npm - vulcn - Versions diffs - 0.3.1 → 0.4.0 - Mend

vulcn 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +56 -0
package/dist/chunk-RLPNYI6Z.js +197 -0
package/dist/chunk-RLPNYI6Z.js.map +1 -0
package/dist/index.js +352 -245
package/dist/index.js.map +1 -1
package/dist/run-DAFQ2SPC.js +8 -0
package/dist/run-DAFQ2SPC.js.map +1 -0
package/package.json +6 -5

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,61 @@
 # Changelog
+## 0.4.0
+### Minor Changes
+- d4fd4df: ### Breaking: Remove built-in payloads, PayloadBox is now the default
+  All hardcoded built-in payloads have been removed. Payloads are now fetched on demand from [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings), the largest community-curated security payload collection.
+  **`@vulcn/engine`**
+  - Removed `"builtin"` from `PayloadSource` type — valid sources are now `"custom" | "payloadbox" | "plugin"`
+  **`@vulcn/plugin-payloads`**
+  - Removed all built-in payload sets and the `builtin`, `include`, `exclude`, `payloadbox` config options
+  - New config: `types` (short aliases), `limit`, `files`
+  - Short aliases for payload types: `xss`, `sqli`, `xxe`, `cmd`, `redirect`, `traversal`
+  - Removed legacy `payloadbox:` prefix — use short aliases directly
+  **`vulcn` (CLI)**
+  - Default payload changed from `xss-basic` to `xss` (PayloadBox)
+  - `vulcn payloads` now lists PayloadBox types with short aliases
+  - `vulcn run` help updated with payload type reference
+  - Auto-loads `@vulcn/plugin-detect-sqli` when `sqli` payloads are used
+  **`@vulcn/plugin-detect-sqli`**
+  - SQL injection detection plugin with error-based, response diffing, and timing-based strategies
+  - Auto-loaded by CLI when SQLi payloads are selected
+## 0.3.2
+### Patch Changes
+- 51d69b7: ### Auto-Crawl: Automated Form Discovery & Session Generation
+  Adds a new **auto-crawl** capability to the browser driver — automatically discovers injectable forms, inputs, and submit buttons on a target URL, then generates ready-to-run `Session[]` objects. This replaces the need to manually record sessions for basic form testing.
+  #### `@vulcn/engine`
+  - **`CrawlOptions` type** — new interface for crawl configuration (`maxDepth`, `maxPages`, `pageTimeout`, `sameOrigin`, `onPageCrawled` callback)
+  - **`RecorderDriver.crawl()`** — optional method on the recorder interface, so only drivers that support auto-discovery need to implement it
+  - **`DriverManager.crawl()`** — new top-level method that dispatches to the driver's crawl implementation, with clear errors when a driver doesn't support it
+  - **Test coverage** — 4 new tests for the crawl flow (success, arg passthrough, missing driver, unsupported driver), coverage at 62.88%
+  #### `@vulcn/driver-browser`
+  - **`BrowserCrawler`** — new module (`crawler.ts`) that performs BFS-based crawling using Playwright:
+    - Discovers explicit `<form>` elements with their inputs and submit buttons
+    - Discovers standalone inputs not inside a `<form>` (common in SPAs)
