@cyclonedx/cdxgen 12.3.0 → 12.3.2

package/lib/stages/postgen/postgen.poku.js

@@ -1,8 +1,26 @@
-import { readFileSync } from "node:fs";
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  rmSync,
+  writeFileSync,
+} from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
 
 import { assert, it } from "poku";
 
-import { filterBom, postProcess } from "./postgen.js";
+import {
+  getRecordedActivities,
+  resetRecordedActivities,
+  setDryRunMode,
+} from "../../helpers/utils.js";
+import {
+  cleanupEnv,
+  cleanupTmpDir,
+  filterBom,
+  postProcess,
+} from "./postgen.js";
 
 it("filter bom tests", () => {
   const bomJson = JSON.parse(
@@ -70,6 +88,70 @@ it("filter bom tests2", () => {
   ]);
 });
 
+it("exclude-type mcp removes inventory artifacts but retains MCP SDK packages", () => {
+  const bomJson = {
+    components: [
+      {
+        "bom-ref": "pkg:npm/%40modelcontextprotocol/server-filesystem@1.0.0",
+        name: "@modelcontextprotocol/server-filesystem",
+        purl: "pkg:npm/%40modelcontextprotocol/server-filesystem@1.0.0",
+      },
+      {
+        "bom-ref": "file:/repo/.vscode/mcp.json",
+        name: "mcp.json",
+        properties: [{ name: "cdx:file:kind", value: "mcp-config" }],
+        type: "file",
+      },
+      {
+        "bom-ref": "urn:mcp:tool:docs:search",
+        name: "search",
+        properties: [
+          { name: "cdx:mcp:role", value: "tool" },
+          {
+            name: "cdx:mcp:serviceRef",
+            value: "urn:service:mcp:docs:latest",
+          },
+        ],
+        type: "application",
+      },
+    ],
+    dependencies: [
+      {
+        dependsOn: ["urn:mcp:tool:docs:search"],
+        ref: "urn:service:mcp:docs:latest",
+      },
+      {
+        provides: ["urn:mcp:tool:docs:search"],
+        ref: "pkg:npm/%40modelcontextprotocol/server-filesystem@1.0.0",
+      },
+    ],
+    metadata: { properties: [] },
+    services: [
+      {
+        "bom-ref": "urn:service:mcp:docs:latest",
+        group: "mcp",
+        name: "docs",
+        properties: [{ name: "cdx:mcp:inventorySource", value: "config-file" }],
+      },
+    ],
+  };
+
+  const filteredBom = filterBom(bomJson, { excludeType: ["mcp"] });
+
+  assert.deepStrictEqual(
+    filteredBom.components.map((component) => component["bom-ref"]),
+    ["pkg:npm/%40modelcontextprotocol/server-filesystem@1.0.0"],
+  );
+  assert.deepStrictEqual(filteredBom.services, []);
+  assert.deepStrictEqual(filteredBom.dependencies, [
+    {
+      dependsOn: [],
+      provides: [],
+      ref: "pkg:npm/%40modelcontextprotocol/server-filesystem@1.0.0",
+    },
+  ]);
+});
+
 it("postProcess adds formulation exactly once when includeFormulation is true", () => {
   const bomNSData = {
     bomJson: {
@@ -159,6 +241,90 @@ it("postProcess passes formulationList from bomNSData into the formulation secti
   );
 });
 
