vaspera 2.5.0

package/dist/scanners/agent/permission-minimiser.js

@@ -0,0 +1,551 @@
+/**
+ * Permission Minimiser Scanner
+ *
+ * Analyzes tool usage traces to generate permission tightening proposals.
+ * This scanner helps implement the principle of least privilege by:
+ * - Identifying unused tools that can be disabled
+ * - Detecting broad permissions that can be scoped down
+ * - Recommending OAuth scope reductions
+ * - Suggesting file/path access restrictions
+ *
+ * @module scanners/agent/permission-minimiser
+ */
+import { createHash } from "crypto";
+import { readFile, readdir, writeFile, mkdir } from "fs/promises";
+import { join, dirname } from "path";
+// ============================================================================
+// Usage Analysis Patterns
+// ============================================================================
+/**
+ * Patterns for extracting file paths from arguments
+ */
+const FILE_PATH_PATTERNS = [
+    { key: "path", pattern: /.*/ },
+    { key: "file", pattern: /.*/ },
+    { key: "file_path", pattern: /.*/ },
+    { key: "filepath", pattern: /.*/ },
+    { key: "filename", pattern: /.*/ },
+    { key: "directory", pattern: /.*/ },
+    { key: "dir", pattern: /.*/ },
+    { key: "folder", pattern: /.*/ },
+    { key: "source", pattern: /.*\.(ts|js|json|md|txt|yaml|yml)$/i },
+    { key: "target", pattern: /.*\.(ts|js|json|md|txt|yaml|yml)$/i },
+];
+/**
+ * Patterns for extracting URLs from arguments
+ */
+const URL_PATTERNS = [
+    { key: "url", pattern: /^https?:\/\// },
+    { key: "endpoint", pattern: /^https?:\/\// },
+    { key: "uri", pattern: /^https?:\/\// },
+    { key: "webhook", pattern: /^https?:\/\// },
+    { key: "api_url", pattern: /^https?:\/\// },
+];
+// ============================================================================
+// Trace Loading
+// ============================================================================
+/**
+ * Load tool invocation traces from directory
+ */
+async function loadTraces(tracesDir) {
+    const invocations = [];
+    try {
+        const files = await readdir(tracesDir);
+        const jsonlFiles = files.filter((f) => f.endsWith(".jsonl"));
+        for (const file of jsonlFiles) {
+            const filePath = join(tracesDir, file);
+            const content = await readFile(filePath, "utf-8");
+            const lines = content.split("\n").filter((l) => l.trim());
+            for (const line of lines) {
+                try {
+                    const entry = JSON.parse(line);
+                    if (entry.tool) {
+                        invocations.push(entry);
+                    }
+                }
+                catch {
+                    // Skip invalid lines
+                }
+            }
+        }
+    }
+    catch {
+        // Directory doesn't exist or is empty
+    }
+    return invocations;
+}
+// ============================================================================
+// Usage Profile Building
+// ============================================================================
+/**
+ * Extract file paths accessed from invocation arguments
+ */
+function extractFilePaths(args) {
+    const paths = [];
+    for (const { key } of FILE_PATH_PATTERNS) {
+        const value = args[key];
+        if (typeof value === "string" && value.length > 0) {
+            paths.push(value);
+        }
+    }
+    return paths;
+}
+/**
+ * Extract URLs accessed from invocation arguments
+ */
+function extractUrls(args) {
+    const urls = [];
+    for (const { key, pattern } of URL_PATTERNS) {
+        const value = args[key];
+        if (typeof value === "string" && pattern.test(value)) {
+            urls.push(value);
+        }
+    }
+    return urls;
+}
+/**
+ * Build usage records from invocations
+ */
+function buildUsageRecords(invocations, manifest) {
+    const records = new Map();
+    // Initialize records for all tools in manifest
+    for (const tool of manifest.tools) {
+        records.set(tool.name, {
+            tool: tool.name,
+            invocations: 0,
+            argumentPatterns: [],
+            resourcesAccessed: [],
+            lastUsed: "",
+            firstUsed: "",
+        });
+    }
+    // Process invocations
+    for (const inv of invocations) {
+        let record = records.get(inv.tool);
+        if (!record) {
