@sentriflow/cli 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +40 -0
  2. package/dist/index.js +1827 -360
  3. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -1,15 +1,766 @@
1
1
  #!/usr/bin/env node
2
+ var __create = Object.create;
2
3
  var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
3
8
  var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
4
9
  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
5
10
  }) : x)(function(x) {
6
11
  if (typeof require !== "undefined") return require.apply(this, arguments);
7
12
  throw Error('Dynamic require of "' + x + '" is not supported');
8
13
  });
14
+ var __commonJS = (cb, mod) => function __require2() {
15
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
16
+ };
9
17
  var __export = (target, all) => {
10
18
  for (var name in all)
11
19
  __defProp(target, name, { get: all[name], enumerable: true });
12
20
  };
21
+ var __copyProps = (to, from, except, desc) => {
22
+ if (from && typeof from === "object" || typeof from === "function") {
23
+ for (let key of __getOwnPropNames(from))
24
+ if (!__hasOwnProp.call(to, key) && key !== except)
25
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
26
+ }
27
+ return to;
28
+ };
29
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
30
+ // If the importer is in node compatibility mode or this is not an ESM
31
+ // file that has been converted to a CommonJS file using a Babel-
32
+ // compatible transform (i.e. "__esModule" has not been set), then set
33
+ // "default" to the CommonJS "module.exports" for node compatibility.
34
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
35
+ mod
36
+ ));
37
+
38
+ // ../../node_modules/.bun/node-machine-id@1.1.12/node_modules/node-machine-id/dist/index.js
39
+ var require_dist = __commonJS({
40
+ "../../node_modules/.bun/node-machine-id@1.1.12/node_modules/node-machine-id/dist/index.js"(exports, module) {
41
+ !(function(t, n) {
42
+ "object" == typeof exports && "object" == typeof module ? module.exports = n(__require("child_process"), __require("crypto")) : "function" == typeof define && define.amd ? define(["child_process", "crypto"], n) : "object" == typeof exports ? exports["electron-machine-id"] = n(__require("child_process"), __require("crypto")) : t["electron-machine-id"] = n(t.child_process, t.crypto);
43
+ })(exports, function(t, n) {
44
+ return (function(t2) {
45
+ function n2(e) {
46
+ if (r[e]) return r[e].exports;
47
+ var o = r[e] = { exports: {}, id: e, loaded: false };
48
+ return t2[e].call(o.exports, o, o.exports, n2), o.loaded = true, o.exports;
49
+ }
50
+ var r = {};
51
+ return n2.m = t2, n2.c = r, n2.p = "", n2(0);
52
+ })([function(t2, n2, r) {
53
+ t2.exports = r(34);
54
+ }, function(t2, n2, r) {
55
+ var e = r(29)("wks"), o = r(33), i = r(2).Symbol, c = "function" == typeof i, u = t2.exports = function(t3) {
56
+ return e[t3] || (e[t3] = c && i[t3] || (c ? i : o)("Symbol." + t3));
57
+ };
58
+ u.store = e;
59
+ }, function(t2, n2) {
60
+ var r = t2.exports = "undefined" != typeof window && window.Math == Math ? window : "undefined" != typeof self && self.Math == Math ? self : Function("return this")();
61
+ "number" == typeof __g && (__g = r);
62
+ }, function(t2, n2, r) {
63
+ var e = r(9);
64
+ t2.exports = function(t3) {
65
+ if (!e(t3)) throw TypeError(t3 + " is not an object!");
66
+ return t3;
67
+ };
68
+ }, function(t2, n2, r) {
69
+ t2.exports = !r(24)(function() {
70
+ return 7 != Object.defineProperty({}, "a", { get: function() {
71
+ return 7;
72
+ } }).a;
73
+ });
74
+ }, function(t2, n2, r) {
75
+ var e = r(12), o = r(17);
76
+ t2.exports = r(4) ? function(t3, n3, r2) {
77
+ return e.f(t3, n3, o(1, r2));
78
+ } : function(t3, n3, r2) {
79
+ return t3[n3] = r2, t3;
80
+ };
81
+ }, function(t2, n2) {
82
+ var r = t2.exports = { version: "2.4.0" };
83
+ "number" == typeof __e && (__e = r);
84
+ }, function(t2, n2, r) {
85
+ var e = r(14);
86
+ t2.exports = function(t3, n3, r2) {
87
+ if (e(t3), void 0 === n3) return t3;
88
+ switch (r2) {
89
+ case 1:
90
+ return function(r3) {
91
+ return t3.call(n3, r3);
92
+ };
93
+ case 2:
94
+ return function(r3, e2) {
95
+ return t3.call(n3, r3, e2);
96
+ };
97
+ case 3:
98
+ return function(r3, e2, o) {
99
+ return t3.call(n3, r3, e2, o);
100
+ };
101
+ }
102
+ return function() {
103
+ return t3.apply(n3, arguments);
104
+ };
105
+ };
106
+ }, function(t2, n2) {
107
+ var r = {}.hasOwnProperty;
108
+ t2.exports = function(t3, n3) {
109
+ return r.call(t3, n3);
110
+ };
111
+ }, function(t2, n2) {
112
+ t2.exports = function(t3) {
113
+ return "object" == typeof t3 ? null !== t3 : "function" == typeof t3;
114
+ };
115
+ }, function(t2, n2) {
116
+ t2.exports = {};
117
+ }, function(t2, n2) {
118
+ var r = {}.toString;
119
+ t2.exports = function(t3) {
120
+ return r.call(t3).slice(8, -1);
121
+ };
122
+ }, function(t2, n2, r) {
123
+ var e = r(3), o = r(26), i = r(32), c = Object.defineProperty;
124
+ n2.f = r(4) ? Object.defineProperty : function(t3, n3, r2) {
125
+ if (e(t3), n3 = i(n3, true), e(r2), o) try {
126
+ return c(t3, n3, r2);
127
+ } catch (t4) {
128
+ }
129
+ if ("get" in r2 || "set" in r2) throw TypeError("Accessors not supported!");
130
+ return "value" in r2 && (t3[n3] = r2.value), t3;
131
+ };
132
+ }, function(t2, n2, r) {
133
+ var e = r(42), o = r(15);
134
+ t2.exports = function(t3) {
135
+ return e(o(t3));
136
+ };
137
+ }, function(t2, n2) {
138
+ t2.exports = function(t3) {
139
+ if ("function" != typeof t3) throw TypeError(t3 + " is not a function!");
140
+ return t3;
141
+ };
142
+ }, function(t2, n2) {
143
+ t2.exports = function(t3) {
144
+ if (void 0 == t3) throw TypeError("Can't call method on " + t3);
145
+ return t3;
146
+ };
147
+ }, function(t2, n2, r) {
148
+ var e = r(9), o = r(2).document, i = e(o) && e(o.createElement);
149
+ t2.exports = function(t3) {
150
+ return i ? o.createElement(t3) : {};
151
+ };
152
+ }, function(t2, n2) {
153
+ t2.exports = function(t3, n3) {
154
+ return { enumerable: !(1 & t3), configurable: !(2 & t3), writable: !(4 & t3), value: n3 };
155
+ };
156
+ }, function(t2, n2, r) {
157
+ var e = r(12).f, o = r(8), i = r(1)("toStringTag");
158
+ t2.exports = function(t3, n3, r2) {
159
+ t3 && !o(t3 = r2 ? t3 : t3.prototype, i) && e(t3, i, { configurable: true, value: n3 });
160
+ };
161
+ }, function(t2, n2, r) {
162
+ var e = r(29)("keys"), o = r(33);
163
+ t2.exports = function(t3) {
164
+ return e[t3] || (e[t3] = o(t3));
165
+ };
166
+ }, function(t2, n2) {
167
+ var r = Math.ceil, e = Math.floor;
168
+ t2.exports = function(t3) {
169
+ return isNaN(t3 = +t3) ? 0 : (t3 > 0 ? e : r)(t3);
170
+ };
171
+ }, function(t2, n2, r) {
172
+ var e = r(11), o = r(1)("toStringTag"), i = "Arguments" == e(/* @__PURE__ */ (function() {
173
+ return arguments;
174
+ })()), c = function(t3, n3) {
175
+ try {
176
+ return t3[n3];
177
+ } catch (t4) {
178
+ }
179
+ };
180
+ t2.exports = function(t3) {
181
+ var n3, r2, u;
182
+ return void 0 === t3 ? "Undefined" : null === t3 ? "Null" : "string" == typeof (r2 = c(n3 = Object(t3), o)) ? r2 : i ? e(n3) : "Object" == (u = e(n3)) && "function" == typeof n3.callee ? "Arguments" : u;
183
+ };
184
+ }, function(t2, n2) {
185
+ t2.exports = "constructor,hasOwnProperty,isPrototypeOf,propertyIsEnumerable,toLocaleString,toString,valueOf".split(",");
186
+ }, function(t2, n2, r) {
187
+ var e = r(2), o = r(6), i = r(7), c = r(5), u = "prototype", s = function(t3, n3, r2) {
188
+ var f, a, p, l = t3 & s.F, v = t3 & s.G, h = t3 & s.S, d = t3 & s.P, y = t3 & s.B, _ = t3 & s.W, x = v ? o : o[n3] || (o[n3] = {}), m = x[u], w = v ? e : h ? e[n3] : (e[n3] || {})[u];
189
+ v && (r2 = n3);
190
+ for (f in r2) a = !l && w && void 0 !== w[f], a && f in x || (p = a ? w[f] : r2[f], x[f] = v && "function" != typeof w[f] ? r2[f] : y && a ? i(p, e) : _ && w[f] == p ? (function(t4) {
191
+ var n4 = function(n5, r3, e2) {
192
+ if (this instanceof t4) {
193
+ switch (arguments.length) {
194
+ case 0:
195
+ return new t4();
196
+ case 1:
197
+ return new t4(n5);
198
+ case 2:
199
+ return new t4(n5, r3);
200
+ }
201
+ return new t4(n5, r3, e2);
202
+ }
203
+ return t4.apply(this, arguments);
204
+ };
205
+ return n4[u] = t4[u], n4;
206
+ })(p) : d && "function" == typeof p ? i(Function.call, p) : p, d && ((x.virtual || (x.virtual = {}))[f] = p, t3 & s.R && m && !m[f] && c(m, f, p)));
207
+ };
208
+ s.F = 1, s.G = 2, s.S = 4, s.P = 8, s.B = 16, s.W = 32, s.U = 64, s.R = 128, t2.exports = s;
209
+ }, function(t2, n2) {
210
+ t2.exports = function(t3) {
211
+ try {
212
+ return !!t3();
213
+ } catch (t4) {
214
+ return true;
215
+ }
216
+ };
217
+ }, function(t2, n2, r) {
218
+ t2.exports = r(2).document && document.documentElement;
219
+ }, function(t2, n2, r) {
220
+ t2.exports = !r(4) && !r(24)(function() {
221
+ return 7 != Object.defineProperty(r(16)("div"), "a", { get: function() {
222
+ return 7;
223
+ } }).a;
224
+ });
225
+ }, function(t2, n2, r) {
226
+ "use strict";
227
+ var e = r(28), o = r(23), i = r(57), c = r(5), u = r(8), s = r(10), f = r(45), a = r(18), p = r(52), l = r(1)("iterator"), v = !([].keys && "next" in [].keys()), h = "@@iterator", d = "keys", y = "values", _ = function() {
228
+ return this;
229
+ };
230
+ t2.exports = function(t3, n3, r2, x, m, w, g) {
231
+ f(r2, n3, x);
232
+ var b, O, j, S = function(t4) {
233
+ if (!v && t4 in T) return T[t4];
234
+ switch (t4) {
235
+ case d:
236
+ return function() {
237
+ return new r2(this, t4);
238
+ };
239
+ case y:
240
+ return function() {
241
+ return new r2(this, t4);
242
+ };
243
+ }
244
+ return function() {
245
+ return new r2(this, t4);
246
+ };
247
+ }, E = n3 + " Iterator", P = m == y, M = false, T = t3.prototype, A = T[l] || T[h] || m && T[m], k = A || S(m), C = m ? P ? S("entries") : k : void 0, I = "Array" == n3 ? T.entries || A : A;
248
+ if (I && (j = p(I.call(new t3())), j !== Object.prototype && (a(j, E, true), e || u(j, l) || c(j, l, _))), P && A && A.name !== y && (M = true, k = function() {
249
+ return A.call(this);
250
+ }), e && !g || !v && !M && T[l] || c(T, l, k), s[n3] = k, s[E] = _, m) if (b = { values: P ? k : S(y), keys: w ? k : S(d), entries: C }, g) for (O in b) O in T || i(T, O, b[O]);
251
+ else o(o.P + o.F * (v || M), n3, b);
252
+ return b;
253
+ };
254
+ }, function(t2, n2) {
255
+ t2.exports = true;
256
+ }, function(t2, n2, r) {
257
+ var e = r(2), o = "__core-js_shared__", i = e[o] || (e[o] = {});
258
+ t2.exports = function(t3) {
259
+ return i[t3] || (i[t3] = {});
260
+ };
261
+ }, function(t2, n2, r) {
262
+ var e, o, i, c = r(7), u = r(41), s = r(25), f = r(16), a = r(2), p = a.process, l = a.setImmediate, v = a.clearImmediate, h = a.MessageChannel, d = 0, y = {}, _ = "onreadystatechange", x = function() {
263
+ var t3 = +this;
264
+ if (y.hasOwnProperty(t3)) {
265
+ var n3 = y[t3];
266
+ delete y[t3], n3();
267
+ }
268
+ }, m = function(t3) {
269
+ x.call(t3.data);
270
+ };
271
+ l && v || (l = function(t3) {
272
+ for (var n3 = [], r2 = 1; arguments.length > r2; ) n3.push(arguments[r2++]);
273
+ return y[++d] = function() {
274
+ u("function" == typeof t3 ? t3 : Function(t3), n3);
275
+ }, e(d), d;
276
+ }, v = function(t3) {
277
+ delete y[t3];
278
+ }, "process" == r(11)(p) ? e = function(t3) {
279
+ p.nextTick(c(x, t3, 1));
280
+ } : h ? (o = new h(), i = o.port2, o.port1.onmessage = m, e = c(i.postMessage, i, 1)) : a.addEventListener && "function" == typeof postMessage && !a.importScripts ? (e = function(t3) {
281
+ a.postMessage(t3 + "", "*");
282
+ }, a.addEventListener("message", m, false)) : e = _ in f("script") ? function(t3) {
283
+ s.appendChild(f("script"))[_] = function() {
284
+ s.removeChild(this), x.call(t3);
285
+ };
286
+ } : function(t3) {
287
+ setTimeout(c(x, t3, 1), 0);
288
+ }), t2.exports = { set: l, clear: v };
289
+ }, function(t2, n2, r) {
290
+ var e = r(20), o = Math.min;
291
+ t2.exports = function(t3) {
292
+ return t3 > 0 ? o(e(t3), 9007199254740991) : 0;
293
+ };
294
+ }, function(t2, n2, r) {
295
+ var e = r(9);
296
+ t2.exports = function(t3, n3) {
297
+ if (!e(t3)) return t3;
298
+ var r2, o;
299
+ if (n3 && "function" == typeof (r2 = t3.toString) && !e(o = r2.call(t3))) return o;
300
+ if ("function" == typeof (r2 = t3.valueOf) && !e(o = r2.call(t3))) return o;
301
+ if (!n3 && "function" == typeof (r2 = t3.toString) && !e(o = r2.call(t3))) return o;
302
+ throw TypeError("Can't convert object to primitive value");
303
+ };
304
+ }, function(t2, n2) {
305
+ var r = 0, e = Math.random();
306
+ t2.exports = function(t3) {
307
+ return "Symbol(".concat(void 0 === t3 ? "" : t3, ")_", (++r + e).toString(36));
308
+ };
309
+ }, function(t2, n2, r) {
310
+ "use strict";
311
+ function e(t3) {
312
+ return t3 && t3.__esModule ? t3 : { default: t3 };
313
+ }
314
+ function o() {
315
+ return "win32" !== process.platform ? "" : "ia32" === process.arch && process.env.hasOwnProperty("PROCESSOR_ARCHITEW6432") ? "mixed" : "native";
316
+ }
317
+ function i(t3) {
318
+ return (0, l.createHash)("sha256").update(t3).digest("hex");
319
+ }
320
+ function c(t3) {
321
+ switch (h) {
322
+ case "darwin":
323
+ return t3.split("IOPlatformUUID")[1].split("\n")[0].replace(/\=|\s+|\"/gi, "").toLowerCase();
324
+ case "win32":
325
+ return t3.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi, "").toLowerCase();
326
+ case "linux":
327
+ return t3.toString().replace(/\r+|\n+|\s+/gi, "").toLowerCase();
328
+ case "freebsd":
329
+ return t3.toString().replace(/\r+|\n+|\s+/gi, "").toLowerCase();
330
+ default:
331
+ throw new Error("Unsupported platform: " + process.platform);
332
+ }
333
+ }
334
+ function u(t3) {
335
+ var n3 = c((0, p.execSync)(y[h]).toString());
336
+ return t3 ? n3 : i(n3);
337
+ }
338
+ function s(t3) {
339
+ return new a.default(function(n3, r2) {
340
+ return (0, p.exec)(y[h], {}, function(e2, o2, u2) {
341
+ if (e2) return r2(new Error("Error while obtaining machine id: " + e2.stack));
342
+ var s2 = c(o2.toString());
343
+ return n3(t3 ? s2 : i(s2));
344
+ });
345
+ });
346
+ }
347
+ Object.defineProperty(n2, "__esModule", { value: true });
348
+ var f = r(35), a = e(f);
349
+ n2.machineIdSync = u, n2.machineId = s;
350
+ var p = r(70), l = r(71), v = process, h = v.platform, d = { native: "%windir%\\System32", mixed: "%windir%\\sysnative\\cmd.exe /c %windir%\\System32" }, y = { darwin: "ioreg -rd1 -c IOPlatformExpertDevice", win32: d[o()] + "\\REG.exe QUERY HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography /v MachineGuid", linux: "( cat /var/lib/dbus/machine-id /etc/machine-id 2> /dev/null || hostname ) | head -n 1 || :", freebsd: "kenv -q smbios.system.uuid || sysctl -n kern.hostuuid" };
351
+ }, function(t2, n2, r) {
352
+ t2.exports = { default: r(36), __esModule: true };
353
+ }, function(t2, n2, r) {
354
+ r(66), r(68), r(69), r(67), t2.exports = r(6).Promise;
355
+ }, function(t2, n2) {
356
+ t2.exports = function() {
357
+ };
358
+ }, function(t2, n2) {
359
+ t2.exports = function(t3, n3, r, e) {
360
+ if (!(t3 instanceof n3) || void 0 !== e && e in t3) throw TypeError(r + ": incorrect invocation!");
361
+ return t3;
362
+ };
363
+ }, function(t2, n2, r) {
364
+ var e = r(13), o = r(31), i = r(62);
365
+ t2.exports = function(t3) {
366
+ return function(n3, r2, c) {
367
+ var u, s = e(n3), f = o(s.length), a = i(c, f);
368
+ if (t3 && r2 != r2) {
369
+ for (; f > a; ) if (u = s[a++], u != u) return true;
370
+ } else for (; f > a; a++) if ((t3 || a in s) && s[a] === r2) return t3 || a || 0;
371
+ return !t3 && -1;
372
+ };
373
+ };
374
+ }, function(t2, n2, r) {
375
+ var e = r(7), o = r(44), i = r(43), c = r(3), u = r(31), s = r(64), f = {}, a = {}, n2 = t2.exports = function(t3, n3, r2, p, l) {
376
+ var v, h, d, y, _ = l ? function() {
377
+ return t3;
378
+ } : s(t3), x = e(r2, p, n3 ? 2 : 1), m = 0;
379
+ if ("function" != typeof _) throw TypeError(t3 + " is not iterable!");
380
+ if (i(_)) {
381
+ for (v = u(t3.length); v > m; m++) if (y = n3 ? x(c(h = t3[m])[0], h[1]) : x(t3[m]), y === f || y === a) return y;
382
+ } else for (d = _.call(t3); !(h = d.next()).done; ) if (y = o(d, x, h.value, n3), y === f || y === a) return y;
383
+ };
384
+ n2.BREAK = f, n2.RETURN = a;
385
+ }, function(t2, n2) {
386
+ t2.exports = function(t3, n3, r) {
387
+ var e = void 0 === r;
388
+ switch (n3.length) {
389
+ case 0:
390
+ return e ? t3() : t3.call(r);
391
+ case 1:
392
+ return e ? t3(n3[0]) : t3.call(r, n3[0]);
393
+ case 2:
394
+ return e ? t3(n3[0], n3[1]) : t3.call(r, n3[0], n3[1]);
395
+ case 3:
396
+ return e ? t3(n3[0], n3[1], n3[2]) : t3.call(r, n3[0], n3[1], n3[2]);
397
+ case 4:
398
+ return e ? t3(n3[0], n3[1], n3[2], n3[3]) : t3.call(r, n3[0], n3[1], n3[2], n3[3]);
399
+ }
400
+ return t3.apply(r, n3);
401
+ };
402
+ }, function(t2, n2, r) {
403
+ var e = r(11);
404
+ t2.exports = Object("z").propertyIsEnumerable(0) ? Object : function(t3) {
405
+ return "String" == e(t3) ? t3.split("") : Object(t3);
406
+ };
407
+ }, function(t2, n2, r) {
408
+ var e = r(10), o = r(1)("iterator"), i = Array.prototype;
409
+ t2.exports = function(t3) {
410
+ return void 0 !== t3 && (e.Array === t3 || i[o] === t3);
411
+ };
412
+ }, function(t2, n2, r) {
413
+ var e = r(3);
414
+ t2.exports = function(t3, n3, r2, o) {
415
+ try {
416
+ return o ? n3(e(r2)[0], r2[1]) : n3(r2);
417
+ } catch (n4) {
418
+ var i = t3.return;
419
+ throw void 0 !== i && e(i.call(t3)), n4;
420
+ }
421
+ };
422
+ }, function(t2, n2, r) {
423
+ "use strict";
424
+ var e = r(49), o = r(17), i = r(18), c = {};
425
+ r(5)(c, r(1)("iterator"), function() {
426
+ return this;
427
+ }), t2.exports = function(t3, n3, r2) {
428
+ t3.prototype = e(c, { next: o(1, r2) }), i(t3, n3 + " Iterator");
429
+ };
430
+ }, function(t2, n2, r) {
431
+ var e = r(1)("iterator"), o = false;
432
+ try {
433
+ var i = [7][e]();
434
+ i.return = function() {
435
+ o = true;
436
+ }, Array.from(i, function() {
437
+ throw 2;
438
+ });
439
+ } catch (t3) {
440
+ }
441
+ t2.exports = function(t3, n3) {
442
+ if (!n3 && !o) return false;
443
+ var r2 = false;
444
+ try {
445
+ var i2 = [7], c = i2[e]();
446
+ c.next = function() {
447
+ return { done: r2 = true };
448
+ }, i2[e] = function() {
449
+ return c;
450
+ }, t3(i2);
451
+ } catch (t4) {
452
+ }
453
+ return r2;
454
+ };
455
+ }, function(t2, n2) {
456
+ t2.exports = function(t3, n3) {
457
+ return { value: n3, done: !!t3 };
458
+ };
459
+ }, function(t2, n2, r) {
460
+ var e = r(2), o = r(30).set, i = e.MutationObserver || e.WebKitMutationObserver, c = e.process, u = e.Promise, s = "process" == r(11)(c);
461
+ t2.exports = function() {
462
+ var t3, n3, r2, f = function() {
463
+ var e2, o2;
464
+ for (s && (e2 = c.domain) && e2.exit(); t3; ) {
465
+ o2 = t3.fn, t3 = t3.next;
466
+ try {
467
+ o2();
468
+ } catch (e3) {
469
+ throw t3 ? r2() : n3 = void 0, e3;
470
+ }
471
+ }
472
+ n3 = void 0, e2 && e2.enter();
473
+ };
474
+ if (s) r2 = function() {
475
+ c.nextTick(f);
476
+ };
477
+ else if (i) {
478
+ var a = true, p = document.createTextNode("");
479
+ new i(f).observe(p, { characterData: true }), r2 = function() {
480
+ p.data = a = !a;
481
+ };
482
+ } else if (u && u.resolve) {
483
+ var l = u.resolve();
484
+ r2 = function() {
485
+ l.then(f);
486
+ };
487
+ } else r2 = function() {
488
+ o.call(e, f);
489
+ };
490
+ return function(e2) {
491
+ var o2 = { fn: e2, next: void 0 };
492
+ n3 && (n3.next = o2), t3 || (t3 = o2, r2()), n3 = o2;
493
+ };
494
+ };
495
+ }, function(t2, n2, r) {
496
+ var e = r(3), o = r(50), i = r(22), c = r(19)("IE_PROTO"), u = function() {
497
+ }, s = "prototype", f = function() {
498
+ var t3, n3 = r(16)("iframe"), e2 = i.length, o2 = ">";
499
+ for (n3.style.display = "none", r(25).appendChild(n3), n3.src = "javascript:", t3 = n3.contentWindow.document, t3.open(), t3.write("<script>document.F=Object</script" + o2), t3.close(), f = t3.F; e2--; ) delete f[s][i[e2]];
500
+ return f();
501
+ };
502
+ t2.exports = Object.create || function(t3, n3) {
503
+ var r2;
504
+ return null !== t3 ? (u[s] = e(t3), r2 = new u(), u[s] = null, r2[c] = t3) : r2 = f(), void 0 === n3 ? r2 : o(r2, n3);
505
+ };
506
+ }, function(t2, n2, r) {
507
+ var e = r(12), o = r(3), i = r(54);
508
+ t2.exports = r(4) ? Object.defineProperties : function(t3, n3) {
509
+ o(t3);
510
+ for (var r2, c = i(n3), u = c.length, s = 0; u > s; ) e.f(t3, r2 = c[s++], n3[r2]);
511
+ return t3;
512
+ };
513
+ }, function(t2, n2, r) {
514
+ var e = r(55), o = r(17), i = r(13), c = r(32), u = r(8), s = r(26), f = Object.getOwnPropertyDescriptor;
515
+ n2.f = r(4) ? f : function(t3, n3) {
516
+ if (t3 = i(t3), n3 = c(n3, true), s) try {
517
+ return f(t3, n3);
518
+ } catch (t4) {
519
+ }
520
+ if (u(t3, n3)) return o(!e.f.call(t3, n3), t3[n3]);
521
+ };
522
+ }, function(t2, n2, r) {
523
+ var e = r(8), o = r(63), i = r(19)("IE_PROTO"), c = Object.prototype;
524
+ t2.exports = Object.getPrototypeOf || function(t3) {
525
+ return t3 = o(t3), e(t3, i) ? t3[i] : "function" == typeof t3.constructor && t3 instanceof t3.constructor ? t3.constructor.prototype : t3 instanceof Object ? c : null;
526
+ };
527
+ }, function(t2, n2, r) {
528
+ var e = r(8), o = r(13), i = r(39)(false), c = r(19)("IE_PROTO");
529
+ t2.exports = function(t3, n3) {
530
+ var r2, u = o(t3), s = 0, f = [];
531
+ for (r2 in u) r2 != c && e(u, r2) && f.push(r2);
532
+ for (; n3.length > s; ) e(u, r2 = n3[s++]) && (~i(f, r2) || f.push(r2));
533
+ return f;
534
+ };
535
+ }, function(t2, n2, r) {
536
+ var e = r(53), o = r(22);
537
+ t2.exports = Object.keys || function(t3) {
538
+ return e(t3, o);
539
+ };
540
+ }, function(t2, n2) {
541
+ n2.f = {}.propertyIsEnumerable;
542
+ }, function(t2, n2, r) {
543
+ var e = r(5);
544
+ t2.exports = function(t3, n3, r2) {
545
+ for (var o in n3) r2 && t3[o] ? t3[o] = n3[o] : e(t3, o, n3[o]);
546
+ return t3;
547
+ };
548
+ }, function(t2, n2, r) {
549
+ t2.exports = r(5);
550
+ }, function(t2, n2, r) {
551
+ var e = r(9), o = r(3), i = function(t3, n3) {
552
+ if (o(t3), !e(n3) && null !== n3) throw TypeError(n3 + ": can't set as prototype!");
553
+ };
554
+ t2.exports = { set: Object.setPrototypeOf || ("__proto__" in {} ? (function(t3, n3, e2) {
555
+ try {
556
+ e2 = r(7)(Function.call, r(51).f(Object.prototype, "__proto__").set, 2), e2(t3, []), n3 = !(t3 instanceof Array);
557
+ } catch (t4) {
558
+ n3 = true;
559
+ }
560
+ return function(t4, r2) {
561
+ return i(t4, r2), n3 ? t4.__proto__ = r2 : e2(t4, r2), t4;
562
+ };
563
+ })({}, false) : void 0), check: i };
564
+ }, function(t2, n2, r) {
565
+ "use strict";
566
+ var e = r(2), o = r(6), i = r(12), c = r(4), u = r(1)("species");
567
+ t2.exports = function(t3) {
568
+ var n3 = "function" == typeof o[t3] ? o[t3] : e[t3];
569
+ c && n3 && !n3[u] && i.f(n3, u, { configurable: true, get: function() {
570
+ return this;
571
+ } });
572
+ };
573
+ }, function(t2, n2, r) {
574
+ var e = r(3), o = r(14), i = r(1)("species");
575
+ t2.exports = function(t3, n3) {
576
+ var r2, c = e(t3).constructor;
577
+ return void 0 === c || void 0 == (r2 = e(c)[i]) ? n3 : o(r2);
578
+ };
579
+ }, function(t2, n2, r) {
580
+ var e = r(20), o = r(15);
581
+ t2.exports = function(t3) {
582
+ return function(n3, r2) {
583
+ var i, c, u = String(o(n3)), s = e(r2), f = u.length;
584
+ return s < 0 || s >= f ? t3 ? "" : void 0 : (i = u.charCodeAt(s), i < 55296 || i > 56319 || s + 1 === f || (c = u.charCodeAt(s + 1)) < 56320 || c > 57343 ? t3 ? u.charAt(s) : i : t3 ? u.slice(s, s + 2) : (i - 55296 << 10) + (c - 56320) + 65536);
585
+ };
586
+ };
587
+ }, function(t2, n2, r) {
588
+ var e = r(20), o = Math.max, i = Math.min;
589
+ t2.exports = function(t3, n3) {
590
+ return t3 = e(t3), t3 < 0 ? o(t3 + n3, 0) : i(t3, n3);
591
+ };
592
+ }, function(t2, n2, r) {
593
+ var e = r(15);
594
+ t2.exports = function(t3) {
595
+ return Object(e(t3));
596
+ };
597
+ }, function(t2, n2, r) {
598
+ var e = r(21), o = r(1)("iterator"), i = r(10);
599
+ t2.exports = r(6).getIteratorMethod = function(t3) {
600
+ if (void 0 != t3) return t3[o] || t3["@@iterator"] || i[e(t3)];
601
+ };
602
+ }, function(t2, n2, r) {
603
+ "use strict";
604
+ var e = r(37), o = r(47), i = r(10), c = r(13);
605
+ t2.exports = r(27)(Array, "Array", function(t3, n3) {
606
+ this._t = c(t3), this._i = 0, this._k = n3;
607
+ }, function() {
608
+ var t3 = this._t, n3 = this._k, r2 = this._i++;
609
+ return !t3 || r2 >= t3.length ? (this._t = void 0, o(1)) : "keys" == n3 ? o(0, r2) : "values" == n3 ? o(0, t3[r2]) : o(0, [r2, t3[r2]]);
610
+ }, "values"), i.Arguments = i.Array, e("keys"), e("values"), e("entries");
611
+ }, function(t2, n2) {
612
+ }, function(t2, n2, r) {
613
+ "use strict";
614
+ var e, o, i, c = r(28), u = r(2), s = r(7), f = r(21), a = r(23), p = r(9), l = (r(3), r(14)), v = r(38), h = r(40), d = (r(58).set, r(60)), y = r(30).set, _ = r(48)(), x = "Promise", m = u.TypeError, w = u.process, g = u[x], w = u.process, b = "process" == f(w), O = function() {
615
+ }, j = !!(function() {
616
+ try {
617
+ var t3 = g.resolve(1), n3 = (t3.constructor = {})[r(1)("species")] = function(t4) {
618
+ t4(O, O);
619
+ };
620
+ return (b || "function" == typeof PromiseRejectionEvent) && t3.then(O) instanceof n3;
621
+ } catch (t4) {
622
+ }
623
+ })(), S = function(t3, n3) {
624
+ return t3 === n3 || t3 === g && n3 === i;
625
+ }, E = function(t3) {
626
+ var n3;
627
+ return !(!p(t3) || "function" != typeof (n3 = t3.then)) && n3;
628
+ }, P = function(t3) {
629
+ return S(g, t3) ? new M(t3) : new o(t3);
630
+ }, M = o = function(t3) {
631
+ var n3, r2;
632
+ this.promise = new t3(function(t4, e2) {
633
+ if (void 0 !== n3 || void 0 !== r2) throw m("Bad Promise constructor");
634
+ n3 = t4, r2 = e2;
635
+ }), this.resolve = l(n3), this.reject = l(r2);
636
+ }, T = function(t3) {
637
+ try {
638
+ t3();
639
+ } catch (t4) {
640
+ return { error: t4 };
641
+ }
642
+ }, A = function(t3, n3) {
643
+ if (!t3._n) {
644
+ t3._n = true;
645
+ var r2 = t3._c;
646
+ _(function() {
647
+ for (var e2 = t3._v, o2 = 1 == t3._s, i2 = 0, c2 = function(n4) {
648
+ var r3, i3, c3 = o2 ? n4.ok : n4.fail, u2 = n4.resolve, s2 = n4.reject, f2 = n4.domain;
649
+ try {
650
+ c3 ? (o2 || (2 == t3._h && I(t3), t3._h = 1), c3 === true ? r3 = e2 : (f2 && f2.enter(), r3 = c3(e2), f2 && f2.exit()), r3 === n4.promise ? s2(m("Promise-chain cycle")) : (i3 = E(r3)) ? i3.call(r3, u2, s2) : u2(r3)) : s2(e2);
651
+ } catch (t4) {
652
+ s2(t4);
653
+ }
654
+ }; r2.length > i2; ) c2(r2[i2++]);
655
+ t3._c = [], t3._n = false, n3 && !t3._h && k(t3);
656
+ });
657
+ }
658
+ }, k = function(t3) {
659
+ y.call(u, function() {
660
+ var n3, r2, e2, o2 = t3._v;
661
+ if (C(t3) && (n3 = T(function() {
662
+ b ? w.emit("unhandledRejection", o2, t3) : (r2 = u.onunhandledrejection) ? r2({ promise: t3, reason: o2 }) : (e2 = u.console) && e2.error && e2.error("Unhandled promise rejection", o2);
663
+ }), t3._h = b || C(t3) ? 2 : 1), t3._a = void 0, n3) throw n3.error;
664
+ });
665
+ }, C = function(t3) {
666
+ if (1 == t3._h) return false;
667
+ for (var n3, r2 = t3._a || t3._c, e2 = 0; r2.length > e2; ) if (n3 = r2[e2++], n3.fail || !C(n3.promise)) return false;
668
+ return true;
669
+ }, I = function(t3) {
670
+ y.call(u, function() {
671
+ var n3;
672
+ b ? w.emit("rejectionHandled", t3) : (n3 = u.onrejectionhandled) && n3({ promise: t3, reason: t3._v });
673
+ });
674
+ }, R = function(t3) {
675
+ var n3 = this;
676
+ n3._d || (n3._d = true, n3 = n3._w || n3, n3._v = t3, n3._s = 2, n3._a || (n3._a = n3._c.slice()), A(n3, true));
677
+ }, F = function(t3) {
678
+ var n3, r2 = this;
679
+ if (!r2._d) {
680
+ r2._d = true, r2 = r2._w || r2;
681
+ try {
682
+ if (r2 === t3) throw m("Promise can't be resolved itself");
683
+ (n3 = E(t3)) ? _(function() {
684
+ var e2 = { _w: r2, _d: false };
685
+ try {
686
+ n3.call(t3, s(F, e2, 1), s(R, e2, 1));
687
+ } catch (t4) {
688
+ R.call(e2, t4);
689
+ }
690
+ }) : (r2._v = t3, r2._s = 1, A(r2, false));
691
+ } catch (t4) {
692
+ R.call({ _w: r2, _d: false }, t4);
693
+ }
694
+ }
695
+ };
696
+ j || (g = function(t3) {
697
+ v(this, g, x, "_h"), l(t3), e.call(this);
698
+ try {
699
+ t3(s(F, this, 1), s(R, this, 1));
700
+ } catch (t4) {
701
+ R.call(this, t4);
702
+ }
703
+ }, e = function(t3) {
704
+ this._c = [], this._a = void 0, this._s = 0, this._d = false, this._v = void 0, this._h = 0, this._n = false;
705
+ }, e.prototype = r(56)(g.prototype, { then: function(t3, n3) {
706
+ var r2 = P(d(this, g));
707
+ return r2.ok = "function" != typeof t3 || t3, r2.fail = "function" == typeof n3 && n3, r2.domain = b ? w.domain : void 0, this._c.push(r2), this._a && this._a.push(r2), this._s && A(this, false), r2.promise;
708
+ }, catch: function(t3) {
709
+ return this.then(void 0, t3);
710
+ } }), M = function() {
711
+ var t3 = new e();
712
+ this.promise = t3, this.resolve = s(F, t3, 1), this.reject = s(R, t3, 1);
713
+ }), a(a.G + a.W + a.F * !j, { Promise: g }), r(18)(g, x), r(59)(x), i = r(6)[x], a(a.S + a.F * !j, x, { reject: function(t3) {
714
+ var n3 = P(this), r2 = n3.reject;
715
+ return r2(t3), n3.promise;
716
+ } }), a(a.S + a.F * (c || !j), x, { resolve: function(t3) {
717
+ if (t3 instanceof g && S(t3.constructor, this)) return t3;
718
+ var n3 = P(this), r2 = n3.resolve;
719
+ return r2(t3), n3.promise;
720
+ } }), a(a.S + a.F * !(j && r(46)(function(t3) {
721
+ g.all(t3).catch(O);
722
+ })), x, { all: function(t3) {
723
+ var n3 = this, r2 = P(n3), e2 = r2.resolve, o2 = r2.reject, i2 = T(function() {
724
+ var r3 = [], i3 = 0, c2 = 1;
725
+ h(t3, false, function(t4) {
726
+ var u2 = i3++, s2 = false;
727
+ r3.push(void 0), c2++, n3.resolve(t4).then(function(t5) {
728
+ s2 || (s2 = true, r3[u2] = t5, --c2 || e2(r3));
729
+ }, o2);
730
+ }), --c2 || e2(r3);
731
+ });
732
+ return i2 && o2(i2.error), r2.promise;
733
+ }, race: function(t3) {
734
+ var n3 = this, r2 = P(n3), e2 = r2.reject, o2 = T(function() {
735
+ h(t3, false, function(t4) {
736
+ n3.resolve(t4).then(r2.resolve, e2);
737
+ });
738
+ });
739
+ return o2 && e2(o2.error), r2.promise;
740
+ } });
741
+ }, function(t2, n2, r) {
742
+ "use strict";
743
+ var e = r(61)(true);
744
+ r(27)(String, "String", function(t3) {
745
+ this._t = String(t3), this._i = 0;
746
+ }, function() {
747
+ var t3, n3 = this._t, r2 = this._i;
748
+ return r2 >= n3.length ? { value: void 0, done: true } : (t3 = e(n3, r2), this._i += t3.length, { value: t3, done: false });
749
+ });
750
+ }, function(t2, n2, r) {
751
+ r(65);
752
+ for (var e = r(2), o = r(5), i = r(10), c = r(1)("toStringTag"), u = ["NodeList", "DOMTokenList", "MediaList", "StyleSheetList", "CSSRuleList"], s = 0; s < 5; s++) {
753
+ var f = u[s], a = e[f], p = a && a.prototype;
754
+ p && !p[c] && o(p, c, f), i[f] = i.Array;
755
+ }
756
+ }, function(t2, n2) {
757
+ t2.exports = __require("child_process");
758
+ }, function(t2, n2) {
759
+ t2.exports = __require("crypto");
760
+ }]);
761
+ });
762
+ }
763
+ });
13
764
 