+it("postProcess merges formulation-discovered MCP config services into bomJson.services", () => {
+  const tmpDir = join(tmpdir(), `cdxgen-postgen-${Date.now()}`);
+  mkdirSync(join(tmpDir, ".vscode"), { recursive: true });
+  writeFileSync(
+    join(tmpDir, ".vscode", "mcp.json"),
+    JSON.stringify({
+      mcpServers: {
+        gateway: {
+          endpoint: "https://demo.ngrok-free.app/mcp",
+          transport: "http",
+        },
+      },
+    }),
+  );
+  const bomNSData = {
+    bomJson: {
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      components: [],
+      dependencies: [],
+      metadata: {
+        properties: [],
+        tools: {
+          components: [
+            { group: "@cyclonedx", name: "cdxgen", version: "test" },
+          ],
+        },
+      },
+    },
+  };
+  const options = { includeFormulation: true, specVersion: 1.7 };
+  try {
+    const result = postProcess(bomNSData, options, tmpDir);
+    assert.ok(
+      result.bomJson.services?.some(
+        (service) =>
+          service.name === "gateway" &&
+          service.properties?.some(
+            (property) =>
+              property.name === "cdx:mcp:inventorySource" &&
+              property.value === "config-file",
+          ),
+      ),
+      "expected config-discovered MCP service to be merged into bomJson.services",
+    );
+  } finally {
+    rmSync(tmpDir, { force: true, recursive: true });
+  }
+});
+
+it("postProcess labels formulation execute activities with the Formulation type", () => {
+  const bomNSData = {
+    bomJson: {
+      bomFormat: "CycloneDX",
+      specVersion: "1.5",
+      components: [],
+      dependencies: [],
+      metadata: { properties: [] },
+    },
+  };
+  const options = { includeFormulation: true, specVersion: 1.5 };
+  setDryRunMode(true);
+  resetRecordedActivities();
+  try {
+    postProcess(bomNSData, options, "/home/runner/work/cdxgen/cdxgen");
+    const executeActivities = getRecordedActivities().filter(
+      (activity) => activity.kind === "execute",
+    );
+    assert.ok(
+      executeActivities.length > 0,
+      "expected formulation generation to record execute activities in dry-run mode",
+    );
+    assert.ok(
+      executeActivities.every(
+        (activity) => activity.projectType === "Formulation",
+      ),
+      "formulation execute activities should be labeled with the Formulation type",
+    );
+  } finally {
+    setDryRunMode(false);
+    resetRecordedActivities();
+  }
+});
+
 it("postProcess attaches releaseNotes to cdxgen metadata tool component", () => {
   const bomNSData = {
     bomJson: {
@@ -205,3 +371,141 @@ it("postProcess attaches releaseNotes to cdxgen metadata tool component", () =>
     assert.ok(aresolve.description);
   }
 });
+
+it("postProcess fails for weak TLP when sensitive property values are present", () => {
+  const bomNSData = {
+    bomJson: {
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      components: [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          properties: [
+            {
+              name: "cdx:mcp:configuredEndpoints",
+              value:
+                "https://user:pass@example.com/mcp?access_token=abc123456789",
+            },
+          ],
+          type: "application",
+        },
+      ],
+      dependencies: [],
+      metadata: {
+        distributionConstraints: { tlp: "CLEAR" },
+        properties: [],
+        tools: {
+          components: [
+            { group: "@cyclonedx", name: "cdxgen", version: "test" },
+          ],
+        },
+      },
+    },
+  };
+  assert.throws(
+    () => postProcess(bomNSData, { failOnError: true, specVersion: 1.7 }),
+    /TLP classification 'CLEAR'/,
+  );
+});
+
+it("postProcess allows sensitive property values when TLP is strong", () => {
+  const bomNSData = {
+    bomJson: {
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      components: [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          properties: [
+            {
+              name: "cdx:mcp:command",
+              value: "Authorization: Bearer super-secret-token-value",
+            },
+          ],
+          type: "application",
+        },
+      ],
+      dependencies: [],
+      metadata: {
+        distributionConstraints: { tlp: "RED" },
+        properties: [],
+        tools: {
+          components: [
+            { group: "@cyclonedx", name: "cdxgen", version: "test" },
+          ],
+        },
+      },
+    },
+  };
+  const result = postProcess(bomNSData, {
+    failOnError: true,
+    specVersion: 1.7,
+  });
+  assert.strictEqual(
+    result.bomJson.metadata.distributionConstraints.tlp,
+    "RED",
+  );
+});
+
+it("postProcess does not enforce TLP validation when no TLP is set", () => {
+  const bomNSData = {
+    bomJson: {
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      components: [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          properties: [
+            {
+              name: "cdx:mcp:resourceUri",
+              value: "https://user:pass@example.com/private#fragment",
+            },
+          ],
+          type: "application",
+        },
+      ],
+      dependencies: [],
+      metadata: {
+        properties: [],
+        tools: {
+          components: [
+            { group: "@cyclonedx", name: "cdxgen", version: "test" },
+          ],
+        },
+      },
+    },
+  };
+  const result = postProcess(bomNSData, {
+    failOnError: true,
+    specVersion: 1.7,
+  });
+  assert.strictEqual(
+    result.bomJson.metadata.distributionConstraints,
+    undefined,
+  );
+});
+
+it("cleanup helpers do not delete directories in dry-run mode", () => {
+  const pipTarget = join(tmpdir(), `cdxgen-pip-${Date.now()}`);
+  const tmpDir = join(tmpdir(), `cdxgen-tmp-${Date.now()}`);
+  mkdirSync(pipTarget, { recursive: true });
+  mkdirSync(tmpDir, { recursive: true });
+  process.env.PIP_TARGET = pipTarget;
+  process.env.CDXGEN_TMP_DIR = tmpDir;
+  setDryRunMode(true);
+  try {
+    cleanupEnv({});
+    cleanupTmpDir();
+    assert.ok(existsSync(pipTarget));
+    assert.ok(existsSync(tmpDir));
+  } finally {
+    setDryRunMode(false);
+    delete process.env.PIP_TARGET;
+    delete process.env.CDXGEN_TMP_DIR;
+    rmSync(pipTarget, { recursive: true, force: true });
+    rmSync(tmpDir, { recursive: true, force: true });
+  }
+});

