@standards-kit/conform 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (139) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +143 -0
  3. package/dist/{chunk-P7TIZJ4C.js → chunk-DXIYZR62.js} +2 -2
  4. package/dist/chunk-DXIYZR62.js.map +1 -0
  5. package/dist/{chunk-KHO6NIAI.js → chunk-PZ2NVKI7.js} +7 -7
  6. package/dist/chunk-PZ2NVKI7.js.map +1 -0
  7. package/dist/cli.d.ts +2 -0
  8. package/dist/cli.js +14 -14
  9. package/dist/cli.js.map +1 -1
  10. package/dist/code/index.d.ts +11 -0
  11. package/dist/code/tools/base.d.ts +51 -0
  12. package/dist/code/tools/comment-utils.d.ts +17 -0
  13. package/dist/code/tools/coverage-run.d.ts +37 -0
  14. package/dist/code/tools/disable-comments.d.ts +42 -0
  15. package/dist/code/tools/eslint.d.ts +99 -0
  16. package/dist/code/tools/gitleaks.d.ts +42 -0
  17. package/dist/code/tools/index.d.ts +13 -0
  18. package/dist/code/tools/knip.d.ts +20 -0
  19. package/dist/code/tools/naming.d.ts +64 -0
  20. package/dist/code/tools/pipaudit.d.ts +24 -0
  21. package/dist/code/tools/pnpmaudit.d.ts +36 -0
  22. package/dist/code/tools/ruff.d.ts +46 -0
  23. package/dist/code/tools/tsc.d.ts +57 -0
  24. package/dist/code/tools/ty.d.ts +34 -0
  25. package/dist/code/tools/vulture.d.ts +32 -0
  26. package/dist/core/index.d.ts +7 -0
  27. package/dist/core/loader.d.ts +42 -0
  28. package/dist/core/registry.d.ts +17 -0
  29. package/dist/core/schema.d.ts +1829 -0
  30. package/dist/core/types.d.ts +95 -0
  31. package/dist/{src-KZRTG3EU.js → core-KB2W6SE2.js} +3 -3
  32. package/dist/dependencies/index.d.ts +13 -0
  33. package/dist/dependencies/mappings.d.ts +17 -0
  34. package/dist/dependencies/output.d.ts +12 -0
  35. package/dist/dependencies/types.d.ts +34 -0
  36. package/dist/index.d.ts +21 -0
  37. package/dist/index.js +9 -5
  38. package/dist/index.js.map +1 -1
  39. package/dist/infra/arn.d.ts +16 -0
  40. package/dist/infra/checkers/cloudwatch.d.ts +8 -0
  41. package/dist/infra/checkers/dynamodb.d.ts +8 -0
  42. package/dist/infra/checkers/ec2.d.ts +13 -0
  43. package/dist/infra/checkers/ecs.d.ts +13 -0
  44. package/dist/infra/checkers/elasticache.d.ts +13 -0
  45. package/dist/infra/checkers/elb.d.ts +13 -0
  46. package/dist/infra/checkers/gcp/artifactregistry.d.ts +5 -0
  47. package/dist/infra/checkers/gcp/cloudrun.d.ts +5 -0
  48. package/dist/infra/checkers/gcp/iam.d.ts +5 -0
  49. package/dist/infra/checkers/gcp/index.d.ts +17 -0
  50. package/dist/infra/checkers/gcp/secretmanager.d.ts +5 -0
  51. package/dist/infra/checkers/iam.d.ts +8 -0
  52. package/dist/infra/checkers/index.d.ts +26 -0
  53. package/dist/infra/checkers/lambda.d.ts +8 -0
  54. package/dist/infra/checkers/rds.d.ts +13 -0
  55. package/dist/infra/checkers/s3.d.ts +8 -0
  56. package/dist/infra/checkers/secretsmanager.d.ts +8 -0
  57. package/dist/infra/checkers/sns.d.ts +8 -0
  58. package/dist/infra/checkers/sqs.d.ts +8 -0
  59. package/dist/infra/checkers/types.d.ts +28 -0
  60. package/dist/infra/gcp.d.ts +18 -0
  61. package/dist/infra/generate.d.ts +74 -0
  62. package/dist/infra/index.d.ts +59 -0
  63. package/dist/infra/manifest.d.ts +58 -0
  64. package/dist/infra/output.d.ts +8 -0
  65. package/dist/infra/scan.d.ts +25 -0
  66. package/dist/infra/schemas.d.ts +806 -0
  67. package/dist/infra/types.d.ts +8 -0
  68. package/dist/{infra-UXM5XQX3.js → infra-ZQRXX7AW.js} +3 -3
  69. package/dist/infra-ZQRXX7AW.js.map +1 -0
  70. package/dist/mcp/index.d.ts +7 -0
  71. package/dist/mcp/server.d.ts +18 -0
  72. package/dist/mcp/standards/fetcher.d.ts +29 -0
  73. package/dist/mcp/standards/index.d.ts +4 -0
  74. package/dist/mcp/standards/matcher.d.ts +22 -0
  75. package/dist/mcp/standards/parser.d.ts +46 -0
  76. package/dist/mcp/standards/types.d.ts +32 -0
  77. package/dist/mcp/tools/get-guideline.d.ts +26 -0
  78. package/dist/mcp/tools/get-ruleset.d.ts +26 -0
  79. package/dist/mcp/tools/get-standards.d.ts +27 -0
  80. package/dist/mcp/tools/index.d.ts +4 -0
  81. package/dist/mcp/tools/list-guidelines.d.ts +25 -0
  82. package/dist/{mcp-O5O7XVFG.js → mcp-WXYRFNEV.js} +3 -3
  83. package/dist/mcp-WXYRFNEV.js.map +1 -0
  84. package/dist/output/index.d.ts +14 -0
  85. package/dist/process/commands/check-branch.d.ts +13 -0
  86. package/dist/process/commands/check-commit.d.ts +14 -0
  87. package/dist/process/commands/index.d.ts +2 -0
  88. package/dist/process/index.d.ts +11 -0
  89. package/dist/process/scan/index.d.ts +5 -0
  90. package/dist/process/scan/remote-fetcher.d.ts +18 -0
  91. package/dist/process/scan/scanner.d.ts +6 -0
  92. package/dist/process/scan/types.d.ts +57 -0
  93. package/dist/process/scan/validators.d.ts +37 -0
  94. package/dist/process/sync/applier.d.ts +10 -0
  95. package/dist/process/sync/differ.d.ts +7 -0
  96. package/dist/process/sync/fetcher.d.ts +14 -0
  97. package/dist/process/sync/index.d.ts +9 -0
  98. package/dist/process/sync/types.d.ts +131 -0
  99. package/dist/process/sync/validator.d.ts +22 -0
  100. package/dist/process/tools/backups.d.ts +32 -0
  101. package/dist/process/tools/base.d.ts +52 -0
  102. package/dist/process/tools/branches.d.ts +41 -0
  103. package/dist/process/tools/changesets.d.ts +53 -0
  104. package/dist/process/tools/ci.d.ts +57 -0
  105. package/dist/process/tools/codeowners.d.ts +68 -0
  106. package/dist/process/tools/commits.d.ts +39 -0
  107. package/dist/process/tools/coverage.d.ts +57 -0
  108. package/dist/process/tools/docs-helpers.d.ts +44 -0
  109. package/dist/process/tools/docs.d.ts +38 -0
  110. package/dist/process/tools/forbidden-files.d.ts +40 -0
  111. package/dist/process/tools/hooks.d.ts +39 -0
  112. package/dist/process/tools/index.d.ts +14 -0
  113. package/dist/process/tools/pr.d.ts +59 -0
  114. package/dist/process/tools/repo.d.ts +65 -0
  115. package/dist/process/tools/tickets.d.ts +42 -0
  116. package/dist/projects/detector.d.ts +16 -0
  117. package/dist/projects/index.d.ts +4 -0
  118. package/dist/projects/templates.d.ts +15 -0
  119. package/dist/projects/tier-loader.d.ts +14 -0
  120. package/dist/projects/types.d.ts +76 -0
  121. package/dist/{registry-V65CC7IN.js → registry-7CDIMOLZ.js} +2 -2
  122. package/dist/{scan-EELS42BP.js → scan-IKEHLZXV.js} +4 -4
  123. package/dist/{scan-EELS42BP.js.map → scan-IKEHLZXV.js.map} +1 -1
  124. package/dist/{sync-RLYBGYNY.js → sync-XV6XBLVZ.js} +3 -3
