@herodevs/cli 2.0.0-beta.8 → 2.0.0

package/dist/service/auth-token.svc.d.ts

@@ -0,0 +1,11 @@
+export interface StoredTokens {
+    accessToken?: string;
+    refreshToken?: string;
+}
+export declare function saveTokens(tokens: {
+    accessToken: string;
+    refreshToken?: string;
+}): Promise<void>;
+export declare function getStoredTokens(): Promise<StoredTokens | undefined>;
+export declare function clearStoredTokens(): Promise<void>;
+export declare function isAccessTokenExpired(token: string | undefined): boolean;

package/dist/service/auth-token.svc.js

@@ -0,0 +1,62 @@
+import { createConfStore, decryptValue, encryptValue } from "./encrypted-store.svc.js";
+import { decodeJwtPayload } from "./jwt.svc.js";
+import { debugLogger } from "./log.svc.js";
+const AUTH_TOKEN_SALT = 'hdcli-auth-token-v1';
+const ACCESS_TOKEN_KEY = 'accessToken';
+const REFRESH_TOKEN_KEY = 'refreshToken';
+const TOKEN_SKEW_SECONDS = 30;
+function getStore() {
+    return createConfStore('auth-token');
+}
+export async function saveTokens(tokens) {
+    const store = getStore();
+    store.set(ACCESS_TOKEN_KEY, encryptValue(tokens.accessToken, AUTH_TOKEN_SALT));
+    if (tokens.refreshToken) {
+        store.set(REFRESH_TOKEN_KEY, encryptValue(tokens.refreshToken, AUTH_TOKEN_SALT));
+    }
+    else {
+        store.delete(REFRESH_TOKEN_KEY);
+    }
+}
+export async function getStoredTokens() {
+    const store = getStore();
+    const encodedAccess = store.get(ACCESS_TOKEN_KEY);
+    const encodedRefresh = store.get(REFRESH_TOKEN_KEY);
+    let accessToken;
+    let refreshToken;
+    try {
+        if (encodedAccess && typeof encodedAccess === 'string') {
+            accessToken = decryptValue(encodedAccess, AUTH_TOKEN_SALT);
+        }
+    }
+    catch (error) {
+        debugLogger('Failed to decrypt access token: %O', error);
+        accessToken = undefined;
+    }
+    try {
+        if (encodedRefresh && typeof encodedRefresh === 'string') {
+            refreshToken = decryptValue(encodedRefresh, AUTH_TOKEN_SALT);
+        }
+    }
+    catch (error) {
+        debugLogger('Failed to decrypt refresh token: %O', error);
+        refreshToken = undefined;
+    }
+    if (!accessToken && !refreshToken) {
+        return;
+    }
+    return { accessToken, refreshToken };
+}
+export async function clearStoredTokens() {
+    const store = getStore();
+    store.delete(ACCESS_TOKEN_KEY);
+    store.delete(REFRESH_TOKEN_KEY);
+}
+export function isAccessTokenExpired(token) {
+    const payload = decodeJwtPayload(token);
+    if (!payload?.exp) {
+        return true;
+    }
+    const now = Date.now() / 1000;
+    return now + TOKEN_SKEW_SECONDS >= payload.exp;
+}