14
765
  // index.ts
15
766
  import { Command } from "commander";
@@ -71,15 +822,24 @@ var CiscoIOSSchema = {
71
822
  { pattern: /^banner\s+(motd|login|exec)/i, depth: 0 },
72
823
  { pattern: /^control-plane/i, depth: 0 },
73
824
  { pattern: /^ip\s+ips\s+signature-category/i, depth: 0 },
74
- // ============ DEPTH 1: Inside routing protocols ============
825
+ // ============ DEPTH 1: Inside routing protocols / policy-map ============
75
826
  { pattern: /^address-family\s+\S+/i, depth: 1 },
76
- { pattern: /^af-interface\s+\S+/i, depth: 1 },
77
- { pattern: /^topology\s+\S+/i, depth: 1 },
78
827
  { pattern: /^service-family\s+\S+/i, depth: 1 },
79
- { pattern: /^class\s+\S+/i, depth: 1 },
80
828
  { pattern: /^category\s+\S+/i, depth: 1 },
81
- // ============ DEPTH 2: Inside address-family ============
82
- { pattern: /^vrf\s+\S+/i, depth: 2 }
829
+ // Inside archive block
830
+ { pattern: /^log\s+config/i, depth: 1 },
831
+ // Inside key chain block
832
+ { pattern: /^key\s+\d+/i, depth: 1 },
833
+ // Inside policy-map (class block)
834
+ { pattern: /^class\s+\S+/i, depth: 1 },
835
+ // ============ DEPTH 2: Inside address-family / class ============
836
+ // Inside address-family (named EIGRP)
837
+ { pattern: /^af-interface\s+\S+/i, depth: 2 },
838
+ { pattern: /^topology\s+\S+/i, depth: 2 },
839
+ // Inside address-family (BGP vrf)
840
+ { pattern: /^vrf\s+\S+/i, depth: 2 },
841
+ // Inside class (QoS policing)
842
+ { pattern: /^police\s+/i, depth: 2 }
83
843
  ],
84
844
  blockEnders: [
85
845
  /^exit-address-family$/i,
@@ -147,11 +907,18 @@ var CiscoNXOSSchema = {
147
907
  // ============ DEPTH 1: Inside routing protocols ============
148
908
  { pattern: /^address-family\s+\S+/i, depth: 1 },
149
909
  { pattern: /^vrf\s+member\s+\S+/i, depth: 1 },
910
+ // VRF sub-context inside router bgp (e.g., "vrf TENANT-A")
911
+ // Uses negative lookahead (?!member\s) to avoid matching "vrf member X"
912
+ // This removes the ordering dependency with the vrf member pattern above
913
+ { pattern: /^vrf\s+(?!member\s)\S+/i, depth: 1 },
150
914
  { pattern: /^template\s+peer\s+\S+/i, depth: 1 },
151
915
  { pattern: /^neighbor\s+\S+/i, depth: 1 },
152
- { pattern: /^class\s+\S+/i, depth: 1 }
153
- // ============ DEPTH 2: Inside address-family ============
154
- // Note: NX-OS uses different VRF nesting than IOS
916
+ { pattern: /^class\s+\S+/i, depth: 1 },
917
+ // ============ DEPTH 2: Inside neighbor / address-family ============
918
+ // address-family inside neighbor block
919
+ { pattern: /^address-family\s+\S+/i, depth: 2 },
920
+ // Inside policy-map class (QoS)
921
+ { pattern: /^police\s+/i, depth: 2 }
155
922
  ],
156
923
  blockEnders: [
157
924
  /^exit-address-family$/i,
@@ -3045,6 +3812,7 @@ var MAX_LINE_COUNT = 1e5;
3045
3812
  var MAX_TRAVERSAL_DEPTH = 20;
3046
3813
  var ALLOWED_CONFIG_EXTENSIONS = [".js", ".ts", ".mjs", ".cjs"];
3047
3814
  var ALLOWED_ENCRYPTED_PACK_EXTENSIONS = [".grpx"];
3815
+ var ALLOWED_GRX2_PACK_EXTENSIONS = [".grx2"];
3048
3816
  var ALLOWED_JSON_RULES_EXTENSIONS = [".json"];
3049
3817
  var MAX_CONFIG_FILE_SIZE = 1024 * 1024;
3050
3818
  var MAX_ENCRYPTED_PACK_SIZE = 5 * 1024 * 1024;
@@ -3338,6 +4106,30 @@ var SchemaAwareParser = class {
3338
4106
  }
3339
4107
  }
3340
4108
  }
4109
+ if (isBlockStarter && currentLine.indent === 0) {
4110
+ const multiDepthsForSamePattern = this.getMultiDepthsForSamePattern(currentLine.sanitized);
4111
+ if (multiDepthsForSamePattern.length > 1) {
4112
+ const currentBlockType = currentLine.sanitized.split(/\s+/)[0];
4113
+ const maxSearch = Math.min(parentStack.length, MAX_NESTING_DEPTH);
4114
+ for (let i = parentStack.length - 1; i >= parentStack.length - maxSearch; i--) {
4115
+ const ancestor = parentStack[i];
4116
+ if (ancestor?.type === "section" && ancestor.blockDepth !== void 0) {
4117
+ const ancestorBlockType = ancestor.id.split(/\s+/)[0];
4118
+ if (ancestorBlockType === currentBlockType) {
4119
+ continue;
4120
+ }
4121
+ const ancestorDepth = ancestor.blockDepth;
4122
+ const validChildDepths = multiDepthsForSamePattern.filter(
4123
+ (d) => d > ancestorDepth
4124
+ );
4125
+ if (validChildDepths.length > 0) {
4126
+ blockStarterDepth = Math.min(...validChildDepths);
4127
+ break;
4128
+ }
4129
+ }
4130
+ }
4131
+ }
4132
+ }
3341
4133
  const newNodeType = isBlockStarter ? "section" : "command";
3342
4134
  const modifiedLine = {
3343
4135
  ...currentLine,
@@ -3427,6 +4219,33 @@ var SchemaAwareParser = class {
3427
4219
  }
3428
4220
  return depths;
3429
4221
  }
4222
+ /**
4223
+ * Returns depths only for patterns where the SAME regex pattern is defined
4224
+ * at multiple depth levels. This is used for flat config parsing where we need
4225
+ * to detect intentional multi-depth patterns (like address-family at depth 1 AND 2)
4226
+ * vs accidental overlaps (like vrf definition matching both vrf\s+definition and vrf\s+\S+).
4227
+ *
4228
+ * Example: address-family\s+\S+ at depth 1 AND depth 2 → returns [1, 2]
4229
+ * Example: vrf definition X matching vrf\s+definition (depth 0) AND vrf\s+\S+ (depth 2) → returns []
4230
+ */
4231
+ getMultiDepthsForSamePattern(sanitizedLine) {
4232
+ const patternToDepths = /* @__PURE__ */ new Map();
4233
+ for (const def of this.vendor.blockStarters) {
4234
+ if (def.pattern.test(sanitizedLine)) {
4235
+ const key = `${def.pattern.source}|${def.pattern.flags}`;
4236
+ if (!patternToDepths.has(key)) {
4237
+ patternToDepths.set(key, []);
4238
+ }
4239
+ patternToDepths.get(key).push(def.depth);
4240
+ }
4241
+ }
4242
+ for (const depths of patternToDepths.values()) {
4243
+ if (depths.length > 1) {
4244
+ return depths;
4245
+ }
4246
+ }
4247
+ return [];
4248
+ }
3430
4249
  /**
3431
4250
  * Checks if a sanitized line matches any of the defined BlockEnders regexes.
3432
4251
  */
@@ -3508,7 +4327,8 @@ var RuleExecutor = class {
3508
4327
  onTimeout: options.onTimeout ?? (() => {
3509
4328
  }),
3510
4329
  onRuleDisabled: options.onRuleDisabled ?? (() => {
3511
- })
4330
+ }),
4331
+ onError: options.onError
3512
4332
  };
3513
4333
  }
3514
4334
  /**
@@ -3535,6 +4355,7 @@ var RuleExecutor = class {
3535
4355
  } catch (error) {
3536
4356
  const elapsed = performance.now() - startTime;
3537
4357
  this.trackExecutionTime(rule.id, elapsed);
4358
+ this.options.onError?.(rule.id, node.id, error);
3538
4359
  return {
3539
4360
  passed: false,
3540
4361
  message: `Rule ${rule.id} failed to execute. Check rule implementation.`,
@@ -3963,9 +4784,9 @@ __export(helpers_exports, {
3963
4784
  });
3964
4785
 
