@package-broker/core 0.17.4 → 0.19.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/dist/cache/index.d.ts +0 -1
  2. package/dist/cache/index.d.ts.map +1 -1
  3. package/dist/cache/index.js +0 -1
  4. package/dist/cache/index.js.map +1 -1
  5. package/dist/cache/memory-driver.d.ts +1 -1
  6. package/dist/cache/memory-driver.d.ts.map +1 -1
  7. package/dist/cache/memory-driver.js +4 -2
  8. package/dist/cache/memory-driver.js.map +1 -1
  9. package/dist/db/create-database.d.ts +8 -0
  10. package/dist/db/create-database.d.ts.map +1 -0
  11. package/dist/db/create-database.js +13 -0
  12. package/dist/db/create-database.js.map +1 -0
  13. package/dist/db/index.d.ts +0 -1
  14. package/dist/db/index.d.ts.map +1 -1
  15. package/dist/db/index.js +0 -1
  16. package/dist/db/index.js.map +1 -1
  17. package/dist/db/schema.d.ts +557 -0
  18. package/dist/db/schema.d.ts.map +1 -1
  19. package/dist/db/schema.js +72 -2
  20. package/dist/db/schema.js.map +1 -1
  21. package/dist/factory.d.ts.map +1 -1
  22. package/dist/factory.js +22 -2
  23. package/dist/factory.js.map +1 -1
  24. package/dist/index.d.ts +2 -1
  25. package/dist/index.d.ts.map +1 -1
  26. package/dist/index.js +2 -2
  27. package/dist/index.js.map +1 -1
  28. package/dist/jobs/processor.d.ts.map +1 -1
  29. package/dist/jobs/processor.js +16 -6
  30. package/dist/jobs/processor.js.map +1 -1
  31. package/dist/kernel/container.d.ts +12 -0
  32. package/dist/kernel/container.d.ts.map +1 -0
  33. package/dist/kernel/container.js +43 -0
  34. package/dist/kernel/container.js.map +1 -0
  35. package/dist/kernel/events.d.ts +17 -0
  36. package/dist/kernel/events.d.ts.map +1 -0
  37. package/dist/kernel/events.js +54 -0
  38. package/dist/kernel/events.js.map +1 -0
  39. package/dist/kernel/hooks.d.ts +14 -0
  40. package/dist/kernel/hooks.d.ts.map +1 -0
  41. package/dist/kernel/hooks.js +31 -0
  42. package/dist/kernel/hooks.js.map +1 -0
  43. package/dist/kernel/index.d.ts +5 -0
  44. package/dist/kernel/index.d.ts.map +1 -0
  45. package/dist/kernel/index.js +5 -0
  46. package/dist/kernel/index.js.map +1 -0
  47. package/dist/kernel/plugin.d.ts +21 -0
  48. package/dist/kernel/plugin.d.ts.map +1 -0
  49. package/dist/kernel/plugin.js +30 -0
  50. package/dist/kernel/plugin.js.map +1 -0
  51. package/dist/middleware/auth.d.ts +2 -0
  52. package/dist/middleware/auth.d.ts.map +1 -1
  53. package/dist/middleware/auth.js +20 -5
  54. package/dist/middleware/auth.js.map +1 -1
  55. package/dist/modules/admin/admin.handlers.d.ts +1 -1
  56. package/dist/modules/admin/admin.handlers.d.ts.map +1 -1
  57. package/dist/modules/artifacts/artifacts.handlers.d.ts +1 -1
  58. package/dist/modules/artifacts/artifacts.handlers.d.ts.map +1 -1
  59. package/dist/modules/auth/auth.handlers.js +1 -1
  60. package/dist/modules/auth/auth.handlers.js.map +1 -1
  61. package/dist/modules/composer/index.d.ts.map +1 -1
  62. package/dist/modules/composer/index.js +5 -0
  63. package/dist/modules/composer/index.js.map +1 -1
  64. package/dist/modules/composer/tenant-composer.d.ts +32 -0
  65. package/dist/modules/composer/tenant-composer.d.ts.map +1 -0
  66. package/dist/modules/composer/tenant-composer.js +198 -0
  67. package/dist/modules/composer/tenant-composer.js.map +1 -0
  68. package/dist/modules/import/import.handlers.d.ts +4 -0
  69. package/dist/modules/import/import.handlers.d.ts.map +1 -0
  70. package/dist/modules/import/import.handlers.js +16 -0
  71. package/dist/modules/import/import.handlers.js.map +1 -0
  72. package/dist/{routes/api/openapi/settings.d.ts → modules/import/import.routes.d.ts} +20 -35
  73. package/dist/modules/import/import.routes.d.ts.map +1 -0
  74. package/dist/modules/import/import.routes.js +63 -0
  75. package/dist/modules/import/import.routes.js.map +1 -0
  76. package/dist/modules/import/index.d.ts +8 -0
  77. package/dist/modules/import/index.d.ts.map +1 -0
  78. package/dist/modules/import/index.js +8 -0
  79. package/dist/modules/import/index.js.map +1 -0
  80. package/dist/modules/organizations/index.d.ts +8 -0
  81. package/dist/modules/organizations/index.d.ts.map +1 -0
  82. package/dist/modules/organizations/index.js +22 -0
  83. package/dist/modules/organizations/index.js.map +1 -0
  84. package/dist/modules/organizations/organizations.handlers.d.ts +24 -0
  85. package/dist/modules/organizations/organizations.handlers.d.ts.map +1 -0
  86. package/dist/modules/organizations/organizations.handlers.js +278 -0
  87. package/dist/modules/organizations/organizations.handlers.js.map +1 -0
  88. package/dist/modules/organizations/organizations.routes.d.ts +596 -0
  89. package/dist/modules/organizations/organizations.routes.d.ts.map +1 -0
  90. package/dist/modules/organizations/organizations.routes.js +263 -0
  91. package/dist/modules/organizations/organizations.routes.js.map +1 -0
  92. package/dist/modules/packages/packages.handlers.d.ts +1 -1
  93. package/dist/modules/packages/packages.handlers.d.ts.map +1 -1
  94. package/dist/modules/packages/packages.handlers.js +3 -69
  95. package/dist/modules/packages/packages.handlers.js.map +1 -1
  96. package/dist/modules/repositories/repositories.handlers.d.ts +1 -1
  97. package/dist/modules/repositories/repositories.handlers.d.ts.map +1 -1
  98. package/dist/modules/repositories/repositories.handlers.js +74 -3
  99. package/dist/modules/repositories/repositories.handlers.js.map +1 -1
  100. package/dist/modules/repositories/repositories.routes.d.ts +12 -0
