vaspera 2.5.0

package/dist/agents/logic-flaw-detector.js

@@ -0,0 +1,454 @@
+/**
+ * Logic Flaw Detector Agent
+ *
+ * Finds business logic vulnerabilities that pattern-based scanners miss.
+ * Analyzes control flow, state management, and business rule implementations.
+ *
+ * Focus areas:
+ * - State inconsistency: Variables mutable when should be immutable
+ * - Race conditions: Check-then-act without locks
+ * - Boundary conditions: Off-by-one, integer overflow
+ * - Error handling: Swallowed exceptions, incomplete cleanup
+ * - Trust boundaries: Client-supplied data used unsafely
+ * - Business rule violations: Incorrect implementations of business logic
+ *
+ * @module agents/logic-flaw-detector
+ */
+import { readFile } from "fs/promises";
+import * as path from "path";
+import { glob } from "glob";
+const LOGIC_PATTERNS = [
+    // State Inconsistency
+    {
+        id: "lfd-state-001",
+        title: "Mutable shared state in async context",
+        pattern: /let\s+\w+\s*=[\s\S]{0,50}(?:await|\.then|setTimeout|setInterval)/g,
+        severity: "medium",
+        category: "state-inconsistency",
+        cweIds: ["CWE-362", "CWE-820"],
+        description: "Mutable variable declared before async operation may lead to race conditions.",
+        impact: "Concurrent modifications can cause data corruption or unexpected behavior.",
+        recommendation: "Use const or atomic operations. Consider using immutable data structures.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-state-002",
+        title: "Global state modification in function",
+        pattern: /(?:global|window|globalThis)\.\w+\s*=(?!=)/g,
+        severity: "medium",
+        category: "state-inconsistency",
+        cweIds: ["CWE-362"],
+        description: "Function modifies global state which can cause unexpected side effects.",
+        impact: "Global state mutations make code unpredictable and hard to test.",
+        recommendation: "Pass state as parameters or use dependency injection.",
+        languages: ["typescript", "javascript"],
+    },
+    // Boundary Violations
+    {
+        id: "lfd-boundary-001",
+        title: "Array access without bounds check",
+        pattern: /\[\s*(?:\w+\s*[-+]\s*\d+|\w+\s*\*\s*\w+)\s*\]/g,
+        severity: "medium",
+        category: "boundary-violation",
+        cweIds: ["CWE-129", "CWE-787"],
+        description: "Array index calculation without explicit bounds validation.",
+        impact: "Out-of-bounds access can cause crashes or security vulnerabilities.",
+        recommendation: "Add explicit bounds checking before array access.",
+    },
+    {
+        id: "lfd-boundary-002",
+        title: "Loop condition off-by-one risk",
+        pattern: /for\s*\([^;]+;\s*\w+\s*<=\s*\w+\.length[^;]*;/g,
+        severity: "medium",
+        category: "boundary-violation",
+        cweIds: ["CWE-193"],
+        description: "Loop condition uses <= with length, potential off-by-one error.",
+        impact: "Off-by-one errors can cause array out-of-bounds access.",
+        recommendation: "Use < instead of <= when iterating to array length.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-boundary-003",
+        title: "Unchecked arithmetic in financial calculation",
+        pattern: /(?:price|amount|total|balance|cost|fee|rate)\s*(?:\*|\/)(?!\s*0)/g,
+        severity: "high",
+        category: "boundary-violation",
+        cweIds: ["CWE-190", "CWE-682"],
+        description: "Financial calculation without overflow/precision checking.",
+        impact: "Arithmetic errors in financial code can cause monetary losses.",
+        recommendation: "Use decimal libraries (decimal.js) for financial calculations.",
+    },
+    // Error Handling
+    {
+        id: "lfd-error-001",
+        title: "Empty catch block",
+        pattern: /catch\s*\([^)]*\)\s*\{\s*\}/g,
+        severity: "medium",
+        category: "error-handling",
+        cweIds: ["CWE-390"],
+        description: "Exception caught but not handled, silently ignoring errors.",
+        impact: "Errors are silently swallowed, making debugging difficult.",
+        recommendation: "Log the error or handle it appropriately. Use error monitoring.",
+    },
+    {
+        id: "lfd-error-002",
+        title: "Catch block only logs error",
+        pattern: /catch\s*\([^)]*\)\s*\{\s*(?:console\.(?:log|error)|logger\.\w+)\s*\([^)]+\)\s*;?\s*\}/g,
+        severity: "low",
+        category: "error-handling",
