@paklo/runner 0.1.0

package/dist/local/azure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure.js","names":["updates: DependabotUpdate[]","results: RunJobsResult","jobId: number | undefined","job: DependabotJobConfig | undefined","credentials: DependabotCredential[] | undefined","jobToken: string","credentialsToken: string","securityVulnerabilities: SecurityVulnerability[]","dependencyNamesToUpdate: string[]","packagesToCheckForVulnerabilities: Package[] | undefined"],"sources":["../../src/local/azure/server.ts","../../src/local/azure/runner.ts"],"sourcesContent":["import type { AzureDevOpsUrl, AzureDevOpsWebApiClient, IPullRequestProperties } from '@paklo/core/azure';\nimport {\n  buildPullRequestProperties,\n  GitPullRequestMergeStrategy,\n  getPullRequestChangedFilesForOutputData,\n  getPullRequestCloseReasonForOutputData,\n  getPullRequestDependenciesPropertyValueForOutputData,\n  getPullRequestDescription,\n  getPullRequestForDependencyNames,\n  parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport { type DependabotRequest, getBranchNameForUpdate } from '@paklo/core/dependabot';\nimport { logger } from '@/logger';\nimport { LocalDependabotServer, type LocalDependabotServerOptions } from '../server';\n\nexport type AzureLocalDependabotServerOptions = LocalDependabotServerOptions & {\n  url: AzureDevOpsUrl;\n  authorClient: AzureDevOpsWebApiClient;\n  autoApprove: boolean;\n  approverClient?: AzureDevOpsWebApiClient;\n  setAutoComplete: boolean;\n  mergeStrategy?: string;\n  autoCompleteIgnoreConfigIds: number[];\n  existingBranchNames: string[] | undefined;\n  existingPullRequests: IPullRequestProperties[];\n};\n\nexport class AzureLocalDependabotServer extends LocalDependabotServer {\n  // biome-ignore lint/correctness/noUnusedPrivateClassMembers: options is used\n  private readonly options: AzureLocalDependabotServerOptions;\n\n  constructor(options: AzureLocalDependabotServerOptions) {\n    super(options);\n    this.options = options;\n  }\n\n  protected override async handle(id: number, request: DependabotRequest): Promise<boolean> {\n    await super.handle(id, request); // common logic\n\n    const { options, affectedPullRequestIds } = this;\n    const {\n      url,\n      authorClient,\n      approverClient,\n      existingBranchNames,\n      existingPullRequests,\n      autoApprove,\n      mergeStrategy,\n      setAutoComplete,\n      autoCompleteIgnoreConfigIds,\n      author,\n      debug,\n      dryRun,\n    } = options;\n\n    const { type, data } = request;\n    const job = await this.job(id);\n    if (!job) {\n      logger.error(`No job found for ID '${id}', cannot process request of type '${type}'`);\n      return false;\n    }\n    const { 'package-manager': packageManager } = job;\n    logger.info(`Processing '${type}' for job ID '${id}'`);\n    if (debug) {\n      logger.debug(JSON.stringify(data));\n    }\n\n    const update = this.update(id)!; // exists because job exists\n    const { project, repository } = url;\n\n    switch (type) {\n      // Documentation on the 'data' model for each output type can be found here:\n      // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go\n\n      case 'create_pull_request': {\n        const title = data['pr-title'];\n        if (dryRun) {\n          logger.warn(`Skipping pull request creation of '${title}' as 'dryRun' is set to 'true'`);\n          return true;\n        }\n\n        // Skip if active pull request limit reached.\n        const openPullRequestsLimit = update['open-pull-requests-limit']!;\n\n        // Parse the Dependabot metadata for the existing pull requests that are related to this update\n        // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n        const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n        const existingPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n        const openPullRequestsCount = affectedPullRequestIds.get(id)!.created.length + existingPullRequestsCount;\n        const hasReachedOpenPullRequestLimit =\n          openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n\n        if (hasReachedOpenPullRequestLimit) {\n          logger.warn(\n            `Skipping pull request creation of '${title}' as the open pull requests limit (${openPullRequestsLimit}) has been reached`,\n          );\n          return true;\n        }\n\n        const changedFiles = getPullRequestChangedFilesForOutputData(data);\n        const dependencies = getPullRequestDependenciesPropertyValueForOutputData(data);\n        const targetBranch = update['target-branch'] || (await authorClient.getDefaultBranch(project, repository));\n        const sourceBranch = getBranchNameForUpdate(\n          update['package-ecosystem'],\n          targetBranch,\n          update.directory || update.directories?.find((dir) => changedFiles[0]?.path?.startsWith(dir)),\n          !Array.isArray(dependencies) ? dependencies['dependency-group-name'] : undefined,\n          !Array.isArray(dependencies) ? dependencies.dependencies : dependencies,\n          update['pull-request-branch-name']?.separator,\n        );\n\n        // Check if the source branch already exists or conflicts with an existing branch\n        const existingBranch = existingBranchNames?.find((branch) => sourceBranch === branch) || [];\n        if (existingBranch.length) {\n          logger.error(\n            `Unable to create pull request '${title}' as source branch '${sourceBranch}' already exists; Delete the existing branch and try again.`,\n          );\n          return false;\n        }\n        const conflictingBranches = existingBranchNames?.filter((branch) => sourceBranch.startsWith(branch)) || [];\n        if (conflictingBranches.length) {\n          logger.error(\n            `Unable to create pull request '${title}' as source branch '${sourceBranch}' would conflict with existing branch(es) '${conflictingBranches.join(', ')}'; Delete the conflicting branch(es) and try again.`,\n          );\n          return false;\n        }\n\n        // Create a new pull request\n        const newPullRequestId = await authorClient.createPullRequest({\n          project: project,\n          repository: repository,\n          source: {\n            commit: data['base-commit-sha'] || job.source.commit!,\n            branch: sourceBranch,\n          },\n          target: {\n            branch: targetBranch!,\n          },\n          author,\n          title,\n          description: getPullRequestDescription(packageManager, data['pr-body'], data.dependencies),\n          commitMessage: data['commit-message'],\n          autoComplete: setAutoComplete\n            ? {\n                ignorePolicyConfigIds: autoCompleteIgnoreConfigIds,\n                mergeStrategy: (() => {\n                  switch (mergeStrategy) {\n                    case 'noFastForward':\n                      return GitPullRequestMergeStrategy.NoFastForward;\n                    case 'squash':\n                      return GitPullRequestMergeStrategy.Squash;\n                    case 'rebase':\n                      return GitPullRequestMergeStrategy.Rebase;\n                    case 'rebaseMerge':\n                      return GitPullRequestMergeStrategy.RebaseMerge;\n                    default:\n                      return GitPullRequestMergeStrategy.Squash;\n                  }\n                })(),\n              }\n            : undefined,\n          assignees: update.assignees,\n          labels: update.labels?.map((label) => label?.trim()) || [],\n          workItems: update.milestone ? [update.milestone] : [],\n          changes: changedFiles,\n          properties: buildPullRequestProperties(packageManager, dependencies),\n        });\n\n        // Auto-approve the pull request, if required\n        if (autoApprove && approverClient && newPullRequestId) {\n          await approverClient.approvePullRequest({\n            project: project,\n            repository: repository,\n            pullRequestId: newPullRequestId,\n          });\n        }\n\n        // Store the new pull request ID, so we can keep track of the total number of open pull requests\n        if (newPullRequestId && newPullRequestId > 0) {\n          affectedPullRequestIds.get(id)!.created.push(newPullRequestId);\n          return true;\n        } else {\n          return false;\n        }\n      }\n\n      case 'update_pull_request': {\n        if (dryRun) {\n          logger.warn(`Skipping pull request update as 'dryRun' is set to 'true'`);\n          return true;\n        }\n\n        // Find the pull request to update\n        const pullRequestToUpdate = getPullRequestForDependencyNames(\n          existingPullRequests,\n          packageManager,\n          data['dependency-names'],\n        );\n        if (!pullRequestToUpdate) {\n          logger.error(\n            `Could not find pull request to update for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n          );\n          return false;\n        }\n\n        // Update the pull request\n        const pullRequestWasUpdated = await authorClient.updatePullRequest({\n          project: project,\n          repository: repository,\n          pullRequestId: pullRequestToUpdate.id,\n          commit: data['base-commit-sha'] || job.source.commit!,\n          author,\n          changes: getPullRequestChangedFilesForOutputData(data),\n          skipIfDraft: true,\n          skipIfCommitsFromAuthorsOtherThan: author.email,\n          skipIfNotBehindTargetBranch: true,\n        });\n\n        // Re-approve the pull request, if required\n        if (autoApprove && approverClient && pullRequestWasUpdated) {\n          await approverClient.approvePullRequest({\n            project: project,\n            repository: repository,\n            pullRequestId: pullRequestToUpdate.id,\n          });\n        }\n\n        if (pullRequestWasUpdated) {\n          affectedPullRequestIds.get(id)!.updated.push(pullRequestToUpdate.id);\n          return true;\n        }\n        return false;\n      }\n\n      case 'close_pull_request': {\n        if (dryRun) {\n          logger.warn(`Skipping pull request closure as 'dryRun' is set to 'true'`);\n          return true;\n        }\n\n        // Find the pull request to close\n        const pullRequestToClose = getPullRequestForDependencyNames(\n          existingPullRequests,\n          packageManager,\n          data['dependency-names'],\n        );\n        if (!pullRequestToClose) {\n          logger.error(\n            `Could not find pull request to close for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n          );\n          return false;\n        }\n\n        // TODO: GitHub Dependabot will close with reason \"Superseded by ${new_pull_request_id}\" when another PR supersedes it.\n        //       How do we detect this? Do we need to?\n\n        // Close the pull request\n        const success = await authorClient.abandonPullRequest({\n          project: project,\n          repository: repository,\n          pullRequestId: pullRequestToClose.id,\n          comment: getPullRequestCloseReasonForOutputData(data),\n          deleteSourceBranch: true,\n        });\n        if (success) {\n          affectedPullRequestIds.get(id)!.closed.push(pullRequestToClose.id);\n          return true;\n        }\n        return false;\n      }\n\n      // No action required\n      case 'update_dependency_list':\n      case 'mark_as_processed':\n      case 'record_ecosystem_versions':\n      case 'record_ecosystem_meta':\n      case 'increment_metric':\n      case 'record_metrics':\n        return true;\n\n      case 'record_update_job_error':\n        logger.error(`Update job error: ${data['error-type']} ${JSON.stringify(data['error-details'])}`);\n        return true;\n\n      case 'record_update_job_unknown_error':\n        logger.error(`Update job unknown error: ${data['error-type']}, ${JSON.stringify(data['error-details'])}`);\n        return true;\n\n      default:\n        logger.warn(`Unknown dependabot output type '${type}', ignoring...`);\n        return true;\n    }\n  }\n}\n","import { existsSync } from 'node:fs';\nimport { readFile } from 'node:fs/promises';\nimport {\n  AzureDevOpsWebApiClient,\n  DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME,\n  type IPullRequestProperties,\n  normalizeBranchName,\n  parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport {\n  type DependabotCredential,\n  DependabotJobBuilder,\n  type DependabotJobConfig,\n  type DependabotUpdate,\n  mapPackageEcosystemToPackageManager,\n} from '@paklo/core/dependabot';\nimport {\n  filterVulnerabilities,\n  GitHubGraphClient,\n  getGhsaPackageEcosystemFromDependabotPackageManager,\n  type Package,\n  type SecurityVulnerability,\n  SecurityVulnerabilitySchema,\n} from '@paklo/core/github';\nimport { logger } from '@/logger';\nimport { type RunJobOptions, runJob } from '../../job-runner';\nimport { LocalJobsRunner, type LocalJobsRunnerOptions, type RunJobsResult } from '../runner';\nimport { AzureLocalDependabotServer, type AzureLocalDependabotServerOptions } from './server';\n\nexport type AzureLocalJobsRunnerOptions = LocalJobsRunnerOptions &\n  Omit<\n    AzureLocalDependabotServerOptions,\n    'authorClient' | 'approverClient' | 'existingBranchNames' | 'existingPullRequests'\n  > & {\n    port?: number;\n    securityAdvisoriesFile?: string;\n    gitToken: string;\n    githubToken?: string;\n    autoApproveToken?: string;\n  };\n\nexport class AzureLocalJobsRunner extends LocalJobsRunner {\n  // biome-ignore-start lint/correctness/noUnusedPrivateClassMembers: variables are used\n  private readonly options: AzureLocalJobsRunnerOptions;\n  private readonly authorClient: AzureDevOpsWebApiClient;\n  private readonly approverClient?: AzureDevOpsWebApiClient;\n  // biome-ignore-end lint/correctness/noUnusedPrivateClassMembers: variables are used\n\n  constructor(options: AzureLocalJobsRunnerOptions) {\n    super({ ...options });\n    this.options = options;\n    const { url, gitToken, autoApprove, debug } = this.options;\n\n    // Initialise the DevOps API clients (one for authoring the other for auto-approving (if configured))\n    this.authorClient = new AzureDevOpsWebApiClient(url, gitToken, debug);\n    this.approverClient = autoApprove\n      ? new AzureDevOpsWebApiClient(url, options.autoApproveToken || gitToken, debug)\n      : undefined;\n  }\n\n  public override async run(): Promise<RunJobsResult> {\n    await super.run(); // common logic\n\n    const {\n      options: { url, port, config, targetUpdateIds, command },\n      authorClient,\n      approverClient,\n    } = this;\n\n    // Print a warning about the required workarounds for security-only updates, if any update is configured as such\n    // TODO: If and when Dependabot supports a better way to do security-only updates, remove this.\n    if (config.updates?.some((u) => u['open-pull-requests-limit'] === 0)) {\n      logger.warn(\n        'Security-only updates incur a slight performance overhead due to limitations in Dependabot CLI. For more info, see: https://github.com/mburumaxwell/dependabot-azure-devops/blob/main/README.md#configuring-security-advisories-and-known-vulnerabilities',\n      );\n    }\n\n    // Fetch the active pull requests created by the author user\n    const existingBranchNames = await authorClient.getBranchNames(url.project, url.repository);\n    const existingPullRequests = await authorClient.getActivePullRequestProperties(\n      url.project,\n      url.repository,\n      await authorClient.getUserId(),\n    );\n\n    // Prepare local server\n    const serverOptions: AzureLocalDependabotServerOptions = {\n      authorClient,\n      approverClient,\n      existingBranchNames,\n      existingPullRequests,\n      ...this.options,\n    };\n    const server = new AzureLocalDependabotServer(serverOptions);\n    server.start(port);\n    // give the server a second to start\n    await new Promise((resolve) => setTimeout(resolve, 1000));\n\n    // The API urls is constant when working in this CLI. Asking people to setup NGROK or similar just to get\n    // HTTPS for the job token to be used is too much hassle.\n    // Using same value for dependabotApiUrl and dependabotApiDockerUrl so as to capture /record_metrics calls.\n    const dependabotApiUrl = `http://host.docker.internal:${server.port}/api`;\n    const dependabotApiDockerUrl = dependabotApiUrl;\n\n    // If update identifiers are specified, select them; otherwise handle all\n    let updates: DependabotUpdate[] = [];\n    if (targetUpdateIds && targetUpdateIds.length > 0) {\n      for (const id of targetUpdateIds) {\n        const upd = config.updates[id];\n        if (!upd) {\n          logger.warn(\n            `\n            Unable to find target update id '${id}'.\n            This value should be a zero based index of the update in your config file.