pompelmi 0.33.0 → 0.34.0

package/dist/pompelmi.cjs

@@ -267,32 +267,6 @@ function createPresetScanner(preset, opts = {}) {
     }
     return composeScanners(...scanners);
 }
-// Preset configurations
-const PRESET_CONFIGS = {
-    'basic': {
-        timeout: 10000
-    },
-    'advanced': {
-        timeout: 30000,
-        enableDecompilation: false
-    },
-    'malware-analysis': {
-        timeout: 60000,
-        enableDecompilation: true,
-        decompilationEngine: 'both',
-        decompilationDepth: 'deep'
-    },
-    'decompilation-basic': {
-        timeout: 30000,
-        enableDecompilation: true,
-        decompilationDepth: 'basic'
-    },
-    'decompilation-deep': {
-        timeout: 120000,
-        enableDecompilation: true,
-        decompilationDepth: 'deep'
-    }
-};
 
 /**
  * Performance monitoring utilities for pompelmi scans
@@ -870,1900 +844,6 @@ function validateFile(file) {
     return { valid: true };
 }
 
-var react = {exports: {}};
-
-var react_production = {};
-
-/**
- * @license React
- * react.production.js
- *
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-
-var hasRequiredReact_production;
-
-function requireReact_production () {
-	if (hasRequiredReact_production) return react_production;
-	hasRequiredReact_production = 1;
-	var REACT_ELEMENT_TYPE = Symbol.for("react.transitional.element"),
-	  REACT_PORTAL_TYPE = Symbol.for("react.portal"),
-	  REACT_FRAGMENT_TYPE = Symbol.for("react.fragment"),
-	  REACT_STRICT_MODE_TYPE = Symbol.for("react.strict_mode"),
-	  REACT_PROFILER_TYPE = Symbol.for("react.profiler"),
-	  REACT_CONSUMER_TYPE = Symbol.for("react.consumer"),
-	  REACT_CONTEXT_TYPE = Symbol.for("react.context"),
-	  REACT_FORWARD_REF_TYPE = Symbol.for("react.forward_ref"),
-	  REACT_SUSPENSE_TYPE = Symbol.for("react.suspense"),
-	  REACT_MEMO_TYPE = Symbol.for("react.memo"),
-	  REACT_LAZY_TYPE = Symbol.for("react.lazy"),
-	  REACT_ACTIVITY_TYPE = Symbol.for("react.activity"),
-	  MAYBE_ITERATOR_SYMBOL = Symbol.iterator;
-	function getIteratorFn(maybeIterable) {
-	  if (null === maybeIterable || "object" !== typeof maybeIterable) return null;
-	  maybeIterable =
-	    (MAYBE_ITERATOR_SYMBOL && maybeIterable[MAYBE_ITERATOR_SYMBOL]) ||
-	    maybeIterable["@@iterator"];
-	  return "function" === typeof maybeIterable ? maybeIterable : null;
-	}
-	var ReactNoopUpdateQueue = {
-	    isMounted: function () {
-	      return false;
-	    },
-	    enqueueForceUpdate: function () {},
-	    enqueueReplaceState: function () {},
-	    enqueueSetState: function () {}
-	  },
-	  assign = Object.assign,
-	  emptyObject = {};
-	function Component(props, context, updater) {
-	  this.props = props;
-	  this.context = context;
-	  this.refs = emptyObject;
-	  this.updater = updater || ReactNoopUpdateQueue;
-	}
-	Component.prototype.isReactComponent = {};
-	Component.prototype.setState = function (partialState, callback) {
-	  if (
-	    "object" !== typeof partialState &&
-	    "function" !== typeof partialState &&
-	    null != partialState
-	  )
-	    throw Error(
-	      "takes an object of state variables to update or a function which returns an object of state variables."
-	    );
-	  this.updater.enqueueSetState(this, partialState, callback, "setState");
-	};
-	Component.prototype.forceUpdate = function (callback) {
-	  this.updater.enqueueForceUpdate(this, callback, "forceUpdate");
-	};
-	function ComponentDummy() {}
-	ComponentDummy.prototype = Component.prototype;
-	function PureComponent(props, context, updater) {
-	  this.props = props;
-	  this.context = context;
-	  this.refs = emptyObject;
-	  this.updater = updater || ReactNoopUpdateQueue;
-	}
-	var pureComponentPrototype = (PureComponent.prototype = new ComponentDummy());
-	pureComponentPrototype.constructor = PureComponent;
-	assign(pureComponentPrototype, Component.prototype);
-	pureComponentPrototype.isPureReactComponent = true;
-	var isArrayImpl = Array.isArray;
-	function noop() {}
-	var ReactSharedInternals = { H: null, A: null, T: null, S: null },
-	  hasOwnProperty = Object.prototype.hasOwnProperty;
-	function ReactElement(type, key, props) {
-	  var refProp = props.ref;
-	  return {
-	    $$typeof: REACT_ELEMENT_TYPE,
-	    type: type,
-	    key: key,
-	    ref: void 0 !== refProp ? refProp : null,
-	    props: props
-	  };
-	}
-	function cloneAndReplaceKey(oldElement, newKey) {
-	  return ReactElement(oldElement.type, newKey, oldElement.props);
-	}
-	function isValidElement(object) {
-	  return (
-	    "object" === typeof object &&
-	    null !== object &&
-	    object.$$typeof === REACT_ELEMENT_TYPE
-	  );
-	}
-	function escape(key) {
-	  var escaperLookup = { "=": "=0", ":": "=2" };
-	  return (
-	    "$" +
-	    key.replace(/[=:]/g, function (match) {
-	      return escaperLookup[match];
-	    })
-	  );
-	}
-	var userProvidedKeyEscapeRegex = /\/+/g;
-	function getElementKey(element, index) {
-	  return "object" === typeof element && null !== element && null != element.key
-	    ? escape("" + element.key)
-	    : index.toString(36);
-	}
-	function resolveThenable(thenable) {
-	  switch (thenable.status) {
-	    case "fulfilled":
-	      return thenable.value;
-	    case "rejected":
-	      throw thenable.reason;
-	    default:
-	      switch (
-	        ("string" === typeof thenable.status
-	          ? thenable.then(noop, noop)
-	          : ((thenable.status = "pending"),
-	            thenable.then(
-	              function (fulfilledValue) {
-	                "pending" === thenable.status &&
-	                  ((thenable.status = "fulfilled"),
-	                  (thenable.value = fulfilledValue));
-	              },
-	              function (error) {
-	                "pending" === thenable.status &&
-	                  ((thenable.status = "rejected"), (thenable.reason = error));
-	              }
-	            )),
-	        thenable.status)
-	      ) {
-	        case "fulfilled":
-	          return thenable.value;
-	        case "rejected":
-	          throw thenable.reason;
-	      }
-	  }
-	  throw thenable;
-	}
-	function mapIntoArray(children, array, escapedPrefix, nameSoFar, callback) {
-	  var type = typeof children;
-	  if ("undefined" === type || "boolean" === type) children = null;
-	  var invokeCallback = false;
-	  if (null === children) invokeCallback = true;
-	  else
-	    switch (type) {
-	      case "bigint":
-	      case "string":
-	      case "number":
-	        invokeCallback = true;
-	        break;
-	      case "object":
-	        switch (children.$$typeof) {
-	          case REACT_ELEMENT_TYPE:
-	          case REACT_PORTAL_TYPE:
-	            invokeCallback = true;
-	            break;
-	          case REACT_LAZY_TYPE:
-	            return (
-	              (invokeCallback = children._init),
-	              mapIntoArray(
-	                invokeCallback(children._payload),
-	                array,
-	                escapedPrefix,
-	                nameSoFar,
-	                callback
-	              )
-	            );
-	        }
-	    }
-	  if (invokeCallback)
-	    return (
-	      (callback = callback(children)),
-	      (invokeCallback =
-	        "" === nameSoFar ? "." + getElementKey(children, 0) : nameSoFar),
-	      isArrayImpl(callback)
-	        ? ((escapedPrefix = ""),
-	          null != invokeCallback &&
-	            (escapedPrefix =
-	              invokeCallback.replace(userProvidedKeyEscapeRegex, "$&/") + "/"),
-	          mapIntoArray(callback, array, escapedPrefix, "", function (c) {
-	            return c;
-	          }))
-	        : null != callback &&
-	          (isValidElement(callback) &&
-	            (callback = cloneAndReplaceKey(
-	              callback,
-	              escapedPrefix +
-	                (null == callback.key ||
-	                (children && children.key === callback.key)
-	                  ? ""
-	                  : ("" + callback.key).replace(
-	                      userProvidedKeyEscapeRegex,
-	                      "$&/"
-	                    ) + "/") +
-	                invokeCallback
-	            )),
-	          array.push(callback)),
-	      1
-	    );
-	  invokeCallback = 0;
-	  var nextNamePrefix = "" === nameSoFar ? "." : nameSoFar + ":";
-	  if (isArrayImpl(children))
-	    for (var i = 0; i < children.length; i++)
-	      (nameSoFar = children[i]),
-	        (type = nextNamePrefix + getElementKey(nameSoFar, i)),
-	        (invokeCallback += mapIntoArray(
-	          nameSoFar,
-	          array,
-	          escapedPrefix,
-	          type,
-	          callback
-	        ));
-	  else if (((i = getIteratorFn(children)), "function" === typeof i))
-	    for (
-	      children = i.call(children), i = 0;
-	      !(nameSoFar = children.next()).done;
-
-	    )
-	      (nameSoFar = nameSoFar.value),
-	        (type = nextNamePrefix + getElementKey(nameSoFar, i++)),
-	        (invokeCallback += mapIntoArray(
-	          nameSoFar,
-	          array,
-	          escapedPrefix,
-	          type,
-	          callback
-	        ));
-	  else if ("object" === type) {
-	    if ("function" === typeof children.then)
-	      return mapIntoArray(
-	        resolveThenable(children),
-	        array,
-	        escapedPrefix,
-	        nameSoFar,
-	        callback
-	      );
-	    array = String(children);
-	    throw Error(
-	      "Objects are not valid as a React child (found: " +
-	        ("[object Object]" === array
-	          ? "object with keys {" + Object.keys(children).join(", ") + "}"
-	          : array) +
-	        "). If you meant to render a collection of children, use an array instead."
-	    );
-	  }
-	  return invokeCallback;
-	}
-	function mapChildren(children, func, context) {
-	  if (null == children) return children;
-	  var result = [],
-	    count = 0;
-	  mapIntoArray(children, result, "", "", function (child) {
-	    return func.call(context, child, count++);
-	  });
-	  return result;
-	}
-	function lazyInitializer(payload) {
-	  if (-1 === payload._status) {
-	    var ctor = payload._result;
-	    ctor = ctor();
-	    ctor.then(
-	      function (moduleObject) {
-	        if (0 === payload._status || -1 === payload._status)
-	          (payload._status = 1), (payload._result = moduleObject);
-	      },
-	      function (error) {
-	        if (0 === payload._status || -1 === payload._status)
-	          (payload._status = 2), (payload._result = error);
-	      }
-	    );
-	    -1 === payload._status && ((payload._status = 0), (payload._result = ctor));
-	  }
-	  if (1 === payload._status) return payload._result.default;
-	  throw payload._result;
-	}
-	var reportGlobalError =
-	    "function" === typeof reportError
-	      ? reportError
-	      : function (error) {
-	          if (
-	            "object" === typeof window &&
-	            "function" === typeof window.ErrorEvent
-	          ) {
-	            var event = new window.ErrorEvent("error", {
-	              bubbles: true,
-	              cancelable: true,
-	              message:
-	                "object" === typeof error &&
-	                null !== error &&
-	                "string" === typeof error.message
-	                  ? String(error.message)
-	                  : String(error),
-	              error: error
-	            });
-	            if (!window.dispatchEvent(event)) return;
-	          } else if (
-	            "object" === typeof process &&
-	            "function" === typeof process.emit
-	          ) {
-	            process.emit("uncaughtException", error);
-	            return;
-	          }
-	          console.error(error);
-	        },
-	  Children = {
-	    map: mapChildren,
-	    forEach: function (children, forEachFunc, forEachContext) {
-	      mapChildren(
-	        children,
-	        function () {
-	          forEachFunc.apply(this, arguments);
-	        },
-	        forEachContext
-	      );
-	    },
-	    count: function (children) {
-	      var n = 0;
-	      mapChildren(children, function () {
-	        n++;
-	      });
-	      return n;
-	    },
-	    toArray: function (children) {
-	      return (
-	        mapChildren(children, function (child) {
-	          return child;
-	        }) || []
-	      );
-	    },
-	    only: function (children) {
-	      if (!isValidElement(children))
-	        throw Error(
-	          "React.Children.only expected to receive a single React element child."
-	        );
-	      return children;
-	    }
-	  };
-	react_production.Activity = REACT_ACTIVITY_TYPE;
-	react_production.Children = Children;
-	react_production.Component = Component;
-	react_production.Fragment = REACT_FRAGMENT_TYPE;
-	react_production.Profiler = REACT_PROFILER_TYPE;
-	react_production.PureComponent = PureComponent;
-	react_production.StrictMode = REACT_STRICT_MODE_TYPE;
-	react_production.Suspense = REACT_SUSPENSE_TYPE;
-	react_production.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE =
-	  ReactSharedInternals;
-	react_production.__COMPILER_RUNTIME = {
-	  __proto__: null,
-	  c: function (size) {
-	    return ReactSharedInternals.H.useMemoCache(size);
-	  }
-	};
-	react_production.cache = function (fn) {
-	  return function () {
-	    return fn.apply(null, arguments);
-	  };
-	};
-	react_production.cacheSignal = function () {
-	  return null;
-	};
-	react_production.cloneElement = function (element, config, children) {
-	  if (null === element || void 0 === element)
-	    throw Error(
-	      "The argument must be a React element, but you passed " + element + "."
-	    );
-	  var props = assign({}, element.props),
-	    key = element.key;
-	  if (null != config)
-	    for (propName in (void 0 !== config.key && (key = "" + config.key), config))
-	      !hasOwnProperty.call(config, propName) ||
-	        "key" === propName ||
-	        "__self" === propName ||
-	        "__source" === propName ||
-	        ("ref" === propName && void 0 === config.ref) ||
-	        (props[propName] = config[propName]);
-	  var propName = arguments.length - 2;
-	  if (1 === propName) props.children = children;
-	  else if (1 < propName) {
-	    for (var childArray = Array(propName), i = 0; i < propName; i++)
-	      childArray[i] = arguments[i + 2];
-	    props.children = childArray;
-	  }
-	  return ReactElement(element.type, key, props);
-	};
-	react_production.createContext = function (defaultValue) {
-	  defaultValue = {
-	    $$typeof: REACT_CONTEXT_TYPE,
-	    _currentValue: defaultValue,
-	    _currentValue2: defaultValue,
-	    _threadCount: 0,
-	    Provider: null,
-	    Consumer: null
-	  };
-	  defaultValue.Provider = defaultValue;
-	  defaultValue.Consumer = {
-	    $$typeof: REACT_CONSUMER_TYPE,
-	    _context: defaultValue
-	  };
-	  return defaultValue;
-	};
-	react_production.createElement = function (type, config, children) {
-	  var propName,
-	    props = {},
-	    key = null;
-	  if (null != config)
-	    for (propName in (void 0 !== config.key && (key = "" + config.key), config))
-	      hasOwnProperty.call(config, propName) &&
-	        "key" !== propName &&
-	        "__self" !== propName &&
-	        "__source" !== propName &&
-	        (props[propName] = config[propName]);
-	  var childrenLength = arguments.length - 2;
-	  if (1 === childrenLength) props.children = children;
-	  else if (1 < childrenLength) {
-	    for (var childArray = Array(childrenLength), i = 0; i < childrenLength; i++)
-	      childArray[i] = arguments[i + 2];
-	    props.children = childArray;
-	  }
-	  if (type && type.defaultProps)
-	    for (propName in ((childrenLength = type.defaultProps), childrenLength))
-	      void 0 === props[propName] &&
-	        (props[propName] = childrenLength[propName]);
-	  return ReactElement(type, key, props);
-	};
-	react_production.createRef = function () {
-	  return { current: null };
-	};
-	react_production.forwardRef = function (render) {
-	  return { $$typeof: REACT_FORWARD_REF_TYPE, render: render };
-	};
-	react_production.isValidElement = isValidElement;
-	react_production.lazy = function (ctor) {
-	  return {
-	    $$typeof: REACT_LAZY_TYPE,
-	    _payload: { _status: -1, _result: ctor },
-	    _init: lazyInitializer
-	  };
-	};
-	react_production.memo = function (type, compare) {
-	  return {
-	    $$typeof: REACT_MEMO_TYPE,
-	    type: type,
-	    compare: void 0 === compare ? null : compare
-	  };
-	};
-	react_production.startTransition = function (scope) {
-	  var prevTransition = ReactSharedInternals.T,
-	    currentTransition = {};
-	  ReactSharedInternals.T = currentTransition;
-	  try {
-	    var returnValue = scope(),
-	      onStartTransitionFinish = ReactSharedInternals.S;
-	    null !== onStartTransitionFinish &&
-	      onStartTransitionFinish(currentTransition, returnValue);
-	    "object" === typeof returnValue &&
-	      null !== returnValue &&
-	      "function" === typeof returnValue.then &&
-	      returnValue.then(noop, reportGlobalError);
-	  } catch (error) {
-	    reportGlobalError(error);
-	  } finally {
-	    null !== prevTransition &&
-	      null !== currentTransition.types &&
-	      (prevTransition.types = currentTransition.types),
-	      (ReactSharedInternals.T = prevTransition);
-	  }
-	};
-	react_production.unstable_useCacheRefresh = function () {
-	  return ReactSharedInternals.H.useCacheRefresh();
-	};
-	react_production.use = function (usable) {
-	  return ReactSharedInternals.H.use(usable);
-	};
-	react_production.useActionState = function (action, initialState, permalink) {
-	  return ReactSharedInternals.H.useActionState(action, initialState, permalink);
-	};
-	react_production.useCallback = function (callback, deps) {
-	  return ReactSharedInternals.H.useCallback(callback, deps);
-	};
-	react_production.useContext = function (Context) {
-	  return ReactSharedInternals.H.useContext(Context);
-	};
-	react_production.useDebugValue = function () {};
-	react_production.useDeferredValue = function (value, initialValue) {
-	  return ReactSharedInternals.H.useDeferredValue(value, initialValue);
-	};
-	react_production.useEffect = function (create, deps) {
-	  return ReactSharedInternals.H.useEffect(create, deps);
-	};
-	react_production.useEffectEvent = function (callback) {
-	  return ReactSharedInternals.H.useEffectEvent(callback);
-	};
-	react_production.useId = function () {
-	  return ReactSharedInternals.H.useId();
-	};
-	react_production.useImperativeHandle = function (ref, create, deps) {
-	  return ReactSharedInternals.H.useImperativeHandle(ref, create, deps);
-	};
-	react_production.useInsertionEffect = function (create, deps) {
-	  return ReactSharedInternals.H.useInsertionEffect(create, deps);
-	};
-	react_production.useLayoutEffect = function (create, deps) {
-	  return ReactSharedInternals.H.useLayoutEffect(create, deps);
-	};
-	react_production.useMemo = function (create, deps) {
-	  return ReactSharedInternals.H.useMemo(create, deps);
-	};
-	react_production.useOptimistic = function (passthrough, reducer) {
-	  return ReactSharedInternals.H.useOptimistic(passthrough, reducer);
-	};
-	react_production.useReducer = function (reducer, initialArg, init) {
-	  return ReactSharedInternals.H.useReducer(reducer, initialArg, init);
-	};
-	react_production.useRef = function (initialValue) {
-	  return ReactSharedInternals.H.useRef(initialValue);
-	};
-	react_production.useState = function (initialState) {
-	  return ReactSharedInternals.H.useState(initialState);
-	};
-	react_production.useSyncExternalStore = function (
-	  subscribe,
-	  getSnapshot,
-	  getServerSnapshot
-	) {
-	  return ReactSharedInternals.H.useSyncExternalStore(
-	    subscribe,
-	    getSnapshot,
-	    getServerSnapshot
-	  );
-	};
-	react_production.useTransition = function () {
-	  return ReactSharedInternals.H.useTransition();
-	};
-	react_production.version = "19.2.0";
-	return react_production;
-}
-
-var react_development = {exports: {}};
-
-/**
- * @license React
- * react.development.js
- *
- * Copyright (c) Meta Platforms, Inc. and affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-react_development.exports;
-
-var hasRequiredReact_development;
-
-function requireReact_development () {
-	if (hasRequiredReact_development) return react_development.exports;
-	hasRequiredReact_development = 1;
-	(function (module, exports) {
-		"production" !== process.env.NODE_ENV &&
-		  (function () {
-		    function defineDeprecationWarning(methodName, info) {
-		      Object.defineProperty(Component.prototype, methodName, {
-		        get: function () {
-		          console.warn(
-		            "%s(...) is deprecated in plain JavaScript React classes. %s",
-		            info[0],
-		            info[1]
-		          );
-		        }
-		      });
-		    }
-		    function getIteratorFn(maybeIterable) {
-		      if (null === maybeIterable || "object" !== typeof maybeIterable)
-		        return null;
-		      maybeIterable =
-		        (MAYBE_ITERATOR_SYMBOL && maybeIterable[MAYBE_ITERATOR_SYMBOL]) ||
-		        maybeIterable["@@iterator"];
-		      return "function" === typeof maybeIterable ? maybeIterable : null;
-		    }
-		    function warnNoop(publicInstance, callerName) {
-		      publicInstance =
-		        ((publicInstance = publicInstance.constructor) &&
-		          (publicInstance.displayName || publicInstance.name)) ||
-		        "ReactClass";
-		      var warningKey = publicInstance + "." + callerName;
-		      didWarnStateUpdateForUnmountedComponent[warningKey] ||
-		        (console.error(
-		          "Can't call %s on a component that is not yet mounted. This is a no-op, but it might indicate a bug in your application. Instead, assign to `this.state` directly or define a `state = {};` class property with the desired state in the %s component.",
-		          callerName,
-		          publicInstance
-		        ),
-		        (didWarnStateUpdateForUnmountedComponent[warningKey] = true));
-		    }
-		    function Component(props, context, updater) {
-		      this.props = props;
-		      this.context = context;
-		      this.refs = emptyObject;
-		      this.updater = updater || ReactNoopUpdateQueue;
-		    }
-		    function ComponentDummy() {}
-		    function PureComponent(props, context, updater) {
-		      this.props = props;
-		      this.context = context;
-		      this.refs = emptyObject;
-		      this.updater = updater || ReactNoopUpdateQueue;
-		    }
-		    function noop() {}
-		    function testStringCoercion(value) {
-		      return "" + value;
-		    }
-		    function checkKeyStringCoercion(value) {
-		      try {
-		        testStringCoercion(value);
-		        var JSCompiler_inline_result = !1;
-		      } catch (e) {
-		        JSCompiler_inline_result = true;
-		      }
-		      if (JSCompiler_inline_result) {
-		        JSCompiler_inline_result = console;
-		        var JSCompiler_temp_const = JSCompiler_inline_result.error;
-		        var JSCompiler_inline_result$jscomp$0 =
-		          ("function" === typeof Symbol &&
-		            Symbol.toStringTag &&
-		            value[Symbol.toStringTag]) ||
-		          value.constructor.name ||
-		          "Object";
-		        JSCompiler_temp_const.call(
-		          JSCompiler_inline_result,
-		          "The provided key is an unsupported type %s. This value must be coerced to a string before using it here.",
-		          JSCompiler_inline_result$jscomp$0
-		        );
-		        return testStringCoercion(value);
-		      }
-		    }
-		    function getComponentNameFromType(type) {
-		      if (null == type) return null;
-		      if ("function" === typeof type)
-		        return type.$$typeof === REACT_CLIENT_REFERENCE
-		          ? null
-		          : type.displayName || type.name || null;
-		      if ("string" === typeof type) return type;
-		      switch (type) {
-		        case REACT_FRAGMENT_TYPE:
-		          return "Fragment";
-		        case REACT_PROFILER_TYPE:
-		          return "Profiler";
-		        case REACT_STRICT_MODE_TYPE:
-		          return "StrictMode";
-		        case REACT_SUSPENSE_TYPE:
-		          return "Suspense";
-		        case REACT_SUSPENSE_LIST_TYPE:
-		          return "SuspenseList";
-		        case REACT_ACTIVITY_TYPE:
-		          return "Activity";
-		      }
-		      if ("object" === typeof type)
-		        switch (
-		          ("number" === typeof type.tag &&
-		            console.error(
-		              "Received an unexpected object in getComponentNameFromType(). This is likely a bug in React. Please file an issue."