+        cweIds: ["CWE-755"],
+        description: "Exception caught and logged but execution continues as if successful.",
+        impact: "Application may continue in an invalid state after error.",
+        recommendation: "Consider re-throwing the error or returning an error result.",
+    },
+    {
+        id: "lfd-error-003",
+        title: "Missing cleanup in error path",
+        pattern: /try\s*\{[\s\S]{0,500}(?:open|connect|acquire|lock)[\s\S]{0,500}\}\s*catch[\s\S]{0,200}(?!\s*(?:close|disconnect|release|unlock))/g,
+        severity: "high",
+        category: "error-handling",
+        cweIds: ["CWE-404"],
+        description: "Resource acquired in try block may not be released in catch block.",
+        impact: "Resource leaks can cause denial of service or system instability.",
+        recommendation: "Use try-finally or resource management patterns (using, with).",
+    },
+    // Trust Boundary
+    {
+        id: "lfd-trust-001",
+        title: "User input used in object property access",
+        pattern: /\[\s*(?:req|request)\.(?:body|query|params)\.\w+\s*\]/g,
+        severity: "high",
+        category: "trust-boundary",
+        cweIds: ["CWE-915"],
+        description: "User-supplied key used for object property access enables prototype pollution.",
+        impact: "Attacker can access or modify unexpected object properties.",
+        recommendation: "Validate user input against allowlist of permitted keys.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-trust-002",
+        title: "Client-provided value used for authorization",
+        pattern: /(?:req|request)\.(?:body|query|params)\.(?:role|admin|permission|isAdmin|userId|user_id)/gi,
+        severity: "critical",
+        category: "trust-boundary",
+        cweIds: ["CWE-807"],
+        description: "Authorization decision based on client-provided value.",
+        impact: "Attacker can elevate privileges by modifying request parameters.",
+        recommendation: "Derive authorization data from session/token, never from client input.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-trust-003",
+        title: "Deserialization of untrusted data",
+        pattern: /(?:JSON\.parse|pickle\.loads?|yaml\.load|eval)\s*\([^)]*(?:req|request|input|data|body)/gi,
+        severity: "critical",
+        category: "trust-boundary",
+        cweIds: ["CWE-502"],
+        description: "Deserializing data from untrusted source without validation.",
+        impact: "Deserialization vulnerabilities can lead to remote code execution.",
+        recommendation: "Validate input schema before deserialization. Use safe parsers.",
+    },
+    // Business Logic
+    {
+        id: "lfd-biz-001",
+        title: "Price calculation after discount check",
+        pattern: /if\s*\([^)]*discount[^)]*\)[\s\S]{0,100}(?:price|total)\s*=/gi,
+        severity: "medium",
+        category: "business-logic",
+        cweIds: ["CWE-840"],
+        description: "Discount logic may be bypassable if not validated server-side.",
+        impact: "Attackers may manipulate pricing to get unauthorized discounts.",
+        recommendation: "Validate all pricing calculations server-side. Log anomalies.",
+    },
+    {
+        id: "lfd-biz-002",
+        title: "Quantity/amount not validated as positive",
+        pattern: /(?:quantity|amount|count)\s*[:=]\s*(?:parseInt|Number|parseFloat)\s*\([^)]+\)(?![\s\S]{0,50}(?:>|>=)\s*0)/gi,
+        severity: "medium",
+        category: "business-logic",
+        cweIds: ["CWE-20"],
+        description: "Numeric value from user input not validated as positive.",
+        impact: "Negative values may cause unexpected behavior or financial loss.",
+        recommendation: "Validate that quantities and amounts are positive numbers.",
+    },
+    // Null Safety
+    {
+        id: "lfd-null-001",
+        title: "Optional chaining followed by method call",
+        pattern: /\?\.\w+\s*\([^)]*\)\s*\./g,
+        severity: "low",
+        category: "null-safety",
+        cweIds: ["CWE-476"],
+        description: "Method called on potentially undefined result of optional chain.",
+        impact: "TypeError if the optional chain returns undefined.",
+        recommendation: "Add null check or continue optional chaining.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-null-002",
+        title: "Nullable value used without check",
+        pattern: /:\s*\w+\s*\|\s*(?:null|undefined)[\s\S]{0,200}(?<!\?\.)\.\w+/g,
