@planu/cli 1.0.3 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/license-plans.json +4 -2
- package/dist/engine/ci-generator/yaml-builder.d.ts.map +1 -1
- package/dist/engine/ci-generator/yaml-builder.js +43 -0
- package/dist/engine/ci-generator/yaml-builder.js.map +1 -1
- package/dist/engine/dep-auditor/index.d.ts +2 -0
- package/dist/engine/dep-auditor/index.d.ts.map +1 -1
- package/dist/engine/dep-auditor/index.js +114 -42
- package/dist/engine/dep-auditor/index.js.map +1 -1
- package/dist/engine/dep-auditor/lockfile-parser.d.ts +26 -0
- package/dist/engine/dep-auditor/lockfile-parser.d.ts.map +1 -0
- package/dist/engine/dep-auditor/lockfile-parser.js +164 -0
- package/dist/engine/dep-auditor/lockfile-parser.js.map +1 -0
- package/dist/engine/dep-auditor/semver-utils.d.ts +19 -0
- package/dist/engine/dep-auditor/semver-utils.d.ts.map +1 -0
- package/dist/engine/dep-auditor/semver-utils.js +141 -0
- package/dist/engine/dep-auditor/semver-utils.js.map +1 -0
- package/dist/engine/dep-auditor/vuln-data.d.ts.map +1 -1
- package/dist/engine/dep-auditor/vuln-data.js +1 -20
- package/dist/engine/dep-auditor/vuln-data.js.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/tools/register-dep-audit-tools.d.ts +3 -0
- package/dist/tools/register-dep-audit-tools.d.ts.map +1 -0
- package/dist/tools/register-dep-audit-tools.js +157 -0
- package/dist/tools/register-dep-audit-tools.js.map +1 -0
- package/dist/tools/update-status/dod-gates.d.ts +14 -0
- package/dist/tools/update-status/dod-gates.d.ts.map +1 -1
- package/dist/tools/update-status/dod-gates.js +54 -0
- package/dist/tools/update-status/dod-gates.js.map +1 -1
- package/dist/tools/update-status/index.d.ts.map +1 -1
- package/dist/tools/update-status/index.js +6 -6
- package/dist/tools/update-status/index.js.map +1 -1
- package/dist/types/tooling/audit.d.ts +20 -0
- package/dist/types/tooling/audit.d.ts.map +1 -1
- package/dist/types/tooling/audit.js +1 -1
- package/dist/types/tooling/audit.js.map +1 -1
- package/dist/types/tooling/index.d.ts +1 -1
- package/dist/types/tooling/index.d.ts.map +1 -1
- package/dist/types/tooling.d.ts +1 -1
- package/dist/types/tooling.d.ts.map +1 -1
- package/package.json +4 -2
- package/src/config/license-plans.json +4 -2
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parse a version string like "1.2.3", "1.2.3-rc.1", "^1.2.3" into parts.
|
|
3
|
+
* Strips leading range operators (^, ~, >=, <=, >, <) before parsing.
|
|
4
|
+
*/
|
|
5
|
+
function parseSemver(raw) {
|
|
6
|
+
const stripped = raw.trim().replace(/^[^0-9]*/, '');
|
|
7
|
+
const match = /^(\d+)\.(\d+)\.(\d+)(?:-([a-zA-Z0-9._-]+))?/.exec(stripped);
|
|
8
|
+
if (!match) {
|
|
9
|
+
return null;
|
|
10
|
+
}
|
|
11
|
+
return {
|
|
12
|
+
major: parseInt(match[1] ?? '0', 10),
|
|
13
|
+
minor: parseInt(match[2] ?? '0', 10),
|
|
14
|
+
patch: parseInt(match[3] ?? '0', 10),
|
|
15
|
+
preRelease: match[4] ?? '',
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
/** Compare two parsed versions. Returns negative if a < b, 0 if equal, positive if a > b. */
|
|
19
|
+
function compareTuples(a, b) {
|
|
20
|
+
if (a.major !== b.major) {
|
|
21
|
+
return a.major - b.major;
|
|
22
|
+
}
|
|
23
|
+
if (a.minor !== b.minor) {
|
|
24
|
+
return a.minor - b.minor;
|
|
25
|
+
}
|
|
26
|
+
if (a.patch !== b.patch) {
|
|
27
|
+
return a.patch - b.patch;
|
|
28
|
+
}
|
|
29
|
+
// Pre-release handling: a version without pre-release is greater than one with
|
|
30
|
+
if (a.preRelease === '' && b.preRelease !== '') {
|
|
31
|
+
return 1;
|
|
32
|
+
}
|
|
33
|
+
if (a.preRelease !== '' && b.preRelease === '') {
|
|
34
|
+
return -1;
|
|
35
|
+
}
|
|
36
|
+
// Both have pre-release: compare lexicographically
|
|
37
|
+
return a.preRelease < b.preRelease ? -1 : a.preRelease > b.preRelease ? 1 : 0;
|
|
38
|
+
}
|
|
39
|
+
/** Evaluate a single comparator like ">=1.0.0", "<2.0.0", "1.2.3" against installed. */
|
|
40
|
+
function evaluateComparator(installed, comparator) {
|
|
41
|
+
const c = comparator.trim();
|
|
42
|
+
if (c === '' || c === '*') {
|
|
43
|
+
return true;
|
|
44
|
+
}
|
|
45
|
+
if (c.startsWith('>=')) {
|
|
46
|
+
const bound = parseSemver(c.slice(2));
|
|
47
|
+
return bound !== null && compareTuples(installed, bound) >= 0;
|
|
48
|
+
}
|
|
49
|
+
if (c.startsWith('<=')) {
|
|
50
|
+
const bound = parseSemver(c.slice(2));
|
|
51
|
+
return bound !== null && compareTuples(installed, bound) <= 0;
|
|
52
|
+
}
|
|
53
|
+
if (c.startsWith('>')) {
|
|
54
|
+
const bound = parseSemver(c.slice(1));
|
|
55
|
+
return bound !== null && compareTuples(installed, bound) > 0;
|
|
56
|
+
}
|
|
57
|
+
if (c.startsWith('<')) {
|
|
58
|
+
const bound = parseSemver(c.slice(1));
|
|
59
|
+
return bound !== null && compareTuples(installed, bound) < 0;
|
|
60
|
+
}
|
|
61
|
+
if (c.startsWith('~')) {
|
|
62
|
+
// ~1.2.3 := >=1.2.3 <1.3.0
|
|
63
|
+
const base = parseSemver(c.slice(1));
|
|
64
|
+
if (!base) {
|
|
65
|
+
return false;
|
|
66
|
+
}
|
|
67
|
+
const upper = {
|
|
68
|
+
major: base.major,
|
|
69
|
+
minor: base.minor + 1,
|
|
70
|
+
patch: 0,
|
|
71
|
+
preRelease: '',
|
|
72
|
+
};
|
|
73
|
+
return compareTuples(installed, base) >= 0 && compareTuples(installed, upper) < 0;
|
|
74
|
+
}
|
|
75
|
+
if (c.startsWith('^')) {
|
|
76
|
+
// ^1.2.3 := >=1.2.3 <2.0.0, ^0.2.3 := >=0.2.3 <0.3.0, ^0.0.3 := >=0.0.3 <0.0.4
|
|
77
|
+
const base = parseSemver(c.slice(1));
|
|
78
|
+
if (!base) {
|
|
79
|
+
return false;
|
|
80
|
+
}
|
|
81
|
+
let upper;
|
|
82
|
+
if (base.major > 0) {
|
|
83
|
+
upper = { major: base.major + 1, minor: 0, patch: 0, preRelease: '' };
|
|
84
|
+
}
|
|
85
|
+
else if (base.minor > 0) {
|
|
86
|
+
upper = { major: 0, minor: base.minor + 1, patch: 0, preRelease: '' };
|
|
87
|
+
}
|
|
88
|
+
else {
|
|
89
|
+
upper = { major: 0, minor: 0, patch: base.patch + 1, preRelease: '' };
|
|
90
|
+
}
|
|
91
|
+
return compareTuples(installed, base) >= 0 && compareTuples(installed, upper) < 0;
|
|
92
|
+
}
|
|
93
|
+
// Exact version match
|
|
94
|
+
const exact = parseSemver(c);
|
|
95
|
+
if (!exact) {
|
|
96
|
+
return false;
|
|
97
|
+
}
|
|
98
|
+
return compareTuples(installed, exact) === 0;
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Returns true if installedVersion falls within vulnerableRange.