+    - Identifies injectable text-like input types (text, search, url, email, tel, password, textarea)
+    - Finds submit triggers (submit buttons, untyped buttons, or falls back to Enter keypress)
+    - Follows same-origin links with configurable depth control
+    - Generates proper `navigate → input → submit` step sequences per form
+  - **`recorder.crawl()`** — wired into the browser driver's recorder interface
+  - **Exported** — `crawlAndBuildSessions` available for direct programmatic use
+  #### Architecture
+  - Removed standalone `@vulcn/crawler` package — crawler is now a core part of `@vulcn/driver-browser`, consistent with the driver-based architecture
+  - Cleaned up `pnpm-workspace.yaml` to remove the deleted crawler entry
 ## 0.3.1
 ### Patch Changes

package/dist/chunk-RLPNYI6Z.js ADDED Viewed

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+// src/run.ts
+import { readFile } from "fs/promises";
+import { DriverManager, PluginManager } from "@vulcn/engine";
+import browserDriver from "@vulcn/driver-browser";
+import chalk from "chalk";
+import ora from "ora";
+async function runCommand(sessionFile, options) {
+  const manager = new PluginManager();
+  await manager.loadConfig(options.config);
+  await manager.loadPlugins();
+  const drivers = new DriverManager();
+  drivers.register(browserDriver);
+  const loadSpinner = ora("Loading session...").start();
+  let sessionYaml;
+  try {
+    sessionYaml = await readFile(sessionFile, "utf-8");
+  } catch {
+    loadSpinner.fail(`Cannot read file: ${sessionFile}`);
+    process.exit(1);
+  }
+  let session;
+  try {
+    session = drivers.parseSession(sessionYaml, "browser");
+    loadSpinner.succeed(`Loaded session: ${chalk.cyan(session.name)}`);
+  } catch (err) {
+    loadSpinner.fail("Invalid session file");
+    console.error(chalk.red(String(err)));
+    process.exit(1);
+  }
+  if (options.payloadFile) {
+    const customSpinner = ora("Loading custom payloads...").start();
+    try {
+      const { loadFromFile } = await import("@vulcn/plugin-payloads");
+      const loaded = await loadFromFile(options.payloadFile);
+      manager.addPayloads(loaded);
+      customSpinner.succeed(
+        `Loaded ${chalk.cyan(loaded.length)} custom payload(s) from ${options.payloadFile}`
+      );
+    } catch (err) {
+      customSpinner.fail(`Failed to load custom payloads: ${err}`);
+      process.exit(1);
+    }
+  }
+  if (options.payload && options.payload.length > 0) {
+    const payloadSpinner = ora("Fetching payloads...").start();
+    try {
+      const { loadPayloadBox } = await import("@vulcn/plugin-payloads");
+      for (const name of options.payload) {
+        payloadSpinner.text = `Fetching ${name}...`;
+        const payload = await loadPayloadBox(name);
+        manager.addPayloads([payload]);
+      }
+      payloadSpinner.succeed(
+        `Loaded ${options.payload.length} payload type(s)`
+      );
+    } catch (err) {
+      payloadSpinner.fail(`Failed to load payloads: ${err}`);
+      process.exit(1);
+    }
+  }
+  if (manager.getPayloads().length === 0) {