-		            ),
-		          type.$$typeof)
-		        ) {
-		          case REACT_PORTAL_TYPE:
-		            return "Portal";
-		          case REACT_CONTEXT_TYPE:
-		            return type.displayName || "Context";
-		          case REACT_CONSUMER_TYPE:
-		            return (type._context.displayName || "Context") + ".Consumer";
-		          case REACT_FORWARD_REF_TYPE:
-		            var innerType = type.render;
-		            type = type.displayName;
-		            type ||
-		              ((type = innerType.displayName || innerType.name || ""),
-		              (type = "" !== type ? "ForwardRef(" + type + ")" : "ForwardRef"));
-		            return type;
-		          case REACT_MEMO_TYPE:
-		            return (
-		              (innerType = type.displayName || null),
-		              null !== innerType
-		                ? innerType
-		                : getComponentNameFromType(type.type) || "Memo"
-		            );
-		          case REACT_LAZY_TYPE:
-		            innerType = type._payload;
-		            type = type._init;
-		            try {
-		              return getComponentNameFromType(type(innerType));
-		            } catch (x) {}
-		        }
-		      return null;
-		    }
-		    function getTaskName(type) {
-		      if (type === REACT_FRAGMENT_TYPE) return "<>";
-		      if (
-		        "object" === typeof type &&
-		        null !== type &&
-		        type.$$typeof === REACT_LAZY_TYPE
-		      )
-		        return "<...>";
-		      try {
-		        var name = getComponentNameFromType(type);
-		        return name ? "<" + name + ">" : "<...>";
-		      } catch (x) {
-		        return "<...>";
-		      }
-		    }
-		    function getOwner() {
-		      var dispatcher = ReactSharedInternals.A;
-		      return null === dispatcher ? null : dispatcher.getOwner();
-		    }
-		    function UnknownOwner() {
-		      return Error("react-stack-top-frame");
-		    }
-		    function hasValidKey(config) {
-		      if (hasOwnProperty.call(config, "key")) {
-		        var getter = Object.getOwnPropertyDescriptor(config, "key").get;
-		        if (getter && getter.isReactWarning) return false;
-		      }
-		      return void 0 !== config.key;
-		    }
-		    function defineKeyPropWarningGetter(props, displayName) {
-		      function warnAboutAccessingKey() {
-		        specialPropKeyWarningShown ||
-		          ((specialPropKeyWarningShown = true),
-		          console.error(
-		            "%s: `key` is not a prop. Trying to access it will result in `undefined` being returned. If you need to access the same value within the child component, you should pass it as a different prop. (https://react.dev/link/special-props)",
-		            displayName
-		          ));
-		      }
-		      warnAboutAccessingKey.isReactWarning = true;
-		      Object.defineProperty(props, "key", {
-		        get: warnAboutAccessingKey,
-		        configurable: true
-		      });
-		    }
-		    function elementRefGetterWithDeprecationWarning() {
-		      var componentName = getComponentNameFromType(this.type);
-		      didWarnAboutElementRef[componentName] ||
-		        ((didWarnAboutElementRef[componentName] = true),
-		        console.error(
-		          "Accessing element.ref was removed in React 19. ref is now a regular prop. It will be removed from the JSX Element type in a future release."
-		        ));
-		      componentName = this.props.ref;
-		      return void 0 !== componentName ? componentName : null;
-		    }
-		    function ReactElement(type, key, props, owner, debugStack, debugTask) {
-		      var refProp = props.ref;
-		      type = {
-		        $$typeof: REACT_ELEMENT_TYPE,
-		        type: type,
-		        key: key,
-		        props: props,
-		        _owner: owner
-		      };
-		      null !== (void 0 !== refProp ? refProp : null)
-		        ? Object.defineProperty(type, "ref", {
-		            enumerable: false,
-		            get: elementRefGetterWithDeprecationWarning
-		          })
-		        : Object.defineProperty(type, "ref", { enumerable: false, value: null });
-		      type._store = {};
-		      Object.defineProperty(type._store, "validated", {
-		        configurable: false,
-		        enumerable: false,
-		        writable: true,
-		        value: 0
-		      });
-		      Object.defineProperty(type, "_debugInfo", {
-		        configurable: false,
-		        enumerable: false,
-		        writable: true,
-		        value: null
-		      });
-		      Object.defineProperty(type, "_debugStack", {
-		        configurable: false,
-		        enumerable: false,
-		        writable: true,
-		        value: debugStack
-		      });
-		      Object.defineProperty(type, "_debugTask", {
-		        configurable: false,
-		        enumerable: false,
-		        writable: true,
-		        value: debugTask
-		      });
-		      Object.freeze && (Object.freeze(type.props), Object.freeze(type));
-		      return type;
-		    }
-		    function cloneAndReplaceKey(oldElement, newKey) {
-		      newKey = ReactElement(
-		        oldElement.type,
-		        newKey,
-		        oldElement.props,
-		        oldElement._owner,
-		        oldElement._debugStack,
-		        oldElement._debugTask
-		      );
-		      oldElement._store &&
-		        (newKey._store.validated = oldElement._store.validated);
-		      return newKey;
-		    }
-		    function validateChildKeys(node) {
-		      isValidElement(node)
-		        ? node._store && (node._store.validated = 1)
-		        : "object" === typeof node &&
-		          null !== node &&
-		          node.$$typeof === REACT_LAZY_TYPE &&
-		          ("fulfilled" === node._payload.status
-		            ? isValidElement(node._payload.value) &&
-		              node._payload.value._store &&
-		              (node._payload.value._store.validated = 1)
-		            : node._store && (node._store.validated = 1));
-		    }
-		    function isValidElement(object) {
-		      return (
-		        "object" === typeof object &&
-		        null !== object &&
-		        object.$$typeof === REACT_ELEMENT_TYPE
-		      );
-		    }
-		    function escape(key) {
-		      var escaperLookup = { "=": "=0", ":": "=2" };
-		      return (
-		        "$" +
-		        key.replace(/[=:]/g, function (match) {
-		          return escaperLookup[match];
-		        })
-		      );
-		    }
-		    function getElementKey(element, index) {
-		      return "object" === typeof element &&
-		        null !== element &&
-		        null != element.key
-		        ? (checkKeyStringCoercion(element.key), escape("" + element.key))
-		        : index.toString(36);
-		    }
-		    function resolveThenable(thenable) {
-		      switch (thenable.status) {
-		        case "fulfilled":
-		          return thenable.value;
-		        case "rejected":
-		          throw thenable.reason;
-		        default:
-		          switch (
-		            ("string" === typeof thenable.status
-		              ? thenable.then(noop, noop)
-		              : ((thenable.status = "pending"),
-		                thenable.then(
-		                  function (fulfilledValue) {
-		                    "pending" === thenable.status &&
-		                      ((thenable.status = "fulfilled"),
-		                      (thenable.value = fulfilledValue));
-		                  },
-		                  function (error) {
-		                    "pending" === thenable.status &&
-		                      ((thenable.status = "rejected"),
-		                      (thenable.reason = error));
-		                  }
-		                )),
-		            thenable.status)
-		          ) {
-		            case "fulfilled":
-		              return thenable.value;
-		            case "rejected":
-		              throw thenable.reason;
-		          }
-		      }
-		      throw thenable;
-		    }
-		    function mapIntoArray(children, array, escapedPrefix, nameSoFar, callback) {
-		      var type = typeof children;
-		      if ("undefined" === type || "boolean" === type) children = null;
-		      var invokeCallback = false;
-		      if (null === children) invokeCallback = true;
-		      else
-		        switch (type) {
-		          case "bigint":
-		          case "string":
-		          case "number":
-		            invokeCallback = true;
-		            break;
-		          case "object":
-		            switch (children.$$typeof) {
-		              case REACT_ELEMENT_TYPE:
-		              case REACT_PORTAL_TYPE:
-		                invokeCallback = true;
-		                break;
-		              case REACT_LAZY_TYPE:
-		                return (
-		                  (invokeCallback = children._init),
-		                  mapIntoArray(
-		                    invokeCallback(children._payload),
-		                    array,
-		                    escapedPrefix,
-		                    nameSoFar,
-		                    callback
-		                  )
-		                );
-		            }
-		        }
-		      if (invokeCallback) {
-		        invokeCallback = children;
-		        callback = callback(invokeCallback);
-		        var childKey =
-		          "" === nameSoFar ? "." + getElementKey(invokeCallback, 0) : nameSoFar;
-		        isArrayImpl(callback)
-		          ? ((escapedPrefix = ""),
-		            null != childKey &&
-		              (escapedPrefix =
-		                childKey.replace(userProvidedKeyEscapeRegex, "$&/") + "/"),
-		            mapIntoArray(callback, array, escapedPrefix, "", function (c) {
-		              return c;
-		            }))
-		          : null != callback &&
-		            (isValidElement(callback) &&
-		              (null != callback.key &&
-		                ((invokeCallback && invokeCallback.key === callback.key) ||
-		                  checkKeyStringCoercion(callback.key)),
-		              (escapedPrefix = cloneAndReplaceKey(
-		                callback,
-		                escapedPrefix +
-		                  (null == callback.key ||
-		                  (invokeCallback && invokeCallback.key === callback.key)
-		                    ? ""
-		                    : ("" + callback.key).replace(
-		                        userProvidedKeyEscapeRegex,
-		                        "$&/"
-		                      ) + "/") +
-		                  childKey
-		              )),
-		              "" !== nameSoFar &&
-		                null != invokeCallback &&
-		                isValidElement(invokeCallback) &&
-		                null == invokeCallback.key &&
-		                invokeCallback._store &&
-		                !invokeCallback._store.validated &&
-		                (escapedPrefix._store.validated = 2),
-		              (callback = escapedPrefix)),
-		            array.push(callback));
-		        return 1;
-		      }
-		      invokeCallback = 0;
-		      childKey = "" === nameSoFar ? "." : nameSoFar + ":";
-		      if (isArrayImpl(children))
-		        for (var i = 0; i < children.length; i++)
-		          (nameSoFar = children[i]),
-		            (type = childKey + getElementKey(nameSoFar, i)),
-		            (invokeCallback += mapIntoArray(
-		              nameSoFar,
-		              array,
-		              escapedPrefix,
-		              type,
-		              callback
-		            ));
-		      else if (((i = getIteratorFn(children)), "function" === typeof i))
-		        for (
-		          i === children.entries &&
-		            (didWarnAboutMaps ||
-		              console.warn(
-		                "Using Maps as children is not supported. Use an array of keyed ReactElements instead."
-		              ),
-		            (didWarnAboutMaps = true)),
-		            children = i.call(children),
-		            i = 0;
-		          !(nameSoFar = children.next()).done;
-
-		        )
-		          (nameSoFar = nameSoFar.value),
-		            (type = childKey + getElementKey(nameSoFar, i++)),
-		            (invokeCallback += mapIntoArray(
-		              nameSoFar,
-		              array,
-		              escapedPrefix,
-		              type,
-		              callback
-		            ));
-		      else if ("object" === type) {
-		        if ("function" === typeof children.then)
-		          return mapIntoArray(
-		            resolveThenable(children),
-		            array,
-		            escapedPrefix,
-		            nameSoFar,
-		            callback
-		          );
-		        array = String(children);
-		        throw Error(
-		          "Objects are not valid as a React child (found: " +
-		            ("[object Object]" === array
-		              ? "object with keys {" + Object.keys(children).join(", ") + "}"
-		              : array) +
-		            "). If you meant to render a collection of children, use an array instead."
-		        );
-		      }
-		      return invokeCallback;
-		    }
-		    function mapChildren(children, func, context) {
-		      if (null == children) return children;
-		      var result = [],
-		        count = 0;
-		      mapIntoArray(children, result, "", "", function (child) {
-		        return func.call(context, child, count++);
-		      });
-		      return result;
-		    }
-		    function lazyInitializer(payload) {
-		      if (-1 === payload._status) {
-		        var ioInfo = payload._ioInfo;
-		        null != ioInfo && (ioInfo.start = ioInfo.end = performance.now());
-		        ioInfo = payload._result;
-		        var thenable = ioInfo();
-		        thenable.then(
-		          function (moduleObject) {
-		            if (0 === payload._status || -1 === payload._status) {
-		              payload._status = 1;
-		              payload._result = moduleObject;
-		              var _ioInfo = payload._ioInfo;
-		              null != _ioInfo && (_ioInfo.end = performance.now());
-		              void 0 === thenable.status &&
-		                ((thenable.status = "fulfilled"),
-		                (thenable.value = moduleObject));
-		            }
-		          },
-		          function (error) {
-		            if (0 === payload._status || -1 === payload._status) {
-		              payload._status = 2;
-		              payload._result = error;
-		              var _ioInfo2 = payload._ioInfo;
-		              null != _ioInfo2 && (_ioInfo2.end = performance.now());
-		              void 0 === thenable.status &&
-		                ((thenable.status = "rejected"), (thenable.reason = error));
-		            }
-		          }
-		        );
-		        ioInfo = payload._ioInfo;
-		        if (null != ioInfo) {
-		          ioInfo.value = thenable;
-		          var displayName = thenable.displayName;
-		          "string" === typeof displayName && (ioInfo.name = displayName);
-		        }
-		        -1 === payload._status &&
-		          ((payload._status = 0), (payload._result = thenable));
-		      }
-		      if (1 === payload._status)
-		        return (
-		          (ioInfo = payload._result),
-		          void 0 === ioInfo &&
-		            console.error(
-		              "lazy: Expected the result of a dynamic import() call. Instead received: %s\n\nYour code should look like: \n  const MyComponent = lazy(() => import('./MyComponent'))\n\nDid you accidentally put curly braces around the import?",
-		              ioInfo
-		            ),
-		          "default" in ioInfo ||
-		            console.error(
-		              "lazy: Expected the result of a dynamic import() call. Instead received: %s\n\nYour code should look like: \n  const MyComponent = lazy(() => import('./MyComponent'))",
-		              ioInfo
-		            ),
-		          ioInfo.default
-		        );
-		      throw payload._result;
-		    }
-		    function resolveDispatcher() {
-		      var dispatcher = ReactSharedInternals.H;
-		      null === dispatcher &&
-		        console.error(
-		          "Invalid hook call. Hooks can only be called inside of the body of a function component. This could happen for one of the following reasons:\n1. You might have mismatching versions of React and the renderer (such as React DOM)\n2. You might be breaking the Rules of Hooks\n3. You might have more than one copy of React in the same app\nSee https://react.dev/link/invalid-hook-call for tips about how to debug and fix this problem."
