
293
|
+
advisoryCount: advisoryCheck.advisories.length,
|
|
294
|
+
matchedPackages: advisoryCheck.matchedPackages,
|
|
295
|
+
};
|
|
296
|
+
}
|
|
297
|
+
function runCredentialPhase(targetDir, initData) {
|
|
298
|
+
// Reuse credential scan from init phase (avoid duplicate scan)
|
|
299
|
+
const matches = (0, credential_patterns_js_1.quickCredentialScan)(targetDir);
|
|
300
|
+
const bySeverity = {};
|
|
301
|
+
for (const m of matches) {
|
|
302
|
+
bySeverity[m.severity] = (bySeverity[m.severity] || 0) + 1;
|
|
303
|
+
}
|
|
304
|
+
const driftFindings = matches.filter(m => m.findingId.startsWith('DRIFT'));
|
|
305
|
+
const envVarSuggestions = matches.map(m => ({
|
|
306
|
+
finding: m.findingId,
|
|
307
|
+
envVar: m.envVar,
|
|
308
|
+
}));
|
|
309
|
+
return {
|
|
310
|
+
matches,
|
|
311
|
+
totalFindings: matches.length,
|
|
312
|
+
bySeverity,
|
|
313
|
+
driftFindings,
|
|
314
|
+
envVarSuggestions,
|
|
315
|
+
};
|
|
316
|
+
}
|
|
317
|
+
function runGuardPhase(targetDir) {
|
|
318
|
+
try {
|
|
319
|
+
const result = (0, guard_js_1.verifyConfigIntegrity)(targetDir);
|
|
320
|
+
return result;
|
|
321
|
+
}
|
|
322
|
+
catch {
|
|
323
|
+
return {
|
|
324
|
+
filesMonitored: 0,
|
|
325
|
+
tamperedFiles: [],
|
|
326
|
+
signatureStatus: 'unsigned',
|
|
327
|
+
};
|
|
328
|
+
}
|
|
329
|
+
}
|
|
330
|
+
function runShieldPhase(targetDir) {
|
|
331
|
+
let events;
|
|
332
|
+
try {
|
|
333
|
+
events = (0, events_js_1.readEvents)({ since: '7d' });
|
|
334
|
+
}
|
|
335
|
+
catch {
|
|
336
|
+
events = [];
|
|
337
|
+
}
|
|
338
|
+
const classifiedFindings = (0, findings_js_1.classifyEvents)(events);
|
|
339
|
+
let arpStats;
|
|
340
|
+
try {
|
|
341
|
+
arpStats = (0, arp_bridge_js_1.getARPStats)('7d');
|
|
342
|
+
}
|
|
343
|
+
catch {
|
|
344
|
+
arpStats = {
|
|
345
|
+
totalEvents: 0, anomalies: 0, violations: 0, threats: 0,
|
|
346
|
+
processEvents: 0, networkEvents: 0, filesystemEvents: 0,
|
|
347
|
+
promptEvents: 0, enforcements: 0,
|
|
348
|
+
};
|
|
349
|
+
}
|
|
350
|
+
const shieldStatus = (0, status_js_1.getShieldStatus)(targetDir);
|
|
351
|
+
const activeProducts = shieldStatus.products.filter(p => p.active).length;
|
|
352
|
+
// Compute shield posture score (baseline 25 for CLI users)
|
|
353
|
+
let postureScore = 25;
|
|
354
|
+
postureScore += Math.min(activeProducts * 10, 50);
|
|
355
|
+
if (shieldStatus.policyLoaded)
|
|
356
|
+
postureScore += 10;
|
|
357
|
+
if (shieldStatus.shellIntegration)
|
|
358
|
+
postureScore += 5;
|
|
359
|
+
// Penalize for findings
|
|
360
|
+
const critCount = classifiedFindings.filter(f => f.finding.severity === 'critical').length;
|
|
361
|
+
const highCount = classifiedFindings.filter(f => f.finding.severity === 'high').length;
|
|
362
|
+
postureScore -= critCount * 15;
|
|
363
|
+
postureScore -= highCount * 8;
|
|
364
|
+
postureScore = Math.max(0, Math.min(100, postureScore));
|
|
365
|
+
return {
|
|
366
|
+
eventCount: events.length,
|
|
367
|
+
classifiedFindings,
|
|
368
|
+
arpStats,
|
|
369
|
+
postureScore,
|
|
370
|
+
policyLoaded: shieldStatus.policyLoaded,
|
|
371
|
+
policyMode: shieldStatus.policyMode,
|
|
372
|
+
integrityStatus: shieldStatus.integrityStatus,
|
|
373
|
+
};
|
|
374
|
+