+            // Tool invoked but not in manifest (possibly removed)
+            record = {
+                tool: inv.tool,
+                invocations: 0,
+                argumentPatterns: [],
+                resourcesAccessed: [],
+                lastUsed: "",
+                firstUsed: "",
+            };
+            records.set(inv.tool, record);
+        }
+        record.invocations++;
+        // Track timestamps
+        if (!record.firstUsed || inv.timestamp < record.firstUsed) {
+            record.firstUsed = inv.timestamp;
+        }
+        if (!record.lastUsed || inv.timestamp > record.lastUsed) {
+            record.lastUsed = inv.timestamp;
+        }
+        // Extract resources accessed
+        const paths = extractFilePaths(inv.arguments);
+        const urls = extractUrls(inv.arguments);
+        record.resourcesAccessed.push(...paths, ...urls);
+        // Build argument patterns
+        const argKeys = Object.keys(inv.arguments).sort().join(",");
+        if (!record.argumentPatterns.includes(argKeys)) {
+            record.argumentPatterns.push(argKeys);
+        }
+    }
+    // Deduplicate resources
+    for (const record of records.values()) {
+        record.resourcesAccessed = [...new Set(record.resourcesAccessed)];
+    }
+    return records;
+}
+// ============================================================================
+// Permission Analysis
+// ============================================================================
+/**
+ * Find common path prefix for file access patterns
+ */
+function findCommonPrefix(paths) {
+    if (paths.length === 0)
+        return "";
+    if (paths.length === 1)
+        return dirname(paths[0]);
+    const parts = paths.map((p) => p.split("/"));
+    const minLength = Math.min(...parts.map((p) => p.length));
+    const common = [];
+    for (let i = 0; i < minLength; i++) {
+        const segment = parts[0][i];
+        if (parts.every((p) => p[i] === segment)) {
+            common.push(segment);
+        }
+        else {
+            break;
+        }
+    }
+    return common.join("/");
+}
+/**
+ * Generate path restriction proposal
+ */
+function proposePathRestriction(tool, record) {
+    const filePaths = record.resourcesAccessed.filter((r) => !r.startsWith("http"));
+    if (filePaths.length === 0)
+        return null;
+    const commonPrefix = findCommonPrefix(filePaths);
+    if (!commonPrefix || commonPrefix === "" || commonPrefix === ".") {
+        return null;
+    }
+    // Check if we can suggest a more specific path
+    const hasWildcard = !tool.inputSchema ||
+        JSON.stringify(tool.inputSchema).includes("*");
+    if (hasWildcard || filePaths.length >= 3) {
+        return {
+            type: "scope-down",
+            tool: tool.name,
+            current: "All paths (*)",
+            proposed: `${commonPrefix}/**`,
+            rationale: `Tool only accessed files under ${commonPrefix}/ in ${filePaths.length} invocations`,
+            riskReduction: 25,
+            confidence: Math.min(90, 50 + filePaths.length * 5),
+        };
+    }
+    return null;
+}
+/**
+ * Generate URL restriction proposal
+ */
+function proposeUrlRestriction(tool, record) {
+    const urls = record.resourcesAccessed.filter((r) => r.startsWith("http"));
+    if (urls.length === 0)
+        return null;
+    // Extract unique domains
+    const domains = new Set();
+    for (const url of urls) {
+        try {
+            const parsed = new URL(url);
+            domains.add(parsed.hostname);
+        }
+        catch {
+            // Invalid URL
+        }
+    }
+    if (domains.size === 0)
+        return null;
+    const domainList = Array.from(domains);
+    if (domainList.length <= 3 && tool.networkAccess) {
+        return {
+            type: "scope-down",
+            tool: tool.name,
+            current: "All URLs (*)",
+            proposed: `Allowlist: ${domainList.join(", ")}`,
+            rationale: `Tool only accessed ${domainList.length} domain(s) in ${urls.length} requests`,
+            riskReduction: 30,
+            confidence: Math.min(85, 50 + urls.length * 3),
+        };
+    }
+    return null;
+}
+/**
+ * Generate unused tool proposal
+ */
+function proposeDisableUnused(tool, record, totalInvocations, traceDays) {
+    if (record.invocations > 0)
+        return null;
+    // Only suggest if we have meaningful trace data
