@bouncesecurity/aghast 0.0.13 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/README.md +8 -6
  2. package/config/prompts/generic-instructions.md +2 -0
  3. package/config/prompts/openant-security-instructions.md +94 -0
  4. package/config/prompts/sarif-validation-instructions.md +58 -0
  5. package/dist/check-library.d.ts.map +1 -1
  6. package/dist/check-library.js +61 -7
  7. package/dist/check-library.js.map +1 -1
  8. package/dist/check-types.d.ts +35 -0
  9. package/dist/check-types.d.ts.map +1 -0
  10. package/dist/check-types.js +66 -0
  11. package/dist/check-types.js.map +1 -0
  12. package/dist/claude-code-provider.d.ts +4 -1
  13. package/dist/claude-code-provider.d.ts.map +1 -1
  14. package/dist/claude-code-provider.js +23 -8
  15. package/dist/claude-code-provider.js.map +1 -1
  16. package/dist/discoveries/openant-discovery.d.ts +10 -0
  17. package/dist/discoveries/openant-discovery.d.ts.map +1 -0
  18. package/dist/discoveries/openant-discovery.js +44 -0
  19. package/dist/discoveries/openant-discovery.js.map +1 -0
  20. package/dist/discoveries/sarif-discovery.d.ts +9 -0
  21. package/dist/discoveries/sarif-discovery.d.ts.map +1 -0
  22. package/dist/discoveries/sarif-discovery.js +55 -0
  23. package/dist/discoveries/sarif-discovery.js.map +1 -0
  24. package/dist/discoveries/semgrep-discovery.d.ts +9 -0
  25. package/dist/discoveries/semgrep-discovery.d.ts.map +1 -0
  26. package/dist/discoveries/semgrep-discovery.js +51 -0
  27. package/dist/discoveries/semgrep-discovery.js.map +1 -0
  28. package/dist/discovery.d.ts +74 -0
  29. package/dist/discovery.d.ts.map +1 -0
  30. package/dist/discovery.js +41 -0
  31. package/dist/discovery.js.map +1 -0
  32. package/dist/error-codes.d.ts +3 -1
  33. package/dist/error-codes.d.ts.map +1 -1
  34. package/dist/error-codes.js +4 -1
  35. package/dist/error-codes.js.map +1 -1
  36. package/dist/index.d.ts.map +1 -1
  37. package/dist/index.js +123 -30
  38. package/dist/index.js.map +1 -1
  39. package/dist/logging.d.ts +108 -8
  40. package/dist/logging.d.ts.map +1 -1
  41. package/dist/logging.js +269 -43
  42. package/dist/logging.js.map +1 -1
  43. package/dist/mock-ai-provider.d.ts +4 -1
  44. package/dist/mock-ai-provider.d.ts.map +1 -1
  45. package/dist/mock-ai-provider.js +4 -1
  46. package/dist/mock-ai-provider.js.map +1 -1
  47. package/dist/new-check.d.ts.map +1 -1
  48. package/dist/new-check.js +81 -33
  49. package/dist/new-check.js.map +1 -1
  50. package/dist/openant-loader.d.ts +105 -0
  51. package/dist/openant-loader.d.ts.map +1 -0
  52. package/dist/openant-loader.js +135 -0
  53. package/dist/openant-loader.js.map +1 -0
  54. package/dist/openant-runner.d.ts +22 -0
  55. package/dist/openant-runner.d.ts.map +1 -0
  56. package/dist/openant-runner.js +102 -0
  57. package/dist/openant-runner.js.map +1 -0
  58. package/dist/runtime-config.d.ts.map +1 -1
  59. package/dist/runtime-config.js +15 -0
  60. package/dist/runtime-config.js.map +1 -1
  61. package/dist/scan-runner.d.ts.map +1 -1
  62. package/dist/scan-runner.js +175 -143
  63. package/dist/scan-runner.js.map +1 -1
  64. package/dist/types.d.ts +24 -2
  65. package/dist/types.d.ts.map +1 -1
  66. package/dist/types.js.map +1 -1
  67. package/package.json +4 -3
package/README.md CHANGED
@@ -18,11 +18,11 @@ Define static rules, security checks as markdown instructions, point AGHAST at a
18
18
 
19
19
  ## What AGHAST Does
20
20
 
21
- You can read the full background to this tool in our blogpost [here](https://bouncesecurity.com/aghast) but, to cut to the chase, AGHAST helps you run three types of checks:
21
+ You can read the full background to this tool in our blogpost [here](https://bouncesecurity.com/aghast) but, to cut to the chase, AGHAST uses three core mechanisms:
22
22
 
23
- - Pure AI scanning rules - let the LLM do all the analysis
24
- - A combination of a static rule and an AI scanning rule - the sweet spot for most use cases
25
- - Purely static rules - for completeness, when a traditional static rule is all you need
23
+ - **Repository-wide AI analysis** let the LLM analyze the whole repo against your security check instructions
24
+ - **Targeted checks** a pluggable discovery method (Semgrep rules, [OpenAnt](https://github.com/knostic/OpenAnt/) code units, or external SARIF findings) identifies specific code locations, then AI analyzes each independently. This is the sweet spot for most use cases
25
+ - **Static checks** a discovery method (e.g., Semgrep) finds issues mapped directly to results with no AI involvement, for when a traditional static rule is all you need
26
26
 
27
27
  The beauty of the approach is what you *don't* need:
28
28
 
@@ -41,8 +41,9 @@ There are almost certainly other ways of achieving this, but to our mind, this a
41
41
  ## Prerequisites
42
42
 
43
43
  - **Node.js 20+**
44
- - **[Semgrep Community Edition](https://semgrep.dev/docs/getting-started/)** (LGPL-2.1, optional) — only needed for checks that use Semgrep rules
45
- - **Anthropic API key** — for AI-based checks (not needed for semgrep-only checks)
44
+ - **[Semgrep Community Edition](https://semgrep.dev/docs/getting-started/)** (LGPL-2.1, optional) — only needed for checks that use Semgrep discovery
45
+ - **[OpenAnt](https://github.com/knostic/OpenAnt/)** (Apache-2.0, optional) + **Python 3.11+** only needed for checks that use OpenAnt discovery
46
+ - **Anthropic API key** — for AI-based checks (not needed for static checks)
46
47
 
47
48
  ## Installation
48
49
 
@@ -95,6 +96,7 @@ Results are structured JSON (or SARIF) with per-check status and detailed issues
95
96
  ## Documentation
96
97
 
97
98
  - [Getting Started](docs/getting-started.md) — installation, setup, and first scan
99
+ - [Trying It Out](docs/trying-it-out.md) — example checks walkthrough and first scan guide
98
100
  - [Scanning](docs/scanning.md) — scan command options, environment variables, output formats
99
101
  - [Creating Checks](docs/creating-checks.md) — scaffolding new security checks
100
102
  - [Configuration Reference](docs/configuration.md) — check schemas, check types, runtime config
package/config/prompts/generic-instructions.md CHANGED
@@ -3,10 +3,12 @@ GENERIC INSTRUCTIONS:
3
3
  You are performing a SPECIFIC security check as defined in the CHECK INSTRUCTIONS below.