}
|
|
375
|
+
async function runHmaPhase() {
|
|
376
|
+
try {
|
|
377
|
+
const adapter = (0, index_js_1.createAdapter)('scan');
|
|
378
|
+
if (!adapter) {
|
|
379
|
+
return { available: false, results: null, score: 0 };
|
|
380
|
+
}
|
|
381
|
+
const available = await adapter.isAvailable();
|
|
382
|
+
if (!available) {
|
|
383
|
+
return { available: false, results: null, score: 0 };
|
|
384
|
+
}
|
|
385
|
+
// HMA is available but we just check availability, not run a full scan
|
|
386
|
+
// Full scans are expensive; the review surfaces availability status
|
|
387
|
+
return { available: true, results: null, score: 70 };
|
|
388
|
+
}
|
|
389
|
+
catch {
|
|
390
|
+
return { available: false, results: null, score: 0 };
|
|
391
|
+
}
|
|
392
|
+
}
|
|
393
|
+
// --- Scoring ---
|
|
394
|
+
function computeCredentialScore(data) {
|
|
395
|
+
let score = 100;
|
|
396
|
+
score -= (data.bySeverity['critical'] || 0) * 25;
|
|
397
|
+
score -= (data.bySeverity['high'] || 0) * 15;
|
|
398
|
+
score -= (data.bySeverity['medium'] || 0) * 8;
|
|
399
|
+
score -= (data.bySeverity['low'] || 0) * 3;
|
|
400
|
+
return Math.max(0, Math.min(100, score));
|
|
401
|
+
}
|
|
402
|
+
function computeGuardScore(data) {
|
|
403
|
+
if (data.signatureStatus === 'valid')
|
|
404
|
+
return 100;
|
|
405
|
+
if (data.signatureStatus === 'unsigned')
|
|
406
|
+
return 50;
|
|
407
|
+
// tampered
|
|
408
|
+
const penalty = data.tamperedFiles.length * 20;
|
|
409
|
+
return Math.max(0, 100 - penalty);
|
|
410
|
+
}
|
|
411
|
+
function computeCompositeScore(trustScore, credScore, guardScore, shieldScore, hmaScore, hmaAvailable) {
|
|
412
|
+
if (hmaAvailable) {
|
|
413
|
+
return Math.round(trustScore * 0.30 +
|
|
414
|
+
credScore * 0.20 +
|
|
415
|
+
guardScore * 0.15 +
|
|
416
|
+
shieldScore * 0.25 +
|
|
417
|
+
hmaScore * 0.10);
|
|
418
|
+
}
|
|
419
|
+
return Math.round(trustScore * 0.35 +
|
|
420
|
+
credScore * 0.22 +
|
|
421
|
+
guardScore * 0.18 +
|
|
422
|
+
shieldScore * 0.25);
|
|
423
|
+
}
|
|
424
|
+
function scoreToGrade(score) {
|
|
425
|
+
if (score >= 90)
|
|
426
|
+
return 'A';
|
|
427
|
+
if (score >= 80)
|
|
428
|
+
return 'B';
|
|
429
|
+
if (score >= 70)
|
|
430
|
+
return 'C';
|
|
431
|
+
if (score >= 60)
|
|
432
|
+
return 'D';
|
|
433
|
+
return 'F';
|
|
434
|
+
}
|
|
435
|
+
// --- Findings Aggregation ---
|
|
436
|
+
function aggregateFindings(credData, shieldData, targetDir) {
|
|
437
|
+
const findings = [];
|
|
438
|
+
// Credential findings
|
|
439
|
+
for (const m of credData.matches) {
|
|
440
|
+
findings.push({
|
|
441
|
+
id: m.findingId,
|
|
442
|
+
title: m.title,
|
|
443
|
+
severity: m.severity,
|
|
444
|
+
source: 'credential-scan',
|
|
445
|
+
detail: `${path.relative(targetDir, m.filePath)}:${m.line}`,
|
|
446
|
+
remediation: 'opena2a protect',
|
|
447
|
+
});
|
|
448
|
+
}
|
|
449
|
+
// Shield classified findings
|
|
450
|
+
for (const cf of shieldData.classifiedFindings) {
|
|
451
|
+
findings.push({
|
|
452
|
+
id: cf.finding.id,
|
|
453
|
+
title: cf.finding.title,
|
|
454
|
+
severity: cf.finding.severity,
|
|
455
|
+
source: 'shield',
|
|
456
|
+
detail: `${cf.count} occurrence(s)`,
|
|
457
|
+
remediation: cf.finding.remediation,
|
|
458