+        severity: "medium",
+        category: "null-safety",
+        cweIds: ["CWE-476"],
+        description: "Nullable type accessed without null check.",
+        impact: "Runtime error when accessing property of null/undefined.",
+        recommendation: "Add null check or use optional chaining.",
+        languages: ["typescript"],
+    },
+    // Resource Leaks
+    {
+        id: "lfd-resource-001",
+        title: "Event listener not removed",
+        pattern: /addEventListener\s*\([^)]+\)(?![\s\S]{0,500}removeEventListener)/g,
+        severity: "low",
+        category: "resource-leak",
+        cweIds: ["CWE-401"],
+        description: "Event listener added without corresponding removal.",
+        impact: "Memory leaks in long-running applications.",
+        recommendation: "Remove event listeners in cleanup/unmount lifecycle.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-resource-002",
+        title: "Timer not cleared",
+        pattern: /(?:setInterval|setTimeout)\s*\([^)]+\)(?![\s\S]{0,300}clear(?:Interval|Timeout))/g,
+        severity: "low",
+        category: "resource-leak",
+        cweIds: ["CWE-401"],
+        description: "Timer created without being cleared.",
+        impact: "Timers may continue running after component/scope is destroyed.",
+        recommendation: "Store timer ID and clear in cleanup.",
+        languages: ["typescript", "javascript"],
+    },
+    // Invariant Violations
+    {
+        id: "lfd-inv-001",
+        title: "State modified without validation",
+        pattern: /this\.state\.\w+\s*=(?!=)/g,
+        severity: "medium",
+        category: "invariant-violation",
+        cweIds: ["CWE-20"],
+        description: "Direct state mutation may bypass validation invariants.",
+        impact: "Object may enter invalid state, causing downstream errors.",
+        recommendation: "Use setter methods with validation.",
+        languages: ["typescript", "javascript"],
+    },
+    {
+        id: "lfd-inv-002",
+        title: "Enum value not exhaustively checked",
+        pattern: /switch\s*\([^)]+\)\s*\{(?![\s\S]*default\s*:)/g,
+        severity: "low",
+        category: "invariant-violation",
+        cweIds: ["CWE-478"],
+        description: "Switch statement without default case may miss enum values.",
+        impact: "Unhandled enum values cause unexpected behavior.",
+        recommendation: "Add default case or exhaustive type checking.",
+    },
+];
+// ============================================================================
+// Analysis Functions
+// ============================================================================
+/**
+ * Detect language from file extension
+ */
+function detectLanguage(file) {
+    const ext = path.extname(file).toLowerCase();
+    const langMap = {
+        ".ts": "typescript",
+        ".tsx": "typescript",
+        ".js": "javascript",
+        ".jsx": "javascript",
+        ".py": "python",
+        ".go": "go",
+        ".java": "java",
+    };
+    return langMap[ext] || "unknown";
+}
+/**
+ * Extract code snippet around a line
+ */
+function extractSnippet(content, lineNumber, context = 2) {
+    const lines = content.split("\n");
+    const start = Math.max(0, lineNumber - context - 1);
+    const end = Math.min(lines.length, lineNumber + context);
+    return lines.slice(start, end).join("\n");
+}
+/**
+ * Find line number from character index
+ */
+function findLineNumber(content, index) {
+    return content.slice(0, index).split("\n").length;
+}
+/**
+ * Check if a finding is in a test file
+ */
+function isTestFile(file) {
+    return (file.includes(".test.") ||
+        file.includes(".spec.") ||
+        file.includes("__tests__") ||
+        file.includes("/test/") ||
+        file.includes("/tests/"));
+}
+/**
+ * Run logic flaw detection on a single file
+ */
+function analyzeFile(file, content, categories) {
+    const findings = [];
+    const language = detectLanguage(file);
+    // Skip test files
+    if (isTestFile(file)) {
+        return findings;
+    }
+    let findingId = 1;
+    for (const pattern of LOGIC_PATTERNS) {
+        // Filter by category if specified
+        if (categories.length > 0 && !categories.includes(pattern.category)) {
+            continue;
+        }
+        // Filter by language if specified
+        if (pattern.languages && !pattern.languages.includes(language)) {
+            continue;