package/lib/stages/postgen/ruleEngine.js

@@ -77,6 +77,31 @@ function getAuditWorkflows(bomJson) {
   );
 }
 
+function flattenServices(services, result = []) {
+  if (!Array.isArray(services)) {
+    return result;
+  }
+  for (const service of services) {
+    if (!service) {
+      continue;
+    }
+    result.push(service);
+    if (Array.isArray(service.services) && service.services.length) {
+      flattenServices(service.services, result);
+    }
+  }
+  return result;
+}
+
+function getAuditServices(bomJson) {
+  const formulationServices = getFormulationEntries(bomJson).flatMap(
+    (entry) => entry?.services || [],
+  );
+  return dedupeObjectsByIdentity(
+    flattenServices([...(bomJson?.services || []), ...formulationServices]),
+  );
+}
+
 function normalizeAttackMetadata(rule) {
   const tactics = Array.isArray(rule?.attack?.tactics)
     ? rule.attack.tactics
@@ -94,6 +119,23 @@ function normalizeAttackMetadata(rule) {
   };
 }
 
+function normalizeStandardsMetadata(rule) {
+  if (!rule?.standards || typeof rule.standards !== "object") {
+    return undefined;
+  }
+  const normalized = {};
+  for (const [standardName, entries] of Object.entries(rule.standards)) {
+    const values = Array.isArray(entries) ? entries : [entries];
+    const filtered = values
+      .filter((value) => typeof value === "string" && value.trim().length > 0)
+      .map((value) => value.trim());
+    if (filtered.length) {
+      normalized[standardName] = filtered;
+    }
+  }
+  return Object.keys(normalized).length ? normalized : undefined;
+}
+
 /**
  * Helper: Check if property exists and equals expected value
  * Usage: $hasProp(component, 'cdx:foo', 'bar')
@@ -211,6 +253,9 @@ function registerCdxHelpers(expression) {
   expression.registerFunction("auditWorkflows", (bomJson) =>
     getAuditWorkflows(bomJson),
   );
+  expression.registerFunction("auditServices", (bomJson) =>
+    getAuditServices(bomJson),
+  );
   expression.registerFunction("formulationComponents", (bomJson) =>
     getFormulationComponents(bomJson),
   );
@@ -361,13 +406,15 @@ export async function evaluateRule(rule, bomJson) {
     }
     for (const item of matches) {
       const attack = normalizeAttackMetadata(rule);
+      const standards = normalizeStandardsMetadata(rule);
       const context = {
         ...item,
         bom: bomJson,
         components: getAuditComponents(bomJson),
         workflows: getAuditWorkflows(bomJson),
+        auditServices: getAuditServices(bomJson),
         formulationComponents: getFormulationComponents(bomJson),
-        services: bomJson.services || [],
+        services: getAuditServices(bomJson),
         metadata: bomJson.metadata || {},
       };
       const message = await interpolateTemplate(rule.message, context);
@@ -405,6 +452,7 @@ export async function evaluateRule(rule, bomJson) {
         attack,
         attackTactics: attack.tactics,
         attackTechniques: attack.techniques,
+        standards,
         ruleId: rule.id,
         name: rule.name || rule.id,
         description: rule.description,

package/lib/stages/postgen/spdxConverter.poku.js

@@ -247,6 +247,76 @@ describe("convertCycloneDxToSpdx", () => {
     );
   });
 
