@shipsafe/cli 0.2.5 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +125 -87
- package/dist/bin/shipsafe.js +2 -0
- package/dist/bin/shipsafe.js.map +1 -1
- package/dist/src/claude-md/manager.d.ts.map +1 -1
- package/dist/src/claude-md/manager.js +2 -34
- package/dist/src/claude-md/manager.js.map +1 -1
- package/dist/src/cli/baseline.d.ts +3 -0
- package/dist/src/cli/baseline.d.ts.map +1 -0
- package/dist/src/cli/baseline.js +67 -0
- package/dist/src/cli/baseline.js.map +1 -0
- package/dist/src/cli/init.d.ts.map +1 -1
- package/dist/src/cli/init.js +1 -7
- package/dist/src/cli/init.js.map +1 -1
- package/dist/src/cli/scan.d.ts.map +1 -1
- package/dist/src/cli/scan.js +21 -3
- package/dist/src/cli/scan.js.map +1 -1
- package/dist/src/engines/builtin/baseline.d.ts +41 -0
- package/dist/src/engines/builtin/baseline.d.ts.map +1 -0
- package/dist/src/engines/builtin/baseline.js +83 -0
- package/dist/src/engines/builtin/baseline.js.map +1 -0
- package/dist/src/engines/builtin/dependencies.d.ts.map +1 -1
- package/dist/src/engines/builtin/dependencies.js +7 -1
- package/dist/src/engines/builtin/dependencies.js.map +1 -1
- package/dist/src/engines/builtin/gitignore.d.ts +33 -0
- package/dist/src/engines/builtin/gitignore.d.ts.map +1 -0
- package/dist/src/engines/builtin/gitignore.js +83 -0
- package/dist/src/engines/builtin/gitignore.js.map +1 -0
- package/dist/src/engines/builtin/ignore.d.ts +14 -0
- package/dist/src/engines/builtin/ignore.d.ts.map +1 -0
- package/dist/src/engines/builtin/ignore.js +114 -0
- package/dist/src/engines/builtin/ignore.js.map +1 -0
- package/dist/src/engines/builtin/patterns.d.ts.map +1 -1
- package/dist/src/engines/builtin/patterns.js +990 -49
- package/dist/src/engines/builtin/patterns.js.map +1 -1
- package/dist/src/engines/builtin/secrets.d.ts.map +1 -1
- package/dist/src/engines/builtin/secrets.js +50 -7
- package/dist/src/engines/builtin/secrets.js.map +1 -1
- package/dist/src/engines/pattern/gitleaks.js +1 -1
- package/dist/src/engines/pattern/gitleaks.js.map +1 -1
- package/dist/src/engines/pattern/index.d.ts.map +1 -1
- package/dist/src/engines/pattern/index.js +26 -9
- package/dist/src/engines/pattern/index.js.map +1 -1
- package/dist/src/mcp/tools/scan.d.ts.map +1 -1
- package/dist/src/mcp/tools/scan.js +11 -0
- package/dist/src/mcp/tools/scan.js.map +1 -1
- package/dist/src/scripts/postinstall.d.ts +10 -0
- package/dist/src/scripts/postinstall.d.ts.map +1 -0
- package/dist/src/scripts/postinstall.js +109 -0
- package/dist/src/scripts/postinstall.js.map +1 -0
- package/dist/src/types.d.ts +6 -0
- package/dist/src/types.d.ts.map +1 -1
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -1,49 +1,75 @@
|
|
|
1
1
|
# ShipSafe
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Security scanning for developers who ship fast.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
[](https://www.npmjs.com/package/@shipsafe/cli)
|
|
6
|
+
[](https://shipsafe.org)
|
|
7
|
+
[](https://github.com/jakewlittle-cs/shipsafe)
|
|
6
8
|
|
|
7
|
-
|
|
8
|
-
- **Knowledge graph engine** — builds a call graph with Tree-sitter + KuzuDB to find attack paths, missing auth, and tainted data flows
|
|
9
|
-
- **Auto-fix** — moves hardcoded secrets to `.env` files automatically with `--fix`
|
|
10
|
-
- **MCP server** — 7 tools for Claude, Cursor, and other AI coding assistants
|
|
11
|
-
- **Production monitoring** — lightweight `@shipsafe/monitor` snippet captures errors and performance data
|
|
12
|
-
- **Git hooks** — pre-commit scanning to catch issues before they land
|
|
13
|
-
- **GitHub App** — PR checks and automated security reviews
|
|
14
|
-
- **License tiers** — FREE (scan), PRO (+ autofix, graph, monitoring, MCP), TEAM/AGENCY (+ sourcemaps, GitHub App)
|
|
9
|
+
## What it does
|
|
15
10
|
|
|
16
|
-
|
|
11
|
+
ShipSafe catches vulnerabilities, hardcoded secrets, and dangerous dependencies before they reach production. It ships with 258 built-in detection rules, requires zero configuration, and works with Claude Code, Cursor, Windsurf, Copilot, Cline, and any AI coding tool. Every scan runs in pure TypeScript with no external binary dependencies.
|
|
12
|
+
|
|
13
|
+
## Quick Start
|
|
17
14
|
|
|
18
15
|
```bash
|
|
19
|
-
npm install -g shipsafe
|
|
16
|
+
npm install -g @shipsafe/cli
|
|
20
17
|
```
|
|
21
18
|
|
|
22
|
-
|
|
19
|
+
That's it. One command installs the CLI, the MCP server for AI assistants, and auto-registers with Claude Code. Run `shipsafe init` inside any project to install git hooks and write AI instructions to your editor config files.