4
4
 
5
5
  IMPORTANT:
6
+ - All file paths are relative to your working directory. Use them directly with the Read tool (e.g., Read "src/routes/handler.ts"). Do NOT prepend "/" or construct absolute paths.
6
7
  - Focus ONLY on what the CHECK INSTRUCTIONS ask you to validate
7
8
  - Do NOT perform general security testing or look for unrelated vulnerabilities
8
9
  - Do NOT report issues outside the scope of the specific check
9
10
  - Follow the CHECK INSTRUCTIONS exactly as written
11
+ - Be efficient — read only the files necessary to complete the check. Do not exhaustively explore the entire codebase.
10
12
 
11
13
  OUTPUT FORMAT:
12
14
 
package/config/prompts/openant-security-instructions.md ADDED
@@ -0,0 +1,94 @@
1
+ GENERIC INSTRUCTIONS:
2
+
3
+ You are performing a security review of a specific code unit within a live codebase that you can browse.
4
+ Your job is to read the actual source code, follow the data flow, and determine whether the unit
5
+ contains real, exploitable security vulnerabilities. Form your own independent judgment based on the code.
6
+
7
+ IMPORTANT:
8
+ - All file paths in the UNIT DETAILS section are relative to your working directory. Use them directly (e.g., Read "routes/orders.js"). Do NOT prepend "/" or construct absolute paths.
9
+ - START by reading the target file at the specified location using your file-reading tools
10
+ - USE the caller/callee metadata to trace data flow — read those functions to understand how input reaches this code and where output goes
11
+ - Be efficient — once you have enough information from the target file and 1-2 direct dependencies, stop and report. Do not exhaustively explore the entire codebase.
12
+ - If no issues are found, return {"issues": []} immediately — do not keep searching for problems.
13
+ - Report issues ONLY for the target unit location — do not report unrelated issues found while browsing
14
+
15
+ ANALYSIS APPROACH:
16
+
17
+ For each code unit, ask yourself:
18
+ - What can an attacker control? (request body, URL params, headers, query strings)
19
+ - Where does that input end up? (database queries, HTTP requests, file operations, authorization decisions)
20
+ - What guarantees does the code assume but not enforce? (atomicity, ownership, trust boundaries, data types)
21
+ - Are multi-step operations safe if executed concurrently by multiple users?
22
+
23
+ BEFORE REPORTING — VALIDATE EACH FINDING:
24
+
25
+ Before including any issue in your response, you MUST be able to answer YES to all of these:
26
+ 1. Can I construct a specific HTTP request (or sequence of requests) that triggers this vulnerability?
27
+ 2. After the exploit, what specific harm has occurred? Name ONE of: unauthorized data accessed, unauthorized action performed, authentication/authorization bypassed, server made to contact an attacker-controlled or internal endpoint, arbitrary code/query executed. If the harm is only "bad data in a database" (wrong types, negative numbers) with no further security consequence in this codebase, it is NOT a finding.
28
+ 3. Does the exploit work against THIS codebase as written — including all middleware, route registrations, and existing validation? Do not ignore protections that exist outside the function body (e.g., middleware applied at route registration time).
29
+
30
+ If you cannot answer YES to all three, do not report the issue.
31
+
32
+ WHAT COUNTS AS A FINDING:
33
+
34
+ Only report vulnerabilities that meet ALL of these criteria:
35
+ - The vulnerability is exploitable by an attacker who can reach the endpoint (not just theoretical)
36
+ - The vulnerability leads to a concrete security impact (data breach, unauthorized access, privilege escalation, code execution, etc.)
37
+ - The vulnerability exists in the code AS WRITTEN — do not speculate about missing features, future code, or how the code might be used differently
38
+ - The impact is demonstrated end-to-end in THIS codebase — not dependent on hypothetical downstream consumers of stored data
39
+
40
+ Do NOT report:
41
+ - Missing input validation that has no security impact (e.g., missing length checks, type checks, or negative number checks unless they lead to a specific exploit like bypassing authorization)
42
+ - Information disclosure via error messages (e.g., leaking product names or stock counts in error responses) unless it exposes credentials or secrets
43
+ - Missing rate limiting or DoS concerns — these are operational, not application security vulnerabilities
44
+ - Code quality issues, defense-in-depth suggestions, or best-practice violations
45
+ - Vulnerabilities that require the attacker to already have the access they would gain (e.g., admin-only endpoint lacks additional validation)
46
+
47
+ OUTPUT FORMAT:
48
+
49
+ Return your findings in the following JSON format:
50
+
51
+ {
52
+ "issues": [
53
+ {
54
+ "file": "relative/path/to/file.ts",
55
+ "startLine": 40,
56
+ "endLine": 45,
57
+ "description": "Detailed explanation (see requirements below)",
58
+ "dataFlow": [
59
+ { "file": "src/routes/handler.ts", "lineNumber": 12, "label": "User input received from request parameter" },
60
+ { "file": "src/services/query.ts", "lineNumber": 38, "label": "Input passed to SQL query without sanitization" }
61
+ ]
62
+ }
63
+ ]
64
+ }
65
+
66
+ DESCRIPTION FORMATTING REQUIREMENTS:
67
+
68
+ Your description field MUST be detailed and well-structured:
69
+ - Use markdown formatting with headings (## Heading), bullet points, code blocks
70
+ - Use \n for line breaks to create structured, readable content
71
+ - Include an "Attack Scenario" section demonstrating exploitation
72
+ - Include a "Recommendation" section with specific remediation steps
73
+
74
+ DATA FLOW REQUIREMENTS:
75
+
76
+ When the issue involves data flowing through multiple locations (e.g., user input reaching a dangerous sink), include a "dataFlow" array. Each step represents a point in the call stack or data flow:
77
+ - "file": relative path to the source file
78
+ - "lineNumber": the line number at that step
79
+ - "label": a short description of what happens at this point (e.g., "User input received", "Passed to database query")
80
+ - Order steps from source (e.g., user input) to sink (e.g., SQL execution)
81
+ - Omit "dataFlow" entirely if the issue is localized to a single location
82
+
83
+ CRITICAL: Return ONLY valid JSON. No markdown code blocks, no explanations outside the JSON.