-		        );
-		      return dispatcher;
-		    }
-		    function releaseAsyncTransition() {
-		      ReactSharedInternals.asyncTransitions--;
-		    }
-		    function enqueueTask(task) {
-		      if (null === enqueueTaskImpl)
-		        try {
-		          var requireString = ("require" + Math.random()).slice(0, 7);
-		          enqueueTaskImpl = (module && module[requireString]).call(
-		            module,
-		            "timers"
-		          ).setImmediate;
-		        } catch (_err) {
-		          enqueueTaskImpl = function (callback) {
-		            false === didWarnAboutMessageChannel &&
-		              ((didWarnAboutMessageChannel = true),
-		              "undefined" === typeof MessageChannel &&
-		                console.error(
-		                  "This browser does not have a MessageChannel implementation, so enqueuing tasks via await act(async () => ...) will fail. Please file an issue at https://github.com/facebook/react/issues if you encounter this warning."
-		                ));
-		            var channel = new MessageChannel();
-		            channel.port1.onmessage = callback;
-		            channel.port2.postMessage(void 0);
-		          };
-		        }
-		      return enqueueTaskImpl(task);
-		    }
-		    function aggregateErrors(errors) {
-		      return 1 < errors.length && "function" === typeof AggregateError
-		        ? new AggregateError(errors)
-		        : errors[0];
-		    }
-		    function popActScope(prevActQueue, prevActScopeDepth) {
-		      prevActScopeDepth !== actScopeDepth - 1 &&
-		        console.error(
-		          "You seem to have overlapping act() calls, this is not supported. Be sure to await previous act() calls before making a new one. "
-		        );
-		      actScopeDepth = prevActScopeDepth;
-		    }
-		    function recursivelyFlushAsyncActWork(returnValue, resolve, reject) {
-		      var queue = ReactSharedInternals.actQueue;
-		      if (null !== queue)
-		        if (0 !== queue.length)
-		          try {
-		            flushActQueue(queue);
-		            enqueueTask(function () {
-		              return recursivelyFlushAsyncActWork(returnValue, resolve, reject);
-		            });
-		            return;
-		          } catch (error) {
-		            ReactSharedInternals.thrownErrors.push(error);
-		          }
-		        else ReactSharedInternals.actQueue = null;
-		      0 < ReactSharedInternals.thrownErrors.length
-		        ? ((queue = aggregateErrors(ReactSharedInternals.thrownErrors)),
-		          (ReactSharedInternals.thrownErrors.length = 0),
-		          reject(queue))
-		        : resolve(returnValue);
-		    }
-		    function flushActQueue(queue) {
-		      if (!isFlushing) {
-		        isFlushing = true;
-		        var i = 0;
-		        try {
-		          for (; i < queue.length; i++) {
-		            var callback = queue[i];
-		            do {
-		              ReactSharedInternals.didUsePromise = !1;
-		              var continuation = callback(!1);
-		              if (null !== continuation) {
-		                if (ReactSharedInternals.didUsePromise) {
-		                  queue[i] = callback;
-		                  queue.splice(0, i);
-		                  return;
-		                }
-		                callback = continuation;
-		              } else break;
-		            } while (1);
-		          }
-		          queue.length = 0;
-		        } catch (error) {
-		          queue.splice(0, i + 1), ReactSharedInternals.thrownErrors.push(error);
-		        } finally {
-		          isFlushing = false;
-		        }
-		      }
-		    }
-		    "undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ &&
-		      "function" ===
-		        typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStart &&
-		      __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStart(Error());
-		    var REACT_ELEMENT_TYPE = Symbol.for("react.transitional.element"),
-		      REACT_PORTAL_TYPE = Symbol.for("react.portal"),
-		      REACT_FRAGMENT_TYPE = Symbol.for("react.fragment"),
-		      REACT_STRICT_MODE_TYPE = Symbol.for("react.strict_mode"),
-		      REACT_PROFILER_TYPE = Symbol.for("react.profiler"),
-		      REACT_CONSUMER_TYPE = Symbol.for("react.consumer"),
-		      REACT_CONTEXT_TYPE = Symbol.for("react.context"),
-		      REACT_FORWARD_REF_TYPE = Symbol.for("react.forward_ref"),
-		      REACT_SUSPENSE_TYPE = Symbol.for("react.suspense"),
-		      REACT_SUSPENSE_LIST_TYPE = Symbol.for("react.suspense_list"),
-		      REACT_MEMO_TYPE = Symbol.for("react.memo"),
-		      REACT_LAZY_TYPE = Symbol.for("react.lazy"),
-		      REACT_ACTIVITY_TYPE = Symbol.for("react.activity"),
-		      MAYBE_ITERATOR_SYMBOL = Symbol.iterator,
-		      didWarnStateUpdateForUnmountedComponent = {},
-		      ReactNoopUpdateQueue = {
-		        isMounted: function () {
-		          return false;
-		        },
-		        enqueueForceUpdate: function (publicInstance) {
-		          warnNoop(publicInstance, "forceUpdate");
-		        },
-		        enqueueReplaceState: function (publicInstance) {
-		          warnNoop(publicInstance, "replaceState");
-		        },
-		        enqueueSetState: function (publicInstance) {
-		          warnNoop(publicInstance, "setState");
-		        }
-		      },
-		      assign = Object.assign,
-		      emptyObject = {};
-		    Object.freeze(emptyObject);
-		    Component.prototype.isReactComponent = {};
-		    Component.prototype.setState = function (partialState, callback) {
-		      if (
-		        "object" !== typeof partialState &&
-		        "function" !== typeof partialState &&
-		        null != partialState
-		      )
-		        throw Error(
-		          "takes an object of state variables to update or a function which returns an object of state variables."
-		        );
-		      this.updater.enqueueSetState(this, partialState, callback, "setState");
-		    };
-		    Component.prototype.forceUpdate = function (callback) {
-		      this.updater.enqueueForceUpdate(this, callback, "forceUpdate");
-		    };
-		    var deprecatedAPIs = {
-		      isMounted: [
-		        "isMounted",
-		        "Instead, make sure to clean up subscriptions and pending requests in componentWillUnmount to prevent memory leaks."
-		      ],
-		      replaceState: [
-		        "replaceState",
-		        "Refactor your code to use setState instead (see https://github.com/facebook/react/issues/3236)."
-		      ]
-		    };
-		    for (fnName in deprecatedAPIs)
-		      deprecatedAPIs.hasOwnProperty(fnName) &&
-		        defineDeprecationWarning(fnName, deprecatedAPIs[fnName]);
-		    ComponentDummy.prototype = Component.prototype;
-		    deprecatedAPIs = PureComponent.prototype = new ComponentDummy();
-		    deprecatedAPIs.constructor = PureComponent;
-		    assign(deprecatedAPIs, Component.prototype);
-		    deprecatedAPIs.isPureReactComponent = true;
-		    var isArrayImpl = Array.isArray,
-		      REACT_CLIENT_REFERENCE = Symbol.for("react.client.reference"),
-		      ReactSharedInternals = {
-		        H: null,
-		        A: null,
-		        T: null,
-		        S: null,
-		        actQueue: null,
-		        asyncTransitions: 0,
-		        isBatchingLegacy: false,
-		        didScheduleLegacyUpdate: false,
-		        didUsePromise: false,
-		        thrownErrors: [],
-		        getCurrentStack: null,
-		        recentlyCreatedOwnerStacks: 0
-		      },
-		      hasOwnProperty = Object.prototype.hasOwnProperty,
-		      createTask = console.createTask
-		        ? console.createTask
-		        : function () {
-		            return null;
-		          };
-		    deprecatedAPIs = {
-		      react_stack_bottom_frame: function (callStackForError) {
-		        return callStackForError();
-		      }
-		    };
-		    var specialPropKeyWarningShown, didWarnAboutOldJSXRuntime;
-		    var didWarnAboutElementRef = {};
-		    var unknownOwnerDebugStack = deprecatedAPIs.react_stack_bottom_frame.bind(
-		      deprecatedAPIs,
-		      UnknownOwner
-		    )();
-		    var unknownOwnerDebugTask = createTask(getTaskName(UnknownOwner));
-		    var didWarnAboutMaps = false,
-		      userProvidedKeyEscapeRegex = /\/+/g,
-		      reportGlobalError =
-		        "function" === typeof reportError
-		          ? reportError
-		          : function (error) {
-		              if (
-		                "object" === typeof window &&
-		                "function" === typeof window.ErrorEvent
-		              ) {
-		                var event = new window.ErrorEvent("error", {
-		                  bubbles: true,
-		                  cancelable: true,
-		                  message:
-		                    "object" === typeof error &&
-		                    null !== error &&
-		                    "string" === typeof error.message
-		                      ? String(error.message)
-		                      : String(error),
-		                  error: error
-		                });
-		                if (!window.dispatchEvent(event)) return;
-		              } else if (
-		                "object" === typeof process &&
-		                "function" === typeof process.emit
-		              ) {
-		                process.emit("uncaughtException", error);
-		                return;
-		              }
-		              console.error(error);
-		            },
-		      didWarnAboutMessageChannel = false,
-		      enqueueTaskImpl = null,
-		      actScopeDepth = 0,
-		      didWarnNoAwaitAct = false,
-		      isFlushing = false,
-		      queueSeveralMicrotasks =
-		        "function" === typeof queueMicrotask
-		          ? function (callback) {
-		              queueMicrotask(function () {
-		                return queueMicrotask(callback);
-		              });
-		            }
-		          : enqueueTask;
-		    deprecatedAPIs = Object.freeze({
-		      __proto__: null,
-		      c: function (size) {
-		        return resolveDispatcher().useMemoCache(size);
-		      }
-		    });
-		    var fnName = {
-		      map: mapChildren,
-		      forEach: function (children, forEachFunc, forEachContext) {
-		        mapChildren(
-		          children,
-		          function () {
-		            forEachFunc.apply(this, arguments);
-		          },
-		          forEachContext
-		        );
-		      },
-		      count: function (children) {
-		        var n = 0;
-		        mapChildren(children, function () {
-		          n++;
-		        });
-		        return n;
-		      },
-		      toArray: function (children) {
-		        return (
-		          mapChildren(children, function (child) {
-		            return child;
-		          }) || []
-		        );
-		      },
-		      only: function (children) {
-		        if (!isValidElement(children))
-		          throw Error(
-		            "React.Children.only expected to receive a single React element child."
-		          );
-		        return children;
-		      }
-		    };
-		    exports.Activity = REACT_ACTIVITY_TYPE;
-		    exports.Children = fnName;
-		    exports.Component = Component;
-		    exports.Fragment = REACT_FRAGMENT_TYPE;
-		    exports.Profiler = REACT_PROFILER_TYPE;
-		    exports.PureComponent = PureComponent;
-		    exports.StrictMode = REACT_STRICT_MODE_TYPE;
-		    exports.Suspense = REACT_SUSPENSE_TYPE;
-		    exports.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE =
-		      ReactSharedInternals;
-		    exports.__COMPILER_RUNTIME = deprecatedAPIs;
-		    exports.act = function (callback) {
-		      var prevActQueue = ReactSharedInternals.actQueue,
-		        prevActScopeDepth = actScopeDepth;
-		      actScopeDepth++;
-		      var queue = (ReactSharedInternals.actQueue =
-		          null !== prevActQueue ? prevActQueue : []),
-		        didAwaitActCall = false;
-		      try {
-		        var result = callback();
-		      } catch (error) {
-		        ReactSharedInternals.thrownErrors.push(error);
-		      }
-		      if (0 < ReactSharedInternals.thrownErrors.length)
-		        throw (
-		          (popActScope(prevActQueue, prevActScopeDepth),
-		          (callback = aggregateErrors(ReactSharedInternals.thrownErrors)),
-		          (ReactSharedInternals.thrownErrors.length = 0),
-		          callback)
-		        );
-		      if (
-		        null !== result &&
-		        "object" === typeof result &&
-		        "function" === typeof result.then
-		      ) {
-		        var thenable = result;
-		        queueSeveralMicrotasks(function () {
-		          didAwaitActCall ||
-		            didWarnNoAwaitAct ||
-		            ((didWarnNoAwaitAct = true),
-		            console.error(
-		              "You called act(async () => ...) without await. This could lead to unexpected testing behaviour, interleaving multiple act calls and mixing their scopes. You should - await act(async () => ...);"
-		            ));
-		        });
-		        return {
-		          then: function (resolve, reject) {
-		            didAwaitActCall = true;
-		            thenable.then(
-		              function (returnValue) {
-		                popActScope(prevActQueue, prevActScopeDepth);
-		                if (0 === prevActScopeDepth) {
-		                  try {
-		                    flushActQueue(queue),
-		                      enqueueTask(function () {
-		                        return recursivelyFlushAsyncActWork(
-		                          returnValue,
-		                          resolve,
-		                          reject
-		                        );
-		                      });
-		                  } catch (error$0) {
-		                    ReactSharedInternals.thrownErrors.push(error$0);
-		                  }
-		                  if (0 < ReactSharedInternals.thrownErrors.length) {
-		                    var _thrownError = aggregateErrors(
-		                      ReactSharedInternals.thrownErrors
-		                    );
-		                    ReactSharedInternals.thrownErrors.length = 0;
-		                    reject(_thrownError);
-		                  }
-		                } else resolve(returnValue);
-		              },
-		              function (error) {
-		                popActScope(prevActQueue, prevActScopeDepth);
-		                0 < ReactSharedInternals.thrownErrors.length
-		                  ? ((error = aggregateErrors(
-		                      ReactSharedInternals.thrownErrors
-		                    )),
-		                    (ReactSharedInternals.thrownErrors.length = 0),
-		                    reject(error))
-		                  : reject(error);
-		              }
-		            );
-		          }
-		        };
-		      }
-		      var returnValue$jscomp$0 = result;
-		      popActScope(prevActQueue, prevActScopeDepth);
-		      0 === prevActScopeDepth &&
-		        (flushActQueue(queue),
-		        0 !== queue.length &&
-		          queueSeveralMicrotasks(function () {
-		            didAwaitActCall ||
-		              didWarnNoAwaitAct ||
-		              ((didWarnNoAwaitAct = true),
-		              console.error(
-		                "A component suspended inside an `act` scope, but the `act` call was not awaited. When testing React components that depend on asynchronous data, you must await the result:\n\nawait act(() => ...)"
-		              ));
-		          }),
-		        (ReactSharedInternals.actQueue = null));
-		      if (0 < ReactSharedInternals.thrownErrors.length)
-		        throw (
-		          ((callback = aggregateErrors(ReactSharedInternals.thrownErrors)),
-		          (ReactSharedInternals.thrownErrors.length = 0),
-		          callback)
-		        );
-		      return {
-		        then: function (resolve, reject) {
-		          didAwaitActCall = true;
-		          0 === prevActScopeDepth
-		            ? ((ReactSharedInternals.actQueue = queue),
-		              enqueueTask(function () {
-		                return recursivelyFlushAsyncActWork(
-		                  returnValue$jscomp$0,
-		                  resolve,
-		                  reject
-		                );
-		              }))
-		            : resolve(returnValue$jscomp$0);
-		        }
-		      };
-		    };
-		    exports.cache = function (fn) {
-		      return function () {
-		        return fn.apply(null, arguments);
-		      };
-		    };
-		    exports.cacheSignal = function () {
-		      return null;
-		    };
-		    exports.captureOwnerStack = function () {
-		      var getCurrentStack = ReactSharedInternals.getCurrentStack;
-		      return null === getCurrentStack ? null : getCurrentStack();
-		    };
-		    exports.cloneElement = function (element, config, children) {
-		      if (null === element || void 0 === element)
-		        throw Error(
-		          "The argument must be a React element, but you passed " +
-		            element +
-		            "."
-		        );
-		      var props = assign({}, element.props),
-		        key = element.key,
-		        owner = element._owner;
-		      if (null != config) {
-		        var JSCompiler_inline_result;
-		        a: {
-		          if (
-		            hasOwnProperty.call(config, "ref") &&
-		            (JSCompiler_inline_result = Object.getOwnPropertyDescriptor(
-		              config,
-		              "ref"
-		            ).get) &&
-		            JSCompiler_inline_result.isReactWarning
-		          ) {
-		            JSCompiler_inline_result = false;
-		            break a;
-		          }
-		          JSCompiler_inline_result = void 0 !== config.ref;
-		        }
-		        JSCompiler_inline_result && (owner = getOwner());
-		        hasValidKey(config) &&
-		          (checkKeyStringCoercion(config.key), (key = "" + config.key));
-		        for (propName in config)
-		          !hasOwnProperty.call(config, propName) ||
-		            "key" === propName ||
-		            "__self" === propName ||
-		            "__source" === propName ||
-		            ("ref" === propName && void 0 === config.ref) ||
-		            (props[propName] = config[propName]);
-		      }
-		      var propName = arguments.length - 2;
-		      if (1 === propName) props.children = children;
-		      else if (1 < propName) {
-		        JSCompiler_inline_result = Array(propName);
-		        for (var i = 0; i < propName; i++)
-		          JSCompiler_inline_result[i] = arguments[i + 2];
-		        props.children = JSCompiler_inline_result;
-		      }
-		      props = ReactElement(
-		        element.type,
-		        key,
-		        props,
-		        owner,
-		        element._debugStack,
-		        element._debugTask
-		      );
-		      for (key = 2; key < arguments.length; key++)
-		        validateChildKeys(arguments[key]);
-		      return props;
-		    };
-		    exports.createContext = function (defaultValue) {
-		      defaultValue = {
-		        $$typeof: REACT_CONTEXT_TYPE,
-		        _currentValue: defaultValue,
-		        _currentValue2: defaultValue,
-		        _threadCount: 0,
-		        Provider: null,
-		        Consumer: null
-		      };
-		      defaultValue.Provider = defaultValue;
-		      defaultValue.Consumer = {
-		        $$typeof: REACT_CONSUMER_TYPE,
-		        _context: defaultValue
-		      };
-		      defaultValue._currentRenderer = null;
-		      defaultValue._currentRenderer2 = null;
-		      return defaultValue;
-		    };
-		    exports.createElement = function (type, config, children) {
-		      for (var i = 2; i < arguments.length; i++)
-		        validateChildKeys(arguments[i]);
-		      i = {};
-		      var key = null;
-		      if (null != config)
-		        for (propName in (didWarnAboutOldJSXRuntime ||
-		          !("__self" in config) ||
-		          "key" in config ||
-		          ((didWarnAboutOldJSXRuntime = true),
-		          console.warn(
-		            "Your app (or one of its dependencies) is using an outdated JSX transform. Update to the modern JSX transform for faster performance: https://react.dev/link/new-jsx-transform"
-		          )),
-		        hasValidKey(config) &&
-		          (checkKeyStringCoercion(config.key), (key = "" + config.key)),
-		        config))
-		          hasOwnProperty.call(config, propName) &&
-		            "key" !== propName &&
-		            "__self" !== propName &&
-		            "__source" !== propName &&
-		            (i[propName] = config[propName]);
-		      var childrenLength = arguments.length - 2;
-		      if (1 === childrenLength) i.children = children;
-		      else if (1 < childrenLength) {
-		        for (
-		          var childArray = Array(childrenLength), _i = 0;
-		          _i < childrenLength;
-		          _i++
-		        )
-		          childArray[_i] = arguments[_i + 2];
-		        Object.freeze && Object.freeze(childArray);
-		        i.children = childArray;
-		      }
-		      if (type && type.defaultProps)
-		        for (propName in ((childrenLength = type.defaultProps), childrenLength))
-		          void 0 === i[propName] && (i[propName] = childrenLength[propName]);
-		      key &&
-		        defineKeyPropWarningGetter(
-		          i,
-		          "function" === typeof type
-		            ? type.displayName || type.name || "Unknown"
-		            : type
-		        );
-		      var propName = 1e4 > ReactSharedInternals.recentlyCreatedOwnerStacks++;
-		      return ReactElement(
-		        type,
-		        key,
-		        i,
-		        getOwner(),
-		        propName ? Error("react-stack-top-frame") : unknownOwnerDebugStack,
-		        propName ? createTask(getTaskName(type)) : unknownOwnerDebugTask
-		      );
-		    };
-		    exports.createRef = function () {
-		      var refObject = { current: null };
-		      Object.seal(refObject);
-		      return refObject;
-		    };
-		    exports.forwardRef = function (render) {
-		      null != render && render.$$typeof === REACT_MEMO_TYPE
-		        ? console.error(
-		            "forwardRef requires a render function but received a `memo` component. Instead of forwardRef(memo(...)), use memo(forwardRef(...))."