\n            Expected range: 0-${config.updates.length - 1}\n            `,\n          );\n        } else {\n          updates.push(upd);\n        }\n      }\n    } else {\n      updates = config.updates;\n    }\n\n    try {\n      // Abandon all pull requests where the source branch has been deleted\n      await this.abandonPullRequestsWhereSourceRefIsDeleted(existingBranchNames, existingPullRequests);\n\n      // Perform updates for each of the [targeted] update blocks in dependabot.yaml\n      return await this.performUpdates(\n        server,\n        updates,\n        existingPullRequests,\n        dependabotApiUrl,\n        dependabotApiDockerUrl,\n        command,\n      );\n    } finally {\n      server.stop();\n    }\n  }\n\n  /**\n   * Abandon all pull requests where the source branch has been deleted.\n   * @param existingBranchNames The names of the existing branches.\n   * @param existingPullRequests The existing pull requests.\n   */\n  private async abandonPullRequestsWhereSourceRefIsDeleted(\n    existingBranchNames?: string[],\n    existingPullRequests?: IPullRequestProperties[],\n  ): Promise<void> {\n    if (!existingBranchNames || !existingPullRequests) return;\n\n    const {\n      options: { url, dryRun },\n      authorClient,\n    } = this;\n    for (const pullRequestIndex in existingPullRequests) {\n      const pullRequest = existingPullRequests[pullRequestIndex]!;\n      const pullRequestSourceRefName = normalizeBranchName(\n        pullRequest.properties?.find((x) => x.name === DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME)?.value,\n      );\n      if (pullRequestSourceRefName && !existingBranchNames.includes(pullRequestSourceRefName)) {\n        // The source branch for the pull request has been deleted; abandon the pull request (if not dry run)\n        if (!dryRun) {\n          logger.warn(\n            `Detected source branch for PR #${pullRequest.id} has been deleted; The pull request will be abandoned`,\n          );\n          await authorClient.abandonPullRequest({\n            project: url.project,\n            repository: url.repository,\n            pullRequestId: pullRequest.id,\n            // comment:\n            //   'OK, I won't notify you again about this release, but will get in touch when a new version is available. ' +\n            //   'If you'd rather skip all updates until the next major or minor version, add an ' +\n            //   '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n            //   'with the desired `update-types` to your config file.',\n            comment:\n              'It might be a good idea to add an ' +\n              '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n              'with the desired `update-types` to your config file.',\n          });\n        }\n        // Remove the pull request from the list of existing pull requests to ensures that we don't attempt to update it later in the process.\n        existingPullRequests.splice(existingPullRequests.indexOf(pullRequest), 1);\n      }\n    }\n  }\n\n  /**\n   * Performs the updates.\n   * @param server The local Dependabot server.\n   * @param updates The updates to perform.\n   * @param existingPullRequests The existing pull requests.\n   */\n  private async performUpdates(\n    server: AzureLocalDependabotServer,\n    updates: DependabotUpdate[],\n    existingPullRequests: IPullRequestProperties[],\n    dependabotApiUrl: string,\n    dependabotApiDockerUrl?: string,\n    command?: DependabotJobConfig['command'],\n  ): Promise<RunJobsResult> {\n    const {\n      options: { url, gitToken, githubToken, experiments, config, dryRun, securityAdvisoriesFile, secretMasker },\n    } = this;\n\n    const results: RunJobsResult = [];\n\n    function makeUsageData(job: DependabotJobConfig): RunJobOptions['usage'] {\n      return {\n        trigger: 'user',\n        provider: job.source.provider,\n        owner: url.url.toString(),\n        project: `${url.url.toString().replace(/\\/$/, '')}/${url.project}`,\n        'package-manager': job['package-manager'],\n      };\n    }\n\n    for (const update of updates) {\n      const packageEcosystem = update['package-ecosystem'];\n      const packageManager = mapPackageEcosystemToPackageManager(packageEcosystem);\n\n      // If there is an updater image, replace the placeholder in it\n      let { updaterImage } = this.options;\n      updaterImage = updaterImage?.replace(/\\{ecosystem\\}/i, packageEcosystem);\n\n      // Parse the Dependabot metadata for the existing pull requests that are related to this update\n      // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n      const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n      const existingPullRequestDependenciesForPackageManager = Object.values(existingPullRequestsForPackageManager);\n\n      const builder = new DependabotJobBuilder({\n        source: { provider: 'azure', ...url },\n        config,\n        update,\n        systemAccessToken: gitToken,\n        githubToken,\n        experiments,\n        debug: false,\n      });\n\n      let jobId: number | undefined;\n      let job: DependabotJobConfig | undefined;\n      let credentials: DependabotCredential[] | undefined;\n      let jobToken: string;\n      let credentialsToken: string;\n\n      // If this is a security-only update (i.e. 'open-pull-requests-limit: 0'), then we first need to discover the dependencies\n      // that need updating and check each one for vulnerabilities. This is because Dependabot requires the list of vulnerable dependencies\n      // to be supplied in the job definition of security-only update job, it will not automatically discover them like a versioned update does.\n      // https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file\n      let securityVulnerabilities: SecurityVulnerability[] = [];\n      let dependencyNamesToUpdate: string[] = [];\n      const securityUpdatesOnly = update['open-pull-requests-limit'] === 0;\n      if (securityUpdatesOnly) {\n        // Run an update job to discover all dependencies\n        ({ jobId, job, credentials } = builder.forDependenciesList({ command }));\n        ({ jobToken, credentialsToken } = this.makeTokens());\n        server.add({ id: jobId, update, job, jobToken, credentialsToken, credentials });\n        await runJob({\n          dependabotApiUrl,\n          dependabotApiDockerUrl,\n          jobId,\n          jobToken,\n          credentialsToken,\n          updaterImage,\n          secretMasker,\n          usage: makeUsageData(job),\n        });\n\n        const outputs = server.requests(jobId);\n        const packagesToCheckForVulnerabilities: Package[] | undefined = outputs!\n          .find((o) => o.type === 'update_dependency_list')\n          ?.data.dependencies?.map((d) => ({ name: d.name, version: d.version }));\n        if (packagesToCheckForVulnerabilities?.length) {\n          logger.info(\n            `Detected ${packagesToCheckForVulnerabilities.length} dependencies; Checking for vulnerabilities...`,\n          );\n\n          // parse security advisories from file (private)\n          if (securityAdvisoriesFile) {\n            const filePath = securityAdvisoriesFile;\n            if (existsSync(filePath)) {\n              const fileContents = await readFile(filePath, 'utf-8');\n              securityVulnerabilities = await SecurityVulnerabilitySchema.array().parseAsync(JSON.parse(fileContents));\n            } else {\n              logger.info(`Private security advisories file '${filePath}' does not exist`);\n            }\n          }\n          if (githubToken) {\n            const ghsaClient = new GitHubGraphClient(githubToken);\n            const githubVulnerabilities = await ghsaClient.getSecurityVulnerabilitiesAsync(\n              getGhsaPackageEcosystemFromDependabotPackageManager(packageManager),\n              packagesToCheckForVulnerabilities || [],\n            );\n            securityVulnerabilities.push(...githubVulnerabilities);\n          } else {\n            logger.info(\n              'GitHub access token is not provided; Checking for vulnerabilities from GitHub is skipped. ' +\n                'This is not an issue if you are using private security advisories file.',\n            );\n          }\n\n          securityVulnerabilities = filterVulnerabilities(securityVulnerabilities);\n\n          // Only update dependencies that have vulnerabilities\n          dependencyNamesToUpdate = Array.from(new Set(securityVulnerabilities.map((v) => v.package.name)));\n          logger.info(\n            `Detected ${securityVulnerabilities.length} vulnerabilities affecting ${dependencyNamesToUpdate.length} dependencies`,\n          );\n          if (dependencyNamesToUpdate.length) {\n            logger.trace(dependencyNamesToUpdate);\n          }\n        } else {\n          logger.info(`No vulnerabilities detected for update ${update['package-ecosystem']} in ${update.directory}`);\n          server.clear(jobId);\n          continue; // nothing