@opensip-cli/tool-osv-scanner 0.1.15

package/dist/__tests__/tool.test.js

@@ -0,0 +1,187 @@
+/**
+ * Tier-1 (in-process) tests for the osv-scanner adapter `Tool` (ADR-0090 D6
+ * Tier 1).
+ *
+ * Asserts the declarative surface (commandSpecs / identity / metadata), the binary
+ * helpers (version parse + scan args), the FROZEN exit model (Phase-0 decision 4 —
+ * incl. the `128` nothing-scanned no-op), the manifest↔runtime host-shape guards
+ * (`assertManifestMatchesTool` + `deriveAdapterManifestCommands` parity), and the
+ * full normalize→envelope path via the acceptance harness.
+ */
+import { readFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { assertManifestMatchesTool } from '@opensip-cli/core';
+import { DEFAULT_EXIT_MODEL, deriveAdapterConfigManifest, deriveAdapterManifestCommands, deriveAdapterManifestRequires, interpretExit, normalizedSignalShape, runAcceptanceCase, } from '@opensip-cli/external-tool-adapter';
+import { describe, expect, it } from 'vitest';
+import { parseOsvJson } from '../parse-osv-json.js';
+import { buildScanArgs, OSV_SCANNER_STABLE_ID, parseOsvVersion, tool } from '../tool.js';
+const PKG = JSON.parse(readFileSync(fileURLToPath(new URL('../../package.json', import.meta.url)), 'utf8'));
+const GOLDEN_RAW = readFileSync(fileURLToPath(new URL('../../__fixtures__/osv-golden.json', import.meta.url)), 'utf8');
+const EXPECTED = JSON.parse(readFileSync(fileURLToPath(new URL('../../__fixtures__/expected-signals.json', import.meta.url)), 'utf8'));
+/** Reconstruct the admitted `ToolPluginManifest` the host builds from package.json. */
+function manifestFromPackage() {
+    return {
+        ...PKG.opensipTools,
+        name: PKG.name,
+        version: PKG.version,
+        apiVersion: PKG.opensipTools.apiVersion,
+    };
+}
+describe('osv-scanner tool — identity + metadata', () => {
+    it('declares the osv-scanner identity with the `osv` alias', () => {
+        expect(tool.identity).toEqual({ name: 'osv-scanner', aliases: ['osv'] });
+    });
+    it('carries the stable UUID and a description', () => {
+        expect(tool.metadata.id).toBe(OSV_SCANNER_STABLE_ID);
+        expect(tool.metadata.name).toBe('osv-scanner');
+        expect(tool.metadata.description).toBe('Dependency vulnerability scanning via OSV-Scanner');
+    });
+    it('defaults to the line-shift-tolerant message-hash fingerprint strategy', () => {
+        expect(tool.extensionPoints?.fingerprintStrategy?.id).toBe('external-tool-adapter.sha256-file-rule-message');
+    });
+});
+const byName = (name) => tool.commandSpecs?.find((c) => c.name === name);
+describe('osv-scanner tool — commandSpecs', () => {
+    it('mounts the primary scan, plus nested doctor + version', () => {
+        const names = (tool.commandSpecs ?? []).map((c) => c.name);
+        expect(names).toEqual(['osv-scanner', 'doctor', 'version']);
+    });
+    it('the primary command is `osv-scanner` (aliased `osv`), project-scoped, raw-stream dispatch', () => {
+        const primary = byName('osv-scanner');
+        expect(primary?.parent).toBeUndefined();
+        expect(primary?.aliases).toEqual(['osv']);
+        expect(primary?.scope).toBe('project');
+        expect(primary?.output).toBe('raw-stream');
+        expect(primary?.rawStreamReason).toBe('runtime-render-dispatch');
+    });
+    it('doctor + version are nested under osv-scanner, scope:none, diagnostic-gate', () => {
+        for (const name of ['doctor', 'version']) {
+            const spec = byName(name);
+            expect(spec?.parent).toBe('osv-scanner');
+            expect(spec?.scope).toBe('none');
+            expect(spec?.output).toBe('raw-stream');
+            expect(spec?.rawStreamReason).toBe('diagnostic-gate');
+        }
+    });
+});
+describe('osv-scanner tool — binary helpers', () => {
+    it('parses the osv-scanner version stdout (banner, bare semver, or leading v)', () => {
+        expect(parseOsvVersion('osv-scanner version: 1.9.1')).toBe('1.9.1');
+        expect(parseOsvVersion('1.7.0\n')).toBe('1.7.0');
+        expect(parseOsvVersion('v2.0.0')).toBe('2.0.0');
+    });
+    it('falls back to the trimmed stdout when no semver is present', () => {
+        expect(parseOsvVersion('  unknown  ')).toBe('unknown');
+    });
+    it('builds the recursive-scan argv writing JSON to the run artifact path', () => {
+        const ctx = {
+            projectRoot: '/proj',
+            artifactPath: (name) => `/proj/.runtime/artifacts/osv-scanner/run1/${name}`,
+        };
+        expect(buildScanArgs(ctx)).toEqual([
+            '--format',
+            'json',
+            '--output',
+            '/proj/.runtime/artifacts/osv-scanner/run1/osv.json',
+            '-r',
+            '/proj',
+        ]);
+    });
+});
+describe('osv-scanner tool — exit model (Phase-0 decision 4)', () => {
+    // Frozen OSV model: `128` ("no packages found") is a CLEAN no-op, not a fault.