3965
4786
  // ../core/src/helpers/common/validation.ts
3966
- var equalsIgnoreCase = (a, b) => a.toLowerCase() === b.toLowerCase();
3967
- var includesIgnoreCase = (haystack, needle) => haystack.toLowerCase().includes(needle.toLowerCase());
3968
- var startsWithIgnoreCase = (str, prefix) => str.toLowerCase().startsWith(prefix.toLowerCase());
4787
+ var equalsIgnoreCase = (a, b) => a != null && b != null && a.toLowerCase() === b.toLowerCase();
4788
+ var includesIgnoreCase = (haystack, needle) => haystack != null && needle != null && haystack.toLowerCase().includes(needle.toLowerCase());
4789
+ var startsWithIgnoreCase = (str, prefix) => str != null && prefix != null && str.toLowerCase().startsWith(prefix.toLowerCase());
3969
4790
  var parseInteger = (value) => {
3970
4791
  const num = parseInt(value, 10);
3971
4792
  return isNaN(num) ? null : num;
@@ -4085,18 +4906,21 @@ var maskToPrefix = (mask) => {
4085
4906
  return count;
4086
4907
  };
4087
4908
  var hasChildCommand = (node, prefix) => {
4909
+ if (!node?.children || !prefix) return false;
4088
4910
  return node.children.some(
4089
- (child) => child.id.toLowerCase().startsWith(prefix.toLowerCase())
4911
+ (child) => child?.id?.toLowerCase().startsWith(prefix.toLowerCase()) ?? false
4090
4912
  );
4091
4913
  };
4092
4914
  var getChildCommand = (node, prefix) => {
4915
+ if (!node?.children || !prefix) return void 0;
4093
4916
  return node.children.find(
4094
- (child) => child.id.toLowerCase().startsWith(prefix.toLowerCase())
4917
+ (child) => child?.id?.toLowerCase().startsWith(prefix.toLowerCase()) ?? false
4095
4918
  );
4096
4919
  };
4097
4920
  var getChildCommands = (node, prefix) => {
4921
+ if (!node?.children || !prefix) return [];
4098
4922
  return node.children.filter(
4099
- (child) => child.id.toLowerCase().startsWith(prefix.toLowerCase())
4923
+ (child) => child?.id?.toLowerCase().startsWith(prefix.toLowerCase()) ?? false
4100
4924
  );
4101
4925
  };
4102
4926
  var isValidIpAddress = (value) => {
@@ -4125,12 +4949,14 @@ var getParamValue = (node, keyword) => {
4125
4949
  return void 0;
4126
4950
  };
4127
4951
  var isShutdown = (node) => {
4952
+ if (!node?.children) return false;
4128
4953
  return node.children.some((child) => {
4129
- const id = child.id.toLowerCase().trim();
4954
+ const id = child?.id?.toLowerCase().trim();
4130
4955
  return id === "shutdown" || id === "disable";
4131
4956
  });
4132
4957
  };
4133
4958
  var isInterfaceDefinition = (node) => {
4959
+ if (!node?.id) return false;
4134
4960
  const id = node.id.toLowerCase();
4135
4961
  if (node.type !== "section") {
4136
4962
  return false;
@@ -4145,12 +4971,13 @@ var isInterfaceDefinition = (node) => {
4145
4971
  if (ifName === "all" || ifName === "default") {
4146
4972
  return false;
4147
4973
  }
4148
- if (node.children.length <= 1) {
4149
- const hasOnlySimpleChild = node.children.every((child) => {
4150
- const childId = child.id.toLowerCase();
4974
+ const childrenLength = node.children?.length ?? 0;
4975
+ if (childrenLength <= 1) {
4976
+ const hasOnlySimpleChild = (node.children ?? []).every((child) => {
4977
+ const childId = child?.id?.toLowerCase() ?? "";
4151
4978
  return childId === "passive" || childId.startsWith("interface-type") || childId.startsWith("metric") || childId.startsWith("hello-interval") || childId.startsWith("dead-interval") || childId.startsWith("priority") || childId.startsWith("authentication") || childId.startsWith("bfd-liveness");
4152
4979
  });
4153
- if (hasOnlySimpleChild && node.children.length > 0) {
4980
+ if (hasOnlySimpleChild && childrenLength > 0) {
4154
4981
  return false;
4155
4982
  }
4156
4983
  }
@@ -4260,22 +5087,25 @@ var hasPlaintextPassword = (node) => {
4260
5087
  return false;
4261
5088
  };
4262
5089
  var hasServicePasswordEncryption = (ast) => {
5090
+ if (!Array.isArray(ast)) return false;
4263
5091
  return ast.some(
4264
- (node) => equalsIgnoreCase(node.id, "service password-encryption")
5092
+ (node) => equalsIgnoreCase(node?.id ?? "", "service password-encryption")
4265
5093
  );
4266
5094
  };
4267
5095
  var hasSshVersion2 = (ast) => {
5096
+ if (!Array.isArray(ast)) return false;
4268
5097
  return ast.some(
4269
- (node) => /^ip\s+ssh\s+version\s+2/i.test(node.id)
5098
+ (node) => /^ip\s+ssh\s+version\s+2/i.test(node?.id ?? "")
4270
5099
  );
4271
5100
  };
4272
5101
  var getWeakSshCiphers = (ast) => {
5102
+ if (!Array.isArray(ast)) return [];
4273
5103
  const weakCiphers = ["3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "blowfish-cbc"];
4274
5104
  const found = [];
4275
5105
  for (const node of ast) {
4276
- if (/^ip\s+ssh\s+ciphers/i.test(node.id)) {
5106
+ if (/^ip\s+ssh\s+ciphers/i.test(node?.id ?? "")) {
4277
5107
  for (const cipher of weakCiphers) {
4278
- if (includesIgnoreCase(node.id, cipher)) {
5108
+ if (includesIgnoreCase(node?.id ?? "", cipher)) {
4279
5109
  found.push(cipher);
4280
5110
  }
4281
5111
  }
@@ -4284,35 +5114,38 @@ var getWeakSshCiphers = (ast) => {
4284
5114
  return found;
4285
5115
  };
4286
5116
  var isTelnetDisabled = (ast) => {
5117
+ if (!Array.isArray(ast)) return true;
4287
5118
  const noMgmtTelnet = ast.some(
4288
- (node) => /^no\s+management\s+telnet/i.test(node.id)
5119
+ (node) => node?.id && /^no\s+management\s+telnet/i.test(node.id)
4289
5120
  );
4290
5121
  if (noMgmtTelnet) return true;
4291
5122
  const mgmtTelnet = ast.find(
4292
- (node) => /^management\s+telnet/i.test(node.id)
5123
+ (node) => node?.id && /^management\s+telnet/i.test(node.id)
4293
5124
  );
4294
- if (mgmtTelnet) {
5125
+ if (mgmtTelnet?.children) {
4295
5126
  return mgmtTelnet.children.some(
4296
- (child) => equalsIgnoreCase(child.id, "shutdown")
5127
+ (child) => child?.id && equalsIgnoreCase(child.id, "shutdown")
4297
5128
  );
4298
5129
  }
4299
5130
  return true;
4300
5131
  };
4301
5132
  var isHttpServerDisabled = (ast) => {
5133
+ if (!Array.isArray(ast)) return true;
4302
5134
  const hasNoHttp = ast.some(
4303
- (node) => /^no\s+ip\s+http\s+server/i.test(node.id)
5135
+ (node) => /^no\s+ip\s+http\s+server/i.test(node?.id ?? "")
4304
5136
  );
4305
5137
  const hasHttp = ast.some(
4306
- (node) => /^ip\s+http\s+server/i.test(node.id) && !/^no\s+/i.test(node.id)
5138
+ (node) => /^ip\s+http\s+server/i.test(node?.id ?? "") && !/^no\s+/i.test(node?.id ?? "")
4307
5139
  );
4308
5140
  return hasNoHttp || !hasHttp;
4309
5141
  };
4310
5142
  var getInsecureSnmpCommunities = (ast) => {
5143
+ if (!Array.isArray(ast)) return [];
4311
5144
  const insecure = [];
4312
5145
  const defaultCommunities = ["public", "private", "community"];
4313
5146
  for (const node of ast) {
4314
- if (/^snmp-server\s+community\s+/i.test(node.id)) {
4315
- const match = node.id.match(/snmp-server\s+community\s+(\S+)/i);
5147
+ if (/^snmp-server\s+community\s+/i.test(node?.id ?? "")) {
5148
+ const match = node?.id?.match(/snmp-server\s+community\s+(\S+)/i);
4316
5149
  if (match?.[1]) {
4317
5150
  const community = match[1];
4318
5151
  if (defaultCommunities.some((dc) => equalsIgnoreCase(community, dc))) {
@@ -4326,40 +5159,47 @@ var getInsecureSnmpCommunities = (ast) => {
4326
5159
  return insecure;
4327
5160
  };
4328
5161
  var hasSnmpV3AuthPriv = (ast) => {
5162
+ if (!Array.isArray(ast)) return false;
4329
5163
  return ast.some(
4330
- (node) => /^snmp-server\s+group\s+\S+\s+v3\s+priv/i.test(node.id) || /^snmp-server\s+user\s+\S+\s+\S+\s+v3\s+auth\s+\S+\s+\S+\s+priv/i.test(node.id)
5164
+ (node) => /^snmp-server\s+group\s+\S+\s+v3\s+priv/i.test(node?.id ?? "") || /^snmp-server\s+user\s+\S+\s+\S+\s+v3\s+auth\s+\S+\s+\S+\s+priv/i.test(node?.id ?? "")
4331
5165
  );
4332
5166
  };
4333
5167
  var hasNtpAuthentication = (ast) => {
5168
+ if (!Array.isArray(ast)) return false;
4334
5169
  const hasAuthenticate = ast.some(
4335
- (node) => /^ntp\s+authenticate$/i.test(node.id)
5170
+ (node) => /^ntp\s+authenticate$/i.test(node?.id ?? "")
4336
5171
  );
4337
5172
  const hasTrustedKey = ast.some(
4338
- (node) => /^ntp\s+trusted-key\s+/i.test(node.id)
5173
+ (node) => /^ntp\s+trusted-key\s+/i.test(node?.id ?? "")
4339
5174
  );
4340
5175
  return hasAuthenticate && hasTrustedKey;
4341
5176
  };
4342
5177
  var hasAaaAuthenticationLogin = (ast) => {
5178
+ if (!Array.isArray(ast)) return false;
4343
5179
  return ast.some(
4344
- (node) => /^aaa\s+authentication\s+login\s+/i.test(node.id)
5180
+ (node) => /^aaa\s+authentication\s+login\s+/i.test(node?.id ?? "")
4345
5181
  );
4346
5182
  };
4347
5183
  var hasTacacsServer = (ast) => {
5184
+ if (!Array.isArray(ast)) return false;
4348
5185
  return ast.some(
4349
- (node) => /^tacacs-server\s+host\s+/i.test(node.id)
5186
+ (node) => /^tacacs-server\s+host\s+/i.test(node?.id ?? "")
4350
5187
  );
4351
5188
  };
4352
5189
  var hasAaaAccounting = (ast) => {
5190
+ if (!Array.isArray(ast)) return false;
4353
5191
  return ast.some(
4354
- (node) => /^aaa\s+accounting\s+/i.test(node.id)
5192
+ (node) => /^aaa\s+accounting\s+/i.test(node?.id ?? "")
4355
5193
  );
4356
5194
  };
4357
5195
  var hasManagementVrf = (ast) => {
5196
+ if (!Array.isArray(ast)) return false;
4358
5197
  return ast.some(
4359
- (node) => /^vrf\s+instance\s+MGMT/i.test(node.id) || /^vrf\s+instance\s+management/i.test(node.id)
5198
+ (node) => /^vrf\s+instance\s+MGMT/i.test(node?.id ?? "") || /^vrf\s+instance\s+management/i.test(node?.id ?? "")
4360
5199
  );
4361
5200
  };
4362
5201
  var getBannerInfoDisclosure = (ast) => {
5202
+ if (!Array.isArray(ast)) return [];
4363
5203
  const issues = [];
4364
5204
  const sensitivePatterns = [
4365
5205
  { pattern: /version\s+\d+/i, desc: "software version" },
@@ -4369,8 +5209,8 @@ var getBannerInfoDisclosure = (ast) => {
4369
5209
  { pattern: /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/, desc: "IP address" }
4370
5210
  ];
4371
5211
  for (const node of ast) {
4372
- if (/^banner\s+(login|motd)/i.test(node.id)) {
4373
- const bannerText = node.rawText || node.id;
5212
+ if (/^banner\s+(login|motd)/i.test(node?.id ?? "")) {
5213
+ const bannerText = node?.rawText ?? node?.id ?? "";
4374
5214
  for (const { pattern, desc } of sensitivePatterns) {
4375
5215
  if (pattern.test(bannerText)) {
4376
5216
  issues.push(`Banner contains ${desc}`);
@@ -4381,10 +5221,12 @@ var getBannerInfoDisclosure = (ast) => {
4381
5221
  return issues;
4382
5222
  };
4383
5223
  var getConsoleIdleTimeout = (ast) => {
5224
+ if (!Array.isArray(ast)) return void 0;
4384
5225
  for (const node of ast) {
4385
- if (/^management\s+console/i.test(node.id)) {
5226
+ if (node?.id && /^management\s+console/i.test(node.id)) {
5227
+ if (!node?.children) continue;
4386
5228
  for (const child of node.children) {
4387
- const match = child.id.match(/idle-timeout\s+(\d+)/i);
5229
+ const match = child?.id?.match(/idle-timeout\s+(\d+)/i);
4388
5230
  if (match?.[1]) {
4389
5231
  return parseInteger(match[1]) ?? void 0;
4390
5232
  }
@@ -4394,102 +5236,117 @@ var getConsoleIdleTimeout = (ast) => {
4394
5236
  return void 0;
4395
5237
  };
4396
5238
  var isZtpDisabled = (ast) => {
5239
+ if (!Array.isArray(ast)) return false;
4397
5240
  return ast.some(
4398
- (node) => /^no\s+zerotouch\s+enable/i.test(node.id) || equalsIgnoreCase(node.id, "zerotouch cancel")
5241
+ (node) => /^no\s+zerotouch\s+enable/i.test(node?.id ?? "") || equalsIgnoreCase(node?.id ?? "", "zerotouch cancel")
4399
5242
  );
4400
5243
  };
4401
5244
  var hasControlPlaneAcl = (ast) => {
5245
+ if (!Array.isArray(ast)) return false;
4402
5246
  return ast.some(
4403
- (node) => /^system\s+control-plane/i.test(node.id)
5247
+ (node) => /^system\s+control-plane/i.test(node?.id ?? "")
4404
5248
  );
4405
5249
  };
4406
5250
  var hasCoppPolicy = (ast) => {
5251
+ if (!Array.isArray(ast)) return false;
4407
5252
  return ast.some(
4408
- (node) => /^policy-map\s+type\s+copp/i.test(node.id)
5253
+ (node) => /^policy-map\s+type\s+copp/i.test(node?.id ?? "")
4409
5254
  );
4410
5255
  };
4411
5256
  var hasNoIpRedirects = (interfaceNode) => {
5257
+ if (!interfaceNode?.children) return false;
4412
5258
  return interfaceNode.children.some(
4413
- (child) => /^no\s+ip\s+redirects/i.test(child.id)
5259
+ (child) => child?.id && /^no\s+ip\s+redirects/i.test(child.id)
4414
5260
  );
4415
5261
  };
4416
5262
  var hasNoIpUnreachables = (interfaceNode) => {
5263
+ if (!interfaceNode?.children) return false;
4417
5264
  return interfaceNode.children.some(
4418
- (child) => /^no\s+ip\s+unreachables/i.test(child.id)
5265
+ (child) => child?.id && /^no\s+ip\s+unreachables/i.test(child.id)
4419
5266
  );
4420
5267
  };
4421
5268
  var hasRoutingProtocolAuth = (routerNode) => {
5269
+ if (!routerNode?.id || !routerNode?.children) return false;
4422
5270
  if (/^router\s+ospf/i.test(routerNode.id)) {
4423
5271
  return routerNode.children.some(
4424
- (child) => /authentication/i.test(child.id)
5272
+ (child) => child?.id && /authentication/i.test(child.id)
4425
5273
  );
4426
5274
  }
4427
5275
  if (/^router\s+isis/i.test(routerNode.id)) {
4428
5276
  return routerNode.children.some(
4429
- (child) => /authentication/i.test(child.id)
5277
+ (child) => child?.id && /authentication/i.test(child.id)
4430
5278
  );
4431
5279
  }
4432
5280
  return false;
4433
5281
  };
4434
5282
  var hasBfd = (ast) => {
5283
+ if (!Array.isArray(ast)) return false;
4435
5284
  return ast.some(
4436
- (node) => /^bfd\s+/i.test(node.id)
5285
+ (node) => /^bfd\s+/i.test(node?.id ?? "")
4437
5286
  );
4438
5287
  };
4439
5288
  var getStormControlStatus = (interfaceNode) => {
5289
+ if (!interfaceNode?.children) return { broadcast: false, multicast: false, unicast: false };
4440
5290
  return {
4441
5291
  broadcast: interfaceNode.children.some(
4442
- (child) => /^storm-control\s+broadcast/i.test(child.id)
5292
+ (child) => child?.id && /^storm-control\s+broadcast/i.test(child.id)
4443
5293
  ),
4444
5294
  multicast: interfaceNode.children.some(
4445
- (child) => /^storm-control\s+multicast/i.test(child.id)
5295
+ (child) => child?.id && /^storm-control\s+multicast/i.test(child.id)
4446
5296
  ),
4447
5297
  unicast: interfaceNode.children.some(
4448
- (child) => /^storm-control\s+unknown-unicast/i.test(child.id)
5298
+ (child) => child?.id && /^storm-control\s+unknown-unicast/i.test(child.id)
4449
5299
  )
4450
5300
  };
4451
5301
  };
4452
5302
  var hasDhcpSnooping = (ast) => {
5303
+ if (!Array.isArray(ast)) return false;
4453
5304
  return ast.some(
4454
- (node) => /^ip\s+dhcp\s+snooping$/i.test(node.id)
5305
+ (node) => /^ip\s+dhcp\s+snooping$/i.test(node?.id ?? "")
4455
5306
  );
4456
5307
  };
4457
5308
  var isDhcpSnoopingTrust = (interfaceNode) => {
5309
+ if (!interfaceNode?.children) return false;
4458
5310
  return interfaceNode.children.some(
4459
- (child) => /^ip\s+dhcp\s+snooping\s+trust/i.test(child.id)
5311
+ (child) => child?.id && /^ip\s+dhcp\s+snooping\s+trust/i.test(child.id)
4460
5312
  );
4461
5313
  };
4462
5314
  var hasDynamicArpInspection = (ast) => {
5315
+ if (!Array.isArray(ast)) return false;
4463
5316
  return ast.some(
4464
- (node) => /^ip\s+arp\s+inspection\s+vlan/i.test(node.id)
5317
+ (node) => /^ip\s+arp\s+inspection\s+vlan/i.test(node?.id ?? "")
4465
5318
  );
4466
5319
  };
4467
5320
  var isArpInspectionTrust = (interfaceNode) => {
5321
+ if (!interfaceNode?.children) return false;
4468
5322
  return interfaceNode.children.some(
4469
- (child) => /^ip\s+arp\s+inspection\s+trust/i.test(child.id)
5323
+ (child) => child?.id && /^ip\s+arp\s+inspection\s+trust/i.test(child.id)
4470
5324
  );
4471
5325
  };
4472
5326
  var hasIpSourceGuard = (interfaceNode) => {
5327
+ if (!interfaceNode?.children) return false;
4473
5328
  return interfaceNode.children.some(
4474
- (child) => /^ip\s+verify\s+source/i.test(child.id)
5329
+ (child) => child?.id && /^ip\s+verify\s+source/i.test(child.id)
4475
5330
  );
4476
5331
  };
4477
5332
  var hasPortSecurity = (interfaceNode) => {
5333
+ if (!interfaceNode?.children) return false;
4478
5334
  return interfaceNode.children.some(
4479
- (child) => /^switchport\s+port-security/i.test(child.id)
5335
+ (child) => child?.id && /^switchport\s+port-security/i.test(child.id)
4480
5336
  );
4481
5337
  };
4482
5338
  var getBgpNeighborsWithoutAuth = (routerBgpNode, neighborIp) => {
4483
5339
  const neighborsWithoutAuth = [];
5340
+ if (!routerBgpNode?.children) return neighborsWithoutAuth;
4484
5341
  const neighborConfigs = /* @__PURE__ */ new Map();
4485
5342
  for (const child of routerBgpNode.children) {
4486
- const neighborMatch = child.id.match(/^neighbor\s+(\S+)/i);
5343
+ const neighborMatch = child?.id?.match(/^neighbor\s+(\S+)/i);
4487
5344
  if (neighborMatch?.[1]) {
4488
5345
  const ip = neighborMatch[1];
4489
5346
  if (!neighborConfigs.has(ip)) {
4490
5347
  neighborConfigs.set(ip, { hasPassword: false });
4491
5348
  }
4492
- if (/password/i.test(child.id)) {
5349
+ if (child?.id && /password/i.test(child.id)) {
4493
5350
  const config = neighborConfigs.get(ip);
4494
5351
  if (config) {
4495
5352
  config.hasPassword = true;
@@ -4508,10 +5365,11 @@ var getBgpNeighborsWithoutAuth = (routerBgpNode, neighborIp) => {
4508
5365
  };
4509
5366
  var getBgpNeighborsWithoutTtlSecurity = (routerBgpNode) => {
4510
5367
  const neighborsWithoutTtl = [];
5368
+ if (!routerBgpNode?.children) return neighborsWithoutTtl;
4511
5369
  const neighborConfigs = /* @__PURE__ */ new Map();
4512
- const localAs = routerBgpNode.id.match(/router\s+bgp\s+(\d+)/i)?.[1];
5370
+ const localAs = routerBgpNode?.id?.match(/router\s+bgp\s+(\d+)/i)?.[1];
4513
5371
  for (const child of routerBgpNode.children) {
4514
- const neighborMatch = child.id.match(/^neighbor\s+(\S+)\s+remote-as\s+(\d+)/i);
5372
+ const neighborMatch = child?.id?.match(/^neighbor\s+(\S+)\s+remote-as\s+(\d+)/i);
4515
5373
  if (neighborMatch?.[1] && neighborMatch?.[2]) {
4516
5374
  const ip = neighborMatch[1];
4517
5375
  const remoteAs = neighborMatch[2];
@@ -4520,7 +5378,7 @@ var getBgpNeighborsWithoutTtlSecurity = (routerBgpNode) => {
4520
5378
  isEbgp: localAs !== remoteAs
4521
5379
  });
4522
5380
  }
4523
- const ttlMatch = child.id.match(/^neighbor\s+(\S+)\s+ttl\s+maximum-hops/i);
5381
+ const ttlMatch = child?.id?.match(/^neighbor\s+(\S+)\s+ttl\s+maximum-hops/i);
4524
5382
  if (ttlMatch?.[1]) {
4525
5383
  const config = neighborConfigs.get(ttlMatch[1]);
4526
5384
  if (config) {
@@ -4537,13 +5395,14 @@ var getBgpNeighborsWithoutTtlSecurity = (routerBgpNode) => {
4537
5395
  };
4538
5396
  var getBgpNeighborsWithoutMaxRoutes = (routerBgpNode) => {
4539
5397
  const neighborsWithoutMax = [];
5398
+ if (!routerBgpNode?.children) return neighborsWithoutMax;
4540
5399
  const neighborConfigs = /* @__PURE__ */ new Map();
4541
5400
  for (const child of routerBgpNode.children) {
4542
- const neighborMatch = child.id.match(/^neighbor\s+(\S+)\s+remote-as/i);
5401
+ const neighborMatch = child?.id?.match(/^neighbor\s+(\S+)\s+remote-as/i);
4543
5402
  if (neighborMatch?.[1]) {
4544
5403
  neighborConfigs.set(neighborMatch[1], false);
4545
5404
  }
4546
- const maxMatch = child.id.match(/^neighbor\s+(\S+)\s+maximum-routes/i);
5405
+ const maxMatch = child?.id?.match(/^neighbor\s+(\S+)\s+maximum-routes/i);
4547
5406
  if (maxMatch?.[1]) {
4548
5407
  neighborConfigs.set(maxMatch[1], true);
4549
5408
  }
@@ -4556,31 +5415,36 @@ var getBgpNeighborsWithoutMaxRoutes = (routerBgpNode) => {
4556
5415
  return neighborsWithoutMax;
4557
5416
  };
4558
5417
  var hasBgpGracefulRestart = (routerBgpNode) => {
5418
+ if (!routerBgpNode?.children) return false;
4559
5419
  return routerBgpNode.children.some(
4560
- (child) => /^bgp\s+graceful-restart/i.test(child.id)
5420
+ (child) => child?.id && /^bgp\s+graceful-restart/i.test(child.id)
4561
5421
  );
4562
5422
  };
4563
5423
  var hasBgpLogNeighborChanges = (routerBgpNode) => {
5424
+ if (!routerBgpNode?.children) return false;
4564
5425
  return routerBgpNode.children.some(
4565
- (child) => /^bgp\s+log-neighbor-changes/i.test(child.id)
5426
+ (child) => child?.id && /^bgp\s+log-neighbor-changes/i.test(child.id)
4566
5427
  );
4567
5428
  };
4568
5429
  var hasRpkiConfiguration = (routerBgpNode) => {
5430
+ if (!routerBgpNode?.children) return false;
4569
5431
  return routerBgpNode.children.some(
4570
- (child) => /^rpki\s+cache/i.test(child.id)
5432
+ (child) => child?.id && /^rpki\s+cache/i.test(child.id)
4571
5433
  );
4572
5434
  };
4573
5435
  var hasRpkiOriginValidation = (routerBgpNode) => {
5436
+ if (!routerBgpNode?.children) return false;
4574
5437
  return routerBgpNode.children.some(
4575
- (child) => /^rpki\s+origin-validation/i.test(child.id)
5438
+ (child) => child?.id && /^rpki\s+origin-validation/i.test(child.id)
4576
5439
  );
4577
5440
  };
4578
5441
  var getUrpfMode = (interfaceNode) => {
5442
+ if (!interfaceNode?.children) return { enabled: false };
4579
5443
  for (const child of interfaceNode.children) {
4580
- if (/^ip\s+verify\s+unicast\s+source\s+reachable-via\s+rx/i.test(child.id)) {
5444
+ if (child?.id && /^ip\s+verify\s+unicast\s+source\s+reachable-via\s+rx/i.test(child.id)) {
4581
5445
  return { enabled: true, mode: "strict" };
4582
5446
  }
4583
- if (/^ip\s+verify\s+unicast\s+source\s+reachable-via\s+any/i.test(child.id)) {
5447
+ if (child?.id && /^ip\s+verify\s+unicast\s+source\s+reachable-via\s+any/i.test(child.id)) {
4584
5448
  return { enabled: true, mode: "loose" };
4585
5449
  }
4586
5450
  }
@@ -4596,11 +5460,13 @@ var getMlagReloadDelays = (mlagNode) => {
4596
5460
  };
4597
5461
  };
4598
5462
  var hasEvpnPeerAuth = (routerBgpNode) => {
5463
+ if (!routerBgpNode?.children) return false;
4599
5464
  let evpnPeerGroup;
4600
5465
  for (const child of routerBgpNode.children) {
4601
- if (/^address-family\s+evpn/i.test(child.id)) {
5466
+ if (child?.id && /^address-family\s+evpn/i.test(child.id)) {
5467
+ if (!child?.children) continue;
4602
5468
  for (const subchild of child.children) {
4603
- const match = subchild.id.match(/neighbor\s+(\S+)\s+activate/i);
5469
+ const match = subchild?.id?.match(/neighbor\s+(\S+)\s+activate/i);
4604
5470
  if (match?.[1]) {
4605
5471
  evpnPeerGroup = match[1];
4606
5472
  }
@@ -4609,14 +5475,15 @@ var hasEvpnPeerAuth = (routerBgpNode) => {
4609
5475
  }
4610
5476
  if (!evpnPeerGroup) return false;
4611
5477
  return routerBgpNode.children.some(
4612
- (child) => includesIgnoreCase(child.id, `neighbor ${evpnPeerGroup}`) && includesIgnoreCase(child.id, "password")
5478
+ (child) => child?.id && includesIgnoreCase(child.id, `neighbor ${evpnPeerGroup}`) && includesIgnoreCase(child.id, "password")
4613
5479
  );
4614
5480
  };
4615
5481
  var hasLoggingLevel = (ast, minLevel) => {
5482
+ if (!Array.isArray(ast)) return false;
4616
5483
  const levels = ["emergencies", "alerts", "critical", "errors", "warnings", "notifications", "informational", "debugging"];
4617
5484
  const minIndex = levels.indexOf(minLevel.toLowerCase());
4618
5485
  for (const node of ast) {
4619
- const match = node.id.match(/^logging\s+(?:buffered|trap)\s+(\S+)/i);
5486
+ const match = (node?.id ?? "").match(/^logging\s+(?:buffered|trap)\s+(\S+)/i);
4620
5487
  if (match?.[1]) {
4621
5488
  const configuredIndex = levels.indexOf(match[1].toLowerCase());
4622
5489
  if (configuredIndex >= minIndex) {
@@ -4627,52 +5494,61 @@ var hasLoggingLevel = (ast, minLevel) => {
4627
5494
  return false;
4628
5495
  };
4629
5496
  var hasLoggingSourceInterface = (ast) => {
5497
+ if (!Array.isArray(ast)) return false;
4630
5498
  return ast.some(
4631
- (node) => /^logging\s+source-interface/i.test(node.id)
5499
+ (node) => /^logging\s+source-interface/i.test(node?.id ?? "")
4632
5500
  );
4633
5501
  };
4634
5502
  var hasEventMonitor = (ast) => {
5503
+ if (!Array.isArray(ast)) return false;
4635
5504
  return ast.some(
4636
- (node) => /^event-monitor$/i.test(node.id)
5505
+ (node) => /^event-monitor$/i.test(node?.id ?? "")
4637
5506
  );
4638
5507
  };
4639
5508
  var hasVrrpAuthentication = (interfaceNode) => {
5509
+ if (!interfaceNode?.children) return false;
4640
5510
  return interfaceNode.children.some(
4641
- (child) => /^vrrp\s+\d+\s+authentication/i.test(child.id)
5511
+ (child) => child?.id && /^vrrp\s+\d+\s+authentication/i.test(child.id)
4642
5512
  );
4643
5513
  };
4644
5514
  var hasVirtualRouterMac = (ast) => {
5515
+ if (!Array.isArray(ast)) return false;
4645
5516
  return ast.some(
4646
- (node) => /^ip\s+virtual-router\s+mac-address/i.test(node.id)
5517
+ (node) => /^ip\s+virtual-router\s+mac-address/i.test(node?.id ?? "")
4647
5518
  );
4648
5519
  };
4649
5520
  var isExternalInterface = (interfaceNode) => {
5521
+ if (!interfaceNode?.children) return false;
4650
5522
  const description = interfaceNode.children.find(
4651
- (child) => startsWithIgnoreCase(child.id, "description ")
5523
+ (child) => child?.id && startsWithIgnoreCase(child.id, "description ")
4652
5524
  );
4653
- if (description) {
5525
+ if (description?.id) {
4654
5526
  return includesIgnoreCase(description.id, "wan") || includesIgnoreCase(description.id, "internet") || includesIgnoreCase(description.id, "isp") || includesIgnoreCase(description.id, "external") || includesIgnoreCase(description.id, "uplink") || includesIgnoreCase(description.id, "peering");
4655
5527
  }
4656
5528
  return false;
4657
5529
  };
4658
5530
  var isAccessPort = (interfaceNode) => {
5531
+ if (!interfaceNode?.children) return false;
4659
5532
  return interfaceNode.children.some(
4660
- (child) => /^switchport\s+mode\s+access/i.test(child.id)
5533
+ (child) => child?.id && /^switchport\s+mode\s+access/i.test(child.id)
4661
5534
  );
4662
5535
  };
4663
5536
  var isTrunkPort = (interfaceNode) => {
5537
+ if (!interfaceNode?.children) return false;
4664
5538
  return interfaceNode.children.some(
4665
- (child) => /^switchport\s+mode\s+trunk/i.test(child.id)
5539
+ (child) => child?.id && /^switchport\s+mode\s+trunk/i.test(child.id)
4666
5540
  );
4667
5541
  };
4668
5542
  var hasMlagConfiguration = (ast) => {
5543
+ if (!Array.isArray(ast)) return false;
4669
5544
  return ast.some(
4670
- (node) => startsWithIgnoreCase(node.id, "mlag configuration")
5545
+ (node) => startsWithIgnoreCase(node?.id ?? "", "mlag configuration")
4671
5546
  );
4672
5547
  };
4673
5548
  var getMlagConfiguration = (ast) => {
5549
+ if (!Array.isArray(ast)) return void 0;
4674
5550
  return ast.find(
4675
- (node) => startsWithIgnoreCase(node.id, "mlag configuration")
5551
+ (node) => startsWithIgnoreCase(node?.id ?? "", "mlag configuration")
4676
5552
  );
4677
5553
  };
4678
5554
  var checkMlagRequirements = (mlagNode) => {
@@ -4684,21 +5560,24 @@ var checkMlagRequirements = (mlagNode) => {
4684
5560
  };
4685
5561
  };
4686
5562
  var hasManagementApi = (ast) => {
5563
+ if (!Array.isArray(ast)) return false;
4687
5564
  return ast.some(
4688
- (node) => startsWithIgnoreCase(node.id, "management api")
5565
+ (node) => startsWithIgnoreCase(node?.id ?? "", "management api")
4689
5566
  );
4690
5567
  };
4691
5568
  var getManagementApiNodes = (ast) => {
5569
+ if (!Array.isArray(ast)) return [];
4692
5570
  return ast.filter(
4693
- (node) => startsWithIgnoreCase(node.id, "management api")
5571
+ (node) => startsWithIgnoreCase(node?.id ?? "", "management api")
4694
5572
  );
4695
5573
  };
4696
5574
  var hasHttpsTransport = (apiNode) => {
5575
+ if (!apiNode?.children) return false;
4697
5576
  const hasProtocolHttps = apiNode.children.some(
4698
- (child) => includesIgnoreCase(child.id, "protocol https")
5577
+ (child) => child?.id && includesIgnoreCase(child.id, "protocol https")
4699
5578
  );
4700
5579
  const hasTransportHttps = apiNode.children.some(
4701
- (child) => includesIgnoreCase(child.id, "transport https")
5580
+ (child) => child?.id && includesIgnoreCase(child.id, "transport https")
4702
5581
  );
4703
5582
  return hasProtocolHttps || hasTransportHttps;
4704
5583
  };
@@ -4717,8 +5596,9 @@ var isMlagPeerLink = (node, mlagNode) => {
4717
5596
  };
4718
5597
  var getVxlanVniMappings = (vxlanNode) => {
4719
5598
  const mappings = [];
5599
+ if (!vxlanNode?.children) return mappings;
4720
5600
  for (const child of vxlanNode.children) {
4721
- const vniMatch = child.id.match(/vxlan\s+vni\s+(\d+)\s+vlan\s+(\d+)/i);
5601
+ const vniMatch = child?.id?.match(/vxlan\s+vni\s+(\d+)\s+vlan\s+(\d+)/i);
4722
5602
  if (vniMatch) {
4723
5603
  const vni = vniMatch[1];
4724
5604
  if (!vni) {
@@ -4728,7 +5608,7 @@ var getVxlanVniMappings = (vxlanNode) => {
4728
5608
  mappings.push({ vni, vlan });
4729
5609
  continue;
4730
5610
  }
4731
- const simpleMatch = child.id.match(/vxlan\s+vni\s+(\d+)/i);
5611
+ const simpleMatch = child?.id?.match(/vxlan\s+vni\s+(\d+)/i);
4732
5612
  if (simpleMatch) {
4733
5613
  const vni = simpleMatch[1];
4734
5614
  if (!vni) {
@@ -4743,8 +5623,9 @@ var hasVxlanSourceInterface = (vxlanNode) => {
4743
5623
  return hasChildCommand(vxlanNode, "vxlan source-interface");
4744
5624
  };
4745
5625
  var getMlagId = (interfaceNode) => {
5626
+ if (!interfaceNode?.children) return void 0;
4746
5627
  const mlagCmd = interfaceNode.children.find(
4747
- (child) => /^mlag\s+\d+/i.test(child.id)
5628
+ (child) => child?.id && /^mlag\s+\d+/i.test(child.id)
4748
5629
  );
4749
5630
  if (!mlagCmd) return void 0;
4750
5631
  const match = mlagCmd.id.match(/mlag\s+(\d+)/i);
@@ -4766,91 +5647,106 @@ var isEthernetInterface = (node) => {
4766
5647
  return /^interface\s+Ethernet\d+/i.test(node.id);
4767
5648
  };
4768
5649
  var hasDaemon = (ast, daemonName) => {
5650
+ if (!Array.isArray(ast)) return false;
4769
5651
  if (daemonName) {
4770
5652
  return ast.some(
4771
- (node) => equalsIgnoreCase(node.id, `daemon ${daemonName}`)
5653
+ (node) => equalsIgnoreCase(node?.id ?? "", `daemon ${daemonName}`)
4772
5654
  );
4773
5655
  }
4774
- return ast.some((node) => startsWithIgnoreCase(node.id, "daemon "));
5656
+ return ast.some((node) => startsWithIgnoreCase(node?.id ?? "", "daemon "));
4775
5657
  };
4776
5658
  var hasEventHandler = (ast) => {
4777
- return ast.some((node) => startsWithIgnoreCase(node.id, "event-handler "));
5659
+ if (!Array.isArray(ast)) return false;
5660
+ return ast.some((node) => startsWithIgnoreCase(node?.id ?? "", "event-handler "));
4778
5661
  };
4779
5662
  var getVrfInstances = (ast) => {
5663
+ if (!Array.isArray(ast)) return [];
4780
5664
  return ast.filter(
4781
- (node) => /^vrf\s+instance\s+\S+/i.test(node.id)
5665
+ (node) => /^vrf\s+instance\s+\S+/i.test(node?.id ?? "")
4782
5666
  );
4783
5667
  };
4784
5668
  var getInterfaceVrf = (interfaceNode) => {
5669
+ if (!interfaceNode?.children) return void 0;
4785
5670
  const vrfCmd = interfaceNode.children.find(
4786
- (child) => /^vrf\s+\S+/i.test(child.id)
5671
+ (child) => child?.id && /^vrf\s+\S+/i.test(child.id)
4787
5672
  );
4788
5673
  if (!vrfCmd) return void 0;
4789
5674
  const match = vrfCmd.id.match(/vrf\s+(\S+)/i);
4790
5675
  return match ? match[1] : void 0;
4791
5676
  };
4792
5677
  var hasEvpnAddressFamily = (routerBgpNode) => {
5678
+ if (!routerBgpNode?.children) return false;
4793
5679
  return routerBgpNode.children.some(
4794
- (child) => /^address-family\s+evpn/i.test(child.id)
5680
+ (child) => child?.id && /^address-family\s+evpn/i.test(child.id)
4795
5681
  );
4796
5682
  };
4797
5683
  var hasVirtualRouterAddress = (interfaceNode) => {
5684
+ if (!interfaceNode?.children) return false;
4798
5685
  return interfaceNode.children.some(
4799
- (child) => /^ip\s+virtual-router\s+address/i.test(child.id)
5686
+ (child) => child?.id && /^ip\s+virtual-router\s+address/i.test(child.id)
4800
5687
  );
4801
5688
  };
4802
5689
  var hasIpAddress = (interfaceNode) => {
5690
+ if (!interfaceNode?.children) return false;
4803
5691
  return interfaceNode.children.some(
4804
- (child) => /^ip\s+address\s+\d+\.\d+\.\d+\.\d+/i.test(child.id)
5692
+ (child) => child?.id && /^ip\s+address\s+\d+\.\d+\.\d+\.\d+/i.test(child.id)
4805
5693
  );
4806
5694
  };
4807
5695
  var isShutdown2 = (interfaceNode) => {
5696
+ if (!interfaceNode?.children) return false;
4808
5697
  const hasShutdown = interfaceNode.children.some(
4809
- (child) => equalsIgnoreCase(child.id, "shutdown")
5698
+ (child) => child?.id && equalsIgnoreCase(child.id, "shutdown")
4810
5699
  );
4811
5700
  const hasNoShutdown = interfaceNode.children.some(
4812
- (child) => equalsIgnoreCase(child.id, "no shutdown")
5701
+ (child) => child?.id && equalsIgnoreCase(child.id, "no shutdown")
4813
5702
  );
4814
5703
  return hasShutdown && !hasNoShutdown;
4815
5704
  };
4816
5705
  var getInterfaceDescription = (interfaceNode) => {
5706
+ if (!interfaceNode?.children) return void 0;
4817
5707
  const descCmd = interfaceNode.children.find(
4818
- (child) => startsWithIgnoreCase(child.id, "description ")
5708
+ (child) => child?.id && startsWithIgnoreCase(child.id, "description ")
4819
5709
  );
4820
5710
  if (!descCmd) return void 0;
4821
5711
  return descCmd.id.replace(/^description\s+/i, "").trim();
4822
5712
  };
4823
5713
  var hasNtpServer = (ast) => {
5714
+ if (!Array.isArray(ast)) return false;
4824
5715
  return ast.some(
4825
- (node) => /^ntp\s+server\s+/i.test(node.id)
5716
+ (node) => /^ntp\s+server\s+/i.test(node?.id ?? "")
4826
5717
  );
4827
5718
  };
4828
5719
  var hasLoggingHost = (ast) => {
5720
+ if (!Array.isArray(ast)) return false;
4829
5721
  return ast.some(
4830
- (node) => /^logging\s+host\s+/i.test(node.id)
5722
+ (node) => /^logging\s+host\s+/i.test(node?.id ?? "")
4831
5723
  );
4832
5724
  };
4833
5725
  var hasSnmpServer = (ast) => {
5726
+ if (!Array.isArray(ast)) return false;
4834
5727
  return ast.some(
4835
- (node) => /^snmp-server\s+/i.test(node.id)
5728
+ (node) => /^snmp-server\s+/i.test(node?.id ?? "")
4836
5729
  );
4837
5730
  };
4838
5731
  var hasAaa = (ast) => {
5732
+ if (!Array.isArray(ast)) return false;
4839
5733
  return ast.some(
4840
- (node) => /^aaa\s+/i.test(node.id)
5734
+ (node) => /^aaa\s+/i.test(node?.id ?? "")
4841
5735
  );
4842
5736
  };
4843
5737
  var hasSpanningTree = (ast) => {
5738
+ if (!Array.isArray(ast)) return false;
4844
5739
  return ast.some(
4845
- (node) => /^spanning-tree\s+/i.test(node.id)
5740
+ (node) => /^spanning-tree\s+/i.test(node?.id ?? "")
4846
5741
  );
4847
5742
  };
4848
5743
  var getSpanningTreeMode = (ast) => {
5744
+ if (!Array.isArray(ast)) return void 0;
4849
5745
  const stpNode = ast.find(
4850
- (node) => /^spanning-tree\s+mode\s+/i.test(node.id)
5746
+ (node) => /^spanning-tree\s+mode\s+/i.test(node?.id ?? "")
4851
5747
  );
4852
5748
  if (!stpNode) return void 0;
4853
- const match = stpNode.id.match(/spanning-tree\s+mode\s+(\S+)/i);
5749
+ const match = stpNode?.id?.match(/spanning-tree\s+mode\s+(\S+)/i);
4854
5750
  return match ? match[1] : void 0;
4855
5751
  };
4856
5752
 