-		          )
-		        : "function" !== typeof render
-		          ? console.error(
-		              "forwardRef requires a render function but was given %s.",
-		              null === render ? "null" : typeof render
-		            )
-		          : 0 !== render.length &&
-		            2 !== render.length &&
-		            console.error(
-		              "forwardRef render functions accept exactly two parameters: props and ref. %s",
-		              1 === render.length
-		                ? "Did you forget to use the ref parameter?"
-		                : "Any additional parameter will be undefined."
-		            );
-		      null != render &&
-		        null != render.defaultProps &&
-		        console.error(
-		          "forwardRef render functions do not support defaultProps. Did you accidentally pass a React component?"
-		        );
-		      var elementType = { $$typeof: REACT_FORWARD_REF_TYPE, render: render },
-		        ownName;
-		      Object.defineProperty(elementType, "displayName", {
-		        enumerable: false,
-		        configurable: true,
-		        get: function () {
-		          return ownName;
-		        },
-		        set: function (name) {
-		          ownName = name;
-		          render.name ||
-		            render.displayName ||
-		            (Object.defineProperty(render, "name", { value: name }),
-		            (render.displayName = name));
-		        }
-		      });
-		      return elementType;
-		    };
-		    exports.isValidElement = isValidElement;
-		    exports.lazy = function (ctor) {
-		      ctor = { _status: -1, _result: ctor };
-		      var lazyType = {
-		          $$typeof: REACT_LAZY_TYPE,
-		          _payload: ctor,
-		          _init: lazyInitializer
-		        },
-		        ioInfo = {
-		          name: "lazy",
-		          start: -1,
-		          end: -1,
-		          value: null,
-		          owner: null,
-		          debugStack: Error("react-stack-top-frame"),
-		          debugTask: console.createTask ? console.createTask("lazy()") : null
-		        };
-		      ctor._ioInfo = ioInfo;
-		      lazyType._debugInfo = [{ awaited: ioInfo }];
-		      return lazyType;
-		    };
-		    exports.memo = function (type, compare) {
-		      null == type &&
-		        console.error(
-		          "memo: The first argument must be a component. Instead received: %s",
-		          null === type ? "null" : typeof type
-		        );
-		      compare = {
-		        $$typeof: REACT_MEMO_TYPE,
-		        type: type,
-		        compare: void 0 === compare ? null : compare
-		      };
-		      var ownName;
-		      Object.defineProperty(compare, "displayName", {
-		        enumerable: false,
-		        configurable: true,
-		        get: function () {
-		          return ownName;
-		        },
-		        set: function (name) {
-		          ownName = name;
-		          type.name ||
-		            type.displayName ||
-		            (Object.defineProperty(type, "name", { value: name }),
-		            (type.displayName = name));
-		        }
-		      });
-		      return compare;
-		    };
-		    exports.startTransition = function (scope) {
-		      var prevTransition = ReactSharedInternals.T,
-		        currentTransition = {};
-		      currentTransition._updatedFibers = new Set();
-		      ReactSharedInternals.T = currentTransition;
-		      try {
-		        var returnValue = scope(),
-		          onStartTransitionFinish = ReactSharedInternals.S;
-		        null !== onStartTransitionFinish &&
-		          onStartTransitionFinish(currentTransition, returnValue);
-		        "object" === typeof returnValue &&
-		          null !== returnValue &&
-		          "function" === typeof returnValue.then &&
-		          (ReactSharedInternals.asyncTransitions++,
-		          returnValue.then(releaseAsyncTransition, releaseAsyncTransition),
-		          returnValue.then(noop, reportGlobalError));
-		      } catch (error) {
-		        reportGlobalError(error);
-		      } finally {
-		        null === prevTransition &&
-		          currentTransition._updatedFibers &&
-		          ((scope = currentTransition._updatedFibers.size),
-		          currentTransition._updatedFibers.clear(),
-		          10 < scope &&
-		            console.warn(
-		              "Detected a large number of updates inside startTransition. If this is due to a subscription please re-write it to use React provided hooks. Otherwise concurrent mode guarantees are off the table."
-		            )),
-		          null !== prevTransition &&
-		            null !== currentTransition.types &&
-		            (null !== prevTransition.types &&
-		              prevTransition.types !== currentTransition.types &&
-		              console.error(
-		                "We expected inner Transitions to have transferred the outer types set and that you cannot add to the outer Transition while inside the inner.This is a bug in React."
-		              ),
-		            (prevTransition.types = currentTransition.types)),
-		          (ReactSharedInternals.T = prevTransition);
-		      }
-		    };
-		    exports.unstable_useCacheRefresh = function () {
-		      return resolveDispatcher().useCacheRefresh();
-		    };
-		    exports.use = function (usable) {
-		      return resolveDispatcher().use(usable);
-		    };
-		    exports.useActionState = function (action, initialState, permalink) {
-		      return resolveDispatcher().useActionState(
-		        action,
-		        initialState,
-		        permalink
-		      );
-		    };
-		    exports.useCallback = function (callback, deps) {
-		      return resolveDispatcher().useCallback(callback, deps);
-		    };
-		    exports.useContext = function (Context) {
-		      var dispatcher = resolveDispatcher();
-		      Context.$$typeof === REACT_CONSUMER_TYPE &&
-		        console.error(
-		          "Calling useContext(Context.Consumer) is not supported and will cause bugs. Did you mean to call useContext(Context) instead?"
-		        );
-		      return dispatcher.useContext(Context);
-		    };
-		    exports.useDebugValue = function (value, formatterFn) {
-		      return resolveDispatcher().useDebugValue(value, formatterFn);
-		    };
-		    exports.useDeferredValue = function (value, initialValue) {
-		      return resolveDispatcher().useDeferredValue(value, initialValue);
-		    };
-		    exports.useEffect = function (create, deps) {
-		      null == create &&
-		        console.warn(
-		          "React Hook useEffect requires an effect callback. Did you forget to pass a callback to the hook?"
-		        );
-		      return resolveDispatcher().useEffect(create, deps);
-		    };
-		    exports.useEffectEvent = function (callback) {
-		      return resolveDispatcher().useEffectEvent(callback);
-		    };
-		    exports.useId = function () {
-		      return resolveDispatcher().useId();
-		    };
-		    exports.useImperativeHandle = function (ref, create, deps) {
-		      return resolveDispatcher().useImperativeHandle(ref, create, deps);
-		    };
-		    exports.useInsertionEffect = function (create, deps) {
-		      null == create &&
-		        console.warn(
-		          "React Hook useInsertionEffect requires an effect callback. Did you forget to pass a callback to the hook?"
-		        );
-		      return resolveDispatcher().useInsertionEffect(create, deps);
-		    };
-		    exports.useLayoutEffect = function (create, deps) {
-		      null == create &&
-		        console.warn(
-		          "React Hook useLayoutEffect requires an effect callback. Did you forget to pass a callback to the hook?"
-		        );
-		      return resolveDispatcher().useLayoutEffect(create, deps);
-		    };
-		    exports.useMemo = function (create, deps) {
-		      return resolveDispatcher().useMemo(create, deps);
-		    };
-		    exports.useOptimistic = function (passthrough, reducer) {
-		      return resolveDispatcher().useOptimistic(passthrough, reducer);
-		    };
-		    exports.useReducer = function (reducer, initialArg, init) {
-		      return resolveDispatcher().useReducer(reducer, initialArg, init);
-		    };
-		    exports.useRef = function (initialValue) {
-		      return resolveDispatcher().useRef(initialValue);
-		    };
-		    exports.useState = function (initialState) {
-		      return resolveDispatcher().useState(initialState);
-		    };
-		    exports.useSyncExternalStore = function (
-		      subscribe,
-		      getSnapshot,
-		      getServerSnapshot
-		    ) {
-		      return resolveDispatcher().useSyncExternalStore(
-		        subscribe,
-		        getSnapshot,
-		        getServerSnapshot
-		      );
-		    };
-		    exports.useTransition = function () {
-		      return resolveDispatcher().useTransition();
-		    };
-		    exports.version = "19.2.0";
-		    "undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ &&
-		      "function" ===
-		        typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStop &&
-		      __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStop(Error());
-		  })(); 
-	} (react_development, react_development.exports));
-	return react_development.exports;
-}
-
-var hasRequiredReact;
-
-function requireReact () {
-	if (hasRequiredReact) return react.exports;
-	hasRequiredReact = 1;
-
-	if (process.env.NODE_ENV === 'production') {
-	  react.exports = requireReact_production();
-	} else {
-	  react.exports = requireReact_development();
-	}
-	return react.exports;
-}
-
-var reactExports = requireReact();
-
-/**
- * React Hook: handles <input type="file" onChange> with validation + scanning.
- */
-function useFileScanner() {
-    const [results, setResults] = reactExports.useState([]);
-    const [errors, setErrors] = reactExports.useState([]);
-    const onChange = reactExports.useCallback(async (e) => {
-        const fileList = Array.from(e.target.files || []);
-        const good = [];
-        const bad = [];
-        for (const file of fileList) {
-            const { valid, error } = validateFile(file);
-            if (valid)
-                good.push(file);
-            else
-                bad.push({ file, error: error });
-        }
-        setErrors(bad);
-        if (good.length) {
-            const scanned = await scanFiles(good);
-            setResults(scanned.map((r, i) => ({ file: good[i], report: r })));
-        }
-        else {
-            setResults([]);
-        }
-    }, []);
-    return { results, errors, onChange };
-}
-
 async function createRemoteEngine(opts) {
     const { endpoint, headers = {}, rulesField = 'rules', fileField = 'file', mode = 'multipart', rulesAsBase64 = false, } = opts;
     const engine = {
@@ -2852,6 +932,355 @@ async function scanFilesWithRemoteYara(files, rulesSource, remote) {
     return results;
 }
 
+const SIG_CEN = 0x02014b50;
+const DEFAULTS = {
+    maxEntries: 1000,
+    maxTotalUncompressedBytes: 500 * 1024 * 1024,
+    maxEntryNameLength: 255,
+    maxCompressionRatio: 1000,
+    eocdSearchWindow: 70000,
+};
+function r16(buf, off) {
+    return buf.readUInt16LE(off);
+}
+function r32(buf, off) {
+    return buf.readUInt32LE(off);
+}
+function isZipLike(buf) {
+    // local file header at start is common
+    return buf.length >= 4 && buf[0] === 0x50 && buf[1] === 0x4b && buf[2] === 0x03 && buf[3] === 0x04;
+}
+function lastIndexOfEOCD(buf, window) {
+    const sig = Buffer.from([0x50, 0x4b, 0x05, 0x06]);
+    const start = Math.max(0, buf.length - window);
+    const idx = buf.lastIndexOf(sig, Math.min(buf.length - sig.length, buf.length - 1));
+    return idx >= start ? idx : -1;
+}
+function hasTraversal(name) {
+    return name.includes('../') || name.includes('..\\') || name.startsWith('/') || /^[A-Za-z]:/.test(name);
+}
+function createZipBombGuard(opts = {}) {
+    const cfg = { ...DEFAULTS, ...opts };
+    return {
+        async scan(input) {
+            const buf = Buffer.from(input);
+            const matches = [];
+            if (!isZipLike(buf))
+                return matches;
+            // Find EOCD near the end
+            const eocdPos = lastIndexOfEOCD(buf, cfg.eocdSearchWindow);
+            if (eocdPos < 0 || eocdPos + 22 > buf.length) {
+                // ZIP but no EOCD — malformed or polyglot → suspicious
+                matches.push({ rule: 'zip_eocd_not_found', severity: 'medium' });
+                return matches;
+            }
+            const totalEntries = r16(buf, eocdPos + 10);
+            const cdSize = r32(buf, eocdPos + 12);
+            const cdOffset = r32(buf, eocdPos + 16);
+            // Bounds check
+            if (cdOffset + cdSize > buf.length) {
+                matches.push({ rule: 'zip_cd_out_of_bounds', severity: 'medium' });
+                return matches;
+            }
+            // Iterate central directory entries
+            let ptr = cdOffset;
+            let seen = 0;
+            let sumComp = 0;
+            let sumUnc = 0;
+            while (ptr + 46 <= cdOffset + cdSize && seen < totalEntries) {
+                const sig = r32(buf, ptr);
+                if (sig !== SIG_CEN)
+                    break; // stop if structure breaks
+                const compSize = r32(buf, ptr + 20);
+                const uncSize = r32(buf, ptr + 24);
+                const fnLen = r16(buf, ptr + 28);
+                const exLen = r16(buf, ptr + 30);
+                const cmLen = r16(buf, ptr + 32);
+                const nameStart = ptr + 46;
+                const nameEnd = nameStart + fnLen;
+                if (nameEnd > buf.length)
+                    break;
+                const name = buf.toString('utf8', nameStart, nameEnd);
+                sumComp += compSize;
+                sumUnc += uncSize;
+                seen++;
+                if (name.length > cfg.maxEntryNameLength) {
+                    matches.push({ rule: 'zip_entry_name_too_long', severity: 'medium', meta: { name, length: name.length } });
+                }
+                if (hasTraversal(name)) {
+                    matches.push({ rule: 'zip_path_traversal_entry', severity: 'medium', meta: { name } });
+                }
+                // move to next entry
+                ptr = nameEnd + exLen + cmLen;
+            }
+            if (seen !== totalEntries) {
+                // central dir truncated/odd, still report what we found
+                matches.push({ rule: 'zip_cd_truncated', severity: 'medium', meta: { seen, totalEntries } });
+            }
+            // Heuristics thresholds
+            if (seen > cfg.maxEntries) {
+                matches.push({ rule: 'zip_too_many_entries', severity: 'medium', meta: { seen, limit: cfg.maxEntries } });
+            }
+            if (sumUnc > cfg.maxTotalUncompressedBytes) {
+                matches.push({
+                    rule: 'zip_total_uncompressed_too_large',
+                    severity: 'medium',
+                    meta: { totalUncompressed: sumUnc, limit: cfg.maxTotalUncompressedBytes }
+                });
+            }
+            if (sumComp === 0 && sumUnc > 0) {
+                matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio: Infinity } });
+            }
+            else if (sumComp > 0) {
+                const ratio = sumUnc / Math.max(1, sumComp);
+                if (ratio >= cfg.maxCompressionRatio) {
+                    matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio, limit: cfg.maxCompressionRatio } });
+                }
+            }
+            return matches;
+        }
+    };
+}
+
+const MB$1 = 1024 * 1024;
+const DEFAULT_POLICY = {
+    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf'],
+    allowedMimeTypes: ['application/zip', 'image/png', 'image/jpeg', 'application/pdf', 'text/plain'],
+    maxFileSizeBytes: 20 * MB$1,
+    timeoutMs: 5000,
+    concurrency: 4,
+    failClosed: true
+};
+function definePolicy(input = {}) {
+    const p = { ...DEFAULT_POLICY, ...input };
+    if (!Array.isArray(p.includeExtensions))
+        throw new TypeError('includeExtensions must be string[]');
+    if (!Array.isArray(p.allowedMimeTypes))
+        throw new TypeError('allowedMimeTypes must be string[]');
+    if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))
+        throw new TypeError('maxFileSizeBytes must be > 0');
+    if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))
+        throw new TypeError('timeoutMs must be > 0');
+    if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))
+        throw new TypeError('concurrency must be > 0');
+    return p;
+}
+
+/**
+ * Policy packs for Pompelmi.
+ *
+ * Pre-configured, named policies for common upload scenarios.  Each pack
+ * defines the file type allowlist, size limits, and timeout appropriate for
+ * its use case.
+ *
+ * All packs are built on `definePolicy` and are fully overridable:
+ *
+ * ```ts
+ * import { POLICY_PACKS } from 'pompelmi/policy-packs';
+ *
+ * // Use a pack as-is:
+ * const policy = POLICY_PACKS['images-only'];
+ *
+ * // Or override individual fields:
+ * import { definePolicy } from 'pompelmi';
+ * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });
+ * ```
+ *
+ * These packs are *deterministic* and *descriptor-based* — they do not
+ * depend on any external threat intelligence feed.
+ *
+ * @module policy-packs
+ */
+const KB = 1024;
+const MB = 1024 * KB;
+// ── Policy packs ──────────────────────────────────────────────────────────────
+/**
+ * Documents-only policy.
+ *
+ * Appropriate for: document management APIs, PDF/Office file upload endpoints,
+ * data import pipelines.
+ *
+ * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),
+ *   CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).
+ * Max size: 25 MB.
+ */
+const DOCUMENTS_ONLY = definePolicy({
+    includeExtensions: [
+        'pdf',
+        'doc', 'docx',
+        'xls', 'xlsx',
+        'ppt', 'pptx',
+        'odt', 'ods', 'odp',
+        'csv',
+        'txt',
+        'json',
+        'yaml', 'yml',
+        'md',
+    ],
+    allowedMimeTypes: [
+        'application/pdf',
+        'application/msword',
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+        'application/vnd.ms-excel',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        'application/vnd.ms-powerpoint',
+        'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+        'application/vnd.oasis.opendocument.text',
+        'application/vnd.oasis.opendocument.spreadsheet',
+        'application/vnd.oasis.opendocument.presentation',
+        'text/csv',
+        'text/plain',
+        'application/json',
+        'text/yaml',
+        'text/markdown',
+    ],
+    maxFileSizeBytes: 25 * MB,
+    timeoutMs: 10000,
+    concurrency: 4,
+    failClosed: true,
+});
+/**
+ * Images-only policy.
+ *
+ * Appropriate for: avatar uploads, product image APIs, content platforms with
+ * user-generated imagery.
+ *
+ * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.
+ * Max size: 10 MB.
+ * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
+ */
+const IMAGES_ONLY = definePolicy({
+    includeExtensions: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'avif', 'tiff', 'tif', 'bmp', 'ico'],
+    allowedMimeTypes: [
+        'image/jpeg',
+        'image/png',
+        'image/gif',
+        'image/webp',
+        'image/avif',
+        'image/tiff',
+        'image/bmp',
+        'image/x-icon',
+        'image/vnd.microsoft.icon',
+    ],
+    maxFileSizeBytes: 10 * MB,
+    timeoutMs: 5000,
+    concurrency: 8,
+    failClosed: true,
+});
+/**
+ * Strict public-upload policy.
+ *
+ * Appropriate for: anonymous or low-trust upload endpoints, public APIs,
+ * any surface exposed to untrusted users.
+ *
+ * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME
+ * allowlist.  Only allows plain images and PDF.