+    const defaultSpinner = ora("Fetching default payloads (xss)...").start();
+    try {
+      const { loadPayloadBox } = await import("@vulcn/plugin-payloads");
+      const payload = await loadPayloadBox("xss");
+      manager.addPayloads([payload]);
+      defaultSpinner.succeed("Using default payloads: xss");
+    } catch (err) {
+      defaultSpinner.fail(`Failed to load default payloads: ${err}`);
+      process.exit(1);
+    }
+  }
+  if (!manager.hasPlugin("@vulcn/plugin-detect-xss")) {
+    const detectSpinner = ora("Loading XSS detection plugin...").start();
+    try {
+      const detectXssPlugin = await import("@vulcn/plugin-detect-xss");
+      manager.addPlugin(detectXssPlugin.default);
+      detectSpinner.succeed("Loaded XSS detection plugin");
+    } catch (err) {
+      detectSpinner.fail(`Failed to load detect-xss plugin: ${err}`);
+    }
+  }
+  const hasSqliPayloads = (options.payload ?? []).some((p) => {
+    const lower = p.toLowerCase();
+    return lower === "sqli" || lower === "sql" || lower === "sql-injection" || lower.includes("sql");
+  });
+  if (hasSqliPayloads && !manager.hasPlugin("@vulcn/plugin-detect-sqli")) {
+    const sqliSpinner = ora("Loading SQLi detection plugin...").start();
+    try {
+      const detectSqliPlugin = await import("@vulcn/plugin-detect-sqli");
+      manager.addPlugin(detectSqliPlugin.default);
+      sqliSpinner.succeed("Loaded SQLi detection plugin");
+    } catch (err) {
+      sqliSpinner.fail(`Failed to load detect-sqli plugin: ${err}`);
+    }
+  }
+  if (options.report) {
+    const reportSpinner = ora("Loading report plugin...").start();
+    try {
+      const reportPlugin = await import("@vulcn/plugin-report");
+      const outputDir = options.reportOutput || ".";
+      manager.addPlugin(reportPlugin.default, {
+        format: options.report,
+        outputDir,
+        filename: "vulcn-report",
+        open: options.report === "html" || options.report === "all"
+      });
+      reportSpinner.succeed(
+        `Report plugin loaded (format: ${chalk.cyan(options.report)})`
+      );
+    } catch (err) {
+      reportSpinner.fail(`Failed to load report plugin: ${err}`);
+    }
+  }
+  const payloads = manager.getPayloads();
+  console.log();
+  console.log(chalk.cyan("\u{1F50D} Running security tests"));
+  console.log(chalk.gray(`   Session: ${session.name}`));
+  console.log(
+    chalk.gray(`   Payloads: ${payloads.map((p) => p.name).join(", ")}`)
+  );
+  console.log(
+    chalk.gray(
+      `   Payload count: ${payloads.reduce((sum, p) => sum + p.payloads.length, 0)}`
+    )
+  );
+  console.log(chalk.gray(`   Browser: ${options.browser}`));
+  console.log(chalk.gray(`   Headless: ${options.headless}`));
+  console.log();
+  const runSpinner = ora("Executing tests...").start();
+  try {
+    const result = await drivers.execute(session, manager, {
+      headless: options.headless,
+      onFinding: (finding) => {
+        runSpinner.stop();
+        console.log(chalk.red(`\u26A0\uFE0F  FINDING: ${finding.title}`));
