npm - projscan - Versions diffs - 2.1.0 → 2.2.0 - Mend

projscan 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +26 -25
package/dist/analyzers/supplyChainCheck.d.ts +2 -0
package/dist/analyzers/supplyChainCheck.js +400 -0
package/dist/analyzers/supplyChainCheck.js.map +1 -0
package/dist/core/issueEngine.js +2 -0
package/dist/core/issueEngine.js.map +1 -1
package/dist/core/preflight.js +38 -4
package/dist/core/preflight.js.map +1 -1
package/dist/core/review.js +31 -2
package/dist/core/review.js.map +1 -1
package/dist/projscan-sbom.cdx.json +4589 -0
package/dist/tool-manifest.json +2 -2
package/dist/types.d.ts +5 -1
package/package.json +9 -6

package/README.md CHANGED Viewed

@@ -9,9 +9,9 @@
 **Agent-first code intelligence.** An MCP server that lets AI coding agents (Claude Code, Codex, Cursor, Gemini, Windsurf, Cline, Continue, Zed — any MCP-aware client) query your codebase — with a CLI for humans and a local plugin layer for team-specific policy and reporting.
-[AI Agent Quick Start](#ai-agent-integration-mcp) · [CLI Quick Start](#quick-start) · [Commands](#commands) · [Full Guide](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/GUIDE.md) · [Roadmap](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/ROADMAP.md)
+[AI Agent Quick Start](#ai-agent-integration-mcp) · [CLI Quick Start](#quick-start) · [Commands](#commands) · [Full Guide](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/GUIDE.md) · [Roadmap](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/ROADMAP.md)
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/projscan-reporter-plugin.png" alt="projscan reporter plugin running in a macOS-style terminal window with a team health summary" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/projscan-reporter-plugin.png" alt="projscan reporter plugin running in a macOS-style terminal window with a team health summary" width="700">
 </div>
@@ -21,7 +21,7 @@
 AI coding agents are becoming the primary interface to code. Today, when you ask your agent *"which files implement auth?"* or *"what breaks if I bump React from 18 to 19?"* - it either guesses from names, or it shells out to grep and reads raw output not built for it.
-**projscan is the first code-intelligence tool built for agents, not for humans.** Your agent gets a fast, AST-accurate, context-budget-aware view of your codebase through structured MCP tools. It can run a preflight safety gate before edits or merge, query the import graph, find symbol definitions, preview upgrades, rank hotspots, diff structural changes between refs, surface coupling/cycle hotspots, get an **intent-grounded** one-call PR review (now with new-taint-flow detection that *blocks* unsafe merges, plus an optional natural-language intent arg that labels each finding expected / unexpected / out-of-scope), request structured fix-action prompts for any open issue and **mechanically apply** the safe ones with rollback, ask "what breaks if I change this?" via transitive blast-radius analysis (across registered sibling repos too), surface source-to-sink taint flows, share a durable session across multiple agent invocations, and learn from how you use it — quieting accumulated noise on this specific repo over time without ever phoning home.
+**projscan is the first code-intelligence tool built for agents, not for humans.** Your agent gets a fast, AST-accurate, context-budget-aware view of your codebase through structured MCP tools. It can run a preflight safety gate before edits or merge, including supply-chain IOC evidence, query the import graph, find symbol definitions, preview upgrades, rank hotspots, diff structural changes between refs, surface coupling/cycle hotspots, get an **intent-grounded** one-call PR review (now with new-taint-flow detection that *blocks* unsafe merges, plus an optional natural-language intent arg that labels each finding expected / unexpected / out-of-scope), request structured fix-action prompts for any open issue and **mechanically apply** the safe ones with rollback, ask "what breaks if I change this?" via transitive blast-radius analysis (across registered sibling repos too), surface source-to-sink taint flows, share a durable session across multiple agent invocations, and learn from how you use it — quieting accumulated noise on this specific repo over time without ever phoning home.
 The stable local plugin platform turns that same pipeline into a team substrate: analyzer plugins add project-specific findings, and reporter plugins render `doctor`, `analyze`, and `ci` in your team's own voice without changing the underlying scan.
@@ -33,7 +33,7 @@ Humans get the same thing through the CLI.
 npx projscan
 ```
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/projscan-reporter-plugin.gif" alt="projscan doctor rendered through a local reporter plugin in a macOS-style terminal window" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/projscan-reporter-plugin.gif" alt="projscan doctor rendered through a local reporter plugin in a macOS-style terminal window" width="700">
 Run `projscan doctor` for a focused health check:
@@ -41,7 +41,7 @@ Run `projscan doctor` for a focused health check:
 npx projscan doctor
 ```
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20doctor.gif" alt="npx projscan doctor" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20doctor.gif" alt="npx projscan doctor" width="700">
 ## Install
@@ -61,8 +61,8 @@ Run inside any repository:
 ```bash
 projscan                            # Full project analysis
-projscan preflight --format json    # Agent safety gate: proceed, caution, or block
-projscan doctor                     # Health check
+projscan preflight --format json    # Agent safety gate with supply-chain evidence
+projscan doctor                     # Health check, including security and supply-chain risks
 projscan hotspots                   # Rank files by risk (churn × complexity × issues × ownership)
 projscan search <query>             # BM25-ranked search (content + symbols + path)
 projscan file <path>                # Drill into a file - purpose, risk, ownership, issues
@@ -84,17 +84,17 @@ projscan plugin test .projscan-plugins/policy.projscan-plugin.json
 PROJSCAN_PLUGINS_PREVIEW=1 projscan doctor --reporter team-radar
 ```
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20--help.gif" alt="npx projscan --help" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20--help.gif" alt="npx projscan --help" width="700">
-For a comprehensive walkthrough, see the **[Full Guide](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/GUIDE.md)**.
+For a comprehensive walkthrough, see the **[Full Guide](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/GUIDE.md)**.
