pompelmi 0.35.5 → 1.0.0

package/dist/pompelmi.policy-packs.cjs

@@ -1,240 +0,0 @@
-'use strict';
-
-const MB$1 = 1024 * 1024;
-const DEFAULT_POLICY = {
-    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf"],
-    allowedMimeTypes: ["application/zip", "image/png", "image/jpeg", "application/pdf", "text/plain"],
-    maxFileSizeBytes: 20 * MB$1,
-    timeoutMs: 5000,
-    concurrency: 4,
-    failClosed: true,
-};
-function definePolicy(input = {}) {
-    const p = { ...DEFAULT_POLICY, ...input };
-    if (!Array.isArray(p.includeExtensions))
-        throw new TypeError("includeExtensions must be string[]");
-    if (!Array.isArray(p.allowedMimeTypes))
-        throw new TypeError("allowedMimeTypes must be string[]");
-    if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))
-        throw new TypeError("maxFileSizeBytes must be > 0");
-    if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))
-        throw new TypeError("timeoutMs must be > 0");
-    if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))
-        throw new TypeError("concurrency must be > 0");
-    return p;
-}
-
-/**
- * Policy packs for Pompelmi.
- *
- * Pre-configured, named policies for common upload scenarios.  Each pack
- * defines the file type allowlist, size limits, and timeout appropriate for
- * its use case.
- *
- * All packs are built on `definePolicy` and are fully overridable:
- *
- * ```ts
- * import { POLICY_PACKS } from 'pompelmi/policy-packs';
- *
- * // Use a pack as-is:
- * const policy = POLICY_PACKS['images-only'];
- *
- * // Or override individual fields:
- * import { definePolicy } from 'pompelmi';
- * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });
- * ```
- *
- * These packs are *deterministic* and *descriptor-based* — they do not
- * depend on any external threat intelligence feed.
- *
- * @module policy-packs
- */
-const KB = 1024;
-const MB = 1024 * KB;
-// ── Policy packs ──────────────────────────────────────────────────────────────
-/**
- * Documents-only policy.
- *
- * Appropriate for: document management APIs, PDF/Office file upload endpoints,
- * data import pipelines.
- *
- * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),
- *   CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).
- * Max size: 25 MB.
- */
-const DOCUMENTS_ONLY = definePolicy({
-    includeExtensions: [
-        "pdf",
-        "doc",
-        "docx",
-        "xls",
-        "xlsx",
-        "ppt",
-        "pptx",
-        "odt",
-        "ods",
-        "odp",
-        "csv",
-        "txt",
-        "json",
-        "yaml",
-        "yml",
-        "md",
-    ],
-    allowedMimeTypes: [
-        "application/pdf",
-        "application/msword",
-        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
-        "application/vnd.ms-excel",
-        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
-        "application/vnd.ms-powerpoint",
-        "application/vnd.openxmlformats-officedocument.presentationml.presentation",
-        "application/vnd.oasis.opendocument.text",
-        "application/vnd.oasis.opendocument.spreadsheet",
-        "application/vnd.oasis.opendocument.presentation",
-        "text/csv",
-        "text/plain",
-        "application/json",
-        "text/yaml",
-        "text/markdown",
-    ],
-    maxFileSizeBytes: 25 * MB,
-    timeoutMs: 10000,
-    concurrency: 4,
-    failClosed: true,
-});
-/**
- * Images-only policy.
- *
- * Appropriate for: avatar uploads, product image APIs, content platforms with
- * user-generated imagery.
- *
- * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.
- * Max size: 10 MB.
- * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
- */
-const IMAGES_ONLY = definePolicy({
-    includeExtensions: ["jpg", "jpeg", "png", "gif", "webp", "avif", "tiff", "tif", "bmp", "ico"],
-    allowedMimeTypes: [
-        "image/jpeg",
-        "image/png",
-        "image/gif",
-        "image/webp",
-        "image/avif",
-        "image/tiff",
-        "image/bmp",
-        "image/x-icon",
-        "image/vnd.microsoft.icon",
-    ],
-    maxFileSizeBytes: 10 * MB,
-    timeoutMs: 5000,
-    concurrency: 8,
-    failClosed: true,
-});
-/**
- * Strict public-upload policy.
- *
- * Appropriate for: anonymous or low-trust upload endpoints, public APIs,
- * any surface exposed to untrusted users.
- *
- * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME
- * allowlist.  Only allows plain images and PDF.
- */
-const STRICT_PUBLIC_UPLOAD = definePolicy({
-    includeExtensions: ["jpg", "jpeg", "png", "webp", "pdf"],
-    allowedMimeTypes: ["image/jpeg", "image/png", "image/webp", "application/pdf"],
-    maxFileSizeBytes: 5 * MB,
-    timeoutMs: 4000,
-    concurrency: 2,
-    failClosed: true,
-});
-/**
- * Conservative default policy.
- *
- * A hardened version of the built-in `DEFAULT_POLICY` suitable for
- * production without further customisation.  Stricter size limit and
- * shorter timeout than the permissive default.