+        console.log(chalk.gray(`   Step: ${finding.stepId}`));
+        console.log(
+          chalk.gray(`   Payload: ${finding.payload.slice(0, 50)}...`)
+        );
+        console.log(chalk.gray(`   URL: ${finding.url}`));
+        console.log();
+        runSpinner.start("Continuing tests...");
+      }
+    });
+    runSpinner.succeed("Tests completed");
+    console.log();
+    console.log(chalk.cyan("\u{1F4CA} Results"));
+    console.log(chalk.gray(`   Steps executed: ${result.stepsExecuted}`));
+    console.log(chalk.gray(`   Payloads tested: ${result.payloadsTested}`));
+    console.log(
+      chalk.gray(`   Duration: ${(result.duration / 1e3).toFixed(1)}s`)
+    );
+    console.log();
+    if (result.findings.length > 0) {
+      console.log(chalk.red(`\u{1F6A8} ${result.findings.length} findings detected!`));
+      console.log();
+      for (const finding of result.findings) {
+        const severityColor = finding.severity === "critical" || finding.severity === "high" ? chalk.red : finding.severity === "medium" ? chalk.yellow : chalk.gray;
+        console.log(
+          severityColor(`[${finding.severity.toUpperCase()}] ${finding.title}`)
+        );
+        console.log(chalk.gray(`  Type: ${finding.type}`));
+        console.log(chalk.gray(`  Step: ${finding.stepId}`));
+        console.log(chalk.gray(`  URL: ${finding.url}`));
+        console.log(chalk.gray(`  Payload: ${finding.payload}`));
+        console.log();
+      }
+      process.exit(1);
+    } else {
+      console.log(chalk.green("\u2705 No vulnerabilities detected"));
+    }
+    if (result.errors.length > 0) {
+      console.log();
+      console.log(
+        chalk.yellow(`\u26A0\uFE0F  ${result.errors.length} errors during execution:`)
+      );
+      for (const err of result.errors.slice(0, 5)) {
+        console.log(chalk.gray(`   - ${err}`));
+      }
+      if (result.errors.length > 5) {
+        console.log(chalk.gray(`   ... and ${result.errors.length - 5} more`));
+      }
+    }
+  } catch (err) {
+    runSpinner.fail("Test execution failed");
+    console.error(chalk.red(String(err)));
+    process.exit(1);
+  }
+}
+export {
+  runCommand
+};
+//# sourceMappingURL=chunk-RLPNYI6Z.js.map

package/dist/chunk-RLPNYI6Z.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/run.ts"],"sourcesContent":["import { readFile } from \"node:fs/promises\";\nimport { DriverManager, PluginManager } from \"@vulcn/engine\";\nimport browserDriver from \"@vulcn/driver-browser\";\nimport chalk from \"chalk\";\nimport ora from \"ora\";\n\ninterface RunOptions {\n payload?: string[];\n payloadFile?: string;\n browser: string;\n headless: boolean;\n config?: string;\n report?: string;\n reportOutput?: string;\n}\n\nexport async function runCommand(sessionFile: string, options: RunOptions) {\n // Create plugin manager for this run\n const manager = new PluginManager();\n\n // Load config from file if present\n await manager.loadConfig(options.config);\n\n // Load plugins from config\n await manager.loadPlugins();\n\n // Set up driver manager with browser driver\n const drivers = new DriverManager();\n drivers.register(browserDriver);\n\n // Load session\n const loadSpinner = ora(\"Loading session...