+  it("preserves MCP services and community skill components in SPDX export extensions", () => {
+    const bom = sampleBom();
+    bom.services = [
+      {
+        "bom-ref": "urn:service:mcp:remoteDocs:configured",
+        name: "remoteDocs",
+        endpoints: ["https://docs.example.com/mcp"],
+        properties: [
+          { name: "cdx:mcp:inventorySource", value: "config-file" },
+          { name: "cdx:mcp:configFormat", value: "opencode" },
+          { name: "cdx:mcp:authPosture", value: "oauth" },
+        ],
+      },
+    ];
+    bom.formulation[0].components = [
+      {
+        type: "file",
+        name: "SKILL.md",
+        "bom-ref": "file:/repo/.opencode/skills/git-release/SKILL.md",
+        properties: [
+          { name: "cdx:file:kind", value: "skill-file" },
+          { name: "cdx:skill:name", value: "git-release" },
+          {
+            name: "cdx:skill:description",
+            value: "Prepare consistent releases",
+          },
+        ],
+      },
+    ];
+
+    const spdxJson = convertCycloneDxToSpdx(bom, {
+      projectName: "demo-app",
+    });
+    const documentElement = spdxJson["@graph"].find(
+      (element) => element.type === "SpdxDocument",
+    );
+    assert.ok(documentElement);
+    const documentExtensionProperties =
+      getExtensionPropertyMap(documentElement);
+    assert.strictEqual(
+      documentExtensionProperties.get("services"),
+      JSON.stringify(bom.services),
+    );
+    const serviceElement = spdxJson["@graph"].find(
+      (element) =>
+        getExtensionPropertyMap(element).get("bomRef") ===
+        "urn:service:mcp:remoteDocs:configured",
+    );
+    assert.ok(
+      serviceElement,
+      "expected synthetic SPDX element for MCP service",
+    );
+    assert.strictEqual(
+      getExtensionPropertyMap(serviceElement).get(
+        "properties.cdx:mcp:inventorySource",
+      ),
+      "config-file",
+    );
+    const skillElement = spdxJson["@graph"].find(
+      (element) =>
+        getExtensionPropertyMap(element).get("bomRef") ===
+        "file:/repo/.opencode/skills/git-release/SKILL.md",
+    );
+    assert.ok(skillElement, "expected SPDX element for skill file component");
+    assert.strictEqual(
+      getExtensionPropertyMap(skillElement).get("properties.cdx:skill:name"),
+      "git-release",
+    );
+  });
+
   it("omits document-level SPDX extensions while package-level metadata still enables the extension profile", () => {
     const spdxJson = convertCycloneDxToSpdx(minimalBom(), {
       projectName: "demo-app",