@@ -4916,6 +5812,7 @@ __export(aruba_exports, {
4916
5812
 
4917
5813
  // ../core/src/helpers/aruba/helpers.ts
4918
5814
  var getInterfaceName = (node) => {
5815
+ if (!node?.id) return void 0;
4919
5816
  const match = node.id.match(/interface\s+(.+)/i);
4920
5817
  const ifName = match?.[1]?.trim();
4921
5818
  return ifName && ifName.length > 0 ? ifName : void 0;
@@ -5079,10 +5976,12 @@ var getAosSwitchVlanName = (node) => {
5079
5976
  return name?.trim();
5080
5977
  };
5081
5978
  var hasManagerPassword = (nodes) => {
5082
- return nodes.some((n) => n.id.toLowerCase().startsWith("password manager"));
5979
+ if (!nodes) return false;
5980
+ return nodes.some((n) => n?.id?.toLowerCase().startsWith("password manager") ?? false);
5083
5981
  };
5084
5982
  var hasOperatorPassword = (nodes) => {
5085
- return nodes.some((n) => n.id.toLowerCase().startsWith("password operator"));
5983
+ if (!nodes) return false;
5984
+ return nodes.some((n) => n?.id?.toLowerCase().startsWith("password operator") ?? false);
5086
5985
  };
5087
5986
  var getWlanEncryption = (node) => {
5088
5987
  const cmd = getChildCommand(node, "opmode");
@@ -5122,9 +6021,10 @@ var getVapSsidProfile = (node) => {
5122
6021
  return profile?.trim();
5123
6022
  };
5124
6023
  var getApGroupVirtualAps = (node) => {
6024
+ if (!node?.children) return [];
5125
6025
  const vaps = [];
5126
6026
  for (const child of node.children) {
5127
- const match = child.id.match(/virtual-ap\s+["']?([^"'\n]+)["']?/i);
6027
+ const match = child?.id?.match(/virtual-ap\s+["']?([^"'\n]+)["']?/i);
5128
6028
  const vapName = match?.[1];
5129
6029
  if (vapName) {
5130
6030
  vaps.push(vapName);
@@ -5188,12 +6088,14 @@ var hasWhitelistDb = (node) => {
5188
6088
  return hasChildCommand(node, "whitelist-db enable");
5189
6089
  };
5190
6090
  var findStanza = (node, stanzaName) => {
6091
+ if (!node?.children) return void 0;
5191
6092
  return node.children.find(
5192
- (child) => child.id.toLowerCase() === stanzaName.toLowerCase()
6093
+ (child) => child?.id?.toLowerCase() === stanzaName.toLowerCase()
5193
6094
  );
5194
6095
  };
5195
6096
  var findStanzas = (node, pattern) => {
5196
- return node.children.filter((child) => pattern.test(child.id.toLowerCase()));
6097
+ if (!node?.children) return [];
6098
+ return node.children.filter((child) => child?.id && pattern.test(child.id.toLowerCase()));
5197
6099
  };
5198
6100
  var hasDescription = (node) => {
5199
6101
  return hasChildCommand(node, "description");
@@ -5258,8 +6160,9 @@ __export(cisco_exports, {
5258
6160
 
5259
6161
  // ../core/src/helpers/cisco/helpers.ts
5260
6162
  var isShutdown3 = (node) => {
6163
+ if (!node?.children) return false;
5261
6164
  return node.children.some((child) => {
5262
- return equalsIgnoreCase(child.id.trim(), "shutdown");
6165
+ return child?.id && equalsIgnoreCase(child.id.trim(), "shutdown");
5263
6166
  });
5264
6167
  };
5265
6168
  var isPhysicalPort = (interfaceName) => {
@@ -5401,18 +6304,21 @@ var hasEigrpAuthentication = (node) => {
5401
6304
  return hasChildCommand(node, "ip authentication mode eigrp") && hasChildCommand(node, "ip authentication key-chain eigrp");
5402
6305
  };
5403
6306
  var hasBgpNeighborPassword = (neighborCommands) => {
6307
+ if (!neighborCommands || !Array.isArray(neighborCommands)) return false;
5404
6308
  return neighborCommands.some(
5405
- (cmd) => includesIgnoreCase(cmd.id, "password")
6309
+ (cmd) => cmd?.id && includesIgnoreCase(cmd.id, "password")
5406
6310
  );
5407
6311
  };
5408
6312
  var hasBgpTtlSecurity = (neighborCommands) => {
6313
+ if (!neighborCommands || !Array.isArray(neighborCommands)) return false;
5409
6314
  return neighborCommands.some(
5410
- (cmd) => includesIgnoreCase(cmd.id, "ttl-security")
6315
+ (cmd) => cmd?.id && includesIgnoreCase(cmd.id, "ttl-security")
5411
6316
  );
5412
6317
  };
5413
6318
  var hasBgpMaxPrefix = (neighborCommands) => {
6319
+ if (!neighborCommands || !Array.isArray(neighborCommands)) return false;
5414
6320
  return neighborCommands.some(
5415
- (cmd) => includesIgnoreCase(cmd.id, "maximum-prefix")
6321
+ (cmd) => cmd?.id && includesIgnoreCase(cmd.id, "maximum-prefix")
5416
6322
  );
5417
6323
  };
5418
6324
  var hasBgpLogNeighborChanges2 = (node) => {
@@ -5420,9 +6326,10 @@ var hasBgpLogNeighborChanges2 = (node) => {
5420
6326
  };
5421
6327
  var getBgpNeighbors = (node) => {
5422
6328
  const neighbors = /* @__PURE__ */ new Map();
6329
+ if (!node?.children) return neighbors;
5423
6330
  for (const child of node.children) {
5424
- if (startsWithIgnoreCase(child.id, "neighbor")) {
5425
- const neighborIp = child.params[1];
6331
+ if (child?.id && startsWithIgnoreCase(child.id, "neighbor")) {
6332
+ const neighborIp = child.params?.[1];
5426
6333
  if (neighborIp) {
5427
6334
  const existing = neighbors.get(neighborIp) || [];
5428
6335
  existing.push(child);
@@ -5433,13 +6340,15 @@ var getBgpNeighbors = (node) => {
5433
6340
  return neighbors;
5434
6341
  };
5435
6342
  var hasHsrpMd5Auth = (node) => {
6343
+ if (!node?.children) return false;
5436
6344
  return node.children.some((child) => {
5437
- return startsWithIgnoreCase(child.id, "standby") && includesIgnoreCase(child.id, "authentication md5");
6345
+ return child?.id && startsWithIgnoreCase(child.id, "standby") && includesIgnoreCase(child.id, "authentication md5");
5438
6346
  });
5439
6347
  };
5440
6348
  var hasVrrpAuthentication2 = (node) => {
6349
+ if (!node?.children) return false;
5441
6350
  return node.children.some((child) => {
5442
- return startsWithIgnoreCase(child.id, "vrrp") && includesIgnoreCase(child.id, "authentication");
6351
+ return child?.id && startsWithIgnoreCase(child.id, "vrrp") && includesIgnoreCase(child.id, "authentication");
5443
6352
  });
5444
6353
  };
5445
6354
  var hasUrpf = (node) => {
@@ -5857,26 +6766,30 @@ var hasVxlanId = (node) => {
5857
6766
  );
5858
6767
  };
5859
6768
  var hasBgpNeighborPassword2 = (node, neighborAddr) => {
6769
+ if (!node?.children || !neighborAddr) return false;
5860
6770
  return node.children.some((child) => {
5861
- const id = child.id.toLowerCase();
5862
- return id.startsWith(`neighbor ${neighborAddr.toLowerCase()} password`);
6771
+ const id = child?.id?.toLowerCase();
6772
+ return id?.startsWith(`neighbor ${neighborAddr.toLowerCase()} password`) ?? false;
5863
6773
  });
5864
6774
  };
5865
6775
  var hasBgpPeerGroupPassword = (node, peerGroup) => {
6776
+ if (!node?.children || !peerGroup) return false;
5866
6777
  return node.children.some((child) => {
5867
- const id = child.id.toLowerCase();
5868
- return id.startsWith(`neighbor ${peerGroup.toLowerCase()} password`);
6778
+ const id = child?.id?.toLowerCase();
6779
+ return id?.startsWith(`neighbor ${peerGroup.toLowerCase()} password`) ?? false;
5869
6780
  });
5870
6781
  };
5871
6782
  var hasBgpMaximumPrefix = (node, neighborAddr) => {
6783
+ if (!node?.children || !neighborAddr) return false;
5872
6784
  return node.children.some((child) => {
5873
- const id = child.id.toLowerCase();
5874
- return id.includes(`neighbor ${neighborAddr.toLowerCase()}`) && id.includes("maximum-prefix");
6785
+ const id = child?.id?.toLowerCase();
6786
+ return id?.includes(`neighbor ${neighborAddr.toLowerCase()}`) && id?.includes("maximum-prefix");
5875
6787
  });
5876
6788
  };
5877
6789
  var hasBgpBfd = (node) => {
6790
+ if (!node?.children) return false;
5878
6791
  return node.children.some(
5879
- (child) => child.id.toLowerCase().includes(" bfd")
6792
+ (child) => child?.id?.toLowerCase().includes(" bfd") ?? false
5880
6793
  );
5881
6794
  };
5882
6795
  var hasBgpMultipath = (node) => {
@@ -6100,11 +7013,12 @@ var getVossMltId = (node) => {
6100
7013
  return mltId ? parseInt(mltId, 10) : void 0;
6101
7014
  };
6102
7015
  var isVossShutdown = (node) => {
7016
+ if (!node?.children) return false;
6103
7017
  const hasShutdown = node.children.some(
6104
- (child) => child.id.toLowerCase() === "shutdown"
7018
+ (child) => child?.id?.toLowerCase() === "shutdown"
6105
7019
  );
6106
7020
  const hasNoShutdown = node.children.some(
6107
- (child) => child.id.toLowerCase() === "no shutdown"
7021
+ (child) => child?.id?.toLowerCase() === "no shutdown"
6108
7022
  );
6109
7023
  return hasShutdown && !hasNoShutdown;
6110
7024
  };
@@ -6136,8 +7050,9 @@ var hasVossSsh = (ast) => {
6136
7050
  );
6137
7051
  };
6138
7052
  var hasVossLacp = (node) => {
7053
+ if (!node?.children) return false;
6139
7054
  return node.children.some(
6140
- (child) => /^lacp\s+(enable|key)/i.test(child.id)
7055
+ (child) => child?.id && /^lacp\s+(enable|key)/i.test(child.id)
6141
7056
  );
6142
7057
  };
6143
7058
  var hasVossDvr = (ast) => {
@@ -6151,10 +7066,11 @@ var hasVossCfm = (ast) => {
6151
7066
  );
6152
7067
  };
6153
7068
  var getVossDefaultVlan = (node) => {
7069
+ if (!node?.children) return void 0;
6154
7070
  const defaultVlan = node.children.find(
6155
- (child) => /^default-vlan-id\s+\d+/i.test(child.id)
7071
+ (child) => child?.id && /^default-vlan-id\s+\d+/i.test(child.id)
6156
7072
  );
6157
- if (!defaultVlan) return void 0;
7073
+ if (!defaultVlan?.id) return void 0;
6158
7074
  const match = defaultVlan.id.match(/default-vlan-id\s+(\d+)/i);
6159
7075
  const vlanId = match?.[1];
6160
7076
  return vlanId ? parseInt(vlanId, 10) : void 0;
@@ -6229,19 +7145,24 @@ __export(fortinet_exports, {
6229
7145
 
6230
7146
  // ../core/src/helpers/fortinet/helpers.ts
6231
7147
  var findConfigSection = (node, sectionName) => {
7148
+ if (!node?.children) return void 0;
6232
7149
  const normalizedName = sectionName.toLowerCase();
6233
7150
  return node.children.find((child) => {
6234
- const childId = child.id.toLowerCase();
7151
+ const childId = child?.id?.toLowerCase();
7152
+ if (!childId) return false;
6235
7153
  return childId === `config ${normalizedName}` || childId === normalizedName || childId.startsWith(`config ${normalizedName} `) || childId.startsWith(`${normalizedName} `);
6236
7154
  });
6237
7155
  };
6238
7156
  var findConfigSections = (node, pattern) => {
6239
- return node.children.filter((child) => pattern.test(child.id.toLowerCase()));
7157
+ if (!node?.children) return [];
7158
+ return node.children.filter((child) => child?.id && pattern.test(child.id.toLowerCase()));
6240
7159
  };
6241
7160
  var findEditEntry = (configSection, entryName) => {
7161
+ if (!configSection?.children) return void 0;
6242
7162
  const normalizedName = entryName.toLowerCase().replace(/^["']|["']$/g, "");
6243
7163
  return configSection.children.find((child) => {
6244
- const childId = child.id.toLowerCase();
7164
+ const childId = child?.id?.toLowerCase();
7165
+ if (!childId) return false;
6245
7166
  const editMatch = childId.match(/^edit\s+["']?([^"']+)["']?$/i);
6246
7167
  const editName = editMatch?.[1];
6247
7168
  if (editName) {
@@ -6251,8 +7172,9 @@ var findEditEntry = (configSection, entryName) => {
6251
7172
  });
6252
7173
  };
6253
7174
  var getEditEntries = (configSection) => {
7175
+ if (!configSection?.children) return [];
6254
7176
  return configSection.children.filter(
6255
- (child) => child.id.toLowerCase().startsWith("edit ")
7177
+ (child) => child?.id?.toLowerCase().startsWith("edit ")
6256
7178
  );
6257
7179
  };
6258
7180
  var getEditEntryName = (editEntry) => {
@@ -6261,9 +7183,11 @@ var getEditEntryName = (editEntry) => {
6261
7183
  return entryName ?? editEntry.id;
6262
7184
  };
6263
7185
  var getSetValue = (node, paramName) => {
7186
+ if (!node?.children) return void 0;
6264
7187
  const normalizedParam = paramName.toLowerCase();
6265
7188
  for (const child of node.children) {
6266
- const childId = child.id.toLowerCase();
7189
+ const childId = child?.id?.toLowerCase();
7190
+ if (!childId) continue;
6267
7191
  const match = childId.match(new RegExp(`^set\\s+${normalizedParam}\\s+(.+)$`, "i"));
6268
7192
  const value = match?.[1];
6269
7193
  if (value) {
@@ -6276,10 +7200,12 @@ var hasSetValue = (node, paramName) => {
6276
7200
  return getSetValue(node, paramName) !== void 0;
6277
7201
  };
6278
7202
  var getSetValues = (node, paramName) => {
7203
+ if (!node?.children) return [];
6279
7204
  const normalizedParam = paramName.toLowerCase();
6280
7205
  const values = [];
6281
7206
  for (const child of node.children) {
6282
- const childId = child.id.toLowerCase();
7207
+ const childId = child?.id?.toLowerCase();
7208
+ if (!childId) continue;
6283
7209
  const match = childId.match(new RegExp(`^set\\s+${normalizedParam}\\s+(.+)$`, "i"));
6284
7210
  const matchValue = match?.[1];
6285
7211
  if (matchValue) {
@@ -6698,19 +7624,21 @@ __export(huawei_exports, {
6698
7624
 