 ## Commands
 | Command | Description |
 |---------|-------------|
 | `projscan analyze` | Full analysis - languages, frameworks, dependencies, issues |
-| `projscan doctor` | Health check - missing tooling, architecture smells, security risks |
-| `projscan preflight` | Agent safety gate - `proceed`, `caution`, or `block` with evidence |
+| `projscan doctor` | Health check - missing tooling, architecture smells, security and supply-chain risks |
+| `projscan preflight` | Agent safety gate - `proceed`, `caution`, or `block` with health, change, plugin, and supply-chain evidence |
 | `projscan hotspots` | Rank files by risk - churn × complexity × issues × ownership |
 | `projscan search <query>` | **BM25-ranked search** - content + symbols + path, with excerpts |
 | `projscan file <path>` | Drill into a file - purpose, risk, ownership, related issues |
@@ -129,31 +129,31 @@ projscan --help
 <details>
 <summary><strong>projscan structure</strong> - Directory tree with file counts</summary>
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20structure.gif" alt="npx projscan structure" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20structure.gif" alt="npx projscan structure" width="700">
 </details>
 <details>
 <summary><strong>projscan diagram</strong> - Architecture visualization</summary>
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20diagram.gif" alt="npx projscan diagram" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20diagram.gif" alt="npx projscan diagram" width="700">
 </details>
 <details>
 <summary><strong>projscan dependencies</strong> - Dependency analysis</summary>
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20dependencies.gif" alt="npx projscan dependencies" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20dependencies.gif" alt="npx projscan dependencies" width="700">
 </details>
 <details>
 <summary><strong>projscan explain</strong> - File explanation</summary>
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20explain.gif" alt="npx projscan explain" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20explain.gif" alt="npx projscan explain" width="700">
 </details>
 <details>
 <summary><strong>projscan badge</strong> - Health badge generation</summary>
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20badge.gif" alt="npx projscan badge" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20badge.gif" alt="npx projscan badge" width="700">
 </details>
 ### Output Formats
@@ -175,7 +175,7 @@ Run `projscan help` for the generated command-by-command support matrix.
 projscan can load local plugins from `.projscan-plugins/` when `PROJSCAN_PLUGINS_PREVIEW=1` is set. The environment flag is kept for explicit local-code opt-in. Analyzer plugins emit normal projscan issues; reporter plugins render supported CLI commands with team-specific output.
-**2.0 upgrade notes:** migrating from 1.x or authoring plugins? Start with the [2.0 Migration Guide](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/2.0-MIGRATION.md), then use [Plugin Authoring](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/PLUGIN-AUTHORING.md) and the [manifest schema](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/plugin.schema.json) as the stable contract.
+**2.0 upgrade notes:** migrating from 1.x or authoring plugins? Start with the [2.0 Migration Guide](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/2.0-MIGRATION.md), then use [Plugin Authoring](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/PLUGIN-AUTHORING.md) and the [manifest schema](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/plugin.schema.json) as the stable contract.
 ```bash
 projscan plugin list
@@ -184,9 +184,9 @@ PROJSCAN_PLUGINS_PREVIEW=1 projscan doctor --reporter team-radar
 PROJSCAN_PLUGINS_PREVIEW=1 projscan ci --reporter team-radar --min-score 80
 ```
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/projscan-reporter-plugin.gif" alt="projscan local reporter plugin rendering a team health report" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/projscan-reporter-plugin.gif" alt="projscan local reporter plugin rendering a team health report" width="700">
-Reporter plugins are intentionally CLI-only. MCP tools keep returning structured JSON-compatible payloads so agents can reason over stable data, while humans can get a polished local report for their team. Custom presentation, team-branded summaries, and white-label reports belong in reporter plugins rather than new core HTML theming flags. See [Plugin Authoring](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/PLUGIN-AUTHORING.md) for manifest shape, `render(context)`, validation, and the trust model.
+Reporter plugins are intentionally CLI-only. MCP tools keep returning structured JSON-compatible payloads so agents can reason over stable data, while humans can get a polished local report for their team. Custom presentation, team-branded summaries, and white-label reports belong in reporter plugins rather than new core HTML theming flags. See [Plugin Authoring](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/PLUGIN-AUTHORING.md) for manifest shape, `render(context)`, validation, and the trust model.
 ### Options
@@ -330,6 +330,7 @@ projscan reads your source code so it can be useful; it does not send your sourc
 | Read source files | every command | no | parses with tree-sitter / Babel; results cached at `.projscan-cache/` |
 | Spawn `git` | `hotspots`, `pr-diff`, `review`, `diff` | git itself may fetch if you run `git fetch` separately; **projscan never invokes `git fetch`** | `env: process.env` is passed so `git` can find its config |
 | Spawn `npm audit` | `audit` only | yes — by `npm`, not by projscan | runs against your local lockfile |
+| Scan supply-chain IOCs | `doctor`, `preflight`, release validation | no | checks manifests, lockfiles, hidden editor hooks, and suspicious install-time payloads against bundled indicators |
 | Load local plugins | only with `PROJSCAN_PLUGINS_PREVIEW=1` | no | imports local JS modules declared in `.projscan-plugins/`; only enable plugins you trust |
 | Load wasm grammars | first parse of a non-JS file | no | served from `dist/grammars/` inside the package; no fetch |
 | Build embeddings | semantic search opt-in only | yes — by `@xenova/transformers`, on first use | model cached locally after first download; remove the peer dep to remove this code path entirely |
@@ -346,7 +347,7 @@ If you read projscan's [Socket report](https://socket.dev/npm/package/projscan),
 ### Audit it yourself
 - **Source is open** at [github.com/abhiyoheswaran1/projscan](https://github.com/abhiyoheswaran1/projscan). The npm tarball matches the `dist/` produced by `npm run build` at the matching tag.
-- **Public API surface is locked** by `scripts/check-stability.mjs`, which runs in CI on every PR and fails on any rename or removal of an MCP tool, CLI command, or exit code. See [`docs/STABILITY.md`](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/STABILITY.md).
+- **Public API surface is locked** by `scripts/check-stability.mjs`, which runs in CI on every PR and fails on any rename or removal of an MCP tool, CLI command, or exit code. See [`docs/STABILITY.md`](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/STABILITY.md).
 - **Run it offline:** `npm install -g projscan` followed by anything except `audit` and `--mode semantic` works without network.
 - **Drop privilege further:** in CI, run projscan in a sandbox that disallows network egress; everything except `audit` will pass.