+ */
+const STRICT_PUBLIC_UPLOAD = definePolicy({
+    includeExtensions: ['jpg', 'jpeg', 'png', 'webp', 'pdf'],
+    allowedMimeTypes: [
+        'image/jpeg',
+        'image/png',
+        'image/webp',
+        'application/pdf',
+    ],
+    maxFileSizeBytes: 5 * MB,
+    timeoutMs: 4000,
+    concurrency: 2,
+    failClosed: true,
+});
+/**
+ * Conservative default policy.
+ *
+ * A hardened version of the built-in `DEFAULT_POLICY` suitable for
+ * production without further customisation.  Stricter size limit and
+ * shorter timeout than the permissive default.
+ */
+const CONSERVATIVE_DEFAULT = definePolicy({
+    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf', 'txt', 'csv', 'docx', 'xlsx'],
+    allowedMimeTypes: [
+        'application/zip',
+        'image/png',
+        'image/jpeg',
+        'application/pdf',
+        'text/plain',
+        'text/csv',
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+    ],
+    maxFileSizeBytes: 10 * MB,
+    timeoutMs: 8000,
+    concurrency: 4,
+    failClosed: true,
+});
+/**
+ * Archives policy.
+ *
+ * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.
+ * Combines a generous size allowance with a longer timeout for deep inspection.
+ *
+ * NOTE: Pair this policy with `createZipBombGuard()` to defend against
+ * decompression-bomb attacks:
+ *
+ * ```ts
+ * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';
+ * const scanner = composeScanners(
+ *   [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]
+ * );
+ * ```
+ */
+const ARCHIVES = definePolicy({
+    includeExtensions: ['zip', 'tar', 'gz', 'tgz', 'bz2', 'xz', '7z', 'rar'],
+    allowedMimeTypes: [
+        'application/zip',
+        'application/x-tar',
+        'application/gzip',
+        'application/x-bzip2',
+        'application/x-xz',
+        'application/x-7z-compressed',
+        'application/x-rar-compressed',
+    ],
+    maxFileSizeBytes: 100 * MB,
+    timeoutMs: 30000,
+    concurrency: 2,
+    failClosed: true,
+});
+/**
+ * Named map of all built-in policy packs.
+ *
+ * ```ts
+ * import { POLICY_PACKS } from 'pompelmi/policy-packs';
+ * const policy = POLICY_PACKS['strict-public-upload'];
+ * ```
+ */
+const POLICY_PACKS = {
+    'documents-only': DOCUMENTS_ONLY,
+    'images-only': IMAGES_ONLY,
+    'strict-public-upload': STRICT_PUBLIC_UPLOAD,
+    'conservative-default': CONSERVATIVE_DEFAULT,
+    'archives': ARCHIVES,
+};
+/**
+ * Look up a policy pack by name.
+ * Throws if the name is not recognised.
+ */
+function getPolicyPack(name) {
+    const policy = POLICY_PACKS[name];
+    if (!policy)
+        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(', ')}`);
+    return policy;
+}
+
+function mapMatchesToVerdict(matches = []) {
+    if (!matches.length)
+        return 'clean';
+    const malHints = ['trojan', 'ransom', 'worm', 'spy', 'rootkit', 'keylog', 'botnet'];
+    const tagSet = new Set(matches.flatMap(m => (m.tags ?? []).map(t => t.toLowerCase())));
+    const nameHit = (r) => malHints.some(h => r.toLowerCase().includes(h));
+    const isMal = matches.some(m => nameHit(m.rule)) || tagSet.has('malware') || tagSet.has('critical');
+    return isMal ? 'malicious' : 'suspicious';
+}
+
 /** Decompilation-specific types for Pompelmi */
 const SUSPICIOUS_PATTERNS = [
     {
@@ -2887,1291 +1316,1151 @@ const SUSPICIOUS_PATTERNS = [
 ];
 
 /**
- * HIPAA Compliance Module for Pompelmi
- *
- * This module provides comprehensive HIPAA compliance features for healthcare environments
- * where Pompelmi is used to analyze potentially compromised systems containing PHI.
- *
- * Key protections:
- * - Data sanitization and redaction
- * - Secure temporary file handling
- * - Audit logging
- * - Memory protection
- * - Error message sanitization
+ * Batch scanning with concurrency control
+ * @module utils/batch-scanner
  */
-class HipaaComplianceManager {
-    constructor(config) {
-        this.auditEvents = [];
-        this.config = {
-            sanitizeErrors: true,
-            sanitizeFilenames: true,
-            encryptTempFiles: true,
-            memoryProtection: true,
-            requireSecureTransport: true,
-            ...config,
-            enabled: config.enabled !== undefined ? config.enabled : true
+/**
+ * Batch file scanner with concurrency control and progress tracking
+ */
+class BatchScanner {
+    constructor(options = {}) {
+        this.options = {
+            concurrency: 5,
+            continueOnError: true,
+            ...options,
         };
-        this.sessionId = this.generateSessionId();
     }
     /**
-     * Sanitize filename to prevent PHI leakage in logs
+     * Scan multiple files with controlled concurrency
      */
-    sanitizeFilename(filename) {
-        if (!this.config.enabled || !this.config.sanitizeFilenames || !filename) {
-            return filename || 'unknown';
+    async scanBatch(tasks) {
+        const startTime = Date.now();
+        const results = new Array(tasks.length);
+        const errors = [];
+        let successCount = 0;
+        let errorCount = 0;
+        let completedCount = 0;
+        const concurrency = this.options.concurrency ?? 5;
+        // Process tasks in chunks with controlled concurrency
+        const processingQueue = [];
+        let currentIndex = 0;
+        const processTask = async (index) => {
+            try {
+                const task = tasks[index];
+                const report = await scanBytes(task.content, {
+                    ...this.options,
+                    ctx: task.context,
+                });
+                results[index] = report;
+                successCount++;
+                completedCount++;
+                if (this.options.onProgress) {
+                    this.options.onProgress(completedCount, tasks.length, report);
+                }
+            }
+            catch (error) {
+                errorCount++;
+                completedCount++;
+                const err = error instanceof Error ? error : new Error(String(error));
+                if (this.options.onError) {
+                    this.options.onError(err, index);
+                }
+                errors.push({ index, error: err });
+                if (!this.options.continueOnError) {
+                    throw err;
+                }
+                results[index] = null;
+            }
+        };
+        // Start initial batch of concurrent tasks
+        while (currentIndex < tasks.length) {
+            while (processingQueue.length < concurrency && currentIndex < tasks.length) {
+                const promise = processTask(currentIndex);
+                processingQueue.push(promise);
+                currentIndex++;
+                // Remove completed promises from queue
+                promise.finally(() => {
+                    const idx = processingQueue.indexOf(promise);
+                    if (idx > -1)
+                        processingQueue.splice(idx, 1);
+                });
+            }
+            // Wait for at least one task to complete before continuing
+            if (processingQueue.length >= concurrency) {
+                await Promise.race(processingQueue);
+            }
         }
-        // Remove potentially sensitive path information
-        const basename = path__namespace.basename(filename);
-        // Hash the filename to create a consistent but non-revealing identifier
-        const hash = crypto__namespace.createHash('sha256').update(basename).digest('hex').substring(0, 8);
-        // Preserve file extension for analysis purposes
-        const ext = path__namespace.extname(basename);
-        return `file_${hash}${ext}`;
+        // Wait for all remaining tasks
+        await Promise.all(processingQueue);
+        const totalDurationMs = Date.now() - startTime;
+        return {
+            reports: results,
+            successCount,
+            errorCount,
+            totalDurationMs,
+            errors,
+        };
     }
     /**
-     * Sanitize error messages to prevent PHI exposure
+     * Scan files from File objects (browser environment)
      */
-    sanitizeError(error) {
-        if (!this.config.enabled || !this.config.sanitizeErrors) {
-            return typeof error === 'string' ? error : error.message;
-        }
-        const message = typeof error === 'string' ? error : error.message;
-        // Remove common patterns that might contain PHI
-        let sanitized = message
-            // Remove file paths
-            .replace(/[A-Za-z]:\\\\[^\\s]+/g, '[REDACTED_PATH]')
-            .replace(/\/[^\\s]+/g, '[REDACTED_PATH]')
-            // Remove potential patient identifiers (numbers that could be MRNs, SSNs)
-            .replace(/\\b\\d{3}-?\\d{2}-?\\d{4}\\b/g, '[REDACTED_ID]')
-            .replace(/\\b\\d{6,}\\b/g, '[REDACTED_ID]')
-            // Remove email addresses
-            .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[REDACTED_EMAIL]')
-            // Remove potential names (capitalize words in error messages)
-            .replace(/\\b[A-Z][a-z]+\\s+[A-Z][a-z]+\\b/g, '[REDACTED_NAME]')
-            // Remove IP addresses
-            .replace(/\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b/g, '[REDACTED_IP]');
-        return sanitized;
+    async scanFiles(files) {
+        const tasks = await Promise.all(files.map(async (file) => ({
+            content: new Uint8Array(await file.arrayBuffer()),
+            context: {
+                filename: file.name,
+                mimeType: file.type,
+                size: file.size,
+            },
+        })));
+        return this.scanBatch(tasks);
     }
     /**
-     * Create secure temporary file path with encryption if enabled
+     * Scan files from file paths (Node.js environment)
      */
-    createSecureTempPath(prefix = 'pompelmi') {
-        if (!this.config.enabled) {
-            return path__namespace.join(os__namespace.tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
-        }
-        // Use cryptographically secure random names
-        const randomId = crypto__namespace.randomBytes(16).toString('hex');
-        const timestamp = Date.now();
-        // Create path in secure temp directory
-        const secureTempDir = this.getSecureTempDir();
-        const tempPath = path__namespace.join(secureTempDir, `${prefix}-${timestamp}-${randomId}`);
-        this.auditLog('temp_file_created', {
-            action: 'create_temp_file',
-            success: true,
-            metadata: { path: this.sanitizeFilename(tempPath) }
+    async scanFilePaths(filePaths) {
+        const fs = await import('fs/promises');
+        const path = await import('path');
+        const tasks = await Promise.all(filePaths.map(async (filePath) => {
+            const [content, stats] = await Promise.all([
+                fs.readFile(filePath),
+                fs.stat(filePath),
+            ]);
+            return {
+                content: new Uint8Array(content),
+                context: {
+                    filename: path.basename(filePath),
+                    size: stats.size,
+                },
+            };
+        }));
+        return this.scanBatch(tasks);
+    }
+}
+/**
+ * Quick helper for batch scanning with default options
+ */
+async function batchScan(tasks, options) {
+    const scanner = new BatchScanner(options);
+    return scanner.scanBatch(tasks);
+}
+
+/**
+ * Threat intelligence integration and enhanced detection
+ * @module utils/threat-intelligence
+ */
+/**
+ * Built-in threat intelligence - known malware hashes
+ * In production, this would connect to real threat intel APIs
+ */
+class LocalThreatIntelligence {
+    constructor() {
+        this.name = 'Local Database';
+        this.knownThreats = new Map();
+        // Initialize with some example known threats (in production, load from database)
+        this.initializeKnownThreats();
+    }
+    initializeKnownThreats() {
+        // Example: EICAR test file hash
+        this.knownThreats.set('275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f', {
+            threatLevel: 100,
+            category: 'test-malware',
+            source: 'local',
+            metadata: { name: 'EICAR Test File' },
         });
-        return tempPath;
+    }
+    async checkHash(hash) {
+        return this.knownThreats.get(hash.toLowerCase()) || null;
     }
     /**
-     * Get or create secure temporary directory with restricted permissions
+     * Add a known threat to the local database
      */
-    getSecureTempDir() {
-        const secureTempPath = path__namespace.join(os__namespace.tmpdir(), 'pompelmi-secure');
-        try {
-            const fs = require('fs');
-            if (!fs.existsSync(secureTempPath)) {
-                fs.mkdirSync(secureTempPath, { mode: 0o700 }); // Owner read/write/execute only
-            }
+    addThreat(hash, info) {
+        this.knownThreats.set(hash.toLowerCase(), info);
+    }
+    /**
+     * Remove a threat from the local database
+     */
+    removeThreat(hash) {
+        return this.knownThreats.delete(hash.toLowerCase());
+    }
+    /**
+     * Get all known threats
+     */
+    getAllThreats() {
+        return new Map(this.knownThreats);
+    }
+}
+/**
+ * Threat intelligence aggregator
+ */
+class ThreatIntelligenceAggregator {
+    constructor(sources) {
+        this.sources = [];
+        if (sources) {
+            this.sources = sources;
         }
-        catch (error) {
-            // Fallback to system temp
-            return os__namespace.tmpdir();
+        else {
+            // Default to local intelligence
+            this.sources = [new LocalThreatIntelligence()];
         }
-        return secureTempPath;
     }
     /**
-     * Secure file cleanup with multiple overwrite passes
+     * Add a threat intelligence source
      */
-    async secureFileCleanup(filePath) {
-        if (!this.config.enabled) {
-            try {
-                const fs = await import('fs/promises');
-                await fs.unlink(filePath);
-            }
-            catch {
-                // Ignore cleanup errors
+    addSource(source) {
+        this.sources.push(source);
+    }
+    /**
+     * Check file hash against all sources
+     */
+    async checkHash(hash) {
+        const results = await Promise.allSettled(this.sources.map(source => source.checkHash(hash)));
+        const threats = [];
+        for (const result of results) {
+            if (result.status === 'fulfilled' && result.value) {
+                threats.push(result.value);
             }
-            return;
         }
-        try {
-            const fs = await import('fs/promises');
-            const stats = await fs.stat(filePath);
-            if (this.config.memoryProtection) {
-                // Overwrite file with random data multiple times (DoD 5220.22-M standard)
-                const fileSize = stats.size;
-                const buffer = crypto__namespace.randomBytes(Math.min(fileSize, 64 * 1024)); // 64KB chunks
-                for (let pass = 0; pass < 3; pass++) {
-                    const handle = await fs.open(filePath, 'r+');
-                    try {
-                        for (let offset = 0; offset < fileSize; offset += buffer.length) {
-                            const chunk = offset + buffer.length > fileSize
-                                ? buffer.subarray(0, fileSize - offset)
-                                : buffer;
-                            await handle.write(chunk, 0, chunk.length, offset);
-                        }
-                        await handle.sync();
-                    }
-                    finally {
-                        await handle.close();
-                    }
-                }
-            }
-            // Final deletion
-            await fs.unlink(filePath);
-            this.auditLog('temp_file_deleted', {
-                action: 'secure_delete',
-                success: true,
-                metadata: {
-                    path: this.sanitizeFilename(filePath),
-                    overwritePasses: this.config.memoryProtection ? 3 : 0
-                }
-            });
-        }
-        catch (error) {
-            this.auditLog('temp_file_deleted', {
-                action: 'secure_delete',
-                success: false,
-                sanitizedError: this.sanitizeError(error),
-                metadata: { path: this.sanitizeFilename(filePath) }
-            });
-        }
-    }
-    /**
-     * Calculate secure file hash for audit purposes
-     */
-    calculateFileHash(data) {
-        return crypto__namespace.createHash('sha256').update(data).digest('hex');
+        return threats;
     }
     /**
-     * Log audit event
+     * Enhance scan report with threat intelligence
      */
-    auditLog(eventType, details) {
-        if (!this.config.enabled)
-            return;
-        const event = {
-            timestamp: new Date().toISOString(),
-            eventType,
-            sessionId: this.sessionId,
-            details: {
-                action: details.action || 'unknown',
-                success: details.success ?? true,
-                ...details
-            }
+    async enhanceScanReport(content, report) {
+        // Calculate file hash
+        const hash = crypto.createHash('sha256').update(content).digest('hex');
+        // Check threat intelligence
+        const threatIntel = await this.checkHash(hash);
+        // Calculate risk score
+        const riskScore = this.calculateRiskScore(report, threatIntel);
+        return {
+            ...report,
+            fileHash: hash,
+            threatIntel: threatIntel.length > 0 ? threatIntel : undefined,
+            riskScore,
         };
-        this.auditEvents.push(event);
-        // Write to audit log file if configured
-        if (this.config.auditLogPath) {
-            this.writeAuditLog(event).catch(() => {
-                // Silent failure to prevent error loops
-            });
-        }
-    }
-    /**
-     * Write audit event to file
-     */
-    async writeAuditLog(event) {
-        if (!this.config.auditLogPath)
-            return;
-        try {
-            const fs = await import('fs/promises');
-            const logLine = JSON.stringify(event) + '\\n';
-            await fs.appendFile(this.config.auditLogPath, logLine, { flag: 'a' });
-        }
-        catch {
-            // Silent failure
-        }
-    }
-    /**
-     * Generate cryptographically secure session ID
-     */
-    generateSessionId() {
-        return crypto__namespace.randomBytes(16).toString('hex');
-    }
-    /**
-     * Get current audit events for this session
-     */
-    getAuditEvents() {
-        return [...this.auditEvents];
-    }
-    /**
-     * Clear sensitive data from memory
-     */
-    clearSensitiveData() {
-        if (!this.config.enabled || !this.config.memoryProtection)
-            return;
-        // Clear audit events
-        this.auditEvents.length = 0;
-        // Force garbage collection if available
-        if (global.gc) {
-            global.gc();
-        }
     }
     /**
-     * Validate transport security
+     * Calculate overall risk score based on scan results and threat intel
      */
-    validateTransportSecurity(url) {
-        if (!this.config.enabled || !this.config.requireSecureTransport) {
-            return true;
-        }
-        if (!url)
-            return true;
-        try {
-            const urlObj = new URL(url);
-            const isSecure = urlObj.protocol === 'https:' || urlObj.hostname === 'localhost' || urlObj.hostname === '127.0.0.1';
-            if (!isSecure) {
-                this.auditLog('security_violation', {
-                    action: 'insecure_transport',
-                    success: false,
-                    metadata: { protocol: urlObj.protocol, hostname: urlObj.hostname }
-                });
-            }
-            return isSecure;
+    calculateRiskScore(report, threats) {
+        let score = 0;
+        // Base score from verdict
+        switch (report.verdict) {
+            case 'malicious':
+                score += 70;
+                break;
+            case 'suspicious':
+                score += 40;
+                break;
+            case 'clean':
+                score += 0;
+                break;
         }
-        catch {
-            return false;
+        // Add points for number of matches
+        score += Math.min(report.matches.length * 5, 20);
+        // Add points from threat intelligence
+        if (threats.length > 0) {
+            const maxThreat = Math.max(...threats.map(t => t.threatLevel));
+            score = Math.max(score, maxThreat);
         }
+        return Math.min(score, 100);
     }
 }
-// Global HIPAA compliance instance
-let hipaaManager = null;
 /**
- * Initialize HIPAA compliance
+ * Create default threat intelligence aggregator
  */
-function initializeHipaaCompliance(config) {
-    hipaaManager = new HipaaComplianceManager(config);
-    return hipaaManager;
+function createThreatIntelligence() {
+    return new ThreatIntelligenceAggregator();
 }
 /**
- * Get current HIPAA compliance manager
+ * Helper to get file hash
  */
-function getHipaaManager() {
-    return hipaaManager;
+function getFileHash(content) {
+    return crypto.createHash('sha256').update(content).digest('hex');
 }
+
 /**
- * HIPAA-compliant error wrapper
+ * Export utilities for scan results
+ * @module utils/export
  */