  125. package/dist/{sync-RLYBGYNY.js.map → sync-XV6XBLVZ.js.map} +1 -1
  126. package/dist/validate/guidelines.d.ts +18 -0
  127. package/dist/validate/index.d.ts +5 -0
  128. package/dist/validate/tier.d.ts +14 -0
  129. package/dist/validate/types.d.ts +56 -0
  130. package/dist/{validate-AABLVQJS.js → validate-DKEJICCK.js} +3 -3
  131. package/dist/validate-DKEJICCK.js.map +1 -0
  132. package/package.json +26 -19
  133. package/dist/chunk-KHO6NIAI.js.map +0 -1
  134. package/dist/chunk-P7TIZJ4C.js.map +0 -1
  135. package/dist/infra-UXM5XQX3.js.map +0 -1
  136. package/dist/mcp-O5O7XVFG.js.map +0 -1
  137. package/dist/validate-AABLVQJS.js.map +0 -1
  138. /package/dist/{registry-V65CC7IN.js.map → core-KB2W6SE2.js.map} +0 -0
  139. /package/dist/{src-KZRTG3EU.js.map → registry-7CDIMOLZ.js.map} +0 -0
package/dist/{scan-EELS42BP.js.map → scan-IKEHLZXV.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/process/scan/index.ts","../src/process/scan/scanner.ts","../src/process/scan/remote-fetcher.ts","../src/process/scan/validators.ts"],"sourcesContent":["import chalk from \"chalk\";\n\nimport { loadConfigAsync } from \"@standards-kit/core\";\nimport { ExitCode } from \"@standards-kit/core\";\nimport { scanRepository } from \"./scanner.js\";\nimport { type ScanOptions, type ScanResult } from \"./types.js\";\n\n// Re-export public API types\nexport {\n type RemoteRepoInfo,\n type ScanOptions,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\n\n// Re-export scanner\nexport { scanRepository, validateProcess } from \"./scanner.js\";\n\n/** Format scan result as text */\nfunction formatScanText(result: ScanResult): string {\n const lines: string[] = [];\n\n lines.push(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n lines.push(\"\");\n\n for (const check of result.checks) {\n if (check.skipped) {\n lines.push(chalk.yellow(`⊘ ${check.name} (skipped: ${check.skipReason})`));\n } else if (check.passed) {\n lines.push(chalk.green(`✓ ${check.name}`));\n } else {\n lines.push(chalk.red(`✗ ${check.name}`));\n for (const violation of check.violations) {\n lines.push(chalk.red(` • ${violation.message}`));\n }\n }\n }\n\n lines.push(\"\");\n lines.push(\n `Summary: ${result.summary.passedChecks} passed, ` +\n `${result.summary.failedChecks} failed, ` +\n `${result.summary.skippedChecks} skipped`\n );\n\n return lines.join(\"\\n\");\n}\n\n/** Format scan result as JSON */\nfunction formatScanJson(result: ScanResult): string {\n return JSON.stringify(result, null, 2);\n}\n\n/** Run the scan command */\nexport async function runScan(options: ScanOptions): Promise<void> {\n try {\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const output = options.format === \"json\" ? formatScanJson(result) : formatScanText(result);\n\n process.stdout.write(`${output}\\n`);\n process.exit(result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND);\n } catch (error) {\n if (options.format === \"json\") {\n const errorObj = {\n error: true,\n message: error instanceof Error ? error.message : String(error),\n code: (error as { code?: string }).code ?? \"UNKNOWN\",\n };\n process.stdout.write(`${JSON.stringify(errorObj, null, 2)}\\n`);\n } else {\n console.error(chalk.red(`Error: ${error instanceof Error ? error.message : String(error)}`));\n }\n process.exit(ExitCode.RUNTIME_ERROR);\n }\n}\n","import { execa } from \"execa\";\n\nimport { type Config } from \"@standards-kit/core\";\nimport { type CheckResult, ExitCode, type Violation } from \"@standards-kit/core\";\nimport {\n checkRemoteFiles,\n isGhAvailable,\n parseRepoString,\n RemoteFetcherError,\n standardFileChecks,\n verifyRepoAccess,\n} from \"./remote-fetcher.js\";\nimport {\n type FileCheckConfig,\n type RemoteRepoInfo,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\nimport { type RulesetResponse, validateRulesets } from \"./validators.js\";\n\n/** Fetch rulesets from GitHub API */\nasync function fetchRulesets(repoInfo: RemoteRepoInfo): Promise<RulesetResponse[]> {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n return JSON.parse(result.stdout) as RulesetResponse[];\n}\n\n/** Create a skipped check result */\nfunction createSkippedResult(\n name: string,\n rule: string,\n reason: string,\n duration: number\n): CheckResult {\n return { name, rule, passed: true, violations: [], skipped: true, skipReason: reason, duration };\n}\n\n/** Create an error check result */\nfunction createErrorResult(\n name: string,\n rule: string,\n message: string,\n duration: number\n): CheckResult {\n return {\n name,\n rule,\n passed: false,\n violations: [{ rule, tool: \"scan\", message, severity: \"error\" }],\n skipped: false,\n duration,\n };\n}\n\n/** Handle API errors for ruleset fetching */\nfunction handleRulesetError(\n error: unknown,\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"],\n elapsed: () => number\n): CheckResult {\n const msg = error instanceof Error ? error.message : String(error);\n\n if (msg.includes(\"403\") || msg.includes(\"Must have admin rights\")) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Cannot check rulesets: insufficient permissions (requires admin access)\",\n elapsed()\n );\n }\n\n if (msg.includes(\"404\")) {\n const violations: Violation[] = [];\n if (repoConfig?.require_branch_protection) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: \"No branch protection rulesets configured\",\n severity: \"error\",\n });\n }\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n }\n\n return createErrorResult(\n \"Repository Settings\",\n \"process.repo\",\n `Failed to check rulesets: ${msg}`,\n elapsed()\n );\n}\n\n/** Check repository rulesets and branch protection */\nasync function checkRulesets(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const repoConfig = config.process?.repo;\n\n if (!repoConfig?.enabled) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Repository settings check not enabled in config\",\n elapsed()\n );\n }\n\n try {\n const rulesets = await fetchRulesets(repoInfo);\n const violations = validateRulesets(rulesets, repoConfig);\n\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n return handleRulesetError(error, repoConfig, elapsed);\n }\n}\n\n/** Build file checks configuration from config */\nfunction buildFileChecks(config: Config): FileCheckConfig[] {\n const fileChecks: FileCheckConfig[] = [];\n\n if (config.process?.repo?.require_codeowners) {\n fileChecks.push({\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: true,\n description: \"CODEOWNERS file for code review assignment\",\n });\n }\n\n fileChecks.push(\n ...standardFileChecks.filter((check) => !fileChecks.some((fc) => fc.path === check.path))\n );\n\n return fileChecks;\n}\n\n/** Convert file check results to violations */\nfunction fileResultsToViolations(\n results: { path: string; exists: boolean; checkedPaths: string[] }[],\n fileChecks: FileCheckConfig[]\n): Violation[] {\n const violations: Violation[] = [];\n\n for (const result of results) {\n const checkConfig = fileChecks.find((fc) => fc.path === result.path);\n if (!result.exists && checkConfig?.required) {\n violations.push({\n rule: `process.scan.files.