+    if (totalInvocations < 10 || traceDays < 7) {
+        return null;
+    }
+    return {
+        type: "disable-unused",
+        tool: tool.name,
+        current: "Enabled",
+        proposed: "Disabled",
+        rationale: `Tool not used in ${traceDays} days across ${totalInvocations} total invocations`,
+        riskReduction: tool.destructiveHint ? 40 : tool.networkAccess ? 30 : 15,
+        confidence: Math.min(80, 40 + traceDays),
+    };
+}
+/**
+ * Generate low-usage tool proposal
+ */
+function proposeLowUsageReview(tool, record, totalInvocations) {
+    if (record.invocations === 0)
+        return null;
+    const usagePercent = (record.invocations / totalInvocations) * 100;
+    // Flag tools with very low usage
+    if (usagePercent < 1 && totalInvocations > 50) {
+        return {
+            type: "add-constraint",
+            tool: tool.name,
+            current: `${record.invocations} invocations (${usagePercent.toFixed(2)}%)`,
+            proposed: "Add confirmation prompt or rate limit",
+            rationale: `Tool rarely used - consider adding explicit approval step`,
+            riskReduction: 10,
+            confidence: 60,
+        };
+    }
+    return null;
+}
+/**
+ * Generate all permission proposals
+ */
+function generateProposals(manifest, records, invocations) {
+    const proposals = [];
+    // Calculate trace period
+    let earliest = "";
+    let latest = "";
+    for (const inv of invocations) {
+        if (!earliest || inv.timestamp < earliest)
+            earliest = inv.timestamp;
+        if (!latest || inv.timestamp > latest)
+            latest = inv.timestamp;
+    }
+    const traceDays = earliest && latest
+        ? Math.ceil((new Date(latest).getTime() - new Date(earliest).getTime()) / (1000 * 60 * 60 * 24))
+        : 0;
+    const totalInvocations = invocations.length;
+    for (const tool of manifest.tools) {
+        const record = records.get(tool.name);
+        if (!record)
+            continue;
+        // Check for unused tools
+        const unusedProposal = proposeDisableUnused(tool, record, totalInvocations, traceDays);
+        if (unusedProposal)
+            proposals.push(unusedProposal);
+        // Check for path restrictions
+        const pathProposal = proposePathRestriction(tool, record);
+        if (pathProposal)
+            proposals.push(pathProposal);
+        // Check for URL restrictions
+        const urlProposal = proposeUrlRestriction(tool, record);
+        if (urlProposal)
+            proposals.push(urlProposal);
+        // Check for low usage
+        const lowUsageProposal = proposeLowUsageReview(tool, record, totalInvocations);
+        if (lowUsageProposal)
+            proposals.push(lowUsageProposal);
+    }
+    // Sort by risk reduction (highest first)
+    proposals.sort((a, b) => b.riskReduction - a.riskReduction);
+    return proposals;
+}
+// ============================================================================
+// Finding Generation
+// ============================================================================
+/**
+ * Calculate severity from proposal
+ */
+function proposalSeverity(proposal) {
+    if (proposal.riskReduction >= 35)
+        return "high";
+    if (proposal.riskReduction >= 20)
+        return "medium";
+    if (proposal.riskReduction >= 10)
+        return "low";
+    return "info";
+}
+/**
+ * Convert proposals to findings
+ */
+function proposalsToFindings(proposals, records) {
+    const findings = [];
+    for (const proposal of proposals) {
+        findings.push({
+            scanner: "semgrep",
+            ruleId: `permission-minimiser:${proposal.type}`,
+            file: "mcp-manifest",
+            line: 0,
+            message: `Tool "${proposal.tool}": ${proposal.rationale}`,
+            severity: proposalSeverity(proposal),
+            confidence: 100,
+            evidence: [
+                `Current: ${proposal.current}`,
+                `Proposed: ${proposal.proposed}`,
+                `Risk reduction: ${proposal.riskReduction}%`,
+                `Confidence: ${proposal.confidence}%`,
+            ].join("\n"),
+            metadata: {
+                agentScanner: "permission-minimiser",
+                proposalType: proposal.type,
+                tool: proposal.tool,
+                riskReduction: proposal.riskReduction,