+    const model = { ok: [0, 128], findings: [1], errorFrom: 2 };
+    it('exit 0 ⇒ clean (no findings)', () => {
+        expect(interpretExit(0, model)).toBe('ok');
+    });
+    it('exit 1 + a valid artifact ⇒ findings', () => {
+        expect(interpretExit(1, model, { artifactValid: true })).toBe('findings');
+    });
+    it('exit 128 ⇒ clean no-op (no packages/lockfiles found), NOT a fault', () => {
+        expect(interpretExit(128, model)).toBe('ok');
+    });
+    it('exit 127 (general error) ⇒ fault', () => {
+        expect(interpretExit(127, model)).toBe('fault');
+    });
+    it('exit 2 ⇒ fault', () => {
+        expect(interpretExit(2, model)).toBe('fault');
+    });
+    it('matches the runtime command exit model, which EXTENDS the substrate default with 128', () => {
+        const primary = byName('osv-scanner');
+        // The runtime spec stores the exit model on the primary command's args closure
+        // indirectly; assert the frozen shape and that it diverges from the default by
+        // exactly the nothing-scanned code.
+        expect(model).not.toEqual(DEFAULT_EXIT_MODEL);
+        expect(model.ok).toEqual([0, 128]);
+        expect(primary).toBeDefined();
+    });
+});
+describe('osv-scanner tool — manifest ↔ runtime host-shape guards', () => {
+    it('the package.json manifest matches the runtime tool (no drift)', () => {
+        expect(() => {
+            assertManifestMatchesTool(manifestFromPackage(), tool);
+        }).not.toThrow();
+    });
+    it('the generated manifest commands equal the derived runtime command shells', () => {
+        // The package.json `commands` are written by the shared manifest generator
+        // (which OMITS an empty `aliases`), while the substrate's
+        // `deriveAdapterManifestCommands` always emits `aliases: []`. Canonicalize that
+        // one representational difference (`aliases ?? []`) before comparing the
+        // substantive shells.
+        const canon = (c) => ({
+            ...c,
+            aliases: c.aliases ?? [],
+        });
+        const generated = PKG.opensipTools.commands.map(canon);
+        const derived = deriveAdapterManifestCommands(tool).map((c) => canon(c));
+        expect(generated).toEqual(derived);
+    });
+    it('the generated manifest requires equal the posture-derived requires (no drift)', () => {
+        // A13: `requires` is DERIVED from the network posture, not hand-typed.
+        expect(PKG.opensipTools.requires).toEqual(deriveAdapterManifestRequires(tool));
+    });
+    it('derives subprocess + filesystem only (local-only posture, no network)', () => {
+        expect(PKG.opensipTools.requires.map((r) => r.resource)).toEqual([
+            'subprocess',
+            'filesystem',
+        ]);
+    });
+    it('the generated manifest config descriptor equals the derived namespace claim (A4)', () => {
+        const derived = deriveAdapterConfigManifest(tool);
+        expect(derived?.namespace).toBe('osv-scanner');
+        expect(PKG.opensipTools.config).toEqual(derived);
+    });
+});
+describe('osv-scanner tool — acceptance harness (normalize → envelope)', () => {
+    const result = runAcceptanceCase({
+        tool: 'osv-scanner',
+        kind: 'json',
+        raw: GOLDEN_RAW,
+        parse: parseOsvJson,
+        fingerprintStrategy: 'message-hash',
+    });
+    it('produces the golden normalized signals', () => {
+        expect(result.signals.map(normalizedSignalShape)).toEqual(EXPECTED);
+    });
+    it('builds an envelope whose verdict FAILS (the high-severity vuln is error-rung)', () => {
+        expect(result.envelope.tool).toBe('osv-scanner');
+        expect(result.envelope.verdict.passed).toBe(false);
+    });
+    it('stamps a message-hash fingerprint on every envelope signal worker-side', () => {
+        expect(result.envelope.signals).toHaveLength(2);
+        for (const s of result.envelope.signals) {
+            expect(s.fingerprint).toMatch(/^[0-9a-f]{64}$/);
+        }
+    });
+    it('preserves provenance-friendly native severity + advisory metadata (no loss)', () => {
+        // A10: both golden members are 9.8/CRITICAL (lodash CVE-2019-10744 +
+        // minimist CVE-2021-44906), so the native label is CRITICAL and the CVSS is 9.8.