6699
7625
  // ../core/src/helpers/huawei/helpers.ts
6700
7626
  var isShutdown4 = (node) => {
7627
+ if (!node?.children) return true;
6701
7628
  const hasShutdown = node.children.some((child) => {
6702
- const id = child.id.toLowerCase().trim();
7629
+ const id = child?.id?.toLowerCase().trim();
6703
7630
  return id === "shutdown";
6704
7631
  });
6705
7632
  const hasUndoShutdown = node.children.some((child) => {
6706
- const rawText = child.rawText?.toLowerCase().trim();
7633
+ const rawText = child?.rawText?.toLowerCase().trim();
6707
7634
  return rawText === "undo shutdown";
6708
7635
  });
6709
7636
  return hasShutdown || !hasUndoShutdown;
6710
7637
  };
6711
7638
  var isEnabled = (node) => {
7639
+ if (!node?.children) return false;
6712
7640
  return node.children.some((child) => {
6713
- const rawText = child.rawText?.toLowerCase().trim();
7641
+ const rawText = child?.rawText?.toLowerCase().trim();
6714
7642
  return rawText === "undo shutdown";
6715
7643
  });
6716
7644
  };
@@ -6728,26 +7656,30 @@ var isEthTrunk = (interfaceName) => {
6728
7656
  return interfaceName.toLowerCase().includes("eth-trunk");
6729
7657
  };
6730
7658
  var isTrunkPort3 = (node) => {
7659
+ if (!node?.children) return false;
6731
7660
  return node.children.some((child) => {
6732
- const rawText = child.rawText?.toLowerCase().trim();
7661
+ const rawText = child?.rawText?.toLowerCase().trim();
6733
7662
  return rawText?.includes("port link-type trunk") ?? false;
6734
7663
  });
6735
7664
  };
6736
7665
  var isAccessPort3 = (node) => {
7666
+ if (!node?.children) return false;
6737
7667
  return node.children.some((child) => {
6738
- const rawText = child.rawText?.toLowerCase().trim();
7668
+ const rawText = child?.rawText?.toLowerCase().trim();
6739
7669
  return rawText?.includes("port link-type access") ?? false;
6740
7670
  });
6741
7671
  };
6742
7672
  var isHybridPort = (node) => {
7673
+ if (!node?.children) return false;
6743
7674
  return node.children.some((child) => {
6744
- const rawText = child.rawText?.toLowerCase().trim();
7675
+ const rawText = child?.rawText?.toLowerCase().trim();
6745
7676
  return rawText?.includes("port link-type hybrid") ?? false;
6746
7677
  });
6747
7678
  };
6748
7679
  var getDefaultVlan = (node) => {
7680
+ if (!node?.children) return void 0;
6749
7681
  const vlanCmd = node.children.find((child) => {
6750
- const rawText = child.rawText?.toLowerCase().trim();
7682
+ const rawText = child?.rawText?.toLowerCase().trim();
6751
7683
  return rawText?.startsWith("port default vlan") ?? false;
6752
7684
  });
6753
7685
  if (vlanCmd?.rawText) {
@@ -6760,8 +7692,9 @@ var getDefaultVlan = (node) => {
6760
7692
  return void 0;
6761
7693
  };
6762
7694
  var getTrunkAllowedVlans = (node) => {
7695
+ if (!node?.children) return void 0;
6763
7696
  const vlanCmd = node.children.find((child) => {
6764
- const rawText = child.rawText?.toLowerCase().trim();
7697
+ const rawText = child?.rawText?.toLowerCase().trim();
6765
7698
  return rawText?.startsWith("port trunk allow-pass vlan") ?? false;
6766
7699
  });
6767
7700
  if (vlanCmd?.rawText) {
@@ -6788,20 +7721,23 @@ var getDescription2 = (node) => {
6788
7721
  return void 0;
6789
7722
  };
6790
7723
  var hasStpEdgedPort = (node) => {
7724
+ if (!node?.children) return false;
6791
7725
  return node.children.some((child) => {
6792
- const rawText = child.rawText?.toLowerCase().trim();
7726
+ const rawText = child?.rawText?.toLowerCase().trim();
6793
7727
  return rawText?.includes("stp edged-port enable") ?? false;
6794
7728
  });
6795
7729
  };
6796
7730
  var hasPortSecurity2 = (node) => {
7731
+ if (!node?.children) return false;
6797
7732
  return node.children.some((child) => {
6798
- const rawText = child.rawText?.toLowerCase().trim();
7733
+ const rawText = child?.rawText?.toLowerCase().trim();
6799
7734
  return rawText?.includes("port-security enable") ?? false;
6800
7735
  });
6801
7736
  };
6802
7737
  var hasBpduProtection = (node) => {
7738
+ if (!node?.children) return false;
6803
7739
  return node.children.some((child) => {
6804
- const rawText = child.rawText?.toLowerCase().trim();
7740
+ const rawText = child?.rawText?.toLowerCase().trim();
6805
7741
  if (!rawText) {
6806
7742
  return false;
6807
7743
  }
@@ -6809,8 +7745,9 @@ var hasBpduProtection = (node) => {
6809
7745
  });
6810
7746
  };
6811
7747
  var getCommandValue = (node, command) => {
7748
+ if (!node?.children) return void 0;
6812
7749
  const cmd = node.children.find((child) => {
6813
- const text = child.rawText?.toLowerCase().trim();
7750
+ const text = child?.rawText?.toLowerCase().trim();
6814
7751
  return text?.startsWith(command.toLowerCase()) ?? false;
6815
7752
  });
6816
7753
  if (cmd?.rawText) {
@@ -6820,18 +7757,21 @@ var getCommandValue = (node, command) => {
6820
7757
  return void 0;
6821
7758
  };
6822
7759
  var isSshEnabled = (node) => {
7760
+ if (!node?.id || !node?.children) return false;
6823
7761
  if (node.id.toLowerCase().includes("user-interface")) {
6824
7762
  return node.children.some((child) => {
6825
- const rawText = child.rawText?.toLowerCase().trim();
7763
+ const rawText = child?.rawText?.toLowerCase().trim();
6826
7764
  return rawText?.includes("protocol inbound ssh") || rawText === "protocol inbound all";
6827
7765
  });
6828
7766
  }
6829
7767
  return false;
6830
7768
  };
6831
7769
  var isTelnetEnabled = (node) => {
7770
+ if (!node?.id || !node?.children) return false;
6832
7771
  if (node.id.toLowerCase().includes("user-interface")) {
6833
7772
  return node.children.some((child) => {
6834
- const rawText = child.rawText.toLowerCase().trim();
7773
+ const rawText = child?.rawText?.toLowerCase().trim();
7774
+ if (!rawText) return false;
6835
7775
  return rawText.includes("protocol inbound telnet") || rawText === "protocol inbound all" || // Default for VTY is often telnet
6836
7776
  !rawText.includes("protocol inbound");
6837
7777
  });
@@ -6839,15 +7779,17 @@ var isTelnetEnabled = (node) => {
6839
7779
  return false;
6840
7780
  };
6841
7781
  var hasAaaAuthentication = (node) => {
7782
+ if (!node?.children) return false;
6842
7783
  return node.children.some((child) => {
6843
- const rawText = child.rawText.toLowerCase().trim();
6844
- return rawText.includes("authentication-mode aaa");
7784
+ const rawText = child?.rawText?.toLowerCase().trim();
7785
+ return rawText?.includes("authentication-mode aaa") ?? false;
6845
7786
  });
6846
7787
  };
6847
7788
  var hasPasswordAuthentication = (node) => {
7789
+ if (!node?.children) return false;
6848
7790
  return node.children.some((child) => {
6849
- const rawText = child.rawText.toLowerCase().trim();
6850
- return rawText.includes("authentication-mode password");
7791
+ const rawText = child?.rawText?.toLowerCase().trim();
7792
+ return rawText?.includes("authentication-mode password") ?? false;
6851
7793
  });
6852
7794
  };
6853
7795
  var hasIdleTimeout = (node) => {
@@ -6865,15 +7807,18 @@ var getIdleTimeout = (node) => {
6865
7807
  return void 0;
6866
7808
  };
6867
7809
  var hasAclInbound = (node) => {
7810
+ if (!node?.children) return false;
6868
7811
  return node.children.some((child) => {
6869
- const rawText = child.rawText.toLowerCase().trim();
6870
- return rawText.match(/acl\s+\d+\s+inbound/);
7812
+ const rawText = child?.rawText?.toLowerCase().trim();
7813
+ return rawText?.match(/acl\s+\d+\s+inbound/) ?? false;
6871
7814
  });
6872
7815
  };
6873
7816
  var findStanza3 = (node, stanzaName) => {
7817
+ if (!node?.id) return void 0;
6874
7818
  if (node.id.toLowerCase().startsWith(stanzaName.toLowerCase())) {
6875
7819
  return node;
6876
7820
  }
7821
+ if (!node?.children) return void 0;
6877
7822
  for (const child of node.children) {
6878
7823
  const found = findStanza3(child, stanzaName);
6879
7824
  if (found) return found;
@@ -6882,30 +7827,36 @@ var findStanza3 = (node, stanzaName) => {
6882
7827
  };
6883
7828
  var findStanzas2 = (node, stanzaName) => {
6884
7829
  const results = [];
7830
+ if (!node?.id) return results;
6885
7831
  if (node.id.toLowerCase().startsWith(stanzaName.toLowerCase())) {
6886
7832
  results.push(node);
6887
7833
  }
7834
+ if (!node?.children) return results;
6888
7835
  for (const child of node.children) {
6889
7836
  results.push(...findStanzas2(child, stanzaName));
6890
7837
  }
6891
7838
  return results;
6892
7839
  };
6893
7840
  var hasEncryptedPassword = (node) => {
7841
+ if (!node?.children) return false;
6894
7842
  return node.children.some((child) => {
6895
- const rawText = child.rawText.toLowerCase().trim();
7843
+ const rawText = child?.rawText?.toLowerCase().trim();
7844
+ if (!rawText) return false;
6896
7845
  return rawText.includes("password cipher") || rawText.includes("password irreversible-cipher");
6897
7846
  });
6898
7847
  };
6899
7848
  var hasPlaintextPassword2 = (node) => {
7849
+ if (!node?.children) return false;
6900
7850
  return node.children.some((child) => {
6901
- const rawText = child.rawText.toLowerCase().trim();
6902
- return rawText.includes("password simple");
7851
+ const rawText = child?.rawText?.toLowerCase().trim();
7852
+ return rawText?.includes("password simple") ?? false;
6903
7853
  });
6904
7854
  };
6905
7855
  var getPrivilegeLevel = (node) => {
7856
+ if (!node?.children) return void 0;
6906
7857
  const privCmd = node.children.find((child) => {
6907
- const rawText = child.rawText?.toLowerCase();
6908
- return rawText?.includes("privilege level");
7858
+ const rawText = child?.rawText?.toLowerCase();
7859
+ return rawText?.includes("privilege level") ?? false;
6909
7860
  });
6910
7861
  if (privCmd?.rawText) {
6911
7862
  const match = privCmd.rawText.match(/privilege\s+level\s+(\d+)/i);
@@ -6917,39 +7868,45 @@ var getPrivilegeLevel = (node) => {
6917
7868
  return void 0;
6918
7869
  };
6919
7870
  var hasBgpPeerPassword = (node, peerIp) => {
7871
+ if (!node?.children) return false;
6920
7872
  return node.children.some((child) => {
6921
- const rawText = child.rawText?.toLowerCase();
7873
+ const rawText = child?.rawText?.toLowerCase();
6922
7874
  return rawText?.includes(`peer ${peerIp.toLowerCase()}`) && rawText?.includes("password");
6923
7875
  });
6924
7876
  };
6925
7877
  var hasBgpPeerKeychain = (node, peerIp) => {
7878
+ if (!node?.children) return false;
6926
7879
  return node.children.some((child) => {
6927
- const rawText = child.rawText?.toLowerCase();
7880
+ const rawText = child?.rawText?.toLowerCase();
6928
7881
  return rawText?.includes(`peer ${peerIp.toLowerCase()}`) && rawText?.includes("keychain");
6929
7882
  });
6930
7883
  };
6931
7884
  var hasBgpPeerGtsm = (node, peerIp) => {
7885
+ if (!node?.children) return false;
6932
7886
  return node.children.some((child) => {
6933
- const rawText = child.rawText?.toLowerCase();
7887
+ const rawText = child?.rawText?.toLowerCase();
6934
7888
  return rawText?.includes(`peer ${peerIp.toLowerCase()}`) && rawText?.includes("valid-ttl-hops");
6935
7889
  });
6936
7890
  };
6937
7891
  var hasBgpPeerRouteLimit = (node, peerIp) => {
7892
+ if (!node?.children) return false;
6938
7893
  return node.children.some((child) => {
6939
- const rawText = child.rawText?.toLowerCase();
7894
+ const rawText = child?.rawText?.toLowerCase();
6940
7895
  return rawText?.includes(`peer ${peerIp.toLowerCase()}`) && rawText?.includes("route-limit");
6941
7896
  });
6942
7897
  };
6943
7898
  var hasBgpPeerPrefixFilter = (node, peerIp) => {
7899
+ if (!node?.children) return false;
6944
7900
  return node.children.some((child) => {
6945
- const rawText = child.rawText?.toLowerCase();
7901
+ const rawText = child?.rawText?.toLowerCase();
6946
7902
  return rawText?.includes(`peer ${peerIp.toLowerCase()}`) && (rawText?.includes("ip-prefix") || rawText?.includes("route-policy") || rawText?.includes("filter-policy"));
6947
7903
  });
6948
7904
  };
6949
7905
  var getBgpPeers = (node) => {
6950
7906
  const peers = [];
7907
+ if (!node?.children) return peers;
6951
7908
  for (const child of node.children) {
6952
- if (child.rawText) {
7909
+ if (child?.rawText) {
6953
7910
  const match = child.rawText.match(/peer\s+([\d.]+)\s+as-number/i);
6954
7911
  if (match?.[1]) {
6955
7912
  peers.push(match[1]);
@@ -6959,56 +7916,65 @@ var getBgpPeers = (node) => {
6959
7916
  return peers;
6960
7917
  };
6961
7918
  var hasBgpGracefulRestart2 = (node) => {
7919
+ if (!node?.children) return false;
6962
7920
  return node.children.some((child) => {
6963
- const rawText = child.rawText?.toLowerCase().trim();
7921
+ const rawText = child?.rawText?.toLowerCase().trim();
6964
7922
  return rawText === "graceful-restart" || rawText?.startsWith("graceful-restart ");
6965
7923
  });
6966
7924
  };
6967
7925
  var hasOspfAreaAuthentication = (node) => {
7926
+ if (!node?.children) return false;
6968
7927
  return node.children.some((child) => {
6969
- const rawText = child.rawText?.toLowerCase();
6970
- return rawText?.includes("authentication-mode");
7928
+ const rawText = child?.rawText?.toLowerCase();
7929
+ return rawText?.includes("authentication-mode") ?? false;
6971
7930
  });
6972
7931
  };
6973
7932
  var hasInterfaceOspfAuth = (node) => {
7933
+ if (!node?.children) return false;
6974
7934
  return node.children.some((child) => {
6975
- const rawText = child.rawText?.toLowerCase();
6976
- return rawText?.includes("ospf authentication-mode");
7935
+ const rawText = child?.rawText?.toLowerCase();
7936
+ return rawText?.includes("ospf authentication-mode") ?? false;
6977
7937
  });
6978
7938
  };
6979
7939
  var hasIsisAreaAuth = (node) => {
7940
+ if (!node?.children) return false;
6980
7941
  return node.children.some((child) => {
6981
- const rawText = child.rawText?.toLowerCase();
6982
- return rawText?.includes("area-authentication-mode");
7942
+ const rawText = child?.rawText?.toLowerCase();
7943
+ return rawText?.includes("area-authentication-mode") ?? false;
6983
7944
  });
6984
7945
  };
6985
7946
  var hasIsisDomainAuth = (node) => {
7947
+ if (!node?.children) return false;
6986
7948
  return node.children.some((child) => {
6987
- const rawText = child.rawText?.toLowerCase();
6988
- return rawText?.includes("domain-authentication-mode");
7949
+ const rawText = child?.rawText?.toLowerCase();
7950
+ return rawText?.includes("domain-authentication-mode") ?? false;
6989
7951
  });
6990
7952
  };
6991
7953
  var hasInterfaceIsisAuth = (node) => {
7954
+ if (!node?.children) return false;
6992
7955
  return node.children.some((child) => {
6993
- const rawText = child.rawText?.toLowerCase();
6994
- return rawText?.includes("isis authentication-mode");
7956
+ const rawText = child?.rawText?.toLowerCase();
7957
+ return rawText?.includes("isis authentication-mode") ?? false;
6995
7958
  });
6996
7959
  };
6997
7960
  var hasVrrp = (node) => {
7961
+ if (!node?.children) return false;
6998
7962
  return node.children.some((child) => {
6999
- const rawText = child.rawText?.toLowerCase();
7000
- return rawText?.includes("vrrp vrid");
7963
+ const rawText = child?.rawText?.toLowerCase();
7964
+ return rawText?.includes("vrrp vrid") ?? false;
7001
7965
  });
7002
7966
  };
7003
7967
  var hasVrrpAuthentication3 = (node) => {
7968
+ if (!node?.children) return false;
7004
7969
  return node.children.some((child) => {
7005
- const rawText = child.rawText?.toLowerCase();
7970
+ const rawText = child?.rawText?.toLowerCase();
7006
7971
  return rawText?.includes("vrrp vrid") && rawText?.includes("authentication-mode");
7007
7972
  });
7008
7973
  };
7009
7974
  var getVrrpVrid = (node) => {
7975
+ if (!node?.children) return void 0;
7010
7976
  const vrrpCmd = node.children.find((child) => {
7011
- return child.rawText?.toLowerCase().includes("vrrp vrid");
7977
+ return child?.rawText?.toLowerCase().includes("vrrp vrid") ?? false;
7012
7978
  });
7013
7979
  if (vrrpCmd?.rawText) {
7014
7980
  const match = vrrpCmd.rawText.match(/vrrp\s+vrid\s+(\d+)/i);
@@ -7019,33 +7985,38 @@ var getVrrpVrid = (node) => {
7019
7985
  return void 0;
7020
7986
  };
7021
7987
  var hasIcmpRedirectDisabled = (node) => {
7988
+ if (!node?.children) return false;
7022
7989
  return node.children.some((child) => {
7023
- const rawText = child.rawText?.toLowerCase().trim();
7990
+ const rawText = child?.rawText?.toLowerCase().trim();
7024
7991
  return rawText === "undo icmp redirect send";
7025
7992
  });
7026
7993
  };
7027
7994
  var hasDirectedBroadcastDisabled = (node) => {
7995
+ if (!node?.children) return false;
7028
7996
  return node.children.some((child) => {
7029
- const rawText = child.rawText?.toLowerCase().trim();
7997
+ const rawText = child?.rawText?.toLowerCase().trim();
7030
7998
  return rawText === "undo ip directed-broadcast enable" || rawText === "undo ip directed-broadcast";
7031
7999
  });
7032
8000
  };
7033
8001
  var hasArpProxyDisabled = (node) => {
8002
+ if (!node?.children) return false;
7034
8003
  return node.children.some((child) => {
7035
- const rawText = child.rawText?.toLowerCase().trim();
8004
+ const rawText = child?.rawText?.toLowerCase().trim();
7036
8005
  return rawText === "undo arp proxy enable" || rawText === "undo proxy-arp";
7037
8006
  });
7038
8007
  };
7039
8008
  var hasUrpf2 = (node) => {
8009
+ if (!node?.children) return false;
7040
8010
  return node.children.some((child) => {
7041
- const rawText = child.rawText?.toLowerCase();
8011
+ const rawText = child?.rawText?.toLowerCase();
7042
8012
  return rawText?.includes("urpf strict") || rawText?.includes("urpf loose");
7043
8013
  });
7044
8014
  };
7045
8015
  var getUrpfMode3 = (node) => {
8016
+ if (!node?.children) return void 0;
7046
8017
  const urpfCmd = node.children.find((child) => {
7047
- const rawText = child.rawText?.toLowerCase();
7048
- return rawText?.includes("urpf");
8018
+ const rawText = child?.rawText?.toLowerCase();
8019
+ return rawText?.includes("urpf") ?? false;
7049
8020
  });
7050
8021
  if (urpfCmd?.rawText) {
7051
8022
  const rawText = urpfCmd.rawText.toLowerCase();
@@ -7055,21 +8026,24 @@ var getUrpfMode3 = (node) => {
7055
8026
  return void 0;
7056
8027
  };
7057
8028
  var hasLldpDisabled = (node) => {
8029
+ if (!node?.children) return false;
7058
8030
  return node.children.some((child) => {
7059
- const rawText = child.rawText?.toLowerCase().trim();
8031
+ const rawText = child?.rawText?.toLowerCase().trim();
7060
8032
  return rawText === "undo lldp enable";
7061
8033
  });
7062
8034
  };
7063
8035
  var hasNtpAuthentication3 = (node) => {
8036
+ if (!node?.children) return false;
7064
8037
  return node.children.some((child) => {
7065
- const rawText = child.rawText?.toLowerCase().trim();
8038
+ const rawText = child?.rawText?.toLowerCase().trim();
7066
8039
  return rawText === "authentication enable";
7067
8040
  });
7068
8041
  };
7069
8042
  var hasNtpAuthKey = (node) => {
8043
+ if (!node?.children) return false;
7070
8044
  return node.children.some((child) => {
7071
- const rawText = child.rawText?.toLowerCase();
7072
- return rawText?.includes("authentication-keyid");
8045
+ const rawText = child?.rawText?.toLowerCase();
8046
+ return rawText?.includes("authentication-keyid") ?? false;
7073
8047
  });
7074
8048
  };
7075
8049
  var hasSshStrongCiphers = (node) => {
@@ -7101,8 +8075,9 @@ var hasCpuDefendPolicy = (node) => {
7101
8075
  return node.id.toLowerCase().startsWith("cpu-defend policy");
7102
8076
  };
7103
8077
  var hasCpuDefendAutoDefend = (node) => {
8078
+ if (!node?.children) return false;
7104
8079
  return node.children.some((child) => {
7105
- const rawText = child.rawText?.toLowerCase().trim();
8080
+ const rawText = child?.rawText?.toLowerCase().trim();
7106
8081
  return rawText === "auto-defend enable";
7107
8082
  });
7108
8083
  };
@@ -7125,15 +8100,17 @@ var isIpSourceRouteDisabled = (rawText) => {
7125
8100
  return rawText.toLowerCase().trim() === "undo ip source-route";
7126
8101
  };
7127
8102
  var hasHwtacacsSharedKey = (node) => {
8103
+ if (!node?.children) return false;
7128
8104
  return node.children.some((child) => {
7129
- const rawText = child.rawText?.toLowerCase();
7130
- return rawText?.includes("shared-key cipher");
8105
+ const rawText = child?.rawText?.toLowerCase();
8106
+ return rawText?.includes("shared-key cipher") ?? false;
7131
8107
  });
7132
8108
  };
7133
8109
  var hasHwtacacsSecondary = (node) => {
8110
+ if (!node?.children) return false;
7134
8111
  return node.children.some((child) => {
7135
- const rawText = child.rawText?.toLowerCase();
7136
- return rawText?.includes("secondary");
8112
+ const rawText = child?.rawText?.toLowerCase();
8113
+ return rawText?.includes("secondary") ?? false;
7137
8114
  });
7138
8115
  };
7139
8116
 