+        }
+        // Reset regex
+        pattern.pattern.lastIndex = 0;
+        let match;
+        while ((match = pattern.pattern.exec(content)) !== null) {
+            const lineNumber = findLineNumber(content, match.index);
+            const snippet = extractSnippet(content, lineNumber);
+            findings.push({
+                id: `lfd-${file.slice(-10).replace(/[^a-z0-9]/gi, "")}-${String(findingId++).padStart(3, "0")}`,
+                title: pattern.title,
+                description: pattern.description,
+                severity: pattern.severity,
+                confidence: 75,
+                category: pattern.category,
+                file,
+                line: lineNumber,
+                codeSnippet: snippet,
+                impact: pattern.impact,
+                cweIds: pattern.cweIds,
+                recommendation: pattern.recommendation,
+            });
+        }
+    }
+    return findings;
+}
+// ============================================================================
+// Main Entry Point
+// ============================================================================
+/**
+ * Run logic flaw detection on a project
+ */
+export async function runLogicFlawDetector(projectPath, config) {
+    const absolutePath = path.resolve(projectPath);
+    const findings = [];
+    let filesAnalyzed = 0;
+    // Get files to analyze
+    let files;
+    if (config.focusFiles && config.focusFiles.length > 0) {
+        files = config.focusFiles;
+    }
+    else {
+        const patterns = ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.py", "**/*.go", "**/*.java"];
+        const ignore = [
+            "**/node_modules/**",
+            "**/vendor/**",
+            "**/dist/**",
+            "**/build/**",
+            "**/*.test.*",
+            "**/*.spec.*",
+            "**/test/**",
+            "**/tests/**",
+            "**/__tests__/**",
+        ];
+        files = await glob(patterns, {
+            cwd: absolutePath,
+            ignore,
+            nodir: true,
+        });
+    }
+    // Limit files based on depth
+    const maxFiles = config.maxFilesToAnalyze ||
+        (config.analysisDepth === "quick" ? 30 :
+            config.analysisDepth === "standard" ? 75 : 150);
+    const selectedFiles = files.slice(0, maxFiles);
+    const categories = config.categories || [];
+    // Analyze each file
+    for (const file of selectedFiles) {
+        const fullPath = path.join(absolutePath, file);
+        try {
+            const content = await readFile(fullPath, "utf-8");
+            const fileFindings = analyzeFile(file, content, categories);
+            findings.push(...fileFindings);
+            filesAnalyzed++;
+        }
+        catch {
+            // Skip unreadable files
+        }
+    }
+    // Generate recommendations
+    const recommendations = [];
+    const categoryCounts = {};
+    for (const finding of findings) {
+        categoryCounts[finding.category] = (categoryCounts[finding.category] || 0) + 1;
+    }
+    if (categoryCounts["trust-boundary"]) {
+        recommendations.push(`${categoryCounts["trust-boundary"]} trust boundary issues found. Implement strict input validation at all API boundaries.`);
+    }
+    if (categoryCounts["error-handling"]) {
+        recommendations.push(`${categoryCounts["error-handling"]} error handling issues found. Review exception handling patterns and ensure proper cleanup.`);
+    }
+    if (categoryCounts["boundary-violation"]) {
+        recommendations.push(`${categoryCounts["boundary-violation"]} boundary violations found. Add explicit bounds checking for array access and arithmetic.`);
+    }
+    if (categoryCounts["business-logic"]) {
+        recommendations.push(`${categoryCounts["business-logic"]} business logic issues found. Add server-side validation for all business rules.`);
+    }
+    const detectedCategories = Object.keys(categoryCounts);
+    return {
+        filesAnalyzed,
+        findings,
+        categories: detectedCategories,
+        recommendations,
+    };
+}
+/**
+ * Convert logic flaw findings to certification findings
+ */
+export function logicFlawToFindings(result) {
+    return result.findings.map((f) => ({
+        id: f.id,
+        severity: f.severity,
+        category: mapLogicCategory(f.category),
+        description: `${f.title}: ${f.description}`,
+        evidence: `File: ${f.file}:${f.line}\nCode: ${f.codeSnippet.slice(0, 200)}\nImpact: ${f.impact}`,