|
|
102
|
+
* vulnerableRange supports:
|
|
103
|
+
* - exact: "1.2.3"
|
|
104
|
+
* - caret: "^1.2.3"
|
|
105
|
+
* - tilde: "~1.2.3"
|
|
106
|
+
* - comparators: ">=1.0.0", "<=2.0.0", ">1.0.0", "<2.0.0"
|
|
107
|
+
* - AND ranges (space-separated): ">=1.0.0 <2.0.0"
|
|
108
|
+
* - OR ranges (|| separated): ">=1.0.0 <1.5.0 || >=2.0.0 <2.5.0"
|
|
109
|
+
* - pre-release suffixes: "1.2.3-rc.1", ">=1.0.0-alpha"
|
|
110
|
+
*/
|
|
111
|
+
export function isVersionVulnerable(installedVersion, vulnerableRange) {
|
|
112
|
+
const installed = parseSemver(installedVersion);
|
|
113
|
+
if (!installed) {
|
|
114
|
+
return false;
|
|
115
|
+
}
|
|
116
|
+
// Split by || for OR groups
|
|
117
|
+
const orGroups = vulnerableRange.split('||').map((g) => g.trim());
|
|
118
|
+
for (const group of orGroups) {
|
|
119
|
+
// Each group is an AND of space-separated comparators
|
|
120
|
+
const comparators = group.split(/\s+/).filter((c) => c !== '');
|
|
121
|
+
const allMatch = comparators.every((c) => evaluateComparator(installed, c));
|
|
122
|
+
if (allMatch) {
|
|
123
|
+
return true;
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
return false;
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Returns true if installedVersion is strictly below threshold.
|
|
130
|
+
* Equivalent to isVersionVulnerable(installed, '<threshold').
|
|
131
|
+
* Used as backward-compatible replacement for the old isVersionBelow().
|
|
132
|
+
*/
|
|
133
|
+
export function isVersionBelow(installedVersion, threshold) {
|
|
134
|
+
const installed = parseSemver(installedVersion);
|
|
135
|
+
const bound = parseSemver(threshold);
|
|
136
|
+
if (!installed || !bound) {
|
|
137
|
+
return false;
|
|
138
|
+
}
|
|
139
|
+
return compareTuples(installed, bound) < 0;
|
|
140
|
+
}
|
|
141
|
+
//# sourceMappingURL=semver-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"semver-utils.js","sourceRoot":"","sources":["../../../src/engine/dep-auditor/semver-utils.ts"],"names":[],"mappings":"AAKA;;;GAGG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,6CAA6C,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;QACpC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;QACpC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;QACpC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;KAC3B,CAAC;AACJ,CAAC;AAED,6FAA6F;AAC7F,SAAS,aAAa,CAAC,CAAc,EAAE,CAAc;IACnD,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC;IACD,+EAA+E;IAC/E,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;QAC/C,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;QAC/C,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,mDAAmD;IACnD,OAAO,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAChF,CAAC;AAED,wFAAwF;AACxF,SAAS,kBAAkB,CAAC,SAAsB,EAAE,UAAkB;IACpE,MAAM,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,OAAO,KAAK,KAAK,IAAI,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,OAAO,KAAK,KAAK,IAAI,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,OAAO,KAAK,KAAK,IAAI,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,OAAO,KAAK,KAAK,IAAI,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,2BAA2B;QAC3B,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAgB;YACzB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,CAAC;YACrB,KAAK,EAAE,CAAC;YACR,UAAU,EAAE,EAAE;SACf,CAAC;QACF,OAAO,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,+EAA+E;QAC/E,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,KAAkB,CAAC;QACvB,IAAI,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YACnB,KAAK,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QACxE,CAAC;aAAM,IAAI,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YAC1B,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QACxE,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QACxE,CAAC;QACD,OAAO,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACpF,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CAAC,gBAAwB,EAAE,eAAuB;IACnF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAElE,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,sDAAsD;QACtD,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,gBAAwB,EAAE,SAAiB;IACxE,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,CAAC,SAAS,IAAI,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;AAC7C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vuln-data.d.ts","sourceRoot":"","sources":["../../../src/engine/dep-auditor/vuln-data.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"vuln-data.d.ts","sourceRoot":"","sources":["../../../src/engine/dep-auditor/vuln-data.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGpE,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAgHxD,CAAC;AAEF,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAoBjE"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { isVersionBelow } from './semver-utils.js';
|
|
1
2
|
export const KNOWN_VULNS = {
|
|
2
3
|
lodash: [
|
|
3
4
|
{
|
|
@@ -111,26 +112,6 @@ export const KNOWN_VULNS = {
|
|
|
111
112
|
},
|
|
112
113
|
],
|
|
113
114
|
};
|
|
114
|
-
function isVersionBelow(current, threshold) {
|
|
115
|
-
const parseParts = (v) => {
|
|
116
|
-
const cleaned = v.replace(/^[^0-9]*/, '');
|
|
117
|
-
return cleaned.split('.').map((p) => parseInt(p, 10) || 0);
|
|
118
|
-
};
|
|
119
|
-
const cur = parseParts(current);
|
|
120
|
-
const thr = parseParts(threshold);
|
|
121
|
-
const len = Math.max(cur.length, thr.length);
|
|
122
|
-
for (let i = 0; i < len; i++) {
|
|
123
|
-
const c = cur[i] ?? 0;
|
|
124
|
-
const t = thr[i] ?? 0;
|
|
125
|
-
if (c < t) {
|
|
126
|
-
return true;
|
|
127
|
-
}
|
|
128
|
-
if (c > t) {
|
|
129
|
-
return false;
|
|
130
|
-
}
|
|
131
|
-
}
|
|
132
|
-
return false;
|
|
133
|
-
}
|
|
134
115
|
export function getVulns(name, version) {
|
|
135
116
|
const entries = KNOWN_VULNS[name];
|
|
136
117
|