  101. package/dist/modules/repositories/repositories.routes.d.ts.map +1 -1
  102. package/dist/modules/system/index.d.ts.map +1 -1
  103. package/dist/modules/system/index.js +2 -1
  104. package/dist/modules/system/index.js.map +1 -1
  105. package/dist/modules/system/system.handlers.d.ts +11 -1
  106. package/dist/modules/system/system.handlers.d.ts.map +1 -1
  107. package/dist/modules/system/system.handlers.js +31 -1
  108. package/dist/modules/system/system.handlers.js.map +1 -1
  109. package/dist/modules/system/system.routes.d.ts +34 -4
  110. package/dist/modules/system/system.routes.d.ts.map +1 -1
  111. package/dist/modules/system/system.routes.js +21 -1
  112. package/dist/modules/system/system.routes.js.map +1 -1
  113. package/dist/modules/tenants/index.d.ts +8 -0
  114. package/dist/modules/tenants/index.d.ts.map +1 -0
  115. package/dist/modules/tenants/index.js +21 -0
  116. package/dist/modules/tenants/index.js.map +1 -0
  117. package/dist/modules/tenants/tenants.handlers.d.ts +24 -0
  118. package/dist/modules/tenants/tenants.handlers.d.ts.map +1 -0
  119. package/dist/modules/tenants/tenants.handlers.js +268 -0
  120. package/dist/modules/tenants/tenants.handlers.js.map +1 -0
  121. package/dist/modules/tenants/tenants.routes.d.ts +486 -0
  122. package/dist/modules/tenants/tenants.routes.d.ts.map +1 -0
  123. package/dist/modules/tenants/tenants.routes.js +227 -0
  124. package/dist/modules/tenants/tenants.routes.js.map +1 -0
  125. package/dist/modules/tokens/tokens.handlers.d.ts +1 -1
  126. package/dist/modules/tokens/tokens.handlers.d.ts.map +1 -1
  127. package/dist/modules/users/users.handlers.d.ts +1 -1
  128. package/dist/modules/users/users.handlers.d.ts.map +1 -1
  129. package/dist/modules/users/users.handlers.js +1 -1
  130. package/dist/modules/users/users.handlers.js.map +1 -1
  131. package/dist/plugins/security-advisories/advisory-db.d.ts +85 -0
  132. package/dist/plugins/security-advisories/advisory-db.d.ts.map +1 -0
  133. package/dist/plugins/security-advisories/advisory-db.js +161 -0
  134. package/dist/plugins/security-advisories/advisory-db.js.map +1 -0
  135. package/dist/plugins/security-advisories/advisory-service.d.ts +44 -0
  136. package/dist/plugins/security-advisories/advisory-service.d.ts.map +1 -0
  137. package/dist/plugins/security-advisories/advisory-service.js +122 -0
  138. package/dist/plugins/security-advisories/advisory-service.js.map +1 -0
  139. package/dist/plugins/security-advisories/advisory.handlers.d.ts +13 -0
  140. package/dist/plugins/security-advisories/advisory.handlers.d.ts.map +1 -0
  141. package/dist/plugins/security-advisories/advisory.handlers.js +87 -0
  142. package/dist/plugins/security-advisories/advisory.handlers.js.map +1 -0
  143. package/dist/plugins/security-advisories/advisory.module.d.ts +4 -0
  144. package/dist/plugins/security-advisories/advisory.module.d.ts.map +1 -0
  145. package/dist/plugins/security-advisories/advisory.module.js +13 -0
  146. package/dist/plugins/security-advisories/advisory.module.js.map +1 -0
  147. package/dist/plugins/security-advisories/advisory.routes.d.ts +73 -0
  148. package/dist/plugins/security-advisories/advisory.routes.d.ts.map +1 -0
  149. package/dist/plugins/security-advisories/advisory.routes.js +76 -0
  150. package/dist/plugins/security-advisories/advisory.routes.js.map +1 -0
  151. package/dist/plugins/security-advisories/index.d.ts +31 -0
  152. package/dist/plugins/security-advisories/index.d.ts.map +1 -0
  153. package/dist/plugins/security-advisories/index.js +100 -0
  154. package/dist/plugins/security-advisories/index.js.map +1 -0
  155. package/dist/ports.d.ts +39 -21
  156. package/dist/ports.d.ts.map +1 -1
  157. package/dist/queue/consumer.d.ts +0 -8
  158. package/dist/queue/consumer.d.ts.map +1 -1
  159. package/dist/queue/consumer.js +2 -23
  160. package/dist/queue/consumer.js.map +1 -1
  161. package/dist/queue/index.d.ts +2 -0
  162. package/dist/queue/index.d.ts.map +1 -1
  163. package/dist/queue/index.js +2 -0
  164. package/dist/queue/index.js.map +1 -1
  165. package/dist/queue/memory-driver.d.ts +3 -2
  166. package/dist/queue/memory-driver.d.ts.map +1 -1
  167. package/dist/queue/memory-driver.js.map +1 -1
  168. package/dist/routes/composer.d.ts +7 -1
  169. package/dist/routes/composer.d.ts.map +1 -1
  170. package/dist/routes/composer.js +172 -70
  171. package/dist/routes/composer.js.map +1 -1
  172. package/dist/routes/dist.d.ts.map +1 -1
  173. package/dist/routes/dist.js +26 -80
  174. package/dist/routes/dist.js.map +1 -1
  175. package/dist/routes/index.d.ts +0 -1
  176. package/dist/routes/index.d.ts.map +1 -1
  177. package/dist/routes/index.js +0 -1
  178. package/dist/routes/index.js.map +1 -1
  179. package/dist/routes/package-revalidation.d.ts +38 -0
  180. package/dist/routes/package-revalidation.d.ts.map +1 -0
  181. package/dist/routes/package-revalidation.js +66 -0
  182. package/dist/routes/package-revalidation.js.map +1 -0
  183. package/dist/services/GitHubOrgImporter.d.ts +21 -0
  184. package/dist/services/GitHubOrgImporter.d.ts.map +1 -0
  185. package/dist/services/GitHubOrgImporter.js +51 -0
  186. package/dist/services/GitHubOrgImporter.js.map +1 -0
  187. package/dist/services/TokenScopeService.d.ts +15 -0
  188. package/dist/services/TokenScopeService.d.ts.map +1 -0
  189. package/dist/services/TokenScopeService.js +42 -0
  190. package/dist/services/TokenScopeService.js.map +1 -0
  191. package/dist/storage/index.d.ts +0 -1