${result.path.replace(/[./]/g, \"_\")}`,\n tool: \"scan\",\n message: `Required file not found: ${result.path} (checked: ${result.checkedPaths.join(\", \")})`,\n severity: \"error\",\n });\n }\n }\n\n return violations;\n}\n\n/** Check remote files for existence */\nasync function checkFiles(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const fileChecks = buildFileChecks(config);\n\n if (fileChecks.length === 0) {\n return createSkippedResult(\n \"Repository Files\",\n \"process.scan.files\",\n \"No file checks configured\",\n elapsed()\n );\n }\n\n try {\n const results = await checkRemoteFiles(repoInfo, fileChecks);\n const violations = fileResultsToViolations(results, fileChecks);\n\n return {\n name: \"Repository Files\",\n rule: \"process.scan.files\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n const msg = error instanceof Error ? error.message : String(error);\n return createErrorResult(\n \"Repository Files\",\n \"process.scan.files\",\n `Failed to check files: ${msg}`,\n elapsed()\n );\n }\n}\n\n/** Aggregate check results into scan result */\nfunction aggregateResults(repoInfo: RemoteRepoInfo, checks: CheckResult[]): ScanResult {\n const violations = checks.flatMap((c) => c.violations);\n const passedChecks = checks.filter((c) => c.passed && !c.skipped).length;\n const failedChecks = checks.filter((c) => !c.passed && !c.skipped).length;\n const skippedChecks = checks.filter((c) => c.skipped).length;\n\n return {\n repoInfo,\n checks,\n violations,\n passed: failedChecks === 0,\n summary: { totalChecks: checks.length, passedChecks, failedChecks, skippedChecks },\n };\n}\n\n/** Run all remote scans for a repository */\nexport async function scanRepository(repo: string, config: Config): Promise<ScanResult> {\n const repoInfo = parseRepoString(repo);\n\n if (!(await isGhAvailable())) {\n throw new RemoteFetcherError(\n \"GitHub CLI (gh) not available. Install it from https://cli.github.com/\",\n \"NO_GH\"\n );\n }\n\n await verifyRepoAccess(repoInfo);\n\n const [rulesetsResult, filesResult] = await Promise.all([\n checkRulesets(repoInfo, config),\n checkFiles(repoInfo, config),\n ]);\n\n return aggregateResults(repoInfo, [rulesetsResult, filesResult]);\n}\n\n/** Programmatic API for validating remote process checks */\nexport async function validateProcess(\n options: ValidateProcessOptions\n): Promise<ValidateProcessResult> {\n const { loadConfigAsync } = await import(\"@standards-kit/core\");\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const fs = await import(\"node:fs\");\n const path = await import(\"node:path\");\n const { fileURLToPath } = await import(\"node:url\");\n\n const __dirname = path.dirname(fileURLToPath(import.meta.url));\n const packageJsonPath = path.resolve(__dirname, \"..\", \"..\", \"..\", \"package.json\");\n const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, \"utf-8\")) as { version: string };\n\n return {\n version: packageJson.version,\n repoInfo: result.repoInfo,\n domain: \"process\",\n checks: result.checks,\n summary: {\n totalChecks: result.summary.totalChecks,\n passedChecks: result.summary.passedChecks,\n failedChecks: result.summary.failedChecks,\n totalViolations: result.violations.length,\n exitCode: result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND,\n },\n };\n}\n","import { execa } from \"execa\";\n\nimport { type FileCheckConfig, type FileCheckResult, type RemoteRepoInfo } from \"./types.js\";\n\n/** Error thrown when remote fetcher encounters an issue */\nexport class RemoteFetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\" | \"INVALID_REPO\"\n ) {\n super(message);\n this.name = \"RemoteFetcherError\";\n }\n}\n\n/** Parse owner/repo string into RemoteRepoInfo */\nexport function parseRepoString(repo: string): RemoteRepoInfo {\n const parts = repo.split(\"/\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n throw new RemoteFetcherError(\n `Invalid repository format: \"${repo}\". Expected \"owner/repo\" format.`,\n \"INVALID_REPO\"\n );\n }\n return { owner: parts[0], repo: parts[1] };\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Verify the repository exists and user has access */\nexport async function verifyRepoAccess(repoInfo: RemoteRepoInfo): Promise<boolean> {\n try {\n await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}`]);\n return true;\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"404\") || errorMessage.includes(\"Not Found\")) {\n throw new RemoteFetcherError(\n `Repository not found: ${repoInfo.owner}/${repoInfo.repo}`,\n \"NO_REPO\"\n );\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"401\")) {\n throw new RemoteFetcherError(\n `Cannot access repository: ${repoInfo.owner}/${repoInfo.repo}. Check your GITHUB_TOKEN permissions.`,\n \"NO_PERMISSION\"\n );\n }\n\n throw new RemoteFetcherError(\n `Failed to verify repository access: ${errorMessage}`,\n \"API_ERROR\"\n );\n }\n}\n\n/** Check if a file exists in the remote repository via GitHub Contents API */\nexport async function checkRemoteFileExists(\n repoInfo: RemoteRepoInfo,\n filePath: string\n): Promise<boolean> {\n try {\n await execa(\"gh\", [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/contents/${filePath}`,\n \"--silent\",\n ]);\n return true;\n } catch {\n // File doesn't exist or no access - both return false\n return false;\n }\n}\n\n/** Check multiple alternative paths for a file */\nasync function checkRemoteFileWithAlternatives(\n repoInfo: RemoteRepoInfo,\n config: FileCheckConfig\n): Promise<FileCheckResult> {\n const allPaths = [config.path, ...