- */
-const CONSERVATIVE_DEFAULT = definePolicy({
-    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf", "txt", "csv", "docx", "xlsx"],
-    allowedMimeTypes: [
-        "application/zip",
-        "image/png",
-        "image/jpeg",
-        "application/pdf",
-        "text/plain",
-        "text/csv",
-        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
-        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
-    ],
-    maxFileSizeBytes: 10 * MB,
-    timeoutMs: 8000,
-    concurrency: 4,
-    failClosed: true,
-});
-/**
- * Archives policy.
- *
- * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.
- * Combines a generous size allowance with a longer timeout for deep inspection.
- *
- * NOTE: Pair this policy with `createZipBombGuard()` to defend against
- * decompression-bomb attacks:
- *
- * ```ts
- * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';
- * const scanner = composeScanners(
- *   [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]
- * );
- * ```
- */
-const ARCHIVES = definePolicy({
-    includeExtensions: ["zip", "tar", "gz", "tgz", "bz2", "xz", "7z", "rar"],
-    allowedMimeTypes: [
-        "application/zip",
-        "application/x-tar",
-        "application/gzip",
-        "application/x-bzip2",
-        "application/x-xz",
-        "application/x-7z-compressed",
-        "application/x-rar-compressed",
-    ],
-    maxFileSizeBytes: 100 * MB,
-    timeoutMs: 30000,
-    concurrency: 2,
-    failClosed: true,
-});
-/**
- * Named map of all built-in policy packs.
- *
- * ```ts
- * import { POLICY_PACKS } from 'pompelmi/policy-packs';
- * const policy = POLICY_PACKS['strict-public-upload'];
- * ```
- */
-const POLICY_PACKS = {
-    "documents-only": DOCUMENTS_ONLY,
-    "images-only": IMAGES_ONLY,
-    "strict-public-upload": STRICT_PUBLIC_UPLOAD,
-    "conservative-default": CONSERVATIVE_DEFAULT,
-    archives: ARCHIVES,
-};
-/**
- * Look up a policy pack by name.
- * Throws if the name is not recognised.
- */
-function getPolicyPack(name) {
-    const policy = POLICY_PACKS[name];
-    if (!policy)
-        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(", ")}`);
-    return policy;
-}
-
-exports.ARCHIVES = ARCHIVES;
-exports.CONSERVATIVE_DEFAULT = CONSERVATIVE_DEFAULT;
-exports.DOCUMENTS_ONLY = DOCUMENTS_ONLY;
-exports.IMAGES_ONLY = IMAGES_ONLY;
-exports.POLICY_PACKS = POLICY_PACKS;
-exports.STRICT_PUBLIC_UPLOAD = STRICT_PUBLIC_UPLOAD;
-exports.getPolicyPack = getPolicyPack;
-//# sourceMappingURL=pompelmi.policy-packs.cjs.map

package/dist/pompelmi.policy-packs.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"pompelmi.policy-packs.cjs","sources":["../../src/policy.ts","../../src/policy-packs.ts"],"sourcesContent":["export interface Policy {\n  includeExtensions: string[];\n  allowedMimeTypes: string[];\n  maxFileSizeBytes: number;\n  timeoutMs: number;\n  concurrency: number;\n  failClosed: boolean;\n  onScanEvent?: (ev: unknown) => void;\n}\nexport type PolicyInput = Partial<Policy>;\n\nconst MB = 1024 * 1024;\n\nexport const DEFAULT_POLICY: Policy = {\n  includeExtensions: [\"zip\", \"png\", \"jpg\", \"jpeg\", \"pdf\"],\n  allowedMimeTypes: [\"application/zip\", \"image/png\", \"image/jpeg\", \"application/pdf\", \"text/plain\"],\n  maxFileSizeBytes: 20 * MB,\n  timeoutMs: 5000,\n  concurrency: 4,\n  failClosed: true,\n};\n\nexport function definePolicy(input: PolicyInput = {}): Policy {\n  const p: Policy = { ...DEFAULT_POLICY, ...input };\n  if (!Array.isArray(p.includeExtensions))\n    throw new TypeError(\"includeExtensions must be string[]\");\n  if (!Array.isArray(p.allowedMimeTypes)) throw new TypeError(\"allowedMimeTypes must be string[]\");\n  if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))\n    throw new TypeError(\"maxFileSizeBytes must be > 0\");\n  if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))\n    throw new TypeError(\"timeoutMs must be > 0\");\n  if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))\n    throw new TypeError(\"concurrency must be > 0\");\n  return p;\n}\n","/**\n * Policy packs for Pompelmi.\n *\n * Pre-configured, named policies for common upload scenarios.  Each pack\n * defines the file type allowlist, size limits, and timeout appropriate for\n * its use case.\n *\n * All packs are built on `definePolicy` and are fully overridable:\n *\n * ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n *\n * // Use a pack as-is:\n * const policy = POLICY_PACKS['images-only'];\n *\n * // Or override individual fields:\n * import { definePolicy } from 'pompelmi';\n * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });\n * ```\n *\n * These packs are *deterministic* and *descriptor-based* — they do not\n * depend on any external threat intelligence feed.\n *\n * @module policy-packs\n */\n\nimport { definePolicy, type Policy } from \"./policy\";\n\nconst KB = 1024;\nconst MB = 1024 * KB;\n\n// ── Policy packs ──────────────────────────────────────────────────────────────\n\n/**\n * Documents-only policy.