\").start();\n\n let sessionYaml: string;\n try {\n sessionYaml = await readFile(sessionFile, \"utf-8\");\n } catch {\n loadSpinner.fail(`Cannot read file: ${sessionFile}`);\n process.exit(1);\n }\n\n // Parse session — supports both legacy and driver-based formats\n let session;\n try {\n session = drivers.parseSession(sessionYaml, \"browser\");\n loadSpinner.succeed(`Loaded session: ${chalk.cyan(session.name)}`);\n } catch (err) {\n loadSpinner.fail(\"Invalid session file\");\n console.error(chalk.red(String(err)));\n process.exit(1);\n }\n\n // Add payloads from custom file\n if (options.payloadFile) {\n const customSpinner = ora(\"Loading custom payloads...\").start();\n try {\n const { loadFromFile } = await import(\"@vulcn/plugin-payloads\");\n const loaded = await loadFromFile(options.payloadFile);\n manager.addPayloads(loaded);\n customSpinner.succeed(\n `Loaded ${chalk.cyan(loaded.length)} custom payload(s) from ${options.payloadFile}`,\n );\n } catch (err) {\n customSpinner.fail(`Failed to load custom payloads: ${err}`);\n process.exit(1);\n }\n }\n\n // Load payload types from --payload flag\n if (options.payload && options.payload.length > 0) {\n const payloadSpinner = ora(\"Fetching payloads...\").start();\n try {\n const { loadPayloadBox } = await import(\"@vulcn/plugin-payloads\");\n\n for (const name of options.payload) {\n payloadSpinner.text = `Fetching ${name}...`;\n const payload = await loadPayloadBox(name);\n manager.addPayloads([payload]);\n }\n payloadSpinner.succeed(\n `Loaded ${options.payload.length} payload type(s)`,\n );\n } catch (err) {\n payloadSpinner.fail(`Failed to load payloads: ${err}`);\n process.exit(1);\n }\n }\n\n // If no payloads loaded yet, default to XSS\n if (manager.getPayloads().length === 0) {\n const defaultSpinner = ora(\"Fetching default payloads (xss)...\").start();\n try {\n const { loadPayloadBox } = await import(\"@vulcn/plugin-payloads\");\n const payload = await loadPayloadBox(\"xss\");\n manager.addPayloads([payload]);\n defaultSpinner.succeed(\"Using default payloads: xss\");\n } catch (err) {\n defaultSpinner.fail(`Failed to load default payloads: ${err}`);\n process.exit(1);\n }\n }\n\n // Auto-load XSS detection plugin\n if (!manager.hasPlugin(\"@vulcn/plugin-detect-xss\")) {\n const detectSpinner = ora(\"Loading XSS detection plugin...\").start();\n try {\n const detectXssPlugin = await import(\"@vulcn/plugin-detect-xss\");\n manager.addPlugin(detectXssPlugin.default);\n detectSpinner.succeed(\"Loaded XSS detection plugin\");\n } catch (err) {\n detectSpinner.fail(`Failed to load detect-xss plugin: ${err}`);\n }\n }\n\n // Auto-load SQLi detection plugin when sqli payloads are used\n const hasSqliPayloads = (options.payload ?? []).some((p) => {\n const lower = p.toLowerCase();\n return (\n lower === \"sqli\" ||\n lower === \"sql\" ||\n lower === \"sql-injection\" ||\n lower.includes(\"sql\")\n );\n });\n if (hasSqliPayloads && !manager.hasPlugin(\"@vulcn/plugin-detect-sqli\")) {\n const sqliSpinner = ora(\"Loading SQLi detection plugin...