+                confidence: proposal.confidence,
+            },
+        });
+    }
+    // Add summary finding
+    if (proposals.length > 0) {
+        const totalRiskReduction = proposals.reduce((sum, p) => sum + p.riskReduction, 0);
+        const avgConfidence = Math.round(proposals.reduce((sum, p) => sum + p.confidence, 0) / proposals.length);
+        const byType = {
+            "disable-unused": 0,
+            "scope-down": 0,
+            "remove-permission": 0,
+            "add-constraint": 0,
+        };
+        for (const p of proposals) {
+            byType[p.type] = (byType[p.type] || 0) + 1;
+        }
+        findings.push({
+            scanner: "semgrep",
+            ruleId: "permission-minimiser:summary",
+            file: "mcp-manifest",
+            line: 0,
+            message: `Permission minimiser found ${proposals.length} optimization(s) with ${totalRiskReduction}% total risk reduction`,
+            severity: proposals.some((p) => proposalSeverity(p) === "high") ? "high" : "medium",
+            confidence: 100,
+            evidence: [
+                `Total proposals: ${proposals.length}`,
+                `Total risk reduction: ${totalRiskReduction}%`,
+                `Average confidence: ${avgConfidence}%`,
+                `By type:`,
+                `  - Disable unused: ${byType["disable-unused"]}`,
+                `  - Scope down: ${byType["scope-down"]}`,
+                `  - Add constraint: ${byType["add-constraint"]}`,
+            ].join("\n"),
+            metadata: {
+                agentScanner: "permission-minimiser",
+                totalProposals: proposals.length,
+                totalRiskReduction,
+                avgConfidence,
+                byType,
+            },
+        });
+    }
+    return findings;
+}
+// ============================================================================
+// Main Scanner Function
+// ============================================================================
+/**
+ * Run permission minimiser scanner
+ */
+export async function runPermissionMinimiser(manifest, options) {
+    const startTime = Date.now();
+    const tracesDir = options?.tracesDir || ".vaspera/traces";
+    // Load traces
+    const invocations = await loadTraces(tracesDir);
+    // Check if we have enough data
+    if (invocations.length < 10) {
+        return {
+            scanner: "permission-minimiser",
+            findings: [
+                {
+                    scanner: "semgrep",
+                    ruleId: "permission-minimiser:insufficient-data",
+                    file: "mcp-manifest",
+                    line: 0,
+                    message: `Insufficient trace data: only ${invocations.length} invocations found. Need at least 10 for meaningful analysis.`,
+                    severity: "info",
+                    confidence: 100,
+                    evidence: `Traces directory: ${tracesDir}\nInvocations found: ${invocations.length}`,
+                    metadata: {
+                        agentScanner: "permission-minimiser",
+                        invocationsFound: invocations.length,
+                        tracesDir,
+                    },
+                },
+            ],
+            duration: Date.now() - startTime,
+            success: true,
+            mcpServerName: manifest.name,
+            mcpServerVersion: manifest.version,
+            version: "1.0.0",
+            rulesUsed: ["usage-analysis"],
+        };
+    }
+    // Build usage records
+    const records = buildUsageRecords(invocations, manifest);
+    // Generate proposals
+    let proposals = generateProposals(manifest, records, invocations);
+    // Filter by thresholds
+    if (options?.minConfidence) {
+        proposals = proposals.filter((p) => p.confidence >= options.minConfidence);
+    }
+    if (options?.minRiskReduction) {
+        proposals = proposals.filter((p) => p.riskReduction >= options.minRiskReduction);
+    }
+    // Save proposals if output file specified
+    if (options?.outputFile) {
+        await mkdir(dirname(options.outputFile), { recursive: true });
+        await writeFile(options.outputFile, JSON.stringify({
+            timestamp: new Date().toISOString(),
+            manifest: manifest.name,
+            version: manifest.version,
+            invocationsAnalyzed: invocations.length,