if (!entries) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vuln-data.js","sourceRoot":"","sources":["../../../src/engine/dep-auditor/vuln-data.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"vuln-data.js","sourceRoot":"","sources":["../../../src/engine/dep-auditor/vuln-data.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,MAAM,CAAC,MAAM,WAAW,GAAqC;IAC3D,MAAM,EAAE;QACN;YACE,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,+BAA+B;YAC5C,OAAO,EAAE,SAAS;SACnB;QACD;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,gCAAgC;YAC7C,OAAO,EAAE,SAAS;SACnB;KACF;IACD,KAAK,EAAE;QACL;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,4BAA4B;YACzC,OAAO,EAAE,OAAO;SACjB;KACF;IACD,EAAE,EAAE;QACF;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,qBAAqB;YAClC,OAAO,EAAE,OAAO;SACjB;KACF;IACD,MAAM,EAAE;QACN;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,qBAAqB;YAClC,OAAO,EAAE,OAAO;SACjB;KACF;IACD,KAAK,EAAE;QACL;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,qBAAqB;YAClC,OAAO,EAAE,OAAO;SACjB;KACF;IACD,QAAQ,EAAE;QACR;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,8CAA8C;YAC3D,OAAO,EAAE,OAAO;SACjB;KACF;IACD,GAAG,EAAE;QACH;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,4CAA4C;YACzD,OAAO,EAAE,OAAO;SACjB;KACF;IACD,YAAY,EAAE;QACZ;YACE,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,kDAAkD;YAC/D,OAAO,EAAE,OAAO;SACjB;KACF;IACD,MAAM,EAAE;QACN,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE;QAC/F;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,wBAAwB;YACrC,OAAO,EAAE,QAAQ;SAClB;KACF;IACD,YAAY,EAAE;QACZ;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,OAAO;SACjB;KACF;IACD,sBAAsB,EAAE;QACtB;YACE,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,0BAA0B;YACvC,OAAO,EAAE,OAAO;SACjB;KACF;IACD,IAAI,EAAE;QACJ;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,qBAAqB;YAClC,OAAO,EAAE,OAAO;SACjB;KACF;IACD,YAAY,EAAE;QACZ;YACE,KAAK,EAAE,gBAAgB;YACvB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,qBAAqB;YAClC,OAAO,EAAE,OAAO;SACjB;KACF;CACF,CAAC;AAEF,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,OAAe;IACpD,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,OAAO;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QAChB,sBAAsB;QACtB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACf,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC,CAAC,CAAC;AACR,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -155,6 +155,7 @@ import { registerSpec331Tools } from './tools/register-spec-331-tools.js';
|
|
|
155
155
|
import { registerFilesystemHooksTools } from './tools/register-filesystem-hooks-tools.js';
|
|
156
156
|
import { registerSkillsEvalTools } from './tools/register-skills-eval-tools.js';
|
|
157
157
|
import { registerTrialTools } from './tools/register-trial-tools.js';
|
|
158
|
+
import { registerDepAuditTools } from './tools/register-dep-audit-tools.js';
|
|
158
159
|
// Server setup
|
|
159
160
|
const SERVER_INSTRUCTIONS = [
|
|
160
161
|
'CONTEXT — Why structured specs matter:',
|
|
@@ -379,6 +380,7 @@ function registerExtendedTools(s) {
|
|
|
379
380
|
registerFilesystemHooksTools(s);
|
|
380
381
|
registerSkillsEvalTools(s);
|
|
381
382
|
registerTrialTools(s);
|
|
383
|
+
registerDepAuditTools(s);
|
|
382
384
|
registerPrompts(s);
|
|
383
385
|
}
|
|
384
386
|
function createMcpServer() {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,+CAA+C;AAC/C,mFAAmF;AAEnF,8EAA8E;AAC9E,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,UAAU;IACV,UAAU;IACV,WAAW;IACX,OAAO;IACP,OAAO;IACP,SAAS;IACT,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,WAAW;IACX,UAAU;IACV,SAAS;IACT,OAAO;IACP,MAAM;IACN,SAAS;CACV,CAAC;AACF,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjC,IAAI,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IAClD,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAClD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAEpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,+BAA+B,EAAE,MAAM,gDAAgD,CAAC;AACjG,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,2BAA2B,EAAE,MAAM,0CAA0C,CAAC;AACvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AACrF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAC9F,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,kCAAkC,EAAE,MAAM,+CAA+C,CAAC;AACnG,OAAO,EAAE,4BAA4B,EAAE,MAAM,wCAAwC,CAAC;AACtF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,yBAAyB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,+BAA+B,EAAE,MAAM,2CAA2C,CAAC;AAC5F,OAAO,EAAE,mCAAmC,EAAE,MAAM,+CAA+C,CAAC;AACpG,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AACxF,OAAO,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAC;AAChG,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,EAAE,gCAAgC,EAAE,MAAM,gDAAgD,CAAC;AAClG,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,6CAA6C,CAAC;AAC3F,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,gCAAgC,EAAE,MAAM,gDAAgD,CAAC;AAClG,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,kCAAkC,EAAE,MAAM,oCAAoC,CAAC;AACxF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,eAAe;AACf,MAAM,mBAAmB,GAAG;IAC1B,wCAAwC;IACxC,sFAAsF;IACtF,8FAA8F;IAC9F,yFAAyF;IACzF,kFAAkF;IAClF,EAAE;IACF,6FAA6F;IAC7F,EAAE;IACF,oDAAoD;IACpD,8KAA8K;IAC9K,oHAAoH;IACpH,mGAAmG;IACnG,6GAA6G;IAC7G,yEAAyE;IACzE,qHAAqH;IACrH,qFAAqF;IACrF,2DAA2D;IAC3D,oFAAoF;IACpF,gIAAgI;IAChI,mGAAmG;IACnG,4FAA4F;IAC5F,EAAE;IACF,wDAAwD;IACxD,EAAE;IACF,wFAAwF;IACxF,0FAA0F;IAC1F,qFAAqF;IACrF,8EAA8E;IAC9E,yEAAyE;IACzE,6EAA6E;IAC7E,6EAA6E;IAC7E,+HAA+H;IAC/H,oGAAoG;IACpG,qFAAqF;IACrF,2FAA2F;IAC3F,oGAAoG;IACpG,gHAAgH;IAChH,0FAA0F;IAC1F,qFAAqF;IACrF,gGAAgG;IAChG,yEAAyE;IACzE,kGAAkG;IAClG,sHAAsH;IACtH,yFAAyF;IACzF,yEAAyE;IACzE,qFAAqF;IACrF,EAAE;IACF,6DAA6D;IAC7D,sEAAsE;IACtE,+EAA+E;IAC/E,kFAAkF;IAClF,gFAAgF;IAChF,EAAE;IACF,6CAA6C;IAC7C,0HAA0H;IAC1H,uIAAuI;IACvI,0GAA0G;IAC1G,+EAA+E;IAC/E,kGAAkG;IAClG,+NAA+N;IAC/N,uGAAuG;IACvG,4IAA4I;IAC5I,EAAE;IACF,yDAAyD;IACzD,+IAA+I;IAC/I,2GAA2G;IAC3G,kLAAkL;IAClL,mHAAmH;IACnH,6HAA6H;IAC7H,6GAA6G;IAC7G,EAAE;IACF,oEAAoE;IACpE,qFAAqF;IACrF,wFAAwF;IACxF,0FAA0F;IAC1F,iHAAiH;IACjH,4GAA4G;IAC5G,8FAA8F;IAC9F,6FAA6F;IAC7F,2GAA2G;IAC3G,mFAAmF;IACnF,wFAAwF;IACxF,qGAAqG;IACrG,yFAAyF;IACzF,yFAAyF;IACzF,kFAAkF;IAClF,kFAAkF;IAClF,qFAAqF;IACrF,+EAA+E;IAC/E,uGAAuG;IACvG,kGAAkG;IAClG,EAAE;IACF,mDAAmD;IACnD,yFAAyF;IACzF,4FAA4F;IAC5F,8DAA8D;IAC9D,8FAA8F;IAC9F,8GAA8G;IAC9G,EAAE;IACF,oCAAoC;IACpC,6NAA6N;CAC9N,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,SAAS,iBAAiB,CAAC,CAAY;IACrC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,6BAA6B,CAAC,CAAC,CAAC,CAAC;IACjC,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,eAAe,CAAC,CAAC,CAAC,CAAC;IACnB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACpB,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,kBAAkB,CAAC,CAAC,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,qBAAqB,CAAC,