+        const [lodash, minimist] = result.signals;
+        expect(lodash?.metadata.nativeSeverity).toBe('CRITICAL');
+        expect(lodash?.metadata.cvss).toBe('9.8');
+        expect(minimist?.metadata.nativeSeverity).toBe('CRITICAL');
+        expect(minimist?.metadata.cvss).toBe('9.8');
+        expect(minimist?.metadata.aliases).toEqual(['CVE-2021-44906']);
+    });
+});
+//# sourceMappingURL=tool.test.js.map

package/dist/__tests__/tool.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool.test.js","sourceRoot":"","sources":["../../src/__tests__/tool.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,6BAA6B,EAC7B,6BAA6B,EAC7B,aAAa,EACb,qBAAqB,EACrB,iBAAiB,GAClB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAKzF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CACR,CAAC;AAE9E,MAAM,UAAU,GAAG,YAAY,CAC7B,aAAa,CAAC,IAAI,GAAG,CAAC,oCAAoC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC7E,MAAM,CACP,CAAC;AACF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CACzB,YAAY,CACV,aAAa,CAAC,IAAI,GAAG,CAAC,0CAA0C,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACnF,MAAM,CACP,CACW,CAAC;AAEf,uFAAuF;AACvF,SAAS,mBAAmB;IAC1B,OAAO;QACL,GAAI,GAAG,CAAC,YAAuB;QAC/B,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,UAAU,EAAE,GAAG,CAAC,YAAY,CAAC,UAAoB;KAC5B,CAAC;AAC1B,CAAC;AAED,QAAQ,CAAC,wCAAwC,EAAE,GAAG,EAAE;IACtD,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;IAC9F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAC,IAAI,CACxD,gDAAgD,CACjD,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AAEjF,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2FAA2F,EAAE,GAAG,EAAE;QACnG,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;QACtC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,KAAK,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACxC,MAAM,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;IACjD,EAAE,CAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,MAAM,CAAC,eAAe,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,GAAG,GAAG;YACV,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,6CAA6C,IAAI,EAAE;SACpD,CAAC;QAClC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC;YACjC,UAAU;YACV,MAAM;YACN,UAAU;YACV,oDAAoD;YACpD,IAAI;YACJ,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,+EAA+E;IAC/E,MAAM,KAAK,GAAqB,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;IAE9E,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gBAAgB,EAAE,GAAG,EAAE;QACxB,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sFAAsF,EAAE,GAAG,EAAE;QAC9F,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;QACtC,+EAA+E;QAC/E,+EAA+E;QAC/E,oCAAoC;QACpC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yDAAyD,EAAE,GAAG,EAAE;IACvE,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,CAAC,GAAG,EAAE;YACV,yBAAyB,CAAC,mBAAmB,EAAE,EAAE,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,2EAA2E;QAC3E,0DAA0D;QAC1D,gFAAgF;QAChF,yEAAyE;QACzE,sBAAsB;QACtB,MAAM,KAAK,GAAG,CAAC,CAA0B,EAA2B,EAAE,CAAC,CAAC;YACtE,GAAG,CAAC;YACJ,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;SACzB,CAAC,CAAC;QACH,MAAM,SAAS,GAAI,GAAG,CAAC,YAAY,CAAC,QAAsC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtF,MAAM,OAAO,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5D,KAAK,CAAC,CAAuC,CAAC,CAC/C,CAAC;QACF,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,uEAAuE;QACvE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,6BAA6B,CAAC,IAAI,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,CAAE,GAAG,CAAC,YAAY,CAAC,QAAmC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;YAC3F,YAAY;YACZ,YAAY;SACb,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,MAAM,OAAO,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/C,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8DAA8D,EAAE,GAAG,EAAE;IAC5E,MAAM,MAAM,GAAG,iBAAiB,CAAC;QAC/B,IAAI,EAAE,aAAa;QACnB,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,UAAU;QACf,KAAK,EAAE,YAAY;QACnB,mBAAmB,EAAE,cAAc;KACpC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACxC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAClD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACrF,qEAAqE;QACrE,iFAAiF;QACjF,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;QAC1C,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3D,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/worker-e2e.test.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Tier-2 worker E2E (ADR-0090 D6 Tier 2) — install / discover / dispatch the
+ * osv-scanner adapter over a REAL forked worker, end-to-end against the BUILT CLI.
+ *
+ * Unlike the in-process Tier-1 suites, this proves the FULL installed-tool path:
+ *   - the osv-scanner package is presented as a genuinely INSTALLED npm tool in a
+ *     throwaway project (symlinked into its `node_modules` so the worker resolves
+ *     the adapter's workspace deps from the monorepo via realpath);
+ *   - `OPENSIP_CLI_ALLOW_INSTALLED_TOOLS` trusts it (installed tools are
+ *     deny-by-default);
+ *   - a FAKE `osv-scanner` binary on PATH makes the run deterministic (it copies
+ *     the committed golden to `--output` and exits 1, like real osv-scanner on
+ *     findings). The worker fork curates its env to an allow-list, so the golden
+ *     path is forwarded via the documented `OPENSIP_CLI_TOOL_ENV_PASSTHROUGH`.
+ *
+ * `opensip osv` forks a worker that re-discovers + imports the real runtime and
+ * runs the scan loop; this suite asserts the worker→host result + the host-side
+ * effects: normalized signals match the golden, the raw artifact lands at
+ * `.runtime/artifacts/osv-scanner/<runId>/osv.json` with mode 0600, the `--json`
+ * envelope is well-formed, the session row persists with provenance, native
+ * severity + provenance are preserved, and the full gate ratchet (gate-save →
+ * clean compare → net-new vuln surfaces) works.
+ *
+ * Requires `pnpm build` first (the CLI dist + the osv-scanner dist). Missing builds
+ * FAIL loudly (no silent skip).
+ */
+export {};
+//# sourceMappingURL=worker-e2e.test.d.ts.map

package/dist/__tests__/worker-e2e.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker-e2e.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/worker-e2e.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG"}

package/dist/__tests__/worker-e2e.test.js

@@ -0,0 +1,320 @@
+/**
+ * Tier-2 worker E2E (ADR-0090 D6 Tier 2) — install / discover / dispatch the
+ * osv-scanner adapter over a REAL forked worker, end-to-end against the BUILT CLI.