more to do for this update\n        }\n\n        server.clear(jobId);\n      }\n\n      // Run an update job for \"all dependencies\"; this will create new pull requests for dependencies that need updating\n      const openPullRequestsLimit = update['open-pull-requests-limit']!;\n      const openPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n      const hasReachedOpenPullRequestLimit =\n        openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n      if (!hasReachedOpenPullRequestLimit) {\n        const dependenciesHaveVulnerabilities = dependencyNamesToUpdate.length && securityVulnerabilities.length;\n        if (!securityUpdatesOnly || dependenciesHaveVulnerabilities) {\n          ({ jobId, job, credentials } = builder.forUpdate({\n            command,\n            dependencyNamesToUpdate,\n            existingPullRequests: existingPullRequestDependenciesForPackageManager,\n            securityVulnerabilities,\n          }));\n          ({ jobToken, credentialsToken } = this.makeTokens());\n          server.add({ id: jobId, update, job, jobToken, credentialsToken, credentials });\n          const { success, message } = await runJob({\n            dependabotApiUrl,\n            dependabotApiDockerUrl,\n            jobId,\n            jobToken,\n            credentialsToken,\n            updaterImage,\n            secretMasker,\n            usage: makeUsageData(job),\n          });\n          const affectedPrs = server.allAffectedPrs(jobId);\n          server.clear(jobId);\n          results.push({ id: jobId, success, message, affectedPrs });\n        } else {\n          logger.info('Nothing to update; dependencies are not affected by any known vulnerability');\n        }\n      } else {\n        logger.warn(\n          `Skipping update for ${packageEcosystem} packages as the open pull requests limit (${openPullRequestsLimit}) has already been reached`,\n        );\n      }\n\n      // If there are existing pull requests, run an update job for each one; this will resolve merge conflicts and close pull requests that are no longer needed\n      const numberOfPullRequestsToUpdate = Object.keys(existingPullRequestsForPackageManager).length;\n      if (numberOfPullRequestsToUpdate > 0) {\n        if (!dryRun) {\n          for (const pullRequestId in existingPullRequestsForPackageManager) {\n            ({ jobId, job, credentials } = builder.forUpdate({\n              command,\n              existingPullRequests: existingPullRequestDependenciesForPackageManager,\n              pullRequestToUpdate: existingPullRequestsForPackageManager[pullRequestId]!,\n              securityVulnerabilities,\n            }));\n            ({ jobToken, credentialsToken } = this.makeTokens());\n            server.add({ id: jobId, update, job, jobToken, credentialsToken, credentials });\n            const { success, message } = await runJob({\n              dependabotApiUrl,\n              dependabotApiDockerUrl,\n              jobId,\n              jobToken,\n              credentialsToken,\n              updaterImage,\n              secretMasker,\n              usage: makeUsageData(job),\n            });\n            const affectedPrs = server.allAffectedPrs(jobId);\n            server.clear(jobId);\n            results.push({ id: jobId, success, message, affectedPrs });\n          }\n        } else {\n          logger.warn(\n            `Skipping update of ${numberOfPullRequestsToUpdate} existing ${packageEcosystem} package pull request(s) as 'dryRun' is set to 'true'`,\n          );\n        }\n      }\n    }\n\n    return results;\n  }\n}\n"],"mappings":";;;;;;;;;;AA2BA,IAAa,6BAAb,cAAgD,sBAAsB;CAEpE,AAAiB;CAEjB,YAAY,SAA4C;AACtD,QAAM,QAAQ;AACd,OAAK,UAAU;;CAGjB,MAAyB,OAAO,IAAY,SAA8C;AACxF,QAAM,MAAM,OAAO,IAAI,QAAQ;EAE/B,MAAM,EAAE,SAAS,2BAA2B;EAC5C,MAAM,EACJ,KACA,cACA,gBACA,qBACA,sBACA,aACA,eACA,iBACA,6BACA,QACA,OACA,WACE;EAEJ,MAAM,EAAE,MAAM,SAAS;EACvB,MAAM,MAAM,MAAM,KAAK,IAAI,GAAG;AAC9B,MAAI,CAAC,KAAK;AACR,UAAO,MAAM,wBAAwB,GAAG,qCAAqC,KAAK,GAAG;AACrF,UAAO;;EAET,MAAM,EAAE,mBAAmB,mBAAmB;AAC9C,SAAO,KAAK,eAAe,KAAK,gBAAgB,GAAG,GAAG;AACtD,MAAI,MACF,QAAO,MAAM,KAAK,UAAU,KAAK,CAAC;EAGpC,MAAM,SAAS,KAAK,OAAO,GAAG;EAC9B,MAAM,EAAE,SAAS,eAAe;AAEhC,UAAQ,MAAR;GAIE,KAAK,uBAAuB;IAC1B,MAAM,QAAQ,KAAK;AACnB,QAAI,QAAQ;AACV,YAAO,KAAK,sCAAsC,MAAM,gCAAgC;AACxF,YAAO;;IAIT,MAAM,wBAAwB,OAAO;IAIrC,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;IAC9G,MAAM,4BAA4B,OAAO,QAAQ,sCAAsC,CAAC;IACxF,MAAM,wBAAwB,uBAAuB,IAAI,GAAG,CAAE,QAAQ,SAAS;AAI/E,QAFE,wBAAwB,KAAK,yBAAyB,uBAEpB;AAClC,YAAO,KACL,sCAAsC,MAAM,qCAAqC,sBAAsB,oBACxG;AACD,YAAO;;IAGT,MAAM,eAAe,wCAAwC,KAAK;IAClE,MAAM,eAAe,qDAAqD,KAAK;IAC/E,MAAM,eAAe,OAAO,oBAAqB,MAAM,aAAa,iBAAiB,SAAS,WAAW;IACzG,MAAM,eAAe,uBACnB,OAAO,sBACP,cACA,OAAO,aAAa,OAAO,aAAa,MAAM,QAAQ,aAAa,IAAI,MAAM,WAAW,IAAI,CAAC,EAC7F,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,2BAA2B,QACvE,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,eAAe,cAC3D,OAAO,6BAA6B,UACrC;AAID,SADuB,qBAAqB,MAAM,WAAW,iBAAiB,OAAO,IAAI,EAAE,EACxE,QAAQ;AACzB,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6DAC5E;AACD,YAAO;;IAET,MAAM,sBAAsB,qBAAqB,QAAQ,WAAW,aAAa,WAAW,OAAO,CAAC,IAAI,EAAE;AAC1G,QAAI,oBAAoB,QAAQ;AAC9B,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6CAA6C,oBAAoB,KAAK,KAAK,CAAC,qDACxJ;AACD,YAAO;;IAIT,MAAM,mBAAmB,MAAM,aAAa,kBAAkB;KACnD;KACG;KACZ,QAAQ;MACN,QAAQ,KAAK,sBAAsB,IAAI,OAAO;MAC9C,QAAQ;MACT;KACD,QAAQ,EACN,QAAQ,cACT;KACD;KACA;KACA,aAAa,0BAA0B,gBAAgB,KAAK,YAAY,KAAK,aAAa;KAC1F,eAAe,KAAK;KACpB,cAAc,kBACV;MACE,uBAAuB;MACvB,sBAAsB;AACpB,eAAQ,eAAR;QACE,KAAK,gBACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,cACH,QAAO,4BAA4B;QACrC,QACE,QAAO,4BAA4B;;UAErC;MACL,GACD;KACJ,WAAW,OAAO;KAClB,QAAQ,OAAO,QAAQ,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,EAAE;KAC1D,WAAW,OAAO,YAAY,CAAC,OAAO,UAAU,GAAG,EAAE;KACrD,SAAS;KACT,YAAY,2BAA2B,gBAAgB,aAAa;KACrE,CAAC;AAGF,QAAI,eAAe,kBAAkB,iBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe;KAChB,CAAC;AAIJ,QAAI,oBAAoB,mBAAmB,GAAG;AAC5C,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,iBAAiB;AAC9D,YAAO;UAEP,QAAO;;GAIX,KAAK,uBAAuB;AAC1B,QAAI,QAAQ;AACV,YAAO,KAAK,4DAA4D;AACxE,YAAO;;IAIT,MAAM,sBAAsB,iCAC1B,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,qBAAqB;AACxB,YAAO,MACL,8DAA8D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACzI;AACD,YAAO;;IAIT,MAAM,wBAAwB,MAAM,aAAa,kBAAkB;KACxD;KACG;KACZ,eAAe,oBAAoB;KACnC,QAAQ,KAAK,sBAAsB,IAAI,OAAO;KAC9C;KACA,SAAS,wCAAwC,KAAK;KACtD,aAAa;KACb,mCAAmC,OAAO;KAC1C,6BAA6B;KAC9B,CAAC;AAGF,QAAI,eAAe,kBAAkB,sBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe,oBAAoB;KACpC,CAAC;AAGJ,QAAI,uBAAuB;AACzB,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,oBAAoB,GAAG;AACpE,YAAO;;AAET,WAAO;;GAGT,KAAK,sBAAsB;AACzB,QAAI,QAAQ;AACV,YAAO,KAAK,6DAA6D;AACzE,YAAO;;IAIT,MAAM,qBAAqB,iCACzB,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,oBAAoB;AACvB,YAAO,MACL,6DAA6D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACxI;AACD,YAAO;;AAcT,QAPgB,MAAM,aAAa,mBAAmB;KAC3C;KACG;KACZ,eAAe,mBAAmB;KAClC,SAAS,uCAAuC,KAAK;KACrD,oBAAoB;KACrB,CAAC,EACW;AACX,4BAAuB,IAAI,GAAG,CAAE,OAAO,KAAK,mBAAmB,GAAG;AAClE,YAAO;;AAET,WAAO;;GAIT,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK,iBACH,QAAO;GAET,KAAK;AACH,WAAO,MAAM,qBAAqB,KAAK,cAAc,GAAG,KAAK,UAAU,KAAK,iBAAiB,GAAG;AAChG,WAAO;GAET,KAAK;AACH,WAAO,MAAM,6BAA6B,KAAK,cAAc,IAAI,KAAK,UAAU,KAAK,iBAAiB,GAAG;AACzG,WAAO;GAET;AACE,WAAO,KAAK,mCAAmC,KAAK,gBAAgB;AACpE,WAAO;;;;;;;ACzPf,IAAa,uBAAb,cAA0C,gBAAgB;CAExD,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAGjB,YAAY,SAAsC;AAChD,QAAM,EAAE,GAAG,SAAS,CAAC;AACrB,OAAK,UAAU;EACf,MAAM,EAAE,KAAK,UAAU,aAAa,UAAU,KAAK;AAGnD,OAAK,eAAe,IAAI,wBAAwB,KAAK,UAAU,MAAM;AACrE,OAAK,iBAAiB,cAClB,IAAI,wBAAwB,KAAK,QAAQ,oBAAoB,UAAU,MAAM,GAC7E;;CAGN,MAAsB,MAA8B;AAClD,QAAM,MAAM,KAAK;EAEjB,MAAM,EACJ,SAAS,EAAE,KAAK,MAAM,QAAQ,iBAAiB,WAC/C,cACA,mBACE;AAIJ,MAAI,OAAO,SAAS,MAAM,MAAM,EAAE,gCAAgC,EAAE,CAClE,QAAO,KACL,4PACD;EAIH,MAAM,sBAAsB,MAAM,aAAa,eAAe,IAAI,SAAS,IAAI,WAAW;EAC1F,MAAM,uBAAuB,MAAM,aAAa,+BAC9C,IAAI,SACJ,IAAI,YACJ,MAAM,aAAa,WAAW,CAC/B;EAUD,MAAM,SAAS,IAAI,2BAPsC;GACvD;GACA;GACA;GACA;GACA,GAAG,KAAK;GACT,CAC2D;AAC5D,SAAO,MAAM,KAAK;AAElB,QAAM,IAAI,SAAS,YAAY,WAAW,SAAS,IAAK,CAAC;EAKzD,MAAM,mBAAmB,+BAA+B,OAAO,KAAK;EACpE,MAAM,yBAAyB;EAG/B,IAAIA,UAA8B,EAAE;AACpC,MAAI,mBAAmB,gBAAgB,SAAS,EAC9C,MAAK,MAAM,MAAM,iBAAiB;GAChC,MAAM,MAAM,OAAO,QAAQ;AAC3B,OAAI,CAAC,IACH,QAAO,KACL;+CACmC,GAAG;;gCAElB,OAAO,QAAQ,SAAS,EAAE;cAE/C;OAED,SAAQ,KAAK,IAAI;;MAIrB,WAAU,OAAO;AAGnB,MAAI;AAEF,SAAM,KAAK,2CAA2C,qBAAqB,qBAAqB;AAGhG,UAAO,MAAM,KAAK,eAChB,QACA,SACA,sBACA,kBACA,wBACA,QACD;YACO;AACR,UAAO,MAAM;;;;;;;;CASjB,MAAc,2CACZ,qBACA,sBACe;AACf,MAAI,CAAC,uBAAuB,CAAC,qBAAsB;EAEnD,MAAM,EACJ,SAAS,EAAE,KAAK,UAChB,iBACE;AACJ,OAAK,MAAM,oBAAoB,sBAAsB;GACnD,MAAM,cAAc,qBAAqB;GACzC,MAAM,2BAA2B,oBAC/B,YAAY,YAAY,MAAM,MAAM,EAAE,SAAS,iDAAiD,EAAE,MACnG;AACD,OAAI,4BAA4B,CAAC,oBAAoB,SAAS,yBAAyB,EAAE;AAEvF,QAAI,CAAC,QAAQ;AACX,YAAO,KACL,kCAAkC,YAAY,GAAG,uDAClD;AACD,WAAM,aAAa,mBAAmB;MACpC,SAAS,IAAI;MACb,YAAY,IAAI;MAChB,eAAe,YAAY;MAM3B,SACE;MAGH,CAAC;;AAGJ,yBAAqB,OAAO,qBAAqB,QAAQ,YAAY,EAAE,EAAE;;;;;;;;;;CAW/E,MAAc,eACZ,QACA,SACA,sBACA,kBACA,wBACA,SACwB;EACxB,MAAM,EACJ,SAAS,EAAE,KAAK,UAAU,aAAa,aAAa,QAAQ,QAAQ,wBAAwB,mBAC1F;EAEJ,MAAMC,UAAyB,EAAE;EAEjC,SAAS,cAAc,KAAkD;AACvE,UAAO;IACL,SAAS;IACT,UAAU,IAAI,OAAO;IACrB,OAAO,IAAI,IAAI,UAAU;IACzB,SAAS,GAAG,IAAI,IAAI,UAAU,CAAC,QAAQ,OAAO,GAAG,CAAC,GAAG,IAAI;IACzD,mBAAmB,IAAI;IACxB;;AAGH,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,mBAAmB,OAAO;GAChC,MAAM,iBAAiB,oCAAoC,iBAAiB;GAG5E,IAAI,EAAE,iBAAiB,KAAK;AAC5B,kBAAe,cAAc,QAAQ,kBAAkB,iBAAiB;GAIxE,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;GAC9G,MAAM,mDAAmD,OAAO,OAAO,sCAAsC;GAE7G,MAAM,UAAU,IAAI,qBAAqB;IACvC,QAAQ;KAAE,UAAU;KAAS,GAAG;KAAK;IACrC;IACA;IACA,mBAAmB;IACnB;IACA;IACA,OAAO;IACR,CAAC;GAEF,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GAMJ,IAAIC,0BAAmD,EAAE;GACzD,IAAIC,0BAAoC,EAAE;GAC1C,MAAM,sBAAsB,OAAO,gCAAgC;AACnE,OAAI,qBAAqB;AAEvB,KAAC,CAAE,OAAO,KAAK,eAAgB,QAAQ,oBAAoB,EAAE,SAAS,CAAC;AACvE,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI;KAAO;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;AAC/E,UAAM,OAAO;KACX;KACA;KACA;KACA;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IAGF,MAAMC,oCADU,OAAO,SAAS,MAAM,CAEnC,MAAM,MAAM,EAAE,SAAS,yBAAyB,EAC/C,KAAK,cAAc,KAAK,OAAO;KAAE,MAAM,EAAE;KAAM,SAAS,EAAE;KAAS,EAAE;AACzE,QAAI,mCAAmC,QAAQ;AAC7C,YAAO,KACL,YAAY,kCAAkC,OAAO,gDACtD;AAGD,SAAI,wBAAwB;MAC1B,MAAM,WAAW;AACjB,UAAI,WAAW,SAAS,EAAE;OACxB,MAAM,eAAe,MAAM,SAAS,UAAU,QAAQ;AACtD,iCAA0B,MAAM,4BAA4B,OAAO,CAAC,WAAW,KAAK,MAAM,aAAa,CAAC;YAExG,QAAO,KAAK,qCAAqC,SAAS,kBAAkB;;AAGhF,SAAI,aAAa;MAEf,MAAM,wBAAwB,MADX,IAAI,kBAAkB,YAAY,CACN,gCAC7C,oDAAoD,eAAe,EACnE,qCAAqC,EAAE,CACxC;AACD,8BAAwB,KAAK,GAAG,sBAAsB;WAEtD,QAAO,KACL,oKAED;AAGH,+BAA0B,sBAAsB,wBAAwB;AAGxE,+BAA0B,MAAM,KAAK,IAAI,IAAI,wBAAwB,KAAK,MAAM,EAAE,QAAQ,KAAK,CAAC,CAAC;AACjG,YAAO,KACL,YAAY,wBAAwB,OAAO,6BAA6B,wBAAwB,OAAO,eACxG;AACD,SAAI,wBAAwB,OAC1B,QAAO,MAAM,wBAAwB;WAElC;AACL,YAAO,KAAK,0CAA0C,OAAO,qBAAqB,MAAM,OAAO,YAAY;AAC3G,YAAO,MAAM,MAAM;AACnB;;AAGF,WAAO,MAAM,MAAM;;GAIrB,MAAM,wBAAwB,OAAO;GACrC,MAAM,wBAAwB,OAAO,QAAQ,sCAAsC,CAAC;AAGpF,OAAI,EADF,wBAAwB,KAAK,yBAAyB,wBACnB;IACnC,MAAM,kCAAkC,wBAAwB,UAAU,wBAAwB;AAClG,QAAI,CAAC,uBAAuB,iCAAiC;AAC3D,MAAC,CAAE,OAAO,KAAK,eAAgB,QAAQ,UAAU;MAC/C;MACA;MACA,sBAAsB;MACtB;MACD,CAAC;AACF,MAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,YAAO,IAAI;MAAE,IAAI;MAAO;MAAQ;MAAK;MAAU;MAAkB;MAAa,CAAC;KAC/E,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;MACxC;MACA;MACA;MACA;MACA;MACA;MACA;MACA,OAAO,cAAc,IAAI;MAC1B,CAAC;KACF,MAAM,cAAc,OAAO,eAAe,MAAM;AAChD,YAAO,MAAM,MAAM;AACnB,aAAQ,KAAK;MAAE,IAAI;MAAO;MAAS;MAAS;MAAa,CAAC;UAE1D,QAAO,KAAK,8EAA8E;SAG5F,QAAO,KACL,uBAAuB,iBAAiB,6CAA6C,sBAAsB,4BAC5G;GAIH,MAAM,+BAA+B,OAAO,KAAK,sCAAsC,CAAC;AACxF,OAAI,+BAA+B,EACjC,KAAI,CAAC,OACH,MAAK,MAAM,iBAAiB,uCAAuC;AACjE,KAAC,CAAE,OAAO,KAAK,eAAgB,QAAQ,UAAU;KAC/C;KACA,sBAAsB;KACtB,qBAAqB,sCAAsC;KAC3D;KACD,CAAC;AACF,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI;KAAO;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;IAC/E,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;KACxC;KACA;KACA;KACA;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IACF,MAAM,cAAc,OAAO,eAAe,MAAM;AAChD,WAAO,MAAM,MAAM;AACnB,YAAQ,KAAK;KAAE,IAAI;KAAO;KAAS;KAAS;KAAa,CAAC;;OAG5D,QAAO,KACL,sBAAsB,6BAA6B,YAAY,iBAAiB,uDACjF;;AAKP,SAAO"}

package/dist/local/index.d.ts

@@ -0,0 +1,2 @@
+import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, r as LocalDependabotServerAddOptions, s as RunJobsResult, t as AffectedPullRequestIds } from "../server-Ri18zAcc.js";
+export { AffectedPullRequestIds, LocalDependabotServer, LocalDependabotServerAddOptions, LocalDependabotServerOptions, LocalJobsRunner, LocalJobsRunnerOptions, RunJobsResult };

package/dist/local/index.js

@@ -0,0 +1,4 @@
+import "../logger-Bekleunx.js";
+import { n as LocalJobsRunner, t as LocalDependabotServer } from "../server-Dcc7bD60.js";
+
+export { LocalDependabotServer, LocalJobsRunner };

package/dist/logger-Bekleunx.js

@@ -0,0 +1,3 @@
+import { logger } from "@paklo/core/logger";
+
+export { logger as t };

package/dist/server-Dcc7bD60.js

@@ -0,0 +1,203 @@
+import { t as logger } from "./logger-Bekleunx.js";
+import { createApiServerApp, makeRandomJobToken } from "@paklo/core/dependabot";
+import { createAdaptorServer } from "@hono/node-server";
+
+//#region src/local/runner.ts
+var LocalJobsRunner = class {
+	opt;
+	constructor(options) {
+		this.opt = options;
+	}
+	makeTokens() {
+		const { jobTokenOverride, credentialsTokenOverride } = this.opt;
+		return {
+			jobToken: jobTokenOverride ?? makeRandomJobToken(),
+			credentialsToken: credentialsTokenOverride ?? makeRandomJobToken()
+		};
+	}
+	run() {
+		return Promise.resolve([{
+			id: -1,
+			success: false,
+			affectedPrs: []
+		}]);
+	}
+};
+
+//#endregion
+//#region src/local/server.ts
+var LocalDependabotServer = class {
+	hostname = "localhost";
+	server;
+	trackedJobs = /* @__PURE__ */ new Map();
+	updates = /* @__PURE__ */ new Map();
+	jobTokens = /* @__PURE__ */ new Map();
+	credentialTokens = /* @__PURE__ */ new Map();
+	jobCredentials = /* @__PURE__ */ new Map();
+	receivedRequests = /* @__PURE__ */ new Map();
+	affectedPullRequestIds = /* @__PURE__ */ new Map();
+	constructor(options) {
+		const app = createApiServerApp({
+			...options,
+			authenticate: this.authenticate.bind(this),
+			getJob: this.job.bind(this),
+			getCredentials: this.credentials.bind(this),
+			handle: this.handle.bind(this)
+		});
+		this.server = createAdaptorServer({
+			...app,
+			fetch: (req) => {
+				const url = new URL(req.url);
+				url.protocol = req.headers.get("x-forwarded-proto") ?? url.protocol;
+				return app.fetch(new Request(url, req));
+			}
+		});
+	}
+	start(port) {
+		this.server.listen(port, "0.0.0.0", () => {
+			const info = this.server.address();
+			logger.info(`API server listening on http://${this.hostname}:${info.port}`);
+		});
+	}
+	stop() {
+		this.server.close(() => logger.info("API server closed"));
+	}
+	get url() {
+		const info = this.server.address();
+		return `http://${this.hostname}:${info.port}`;
+	}
+	get port() {
+		return this.server.address().port;
+	}
+	get jobs() {
+		return this.trackedJobs;
+	}
+	/**
+	* Adds a dependabot job.
+	* @param value - The dependabot job details.
+	*/
+	add(value) {
+		const { id, update, job, jobToken, credentialsToken, credentials } = value;
+		const { trackedJobs, updates, jobTokens, credentialTokens, jobCredentials, receivedRequests, affectedPullRequestIds } = this;
+		trackedJobs.set(id, job);
+		updates.set(id, update);
+		jobTokens.set(id, jobToken);
+		credentialTokens.set(id, credentialsToken);
+		jobCredentials.set(id, credentials);
+		receivedRequests.set(id, []);
+		affectedPullRequestIds.set(id, {
+			created: [],
+			updated: [],
+			closed: []
+		});
+	}
+	/**
+	* Gets a dependabot job by ID.
+	* @param id - The ID of the dependabot job to get.
+	* @returns The dependabot job, or undefined if not found.
+	*/
+	job(id) {
+		return Promise.resolve(this.trackedJobs.get(id));
+	}
+	/**
+	* Gets a dependabot update by ID of the job.
+	* @param id - The ID of the dependabot job to get.
+	* @returns The dependabot update, or undefined if not found.
+	*/
+	update(id) {
+		return this.updates.get(id);
+	}
+	/**
+	* Gets a token by ID of the job.
+	* @param id - The ID of the dependabot job to get.
+	* @returns The job token, or undefined if not found.
+	*/
+	token(id, type) {
+		return type === "job" ? this.jobTokens.get(id) : this.credentialTokens.get(id);
+	}
+	/**
+	* Gets the credentials for a dependabot job by ID.
+	* @param id - The ID of the dependabot job to get credentials for.
+	* @returns The credentials for the job, or undefined if not found.
+	*/
+	credentials(id) {
+		return Promise.resolve(this.jobCredentials.get(id));
+	}
+	/**
+	* Gets the received requests for a dependabot job by ID.
+	* @param id - The ID of the dependabot job to get requests for.
+	* @returns The received requests for the job, or undefined if not found.
+	*/
+	requests(id) {
+		return this.receivedRequests.get(id);
+	}
+	/**
+	* Gets the IDs of pull requests affected by a dependabot job by ID.
+	* @param id - The ID of the dependabot job to get affected pull request IDs for.
+	* @returns The affected pull request IDs for the job, or undefined if not found.