84
+
85
+ If no issues found, return: {"issues": []}
86
+
87
+ If a UNIT DETAILS section appears at the end of this prompt, analyze ONLY that code unit.
88
+
89
+ If CHECK INSTRUCTIONS appear below, follow them to narrow your analysis to a specific vulnerability class.
90
+
91
+ ---
92
+
93
+ CHECK INSTRUCTIONS:
94
+
package/config/prompts/sarif-validation-instructions.md ADDED
@@ -0,0 +1,58 @@
1
+ GENERIC INSTRUCTIONS:
2
+
3
+ You are validating a security finding reported by an external tool. Your task is to determine whether this finding is a TRUE POSITIVE (real vulnerability) or a FALSE POSITIVE (not actually vulnerable).
4
+
5
+ IMPORTANT:
6
+ - All file paths are relative to your working directory. Use them directly with the Read tool (e.g., Read "src/routes/handler.ts"). Do NOT prepend "/" or construct absolute paths.
7
+ - Focus ONLY on validating the specific finding described below
8
+ - Read the actual code at the specified location and surrounding context
9
+ - Consider the full context: data flow, sanitization, framework protections, etc.
10
+ - Be efficient — read only the files necessary to validate the finding.
11
+ - If TRUE POSITIVE (real vulnerability), return it as an issue with your own detailed description
12
+ - If FALSE POSITIVE (not actually vulnerable), return {"issues": []}
13
+ - Do NOT search for or report other vulnerabilities — only validate the specific finding
14
+
15
+ OUTPUT FORMAT:
16
+
17
+ Return your findings in the following JSON format:
18
+
19
+ {
20
+ "issues": [
21
+ {
22
+ "file": "relative/path/to/file.ts",
23
+ "startLine": 40,
24
+ "endLine": 45,
25
+ "description": "Detailed explanation (see requirements below)",
26
+ "dataFlow": [
27
+ { "file": "src/routes/handler.ts", "lineNumber": 12, "label": "User input received from request parameter" },
28
+ { "file": "src/services/query.ts", "lineNumber": 38, "label": "Input passed to SQL query without sanitization" }
29
+ ]
30
+ }
31
+ ]
32
+ }
33
+
34
+ DESCRIPTION FORMATTING REQUIREMENTS:
35
+
36
+ Your description field MUST be detailed and well-structured:
37
+ - Use markdown formatting with headings (## Heading), bullet points, code blocks
38
+ - Use \n for line breaks to create structured, readable content
39
+ - Include an "Attack Scenario" section demonstrating exploitation
40
+ - Include a "Recommendation" section with specific remediation steps
41
+
42
+ DATA FLOW REQUIREMENTS:
43
+
44
+ When the issue involves data flowing through multiple locations (e.g., user input reaching a dangerous sink), include a "dataFlow" array. Each step represents a point in the call stack or data flow:
45
+ - "file": relative path to the source file
46
+ - "lineNumber": the line number at that step
47
+ - "label": a short description of what happens at this point (e.g., "User input received", "Passed to database query")
48
+ - Order steps from source (e.g., user input) to sink (e.g., SQL execution)
49
+ - Omit "dataFlow" entirely if the issue is localized to a single location
50
+
51
+ CRITICAL: Return ONLY valid JSON. No markdown code blocks, no explanations outside the JSON.
52
+
53
+ If the finding is a false positive (not actually vulnerable), return: {"issues": []}
54
+
55
+ ---
56
+
57
+ ADDITIONAL CONTEXT:
58
+
package/dist/check-library.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"check-library.d.ts","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,eAAe,EAChB,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,kBAAkB,EAAE,CAAC;CAC9B;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA0DjF;AAID;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CA8E3F;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CA2B9B;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,aAAa,EACvB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAChC,OAAO,CAAC,aAAa,EAAE,CAAC,CAmD1B;AAID,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAiChF;AAID,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,CAyB3B;AAKD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,aAAa,EACpB,aAAa,EAAE,MAAM,GACpB,OAAO,CAcT;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,EAAE,MAAM,GACpB,aAAa,EAAE,CAIjB;AAID;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,CAoB7E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC,CAgBvB;AAOD;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EAAE,EACf,eAAe,CAAC,EAAE,MAAM,EAAE,GACzB,MAAM,EAAE,CAOV;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,CAAC,EAAE,MAAM,EAAE,GACvB,MAAM,EAAE,CAOV;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EAAE,EACf,KAAK,EAAE,aAAa,GACnB,MAAM,EAAE,CAGV"}
1
+ {"version":3,"file":"check-library.d.ts","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,eAAe,EAChB,MAAM,YAAY,CAAC;AAKpB,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,kBAAkB,EAAE,CAAC;CAC9B;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA0DjF;AAID;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAiI3F;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CA2B9B;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,aAAa,EACvB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAChC,OAAO,CAAC,aAAa,EAAE,CAAC,CAoD1B;AAID,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAiChF;AAID,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,CA6B3B;AAKD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,aAAa,EACpB,aAAa,EAAE,MAAM,GACpB,OAAO,CAcT;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,EAAE,MAAM,GACpB,aAAa,EAAE,CAIjB;AAID;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,CAoB7E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC,CAgBvB;AAOD;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EAAE,EACf,eAAe,CAAC,EAAE,MAAM,EAAE,GACzB,MAAM,EAAE,CAOV;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,CAAC,EAAE,MAAM,EAAE,GACvB,MAAM,EAAE,CAOV;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EAAE,EACf,KAAK,EAAE,aAAa,GACnB,MAAM,EAAE,CAGV"}
package/dist/check-library.js CHANGED
@@ -8,6 +8,7 @@ import { readFile, readdir, access, constants } from 'node:fs/promises';
8
8
  import { resolve, join, basename } from 'node:path';
9
9
  import picomatch from 'picomatch';
10
10
  import { normalizeRepoPath } from './repository-analyzer.js';
11
+ import { getCheckType, getValidCheckTypes } from './check-types.js';
11
12
  /**
12
13
  * Load and parse the Layer 1 registry from <configDir>/checks-config.json.