+ *
+ * Unlike the in-process Tier-1 suites, this proves the FULL installed-tool path:
+ *   - the osv-scanner package is presented as a genuinely INSTALLED npm tool in a
+ *     throwaway project (symlinked into its `node_modules` so the worker resolves
+ *     the adapter's workspace deps from the monorepo via realpath);
+ *   - `OPENSIP_CLI_ALLOW_INSTALLED_TOOLS` trusts it (installed tools are
+ *     deny-by-default);
+ *   - a FAKE `osv-scanner` binary on PATH makes the run deterministic (it copies
+ *     the committed golden to `--output` and exits 1, like real osv-scanner on
+ *     findings). The worker fork curates its env to an allow-list, so the golden
+ *     path is forwarded via the documented `OPENSIP_CLI_TOOL_ENV_PASSTHROUGH`.
+ *
+ * `opensip osv` forks a worker that re-discovers + imports the real runtime and
+ * runs the scan loop; this suite asserts the worker→host result + the host-side
+ * effects: normalized signals match the golden, the raw artifact lands at
+ * `.runtime/artifacts/osv-scanner/<runId>/osv.json` with mode 0600, the `--json`
+ * envelope is well-formed, the session row persists with provenance, native
+ * severity + provenance are preserved, and the full gate ratchet (gate-save →
+ * clean compare → net-new vuln surfaces) works.
+ *
+ * Requires `pnpm build` first (the CLI dist + the osv-scanner dist). Missing builds
+ * FAIL loudly (no silent skip).
+ */
+import { execFileSync } from 'node:child_process';
+import { cpSync, existsSync, mkdirSync, mkdtempSync, readdirSync, readFileSync, rmSync, statSync, symlinkSync, writeFileSync, } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+const HERE = dirname(fileURLToPath(import.meta.url));
+// .../packages/tool-osv-scanner/src/__tests__ → repo root is four levels up.
+const REPO_ROOT = join(HERE, '..', '..', '..', '..');
+const CLI_DIST = join(REPO_ROOT, 'packages', 'cli', 'dist', 'index.js');
+const OSV_PKG_DIR = join(REPO_ROOT, 'packages', 'tool-osv-scanner');
+const FIXTURES = join(OSV_PKG_DIR, '__fixtures__');
+const GOLDEN_PATH = join(FIXTURES, 'osv-golden.json');
+const OSV_SCANNER_STABLE_ID = 'd25a4471-3289-4660-b5ab-63830072d0e1';
+const EXPECTED = JSON.parse(readFileSync(join(FIXTURES, 'expected-signals.json'), 'utf8'));
+let projectDir;
+let binDir;
+let baseEnv;
+/** Run the built CLI as a child process, capturing stdout/stderr + exit code. */
+function runCli(args, extraEnv = {}, cwd = projectDir) {
+    try {
+        const stdout = execFileSync('node', [CLI_DIST, ...args], {
+            cwd,
+            env: { ...process.env, ...baseEnv, ...extraEnv },
+            encoding: 'utf8',
+            maxBuffer: 32 * 1024 * 1024,
+        });
+        return { stdout, stderr: '', status: 0 };
+    }
+    catch (error) {
+        const e = error;
+        return { stdout: e.stdout ?? '', stderr: e.stderr ?? '', status: e.status ?? 1 };
+    }
+}
+/** Scaffold a throwaway opensip-cli project that resolves the installed osv-scanner tool. */
+function makeOsvProject() {
+    const dir = mkdtempSync(join(tmpdir(), 'opensip-osv-gate-'));
+    writeFileSync(join(dir, 'opensip-cli.config.yml'), 'schemaVersion: 1\ntargets: {}\n', 'utf8');
+    const scopeDir = join(dir, 'node_modules', '@opensip-cli');
+    mkdirSync(scopeDir, { recursive: true });
+    symlinkSync(OSV_PKG_DIR, join(scopeDir, 'tool-osv-scanner'), 'dir');
+    return dir;
+}
+/** Read the `--json` outcome wrapper (`{ kind, status, exitCode, envelope?, data? }`) from a run. */
+function outcomeJson(run) {
+    return JSON.parse(run.stdout);
+}
+beforeAll(() => {
+    if (!existsSync(CLI_DIST)) {
+        throw new Error(`built CLI not found at ${CLI_DIST} — run \`pnpm build\` first`);
+    }
+    if (!existsSync(join(OSV_PKG_DIR, 'dist', 'index.js'))) {
+        throw new Error('built tool-osv-scanner dist not found — run `pnpm build` first');
+    }
+    projectDir = mkdtempSync(join(tmpdir(), 'opensip-osv-e2e-'));
+    // Project marker so the worker's `scope: 'project'` bootstrap resolves a project.
+    writeFileSync(join(projectDir, 'opensip-cli.config.yml'), 'schemaVersion: 1\ntargets: {}\n', 'utf8');
+    // Present the REAL osv-scanner package as an installed npm tool. A SYMLINK (not a
+    // copy) so the worker resolves the adapter's `@opensip-cli/*` workspace deps from
+    // the monorepo via realpath — a copy would orphan them.