@@ -384,7 +385,7 @@ projscan ci --changed-only                     # Gate only on this PR's diff
 projscan ci --format sarif > projscan.sarif    # SARIF for Code Scanning
 ```
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20ci%20--min-score%2070.gif" alt="npx projscan ci --min-score 70" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20ci%20--min-score%2070.gif" alt="npx projscan ci --min-score 70" width="700">
 ### GitHub Action (recommended)
@@ -453,7 +454,7 @@ Fields:
 - `hotspots.limit` / `hotspots.since` - defaults for the `hotspots` command
 - `monorepo.importPolicy` - cross-package import allow/deny rules in monorepos *(0.14+)*
-See [`docs/GUIDE.md` → Configuration](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/GUIDE.md#configuration-projscanrc) for the full reference (field types, validation behavior, embedding config in `package.json`, monorepo `importPolicy` semantics).
+See [`docs/GUIDE.md` → Configuration](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/GUIDE.md#configuration-projscanrc) for the full reference (field types, validation behavior, embedding config in `package.json`, monorepo `importPolicy` semantics).
 ## Tracking Health Over Time
@@ -466,7 +467,7 @@ projscan diff                       # Compare against baseline
 projscan diff --format markdown     # Markdown diff for PRs
 ```
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/npx%20projscan%20diff%20--save-baseline.gif" alt="npx projscan diff --save-baseline" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/npx%20projscan%20diff%20--save-baseline.gif" alt="npx projscan diff --save-baseline" width="700">
 ## Hotspots - Where to Fix First
@@ -555,7 +556,7 @@ Coverage is also automatically joined into `projscan hotspots` when one of those
 **This is the primary way to use projscan.** `projscan mcp` starts an [MCP](https://modelcontextprotocol.io) server over stdio so AI coding agents can query your codebase with real structural accuracy - not regex, not grep.
-<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.0.0/docs/projscan-agent-demo.gif" alt="projscan answering two agent questions: what breaks if I rename buildCodeGraph (impact analysis with definitions, direct callers, transitive reach), and where should I fix first (ranked hotspots with cyclomatic complexity)" width="700">
+<img src="https://raw.githubusercontent.com/abhiyoheswaran1/projscan/v2.2.0/docs/projscan-agent-demo.gif" alt="projscan answering two agent questions: what breaks if I rename buildCodeGraph (impact analysis with definitions, direct callers, transitive reach), and where should I fix first (ranked hotspots with cyclomatic complexity)" width="700">
 Two questions an agent asks; structural answers in milliseconds. *"What breaks if I rename `buildCodeGraph`?"* → 31 direct callers, 97 files reachable. *"Where should I fix first?"* → ranked hotspots with AST cyclomatic complexity, churn, and ownership signals.
@@ -730,7 +731,7 @@ Capability is advertised under `experimental.fileChanged` on `initialize` so cli
 - **`projscan_apply_fix`** *(1.6)* - mechanically execute the safe fix templates. Default is dry-run; pass `confirm: true` to write. Atomic writes, per-apply rollback record at `.projscan-cache/rollbacks/<id>.json`. Reverse with `action: "rollback", rollback_id: ...`. Six templates supported at this release: `unused-dependency-*`, `missing-test-framework`, `missing-eslint`, `missing-prettier`, `missing-editorconfig`, `missing-readme`.
 - **`projscan_taint`** *(1.6)* - source-to-sink reachability over the per-function call graph. Built-in defaults cover common JS / Python sources (`process.env`, `req.body`, etc.) and sinks (`exec`, `eval`, `db.query`, etc.). Project-specific names go in `.projscanrc.json` `taint`. `projscan_review` automatically diffs taint flows between base and head and **blocks any PR that introduces a new flow**.
-For analyzer and reporter plugin authoring, manifest validation, `--reporter <name>`, and the trust model, see [Plugin Authoring](https://github.com/abhiyoheswaran1/projscan/blob/v2.0.0/docs/PLUGIN-AUTHORING.md).
+For analyzer and reporter plugin authoring, manifest validation, `--reporter <name>`, and the trust model, see [Plugin Authoring](https://github.com/abhiyoheswaran1/projscan/blob/v2.2.0/docs/PLUGIN-AUTHORING.md).
 ### Context-window budgeting

package/dist/analyzers/supplyChainCheck.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { FileEntry, Issue } from '../types.js';
2	+ export declare function check(rootPath: string, files: FileEntry[]): Promise<Issue[]>;

package/dist/analyzers/supplyChainCheck.js ADDED Viewed

@@ -0,0 +1,400 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+const DEPENDENCY_SCOPES = [
+    'dependencies',
+    'devDependencies',
+    'optionalDependencies',
+    'peerDependencies',
+];
+const LIFECYCLE_SCRIPTS = new Set([
+    'preinstall',
+    'install',
+    'postinstall',
+    'prepare',
+    'prepublish',
+    'prepublishOnly',
+]);
+const HIDDEN_HOOK_FILES = new Set([
+    '.claude/settings.json',
+    '.vscode/settings.json',
+    '.vscode/tasks.json',
+]);
+const PAYLOAD_FILENAMES = new Set(['router_init.js', 'tanstack_runner.js']);
+const MAX_JSON_MANIFEST_BYTES = 2 * 1024 * 1024;
+const MAX_LOCKFILE_BYTES = 25 * 1024 * 1024;
+const MAX_JS_PAYLOAD_SCAN_BYTES = 5 * 1024 * 1024;
+const LARGE_JS_PAYLOAD_BYTES = 1024 * 1024;
+const GITHUB_COMMIT_REF = /#[0-9a-f]{7,40}$/i;
+const KNOWN_CONTENT_IOCS = [
+    {
+        value: 'github:tanstack/router#79ac49eedf774dd4b0cfa308722bc463cfe5885c',
+        label: 'Mini Shai-Hulud malicious TanStack git dependency',
+    },
+    {
+        value: '79ac49eedf774dd4b0cfa308722bc463cfe5885c',
+        label: 'Mini Shai-Hulud malicious TanStack git ref',
+    },
+    { value: '@tanstack/setup', label: 'Mini Shai-Hulud fictitious package' },
+    { value: 'git-tanstack.com', label: 'Mini Shai-Hulud lookalike domain' },
+    { value: 'gh-token-monitor', label: 'GitHub token monitor persistence marker' },
+    { value: 'filev2.getsession.org', label: 'Mini Shai-Hulud exfiltration network' },
+    { value: 'seed1.getsession.org', label: 'Mini Shai-Hulud exfiltration network' },