13
14
  * Throws on missing file, malformed JSON, or invalid structure.
@@ -97,6 +98,9 @@ export async function loadCheckDefinition(checkFolderPath) {
97
98
  if (obj.confidence !== undefined && typeof obj.confidence !== 'string') {
98
99
  throw new Error(`Check definition "${defPath}": "confidence" must be a string`);
99
100
  }
101
+ if (obj.model !== undefined && typeof obj.model !== 'string') {
102
+ throw new Error(`Check definition "${defPath}": "model" must be a string`);
103
+ }
100
104
  if (obj.applicablePaths !== undefined && !Array.isArray(obj.applicablePaths)) {
101
105
  throw new Error(`Check definition "${defPath}": "applicablePaths" must be an array`);
102
106
  }
@@ -108,7 +112,7 @@ export async function loadCheckDefinition(checkFolderPath) {
108
112
  throw new Error(`Check definition "${defPath}": "checkTarget" must be an object`);
109
113
  }
110
114
  const ct = obj.checkTarget;
111
- const validTypes = ['semgrep', 'semgrep-only', 'repository'];
115
+ const validTypes = getValidCheckTypes();
112
116
  if (typeof ct.type !== 'string' || !validTypes.includes(ct.type)) {
113
117
  throw new Error(`Check definition "${defPath}": "checkTarget.type" must be one of: ${validTypes.join(', ')}`);
114
118
  }
@@ -124,11 +128,55 @@ export async function loadCheckDefinition(checkFolderPath) {
124
128
  if (ct.concurrency !== undefined && (typeof ct.concurrency !== 'number' || ct.concurrency <= 0 || !Number.isInteger(ct.concurrency))) {
125
129
  throw new Error(`Check definition "${defPath}": "checkTarget.concurrency" must be a positive integer`);
126
130
  }
131
+ // Validate discovery field for targeted/static types
132
+ if (ct.type === 'targeted' || ct.type === 'static') {
133
+ const validDiscoveries = ct.type === 'targeted' ? ['semgrep', 'openant', 'sarif'] : ['semgrep'];
134
+ if (typeof ct.discovery !== 'string' || !validDiscoveries.includes(ct.discovery)) {
135
+ throw new Error(`Check definition "${defPath}": "checkTarget.discovery" is required for type "${ct.type}" and must be one of: ${validDiscoveries.join(', ')}`);
136
+ }
137
+ }
138
+ if (ct.sarifFile !== undefined && typeof ct.sarifFile !== 'string') {
139
+ throw new Error(`Check definition "${defPath}": "checkTarget.sarifFile" must be a string`);
140
+ }
141
+ if (ct.discovery === 'sarif' && !ct.sarifFile) {
142
+ throw new Error(`Check definition "${defPath}": "checkTarget.sarifFile" is required when discovery is "sarif"`);
143
+ }
144
+ // Validate openant filter config
145
+ if (ct.openant !== undefined) {
146
+ if (typeof ct.openant !== 'object' || ct.openant === null) {
147
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant" must be an object`);
148
+ }
149
+ const oa = ct.openant;
150
+ if (oa.unitTypes !== undefined && !Array.isArray(oa.unitTypes)) {
151
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant.unitTypes" must be an array`);
152
+ }
153
+ if (oa.excludeUnitTypes !== undefined && !Array.isArray(oa.excludeUnitTypes)) {
154
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant.excludeUnitTypes" must be an array`);
155
+ }
156
+ if (oa.securityClassifications !== undefined && !Array.isArray(oa.securityClassifications)) {
157
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant.securityClassifications" must be an array`);
158
+ }
159
+ if (oa.reachableOnly !== undefined && typeof oa.reachableOnly !== 'boolean') {
160
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant.reachableOnly" must be a boolean`);
161
+ }
162
+ if (oa.entryPointsOnly !== undefined && typeof oa.entryPointsOnly !== 'boolean') {
163
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant.entryPointsOnly" must be a boolean`);
164
+ }
165
+ if (oa.minConfidence !== undefined && (typeof oa.minConfidence !== 'number' || oa.minConfidence < 0 || oa.minConfidence > 1)) {
166
+ throw new Error(`Check definition "${defPath}": "checkTarget.openant.minConfidence" must be a number between 0 and 1`);
167
+ }
168
+ }
127
169
  }
128
170
  const def = parsed;
129
- // instructionsFile is required for all check types except semgrep-only
130
- if (def.checkTarget?.type !== 'semgrep-only' && !def.instructionsFile) {
131
- throw new Error(`Check definition "${defPath}" is missing required field "instructionsFile" (required for non-semgrep-only checks)`);
171
+ // instructionsFile is required for check types where needsInstructions is true,
172
+ // UNLESS the discovery type provides a self-contained generic prompt.
173
+ // Discovery types with self-contained prompts (openant, sarif) don't need instructions.