+        confidence: f.confidence,
+        verifications: [],
+        created_at: new Date().toISOString(),
+        scanner_source: "logic-flaw-detector",
+        metadata: {
+            cweIds: f.cweIds,
+            recommendation: f.recommendation,
+            relatedFunctions: f.relatedFunctions,
+        },
+    }));
+}
+/**
+ * Map logic flaw category to finding category
+ */
+function mapLogicCategory(category) {
+    const mapping = {
+        "state-inconsistency": "logic-flaw",
+        "race-condition": "race-condition",
+        "boundary-violation": "input-validation",
+        "error-handling": "error-handling",
+        "trust-boundary": "input-validation",
+        "business-logic": "logic-flaw",
+        "null-safety": "code-quality",
+        "resource-leak": "resource-management",
+        "invariant-violation": "logic-flaw",
+    };
+    return mapping[category] || "code-quality";
+}
+//# sourceMappingURL=logic-flaw-detector.js.map

package/dist/agents/logic-flaw-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logic-flaw-detector.js","sourceRoot":"","sources":["../../src/agents/logic-flaw-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAkE5B,MAAM,cAAc,GAAmB;IACrC,sBAAsB;IACtB;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,WAAW,EAAE,+EAA+E;QAC5F,MAAM,EAAE,4EAA4E;QACpF,cAAc,EAAE,2EAA2E;QAC3F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,6CAA6C;QACtD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,yEAAyE;QACtF,MAAM,EAAE,kEAAkE;QAC1E,cAAc,EAAE,uDAAuD;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,mCAAmC;QAC1C,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,oBAAoB;QAC9B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,WAAW,EAAE,6DAA6D;QAC1E,MAAM,EAAE,qEAAqE;QAC7E,cAAc,EAAE,mDAAmD;KACpE;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,gCAAgC;QACvC,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,oBAAoB;QAC9B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,iEAAiE;QAC9E,MAAM,EAAE,yDAAyD;QACjE,cAAc,EAAE,qDAAqD;QACrE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,+CAA+C;QACtD,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,oBAAoB;QAC9B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,WAAW,EAAE,4DAA4D;QACzE,MAAM,EAAE,gEAAgE;QACxE,cAAc,EAAE,gEAAgE;KACjF;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,6DAA6D;QAC1E,MAAM,EAAE,4DAA4D;QACpE,cAAc,EAAE,iEAAiE;KAClF;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,6BAA6B;QACpC,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,uEAAuE;QACpF,MAAM,EAAE,2DAA2D;QACnE,cAAc,EAAE,8DAA8D;KAC/E;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,+BAA+B;QACtC,OAAO,EAAE,mIAAmI;QAC5I,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,oEAAoE;QACjF,MAAM,EAAE,mEAAmE;QAC3E,cAAc,EAAE,gEAAgE;KACjF;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,2CAA2C;QAClD,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,gFAAgF;QAC7F,MAAM,EAAE,6DAA6D;QACrE,cAAc,EAAE,0DAA0D;QAC1E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,8CAA8C;QACrD,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,wDAAwD;QACrE,MAAM,EAAE,kEAAkE;QAC1E,cAAc,EAAE,wEAAwE;QACxF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,mCAAmC;QAC1C,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,8DAA8D;QAC3E,MAAM,EAAE,oEAAoE;QAC5E,cAAc,EAAE,iEAAiE;KAClF;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,wCAAwC;QAC/C,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,gEAAgE;QAC7E,MAAM,EAAE,iEAAiE;QACzE,cAAc,EAAE,+DAA+D;KAChF;IACD;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,2CAA2C;QAClD,OAAO,EAAE,6GAA6G;QACtH,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,CAAC,QAAQ,CAAC;QAClB,WAAW,EAAE,0DAA0D;QACvE,MAAM,EAAE,kEAAkE;QAC1E,cAAc,EAAE,4DAA4D;KAC7E;IAED,cAAc;IACd;QACE,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,2CAA2C;QAClD,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,kEAAkE;QAC/E,MAAM,EAAE,oDAAoD;QAC5D,cAAc,EAAE,+CAA+C;QAC/D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,mCAAmC;QAC1C,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,4CAA4C;QACzD,MAAM,EAAE,0DAA0D;QAClE,cAAc,EAAE,0CAA0C;QAC1D,SAAS,EAAE,CAAC,YAAY,CAAC;KAC1B;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,4BAA4B;QACnC,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,qDAAqD;QAClE,MAAM,EAAE,4CAA4C;QACpD,cAAc,EAAE,sDAAsD;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,mFAAmF;QAC5F,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,sCAAsC;QACnD,MAAM,