package/lib/stages/pregen/pregen.js

@@ -1,4 +1,4 @@
-import { mkdtempSync, readdirSync, readFileSync } from "node:fs";
+import { readdirSync, readFileSync } from "node:fs";
 import { arch, platform } from "node:os";
 import { delimiter, dirname, join, resolve } from "node:path";
 import process from "node:process";
@@ -22,11 +22,13 @@ import {
   getAllFiles,
   getTmpDir,
   hasAnyProjectType,
+  isDryRun,
   isFeatureEnabled,
   isMac,
   isSecureMode,
   isWin,
   safeExistsSync,
+  safeMkdtempSync,
   safeSpawnSync,
   TIMEOUT_MS,
 } from "../../helpers/utils.js";
@@ -38,7 +40,7 @@ import {
  * @param {Object} options CLI options
  */
 export function prepareEnv(filePath, options) {
-  if (!options.projectType || isSecureMode) {
+  if (!options.projectType || isSecureMode || isDryRun) {
     return;
   }
   for (const pt of options.projectType) {
@@ -109,7 +111,7 @@ export function preparePythonEnv(_filePath, options) {
       options.projectType?.includes(pyversion) &&
       !process.env.PIP_INSTALL_ARGS
     ) {
-      const tempDir = mkdtempSync(join(getTmpDir(), "cdxgen-pip-"));
+      const tempDir = safeMkdtempSync(join(getTmpDir(), "cdxgen-pip-"));
       const py_version_number = pyversion.replace("python3", "3.");
       process.env.PIP_INSTALL_ARGS = `--python-version ${py_version_number} --ignore-requires-python --no-warn-conflicts --only-binary=:all:`;
       process.env.PIP_TARGET = tempDir;
@@ -400,7 +402,7 @@ export function prepareRubyEnv(filePath, options) {
     process.env.CDXGEN_GEM_HOME ||
     process.env.BUNDLE_PATH ||
     process.env.GEM_HOME ||
-    mkdtempSync(join(getTmpDir(), "cdxgen-gem-home-"));
+    safeMkdtempSync(join(getTmpDir(), "cdxgen-gem-home-"));
   process.env.CDXGEN_GEM_HOME = cdxgenGemHome;
   // Is there a .ruby-version file in the project?
   if (safeExistsSync(join(filePath, ".ruby-version"))) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "12.3.0",
+  "version": "12.3.2",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "keywords": [
     "sbom",

package/types/bin/repl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"repl.d.ts","sourceRoot":"","sources":["../../bin/repl.js"],"names":[],"mappings":";AAsKO,kDAmDN"}
+{"version":3,"file":"repl.d.ts","sourceRoot":"","sources":["../../bin/repl.js"],"names":[],"mappings":";AA4OO,kDAwDN"}

package/types/lib/audit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/audit/index.js"],"names":[],"mappings":"AAyFA;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,CAclB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,EAAE,CAoBpB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,GACJ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,CA0BjD;AAkbD;;;;;;;;GAQG;AACH,mDAHW,MAAM,GACJ,MAAM,EAAE,CAwXpB;AAgJD;;;;;;GAMG;AACH,uDAJW,MAAM,UACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CA0CnD;AAED;;;;;;;GAOG;AACH,uDALW,MAAM,UACN,MAAM,cACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAuBnD;AAoED;;;;;;;;;GASG;AACH,4DAJW,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAkEpB;AAuBD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgN3B;AAgJD,uDA2BC;AAoBD;;;;;;GAMG;AACH,4CAJW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,WACrC,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkF3B;AAED;;;;;GAKG;AACH,kCAHW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAe3B;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,WACN,MAAM,GACJ;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAmBhD;AAED;;;;;GAKG;AACH,2CAHW,MAAM,GACJ,MAAM,GAAG,SAAS,CAU9B;AAn1DD,gDAIE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/audit/index.js"],"names":[],"mappings":"AAyFA;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,CAclB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,EAAE,CAoBpB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,GACJ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,CA0BjD;AAkbD;;;;;;;;GAQG;AACH,mDAHW,MAAM,GACJ,MAAM,EAAE,CAqdpB;AAkJD;;;;;;GAMG;AACH,uDAJW,MAAM,UACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CA0CnD;AAED;;;;;;;GAOG;AACH,uDALW,MAAM,UACN,MAAM,cACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAuBnD;AAoED;;;;;;;;;GASG;AACH,4DAJW,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAkEpB;AA+BD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgN3B;AAoVD,uDA8CC;AAoBD;;;;;;GAMG;AACH,4CAJW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,WACrC,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAsF3B;AAED;;;;;GAKG;AACH,kCAHW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAe3B;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,WACN,MAAM,GACJ;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAqBhD;AAED;;;;;GAKG;AACH,2CAHW,MAAM,GACJ,MAAM,GAAG,SAAS,CAU9B;AAxpED,gDAKE"}