package/dist/service/auth.svc.d.ts

@@ -0,0 +1,27 @@
+import type { TokenResponse } from '../types/auth.ts';
+export type { CITokenErrorCode } from './ci-auth.svc.ts';
+export { CITokenError } from './ci-auth.svc.ts';
+export type AuthErrorCode = 'NOT_LOGGED_IN' | 'SESSION_EXPIRED';
+export type TokenSource = 'oauth' | 'ci';
+export type TokenProvider = (forceRefresh?: boolean) => Promise<string>;
+export declare const AUTH_ERROR_MESSAGES: {
+    readonly UNAUTHENTICATED: "Please log in to perform this action. To authenticate, please run an \"auth login\" command.";
+    readonly SESSION_EXPIRED: "Your session has expired. To re-authenticate, please run an \"auth login\" command.";
+    readonly INVALID_TOKEN: "Your session has expired. To re-authenticate, please run an \"auth login\" command.";
+    readonly FORBIDDEN: "You do not have permission to perform this action.";
+    readonly NOT_LOGGED_IN_GENERIC: "You are not logged in. Please run an \"auth login\" command to authenticate.";
+};
+export declare function getTokenForScanWithSource(preferOAuth?: boolean, orgAccessToken?: string): Promise<{
+    token: string;
+    source: TokenSource;
+}>;
+export declare class AuthError extends Error {
+    readonly code: AuthErrorCode;
+    constructor(message: string, code: AuthErrorCode);
+}
+export declare function persistTokenResponse(token: TokenResponse): Promise<void>;
+export declare function getAccessToken(): Promise<string | undefined>;
+export declare function getTokenProvider(preferOAuth?: boolean, orgAccessToken?: string): TokenProvider;
+export declare function requireAccessToken(): Promise<string>;
+export declare function logoutLocally(): Promise<void>;
+export declare const requireAccessTokenForScan: TokenProvider;

package/dist/service/auth.svc.js

@@ -0,0 +1,91 @@
+import { refreshTokens } from "./auth-refresh.svc.js";
+import { clearStoredTokens, getStoredTokens, isAccessTokenExpired, saveTokens } from "./auth-token.svc.js";
+import { requireCIAccessToken } from "./ci-auth.svc.js";
+import { getCIToken } from "./ci-token.svc.js";
+import { debugLogger } from "./log.svc.js";
+export { CITokenError } from "./ci-auth.svc.js";
+export const AUTH_ERROR_MESSAGES = {
+    UNAUTHENTICATED: 'Please log in to perform this action. To authenticate, please run an "auth login" command.',
+    SESSION_EXPIRED: 'Your session has expired. To re-authenticate, please run an "auth login" command.',
+    INVALID_TOKEN: 'Your session has expired. To re-authenticate, please run an "auth login" command.',
+    FORBIDDEN: 'You do not have permission to perform this action.',
+    NOT_LOGGED_IN_GENERIC: 'You are not logged in. Please run an "auth login" command to authenticate.',
+};
+export async function getTokenForScanWithSource(preferOAuth, orgAccessToken) {
+    if (orgAccessToken) {
+        return { token: orgAccessToken, source: 'ci' };
+    }
+    if (preferOAuth) {
+        const token = await requireAccessToken();
+        return { token, source: 'oauth' };
+    }
+    const tokens = await getStoredTokens();
+    if (tokens?.accessToken && !isAccessTokenExpired(tokens.accessToken)) {
+        return { token: tokens.accessToken, source: 'oauth' };
+    }
+    if (tokens?.refreshToken) {
+        try {
+            const newTokens = await refreshTokens(tokens.refreshToken);
+            await persistTokenResponse(newTokens);
+            return { token: newTokens.access_token, source: 'oauth' };
+        }
+        catch (error) {
+            debugLogger('Token refresh failed: %O', error);
+        }
+    }
+    const ciToken = getCIToken();
+    if (ciToken) {
+        const accessToken = await requireCIAccessToken();
+        return { token: accessToken, source: 'ci' };
+    }
+    if (!tokens?.accessToken) {
+        throw new AuthError(AUTH_ERROR_MESSAGES.UNAUTHENTICATED, 'NOT_LOGGED_IN');
+    }
+    throw new AuthError(AUTH_ERROR_MESSAGES.SESSION_EXPIRED, 'SESSION_EXPIRED');
+}
+export class AuthError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.name = 'AuthError';
+        this.code = code;
+    }
+}
+export async function persistTokenResponse(token) {
+    await saveTokens({
+        accessToken: token.access_token,
+        refreshToken: token.refresh_token,
+    });
+}
+export async function getAccessToken() {
+    const tokens = await getStoredTokens();
+    if (!tokens) {
+        return;
+    }
+    if (tokens.accessToken && !isAccessTokenExpired(tokens.accessToken)) {
+        return tokens.accessToken;
+    }
+    if (!tokens.refreshToken) {
+        return;
+    }
+    const refreshed = await refreshTokens(tokens.refreshToken);
+    await persistTokenResponse(refreshed);
+    return refreshed.access_token;
+}
+export function getTokenProvider(preferOAuth, orgAccessToken) {
+    return async (_forceRefresh) => {
+        const { token } = await getTokenForScanWithSource(preferOAuth, orgAccessToken);
+        return token;
+    };
+}
+export async function requireAccessToken() {
+    const token = await getAccessToken();
+    if (!token) {
+        throw new Error(AUTH_ERROR_MESSAGES.NOT_LOGGED_IN_GENERIC);
+    }
+    return token;
+}
+export async function logoutLocally() {
+    await clearStoredTokens();
+}
+export const requireAccessTokenForScan = getTokenProvider();