  192. package/dist/storage/index.d.ts.map +1 -1
  193. package/dist/storage/index.js +0 -1
  194. package/dist/storage/index.js.map +1 -1
  195. package/dist/sync/repository-sync.d.ts.map +1 -1
  196. package/dist/sync/repository-sync.js +35 -23
  197. package/dist/sync/repository-sync.js.map +1 -1
  198. package/dist/sync/strategies/git-ssh.d.ts +17 -0
  199. package/dist/sync/strategies/git-ssh.d.ts.map +1 -0
  200. package/dist/sync/strategies/git-ssh.js +325 -0
  201. package/dist/sync/strategies/git-ssh.js.map +1 -0
  202. package/dist/{routes/api/types.d.ts → types/openapi.d.ts} +3 -4
  203. package/dist/types/openapi.d.ts.map +1 -0
  204. package/dist/{routes/api/types.js → types/openapi.js} +1 -1
  205. package/dist/types/openapi.js.map +1 -0
  206. package/dist/utils/background.d.ts +7 -0
  207. package/dist/utils/background.d.ts.map +1 -0
  208. package/dist/utils/background.js +11 -0
  209. package/dist/utils/background.js.map +1 -0
  210. package/dist/utils/environment.d.ts +15 -0
  211. package/dist/utils/environment.d.ts.map +1 -0
  212. package/dist/utils/environment.js +38 -0
  213. package/dist/utils/environment.js.map +1 -0
  214. package/dist/utils/index.d.ts +1 -0
  215. package/dist/utils/index.d.ts.map +1 -1
  216. package/dist/utils/index.js +1 -0
  217. package/dist/utils/index.js.map +1 -1
  218. package/dist/utils/package-filter.d.ts +7 -0
  219. package/dist/utils/package-filter.d.ts.map +1 -0
  220. package/dist/utils/package-filter.js +23 -0
  221. package/dist/utils/package-filter.js.map +1 -0
  222. package/dist/utils/package-validator.d.ts +3 -3
  223. package/dist/utils/package-validator.d.ts.map +1 -1
  224. package/dist/utils/package-validator.js +4 -37
  225. package/dist/utils/package-validator.js.map +1 -1
  226. package/dist/utils/upstream-fetch.d.ts +18 -0
  227. package/dist/utils/upstream-fetch.d.ts.map +1 -1
  228. package/dist/utils/upstream-fetch.js +76 -5
  229. package/dist/utils/upstream-fetch.js.map +1 -1
  230. package/dist/utils/zip-utils.d.ts +13 -0
  231. package/dist/utils/zip-utils.d.ts.map +1 -0
  232. package/dist/utils/zip-utils.js +66 -0
  233. package/dist/utils/zip-utils.js.map +1 -0
  234. package/dist/vcs/bitbucket-provider.d.ts +19 -0
  235. package/dist/vcs/bitbucket-provider.d.ts.map +1 -0
  236. package/dist/vcs/bitbucket-provider.js +249 -0
  237. package/dist/vcs/bitbucket-provider.js.map +1 -0
  238. package/dist/vcs/github-provider.d.ts +16 -0
  239. package/dist/vcs/github-provider.d.ts.map +1 -0
  240. package/dist/vcs/github-provider.js +117 -0
  241. package/dist/vcs/github-provider.js.map +1 -0
  242. package/dist/vcs/gitlab-provider.d.ts +17 -0
  243. package/dist/vcs/gitlab-provider.d.ts.map +1 -0
  244. package/dist/vcs/gitlab-provider.js +216 -0
  245. package/dist/vcs/gitlab-provider.js.map +1 -0
  246. package/dist/vcs/index.d.ts +10 -0
  247. package/dist/vcs/index.d.ts.map +1 -0
  248. package/dist/vcs/index.js +24 -0
  249. package/dist/vcs/index.js.map +1 -0
  250. package/dist/vcs/registry.d.ts +32 -0
  251. package/dist/vcs/registry.d.ts.map +1 -0
  252. package/dist/vcs/registry.js +47 -0
  253. package/dist/vcs/registry.js.map +1 -0
  254. package/dist/workflows/package-storage.d.ts.map +1 -1
  255. package/dist/workflows/package-storage.js +3 -3
  256. package/dist/workflows/package-storage.js.map +1 -1
  257. package/package.json +11 -8
  258. package/dist/cache/kv-driver.d.ts +0 -16
  259. package/dist/cache/kv-driver.d.ts.map +0 -1
  260. package/dist/cache/kv-driver.js +0 -23
  261. package/dist/cache/kv-driver.js.map +0 -1
  262. package/dist/db/d1-driver.d.ts +0 -3
  263. package/dist/db/d1-driver.d.ts.map +0 -1
  264. package/dist/db/d1-driver.js +0 -7
  265. package/dist/db/d1-driver.js.map +0 -1
  266. package/dist/routes/api/artifacts.d.ts +0 -27
  267. package/dist/routes/api/artifacts.d.ts.map +0 -1
  268. package/dist/routes/api/artifacts.js +0 -57
  269. package/dist/routes/api/artifacts.js.map +0 -1
  270. package/dist/routes/api/auth.d.ts +0 -52
  271. package/dist/routes/api/auth.d.ts.map +0 -1
  272. package/dist/routes/api/auth.js +0 -277
  273. package/dist/routes/api/auth.js.map +0 -1
  274. package/dist/routes/api/index.d.ts +0 -10
  275. package/dist/routes/api/index.d.ts.map +0 -1
  276. package/dist/routes/api/index.js +0 -11
  277. package/dist/routes/api/index.js.map +0 -1
  278. package/dist/routes/api/openapi/artifacts.d.ts +0 -80
  279. package/dist/routes/api/openapi/artifacts.d.ts.map +0 -1
  280. package/dist/routes/api/openapi/artifacts.js +0 -73
  281. package/dist/routes/api/openapi/artifacts.js.map +0 -1
  282. package/dist/routes/api/openapi/auth.d.ts +0 -187
  283. package/dist/routes/api/openapi/auth.d.ts.map +0 -1
  284. package/dist/routes/api/openapi/auth.js +0 -135
  285. package/dist/routes/api/openapi/auth.js.map +0 -1
  286. package/dist/routes/api/openapi/health.d.ts +0 -23
  287. package/dist/routes/api/openapi/health.d.ts.map +0 -1
  288. package/dist/routes/api/openapi/health.js +0 -25
  289. package/dist/routes/api/openapi/health.js.map +0 -1
  290. package/dist/routes/api/openapi/index.d.ts +0 -10
  291. package/dist/routes/api/openapi/index.d.ts.map +0 -1
  292. package/dist/routes/api/openapi/index.js +0 -16
  293. package/dist/routes/api/openapi/index.js.map +0 -1
  294. package/dist/routes/api/openapi/packages.d.ts +0 -172
  295. package/dist/routes/api/openapi/packages.d.ts.map +0 -1
  296. package/dist/routes/api/openapi/packages.js +0 -126
  297. package/dist/routes/api/openapi/packages.js.map +0 -1