+    { value: 'seed2.getsession.org', label: 'Mini Shai-Hulud exfiltration network' },
+    { value: 'seed3.getsession.org', label: 'Mini Shai-Hulud exfiltration network' },
+    { value: 'litter.catbox.moe/h8nc9u.js', label: 'Mini Shai-Hulud second-stage payload URL' },
+    { value: 'litter.catbox.moe/7rrc6l.mjs', label: 'Mini Shai-Hulud second-stage payload URL' },
+];
+const HIDDEN_HOOK_DANGER_PATTERNS = [
+    { pattern: /gh-token-monitor/i, label: 'GitHub token monitor persistence marker' },
+    { pattern: /git-tanstack\.com/i, label: 'Mini Shai-Hulud lookalike domain' },
+    { pattern: /router_init\.js/i, label: 'Mini Shai-Hulud payload filename' },
+    { pattern: /rm\s+-rf\s+(?:~|\$HOME|\/)/i, label: 'destructive home/root delete command' },
+    { pattern: /pkill\s+-f\s+gh-token-monitor/i, label: 'token-monitor process control' },
+    { pattern: /curl\b.+\|\s*(?:sh|bash)/i, label: 'download-and-execute shell pipeline' },
+];
+const OBFUSCATION_MARKERS = [
+    /while\s*\(\s*!!\[\]\s*\)/,
+    /_0x[a-f0-9]{4,}/i,
+    /String\s*\[\s*['"]fromCharCode['"]\s*\]/,
+    /\bFunction\s*\(\s*['"]/,
+    /\beval\s*\(/,
+];
+const MALICIOUS_PACKAGE_VERSIONS = new Map(Object.entries({
+    '@tanstack/arktype-adapter': ['1.166.12', '1.166.15'],
+    '@tanstack/eslint-plugin-router': ['1.161.9', '1.161.12'],
+    '@tanstack/eslint-plugin-start': ['0.0.4', '0.0.7'],
+    '@tanstack/history': ['1.161.9', '1.161.12'],
+    '@tanstack/nitro-v2-vite-plugin': ['1.154.12', '1.154.15'],
+    '@tanstack/react-router': ['1.169.5', '1.169.8'],
+    '@tanstack/react-router-devtools': ['1.166.16', '1.166.19'],
+    '@tanstack/react-router-ssr-query': ['1.166.15', '1.166.18'],
+    '@tanstack/react-start': ['1.167.68', '1.167.71'],
+    '@tanstack/react-start-client': ['1.166.51', '1.166.54'],
+    '@tanstack/react-start-rsc': ['0.0.47', '0.0.50'],
+    '@tanstack/react-start-server': ['1.166.55', '1.166.58'],
+    '@tanstack/router-cli': ['1.166.46', '1.166.49'],
+    '@tanstack/router-core': ['1.169.5', '1.169.8'],
+    '@tanstack/router-devtools': ['1.166.16', '1.166.19'],
+    '@tanstack/router-devtools-core': ['1.167.6', '1.167.9'],
+    '@tanstack/router-generator': ['1.166.45', '1.166.48'],
+    '@tanstack/router-plugin': ['1.167.38', '1.167.41'],
+    '@tanstack/router-ssr-query-core': ['1.168.3', '1.168.6'],
+    '@tanstack/router-utils': ['1.161.11', '1.161.14'],
+    '@tanstack/router-vite-plugin': ['1.166.53', '1.166.56'],
+    '@tanstack/solid-router': ['1.169.5', '1.169.8'],
+    '@tanstack/solid-router-devtools': ['1.166.16', '1.166.19'],
+    '@tanstack/solid-router-ssr-query': ['1.166.15', '1.166.18'],
+    '@tanstack/solid-start': ['1.167.65', '1.167.68'],
+    '@tanstack/solid-start-client': ['1.166.50', '1.166.53'],
+    '@tanstack/solid-start-server': ['1.166.54', '1.166.57'],
+    '@tanstack/start-client-core': ['1.168.5', '1.168.8'],
+    '@tanstack/start-fn-stubs': ['1.161.9', '1.161.12'],
+    '@tanstack/start-plugin-core': ['1.169.23', '1.169.26'],
+    '@tanstack/start-server-core': ['1.167.33', '1.167.36'],
+    '@tanstack/start-static-server-functions': ['1.166.44', '1.166.47'],
+    '@tanstack/start-storage-context': ['1.166.38', '1.166.41'],
+    '@tanstack/valibot-adapter': ['1.166.12', '1.166.15'],
+    '@tanstack/virtual-file-routes': ['1.161.10', '1.161.13'],
+    '@tanstack/vue-router': ['1.169.5', '1.169.8'],
+    '@tanstack/vue-router-devtools': ['1.166.16', '1.166.19'],
+    '@tanstack/vue-router-ssr-query': ['1.166.15', '1.166.18'],
+    '@tanstack/vue-start': ['1.167.61', '1.167.64'],
+    '@tanstack/vue-start-client': ['1.166.46', '1.166.49'],
+    '@tanstack/vue-start-server': ['1.166.50', '1.166.53'],
+    '@tanstack/zod-adapter': ['1.166.12', '1.166.15'],
+}).map(([name, versions]) => [name, new Set(versions)]));
+export async function check(rootPath, files) {
+    const issues = [];
+    const seen = new Set();
+    for (const file of files) {
+        if (isPackageManifest(file)) {
+            await scanPackageManifest(file, issues, seen);
+            continue;
+        }
+        if (isPackageLock(file)) {
+            await scanPackageLock(file, issues, seen);
+            continue;
+        }
+        if (HIDDEN_HOOK_FILES.has(normalizePath(file.relativePath))) {
+            await scanHiddenHook(file, issues, seen);
+            continue;
+        }
+        if (isJavaScriptPayloadCandidate(file)) {
+            await scanJavaScriptPayload(file, issues, seen);
+        }
+    }
+    return issues;
+}
+async function scanPackageManifest(file, issues, seen) {
+    const manifest = await readJson(file.absolutePath, MAX_JSON_MANIFEST_BYTES);
+    if (!manifest)
+        return;
+    for (const scope of DEPENDENCY_SCOPES) {
+        const deps = manifest[scope];
+        if (!deps || typeof deps !== 'object')
+            continue;
+        for (const [name, rawSpec] of Object.entries(deps)) {
+            const spec = typeof rawSpec === 'string' ? rawSpec.trim() : '';
+            if (!spec)
+                continue;
+            const exactVersion = normalizeExactVersion(spec);
+            if (exactVersion && isKnownMaliciousVersion(name, exactVersion)) {
+                pushIssue(issues, seen, maliciousPackageIssue(name, exactVersion, file.relativePath));
+            }
+            const ioc = KNOWN_CONTENT_IOCS.find(({ value }) => spec.includes(value));
+            if (ioc) {
+                pushIssue(issues, seen, makeIssue({
+                    id: `supply-chain-known-ioc-${safeId(name)}`,
+                    title: `Known malicious dependency IOC: ${name}`,
+                    description: `${name} is declared as "${spec}", which matches ${ioc.label}. Remove the dependency, delete node_modules and lockfiles, reinstall from clean sources, and rotate secrets on any machine that installed it.`,
+                    severity: 'error',
+                    file: file.relativePath,
+                }));
+            }
+            else if (isGithubCommitDependency(spec)) {
+                pushIssue(issues, seen, makeIssue({
+                    id: `supply-chain-git-dependency-${safeId(name)}`,