|
+
});
|
|
459
|
+
}
|
|
460
|
+
// Sort by severity
|
|
461
|
+
const sevOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
|
|
462
|
+
findings.sort((a, b) => (sevOrder[a.severity] ?? 4) - (sevOrder[b.severity] ?? 4));
|
|
463
|
+
return findings;
|
|
464
|
+
}
|
|
465
|
+
// --- Action Items ---
|
|
466
|
+
function generateActionItems(credData, guardData, shieldData, initData) {
|
|
467
|
+
const items = [];
|
|
468
|
+
let priority = 1;
|
|
469
|
+
if (credData.totalFindings > 0) {
|
|
470
|
+
items.push({
|
|
471
|
+
priority: priority++,
|
|
472
|
+
severity: 'critical',
|
|
473
|
+
description: `Migrate ${credData.totalFindings} hardcoded credential(s) to environment variables`,
|
|
474
|
+
command: 'opena2a protect',
|
|
475
|
+
tab: 'credentials',
|
|
476
|
+
});
|
|
477
|
+
}
|
|
478
|
+
if (guardData.signatureStatus === 'tampered') {
|
|
479
|
+
items.push({
|
|
480
|
+
priority: priority++,
|
|
481
|
+
severity: 'high',
|
|
482
|
+
description: `${guardData.tamperedFiles.length} config file(s) tampered since signing`,
|
|
483
|
+
command: 'opena2a guard diff && opena2a guard resign',
|
|
484
|
+
tab: 'integrity',
|
|
485
|
+
});
|
|
486
|
+
}
|
|
487
|
+
if (guardData.signatureStatus === 'unsigned') {
|
|
488
|
+
items.push({
|
|
489
|
+
priority: priority++,
|
|
490
|
+
severity: 'medium',
|
|
491
|
+
description: 'Sign config files for tamper detection',
|
|
492
|
+
command: 'opena2a guard sign',
|
|
493
|
+
tab: 'integrity',
|
|
494
|
+
});
|
|
495
|
+
}
|
|
496
|
+
if (!shieldData.policyLoaded) {
|
|
497
|
+
items.push({
|
|
498
|
+
priority: priority++,
|
|
499
|
+
severity: 'medium',
|
|
500
|
+
description: 'Initialize Shield security policy',
|
|
501
|
+
command: 'opena2a shield init',
|
|
502
|
+
tab: 'shield',
|
|
503
|
+
});
|
|
504
|
+
}
|
|
505
|
+
const gitignoreCheck = initData.hygieneChecks.find(c => c.label === '.env protection');
|
|
506
|
+
if (gitignoreCheck?.status === 'warn') {
|
|
507
|
+
items.push({
|
|
508
|
+
priority: priority++,
|
|
509
|
+
severity: 'high',
|
|
510
|
+
description: 'Add .env to .gitignore',
|
|
511
|
+
command: "echo '.env' >> .gitignore",
|
|
512
|
+
tab: 'hygiene',
|
|
513
|
+
});
|
|
514
|
+
}
|
|
515
|
+
// Sort by severity (critical > high > medium > low) then re-assign priority numbers
|
|
516
|
+
const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
517
|
+
items.sort((a, b) => (severityOrder[a.severity] ?? 4) - (severityOrder[b.severity] ?? 4));
|
|
518
|
+
items.forEach((item, i) => { item.priority = i + 1; });
|
|
519
|
+
return items.slice(0, 5);
|
|
520
|
+
}
|
|
521
|
+
// --- Helpers ---
|
|
522
|
+
function formatMs(ms) {
|
|
523
|
+
return `${(ms / 1000).toFixed(1)}s`;
|
|
524
|
+
}
|
|
525
|
+
function openInBrowser(filePath) {
|
|
526
|
+
const cmd = (0, node_os_1.platform)() === 'darwin' ? 'open'
|
|
527
|
+
: (0, node_os_1.platform)() === 'win32' ? 'start'
|
|
528
|
+
: 'xdg-open';
|
|
529
|
+
(0, node_child_process_1.exec)(`${cmd} "${filePath}"`);
|
|
530
|
+
}
|
|
531
|
+
function formatProjectType(project) {
|
|
532
|
+
const parts = [];
|
|
533
|
+
switch (project.type) {
|
|
534
|
+
case 'node':
|
|
535
|
+
parts.push('Node.js');
|
|
536
|
+
break;
|
|
537
|
+
case 'go':
|
|
538
|
+