  298. package/dist/routes/api/openapi/repositories.d.ts +0 -451
  299. package/dist/routes/api/openapi/repositories.d.ts.map +0 -1
  300. package/dist/routes/api/openapi/repositories.js +0 -238
  301. package/dist/routes/api/openapi/repositories.js.map +0 -1
  302. package/dist/routes/api/openapi/settings.d.ts.map +0 -1
  303. package/dist/routes/api/openapi/settings.js +0 -72
  304. package/dist/routes/api/openapi/settings.js.map +0 -1
  305. package/dist/routes/api/openapi/stats.d.ts +0 -59
  306. package/dist/routes/api/openapi/stats.d.ts.map +0 -1
  307. package/dist/routes/api/openapi/stats.js +0 -53
  308. package/dist/routes/api/openapi/stats.js.map +0 -1
  309. package/dist/routes/api/openapi/tokens.d.ts +0 -202
  310. package/dist/routes/api/openapi/tokens.d.ts.map +0 -1
  311. package/dist/routes/api/openapi/tokens.js +0 -132
  312. package/dist/routes/api/openapi/tokens.js.map +0 -1
  313. package/dist/routes/api/openapi/users.d.ts +0 -190
  314. package/dist/routes/api/openapi/users.d.ts.map +0 -1
  315. package/dist/routes/api/openapi/users.js +0 -126
  316. package/dist/routes/api/openapi/users.js.map +0 -1
  317. package/dist/routes/api/packages.d.ts +0 -50
  318. package/dist/routes/api/packages.d.ts.map +0 -1
  319. package/dist/routes/api/packages.js +0 -708
  320. package/dist/routes/api/packages.js.map +0 -1
  321. package/dist/routes/api/repositories.d.ts +0 -58
  322. package/dist/routes/api/repositories.d.ts.map +0 -1
  323. package/dist/routes/api/repositories.js +0 -321
  324. package/dist/routes/api/repositories.js.map +0 -1
  325. package/dist/routes/api/settings.d.ts +0 -29
  326. package/dist/routes/api/settings.d.ts.map +0 -1
  327. package/dist/routes/api/settings.js +0 -81
  328. package/dist/routes/api/settings.js.map +0 -1
  329. package/dist/routes/api/stats.d.ts +0 -21
  330. package/dist/routes/api/stats.d.ts.map +0 -1
  331. package/dist/routes/api/stats.js +0 -51
  332. package/dist/routes/api/stats.js.map +0 -1
  333. package/dist/routes/api/tokens.d.ts +0 -40
  334. package/dist/routes/api/tokens.d.ts.map +0 -1
  335. package/dist/routes/api/tokens.js +0 -187
  336. package/dist/routes/api/tokens.js.map +0 -1
  337. package/dist/routes/api/types.d.ts.map +0 -1
  338. package/dist/routes/api/types.js.map +0 -1
  339. package/dist/routes/api/users.d.ts +0 -6
  340. package/dist/routes/api/users.d.ts.map +0 -1
  341. package/dist/routes/api/users.js +0 -115
  342. package/dist/routes/api/users.js.map +0 -1
  343. package/dist/storage/r2-driver.d.ts +0 -16
  344. package/dist/storage/r2-driver.d.ts.map +0 -1
  345. package/dist/storage/r2-driver.js +0 -28
  346. package/dist/storage/r2-driver.js.map +0 -1
@@ -0,0 +1,122 @@
1
+ /*
2
+ * PACKAGE.broker
3
+ * Copyright (C) 2025 Łukasz Bajsarowicz
4
+ * Licensed under AGPL-3.0
5
+ */
6
+ import { AdvisoryDatabase } from './advisory-db';
7
+ import { getLogger } from '../../utils/logger';
8
+ import semver from 'semver';
9
+ /**
10
+ * Service for checking packages against known security advisories.
11
+ * Uses the Packagist security advisories API for real-time lookups.
12
+ */
13
+ export class SecurityAdvisoryService {
14
+ db;
15
+ constructor(db) {
16
+ this.db = db || new AdvisoryDatabase();
17
+ }
18
+ /**
19
+ * Check a single package/version for vulnerabilities.
20
+ */
21
+ async checkPackage(packageName, version) {
22
+ const advisories = await this.db.queryPackages([packageName]);
23
+ const packageAdvisories = advisories.get(packageName) || [];
24
+ const matchingAdvisories = this.filterByVersion(packageAdvisories, version);
25
+ return {
26
+ package_name: packageName,
27
+ version,
28
+ advisories: matchingAdvisories,
29
+ is_vulnerable: matchingAdvisories.length > 0,
30
+ };
31
+ }
32
+ /**
33
+ * Check multiple packages for vulnerabilities (batch).
34
+ */
35
+ async checkPackages(packages) {
36
+ const uniqueNames = [...new Set(packages.map((p) => p.name))];
37
+ const advisoryMap = await this.db.queryPackages(uniqueNames);
38
+ return packages.map((pkg) => {
39
+ const packageAdvisories = advisoryMap.get(pkg.name) || [];
40
+ const matching = this.filterByVersion(packageAdvisories, pkg.version);
41
+ return {
42
+ package_name: pkg.name,
43
+ version: pkg.version,
44
+ advisories: matching,
45
+ is_vulnerable: matching.length > 0,
46
+ };
47
+ });
48
+ }
49
+ /**
50
+ * Get the underlying advisory database for direct access.
51
+ */
52
+ getDatabase() {
53
+ return this.db;
54
+ }
55
+ /**
56
+ * Filter advisories by checking if the given version falls within the affected range.
57
+ * Uses Composer-style version constraints (translated to semver ranges).
58
+ */
59
+ filterByVersion(advisories, version) {
60
+ const logger = getLogger();
61
+ const cleanVersion = semver.clean(version);
62
+ // If version is not valid semver (e.g. "dev-main"), return all advisories
63
+ if (!cleanVersion) {
64
+ return advisories;
65
+ }
66
+ return advisories.filter((advisory) => {
67
+ try {
68
+ const range = this.composerConstraintToSemver(advisory.affected_versions);
69
+ if (!range)
70
+ return true; // Can't parse → assume affected for safety
71
+ return semver.satisfies(cleanVersion, range);
72
+ }
73
+ catch {
74
+ // If we can't determine, err on the side of caution
75
+ logger.debug('Could not parse version constraint', {
76
+ constraint: advisory.affected_versions,
77
+ version,
78
+ });
79
+ return true;
80
+ }
81
+ });
82
+ }
83
+ /**
84
+ * Convert a Composer version constraint to a semver range.