CAAY;IACzC,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,+BAA+B,CAAC,CAAC,CAAC,CAAC;IACnC,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,8BAA8B,CAAC,CAAC,CAAC,CAAC;IAClC,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACpB,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,2BAA2B,CAAC,CAAC,CAAC,CAAC;IAC/B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,8BAA8B,CAAC,CAAC,CAAC,CAAC;IAClC,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,kCAAkC,CAAC,CAAC,CAAC,CAAC;IACtC,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,2BAA2B,CAAC,CAAC,CAAC,CAAC;IAC/B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,6BAA6B,CAAC,CAAC,CAAC,CAAC;IACjC,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,+BAA+B,CAAC,CAAC,CAAC,CAAC;IACnC,mCAAmC,CAAC,CAAC,CAAC,CAAC;IACvC,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,2BAA2B,CAAC,CAAC,CAAC,CAAC;IAC/B,+BAA+B,CAAC,CAAC,CAAC,CAAC;IACnC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,gCAAgC,CAAC,CAAC,CAAC,CAAC;IACpC,gCAAgC,CAAC,CAAC,CAAC,CAAC;IACpC,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,gCAAgC,CAAC,CAAC,CAAC,CAAC;IACpC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,6BAA6B,CAAC,CAAC,CAAC,CAAC;IACjC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,kCAAkC,CAAC,CAAC,CAAC,CAAC;IACtC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,eAAe,CAAC,CAAC,CAAC,CAAC;AACrB,CAAC;AACD,SAAS,eAAe;IACtB,MAAM,CAAC,GAAG,gBAAgB,CACxB,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,CAAC,CAChG,CAAC;IACF,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kEAAkE;AAClE,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;AAEjC,eAAe;AACf,KAAK,UAAU,IAAI;IACjB,8EAA8E;IAC9E,eAAe,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;QAC3B,iBAAiB;IACnB,CAAC,CAAC,CAAC;IAEH,6EAA6E;IAC7E,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,6DAA6D;IAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC3C,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,qBAAqB,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACzE,kDAAkD;YAClD,OAAO,CAAC,KAAK,CAAC,yDAAyD,EAAE,GAAG,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;IACL,CAAC;IAED,yGAAyG;IACzG,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,OAAO,EAAE,GAAG,EAAE;QAClD,MAAM,CAAC,mBAAmB,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IACH,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;IAC1B,eAAe,CAAC,YAAY,CAAC,CAAC;IAE9B,MAAM,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;AACxE,CAAC;AAED,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAc,EAAE,EAAE;IACjD,sBAAsB;IACtB,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;AACtD,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAe,EAAE,EAAE;IACnD,sBAAsB;IACtB,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;IAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,+CAA+C;AAC/C,mFAAmF;AAEnF,8EAA8E;AAC9E,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,UAAU;IACV,UAAU;IACV,WAAW;IACX,OAAO;IACP,OAAO;IACP,SAAS;IACT,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,WAAW;IACX,UAAU;IACV,SAAS;IACT,OAAO;IACP,MAAM;IACN,SAAS;CACV,CAAC;AACF,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjC,IAAI,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IAClD,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAClD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAEpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,+BAA+B,EAAE,MAAM,gDAAgD,CAAC;AACjG,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,2BAA2B,EAAE,MAAM,0CAA0C,CAAC;AACvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AACrF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAC9F,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,kCAAkC,EAAE,MAAM,+CAA+C,CAAC;AACnG,OAAO,EAAE,4BAA4B,EAAE,MAAM,wCAAwC,CAAC;AACtF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,yBAAyB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,+BAA+B,EAAE,MAAM,2CAA2C,CAAC;AAC5F,OAAO,EAAE,mCAAmC,EAAE,MAAM,+CAA+C,CAAC;AACpG,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AACxF,OAAO,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAC;AAChG,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,EAAE,gCAAgC,EAAE,MAAM,gDAAgD,CAAC;AAClG,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,6CAA6C,CAAC;AAC3F,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,gCAAgC,EAAE,MAAM,gDAAgD,CAAC;AAClG,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,kCAAkC,EAAE,MAAM,oCAAoC,CAAC;AACxF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAE5E,eAAe;AACf,MAAM,mBAAmB,GAAG;IAC1B,wCAAwC;IACxC,sFAAsF;IACtF,8FAA8F;IAC9F,yFAAyF;IACzF,kFAAkF;IAClF,EAAE;IACF,6FAA6F;IAC7F,EAAE;IACF,oDAAoD;IACpD,8KAA8K;IAC9K,oHAAoH;IACpH,mGAAmG;IACnG,6GAA6G;IAC7G,yEAAyE;IACzE,qHAAqH;IACrH,qFAAqF;IACrF,2DAA2D;IAC3D,oFAAoF;IACpF,gIAAgI;IAChI,mGAAmG;IACnG,4FAA4F;IAC5F,EAAE;IACF,wDAAwD;IACxD,EAAE;IACF,wFAAwF;IACxF,0FAA0F;IAC1F,qFAAqF;IACrF,8EAA8E;IAC9E,yEAAyE;IACzE,6EAA6E;IAC7E,6EAA6E;IAC7E,+HAA+H;IAC/H,oGAAoG;IACpG,qFAAqF;IACrF,2FAA2F;IAC3F,oGAAoG;IACpG,gHAAgH;IAChH,0FAA0F;IAC1F,qFAAqF;IACrF,gGAAgG;IAChG,yEAAyE;IACzE,kGAAkG;IAClG,sHAAsH;IACtH,yFAAyF;IACzF,yEAAyE;IACzE,qFAAqF;IACrF,EAAE;IACF,6DAA6D;IAC7D,sEAAsE;IACtE,+EAA+E;IAC/E,kFAAkF;IAClF,gFAAgF;IAChF,EAAE;IACF,6CAA6C;IAC7C,0HAA0H;IAC1H,uIAAuI;IACvI,0GAA0G;IAC1G,+EAA+E;IAC/E,kGAAkG;IAClG,+NAA+N;IAC/N,uGAAuG;IACvG,4IAA4I;IAC5I,EAAE;IACF,yDAAyD;IACzD,+IAA+I;IAC/I,2GAA2G;IAC3G,kLAAkL;IAClL,mHAAmH;IACnH,6HAA6H;IAC7H,6GAA6G;IAC7G,EAAE;IACF,oEAAoE;IACpE,qFAAqF;IACrF,wFAAwF;IACxF,0FAA0F;IAC1F,iHAAiH;IACjH,4GAA4G;IAC5G,8FAA8F;IAC9F,6FAA6F;IAC7F,2GAA2G;IAC3G,mFAAmF;IACnF,wFAAwF;IACxF,qGAAqG;IACrG,yFAAyF;IACzF,yFAAyF;IACzF,kFAAkF;IAClF,kFAAkF;IAClF,qFAAqF;IACrF,+EAA+E;IAC/E,uGAAuG;IACvG,kGAAkG;IAClG,EAAE;IACF,mDAAmD;IACnD,yFAAyF;IACzF,4FAA4F;IAC5F,8DAA8D;IAC9D,8FAA8F;IAC9F,8GAA8G;IAC9G,EAAE;IACF,oCAAoC;IACpC,6NAA6N;CAC9N,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,SAAS,iBAAiB,CAAC,CAAY;IACrC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,6BAA6B,CAAC,CAAC,CAAC,CAAC;IACjC,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,eAAe,CAAC,CAAC,CAAC,CAAC;IACnB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACpB,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,kBAAkB,CAAC,CAAC,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,qBAAqB,CAAC,CAAY;IACzC,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