(config.alternativePaths ?? [])];\n\n for (const path of allPaths) {\n // Sequential check needed - stop on first match\n const exists = await checkRemoteFileExists(repoInfo, path);\n if (exists) {\n return { path: config.path, exists: true, checkedPaths: allPaths };\n }\n }\n\n return { path: config.path, exists: false, checkedPaths: allPaths };\n}\n\n/** Batch check multiple files in a repository */\nexport async function checkRemoteFiles(\n repoInfo: RemoteRepoInfo,\n configs: FileCheckConfig[]\n): Promise<FileCheckResult[]> {\n // Run checks in parallel for efficiency\n const results = await Promise.all(\n configs.map((config) => checkRemoteFileWithAlternatives(repoInfo, config))\n );\n return results;\n}\n\n/** Standard file checks for remote validation */\nexport const standardFileChecks: FileCheckConfig[] = [\n {\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: false,\n description: \"CODEOWNERS file for code review assignment\",\n },\n {\n path: \".github/PULL_REQUEST_TEMPLATE.md\",\n alternativePaths: [\n \".github/pull_request_template.md\",\n \"PULL_REQUEST_TEMPLATE.md\",\n \"pull_request_template.md\",\n ],\n required: false,\n description: \"Pull request template\",\n },\n {\n path: \"README.md\",\n alternativePaths: [\"readme.md\", \"README\"],\n required: false,\n description: \"Repository README\",\n },\n {\n path: \".github/workflows\",\n required: false,\n description: \"GitHub Actions workflows directory\",\n },\n];\n","import { type Config } from \"@standards-kit/core\";\nimport { type Violation } from \"@standards-kit/core\";\n\n/** GitHub Ruleset response types */\ninterface RulesetBypassActor {\n actor_id: number | null;\n actor_type: string;\n bypass_mode: string;\n}\n\ninterface RulesetRule {\n type: string;\n parameters?: {\n required_approving_review_count?: number;\n dismiss_stale_reviews_on_push?: boolean;\n require_code_owner_review?: boolean;\n required_status_checks?: { context: string }[];\n strict_required_status_checks_policy?: boolean;\n };\n}\n\nexport interface RulesetResponse {\n id: number;\n name: string;\n target: string;\n enforcement: string;\n conditions?: { ref_name?: { include?: string[]; exclude?: string[] } };\n bypass_actors?: RulesetBypassActor[];\n rules?: RulesetRule[];\n}\n\ntype RulesetConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"ruleset\"];\ntype TagProtectionConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"tag_protection\"];\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Find branch ruleset matching the target branch */\nfunction findBranchRuleset(\n rulesets: RulesetResponse[],\n branch: string\n): RulesetResponse | undefined {\n return rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n}\n\n/** Validate rulesets against config */\n// eslint-disable-next-line complexity\nexport function validateRulesets(\n rulesets: RulesetResponse[],\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"]\n): Violation[] {\n if (!repoConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rulesetConfig = repoConfig.ruleset;\n const branch = rulesetConfig?.branch ?? \"main\";\n const branchRuleset = findBranchRuleset(rulesets, branch);\n\n if (repoConfig.require_branch_protection && !branchRuleset) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: `Branch '${branch}' does not have a branch protection ruleset`,\n severity: \"error\",\n });\n }\n\n if (branchRuleset && rulesetConfig) {\n violations.push(...validateBranchRuleset(branchRuleset, rulesetConfig, branch));\n }\n\n if (repoConfig.tag_protection?.patterns?.length) {\n violations.push(...validateTagProtection(rulesets, repoConfig.tag_protection));\n }\n\n return violations;\n}\n\n/** Validate branch ruleset settings against config */\nfunction validateBranchRuleset(\n ruleset: RulesetResponse,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rules = ruleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n\n violations.push(...validatePullRequestRule(prRule, config, branch));\n violations.push(...validateStatusChecksRule(statusRule, config, branch));\n violations.push(...validateSignedCommits(rules, config, branch));\n violations.push(...validateBypassActors(ruleset.bypass_actors ?? [], config, branch));\n\n return violations;\n}\n\n/** Validate pull request rule settings */\n// eslint-disable-next-line complexity\nfunction validatePullRequestRule(\n prRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = prRule?.parameters;\n\n if (config.required_reviews !== undefined) {\n const actualReviews = params?.required_approving_review_count ?? 0;\n if (actualReviews < config.required_reviews) {\n violations.push({\n rule: \"process.repo.branch_protection.required_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' requires ${actualReviews} reviews, expected at least ${config.required_reviews}`,\n severity: \"error\",\n });\n }\n }\n\n if (config.dismiss_stale_reviews === true && !(params?.dismiss_stale_reviews_on_push ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.dismiss_stale_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not dismiss stale reviews on new commits`,\n severity: \"error\",\n });\n }\n\n if (config.require_code_owner_reviews === true && !(params?.require_code_owner_review ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.require_code_owner_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require code owner reviews`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate status checks rule settings */\n// eslint-disable-next-line complexity\nfunction validateStatusChecksRule(\n statusRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = statusRule?.parameters;\n\n if (config.require_status_checks && config.require_status_checks.length > 0) {\n const actualChecks = params?.required_status_checks?.map((c) => c.context) ?? [];\n const missingChecks = config.require_status_checks.filter(\n (check) => !actualChecks.includes(check)\n );\n if (missingChecks.length > 0) {\n violations.push({\n rule: \"process.repo.branch_protection.require_status_checks\",\n tool: \"scan\",\n message: `Branch '${branch}' missing required status checks: ${missingChecks.join(\", \")}`,\n severity: \"error\",\n });\n }\n }\n\n if (\n config.require_branches_up_to_date === true &&\n !