85
+ * Handles common patterns:
86
+ * - ">=2.0,<2.3.1" → ">=2.0.0 <2.3.1"
87
+ * - ">=1.0,<1.5|>=2.0,<2.1" → ">=1.0.0 <1.5.0 || >=2.0.0 <2.1.0"
88
+ * - "<5.4.46" → "<5.4.46"
89
+ */
90
+ composerConstraintToSemver(constraint) {
91
+ if (!constraint)
92
+ return null;
93
+ // Split on pipe (OR) and handle each group
94
+ const groups = constraint.split('|').map((group) => group.trim());
95
+ const semverGroups = groups
96
+ .map((group) => {
97
+ // Split on comma (AND) within a group
98
+ const parts = group.split(',').map((p) => p.trim());
99
+ return parts
100
+ .map((part) => {
101
+ // Clean up Composer-specific syntax
102
+ return part
103
+ .replace(/^([<>=!]+)\s*/, '$1') // Remove whitespace after operators
104
+ .replace(/^~/, '~') // Tilde range
105
+ .replace(/^\^/, '^'); // Caret range
106
+ })
107
+ .join(' ');
108
+ })
109
+ .filter(Boolean);
110
+ const result = semverGroups.join(' || ');
111
+ // Verify the range is valid
112
+ try {
113
+ if (semver.validRange(result))
114
+ return result;
115
+ }
116
+ catch {
117
+ // Fall through
118
+ }
119
+ return null;
120
+ }
121
+ }
122
+ //# sourceMappingURL=advisory-service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory-service.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory-service.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAyB,MAAM,eAAe,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAS5B;;;GAGG;AACH,MAAM,OAAO,uBAAuB;IACjB,EAAE,CAAmB;IAEtC,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,IAAI,gBAAgB,EAAE,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,WAAmB,EAAE,OAAe;QACrD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9D,MAAM,iBAAiB,GAAG,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QAE5D,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAE5E,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,OAAO;YACP,UAAU,EAAE,kBAAkB;YAC9B,aAAa,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC;SAC7C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,QAAkD;QAElD,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAE7D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC1B,MAAM,iBAAiB,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAEtE,OAAO;gBACL,YAAY,EAAE,GAAG,CAAC,IAAI;gBACtB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,UAAU,EAAE,QAAQ;gBACpB,aAAa,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;aACnC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,UAA8B,EAAE,OAAe;QACrE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE3C,0EAA0E;QAC1E,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;YACpC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;gBAC1E,IAAI,CAAC,KAAK;oBAAE,OAAO,IAAI,CAAC,CAAC,2CAA2C;gBACpE,OAAO,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,oDAAoD;gBACpD,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE;oBACjD,UAAU,EAAE,QAAQ,CAAC,iBAAiB;oBACtC,OAAO;iBACR,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACK,0BAA0B,CAAC,UAAkB;QACnD,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,2CAA2C;QAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,MAAM;aACxB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YACb,sCAAsC;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACpD,OAAO,KAAK;iBACT,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;gBACZ,oCAAoC;gBACpC,OAAO,IAAI;qBACR,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC,oCAAoC;qBACnE,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,cAAc;qBACjC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,cAAc;YACxC,CAAC,CAAC;iBACD,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,CAAC,CAAC;aACD,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,4BAA4B;QAC5B,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,MAAM,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
@@ -0,0 +1,13 @@
1
+ import type { Context } from 'hono';
2
+ import { SecurityAdvisoryService } from './advisory-service';
3
+ export declare function getSecurityAdvisoryService(): SecurityAdvisoryService;
4
+ export declare function setSecurityAdvisoryServiceInstance(service: SecurityAdvisoryService): void;
5
+ /**
6
+ * GET /api/security/advisories?packages=vendor/pkg1,vendor/pkg2
7
+ */
8
+ export declare function listAdvisories(c: Context): Promise<Response>;
9
+ /**
10
+ * GET /api/security/advisories/:vendor/:package/:version
11
+ */
12
+ export declare function checkPackageAdvisories(c: Context): Promise<Response>;
13
+ //# sourceMappingURL=advisory.handlers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory.handlers.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.handlers.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAQ7D,wBAAgB,0BAA0B,IAAI,uBAAuB,CAKpE;AAED,wBAAgB,kCAAkC,CAAC,OAAO,EAAE,uBAAuB,GAAG,IAAI,CAEzF;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAwDlE;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CA4B1E"}
@@ -0,0 +1,87 @@
1
+ /*
2
+ * PACKAGE.broker
3
+ * Copyright (C) 2025 Łukasz Bajsarowicz
4
+ * Licensed under AGPL-3.0
5
+ */
6
+ import { SecurityAdvisoryService } from './advisory-service';
7
+ import { AdvisoryDatabase } from './advisory-db';
8
+ import { getLogger } from '../../utils/logger';
9
+ // Singleton service instance — shared with the plugin when loaded
10
+ let serviceInstance = null;
11
+ export function getSecurityAdvisoryService() {
12
+ if (!serviceInstance) {
13
+ serviceInstance = new SecurityAdvisoryService(new AdvisoryDatabase());
14
+ }
15
+ return serviceInstance;
16
+ }
17
+ export function setSecurityAdvisoryServiceInstance(service) {
18
+ serviceInstance = service;
19
+ }
20
+ /**
21
+ * GET /api/security/advisories?packages=vendor/pkg1,vendor/pkg2
22
+ */
23
+ export async function listAdvisories(c) {
24
+ const logger = getLogger();
25
+ const service = getSecurityAdvisoryService();
26
+ try {
27
+ const packagesParam = c.req.query('packages');
28
+ if (!packagesParam) {
29
+ return c.json({
30
+ advisories: {},
31
+ packages_checked: 0,
32
+ vulnerable_count: 0,
33
+ });
34
+ }
35
+ const packageNames = packagesParam
36
+ .split(',')
37
+ .map((p) => p.trim())
38
+ .filter(Boolean);
39
+ if (packageNames.length === 0) {
40
+ return c.json({
41
+ advisories: {},
42
+ packages_checked: 0,
43
+ vulnerable_count: 0,
44
+ });
45
+ }
46
+ // Cap at 100 packages per request
47
+ const cappedNames = packageNames.slice(0, 100);
48
+ const { results: advisoryMap, upstream_error } = await service.getDatabase().queryPackagesWithStatus(cappedNames);
49
+ const response = {};
50
+ for (const [name, advisories] of advisoryMap) {
51
+ response[name] = advisories;
52
+ }
53
+ return c.json({
54
+ advisories: response,
55