@@ -7210,7 +8187,8 @@ __export(juniper_exports, {
7210
8187
 
7211
8188
  // ../core/src/helpers/juniper/helpers.ts
7212
8189
  var isDisabled = (node) => {
7213
- return node.children.some((child) => equalsIgnoreCase(child.id.trim(), "disable"));
8190
+ if (!node?.children) return false;
8191
+ return node.children.some((child) => child?.id && equalsIgnoreCase(child.id.trim(), "disable"));
7214
8192
  };
7215
8193
  var isPhysicalJunosPort = (interfaceName) => {
7216
8194
  return startsWithIgnoreCase(interfaceName, "ge-") || startsWithIgnoreCase(interfaceName, "xe-") || startsWithIgnoreCase(interfaceName, "et-") || startsWithIgnoreCase(interfaceName, "ae") || startsWithIgnoreCase(interfaceName, "em") || startsWithIgnoreCase(interfaceName, "fxp");
@@ -7239,29 +8217,35 @@ var parseJunosAddress = (address) => {
7239
8217
  };
7240
8218
  };
7241
8219
  var findStanza4 = (node, stanzaName) => {
8220
+ if (!node?.children) return void 0;
7242
8221
  return node.children.find(
7243
- (child) => equalsIgnoreCase(child.id, stanzaName)
8222
+ (child) => child?.id && equalsIgnoreCase(child.id, stanzaName)
7244
8223
  );
7245
8224
  };
7246
8225
  var findStanzas3 = (node, pattern) => {
7247
- return node.children.filter((child) => pattern.test(child.id));
8226
+ if (!node?.children) return [];
8227
+ return node.children.filter((child) => child?.id && pattern.test(child.id));
7248
8228
  };
7249
8229
  var getInterfaceUnits = (interfaceNode) => {
8230
+ if (!interfaceNode?.children) return [];
7250
8231
  return interfaceNode.children.filter(
7251
- (child) => startsWithIgnoreCase(child.id, "unit")
8232
+ (child) => child?.id && startsWithIgnoreCase(child.id, "unit")
7252
8233
  );
7253
8234
  };
7254
8235
  var getTermAction = (termNode) => {
8236
+ if (!termNode?.children) return void 0;
7255
8237
  for (const child of termNode.children) {
7256
- const id = child.id.trim();
8238
+ const id = child?.id?.trim();
8239
+ if (!id) continue;
7257
8240
  if (equalsIgnoreCase(id, "then accept") || equalsIgnoreCase(id, "then accept;")) return "accept";
7258
8241
  if (equalsIgnoreCase(id, "then reject") || equalsIgnoreCase(id, "then reject;")) return "reject";
7259
8242
  if (startsWithIgnoreCase(id, "then next")) return "next";
7260
8243
  }
7261
8244
  const thenStanza = findStanza4(termNode, "then");
7262
- if (!thenStanza) return void 0;
8245
+ if (!thenStanza?.children) return void 0;
7263
8246
  for (const child of thenStanza.children) {
7264
- const id = child.id.trim();
8247
+ const id = child?.id?.trim();
8248
+ if (!id) continue;
7265
8249
  if (equalsIgnoreCase(id, "accept") || equalsIgnoreCase(id, "accept;")) return "accept";
7266
8250
  if (equalsIgnoreCase(id, "reject") || equalsIgnoreCase(id, "reject;")) return "reject";
7267
8251
  if (startsWithIgnoreCase(id, "next")) return "next";
@@ -7269,16 +8253,19 @@ var getTermAction = (termNode) => {
7269
8253
  return void 0;
7270
8254
  };
7271
8255
  var isFilterTermDrop = (termNode) => {
8256
+ if (!termNode?.children) return false;
7272
8257
  for (const child of termNode.children) {
7273
- const id = child.id.trim();
8258
+ const id = child?.id?.trim();
8259
+ if (!id) continue;
7274
8260
  if (equalsIgnoreCase(id, "then discard") || equalsIgnoreCase(id, "then discard;") || equalsIgnoreCase(id, "then reject") || equalsIgnoreCase(id, "then reject;")) {
7275
8261
  return true;
7276
8262
  }
7277
8263
  }
7278
8264
  const thenStanza = findStanza4(termNode, "then");
7279
- if (!thenStanza) return false;
8265
+ if (!thenStanza?.children) return false;
7280
8266
  for (const child of thenStanza.children) {
7281
- const id = child.id.trim();
8267
+ const id = child?.id?.trim();
8268
+ if (!id) continue;
7282
8269
  if (equalsIgnoreCase(id, "discard") || equalsIgnoreCase(id, "discard;") || equalsIgnoreCase(id, "reject") || equalsIgnoreCase(id, "reject;")) {
7283
8270
  return true;
7284
8271
  }
@@ -7287,9 +8274,9 @@ var isFilterTermDrop = (termNode) => {
7287
8274
  };
7288
8275
  var isSshV2Only = (servicesNode) => {
7289
8276
  const ssh = findStanza4(servicesNode, "ssh");
7290
- if (!ssh) return false;
8277
+ if (!ssh?.children) return false;
7291
8278
  for (const child of ssh.children) {
7292
- if (includesIgnoreCase(child.id, "protocol-version") && includesIgnoreCase(child.id, "v2") && !includesIgnoreCase(child.id, "v1")) {
8279
+ if (child?.id && includesIgnoreCase(child.id, "protocol-version") && includesIgnoreCase(child.id, "v2") && !includesIgnoreCase(child.id, "v1")) {
7293
8280
  return true;
7294
8281
  }
7295
8282
  }
@@ -7297,9 +8284,9 @@ var isSshV2Only = (servicesNode) => {
7297
8284
  };
7298
8285
  var isSshRootLoginDenied = (servicesNode) => {
7299
8286
  const ssh = findStanza4(servicesNode, "ssh");
7300
- if (!ssh) return false;
8287
+ if (!ssh?.children) return false;
7301
8288
  for (const child of ssh.children) {
7302
- if (includesIgnoreCase(child.id, "root-login") && includesIgnoreCase(child.id, "deny")) {
8289
+ if (child?.id && includesIgnoreCase(child.id, "root-login") && includesIgnoreCase(child.id, "deny")) {
7303
8290
  return true;
7304
8291
  }
7305
8292
  }
@@ -7410,14 +8397,17 @@ var hasBgpTtlSecurity2 = (groupNode) => {
7410
8397
  return hasChildCommand(groupNode, "ttl") || hasChildCommand(groupNode, "multihop");
7411
8398
  };
7412
8399
  var hasBgpPrefixLimit = (groupNode) => {
8400
+ if (!groupNode?.children) return false;
7413
8401
  const family = findStanza4(groupNode, "family");
7414
8402
  if (!family) {
7415
8403
  for (const child of groupNode.children) {
7416
- if (startsWithIgnoreCase(child.id, "family")) {
8404
+ if (child?.id && startsWithIgnoreCase(child.id, "family")) {
7417
8405
  const hasLimit = hasChildCommand(child, "prefix-limit");
7418
8406
  if (hasLimit) return true;
7419
- for (const nested of child.children) {
7420
- if (hasChildCommand(nested, "prefix-limit")) return true;
8407
+ if (child?.children) {
8408
+ for (const nested of child.children) {
8409
+ if (hasChildCommand(nested, "prefix-limit")) return true;
8410
+ }
7421
8411
  }
7422
8412
  }
7423
8413
  }
@@ -7429,7 +8419,8 @@ var hasBgpPolicies = (groupNode) => {
7429
8419
  return hasChildCommand(groupNode, "import") || hasChildCommand(groupNode, "export");
7430
8420
  };
7431
8421
  var isBgpGroupExternal = (groupNode) => {
7432
- return groupNode.children.some((child) => includesIgnoreCase(child.id, "type external"));
8422
+ if (!groupNode?.children) return false;
8423
+ return groupNode.children.some((child) => child?.id && includesIgnoreCase(child.id, "type external"));
7433
8424
  };
7434
8425
  var hasGracefulRestart = (routingOptionsNode) => {
7435
8426
  return hasChildCommand(routingOptionsNode, "graceful-restart");
@@ -7467,8 +8458,9 @@ var hasPolicyLogging = (policyNode) => {
7467
8458
  return hasChildCommand(thenStanza, "log");
7468
8459
  };
7469
8460
  var hasStrongDhGroup = (proposalNode) => {
8461
+ if (!proposalNode?.children) return false;
7470
8462
  for (const child of proposalNode.children) {
7471
- if (includesIgnoreCase(child.id, "dh-group")) {
8463
+ if (child?.id && includesIgnoreCase(child.id, "dh-group")) {
7472
8464
  if (includesIgnoreCase(child.id, "group1") && !includesIgnoreCase(child.id, "group14")) return false;
7473
8465
  if (includesIgnoreCase(child.id, "group2") && !includesIgnoreCase(child.id, "group21")) return false;
7474
8466
  if (includesIgnoreCase(child.id, "group5")) return false;
@@ -7480,8 +8472,9 @@ var hasStrongDhGroup = (proposalNode) => {
7480
8472
  return false;
7481
8473
  };
7482
8474
  var hasStrongEncryption = (proposalNode) => {
8475
+ if (!proposalNode?.children) return false;
7483
8476
  for (const child of proposalNode.children) {
7484
- if (includesIgnoreCase(child.id, "encryption-algorithm")) {
8477
+ if (child?.id && includesIgnoreCase(child.id, "encryption-algorithm")) {
7485
8478
  if (includesIgnoreCase(child.id, "aes-256") || includesIgnoreCase(child.id, "aes-gcm-256")) {
7486
8479
  return true;
7487
8480
  }
@@ -7693,9 +8686,11 @@ var isSetCommand = (nodeOrCommand) => {
7693
8686
  return /^set\s+/i.test(str.trim());
7694
8687
  };
7695
8688
  var getAddCommands = (node) => {
8689
+ if (!node?.children) return [];
7696
8690
  return node.children.filter((child) => isAddCommand(child));
7697
8691
  };
7698
8692
  var getSetCommands = (node) => {
8693
+ if (!node?.children) return [];
7699
8694
  return node.children.filter((child) => isSetCommand(child));
7700
8695
  };
7701
8696
  var isPathBlock = (node, path) => {
@@ -7704,13 +8699,15 @@ var isPathBlock = (node, path) => {
7704
8699
  return nodeId === targetPath || nodeId.startsWith(targetPath + " ");
7705
8700
  };
7706
8701
  var findPathBlock = (node, pathPrefix) => {
8702
+ if (!node?.children) return void 0;
7707
8703
  return node.children.find(
7708
- (child) => child.id.toLowerCase().trim().startsWith(pathPrefix.toLowerCase())
8704
+ (child) => child?.id?.toLowerCase().trim().startsWith(pathPrefix.toLowerCase())
7709
8705
  );
7710
8706
  };
7711
8707
  var findPathBlocks = (node, pathPrefix) => {
8708
+ if (!node?.children) return [];
7712
8709
  return node.children.filter(
7713
- (child) => child.id.toLowerCase().trim().startsWith(pathPrefix.toLowerCase())
8710
+ (child) => child?.id?.toLowerCase().trim().startsWith(pathPrefix.toLowerCase())
7714
8711
  );
7715
8712
  };
7716
8713
  var parseMikroTikAddress = (address) => {
@@ -7756,6 +8753,7 @@ var isServiceDisabled = (nodeOrCommand) => {
7756
8753
  return disabled?.toLowerCase() === "yes";
7757
8754
  };
7758
8755
  var getFirewallRules = (firewallNode) => {
8756
+ if (!firewallNode?.children) return [];
7759
8757
  return firewallNode.children.filter((child) => isAddCommand(child));
7760
8758
  };
7761
8759
  var getNatAction = (nodeOrCommand) => {
@@ -7771,6 +8769,7 @@ var getInInterface = (nodeOrCommand) => {
7771
8769
  return parseProperty(str, "in-interface");
7772
8770
  };
7773
8771
  var getSystemIdentity = (node) => {
8772
+ if (!node?.children) return void 0;
7774
8773
  for (const child of node.children) {
7775
8774
  if (isSetCommand(child)) {
7776
8775
  const name = getName(child);
@@ -7785,10 +8784,11 @@ var isNtpEnabled = (nodeOrCommand) => {
7785
8784
  return enabled?.toLowerCase() === "yes";
7786
8785
  };
7787
8786
  var getNtpServers = (ntpNode) => {
8787
+ if (!ntpNode?.children) return [];
7788
8788
  const servers = [];
7789
8789
  for (const child of ntpNode.children) {
7790
8790
  if (isAddCommand(child)) {
7791
- const address = parseProperty(child.id, "address");
8791
+ const address = parseProperty(child?.id, "address");
7792
8792
  if (address) servers.push(address);
7793
8793
  }
7794
8794
  }
@@ -8067,25 +9067,28 @@ __export(nokia_exports, {
8067
9067
 
8068
9068
  // ../core/src/helpers/nokia/helpers.ts
8069
9069
  var isAdminStateEnabled = (node) => {
9070
+ if (!node?.children) return false;
8070
9071
  const directCheck = node.children.some((child) => {
8071
- const rawText = child.rawText.toLowerCase().trim();
9072
+ const rawText = child?.rawText?.toLowerCase().trim();
8072
9073
  return rawText === "admin-state enable" || rawText === "admin-state up";
8073
9074
  });
8074
9075
  if (directCheck) return true;
8075
- const nodeText = node.rawText.toLowerCase();
9076
+ const nodeText = node?.rawText?.toLowerCase() ?? "";
8076
9077
  return nodeText.includes("admin-state enable") || nodeText.includes("admin-state up");
8077
9078
  };
8078
9079
  var isAdminStateDisabled = (node) => {
9080
+ if (!node?.children) return false;
8079
9081
  const directCheck = node.children.some((child) => {
8080
- const rawText = child.rawText.toLowerCase().trim();
9082
+ const rawText = child?.rawText?.toLowerCase().trim();
8081
9083
  return rawText === "admin-state disable";
8082
9084
  });
8083
9085
  if (directCheck) return true;
8084
- return node.rawText.toLowerCase().includes("admin-state disable");
9086
+ return node?.rawText?.toLowerCase().includes("admin-state disable") ?? false;
8085
9087
  };
8086
9088
  var isShutdown5 = (node) => {
9089
+ if (!node?.children) return false;
8087
9090
  return node.children.some((child) => {
8088
- const rawText = child.rawText.toLowerCase().trim();
9091
+ const rawText = child?.rawText?.toLowerCase().trim();
8089
9092
  return rawText === "shutdown";
8090
9093
  });
8091
9094
  };
@@ -8107,15 +9110,16 @@ var isSystemInterface = (interfaceName) => {
8107
9110
  return name.includes("system") || name.includes("loopback") || name === '"system"';
8108
9111
  };
8109
9112
  var getPortMode = (node) => {
9113
+ if (!node?.children) return void 0;
8110
9114
  const ethernetNode = node.children.find(
8111
- (child) => child.id.toLowerCase() === "ethernet"
9115
+ (child) => child?.id?.toLowerCase() === "ethernet"
8112
9116
  );
8113
- if (ethernetNode) {
9117
+ if (ethernetNode?.children) {
8114
9118
  const modeCmd = ethernetNode.children.find((child) => {
8115
- const rawText = child.rawText.toLowerCase().trim();
8116
- return rawText.startsWith("mode");
9119
+ const rawText = child?.rawText?.toLowerCase().trim();
9120
+ return rawText?.startsWith("mode");
8117
9121
  });
8118
- if (modeCmd) {
9122
+ if (modeCmd?.rawText) {
8119
9123
  if (modeCmd.rawText.toLowerCase().includes("network")) {
8120
9124
  return "network";
8121
9125
  }
@@ -8137,7 +9141,7 @@ var hasDescription4 = (node) => {
8137
9141
  };
8138
9142
  var getDescription3 = (node) => {
8139
9143
  const descCmd = getChildCommand(node, "description");
8140
- if (descCmd) {
9144
+ if (descCmd?.rawText) {
8141
9145
  const match = descCmd.rawText.match(/description\s+"([^"]+)"|description\s+(\S+)/i);
8142
9146
  if (match) {
8143
9147
  return match[1] || match[2];
@@ -8146,10 +9150,11 @@ var getDescription3 = (node) => {
8146
9150
  return void 0;
8147
9151
  };
8148
9152
  var getSystemName = (node) => {
9153
+ if (!node?.children) return void 0;
8149
9154
  const nameCmd = node.children.find((child) => {
8150
- return child.id.toLowerCase().startsWith("name");
9155
+ return child?.id?.toLowerCase().startsWith("name");
8151
9156
  });
8152
- if (nameCmd) {
9157
+ if (nameCmd?.rawText) {
8153
9158
  const match = nameCmd.rawText.match(/name\s+"([^"]+)"/i);
8154
9159
  if (match) {
8155
9160
  return match[1];
@@ -8158,17 +9163,19 @@ var getSystemName = (node) => {
8158
9163
  return void 0;
8159
9164
  };
8160
9165
  var hasIpAddress2 = (node) => {
9166
+ if (!node?.children) return false;
8161
9167
  return node.children.some((child) => {
8162
- const rawText = child.rawText.toLowerCase().trim();
8163
- return rawText.startsWith("address");
9168
+ const rawText = child?.rawText?.toLowerCase().trim();
9169
+ return rawText?.startsWith("address") ?? false;
8164
9170
  });
8165
9171
  };
8166
9172
  var getIpAddress = (node) => {
9173
+ if (!node?.children) return void 0;
8167
9174
  const addrCmd = node.children.find((child) => {
8168
- const rawText = child.rawText.toLowerCase().trim();
8169
- return rawText.startsWith("address");
9175
+ const rawText = child?.rawText?.toLowerCase().trim();
9176
+ return rawText?.startsWith("address") ?? false;
8170
9177
  });
8171
- if (addrCmd) {
9178
+ if (addrCmd?.rawText) {
8172
9179
  const match = addrCmd.rawText.match(/address\s+([\d./:a-fA-F]+)/i);
8173
9180
  if (match) {
8174
9181
  return match[1];
@@ -8177,17 +9184,19 @@ var getIpAddress = (node) => {
8177
9184
  return void 0;
8178
9185
  };
8179
9186
  var hasPortAssignment = (node) => {
9187
+ if (!node?.children) return false;
8180
9188
  return node.children.some((child) => {
8181
- const rawText = child.rawText.toLowerCase().trim();
8182
- return rawText.startsWith("port");
9189
+ const rawText = child?.rawText?.toLowerCase().trim();
9190
+ return rawText?.startsWith("port") ?? false;
8183
9191
  });
8184
9192
  };
8185
9193
  var getPortAssignment = (node) => {
9194
+ if (!node?.children) return void 0;
8186
9195
  const portCmd = node.children.find((child) => {
8187
- const rawText = child.rawText.toLowerCase().trim();
8188
- return rawText.startsWith("port");
9196
+ const rawText = child?.rawText?.toLowerCase().trim();
9197
+ return rawText?.startsWith("port") ?? false;
8189
9198
  });
8190
- if (portCmd) {
9199
+ if (portCmd?.rawText) {
8191
9200
  const match = portCmd.rawText.match(/port\s+([\d/]+)/i);
8192
9201
  if (match) {
8193
9202
  return match[1];
@@ -8200,7 +9209,7 @@ var hasBgpRouterId2 = (node) => {
8200
9209
  };
8201
9210
  var getBgpRouterId = (node) => {
8202
9211
  const routerIdCmd = getChildCommand(node, "router-id");
8203
- if (routerIdCmd) {
9212
+ if (routerIdCmd?.rawText) {
8204
9213
  const match = routerIdCmd.rawText.match(/router-id\s+([\d.]+)/i);
8205
9214
  if (match) {
8206
9215
  return match[1];
@@ -8209,9 +9218,10 @@ var getBgpRouterId = (node) => {
8209
9218
  return void 0;
8210
9219
  };
8211
9220
  var findStanza5 = (node, stanzaName) => {
8212
- if (node.id.toLowerCase().startsWith(stanzaName.toLowerCase())) {
9221
+ if (node?.id?.toLowerCase().startsWith(stanzaName.toLowerCase())) {
8213
9222
  return node;
8214
9223
  }
9224
+ if (!node?.children) return void 0;
8215
9225
  for (const child of node.children) {
8216
9226
  const found = findStanza5(child, stanzaName);
8217
9227
  if (found) return found;
@@ -8220,26 +9230,29 @@ var findStanza5 = (node, stanzaName) => {
8220
9230
  };
8221
9231
  var findStanzas4 = (node, stanzaName) => {
8222
9232
  const results = [];
8223
- if (node.id.toLowerCase().startsWith(stanzaName.toLowerCase())) {
9233
+ if (node?.id?.toLowerCase().startsWith(stanzaName.toLowerCase())) {
8224
9234
  results.push(node);
8225
9235
  }
9236
+ if (!node?.children) return results;
8226
9237
  for (const child of node.children) {
8227
9238
  results.push(...findStanzas4(child, stanzaName));
8228
9239
  }
8229
9240
  return results;
8230
9241
  };
8231
9242
  var hasSap = (node) => {
9243
+ if (!node?.children) return false;
8232
9244
  return node.children.some((child) => {
8233
- const rawText = child.rawText.toLowerCase().trim();
8234
- return rawText.startsWith("sap");
9245
+ const rawText = child?.rawText?.toLowerCase().trim();
9246
+ return rawText?.startsWith("sap") ?? false;
8235
9247
  });
8236
9248
  };
8237
9249
  var getSapId = (node) => {
9250
+ if (!node?.children) return void 0;
8238
9251
  const sapCmd = node.children.find((child) => {
8239
- const rawText = child.rawText.toLowerCase().trim();
8240
- return rawText.startsWith("sap");
9252
+ const rawText = child?.rawText?.toLowerCase().trim();
9253
+ return rawText?.startsWith("sap") ?? false;
8241
9254
  });
8242
- if (sapCmd) {
9255
+ if (sapCmd?.rawText) {
8243
9256
  const match = sapCmd.rawText.match(/sap\s+([\d/:]+)/i);
8244
9257
  if (match) {
8245
9258
  return match[1];
@@ -8248,38 +9261,43 @@ var getSapId = (node) => {
8248
9261
  return void 0;
8249
9262
  };
8250
9263
  var isSnmpEnabled = (node) => {
9264
+ if (!node?.id) return false;
8251
9265
  if (node.id.toLowerCase() === "snmp") {
8252
9266
  return isAdminStateEnabled(node);
8253
9267
  }
8254
9268
  return false;
8255
9269
  };
8256
9270
  var hasNtpServer2 = (node) => {
9271
+ if (!node?.children) return false;
8257
9272
  return node.children.some((child) => {
8258
- const rawText = child.rawText.toLowerCase().trim();
9273
+ const rawText = child?.rawText?.toLowerCase().trim() ?? "";
8259
9274
  return rawText.includes("ntp-server") || rawText.includes("server");
8260
9275
  });
8261
9276
  };
8262
9277
  var isSshEnabled2 = (node) => {
9278
+ if (!node?.id || !node?.children) return false;
8263
9279
  if (node.id.toLowerCase().includes("security") || node.id.toLowerCase().includes("management-interface")) {
8264
9280
  return node.children.some((child) => {
8265
- const rawText = child.rawText.toLowerCase().trim();
9281
+ const rawText = child?.rawText?.toLowerCase().trim() ?? "";
8266
9282
  return rawText.includes("ssh") && !rawText.includes("no ssh");
8267
9283
  });
8268
9284
  }
8269
9285
  return false;
8270
9286
  };
8271
9287
  var isTelnetEnabled2 = (node) => {
9288
+ if (!node?.id || !node?.children) return false;
8272
9289
  if (node.id.toLowerCase().includes("security") || node.id.toLowerCase().includes("management-interface")) {
8273
9290
  return node.children.some((child) => {
8274
- const rawText = child.rawText.toLowerCase().trim();
9291
+ const rawText = child?.rawText?.toLowerCase().trim() ?? "";
8275
9292
  return rawText.includes("telnet") && !rawText.includes("no telnet");
8276
9293
  });
8277
9294
  }
8278
9295
  return false;
8279
9296
  };
8280
9297
  var hasAuthentication = (node) => {
9298
+ if (!node?.children) return false;
8281
9299
  return node.children.some((child) => {
8282
- const rawText = child.rawText?.toLowerCase().trim();
9300
+ const rawText = child?.rawText?.toLowerCase().trim();
8283
9301
  if (!rawText) {
8284
9302
  return false;
8285
9303
  }
@@ -8287,6 +9305,7 @@ var hasAuthentication = (node) => {
8287
9305
  });
8288
9306
  };
8289
9307
  var getInterfaceName3 = (node) => {
9308
+ if (!node?.id) return "";
8290
9309
  const match = node.id.match(/interface\s+"([^"]+)"|interface\s+(\S+)/i);
8291
9310
  const quoted = match?.[1];
8292
9311
  const unquoted = match?.[2];
@@ -8295,6 +9314,7 @@ var getInterfaceName3 = (node) => {
8295
9314
  return node.id.replace(/^interface\s+/i, "").trim();
8296
9315
  };
8297
9316
  var getRouterName = (node) => {
9317
+ if (!node?.id) return "Base";
8298
9318
  const match = node.id.match(/router\s+"([^"]+)"|router\s+(\S+)/i);
8299
9319
  const quoted = match?.[1];
8300
9320
  const unquoted = match?.[2];
@@ -8306,6 +9326,7 @@ var hasPeerDescription = (node) => {
8306
9326
  return hasChildCommand(node, "description");
8307
9327
  };
8308
9328
  var getServiceType = (node) => {
9329
+ if (!node?.id) return void 0;
8309
9330
  const id = node.id.toLowerCase();
8310
9331
  if (id.includes("vpls")) return "vpls";
8311
9332
  if (id.includes("vprn")) return "vprn";
@@ -8314,6 +9335,7 @@ var getServiceType = (node) => {
8314
9335
  return void 0;
8315
9336
  };
8316
9337
  var getServiceId = (node) => {
9338
+ if (!node?.id) return void 0;
8317
9339
  const match = node.id.match(/(vpls|vprn|epipe|ies)\s+(\d+)/i);
8318
9340
  const serviceId = match?.[2];
8319
9341
  if (serviceId) {
@@ -8322,17 +9344,19 @@ var getServiceId = (node) => {
8322
9344
  return void 0;
8323
9345
  };
8324
9346
  var hasCustomer = (node) => {
9347
+ if (!node?.children) return false;
8325
9348
  return node.children.some((child) => {
8326
- const rawText = child.rawText?.toLowerCase().trim();
9349
+ const rawText = child?.rawText?.toLowerCase().trim();
8327
9350
  return rawText?.startsWith("customer") ?? false;
8328
9351
  });
8329
9352
  };
8330
9353
  var getCustomerId = (node) => {
9354
+ if (!node?.children) return void 0;
8331
9355
  const customerCmd = node.children.find((child) => {
8332
- const rawText = child.rawText.toLowerCase().trim();
8333
- return rawText.startsWith("customer");
9356
+ const rawText = child?.rawText?.toLowerCase().trim();
9357
+ return rawText?.startsWith("customer") ?? false;
8334
9358
  });
8335
- if (customerCmd) {
9359
+ if (customerCmd?.rawText) {
8336
9360
  const match = customerCmd.rawText.match(/customer\s+(\d+)/i);
8337
9361
  if (match) {
8338
9362
  return match[1];
@@ -8341,10 +9365,11 @@ var getCustomerId = (node) => {
8341
9365
  return void 0;
8342
9366
  };
8343
9367
  var searchNodeRecursively = (node, predicate) => {
8344
- const rawText = node.rawText.toLowerCase().trim();
9368
+ const rawText = node?.rawText?.toLowerCase().trim() ?? "";
8345
9369
  if (predicate(rawText)) {
8346
9370
  return true;
8347
9371
  }
9372
+ if (!node?.children) return false;
8348
9373
  return node.children.some((child) => searchNodeRecursively(child, predicate));
8349
9374
  };
8350
9375
  var hasTacacsConfig = (node) => {
@@ -8471,7 +9496,7 @@ var hasUrpf3 = (node) => {
8471
9496
  var getUrpfMode4 = (node) => {
8472
9497
  let mode;
8473
9498
  const findMode = (n) => {
8474
- const rawText = n.rawText.toLowerCase();
9499
+ const rawText = n?.rawText?.toLowerCase() ?? "";
8475
9500
  if (rawText.includes("urpf-check")) {
8476
9501
  if (rawText.includes("strict")) {
8477
9502
  mode = "strict";
@@ -8484,7 +9509,9 @@ var getUrpfMode4 = (node) => {
8484
9509
  } else if (rawText.includes("mode loose")) {
8485
9510
  mode = "loose";
8486
9511
  }
8487
- n.children.forEach(findMode);
9512
+ if (n?.children) {
9513
+ n.children.forEach(findMode);
9514
+ }
8488
9515
  };
8489
9516
  findMode(node);
8490
9517
  return mode;
@@ -8538,6 +9565,7 @@ var hasGrtLeaking = (node) => {
8538
9565
  return searchNodeRecursively(node, (rawText) => rawText.includes("grt-leaking"));
8539
9566
  };
8540
9567
  var getBgpNeighborIp = (node) => {
9568
+ if (!node?.id) return "";
8541
9569
  const match = node.id.match(/neighbor\s+"?([^"]+)"?|neighbor\s+([\d.:a-fA-F]+)/i);
8542
9570
  if (match) {
8543
9571
  return match[1] ?? match[2] ?? node.id.replace(/^neighbor\s+/i, "").trim();
@@ -8545,6 +9573,7 @@ var getBgpNeighborIp = (node) => {
8545
9573
  return node.id.replace(/^neighbor\s+/i, "").trim();
8546
9574
  };
8547
9575
  var getBgpGroupName = (node) => {
9576
+ if (!node?.id) return "";
8548
9577
  const match = node.id.match(/group\s+"([^"]+)"/i);
8549
9578
  if (match?.[1]) {
8550
9579
  return match[1];
@@ -8610,12 +9639,14 @@ __export(paloalto_exports, {
8610
9639
 