174
+ const SELF_CONTAINED_DISCOVERIES = new Set(['openant', 'sarif']);
175
+ const discoveryIsSelfContained = def.checkTarget?.discovery
176
+ ? SELF_CONTAINED_DISCOVERIES.has(def.checkTarget.discovery)
177
+ : false;
178
+ if (getCheckType(def.checkTarget?.type).needsInstructions && !discoveryIsSelfContained && !def.instructionsFile) {
179
+ throw new Error(`Check definition "${defPath}" is missing required field "instructionsFile"`);
132
180
  }
133
181
  return def;
134
182
  }
@@ -192,6 +240,8 @@ export async function resolveChecks(registry, checkFolders) {
192
240
  merged.severity = def.severity;
193
241
  if (def.confidence)
194
242
  merged.confidence = def.confidence;
243
+ if (def.model)
244
+ merged.model = def.model;
195
245
  if (def.applicablePaths)
196
246
  merged.applicablePaths = def.applicablePaths;
197
247
  if (def.excludedPaths)
@@ -251,9 +301,13 @@ export async function validateCheck(check, basePath) {
251
301
  if (!check.id || typeof check.id !== 'string' || check.id.trim() === '') {
252
302
  errors.push('Check is missing a valid "id" field');
253
303
  }
254
- // semgrep-only checks don't need an instructionsFile
255
- if (check.checkTarget?.type === 'semgrep-only') {
256
- // No instructionsFile validation needed
304
+ // Discovery types with self-contained generic prompts don't need instructions
305
+ const SELF_CONTAINED_DISCOVERIES_V = new Set(['openant', 'sarif']);
306
+ const discoverySelfContained = check.checkTarget?.discovery
307
+ ? SELF_CONTAINED_DISCOVERIES_V.has(check.checkTarget.discovery)
308
+ : false;
309
+ if (!getCheckType(check.checkTarget?.type).needsInstructions || discoverySelfContained) {
310
+ // No instructionsFile validation needed for this check type/discovery
257
311
  }
258
312
  else if (!check.instructionsFile) {
259
313
  errors.push('Check is missing required "instructionsFile" field');
package/dist/check-library.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"check-library.js","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,SAAS,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAc7D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAiB;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC5D,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,MAAM,GAAI,MAAkC,CAAC,MAAmB,CAAC;IACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,qBAAqB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACjD,IAAI,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;YACnG,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,MAAuB,CAAC;AACjC,CAAC;AAED,qCAAqC;AAErC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,eAAuB;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,CAAC;IAC9E,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,oCAAoC,OAAO,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC1G,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,sCAAsC,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,GAAG,CAAC,gBAAgB,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wCAAwC,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,gCAAgC,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kCAAkC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,uCAAuC,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,EAAE,GAAG,GAAG,CAAC,WAAsC,CAAC;QACtD,MAAM,UAAU,GAAG,CAAC,SAAS,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;QAC7D,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChH,CAAC;QACD,IAAI,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kDAAkD,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,EAAE,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,0CAA0C,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,EAAE,CAAC,UAAU,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACjI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wDAAwD,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,WAAW,KAAK,QAAQ,IAAI,EAAE,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACrI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yDAAyD,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,MAAyB,CAAC;IAEtC,uEAAuE;IACvE,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,KAAK,cAAc,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,uFAAuF,CACpH,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAoB;IAEpB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;YACjC,SAAS;QACX,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACpC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC5C,0BAA0B;gBAC1B,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;gBAClD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAuB,EACvB,YAAiC;IAEjC,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,UAAU,KAAK,CAAC,EAAE,gFAAgF,CACnG,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,GAAG,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,oCAAoC,KAAK,CAAC,EAAE,SAAS,KAAK,CAAC,EAAE,cAAc,GAAG,CAAC,EAAE,GAAG,CACrF,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,MAAM,GAAkB;YAC5B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS;YAC9F,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,UAAU;SACrB,CAAC;QAEF,IAAI,GAAG,CAAC,QAAQ;YAAE,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QACjD,IAAI,GAAG,CAAC,UAAU;YAAE,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QACvD,IAAI,GAAG,CAAC,eAAe;YAAE,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;QACtE,IAAI,GAAG,CAAC,aAAa;YAAE,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QAEhE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC5C,+CAA+C;YAC/C,IAAI,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC;gBACvC,MAAM,CAAC,WAAW,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBAC7C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC1C,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC9B,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB;IACjD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,OAAO,MAA4B,CAAC;AACtC,CAAC;AASD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAoB,EACpB,QAAgB;IAEhB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IAED,qDAAqD;IACrD,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,cAAc,EAAE,CAAC;QAC/C,wCAAwC;IAC1C,CAAC;SAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,wEAAwE;QACxE,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CACT,sBAAsB,KAAK,CAAC,gBAAgB,mBAAmB,gBAAgB,GAAG,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,yCAAyC;AAEzC,uEAAuE;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAoB,EACpB,aAAqB;IAErB,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAExD,OAAO,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,CACL,cAAc,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5C,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC7C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAuB,EACvB,aAAqB;IAErB,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC;SAC1C,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,sBAAsB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,EAAU,EAAE,QAAgB;IAC7D,sCAAsC;IACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;IAE/D,8CAA8C;IAC9C,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAClC,kDAAkD,CACnD,CAAC;IACF,IAAI,aAAa,EAAE,CAAC;QAClB,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,EAAE;QACF,IAAI;QACJ,QAAQ;QACR,OAAO,EAAE,QAAQ;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAoB,EACpB,QAAgB;IAEhB,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,CAAC,EAAE,2BAA2B,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qCAAqC,KAAK,CAAC,gBAAgB,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnH,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,OAAO,kBAAkB,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,yBAAyB;AACzB,8EAA8E;AAC9E,0EAA0E;AAC1E,uEAAuE;AAEvE;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe,EACf,eAA0B;IAE1B,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAe,EACf,aAAwB;IAExB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAe,EACf,KAAoB;IAEpB,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACvE,OAAO,mBAAmB,CAAC,UAAU,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC"}
1