+ packages_checked: cappedNames.length,
56
+ vulnerable_count: advisoryMap.size,
57
+ ...(upstream_error && { upstream_error: true }),
58
+ });
59
+ }
60
+ catch (err) {
61
+ logger.error('Error listing advisories', {}, err instanceof Error ? err : new Error(String(err)));
62
+ return c.json({ error: 'Internal Server Error', message: 'Failed to check security advisories' }, 500);
63
+ }
64
+ }
65
+ /**
66
+ * GET /api/security/advisories/:vendor/:package/:version
67
+ */
68
+ export async function checkPackageAdvisories(c) {
69
+ const logger = getLogger();
70
+ const service = getSecurityAdvisoryService();
71
+ try {
72
+ const vendor = c.req.param('vendor');
73
+ const pkg = c.req.param('package');
74
+ const version = c.req.param('version');
75
+ if (!vendor || !pkg || !version) {
76
+ return c.json({ error: 'Bad Request', message: 'Vendor, package, and version are required' }, 400);
77
+ }
78
+ const packageName = `${vendor}/${pkg}`;
79
+ const result = await service.checkPackage(packageName, version);
80
+ return c.json(result);
81
+ }
82
+ catch (err) {
83
+ logger.error('Error checking package advisories', { vendor: c.req.param('vendor'), package: c.req.param('package'), version: c.req.param('version') }, err instanceof Error ? err : new Error(String(err)));
84
+ return c.json({ error: 'Internal Server Error', message: 'Failed to check security advisories' }, 500);
85
+ }
86
+ }
87
+ //# sourceMappingURL=advisory.handlers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory.handlers.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEjD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,kEAAkE;AAClE,IAAI,eAAe,GAAmC,IAAI,CAAC;AAE3D,MAAM,UAAU,0BAA0B;IACxC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,eAAe,GAAG,IAAI,uBAAuB,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,kCAAkC,CAAC,OAAgC;IACjF,eAAe,GAAG,OAAO,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,CAAU;IAC7C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,0BAA0B,EAAE,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,EAAE;gBACd,gBAAgB,EAAE,CAAC;gBACnB,gBAAgB,EAAE,CAAC;aACpB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,aAAa;aAC/B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,EAAE;gBACd,gBAAgB,EAAE,CAAC;gBACnB,gBAAgB,EAAE,CAAC;aACpB,CAAC,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAE/C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,GAC5C,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAuC,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;QAC9B,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,UAAU,EAAE,QAAQ;YACpB,gBAAgB,EAAE,WAAW,CAAC,MAAM;YACpC,gBAAgB,EAAE,WAAW,CAAC,IAAI;YAClC,GAAG,CAAC,cAAc,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;SAChD,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,EAAE,EACF,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;QACF,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAClF,GAAG,CACJ,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,CAAU;IACrD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,0BAA0B,EAAE,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEvC,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,2CAA2C,EAAE,EAAE,GAAG,CAAC,CAAC;QACrG,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEhE,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,mCAAmC,EACnC,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EACnG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;QACF,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAClF,GAAG,CACJ,CAAC;IACJ,CAAC;AACH,CAAC"}
@@ -0,0 +1,4 @@
1
+ import { OpenAPIHono } from '@hono/zod-openapi';
2
+ declare const securityModule: OpenAPIHono<import("hono").Env, {}, "/">;
3
+ export default securityModule;
4
+ //# sourceMappingURL=advisory.module.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory.module.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.module.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIhD,QAAA,MAAM,cAAc,0CAAoB,CAAC;AAKzC,eAAe,cAAc,CAAC"}
@@ -0,0 +1,13 @@
1
+ /*
2
+ * PACKAGE.broker
3
+ * Copyright (C) 2025 Łukasz Bajsarowicz
4
+ * Licensed under AGPL-3.0
5
+ */
6
+ import { OpenAPIHono } from '@hono/zod-openapi';
7
+ import { listAdvisoriesRoute, checkPackageRoute } from './advisory.routes';
8
+ import { listAdvisories, checkPackageAdvisories } from './advisory.handlers';
9
+ const securityModule = new OpenAPIHono();
10
+ securityModule.openapi(listAdvisoriesRoute, listAdvisories);
11
+ securityModule.openapi(checkPackageRoute, checkPackageAdvisories);
12
+ export default securityModule;
13
+ //# sourceMappingURL=advisory.module.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory.module.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.module.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAE7E,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC;AAEzC,cAAc,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAqB,CAAC,CAAC;AACnE,cAAc,CAAC,OAAO,CAAC,iBAAiB,EAAE,sBAA6B,CAAC,CAAC;AAEzE,eAAe,cAAc,CAAC"}
@@ -0,0 +1,73 @@
1
+ import { z } from '@hono/zod-openapi';
2
+ export declare const listAdvisoriesRoute: {
3
+ method: "get";
4
+ path: "/advisories";
5
+ tags: string[];
6
+ summary: string;
7
+ description: string;
8
+ request: {
9
+ query: z.ZodObject<{
10
+ packages: z.ZodOptional<z.ZodString>;
11
+ }, z.core.$strip>;
12
+ };
13
+ responses: {
14
+ 200: {
15
+ description: string;
16
+ content: {
17
+ 'application/json': {
18
+ schema: z.ZodObject<{
19
+ advisories: z.ZodRecord<z.ZodString, z.ZodArray<z.ZodObject<{
20
+ cve: z.ZodNullable<z.ZodString>;
21
+ title: z.ZodString;
22
+ link: z.ZodString;
23
+ affected_versions: z.ZodString;
24
+ package_name: z.ZodString;
25
+ }, z.core.$strip>>>;
26
+ packages_checked: z.ZodNumber;
27
+ vulnerable_count: z.ZodNumber;
28
+ upstream_error: z.ZodOptional<z.ZodBoolean>;
29
+ }, z.core.$strip>;
30
+ };
31
+ };
32
+ };
33
+ };
34
+ } & {
35
+ getRoutingPath(): "/advisories";
36
+ };
37
+ export declare const checkPackageRoute: {
38
+ method: "get";
39
+ path: "/advisories/{vendor}/{package}/{version}";
40
+ tags: string[];
41
+ summary: string;
42
+ request: {
43
+ params: z.ZodObject<{
44
+ vendor: z.ZodString;
45
+ package: z.ZodString;
46
+ version: z.ZodString;
47
+ }, z.core.$strip>;
48
+ };
49
+ responses: {
50
+ 200: {
51
+ description: string;
52
+ content: {
53
+ 'application/json': {
54
+ schema: z.ZodObject<{
55
+ package_name: z.ZodString;
56
+ version: z.ZodString;
57
+ advisories: z.ZodArray<z.ZodObject<{
58
+ cve: z.ZodNullable<z.ZodString>;
59
+ title: z.ZodString;
60
+ link: z.ZodString;
61
+ affected_versions: z.ZodString;
62