\n *\n * Appropriate for: document management APIs, PDF/Office file upload endpoints,\n * data import pipelines.\n *\n * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),\n *   CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).\n * Max size: 25 MB.\n */\nexport const DOCUMENTS_ONLY: Policy = definePolicy({\n  includeExtensions: [\n    \"pdf\",\n    \"doc\",\n    \"docx\",\n    \"xls\",\n    \"xlsx\",\n    \"ppt\",\n    \"pptx\",\n    \"odt\",\n    \"ods\",\n    \"odp\",\n    \"csv\",\n    \"txt\",\n    \"json\",\n    \"yaml\",\n    \"yml\",\n    \"md\",\n  ],\n  allowedMimeTypes: [\n    \"application/pdf\",\n    \"application/msword\",\n    \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n    \"application/vnd.ms-excel\",\n    \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n    \"application/vnd.ms-powerpoint\",\n    \"application/vnd.openxmlformats-officedocument.presentationml.presentation\",\n    \"application/vnd.oasis.opendocument.text\",\n    \"application/vnd.oasis.opendocument.spreadsheet\",\n    \"application/vnd.oasis.opendocument.presentation\",\n    \"text/csv\",\n    \"text/plain\",\n    \"application/json\",\n    \"text/yaml\",\n    \"text/markdown\",\n  ],\n  maxFileSizeBytes: 25 * MB,\n  timeoutMs: 10_000,\n  concurrency: 4,\n  failClosed: true,\n});\n\n/**\n * Images-only policy.\n *\n * Appropriate for: avatar uploads, product image APIs, content platforms with\n * user-generated imagery.\n *\n * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.\n * Max size: 10 MB.\n * Note: SVG is intentionally excluded — inline SVGs can contain scripts.\n */\nexport const IMAGES_ONLY: Policy = definePolicy({\n  includeExtensions: [\"jpg\", \"jpeg\", \"png\", \"gif\", \"webp\", \"avif\", \"tiff\", \"tif\", \"bmp\", \"ico\"],\n  allowedMimeTypes: [\n    \"image/jpeg\",\n    \"image/png\",\n    \"image/gif\",\n    \"image/webp\",\n    \"image/avif\",\n    \"image/tiff\",\n    \"image/bmp\",\n    \"image/x-icon\",\n    \"image/vnd.microsoft.icon\",\n  ],\n  maxFileSizeBytes: 10 * MB,\n  timeoutMs: 5_000,\n  concurrency: 8,\n  failClosed: true,\n});\n\n/**\n * Strict public-upload policy.\n *\n * Appropriate for: anonymous or low-trust upload endpoints, public APIs,\n * any surface exposed to untrusted users.\n *\n * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME\n * allowlist.  Only allows plain images and PDF.\n */\nexport const STRICT_PUBLIC_UPLOAD: Policy = definePolicy({\n  includeExtensions: [\"jpg\", \"jpeg\", \"png\", \"webp\", \"pdf\"],\n  allowedMimeTypes: [\"image/jpeg\", \"image/png\", \"image/webp\", \"application/pdf\"],\n  maxFileSizeBytes: 5 * MB,\n  timeoutMs: 4_000,\n  concurrency: 2,\n  failClosed: true,\n});\n\n/**\n * Conservative default policy.\n *\n * A hardened version of the built-in `DEFAULT_POLICY` suitable for\n * production without further customisation.  Stricter size limit and\n * shorter timeout than the permissive default.\n */\nexport const CONSERVATIVE_DEFAULT: Policy = definePolicy({\n  includeExtensions: [\"zip\", \"png\", \"jpg\", \"jpeg\", \"pdf\", \"txt\", \"csv\", \"docx\", \"xlsx\"],\n  allowedMimeTypes: [\n    \"application/zip\",\n    \"image/png\",\n    \"image/jpeg\",\n    \"application/pdf\",\n    \"text/plain\",\n    \"text/csv\",\n    \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n    \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n  ],\n  maxFileSizeBytes: 10 * MB,\n  timeoutMs: 8_000,\n  concurrency: 4,\n  failClosed: true,\n});\n\n/**\n * Archives policy.\n *\n * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.\n * Combines a generous size allowance with a longer timeout for deep inspection.\n *\n * NOTE: Pair this policy with `createZipBombGuard()` to defend against\n * decompression-bomb attacks:\n *\n * ```ts\n * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';\n * const scanner = composeScanners(\n *   [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]\n * );\n * ```\n */\nexport const ARCHIVES: Policy = definePolicy({\n  includeExtensions: [\"zip\", \"tar\", \"gz\", \"tgz\", \"bz2\", \"xz\", \"7z\", \"rar\"],\n  allowedMimeTypes: [\n    \"application/zip\",\n    \"application/x-tar\",\n    \"application/gzip\",\n    \"application/x-bzip2\",\n    \"application/x-xz\",\n    \"application/x-7z-compressed\",\n    \"application/x-rar-compressed\",\n  ],\n  maxFileSizeBytes: 100 * MB,\n  timeoutMs: 30_000,\n  concurrency: 2,\n  failClosed: true,\n});\n\n// ── Named map ────────────────────────────────────────────────────────────────\n\nexport type PolicyPackName =\n  | \"documents-only\"\n  | \"images-only\"\n  | \"strict-public-upload\"\n  | \"conservative-default\"\n  | \"archives\";\n\n/**\n * Named map of all built-in policy packs.