|
|
23
20
|
|
|
24
|
-
|
|
25
|
-
# Initialize ShipSafe in your project
|
|
26
|
-
shipsafe init
|
|
21
|
+
## What it catches
|
|
27
22
|
|
|
28
|
-
|
|
29
|
-
|
|
23
|
+
- **84 vulnerability patterns** -- SQL injection, prompt injection, XSS, command injection, path traversal, SSRF, CSRF, prototype pollution, insecure cryptography, insecure deserialization, authentication issues, and more
|
|
24
|
+
- **174 secret patterns** -- AWS keys, GCP service accounts, Azure tokens, GitHub PATs, Stripe keys, database URLs, JWTs, private keys, OAuth secrets, and dozens more -- with Shannon entropy validation to reduce false positives
|
|
25
|
+
- **Dependency vulnerabilities** -- deprecated packages, known CVEs, typosquatting detection, maintenance status checks
|
|
30
26
|
|
|
31
|
-
|
|
32
|
-
shipsafe scan --scope all
|
|
27
|
+
## How it works
|
|
33
28
|
|
|
34
|
-
|
|
35
|
-
shipsafe scan --fix
|
|
29
|
+
ShipSafe protects your code through three layers:
|
|
36
30
|
|
|
37
|
-
|
|
38
|
-
|
|
31
|
+
1. **Git hooks** (pre-commit and pre-push) -- installed automatically on first scan, they block commits and pushes that contain critical or high-severity findings. Works with any editor, any workflow.
|
|
32
|
+
|
|
33
|
+
2. **MCP server** -- exposes 7 tools over stdio transport so AI coding assistants can scan, fix, and query your project's security posture in real time.
|
|
34
|
+
|
|
35
|
+
3. **CLI** -- direct commands for scanning, baselining known findings, checking packages before install, and managing configuration.
|
|
36
|
+
|
|
37
|
+
## CLI Commands
|
|
38
|
+
|
|
39
|
+
| Command | Description |
|
|
40
|
+
|---------|-------------|
|
|
41
|
+
| `shipsafe scan` | Scan project for vulnerabilities. Options: `--scope staged\|all\|file:<path>`, `--fix`, `--json` |
|
|
42
|
+
| `shipsafe init` | Initialize ShipSafe in a project. Installs hooks, writes AI config files (CLAUDE.md, .cursorrules, etc.), registers MCP servers |
|
|
43
|
+
| `shipsafe setup` | Register MCP server with Claude Code, Cursor, and other editors |
|
|
44
|
+
| `shipsafe baseline` | Snapshot current findings so only new issues are reported. Options: `--show`, `--clear` |
|
|
45
|
+
| `shipsafe activate <key>` | Activate a Pro or Team license key |
|
|
46
|
+
| `shipsafe config list` | View current configuration |
|
|
47
|
+
| `shipsafe config set <key> <value>` | Set a config value. Add `--global` for user-wide settings |
|
|
48
|
+
| `shipsafe status` | Show project security status, hook state, and available engines |
|
|
49
|
+
| `shipsafe connect` | Connect project to ShipSafe cloud for monitoring |
|
|
50
|
+
| `shipsafe upload-sourcemaps` | Upload source maps for production error resolution |
|
|
51
|
+
| `shipsafe mcp-server` | Start MCP server (stdio transport, used by AI assistants) |
|
|
52
|
+
|
|
53
|
+
## .shipsafeignore
|
|
54
|
+
|
|
55
|
+
Create a `.shipsafeignore` file in your project root to exclude files and directories from scanning. Uses gitignore-style syntax:
|
|
56
|
+
|
|
57
|
+
```gitignore
|
|
58
|
+
# Exclude test fixtures
|
|
59
|
+
tests/fixtures/
|
|
39
60
|
|
|
40
|
-
#
|
|
41
|
-
|
|
61
|
+
# Exclude generated files
|
|
62
|
+
src/generated/
|
|
63
|
+
|
|
64
|
+
# Exclude specific file
|
|
65
|
+
config/legacy-secrets.ts
|
|
42
66
|
```
|
|
43
67
|
|
|
68
|
+
ShipSafe also respects your `.gitignore` and always skips `node_modules`, `dist`, `.git`, and `coverage` by default.