+ package_name: z.ZodString;
63
+ }, z.core.$strip>>;
64
+ is_vulnerable: z.ZodBoolean;
65
+ }, z.core.$strip>;
66
+ };
67
+ };
68
+ };
69
+ };
70
+ } & {
71
+ getRoutingPath(): "/advisories/:vendor/:package/:version";
72
+ };
73
+ //# sourceMappingURL=advisory.routes.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory.routes.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.routes.ts"],"names":[],"mappings":"AAMA,OAAO,EAAe,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAiBnD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgC9B,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsB5B,CAAC"}
@@ -0,0 +1,76 @@
1
+ /*
2
+ * PACKAGE.broker
3
+ * Copyright (C) 2025 Łukasz Bajsarowicz
4
+ * Licensed under AGPL-3.0
5
+ */
6
+ import { createRoute, z } from '@hono/zod-openapi';
7
+ const advisorySchema = z.object({
8
+ cve: z.string().nullable(),
9
+ title: z.string(),
10
+ link: z.string(),
11
+ affected_versions: z.string(),
12
+ package_name: z.string(),
13
+ });
14
+ const vulnerabilityCheckResultSchema = z.object({
15
+ package_name: z.string(),
16
+ version: z.string(),
17
+ advisories: z.array(advisorySchema),
18
+ is_vulnerable: z.boolean(),
19
+ });
20
+ export const listAdvisoriesRoute = createRoute({
21
+ method: 'get',
22
+ path: '/advisories',
23
+ tags: ['Security'],
24
+ summary: 'Check packages for security advisories',
25
+ description: 'Query the Packagist security advisories database for vulnerabilities affecting specified packages.',
26
+ request: {
27
+ query: z.object({
28
+ packages: z
29
+ .string()
30
+ .optional()
31
+ .openapi({
32
+ description: 'Comma-separated list of package names to check (e.g. "symfony/http-kernel,laravel/framework")',
33
+ example: 'symfony/http-kernel,laravel/framework',
34
+ }),
35
+ }),
36
+ },
37
+ responses: {
38
+ 200: {
39
+ description: 'Advisory check results',
40
+ content: {
41
+ 'application/json': {
42
+ schema: z.object({
43
+ advisories: z.record(z.string(), z.array(advisorySchema)),
44
+ packages_checked: z.number(),
45
+ vulnerable_count: z.number(),
46
+ upstream_error: z.boolean().optional(),
47
+ }),
48
+ },
49
+ },
50
+ },
51
+ },
52
+ });
53
+ export const checkPackageRoute = createRoute({
54
+ method: 'get',
55
+ path: '/advisories/{vendor}/{package}/{version}',
56
+ tags: ['Security'],
57
+ summary: 'Check a specific package version for advisories',
58
+ request: {
59
+ params: z.object({
60
+ vendor: z.string().openapi({ description: 'Composer vendor name (e.g. "symfony")', example: 'symfony' }),
61
+ package: z.string().openapi({ description: 'Composer package name (e.g. "http-kernel")', example: 'http-kernel' }),
62
+ version: z.string().openapi({ description: 'Package version (e.g. "6.3.0")', example: '6.3.0' }),
63
+ }),
64
+ },
65
+ responses: {
66
+ 200: {
67
+ description: 'Vulnerability check result for specific package version',
68
+ content: {
69
+ 'application/json': {
70
+ schema: vulnerabilityCheckResultSchema,
71
+ },
72
+ },
73
+ },
74
+ },
75
+ });
76
+ //# sourceMappingURL=advisory.routes.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"advisory.routes.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAEnD,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAC;AAEH,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;IACnC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,aAAa;IACnB,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,wCAAwC;IACjD,WAAW,EAAE,oGAAoG;IACjH,OAAO,EAAE;QACP,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;YACd,QAAQ,EAAE,CAAC;iBACR,MAAM,EAAE;iBACR,QAAQ,EAAE;iBACV,OAAO,CAAC;gBACP,WAAW,EAAE,+FAA+F;gBAC5G,OAAO,EAAE,uCAAuC;aACjD,CAAC;SACL,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,wBAAwB;YACrC,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;wBACf,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;wBACzD,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;wBAC5B,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;wBAC5B,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;qBACvC,CAAC;iBACH;aACF;SACF;KACF;CACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,WAAW,CAAC;IAC3C,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,0CAA0C;IAChD,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YACxG,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,4CAA4C,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC;YAClH,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,gCAAgC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;SACjG,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,yDAAyD;YACtE,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,8BAA8B;iBACvC;aACF;SACF;KACF;CACF,CAAC,CAAC"}
@@ -0,0 +1,31 @@
1
+ import type { BrokerPlugin } from '../../kernel/plugin';
2
+ import { SecurityAdvisoryService } from './advisory-service';
3
+ import { AdvisoryDatabase } from './advisory-db';
4
+ export { SecurityAdvisoryService } from './advisory-service';
5
+ export { AdvisoryDatabase, type SecurityAdvisory } from './advisory-db';
6
+ interface SecurityAdvisoryServices extends Record<string, unknown> {
7
+ securityAdvisoryService: SecurityAdvisoryService;
8
+ securityAdvisoryDb: AdvisoryDatabase;
9
+ }
10
+ interface SecurityAdvisoryEvents extends Record<string, unknown> {
11
+ 'package.synced': {
12
+ packageName: string;
13
+ version: string;
14
+ };
15
+ 'security.advisory.found': {
16
+ packageName: string;
17
+ version: string;
18
+ advisoryCount: number;
19
+ };
20
+ }
21
+ /**
22
+ * Security Advisories Plugin
23
+ *
24
+ * The first real plugin built on the Phase 0 kernel. It:
25
+ * 1. Registers a SecurityAdvisoryService in the service container
26
+ * 2. Subscribes to `package.synced` events to check packages
27
+ * 3. Emits `security.advisory.found` when vulnerabilities are detected
28
+ * 4. Adds a sync observer to scan packages after repository sync
29
+ */
30
+ export declare const securityAdvisoriesPlugin: BrokerPlugin<SecurityAdvisoryServices, SecurityAdvisoryEvents>;
31
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/index.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAIjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAExE,UAAU,wBAAyB,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAChE,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,kBAAkB,EAAE,gBAAgB,CAAC;CACtC;AAED,UAAU,sBAAuB,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC9D,gBAAgB,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3D,yBAAyB,EAAE;QACzB,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,EAAE,YAAY,CACjD,wBAAwB,EACxB,sBAAsB,CA0GvB,CAAC"}
@@ -0,0 +1,100 @@
1
+ /*
2
+ * PACKAGE.broker
3
+ * Copyright (C) 2025 Łukasz Bajsarowicz