\").start();\n try {\n const detectSqliPlugin = await import(\"@vulcn/plugin-detect-sqli\");\n manager.addPlugin(detectSqliPlugin.default);\n sqliSpinner.succeed(\"Loaded SQLi detection plugin\");\n } catch (err) {\n sqliSpinner.fail(`Failed to load detect-sqli plugin: ${err}`);\n }\n }\n\n // Load report plugin if --report is specified\n if (options.report) {\n const reportSpinner = ora(\"Loading report plugin...\").start();\n try {\n const reportPlugin = await import(\"@vulcn/plugin-report\");\n\n // Determine output path from --report-output or default\n const outputDir = options.reportOutput || \".\";\n\n manager.addPlugin(reportPlugin.default, {\n format: options.report,\n outputDir,\n filename: \"vulcn-report\",\n open: options.report === \"html\" || options.report === \"all\",\n });\n reportSpinner.succeed(\n `Report plugin loaded (format: ${chalk.cyan(options.report)})`,\n );\n } catch (err) {\n reportSpinner.fail(`Failed to load report plugin: ${err}`);\n }\n }\n\n const payloads = manager.getPayloads();\n\n console.log();\n console.log(chalk.cyan(\"🔍 Running security tests\"));\n console.log(chalk.gray(` Session: ${session.name}`));\n console.log(\n chalk.gray(` Payloads: ${payloads.map((p) => p.name).join(\", \")}`),\n );\n console.log(\n chalk.gray(\n ` Payload count: ${payloads.reduce((sum, p) => sum + p.payloads.length, 0)}`,\n ),\n );\n console.log(chalk.gray(` Browser: ${options.browser}`));\n console.log(chalk.gray(` Headless: ${options.headless}`));\n console.log();\n\n const runSpinner = ora(\"Executing tests...\").start();\n\n try {\n const result = await drivers.execute(session, manager, {\n headless: options.headless,\n onFinding: (finding) => {\n runSpinner.stop();\n console.log(chalk.red(`⚠️ FINDING: ${finding.title}`));\n console.log(chalk.gray(` Step: ${finding.stepId}`));\n console.log(\n chalk.gray(` Payload: ${finding.payload.slice(0, 50)}...`),\n );\n console.log(chalk.gray(` URL: ${finding.url}`));\n console.log();\n runSpinner.start(\"Continuing tests...\");\n },\n });\n\n runSpinner.succeed(\"Tests completed\");\n console.log();\n\n // Summary\n console.log(chalk.cyan(\"📊 Results\"));\n console.log(chalk.gray(` Steps executed: ${result.stepsExecuted}`));\n console.log(chalk.gray(` Payloads tested: ${result.payloadsTested}`));\n console.log(\n chalk.gray(` Duration: ${(result.duration / 1000).toFixed(1)}s`),\n );\n console.log();\n\n if (result.findings.length > 0) {\n console.log(chalk.red(`🚨 ${result.findings.length} findings detected!