+    const scopeDir = join(projectDir, 'node_modules', '@opensip-cli');
+    mkdirSync(scopeDir, { recursive: true });
+    symlinkSync(OSV_PKG_DIR, join(scopeDir, 'tool-osv-scanner'), 'dir');
+    // A FAKE osv-scanner on PATH for determinism (copies the golden to --output,
+    // exits 1). PATH is auto-forwarded into the worker fork's curated env.
+    binDir = mkdtempSync(join(tmpdir(), 'opensip-osv-bin-'));
+    cpSync(join(FIXTURES, 'fake-osv-scanner'), join(binDir, 'osv-scanner'));
+    execFileSync('chmod', ['+x', join(binDir, 'osv-scanner')]);
+    baseEnv = {
+        PATH: `${binDir}:${process.env.PATH ?? ''}`,
+        // The committed fake binary reads the golden path from here; forward it through
+        // the worker fork's env allow-list via the documented passthrough.
+        FAKE_OSV_GOLDEN: GOLDEN_PATH,
+        OPENSIP_CLI_TOOL_ENV_PASSTHROUGH: 'FAKE_OSV_GOLDEN',
+        // Installed tools are deny-by-default — trust the osv-scanner id (the admission
+        // check keys on `opensipTools.id`; the UUID is included to match the ADR-0048
+        // stable id convention).
+        OPENSIP_CLI_ALLOW_INSTALLED_TOOLS: `${OSV_SCANNER_STABLE_ID} osv-scanner`,
+    };
+});
+afterAll(() => {
+    if (projectDir !== undefined)
+        rmSync(projectDir, { recursive: true, force: true });
+    if (binDir !== undefined)
+        rmSync(binDir, { recursive: true, force: true });
+});
+describe('osv-scanner worker E2E — opensip osv (real forked worker)', () => {
+    let scan;
+    let envelope;
+    beforeAll(() => {
+        // Invoke via the `osv` ALIAS to prove the aliased primary mounts + dispatches.
+        scan = runCli(['osv', '--json']);
+        const outcome = outcomeJson(scan);
+        envelope = outcome.envelope;
+    });
+    it('forks a worker and emits a well-formed signal envelope for osv-scanner', () => {
+        expect(envelope.tool).toBe('osv-scanner');
+        expect(envelope.runId).toMatch(/^RUN_/);
+        // A high-severity vuln ⇒ the run FAILS; the gate exit is non-zero (findings).
+        expect(envelope.verdict.passed).toBe(false);
+        expect(scan.status).toBe(1);
+    });
+    it('normalizes the worker scan output to the golden signal shapes', () => {
+        const shapes = envelope.signals.map((s) => ({
+            ruleId: s.ruleId,
+            severity: s.severity,
+            message: s.message,
+            file: s.filePath,
+        }));
+        expect(shapes).toEqual(EXPECTED);
+    });
+    it('stamps message-hash fingerprints + provenance + native severity worker-side', () => {
+        for (const s of envelope.signals) {
+            expect(s.fingerprint).toMatch(/^[0-9a-f]{64}$/);
+            const provenance = s.metadata.provenance;
+            expect(provenance.tool).toBe('osv-scanner');
+            expect(provenance.adapterPackage).toBe('@opensip-cli/tool-osv-scanner');
+        }
+        // Native scanner severity preserved beside the mapped four-bucket severity.
+        // A10: both golden members are 9.8/CRITICAL (lodash + minimist).
+        const [lodash, minimist] = envelope.signals;
+        expect(lodash?.metadata.nativeSeverity).toBe('CRITICAL');
+        expect(lodash?.metadata.cvss).toBe('9.8');
+        expect(minimist?.metadata.nativeSeverity).toBe('CRITICAL');
+        expect(minimist?.metadata.cvss).toBe('9.8');
+    });
+    it('lands the raw artifact under .runtime/artifacts/osv-scanner/<runId>/osv.json with mode 0600', () => {
+        const runDir = join(projectDir, 'opensip-cli', '.runtime', 'artifacts', 'osv-scanner');
+        expect(existsSync(runDir)).toBe(true);
+        const runs = readdirSync(runDir);
+        expect(runs.length).toBeGreaterThan(0);
+        const artifact = join(runDir, runs[0], 'osv.json');
+        expect(existsSync(artifact)).toBe(true);
+        // Owner-only read/write (0600) — the artifact carries the raw scanner output.
+        expect(statSync(artifact).mode & 0o777).toBe(0o600);
+        // The persisted artifact is the byte-preserved golden (two vulnerabilities).
+        const doc = JSON.parse(readFileSync(artifact, 'utf8'));
+        expect(doc.results[0].packages).toHaveLength(2);
+    });
+    it('persists a session row with the osv-scanner tool + provenance payload', () => {
+        const list = runCli(['sessions', 'list', '--json']);
+        expect(list.status).toBe(0);
+        const outcome = outcomeJson(list);
+        const data = outcome.data;
+        const sessions = data?.sessions ?? [];
+        const osvRow = sessions.find((s) => s.tool === 'osv-scanner');
+        expect(osvRow).toBeDefined();
+        expect(osvRow?.passed).toBe(false);
+        const payload = osvRow?.payload;
+        expect(payload?.binary?.path).toContain('osv-scanner');
+        expect(payload?.findings).toBe(2);
+    });
+});
+describe('osv-scanner worker E2E — doctor / version diagnostics', () => {
+    it('doctor --json reports a ready, resolved binary (exit 0)', () => {
+        const run = runCli(['osv-scanner', 'doctor', '--json']);
+        expect(run.status).toBe(0);
+        const report = outcomeJson(run).data;
+        expect(report.tool).toBe('osv-scanner');
+        expect(report.ready).toBe(true);
+        expect(report.binary.found).toBe(true);
+        expect(report.version.detected).toBe('1.9.1');
+        expect(report.version.status).toBe('ok');
+    });
+    it('doctor reports NOT ready (exit 2) when the resolved binary is missing', () => {
+        // Pin the binary to a non-existent absolute path via the env layer (which beats
+        // PATH and hard-misses) so resolution fails WITHOUT breaking the toolchain/worker
+        // fork. Forward the pin into the worker (doctor probes worker-side) via the
+        // documented passthrough.