4
+ * Licensed under AGPL-3.0
5
+ */
6
+ import { SecurityAdvisoryService } from './advisory-service';
7
+ import { AdvisoryDatabase } from './advisory-db';
8
+ import { setSecurityAdvisoryServiceInstance } from './advisory.handlers';
9
+ import { getLogger } from '../../utils/logger';
10
+ export { SecurityAdvisoryService } from './advisory-service';
11
+ export { AdvisoryDatabase } from './advisory-db';
12
+ /**
13
+ * Security Advisories Plugin
14
+ *
15
+ * The first real plugin built on the Phase 0 kernel. It:
16
+ * 1. Registers a SecurityAdvisoryService in the service container
17
+ * 2. Subscribes to `package.synced` events to check packages
18
+ * 3. Emits `security.advisory.found` when vulnerabilities are detected
19
+ * 4. Adds a sync observer to scan packages after repository sync
20
+ */
21
+ export const securityAdvisoriesPlugin = {
22
+ name: 'security-advisories',
23
+ version: '1.0.0',
24
+ register(ctx) {
25
+ const logger = getLogger();
26
+ const db = new AdvisoryDatabase();
27
+ const service = new SecurityAdvisoryService(db);
28
+ // Share service instance with HTTP handlers
29
+ setSecurityAdvisoryServiceInstance(service);
30
+ // Register services
31
+ ctx.services.register('securityAdvisoryDb', () => db);
32
+ ctx.services.register('securityAdvisoryService', () => service);
33
+ // Subscribe to package.synced events — store unsubscribe handle
34
+ const unsubscribeSynced = ctx.events.on('package.synced', async (payload) => {
35
+ const { packageName, version } = payload;
36
+ try {
37
+ const result = await service.checkPackage(packageName, version);
38
+ if (result.is_vulnerable) {
39
+ logger.warn('Security advisory found', {
40
+ package: packageName,
41
+ version,
42
+ advisoryCount: result.advisories.length,
43
+ });
44
+ ctx.events.emit('security.advisory.found', {
45
+ packageName,
46
+ version,
47
+ advisoryCount: result.advisories.length,
48
+ });
49
+ }
50
+ }
51
+ catch (err) {
52
+ logger.error('Security advisory check failed', { package: packageName, version }, err instanceof Error ? err : new Error(String(err)));
53
+ }
54
+ });
55
+ // Add sync observer — store reference for cleanup
56
+ const syncObserver = async (payload) => {
57
+ const syncPayload = payload;
58
+ if (!syncPayload.packages || syncPayload.packages.length === 0)
59
+ return;
60
+ try {
61
+ const results = await service.checkPackages(syncPayload.packages);
62
+ const vulnerable = results.filter((r) => r.is_vulnerable);
63
+ if (vulnerable.length > 0) {
64
+ logger.warn('Vulnerable packages detected after sync', {
65
+ repoId: syncPayload.repoId,
66
+ vulnerableCount: vulnerable.length,
67
+ totalChecked: syncPayload.packages.length,
68
+ });
69
+ }
70
+ }
71
+ catch (err) {
72
+ logger.error('Post-sync security scan failed', { repoId: syncPayload.repoId }, err instanceof Error ? err : new Error(String(err)));
73
+ }
74
+ };
75
+ ctx.hooks.addSyncObserver(syncObserver);
76
+ // Store cleanup references on the plugin object for dispose()
77
+ securityAdvisoriesPlugin._unsubscribeSynced = unsubscribeSynced;
78
+ securityAdvisoriesPlugin._syncObserver = syncObserver;
79
+ securityAdvisoriesPlugin._hooks = ctx.hooks;
80
+ logger.info('Security advisories plugin registered');
81
+ },
82
+ async dispose() {
83
+ const logger = getLogger();
84
+ // Clean up event subscription
85
+ const unsubscribe = securityAdvisoriesPlugin._unsubscribeSynced;
86
+ if (typeof unsubscribe === 'function') {
87
+ unsubscribe();
88
+ }
89
+ // Clean up sync observer
90
+ const hooks = securityAdvisoriesPlugin._hooks;
91
+ const observer = securityAdvisoriesPlugin._syncObserver;
92
+ if (hooks && observer) {
93
+ hooks.removeSyncObserver(observer);
94
+ }
95
+ // Reset shared service instance
96
+ setSecurityAdvisoryServiceInstance(null);
97
+ logger.info('Security advisories plugin disposed');
98
+ },
99
+ };
100
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,kCAAkC,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAyB,MAAM,eAAe,CAAC;AAgBxE;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAGjC;IACF,IAAI,EAAE,qBAAqB;IAC3B,OAAO,EAAE,OAAO;IAEhB,QAAQ,CAAC,GAAG;QACV,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,uBAAuB,CAAC,EAAE,CAAC,CAAC;QAEhD,4CAA4C;QAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC;QAE5C,oBAAoB;QACpB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACtD,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;QAEhE,gEAAgE;QAChE,MAAM,iBAAiB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YAC1E,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;YAEzC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBAEhE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBACzB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACrC,OAAO,EAAE,WAAW;wBACpB,OAAO;wBACP,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;qBACxC,CAAC,CAAC;oBAEH,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACzC,WAAW;wBACX,OAAO;wBACP,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;qBACxC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CACV,gCAAgC,EAChC,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,EACjC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,kDAAkD;QAClD,MAAM,YAAY,GAAiB,KAAK,EAAE,OAAgB,EAAE,EAAE;YAC5D,MAAM,WAAW,GAAG,OAGnB,CAAC;YAEF,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO;YAEvE,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBAClE,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;gBAE1D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;wBACrD,MAAM,EAAE,WAAW,CAAC,MAAM;wBAC1B,eAAe,EAAE,UAAU,CAAC,MAAM;wBAClC,YAAY,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;qBAC1C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CACV,gCAAgC,EAChC,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,EAC9B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;QAEF,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAExC,8DAA8D;QAC7D,wBAAgC,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;QACxE,wBAAgC,CAAC,aAAa,GAAG,YAAY,CAAC;QAC9D,wBAAgC,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC;QAErD,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAE3B,8BAA8B;QAC9B,MAAM,WAAW,GAAI,wBAAgC,CAAC,kBAAkB,CAAC;QACzE,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE,CAAC;YACtC,WAAW,EAAE,CAAC;QAChB,CAAC;QAED,yBAAyB;QACzB,MAAM,KAAK,GAAI,wBAAgC,CAAC,MAAM,CAAC;QACvD,MAAM,QAAQ,GAAI,wBAAgC,CAAC,aAAa,CAAC;QACjE,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;YACtB,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAED,gCAAgC;QAChC,kCAAkC,CAAC,IAAW,CAAC,CAAC;QAEhD,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;CACF,CAAC"}