+ {"version":3,"file":"check-library.js","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,SAAS,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAO7D,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAQpE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAiB;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC5D,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,MAAM,GAAI,MAAkC,CAAC,MAAmB,CAAC;IACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,qBAAqB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACjD,IAAI,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;YACnG,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,MAAuB,CAAC;AACjC,CAAC;AAED,qCAAqC;AAErC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,eAAuB;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,CAAC;IAC9E,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,oCAAoC,OAAO,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC1G,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,sCAAsC,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,GAAG,CAAC,gBAAgB,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wCAAwC,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,gCAAgC,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kCAAkC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,6BAA6B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,uCAAuC,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,EAAE,GAAG,GAAG,CAAC,WAAsC,CAAC;QACtD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;QACxC,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChH,CAAC;QACD,IAAI,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kDAAkD,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,EAAE,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,0CAA0C,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,EAAE,CAAC,UAAU,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACjI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wDAAwD,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,WAAW,KAAK,QAAQ,IAAI,EAAE,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACrI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yDAAyD,CAAC,CAAC;QACzG,CAAC;QACD,qDAAqD;QACrD,IAAI,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,gBAAgB,GAAG,EAAE,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAChG,IAAI,OAAO,EAAE,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjF,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,oDAAoD,EAAE,CAAC,IAAI,yBAAyB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9I,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,EAAE,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,6CAA6C,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,EAAE,CAAC,SAAS,KAAK,OAAO,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,kEAAkE,CAC/F,CAAC;QACJ,CAAC;QACD,iCAAiC;QACjC,IAAI,EAAE,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,IAAI,EAAE,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;gBAC1D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,4CAA4C,CAAC,CAAC;YAC5F,CAAC;YACD,MAAM,EAAE,GAAG,EAAE,CAAC,OAAkC,CAAC;YACjD,IAAI,EAAE,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,qDAAqD,CAAC,CAAC;YACrG,CAAC;YACD,IAAI,EAAE,CAAC,gBAAgB,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC7E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,4DAA4D,CAAC,CAAC;YAC5G,CAAC;YACD,IAAI,EAAE,CAAC,uBAAuB,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBAC3F,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,mEAAmE,CAAC,CAAC;YACnH,CAAC;YACD,IAAI,EAAE,CAAC,aAAa,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,0DAA0D,CAAC,CAAC;YAC1G,CAAC;YACD,IAAI,EAAE,CAAC,eAAe,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAChF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,4DAA4D,CAAC,CAAC;YAC5G,CAAC;YACD,IAAI,EAAE,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,aAAa,KAAK,QAAQ,IAAI,EAAE,CAAC,aAAa,GAAG,CAAC,IAAI,EAAE,CAAC,aAAa,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC7H,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yEAAyE,CAAC,CAAC;YACzH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,MAAyB,CAAC;IAEtC,gFAAgF;IAChF,sEAAsE;IACtE,wFAAwF;IACxF,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACjE,MAAM,wBAAwB,GAAG,GAAG,CAAC,WAAW,EAAE,SAAS;QACzD,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC;QAC3D,CAAC,CAAC,KAAK,CAAC;IACV,IAAI,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,iBAAiB,IAAI,CAAC,wBAAwB,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAChH,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,gDAAgD,CAC7E,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAoB;IAEpB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;YACjC,SAAS;QACX,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACpC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC5C,0BAA0B;gBAC1B,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;gBAClD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAuB,EACvB,YAAiC;IAEjC,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,UAAU,KAAK,CAAC,EAAE,gFAAgF,CACnG,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,GAAG,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,oCAAoC,KAAK,CAAC,EAAE,SAAS,KAAK,CAAC,EAAE,cAAc,GAAG,CAAC,EAAE,GAAG,CACrF,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,MAAM,GAAkB;YAC5B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS;YAC9F,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,UAAU;SACrB,CAAC;QAEF,IAAI,GAAG,CAAC,QAAQ;YAAE,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QACjD,IAAI,GAAG,CAAC,UAAU;YAAE,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QACvD,IAAI,GAAG,CAAC,KAAK;YAAE,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxC,IAAI,GAAG,CAAC,eAAe;YAAE,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;QACtE,IAAI,GAAG,CAAC,aAAa;YAAE,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QAEhE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC5C,+CAA+C;YAC/C,IAAI,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC;gBACvC,MAAM,CAAC,WAAW,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBAC7C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC1C,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC9B,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB;IACjD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,OAAO,MAA4B,CAAC;AACtC,CAAC;AASD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAoB,EACpB,QAAgB;IAEhB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IAED,8EAA8E;IAC9E,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACnE,MAAM,sBAAsB,GAAG,KAAK,CAAC,WAAW,EAAE,SAAS;QACzD,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC;QAC/D,CAAC,CAAC,KAAK,CAAC;IACV,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,iBAAiB,IAAI,sBAAsB,EAAE,CAAC;QACvF,sEAAsE;IACxE,CAAC;SAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,wEAAwE;QACxE,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CACT,sBAAsB,KAAK,CAAC,gBAAgB,mBAAmB,gBAAgB,GAAG,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,yCAAyC;AAEzC,uEAAuE;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAoB,EACpB,aAAqB;IAErB,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAExD,OAAO,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,CACL,cAAc,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5C,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC7C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAuB,EACvB,aAAqB;IAErB,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC;SAC1C,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,sBAAsB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,EAAU,EAAE,QAAgB;IAC7D,sCAAsC;IACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;IAE/D,8CAA8C;IAC9C,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAClC,kDAAkD,CACnD,CAAC;IACF,IAAI,aAAa,EAAE,CAAC;QAClB,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,EAAE;QACF,IAAI;QACJ,QAAQ;QACR,OAAO,EAAE,QAAQ;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAoB,EACpB,QAAgB;IAEhB,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,CAAC,EAAE,2BAA2B,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qCAAqC,KAAK,CAAC,gBAAgB,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnH,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,OAAO,kBAAkB,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,yBAAyB;AACzB,8EAA8E;AAC9E,0EAA0E;AAC1E,uEAAuE;AAEvE;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe,EACf,eAA0B;IAE1B,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAe,EACf,aAAwB;IAExB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAe,EACf,KAAoB;IAEpB,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACvE,OAAO,mBAAmB,CAAC,UAAU,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC"}
package/dist/check-types.d.ts ADDED
@@ -0,0 +1,35 @@
1
+ /**
2
+ * Check type descriptor system.
3
+ *
4
+ * Each check type declares its characteristics (needs AI, needs instructions, etc.)
5
+ * in one place. Code throughout the codebase queries these descriptors instead
6
+ * of comparing raw type strings.
7
+ *
8
+ * Check types describe *execution mode* (what happens with targets).
9
+ * Discovery type (how targets are found) is a separate axis — see src/discovery.ts.
10
+ */
11
+ /** Characteristics of a check type. */
12
+ export interface CheckTypeDescriptor {
13
+ /** The string value used in check definitions. */
14
+ readonly type: string;
15
+ /** Whether the check requires an AI provider. */
16
+ readonly needsAI: boolean;
17
+ /** Whether the check requires an instructions markdown file. */
18
+ readonly needsInstructions: boolean;
19
+ /** Whether the check supports maxTargets (multi-target checks). */
20
+ readonly supportsMaxTargets: boolean;
21
+ }
22
+ /**
23
+ * Get the descriptor for a check type string.
24
+ * Returns conservative defaults for unknown/undefined types.