+        const run = runCli(['osv-scanner', 'doctor', '--json'], {
+            OPENSIP_OSV_SCANNER_BIN: '/nonexistent/path/to/osv-scanner',
+            OPENSIP_CLI_TOOL_ENV_PASSTHROUGH: 'FAKE_OSV_GOLDEN OPENSIP_OSV_SCANNER_BIN',
+        });
+        expect(run.status).toBe(2);
+        const report = outcomeJson(run).data;
+        expect(report.ready).toBe(false);
+        expect(report.binary.found).toBe(false);
+    });
+    it('version --json prints the resolved osv-scanner binary version', () => {
+        const run = runCli(['osv-scanner', 'version', '--json']);
+        expect(run.status).toBe(0);
+        const report = outcomeJson(run).data;
+        expect(report.found).toBe(true);
+        expect(report.version).toBe('1.9.1');
+    });
+});
+describe('osv-scanner worker E2E — installed tools are deny-by-default', () => {
+    it('without the trust allowlist, `opensip osv` is not admitted', () => {
+        const run = runCli(['osv', '--json'], { OPENSIP_CLI_ALLOW_INSTALLED_TOOLS: '' });
+        // Deny-by-default: the command never mounts (unknown command / not found), so
+        // the scan does NOT run.
+        expect(run.status).not.toBe(0);
+        expect(`${run.stdout}${run.stderr}`.toLowerCase()).toMatch(/unknown command|not found|osv/);
+    });
+});
+/**
+ * §4.12 ratchet acceptance — the FULL baseline/gate loop over a REAL forked worker.
+ * The substrate wires `--gate-save` / `--gate-compare` once (ADR-0036), so the
+ * osv-scanner adapter inherits it. This proves: capture a baseline → an unchanged
+ * re-scan is clean (exit 0) → a NET-NEW vulnerability surfaces and fails (exit ≠ 0).
+ *
+ * Runs in its OWN throwaway project so the baseline + sessions are isolated from the
+ * scan suites above. The fake binary copies `FAKE_OSV_GOLDEN` to `--output`;
+ * pointing it at an AUGMENTED golden (the two originals + one new vuln in a new
+ * package) is how the "regression" run injects a net-new finding.
+ */
+describe('osv-scanner worker E2E — full gate ratchet (§4.12)', () => {
+    let gateProject;
+    let augmentedGolden;
+    let save;
+    let compareClean;
+    let compareRegressed;
+    beforeAll(() => {
+        gateProject = makeOsvProject();
+        // The augmented golden = the committed two findings + one NET-NEW vuln in a new
+        // package (a distinct ruleId/message ⇒ a distinct message-hash fingerprint ⇒ the
+        // ratchet sees it as net-new, not unchanged).
+        const original = JSON.parse(readFileSync(GOLDEN_PATH, 'utf8'));
+        original.results[0].packages.push({
+            package: { name: 'axios', version: '0.21.0', ecosystem: 'npm' },
+            vulnerabilities: [
+                {
+                    id: 'GHSA-NEWVULN-FAKE-0001',
+                    summary: 'Server-Side Request Forgery in axios',
+                    aliases: ['CVE-2024-99999'],
+                    database_specific: { severity: 'HIGH' },
+                },
+            ],
+            groups: [{ ids: ['GHSA-NEWVULN-FAKE-0001'], max_severity: '8.6' }],
+        });
+        augmentedGolden = join(gateProject, 'augmented-golden.json');
+        writeFileSync(augmentedGolden, JSON.stringify(original), 'utf8');
+        // 1) Capture the baseline (two findings). The findings gate (ADR-0020) makes
+        //    gate-save itself exit 1 — it records the baseline AND honours the verdict.
+        save = runCli(['osv', '--gate-save'], {}, gateProject);
+        // 2) Re-scan the SAME golden and compare → no net-new ⇒ clean (exit 0).
+        compareClean = runCli(['osv', '--gate-compare'], {}, gateProject);
+        // 3) Compare against the augmented golden → one net-new finding ⇒ degraded.
+        compareRegressed = runCli(['osv', '--gate-compare'], { FAKE_OSV_GOLDEN: augmentedGolden }, gateProject);
+    });
+    afterAll(() => {
+        if (gateProject !== undefined)
+            rmSync(gateProject, { recursive: true, force: true });
+    });
+    it('--gate-save records the baseline and persists a session', () => {
+        // The findings gate makes gate-save exit 1 (a high-severity vuln present), but
+        // the baseline IS written — proven by the clean compare below.