\n *\n * ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n * const policy = POLICY_PACKS['strict-public-upload'];\n * ```\n */\nexport const POLICY_PACKS: Record<PolicyPackName, Policy> = {\n  \"documents-only\": DOCUMENTS_ONLY,\n  \"images-only\": IMAGES_ONLY,\n  \"strict-public-upload\": STRICT_PUBLIC_UPLOAD,\n  \"conservative-default\": CONSERVATIVE_DEFAULT,\n  archives: ARCHIVES,\n};\n\n/**\n * Look up a policy pack by name.\n * Throws if the name is not recognised.\n */\nexport function getPolicyPack(name: PolicyPackName): Policy {\n  const policy = POLICY_PACKS[name];\n  if (!policy)\n    throw new Error(\n      `Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(\", \")}`,\n    );\n  return policy;\n}\n"],"names":["MB"],"mappings":";;AAWA,MAAMA,IAAE,GAAG,IAAI,GAAG,IAAI;AAEf,MAAM,cAAc,GAAW;IACpC,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IACvD,gBAAgB,EAAE,CAAC,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC;IACjG,gBAAgB,EAAE,EAAE,GAAGA,IAAE;AACzB,IAAA,SAAS,EAAE,IAAI;AACf,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;CACjB;AAEK,SAAU,YAAY,CAAC,KAAA,GAAqB,EAAE,EAAA;IAClD,MAAM,CAAC,GAAW,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,EAAE;IACjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC;AACrC,QAAA,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC;IAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC;AAChG,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,CAAC;AAClE,QAAA,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC;AACrD,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;AACpD,QAAA,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC;AAC9C,IAAA,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;AACzD,QAAA,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC;AAChD,IAAA,OAAO,CAAC;AACV;;AClCA;;;;;;;;;;;;;;;;;;;;;;;;AAwBG;AAIH,MAAM,EAAE,GAAG,IAAI;AACf,MAAM,EAAE,GAAG,IAAI,GAAG,EAAE;AAEpB;AAEA;;;;;;;;;AASG;AACI,MAAM,cAAc,GAAW,YAAY,CAAC;AACjD,IAAA,iBAAiB,EAAE;QACjB,KAAK;QACL,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,KAAK;QACL,IAAI;AACL,KAAA;AACD,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,oBAAoB;QACpB,yEAAyE;QACzE,0BAA0B;QAC1B,mEAAmE;QACnE,+BAA+B;QAC/B,2EAA2E;QAC3E,yCAAyC;QACzC,gDAAgD;QAChD,iDAAiD;QACjD,UAAU;QACV,YAAY;QACZ,kBAAkB;QAClB,WAAW;QACX,eAAe;AAChB,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;AASG;AACI,MAAM,WAAW,GAAW,YAAY,CAAC;IAC9C,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;AAC7F,IAAA,gBAAgB,EAAE;QAChB,YAAY;QACZ,WAAW;QACX,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,cAAc;QACd,0BAA0B;AAC3B,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;AAQG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;IACvD,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IACxD,gBAAgB,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,CAAC;IAC9E,gBAAgB,EAAE,CAAC,GAAG,EAAE;AACxB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;AAMG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;AACvD,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;AACrF,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,WAAW;QACX,YAAY;QACZ,iBAAiB;QACjB,YAAY;QACZ,UAAU;QACV,yEAAyE;QACzE,mEAAmE;AACpE,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;;;;;;;AAeG;AACI,MAAM,QAAQ,GAAW,YAAY,CAAC;AAC3C,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC;AACxE,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,mBAAmB;QACnB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,6BAA6B;QAC7B,8BAA8B;AAC/B,KAAA;IACD,gBAAgB,EAAE,GAAG,GAAG,EAAE;AAC1B,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAWD;;;;;;;AAOG;AACI,MAAM,YAAY,GAAmC;AAC1D,IAAA,gBAAgB,EAAE,cAAc;AAChC,IAAA,aAAa,EAAE,WAAW;AAC1B,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,QAAQ,EAAE,QAAQ;;AAGpB;;;AAGG;AACG,SAAU,aAAa,CAAC,IAAoB,EAAA;AAChD,IAAA,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;AACjC,IAAA,IAAI,CAAC,MAAM;AACT,QAAA,MAAM,IAAI,KAAK,CACb,yBAAyB,IAAI,CAAA,gBAAA,EAAmB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CACvF;AACH,IAAA,OAAO,MAAM;AACf;;;;;;;;;;"}

package/dist/pompelmi.policy-packs.esm.js

@@ -1,232 +0,0 @@
-const MB$1 = 1024 * 1024;
-const DEFAULT_POLICY = {
-    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf"],
-    allowedMimeTypes: ["application/zip", "image/png", "image/jpeg", "application/pdf", "text/plain"],
-    maxFileSizeBytes: 20 * MB$1,
-    timeoutMs: 5000,
-    concurrency: 4,
-    failClosed: true,
-};
-function definePolicy(input = {}) {
-    const p = { ...DEFAULT_POLICY, ...input };
-    if (!Array.isArray(p.includeExtensions))
-        throw new TypeError("includeExtensions must be string[]");
-    if (!Array.isArray(p.allowedMimeTypes))
-        throw new TypeError("allowedMimeTypes must be string[]");
-    if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))
-        throw new TypeError("maxFileSizeBytes must be > 0");
-    if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))
-        throw new TypeError("timeoutMs must be > 0");
-    if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))
-        throw new TypeError("concurrency must be > 0");
-    return p;
-}
-
-/**
- * Policy packs for Pompelmi.