+            proposals,
+        }, null, 2));
+    }
+    // Convert to findings
+    const findings = proposalsToFindings(proposals, records);
+    // Calculate manifest hash
+    const manifestHash = createHash("sha256")
+        .update(JSON.stringify(manifest))
+        .digest("hex");
+    return {
+        scanner: "permission-minimiser",
+        findings,
+        duration: Date.now() - startTime,
+        success: true,
+        mcpServerName: manifest.name,
+        mcpServerVersion: manifest.version,
+        manifestHash,
+        version: "1.0.0",
+        rulesUsed: ["usage-analysis"],
+    };
+}
+/**
+ * Check if permission minimiser is available
+ */
+export async function checkPermissionMinimiserAvailable() {
+    return {
+        scanner: "permission-minimiser",
+        available: true,
+        version: "1.0.0",
+    };
+}
+/**
+ * Get permission proposals from scanner result
+ */
+export function getPermissionProposals(result) {
+    const proposals = [];
+    for (const finding of result.findings) {
+        if (finding.ruleId.startsWith("permission-minimiser:") &&
+            finding.ruleId !== "permission-minimiser:summary" &&
+            finding.ruleId !== "permission-minimiser:insufficient-data") {
+            const meta = finding.metadata;
+            if (meta.proposalType && meta.tool) {
+                // Parse current/proposed from evidence
+                const lines = (finding.evidence || "").split("\n");
+                const current = lines.find((l) => l.startsWith("Current:"))?.replace("Current:", "").trim() || "";
+                const proposed = lines.find((l) => l.startsWith("Proposed:"))?.replace("Proposed:", "").trim() || "";
+                proposals.push({
+                    type: meta.proposalType,
+                    tool: meta.tool,
+                    current,
+                    proposed,
+                    rationale: finding.message.replace(`Tool "${meta.tool}": `, ""),
+                    riskReduction: meta.riskReduction || 0,
+                    confidence: meta.confidence || 0,
+                });
+            }
+        }
+    }
+    return proposals;
+}
+/**
+ * Get minimiser summary from result
+ */
+export function getMinimiserSummary(result) {
+    const summaryFinding = result.findings.find((f) => f.ruleId === "permission-minimiser:summary");
+    if (!summaryFinding?.metadata) {
+        return null;
+    }
+    const meta = summaryFinding.metadata;
+    return {
+        totalProposals: meta.totalProposals || 0,
+        totalRiskReduction: meta.totalRiskReduction || 0,
+        avgConfidence: meta.avgConfidence || 0,
+        byType: meta.byType || {},
+    };
+}
+//# sourceMappingURL=permission-minimiser.js.map

package/dist/scanners/agent/permission-minimiser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-minimiser.js","sourceRoot":"","sources":["../../../src/scanners/agent/permission-minimiser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAqCrC,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,kBAAkB,GAA4C;IAClE,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;IAC9B,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;IAC9B,EAAE,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE;IACnC,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE;IAClC,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE;IAClC,EAAE,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE;IACnC,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE;IAC7B,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE;IAChC,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,oCAAoC,EAAE;IAChE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,oCAAoC,EAAE;CACjE,CAAC;AAEF;;GAEG;AACH,MAAM,YAAY,GAA4C;IAC5D,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE;IACvC,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE;IAC5C,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE;IACvC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE;IAC3C,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE;CAC5C,CAAC;AAEF,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,SAAiB;IACzC,MAAM,WAAW,GAAqB,EAAE,CAAC;IAEzC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE7D,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACvC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAE1D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