+        expect(save.status).toBe(1);
+        const list = runCli(['sessions', 'list', '--json'], {}, gateProject);
+        const data = outcomeJson(list).data;
+        const osvRows = (data.sessions ?? []).filter((s) => s.tool === 'osv-scanner');
+        expect(osvRows.length).toBeGreaterThanOrEqual(1);
+    });
+    it('--gate-compare on the SAME scan is a clean no-op (exit 0, no regression)', () => {
+        // Pre-existing findings recorded in the baseline are NOT a regression — only
+        // net-new findings fail the ratchet. The clean exit also proves gate-save wrote
+        // the baseline (the missing-baseline → exit 2 contract is asserted directly in
+        // the "typed exit-class survives the worker boundary" suite below).
+        expect(compareRegressed).toBeDefined();
+        expect(compareClean.status).toBe(0);
+        expect(`${compareClean.stdout}${compareClean.stderr}`).toMatch(/STABLE|no change/i);
+    });
+    it('--gate-compare surfaces a NET-NEW vulnerability and exits non-zero (degraded)', () => {
+        expect(compareRegressed.status).not.toBe(0);
+        const out = `${compareRegressed.stdout}${compareRegressed.stderr}`;
+        // The net-new advisory is named in the diff; the verdict footer says DEGRADED.
+        expect(out).toContain('GHSA-NEWVULN-FAKE-0001');
+        expect(out).toMatch(/DEGRADED|Added/i);
+    });
+});
+/**
+ * A5/A6 — the typed exit-class must survive the worker boundary on the host-RPC
+ * REJECT path too. `--gate-compare` with NO saved baseline makes the host
+ * `compareBaseline` seam reject with a ConfigurationError (BASELINE_MISSING). That
+ * rejection crosses the worker IPC as a structured reply; before the fix the worker
+ * shim rebuilt a PLAIN Error → SystemError → exit 1, silently losing the frozen
+ * exit-2 config contract. This asserts the contract end-to-end over a REAL fork.
+ */
+describe('osv-scanner worker E2E — gate-compare with no baseline exits 2 (A5/A6)', () => {
+    it('`opensip osv --gate-compare` before any --gate-save exits 2 (not 1)', () => {
+        // A fresh project with NO baseline captured: the compareBaseline host seam
+        // rejects ConfigurationError(BASELINE_MISSING) over the host-RPC channel.
+        const freshProject = makeOsvProject();
+        try {
+            const run = runCli(['osv', '--gate-compare'], {}, freshProject);
+            expect(run.status).toBe(2);
+            expect(`${run.stdout}${run.stderr}`).toMatch(/baseline|gate-save/i);
+        }
+        finally {
+            rmSync(freshProject, { recursive: true, force: true });
+        }
+    });
+});
+//# sourceMappingURL=worker-e2e.test.js.map

package/dist/__tests__/worker-e2e.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker-e2e.test.js","sourceRoot":"","sources":["../../src/__tests__/worker-e2e.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EACL,MAAM,EACN,UAAU,EACV,SAAS,EACT,WAAW,EACX,WAAW,EACX,YAAY,EACZ,MAAM,EACN,QAAQ,EACR,WAAW,EACX,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEnE,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACrD,6EAA6E;AAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AACxE,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;AACpE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;AACnD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;AAEtD,MAAM,qBAAqB,GAAG,sCAAsC,CAAC;AAErE,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,EAAE,MAAM,CAAC,CAKtF,CAAC;AAQJ,IAAI,UAAkB,CAAC;AACvB,IAAI,MAAc,CAAC;AACnB,IAAI,OAA+B,CAAC;AAEpC,iFAAiF;AACjF,SAAS,MAAM,CAAC,IAAc,EAAE,WAAmC,EAAE,EAAE,GAAG,GAAG,UAAU;IACrF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,EAAE;YACvD,GAAG;YACH,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,QAAQ,EAAE;YAChD,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,GAAG,KAA8D,CAAC;QACzE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;IACnF,CAAC;AACH,CAAC;AAED,6FAA6F;AAC7F,SAAS,cAAc;IACrB,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAC7D,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,wBAAwB,CAAC,EAAE,iCAAiC,EAAE,MAAM,CAAC,CAAC;IAC9F,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;IAC3D,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EAAE,KAAK,CAAC,CAAC;IACpE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,qGAAqG;AACrG,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAA4B,CAAC;AAC3D,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,6BAA6B,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACpF,CAAC;IAED,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC7D,kFAAkF;IAClF,aAAa,CACX,IAAI,CAAC,UAAU,EAAE,wBAAwB,CAAC,EAC1C,iCAAiC,EACjC,MAAM,CACP,CAAC;IACF,kFAAkF;IAClF,kFAAkF;IAClF,wDAAwD;IACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;IAClE,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EAAE,KAAK,CAAC,CAAC;IAEpE,6EAA6E;IAC7E,uEAAuE;IACvE,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;IACzD,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IACxE,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,GAAG;QACR,IAAI,EAAE,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE;QAC3C,gFAAgF;QAChF,mEAAmE;QACnE,eAAe,EAAE,WAAW;QAC5B,gCAAgC,EAAE,iBAAiB;QACnD,gFAAgF;QAChF,8EAA8E;QAC9E,yBAAyB;QACzB,iCAAiC,EAAE,GAAG,qBAAqB,cAAc;KAC1E,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,GAAG,EAAE;IACZ,IAAI,UAAU,KAAK,SAAS;QAAE,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnF,IAAI,MAAM,KAAK,SAAS;QAAE,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7E,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2DAA2D,EAAE,GAAG,EAAE;IACzE,IAAI,IAAY,CAAC;IACjB,IAAI,QAYH,CAAC;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,+EAA+E;QAC/E,IAAI,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAClC,QAAQ,GAAG,OAAO,CAAC,QAA2B,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1C,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACxC,8EAA8E;QAC9E,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1C,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,IAAI,EAAE,CAAC,CAAC,QAAQ;SACjB,CAAC,CAAC,CAAC;QACJ,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACrF,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,CAAC,CAAC,QAAQ,CAAC,UAAsD,CAAC;YACrF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC5C,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC1E,CAAC;QACD,4EAA4E;QAC5E,iEAAiE;QACjE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC;QAC5C,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3D,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6FAA6F,EAAE,GAAG,EAAE;QACrG,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QACvF,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACnD,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxC,8EAA8E;QAC9E,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,6EAA6E;QAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAEpD,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAA4D,CAAC;QAClF,MAAM,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;QAC9D,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,EAAE,OAA4D,CAAC;QACrF,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uDAAuD,EAAE,GAAG,EAAE;IACrE,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,aAAa,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAK/B,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,gFAAgF;QAChF,kFAAkF;QAClF,4EAA4E;QAC5E,0BAA0B;QAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,aAAa,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE;YACtD,uBAAuB,EAAE,kCAAkC;YAC3D,gCAAgC,EAAE,yCAAyC;SAC5E,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAAsD,CAAC;QACvF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAA4C,CAAC;QAC7E,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8DAA8D,EAAE,GAAG,EAAE;IAC5E,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,iCAAiC,EAAE,EAAE,EAAE,CAAC,CAAC;QACjF,8EAA8E;QAC9E,yBAAyB;QACzB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC;IAC9F,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,IAAI,WAAmB,CAAC;IACxB,IAAI,eAAuB,CAAC;IAC5B,IAAI,IAAY,CAAC;IACjB,IAAI,YAAoB,CAAC;IACzB,IAAI,gBAAwB,CAAC;IAE7B,SAAS,CAAC,GAAG,EAAE;QACb,WAAW,GAAG,cAAc,EAAE,CAAC;QAE/B,gFAAgF;QAChF,iFAAiF;QACjF,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAE5D,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAChC,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE;YAC/D,eAAe,EAAE;gBACf;oBACE,EAAE,EAAE,wBAAwB;oBAC5B,OAAO,EAAE,sCAAsC;oBAC/C,OAAO,EAAE,CAAC,gBAAgB,CAAC;oBAC3B,iBAAiB,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE;iBACxC;aACF;YACD,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,wBAAwB,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;SACnE,CAAC,CAAC;QACH,eAAe,GAAG,IAAI,CAAC,WAAW,EAAE,uBAAuB,CAAC,CAAC;QAC7D,aAAa,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QAEjE,6EAA6E;QAC7E,gFAAgF;QAChF,IAAI,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QACvD,wEAAwE;QACxE,YAAY,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QAClE,4EAA4E;QAC5E,gBAAgB,GAAG,MAAM,CACvB,CAAC,KAAK,EAAE,gBAAgB,CAAC,EACzB,EAAE,eAAe,EAAE,eAAe,EAAE,EACpC,WAAW,CACZ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,IAAI,WAAW,KAAK,SAAS;YAAE,MAAM,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,+EAA+E;QAC/E,+DAA+D;QAC/D,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QACrE,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,IAAgD,CAAC;QAChF,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;QAC9E,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,6EAA6E;QAC7E,gFAAgF;QAChF,+EAA+E;QAC/E,oEAAoE;QACpE,MAAM,CAAC,gBAAgB,CAAC,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,GAAG,YAAY,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,GAAG,gBAAgB,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC;QACnE,+EAA+E;QAC/E,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,QAAQ,CAAC,wEAAwE,EAAE,GAAG,EAAE;IACtF,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,2EAA2E;QAC3E,0EAA0E;QAC1E,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,EAAE,EAAE,YAAY,CAAC,CAAC;YAChE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3B,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QACtE,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * `@opensip-cli/tool-osv-scanner` public barrel.
+ *
+ * Re-exports the `tool` descriptor the host loads by name through the installed
+ * external-tool worker-dispatch path (`mod.tool`), plus a `default` alias and the
+ * pure `parseOsvJson` normalizer (consumed by the acceptance tests). The adapter
+ * internals are otherwise not public API.
+ */
+export { tool, tool as default, OSV_SCANNER_IDENTITY, OSV_SCANNER_STABLE_ID } from './tool.js';
+export { parseOsvJson } from './parse-osv-json.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAC/F,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/index.js

@@ -0,0 +1,11 @@
+/**
+ * `@opensip-cli/tool-osv-scanner` public barrel.
+ *
+ * Re-exports the `tool` descriptor the host loads by name through the installed
+ * external-tool worker-dispatch path (`mod.tool`), plus a `default` alias and the
+ * pure `parseOsvJson` normalizer (consumed by the acceptance tests). The adapter
+ * internals are otherwise not public API.
+ */
+export { tool, tool as default, OSV_SCANNER_IDENTITY, OSV_SCANNER_STABLE_ID } from './tool.js';
+export { parseOsvJson } from './parse-osv-json.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAC/F,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC"}