- *
- * Pre-configured, named policies for common upload scenarios.  Each pack
- * defines the file type allowlist, size limits, and timeout appropriate for
- * its use case.
- *
- * All packs are built on `definePolicy` and are fully overridable:
- *
- * ```ts
- * import { POLICY_PACKS } from 'pompelmi/policy-packs';
- *
- * // Use a pack as-is:
- * const policy = POLICY_PACKS['images-only'];
- *
- * // Or override individual fields:
- * import { definePolicy } from 'pompelmi';
- * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });
- * ```
- *
- * These packs are *deterministic* and *descriptor-based* — they do not
- * depend on any external threat intelligence feed.
- *
- * @module policy-packs
- */
-const KB = 1024;
-const MB = 1024 * KB;
-// ── Policy packs ──────────────────────────────────────────────────────────────
-/**
- * Documents-only policy.
- *
- * Appropriate for: document management APIs, PDF/Office file upload endpoints,
- * data import pipelines.
- *
- * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),
- *   CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).
- * Max size: 25 MB.
- */
-const DOCUMENTS_ONLY = definePolicy({
-    includeExtensions: [
-        "pdf",
-        "doc",
-        "docx",
-        "xls",
-        "xlsx",
-        "ppt",
-        "pptx",
-        "odt",
-        "ods",
-        "odp",
-        "csv",
-        "txt",
-        "json",
-        "yaml",
-        "yml",
-        "md",
-    ],
-    allowedMimeTypes: [
-        "application/pdf",
-        "application/msword",
-        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
-        "application/vnd.ms-excel",
-        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
-        "application/vnd.ms-powerpoint",
-        "application/vnd.openxmlformats-officedocument.presentationml.presentation",
-        "application/vnd.oasis.opendocument.text",
-        "application/vnd.oasis.opendocument.spreadsheet",
-        "application/vnd.oasis.opendocument.presentation",
-        "text/csv",
-        "text/plain",
-        "application/json",
-        "text/yaml",
-        "text/markdown",
-    ],
-    maxFileSizeBytes: 25 * MB,
-    timeoutMs: 10000,
-    concurrency: 4,
-    failClosed: true,
-});
-/**
- * Images-only policy.
- *
- * Appropriate for: avatar uploads, product image APIs, content platforms with
- * user-generated imagery.
- *
- * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.
- * Max size: 10 MB.
- * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
- */
-const IMAGES_ONLY = definePolicy({
-    includeExtensions: ["jpg", "jpeg", "png", "gif", "webp", "avif", "tiff", "tif", "bmp", "ico"],
-    allowedMimeTypes: [
-        "image/jpeg",
-        "image/png",
-        "image/gif",
-        "image/webp",
-        "image/avif",
-        "image/tiff",
-        "image/bmp",
-        "image/x-icon",
-        "image/vnd.microsoft.icon",
-    ],
-    maxFileSizeBytes: 10 * MB,
-    timeoutMs: 5000,
-    concurrency: 8,
-    failClosed: true,
-});
-/**
- * Strict public-upload policy.
- *
- * Appropriate for: anonymous or low-trust upload endpoints, public APIs,
- * any surface exposed to untrusted users.
- *
- * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME
- * allowlist.  Only allows plain images and PDF.
- */
-const STRICT_PUBLIC_UPLOAD = definePolicy({
-    includeExtensions: ["jpg", "jpeg", "png", "webp", "pdf"],
-    allowedMimeTypes: ["image/jpeg", "image/png", "image/webp", "application/pdf"],
-    maxFileSizeBytes: 5 * MB,
-    timeoutMs: 4000,
-    concurrency: 2,
-    failClosed: true,
-});
-/**
- * Conservative default policy.