package/dist/service/cdx.svc.d.ts

@@ -1,3 +1,5 @@
+import { createBom } from '@cyclonedx/cdxgen';
+import { postProcess } from '@cyclonedx/cdxgen/stages/postgen/postgen';
 import type { CdxBom } from '@herodevs/eol-shared';
 export declare const SBOM_DEFAULT__OPTIONS: {
     $0: string;
@@ -61,4 +63,10 @@ export declare const SBOM_DEFAULT__OPTIONS: {
  * Lazy loads cdxgen (for ESM purposes), scans
  * `directory`, and returns the `bomJson` property.
  */
-export declare function createSbom(directory: string): Promise<CdxBom>;
+type CreateSbomDependencies = {
+    createBom: typeof createBom;
+    postProcess: typeof postProcess;
+};
+export declare function createSbomFactory({ createBom: createBomDependency, postProcess: postProcessDependency, }?: Partial<CreateSbomDependencies>): (directory: string) => Promise<CdxBom>;
+export declare const createSbom: (directory: string) => Promise<CdxBom>;
+export {};

package/dist/service/cdx.svc.js

@@ -1,4 +1,5 @@
 import { createBom } from '@cyclonedx/cdxgen';
+import { postProcess } from '@cyclonedx/cdxgen/stages/postgen/postgen';
 import { debugLogger } from "./log.svc.js";
 const author = process.env.npm_package_author ?? 'HeroDevs, Inc.';
 export const SBOM_DEFAULT__OPTIONS = {
@@ -24,8 +25,8 @@ export const SBOM_DEFAULT__OPTIONS = {
     includeFormulation: false,
     'no-install-deps': true,
     noInstallDeps: true,
-    'min-confidence': 1,
-    minConfidence: 1,
+    'min-confidence': 0.1,
+    minConfidence: 0.1,
     multiProject: true,
     'no-banner': false,
     noBabel: false,
@@ -62,14 +63,18 @@ export const SBOM_DEFAULT__OPTIONS = {
     usagesSlicesFile: 'usages.slices.json',
     validate: true,
 };
-/**
- * Lazy loads cdxgen (for ESM purposes), scans
- * `directory`, and returns the `bomJson` property.
- */
-export async function createSbom(directory) {
-    const sbom = await createBom(directory, SBOM_DEFAULT__OPTIONS);
-    if (!sbom)
-        throw new Error('SBOM not generated');
-    debugLogger('Successfully generated SBOM');
-    return sbom.bomJson;
+export function createSbomFactory({ createBom: createBomDependency = createBom, postProcess: postProcessDependency = postProcess, } = {}) {
+    return async function createSbom(directory) {
+        const sbom = await createBomDependency(directory, SBOM_DEFAULT__OPTIONS);
+        if (!sbom) {
+            throw new Error('SBOM not generated');
+        }
+        const postProcessedSbom = postProcessDependency(sbom, SBOM_DEFAULT__OPTIONS);
+        if (!postProcessedSbom) {
+            throw new Error('SBOM not generated');
+        }
+        debugLogger('Successfully generated SBOM');
+        return postProcessedSbom.bomJson;
+    };
 }
+export const createSbom = createSbomFactory();