EAAE,iEAAiE;QACzE,cAAc,EAAE,sCAAsC;QACtD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,mCAAmC;QAC1C,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,CAAC,QAAQ,CAAC;QAClB,WAAW,EAAE,yDAAyD;QACtE,MAAM,EAAE,4DAA4D;QACpE,cAAc,EAAE,qCAAqC;QACrD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,qCAAqC;QAC5C,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,WAAW,EAAE,6DAA6D;QAC1E,MAAM,EAAE,kDAAkD;QAC1D,cAAc,EAAE,+CAA+C;KAChE;CACF,CAAC;AAEF,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,OAAO,GAA2B;QACtC,KAAK,EAAE,YAAY;QACnB,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,YAAY;QACnB,MAAM,EAAE,YAAY;QACpB,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,IAAI;QACX,OAAO,EAAE,MAAM;KAChB,CAAC;IACF,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,UAAkB,EAAE,UAAkB,CAAC;IAC9E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,KAAa;IACpD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,CACL,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC1B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CACzB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,IAAY,EACZ,OAAe,EACf,UAA+B;IAE/B,MAAM,QAAQ,GAAuB,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEtC,kBAAkB;IAClB,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,kCAAkC;QAClC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpE,SAAS;QACX,CAAC;QAED,kCAAkC;QAClC,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/D,SAAS;QACX,CAAC;QAED,cAAc;QACd,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACxD,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAEpD,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBAC/F,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,EAAE;gBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI;gBACJ,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,OAAO;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,cAAc,EAAE,OAAO,CAAC,cAAc;aACvC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAmB,EACnB,MAA+B;IAE/B,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAuB,EAAE,CAAC;IACxC,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,uBAAuB;IACvB,IAAI,KAAe,CAAC;IAEpB,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QACnG,MAAM,MAAM,GAAG;YACb,oBAAoB;YACpB,cAAc;YACd,YAAY;YACZ,aAAa;YACb,aAAa;YACb,aAAa;YACb,YAAY;YACZ,aAAa;YACb,iBAAiB;SAClB,CAAC;QAEF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE;YAC3B,GAAG,EAAE,YAAY;YACjB,MAAM;YACN,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,iBAAiB;QACvC,CAAC,MAAM,CAAC,aAAa,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvC,MAAM,CAAC,aAAa,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IAE3C,oBAAoB;IACpB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YAC/B,aAAa,EAAE,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,MAAM,cAAc,GAA2B,EAAE,CAAC;IAElD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACjF,CAAC;IAED,IAAI,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,gBAAgB,CAAC,wFAAwF,CAAC,CAAC;IACpJ,CAAC;IACD,IAAI,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,gBAAgB,CAAC,6FAA6F,CAAC,CAAC;IACzJ,CAAC;IACD,IAAI,cAAc,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,oBAAoB,CAAC,2FAA2F,CAAC,CAAC;IAC3J,CAAC;IACD,IAAI,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,gBAAgB,CAAC,kFAAkF,CAAC,CAAC;IAC9I,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAwB,CAAC;IAE9E,OAAO;QACL,aAAa;QACb,QAAQ;QACR,UAAU,EAAE,kBAAkB;QAC9B,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA+B;IACjE,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC;QACtC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,WAAW,EAAE;QAC3C,QAAQ,EAAE,SAAS,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE;QAChG,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,cAAc,EAAE,qBAAqB;QACrC,QAAQ,EAAE;YACR,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,cAAc,EAAE,CAAC,CAAC,cAAc;YAChC,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;SACrC;KACF,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAA2B;IACnD,MAAM,OAAO,GAA+C;QAC1D,qBAAqB,EAAE,YAAY;QACnC,gBAAgB,EAAE,gBAAgB;QAClC,oBAAoB,EAAE,kBAAkB;QACxC,gBAAgB,EAAE,gBAAgB;QAClC,gBAAgB,EAAE,kBAAkB;QACpC,gBAAgB,EAAE,YAAY;QAC9B,aAAa,EAAE,cAAc;QAC7B,eAAe,EAAE,qBAAqB;QACtC,qBAAqB,EAAE,YAAY;KACpC,CAAC;IACF,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC;AAC7C,CAAC"}

package/dist/agents/zero-day-hunter.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Zero-Day Hunter Agent
+ *
+ * AI agent that reasons about code semantics to find novel vulnerabilities.