,+BAA+B,CAAC,CAAC,CAAC,CAAC;IACnC,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,8BAA8B,CAAC,CAAC,CAAC,CAAC;IAClC,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACpB,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,2BAA2B,CAAC,CAAC,CAAC,CAAC;IAC/B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,8BAA8B,CAAC,CAAC,CAAC,CAAC;IAClC,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,kCAAkC,CAAC,CAAC,CAAC,CAAC;IACtC,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,2BAA2B,CAAC,CAAC,CAAC,CAAC;IAC/B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,6BAA6B,CAAC,CAAC,CAAC,CAAC;IACjC,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,yBAAyB,CAAC,CAAC,CAAC,CAAC;IAC7B,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,+BAA+B,CAAC,CAAC,CAAC,CAAC;IACnC,mCAAmC,CAAC,CAAC,CAAC,CAAC;IACvC,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,2BAA2B,CAAC,CAAC,CAAC,CAAC;IAC/B,+BAA+B,CAAC,CAAC,CAAC,CAAC;IACnC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,wBAAwB,CAAC,CAAC,CAAC,CAAC;IAC5B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,0BAA0B,CAAC,CAAC,CAAC,CAAC;IAC9B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,gCAAgC,CAAC,CAAC,CAAC,CAAC;IACpC,gCAAgC,CAAC,CAAC,CAAC,CAAC;IACpC,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,gCAAgC,CAAC,CAAC,CAAC,CAAC;IACpC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,6BAA6B,CAAC,CAAC,CAAC,CAAC;IACjC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,kCAAkC,CAAC,CAAC,CAAC,CAAC;IACtC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IACxB,4BAA4B,CAAC,CAAC,CAAC,CAAC;IAChC,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAC3B,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,eAAe,CAAC,CAAC,CAAC,CAAC;AACrB,CAAC;AACD,SAAS,eAAe;IACtB,MAAM,CAAC,GAAG,gBAAgB,CACxB,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,CAAC,CAChG,CAAC;IACF,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kEAAkE;AAClE,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;AAEjC,eAAe;AACf,KAAK,UAAU,IAAI;IACjB,8EAA8E;IAC9E,eAAe,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;QAC3B,iBAAiB;IACnB,CAAC,CAAC,CAAC;IAEH,6EAA6E;IAC7E,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,6DAA6D;IAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC3C,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,qBAAqB,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACzE,kDAAkD;YAClD,OAAO,CAAC,KAAK,CAAC,yDAAyD,EAAE,GAAG,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;IACL,CAAC;IAED,yGAAyG;IACzG,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,OAAO,EAAE,GAAG,EAAE;QAClD,MAAM,CAAC,mBAAmB,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IACH,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;IAC1B,eAAe,CAAC,YAAY,CAAC,CAAC;IAE9B,MAAM,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;AACxE,CAAC;AAED,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAc,EAAE,EAAE;IACjD,sBAAsB;IACtB,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;AACtD,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAe,EAAE,EAAE;IACnD,sBAAsB;IACtB,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;IAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register-dep-audit-tools.d.ts","sourceRoot":"","sources":["../../src/tools/register-dep-audit-tools.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA+HzE,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAiE7D"}
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
// tools/register-dep-audit-tools.ts — Registers the security_scan MCP tool (SPEC-335)
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
import { auditDeps } from '../engine/dep-auditor/index.js';
|
|
4
|
+
import { safeTracked, safeLicensed } from './safe-handler.js';
|
|
5
|
+
// ---------------------------------------------------------------------------
|
|
6
|
+
// Report formatting helpers
|
|
7
|
+
// ---------------------------------------------------------------------------
|
|
8
|
+
function vulnLine(vuln) {
|
|
9
|
+
const fix = vuln.fixedIn ? ` — fixed in ${vuln.fixedIn}` : ' — no fix available';
|
|
10
|
+
return ` - [${vuln.severity.toUpperCase()}] ${vuln.cveId}: ${vuln.description}${fix}`;
|
|
11
|
+
}
|
|
12
|
+
function entryLines(entry) {
|
|
13
|
+
const lines = [`- **${entry.name}** @ ${entry.currentVersion}`];
|
|
14
|
+
for (const v of entry.vulns) {
|
|
15
|
+
lines.push(vulnLine(v));
|
|
16
|
+
}
|
|
17
|
+
if (entry.license.compatibility === 'critical') {
|
|
18
|
+
lines.push(` - [LICENSE] ${entry.license.reason}`);
|
|
19
|
+
}
|
|
20
|
+
if (entry.abandoned.isAbandoned) {
|
|
21
|
+
lines.push(` - [ABANDONED] ${entry.abandoned.reason}`);
|
|
22
|
+
if (entry.abandoned.suggestedAlternative) {
|
|
23
|
+
lines.push(` Alternative: ${entry.abandoned.suggestedAlternative}`);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
return lines;
|
|
27
|
+
}
|
|
28
|
+
function criticalVulnCves(report) {
|
|
29
|
+
const cves = [];
|
|
30
|
+
for (const entry of report.critical) {
|
|
31
|
+
for (const v of entry.vulns) {
|
|
32
|
+
if (v.severity === 'critical') {
|
|
33
|
+
cves.push(`${v.cveId} (${entry.name})`);
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
return cves;
|
|
38
|
+
}
|
|
39
|
+
function buildFullReport(report) {
|
|
40
|
+
const lines = [
|
|
41
|
+
'## Security Scan Report',
|
|
42
|
+
'',
|
|
43
|
+
`**Ecosystem**: ${report.ecosystem}`,
|
|
44
|
+
`**Dependencies scanned**: ${report.totalDeps}`,
|
|
45
|
+
`**Summary**: ${report.summary}`,
|
|
46
|
+
'',
|
|
47
|
+
];
|
|
48
|
+
if (report.critical.length > 0) {
|
|
49
|
+
lines.push('### Critical Issues');
|
|
50
|
+
lines.push('');
|
|
51
|
+
for (const entry of report.critical) {
|
|
52
|
+
lines.push(...entryLines(entry));
|
|
53
|
+
}
|
|
54
|
+
lines.push('');
|
|
55
|
+
}
|
|
56
|
+
if (report.warnings.length > 0) {
|
|
57
|
+
lines.push('### Warnings (high/medium severity)');
|
|
58
|
+
lines.push('');
|
|
59
|
+
for (const entry of report.warnings) {
|
|
60
|
+
lines.push(...entryLines(entry));
|
|
61
|
+
}
|
|
62
|
+
lines.push('');
|
|
63
|
+
}
|
|
64
|
+
if (report.duplicates.length > 0) {
|
|
65
|
+
lines.push('### Duplicate Dependency Groups');
|
|
66
|
+
lines.push('');
|
|
67
|
+
for (const dup of report.duplicates) {
|
|
68
|
+
lines.push(`- [${dup.category}] ${dup.packages.join(', ')} — ${dup.recommendation}`);