8611
9640
  // ../core/src/helpers/paloalto/helpers.ts
8612
9641
  var findStanza6 = (node, stanzaName) => {
9642
+ if (!node?.children) return void 0;
8613
9643
  return node.children.find(
8614
- (child) => child.id.toLowerCase() === stanzaName.toLowerCase()
9644
+ (child) => child?.id?.toLowerCase() === stanzaName.toLowerCase()
8615
9645
  );
8616
9646
  };
8617
9647
  var findStanzas5 = (node, pattern) => {
8618
- return node.children.filter((child) => pattern.test(child.id.toLowerCase()));
9648
+ if (!node?.children) return [];
9649
+ return node.children.filter((child) => child?.id && pattern.test(child.id.toLowerCase()));
8619
9650
  };
8620
9651
  var hasLogging2 = (ruleNode) => {
8621
9652
  const logStart = hasChildCommand(ruleNode, "log-start");
@@ -8651,27 +9682,28 @@ var isDenyRule = (ruleNode) => {
8651
9682
  };
8652
9683
  var getSourceZones = (ruleNode) => {
8653
9684
  const from = findStanza6(ruleNode, "from");
8654
- if (!from) return [];
8655
- return from.children.map((child) => child.id.trim());
9685
+ if (!from?.children) return [];
9686
+ return from.children.map((child) => child?.id?.trim() ?? "").filter(Boolean);
8656
9687
  };
8657
9688
  var getDestinationZones = (ruleNode) => {
8658
9689
  const to = findStanza6(ruleNode, "to");
8659
- if (!to) return [];
8660
- return to.children.map((child) => child.id.trim());
9690
+ if (!to?.children) return [];
9691
+ return to.children.map((child) => child?.id?.trim() ?? "").filter(Boolean);
8661
9692
  };
8662
9693
  var getApplications = (ruleNode) => {
9694
+ if (!ruleNode?.children) return [];
8663
9695
  const application = findStanza6(ruleNode, "application");
8664
- if (application && application.children.length > 0) {
8665
- return application.children.map((child) => child.id.trim());
9696
+ if (application?.children && application.children.length > 0) {
9697
+ return application.children.map((child) => child?.id?.trim() ?? "").filter(Boolean);
8666
9698
  }
8667
9699
  const appCommands = ruleNode.children.filter(
8668
- (child) => child.id.toLowerCase().startsWith("application ")
9700
+ (child) => child?.id?.toLowerCase().startsWith("application ")
8669
9701
  );
8670
9702
  if (appCommands.length > 0) {
8671
9703
  return appCommands.map((cmd) => {
8672
- const parts = cmd.id.split(/\s+/);
9704
+ const parts = cmd?.id?.split(/\s+/) ?? [];
8673
9705
  return parts.slice(1).join(" ").replace(/;$/, "").trim();
8674
- });
9706
+ }).filter(Boolean);
8675
9707
  }
8676
9708
  return [];
8677
9709
  };
@@ -8680,57 +9712,60 @@ var hasAnyApplication = (ruleNode) => {
8680
9712
  return apps.some((app) => app.toLowerCase() === "any");
8681
9713
  };
8682
9714
  var hasAnySource = (ruleNode) => {
9715
+ if (!ruleNode?.children) return false;
8683
9716
  const source = findStanza6(ruleNode, "source");
8684
- if (source && source.children.length > 0) {
9717
+ if (source?.children && source.children.length > 0) {
8685
9718
  return source.children.some((child) => {
8686
- const id = child.id.toLowerCase().trim().replace(/;$/, "");
9719
+ const id = child?.id?.toLowerCase().trim().replace(/;$/, "");
8687
9720
  return id === "any" || id === "0.0.0.0/0";
8688
9721
  });
8689
9722
  }
8690
9723
  const sourceCommands = ruleNode.children.filter(
8691
- (child) => child.id.toLowerCase().startsWith("source ")
9724
+ (child) => child?.id?.toLowerCase().startsWith("source ")
8692
9725
  );
8693
9726
  if (sourceCommands.length > 0) {
8694
9727
  return sourceCommands.some((cmd) => {
8695
- const value = cmd.id.split(/\s+/).slice(1).join(" ").toLowerCase().replace(/;$/, "").trim();
9728
+ const value = cmd?.id?.split(/\s+/).slice(1).join(" ").toLowerCase().replace(/;$/, "").trim();
8696
9729
  return value === "any" || value === "0.0.0.0/0";
8697
9730
  });
8698
9731
  }
8699
9732
  return false;
8700
9733
  };
8701
9734
  var hasAnyDestination = (ruleNode) => {
9735
+ if (!ruleNode?.children) return false;
8702
9736
  const destination = findStanza6(ruleNode, "destination");
8703
- if (destination && destination.children.length > 0) {
9737
+ if (destination?.children && destination.children.length > 0) {
8704
9738
  return destination.children.some((child) => {
8705
- const id = child.id.toLowerCase().trim().replace(/;$/, "");
9739
+ const id = child?.id?.toLowerCase().trim().replace(/;$/, "");
8706
9740
  return id === "any" || id === "0.0.0.0/0";
8707
9741
  });
8708
9742
  }
8709
9743
  const destCommands = ruleNode.children.filter(
8710
- (child) => child.id.toLowerCase().startsWith("destination ")
9744
+ (child) => child?.id?.toLowerCase().startsWith("destination ")
8711
9745
  );
8712
9746
  if (destCommands.length > 0) {
8713
9747
  return destCommands.some((cmd) => {
8714
- const value = cmd.id.split(/\s+/).slice(1).join(" ").toLowerCase().replace(/;$/, "").trim();
9748
+ const value = cmd?.id?.split(/\s+/).slice(1).join(" ").toLowerCase().replace(/;$/, "").trim();
8715
9749
  return value === "any" || value === "0.0.0.0/0";
8716
9750
  });
8717
9751
  }
8718
9752
  return false;
8719
9753
  };
8720
9754
  var hasAnyService2 = (ruleNode) => {
9755
+ if (!ruleNode?.children) return false;
8721
9756
  const service = findStanza6(ruleNode, "service");
8722
- if (service && service.children.length > 0) {
9757
+ if (service?.children && service.children.length > 0) {
8723
9758
  return service.children.some((child) => {
8724
- const id = child.id.toLowerCase().trim().replace(/;$/, "");
9759
+ const id = child?.id?.toLowerCase().trim().replace(/;$/, "");
8725
9760
  return id === "any";
8726
9761
  });
8727
9762
  }
8728
9763
  const serviceCommands = ruleNode.children.filter(
8729
- (child) => child.id.toLowerCase().startsWith("service ")
9764
+ (child) => child?.id?.toLowerCase().startsWith("service ")
8730
9765
  );
8731
9766
  if (serviceCommands.length > 0) {
8732
9767
  return serviceCommands.some((cmd) => {
8733
- const value = cmd.id.split(/\s+/).slice(1).join(" ").toLowerCase().replace(/;$/, "").trim();
9768
+ const value = cmd?.id?.split(/\s+/).slice(1).join(" ").toLowerCase().replace(/;$/, "").trim();
8734
9769
  return value === "any";
8735
9770
  });
8736
9771
  }
@@ -8745,19 +9780,19 @@ var getSecurityRules = (rulebaseNode) => {
8745
9780
  const security = findStanza6(rulebaseNode, "security");
8746
9781
  if (!security) return [];
8747
9782
  const rules = findStanza6(security, "rules");
8748
- if (!rules) return [];
9783
+ if (!rules?.children) return [];
8749
9784
  return rules.children;
8750
9785
  };
8751
9786
  var getNatRules = (rulebaseNode) => {
8752
9787
  const nat = findStanza6(rulebaseNode, "nat");
8753
9788
  if (!nat) return [];
8754
9789
  const rules = findStanza6(nat, "rules");
8755
- if (!rules) return [];
9790
+ if (!rules?.children) return [];
8756
9791
  return rules.children;
8757
9792
  };
8758
9793
  var isHAConfigured = (deviceconfigNode) => {
8759
9794
  const ha = findStanza6(deviceconfigNode, "high-availability");
8760
- if (!ha) return false;
9795
+ if (!ha?.children) return false;
8761
9796
  return ha.children.length > 0;
8762
9797
  };
8763
9798
  var isPhysicalEthernetPort = (interfaceName) => {
@@ -8818,27 +9853,27 @@ var parsePanosAddress = (address) => {
8818
9853
  };
8819
9854
  var hasWildfireProfile = (profilesNode) => {
8820
9855
  const wildfire = findStanza6(profilesNode, "wildfire-analysis");
8821
- return wildfire !== void 0 && wildfire.children.length > 0;
9856
+ return wildfire !== void 0 && (wildfire?.children?.length ?? 0) > 0;
8822
9857
  };
8823
9858
  var hasUrlFilteringProfile = (profilesNode) => {
8824
9859
  const urlFiltering = findStanza6(profilesNode, "url-filtering");
8825
- return urlFiltering !== void 0 && urlFiltering.children.length > 0;
9860
+ return urlFiltering !== void 0 && (urlFiltering?.children?.length ?? 0) > 0;
8826
9861
  };
8827
9862
  var hasAntiVirusProfile = (profilesNode) => {
8828
9863
  const virus = findStanza6(profilesNode, "virus");
8829
- return virus !== void 0 && virus.children.length > 0;
9864
+ return virus !== void 0 && (virus?.children?.length ?? 0) > 0;
8830
9865
  };
8831
9866
  var hasAntiSpywareProfile = (profilesNode) => {
8832
9867
  const spyware = findStanza6(profilesNode, "spyware");
8833
- return spyware !== void 0 && spyware.children.length > 0;
9868
+ return spyware !== void 0 && (spyware?.children?.length ?? 0) > 0;
8834
9869
  };
8835
9870
  var hasVulnerabilityProfile = (profilesNode) => {
8836
9871
  const vuln = findStanza6(profilesNode, "vulnerability");
8837
- return vuln !== void 0 && vuln.children.length > 0;
9872
+ return vuln !== void 0 && (vuln?.children?.length ?? 0) > 0;
8838
9873
  };
8839
9874
  var hasFileBlockingProfile = (profilesNode) => {
8840
9875
  const fileBlocking = findStanza6(profilesNode, "file-blocking");
8841
- return fileBlocking !== void 0 && fileBlocking.children.length > 0;
9876
+ return fileBlocking !== void 0 && (fileBlocking?.children?.length ?? 0) > 0;
8842
9877
  };
8843
9878
  var hasPasswordComplexity = (systemNode) => {
8844
9879
  const passwordComplexity = findStanza6(systemNode, "password-complexity");
@@ -9036,7 +10071,7 @@ var hasHAPathMonitoring = (haNode) => {
9036
10071
  };
9037
10072
  var getLogForwardingStatus = (logSettingsNode) => {
9038
10073
  const profiles = findStanza6(logSettingsNode, "profiles");
9039
- if (!profiles) {
10074
+ if (!profiles?.children) {
9040
10075
  return { hasSyslog: false, hasPanorama: false, hasEmail: false };
9041
10076
  }
9042
10077
  let hasSyslog2 = false;
@@ -9044,12 +10079,12 @@ var getLogForwardingStatus = (logSettingsNode) => {
9044
10079
  let hasEmail = false;
9045
10080
  for (const profile of profiles.children) {
9046
10081
  const matchList = findStanza6(profile, "match-list");
9047
- if (matchList) {
10082
+ if (matchList?.children) {
9048
10083
  for (const match of matchList.children) {
9049
10084
  if (findStanza6(match, "send-syslog")) hasSyslog2 = true;
9050
10085
  if (hasChildCommand(match, "send-to-panorama")) {
9051
10086
  const cmd = getChildCommand(match, "send-to-panorama");
9052
- if (cmd?.id.toLowerCase().includes("yes")) hasPanorama = true;
10087
+ if (cmd?.id?.toLowerCase().includes("yes")) hasPanorama = true;
9053
10088
  }
9054
10089
  if (findStanza6(match, "send-email")) hasEmail = true;
9055
10090
  }
@@ -9073,9 +10108,9 @@ var getUpdateScheduleStatus = (systemNode) => {
9073
10108
  }
9074
10109
  }
9075
10110
  return {
9076
- hasThreats: threats !== void 0 && threats.children.length > 0,
9077
- hasAntivirus: antivirus !== void 0 && antivirus.children.length > 0,
9078
- hasWildfire: wildfire !== void 0 && wildfire.children.length > 0,
10111
+ hasThreats: threats !== void 0 && (threats?.children?.length ?? 0) > 0,
10112
+ hasAntivirus: antivirus !== void 0 && (antivirus?.children?.length ?? 0) > 0,
10113
+ hasWildfire: wildfire !== void 0 && (wildfire?.children?.length ?? 0) > 0,
9079
10114
  wildfireRealtime
9080
10115
  };
9081
10116
  };
@@ -9083,7 +10118,7 @@ var getDecryptionRules = (rulebaseNode) => {
9083
10118
  const decryption = findStanza6(rulebaseNode, "decryption");
9084
10119
  if (!decryption) return [];
9085
10120
  const rules = findStanza6(decryption, "rules");
9086
- if (!rules) return [];
10121
+ if (!rules?.children) return [];
9087
10122
  return rules.children;
9088
10123
  };
9089
10124
  var isDecryptRule = (ruleNode) => {
@@ -9092,12 +10127,16 @@ var isDecryptRule = (ruleNode) => {
9092
10127
  return action.id.toLowerCase().includes("decrypt");
9093
10128
  };
9094
10129
  var getInterfaceManagementServices = (profileNode) => {
10130
+ if (!profileNode?.children) {
10131
+ return { https: false, http: false, ssh: false, telnet: false, ping: false, snmp: false };
10132
+ }
9095
10133
  const isServiceEnabled = (serviceName) => {
9096
10134
  const cmd = profileNode.children.find((child) => {
9097
- const lowerId = child.id.toLowerCase();
10135
+ const lowerId = child?.id?.toLowerCase();
10136
+ if (!lowerId) return false;
9098
10137
  return lowerId === serviceName || lowerId.startsWith(serviceName + " ");
9099
10138
  });
9100
- if (!cmd) return false;
10139
+ if (!cmd?.id) return false;
9101
10140
  return cmd.id.toLowerCase().includes("yes");
9102
10141
  };
9103
10142
  return {
@@ -9150,7 +10189,8 @@ __export(vyos_exports, {
9150
10189
 
9151
10190
  // ../core/src/helpers/vyos/helpers.ts
9152
10191
  var isDisabled2 = (node) => {
9153
- return node.children.some((child) => child.id.toLowerCase().trim() === "disable");
10192
+ if (!node?.children) return false;
10193
+ return node.children.some((child) => child?.id?.toLowerCase().trim() === "disable");
9154
10194
  };
9155
10195
  var isPhysicalVyosPort = (interfaceName) => {
9156
10196
  const name = interfaceName.toLowerCase();
@@ -9198,36 +10238,44 @@ var parseVyosAddress = (address) => {
9198
10238
  };
9199
10239
  };
9200
10240
  var findStanza7 = (node, stanzaName) => {
10241
+ if (!node?.children) return void 0;
9201
10242
  return node.children.find(
9202
- (child) => child.id.toLowerCase() === stanzaName.toLowerCase()
10243
+ (child) => child?.id?.toLowerCase() === stanzaName.toLowerCase()
9203
10244
  );
9204
10245
  };
9205
10246
  var findStanzaByPrefix = (node, prefix) => {
10247
+ if (!node?.children) return void 0;
9206
10248
  return node.children.find(
9207
- (child) => child.id.toLowerCase().startsWith(prefix.toLowerCase())
10249
+ (child) => child?.id?.toLowerCase().startsWith(prefix.toLowerCase())
9208
10250
  );
9209
10251
  };
9210
10252
  var findStanzas6 = (node, pattern) => {
9211
- return node.children.filter((child) => pattern.test(child.id.toLowerCase()));
10253
+ if (!node?.children) return [];
10254
+ return node.children.filter((child) => child?.id && pattern.test(child.id.toLowerCase()));
9212
10255
  };
9213
10256
  var findStanzasByPrefix2 = (node, prefix) => {
10257
+ if (!node?.children) return [];
9214
10258
  return node.children.filter(
9215
- (child) => child.id.toLowerCase().startsWith(prefix.toLowerCase())
10259
+ (child) => child?.id?.toLowerCase().startsWith(prefix.toLowerCase())
9216
10260
  );
9217
10261
  };
9218
10262
  var getEthernetInterfaces = (interfacesNode) => {
10263
+ if (!interfacesNode?.children) return [];
9219
10264
  return interfacesNode.children.filter(
9220
- (child) => child.id.toLowerCase().startsWith("ethernet eth")
10265
+ (child) => child?.id?.toLowerCase().startsWith("ethernet eth")
9221
10266
  );
9222
10267
  };
9223
10268
  var getVifInterfaces = (interfaceNode) => {
10269
+ if (!interfaceNode?.children) return [];
9224
10270
  return interfaceNode.children.filter(
9225
- (child) => child.id.toLowerCase().startsWith("vif")
10271
+ (child) => child?.id?.toLowerCase().startsWith("vif")
9226
10272
  );
9227
10273
  };
9228
10274
  var getFirewallDefaultAction = (rulesetNode) => {
10275
+ if (!rulesetNode?.children) return void 0;
9229
10276
  for (const child of rulesetNode.children) {
9230
- const id = child.id.toLowerCase().trim();
10277
+ const id = child?.id?.toLowerCase().trim();
10278
+ if (!id) continue;
9231
10279
  if (id.startsWith("default-action")) {
9232
10280
  if (id.includes("drop")) return "drop";
9233
10281
  if (id.includes("accept")) return "accept";
@@ -9237,13 +10285,16 @@ var getFirewallDefaultAction = (rulesetNode) => {
9237
10285
  return void 0;
9238
10286
  };
9239
10287
  var getFirewallRules2 = (rulesetNode) => {
10288
+ if (!rulesetNode?.children) return [];
9240
10289
  return rulesetNode.children.filter(
9241
- (child) => child.id.toLowerCase().startsWith("rule")
10290
+ (child) => child?.id?.toLowerCase().startsWith("rule")
9242
10291
  );
9243
10292
  };
9244
10293
  var getFirewallRuleAction = (ruleNode) => {
10294
+ if (!ruleNode?.children) return void 0;
9245
10295
  for (const child of ruleNode.children) {
9246
- const id = child.id.toLowerCase().trim();
10296
+ const id = child?.id?.toLowerCase().trim();
10297
+ if (!id) continue;
9247
10298
  if (id.startsWith("action")) {
9248
10299
  if (id.includes("drop")) return "drop";
9249
10300
  if (id.includes("accept")) return "accept";
@@ -9253,62 +10304,73 @@ var getFirewallRuleAction = (ruleNode) => {
9253
10304
  return void 0;
9254
10305
  };
9255
10306
  var hasNatTranslation = (ruleNode) => {
10307
+ if (!ruleNode?.children) return false;
9256
10308
  return ruleNode.children.some(
9257
- (child) => child.id.toLowerCase().startsWith("translation")
10309
+ (child) => child?.id?.toLowerCase().startsWith("translation")
9258
10310
  );
9259
10311
  };
9260
10312
  var hasSshService = (serviceNode) => {
10313
+ if (!serviceNode?.children) return false;
9261
10314
  return serviceNode.children.some(
9262
- (child) => child.id.toLowerCase().startsWith("ssh")
10315
+ (child) => child?.id?.toLowerCase().startsWith("ssh")
9263
10316
  );
9264
10317
  };
9265
10318
  var getSshConfig = (serviceNode) => {
10319
+ if (!serviceNode?.children) return void 0;
9266
10320
  return serviceNode.children.find(
9267
- (child) => child.id.toLowerCase().startsWith("ssh")
10321
+ (child) => child?.id?.toLowerCase().startsWith("ssh")
9268
10322
  );
9269
10323
  };
9270
10324
  var hasDhcpServer = (serviceNode) => {
10325
+ if (!serviceNode?.children) return false;
9271
10326
  return serviceNode.children.some(
9272
- (child) => child.id.toLowerCase().startsWith("dhcp-server")
10327
+ (child) => child?.id?.toLowerCase().startsWith("dhcp-server")
9273
10328
  );
9274
10329
  };
9275
10330
  var getDnsConfig = (serviceNode) => {
10331
+ if (!serviceNode?.children) return void 0;
9276
10332
  return serviceNode.children.find(
9277
- (child) => child.id.toLowerCase().startsWith("dns")
10333
+ (child) => child?.id?.toLowerCase().startsWith("dns")
9278
10334
  );
9279
10335
  };
9280
10336
  var hasNtpConfig = (systemNode) => {
10337
+ if (!systemNode?.children) return false;
9281
10338
  return systemNode.children.some(
9282
- (child) => child.id.toLowerCase().startsWith("ntp")
10339
+ (child) => child?.id?.toLowerCase().startsWith("ntp")
9283
10340
  );
9284
10341
  };
9285
10342
  var hasSyslogConfig = (systemNode) => {
10343
+ if (!systemNode?.children) return false;
9286
10344
  return systemNode.children.some(
9287
- (child) => child.id.toLowerCase().startsWith("syslog")
10345
+ (child) => child?.id?.toLowerCase().startsWith("syslog")
9288
10346
  );
9289
10347
  };
9290
10348
  var getLoginConfig = (systemNode) => {
10349
+ if (!systemNode?.children) return void 0;
9291
10350
  return systemNode.children.find(
9292
- (child) => child.id.toLowerCase().startsWith("login")
10351
+ (child) => child?.id?.toLowerCase().startsWith("login")
9293
10352
  );
9294
10353
  };
9295
10354
  var getUserConfigs = (loginNode) => {
10355
+ if (!loginNode?.children) return [];
9296
10356
  return loginNode.children.filter(
9297
- (child) => child.id.toLowerCase().startsWith("user")
10357
+ (child) => child?.id?.toLowerCase().startsWith("user")
9298
10358
  );
9299
10359
  };
9300
10360
  var getSwitchPortMembers = (interfacesNode) => {
9301
10361
  const members = /* @__PURE__ */ new Set();
10362
+ if (!interfacesNode?.children) return members;
9302
10363
  const switches = interfacesNode.children.filter(
9303
- (child) => child.id.toLowerCase().startsWith("switch ")
10364
+ (child) => child?.id?.toLowerCase().startsWith("switch ")
9304
10365
  );
9305
10366
  for (const switchNode of switches) {
10367
+ if (!switchNode?.children) continue;
9306
10368
  const switchPort = switchNode.children.find(
9307
- (child) => child.id.toLowerCase() === "switch-port"
10369
+ (child) => child?.id?.toLowerCase() === "switch-port"
9308
10370
  );
9309
- if (switchPort) {
10371
+ if (switchPort?.children) {
9310
10372
  for (const child of switchPort.children) {
9311
- const match = child.id.toLowerCase().match(/^interface\s+(eth\d+)$/);
10373
+ const match = child?.id?.toLowerCase().match(/^interface\s+(eth\d+)$/);
9312
10374
  if (match?.[1]) {
9313
10375
  members.add(match[1]);
9314
10376
  }
@@ -9319,16 +10381,18 @@ var getSwitchPortMembers = (interfacesNode) => {
9319
10381
  };
9320
10382
  var getBridgeMembers = (interfacesNode) => {
9321
10383
  const members = /* @__PURE__ */ new Set();
10384
+ if (!interfacesNode?.children) return members;
9322
10385
  const bridges = interfacesNode.children.filter(
9323
- (child) => child.id.toLowerCase().startsWith("bridge ")
10386
+ (child) => child?.id?.toLowerCase().startsWith("bridge ")
9324
10387
  );
9325
10388
  for (const bridgeNode of bridges) {
10389
+ if (!bridgeNode?.children) continue;
9326
10390
  const memberSection = bridgeNode.children.find(
9327
- (child) => child.id.toLowerCase() === "member"
10391
+ (child) => child?.id?.toLowerCase() === "member"
9328
10392
  );
9329
- if (memberSection) {
10393
+ if (memberSection?.children) {
9330
10394
  for (const child of memberSection.children) {
9331
- const match = child.id.toLowerCase().match(/^interface\s+(\S+)$/);
10395
+ const match = child?.id?.toLowerCase().match(/^interface\s+(\S+)$/);
9332
10396
  if (match?.[1]) {
9333
10397
  members.add(match[1]);
9334
10398
  }
@@ -9339,16 +10403,18 @@ var getBridgeMembers = (interfacesNode) => {
9339
10403
  };
9340
10404
  var getBondingMembers = (interfacesNode) => {
9341
10405
  const members = /* @__PURE__ */ new Set();
10406
+ if (!interfacesNode?.children) return members;
9342
10407
  const bonds = interfacesNode.children.filter(
9343
- (child) => child.id.toLowerCase().startsWith("bonding ")
10408
+ (child) => child?.id?.toLowerCase().startsWith("bonding ")
9344
10409
  );
9345
10410
  for (const bondNode of bonds) {
10411
+ if (!bondNode?.children) continue;
9346
10412
  const memberSection = bondNode.children.find(
9347
- (child) => child.id.toLowerCase() === "member"
10413
+ (child) => child?.id?.toLowerCase() === "member"
9348
10414
  );
9349
- if (memberSection) {
10415
+ if (memberSection?.children) {
9350
10416
  for (const child of memberSection.children) {
9351
- const match = child.id.toLowerCase().match(/^interface\s+(\S+)$/);
10417
+ const match = child?.id?.toLowerCase().match(/^interface\s+(\S+)$/);
9352
10418
  if (match?.[1]) {
9353
10419
  members.add(match[1]);
9354
10420
  }
@@ -9372,14 +10438,19 @@ function getAllVendorModules() {
9372
10438
  function buildAllHelpers() {
9373
10439
  const result = { ...helpers_exports };
9374
10440
  const vendorModules2 = getAllVendorModules();
9375
- for (const [_name, module] of Object.entries(vendorModules2)) {
9376
- Object.assign(result, module);
10441
+ for (const [name, module] of Object.entries(vendorModules2)) {
10442
+ result[name] = module;
10443
+ for (const [key, value] of Object.entries(module)) {
10444
+ if (!(key in result)) {
10445
+ result[key] = value;
10446
+ }
10447
+ }
9377
10448
  }
9378
10449
  return result;
9379
10450
  }
9380
10451
  var allHelpers = buildAllHelpers();
9381
10452
  async function loadEncryptedPack(packData, options) {
9382
- const { licenseKey, machineId, getActivationCount, timeout = 5e3 } = options;
10453
+ const { licenseKey, machineId: machineId2, getActivationCount, timeout = 5e3 } = options;
9383
10454
  if (packData.length < GRPX_CONSTANTS.HEADER_SIZE) {
9384
10455
  throw new PackLoadError("INVALID_FORMAT", "Pack file too small");
9385
10456
  }
@@ -9436,7 +10507,7 @@ async function loadEncryptedPack(packData, options) {
9436
10507
  "Invalid license key or corrupted pack"
9437
10508
  );
9438
10509
  }
9439
- const sandbox = createValidationSandbox({ machineId, getActivationCount });
10510
+ const sandbox = createValidationSandbox({ machineId: machineId2, getActivationCount });
9440
10511
  const context = createContext(sandbox);
9441
10512
  let vmResult;
9442
10513
  try {
@@ -9483,7 +10554,7 @@ async function loadEncryptedPack(packData, options) {
9483
10554
  };
9484
10555
  }
9485
10556
  var helperNames = Object.keys(allHelpers).filter(
9486
- (key) => typeof allHelpers[key] === "function"
10557
+ (key) => typeof allHelpers[key] === "function" || typeof allHelpers[key] === "object"
9487
10558
  );
9488
10559
  var helperDestructure = helperNames.join(", ");
9489
10560
  function compileNativeCheckFunction(source) {
@@ -9560,6 +10631,277 @@ function validatePackFormat(packData) {
9560
10631
  return true;
9561
10632
  }
9562
10633
 