- *
- * A hardened version of the built-in `DEFAULT_POLICY` suitable for
- * production without further customisation.  Stricter size limit and
- * shorter timeout than the permissive default.
- */
-const CONSERVATIVE_DEFAULT = definePolicy({
-    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf", "txt", "csv", "docx", "xlsx"],
-    allowedMimeTypes: [
-        "application/zip",
-        "image/png",
-        "image/jpeg",
-        "application/pdf",
-        "text/plain",
-        "text/csv",
-        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
-        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
-    ],
-    maxFileSizeBytes: 10 * MB,
-    timeoutMs: 8000,
-    concurrency: 4,
-    failClosed: true,
-});
-/**
- * Archives policy.
- *
- * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.
- * Combines a generous size allowance with a longer timeout for deep inspection.
- *
- * NOTE: Pair this policy with `createZipBombGuard()` to defend against
- * decompression-bomb attacks:
- *
- * ```ts
- * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';
- * const scanner = composeScanners(
- *   [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]
- * );
- * ```
- */
-const ARCHIVES = definePolicy({
-    includeExtensions: ["zip", "tar", "gz", "tgz", "bz2", "xz", "7z", "rar"],
-    allowedMimeTypes: [
-        "application/zip",
-        "application/x-tar",
-        "application/gzip",
-        "application/x-bzip2",
-        "application/x-xz",
-        "application/x-7z-compressed",
-        "application/x-rar-compressed",
-    ],
-    maxFileSizeBytes: 100 * MB,
-    timeoutMs: 30000,
-    concurrency: 2,
-    failClosed: true,
-});
-/**
- * Named map of all built-in policy packs.
- *
- * ```ts
- * import { POLICY_PACKS } from 'pompelmi/policy-packs';
- * const policy = POLICY_PACKS['strict-public-upload'];
- * ```
- */
-const POLICY_PACKS = {
-    "documents-only": DOCUMENTS_ONLY,
-    "images-only": IMAGES_ONLY,
-    "strict-public-upload": STRICT_PUBLIC_UPLOAD,
-    "conservative-default": CONSERVATIVE_DEFAULT,
-    archives: ARCHIVES,
-};
-/**
- * Look up a policy pack by name.
- * Throws if the name is not recognised.
- */
-function getPolicyPack(name) {
-    const policy = POLICY_PACKS[name];
-    if (!policy)
-        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(", ")}`);
-    return policy;
-}
-
-export { ARCHIVES, CONSERVATIVE_DEFAULT, DOCUMENTS_ONLY, IMAGES_ONLY, POLICY_PACKS, STRICT_PUBLIC_UPLOAD, getPolicyPack };
-//# sourceMappingURL=pompelmi.policy-packs.esm.js.map

package/dist/pompelmi.policy-packs.esm.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pompelmi.policy-packs.esm.js","sources":["../../src/policy.ts","../../src/policy-packs.ts"],"sourcesContent":["export interface Policy {\n  includeExtensions: string[];\n  allowedMimeTypes: string[];\n  maxFileSizeBytes: number;\n  timeoutMs: number;\n  concurrency: number;\n  failClosed: boolean;\n  onScanEvent?: (ev: unknown) => void;\n}\nexport type PolicyInput = Partial<Policy>;\n\nconst MB = 1024 * 1024;\n\nexport const DEFAULT_POLICY: Policy = {\n  includeExtensions: [\"zip\", \"png\", \"jpg\", \"jpeg\", \"pdf\"],\n  allowedMimeTypes: [\"application/zip\", \"image/png\", \"image/jpeg\", \"application/pdf\", \"text/plain\"],\n  maxFileSizeBytes: 20 * MB,\n  timeoutMs: 5000,\n  concurrency: 4,\n  failClosed: true,\n};\n\nexport function definePolicy(input: PolicyInput = {}): Policy {\n  const p: Policy = { ...DEFAULT_POLICY, ...input };\n  if (!Array.isArray(p.includeExtensions))\n    throw new TypeError(\"includeExtensions must be string[]\");\n  if (!Array.isArray(p.allowedMimeTypes)) throw new TypeError(\"allowedMimeTypes must be string[]\");\n  if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))\n    throw new TypeError(\"maxFileSizeBytes must be > 0\");\n  if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))\n    throw new TypeError(\"timeoutMs must be > 0\");\n  if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))\n    throw new TypeError(\"concurrency must be > 0\");\n  return p;\n}\n","/**\n * Policy packs for Pompelmi.\n *\n * Pre-configured, named policies for common upload scenarios.  Each pack\n * defines the file type allowlist, size limits, and timeout appropriate for\n * its use case.\n *\n * All packs are built on `definePolicy` and are fully overridable:\n *\n * ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n *\n * // Use a pack as-is:\n * const policy = POLICY_PACKS['images-only'];\n *\n * // Or override individual fields:\n * import { definePolicy } from 'pompelmi';\n * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });\n * ```\n *\n * These packs are *deterministic* and *descriptor-based* — they do not\n * depend on any external threat intelligence feed.