-function createHipaaError(error, context) {
-    const manager = getHipaaManager();
-    if (!manager) {
-        return typeof error === 'string' ? new Error(error) : error;
-    }
-    const sanitizedMessage = manager.sanitizeError(error);
-    const hipaaError = new Error(sanitizedMessage);
-    manager.auditLog('error_occurred', {
-        action: context || 'error',
-        success: false,
-        sanitizedError: sanitizedMessage
-    });
-    return hipaaError;
-}
 /**
- * HIPAA-compliant temporary file utilities
+ * Export scan results to various formats
  */
-const HipaaTemp = {
-    createPath: (prefix) => {
-        const manager = getHipaaManager();
-        return manager ? manager.createSecureTempPath(prefix) : path__namespace.join(os__namespace.tmpdir(), `${prefix || 'pompelmi'}-${Date.now()}`);
-    },
-    cleanup: async (filePath) => {
-        const manager = getHipaaManager();
-        if (manager) {
-            await manager.secureFileCleanup(filePath);
+class ScanResultExporter {
+    /**
+     * Export to JSON format
+     */
+    toJSON(reports, options = {}) {
+        const data = Array.isArray(reports) ? reports : [reports];
+        if (!options.includeDetails) {
+            // Simplified output
+            const simplified = data.map(r => ({
+                verdict: r.verdict,
+                file: r.file?.name,
+                matches: r.matches.length,
+                durationMs: r.durationMs,
+            }));
+            return options.prettyPrint
+                ? JSON.stringify(simplified, null, 2)
+                : JSON.stringify(simplified);
         }
-        else {
-            try {
-                const fs = await import('fs/promises');
-                await fs.unlink(filePath);
-            }
-            catch {
-                // Ignore errors
-            }
+        return options.prettyPrint
+            ? JSON.stringify(data, null, 2)
+            : JSON.stringify(data);
+    }
+    /**
+     * Export to CSV format
+     */
+    toCSV(reports, options = {}) {
+        const data = Array.isArray(reports) ? reports : [reports];
+        const headers = [
+            'filename',
+            'verdict',
+            'matches_count',
+            'file_size',
+            'mime_type',
+            'duration_ms',
+            'engine',
+        ];
+        if (options.includeDetails) {
+            headers.push('reasons', 'match_rules');
         }
+        const rows = data.map(report => {
+            const row = [
+                this.escapeCsv(report.file?.name || 'unknown'),
+                report.verdict,
+                report.matches.length.toString(),
+                (report.file?.size || 0).toString(),
+                this.escapeCsv(report.file?.mimeType || 'unknown'),
+                (report.durationMs || 0).toString(),
+                report.engine || 'unknown',
+            ];
+            if (options.includeDetails) {
+                row.push(this.escapeCsv((report.reasons || []).join('; ')), this.escapeCsv(report.matches.map(m => m.rule).join('; ')));
+            }
+            return row.join(',');
+        });
+        return [headers.join(','), ...rows].join('\n');
     }
-};
-
-function mapMatchesToVerdict(matches = []) {
-    if (!matches.length)
-        return 'clean';
-    const malHints = ['trojan', 'ransom', 'worm', 'spy', 'rootkit', 'keylog', 'botnet'];
-    const tagSet = new Set(matches.flatMap(m => (m.tags ?? []).map(t => t.toLowerCase())));
-    const nameHit = (r) => malHints.some(h => r.toLowerCase().includes(h));
-    const isMal = matches.some(m => nameHit(m.rule)) || tagSet.has('malware') || tagSet.has('critical');
-    return isMal ? 'malicious' : 'suspicious';
-}
-
-const SIG_CEN = 0x02014b50;
-const DEFAULTS = {
-    maxEntries: 1000,
-    maxTotalUncompressedBytes: 500 * 1024 * 1024,
-    maxEntryNameLength: 255,
-    maxCompressionRatio: 1000,
-    eocdSearchWindow: 70000,
-};
-function r16(buf, off) {
-    return buf.readUInt16LE(off);
-}
-function r32(buf, off) {
-    return buf.readUInt32LE(off);
-}
-function isZipLike(buf) {
-    // local file header at start is common
-    return buf.length >= 4 && buf[0] === 0x50 && buf[1] === 0x4b && buf[2] === 0x03 && buf[3] === 0x04;
-}
-function lastIndexOfEOCD(buf, window) {
-    const sig = Buffer.from([0x50, 0x4b, 0x05, 0x06]);
-    const start = Math.max(0, buf.length - window);
-    const idx = buf.lastIndexOf(sig, Math.min(buf.length - sig.length, buf.length - 1));
-    return idx >= start ? idx : -1;
-}
-function hasTraversal(name) {
-    return name.includes('../') || name.includes('..\\') || name.startsWith('/') || /^[A-Za-z]:/.test(name);
-}
-function createZipBombGuard(opts = {}) {
-    const cfg = { ...DEFAULTS, ...opts };
-    return {
-        async scan(input) {
-            const buf = Buffer.from(input);
-            const matches = [];
-            if (!isZipLike(buf))
-                return matches;
-            // Find EOCD near the end
-            const eocdPos = lastIndexOfEOCD(buf, cfg.eocdSearchWindow);
-            if (eocdPos < 0 || eocdPos + 22 > buf.length) {
-                // ZIP but no EOCD — malformed or polyglot → suspicious
-                matches.push({ rule: 'zip_eocd_not_found', severity: 'medium' });
-                return matches;
-            }
-            const totalEntries = r16(buf, eocdPos + 10);
-            const cdSize = r32(buf, eocdPos + 12);
-            const cdOffset = r32(buf, eocdPos + 16);
-            // Bounds check
-            if (cdOffset + cdSize > buf.length) {
-                matches.push({ rule: 'zip_cd_out_of_bounds', severity: 'medium' });
-                return matches;
-            }
-            // Iterate central directory entries
-            let ptr = cdOffset;
-            let seen = 0;
-            let sumComp = 0;
-            let sumUnc = 0;
-            while (ptr + 46 <= cdOffset + cdSize && seen < totalEntries) {
-                const sig = r32(buf, ptr);
-                if (sig !== SIG_CEN)
-                    break; // stop if structure breaks
-                const compSize = r32(buf, ptr + 20);
-                const uncSize = r32(buf, ptr + 24);
-                const fnLen = r16(buf, ptr + 28);
-                const exLen = r16(buf, ptr + 30);
-                const cmLen = r16(buf, ptr + 32);
-                const nameStart = ptr + 46;
-                const nameEnd = nameStart + fnLen;
-                if (nameEnd > buf.length)
-                    break;
-                const name = buf.toString('utf8', nameStart, nameEnd);
-                sumComp += compSize;
-                sumUnc += uncSize;
-                seen++;
-                if (name.length > cfg.maxEntryNameLength) {
-                    matches.push({ rule: 'zip_entry_name_too_long', severity: 'medium', meta: { name, length: name.length } });
-                }
-                if (hasTraversal(name)) {
-                    matches.push({ rule: 'zip_path_traversal_entry', severity: 'medium', meta: { name } });
+    /**
+     * Export to Markdown format
+     */
+    toMarkdown(reports, options = {}) {
+        const data = Array.isArray(reports) ? reports : [reports];
+        let md = '# Scan Results\n\n';
+        md += `**Total Scans:** ${data.length}\n\n`;
+        const clean = data.filter(r => r.verdict === 'clean').length;
+        const suspicious = data.filter(r => r.verdict === 'suspicious').length;
+        const malicious = data.filter(r => r.verdict === 'malicious').length;
+        md += '## Summary\n\n';
+        md += `- ✅ Clean: ${clean}\n`;
+        md += `- ⚠️ Suspicious: ${suspicious}\n`;
+        md += `- ❌ Malicious: ${malicious}\n\n`;
+        md += '## Detailed Results\n\n';
+        for (const report of data) {
+            const icon = report.verdict === 'clean' ? '✅' : report.verdict === 'suspicious' ? '⚠️' : '❌';
+            md += `### ${icon} ${report.file?.name || 'Unknown'}\n\n`;
+            md += `- **Verdict:** ${report.verdict}\n`;
+            md += `- **Size:** ${this.formatBytes(report.file?.size || 0)}\n`;
+            md += `- **MIME Type:** ${report.file?.mimeType || 'unknown'}\n`;
+            md += `- **Duration:** ${report.durationMs || 0}ms\n`;
+            md += `- **Matches:** ${report.matches.length}\n`;
+            if (options.includeDetails && report.matches.length > 0) {
+                md += '\n**Match Details:**\n';
+                for (const match of report.matches) {
+                    md += `- ${match.rule}`;
+                    if (match.tags && match.tags.length > 0) {
+                        md += ` (${match.tags.join(', ')})`;
+                    }
+                    md += '\n';
                 }
-                // move to next entry
-                ptr = nameEnd + exLen + cmLen;
-            }
-            if (seen !== totalEntries) {
-                // central dir truncated/odd, still report what we found
-                matches.push({ rule: 'zip_cd_truncated', severity: 'medium', meta: { seen, totalEntries } });
-            }
-            // Heuristics thresholds
-            if (seen > cfg.maxEntries) {
-                matches.push({ rule: 'zip_too_many_entries', severity: 'medium', meta: { seen, limit: cfg.maxEntries } });
-            }
-            if (sumUnc > cfg.maxTotalUncompressedBytes) {
-                matches.push({
-                    rule: 'zip_total_uncompressed_too_large',
-                    severity: 'medium',
-                    meta: { totalUncompressed: sumUnc, limit: cfg.maxTotalUncompressedBytes }
-                });
             }
-            if (sumComp === 0 && sumUnc > 0) {
-                matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio: Infinity } });
-            }
-            else if (sumComp > 0) {
-                const ratio = sumUnc / Math.max(1, sumComp);
-                if (ratio >= cfg.maxCompressionRatio) {
-                    matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio, limit: cfg.maxCompressionRatio } });
+            md += '\n';
+        }
+        return md;
+    }
+    /**
+     * Export to SARIF format (Static Analysis Results Interchange Format)
+     * Useful for CI/CD integration
+     */
+    toSARIF(reports, options = {}) {
+        const data = Array.isArray(reports) ? reports : [reports];
+        const results = data.flatMap(report => {
+            if (report.verdict === 'clean')
+                return [];
+            return report.matches.map(match => ({
+                ruleId: match.rule,
+                level: report.verdict === 'malicious' ? 'error' : 'warning',
+                message: {
+                    text: `${match.rule} detected in ${report.file?.name || 'unknown file'}`,
+                },
+                locations: [
+                    {
+                        physicalLocation: {
+                            artifactLocation: {
+                                uri: report.file?.name || 'unknown',
+                            },
+                        },
+                    },
+                ],
+                properties: {
+                    tags: match.tags,
+                    metadata: match.meta,
+                },
+            }));
+        });
+        const sarif = {
+            version: '2.1.0',
+            $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+            runs: [
+                {
+                    tool: {
+                        driver: {
+                            name: 'Pompelmi',
+                            version: '0.29.0',
+                            informationUri: 'https://pompelmi.github.io/pompelmi/',
+                        },
+                    },
+                    results,
+                },
+            ],
+        };
+        return options.prettyPrint
+            ? JSON.stringify(sarif, null, 2)
+            : JSON.stringify(sarif);
+    }
+    /**
+     * Export to HTML format
+     */
+    toHTML(reports, options = {}) {
+        const data = Array.isArray(reports) ? reports : [reports];
+        const clean = data.filter(r => r.verdict === 'clean').length;
+        const suspicious = data.filter(r => r.verdict === 'suspicious').length;
+        const malicious = data.filter(r => r.verdict === 'malicious').length;
+        let html = `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Pompelmi Scan Results</title>
+  <style>
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 1200px; margin: 0 auto; padding: 20px; }
+    .summary { display: grid; grid-template-columns: repeat(3, 1fr); gap: 20px; margin: 20px 0; }
+    .card { padding: 20px; border-radius: 8px; text-align: center; }
+    .clean { background: #d4edda; color: #155724; }
+    .suspicious { background: #fff3cd; color: #856404; }
+    .malicious { background: #f8d7da; color: #721c24; }
+    .result { border: 1px solid #ddd; border-radius: 8px; padding: 15px; margin: 10px 0; }
+    .result h3 { margin-top: 0; }
+    .badge { display: inline-block; padding: 4px 8px; border-radius: 4px; font-size: 0.8em; margin: 2px; }
+    table { width: 100%; border-collapse: collapse; }
+    th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
+  </style>
+</head>
+<body>
+  <h1>🛡️ Pompelmi Scan Results</h1>
+  <div class="summary">
+    <div class="card clean"><h2>${clean}</h2><p>Clean Files</p></div>
+    <div class="card suspicious"><h2>${suspicious}</h2><p>Suspicious Files</p></div>
+    <div class="card malicious"><h2>${malicious}</h2><p>Malicious Files</p></div>
+  </div>
+  <h2>Detailed Results</h2>`;
+        for (const report of data) {
+            const statusClass = report.verdict;
+            html += `<div class="result ${statusClass}">`;
+            html += `<h3>${this.escapeHtml(report.file?.name || 'Unknown')}</h3>`;
+            html += `<table>`;
+            html += `<tr><th>Verdict</th><td>${report.verdict.toUpperCase()}</td></tr>`;
+            html += `<tr><th>Size</th><td>${this.formatBytes(report.file?.size || 0)}</td></tr>`;
+            html += `<tr><th>MIME Type</th><td>${this.escapeHtml(report.file?.mimeType || 'unknown')}</td></tr>`;
+            html += `<tr><th>Duration</th><td>${report.durationMs || 0}ms</td></tr>`;
+            html += `<tr><th>Matches</th><td>${report.matches.length}</td></tr>`;
+            html += `</table>`;
+            if (options.includeDetails && report.matches.length > 0) {
+                html += `<h4>Match Details:</h4><ul>`;
+                for (const match of report.matches) {
+                    html += `<li><strong>${this.escapeHtml(match.rule)}</strong>`;
+                    if (match.tags && match.tags.length > 0) {
+                        html += ` ${match.tags.map(tag => `<span class="badge">${this.escapeHtml(tag)}</span>`).join('')}`;
+                    }
+                    html += `</li>`;
                 }
+                html += `</ul>`;
             }
-            return matches;
+            html += `</div>`;
+        }
+        html += `</body></html>`;
+        return html;
+    }
+    /**
+     * Export to specified format
+     */
+    export(reports, format, options = {}) {
+        switch (format) {
+            case 'json':
+                return this.toJSON(reports, options);
+            case 'csv':
+                return this.toCSV(reports, options);
+            case 'markdown':
+                return this.toMarkdown(reports, options);
+            case 'html':
+                return this.toHTML(reports, options);
+            case 'sarif':
+                return this.toSARIF(reports, options);
+            default:
+                throw new Error(`Unsupported export format: ${format}`);
         }
-    };
+    }
+    escapeCsv(value) {
+        if (value.includes(',') || value.includes('"') || value.includes('\n')) {
+            return `"${value.replace(/"/g, '""')}"`;
+        }
+        return value;
+    }
+    escapeHtml(value) {
+        return value
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#039;');
+    }
+    formatBytes(bytes) {
+        if (bytes === 0)
+            return '0 Bytes';
+        const k = 1024;
+        const sizes = ['Bytes', 'KB', 'MB', 'GB'];
+        const i = Math.floor(Math.log(bytes) / Math.log(k));
+        return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i];
+    }
 }
-
-const MB = 1024 * 1024;
-const DEFAULT_POLICY = {
-    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf'],
-    allowedMimeTypes: ['application/zip', 'image/png', 'image/jpeg', 'application/pdf', 'text/plain'],
-    maxFileSizeBytes: 20 * MB,
-    timeoutMs: 5000,
-    concurrency: 4,
-    failClosed: true
-};
-function definePolicy(input = {}) {
-    const p = { ...DEFAULT_POLICY, ...input };
-    if (!Array.isArray(p.includeExtensions))
-        throw new TypeError('includeExtensions must be string[]');
-    if (!Array.isArray(p.allowedMimeTypes))
-        throw new TypeError('allowedMimeTypes must be string[]');
-    if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))
-        throw new TypeError('maxFileSizeBytes must be > 0');
-    if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))
-        throw new TypeError('timeoutMs must be > 0');
-    if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))
-        throw new TypeError('concurrency must be > 0');
-    return p;
+/**
+ * Quick export helper
+ */
+function exportScanResults(reports, format, options) {
+    const exporter = new ScanResultExporter();
+    return exporter.export(reports, format, options);
 }
 
 /**
- * Batch scanning with concurrency control
- * @module utils/batch-scanner
+ * Advanced configuration system for pompelmi
+ * @module config
  */
 /**
- * Batch file scanner with concurrency control and progress tracking
+ * Default configuration
  */
-class BatchScanner {
-    constructor(options = {}) {
-        this.options = {
-            concurrency: 5,
-            continueOnError: true,
-            ...options,
-        };
-    }
-    /**
-     * Scan multiple files with controlled concurrency
-     */
-    async scanBatch(tasks) {
-        const startTime = Date.now();
-        const results = new Array(tasks.length);
-        const errors = [];
-        let successCount = 0;
-        let errorCount = 0;
-        let completedCount = 0;
-        const concurrency = this.options.concurrency ?? 5;
-        // Process tasks in chunks with controlled concurrency
-        const processingQueue = [];
-        let currentIndex = 0;
-        const processTask = async (index) => {
-            try {
-                const task = tasks[index];
-                const report = await scanBytes(task.content, {
-                    ...this.options,
-                    ctx: task.context,
-                });
-                results[index] = report;
-                successCount++;
-                completedCount++;
-                if (this.options.onProgress) {
-                    this.options.onProgress(completedCount, tasks.length, report);
-                }
-            }
-            catch (error) {
-                errorCount++;
-                completedCount++;
-                const err = error instanceof Error ? error : new Error(String(error));
-                if (this.options.onError) {
-                    this.options.onError(err, index);
-                }
-                errors.push({ index, error: err });
-                if (!this.options.continueOnError) {
-                    throw err;
-                }
-                results[index] = null;
-            }
-        };
-        // Start initial batch of concurrent tasks
-        while (currentIndex < tasks.length) {
-            while (processingQueue.length < concurrency && currentIndex < tasks.length) {
-                const promise = processTask(currentIndex);
-                processingQueue.push(promise);
-                currentIndex++;
-                // Remove completed promises from queue
-                promise.finally(() => {
-                    const idx = processingQueue.indexOf(promise);
-                    if (idx > -1)
-                        processingQueue.splice(idx, 1);
-                });
-            }
-            // Wait for at least one task to complete before continuing
-            if (processingQueue.length >= concurrency) {
-                await Promise.race(processingQueue);
-            }
-        }
-        // Wait for all remaining tasks
-        await Promise.all(processingQueue);
-        const totalDurationMs = Date.now() - startTime;
-        return {
-            reports: results,
-            successCount,
-            errorCount,
-            totalDurationMs,
-            errors,
-        };
+const DEFAULT_CONFIG = {
+    defaultPreset: 'zip-basic',
+    performance: {
+        enableCache: false,
+        enablePerformanceTracking: false,
+        enableParallel: true,
+        maxConcurrency: 5,
+        cacheOptions: {
+            maxSize: 1000,
+            ttl: 3600000, // 1 hour
+            enableLRU: true,
+            enableStats: false,
+        },
+    },
+    security: {
+        maxFileSize: 100 * 1024 * 1024, // 100MB
+        enableThreatIntel: false,
+        scanTimeout: 30000, // 30 seconds
+        strictMode: false,
+    },
+    advanced: {
+        enablePolyglotDetection: true,
+        enableObfuscationDetection: true,
+        enableNestedArchiveAnalysis: true,
+        maxArchiveDepth: 5,
+    },
+    logging: {
+        verbose: false,