10634
+ // ../core/src/grx2-loader/types.ts
10635
+ import { homedir } from "node:os";
10636
+ import { join } from "node:path";
10637
+ var EncryptedPackError = class extends Error {
10638
+ constructor(message, code, details) {
10639
+ super(message);
10640
+ this.code = code;
10641
+ this.details = details;
10642
+ this.name = "EncryptedPackError";
10643
+ }
10644
+ };
10645
+ var GRX2_HEADER_SIZE = 96;
10646
+ var GRX2_EXTENDED_VERSION = 3;
10647
+ var GRX2_EXTENDED_FLAG = 1;
10648
+ var GRX2_PORTABLE_FLAG = 2;
10649
+ var GRX2_ALGORITHM_AES_256_GCM = 1;
10650
+ var GRX2_KDF_PBKDF2 = 1;
10651
+ var DEFAULT_PACKS_DIRECTORY = join(homedir(), ".sentriflow", "packs");
10652
+ var CACHE_DIRECTORY = join(homedir(), ".sentriflow", "cache");
10653
+
10654
+ // ../core/src/grx2-loader/MachineId.ts
10655
+ var import_node_machine_id = __toESM(require_dist(), 1);
10656
+ async function getMachineId() {
10657
+ return (0, import_node_machine_id.machineId)();
10658
+ }
10659
+
10660
+ // ../core/src/grx2-loader/GRX2ExtendedLoader.ts
10661
+ import {
10662
+ createDecipheriv as createDecipheriv2,
10663
+ createHash,
10664
+ pbkdf2Sync as pbkdf2Sync2,
10665
+ timingSafeEqual
10666
+ } from "node:crypto";
10667
+ import { readFile, readdir } from "node:fs/promises";
10668
+ var AES_ALGORITHM = "aes-256-gcm";
10669
+ var PBKDF2_ITERATIONS = 1e5;
10670
+ var AES_KEY_SIZE = 32;
10671
+ var PACK_HASH_SIZE = 16;
10672
+ var GRX2_MAGIC = Buffer.from("GRX2", "ascii");
10673
+ var MIN_WRAPPED_TMK_SIZE = 64;
10674
+ var MAX_WRAPPED_TMK_SIZE = 1024;
10675
+ function deriveLDK(licenseKey, ldkSalt, machineId2) {
10676
+ const combinedSalt = Buffer.concat([
10677
+ ldkSalt,
10678
+ Buffer.from(machineId2, "utf-8")
10679
+ ]);
10680
+ return pbkdf2Sync2(licenseKey, combinedSalt, PBKDF2_ITERATIONS, AES_KEY_SIZE, "sha256");
10681
+ }
10682
+ function decrypt(ciphertext, key, iv, authTag) {
10683
+ try {
10684
+ const decipher = createDecipheriv2(AES_ALGORITHM, key, iv);
10685
+ decipher.setAuthTag(authTag);
10686
+ const plaintext = Buffer.concat([
10687
+ decipher.update(ciphertext),
10688
+ decipher.final()
10689
+ ]);
10690
+ return plaintext;
10691
+ } catch (error) {
10692
+ throw new EncryptedPackError(
10693
+ "Decryption failed (invalid key or corrupted data)",
10694
+ "DECRYPTION_FAILED",
10695
+ error
10696
+ );
10697
+ }
10698
+ }
10699
+ function packHash(data) {
10700
+ return createHash("sha256").update(data).digest().subarray(0, PACK_HASH_SIZE);
10701
+ }
10702
+ function zeroize(buffer) {
10703
+ buffer.fill(0);
10704
+ }
10705
+ function isExtendedGRX2(data) {
10706
+ if (data.length < GRX2_HEADER_SIZE) {
10707
+ return false;
10708
+ }
10709
+ const magic = data.subarray(0, 4);
10710
+ const version = data.readUInt8(4);
10711
+ const reservedByte = data.readUInt8(94);
10712
+ return magic.equals(GRX2_MAGIC) && version === GRX2_EXTENDED_VERSION && (reservedByte & GRX2_EXTENDED_FLAG) !== 0;
10713
+ }
10714
+ function parseExtendedHeader(data) {
10715
+ if (data.length < GRX2_HEADER_SIZE + 4) {
10716
+ throw new EncryptedPackError(
10717
+ "Pack too small for extended GRX2 format",
10718
+ "PACK_CORRUPTED"
10719
+ );
10720
+ }
10721
+ if (!isExtendedGRX2(data)) {
10722
+ throw new EncryptedPackError(
10723
+ "Not an extended GRX2 pack (wrong magic, version, or flag)",
10724
+ "PACK_CORRUPTED"
10725
+ );
10726
+ }
10727
+ const magic = data.subarray(0, 4);
10728
+ const version = data.readUInt8(4);
10729
+ const algorithm = data.readUInt8(5);
10730
+ const kdf = data.readUInt8(6);
10731
+ const keyType = data.readUInt8(7);
10732
+ const tierId = data.readUInt16BE(8);
10733
+ const tmkVersion = data.readUInt32BE(10);
10734
+ const iv = Buffer.from(data.subarray(14, 26));
10735
+ const authTag = Buffer.from(data.subarray(26, 42));
10736
+ const salt = Buffer.from(data.subarray(42, 74));
10737
+ const payloadLength = data.readUInt32BE(74);
10738
+ const packHashBytes = Buffer.from(data.subarray(78, 94));
10739
+ const reserved = Buffer.from(data.subarray(94, 96));
10740
+ if (algorithm !== GRX2_ALGORITHM_AES_256_GCM) {
10741
+ throw new EncryptedPackError(
10742
+ `Unsupported encryption algorithm: ${algorithm}`,
10743
+ "PACK_CORRUPTED"
10744
+ );
10745
+ }
10746
+ if (kdf !== GRX2_KDF_PBKDF2) {
10747
+ throw new EncryptedPackError(
10748
+ `Unsupported KDF: ${kdf}`,
10749
+ "PACK_CORRUPTED"
10750
+ );
10751
+ }
10752
+ const wrappedTMKLength = data.readUInt32BE(GRX2_HEADER_SIZE);
10753
+ if (wrappedTMKLength < MIN_WRAPPED_TMK_SIZE || wrappedTMKLength > MAX_WRAPPED_TMK_SIZE) {
10754
+ throw new EncryptedPackError(
10755
+ `Invalid wrapped TMK length: ${wrappedTMKLength}`,
10756
+ "PACK_CORRUPTED"
10757
+ );
10758
+ }
10759
+ const totalHeaderSize = GRX2_HEADER_SIZE + 4 + wrappedTMKLength;
10760
+ if (data.length < totalHeaderSize) {
10761
+ throw new EncryptedPackError(
10762
+ `Pack too small for wrapped TMK block`,
10763
+ "PACK_CORRUPTED"
10764
+ );
10765
+ }
10766
+ const wrappedTMKBuffer = data.subarray(GRX2_HEADER_SIZE + 4, totalHeaderSize);
10767
+ let serialized;
10768
+ try {
10769
+ serialized = JSON.parse(wrappedTMKBuffer.toString("utf8"));
10770
+ } catch {
10771
+ throw new EncryptedPackError(
10772
+ "Failed to parse wrapped TMK block",
10773
+ "PACK_CORRUPTED"
10774
+ );
10775
+ }
10776
+ if (!serialized.k || !serialized.i || !serialized.t || typeof serialized.v !== "number" || !serialized.s) {
10777
+ throw new EncryptedPackError(
10778
+ "Invalid wrapped TMK structure (missing required fields)",
10779
+ "PACK_CORRUPTED"
10780
+ );
10781
+ }
10782
+ const wrappedTMK = {
10783
+ encryptedKey: Buffer.from(serialized.k, "base64"),
10784
+ iv: Buffer.from(serialized.i, "base64"),
10785
+ authTag: Buffer.from(serialized.t, "base64"),
10786
+ tmkVersion: serialized.v,
10787
+ ldkSalt: Buffer.from(serialized.s, "base64")
10788
+ };
10789
+ const reservedByte = data.readUInt8(94);
10790
+ const isPortable = (reservedByte & GRX2_PORTABLE_FLAG) !== 0;
10791
+ const header = {
10792
+ magic: Buffer.from(magic),
10793
+ version,
10794
+ algorithm,
10795
+ kdf,
10796
+ keyType,
10797
+ tierId,
10798
+ tmkVersion,
10799
+ iv,
10800
+ authTag,
10801
+ salt,
10802
+ payloadLength,
10803
+ packHash: packHashBytes,
10804
+ reserved,
10805
+ isExtended: true,
10806
+ isPortable,
10807
+ wrappedTMK,
10808
+ totalHeaderSize
10809
+ };
10810
+ return { header, payloadOffset: totalHeaderSize };
10811
+ }
10812
+ async function loadExtendedPack(filePath, licenseKey, machineId2, debug) {
10813
+ debug?.(`[GRX2Loader] Loading pack: ${filePath}`);
10814
+ debug?.(`[GRX2Loader] License key length: ${licenseKey.length}, first 20 chars: ${licenseKey.substring(0, 20)}...`);
10815
+ debug?.(`[GRX2Loader] Machine ID: "${machineId2}" (length: ${machineId2.length})`);
10816
+ const data = await readFile(filePath);
10817
+ debug?.(`[GRX2Loader] Pack file size: ${data.length} bytes`);
10818
+ const { header, payloadOffset } = parseExtendedHeader(data);
10819
+ debug?.(`[GRX2Loader] Header parsed - version: ${header.version}, keyType: ${header.keyType}, tmkVersion: ${header.tmkVersion}, isPortable: ${header.isPortable}`);
10820
+ const effectiveMachineId = header.isPortable ? "" : machineId2;
10821
+ if (header.isPortable) {
10822
+ debug?.(`[GRX2Loader] Portable pack detected - ignoring machineId for decryption`);
10823
+ }
10824
+ const ldk = deriveLDK(licenseKey, header.wrappedTMK.ldkSalt, effectiveMachineId);
10825
+ debug?.(`[GRX2Loader] LDK derived successfully`);
10826
+ let tmk;
10827
+ try {
10828
+ tmk = decrypt(
10829
+ header.wrappedTMK.encryptedKey,
10830
+ ldk,
10831
+ header.wrappedTMK.iv,
10832
+ header.wrappedTMK.authTag
10833
+ );
10834
+ debug?.(`[GRX2Loader] TMK unwrapped successfully`);
10835
+ } catch (error) {
10836
+ debug?.(`[GRX2Loader] TMK unwrap FAILED: ${error.message}`);
10837
+ zeroize(ldk);
10838
+ throw new EncryptedPackError(
10839
+ "Failed to unwrap TMK - invalid license key or machine ID mismatch",
10840
+ "DECRYPTION_FAILED",
10841
+ error
10842
+ );
10843
+ }
10844
+ zeroize(ldk);
10845
+ const encryptedPayload = data.subarray(payloadOffset);
10846
+ if (encryptedPayload.length !== header.payloadLength) {
10847
+ zeroize(tmk);
10848
+ throw new EncryptedPackError(
10849
+ `Payload length mismatch: expected ${header.payloadLength}, got ${encryptedPayload.length}`,
10850
+ "PACK_CORRUPTED"
10851
+ );
10852
+ }
10853
+ let plaintext;
10854
+ try {
10855
+ plaintext = decrypt(encryptedPayload, tmk, header.iv, header.authTag);
10856
+ } catch (error) {
10857
+ zeroize(tmk);
10858
+ throw new EncryptedPackError(
10859
+ "Failed to decrypt pack payload",
10860
+ "DECRYPTION_FAILED",
10861
+ error
10862
+ );
10863
+ }
10864
+ zeroize(tmk);
10865
+ const computedHash = packHash(plaintext);
10866
+ if (!timingSafeEqual(computedHash, header.packHash)) {
10867
+ throw new EncryptedPackError(
10868
+ "Pack integrity check failed (hash mismatch)",
10869
+ "PACK_CORRUPTED"
10870
+ );
10871
+ }
10872
+ let serializedPack;
10873
+ try {
10874
+ serializedPack = JSON.parse(plaintext.toString("utf8"));
10875
+ } catch {
10876
+ throw new EncryptedPackError(
10877
+ "Failed to parse pack JSON content",
10878
+ "PACK_CORRUPTED"
10879
+ );
10880
+ }
10881
+ const compiledRules = serializedPack.rules.map((ruleDef) => {
10882
+ const checkFn = compileNativeCheckFunction(ruleDef.checkSource);
10883
+ return {
10884
+ id: ruleDef.id,
10885
+ selector: ruleDef.selector,
10886
+ vendor: ruleDef.vendor,
10887
+ category: ruleDef.category,
10888
+ metadata: ruleDef.metadata,
10889
+ check: checkFn
10890
+ };
10891
+ });
10892
+ const pack = {
10893
+ name: serializedPack.name,
10894
+ version: serializedPack.version,
10895
+ publisher: serializedPack.publisher,
10896
+ description: serializedPack.description,
10897
+ license: serializedPack.license,
10898
+ homepage: serializedPack.homepage,
10899
+ priority: serializedPack.priority,
10900
+ rules: compiledRules
10901
+ };
10902
+ return pack;
10903
+ }
10904
+
9563
10905
  // ../core/src/json-rules/types.ts
9564
10906
  function isJsonArgValue(obj) {
9565
10907
  if (obj === null) return true;
@@ -10734,7 +12076,7 @@ function extractIPSummary(content, options = {}) {
10734
12076
  }
10735
12077
 
10736
12078
  // index.ts
10737
- import { readFile } from "fs/promises";
12079
+ import { readFile as readFile2 } from "fs/promises";
10738
12080
  import { statSync as statSync2 } from "fs";
10739
12081
  import { resolve as resolve4, dirname as dirname2, basename } from "path";
10740
12082
 
@@ -10813,7 +12155,7 @@ function generateSarif(results, filePath, rules, options = {}, ipSummary) {
10813
12155
  tool: {
10814
12156
  driver: {
10815
12157
  name: "Sentriflow",
10816
- version: "0.2.0",
12158
+ version: "0.2.1",
10817
12159
  informationUri: "https://github.com/sentriflow/sentriflow",
10818
12160
  rules: sarifRules,
10819
12161
  // SEC-007: Include CWE taxonomy when rules reference it
@@ -10973,7 +12315,7 @@ function generateMultiFileSarif(fileResults, rules, options = {}) {
10973
12315
  tool: {
10974
12316
  driver: {
10975
12317
  name: "Sentriflow",
10976
- version: "0.2.0",
12318
+ version: "0.2.1",
10977
12319
  informationUri: "https://github.com/sentriflow/sentriflow",
10978
12320
  rules: sarifRules,
10979
12321
  // SEC-007: Include CWE taxonomy when rules reference it
@@ -14011,6 +15353,14 @@ function validateEncryptedPackPath(packPath, baseDirs) {
14011
15353
  mustExist: true
14012
15354
  });
14013
15355
  }
15356
+ function validateGrx2PackPath(packPath, baseDirs) {
15357
+ return validatePath(packPath, {
15358
+ allowedBaseDirs: baseDirs,
15359
+ allowedExtensions: ALLOWED_GRX2_PACK_EXTENSIONS,
15360
+ maxFileSize: MAX_ENCRYPTED_PACK_SIZE,
15361
+ mustExist: true
15362
+ });
15363
+ }
14014
15364
  function validateJsonRulesPath(jsonPath, baseDirs) {
14015
15365
  return validatePath(jsonPath, {
14016
15366
  allowedBaseDirs: baseDirs,
@@ -14484,6 +15834,9 @@ async function resolveRules(options = {}) {
14484
15834
  licenseKey,
14485
15835
  strictPacks = false,
14486
15836
  // SEC-012: Default to graceful handling
15837
+ grx2PackPaths,
15838
+ strictGrx2 = false,
15839
+ // Default to graceful handling
14487
15840
  jsonRulesPaths,
14488
15841
  disableIds = [],
14489
15842
  vendorId,
@@ -14493,6 +15846,7 @@ async function resolveRules(options = {}) {
14493
15846
  } = options;
14494
15847
  const packPathsArray = encryptedPackPaths ? Array.isArray(encryptedPackPaths) ? encryptedPackPaths : [encryptedPackPaths] : [];
14495
15848
  const jsonPathsArray = jsonRulesPaths ? Array.isArray(jsonRulesPaths) ? jsonRulesPaths : [jsonRulesPaths] : [];
15849
+ const grx2PathsArray = grx2PackPaths ? Array.isArray(grx2PackPaths) ? grx2PackPaths : [grx2PackPaths] : [];
14496
15850
  let config = { includeDefaults: true };
14497
15851
  if (!noConfig) {
14498
15852
  const foundConfigPath = configPath ?? findConfigFile(cwd);
@@ -14605,6 +15959,89 @@ async function resolveRules(options = {}) {
14605
15959
  }
14606
15960
  }
14607
15961
  }
15962
+ if (grx2PathsArray.length > 0) {
15963
+ if (!licenseKey) {
15964
+ const errorMsg = "License key required for GRX2 packs (use --license-key or set SENTRIFLOW_LICENSE_KEY)";
15965
+ if (strictGrx2) {
15966
+ throw new SentriflowConfigError(errorMsg);
15967
+ }
15968
+ console.error(`Warning: ${errorMsg}`);
15969
+ console.error(
15970
+ `Warning: Skipping ${grx2PathsArray.length} GRX2 pack(s)`
15971
+ );
15972
+ } else {
15973
+ let machineId2;
15974
+ try {
15975
+ machineId2 = await getMachineId();
15976
+ } catch (error) {
15977
+ const errorMsg = "Failed to retrieve machine ID for license validation";
15978
+ if (strictGrx2) {
15979
+ throw new SentriflowConfigError(errorMsg);
15980
+ }
15981
+ console.error(`Warning: ${errorMsg}`);
15982
+ console.error(
15983
+ `Warning: Skipping ${grx2PathsArray.length} GRX2 pack(s)`
15984
+ );
15985
+ machineId2 = "";
15986
+ }
15987
+ if (machineId2) {
15988
+ let loadedCount = 0;
15989
+ let totalRules = 0;
15990
+ const failedPacks = [];
15991
+ for (let i = 0; i < grx2PathsArray.length; i++) {
15992
+ const packPath = grx2PathsArray[i];
15993
+ if (!packPath) continue;
15994
+ try {
15995
+ const validation = validateGrx2PackPath(packPath, allowedBaseDirs);
15996
+ if (!validation.valid) {
15997
+ throw new SentriflowConfigError(validation.error ?? "Invalid pack path");
15998
+ }
15999
+ const grx2Pack = await loadExtendedPack(
16000
+ validation.canonicalPath,
16001
+ licenseKey,
16002
+ machineId2
16003
+ );
16004
+ grx2Pack.priority = 300 + i;
16005
+ allPacks.push(grx2Pack);
16006
+ loadedCount++;
16007
+ totalRules += grx2Pack.rules.length;
16008
+ } catch (error) {
16009
+ let errorMsg;
16010
+ if (error instanceof EncryptedPackError) {
16011
+ const messages = {
16012
+ LICENSE_MISSING: "Invalid or missing license key",
16013
+ LICENSE_EXPIRED: "License has expired",
16014
+ LICENSE_INVALID: "License key is invalid for this pack",
16015
+ DECRYPTION_FAILED: "Failed to decrypt pack (invalid key or corrupted data)",
16016
+ MACHINE_MISMATCH: "License is not valid for this machine",
16017
+ PACK_CORRUPTED: "Pack file is corrupted or invalid",
16018
+ NOT_EXTENDED_FORMAT: "Pack is not in extended GRX2 format"
16019
+ };
16020
+ errorMsg = messages[error.code] ?? `Pack load error: ${error.message}`;
16021
+ } else {
16022
+ errorMsg = error instanceof Error ? error.message : "Unknown error";
16023
+ }
16024
+ if (strictGrx2) {
16025
+ throw new SentriflowConfigError(
16026
+ `Failed to load GRX2 pack '${packPath}': ${errorMsg}`
16027
+ );
16028
+ }
16029
+ console.error(`Warning: Failed to load GRX2 pack: ${errorMsg}`);
16030
+ console.error(`Warning: Skipping GRX2 pack: ${packPath}`);
16031
+ failedPacks.push(packPath);
16032
+ }
16033
+ }
16034
+ if (grx2PathsArray.length > 0) {
16035
+ const successMsg = `GRX2 packs: ${loadedCount} of ${grx2PathsArray.length} loaded (${totalRules} rules)`;
16036
+ if (failedPacks.length > 0) {
16037
+ console.error(`${successMsg}, ${failedPacks.length} failed`);
16038
+ } else {
16039
+ console.error(successMsg);
16040
+ }
16041
+ }
16042
+ }
16043
+ }
16044
+ }
14608
16045
  const legacyDisabledIds = /* @__PURE__ */ new Set([
14609
16046
  ...config.disable ?? [],
14610
16047
  ...disableIds
@@ -14634,8 +16071,8 @@ async function resolveRules(options = {}) {
14634
16071
  }
14635
16072
 
14636
16073
  // src/scanner/DirectoryScanner.ts
14637
- import { readdir, stat } from "fs/promises";
14638
- import { join, resolve as resolve3, extname as extname2 } from "path";
16074
+ import { readdir as readdir2, stat } from "fs/promises";
16075
+ import { join as join2, resolve as resolve3, extname as extname2 } from "path";
14639
16076
  import { realpathSync as realpathSync2, existsSync as existsSync3 } from "fs";
14640
16077
  var DEFAULT_CONFIG_EXTENSIONS = [
14641
16078
  "txt",
@@ -14746,7 +16183,7 @@ async function scanDirectory(dirPath, options = {}) {
14746
16183
  result.scannedDirs.push(currentDir);
14747
16184
  let entries;
14748
16185
  try {
14749
- entries = await readdir(currentDir);
16186
+ entries = await readdir2(currentDir);
14750
16187
  } catch (error) {
14751
16188
  result.errors.push({
14752
16189
  path: currentDir,
@@ -14755,8 +16192,8 @@ async function scanDirectory(dirPath, options = {}) {
14755
16192
  return;
14756
16193
  }
14757
16194
  for (const entry of entries) {
14758
- const fullPath = join(currentDir, entry);
14759
- const relativePath = join(basePath, entry);
16195
+ const fullPath = join2(currentDir, entry);
16196
+ const relativePath = join2(basePath, entry);
14760
16197
  const normalizedRelativePath = normalizeSeparators2(relativePath);
14761
16198
  if (isExcluded(normalizedRelativePath, exclude)) {
14762
16199
  continue;
@@ -14947,7 +16384,7 @@ function enrichResultsWithRuleMetadata(results, rules) {
14947
16384
  });
14948
16385
  }
14949
16386
  var program = new Command();
14950
- program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.2.0").argument("[files...]", "Path(s) to configuration file(s) (supports multiple files)").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
16387
+ program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.2.1").argument("[files...]", "Path(s) to configuration file(s) (supports multiple files)").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
14951
16388
  "--encrypted-pack <path...>",
14952
16389
  "SEC-012: Path(s) to encrypted rule pack(s) (.grpx), can specify multiple"
14953
16390
  ).option(
@@ -14956,6 +16393,15 @@ program.name("sentriflow").description("SentriFlow Network Configuration Validat
14956
16393
  ).option(
14957
16394
  "--strict-packs",
14958
16395
  "Fail if encrypted pack cannot be loaded (default: warn and continue)"
16396
+ ).option(
16397
+ "--grx2-pack <path...>",
16398
+ "Path(s) to extended encrypted rule pack(s) (.grx2), can specify multiple"
16399
+ ).option(
16400
+ "--strict-grx2",
16401
+ "Fail immediately if any GRX2 pack cannot be loaded"
16402
+ ).option(
16403
+ "--show-machine-id",
16404
+ "Display the current machine ID (for license binding support)"
14959
16405
  ).option(
14960
16406
  "--json-rules <path...>",
14961
16407
  "Path(s) to JSON rules file(s), can specify multiple"
@@ -15004,6 +16450,19 @@ program.name("sentriflow").description("SentriFlow Network Configuration Validat
15004
16450
  (val) => parseInt(val, 10)
15005
16451
  ).option("--progress", "Show progress during directory scanning").action(async (files, options) => {
15006
16452
  try {
16453
+ if (options.showMachineId) {
16454
+ try {
16455
+ const machineId2 = await getMachineId();
16456
+ console.log(`Machine ID: ${machineId2}`);
16457
+ console.log(`
16458
+ Use this ID when requesting a machine-bound license.`);
16459
+ } catch (error) {
16460
+ console.error("Error: Failed to retrieve machine ID");
16461
+ console.error(error instanceof Error ? error.message : String(error));
16462
+ process.exit(1);
16463
+ }
16464
+ return;
16465
+ }
15007
16466
  if (options.listVendors) {
15008
16467
  console.log("Supported vendors:\n");
15009
16468
  for (const vendorId2 of getAvailableVendors()) {
@@ -15056,6 +16515,10 @@ Use: sentriflow --vendor <vendor> <file>`);
15056
16515
  // SEC-012: From CLI or SENTRIFLOW_LICENSE_KEY env var
15057
16516
  strictPacks: options.strictPacks,
15058
16517
  // SEC-012: Fail on pack load errors
16518
+ grx2PackPaths: options.grx2Pack,
16519
+ // Extended GRX2 packs
16520
+ strictGrx2: options.strictGrx2,
16521
+ // Fail on GRX2 pack load errors
15059
16522
  jsonRulesPaths: options.jsonRules,
15060
16523
  // JSON rules files
15061
16524
  disableIds: options.disable ?? [],
@@ -15231,7 +16694,7 @@ Found ${scanResult.files.length} configuration file(s) to scan.
15231
16694
  );
15232
16695
  }
15233
16696
  try {
15234
- const content2 = await readFile(filePath2, "utf-8");
16697
+ const content2 = await readFile2(filePath2, "utf-8");
15235
16698
  let vendor2;
15236
16699
  if (options.vendor === "auto") {
15237
16700
  vendor2 = detectVendor(content2);
@@ -15283,7 +16746,7 @@ Parsing complete: ${allAsts.length} files`);
15283
16746
  );
15284
16747
  }
15285
16748
  try {
15286
- const content2 = await readFile(filePath2, "utf-8");
16749
+ const content2 = await readFile2(filePath2, "utf-8");
15287
16750
  let vendor2;
15288
16751
  if (options.vendor === "auto") {
15289
16752
  vendor2 = detectVendor(content2);
@@ -15396,6 +16859,8 @@ Scan complete: ${allFileResults.length} files, ${totalFailures} failures, ${tota
15396
16859
  encryptedPackPaths: options.encryptedPack,
15397
16860
  licenseKey,
15398
16861
  strictPacks: options.strictPacks,
16862
+ grx2PackPaths: options.grx2Pack,
16863
+ strictGrx2: options.strictGrx2,
15399
16864
  jsonRulesPaths: options.jsonRules,
15400
16865
  disableIds: options.disable ?? [],
15401
16866
  vendorId: vendor2.id,
@@ -15477,7 +16942,7 @@ Scan complete: ${allFileResults.length} files, ${totalFailures} failures, ${tota
15477
16942
  allFileResults.push({ filePath: file2, results: [] });
15478
16943
  continue;
15479
16944
  }
15480
- const content2 = await readFile(filePath2, "utf-8");
16945
+ const content2 = await readFile2(filePath2, "utf-8");
15481
16946
  let vendor2;
15482
16947
  if (options.vendor === "auto") {
15483
16948
  vendor2 = detectVendor(content2);
@@ -15563,7 +17028,7 @@ Scan complete: ${allFileResults.length} files, ${totalFailures} failures, ${tota
15563
17028
  );
15564
17029
  process.exit(2);
15565
17030
  }
15566
- const content = await readFile(filePath, "utf-8");
17031
+ const content = await readFile2(filePath, "utf-8");
15567
17032
  let vendor;
15568
17033
  if (options.vendor === "auto") {
15569
17034
  vendor = detectVendor(content);
@@ -15589,6 +17054,8 @@ Scan complete: ${allFileResults.length} files, ${totalFailures} failures, ${tota
15589
17054
  encryptedPackPaths: options.encryptedPack,
15590
17055
  licenseKey,
15591
17056
  strictPacks: options.strictPacks,
17057
+ grx2PackPaths: options.grx2Pack,
17058
+ strictGrx2: options.strictGrx2,
15592
17059
  jsonRulesPaths: options.jsonRules,
15593
17060
  // JSON rules files
15594
17061
  disableIds: options.disable ?? [],