+                    title: `Dependency resolves directly to a GitHub commit: ${name}`,
+                    description: `The ${scope} entry "${name}" points at "${spec}". GitHub commit dependencies can bypass normal registry review and can run lifecycle scripts during install; pin a vetted registry package or remove the dependency.`,
+                    severity: 'warning',
+                    file: file.relativePath,
+                }));
+            }
+        }
+    }
+    if (manifest.scripts && typeof manifest.scripts === 'object') {
+        for (const [scriptName, rawCommand] of Object.entries(manifest.scripts)) {
+            if (!LIFECYCLE_SCRIPTS.has(scriptName))
+                continue;
+            const command = typeof rawCommand === 'string' ? rawCommand : String(rawCommand);
+            if (!shouldFlagLifecycleScript(scriptName, command))
+                continue;
+            pushIssue(issues, seen, makeIssue({
+                id: `supply-chain-lifecycle-${scriptName}`,
+                title: `Install lifecycle script present: ${scriptName}`,
+                description: `The package manifest defines "${scriptName}": "${command}". Install lifecycle scripts execute during dependency installation and are a common supply-chain execution path; verify this script before release or install.`,
+                severity: 'warning',
+                file: file.relativePath,
+            }));
+        }
+    }
+}
+async function scanPackageLock(file, issues, seen) {
+    const lock = await readJson(file.absolutePath, MAX_LOCKFILE_BYTES);
+    if (!lock)
+        return;
+    for (const [entryPath, entry] of Object.entries(lock.packages ?? {})) {
+        const name = packageNameFromLockPath(entryPath);
+        const version = typeof entry.version === 'string' ? entry.version : null;
+        if (name && version && isKnownMaliciousVersion(name, version)) {
+            pushIssue(issues, seen, maliciousPackageIssue(name, version, file.relativePath));
+        }
+        const resolved = typeof entry.resolved === 'string' ? entry.resolved : '';
+        const resolvedIoc = KNOWN_CONTENT_IOCS.find(({ value }) => resolved.includes(value));
+        if (resolvedIoc) {
+            pushIssue(issues, seen, makeIssue({
+                id: `supply-chain-known-ioc-${safeId(name ?? entryPath)}`,
+                title: `Known malicious lockfile IOC: ${name ?? entryPath}`,
+                description: `The lockfile package entry resolves through ${resolvedIoc.label}. Remove the dependency, delete node_modules and lockfiles, reinstall from clean sources, and rotate secrets on any machine that installed it.`,
+                severity: 'error',
+                file: file.relativePath,
+            }));
+        }
+        const manifestDeps = { ...(entry.dependencies ?? {}), ...(entry.optionalDependencies ?? {}) };
+        for (const [depName, rawSpec] of Object.entries(manifestDeps)) {
+            const spec = typeof rawSpec === 'string' ? rawSpec : '';
+            const ioc = KNOWN_CONTENT_IOCS.find(({ value }) => spec.includes(value) || resolved.includes(value));
+            if (!ioc)
+                continue;
+            pushIssue(issues, seen, makeIssue({
+                id: `supply-chain-known-ioc-${safeId(depName)}`,
+                title: `Known malicious lockfile IOC: ${depName}`,
+                description: `The lockfile contains ${ioc.label}. Remove the dependency, delete node_modules and lockfiles, reinstall from clean sources, and rotate secrets on any machine that installed it.`,
+                severity: 'error',
+                file: file.relativePath,
+            }));
+        }
+    }
+    for (const [name, entry] of Object.entries(lock.dependencies ?? {})) {
+        const version = typeof entry.version === 'string' ? entry.version : null;
+        if (version && isKnownMaliciousVersion(name, version)) {
+            pushIssue(issues, seen, maliciousPackageIssue(name, version, file.relativePath));
+        }
+        const resolved = typeof entry.resolved === 'string' ? entry.resolved : '';
+        const resolvedIoc = KNOWN_CONTENT_IOCS.find(({ value }) => resolved.includes(value));
+        if (resolvedIoc) {
+            pushIssue(issues, seen, makeIssue({
+                id: `supply-chain-known-ioc-${safeId(name)}`,
+                title: `Known malicious lockfile IOC: ${name}`,
+                description: `The lockfile dependency resolves through ${resolvedIoc.label}. Remove the dependency, delete node_modules and lockfiles, reinstall from clean sources, and rotate secrets on any machine that installed it.`,
+                severity: 'error',
+                file: file.relativePath,
+            }));
+        }
+    }
+}
+async function scanHiddenHook(file, issues, seen) {
+    const content = await readText(file.absolutePath, 256 * 1024);
+    if (!content)
+        return;
+    const matched = HIDDEN_HOOK_DANGER_PATTERNS.find(({ pattern }) => pattern.test(content));
+    if (!matched)
+        return;
+    pushIssue(issues, seen, makeIssue({
+        id: 'supply-chain-hidden-persistence-hook',
+        title: `Hidden editor/agent persistence hook in ${file.relativePath}`,
+        description: `${file.relativePath} contains ${matched.label}. Treat this as possible supply-chain persistence: remove the hook, inspect running processes, and rotate credentials if it may have executed.`,
+        severity: 'error',
+        file: file.relativePath,
+    }));
+}
+async function scanJavaScriptPayload(file, issues, seen) {
+    const basename = path.basename(file.relativePath);
+    if (PAYLOAD_FILENAMES.has(basename)) {
+        pushIssue(issues, seen, makeIssue({
+            id: `supply-chain-payload-file-${safeId(basename)}`,
+            title: `Known malicious payload filename: ${basename}`,
+            description: `${basename} matches a known Mini Shai-Hulud payload/helper filename. Remove the file, inspect install artifacts, and rotate credentials on any machine where it may have run.`,
+            severity: 'error',
+            file: file.relativePath,
+        }));
+        return;