(params?.strict_required_status_checks_policy ?? false)\n ) {\n violations.push({\n rule: \"process.repo.branch_protection.require_branches_up_to_date\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require branches to be up to date before merging`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate signed commits requirement */\nfunction validateSignedCommits(\n rules: RulesetRule[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.require_signed_commits !== true) {\n return [];\n }\n\n if (!rules.some((r) => r.type === \"required_signatures\")) {\n return [\n {\n rule: \"process.repo.branch_protection.require_signed_commits\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require signed commits`,\n severity: \"error\",\n },\n ];\n }\n\n return [];\n}\n\n/** Validate bypass actors configuration */\nfunction validateBypassActors(\n actualBypass: RulesetBypassActor[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.enforce_admins !== true || actualBypass.length === 0) {\n return [];\n }\n\n return [\n {\n rule: \"process.repo.branch_protection.enforce_admins\",\n tool: \"scan\",\n message: `Branch '${branch}' has bypass actors configured but enforce_admins requires no bypasses`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rulesets */\nfunction validateTagProtection(\n rulesets: RulesetResponse[],\n tagConfig: TagProtectionConfig\n): Violation[] {\n if (!tagConfig?.patterns?.length) {\n return [];\n }\n\n const violations: Violation[] = [];\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.enforcement === \"active\");\n\n if (!tagRuleset) {\n return [\n {\n rule: \"process.repo.tag_protection\",\n tool: \"scan\",\n message: \"No active tag protection ruleset found\",\n severity: \"error\",\n },\n ];\n }\n\n violations.push(...validateTagPatterns(tagConfig.patterns, tagRuleset));\n violations.push(...validateTagRules(tagConfig, tagRuleset.rules ?? []));\n\n return violations;\n}\n\n/** Validate tag patterns match */\nfunction validateTagPatterns(expectedPatterns: string[], tagRuleset: RulesetResponse): Violation[] {\n const expected = expectedPatterns.map((p) => `refs/tags/${p}`).sort();\n const actual = [...(tagRuleset.conditions?.ref_name?.include ?? [])].sort();\n\n if (expected.length === actual.length && expected.every((v, i) => v === actual[i])) {\n return [];\n }\n\n const found = actual.map((p) => p.replace(/^refs\\/tags\\//, \"\")).join(\", \");\n return [\n {\n rule: \"process.repo.tag_protection.patterns\",\n tool: \"scan\",\n message: `Tag protection patterns mismatch: expected [${expectedPatterns.join(\", \")}], found [${found}]`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rules */\nfunction validateTagRules(tagConfig: TagProtectionConfig, rules: RulesetRule[]): Violation[] {\n if (!tagConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n\n if (tagConfig.prevent_deletion !== false && !rules.some((r) => r.type === \"deletion\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_deletion\",\n tool: \"scan\",\n message: \"Tag protection does not prevent deletion\",\n severity: \"error\",\n });\n }\n\n if (tagConfig.prevent_update !== false && !rules.some((r) => r.type === \"update\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_update\",\n tool: \"scan\",\n message: \"Tag protection does not prevent updates (force-push)\",\n severity: \"error\",\n });\n }\n\n return violations;\n}\n"],"mappings":";;;;;;;;AAAA,OAAO,WAAW;;;ACAlB,SAAS,SAAAA,cAAa;;;ACAtB,SAAS,aAAa;AAKf,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,SAAS,gBAAgB,MAA8B;AAC5D,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,+BAA+B,IAAI;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAE,OAAO,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,EAAE;AAC3C;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,iBAAiB,UAA4C;AACjF,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,EAAE,CAAC;AACrE,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,WAAW,GAAG;AACtE,YAAM,IAAI;AAAA,QACR,yBAAyB,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QACxD;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,KAAK,GAAG;AAChE,YAAM,IAAI;AAAA,QACR,6BAA6B,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QAC5D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,uCAAuC,YAAY;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBACpB,UACA,UACkB;AAClB,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,QAAQ;AAAA,MAC7D;AAAA,IACF,CAAC;AACD,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAGA,eAAe,gCACb,UACA,QAC0B;AAC1B,QAAM,WAAW,CAAC,OAAO,MAAM,GAAI,OAAO,oBAAoB,CAAC,CAAE;AAEjE,aAAW,QAAQ,UAAU;AAE3B,UAAM,SAAS,MAAM,sBAAsB,UAAU,IAAI;AACzD,QAAI,QAAQ;AACV,aAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,MAAM,cAAc,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,SAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,OAAO,cAAc,SAAS;AACpE;AAGA,eAAsB,iBACpB,UACA,SAC4B;AAE5B,QAAM,UAAU,MAAM,QAAQ;AAAA,IAC5B,QAAQ,IAAI,CAAC,WAAW,gCAAgC,UAAU,MAAM,CAAC;AAAA,EAC3E;AACA,SAAO;AACT;AAGO,IAAM,qBAAwC;AAAA,EACnD;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,IAC1D,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,aAAa,QAAQ;AAAA,IACxC,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;;;AC5GA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBACP,UACA,QAC6B;AAC7B,SAAO,SAAS;AAAA,IACd,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AACF;AAIO,SAAS,iBACd,UACA,YACa;AACb,MAAI,CAAC,YAAY;AACf,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,gBAAgB,WAAW;AACjC,QAAM,SAAS,eAAe,UAAU;AACxC,QAAM,gBAAgB,kBAAkB,UAAU,MAAM;AAExD,MAAI,WAAW,6BAA6B,CAAC,eAAe;AAC1D,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,iBAAiB,eAAe;AAClC,eAAW,KAAK,GAAG,sBAAsB,eAAe,eAAe,MAAM,CAAC;AAAA,EAChF;AAEA,MAAI,WAAW,gBAAgB,UAAU,QAAQ;AAC/C,eAAW,KAAK,GAAG,sBAAsB,UAAU,WAAW,cAAc,CAAC;AAAA,EAC/E;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,SACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,QAAQ,QAAQ,SAAS,CAAC;AAChC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AAExE,aAAW,KAAK,GAAG,wBAAwB,QAAQ,QAAQ,MAAM,CAAC;AAClE,aAAW,KAAK,GAAG,yBAAyB,YAAY,QAAQ,MAAM,CAAC;AACvE,aAAW,KAAK,GAAG,sBAAsB,OAAO,QAAQ,MAAM,CAAC;AAC/D,aAAW,KAAK,GAAG,qBAAqB,QAAQ,iBAAiB,CAAC,GAAG,QAAQ,MAAM,CAAC;AAEpF,SAAO;AACT;AAIA,SAAS,wBACP,QACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,QAAQ;AAEvB,MAAI,OAAO,qBAAqB,QAAW;AACzC,UAAM,gBAAgB,QAAQ,mCAAmC;AACjE,QAAI,gBAAgB,OAAO,kBAAkB;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,cAAc,aAAa,+BAA+B,OAAO,gBAAgB;AAAA,