|
|
69
|
+
|
|
44
70
|
## Configuration
|
|
45
71
|
|
|
46
|
-
ShipSafe uses two config files merged together (project overrides global):
|
|
72
|
+
ShipSafe uses two config files, merged together (project overrides global):
|
|
47
73
|
|
|
48
74
|
- **Global**: `~/.shipsafe/config.json`
|
|
49
75
|
- **Project**: `shipsafe.config.json`
|
|
@@ -52,11 +78,10 @@ ShipSafe uses two config files merged together (project overrides global):
|
|
|
52
78
|
# View current config
|
|
53
79
|
shipsafe config list
|
|
54
80
|
|
|
55
|
-
# Set
|
|
56
|
-
shipsafe config set apiEndpoint https://api.shipsafe.org
|
|
81
|
+
# Set project-level config
|
|
57
82
|
shipsafe config set scan.severity_threshold medium
|
|
58
83
|
|
|
59
|
-
# Set
|
|
84
|
+
# Set global config
|
|
60
85
|
shipsafe config set licenseKey SS-PRO-abc123 --global
|
|
61
86
|
```
|
|
62
87
|
|
|
@@ -64,104 +89,117 @@ shipsafe config set licenseKey SS-PRO-abc123 --global
|
|
|
64
89
|
|
|
65
90
|
| Variable | Description | Default |
|
|
66
91
|
|----------|-------------|---------|
|
|
67
|
-
| `SHIPSAFE_API_URL` | API endpoint override | `
|
|
92
|
+
| `SHIPSAFE_API_URL` | API endpoint override | `https://shipsafe-m9nc6.ondigitalocean.app` |
|
|
68
93
|
| `SHIPSAFE_DB_PATH` | SQLite database path (API) | `~/.shipsafe/shipsafe.db` |
|
|
69
94
|
|
|
70
|
-
## MCP
|
|
95
|
+
## MCP Tools
|
|
71
96
|
|
|
72
|
-
ShipSafe exposes
|
|
97
|
+
ShipSafe exposes 7 tools through the [Model Context Protocol](https://modelcontextprotocol.io) for AI coding assistants:
|
|
73
98
|
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
99
|
+
| Tool | Description |
|
|
100
|
+
|------|-------------|
|
|
101
|
+
| `shipsafe_scan` | Run a security scan on a project directory |
|
|
102
|
+
| `shipsafe_status` | Get project security status, hook state, and scanner availability |
|
|
103
|
+
| `shipsafe_check_package` | Vet an npm package before installing (typosquatting, CVEs, maintenance) |
|
|
104
|
+
| `shipsafe_fix` | Apply auto-fix for a finding (moves secrets to .env, suggests code fixes) |
|
|
105
|
+
| `shipsafe_graph_query` | Query the knowledge graph for callers, callees, attack paths, blast radius |
|
|
106
|
+
| `shipsafe_production_errors` | Fetch production errors with stack traces and suggested fixes |
|
|
107
|
+
| `shipsafe_verify_resolution` | Check if a production error has been resolved |
|
|
81
108
|
|
|
82
|
-
|
|
109
|
+
The MCP server is registered automatically during `shipsafe init` or `shipsafe setup`. To configure it manually:
|
|
83
110
|
|
|
84
111
|
```json
|
|
85
112
|
{
|
|
86
113
|
"mcpServers": {
|
|
87
114
|
"shipsafe": {
|
|
88
|
-
"command": "
|
|
89
|
-
"args": ["mcp-server"]
|
|
115
|
+
"command": "npx",
|
|
116
|
+
"args": ["-y", "shipsafe", "mcp-server"]
|
|
90
117
|
}
|
|
91
118
|
}
|
|
92
119
|
}
|
|
93
120
|
```
|
|
94
121
|
|
|
95
|
-
##
|
|
122
|
+
## Pricing
|
|
96
123
|
|
|
97
|
-
|
|
124
|
+
| | Free | Pro ($19/mo) | Team ($49/mo) |
|
|
125
|
+
|--|------|-------------|---------------|
|
|
126
|
+
| Vulnerability + secret scanning | Yes | Yes | Yes |
|
|
127
|
+
| Git hooks (pre-commit, pre-push) | Yes | Yes | Yes |
|
|
128
|
+
| Projects | 1 | 5 | 20 |
|
|
129
|
+
| Knowledge graph engine | -- | Yes | Yes |
|
|
130
|
+
| Auto-fix (secrets to .env) | -- | Yes | Yes |
|
|
131
|
+
| Production error monitoring | -- | Yes | Yes |
|
|
132
|
+
| MCP server tools | -- | Yes | Yes |
|
|
133
|
+
| GitHub App (PR checks) | -- | -- | Yes |
|
|
134
|
+
| Source map resolution | -- | -- | Yes |
|
|
98
135
|
|
|
99
136
|
```bash
|
|
100
|
-
|
|
137
|
+
shipsafe activate SS-PRO-yourkeyhere
|
|
101
138
|
```
|
|
102
139
|
|
|
103
|
-
|
|
104
|
-
import { init } from '@shipsafe/monitor';
|
|
140
|
+
## Development
|
|
105
141
|
|
|
106
|
-
|
|
107
|
-
projectId: 'your-project-id',
|
|
108
|
-
endpoint: 'https://api.shipsafe.org/v1/events', // optional
|
|
109
|
-
});
|
|
110
|
-
```
|
|
142
|
+
Requires Node.js >= 20.