package/types/lib/audit/reporters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reporters.d.ts","sourceRoot":"","sources":["../../../lib/audit/reporters.js"],"names":[],"mappings":"AA0ZA,qEAkDC;AAED;;;;;GAKG;AACH,yCAHW,MAAM,GACJ,MAAM,CAIlB;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,YACN,MAAM,GACJ,MAAM,CAkClB;AAED;;;;;;;GAOG;AACH,8CALW,MAAM,UACN,MAAM,YACN,MAAM,GACJ,MAAM,CAUlB;AAED;;;;;;;GAOG;AACH,oDALW,MAAM,WACN,MAAM,YACN,MAAM,GACJ,MAAM,EAAE,CAgFpB"}
+{"version":3,"file":"reporters.d.ts","sourceRoot":"","sources":["../../../lib/audit/reporters.js"],"names":[],"mappings":"AAqaA,qEAkDC;AAED;;;;;GAKG;AACH,yCAHW,MAAM,GACJ,MAAM,CAIlB;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,YACN,MAAM,GACJ,MAAM,CAiDlB;AAED;;;;;;;GAOG;AACH,8CALW,MAAM,UACN,MAAM,YACN,MAAM,GACJ,MAAM,CAUlB;AAED;;;;;;;GAOG;AACH,oDALW,MAAM,WACN,MAAM,YACN,MAAM,GACJ,MAAM,EAAE,CAgFpB"}

package/types/lib/audit/scoring.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scoring.d.ts","sourceRoot":"","sources":["../../../lib/audit/scoring.js"],"names":[],"mappings":"AAyDA;;;;;GAKG;AACH,4CAHW,MAAM,GACJ,MAAM,CAUlB;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,aACN,MAAM,GACJ,OAAO,CAMnB;AAED;;;;;;;;;;GAUG;AACH,0CALW,MAAM,EAAE,UACR,MAAM,YACN,MAAM,GACJ,MAAM,CAsNlB"}
+{"version":3,"file":"scoring.d.ts","sourceRoot":"","sources":["../../../lib/audit/scoring.js"],"names":[],"mappings":"AAoLA;;;;;GAKG;AACH,4CAHW,MAAM,GACJ,MAAM,CAUlB;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,aACN,MAAM,GACJ,OAAO,CAMnB;AAED;;;;;;;;;;GAUG;AACH,0CALW,MAAM,EAAE,UACR,MAAM,YACN,MAAM,GACJ,MAAM,CAoVlB"}

package/types/lib/audit/targets.d.ts

@@ -7,6 +7,18 @@
  * @returns {boolean} true when the component is required for predictive audit selection
  */
 export function isRequiredComponentScope(scope: string | undefined): boolean;
+/**
+ * Enrich input BOM components with registry provenance/trusted-publishing
+ * metadata so audit target filtering can exclude trusted packages even when the
+ * input BOM was generated without --bom-audit.
+ *
+ * @param {{ source: string, bomJson: object }[]} inputBoms loaded input BOMs
+ * @returns {Promise<void>}
+ */
+export function enrichInputBomsWithRegistryMetadata(inputBoms: {
+    source: string;
+    bomJson: object;
+}[]): Promise<void>;
 /**
  * Normalize package names for safe matching and grouping.
  *

package/types/lib/audit/targets.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"targets.d.ts","sourceRoot":"","sources":["../../../lib/audit/targets.js"],"names":[],"mappings":"AAqCA;;;;;;;GAOG;AACH,gDAHW,MAAM,GAAG,SAAS,GAChB,OAAO,CAOnB;AAyBD;;;;;GAKG;AACH,kDAHW,MAAM,GAAG,SAAS,GAChB,MAAM,CAOlB;AAED;;;;;;;GAOG;AACH,mDALW,MAAM,cACN,MAAM,YACN,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,CA+DpD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,+CAfW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,YACrC,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IACR,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,eAAe,EAAE,MAAM,CAAC;QACxB,cAAc,EAAE,MAAM,CAAC;QACvB,sBAAsB,EAAE,MAAM,CAAC;QAC/B,gBAAgB,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAkFH;AA7PD,+CAAsD"}
+{"version":3,"file":"targets.d.ts","sourceRoot":"","sources":["../../../lib/audit/targets.js"],"names":[],"mappings":"AA4CA;;;;;;;GAOG;AACH,gDAHW,MAAM,GAAG,SAAS,GAChB,OAAO,CAOnB;AAuOD;;;;;;;GAOG;AACH,+DAHW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,GACnC,OAAO,CAAC,IAAI,CAAC,CA6EzB;AAkBD;;;;;GAKG;AACH,kDAHW,MAAM,GAAG,SAAS,GAChB,MAAM,CAOlB;AAED;;;;;;;GAOG;AACH,mDALW,MAAM,cACN,MAAM,YACN,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,CAmFpD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,+CAfW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,YACrC,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IACR,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,eAAe,EAAE,MAAM,CAAC;QACxB,cAAc,EAAE,MAAM,CAAC;QACvB,sBAAsB,EAAE,MAAM,CAAC;QAC/B,gBAAgB,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAyIH;AA7nBD,+CAA+D"}