package/dist/service/ci-auth.svc.d.ts

@@ -0,0 +1,6 @@
+export type CITokenErrorCode = 'CI_TOKEN_INVALID' | 'CI_TOKEN_REFRESH_FAILED' | 'CI_ORG_ID_REQUIRED';
+export declare class CITokenError extends Error {
+    readonly code: CITokenErrorCode;
+    constructor(message: string, code: CITokenErrorCode);
+}
+export declare function requireCIAccessToken(): Promise<string>;

package/dist/service/ci-auth.svc.js

@@ -0,0 +1,32 @@
+import { exchangeCITokenForAccess } from "../api/ci-token.client.js";
+import { config } from "../config/constants.js";
+import { getCIToken, saveCIToken } from "./ci-token.svc.js";
+import { debugLogger } from "./log.svc.js";
+const CITOKEN_ERROR_MESSAGE = "CI token is invalid or expired. To provision a new CI token, run 'hd auth provision-ci-token' (after logging in with 'hd auth login').";
+export class CITokenError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.name = 'CITokenError';
+        this.code = code;
+    }
+}
+export async function requireCIAccessToken() {
+    const ciToken = getCIToken();
+    if (!ciToken) {
+        throw new CITokenError(CITOKEN_ERROR_MESSAGE, 'CI_TOKEN_INVALID');
+    }
+    try {
+        const result = await exchangeCITokenForAccess({
+            refreshToken: ciToken,
+        });
+        if (result.refreshToken && config.ciTokenFromEnv === undefined) {
+            saveCIToken(result.refreshToken);
+        }
+        return result.accessToken;
+    }
+    catch (error) {
+        debugLogger('CI token refresh failed: %O', error);
+        throw new CITokenError(CITOKEN_ERROR_MESSAGE, 'CI_TOKEN_REFRESH_FAILED');
+    }
+}

package/dist/service/ci-token.svc.d.ts

@@ -0,0 +1,6 @@
+export declare function encryptToken(plaintext: string): string;
+export declare function decryptToken(encoded: string): string;
+export declare function getCITokenFromStorage(): string | undefined;
+export declare function getCIToken(): string | undefined;
+export declare function saveCIToken(token: string): void;
+export declare function clearCIToken(): void;

package/dist/service/ci-token.svc.js

@@ -0,0 +1,44 @@
+import { config } from "../config/constants.js";
+import { createConfStore, decryptValue, encryptValue } from "./encrypted-store.svc.js";
+import { debugLogger } from "./log.svc.js";
+const CI_TOKEN_STORAGE_KEY = 'ciRefreshToken';
+const CI_TOKEN_SALT = 'hdcli-ci-token-v1';
+function getConfStore() {
+    return createConfStore('ci-token');
+}
+export function encryptToken(plaintext) {
+    return encryptValue(plaintext, CI_TOKEN_SALT);
+}
+export function decryptToken(encoded) {
+    return decryptValue(encoded, CI_TOKEN_SALT);
+}
+export function getCITokenFromStorage() {
+    const store = getConfStore();
+    const encoded = store.get(CI_TOKEN_STORAGE_KEY);
+    if (encoded === undefined || typeof encoded !== 'string') {
+        return undefined;
+    }
+    try {
+        return decryptToken(encoded);
+    }
+    catch (error) {
+        debugLogger('Failed to decrypt CI token: %O', error);
+        return undefined;
+    }
+}
+export function getCIToken() {
+    const fromEnv = config.ciTokenFromEnv;
+    if (fromEnv !== undefined) {
+        return fromEnv;
+    }
+    return getCITokenFromStorage();
+}
+export function saveCIToken(token) {
+    const store = getConfStore();
+    const encoded = encryptToken(token);
+    store.set(CI_TOKEN_STORAGE_KEY, encoded);
+}
+export function clearCIToken() {
+    const store = getConfStore();
+    store.delete(CI_TOKEN_STORAGE_KEY);
+}