\n *\n * @module policy-packs\n */\n\nimport { definePolicy, type Policy } from \"./policy\";\n\nconst KB = 1024;\nconst MB = 1024 * KB;\n\n// ── Policy packs ──────────────────────────────────────────────────────────────\n\n/**\n * Documents-only policy.\n *\n * Appropriate for: document management APIs, PDF/Office file upload endpoints,\n * data import pipelines.\n *\n * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),\n *   CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).\n * Max size: 25 MB.\n */\nexport const DOCUMENTS_ONLY: Policy = definePolicy({\n  includeExtensions: [\n    \"pdf\",\n    \"doc\",\n    \"docx\",\n    \"xls\",\n    \"xlsx\",\n    \"ppt\",\n    \"pptx\",\n    \"odt\",\n    \"ods\",\n    \"odp\",\n    \"csv\",\n    \"txt\",\n    \"json\",\n    \"yaml\",\n    \"yml\",\n    \"md\",\n  ],\n  allowedMimeTypes: [\n    \"application/pdf\",\n    \"application/msword\",\n    \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n    \"application/vnd.ms-excel\",\n    \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n    \"application/vnd.ms-powerpoint\",\n    \"application/vnd.openxmlformats-officedocument.presentationml.presentation\",\n    \"application/vnd.oasis.opendocument.text\",\n    \"application/vnd.oasis.opendocument.spreadsheet\",\n    \"application/vnd.oasis.opendocument.presentation\",\n    \"text/csv\",\n    \"text/plain\",\n    \"application/json\",\n    \"text/yaml\",\n    \"text/markdown\",\n  ],\n  maxFileSizeBytes: 25 * MB,\n  timeoutMs: 10_000,\n  concurrency: 4,\n  failClosed: true,\n});\n\n/**\n * Images-only policy.\n *\n * Appropriate for: avatar uploads, product image APIs, content platforms with\n * user-generated imagery.\n *\n * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.\n * Max size: 10 MB.\n * Note: SVG is intentionally excluded — inline SVGs can contain scripts.\n */\nexport const IMAGES_ONLY: Policy = definePolicy({\n  includeExtensions: [\"jpg\", \"jpeg\", \"png\", \"gif\", \"webp\", \"avif\", \"tiff\", \"tif\", \"bmp\", \"ico\"],\n  allowedMimeTypes: [\n    \"image/jpeg\",\n    \"image/png\",\n    \"image/gif\",\n    \"image/webp\",\n    \"image/avif\",\n    \"image/tiff\",\n    \"image/bmp\",\n    \"image/x-icon\",\n    \"image/vnd.microsoft.icon\",\n  ],\n  maxFileSizeBytes: 10 * MB,\n  timeoutMs: 5_000,\n  concurrency: 8,\n  failClosed: true,\n});\n\n/**\n * Strict public-upload policy.\n *\n * Appropriate for: anonymous or low-trust upload endpoints, public APIs,\n * any surface exposed to untrusted users.\n *\n * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME\n * allowlist.  Only allows plain images and PDF.\n */\nexport const STRICT_PUBLIC_UPLOAD: Policy = definePolicy({\n  includeExtensions: [\"jpg\", \"jpeg\", \"png\", \"webp\", \"pdf\"],\n  allowedMimeTypes: [\"image/jpeg\", \"image/png\", \"image/webp\", \"application/pdf\"],\n  maxFileSizeBytes: 5 * MB,\n  timeoutMs: 4_000,\n  concurrency: 2,\n  failClosed: true,\n});\n\n/**\n * Conservative default policy.\n *\n * A hardened version of the built-in `DEFAULT_POLICY` suitable for\n * production without further customisation.  Stricter size limit and\n * shorter timeout than the permissive default.\n */\nexport const CONSERVATIVE_DEFAULT: Policy = definePolicy({\n  includeExtensions: [\"zip\", \"png\", \"jpg\", \"jpeg\", \"pdf\", \"txt\", \"csv\", \"docx\", \"xlsx\"],\n  allowedMimeTypes: [\n    \"application/zip\",\n    \"image/png\",\n    \"image/jpeg\",\n    \"application/pdf\",\n    \"text/plain\",\n    \"text/csv\",\n    \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n    \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n  ],\n  maxFileSizeBytes: 10 * MB,\n  timeoutMs: 8_000,\n  concurrency: 4,\n  failClosed: true,\n});\n\n/**\n * Archives policy.\n *\n * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.\n * Combines a generous size allowance with a longer timeout for deep inspection.