package/types/lib/cli/index.d.ts

@@ -42,14 +42,7 @@ export function createBinaryBom(path: string, options: Object): Object | undefin
  * @returns {Promise<Object>} Promise resolving to BOM object
  */
 export function createJavaBom(path: string, options: Object): Promise<Object>;
-/**
- * Function to create bom string for Node.js projects
- *
- * @param {string} path to the project
- * @param {Object} options Parse options from the cli
- * @returns {Promise<Object>} Promise resolving to BOM object
- */
-export function createNodejsBom(path: string, options: Object): Promise<Object>;
+export function createNodejsBom(path: any, options: any): Promise<Object>;
 /**
  * Function to create bom string for Projects that use Pixi package manager.
  * createPixiBom is based on createPythonBom.
@@ -304,4 +297,5 @@ export function createBom(path: string, options: Object): Promise<Object>;
 export function submitBom(args: Object, bomContents: Object): Promise<{
     token: string;
 } | undefined>;
+export { summarizeAiInventory } from "../helpers/aiInventory.js";
 //# sourceMappingURL=index.d.ts.map

package/types/lib/cli/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAo1BA;;;;;;;;;GASG;AACH,wCANW,MAAM,cACN,MAAM,OACN,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAcpB;AA2ZD;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM,GAEJ,MAAM,CA0ElB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAI5B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAiB5B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+tC3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAi6B3B;AAgFD;;;;;;;;;;;GAWG;AACH,qDAHW,MAAM,GACJ,MAAM,GAAG,IAAI,CAwEzB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2iB3B;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoavC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAqIrC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiE3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA6MlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA+GlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAyBlB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAsBlB;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoD3B;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2C3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0I3B;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgKvC;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoH3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6C3B;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkU3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA4JlB;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAuP3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAkbrC;AAED;;;;;;;;;GASG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2F3B;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgD3B;AA2FD;;;;;;GAMG;AACH,2CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAmC3B;AAED;;;;;;;;;GASG;AACH,mCAPW,MAAM,sCAEN,MAAM,wBAGJ,MAAM,CAyClB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,EAAE,WACR,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAi3B3B;AAED;;;;;;GAMG;AACH,iCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmWrC;AAED;;;;;;GAMG;AACH,gCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAsR3B;AAED;;;;;;;GAOG;AACH,gCALW,MAAM,eACN,MAAM,GACL,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA8FjD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAg4BA;;;;;;;;;GASG;AACH,wCANW,MAAM,cACN,MAAM,OACN,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAcpB;AAwbD;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM,GAEJ,MAAM,CA0ElB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAI5B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAiB5B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+tC3B;AAqID,0EAkgCC;AAgFD;;;;;;;;;;;GAWG;AACH,qDAHW,MAAM,GACJ,MAAM,GAAG,IAAI,CAwEzB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgmB3B;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoavC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmJrC;AA2FD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiE3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA6MlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA+GlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAyBlB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAsBlB;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoD3B;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2C3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0I3B;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgKvC;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoH3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6C3B;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkU3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA4JlB;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0P3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAkbrC;AAED;;;;;;;;;GASG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2F3B;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgD3B;AA2FD;;;;;;GAMG;AACH,2CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAmC3B;AAED;;;;;;;;;GASG;AACH,mCAPW,MAAM,sCAEN,MAAM,wBAGJ,MAAM,CAyClB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,EAAE,WACR,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAi7B3B;AAED;;;;;;GAMG;AACH,iCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmWrC;AAED;;;;;;GAMG;AACH,gCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoS3B;AAED;;;;;;;GAOG;AACH,gCALW,MAAM,eACN,MAAM,GACL,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CAwGjD"}