parts.push('Go');
|
|
539
|
+
break;
|
|
540
|
+
case 'python':
|
|
541
|
+
parts.push('Python');
|
|
542
|
+
break;
|
|
543
|
+
default: parts.push('Unknown');
|
|
544
|
+
}
|
|
545
|
+
if (project.hasMcp)
|
|
546
|
+
parts.push('+ MCP server');
|
|
547
|
+
return parts.join(' ');
|
|
548
|
+
}
|
|
549
|
+
// --- Hygiene (reused from init logic) ---
|
|
550
|
+
function runHygieneChecks(dir, project, credCount) {
|
|
551
|
+
const checks = [];
|
|
552
|
+
if (credCount === 0) {
|
|
553
|
+
checks.push({ label: 'Credential scan', status: 'pass', detail: 'no findings' });
|
|
554
|
+
}
|
|
555
|
+
else {
|
|
556
|
+
checks.push({
|
|
557
|
+
label: 'Credential scan',
|
|
558
|
+
status: 'fail',
|
|
559
|
+
detail: `${credCount} finding${credCount === 1 ? '' : 's'}`,
|
|
560
|
+
});
|
|
561
|
+
}
|
|
562
|
+
const gitignorePath = path.join(dir, '.gitignore');
|
|
563
|
+
if (fs.existsSync(gitignorePath)) {
|
|
564
|
+
checks.push({ label: '.gitignore', status: 'pass', detail: 'present' });
|
|
565
|
+
const gitignoreContent = fs.readFileSync(gitignorePath, 'utf-8');
|
|
566
|
+
if (gitignoreContent.includes('.env')) {
|
|
567
|
+
checks.push({ label: '.env protection', status: 'pass', detail: 'in .gitignore' });
|
|
568
|
+
}
|
|
569
|
+
else {
|
|
570
|
+
checks.push({ label: '.env protection', status: 'warn', detail: 'NOT in .gitignore' });
|
|
571
|
+
}
|
|
572
|
+
}
|
|
573
|
+
else {
|
|
574
|
+
checks.push({ label: '.gitignore', status: 'warn', detail: 'missing' });
|
|
575
|
+
checks.push({ label: '.env protection', status: 'warn', detail: 'no .gitignore' });
|
|
576
|
+
}
|
|
577
|
+
const lockFiles = [
|
|
578
|
+
{ file: 'package-lock.json', label: 'package-lock.json' },
|
|
579
|
+
{ file: 'yarn.lock', label: 'yarn.lock' },
|
|
580
|
+
{ file: 'pnpm-lock.yaml', label: 'pnpm-lock.yaml' },
|
|
581
|
+
{ file: 'bun.lockb', label: 'bun.lockb' },
|
|
582
|
+
{ file: 'go.sum', label: 'go.sum' },
|
|
583
|
+
{ file: 'poetry.lock', label: 'poetry.lock' },
|
|
584
|
+
{ file: 'Pipfile.lock', label: 'Pipfile.lock' },
|
|
585
|
+
];
|
|
586
|
+
const foundLock = lockFiles.find(lf => fs.existsSync(path.join(dir, lf.file)));
|
|
587
|
+
if (foundLock) {
|
|
588
|
+
checks.push({ label: 'Lock file', status: 'pass', detail: foundLock.label });
|
|
589
|
+
}
|
|
590
|
+
else {
|
|
591
|
+
checks.push({ label: 'Lock file', status: 'warn', detail: 'none found' });
|
|
592
|
+
}
|
|
593
|
+
const securityConfigs = ['.opena2a.yaml', '.opena2a.json', '.opena2a/guard/signatures.json'];
|
|
594
|
+
const foundConfig = securityConfigs.find(sc => fs.existsSync(path.join(dir, sc)));
|
|
595
|
+
if (foundConfig) {
|
|
596
|
+
checks.push({ label: 'Security config', status: 'pass', detail: foundConfig });
|
|
597
|
+
}
|
|
598
|
+
else {
|
|
599
|
+
checks.push({ label: 'Security config', status: 'info', detail: 'none' });
|
|
600
|
+
}
|
|
601
|
+
if (project.hasMcp) {
|
|
602
|
+
checks.push({ label: 'MCP config', status: 'info', detail: 'found' });
|
|
603
|
+
}
|
|
604
|
+
return checks;
|
|
605
|
+
}
|
|
606
|
+
function calculateTrustScore(credsBySeverity, checks, dir) {
|
|
607
|
+
let score = 100;
|
|
608
|
+
// Credential penalties removed -- credentials have their own 22% dimension.