;oBACjD,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;wBACf,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAC1B,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,qBAAqB;gBACvB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;IACxC,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAA6B;IACrD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAA6B;IAChD,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,KAAK,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,YAAY,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,WAA6B,EAC7B,QAAqB;IAErB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEnD,+CAA+C;IAC/C,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,CAAC;YACd,gBAAgB,EAAE,EAAE;YACpB,iBAAiB,EAAE,EAAE;YACrB,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,EAAE;SACd,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,sDAAsD;YACtD,MAAM,GAAG;gBACP,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,WAAW,EAAE,CAAC;gBACd,gBAAgB,EAAE,EAAE;gBACpB,iBAAiB,EAAE,EAAE;gBACrB,QAAQ,EAAE,EAAE;gBACZ,SAAS,EAAE,EAAE;aACd,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,CAAC,WAAW,EAAE,CAAC;QAErB,mBAAmB;QACnB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1D,MAAM,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,GAAG,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxD,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;QAClC,CAAC;QAED,6BAA6B;QAC7B,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;QAEjD,0BAA0B;QAC1B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5D,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAe;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAClC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,IAAuB,EACvB,MAAuB;IAEvB,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAC7B,CAAC;IAEF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,EAAE,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,WAAW;QACjB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAEjD,IAAI,WAAW,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzC,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,GAAG,YAAY,KAAK;YAC9B,SAAS,EAAE,kCAAkC,YAAY,QAAQ,SAAS,CAAC,MAAM,cAAc;YAC/F,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;SACpD,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,IAAuB,EACvB,MAAuB;IAEvB,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAE1E,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEvC,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,cAAc;YACvB,QAAQ,EAAE,cAAc,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC/C,SAAS,EAAE,sBAAsB,UAAU,CAAC,MAAM,iBAAiB,IAAI,CAAC,MAAM,WAAW;YACzF,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,IAAuB,EACvB,MAAuB,EACvB,gBAAwB,EACxB,SAAiB;IAEjB,IAAI,MAAM,CAAC,WAAW,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,gDAAgD;IAChD,IAAI,gBAAgB,GAAG,EAAE,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,oBAAoB,SAAS,gBAAgB,gBAAgB,oBAAoB;QAC5F,aAAa,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QACvE,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC;KACzC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,IAAuB,EACvB,MAAuB,EACvB,gBAAwB;IAExB,IAAI,MAAM,CAAC,WAAW,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,YAAY,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,gBAAgB,CAAC,GAAG,GAAG,CAAC;IAEnE,iCAAiC;IACjC,IAAI,YAAY,GAAG,CAAC,IAAI,gBAAgB,GAAG,EAAE,EAAE,CAAC;QAC9C,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,GAAG,MAAM,CAAC,WAAW,iBAAiB,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;YAC1E,QAAQ,EAAE,uCAAuC;YACjD,SAAS,EAAE,2DAA2D;YACtE,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE,EAAE;SACf,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,QAAqB,EACrB,OAAqC,EACrC,WAA6B;IAE7B,MAAM,SAAS,GAAyB,EAAE,CAAC;IAE3C,yBAAyB;IACzB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,SAAS,GAAG,QAAQ;YAAE,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;QACpE,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,SAAS,GAAG,MAAM;YAAE,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC;IAChE,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,IAAI,MAAM;QAClC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QAChG,CAAC,CAAC,CAAC,CAAC;IAEN,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC;IAE5C,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,yBAAyB;QACzB,MAAM,cAAc,GAAG,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