25
+ */
26
+ export declare function getCheckType(type: string | undefined): CheckTypeDescriptor;
27
+ /** All valid check type strings. */
28
+ export declare function getValidCheckTypes(): string[];
29
+ /** Check type string constants for use in routing (scan-runner switch). */
30
+ export declare const CHECK_TYPE: {
31
+ readonly REPOSITORY: string;
32
+ readonly TARGETED: string;
33
+ readonly STATIC: string;
34
+ };
35
+ //# sourceMappingURL=check-types.d.ts.map
package/dist/check-types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"check-types.d.ts","sourceRoot":"","sources":["../src/check-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,uCAAuC;AACvC,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,gEAAgE;IAChE,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,mEAAmE;IACnE,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;CACtC;AA6CD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,mBAAmB,CAG1E;AAED,oCAAoC;AACpC,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED,2EAA2E;AAC3E,eAAO,MAAM,UAAU;;;;CAIb,CAAC"}
package/dist/check-types.js ADDED
@@ -0,0 +1,66 @@
1
+ /**
2
+ * Check type descriptor system.
3
+ *
4
+ * Each check type declares its characteristics (needs AI, needs instructions, etc.)
5
+ * in one place. Code throughout the codebase queries these descriptors instead
6
+ * of comparing raw type strings.
7
+ *
8
+ * Check types describe *execution mode* (what happens with targets).
9
+ * Discovery type (how targets are found) is a separate axis — see src/discovery.ts.
10
+ */
11
+ // --- Check Type Definitions ---
12
+ const REPOSITORY = {
13
+ type: 'repository',
14
+ needsAI: true,
15
+ needsInstructions: true,
16
+ supportsMaxTargets: false,
17
+ };
18
+ const TARGETED = {
19
+ type: 'targeted',
20
+ needsAI: true,
21
+ needsInstructions: true,
22
+ supportsMaxTargets: true,
23
+ };
24
+ const STATIC = {
25
+ type: 'static',
26
+ needsAI: false,
27
+ needsInstructions: false,
28
+ supportsMaxTargets: true,
29
+ };
30
+ /** All registered check types, keyed by their type string. */
31
+ const CHECK_TYPES = new Map([
32
+ [REPOSITORY.type, REPOSITORY],
33
+ [TARGETED.type, TARGETED],
34
+ [STATIC.type, STATIC],
35
+ ]);
36
+ /**
37
+ * Default descriptor used when the type is unknown or undefined.
38
+ * Conservative defaults: requires AI and instructions (the common case).
39
+ */
40
+ const DEFAULT_DESCRIPTOR = {
41
+ type: '',
42
+ needsAI: true,
43
+ needsInstructions: true,
44
+ supportsMaxTargets: false,
45
+ };
46
+ // --- Public API ---
47
+ /**
48
+ * Get the descriptor for a check type string.
49
+ * Returns conservative defaults for unknown/undefined types.
50
+ */
51
+ export function getCheckType(type) {
52
+ if (!type)
53
+ return DEFAULT_DESCRIPTOR;
54
+ return CHECK_TYPES.get(type) ?? DEFAULT_DESCRIPTOR;
55
+ }
56
+ /** All valid check type strings. */
57
+ export function getValidCheckTypes() {
58
+ return [...CHECK_TYPES.keys()];
59
+ }
60
+ /** Check type string constants for use in routing (scan-runner switch). */
61
+ export const CHECK_TYPE = {
62
+ REPOSITORY: REPOSITORY.type,
63
+ TARGETED: TARGETED.type,
64
+ STATIC: STATIC.type,
65
+ };
66
+ //# sourceMappingURL=check-types.js.map
package/dist/check-types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"check-types.js","sourceRoot":"","sources":["../src/check-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAcH,iCAAiC;AAEjC,MAAM,UAAU,GAAwB;IACtC,IAAI,EAAE,YAAY;IAClB,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,IAAI;IACvB,kBAAkB,EAAE,KAAK;CAC1B,CAAC;AAEF,MAAM,QAAQ,GAAwB;IACpC,IAAI,EAAE,UAAU;IAChB,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,IAAI;IACvB,kBAAkB,EAAE,IAAI;CACzB,CAAC;AAEF,MAAM,MAAM,GAAwB;IAClC,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,KAAK;IACd,iBAAiB,EAAE,KAAK;IACxB,kBAAkB,EAAE,IAAI;CACzB,CAAC;AAEF,8DAA8D;AAC9D,MAAM,WAAW,GAA6C,IAAI,GAAG,CAAC;IACpE,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC;IAC7B,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACzB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;CACtB,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,kBAAkB,GAAwB;IAC9C,IAAI,EAAE,EAAE;IACR,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,IAAI;IACvB,kBAAkB,EAAE,KAAK;CAC1B,CAAC;AAEF,qBAAqB;AAErB;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAwB;IACnD,IAAI,CAAC,IAAI;QAAE,OAAO,kBAAkB,CAAC;IACrC,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC;AACrD,CAAC;AAED,oCAAoC;AACpC,MAAM,UAAU,kBAAkB;IAChC,OAAO,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,2EAA2E;AAC3E,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,UAAU,EAAE,UAAU,CAAC,IAAI;IAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI;IACvB,MAAM,EAAE,MAAM,CAAC,IAAI;CACX,CAAC"}
package/dist/claude-code-provider.d.ts CHANGED
@@ -19,8 +19,11 @@ export declare class ClaudeCodeProvider implements AIProvider {
19
19
  });
20
20
  initialize(config: ProviderConfig): Promise<void>;
21
21
  getModelName(): string;
22
+ setModel(model: string): void;
22
23
  enableDebug(): void;
23
- executeCheck(instructions: string, repositoryPath: string, logPrefix?: string): Promise<AIResponse>;
24
+ executeCheck(instructions: string, repositoryPath: string, logPrefix?: string, options?: {
25
+ maxTurns?: number;
26
+ }): Promise<AIResponse>;
24
27
  validateConfig(): Promise<boolean>;
25
28
  }
26
29
  //# sourceMappingURL=claude-code-provider.d.ts.map
package/dist/claude-code-provider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"claude-code-provider.d.ts","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAA6B,MAAM,YAAY,CAAC;AASpG,gEAAgE;AAChE,MAAM,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC,KAAK,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAsC7C,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,KAAK,CAA4B;IACzC,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,YAAY,CAAkB;gBAE1B,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE;IAItC,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBvD,YAAY,IAAI,MAAM;IAItB,WAAW,IAAI,IAAI;IAIb,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,UAAU,CAAC;IA6LhB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;CAGzC"}