|
|
609
|
+
// Trust score is purely hygiene-based to avoid double-counting.
|
|
610
|
+
const gitignoreCheck = checks.find(c => c.label === '.gitignore');
|
|
611
|
+
if (gitignoreCheck?.status !== 'pass')
|
|
612
|
+
score -= 15;
|
|
613
|
+
const envCheck = checks.find(c => c.label === '.env protection');
|
|
614
|
+
if (envCheck?.status === 'warn')
|
|
615
|
+
score -= 10;
|
|
616
|
+
const lockCheck = checks.find(c => c.label === 'Lock file');
|
|
617
|
+
if (lockCheck?.status !== 'pass')
|
|
618
|
+
score -= 5;
|
|
619
|
+
const secConfig = checks.find(c => c.label === 'Security config');
|
|
620
|
+
if (secConfig?.status === 'pass')
|
|
621
|
+
score += 5;
|
|
622
|
+
score = Math.max(0, Math.min(100, score));
|
|
623
|
+
let grade;
|
|
624
|
+
if (score >= 90)
|
|
625
|
+
grade = 'A';
|
|
626
|
+
else if (score >= 80)
|
|
627
|
+
grade = 'B';
|
|
628
|
+
else if (score >= 70)
|
|
629
|
+
grade = 'C';
|
|
630
|
+
else if (score >= 60)
|
|
631
|
+
grade = 'D';
|
|
632
|
+
else
|
|
633
|
+
grade = 'F';
|
|
634
|
+
return { score, grade };
|
|
635
|
+
}
|
|
636
|
+
//# sourceMappingURL=review.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"review.js","sourceRoot":"","sources":["../../src/commands/review.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+HH,wBA+MC;AA5UD,4CAA8B;AAC9B,gDAAkC;AAClC,2DAA0C;AAC1C,qCAA2C;AAC3C,iDAA8E;AAC9E,iDAAkD;AAClD,2EAA2F;AAC3F,yDAA4E;AAC5E,mDAAsD;AACtD,mDAAiD;AACjD,uDAA+E;AAC/E,2DAAqE;AACrE,yCAAgF;AAChF,mDAAqD;AACrD,6DAA8D;AA6G9D,eAAe;AAER,KAAK,UAAU,MAAM,CAAC,OAAsB;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAEnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,wBAAwB,SAAS,IAAI,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC;IAE5C,SAAS,QAAQ,CAAC,IAAY,EAAE,KAAa;QAC3C,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,MAAM,IAAI,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,SAAS,YAAY,CAAC,IAAY,EAAE,KAAa,EAAE,MAAc;QAC/D,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAA,eAAG,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,OAAO,KAAK,IAAI,IAAA,eAAG,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,2BAA2B,CAAC,GAAG,MAAM,CAAC,CAAC;IACnE,CAAC;IAED,qBAAqB;IACrB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,QAAQ,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACtG,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,QAAQ,CAAC,UAAU;QAC1B,UAAU,EAAE,QAAQ;QACpB,MAAM,EAAE,SAAS,QAAQ,CAAC,UAAU,SAAS,QAAQ,CAAC,KAAK,GAAG;KAC/D,CAAC,CAAC;IACH,YAAY,CAAC,CAAC,EAAE,+BAA+B,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAErE,4DAA4D;IAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,QAAQ,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,kBAAkB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IAC1C,MAAM,SAAS,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;QAC9D,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAC5D,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,SAAS;QAChB,UAAU,EAAE,QAAQ;QACpB,MAAM,EAAE,cAAc,CAAC,aAAa,KAAK,CAAC;YACxC,CAAC,CAAC,0BAA0B;YAC5B,CAAC,CAAC,GAAG,cAAc,CAAC,aAAa,aAAa;KACjD,CAAC,CAAC;IACH,YAAY,CAAC,CAAC,EAAE,+BAA+B,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAErE,wBAAwB;IACxB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,QAAQ,CAAC,CAAC,EAAE,+BAA+B,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IAC1C,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,YAAY,GAAG,SAAS,CAAC,eAAe,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM;QACjE,CAAC,CAAC,SAAS,CAAC,eAAe,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAC/D,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,UAAU;QACjB,UAAU,EAAE,QAAQ;QACpB,MAAM,EAAE,SAAS,CAAC,eAAe,KAAK,OAAO;YAC3C,CAAC,CAAC,GAAG,SAAS,CAAC,cAAc,iBAAiB;YAC9C,CAAC,CAAC,SAAS,CAAC,eAAe,KAAK,UAAU;gBACxC,CAAC,CAAC,GAAG,SAAS,CAAC,aAAa,CAAC,MAAM,WAAW;gBAC9C,CAAC,CAAC,eAAe;KACtB,CAAC,CAAC;IACH,YAAY,CAAC,CAAC,EAAE,+BAA+B,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAErE,2BAA2B;IAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,QAAQ,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IAC1C,MAAM,YAAY,GAAG,UAAU,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM;QACzD,CAAC,CAAC,UAAU,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACpD,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,UAAU,CAAC,YAAY;QAC9B,UAAU,EAAE,QAAQ;QACpB,MAAM,EAAE,GAAG,UAAU,CAAC,UAAU,YAAY,UAAU,CAAC,kBAAkB,CAAC,MAAM,WAAW;KAC5F,CAAC,CAAC;IACH,