package/dist/service/committers.svc.d.ts

@@ -0,0 +1,58 @@
+export type ReportFormat = 'txt' | 'csv' | 'json';
+export type CommitEntry = {
+    commitHash: string;
+    author: string;
+    date: Date;
+    monthGroup: string;
+};
+export type CommitAuthorData = {
+    commits: CommitEntry[];
+    lastCommitOn: Date;
+};
+export type CommitMonthData = {
+    start: Date | string;
+    end: Date | string;
+    totalCommits: number;
+    committers: AuthorCommitCount;
+};
+export type AuthorCommitCount = {
+    [author: string]: number;
+};
+export type AuthorReportTableRow = {
+    index: number;
+    author: string;
+    commits: number;
+    lastCommitOn: string;
+};
+export type MonthlyReportTableRow = {
+    index: number;
+    month: number;
+    start: string;
+    end: string;
+    totalCommits: number;
+};
+export type MonthlyReportRow = {
+    month: string;
+} & CommitMonthData;
+export type AuthorReportRow = {
+    author: string;
+} & CommitAuthorData;
+export type CommittersReport = AuthorReportRow[] | MonthlyReportRow[];
+/**
+ * Parses git log output into structured data
+ * @param output - Git log command output
+ * @returns Parsed commit entries
+ */
+export declare function parseGitLogOutput(output: string): CommitEntry[];
+/**
+ * Generates commits author report
+ * @param entries - commit entries from git log
+ * @returns Commits Author Report
+ */
+export declare function generateCommittersReport(entries: CommitEntry[]): AuthorReportRow[];
+/**
+ * Generates commits monthly report
+ * @param entries - commit entries from git log
+ * @returns Monthly Report
+ */
+export declare function generateMonthlyReport(entries: CommitEntry[]): MonthlyReportRow[];

package/dist/service/committers.svc.js

@@ -0,0 +1,78 @@
+import { endOfMonth, formatDate, parse } from 'date-fns';
+import { DEFAULT_DATE_COMMIT_MONTH_FORMAT, DEFAULT_DATE_FORMAT } from '../config/constants.js';
+/**
+ * Parses git log output into structured data
+ * @param output - Git log command output
+ * @returns Parsed commit entries
+ */
+export function parseGitLogOutput(output) {
+    return output
+        .split('\n')
+        .filter(Boolean)
+        .map((line) => {
+        // Remove surrounding double quotes if present (e.g. "March|John Doe" → March|John Doe)
+        const [commitHash, author, date] = line.replace(/^"(.*)"$/, '$1').split('|');
+        return {
+            commitHash,
+            author,
+            date: parse(formatDate(new Date(date), DEFAULT_DATE_FORMAT), DEFAULT_DATE_FORMAT, new Date()),
+            monthGroup: formatDate(new Date(date), DEFAULT_DATE_COMMIT_MONTH_FORMAT),
+        };
+    });
+}
+/**
+ * Generates commits author report
+ * @param entries - commit entries from git log
+ * @returns Commits Author Report
+ */
+export function generateCommittersReport(entries) {
+    return Array.from(entries
+        .sort((a, b) => b.date.valueOf() - a.date.valueOf())
+        .reduce((acc, curr, _index, array) => {
+        if (!acc.has(curr.author)) {
+            const byAuthor = array.filter((c) => c.author === curr.author);
+            acc.set(curr.author, {
+                commits: byAuthor,
+                lastCommitOn: byAuthor[0].date,
+            });
+        }
+        return acc;
+    }, new Map()))
+        .map(([key, value]) => ({
+        author: key,
+        commits: value.commits,
+        lastCommitOn: value.lastCommitOn,
+    }))
+        .sort((a, b) => b.commits.length - a.commits.length);
+}
+/**
+ * Generates commits monthly report
+ * @param entries - commit entries from git log
+ * @returns Monthly Report
+ */
+export function generateMonthlyReport(entries) {
+    return Array.from(entries
+        .sort((a, b) => b.date.valueOf() - a.date.valueOf())
+        .reduce((acc, curr, _index, array) => {
+        if (!acc.has(curr.monthGroup)) {
+            const monthlyCommits = array.filter((e) => e.monthGroup === curr.monthGroup);
+            acc.set(curr.monthGroup, {
+                start: formatDate(monthlyCommits[0].date, DEFAULT_DATE_FORMAT),
+                end: formatDate(endOfMonth(monthlyCommits[0].date), DEFAULT_DATE_FORMAT),
+                totalCommits: monthlyCommits.length,
+                committers: monthlyCommits.reduce((acc, curr) => {
+                    if (!acc[curr.author]) {
+                        acc[curr.author] = monthlyCommits.filter((c) => c.author === curr.author).length;
+                    }
+                    return acc;
+                }, {}),
+            });
+        }
+        return acc;
+    }, new Map()))
+        .map(([key, value]) => ({
+        month: key,
+        ...value,
+    }))
+        .sort((a, b) => new Date(a.end).valueOf() - new Date(b.end).valueOf());
+}