+    }
+    if (file.sizeBytes < LARGE_JS_PAYLOAD_BYTES || file.sizeBytes > MAX_JS_PAYLOAD_SCAN_BYTES)
+        return;
+    const content = await readText(file.absolutePath, MAX_JS_PAYLOAD_SCAN_BYTES);
+    if (!content)
+        return;
+    const ioc = KNOWN_CONTENT_IOCS.find(({ value }) => content.includes(value));
+    if (ioc) {
+        pushIssue(issues, seen, makeIssue({
+            id: `supply-chain-known-ioc-${safeId(basename)}`,
+            title: `Known malicious JavaScript IOC in ${file.relativePath}`,
+            description: `${file.relativePath} contains ${ioc.label}. Remove the artifact and rotate credentials on any machine where it may have run.`,
+            severity: 'error',
+            file: file.relativePath,
+        }));
+        return;
+    }
+    const markerCount = OBFUSCATION_MARKERS.filter((pattern) => pattern.test(content)).length;
+    const hasLongLine = content.split(/\r?\n/, 4).some((line) => line.length > 50_000);
+    if (markerCount >= 2 || (markerCount >= 1 && hasLongLine)) {
+        pushIssue(issues, seen, makeIssue({
+            id: `supply-chain-obfuscated-payload-${safeId(basename)}`,
+            title: `Large obfuscated JavaScript payload: ${file.relativePath}`,
+            description: `${file.relativePath} is over 1 MB and contains obfuscation markers often seen in install-time malware. Inspect the artifact before installing or publishing.`,
+            severity: 'warning',
+            file: file.relativePath,
+        }));
+    }
+}
+function maliciousPackageIssue(name, version, file) {
+    return makeIssue({
+        id: `supply-chain-malicious-package-${name}`,
+        title: `Known malicious package version: ${name}@${version}`,
+        description: `${name}@${version} is listed in the May 11, 2026 TanStack Mini Shai-Hulud advisory. Remove the version from manifests/lockfiles, reinstall from a clean lockfile, and rotate credentials on any machine or CI runner that installed it.`,
+        severity: 'error',
+        file,
+    });
+}
+function makeIssue(input) {
+    return {
+        id: input.id,
+        title: input.title,
+        description: input.description,
+        severity: input.severity,
+        category: 'supply-chain',
+        fixAvailable: false,
+        locations: [{ file: input.file, line: 1 }],
+    };
+}
+function pushIssue(issues, seen, issue) {
+    const file = issue.locations?.[0]?.file ?? '';
+    const key = `${issue.id}:${file}`;
+    if (seen.has(key))
+        return;
+    seen.add(key);
+    issues.push(issue);
+}
+function isKnownMaliciousVersion(name, version) {
+    return MALICIOUS_PACKAGE_VERSIONS.get(name)?.has(version) === true;
+}
+function shouldFlagLifecycleScript(scriptName, command) {
+    if (scriptName !== 'prepare')
+        return true;
+    return (/\b(?:bun|node|deno|python|ruby|bash|sh|curl|wget|powershell|pwsh|npx)\b/i.test(command) ||
+        /\b(?:npm\s+exec|pnpm\s+dlx|yarn\s+dlx)\b/i.test(command) ||
+        /(?:&&|\|\||\|)/.test(command));
+}
+function normalizeExactVersion(spec) {
+    const trimmed = spec.trim();
+    if (/^\d+\.\d+\.\d+(?:[-+].*)?$/.test(trimmed))
+        return trimmed;
+    return null;
+}
+function isGithubCommitDependency(spec) {
+    if (!GITHUB_COMMIT_REF.test(spec))
+        return false;
+    const withoutRef = spec.slice(0, spec.lastIndexOf('#'));
+    return (/^(?:github:)?[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+(?:\.git)?$/i.test(withoutRef) ||
+        /^(?:git\+https|https|git):\/\/github\.com\/.+/i.test(withoutRef) ||
+        /^(?:git\+ssh|ssh):\/\/git@github\.com[:/].+/i.test(withoutRef) ||
+        /^git@github\.com:.+/i.test(withoutRef));
+}
+function isPackageManifest(file) {
+    return path.basename(file.relativePath) === 'package.json' && !normalizePath(file.relativePath).includes('/node_modules/');
+}
+function isPackageLock(file) {
+    return path.basename(file.relativePath) === 'package-lock.json';
+}
+function isJavaScriptPayloadCandidate(file) {
+    const basename = path.basename(file.relativePath);
+    return PAYLOAD_FILENAMES.has(basename) || ['.js', '.mjs', '.cjs'].includes(file.extension);
+}
+function packageNameFromLockPath(entryPath) {
+    const marker = 'node_modules/';
+    const markerIndex = entryPath.lastIndexOf(marker);
+    if (markerIndex === -1)
+        return null;
+    const last = entryPath.slice(markerIndex + marker.length);
+    if (!last)
+        return null;
+    const segments = last.split('/');
+    if (segments[0]?.startsWith('@') && segments[1])
+        return `${segments[0]}/${segments[1]}`;
+    return segments[0] || null;
+}
+function safeId(value) {
+    return value.replace(/^@/, '').replace(/[^A-Za-z0-9._/-]+/g, '-').replace(/\/+/g, '-');
+}
+function normalizePath(value) {
+    return value.split(path.sep).join('/');
+}
+async function readJson(filePath, maxBytes) {
+    const content = await readText(filePath, maxBytes);
+    if (!content)
+        return null;
+    try {
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+async function readText(filePath, maxBytes) {
+    try {
+        const handle = await fs.open(filePath, 'r');
+        try {
+            const buffer = Buffer.alloc(maxBytes);
+            const { bytesRead } = await handle.read(buffer, 0, maxBytes, 0);
+            return buffer.subarray(0, bytesRead).toString('utf8');
+        }
+        finally {
+            await handle.close();
+        }
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=supplyChainCheck.js.map