\n *\n * NOTE: Pair this policy with `createZipBombGuard()` to defend against\n * decompression-bomb attacks:\n *\n * ```ts\n * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';\n * const scanner = composeScanners(\n *   [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]\n * );\n * ```\n */\nexport const ARCHIVES: Policy = definePolicy({\n  includeExtensions: [\"zip\", \"tar\", \"gz\", \"tgz\", \"bz2\", \"xz\", \"7z\", \"rar\"],\n  allowedMimeTypes: [\n    \"application/zip\",\n    \"application/x-tar\",\n    \"application/gzip\",\n    \"application/x-bzip2\",\n    \"application/x-xz\",\n    \"application/x-7z-compressed\",\n    \"application/x-rar-compressed\",\n  ],\n  maxFileSizeBytes: 100 * MB,\n  timeoutMs: 30_000,\n  concurrency: 2,\n  failClosed: true,\n});\n\n// ── Named map ────────────────────────────────────────────────────────────────\n\nexport type PolicyPackName =\n  | \"documents-only\"\n  | \"images-only\"\n  | \"strict-public-upload\"\n  | \"conservative-default\"\n  | \"archives\";\n\n/**\n * Named map of all built-in policy packs.\n *\n * ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n * const policy = POLICY_PACKS['strict-public-upload'];\n * ```\n */\nexport const POLICY_PACKS: Record<PolicyPackName, Policy> = {\n  \"documents-only\": DOCUMENTS_ONLY,\n  \"images-only\": IMAGES_ONLY,\n  \"strict-public-upload\": STRICT_PUBLIC_UPLOAD,\n  \"conservative-default\": CONSERVATIVE_DEFAULT,\n  archives: ARCHIVES,\n};\n\n/**\n * Look up a policy pack by name.\n * Throws if the name is not recognised.\n */\nexport function getPolicyPack(name: PolicyPackName): Policy {\n  const policy = POLICY_PACKS[name];\n  if (!policy)\n    throw new Error(\n      `Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(\", \")}`,\n    );\n  return policy;\n}\n"],"names":["MB"],"mappings":"AAWA,MAAMA,IAAE,GAAG,IAAI,GAAG,IAAI;AAEf,MAAM,cAAc,GAAW;IACpC,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IACvD,gBAAgB,EAAE,CAAC,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC;IACjG,gBAAgB,EAAE,EAAE,GAAGA,IAAE;AACzB,IAAA,SAAS,EAAE,IAAI;AACf,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;CACjB;AAEK,SAAU,YAAY,CAAC,KAAA,GAAqB,EAAE,EAAA;IAClD,MAAM,CAAC,GAAW,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,EAAE;IACjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC;AACrC,QAAA,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC;IAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC;AAChG,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,CAAC;AAClE,QAAA,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC;AACrD,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;AACpD,QAAA,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC;AAC9C,IAAA,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;AACzD,QAAA,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC;AAChD,IAAA,OAAO,CAAC;AACV;;AClCA;;;;;;;;;;;;;;;;;;;;;;;;AAwBG;AAIH,MAAM,EAAE,GAAG,IAAI;AACf,MAAM,EAAE,GAAG,IAAI,GAAG,EAAE;AAEpB;AAEA;;;;;;;;;AASG;AACI,MAAM,cAAc,GAAW,YAAY,CAAC;AACjD,IAAA,iBAAiB,EAAE;QACjB,KAAK;QACL,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,KAAK;QACL,IAAI;AACL,KAAA;AACD,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,oBAAoB;QACpB,yEAAyE;QACzE,0BAA0B;QAC1B,mEAAmE;QACnE,+BAA+B;QAC/B,2EAA2E;QAC3E,yCAAyC;QACzC,gDAAgD;QAChD,iDAAiD;QACjD,UAAU;QACV,YAAY;QACZ,kBAAkB;QAClB,WAAW;QACX,eAAe;AAChB,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;AASG;AACI,MAAM,WAAW,GAAW,YAAY,CAAC;IAC9C,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;AAC7F,IAAA,gBAAgB,EAAE;QAChB,YAAY;QACZ,WAAW;QACX,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,cAAc;QACd,0BAA0B;AAC3B,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;AAQG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;IACvD,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IACxD,gBAAgB,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,CAAC;IAC9E,gBAAgB,EAAE,CAAC,GAAG,EAAE;AACxB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;AAMG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;AACvD,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;AACrF,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,WAAW;QACX,YAAY;QACZ,iBAAiB;QACjB,YAAY;QACZ,UAAU;QACV,yEAAyE;QACzE,mEAAmE;AACpE,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;;;;;;;AAeG;AACI,MAAM,QAAQ,GAAW,YAAY,CAAC;AAC3C,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC;AACxE,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,mBAAmB;QACnB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,6BAA6B;QAC7B,8BAA8B;AAC/B,KAAA;IACD,gBAAgB,EAAE,GAAG,GAAG,EAAE;AAC1B,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAWD;;;;;;;AAOG;AACI,MAAM,YAAY,GAAmC;AAC1D,IAAA,gBAAgB,EAAE,cAAc;AAChC,IAAA,aAAa,EAAE,WAAW;AAC1B,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,QAAQ,EAAE,QAAQ;;AAGpB;;;AAGG;AACG,SAAU,aAAa,CAAC,IAAoB,EAAA;AAChD,IAAA,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;AACjC,IAAA,IAAI,CAAC,MAAM;AACT,QAAA,MAAM,IAAI,KAAK,CACb,yBAAyB,IAAI,CAAA,gBAAA,EAAmB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CACvF;AACH,IAAA,OAAO,MAAM;AACf;;;;"}