+	*/
+	affectedPrs(id) {
+		const { affectedPullRequestIds } = this;
+		return affectedPullRequestIds.get(id);
+	}
+	/**
+	* Gets all IDs of pull requests affected by a dependabot job by ID.
+	* @param id - The ID of the dependabot job to get affected pull request IDs for.
+	* @returns The affected pull request IDs for the job, or undefined if not found.
+	*/
+	allAffectedPrs(id) {
+		const affected = this.affectedPrs(id);
+		if (!affected) return [];
+		return [
+			...affected.created,
+			...affected.updated,
+			...affected.closed
+		];
+	}
+	/**
+	* Clears all data associated with a dependabot job by ID.
+	* This should be called when the job is no longer needed.
+	* @param id - The ID of the dependabot job to clear.
+	*/
+	clear(id) {
+		this.trackedJobs.delete(id);
+		this.updates.delete(id);
+		this.jobTokens.delete(id);
+		this.credentialTokens.delete(id);
+		this.jobCredentials.delete(id);
+		this.receivedRequests.delete(id);
+		this.affectedPullRequestIds.delete(id);
+	}
+	/**
+	* Authenticates a dependabot job.
+	* @param id - The ID of the dependabot job.
+	* @param value - The authentication value (e.g., API key).
+	* @returns A promise that resolves to a boolean indicating whether the authentication was successful.
+	*/
+	async authenticate(type, id, value) {
+		const token = type === "job" ? this.jobTokens.get(id) : this.credentialTokens.get(id);
+		if (!token) {
+			logger.debug(`Authentication failed: ${type} token ${id} not found`);
+			return false;
+		}
+		if (token !== value) {
+			logger.debug(`Authentication failed: invalid token for ${type} token ${id}`);
+			return false;
+		}
+		return true;
+	}
+	/**
+	* Handles a dependabot request.
+	* @param id - The ID of the dependabot job.
+	* @param request - The dependabot request to handle.
+	* @returns A promise that resolves to the result of handling the request.
+	*/
+	handle(id, request) {
+		this.receivedRequests.get(id).push(request);
+		return Promise.resolve(true);
+	}
+};
+
+//#endregion
+export { LocalJobsRunner as n, LocalDependabotServer as t };
+//# sourceMappingURL=server-Dcc7bD60.js.map

package/dist/server-Dcc7bD60.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-Dcc7bD60.js","names":[],"sources":["../src/local/runner.ts","../src/local/server.ts"],"sourcesContent":["import {\n  type DependabotConfig,\n  type DependabotExperiments,\n  type DependabotJobConfig,\n  makeRandomJobToken,\n} from '@paklo/core/dependabot';\nimport type { SecretMasker } from '@paklo/runner';\n\nexport type RunJobsResult = { id: number; success: boolean; message?: string; affectedPrs: number[] }[];\n\nexport type LocalJobsRunnerOptions = {\n  jobTokenOverride?: string;\n  credentialsTokenOverride?: string;\n  secretMasker: SecretMasker;\n\n  config: DependabotConfig;\n  targetUpdateIds?: number[];\n  experiments: DependabotExperiments;\n  updaterImage?: string;\n  command?: DependabotJobConfig['command'];\n};\n\nexport abstract class LocalJobsRunner {\n  private readonly opt: LocalJobsRunnerOptions;\n\n  constructor(options: LocalJobsRunnerOptions) {\n    this.opt = options;\n  }\n\n  protected makeTokens() {\n    const { jobTokenOverride, credentialsTokenOverride } = this.opt;\n    return {\n      jobToken: jobTokenOverride ?? makeRandomJobToken(),\n      credentialsToken: credentialsTokenOverride ?? makeRandomJobToken(),\n    };\n  }\n\n  public run(): Promise<RunJobsResult> {\n    return Promise.resolve([{ id: -1, success: false, affectedPrs: [] }]);\n  }\n}\n","import type { AddressInfo } from 'node:net';\nimport { createAdaptorServer } from '@hono/node-server';\nimport {\n  type CreateApiServerAppOptions,\n  createApiServerApp,\n  type DependabotCredential,\n  type DependabotJobConfig,\n  type DependabotRequest,\n  type DependabotTokenType,\n  type DependabotUpdate,\n  type GitAuthor,\n} from '@paklo/core/dependabot';\nimport { logger } from '@/logger';\n\nexport type LocalDependabotServerAddOptions = {\n  /** The ID of the dependabot job. */\n  id: number;\n  /** The dependabot update associated with the job. */\n  update: DependabotUpdate;\n  /** The dependabot job configuration. */\n  job: DependabotJobConfig;\n  /** The authentication token for the job. */\n  jobToken: string;\n  /** The authentication token for the job. */\n  credentialsToken: string;\n  /** The credentials associated with the job. */\n  credentials: DependabotCredential[];\n};\n\nexport type AffectedPullRequestIds = {\n  created: number[];\n  updated: number[];\n  closed: number[];\n};\n\nexport type LocalDependabotServerOptions = Omit<\n  CreateApiServerAppOptions,\n  'authenticate' | 'getJob' | 'getCredentials' | 'handle'\n> & {\n  author: GitAuthor;\n  debug: boolean;\n  dryRun: boolean;\n};\nexport abstract class LocalDependabotServer {\n  private readonly hostname = 'localhost';\n  private readonly server: ReturnType<typeof createAdaptorServer>;\n  private readonly trackedJobs = new Map<number, DependabotJobConfig>();\n  private readonly updates = new Map<number, DependabotUpdate>();\n  private readonly jobTokens = new Map<number, string>();\n  private readonly credentialTokens = new Map<number, string>();\n  private readonly jobCredentials = new Map<number, DependabotCredential[]>();\n  private readonly receivedRequests = new Map<number, DependabotRequest[]>();\n\n  protected readonly affectedPullRequestIds = new Map<number, AffectedPullRequestIds>();\n\n  constructor(options: LocalDependabotServerOptions) {\n    const app = createApiServerApp({\n      ...options,\n      authenticate: this.authenticate.bind(this),\n      getJob: this.job.bind(this),\n      getCredentials: this.credentials.bind(this),\n      handle: this.handle.bind(this),\n    });\n    this.server = createAdaptorServer({\n      ...app,\n      // Workaround for hono not respecting x-forwarded-proto header\n      // https://github.com/honojs/node-server/issues/146#issuecomment-3153435672\n      fetch: (req) => {\n        const url = new URL(req.url);\n        url.protocol = req.headers.get('x-forwarded-proto') ?? url.protocol;\n        return app.fetch(new Request(url, req));\n      },\n    });\n  }\n\n  start(port?: number) {\n    // listening to 'localhost' will result to IpV6 only but we need it to be all local\n    // interfaces, otherwise containers cannot reach it using host.docker.internal\n    this.server.listen(port, '0.0.0.0', () => {\n      const info = this.server.address() as AddressInfo;\n      logger.info(`API server listening on http://${this.hostname}:${info.port}`);\n    });\n  }\n\n  stop() {\n    this.server.close(() => logger.info('API server closed'));\n  }\n\n  get url() {\n    const info = this.server.address() as AddressInfo;\n    return `http://${this.hostname}:${info.port}`;\n  }\n\n  get port() {\n    const info = this.server.address() as AddressInfo;\n    return info.port;\n  }\n\n  get jobs() {\n    return this.trackedJobs;\n  }\n\n  /**\n   * Adds a dependabot job.\n   * @param value - The dependabot job details.\n   */\n  add(value: LocalDependabotServerAddOptions) {\n    const { id, update, job, jobToken, credentialsToken, credentials } = value;\n    const {\n      trackedJobs,\n      updates,\n      jobTokens,\n      credentialTokens,\n      jobCredentials,\n      receivedRequests,\n      affectedPullRequestIds,\n    } = this;\n    trackedJobs.set(id, job);\n    updates.set(id, update);\n    jobTokens.set(id, jobToken);\n    credentialTokens.set(id, credentialsToken);\n    jobCredentials.set(id, credentials);\n    receivedRequests.set(id, []);\n    affectedPullRequestIds.set(id, { created: [], updated: [], closed: [] });\n  }\n\n  /**\n   * Gets a dependabot job by ID.\n   * @param id - The ID of the dependabot job to get.\n   * @returns The dependabot job, or undefined if not found.\n   */\n  job(id: number): Promise<DependabotJobConfig | undefined> {\n    return Promise.resolve(this.trackedJobs.get(id));\n  }\n\n  /**\n   * Gets a dependabot update by ID of the job.\n   * @param id - The ID of the dependabot job to get.\n   * @returns The dependabot update, or undefined if not found.\n   */\n  update(id: number): DependabotUpdate | undefined {\n    return this.updates.get(id);\n  }\n\n  /**\n   * Gets a token by ID of the job.\n   * @param id - The ID of the dependabot job to get.\n   * @returns The job token, or undefined if not found.\n   */\n  token(id: number, type: DependabotTokenType): string | undefined {\n    return type === 'job' ? this.jobTokens.get(id) : this.credentialTokens.get(id);\n  }\n\n  /**\n   * Gets the credentials for a dependabot job by ID.