QAC3G,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,0BAA0B,QAAQ,EAAE,QAAQ,iCAAiC,QAAQ;AAC9F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,+BAA+B,QAAQ,EAAE,QAAQ,6BAA6B,QAAQ;AAC/F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAIA,SAAS,yBACP,YACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,YAAY;AAE3B,MAAI,OAAO,yBAAyB,OAAO,sBAAsB,SAAS,GAAG;AAC3E,UAAM,eAAe,QAAQ,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK,CAAC;AAC/E,UAAM,gBAAgB,OAAO,sBAAsB;AAAA,MACjD,CAAC,UAAU,CAAC,aAAa,SAAS,KAAK;AAAA,IACzC;AACA,QAAI,cAAc,SAAS,GAAG;AAC5B,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,qCAAqC,cAAc,KAAK,IAAI,CAAC;AAAA,QACvF,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MACE,OAAO,gCAAgC,QACvC,EAAE,QAAQ,wCAAwC,QAClD;AACA,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,OACA,QACA,QACa;AACb,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB,GAAG;AACxD,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM;AAAA,QAC1B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO,CAAC;AACV;AAGA,SAAS,qBACP,cACA,QACA,QACa;AACb,MAAI,QAAQ,mBAAmB,QAAQ,aAAa,WAAW,GAAG;AAChE,WAAO,CAAC;AAAA,EACV;AAEA,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,sBACP,UACA,WACa;AACb,MAAI,CAAC,WAAW,UAAU,QAAQ;AAChC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,gBAAgB,QAAQ;AAExF,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,aAAW,KAAK,GAAG,oBAAoB,UAAU,UAAU,UAAU,CAAC;AACtE,aAAW,KAAK,GAAG,iBAAiB,WAAW,WAAW,SAAS,CAAC,CAAC,CAAC;AAEtE,SAAO;AACT;AAGA,SAAS,oBAAoB,kBAA4B,YAA0C;AACjG,QAAM,WAAW,iBAAiB,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE,EAAE,KAAK;AACpE,QAAM,SAAS,CAAC,GAAI,WAAW,YAAY,UAAU,WAAW,CAAC,CAAE,EAAE,KAAK;AAE1E,MAAI,SAAS,WAAW,OAAO,UAAU,SAAS,MAAM,CAAC,GAAG,MAAM,MAAM,OAAO,CAAC,CAAC,GAAG;AAClF,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,EAAE,KAAK,IAAI;AACzE,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,+CAA+C,iBAAiB,KAAK,IAAI,CAAC,aAAa,KAAK;AAAA,MACrG,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,WAAgC,OAAmC;AAC3F,MAAI,CAAC,WAAW;AACd,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AAEjC,MAAI,UAAU,qBAAqB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU,GAAG;AACrF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,UAAU,mBAAmB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,GAAG;AACjF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AF7TA,eAAe,cAAc,UAAsD;AACjF,QAAM,SAAS,MAAMC,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAC7F,SAAO,KAAK,MAAM,OAAO,MAAM;AACjC;AAGA,SAAS,oBACP,MACA,MACA,QACA,UACa;AACb,SAAO,EAAE,MAAM,MAAM,QAAQ,MAAM,YAAY,CAAC,GAAG,SAAS,MAAM,YAAY,QAAQ,SAAS;AACjG;AAGA,SAAS,kBACP,MACA,MACA,SACA,UACa;AACb,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,YAAY,CAAC,EAAE,MAAM,MAAM,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAAA,IAC/D,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAGA,SAAS,mBACP,OACA,YACA,SACa;AACb,QAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAEjE,MAAI,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,wBAAwB,GAAG;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,IAAI,SAAS,KAAK,GAAG;AACvB,UAAM,aAA0B,CAAC;AACjC,QAAI,YAAY,2BAA2B;AACzC,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,6BAA6B,GAAG;AAAA,IAChC,QAAQ;AAAA,EACV;AACF;AAGA,eAAe,cAAc,UAA0B,QAAsC;AAC3F,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,OAAO,SAAS;AAEnC,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,cAAc,QAAQ;AAC7C,UAAM,aAAa,iBAAiB,UAAU,UAAU;AAExD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,WAAO,mBAAmB,OAAO,YAAY,OAAO;AAAA,EACtD;AACF;AAGA,SAAS,gBAAgB,QAAmC;AAC1D,QAAM,aAAgC,CAAC;AAEvC,MAAI,OAAO,SAAS,MAAM,oBAAoB;AAC5C,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,MAC1D,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,aAAW;AAAA,IACT,GAAG,mBAAmB,OAAO,CAAC,UAAU,CAAC,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,MAAM,IAAI,CAAC;AAAA,EAC1F;AAEA,SAAO;AACT;AAGA,SAAS,wBACP,SACA,YACa;AACb,QAAM,aAA0B,CAAC;AAEjC,aAAW,UAAU,SAAS;AAC5B,UAAM,cAAc,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,OAAO,IAAI;AACnE,QAAI,CAAC,OAAO,UAAU,aAAa,UAAU;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM,sBAAsB,OAAO,KAAK,QAAQ,SAAS,GAAG,CAAC;AAAA,QAC7D,MAAM;AAAA,QACN,SAAS,4BAA4B,OAAO,IAAI,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC;AAAA,QAC5F,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAe,WAAW,UAA0B,QAAsC;AACxF,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,gBAAgB,MAAM;AAEzC,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,UAAU,MAAM,iBAAiB,UAAU,UAAU;AAC3D,UAAM,aAAa,wBAAwB,SAAS,UAAU;AAE9D,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,UAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,0BAA0B,GAAG;AAAA,MAC7B,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,UAA0B,QAAmC;AACrF,QAAM,aAAa,OAAO,QAAQ,CAAC,MAAM,EAAE,UAAU;AACrD,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AAClE,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AACnE,QAAM,gBAAgB,OAAO,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ,iBAAiB;AAAA,IACzB,SAAS,EAAE,aAAa,OAAO,QAAQ,cAAc,cAAc,cAAc;AAAA,EACnF;AACF;AAGA,eAAsB,eAAe,MAAc,QAAqC;AACtF,QAAM,WAAW,gBAAgB,IAAI;AAErC,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,QAAQ;AAE/B,QAAM,CAAC,gBAAgB,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,IACtD,cAAc,UAAU,MAAM;AAAA,IAC9B,WAAW,UAAU,MAAM;AAAA,EAC7B,CAAC;AAED,SAAO,iBAAiB,UAAU,CAAC,gBAAgB,WAAW,CAAC;AACjE;AAGA,eAAsB,gBACpB,SACgC;AAChC,QAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM,OAAO,mBAAqB;AAC9D,QAAM,EAAE,OAAO,IAAI,MAAMA,iBAAgB,QAAQ,MAAM;AACvD,QAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,QAAM,KAAK,MAAM,OAAO,IAAS;AACjC,QAAM,OAAO,MAAM,OAAO,MAAW;AACrC,QAAM,EAAE,cAAc,IAAI,MAAM,OAAO,KAAU;AAEjD,QAAM,YAAY,KAAK,QAAQ,cAAc,YAAY,GAAG,CAAC;AAC7D,QAAM,kBAAkB,KAAK,QAAQ,WAAW,MAAM,MAAM,MAAM,cAAc;AAChF,QAAM,cAAc,KAAK,MAAM,GAAG,aAAa,iBAAiB,OAAO,CAAC;AAExE,SAAO;AAAA,IACL,SAAS,YAAY;AAAA,IACrB,UAAU,OAAO;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ,OAAO;AAAA,IACf,SAAS;AAAA,MACP,aAAa,OAAO,QAAQ;AAAA,MAC5B,cAAc,OAAO,QAAQ;AAAA,MAC7B,cAAc,OAAO,QAAQ;AAAA,MAC7B,iBAAiB,OAAO,WAAW;AAAA,MACnC,UAAU,OAAO,SAAS,SAAS,UAAU,SAAS;AAAA,IACxD;AAAA,EACF;AACF;;;ADjQA,SAAS,eAAe,QAA4B;AAClD,QAAM,QAAkB,CAAC;AAEzB,QAAM,KAAK,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACzE,QAAM,KAAK,EAAE;AAEb,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI,MAAM,SAAS;AACjB,YAAM,KAAK,MAAM,OAAO,UAAK,MAAM,IAAI,cAAc,MAAM