package/dist/analyzers/supplyChainCheck.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"supplyChainCheck.js","sourceRoot":"","sources":["../../src/analyzers/supplyChainCheck.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAe7B,MAAM,iBAAiB,GAA+B;IACpD,cAAc;IACd,iBAAiB;IACjB,sBAAsB;IACtB,kBAAkB;CACnB,CAAC;AAEF,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,YAAY;IACZ,SAAS;IACT,aAAa;IACb,SAAS;IACT,YAAY;IACZ,gBAAgB;CACjB,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,uBAAuB;IACvB,uBAAuB;IACvB,oBAAoB;CACrB,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,CAAC;AAC5E,MAAM,uBAAuB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAChD,MAAM,kBAAkB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAC5C,MAAM,yBAAyB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAClD,MAAM,sBAAsB,GAAG,IAAI,GAAG,IAAI,CAAC;AAE3C,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAE9C,MAAM,kBAAkB,GAA4C;IAClE;QACE,KAAK,EAAE,iEAAiE;QACxE,KAAK,EAAE,mDAAmD;KAC3D;IACD;QACE,KAAK,EAAE,0CAA0C;QACjD,KAAK,EAAE,4CAA4C;KACpD;IACD,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,EAAE,oCAAoC,EAAE;IACzE,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,kCAAkC,EAAE;IACxE,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,yCAAyC,EAAE;IAC/E,EAAE,KAAK,EAAE,uBAAuB,EAAE,KAAK,EAAE,sCAAsC,EAAE;IACjF,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,sCAAsC,EAAE;IAChF,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,sCAAsC,EAAE;IAChF,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,sCAAsC,EAAE;IAChF,EAAE,KAAK,EAAE,6BAA6B,EAAE,KAAK,EAAE,0CAA0C,EAAE;IAC3F,EAAE,KAAK,EAAE,8BAA8B,EAAE,KAAK,EAAE,0CAA0C,EAAE;CAC7F,CAAC;AAEF,MAAM,2BAA2B,GAA8C;IAC7E,EAAE,OAAO,EAAE,mBAAmB,EAAE,KAAK,EAAE,yCAAyC,EAAE;IAClF,EAAE,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAE,kCAAkC,EAAE;IAC5E,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,kCAAkC,EAAE;IAC1E,EAAE,OAAO,EAAE,6BAA6B,EAAE,KAAK,EAAE,sCAAsC,EAAE;IACzF,EAAE,OAAO,EAAE,gCAAgC,EAAE,KAAK,EAAE,+BAA+B,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,KAAK,EAAE,qCAAqC,EAAE;CACvF,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,0BAA0B;IAC1B,kBAAkB;IAClB,yCAAyC;IACzC,wBAAwB;IACxB,aAAa;CACd,CAAC;AAEF,MAAM,0BAA0B,GAAG,IAAI,GAAG,CACxC,MAAM,CAAC,OAAO,CAAC;IACb,2BAA2B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACrD,gCAAgC,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;IACzD,+BAA+B,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;IACnD,mBAAmB,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;IAC5C,gCAAgC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC1D,wBAAwB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAChD,iCAAiC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC3D,kCAAkC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC5D,uBAAuB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACjD,8BAA8B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACxD,2BAA2B,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;IACjD,8BAA8B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACxD,sBAAsB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAChD,uBAAuB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC/C,2BAA2B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACrD,gCAAgC,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IACxD,4BAA4B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACtD,yBAAyB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACnD,iCAAiC,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IACzD,wBAAwB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAClD,8BAA8B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACxD,wBAAwB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAChD,iCAAiC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC3D,kCAAkC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC5D,uBAAuB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACjD,8BAA8B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACxD,8BAA8B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACxD,6BAA6B,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IACrD,0BAA0B,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;IACnD,6BAA6B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACvD,6BAA6B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACvD,yCAAyC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACnE,iCAAiC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC3D,2BAA2B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACrD,+BAA+B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACzD,sBAAsB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9C,+BAA+B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACzD,gCAAgC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC1D,qBAAqB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAC/C,4BAA4B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACtD,4BAA4B,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IACtD,uBAAuB,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;CAClD,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CACxD,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,QAAgB,EAAE,KAAkB;IAC9D,MAAM,MAAM,GAAY,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,IAAI,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YAC5D,MAAM,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YACzC,SAAS;QACX,CAAC;QACD,IAAI,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,IAAe,EAAE,MAAe,EAAE,IAAiB;IACpF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAkB,IAAI,CAAC,YAAY,EAAE,uBAAuB,CAAC,CAAC;IAC7F,IAAI,CAAC,QAAQ;QAAE,OAAO;IAEtB,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAS;QAChD,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,YAAY,IAAI,uBAAuB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;gBAChE,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,qBAAqB,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;YACxF,CAAC;YACD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YACzE,IAAI,GAAG,EAAE,CAAC;gBACR,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;oBACR,EAAE,EAAE,0BAA0B,MAAM,CAAC,IAAI,CAAC,EAAE;oBAC5C,KAAK,EAAE,mCAAmC,IAAI,EAAE;oBAChD,WAAW,EAAE,GAAG,IAAI,oBAAoB,IAAI,oBAAoB,GAAG,CAAC,KAAK,gJAAgJ;oBACzN,QAAQ,EAAE,OAAO;oBACjB,IAAI,EAAE,IAAI,CAAC,YAAY;iBACxB,CAAC,CACH,CAAC;YACJ,CAAC;iBAAM,IAAI,wBAAwB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;oBACR,EAAE,EAAE,+BAA+B,MAAM,CAAC,IAAI,CAAC,EAAE;oBACjD,KAAK,EAAE,oDAAoD,IAAI,EAAE;oBACjE,WAAW,EAAE,OAAO,KAAK,WAAW,IAAI,gBAAgB,IAAI,uKAAuK;oBACnO,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;iBACxB,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACxE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,SAAS;YACjD,MAAM,OAAO,GAAG,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACjF,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,OAAO,CAAC;gBAAE,SAAS;YAC9D,