|
|
69
|
+
}
|
|
70
|
+
lines.push('');
|
|
71
|
+
}
|
|
72
|
+
if (report.critical.length === 0 && report.warnings.length === 0) {
|
|
73
|
+
lines.push('No vulnerabilities or license conflicts detected.');
|
|
74
|
+
lines.push('');
|
|
75
|
+
}
|
|
76
|
+
return lines.join('\n');
|
|
77
|
+
}
|
|
78
|
+
function buildFreeReport(report) {
|
|
79
|
+
const criticalEntries = report.critical.filter((e) => e.vulns.some((v) => v.severity === 'critical'));
|
|
80
|
+
const lines = [
|
|
81
|
+
'## Security Scan Report (free tier — npm critical CVEs only)',
|
|
82
|
+
'',
|
|
83
|
+
`**Ecosystem**: ${report.ecosystem}`,
|
|
84
|
+
`**Dependencies scanned**: ${report.totalDeps}`,
|
|
85
|
+
'',
|
|
86
|
+
];
|
|
87
|
+
if (criticalEntries.length === 0) {
|
|
88
|
+
lines.push('No critical CVEs detected in npm dependencies.');
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
lines.push('### Critical CVEs Detected');
|
|
92
|
+
lines.push('');
|
|
93
|
+
for (const entry of criticalEntries) {
|
|
94
|
+
for (const v of entry.vulns) {
|
|
95
|
+
if (v.severity === 'critical') {
|
|
96
|
+
lines.push(vulnLine(v).replace(/^ {2}/, `- ${entry.name}@${entry.currentVersion} `));
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
lines.push('');
|
|
101
|
+
lines.push('> Upgrade to Pro to see high/medium vulnerabilities, license conflicts, and abandoned packages.');
|
|
102
|
+
}
|
|
103
|
+
return lines.join('\n');
|
|
104
|
+
}
|
|
105
|
+
// ---------------------------------------------------------------------------
|
|
106
|
+
// Registration
|
|
107
|
+
// ---------------------------------------------------------------------------
|
|
108
|
+
export function registerDepAuditTools(server) {
|
|
109
|
+
// Free tier: npm critical CVEs only
|
|
110
|
+
server.registerTool('security_scan', {
|
|
111
|
+
description: 'Scan project dependencies for security vulnerabilities, license conflicts, and abandoned packages. ' +
|
|
112
|
+
'Free tier: npm critical CVEs only. Pro: all ecosystems, full severity breakdown.',
|
|
113
|
+
annotations: { readOnlyHint: true },
|
|
114
|
+
inputSchema: {
|
|
115
|
+
projectPath: z
|
|
116
|
+
.string()
|
|
117
|
+
.min(1)
|
|
118
|
+
.max(4096)
|
|
119
|
+
.describe('Absolute path to the project root to audit'),
|
|
120
|
+
ecosystem: z
|
|
121
|
+
.enum(['npm', 'python', 'all'])
|
|
122
|
+
.optional()
|
|
123
|
+
.describe('Ecosystem filter: npm (Node.js), python, or all. Pro only for python/all. Default: npm'),
|
|
124
|
+
},
|
|
125
|
+
}, safeTracked('security_scan', async (args) => {
|
|
126
|
+
const report = await auditDeps(args.projectPath);
|
|
127
|
+
const text = buildFreeReport(report);
|
|
128
|
+
return { content: [{ type: 'text', text }] };
|
|
129
|
+
}));
|
|
130
|
+
// Pro tier: all ecosystems, full report
|
|
131
|
+
server.registerTool('security_scan_pro', {
|
|
132
|
+
description: 'Full security scan across all ecosystems (npm, Python, Go, Rust, Java). ' +
|
|
133
|
+
'Reports critical → high → medium → low vulnerabilities, license conflicts, and abandoned packages. Requires Pro plan.',
|
|
134
|
+
annotations: { readOnlyHint: true },
|
|
135
|
+
inputSchema: {
|
|
136
|
+
projectPath: z
|
|
137
|
+
.string()
|
|
138
|
+
.min(1)
|
|
139
|
+
.max(4096)
|
|
140
|
+
.describe('Absolute path to the project root to audit'),
|
|
141
|
+
ecosystem: z
|
|
142
|
+
.enum(['npm', 'python', 'all'])
|
|
143
|
+
.optional()
|
|
144
|
+
.describe('Ecosystem filter: npm, python, or all (default). Pro feature for python/all ecosystems.'),
|
|
145
|
+
},
|
|
146
|
+
}, safeLicensed('security_scan_pro', async (args) => {
|
|
147
|
+
const report = await auditDeps(args.projectPath);
|
|
148
|
+
const text = buildFullReport(report);
|
|
149
|
+
const cves = criticalVulnCves(report);
|
|
150
|
+
if (cves.length > 0) {
|
|
151
|
+
const warnText = `\n\n> CRITICAL CVEs detected: ${cves.join(', ')}. Address these before deploying to production.`;
|
|
152
|
+
return { content: [{ type: 'text', text: text + warnText }] };
|
|
153
|
+
}
|
|
154
|
+
return { content: [{ type: 'text', text }] };
|
|
155
|
+
}));
|
|
156
|
+
}
|
|
157
|
+
//# sourceMappingURL=register-dep-audit-tools.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register-dep-audit-tools.js","sourceRoot":"","sources":["../../src/tools/register-dep-audit-tools.ts"],"names":[],"mappings":"AAAA,sFAAsF;AAGtF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAG9D,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,IAAa;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC;IACjF,OAAO,QAAQ,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC;AACzF,CAAC;AAED,SAAS,UAAU,CAAC,KAAoB;IACtC,MAAM,KAAK,GAAa,CAAC,OAAO,KAAK,CAAC,IAAI,QAAQ,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC;IAC1E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,iBAAiB,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,mBAAmB,KAAK,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,oBAAoB,KAAK,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAsB;IAC9C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,MAAsB;IAC7C,MAAM,KAAK,GAAa;QACtB,yBAAyB;QACzB,EAAE;QACF,kBAAkB,MAAM,CAAC,SAAS,EAAE;QACpC,6BAA6B,MAAM,CAAC,SAAS,EAAE;QAC/C,gBAAgB,MAAM,CAAC,OAAO,EAAE;QAChC,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACnC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACnC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;QACvF,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjE,KAAK,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAChE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,eAAe,CAAC,MAAsB;IAC7C,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACnD,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAC/C,CAAC;IAEF,MAAM,KAAK,GAAa;QACtB,8DAA8D;QAC9D,EAAE;QACF,kBAAkB,MAAM,CAAC,SAAS,EAAE;QACpC,6BAA6B,MAAM,CAAC,SAAS,EAAE;QAC/C,EAAE;KACH,CAAC;IAEF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBAC5B,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;oBAC9B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,iGAAiG,CAClG,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CAAC,MAAiB;IACrD,oCAAoC;IACpC,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;QACE,WAAW,EACT,qGAAqG;YACrG,kFAAkF;QACpF,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