+ * Uses Claude to analyze code for patterns that pattern-based scanners miss.
+ *
+ * Focus areas:
+ * - Logic Flaws: Inconsistent state handling, broken assumptions
+ * - Authentication Bypasses: Ways to skip auth checks
+ * - Authorization Issues: Privilege escalation paths
+ * - Cryptographic Weaknesses: Weak algorithms, key management
+ * - Injection Vectors: Novel injection patterns beyond OWASP
+ *
+ * @module agents/zero-day-hunter
+ */
+import type { Severity, Finding } from "../certification/types.js";
+/**
+ * Configuration for zero-day hunter
+ */
+export interface ZeroDayHunterConfig {
+    model?: "claude-sonnet-4" | "claude-opus-4" | "claude-haiku";
+    analysisDepth: "quick" | "standard" | "thorough";
+    focusAreas: ZeroDayFocusArea[];
+    maxFilesToAnalyze?: number;
+    includePatterns?: string[];
+    excludePatterns?: string[];
+}
+export type ZeroDayFocusArea = "auth" | "crypto" | "injection" | "logic" | "state" | "access-control" | "data-validation" | "session" | "api";
+/**
+ * Zero-day finding with AI analysis
+ */
+export interface ZeroDayFinding {
+    id: string;
+    title: string;
+    description: string;
+    severity: Severity;
+    confidence: number;
+    category: ZeroDayFocusArea;
+    file: string;
+    line: number;
+    endLine?: number;
+    codeSnippet: string;
+    attackScenario: string;
+    cweIds: string[];
+    recommendation: string;
+    exploitability: "proven" | "likely" | "possible" | "theoretical";
+    aiReasoning: string;
+}
+/**
+ * Result of zero-day hunting
+ */
+export interface ZeroDayHunterResult {
+    filesAnalyzed: number;
+    findings: ZeroDayFinding[];
+    analysisDepth: string;
+    focusAreas: ZeroDayFocusArea[];
+    modelUsed: string;
+    totalTokensUsed?: number;
+    recommendations: string[];
+}
+/**
+ * Run zero-day hunting on a project
+ */
+export declare function runZeroDayHunter(projectPath: string, config: ZeroDayHunterConfig): Promise<ZeroDayHunterResult>;
+/**
+ * Convert zero-day findings to certification findings
+ */
+export declare function zeroDayToFindings(result: ZeroDayHunterResult): Finding[];
+//# sourceMappingURL=zero-day-hunter.d.ts.map

package/dist/agents/zero-day-hunter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zero-day-hunter.d.ts","sourceRoot":"","sources":["../../src/agents/zero-day-hunter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAmB,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,CAAC,EAAE,iBAAiB,GAAG,eAAe,GAAG,cAAc,CAAC;IAC7D,aAAa,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;IACjD,UAAU,EAAE,gBAAgB,EAAE,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,MAAM,gBAAgB,GACxB,MAAM,GACN,QAAQ,GACR,WAAW,GACX,OAAO,GACP,OAAO,GACP,gBAAgB,GAChB,iBAAiB,GACjB,SAAS,GACT,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,aAAa,CAAC;IACjE,WAAW,EAAE,MAAM,CAAC;CACrB;AAeD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,gBAAgB,EAAE,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AA8iBD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CA6D9B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,EAAE,CAkBxE"}