package/dist/service/display.svc.d.ts

@@ -20,3 +20,11 @@ export declare function formatScanResults(report: EolReport): string[];
  * Formats web report URL for console display
  */
 export declare function formatWebReportUrl(id: string, reportCardUrl: string): string[];
+/**
+ * Formats data privacy information link for console display
+ */
+export declare function formatDataPrivacyLink(): string[];
+/**
+ * Formats the report save hint for console display when the web report URL is hidden
+ */
+export declare function formatReportSaveHint(): string[];

package/dist/service/display.svc.js

@@ -7,6 +7,7 @@ const STATUS_COLORS = {
     OK: 'green',
     EOL_UPCOMING: 'yellow',
 };
+const SEPARATOR_WIDTH = 40;
 /**
  * Formats status row text with appropriate color and icon
  */
@@ -54,7 +55,7 @@ export function formatScanResults(report) {
     }
     return [
         ux.colorize('bold', 'Scan results:'),
-        ux.colorize('bold', '-'.repeat(40)),
+        ux.colorize('bold', '-'.repeat(SEPARATOR_WIDTH)),
         ux.colorize('bold', `${report.components.length.toLocaleString()} total packages scanned`),
         getStatusRowText.EOL(`${EOL.toLocaleString().padEnd(5)} End-of-Life (EOL)`),
         getStatusRowText.EOL_UPCOMING(`${EOL_UPCOMING.toLocaleString().padEnd(5)} EOL Upcoming`),
@@ -68,5 +69,19 @@ export function formatScanResults(report) {
  */
 export function formatWebReportUrl(id, reportCardUrl) {
     const url = ux.colorize('blue', terminalLink(new URL(reportCardUrl).hostname, `${reportCardUrl}/${id}`, { fallback: (_, url) => url }));
-    return [ux.colorize('bold', '-'.repeat(40)), `🌐 View your full EOL report at: ${url}\n`];
+    return [ux.colorize('bold', '-'.repeat(SEPARATOR_WIDTH)), `🌐 View your full EOL report at: ${url}\n`];
+}
+/**
+ * Formats data privacy information link for console display
+ */
+export function formatDataPrivacyLink() {
+    const privacyUrl = 'https://docs.herodevs.com/eol-ds/data-privacy-and-security';
+    const link = ux.colorize('blue', terminalLink('Learn more about data privacy', privacyUrl, { fallback: (text, url) => `${text}: ${url}` }));
+    return [`🔒 ${link}\n`];
+}
+/**
+ * Formats the report save hint for console display when the web report URL is hidden
+ */
+export function formatReportSaveHint() {
+    return [ux.colorize('bold', '-'.repeat(SEPARATOR_WIDTH)), 'To save your detailed JSON report, use the --save flag'];
 }

package/dist/service/encrypted-store.svc.d.ts

@@ -0,0 +1,5 @@
+import Conf from 'conf';
+export declare function getMachineKey(salt: string): Buffer;
+export declare function encryptValue(plaintext: string, salt: string): string;
+export declare function decryptValue(encoded: string, salt: string): string;
+export declare function createConfStore(configName: string): Conf<Record<string, unknown>>;