;QACnC,WAAW,EAAE;YACX,WAAW,EAAE,CAAC;iBACX,MAAM,EAAE;iBACR,GAAG,CAAC,CAAC,CAAC;iBACN,GAAG,CAAC,IAAI,CAAC;iBACT,QAAQ,CAAC,4CAA4C,CAAC;YACzD,SAAS,EAAE,CAAC;iBACT,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;iBAC9B,QAAQ,EAAE;iBACV,QAAQ,CACP,wFAAwF,CACzF;SACJ;KACF,EACD,WAAW,CAAC,eAAe,EAAE,KAAK,EAAE,IAAiD,EAAE,EAAE;QACvF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACxD,CAAC,CAAC,CACH,CAAC;IAEF,wCAAwC;IACxC,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,WAAW,EACT,0EAA0E;YAC1E,uHAAuH;QACzH,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;QACnC,WAAW,EAAE;YACX,WAAW,EAAE,CAAC;iBACX,MAAM,EAAE;iBACR,GAAG,CAAC,CAAC,CAAC;iBACN,GAAG,CAAC,IAAI,CAAC;iBACT,QAAQ,CAAC,4CAA4C,CAAC;YACzD,SAAS,EAAE,CAAC;iBACT,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;iBAC9B,QAAQ,EAAE;iBACV,QAAQ,CACP,yFAAyF,CAC1F;SACJ;KACF,EACD,YAAY,CAAC,mBAAmB,EAAE,KAAK,EAAE,IAAiD,EAAE,EAAE;QAC5F,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,IAAI,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,QAAQ,GAAG,iCAAiC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iDAAiD,CAAC;YACnH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,GAAG,QAAQ,EAAE,CAAC,EAAE,CAAC;QACzE,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACxD,CAAC,CAAC,CACH,CAAC;AACJ,CAAC"}
|
|
@@ -13,4 +13,18 @@ export declare function runValidateGate(spec: Spec, projectPath: string, forceSt
|
|
|
13
13
|
* Returns an error ToolResult if blocked (unless force=true), null if passed.
|
|
14
14
|
*/
|
|
15
15
|
export declare function checkDodGate(spec: Spec, specId: string, projectId: string, projectPath: string | undefined, _force: boolean): Promise<ToolResult | null>;
|
|
16
|
+
/**
|
|
17
|
+
* SPEC-335: Security gate — blocks 'done' transition if critical CVEs are found.
|
|
18
|
+
* Only runs when projectPath is available. Never throws — best-effort.
|
|
19
|
+
* Returns an error ToolResult if blocked, null if passed or skipped.
|
|
20
|
+
*
|
|
21
|
+
* Exported for testing; callers should prefer checkDoneGates for the full gate suite.
|
|
22
|
+
*/
|
|
23
|
+
export declare function checkSecurityGate(projectPath: string | undefined, specId: string, force?: boolean): Promise<ToolResult | null>;
|
|
24
|
+
/**
|
|
25
|
+
* SPEC-335: Combined done-gates runner — DoD + security.
|
|
26
|
+
* Replaces two sequential gate calls in handleUpdateStatus with a single branch point,
|
|
27
|
+
* keeping the outer function's cyclomatic complexity within limit.
|
|
28
|
+
*/
|
|
29
|
+
export declare function checkDoneGates(spec: Spec, specId: string, projectId: string, projectPath: string | undefined, force: boolean | undefined): Promise<ToolResult | null>;
|
|
16
30
|
//# sourceMappingURL=dod-gates.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dod-gates.d.ts","sourceRoot":"","sources":["../../../src/tools/update-status/dod-gates.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAKvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"dod-gates.d.ts","sourceRoot":"","sources":["../../../src/tools/update-status/dod-gates.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAKvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGrD,wGAAwG;AACxG,wBAAsB,eAAe,CACnC,IAAI,EAAE,IAAI,EACV,WAAW,EAAE,MAAM,EACnB,WAAW,CAAC,EAAE,OAAO,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAAC,CAgBtF;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CA2E5B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,OAAO,GACd,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAoC5B;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,KAAK,EAAE,OAAO,GAAG,SAAS,GACzB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAQ5B"}
|
|
@@ -2,6 +2,7 @@ import { validateSpec } from '../../engine/validator.js';
|
|
|
2
2
|
import { generateDoD } from '../../engine/validator/dor-dod.js';
|
|
3
3
|
import { addLesson, getLessons } from '../../storage/lessons-store.js';
|
|
4
4
|
import { dispatchFeedbackEvent } from '../learn.js';
|
|
5
|
+
import { auditDeps } from '../../engine/dep-auditor/index.js';
|
|
5
6
|
/** SPEC-222 Trigger 1: Run validate engine before marking done. Returns score or null on error/skip. */
|
|
6
7
|
export async function runValidateGate(spec, projectPath, forceStatus) {
|
|
7
8
|
if (forceStatus) {
|
|
@@ -91,6 +92,59 @@ export async function checkDodGate(spec, specId, projectId, projectPath, _force)
|
|
|
91
92
|
},
|
|
92
93
|
};
|
|
93
94
|
}
|
|
95
|
+
/**
|
|
96
|
+
* SPEC-335: Security gate — blocks 'done' transition if critical CVEs are found.
|
|
97
|
+
* Only runs when projectPath is available. Never throws — best-effort.
|
|
98
|
+
* Returns an error ToolResult if blocked, null if passed or skipped.
|
|
99
|
+
*
|
|
100
|
+
* Exported for testing; callers should prefer checkDoneGates for the full gate suite.
|
|
101
|
+
*/
|
|
102
|
+
export async function checkSecurityGate(projectPath, specId, force) {
|
|
103
|
+
if (!projectPath || force) {
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
try {
|
|
107
|
+
const report = await auditDeps(projectPath);
|
|
108
|
+
const criticalVulns = report.critical.flatMap((entry) => entry.vulns
|
|
109
|
+
.filter((v) => v.severity === 'critical')
|
|
110
|
+
.map((v) => `${v.cveId} in ${entry.name}@${entry.currentVersion}`));
|
|
111
|
+
if (criticalVulns.length === 0) {
|
|
112
|
+
return null;
|
|
113
|
+
}
|
|
114
|
+
const cveList = criticalVulns.join(', ');
|
|
115
|
+
const highVulns = report.critical.flatMap((entry) => entry.vulns.filter((v) => v.severity === 'high').map((v) => `${v.cveId} in ${entry.name}`));
|
|
116
|
+
const highNote = highVulns.length > 0 ? `\n\nHigh severity (warning only): ${highVulns.join(', ')}` : '';
|
|
117
|
+
return {
|
|
118
|
+
content: [
|
|
119
|
+
{
|
|
120
|
+
type: 'text',
|
|
121
|
+
text: `Security gate blocked: critical CVEs detected — ${cveList}.` +
|
|
122
|
+
` Fix or upgrade affected packages before marking ${specId} as done.` +
|
|
123
|
+
` Use force:true to bypass.${highNote}`,
|
|
124
|
+
},
|
|
125
|
+
],
|
|
126
|
+
isError: true,
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
catch {
|
|
130
|
+
/* best-effort — never block transition due to audit errors */
|
|
131
|
+
return null;
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* SPEC-335: Combined done-gates runner — DoD + security.