\n   * @param id - The ID of the dependabot job to get credentials for.\n   * @returns The credentials for the job, or undefined if not found.\n   */\n  credentials(id: number): Promise<DependabotCredential[] | undefined> {\n    return Promise.resolve(this.jobCredentials.get(id));\n  }\n\n  /**\n   * Gets the received requests for a dependabot job by ID.\n   * @param id - The ID of the dependabot job to get requests for.\n   * @returns The received requests for the job, or undefined if not found.\n   */\n  requests(id: number): DependabotRequest[] | undefined {\n    return this.receivedRequests.get(id);\n  }\n\n  /**\n   * Gets the IDs of pull requests affected by a dependabot job by ID.\n   * @param id - The ID of the dependabot job to get affected pull request IDs for.\n   * @returns The affected pull request IDs for the job, or undefined if not found.\n   */\n  affectedPrs(id: number): AffectedPullRequestIds | undefined {\n    const { affectedPullRequestIds } = this;\n    return affectedPullRequestIds.get(id);\n  }\n\n  /**\n   * Gets all IDs of pull requests affected by a dependabot job by ID.\n   * @param id - The ID of the dependabot job to get affected pull request IDs for.\n   * @returns The affected pull request IDs for the job, or undefined if not found.\n   */\n  allAffectedPrs(id: number): number[] {\n    const affected = this.affectedPrs(id);\n    if (!affected) return [];\n    return [...affected.created, ...affected.updated, ...affected.closed];\n  }\n\n  /**\n   * Clears all data associated with a dependabot job by ID.\n   * This should be called when the job is no longer needed.\n   * @param id - The ID of the dependabot job to clear.\n   */\n  clear(id: number) {\n    this.trackedJobs.delete(id);\n    this.updates.delete(id);\n    this.jobTokens.delete(id);\n    this.credentialTokens.delete(id);\n    this.jobCredentials.delete(id);\n    this.receivedRequests.delete(id);\n    this.affectedPullRequestIds.delete(id);\n  }\n\n  /**\n   * Authenticates a dependabot job.\n   * @param id - The ID of the dependabot job.\n   * @param value - The authentication value (e.g., API key).\n   * @returns A promise that resolves to a boolean indicating whether the authentication was successful.\n   */\n  protected async authenticate(type: DependabotTokenType, id: number, value: string): Promise<boolean> {\n    const token = type === 'job' ? this.jobTokens.get(id) : this.credentialTokens.get(id);\n    if (!token) {\n      logger.debug(`Authentication failed: ${type} token ${id} not found`);\n      return false;\n    }\n    if (token !== value) {\n      logger.debug(`Authentication failed: invalid token for ${type} token ${id}`);\n      return false;\n    }\n    return true;\n  }\n\n  /**\n   * Handles a dependabot request.\n   * @param id - The ID of the dependabot job.\n   * @param request - The dependabot request to handle.\n   * @returns A promise that resolves to the result of handling the request.\n   */\n  protected handle(id: number, request: DependabotRequest): Promise<boolean> {\n    this.receivedRequests.get(id)!.push(request);\n    return Promise.resolve(true);\n  }\n}\n"],"mappings":";;;;;AAsBA,IAAsB,kBAAtB,MAAsC;CACpC,AAAiB;CAEjB,YAAY,SAAiC;AAC3C,OAAK,MAAM;;CAGb,AAAU,aAAa;EACrB,MAAM,EAAE,kBAAkB,6BAA6B,KAAK;AAC5D,SAAO;GACL,UAAU,oBAAoB,oBAAoB;GAClD,kBAAkB,4BAA4B,oBAAoB;GACnE;;CAGH,AAAO,MAA8B;AACnC,SAAO,QAAQ,QAAQ,CAAC;GAAE,IAAI;GAAI,SAAS;GAAO,aAAa,EAAE;GAAE,CAAC,CAAC;;;;;;ACKzE,IAAsB,wBAAtB,MAA4C;CAC1C,AAAiB,WAAW;CAC5B,AAAiB;CACjB,AAAiB,8BAAc,IAAI,KAAkC;CACrE,AAAiB,0BAAU,IAAI,KAA+B;CAC9D,AAAiB,4BAAY,IAAI,KAAqB;CACtD,AAAiB,mCAAmB,IAAI,KAAqB;CAC7D,AAAiB,iCAAiB,IAAI,KAAqC;CAC3E,AAAiB,mCAAmB,IAAI,KAAkC;CAE1E,AAAmB,yCAAyB,IAAI,KAAqC;CAErF,YAAY,SAAuC;EACjD,MAAM,MAAM,mBAAmB;GAC7B,GAAG;GACH,cAAc,KAAK,aAAa,KAAK,KAAK;GAC1C,QAAQ,KAAK,IAAI,KAAK,KAAK;GAC3B,gBAAgB,KAAK,YAAY,KAAK,KAAK;GAC3C,QAAQ,KAAK,OAAO,KAAK,KAAK;GAC/B,CAAC;AACF,OAAK,SAAS,oBAAoB;GAChC,GAAG;GAGH,QAAQ,QAAQ;IACd,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;AAC5B,QAAI,WAAW,IAAI,QAAQ,IAAI,oBAAoB,IAAI,IAAI;AAC3D,WAAO,IAAI,MAAM,IAAI,QAAQ,KAAK,IAAI,CAAC;;GAE1C,CAAC;;CAGJ,MAAM,MAAe;AAGnB,OAAK,OAAO,OAAO,MAAM,iBAAiB;GACxC,MAAM,OAAO,KAAK,OAAO,SAAS;AAClC,UAAO,KAAK,kCAAkC,KAAK,SAAS,GAAG,KAAK,OAAO;IAC3E;;CAGJ,OAAO;AACL,OAAK,OAAO,YAAY,OAAO,KAAK,oBAAoB,CAAC;;CAG3D,IAAI,MAAM;EACR,MAAM,OAAO,KAAK,OAAO,SAAS;AAClC,SAAO,UAAU,KAAK,SAAS,GAAG,KAAK;;CAGzC,IAAI,OAAO;AAET,SADa,KAAK,OAAO,SAAS,CACtB;;CAGd,IAAI,OAAO;AACT,SAAO,KAAK;;;;;;CAOd,IAAI,OAAwC;EAC1C,MAAM,EAAE,IAAI,QAAQ,KAAK,UAAU,kBAAkB,gBAAgB;EACrE,MAAM,EACJ,aACA,SACA,WACA,kBACA,gBACA,kBACA,2BACE;AACJ,cAAY,IAAI,IAAI,IAAI;AACxB,UAAQ,IAAI,IAAI,OAAO;AACvB,YAAU,IAAI,IAAI,SAAS;AAC3B,mBAAiB,IAAI,IAAI,iBAAiB;AAC1C,iBAAe,IAAI,IAAI,YAAY;AACnC,mBAAiB,IAAI,IAAI,EAAE,CAAC;AAC5B,yBAAuB,IAAI,IAAI;GAAE,SAAS,EAAE;GAAE,SAAS,EAAE;GAAE,QAAQ,EAAE;GAAE,CAAC;;;;;;;CAQ1E,IAAI,IAAsD;AACxD,SAAO,QAAQ,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC;;;;;;;CAQlD,OAAO,IAA0C;AAC/C,SAAO,KAAK,QAAQ,IAAI,GAAG;;;;;;;CAQ7B,MAAM,IAAY,MAA+C;AAC/D,SAAO,SAAS,QAAQ,KAAK,UAAU,IAAI,GAAG,GAAG,KAAK,iBAAiB,IAAI,GAAG;;;;;;;CAQhF,YAAY,IAAyD;AACnE,SAAO,QAAQ,QAAQ,KAAK,eAAe,IAAI,GAAG,CAAC;;;;;;;CAQrD,SAAS,IAA6C;AACpD,SAAO,KAAK,iBAAiB,IAAI,GAAG;;;;;;;CAQtC,YAAY,IAAgD;EAC1D,MAAM,EAAE,2BAA2B;AACnC,SAAO,uBAAuB,IAAI,GAAG;;;;;;;CAQvC,eAAe,IAAsB;EACnC,MAAM,WAAW,KAAK,YAAY,GAAG;AACrC,MAAI,CAAC,SAAU,QAAO,EAAE;AACxB,SAAO;GAAC,GAAG,SAAS;GAAS,GAAG,SAAS;GAAS,GAAG,SAAS;GAAO;;;;;;;CAQvE,MAAM,IAAY;AAChB,OAAK,YAAY,OAAO,GAAG;AAC3B,OAAK,QAAQ,OAAO,GAAG;AACvB,OAAK,UAAU,OAAO,GAAG;AACzB,OAAK,iBAAiB,OAAO,GAAG;AAChC,OAAK,eAAe,OAAO,GAAG;AAC9B,OAAK,iBAAiB,OAAO,GAAG;AAChC,OAAK,uBAAuB,OAAO,GAAG;;;;;;;;CASxC,MAAgB,aAAa,MAA2B,IAAY,OAAiC;EACnG,MAAM,QAAQ,SAAS,QAAQ,KAAK,UAAU,IAAI,GAAG,GAAG,KAAK,iBAAiB,IAAI,GAAG;AACrF,MAAI,CAAC,OAAO;AACV,UAAO,MAAM,0BAA0B,KAAK,SAAS,GAAG,YAAY;AACpE,UAAO;;AAET,MAAI,UAAU,OAAO;AACnB,UAAO,MAAM,4CAA4C,KAAK,SAAS,KAAK;AAC5E,UAAO;;AAET,SAAO;;;;;;;;CAST,AAAU,OAAO,IAAY,SAA8C;AACzE,OAAK,iBAAiB,IAAI,GAAG,CAAE,KAAK,QAAQ;AAC5C,SAAO,QAAQ,QAAQ,KAAK"}

package/dist/server-Ri18zAcc.d.ts

@@ -0,0 +1,229 @@
+import { CreateApiServerAppOptions, DependabotConfig, DependabotCredential, DependabotExperiments, DependabotJobConfig, DependabotRequest, DependabotTokenType, DependabotUpdate, GitAuthor } from "@paklo/core/dependabot";
+import { SecretMasker } from "@paklo/runner";
+
+//#region src/local/runner.d.ts
+type RunJobsResult = {
+  id: number;
+  success: boolean;
+  message?: string;
+  affectedPrs: number[];
+}[];
+type LocalJobsRunnerOptions = {
+  jobTokenOverride?: string;
+  credentialsTokenOverride?: string;
+  secretMasker: SecretMasker;
+  config: DependabotConfig;
+  targetUpdateIds?: number[];
+  experiments: DependabotExperiments;
+  updaterImage?: string;
+  command?: DependabotJobConfig['command'];
+};
+declare abstract class LocalJobsRunner {
+  private readonly opt;
+  constructor(options: LocalJobsRunnerOptions);
+  protected makeTokens(): {
+    jobToken: string;
+    credentialsToken: string;
+  };
+  run(): Promise<RunJobsResult>;
+}
+//#endregion
+//#region src/local/server.d.ts
+type LocalDependabotServerAddOptions = {
+  /** The ID of the dependabot job. */
+  id: number;
+  /** The dependabot update associated with the job. */
+  update: DependabotUpdate;
+  /** The dependabot job configuration. */
+  job: DependabotJobConfig;
+  /** The authentication token for the job. */
+  jobToken: string;
+  /** The authentication token for the job. */
+  credentialsToken: string;
+  /** The credentials associated with the job. */
+  credentials: DependabotCredential[];
+};
+type AffectedPullRequestIds = {
+  created: number[];
+  updated: number[];
+  closed: number[];
+};
+type LocalDependabotServerOptions = Omit<CreateApiServerAppOptions, 'authenticate' | 'getJob' | 'getCredentials' | 'handle'> & {
+  author: GitAuthor;
+  debug: boolean;
+  dryRun: boolean;
+};
+declare abstract class LocalDependabotServer {
+  private readonly hostname;
+  private readonly server;
+  private readonly trackedJobs;
+  private readonly updates;
+  private readonly jobTokens;
+  private readonly credentialTokens;
+  private readonly jobCredentials;
+  private readonly receivedRequests;
+  protected readonly affectedPullRequestIds: Map<number, AffectedPullRequestIds>;
+  constructor(options: LocalDependabotServerOptions);
+  start(port?: number): void;