+        level: 'info',
+        enableStats: false,
+    },
+};
+/**
+ * Configuration presets for common use cases
+ */
+const CONFIG_PRESETS = {
+    /** Fast scanning with minimal features */
+    fast: {
+        defaultPreset: 'basic',
+        performance: {
+            enableCache: true,
+            enablePerformanceTracking: false,
+            maxConcurrency: 10,
+        },
+        advanced: {
+            enablePolyglotDetection: false,
+            enableObfuscationDetection: false,
+            enableNestedArchiveAnalysis: false,
+        },
+    },
+    /** Balanced scanning (recommended) */
+    balanced: DEFAULT_CONFIG,
+    /** Thorough scanning with all features */
+    thorough: {
+        defaultPreset: 'advanced',
+        performance: {
+            enableCache: true,
+            enablePerformanceTracking: true,
+            maxConcurrency: 3,
+        },
+        security: {
+            maxFileSize: 500 * 1024 * 1024, // 500MB
+            enableThreatIntel: true,
+            scanTimeout: 60000, // 60 seconds
+            strictMode: true,
+        },
+        advanced: {
+            enablePolyglotDetection: true,
+            enableObfuscationDetection: true,
+            enableNestedArchiveAnalysis: true,
+            maxArchiveDepth: 10,
+        },
+        logging: {
+            verbose: true,
+            level: 'debug',
+            enableStats: true,
+        },
+    },
+    /** Production-ready configuration */
+    production: {
+        defaultPreset: 'advanced',
+        performance: {
+            enableCache: true,
+            enablePerformanceTracking: true,
+            maxConcurrency: 5,
+            cacheOptions: {
+                maxSize: 5000,
+                ttl: 7200000, // 2 hours
+                enableLRU: true,
+                enableStats: true,
+            },
+        },
+        security: {
+            maxFileSize: 200 * 1024 * 1024, // 200MB
+            enableThreatIntel: true,
+            scanTimeout: 45000,
+            strictMode: false,
+        },
+        advanced: {
+            enablePolyglotDetection: true,
+            enableObfuscationDetection: true,
+            enableNestedArchiveAnalysis: true,
+            maxArchiveDepth: 7,
+        },
+        logging: {
+            verbose: false,
+            level: 'warn',
+            enableStats: true,
+        },
+    },
+    /** Development configuration */
+    development: {
+        defaultPreset: 'basic',
+        performance: {
+            enableCache: false,
+            enablePerformanceTracking: true,
+            maxConcurrency: 3,
+        },
+        security: {
+            maxFileSize: 50 * 1024 * 1024, // 50MB
+            scanTimeout: 15000,
+            strictMode: false,
+        },
+        logging: {
+            verbose: true,
+            level: 'debug',
+            enableStats: true,
+        },
+    },
+};
+/**
+ * Configuration manager
+ */
+class ConfigManager {
+    constructor(initialConfig) {
+        this.config = this.mergeConfig(DEFAULT_CONFIG, initialConfig || {});
     }
     /**
-     * Scan files from File objects (browser environment)
+     * Get current configuration
      */
-    async scanFiles(files) {
-        const tasks = await Promise.all(files.map(async (file) => ({
-            content: new Uint8Array(await file.arrayBuffer()),
-            context: {
-                filename: file.name,
-                mimeType: file.type,
-                size: file.size,
-            },
-        })));
-        return this.scanBatch(tasks);
+    getConfig() {
+        return { ...this.config };
     }
     /**
-     * Scan files from file paths (Node.js environment)
+     * Update configuration
      */
-    async scanFilePaths(filePaths) {
-        const fs = await import('fs/promises');
-        const path = await import('path');
-        const tasks = await Promise.all(filePaths.map(async (filePath) => {
-            const [content, stats] = await Promise.all([
-                fs.readFile(filePath),
-                fs.stat(filePath),
-            ]);
-            return {
-                content: new Uint8Array(content),
-                context: {
-                    filename: path.basename(filePath),
-                    size: stats.size,
-                },
-            };
-        }));
-        return this.scanBatch(tasks);
-    }
-}
-/**
- * Quick helper for batch scanning with default options
- */
-async function batchScan(tasks, options) {
-    const scanner = new BatchScanner(options);
-    return scanner.scanBatch(tasks);
-}
-
-/**
- * Threat intelligence integration and enhanced detection
- * @module utils/threat-intelligence
- */
-/**
- * Built-in threat intelligence - known malware hashes
- * In production, this would connect to real threat intel APIs
- */
-class LocalThreatIntelligence {
-    constructor() {
-        this.name = 'Local Database';
-        this.knownThreats = new Map();
-        // Initialize with some example known threats (in production, load from database)
-        this.initializeKnownThreats();
-    }
-    initializeKnownThreats() {
-        // Example: EICAR test file hash
-        this.knownThreats.set('275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f', {
-            threatLevel: 100,
-            category: 'test-malware',
-            source: 'local',
-            metadata: { name: 'EICAR Test File' },
-        });
-    }
-    async checkHash(hash) {
-        return this.knownThreats.get(hash.toLowerCase()) || null;
+    updateConfig(updates) {
+        this.config = this.mergeConfig(this.config, updates);
     }
     /**
-     * Add a known threat to the local database
+     * Load a preset configuration
      */
-    addThreat(hash, info) {
-        this.knownThreats.set(hash.toLowerCase(), info);
+    loadPreset(preset) {
+        const presetConfig = CONFIG_PRESETS[preset];
+        this.config = this.mergeConfig(DEFAULT_CONFIG, presetConfig);
     }
     /**
-     * Remove a threat from the local database
+     * Reset to default configuration
      */
-    removeThreat(hash) {
-        return this.knownThreats.delete(hash.toLowerCase());
+    reset() {
+        this.config = { ...DEFAULT_CONFIG };
     }
     /**
-     * Get all known threats
+     * Get a specific configuration value
      */
-    getAllThreats() {
-        return new Map(this.knownThreats);
-    }
-}
-/**
- * Threat intelligence aggregator
- */
-class ThreatIntelligenceAggregator {
-    constructor(sources) {
-        this.sources = [];
-        if (sources) {
-            this.sources = sources;
-        }
-        else {
-            // Default to local intelligence
-            this.sources = [new LocalThreatIntelligence()];
-        }
+    get(key) {
+        return this.config[key];
     }
     /**
-     * Add a threat intelligence source
+     * Set a specific configuration value
      */
-    addSource(source) {
-        this.sources.push(source);
+    set(key, value) {
+        this.config[key] = value;
     }
     /**
-     * Check file hash against all sources
+     * Validate configuration
      */
-    async checkHash(hash) {
-        const results = await Promise.allSettled(this.sources.map(source => source.checkHash(hash)));
-        const threats = [];
-        for (const result of results) {
-            if (result.status === 'fulfilled' && result.value) {
-                threats.push(result.value);
+    validate() {
+        const errors = [];
+        // Validate performance settings
+        if (this.config.performance?.maxConcurrency !== undefined) {
+            if (this.config.performance.maxConcurrency < 1) {
+                errors.push('maxConcurrency must be at least 1');
+            }
+            if (this.config.performance.maxConcurrency > 50) {
+                errors.push('maxConcurrency should not exceed 50');
             }
         }
-        return threats;
+        // Validate security settings
+        if (this.config.security?.maxFileSize !== undefined) {
+            if (this.config.security.maxFileSize < 1024) {
+                errors.push('maxFileSize must be at least 1KB');
+            }
+        }
+        if (this.config.security?.scanTimeout !== undefined) {
+            if (this.config.security.scanTimeout < 1000) {
+                errors.push('scanTimeout must be at least 1000ms');
+            }
+        }
+        // Validate advanced settings
+        if (this.config.advanced?.maxArchiveDepth !== undefined) {
+            if (this.config.advanced.maxArchiveDepth < 1) {
+                errors.push('maxArchiveDepth must be at least 1');
+            }
+            if (this.config.advanced.maxArchiveDepth > 20) {
+                errors.push('maxArchiveDepth should not exceed 20');
+            }
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+        };
     }
     /**
-     * Enhance scan report with threat intelligence
+     * Deep merge configuration objects
      */
-    async enhanceScanReport(content, report) {
-        // Calculate file hash
-        const hash = crypto.createHash('sha256').update(content).digest('hex');
-        // Check threat intelligence
-        const threatIntel = await this.checkHash(hash);
-        // Calculate risk score
-        const riskScore = this.calculateRiskScore(report, threatIntel);
+    mergeConfig(base, updates) {
         return {
-            ...report,
-            fileHash: hash,
-            threatIntel: threatIntel.length > 0 ? threatIntel : undefined,
-            riskScore,
+            ...base,
+            ...updates,
+            performance: {
+                ...base.performance,
+                ...updates.performance,
+                cacheOptions: {
+                    ...base.performance?.cacheOptions,
+                    ...updates.performance?.cacheOptions,
+                },
+            },
+            security: {
+                ...base.security,
+                ...updates.security,
+            },
+            advanced: {
+                ...base.advanced,
+                ...updates.advanced,
+            },
+            logging: {
+                ...base.logging,
+                ...updates.logging,
+            },
+            callbacks: {
+                ...base.callbacks,
+                ...updates.callbacks,
+            },
+            presetOptions: {
+                ...base.presetOptions,
+                ...updates.presetOptions,
+            },
         };
     }
     /**
-     * Calculate overall risk score based on scan results and threat intel
+     * Export configuration as JSON
      */
-    calculateRiskScore(report, threats) {
-        let score = 0;
-        // Base score from verdict
-        switch (report.verdict) {
-            case 'malicious':
-                score += 70;
-                break;
-            case 'suspicious':
-                score += 40;
-                break;
-            case 'clean':
-                score += 0;
-                break;
+    toJSON() {
+        return JSON.stringify(this.config, null, 2);
+    }
+    /**
+     * Load configuration from JSON
+     */
+    fromJSON(json) {
+        try {
+            const parsed = JSON.parse(json);
+            this.config = this.mergeConfig(DEFAULT_CONFIG, parsed);
         }
-        // Add points for number of matches
-        score += Math.min(report.matches.length * 5, 20);
-        // Add points from threat intelligence
-        if (threats.length > 0) {
-            const maxThreat = Math.max(...threats.map(t => t.threatLevel));
-            score = Math.max(score, maxThreat);
+        catch (error) {
+            throw new Error(`Failed to parse configuration JSON: ${error}`);
         }
-        return Math.min(score, 100);
     }
 }
 /**
- * Create default threat intelligence aggregator
- */
-function createThreatIntelligence() {
-    return new ThreatIntelligenceAggregator();
+ * Create a new configuration manager
+ */
+function createConfig(config) {
+    return new ConfigManager(config);
 }
 /**
- * Helper to get file hash
+ * Get a preset configuration
  */
-function getFileHash(content) {
-    return crypto.createHash('sha256').update(content).digest('hex');
+function getPresetConfig(preset) {
+    return { ...DEFAULT_CONFIG, ...CONFIG_PRESETS[preset] };
 }
 
 /**
- * Export utilities for scan results
- * @module utils/export
- */
-/**
- * Export scan results to various formats
+ * HIPAA Compliance Module for Pompelmi
+ *
+ * This module provides comprehensive HIPAA compliance features for healthcare environments
+ * where Pompelmi is used to analyze potentially compromised systems containing PHI.
+ *
+ * Key protections:
+ * - Data sanitization and redaction
+ * - Secure temporary file handling
+ * - Audit logging
+ * - Memory protection
+ * - Error message sanitization
  */
-class ScanResultExporter {
-    /**
-     * Export to JSON format
-     */
-    toJSON(reports, options = {}) {
-        const data = Array.isArray(reports) ? reports : [reports];
-        if (!options.includeDetails) {
-            // Simplified output
-            const simplified = data.map(r => ({
-                verdict: r.verdict,
-                file: r.file?.name,
-                matches: r.matches.length,
-                durationMs: r.durationMs,
-            }));
-            return options.prettyPrint
-                ? JSON.stringify(simplified, null, 2)
-                : JSON.stringify(simplified);
-        }
-        return options.prettyPrint
-            ? JSON.stringify(data, null, 2)
-            : JSON.stringify(data);
-    }
-    /**
-     * Export to CSV format
-     */
-    toCSV(reports, options = {}) {
-        const data = Array.isArray(reports) ? reports : [reports];
-        const headers = [
-            'filename',
-            'verdict',
-            'matches_count',
-            'file_size',
-            'mime_type',
-            'duration_ms',
-            'engine',
-        ];
-        if (options.includeDetails) {
-            headers.push('reasons', 'match_rules');
-        }
-        const rows = data.map(report => {
-            const row = [
-                this.escapeCsv(report.file?.name || 'unknown'),
-                report.verdict,
-                report.matches.length.toString(),
-                (report.file?.size || 0).toString(),
-                this.escapeCsv(report.file?.mimeType || 'unknown'),
-                (report.durationMs || 0).toString(),
-                report.engine || 'unknown',
-            ];
-            if (options.includeDetails) {
-                row.push(this.escapeCsv((report.reasons || []).join('; ')), this.escapeCsv(report.matches.map(m => m.rule).join('; ')));
-            }
-            return row.join(',');
-        });
-        return [headers.join(','), ...rows].join('\n');
+class HipaaComplianceManager {
+    constructor(config) {
+        this.auditEvents = [];
+        this.config = {
+            sanitizeErrors: true,
+            sanitizeFilenames: true,
+            encryptTempFiles: true,
+            memoryProtection: true,
+            requireSecureTransport: true,
+            ...config,
+            enabled: config.enabled !== undefined ? config.enabled : true
+        };
+        this.sessionId = this.generateSessionId();
     }
     /**
-     * Export to Markdown format
+     * Sanitize filename to prevent PHI leakage in logs
      */
-    toMarkdown(reports, options = {}) {
-        const data = Array.isArray(reports) ? reports : [reports];
-        let md = '# Scan Results\n\n';
-        md += `**Total Scans:** ${data.length}\n\n`;
-        const clean = data.filter(r => r.verdict === 'clean').length;
-        const suspicious = data.filter(r => r.verdict === 'suspicious').length;
-        const malicious = data.filter(r => r.verdict === 'malicious').length;
-        md += '## Summary\n\n';
-        md += `- ✅ Clean: ${clean}\n`;
-        md += `- ⚠️ Suspicious: ${suspicious}\n`;
-        md += `- ❌ Malicious: ${malicious}\n\n`;
-        md += '## Detailed Results\n\n';
-        for (const report of data) {
-            const icon = report.verdict === 'clean' ? '✅' : report.verdict === 'suspicious' ? '⚠️' : '❌';
-            md += `### ${icon} ${report.file?.name || 'Unknown'}\n\n`;
-            md += `- **Verdict:** ${report.verdict}\n`;
-            md += `- **Size:** ${this.formatBytes(report.file?.size || 0)}\n`;
-            md += `- **MIME Type:** ${report.file?.mimeType || 'unknown'}\n`;
-            md += `- **Duration:** ${report.durationMs || 0}ms\n`;
-            md += `- **Matches:** ${report.matches.length}\n`;
-            if (options.includeDetails && report.matches.length > 0) {
-                md += '\n**Match Details:**\n';
-                for (const match of report.matches) {
-                    md += `- ${match.rule}`;
-                    if (match.tags && match.tags.length > 0) {
-                        md += ` (${match.tags.join(', ')})`;
-                    }
-                    md += '\n';
-                }
-            }
-            md += '\n';
+    sanitizeFilename(filename) {
+        if (!this.config.enabled || !this.config.sanitizeFilenames || !filename) {
+            return filename || 'unknown';
         }
-        return md;
-    }
-    /**
-     * Export to SARIF format (Static Analysis Results Interchange Format)
-     * Useful for CI/CD integration
-     */
-    toSARIF(reports, options = {}) {
-        const data = Array.isArray(reports) ? reports : [reports];
-        const results = data.flatMap(report => {
-            if (report.verdict === 'clean')
-                return [];
-            return report.matches.map(match => ({
-                ruleId: match.rule,
-                level: report.verdict === 'malicious' ? 'error' : 'warning',
-                message: {
-                    text: `${match.rule} detected in ${report.file?.name || 'unknown file'}`,
-                },
-                locations: [
-                    {
-                        physicalLocation: {
-                            artifactLocation: {
-                                uri: report.file?.name || 'unknown',
-                            },
-                        },
-                    },
-                ],
-                properties: {
-                    tags: match.tags,
-                    metadata: match.meta,
-                },
-            }));
-        });
-        const sarif = {
-            version: '2.1.0',
-            $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
-            runs: [
-                {
-                    tool: {
-                        driver: {
-                            name: 'Pompelmi',
-                            version: '0.29.0',
-                            informationUri: 'https://pompelmi.github.io/pompelmi/',
-                        },
-                    },
-                    results,
-                },
-            ],
-        };
-        return options.prettyPrint
-            ? JSON.stringify(sarif, null, 2)
-            : JSON.stringify(sarif);
+        // Remove potentially sensitive path information
+        const basename = path__namespace.basename(filename);
+        // Hash the filename to create a consistent but non-revealing identifier
+        const hash = crypto__namespace.createHash('sha256').update(basename).digest('hex').substring(0, 8);
+        // Preserve file extension for analysis purposes
+        const ext = path__namespace.extname(basename);
+        return `file_${hash}${ext}`;
     }
     /**
-     * Export to HTML format
+     * Sanitize error messages to prevent PHI exposure
      */
-    toHTML(reports, options = {}) {
-        const data = Array.isArray(reports) ? reports : [reports];
-        const clean = data.filter(r => r.verdict === 'clean').length;
-        const suspicious = data.filter(r => r.verdict === 'suspicious').length;
-        const malicious = data.filter(r => r.verdict === 'malicious').length;
-        let html = `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Pompelmi Scan Results</title>
-  <style>
-    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 1200px; margin: 0 auto; padding: 20px; }
-    .summary { display: grid; grid-template-columns: repeat(3, 1fr); gap: 20px; margin: 20px 0; }
-    .card { padding: 20px; border-radius: 8px; text-align: center; }
-    .clean { background: #d4edda; color: #155724; }
-    .suspicious { background: #fff3cd; color: #856404; }
-    .malicious { background: #f8d7da; color: #721c24; }
-    .result { border: 1px solid #ddd; border-radius: 8px; padding: 15px; margin: 10px 0; }
-    .result h3 { margin-top: 0; }
-    .badge { display: inline-block; padding: 4px 8px; border-radius: 4px; font-size: 0.8em; margin: 2px; }
-    table { width: 100%; border-collapse: collapse; }
-    th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
-  </style>
-</head>
-<body>
-  <h1>🛡️ Pompelmi Scan Results</h1>
-  <div class="summary">
-    <div class="card clean"><h2>${clean}</h2><p>Clean Files</p></div>
-    <div class="card suspicious"><h2>${suspicious}</h2><p>Suspicious Files</p></div>
-    <div class="card malicious"><h2>${malicious}</h2><p>Malicious Files</p></div>
-  </div>
-  <h2>Detailed Results</h2>`;
-        for (const report of data) {
-            const statusClass = report.verdict;
-            html += `<div class="result ${statusClass}">`;
-            html += `<h3>${this.escapeHtml(report.file?.name || 'Unknown')}</h3>`;