`));\n console.log();\n for (const finding of result.findings) {\n const severityColor =\n finding.severity === \"critical\" || finding.severity === \"high\"\n ? chalk.red\n : finding.severity === \"medium\"\n ? chalk.yellow\n : chalk.gray;\n\n console.log(\n severityColor(`[${finding.severity.toUpperCase()}] ${finding.title}`),\n );\n console.log(chalk.gray(` Type: ${finding.type}`));\n console.log(chalk.gray(` Step: ${finding.stepId}`));\n console.log(chalk.gray(` URL: ${finding.url}`));\n console.log(chalk.gray(` Payload: ${finding.payload}`));\n console.log();\n }\n process.exit(1); // Non-zero exit for CI/CD\n } else {\n console.log(chalk.green(\"✅ No vulnerabilities detected\"));\n }\n\n if (result.errors.length > 0) {\n console.log();\n console.log(\n chalk.yellow(`⚠️ ${result.errors.length} errors during execution:`),\n );\n for (const err of result.errors.slice(0, 5)) {\n console.log(chalk.gray(` - ${err}`));\n }\n if (result.errors.length > 5) {\n console.log(chalk.gray(` ... and ${result.errors.length - 5} more`));\n }\n }\n } catch (err) {\n runSpinner.fail(\"Test execution failed\");\n console.error(chalk.red(String(err)));\n process.exit(1);\n }\n}\n"],"mappings":";;;AAAA,SAAS,gBAAgB;AACzB,SAAS,eAAe,qBAAqB;AAC7C,OAAO,mBAAmB;AAC1B,OAAO,WAAW;AAClB,OAAO,SAAS;AAYhB,eAAsB,WAAW,aAAqB,SAAqB;AAEzE,QAAM,UAAU,IAAI,cAAc;AAGlC,QAAM,QAAQ,WAAW,QAAQ,MAAM;AAGvC,QAAM,QAAQ,YAAY;AAG1B,QAAM,UAAU,IAAI,cAAc;AAClC,UAAQ,SAAS,aAAa;AAG9B,QAAM,cAAc,IAAI,oBAAoB,EAAE,MAAM;AAEpD,MAAI;AACJ,MAAI;AACF,kBAAc,MAAM,SAAS,aAAa,OAAO;AAAA,EACnD,QAAQ;AACN,gBAAY,KAAK,qBAAqB,WAAW,EAAE;AACnD,YAAQ,KAAK,CAAC;AAAA,EAChB;AAGA,MAAI;AACJ,MAAI;AACF,cAAU,QAAQ,aAAa,aAAa,SAAS;AACrD,gBAAY,QAAQ,mBAAmB,MAAM,KAAK,QAAQ,IAAI,CAAC,EAAE;AAAA,EACnE,SAAS,KAAK;AACZ,gBAAY,KAAK,sBAAsB;AACvC,YAAQ,MAAM,MAAM,IAAI,OAAO,GAAG,CAAC,CAAC;AACpC,YAAQ,KAAK,CAAC;AAAA,EAChB;AAGA,MAAI,QAAQ,aAAa;AACvB,UAAM,gBAAgB,IAAI,4BAA4B,EAAE,MAAM;AAC9D,QAAI;AACF,YAAM,EAAE,aAAa,IAAI,MAAM,OAAO,wBAAwB;AAC9D,YAAM,SAAS,MAAM,aAAa,QAAQ,WAAW;AACrD,cAAQ,YAAY,MAAM;AAC1B,oBAAc;AAAA,QACZ,UAAU,MAAM,KAAK,OAAO,MAAM,CAAC,2BAA2B,QAAQ,WAAW;AAAA,MACnF;AAAA,IACF,SAAS,KAAK;AACZ,oBAAc,KAAK,mCAAmC,GAAG,EAAE;AAC3D,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AAGA,MAAI,QAAQ,WAAW,QAAQ,QAAQ,SAAS,GAAG;AACjD,UAAM,iBAAiB,IAAI,sBAAsB,EAAE,MAAM;AACzD,QAAI;AACF,YAAM,EAAE,eAAe,IAAI,MAAM,OAAO,wBAAwB;AAEhE,iBAAW,QAAQ,QAAQ,SAAS;AAClC,uBAAe,OAAO,YAAY,IAAI;AACtC,cAAM,UAAU,MAAM,eAAe,IAAI;AACzC,gBAAQ,YAAY,CAAC,OAAO,CAAC;AAAA,MAC/B;AACA,qBAAe;AAAA,QACb,UAAU,QAAQ,QAAQ,MAAM;AAAA,MAClC;AAAA,IACF,SAAS,KAAK;AACZ,qBAAe,KAAK,4BAA4B,GAAG,EAAE;AACrD,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AAGA,MAAI,QAAQ,YAAY,EAAE,WAAW,GAAG;AACtC,UAAM,iBAAiB,IAAI,oCAAoC,EAAE,MAAM;AACvE,QAAI;AACF,YAAM,EAAE,eAAe,IAAI,MAAM,OAAO,wBAAwB;AAChE,YAAM,UAAU,MAAM,eAAe,KAAK;AAC1C,cAAQ,YAAY,CAAC,OAAO,CAAC;AAC7B,qBAAe,QAAQ,6BAA6B;AAAA,IACtD,SAAS,KAAK;AACZ,qBAAe,KAAK,oCAAoC,GAAG,EAAE;AAC7D,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AAGA,MAAI,CAAC,QAAQ,UAAU,0BAA0B,GAAG;AAClD,UAAM,gBAAgB,IAAI,iCAAiC,EAAE,MAAM;AACnE,QAAI;AACF,YAAM,kBAAkB,MAAM,OAAO,0BAA0B;AAC/D,cAAQ,UAAU,gBAAgB,OAAO;AACzC,oBAAc,QAAQ,6BAA6B;AAAA,IACrD,SAAS,KAAK;AACZ,oBAAc,KAAK,qCAAqC,GAAG,EAAE;AAAA,IAC/D;AAAA,EACF;AAGA,QAAM,mBAAmB,QAAQ,WAAW,CAAC,GAAG,KAAK,CAAC,MAAM;AAC1D,UAAM,QAAQ,EAAE,YAAY;AAC5B,WACE,UAAU,UACV,UAAU,SACV,UAAU,mBACV,MAAM,SAAS,KAAK;AAAA,EAExB,CAAC;AACD,MAAI,mBAAmB,CAAC,QAAQ,UAAU,