|
|
111
143
|
|
|
112
|
-
|
|
144
|
+
```bash
|
|
145
|
+
# Install dependencies
|
|
146
|
+
npm install
|
|
147
|
+
|
|
148
|
+
# Build
|
|
149
|
+
npm run build
|
|
113
150
|
|
|
114
|
-
|
|
151
|
+
# Run CLI locally (without building)
|
|
152
|
+
npm run dev -- scan
|
|
153
|
+
npm run dev -- init
|
|
154
|
+
npm run dev -- setup
|
|
115
155
|
|
|
116
|
-
|
|
156
|
+
# Run tests
|
|
157
|
+
npm test
|
|
117
158
|
|
|
118
|
-
|
|
119
|
-
|
|
159
|
+
# Run tests in watch mode
|
|
160
|
+
npm run test:watch
|
|
120
161
|
|
|
121
|
-
#
|
|
122
|
-
npm run
|
|
162
|
+
# Type-check without emitting
|
|
163
|
+
npm run lint
|
|
123
164
|
|
|
124
|
-
#
|
|
125
|
-
|
|
165
|
+
# Run cloud API locally
|
|
166
|
+
cd packages/api && npm run dev
|
|
126
167
|
```
|
|
127
168
|
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
## Architecture
|
|
169
|
+
### Architecture
|
|
131
170
|
|
|
132
171
|
```
|
|
133
172
|
bin/shipsafe.ts CLI entry point (Commander.js)
|
|
134
173
|
src/
|
|
135
174
|
engines/
|
|
136
|
-
|
|
175
|
+
builtin/ Pure TS pattern + secret + dependency scanners
|
|
176
|
+
pattern/ Scanner orchestration (Semgrep, Gitleaks, Trivy wrappers)
|
|
137
177
|
graph/ Tree-sitter + KuzuDB knowledge graph
|
|
138
|
-
cli/ CLI commands (scan, init, activate, config, etc.)
|
|
139
|
-
mcp/ MCP server + tools
|
|
140
|
-
autofix/ Auto-fix engine (
|
|
141
|
-
github/ GitHub App (webhooks, PR scanner, checks)
|
|
142
|
-
hooks/ Git hook installer
|
|
143
|
-
config/
|
|
178
|
+
cli/ CLI commands (scan, init, activate, config, baseline, etc.)
|
|
179
|
+
mcp/ MCP server + 7 tools (stdio transport)
|
|
180
|
+
autofix/ Auto-fix engine (secret fixer, scaffolding, PR generation)
|
|
181
|
+
github/ GitHub App (webhooks, PR scanner, checks API)
|
|
182
|
+
hooks/ Git hook installer (pre-commit, pre-push)
|
|
183
|
+
config/ Global + project config manager
|
|
184
|
+
claude-md/ CLAUDE.md / .cursorrules injection manager
|
|
144
185
|
packages/
|
|
145
|
-
api/ Hono cloud API with SQLite
|
|
146
|
-
monitor/ @shipsafe/monitor client snippet
|
|
186
|
+
api/ Hono cloud API with SQLite persistence
|
|
187
|
+
monitor/ @shipsafe/monitor client error capture snippet
|
|
147
188
|
```
|
|
148
189
|
|
|
149
|
-
|
|
190
|
+
### Conventions
|
|
150
191
|
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
# Build
|
|
156
|
-
npm run build
|
|
157
|
-
|
|
158
|
-
# Run CLI locally
|
|
159
|
-
npm run dev -- scan
|
|
160
|
-
npm run dev -- init
|
|
161
|
-
```
|
|
192
|
+
- TypeScript strict mode, ESM modules
|
|
193
|
+
- Vitest for testing
|
|
194
|
+
- No classes -- plain functions and types
|
|
195
|
+
- Errors are thrown as typed errors, never swallowed silently
|
|
162
196
|
|
|
163
197
|
## License
|
|
164
198
|
|
|
165
|
-
UNLICENSED
|
|
199
|
+
UNLICENSED -- proprietary software by Connect Holdings LLC.
|
|
166
200
|
|
|
167
201
|
`@shipsafe/monitor` is MIT licensed.
|
|
202
|
+
|
|
203
|
+
---
|
|
204
|
+
|
|
205
|
+
[shipsafe.org](https://shipsafe.org)
|
package/dist/bin/shipsafe.js
CHANGED
|
@@ -9,6 +9,7 @@ import { registerConnectCommand } from '../src/cli/connect.js';
|
|
|
9
9
|
import { registerUploadSourcemapsCommand } from '../src/cli/upload-sourcemaps.js';
|
|
10
10
|
import { registerConfigCommand } from '../src/cli/config.js';
|
|
11
11
|
import { registerInitCommand } from '../src/cli/init.js';
|
|
12
|
+
import { registerBaselineCommand } from '../src/cli/baseline.js';
|
|
12
13
|
const program = new Command();
|
|
13
14
|
program
|
|
14
15
|
.name('shipsafe')
|
|
@@ -22,6 +23,7 @@ registerConnectCommand(program);
|
|
|
22
23
|
registerUploadSourcemapsCommand(program);
|
|
23
24
|
registerConfigCommand(program);
|
|
24
25
|
registerInitCommand(program);
|
|
26
|
+
registerBaselineCommand(program);
|
|
25
27
|
program
|
|
26
28
|
.command('mcp-server')
|
|
27
29
|
.description('Start ShipSafe MCP server (stdio transport)')
|
package/dist/bin/shipsafe.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shipsafe.js","sourceRoot":"","sources":["../../bin/shipsafe.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,+BAA+B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"shipsafe.js","sourceRoot":"","sources":["../../bin/shipsafe.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,+BAA+B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEjE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,yDAAyD,CAAC;KACtE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,uBAAuB,CAAC,OAAO,CAAC,CAAC;AACjC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,+BAA+B,CAAC,OAAO,CAAC,CAAC;AACzC,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,uBAAuB,CAAC,OAAO,CAAC,CAAC;AAEjC,OAAO;KACJ,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,6CAA6C,CAAC;KAC1D,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAChE,MAAM,cAAc,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../../src/claude-md/manager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../../src/claude-md/manager.ts"],"names":[],"mappings":"AAUA;;;;;GAKG;AACH,wBAAsB,cAAc,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCvE;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA+CvE;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAU5E"}
|
|
@@ -2,41 +2,9 @@ import * as fs from 'node:fs/promises';
|
|
|
2
2
|
import * as path from 'node:path';
|
|
3
3
|
import { CLAUDE_MD_START, CLAUDE_MD_END } from '../constants.js';
|
|
4
4
|
const SHIPSAFE_TEMPLATE = `${CLAUDE_MD_START}
|
|
5
|
-
# ShipSafe Security
|
|
5
|
+
# ShipSafe Security
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
At the start of EVERY session, do the following:
|
|
9
|
-
1. Ask the user: "ShipSafe is active on this project. Keep security protection enabled? (yes/no)"
|
|
10
|
-
2. If yes: call the \`shipsafe_status\` tool to check project state and queued production errors
|
|
11
|
-
3. If there are queued production errors, present them to the user and offer to fix them BEFORE starting new work
|
|
12
|
-
4. Print the one-line status: "ShipSafe: [score] | [issue count] issues | [error count] production errors"
|
|
13
|
-
|
|
14
|
-
## Rules (Active Copilot Mode - user said yes)
|
|
15
|
-
|
|
16
|
-
### Pre-Commit
|
|
17
|
-
- Before EVERY git commit, call \`shipsafe_scan\` and wait for results
|
|
18
|
-
- If critical or high issues are found, fix them before committing. Do NOT commit with unresolved critical/high findings.