package/dist/service/encrypted-store.svc.js

@@ -0,0 +1,43 @@
+import crypto from 'node:crypto';
+import os from 'node:os';
+import path from 'node:path';
+import Conf from 'conf';
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 12;
+const AUTH_TAG_LENGTH = 16;
+export function getMachineKey(salt) {
+    const hostname = os.hostname();
+    const username = os.userInfo().username;
+    const raw = `${hostname}:${username}:${salt}`;
+    return crypto.createHash('sha256').update(raw, 'utf8').digest();
+}
+export function encryptValue(plaintext, salt) {
+    const key = getMachineKey(salt);
+    const iv = crypto.randomBytes(IV_LENGTH);
+    const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    const combined = Buffer.concat([iv, authTag, encrypted]);
+    return combined.toString('base64url');
+}
+export function decryptValue(encoded, salt) {
+    const key = getMachineKey(salt);
+    const combined = Buffer.from(encoded, 'base64url');
+    if (combined.length < IV_LENGTH + AUTH_TAG_LENGTH) {
+        throw new Error('Invalid encrypted token format');
+    }
+    const iv = combined.subarray(0, IV_LENGTH);
+    const authTag = combined.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+    const ciphertext = combined.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+    const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    return decipher.update(ciphertext).toString('utf8') + decipher.final('utf8');
+}
+export function createConfStore(configName) {
+    const cwd = path.join(os.homedir(), '.hdcli');
+    return new Conf({
+        projectName: 'hdcli',
+        cwd,
+        configName,
+    });
+}

package/dist/service/error.svc.d.ts

@@ -0,0 +1,8 @@
+export declare const isError: (error: unknown) => error is Error;
+export declare const isErrnoException: (error: unknown) => error is NodeJS.ErrnoException;
+export declare const isApolloError: (error: unknown) => error is ApolloError;
+export declare const getErrorMessage: (error: unknown) => string;
+export declare class ApolloError extends Error {
+    readonly originalError?: unknown;
+    constructor(message: string, original?: unknown);
+}

package/dist/service/error.svc.js

@@ -0,0 +1,28 @@
+export const isError = (error) => {
+    return error instanceof Error;
+};
+export const isErrnoException = (error) => {
+    return isError(error) && 'code' in error;
+};
+export const isApolloError = (error) => {
+    return error instanceof ApolloError;
+};
+export const getErrorMessage = (error) => {
+    if (isError(error)) {
+        return error.message;
+    }
+    return 'Unknown error';
+};
+export class ApolloError extends Error {
+    originalError;
+    constructor(message, original) {
+        if (isError(original)) {
+            super(`${message}: ${original.message}`);
+        }
+        else {
+            super(`${message}: ${String(original)}`);
+        }
+        this.name = 'ApolloError';
+        this.originalError = original;
+    }
+}

package/dist/service/file.svc.d.ts

@@ -3,18 +3,28 @@ export interface FileError extends Error {
     code?: string;
 }
 /**
- * Reads an SBOM from a file path
+ * Reads an SBOM from a file path and converts it to CycloneDX format
+ * Supports both SPDX 2.3 and CycloneDX formats
  */
 export declare function readSbomFromFile(filePath: string): CdxBom;
 /**
  * Validates that a directory path exists and is actually a directory
  */
 export declare function validateDirectory(dirPath: string): void;
+type SaveArtifactRequest = {
+    kind: 'sbom';
+    payload: CdxBom;
+    outputPath?: string;
+} | {
+    kind: 'sbomTrimmed';
+    payload: CdxBom;
+} | {
+    kind: 'report';
+    payload: EolReport;
+    outputPath?: string;
+};
 /**
- * Saves an SBOM to a file in the specified directory
+ * Saves an SBOM, trimmed SBOM, or report to disk using the correct default filename.
  */
-export declare function saveSbomToFile(dir: string, sbom: CdxBom): string;
-/**
- * Saves an EOL report to a file in the specified directory
- */
-export declare function saveReportToFile(dir: string, report: EolReport): string;
+export declare function saveArtifactToFile(dir: string, request: SaveArtifactRequest): string;
+export {};