package/types/lib/evinser/evinser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AA2BA;;;;GAIG;AACH,mCAFW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAyDhB;AAED,6GAiDC;AAED,gGAkCC;AAED,wGAqBC;AAED;;;;;;;;;;;;;;;;;;GAuKC;AAED,6EAuBC;AAED;;;EA8BC;AAcD;;;;;GAKG;AACH,yCAHW,MAAM,WACN,MAAM;;;;;;;;;;;;;;GA4KhB;AAED,wLA8DC;AAED;;;;;;;;;;;GAWG;AACH,2CARW,MAAM,uBACN,MAAM,0BAEN,MAAM,mBACN,MAAM,kBACN,MAAM,iBAqOhB;AAED;;;;;;;GAOG;AACH,yFAHW,MAAM,GACJ,MAAM,CAiGlB;AAyBD,sGAyEC;AAED,wGAmCC;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,8BAEN,MAAM,uBA6DhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,wCAEN,MAAM,QAkDhB;AAED,yEAWC;AAED,gEAsFC;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,OA2KhB;AAED;;;;;;;;;;GAUG;AACH,gDAPW,MAAM,uBACN,MAAM,iBACN,MAAM,YACN,MAAM,oBACN,MAAM,kBACN,MAAM,eAoHhB;AAED;;;;;;;GAOG;AACH,kDAHW,MAAM,mBACN,MAAM;;;;;;;;;;;;;EA4FhB;AAED;;;;;GAKG;AACH,kDAaC;AAED;;;;;GAKG;AACH,2CAHW,MAAM,UAKhB;AAED,gGAiDC"}
+{"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AA8BA;;;;GAIG;AACH,mCAFW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAyDhB;AAED,6GAiDC;AAED,gGAkCC;AAED,wGAqBC;AAED;;;;;;;;;;;;;;;;;;GAuKC;AAED,6EAuBC;AAED;;;EA8BC;AAcD;;;;;GAKG;AACH,yCAHW,MAAM,WACN,MAAM;;;;;;;;;;;;;;GA4KhB;AAED,wLA8DC;AAED;;;;;;;;;;;GAWG;AACH,2CARW,MAAM,uBACN,MAAM,0BAEN,MAAM,mBACN,MAAM,kBACN,MAAM,iBAqOhB;AAED;;;;;;;GAOG;AACH,yFAHW,MAAM,GACJ,MAAM,CAiGlB;AAyBD,sGAyEC;AAED,wGAmCC;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,8BAEN,MAAM,uBA6DhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,wCAEN,MAAM,QAkDhB;AAED,yEAWC;AAED,gEAsFC;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,OA2KhB;AAED;;;;;;;;;;GAUG;AACH,gDAPW,MAAM,uBACN,MAAM,iBACN,MAAM,YACN,MAAM,oBACN,MAAM,kBACN,MAAM,eAoHhB;AAED;;;;;;;GAOG;AACH,kDAHW,MAAM,mBACN,MAAM;;;;;;;;;;;;;EA4FhB;AAED;;;;;GAKG;AACH,kDAaC;AAED;;;;;GAKG;AACH,2CAHW,MAAM,UAKhB;AAED,gGAiDC"}

package/types/lib/helpers/agentFormulationParser.d.ts

@@ -0,0 +1,19 @@
+export namespace agentFormulationParser {
+    export let id: string;
+    export { AGENT_FILE_PATTERNS as patterns };
+    export function parse(files: any, _options?: {}): {
+        components: {
+            "bom-ref": string;
+            name: any;
+            properties: {
+                name: string;
+                value: any;
+            }[];
+            type: string;
+        }[];
+        services: any[];
+    };
+}
+declare const AGENT_FILE_PATTERNS: string[];
+export {};
+//# sourceMappingURL=agentFormulationParser.d.ts.map

package/types/lib/helpers/agentFormulationParser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agentFormulationParser.d.ts","sourceRoot":"","sources":["../../../lib/helpers/agentFormulationParser.js"],"names":[],"mappings":";;;IA6IE;;;;;;;;;;;MA+KC;;AAjTH,4CASE"}