;QACvF,IAAI,cAAc;YAAE,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAEnD,8BAA8B;QAC9B,MAAM,YAAY,GAAG,sBAAsB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,YAAY;YAAE,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/C,6BAA6B;QAC7B,MAAM,WAAW,GAAG,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACxD,IAAI,WAAW;YAAE,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE7C,sBAAsB;QACtB,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;QAC/E,IAAI,gBAAgB;YAAE,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACzD,CAAC;IAED,yCAAyC;IACzC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC;IAE5D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAA4B;IACpD,IAAI,QAAQ,CAAC,aAAa,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAChD,IAAI,QAAQ,CAAC,aAAa,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,QAAQ,CAAC,aAAa,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IAC/C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,SAA+B,EAC/B,OAAqC;IAErC,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,SAAkB;YAC3B,MAAM,EAAE,wBAAwB,QAAQ,CAAC,IAAI,EAAE;YAC/C,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC;YACP,OAAO,EAAE,SAAS,QAAQ,CAAC,IAAI,MAAM,QAAQ,CAAC,SAAS,EAAE;YACzD,QAAQ,EAAE,gBAAgB,CAAC,QAAQ,CAAC;YACpC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,YAAY,QAAQ,CAAC,OAAO,EAAE;gBAC9B,aAAa,QAAQ,CAAC,QAAQ,EAAE;gBAChC,mBAAmB,QAAQ,CAAC,aAAa,GAAG;gBAC5C,eAAe,QAAQ,CAAC,UAAU,GAAG;aACtC,CAAC,IAAI,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE;gBACR,YAAY,EAAE,sBAAsB;gBACpC,YAAY,EAAE,QAAQ,CAAC,IAAI;gBAC3B,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,aAAa,EAAE,QAAQ,CAAC,aAAa;gBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;aAChC;SACF,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,kBAAkB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAClF,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAC9B,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,CACvE,CAAC;QAEF,MAAM,MAAM,GAA2B;YACrC,gBAAgB,EAAE,CAAC;YACnB,YAAY,EAAE,CAAC;YACf,mBAAmB,EAAE,CAAC;YACtB,gBAAgB,EAAE,CAAC;SACpB,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7C,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,SAAkB;YAC3B,MAAM,EAAE,8BAA8B;YACtC,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC;YACP,OAAO,EAAE,8BAA8B,SAAS,CAAC,MAAM,yBAAyB,kBAAkB,wBAAwB;YAC1H,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACnF,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,oBAAoB,SAAS,CAAC,MAAM,EAAE;gBACtC,yBAAyB,kBAAkB,GAAG;gBAC9C,uBAAuB,aAAa,GAAG;gBACvC,UAAU;gBACV,uBAAuB,MAAM,CAAC,gBAAgB,CAAC,EAAE;gBACjD,mBAAmB,MAAM,CAAC,YAAY,CAAC,EAAE;gBACzC,uBAAuB,MAAM,CAAC,gBAAgB,CAAC,EAAE;aAClD,CAAC,IAAI,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE;gBACR,YAAY,EAAE,sBAAsB;gBACpC,cAAc,EAAE,SAAS,CAAC,MAAM;gBAChC,kBAAkB;gBAClB,aAAa;gBACb,MAAM;aACP;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,QAAqB,EACrB,OASC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,iBAAiB,CAAC;IAE1D,cAAc;IACd,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;IAEhD,+BAA+B;IAC/B,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,sBAAsB;YAC/B,QAAQ,EAAE;gBACR;oBACE,OAAO,EAAE,SAAkB;oBAC3B,MAAM,EAAE,wCAAwC;oBAChD,IAAI,EAAE,cAAc;oBACpB,IAAI,EAAE,CAAC;oBACP,OAAO,EAAE,iCAAiC,WAAW,CAAC,MAAM,+DAA+D;oBAC3H,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,qBAAqB,SAAS,wBAAwB,WAAW,CAAC,MAAM,EAAE;oBACpF,QAAQ,EAAE;wBACR,YAAY,EAAE,sBAAsB;wBACpC,gBAAgB,EAAE,WAAW,CAAC,MAAM;wBACpC,SAAS;qBACV;iBACF;aACF;YACD,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,aAAa,EAAE,QAAQ,CAAC,IAAI;YAC5B,gBAAgB,EAAE,QAAQ,CAAC,OAAO;YAClC,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,CAAC,gBAAgB,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAEzD,qBAAqB;IACrB,IAAI,SAAS,GAAG,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;IAElE,uBAAuB;IACvB,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;QAC3B,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,OAAO,CAAC,aAAc,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,OAAO,EAAE,gBAAgB,EAAE,CAAC;QAC9B,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC,gBAAiB,CAAC,CAAC;IACpF,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QACxB,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,SAAS,CACb,OAAO,CAAC,UAAU,EAClB,IAAI,CAAC,SAAS,CACZ;YACE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,mBAAmB,EAAE,WAAW,CAAC,MAAM;YACvC,SAAS;SACV,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAEzD,0BAA0B;IAC1B,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;SACtC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;SAChC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,OAAO;QACL,OAAO,EAAE,sBAAsB;QAC/B,QAAQ;QACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO,EAAE,IAAI;QACb,aAAa,EAAE,QAAQ,CAAC,IAAI;QAC5B,gBAAgB,EAAE,QAAQ,CAAC,OAAO;QAClC,YAAY;QACZ,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,CAAC,gBAAgB,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iCAAiC;IAKrD,OAAO;QACL,OAAO,EAAE,sBAAsB;QAC/B,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,OAAO;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAA0B;IAE1B,MAAM,SAAS,GAAyB,EAAE,CAAC;IAE3C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,IACE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,uBAAuB,CAAC;YAClD,OAAO,CAAC,MAAM,KAAK,8BAA8B;YACjD,OAAO,CAAC,MAAM,KAAK,wCAAwC,EAC3D,CAAC;YACD,MAAM,IAAI,GAAG,OAAO,CAAC,QAKpB,CAAC;YAEF,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACnC,uCAAuC;gBACvC,MAAM,KAAK,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACnD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;gBAClG,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;gBAErG,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,IAAI,CAAC,YAA0C;oBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO;oBACP,QAAQ;oBACR,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;oBAC/D,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,CAAC;oBACtC,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,CAAC;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA0B;IAM5D,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CACzC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,8BAA8B,CACnD,CAAC;IAEF,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,cAAc,CAAC,QAK3B,CAAC;IAEF,OAAO;QACL,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,CAAC;QACxC,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,CAAC;QAChD,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,CAAC;QACtC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;KAC1B,CAAC;AACJ,CAAC"}

package/dist/scanners/agent/prompt-injection-fuzzer.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Prompt Injection Fuzzer Scanner
+ *
+ * Fuzzes all MCP tool inputs with injection payloads to detect:
+ * - Instruction override vulnerabilities
+ * - Data exfiltration attempts
+ * - Jailbreak susceptibility
+ * - System prompt extraction
+ *
+ * This scanner is designed for CI pipelines with configurable corpus sizes:
+ * - quick: ~50 payloads, <30s
+ * - standard: ~200 payloads, <2m
+ * - thorough: ~500+ payloads, <10m
+ *
+ * @module scanners/agent/prompt-injection-fuzzer
+ */
+import type { AgentScannerResult, MCPManifest, FuzzerSummary, FuzzerOptions } from "./types.js";
+/**
+ * Run prompt injection fuzzer on an MCP manifest
+ */
+export declare function runPromptInjectionFuzzer(manifest: MCPManifest, options?: FuzzerOptions): Promise<AgentScannerResult>;
+/**
+ * Check if fuzzer is available (always true - no external deps)
+ */
+export declare function checkPromptInjectionFuzzerAvailable(): Promise<{
+    scanner: "prompt-injection-fuzzer";
+    available: boolean;
+    version: string;
+    payloadCount: number;
+}>;
+/**
+ * Get fuzzer summary from result
+ */
+export declare function getFuzzerSummary(result: AgentScannerResult): FuzzerSummary | null;
+/**
+ * Generate Mermaid diagram of fuzzer results
+ */
+export declare function generateFuzzerDiagram(summary: FuzzerSummary): string;
+//# sourceMappingURL=prompt-injection-fuzzer.d.ts.map

package/dist/scanners/agent/prompt-injection-fuzzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection-fuzzer.d.ts","sourceRoot":"","sources":["../../../src/scanners/agent/prompt-injection-fuzzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,KAAK,EACV,kBAAkB,EAClB,WAAW,EAIX,aAAa,EACb,aAAa,EAGd,MAAM,YAAY,CAAC;AA+qBpB;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,WAAW,EACrB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,kBAAkB,CAAC,CA4D7B;AAED;;GAEG;AACH,wBAAsB,mCAAmC,IAAI,OAAO,CAAC;IACnE,OAAO,EAAE,yBAAyB,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC,CAUD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,kBAAkB,GAAG,aAAa,GAAG,IAAI,CA4CjF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CAmCpE"}