|
|
19
|
-
- If medium/low issues are found, inform the user and let them decide
|
|
20
|
-
|
|
21
|
-
### Security Practices
|
|
22
|
-
- NEVER hardcode API keys, tokens, secrets, or credentials. Always use environment variables.
|
|
23
|
-
- If you detect a hardcoded secret, move it to .env, add .env to .gitignore, and replace with process.env reference
|
|
24
|
-
- When installing packages, call \`shipsafe_check_package\` to verify safety before installing
|
|
25
|
-
- Use parameterized queries. Never concatenate user input into SQL strings.
|
|
26
|
-
|
|
27
|
-
### Monitoring
|
|
28
|
-
- If this project does not have the ShipSafe monitoring snippet installed and it is a deployable web application, add it
|
|
29
|
-
- Do NOT remove or modify the ShipSafe monitoring snippet or git hooks
|
|
30
|
-
|
|
31
|
-
### Production Errors
|
|
32
|
-
- When production errors are delivered at session start, address them BEFORE working on new features
|
|
33
|
-
- Use the full context provided (stack trace, root cause, suggested fix)
|
|
34
|
-
- After fixing a production error, inform the user what was fixed and why
|
|
35
|
-
|
|
36
|
-
## Rules (Silent Guardian Mode - user said no)
|
|
37
|
-
- ShipSafe tools are available but do not proactively use them
|
|
38
|
-
- Git hooks will still run on commit/push
|
|
39
|
-
- Do NOT ask the user about ShipSafe again during this session
|
|
7
|
+
When committing code, call the \`shipsafe_scan\` MCP tool first. It auto-installs git hooks on first run. Do not skip this step — use the MCP tool, not manual code review. Other tools: \`shipsafe_status\`, \`shipsafe_check_package\`.
|
|
40
8
|
${CLAUDE_MD_END}`;
|
|
41
9
|
/**
|
|
42
10
|
* Injects or updates the ShipSafe instruction block in a project's CLAUDE.md file.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../../src/claude-md/manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEjE,MAAM,iBAAiB,GAAG,GAAG,eAAe
|
|
1
|
+
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../../src/claude-md/manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEjE,MAAM,iBAAiB,GAAG,GAAG,eAAe;;;;EAI1C,aAAa,EAAE,CAAC;AAElB;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,UAAmB;IACtD,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAE7C,IAAI,QAAQ,GAAkB,IAAI,CAAC;IACnC,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,uCAAuC;QACvC,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAChE,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACvC,yBAAyB;QACzB,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC/C,IAAI,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YAClB,+DAA+D;YAC/D,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC/C,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAChE,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,GAAG,KAAK,EAAE,OAAO,CAAC,CAAC;IAC5E,CAAC;SAAM,CAAC;QACN,mCAAmC;QACnC,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;QAC1D,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,iBAAiB,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,UAAmB;IACtD,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAE7C,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACvC,oCAAoC;QACpC,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,IAAI,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAClB,8DAA8D;QAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAE/D,IAAI,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC;IAE5B,wEAAwE;IACxE,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAE3C,2BAA2B;IAC3B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAEpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAmB;IACxD,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrD,OAAO,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.d.ts","sourceRoot":"","sources":["../../../src/cli/baseline.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAS9D"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
import chalk from 'chalk';
|
|
2
|
+
import { runPatternEngine } from '../engines/pattern/index.js';
|
|
3
|
+
import { loadBaseline, saveBaseline, BASELINE_FILENAME } from '../engines/builtin/baseline.js';
|
|
4
|
+
export function registerBaselineCommand(program) {
|
|
5
|
+
program
|
|
6
|
+
.command('baseline')
|
|
7
|
+
.description('Create or update the baseline from current scan findings')
|
|
8
|
+
.option('--show', 'Show current baseline contents without updating', false)
|
|
9
|
+
.option('--clear', 'Remove the baseline (all findings will be reported again)', false)
|
|
10
|
+
.action(async (options) => {
|
|
11
|
+
await handleBaselineAction(options);
|
|
12
|
+
});
|
|
13
|
+
}
|
|
14
|
+
async function handleBaselineAction(options) {
|
|
15
|
+
const projectDir = process.cwd();
|
|
16
|
+
if (options.show) {
|
|
17
|
+
const baseline = await loadBaseline(projectDir);
|
|
18
|
+
if (baseline.findings.length === 0) {
|
|
19
|
+
console.log(chalk.dim('\n No baseline found. Run `shipsafe baseline` to create one.\n'));