+  stop(): void;
+  get url(): string;
+  get port(): number;
+  get jobs(): Map<number, {
+    'package-manager': "bun" | "bundler" | "cargo" | "composer" | "devcontainers" | "docker" | "docker_compose" | "dotnet_sdk" | "helm" | "hex" | "elm" | "submodules" | "github_actions" | "go_modules" | "gradle" | "maven" | "npm_and_yarn" | "nuget" | "pip" | "pub" | "swift" | "terraform" | "uv";
+    'allowed-updates': {
+      'dependency-name'?: string | null | undefined;
+      'dependency-type'?: string | null | undefined;
+      'update-type'?: "all" | "security" | undefined;
+    }[];
+    debug: boolean | null;
+    dependencies: string[] | null;
+    'existing-pull-requests': {
+      'dependency-name': string;
+      'dependency-version'?: string | null | undefined;
+      directory?: string | null | undefined;
+      removed?: boolean | null | undefined;
+    }[][];
+    'existing-group-pull-requests': {
+      'dependency-group-name': string;
+      dependencies: {
+        'dependency-name': string;
+        'dependency-version'?: string | null | undefined;
+        directory?: string | null | undefined;
+        removed?: boolean | null | undefined;
+      }[];
+    }[];
+    experiments: Record<string, string | boolean>;
+    'ignore-conditions': {
+      'dependency-name': string;
+      source?: string | null | undefined;
+      'update-types'?: string[] | null | undefined;
+      'updated-at'?: string | null | undefined;
+      'version-requirement'?: string | null | undefined;
+    }[];
+    'lockfile-only': boolean;
+    'requirements-update-strategy': string | null;
+    'security-advisories': {
+      'dependency-name': string;
+      'affected-versions': string[];
+      'unaffected-versions': string[];
+      'patched-versions'?: string[] | null | undefined;
+    }[];
+    'security-updates-only': boolean;
+    source: {
+      provider: "azure";
+      repo: string;
+      directory?: string | null | undefined;
+      directories?: string[] | null | undefined;
+      branch?: string | null | undefined;
+      commit?: string | null | undefined;
+      hostname?: string | null | undefined;
+      'api-endpoint'?: string | null | undefined;
+    };
+    'update-subdependencies': boolean;
+    'updating-a-pull-request': boolean;
+    'vendor-dependencies': boolean;
+    'repo-private': boolean;
+    'commit-message-options': {
+      prefix?: string | null | undefined;
+      'prefix-development'?: string | null | undefined;
+      'include-scope'?: boolean | null | undefined;
+    };
+    id?: number | undefined;
+    command?: "version" | "graph" | "recreate" | undefined;
+    'dependency-groups'?: {
+      name: string;
+      rules: {
+        patterns?: string[] | null | undefined;
+        'exclude-patterns'?: string[] | null | undefined;
+        'dependency-type'?: string | null | undefined;
+        'update-types'?: string[] | null | undefined;
+      };
+      'applies-to'?: string | null | undefined;
+    }[] | null | undefined;
+    'dependency-group-to-refresh'?: string | null | undefined;
+    'reject-external-code'?: boolean | null | undefined;
+    'credentials-metadata'?: Record<string, any>[] | null | undefined;
+    'max-updater-run-time'?: number | null | undefined;
+    cooldown?: {
+      'default-days'?: number | undefined;
+      'semver-major-days'?: number | undefined;
+      'semver-minor-days'?: number | undefined;
+      'semver-patch-days'?: number | undefined;
+      include?: string[] | undefined;
+      exclude?: string[] | undefined;
+    } | null | undefined;
+    'proxy-log-response-body-on-auth-failure'?: boolean | null | undefined;
+    'enable-beta-ecosystems'?: boolean | null | undefined;
+    'multi-ecosystem-update'?: boolean | null | undefined;
+  }>;
+  /**
+   * Adds a dependabot job.
+   * @param value - The dependabot job details.
+   */
+  add(value: LocalDependabotServerAddOptions): void;
+  /**
+   * Gets a dependabot job by ID.
+   * @param id - The ID of the dependabot job to get.
+   * @returns The dependabot job, or undefined if not found.
+   */
+  job(id: number): Promise<DependabotJobConfig | undefined>;
+  /**
+   * Gets a dependabot update by ID of the job.
+   * @param id - The ID of the dependabot job to get.
+   * @returns The dependabot update, or undefined if not found.
+   */
+  update(id: number): DependabotUpdate | undefined;
+  /**
+   * Gets a token by ID of the job.
+   * @param id - The ID of the dependabot job to get.
+   * @returns The job token, or undefined if not found.
+   */
+  token(id: number, type: DependabotTokenType): string | undefined;
+  /**
+   * Gets the credentials for a dependabot job by ID.
+   * @param id - The ID of the dependabot job to get credentials for.
+   * @returns The credentials for the job, or undefined if not found.
+   */
+  credentials(id: number): Promise<DependabotCredential[] | undefined>;
+  /**
+   * Gets the received requests for a dependabot job by ID.
+   * @param id - The ID of the dependabot job to get requests for.
+   * @returns The received requests for the job, or undefined if not found.
+   */
+  requests(id: number): DependabotRequest[] | undefined;
+  /**
+   * Gets the IDs of pull requests affected by a dependabot job by ID.
+   * @param id - The ID of the dependabot job to get affected pull request IDs for.
+   * @returns The affected pull request IDs for the job, or undefined if not found.
+   */
+  affectedPrs(id: number): AffectedPullRequestIds | undefined;
+  /**
+   * Gets all IDs of pull requests affected by a dependabot job by ID.
+   * @param id - The ID of the dependabot job to get affected pull request IDs for.
+   * @returns The affected pull request IDs for the job, or undefined if not found.
+   */
+  allAffectedPrs(id: number): number[];
+  /**
+   * Clears all data associated with a dependabot job by ID.
+   * This should be called when the job is no longer needed.
+   * @param id - The ID of the dependabot job to clear.
+   */
+  clear(id: number): void;
+  /**
+   * Authenticates a dependabot job.
+   * @param id - The ID of the dependabot job.
+   * @param value - The authentication value (e.g., API key).
+   * @returns A promise that resolves to a boolean indicating whether the authentication was successful.
+   */
+  protected authenticate(type: DependabotTokenType, id: number, value: string): Promise<boolean>;
+  /**
+   * Handles a dependabot request.
+   * @param id - The ID of the dependabot job.
+   * @param request - The dependabot request to handle.
+   * @returns A promise that resolves to the result of handling the request.
+   */
+  protected handle(id: number, request: DependabotRequest): Promise<boolean>;
+}
+//#endregion
+export { LocalJobsRunner as a, LocalDependabotServerOptions as i, LocalDependabotServer as n, LocalJobsRunnerOptions as o, LocalDependabotServerAddOptions as r, RunJobsResult as s, AffectedPullRequestIds as t };
+//# sourceMappingURL=server-Ri18zAcc.d.ts.map

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "@paklo/runner",
+  "version": "0.1.0",
+  "sideEffects": false,
+  "type": "module",
+  "author": "mburumaxwell",
+  "license": "AGPL-3.0-later",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./local": {
+      "types": "./dist/local/index.d.ts",
+      "import": "./dist/local/index.js"
+    },
+    "./local/azure": {
+      "types": "./dist/local/azure.d.ts",
+      "import": "./dist/local/azure.js"
+    }
+  },
+  "files": [
+    "dist",
+    "package.json"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mburumaxwell/dependabot-azure-devops.git"
+  },
+  "keywords": [
+    "dependabot",
+    "azure",
+    "devops",
+    "paklo"
+  ],
+  "bugs": {
+    "url": "https://github.com/mburumaxwell/dependabot-azure-devops/issues"
+  },
+  "homepage": "https://github.com/mburumaxwell/dependabot-azure-devops#readme",
+  "dependencies": {
+    "@hono/node-server": "1.19.5",
+    "dockerode": "4.0.9",
+    "node-forge": "1.3.1",
+    "tar-stream": "3.1.7",
+    "@paklo/core": "0.1.0"
+  },
+  "devDependencies": {
+    "@types/dockerode": "3.3.44",
+    "@types/node": "24.8.1",
+    "@types/node-forge": "1.3.14",
+    "@types/tar-stream": "3.1.4",
+    "tsdown": "0.15.8"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "postinstall": "tsdown",
+    "dev": "tsdown --watch",
+    "prebuild": "tsc",
+    "build": "tsdown",
+    "lint": "biome check",
+    "test": "vitest",
+    "clean": "rimraf .turbo dist"
+  }
+}