|
|
136
|
+
* Replaces two sequential gate calls in handleUpdateStatus with a single branch point,
|
|
137
|
+
* keeping the outer function's cyclomatic complexity within limit.
|
|
138
|
+
*/
|
|
139
|
+
export async function checkDoneGates(spec, specId, projectId, projectPath, force) {
|
|
140
|
+
if (!force) {
|
|
141
|
+
const dodError = await checkDodGate(spec, specId, projectId, projectPath, false);
|
|
142
|
+
if (dodError) {
|
|
143
|
+
return dodError;
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
return checkSecurityGate(projectPath, specId, force);
|
|
147
|
+
}
|
|
94
148
|
async function autoCaptureLessonDodGate(spec, specId, projectId, projectPath) {
|
|
95
149
|
try {
|
|
96
150
|
const existing = await getLessons(projectPath, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dod-gates.js","sourceRoot":"","sources":["../../../src/tools/update-status/dod-gates.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"dod-gates.js","sourceRoot":"","sources":["../../../src/tools/update-status/dod-gates.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD,OAAO,EAAE,SAAS,EAAE,MAAM,mCAAmC,CAAC;AAE9D,wGAAwG;AACxG,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAU,EACV,WAAmB,EACnB,WAAqB;IAErB,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC7D,iFAAiF;QACjF,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,IAAI,GAAG,CAAC;QAC/C,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;QAC9C,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;QAC5D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAU,EACV,MAAc,EACd,SAAiB,EACjB,WAA+B,EAC/B,MAAe;IAEf,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACvE,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,aAAa;SAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAC7B,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK;SAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC;SACnD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAE7B,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uEAAuE;IACvE,IAAI,WAAW,EAAE,CAAC;QAChB,KAAK,wBAAwB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,YAAY,GAAG,sBAAsB,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,aAAa,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAC9J,MAAM,aAAa,GAAG,QAAQ,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,uBAAuB,aAAa,CAAC,MAAM,gBAAgB,YAAY,CAAC,MAAM,EAAE,CAAC;IAClJ,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAEnE,KAAK,qBAAqB,CAAC,SAAS,EAAE;QACpC,IAAI,EAAE,WAAW;QACjB,MAAM;QACN,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;QAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE;QACtD,KAAK,EAAE,EAAE,WAAW,EAAE,aAAa,CAAC,MAAM,EAAE;QAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;QACxB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,aAAa;SAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAEhF,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;oBACE,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,YAAY;oBACrB,aAAa;oBACb,aAAa;oBACb,WAAW;oBACX,YAAY;oBACZ,QAAQ;oBACR,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,IAAI;oBACpC,IAAI,EAAE,sDAAsD;iBAC7D,EACD,IAAI,EACJ,CAAC,CACF;aACF;SACF;QACD,OAAO,EAAE,IAAI;QACb,iBAAiB,EAAE;YACjB,KAAK,EAAE,iBAAiB;YACxB,IAAI,EAAE,GAAG;YACT,OAAO,EAAE;gBACP,MAAM;gBACN,aAAa;gBACb,YAAY;gBACZ,MAAM,EAAE,GAAG,CAAC,WAAW;gBACvB,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM;aACxB;YACD,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;gBACvB,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,CAAC,uCAAuC;gBACjE,CAAC,CAAC,qCAAqC;SAC1C;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAA+B,EAC/B,MAAc,EACd,KAAe;IAEf,IAAI,CAAC,WAAW,IAAI,KAAK,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CACtD,KAAK,CAAC,KAAK;aACR,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;aACxC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC,CACrE,CAAC;QACF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAClD,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,CAC3F,CAAC;QACF,MAAM,QAAQ,GACZ,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,qCAAqC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1F,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EACF,mDAAmD,OAAO,GAAG;wBAC7D,oDAAoD,MAAM,WAAW;wBACrE,6BAA6B,QAAQ,EAAE;iBAC1C;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAU,EACV,MAAc,EACd,SAAiB,EACjB,WAA+B,EAC/B,KAA0B;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACjF,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,IAAU,EACV,MAAc,EACd,SAAiB,EACjB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,WAAW,EAAE;YAC7C,MAAM;YACN,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,CAAC,eAAe,EAAE,UAAU,CAAC;SACpC,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,MAAM,SAAS,CAAC,WAAW,EAAE;YAC3B,SAAS;YACT,MAAM;YACN,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wBAAwB,IAAI,CAAC,KAAK,EAAE;YAC3C,WAAW,EAAE,0EAA0E;YACvF,UAAU,EAAE,uEAAuE;YACnF,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC;SAClD,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,+BAA+B;IACjC,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tools/update-status/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAuB,MAAM,sBAAsB,CAAC;AAsJ/F,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,UAAU,CAAC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tools/update-status/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAuB,MAAM,sBAAsB,CAAC;AAsJ/F,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,UAAU,CAAC,CA+OvF"}
|
|
@@ -12,7 +12,7 @@ import { checkTransition, checkDorGate, resolveAutoAdvanceSteps } from './transi
|
|
|
12
12
|
import { checkApprovalGate } from '../../engine/approval-workflow.js';
|
|
13
13
|
import * as approvalStore from '../../storage/approval-store.js';
|
|
14
14
|
import { isLocked, getLock } from '../../storage/spec-lock-store.js';
|
|
15
|
-
import { runValidateGate,
|
|
15
|
+
import { runValidateGate, checkDoneGates } from './dod-gates.js';
|
|
16
16
|
import { buildStatusResponse } from './response-builder.js';
|
|
17
17
|
import { recordDoneMetrics, syncSpecFiles, tryReconcile } from './file-sync.js';
|
|
18
18
|
import { fireAndForgetSideEffects } from './side-effects.js';
|
|
@@ -162,11 +162,11 @@ export async function handleUpdateStatus(params) {
|
|
|
162
162
|
}
|
|
163
163
|
// Load knowledge for project path (needed for DoD gates, validate trigger and HTML regen)
|
|
164
164
|
const knowledge = await knowledgeStore.getKnowledge(projectId);
|
|
165
|
-
// Gate: DoD must pass before transitioning to 'done' (
|
|
166
|
-
if (newStatus === 'done'
|
|
167
|
-
const
|
|
168
|
-
if (
|
|
169
|
-
return
|
|
165
|
+
// Gate: DoD + security — both must pass before transitioning to 'done' (SPEC-335)
|
|
166
|
+
if (newStatus === 'done') {
|
|
167
|
+
const doneGateError = await checkDoneGates(spec, specId, projectId, knowledge?.projectPath ?? params.projectPath, params.force);
|
|
168
|
+
if (doneGateError) {
|
|
169
|
+
return doneGateError;
|
|
170
170
|
}
|
|
171
171
|
}
|
|
172
172
|
// SPEC-222 Trigger 1: Auto-validate before marking done
|