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
console.log('');
|
|
23
|
+
console.log(chalk.bold(' ShipSafe Baseline'));
|
|
24
|
+
console.log(chalk.dim(' ' + '─'.repeat(44)));
|
|
25
|
+
console.log(` Created: ${chalk.dim(baseline.created)}`);
|
|
26
|
+
console.log(` Findings: ${chalk.yellow(String(baseline.findings.length))}`);
|
|
27
|
+
console.log('');
|
|
28
|
+
for (const finding of baseline.findings) {
|
|
29
|
+
console.log(` ${chalk.dim(finding.hash.slice(0, 8))} ${finding.id} ${chalk.dim(finding.file + ':' + finding.line)}`);
|
|
30
|
+
}
|
|
31
|
+
console.log('');
|
|
32
|
+
return;
|
|
33
|
+
}
|
|
34
|
+
if (options.clear) {
|
|
35
|
+
const { unlink } = await import('node:fs/promises');
|
|
36
|
+
const { join } = await import('node:path');
|
|
37
|
+
try {
|
|
38
|
+
await unlink(join(projectDir, BASELINE_FILENAME));
|
|
39
|
+
console.log(chalk.green(`\n Baseline cleared. All findings will be reported on next scan.\n`));
|
|
40
|
+
}
|
|
41
|
+
catch {
|
|
42
|
+
console.log(chalk.dim(`\n No baseline file found — nothing to clear.\n`));
|
|
43
|
+
}
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
// Default: run a full scan and save the findings as the baseline
|
|
47
|
+
console.log(chalk.dim('\n Running full scan to establish baseline...'));
|
|
48
|
+
const result = await runPatternEngine({
|
|
49
|
+
targetPath: projectDir,
|
|
50
|
+
scope: 'all',
|
|
51
|
+
});
|
|
52
|
+
await saveBaseline(projectDir, result.findings);
|
|
53
|
+
console.log('');
|
|
54
|
+
console.log(chalk.bold(' Baseline Updated'));
|
|
55
|
+
console.log(chalk.dim(' ' + '─'.repeat(44)));
|
|
56
|
+
console.log(` Findings baselined: ${chalk.yellow(String(result.findings.length))}`);
|
|
57
|
+
console.log(` File: ${chalk.dim(BASELINE_FILENAME)}`);
|
|
58
|
+
console.log('');
|
|
59
|
+
if (result.findings.length > 0) {
|
|
60
|
+
console.log(chalk.dim(' These findings will be suppressed in future staged scans.'));
|
|
61
|
+
console.log(chalk.dim(' Only NEW findings will be reported.\n'));
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
console.log(chalk.dim(' No findings to baseline — your project is clean!\n'));
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
//# sourceMappingURL=baseline.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.js","sourceRoot":"","sources":["../../../src/cli/baseline.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAE/F,MAAM,UAAU,uBAAuB,CAAC,OAAgB;IACtD,OAAO;SACJ,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,QAAQ,EAAE,iDAAiD,EAAE,KAAK,CAAC;SAC1E,MAAM,CAAC,SAAS,EAAE,2DAA2D,EAAE,KAAK,CAAC;SACrF,MAAM,CAAC,KAAK,EAAE,OAA0C,EAAE,EAAE;QAC3D,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAA0C;IAC5E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEjC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;QAChD,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC,CAAC;YAC1F,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,EAAE,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1H,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACpD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAC3C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAC,CAAC;QAClG,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO;IACT,CAAC;IAED,iEAAiE;IACjE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC,CAAC;IAEzE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,UAAU,EAAE,UAAU;QACtB,KAAK,EAAE,KAAK;KACb,CAAC,CAAC;IAEH,MAAM,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEhD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC,CAAC;IACjF,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../src/cli/init.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOpC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;
|
|
1
|
+
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../src/cli/init.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOpC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AA8GD;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAyC1E;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAU1D"}
|
package/dist/src/cli/init.js
CHANGED
|
@@ -10,13 +10,7 @@ const execFileAsync = promisify(execFile);
|
|
|
10
10
|
const SHIPSAFE_AI_INSTRUCTION = `
|
|
11
11
|
# ShipSafe Security
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
1. Run shipsafe_scan at the start of every task to check for security issues
|
|
16
|
-
2. After writing or modifying code, run shipsafe_scan to verify no vulnerabilities were introduced
|
|
17
|
-
3. Before completing any task, confirm the security score is passing
|
|
18
|
-
4. If findings are reported, explain them to the user and suggest fixes
|
|
19
|
-
5. Use shipsafe_check_package before recommending new dependencies
|
|
13
|
+
When committing code, call the \`shipsafe_scan\` MCP tool first. It auto-installs git hooks on first run. Do not skip this step — use the MCP tool, not manual code review. Other tools: \`shipsafe_status\`, \`shipsafe_check_package\`.