2BAA2B,GAAG;AACtE,UAAM,cAAc,IAAI,kCAAkC,EAAE,MAAM;AAClE,QAAI;AACF,YAAM,mBAAmB,MAAM,OAAO,2BAA2B;AACjE,cAAQ,UAAU,iBAAiB,OAAO;AAC1C,kBAAY,QAAQ,8BAA8B;AAAA,IACpD,SAAS,KAAK;AACZ,kBAAY,KAAK,sCAAsC,GAAG,EAAE;AAAA,IAC9D;AAAA,EACF;AAGA,MAAI,QAAQ,QAAQ;AAClB,UAAM,gBAAgB,IAAI,0BAA0B,EAAE,MAAM;AAC5D,QAAI;AACF,YAAM,eAAe,MAAM,OAAO,sBAAsB;AAGxD,YAAM,YAAY,QAAQ,gBAAgB;AAE1C,cAAQ,UAAU,aAAa,SAAS;AAAA,QACtC,QAAQ,QAAQ;AAAA,QAChB;AAAA,QACA,UAAU;AAAA,QACV,MAAM,QAAQ,WAAW,UAAU,QAAQ,WAAW;AAAA,MACxD,CAAC;AACD,oBAAc;AAAA,QACZ,iCAAiC,MAAM,KAAK,QAAQ,MAAM,CAAC;AAAA,MAC7D;AAAA,IACF,SAAS,KAAK;AACZ,oBAAc,KAAK,iCAAiC,GAAG,EAAE;AAAA,IAC3D;AAAA,EACF;AAEA,QAAM,WAAW,QAAQ,YAAY;AAErC,UAAQ,IAAI;AACZ,UAAQ,IAAI,MAAM,KAAK,kCAA2B,CAAC;AACnD,UAAQ,IAAI,MAAM,KAAK,eAAe,QAAQ,IAAI,EAAE,CAAC;AACrD,UAAQ;AAAA,IACN,MAAM,KAAK,gBAAgB,SAAS,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI,CAAC,EAAE;AAAA,EACrE;AACA,UAAQ;AAAA,IACN,MAAM;AAAA,MACJ,qBAAqB,SAAS,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,SAAS,QAAQ,CAAC,CAAC;AAAA,IAC9E;AAAA,EACF;AACA,UAAQ,IAAI,MAAM,KAAK,eAAe,QAAQ,OAAO,EAAE,CAAC;AACxD,UAAQ,IAAI,MAAM,KAAK,gBAAgB,QAAQ,QAAQ,EAAE,CAAC;AAC1D,UAAQ,IAAI;AAEZ,QAAM,aAAa,IAAI,oBAAoB,EAAE,MAAM;AAEnD,MAAI;AACF,UAAM,SAAS,MAAM,QAAQ,QAAQ,SAAS,SAAS;AAAA,MACrD,UAAU,QAAQ;AAAA,MAClB,WAAW,CAAC,YAAY;AACtB,mBAAW,KAAK;AAChB,gBAAQ,IAAI,MAAM,IAAI,0BAAgB,QAAQ,KAAK,EAAE,CAAC;AACtD,gBAAQ,IAAI,MAAM,KAAK,YAAY,QAAQ,MAAM,EAAE,CAAC;AACpD,gBAAQ;AAAA,UACN,MAAM,KAAK,eAAe,QAAQ,QAAQ,MAAM,GAAG,EAAE,CAAC,KAAK;AAAA,QAC7D;AACA,gBAAQ,IAAI,MAAM,KAAK,WAAW,QAAQ,GAAG,EAAE,CAAC;AAChD,gBAAQ,IAAI;AACZ,mBAAW,MAAM,qBAAqB;AAAA,MACxC;AAAA,IACF,CAAC;AAED,eAAW,QAAQ,iBAAiB;AACpC,YAAQ,IAAI;AAGZ,YAAQ,IAAI,MAAM,KAAK,mBAAY,CAAC;AACpC,YAAQ,IAAI,MAAM,KAAK,sBAAsB,OAAO,aAAa,EAAE,CAAC;AACpE,YAAQ,IAAI,MAAM,KAAK,uBAAuB,OAAO,cAAc,EAAE,CAAC;AACtE,YAAQ;AAAA,MACN,MAAM,KAAK,iBAAiB,OAAO,WAAW,KAAM,QAAQ,CAAC,CAAC,GAAG;AAAA,IACnE;AACA,YAAQ,IAAI;AAEZ,QAAI,OAAO,SAAS,SAAS,GAAG;AAC9B,cAAQ,IAAI,MAAM,IAAI,aAAM,OAAO,SAAS,MAAM,qBAAqB,CAAC;AACxE,cAAQ,IAAI;AACZ,iBAAW,WAAW,OAAO,UAAU;AACrC,cAAM,gBACJ,QAAQ,aAAa,cAAc,QAAQ,aAAa,SACpD,MAAM,MACN,QAAQ,aAAa,WACnB,MAAM,SACN,MAAM;AAEd,gBAAQ;AAAA,UACN,cAAc,IAAI,QAAQ,SAAS,YAAY,CAAC,KAAK,QAAQ,KAAK,EAAE;AAAA,QACtE;AACA,gBAAQ,IAAI,MAAM,KAAK,WAAW,QAAQ,IAAI,EAAE,CAAC;AACjD,gBAAQ,IAAI,MAAM,KAAK,WAAW,QAAQ,MAAM,EAAE,CAAC;AACnD,gBAAQ,IAAI,MAAM,KAAK,UAAU,QAAQ,GAAG,EAAE,CAAC;AAC/C,gBAAQ,IAAI,MAAM,KAAK,cAAc,QAAQ,OAAO,EAAE,CAAC;AACvD,gBAAQ,IAAI;AAAA,MACd;AACA,cAAQ,KAAK,CAAC;AAAA,IAChB,OAAO;AACL,cAAQ,IAAI,MAAM,MAAM,oCAA+B,CAAC;AAAA,IAC1D;AAEA,QAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,cAAQ,IAAI;AACZ,cAAQ;AAAA,QACN,MAAM,OAAO,iBAAO,OAAO,OAAO,MAAM,2BAA2B;AAAA,MACrE;AACA,iBAAW,OAAO,OAAO,OAAO,MAAM,GAAG,CAAC,GAAG;AAC3C,gBAAQ,IAAI,MAAM,KAAK,QAAQ,GAAG,EAAE,CAAC;AAAA,MACvC;AACA,UAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,gBAAQ,IAAI,MAAM,KAAK,cAAc,OAAO,OAAO,SAAS,CAAC,OAAO,CAAC;AAAA,MACvE;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AACZ,eAAW,KAAK,uBAAuB;AACvC,YAAQ,MAAM,MAAM,IAAI,OAAO,GAAG,CAAC,CAAC;AACpC,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF;","names":[]}