1
+ {"version":3,"file":"claude-code-provider.d.ts","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAA6B,MAAM,YAAY,CAAC;AAUpG,gEAAgE;AAChE,MAAM,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC,KAAK,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAsC7C,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,KAAK,CAA4B;IACzC,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,YAAY,CAAkB;gBAE1B,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE;IAItC,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBvD,YAAY,IAAI,MAAM;IAItB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI7B,WAAW,IAAI,IAAI;IAIb,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAC9B,OAAO,CAAC,UAAU,CAAC;IA4MhB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;CAGzC"}
package/dist/claude-code-provider.js CHANGED
@@ -8,6 +8,7 @@ import { logProgress, logDebug, logDebugFull, createTimer } from './logging.js';
8
8
  const TAG = 'ai-provider';
9
9
  const HEARTBEAT_INTERVAL_MS = 15000; // Log heartbeat every 15s if no activity
10
10
  const MAX_API_ERROR_RETRIES = 3; // Fail after this many consecutive API errors
11
+ const MAX_ERROR_DETECTION_LENGTH = 200; // Only check short text chunks for SDK error patterns — longer text is AI analysis content
11
12
  // JSON schema for structured output (matches spec Section 4.4)
12
13
  const OUTPUT_SCHEMA = {
13
14
  type: 'object',
@@ -60,7 +61,7 @@ export class ClaudeCodeProvider {
60
61
  this.model = config.model;
61
62
  }
62
63
  if (!this.apiKey && !this.useLocalClaude) {
63
- throw new Error('ANTHROPIC_API_KEY is required (or set AGHAST_LOCAL_CLAUDE=true to use your local Claude Code session)');
64
+ throw new Error('ANTHROPIC_API_KEY is required');
64
65
  }
65
66
  if (this.useLocalClaude) {
66
67
  logProgress(TAG, 'Using local Claude Code session for authentication');
@@ -73,15 +74,19 @@ export class ClaudeCodeProvider {
73
74
  getModelName() {
74
75
  return this.model;
75
76
  }
77
+ setModel(model) {
78
+ this.model = model;
79
+ }
76
80
  enableDebug() {
77
81
  this.debugEnabled = true;
78
82
  }
79
- async executeCheck(instructions, repositoryPath, logPrefix) {
83
+ async executeCheck(instructions, repositoryPath, logPrefix, options) {
80
84
  const queryFn = this._queryFn ?? (await import('@anthropic-ai/claude-agent-sdk')).query;
81
85
  const timer = createTimer();
82
86
  const prefix = logPrefix ? `${logPrefix} ` : '';
87
+ const effectiveMaxTurns = options?.maxTurns ?? 100;
83
88
  const prompt = instructions;
84
- logDebug(TAG, `${prefix}Starting query: model=${this.model}, cwd=${repositoryPath}, promptLen=${prompt.length}`);
89
+ logDebug(TAG, `${prefix}Starting query: model=${this.model}, cwd=${repositoryPath}, promptLen=${prompt.length}, maxTurns=${effectiveMaxTurns}`);
85
90
  if (this.debugEnabled) {
86
91
  logDebugFull(TAG, `${prefix}Full prompt sent to AI`, prompt);
87
92
  }
@@ -91,7 +96,7 @@ export class ClaudeCodeProvider {
91
96
  model: this.model,
92
97
  cwd: repositoryPath,
93
98
  allowedTools: ['Read', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch'],
94
- maxTurns: 100,
99
+ maxTurns: effectiveMaxTurns,
95
100
  permissionMode: 'bypassPermissions',
96
101
  outputFormat: {
97
102
  type: 'json_schema',
@@ -150,18 +155,28 @@ export class ClaudeCodeProvider {
150
155
  .filter(Boolean);
151
156
  if (textChunks.length > 0) {
152
157
  logDebug(TAG, `${prefix}Assistant: ${textChunks.join(' | ')}`);
153
- // Detect rate-limit messages fail immediately since retrying won't help
154
- const rateLimitMatch = textChunks.find((t) => /you've hit your limit|rate limit/i.test(t));
158
+ // Error detection: only check short text chunks to avoid matching the AI's
159
+ // own analysis text (e.g., a security finding mentioning "rate limiting").
160
+ // SDK/API error messages are typically short (under 200 chars), while AI analysis
161
+ // text is much longer.
162
+ const shortChunks = textChunks.filter((t) => t.length < MAX_ERROR_DETECTION_LENGTH);
163
+ // Detect rate-limit messages — fail immediately since retrying won't help.
164
+ const rateLimitMatch = shortChunks.find((t) => /you've hit your limit|API Error:\s*429|rate.?limit.?exceeded/i.test(t));
155
165
  if (rateLimitMatch) {
156
166
  throw new FatalProviderError(`AI provider rate limit reached: ${rateLimitMatch}`);
157
167
  }
158
168
  // Detect authentication errors (401) — fail immediately, unrecoverable
159
- const authErrorMatch = textChunks.find((t) => /API Error:\s*401/i.test(t));
169
+ const authErrorMatch = shortChunks.find((t) => /API Error:\s*401/i.test(t));
160
170
  if (authErrorMatch) {
161
171
  throw new FatalProviderError(`AI provider authentication failed (401): ${authErrorMatch}`);
162
172
  }
173
+ // Detect login required — fail immediately, unrecoverable without user action
174
+ const loginRequiredMatch = shortChunks.find((t) => /not logged in/i.test(t));
175
+ if (loginRequiredMatch) {
176
+ throw new FatalProviderError(`AI provider not logged in: ${loginRequiredMatch}. Please authenticate before running scans.`);
177
+ }
163
178
  // Detect API errors surfaced as assistant text by the SDK
164
- const apiErrorMatch = textChunks.find((t) => t.includes('API Error:'));
179
+ const apiErrorMatch = shortChunks.find((t) => t.includes('API Error:'));
165
180
  if (apiErrorMatch) {
166
181
  consecutiveApiErrors++;
167
182
  if (consecutiveApiErrors >= MAX_API_ERROR_RETRIES) {