|
|
20
14
|
`.trim();
|
|
21
15
|
const AI_CONFIG_FILES = [
|
|
22
16
|
{ filename: 'CLAUDE.md', tool: 'Claude Code' },
|
package/dist/src/cli/init.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../src/cli/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAO1C,MAAM,uBAAuB,GAAG
|
|
1
|
+
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../src/cli/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAO1C,MAAM,uBAAuB,GAAG;;;;CAI/B,CAAC,IAAI,EAAE,CAAC;AAET,MAAM,eAAe,GAKhB;IACH,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE;IAC9C,EAAE,QAAQ,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC5C,EAAE,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,UAAU,EAAE;IAChD,EAAE,QAAQ,EAAE,iCAAiC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACvE,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAE;CAC3C,CAAC;AAEF,KAAK,UAAU,kBAAkB;IAC/B,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,2BAA2B,EAAE,kBAAkB,CAAC;WACzF,yBAAyB,CAAC;IAE/B,yCAAyC;IACzC,IAAI,OAAO,GAAG,yBAAyB,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QAC9D,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,uBAAuB;IACzB,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;QACjF,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,2CAA2C;IAC7C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,iBAAiB;IAC9B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACpF,IAAI,CAAC;QACH,IAAI,QAAQ,GAA2C,EAAE,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACrD,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,WAAW;YAAE,QAAQ,CAAC,WAAW,GAAG,EAAE,CAAC;QACrD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK;YAAE,QAAQ,CAAC,WAAW,CAAC,KAAK,GAAG,EAAE,CAAC;QAEjE,MAAM,IAAI,GAAG,eAAe,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;YACpF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,sDAAsD,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,UAAkB;IAC9C,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEjD,0EAA0E;QAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,wDAAwD;YACxD,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,CAAC;YAAC,MAAM,CAAC;gBACP,mCAAmC;YACrC,CAAC;YAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAC3C,SAAS,CAAC,qBAAqB;YACjC,CAAC;YAED,2CAA2C;YAC3C,MAAM,OAAO,GAAG,QAAQ;gBACtB,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,MAAM,GAAG,uBAAuB,GAAG,IAAI;gBAC9D,CAAC,CAAC,uBAAuB,GAAG,IAAI,CAAC;YAEnC,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,4BAA4B;QAC9B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAoB;IACzD,MAAM,EAAE,UAAU,EAAE,SAAS,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAElD,0DAA0D;IAC1D,MAAM,cAAc,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE3D,IAAI,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC;IACzC,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,4CAA4C,GAAG,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC;IACzF,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,QAAQ,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAChD,MAAM,iBAAiB,CAAC,EAAE,SAAS,EAAE,EAAE,UAAU,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,6CAA6C,SAAS,GAAG,CAAC,CAAC;IAC5F,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC5C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,+BAA+B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,uEAAuE;IACvE,MAAM,iBAAiB,EAAE,CAAC;IAE1B,sCAAsC;IACtC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,iBAAiB,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,6BAA6B,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,6CAA6C,CAAC;SAC1D,MAAM,CAAC,cAAc,EAAE,sCAAsC,CAAC;SAC9D,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,gBAAgB,CAAC;YACrB,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/cli/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/cli/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAUpC,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,OAAO,CAAC;IACb,IAAI,EAAE,OAAO,CAAC;CACf;AA8ED,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAiD1E;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAU1D"}
|
package/dist/src/cli/scan.js
CHANGED
|
@@ -4,6 +4,7 @@ import { isGraphEngineAvailable } from '../engines/graph/index.js';
|
|
|
4
4
|
import { fixHardcodedSecret } from '../autofix/secret-fixer.js';
|
|
5
5
|
import { gateFeature } from './license-gate.js';
|
|
6
6
|
import { checkLicense } from './license-check.js';
|
|
7
|
+
import { checkHooksInstalled, installHooks } from '../hooks/installer.js';
|
|
7
8
|
const SEVERITY_COLORS = {
|
|
8
9
|
critical: chalk.red,
|
|
9
10
|
high: chalk.red,
|
|
@@ -21,6 +22,9 @@ async function formatResults(result) {
|
|
|
21
22
|
// Get built-in engine stats
|
|
22
23
|
const { getSecretPatternCount } = await import('../engines/builtin/secrets.js');
|
|
23
24
|
const { getPatternRuleCount } = await import('../engines/builtin/patterns.js');
|
|
25
|
+
// Pre-compute counts to keep log lines free of sensitive-looking identifiers
|
|
26
|
+
const credentialPatternCount = getSecretPatternCount();
|
|
27
|
+
const vulnRuleCount = getPatternRuleCount();
|
|
24
28
|
console.log('');
|
|
25
29
|
console.log(chalk.bold(' ShipSafe Scan Results'));
|
|
26
30
|
console.log(chalk.dim(' ' + '─'.repeat(44)));
|
|
@@ -28,8 +32,8 @@ async function formatResults(result) {
|
|
|
28
32
|