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;gBACR,EAAE,EAAE,0BAA0B,UAAU,EAAE;gBAC1C,KAAK,EAAE,qCAAqC,UAAU,EAAE;gBACxD,WAAW,EAAE,iCAAiC,UAAU,OAAO,OAAO,iKAAiK;gBACvO,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAe,EAAE,MAAe,EAAE,IAAiB;IAChF,MAAM,IAAI,GAAG,MAAM,QAAQ,CAGxB,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI;QAAE,OAAO;IAElB,KAAK,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,IAAI,IAAI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YAC9D,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,qBAAqB,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACrF,IAAI,WAAW,EAAE,CAAC;YAChB,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;gBACR,EAAE,EAAE,0BAA0B,MAAM,CAAC,IAAI,IAAI,SAAS,CAAC,EAAE;gBACzD,KAAK,EAAE,iCAAiC,IAAI,IAAI,SAAS,EAAE;gBAC3D,WAAW,EAAE,+CAA+C,WAAW,CAAC,KAAK,gJAAgJ;gBAC7N,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,IAAI,CAAC,YAAY;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;QACD,MAAM,YAAY,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9F,KAAK,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YACrG,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;gBACR,EAAE,EAAE,0BAA0B,MAAM,CAAC,OAAO,CAAC,EAAE;gBAC/C,KAAK,EAAE,iCAAiC,OAAO,EAAE;gBACjD,WAAW,EAAE,yBAAyB,GAAG,CAAC,KAAK,gJAAgJ;gBAC/L,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,IAAI,CAAC,YAAY;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YACtD,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,qBAAqB,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACrF,IAAI,WAAW,EAAE,CAAC;YAChB,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;gBACR,EAAE,EAAE,0BAA0B,MAAM,CAAC,IAAI,CAAC,EAAE;gBAC5C,KAAK,EAAE,iCAAiC,IAAI,EAAE;gBAC9C,WAAW,EAAE,4CAA4C,WAAW,CAAC,KAAK,gJAAgJ;gBAC1N,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,IAAI,CAAC,YAAY;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAe,EAAE,MAAe,EAAE,IAAiB;IAC/E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC;IAC9D,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,MAAM,OAAO,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACzF,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;QACR,EAAE,EAAE,sCAAsC;QAC1C,KAAK,EAAE,2CAA2C,IAAI,CAAC,YAAY,EAAE;QACrE,WAAW,EAAE,GAAG,IAAI,CAAC,YAAY,aAAa,OAAO,CAAC,KAAK,gJAAgJ;QAC3M,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,IAAI,CAAC,YAAY;KACxB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,IAAe,EAAE,MAAe,EAAE,IAAiB;IACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAClD,IAAI,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;YACR,EAAE,EAAE,6BAA6B,MAAM,CAAC,QAAQ,CAAC,EAAE;YACnD,KAAK,EAAE,qCAAqC,QAAQ,EAAE;YACtD,WAAW,EAAE,GAAG,QAAQ,oKAAoK;YAC5L,QAAQ,EAAE,OAAO;YACjB,IAAI,EAAE,IAAI,CAAC,YAAY;SACxB,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,SAAS,GAAG,sBAAsB,IAAI,IAAI,CAAC,SAAS,GAAG,yBAAyB;QAAE,OAAO;IAClG,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC;IAC7E,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5E,IAAI,GAAG,EAAE,CAAC;QACR,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;YACR,EAAE,EAAE,0BAA0B,MAAM,CAAC,QAAQ,CAAC,EAAE;YAChD,KAAK,EAAE,qCAAqC,IAAI,CAAC,YAAY,EAAE;YAC/D,WAAW,EAAE,GAAG,IAAI,CAAC,YAAY,aAAa,GAAG,CAAC,KAAK,oFAAoF;YAC3I,QAAQ,EAAE,OAAO;YACjB,IAAI,EAAE,IAAI,CAAC,YAAY;SACxB,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAC1F,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IACnF,IAAI,WAAW,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,WAAW,CAAC,EAAE,CAAC;QAC1D,SAAS,CACP,MAAM,EACN,IAAI,EACJ,SAAS,CAAC;YACR,EAAE,EAAE,mCAAmC,MAAM,CAAC,QAAQ,CAAC,EAAE;YACzD,KAAK,EAAE,wCAAwC,IAAI,CAAC,YAAY,EAAE;YAClE,WAAW,EAAE,GAAG,IAAI,CAAC,YAAY,0IAA0I;YAC3K,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,IAAI,CAAC,YAAY;SACxB,CAAC,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,OAAe,EAAE,IAAY;IACxE,OAAO,SAAS,CAAC;QACf,EAAE,EAAE,kCAAkC,IAAI,EAAE;QAC5C,KAAK,EAAE,oCAAoC,IAAI,IAAI,OAAO,EAAE;QAC5D,WAAW,EAAE,GAAG,IAAI,IAAI,OAAO,uNAAuN;QACtP,QAAQ,EAAE,OAAO;QACjB,IAAI;KACL,CAAC,CAAC;AACL,CAAC;AAED,SAAS,SAAS,CAAC,KAMlB;IACC,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,cAAc;QACxB,YAAY,EAAE,KAAK;QACnB,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,MAAe,EAAE,IAAiB,EAAE,KAAY;IACjE,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;IAC9C,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;IAClC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO;IAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY,EAAE,OAAe;IAC5D,OAAO,0BAA0B,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;AACrE,CAAC;AAED,SAAS,yBAAyB,CAAC,UAAkB,EAAE,OAAe;IACpE,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,CACL,0EAA0E,CAAC,IAAI,CAAC,OAAO,CAAC;QACxF,2CAA2C,CAAC,IAAI,CAAC,OAAO,CAAC;QACzD,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC/D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,CACL,2DAA2D,CAAC,IAAI,CAAC,UAAU,CAAC;QAC5E,gDAAgD,CAAC,IAAI,CAAC,UAAU,CAAC;QACjE,8CAA8C,CAAC,IAAI,CAAC,UAAU,CAAC;QAC/D,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,CACxC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAe;IACxC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,cAAc,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AAC7H,CAAC;AAED,SAAS,aAAa,CAAC,IAAe;IACpC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,mBAAmB,CAAC;AAClE,CAAC;AAED,SAAS,4BAA4B,CAAC,IAAe;IACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAClD,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC7F,CAAC;AAED,SAAS,uBAAuB,CAAC,SAAiB;IAChD,MAAM,MAAM,GAAG,eAAe,CAAC;IAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAClD,IAAI,WAAW,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IACxF,OAAO,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC7B,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AACzF,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,QAAQ,CAAI,QAAgB,EAAE,QAAgB;IAC3D,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACnD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAM,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,QAAgB,EAAE,QAAgB;IACxD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;YAChE,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxD,CAAC;gBAAS,CAAC;YACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}