-            html += `<table>`;
-            html += `<tr><th>Verdict</th><td>${report.verdict.toUpperCase()}</td></tr>`;
-            html += `<tr><th>Size</th><td>${this.formatBytes(report.file?.size || 0)}</td></tr>`;
-            html += `<tr><th>MIME Type</th><td>${this.escapeHtml(report.file?.mimeType || 'unknown')}</td></tr>`;
-            html += `<tr><th>Duration</th><td>${report.durationMs || 0}ms</td></tr>`;
-            html += `<tr><th>Matches</th><td>${report.matches.length}</td></tr>`;
-            html += `</table>`;
-            if (options.includeDetails && report.matches.length > 0) {
-                html += `<h4>Match Details:</h4><ul>`;
-                for (const match of report.matches) {
-                    html += `<li><strong>${this.escapeHtml(match.rule)}</strong>`;
-                    if (match.tags && match.tags.length > 0) {
-                        html += ` ${match.tags.map(tag => `<span class="badge">${this.escapeHtml(tag)}</span>`).join('')}`;
-                    }
-                    html += `</li>`;
-                }
-                html += `</ul>`;
-            }
-            html += `</div>`;
+    sanitizeError(error) {
+        if (!this.config.enabled || !this.config.sanitizeErrors) {
+            return typeof error === 'string' ? error : error.message;
         }
-        html += `</body></html>`;
-        return html;
+        const message = typeof error === 'string' ? error : error.message;
+        // Remove common patterns that might contain PHI
+        let sanitized = message
+            // Remove file paths
+            .replace(/[A-Za-z]:\\\\[^\\s]+/g, '[REDACTED_PATH]')
+            .replace(/\/[^\\s]+/g, '[REDACTED_PATH]')
+            // Remove potential patient identifiers (numbers that could be MRNs, SSNs)
+            .replace(/\\b\\d{3}-?\\d{2}-?\\d{4}\\b/g, '[REDACTED_ID]')
+            .replace(/\\b\\d{6,}\\b/g, '[REDACTED_ID]')
+            // Remove email addresses
+            .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[REDACTED_EMAIL]')
+            // Remove potential names (capitalize words in error messages)
+            .replace(/\\b[A-Z][a-z]+\\s+[A-Z][a-z]+\\b/g, '[REDACTED_NAME]')
+            // Remove IP addresses
+            .replace(/\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b/g, '[REDACTED_IP]');
+        return sanitized;
     }
     /**
-     * Export to specified format
+     * Create secure temporary file path with encryption if enabled
      */
-    export(reports, format, options = {}) {
-        switch (format) {
-            case 'json':
-                return this.toJSON(reports, options);
-            case 'csv':
-                return this.toCSV(reports, options);
-            case 'markdown':
-                return this.toMarkdown(reports, options);
-            case 'html':
-                return this.toHTML(reports, options);
-            case 'sarif':
-                return this.toSARIF(reports, options);
-            default:
-                throw new Error(`Unsupported export format: ${format}`);
+    createSecureTempPath(prefix = 'pompelmi') {
+        if (!this.config.enabled) {
+            return path__namespace.join(os__namespace.tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
         }
+        // Use cryptographically secure random names
+        const randomId = crypto__namespace.randomBytes(16).toString('hex');
+        const timestamp = Date.now();
+        // Create path in secure temp directory
+        const secureTempDir = this.getSecureTempDir();
+        const tempPath = path__namespace.join(secureTempDir, `${prefix}-${timestamp}-${randomId}`);
+        this.auditLog('temp_file_created', {
+            action: 'create_temp_file',
+            success: true,
+            metadata: { path: this.sanitizeFilename(tempPath) }
+        });
+        return tempPath;
     }
-    escapeCsv(value) {
-        if (value.includes(',') || value.includes('"') || value.includes('\n')) {
-            return `"${value.replace(/"/g, '""')}"`;
+    /**
+     * Get or create secure temporary directory with restricted permissions
+     */
+    getSecureTempDir() {
+        const secureTempPath = path__namespace.join(os__namespace.tmpdir(), 'pompelmi-secure');
+        try {
+            const fs = require('fs');
+            if (!fs.existsSync(secureTempPath)) {
+                fs.mkdirSync(secureTempPath, { mode: 0o700 }); // Owner read/write/execute only
+            }
         }
-        return value;
-    }
-    escapeHtml(value) {
-        return value
-            .replace(/&/g, '&amp;')
-            .replace(/</g, '&lt;')
-            .replace(/>/g, '&gt;')
-            .replace(/"/g, '&quot;')
-            .replace(/'/g, '&#039;');
-    }
-    formatBytes(bytes) {
-        if (bytes === 0)
-            return '0 Bytes';
-        const k = 1024;
-        const sizes = ['Bytes', 'KB', 'MB', 'GB'];
-        const i = Math.floor(Math.log(bytes) / Math.log(k));
-        return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i];
-    }
-}
-/**
- * Quick export helper
- */
-function exportScanResults(reports, format, options) {
-    const exporter = new ScanResultExporter();
-    return exporter.export(reports, format, options);
-}
-
-/**
- * Advanced configuration system for pompelmi
- * @module config
- */
-/**
- * Default configuration
- */
-const DEFAULT_CONFIG = {
-    defaultPreset: 'zip-basic',
-    performance: {
-        enableCache: false,
-        enablePerformanceTracking: false,
-        enableParallel: true,
-        maxConcurrency: 5,
-        cacheOptions: {
-            maxSize: 1000,
-            ttl: 3600000, // 1 hour
-            enableLRU: true,
-            enableStats: false,
-        },
-    },
-    security: {
-        maxFileSize: 100 * 1024 * 1024, // 100MB
-        enableThreatIntel: false,
-        scanTimeout: 30000, // 30 seconds
-        strictMode: false,
-    },
-    advanced: {
-        enablePolyglotDetection: true,
-        enableObfuscationDetection: true,
-        enableNestedArchiveAnalysis: true,
-        maxArchiveDepth: 5,
-    },
-    logging: {
-        verbose: false,
-        level: 'info',
-        enableStats: false,
-    },
-};
-/**
- * Configuration presets for common use cases
- */
-const CONFIG_PRESETS = {
-    /** Fast scanning with minimal features */
-    fast: {
-        defaultPreset: 'basic',
-        performance: {
-            enableCache: true,
-            enablePerformanceTracking: false,
-            maxConcurrency: 10,
-        },
-        advanced: {
-            enablePolyglotDetection: false,
-            enableObfuscationDetection: false,
-            enableNestedArchiveAnalysis: false,
-        },
-    },
-    /** Balanced scanning (recommended) */
-    balanced: DEFAULT_CONFIG,
-    /** Thorough scanning with all features */
-    thorough: {
-        defaultPreset: 'advanced',
-        performance: {
-            enableCache: true,
-            enablePerformanceTracking: true,
-            maxConcurrency: 3,
-        },
-        security: {
-            maxFileSize: 500 * 1024 * 1024, // 500MB
-            enableThreatIntel: true,
-            scanTimeout: 60000, // 60 seconds
-            strictMode: true,
-        },
-        advanced: {
-            enablePolyglotDetection: true,
-            enableObfuscationDetection: true,
-            enableNestedArchiveAnalysis: true,
-            maxArchiveDepth: 10,
-        },
-        logging: {
-            verbose: true,
-            level: 'debug',
-            enableStats: true,
-        },
-    },
-    /** Production-ready configuration */
-    production: {
-        defaultPreset: 'advanced',
-        performance: {
-            enableCache: true,
-            enablePerformanceTracking: true,
-            maxConcurrency: 5,
-            cacheOptions: {
-                maxSize: 5000,
-                ttl: 7200000, // 2 hours
-                enableLRU: true,
-                enableStats: true,
-            },
-        },
-        security: {
-            maxFileSize: 200 * 1024 * 1024, // 200MB
-            enableThreatIntel: true,
-            scanTimeout: 45000,
-            strictMode: false,
-        },
-        advanced: {
-            enablePolyglotDetection: true,
-            enableObfuscationDetection: true,
-            enableNestedArchiveAnalysis: true,
-            maxArchiveDepth: 7,
-        },
-        logging: {
-            verbose: false,
-            level: 'warn',
-            enableStats: true,
-        },
-    },
-    /** Development configuration */
-    development: {
-        defaultPreset: 'basic',
-        performance: {
-            enableCache: false,
-            enablePerformanceTracking: true,
-            maxConcurrency: 3,
-        },
-        security: {
-            maxFileSize: 50 * 1024 * 1024, // 50MB
-            scanTimeout: 15000,
-            strictMode: false,
-        },
-        logging: {
-            verbose: true,
-            level: 'debug',
-            enableStats: true,
-        },
-    },
-};
-/**
- * Configuration manager
- */
-class ConfigManager {
-    constructor(initialConfig) {
-        this.config = this.mergeConfig(DEFAULT_CONFIG, initialConfig || {});
+        catch (error) {
+            // Fallback to system temp
+            return os__namespace.tmpdir();
+        }
+        return secureTempPath;
     }
     /**
-     * Get current configuration
+     * Secure file cleanup with multiple overwrite passes
      */
-    getConfig() {
-        return { ...this.config };
+    async secureFileCleanup(filePath) {
+        if (!this.config.enabled) {
+            try {
+                const fs = await import('fs/promises');
+                await fs.unlink(filePath);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            return;
+        }
+        try {
+            const fs = await import('fs/promises');
+            const stats = await fs.stat(filePath);
+            if (this.config.memoryProtection) {
+                // Overwrite file with random data multiple times (DoD 5220.22-M standard)
+                const fileSize = stats.size;
+                const buffer = crypto__namespace.randomBytes(Math.min(fileSize, 64 * 1024)); // 64KB chunks
+                for (let pass = 0; pass < 3; pass++) {
+                    const handle = await fs.open(filePath, 'r+');
+                    try {
+                        for (let offset = 0; offset < fileSize; offset += buffer.length) {
+                            const chunk = offset + buffer.length > fileSize
+                                ? buffer.subarray(0, fileSize - offset)
+                                : buffer;
+                            await handle.write(chunk, 0, chunk.length, offset);
+                        }
+                        await handle.sync();
+                    }
+                    finally {
+                        await handle.close();
+                    }
+                }
+            }
+            // Final deletion
+            await fs.unlink(filePath);
+            this.auditLog('temp_file_deleted', {
+                action: 'secure_delete',
+                success: true,
+                metadata: {
+                    path: this.sanitizeFilename(filePath),
+                    overwritePasses: this.config.memoryProtection ? 3 : 0
+                }
+            });
+        }
+        catch (error) {
+            this.auditLog('temp_file_deleted', {
+                action: 'secure_delete',
+                success: false,
+                sanitizedError: this.sanitizeError(error),
+                metadata: { path: this.sanitizeFilename(filePath) }
+            });
+        }
     }
     /**
-     * Update configuration
+     * Calculate secure file hash for audit purposes
      */
-    updateConfig(updates) {
-        this.config = this.mergeConfig(this.config, updates);
+    calculateFileHash(data) {
+        return crypto__namespace.createHash('sha256').update(data).digest('hex');
     }
     /**
-     * Load a preset configuration
+     * Log audit event
      */
-    loadPreset(preset) {
-        const presetConfig = CONFIG_PRESETS[preset];
-        this.config = this.mergeConfig(DEFAULT_CONFIG, presetConfig);
+    auditLog(eventType, details) {
+        if (!this.config.enabled)
+            return;
+        const event = {
+            timestamp: new Date().toISOString(),
+            eventType,
+            sessionId: this.sessionId,
+            details: {
+                action: details.action || 'unknown',
+                success: details.success ?? true,
+                ...details
+            }
+        };
+        this.auditEvents.push(event);
+        // Write to audit log file if configured
+        if (this.config.auditLogPath) {
+            this.writeAuditLog(event).catch(() => {
+                // Silent failure to prevent error loops
+            });
+        }
     }
     /**
-     * Reset to default configuration
+     * Write audit event to file
      */
-    reset() {
-        this.config = { ...DEFAULT_CONFIG };
+    async writeAuditLog(event) {
+        if (!this.config.auditLogPath)
+            return;
+        try {
+            const fs = await import('fs/promises');
+            const logLine = JSON.stringify(event) + '\\n';
+            await fs.appendFile(this.config.auditLogPath, logLine, { flag: 'a' });
+        }
+        catch {
+            // Silent failure
+        }
     }
     /**
-     * Get a specific configuration value
+     * Generate cryptographically secure session ID
      */
-    get(key) {
-        return this.config[key];
+    generateSessionId() {
+        return crypto__namespace.randomBytes(16).toString('hex');
     }
     /**
-     * Set a specific configuration value
+     * Get current audit events for this session
      */
-    set(key, value) {
-        this.config[key] = value;
+    getAuditEvents() {
+        return [...this.auditEvents];
     }
     /**
-     * Validate configuration
+     * Clear sensitive data from memory
      */
-    validate() {
-        const errors = [];
-        // Validate performance settings
-        if (this.config.performance?.maxConcurrency !== undefined) {
-            if (this.config.performance.maxConcurrency < 1) {
-                errors.push('maxConcurrency must be at least 1');
-            }
-            if (this.config.performance.maxConcurrency > 50) {
-                errors.push('maxConcurrency should not exceed 50');
-            }
-        }
-        // Validate security settings
-        if (this.config.security?.maxFileSize !== undefined) {
-            if (this.config.security.maxFileSize < 1024) {
-                errors.push('maxFileSize must be at least 1KB');
-            }
-        }
-        if (this.config.security?.scanTimeout !== undefined) {
-            if (this.config.security.scanTimeout < 1000) {
-                errors.push('scanTimeout must be at least 1000ms');
-            }
-        }
-        // Validate advanced settings
-        if (this.config.advanced?.maxArchiveDepth !== undefined) {
-            if (this.config.advanced.maxArchiveDepth < 1) {
-                errors.push('maxArchiveDepth must be at least 1');
-            }
-            if (this.config.advanced.maxArchiveDepth > 20) {
-                errors.push('maxArchiveDepth should not exceed 20');
-            }
+    clearSensitiveData() {
+        if (!this.config.enabled || !this.config.memoryProtection)
+            return;
+        // Clear audit events
+        this.auditEvents.length = 0;
+        // Force garbage collection if available
+        if (global.gc) {
+            global.gc();
         }
-        return {
-            valid: errors.length === 0,
-            errors,
-        };
-    }
-    /**
-     * Deep merge configuration objects
-     */
-    mergeConfig(base, updates) {
-        return {
-            ...base,
-            ...updates,
-            performance: {
-                ...base.performance,
-                ...updates.performance,
-                cacheOptions: {
-                    ...base.performance?.cacheOptions,
-                    ...updates.performance?.cacheOptions,
-                },
-            },
-            security: {
-                ...base.security,
-                ...updates.security,
-            },
-            advanced: {
-                ...base.advanced,
-                ...updates.advanced,
-            },
-            logging: {
-                ...base.logging,
-                ...updates.logging,
-            },
-            callbacks: {
-                ...base.callbacks,
-                ...updates.callbacks,
-            },
-            presetOptions: {
-                ...base.presetOptions,
-                ...updates.presetOptions,
-            },
-        };
-    }
-    /**
-     * Export configuration as JSON
-     */
-    toJSON() {
-        return JSON.stringify(this.config, null, 2);
     }
     /**
-     * Load configuration from JSON
+     * Validate transport security
      */
-    fromJSON(json) {
+    validateTransportSecurity(url) {
+        if (!this.config.enabled || !this.config.requireSecureTransport) {
+            return true;
+        }
+        if (!url)
+            return true;
         try {
-            const parsed = JSON.parse(json);
-            this.config = this.mergeConfig(DEFAULT_CONFIG, parsed);
+            const urlObj = new URL(url);
+            const isSecure = urlObj.protocol === 'https:' || urlObj.hostname === 'localhost' || urlObj.hostname === '127.0.0.1';
+            if (!isSecure) {
+                this.auditLog('security_violation', {
+                    action: 'insecure_transport',
+                    success: false,
+                    metadata: { protocol: urlObj.protocol, hostname: urlObj.hostname }
+                });
+            }
+            return isSecure;
         }
-        catch (error) {
-            throw new Error(`Failed to parse configuration JSON: ${error}`);
+        catch {
+            return false;
         }
     }
 }
+// Global HIPAA compliance instance
+let hipaaManager = null;
 /**
- * Create a new configuration manager
+ * Initialize HIPAA compliance
  */
-function createConfig(config) {
-    return new ConfigManager(config);
+function initializeHipaaCompliance(config) {
+    hipaaManager = new HipaaComplianceManager(config);
+    return hipaaManager;
 }
 /**
- * Get a preset configuration
+ * Get current HIPAA compliance manager
  */
-function getPresetConfig(preset) {
-    return { ...DEFAULT_CONFIG, ...CONFIG_PRESETS[preset] };
+function getHipaaManager() {
+    return hipaaManager;
+}
+/**
+ * HIPAA-compliant error wrapper
+ */
+function createHipaaError(error, context) {
+    const manager = getHipaaManager();
+    if (!manager) {
+        return typeof error === 'string' ? new Error(error) : error;
+    }
+    const sanitizedMessage = manager.sanitizeError(error);
+    const hipaaError = new Error(sanitizedMessage);
+    manager.auditLog('error_occurred', {
+        action: context || 'error',
+        success: false,
+        sanitizedError: sanitizedMessage
+    });
+    return hipaaError;
 }
+/**
+ * HIPAA-compliant temporary file utilities
+ */
+const HipaaTemp = {
+    createPath: (prefix) => {
+        const manager = getHipaaManager();
+        return manager ? manager.createSecureTempPath(prefix) : path__namespace.join(os__namespace.tmpdir(), `${prefix || 'pompelmi'}-${Date.now()}`);
+    },
+    cleanup: async (filePath) => {
+        const manager = getHipaaManager();
+        if (manager) {
+            await manager.secureFileCleanup(filePath);
+        }
+        else {
+            try {
+                const fs = await import('fs/promises');
+                await fs.unlink(filePath);
+            }
+            catch {
+                // Ignore errors
+            }
+        }
+    }
+};
 
+exports.ARCHIVES = ARCHIVES;
 exports.BatchScanner = BatchScanner;
 exports.CONFIG_PRESETS = CONFIG_PRESETS;
+exports.CONSERVATIVE_DEFAULT = CONSERVATIVE_DEFAULT;
 exports.CommonHeuristicsScanner = CommonHeuristicsScanner;
 exports.ConfigManager = ConfigManager;
 exports.DEFAULT_CONFIG = DEFAULT_CONFIG;
 exports.DEFAULT_POLICY = DEFAULT_POLICY;
-exports.HipaaComplianceManager = HipaaComplianceManager;
+exports.DOCUMENTS_ONLY = DOCUMENTS_ONLY;
 exports.HipaaTemp = HipaaTemp;
+exports.IMAGES_ONLY = IMAGES_ONLY;
 exports.LocalThreatIntelligence = LocalThreatIntelligence;
-exports.PRESET_CONFIGS = PRESET_CONFIGS;
+exports.POLICY_PACKS = POLICY_PACKS;
 exports.PerformanceTracker = PerformanceTracker;
+exports.STRICT_PUBLIC_UPLOAD = STRICT_PUBLIC_UPLOAD;
 exports.SUSPICIOUS_PATTERNS = SUSPICIOUS_PATTERNS;
 exports.ScanCacheManager = ScanCacheManager;
 exports.ScanResultExporter = ScanResultExporter;
@@ -4192,6 +2481,7 @@ exports.exportScanResults = exportScanResults;
 exports.getDefaultCache = getDefaultCache;
 exports.getFileHash = getFileHash;
 exports.getHipaaManager = getHipaaManager;
+exports.getPolicyPack = getPolicyPack;
 exports.getPresetConfig = getPresetConfig;
 exports.initializeHipaaCompliance = initializeHipaaCompliance;
 exports.mapMatchesToVerdict = mapMatchesToVerdict;
@@ -4200,6 +2490,5 @@ exports.scanBytes = scanBytes;
 exports.scanFile = scanFile;
 exports.scanFiles = scanFiles;
 exports.scanFilesWithRemoteYara = scanFilesWithRemoteYara;
-exports.useFileScanner = useFileScanner;
 exports.validateFile = validateFile;
 //# sourceMappingURL=pompelmi.cjs.map