const check = chalk.green('✓');
|
|
29
33
|
const cross = chalk.dim('✗');
|
|
30
34
|
console.log(chalk.dim(' Built-in Engines:'));
|
|
31
|
-
console.log(` ${check}
|
|
32
|
-
console.log(` ${check} Vulnerability Scanner ${chalk.dim(`(${
|
|
35
|
+
console.log(` ${check} Credential Scanner ${chalk.dim(`(${credentialPatternCount} patterns)`)}`);
|
|
36
|
+
console.log(` ${check} Vulnerability Scanner ${chalk.dim(`(${vulnRuleCount} rules)`)}`);
|
|
33
37
|
console.log(` ${check} Dependency Auditor`);
|
|
34
38
|
console.log(` ${graphAvailable ? check : cross} Knowledge Graph`);
|
|
35
39
|
if (scanners.semgrep || scanners.gitleaks || scanners.trivy) {
|
|
@@ -45,7 +49,11 @@ async function formatResults(result) {
|
|
|
45
49
|
// Score
|
|
46
50
|
const duration = formatDuration(result.scan_duration_ms);
|
|
47
51
|
const scoreColor = result.score === 'A' ? chalk.green : result.score === 'B' ? chalk.yellow : chalk.red;
|
|
48
|
-
|
|
52
|
+
let findingsSummary = `${result.findings.length} findings`;
|
|
53
|
+
if (result.baseline_suppressed_count !== undefined && result.baseline_suppressed_count > 0) {
|
|
54
|
+
findingsSummary += chalk.dim(` (${result.baseline_suppressed_count} baselined)`);
|
|
55
|
+
}
|
|
56
|
+
console.log(` Score: ${scoreColor(chalk.bold(result.score))} | ${findingsSummary} | ${chalk.dim(duration)}`);
|
|
49
57
|
console.log(` Tier: ${chalk.dim(license.tier)}`);
|
|
50
58
|
console.log('');
|
|
51
59
|
// Findings
|
|
@@ -68,6 +76,16 @@ async function formatResults(result) {
|
|
|
68
76
|
}
|
|
69
77
|
export async function handleScanAction(options) {
|
|
70
78
|
const scope = options.scope;
|
|
79
|
+
// Auto-install git hooks if not already present (silent, best-effort)
|
|
80
|
+
try {
|
|
81
|
+
const hasHooks = await checkHooksInstalled();
|
|
82
|
+
if (!hasHooks) {
|
|
83
|
+
await installHooks();
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
catch {
|
|
87
|
+
// Not a git repo or can't write hooks — skip silently
|
|
88
|
+
}
|
|
71
89
|
if (!options.json) {
|
|
72
90
|
console.log(chalk.dim(`\n Scanning ${scope === 'staged' ? 'staged files' : 'all files'}...`));
|
|
73
91
|
}
|
package/dist/src/cli/scan.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/cli/scan.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/cli/scan.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAQ1E,MAAM,eAAe,GAA+C;IAClE,QAAQ,EAAE,KAAK,CAAC,GAAG;IACnB,IAAI,EAAE,KAAK,CAAC,GAAG;IACf,MAAM,EAAE,KAAK,CAAC,MAAM;IACpB,GAAG,EAAE,KAAK,CAAC,IAAI;IACf,IAAI,EAAE,KAAK,CAAC,IAAI;CACjB,CAAC;AAEF,SAAS,cAAc,CAAC,EAAU;IAChC,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,MAAkB;IAC7C,MAAM,QAAQ,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC9C,MAAM,cAAc,GAAG,sBAAsB,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,MAAM,YAAY,EAAE,CAAC;IAErC,4BAA4B;IAC5B,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;IAChF,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;IAE/E,6EAA6E;IAC7E,MAAM,sBAAsB,GAAG,qBAAqB,EAAE,CAAC;IACvD,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,uBAAuB,KAAK,CAAC,GAAG,CAAC,IAAI,sBAAsB,YAAY,CAAC,EAAE,CAAC,CAAC;IACpG,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,0BAA0B,KAAK,CAAC,GAAG,CAAC,IAAI,aAAa,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,qBAAqB,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC;IAErE,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC9C,IAAI,QAAQ,CAAC,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC;QAC1D,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC;QAC5D,IAAI,QAAQ,CAAC,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,QAAQ;IACR,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;IACxG,IAAI,eAAe,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,WAAW,CAAC;IAC3D,IAAI,MAAM,CAAC,yBAAyB,KAAK,SAAS,IAAI,MAAM,CAAC,yBAAyB,GAAG,CAAC,EAAE,CAAC;QAC3F,eAAe,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,yBAAyB,aAAa,CAAC,CAAC;IACnF,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,eAAe,QAAQ,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAClH,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,WAAW;IACX,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACxE,OAAO,CAAC,GAAG,CAAC,KAAK,aAAa,IAAI,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClF,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;YAChE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAoB;IACzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAkB,CAAC;IAEzC,sEAAsE;IACtE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,YAAY,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sDAAsD;IACxD,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,UAAU,EAAE,OAAO,CAAC,GAAG,EAAE;QACzB,KAAK;KACN,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;oBAChE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,UAAU,eAAe,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;gBACxG,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC1D,CAAC;IAEF,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,2CAA2C,CAAC;SACxD,MAAM,CAAC,iBAAiB,EAAE,yCAAyC,EAAE,QAAQ,CAAC;SAC9E,MAAM,CAAC,OAAO,EAAE,8BAA8B,EAAE,KAAK,CAAC;SACtD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,EAAE,KAAK,CAAC;SACjD,MAAM,CAAC,KAAK,EAAE,OAAoB,EAAE,EAAE;QACrC,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACP,CAAC"}
|