YAAY,CAAC,CAAC,EAAE,+BAA+B,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAErE,+BAA+B;IAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,QAAQ,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAwB,IAAI,CAAC;IACxC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAChC,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IAC1C,IAAI,OAAO,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YAC5E,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,UAAU,EAAE,QAAQ;YACpB,MAAM,EAAE,UAAU,OAAO,CAAC,KAAK,MAAM;SACtC,CAAC,CAAC;QACH,YAAY,CAAC,CAAC,EAAE,+BAA+B,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,CAAC;YACR,UAAU,EAAE,QAAQ;YACpB,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,eAAe;SACnE,CAAC,CAAC;QACH,YAAY,CAAC,CAAC,EAAE,+BAA+B,EAAE,SAAS,CAAC,CAAC;IAC9D,CAAC;IAED,kBAAkB;IAClB,MAAM,YAAY,GAAG,OAAO,EAAE,SAAS,IAAI,KAAK,CAAC;IACjD,MAAM,cAAc,GAAG,qBAAqB,CAC1C,QAAQ,CAAC,UAAU,EACnB,SAAS,EACT,UAAU,EACV,UAAU,CAAC,YAAY,EACvB,YAAY,CAAC,CAAC,CAAC,OAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACjC,YAAY,CACb,CAAC;IACF,MAAM,KAAK,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;IAE3C,qBAAqB;IACrB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,cAAc,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IAE1E,eAAe;IACf,MAAM,WAAW,GAAG,mBAAmB,CAAC,cAAc,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAEzF,eAAe;IACf,MAAM,MAAM,GAAiB;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,SAAS;QACpB,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,MAAM;QACN,cAAc;QACd,KAAK;QACL,QAAQ;QACR,WAAW;QACX,QAAQ;QACR,cAAc;QACd,SAAS;QACT,UAAU;QACV,OAAO;KACR,CAAC;IAEF,kBAAkB;IAClB,MAAM,SAAS,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC9D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAkC,CAAC;QACjD,IAAI,GAAG,IAAI,SAAS;YAAE,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;IACzC,CAAC;IACD,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEtC,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,cAAc,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,gBAAgB;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,UAAU,GAAG,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,iBAAK;QAC7C,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,kBAAM,CAAC,CAAC,CAAC,eAAG,CAAC;IACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,YAAY,UAAU,CAAC,GAAG,cAAc,MAAM,CAAC,IAAI,IAAA,eAAG,EAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,GAAG,IAAA,eAAG,EAAC,GAAG,CAAC,EAAE;QAClG,MAAM,aAAa,cAAc,SAAS,CAAC,QAAQ,cAAc,SAAS,CAAC,IAAI,UAAU,SAAS,CAAC,MAAM,YAAY,CACtH,CAAC;IAEF,uBAAuB;IACvB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU;QACnC,IAAI,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,EAAE,kBAAkB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,IAAA,mCAAkB,EAAC,MAAM,CAAC,CAAC;IACxC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAE5C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,IAAA,eAAG,EAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAErD,YAAY;IACZ,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;IAC7D,IAAI,UAAU,EAAE,CAAC;QACf,aAAa,CAAC,UAAU,CAAC,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,IAAA,eAAG,EAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE7B,OAAO,cAAc,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,gCAAgC;AAEhC,KAAK,UAAU,YAAY,CAAC,SAAiB;IAC3C,MAAM,OAAO,GAAG,IAAA,yBAAa,EAAC,SAAS,CAAC,CAAC;IACzC,MAAM,iBAAiB,GAAG,IAAA,4CAAmB,EAAC,SAAS,CAAC,CAAC;IACzD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAClC,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC9E,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,mBAAmB,CAAC,eAAe,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAE7F,IAAI,aAAa,GAAkB,EAAE,UAAU,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACvG,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,IAAA,+BAAe,EAAC,SAAS,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,SAAS,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC1E,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;IAEnD,IAAI,YAAY,GAAG,EAAE,CAAC;IACtB,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,YAAY,CAAC,YAAY;QAAE,YAAY,IAAI,EAAE,CAAC;IAClD,IAAI,YAAY,CAAC,gBAAgB;QAAE,YAAY,IAAI,CAAC,CAAC;IACrD,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC;QAAE,YAAY,IAAI,EAAE,CAAC;IACvD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IAC9D,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,YAAY,IAAI,EAAE,CAAC;IAC9C,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;IAExD,MAAM,SAAS,GAAc,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU;QACzD,CAAC,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM;YAC5B,CAAC,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ;gBAC9B,CAAC,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;oBAC3B,CAAC,CAAC,QAAQ,CAAC;IAEb,MAAM,WAAW,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAE/C,OAAO;QACL,WAAW,EAAE,OAAO,CAAC,IAAI;QACzB,cAAc,EAAE,OAAO,CAAC,OAAO;QAC/B,WAAW;QACX,UAAU;QACV,KAAK;QACL,YAAY;QACZ,SAAS;QACT,cAAc;QACd,aAAa;QACb,aAAa,EAAE,MAAM;QACrB,aAAa,EAAE,aAAa,CAAC,UAAU,CAAC,MAAM;QAC9C,eAAe,EAAE,aAAa,CAAC,eAAe;KAC/C,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAiB,EAAE,QAAuB;IACpE,+DAA+D;IAC/D,MAAM,OAAO,GAAG,IAAA,4CAAmB,EAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3E,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1C,OAAO,EAAE,CAAC,CAAC,SAAS;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,OAAO;QACP,aAAa,EAAE,OAAO,CAAC,MAAM;QAC7B,UAAU;QACV,aAAa;QACb,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,SAAS,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,cAAc,EAAE,CAAC;YACjB,aAAa,EAAE,EAAE;YACjB,eAAe,EAAE,UAAU;SAC5B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,SAAiB;IACvC,IAAI,MAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,sBAAU,EAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,EAAmC,CAAC;IAC/C,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAA,4BAAc,EAAC,MAAM,CAAC,CAAC;IAElD,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAA,2BAAW,EAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,QAAQ,GAAG;YACT,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;YACvD,aAAa,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC;YACvD,YAAY,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,SAAS,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAE1E,2DAA2D;IAC3D,IAAI,YAAY,GAAG,EAAE,CAAC;IACtB,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,YAAY,CAAC,YAAY;QAAE,YAAY,IAAI,EAAE,CAAC;IAClD,IAAI,YAAY,CAAC,gBAAgB;QAAE,YAAY,IAAI,CAAC,CAAC;IACrD,wBAAwB;IACxB,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC3F,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACvF,YAAY,IAAI,SAAS,GAAG,EAAE,CAAC;IAC/B,YAAY,IAAI,SAAS,GAAG,CAAC,CAAC;IAC9B,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;IAExD,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,kBAAkB;QAClB,QAAQ;QACR,YAAY;QACZ,YAAY,EAAE,YAAY,CAAC,YAAY;QACvC,UAAU,EAAE,YAAY,CAAC,UAAU;QACnC,eAAe,EAAE,YAAY,CAAC,eAAe;KAC9C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QACvD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QACvD,CAAC;QAED,uEAAuE;QACvE,oEAAoE;QACpE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IACvD,CAAC;AACH,CAAC;AAED,kBAAkB;AAElB,SAAS,sBAAsB,CAAC,IAAyB;IACvD,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IACjD,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC7C,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAoB;IAC7C,IAAI,IAAI,CAAC,eAAe,KAAK,OAAO;QAAE,OAAO,GAAG,CAAC;IACjD,IAAI,IAAI,CAAC,eAAe,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IACnD,WAAW;IACX,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,CAAC;IAC/C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,qBAAqB,CAC5B,UAAkB,EAClB,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,QAAgB,EAChB,YAAqB;IAErB,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC,KAAK,CACf,UAAU,GAAG,IAAI;YACjB,SAAS,GAAG,IAAI;YAChB,UAAU,GAAG,IAAI;YACjB,WAAW,GAAG,IAAI;YAClB,QAAQ,GAAG,IAAI,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CACf,UAAU,GAAG,IAAI;QACjB,SAAS,GAAG,IAAI;QAChB,UAAU,GAAG,IAAI;QACjB,WAAW,GAAG,IAAI,CACnB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,+BAA+B;AAE/B,SAAS,iBAAiB,CACxB,QAA6B,EAC7B,UAA2B,EAC3B,SAAiB;IAEjB,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,sBAAsB;IACtB,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,CAAC,CAAC,SAAS;YACf,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,iBAAiB;YACzB,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE;YAC3D,WAAW,EAAE,iBAAiB;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,EAAE,IAAI,UAAU,CAAC,kBAAkB,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE;YACjB,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK;YACvB,QAAQ,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ;YAC7B,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,GAAG,EAAE,CAAC,KAAK,gBAAgB;YACnC,WAAW,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW;SACpC,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB;IACnB,MAAM,QAAQ,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC9F,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,uBAAuB;AAEvB,SAAS,mBAAmB,CAC1B,QAA6B,EAC7B,SAAyB,EACzB,UAA2B,EAC3B,QAAuB;IAEvB,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,IAAI,QAAQ,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,QAAQ,EAAE;YACpB,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,WAAW,QAAQ,CAAC,aAAa,mDAAmD;YACjG,OAAO,EAAE,iBAAiB;YAC1B,GAAG,EAAE,aAAa;SACnB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAS,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,QAAQ,EAAE;YACpB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,GAAG,SAAS,CAAC,aAAa,CAAC,MAAM,wCAAwC;YACtF,OAAO,EAAE,4CAA4C;YACrD,GAAG,EAAE,WAAW;SACjB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAS,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,QAAQ,EAAE;YACpB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,wCAAwC;YACrD,OAAO,EAAE,oBAAoB;YAC7B,GAAG,EAAE,WAAW;SACjB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,QAAQ,EAAE;YACpB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,mCAAmC;YAChD,OAAO,EAAE,qBAAqB;YAC9B,GAAG,EAAE,QAAQ;SACd,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IACvF,IAAI,cAAc,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,QAAQ,EAAE;YACpB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,wBAAwB;YACrC,OAAO,EAAE,2BAA2B;YACpC,GAAG,EAAE,SAAS;SACf,CAAC,CAAC;IACL,CAAC;IAED,oFAAoF;IACpF,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1F,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,kBAAkB;AAElB,SAAS,QAAQ,CAAC,EAAU;IAC1B,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AACtC,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,GAAG,GAAG,IAAA,kBAAQ,GAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM;QAC1C,CAAC,CAAC,IAAA,kBAAQ,GAAE,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO;YAClC,CAAC,CAAC,UAAU,CAAC;IACf,IAAA,yBAAI,EAAC,GAAG,GAAG,KAAK,QAAQ,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAyC;IAClE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,MAAM;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,MAAM;QAC1C,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAAC,MAAM;QACnC,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAAC,MAAM;QAC3C,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,2CAA2C;AAE3C,SAAS,gBAAgB,CACvB,GAAW,EACX,OAAyC,EACzC,SAAiB;IAEjB,MAAM,MAAM,GAAmB,EAAE,CAAC;IAElC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IACnF,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,iBAAiB;YACxB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,GAAG,SAAS,WAAW,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACxE,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,mBAAmB,EAAE;QACzD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE;QACzC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE;QACnD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE;QACzC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;QACnC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE;QAC7C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE;KAChD,CAAC;IACF,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC/E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,eAAe,GAAG,CAAC,eAAe,EAAE,eAAe,EAAE,gCAAgC,CAAC,CAAC;IAC7F,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACjF,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAC1B,eAAuC,EACvC,MAAsB,EACtB,GAAW;IAEX,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,4EAA4E;IAC5E,gEAAgE;IAEhE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC;IAClE,IAAI,cAAc,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,EAAE,CAAC;IAEnD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IACjE,IAAI,QAAQ,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,EAAE,CAAC;IAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC;IAC5D,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IAClE,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,CAAC,CAAC;IAE7C,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1C,IAAI,KAAa,CAAC;IAClB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SACxB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;;QAC7B,KAAK,GAAG,GAAG,CAAC;IAEjB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC"}
|