,UAAU,GAAG,CAAC;AAAA,IAC3E,WAAW,MAAM,QAAQ;AACvB,YAAM,KAAK,MAAM,MAAM,UAAK,MAAM,IAAI,EAAE,CAAC;AAAA,IAC3C,OAAO;AACL,YAAM,KAAK,MAAM,IAAI,UAAK,MAAM,IAAI,EAAE,CAAC;AACvC,iBAAW,aAAa,MAAM,YAAY;AACxC,cAAM,KAAK,MAAM,IAAI,YAAO,UAAU,OAAO,EAAE,CAAC;AAAA,MAClD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,KAAK,EAAE;AACb,QAAM;AAAA,IACJ,YAAY,OAAO,QAAQ,YAAY,YAClC,OAAO,QAAQ,YAAY,YAC3B,OAAO,QAAQ,aAAa;AAAA,EACnC;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGA,SAAS,eAAe,QAA4B;AAClD,SAAO,KAAK,UAAU,QAAQ,MAAM,CAAC;AACvC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,MAAM,gBAAgB,QAAQ,MAAM;AACvD,UAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,UAAM,SAAS,QAAQ,WAAW,SAAS,eAAe,MAAM,IAAI,eAAe,MAAM;AAEzF,YAAQ,OAAO,MAAM,GAAG,MAAM;AAAA,CAAI;AAClC,YAAQ,KAAK,OAAO,SAAS,SAAS,UAAU,SAAS,gBAAgB;AAAA,EAC3E,SAAS,OAAO;AACd,QAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,QACP,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D,MAAO,MAA4B,QAAQ;AAAA,MAC7C;AACA,cAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,IAC/D,OAAO;AACL,cAAQ,MAAM,MAAM,IAAI,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC,EAAE,CAAC;AAAA,IAC7F;AACA,YAAQ,KAAK,SAAS,aAAa;AAAA,EACrC;AACF;","names":["execa","execa","loadConfigAsync"]}
1
+ {"version":3,"sources":["../src/process/scan/index.ts","../src/process/scan/scanner.ts","../src/process/scan/remote-fetcher.ts","../src/process/scan/validators.ts"],"sourcesContent":["import chalk from \"chalk\";\n\nimport { loadConfigAsync } from \"../../core/index.js\";\nimport { ExitCode } from \"../../core/index.js\";\nimport { scanRepository } from \"./scanner.js\";\nimport { type ScanOptions, type ScanResult } from \"./types.js\";\n\n// Re-export public API types\nexport {\n type RemoteRepoInfo,\n type ScanOptions,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\n\n// Re-export scanner\nexport { scanRepository, validateProcess } from \"./scanner.js\";\n\n/** Format scan result as text */\nfunction formatScanText(result: ScanResult): string {\n const lines: string[] = [];\n\n lines.push(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n lines.push(\"\");\n\n for (const check of result.checks) {\n if (check.skipped) {\n lines.push(chalk.yellow(`⊘ ${check.name} (skipped: ${check.skipReason})`));\n } else if (check.passed) {\n lines.push(chalk.green(`✓ ${check.name}`));\n } else {\n lines.push(chalk.red(`✗ ${check.name}`));\n for (const violation of check.violations) {\n lines.push(chalk.red(` • ${violation.message}`));\n }\n }\n }\n\n lines.push(\"\");\n lines.push(\n `Summary: ${result.summary.passedChecks} passed, ` +\n `${result.summary.failedChecks} failed, ` +\n `${result.summary.skippedChecks} skipped`\n );\n\n return lines.join(\"\\n\");\n}\n\n/** Format scan result as JSON */\nfunction formatScanJson(result: ScanResult): string {\n return JSON.stringify(result, null, 2);\n}\n\n/** Run the scan command */\nexport async function runScan(options: ScanOptions): Promise<void> {\n try {\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const output = options.format === \"json\" ? formatScanJson(result) : formatScanText(result);\n\n process.stdout.write(`${output}\\n`);\n process.exit(result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND);\n } catch (error) {\n if (options.format === \"json\") {\n const errorObj = {\n error: true,\n message: error instanceof Error ? error.message : String(error),\n code: (error as { code?: string }).code ?? \"UNKNOWN\",\n };\n process.stdout.write(`${JSON.stringify(errorObj, null, 2)}\\n`);\n } else {\n console.error(chalk.red(`Error: ${error instanceof Error ? error.message : String(error)}`));\n }\n process.exit(ExitCode.RUNTIME_ERROR);\n }\n}\n","import { execa } from \"execa\";\n\nimport { type Config } from \"../../core/index.js\";\nimport { type CheckResult, ExitCode, type Violation } from \"../../core/index.js\";\nimport {\n checkRemoteFiles,\n isGhAvailable,\n parseRepoString,\n RemoteFetcherError,\n standardFileChecks,\n verifyRepoAccess,\n} from \"./remote-fetcher.js\";\nimport {\n type FileCheckConfig,\n type RemoteRepoInfo,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\nimport { type RulesetResponse, validateRulesets } from \"./validators.js\";\n\n/** Fetch rulesets from GitHub API */\nasync function fetchRulesets(repoInfo: RemoteRepoInfo): Promise<RulesetResponse[]> {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n return JSON.parse(result.stdout) as RulesetResponse[];\n}\n\n/** Create a skipped check result */\nfunction createSkippedResult(\n name: string,\n rule: string,\n reason: string,\n duration: number\n): CheckResult {\n return { name, rule, passed: true, violations: [], skipped: true, skipReason: reason, duration };\n}\n\n/** Create an error check result */\nfunction createErrorResult(\n name: string,\n rule: string,\n message: string,\n duration: number\n): CheckResult {\n return {\n name,\n rule,\n passed: false,\n violations: [{ rule, tool: \"scan\", message, severity: \"error\" }],\n skipped: false,\n duration,\n };\n}\n\n/** Handle API errors for ruleset fetching */\nfunction handleRulesetError(\n error: unknown,\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"],\n elapsed: () => number\n): CheckResult {\n const msg = error instanceof Error ? error.message : String(error);\n\n if (msg.includes(\"403\") || msg.includes(\"Must have admin rights\")) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Cannot check rulesets: insufficient permissions (requires admin access)\",\n elapsed()\n );\n }\n\n if (msg.includes(\"404\")) {\n const violations: Violation[] = [];\n if (repoConfig?.require_branch_protection) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: \"No branch protection rulesets configured\",\n severity: \"error\",\n });\n }\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n }\n\n return createErrorResult(\n \"Repository Settings\",\n \"process.repo\",\n `Failed to check rulesets: ${msg}`,\n elapsed()\n );\n}\n\n/** Check repository rulesets and branch protection */\nasync function checkRulesets(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const repoConfig = config.process?.repo;\n\n if (!repoConfig?.enabled) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Repository settings check not enabled in config\",\n elapsed()\n );\n }\n\n try {\n const rulesets = await fetchRulesets(repoInfo);\n const violations = validateRulesets(rulesets, repoConfig);\n\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n return handleRulesetError(error, repoConfig, elapsed);\n }\n}\n\n/** Build file checks configuration from config */\nfunction buildFileChecks(config: Config): FileCheckConfig[] {\n const fileChecks: FileCheckConfig[] = [];\n\n if (config.process?.repo?.require_codeowners) {\n fileChecks.push({\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: true,\n description: \"CODEOWNERS file for code review assignment\",\n });\n }\n\n fileChecks.push(\n ...standardFileChecks.filter((check) => !fileChecks.some((fc) => fc.path === check.path))\n );\n\n return fileChecks;\n}\n\n/** Convert file check results to violations */\nfunction fileResultsToViolations(\n results: { path: string; exists: boolean; checkedPaths: string[] }[],\n fileChecks: FileCheckConfig[]\n): Violation[] {\n const violations: Violation[] = [];\n\n for (const result of results) {\n const checkConfig = fileChecks.find((fc) => fc.path === result.path);\n if (!result.exists && checkConfig?.required) {\n violations.push({\n rule: `process.scan.files.${result.path.replace(/[./]/g, \"_\")}`,\n tool: \"scan\",\n message: `Required file not found: ${result.path} (checked: ${result.checkedPaths.join(\", \")})`,\n severity: \"error\",\n });\n }\n }\n\n return violations;\n}\n\n/** Check remote files for existence */\nasync function checkFiles(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const fileChecks = buildFileChecks(config);\n\n if (fileChecks.length === 0) {\n return createSkippedResult(\n \"Repository Files\",\n \"process.scan.files\",\n \"No file checks configured\",\n elapsed()\n );\n }\n\n try {\n const results = await checkRemoteFiles(repoInfo, fileChecks);\n const violations = fileResultsToViolations(results, fileChecks);\n\n return {\n name: \"Repository Files\",\n rule: \"process.scan.files\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n const msg = error instanceof Error ? error.message : String(error);\n return createErrorResult(\n \"Repository Files\",\n \"process.scan.files\",\n `Failed to check files: ${msg}`,\n elapsed()\n );\n }\n}\n\n/** Aggregate check results into scan result */\nfunction aggregateResults(repoInfo: RemoteRepoInfo, checks: CheckResult[]): ScanResult {\n const violations = checks.flatMap((c) => c.violations);\n const passedChecks = checks.filter((c) => c.passed && !c.skipped).length;\n const failedChecks = checks.filter((c) => !c.passed && !c.skipped).length;\n const skippedChecks = checks.filter((c) => c.skipped).length;\n\n return {\n repoInfo,\n checks,\n violations,\n passed: failedChecks === 0,\n summary: { totalChecks: checks.length, passedChecks, failedChecks, skippedChecks },\n };\n}\n\n/** Run all remote scans for a repository */\nexport async function scanRepository(repo: string, config: Config): Promise<ScanResult> {\n const repoInfo = parseRepoString(repo);\n\n if (!(await isGhAvailable())) {\n throw new RemoteFetcherError(\n \"GitHub CLI (gh) not available. Install it from https://cli.github.com/\",\n \"NO_GH\"\n );\n }\n\n await verifyRepoAccess(repoInfo);\n\n const [rulesetsResult, filesResult] = await Promise.all([\n checkRulesets(repoInfo, config),\n checkFiles(repoInfo, config),\n ]);\n\n return aggregateResults(repoInfo, [rulesetsResult, filesResult]);\n}\n\n/** Programmatic API for validating remote process checks */\nexport async function validateProcess(\n options: ValidateProcessOptions\n): Promise<ValidateProcessResult> {\n const { loadConfigAsync } = await import(\"../../core/index.js\");\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const fs = await import(\"node:fs\");\n const path = await import(\"node:path\");\n const { fileURLToPath } = await import(\"node:url\");\n\n const __dirname = path.dirname(fileURLToPath(import.meta.url));\n const packageJsonPath = path.resolve(__dirname, \"..\", \"..\", \"..\", \"package.json\");\n const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, \"utf-8\")) as { version: string };\n\n return {\n version: packageJson.version,\n repoInfo: result.repoInfo,\n domain: \"process\",\n checks: result.checks,\n summary: {\n totalChecks: result.summary.totalChecks,\n passedChecks: result.summary.passedChecks,\n failedChecks: result.summary.failedChecks,\n totalViolations: result.violations.length,\n exitCode: result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND,\n },\n };\n}\n","import { execa } from \"execa\";\n\nimport { type FileCheckConfig, type FileCheckResult, type RemoteRepoInfo } from \"./types.js\";\n\n/** Error thrown when remote fetcher encounters an issue */\nexport class RemoteFetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\" | \"INVALID_REPO\"\n ) {\n super(message);\n this.name = \"RemoteFetcherError\";\n }\n}\n\n/** Parse owner/repo string into RemoteRepoInfo */\nexport function parseRepoString(repo: string): RemoteRepoInfo {\n const parts = repo.split(\"/\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n throw new RemoteFetcherError(\n `Invalid repository format: \"${repo}\". Expected \"owner/repo\" format.`,\n \"INVALID_REPO\"\n );\n }\n return { owner: parts[0], repo: parts[1] };\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Verify the repository exists and user has access */\nexport async function verifyRepoAccess(repoInfo: RemoteRepoInfo): Promise<boolean> {\n try {\n await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}`]);\n return true;\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"404\") || errorMessage.includes(\"Not Found\")) {\n throw new RemoteFetcherError(\n `Repository not found: ${repoInfo.owner}/${repoInfo.repo}`,\n \"NO_REPO\"\n );\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"401\")) {\n throw new RemoteFetcherError(\n `Cannot access repository: ${repoInfo.owner}/${repoInfo.repo}. Check your GITHUB_TOKEN permissions.`,\n \"NO_PERMISSION\"\n );\n }\n\n throw new RemoteFetcherError(\n `Failed to verify repository access: ${errorMessage}`,\n \"API_ERROR\"\n );\n }\n}\n\n/** Check if a file exists in the remote repository via GitHub Contents API */\nexport async function checkRemoteFileExists(\n repoInfo: RemoteRepoInfo,\n filePath: string\n): Promise<boolean> {\n try {\n await execa(\"gh\", [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/contents/${filePath}`,\n \"--silent\",\n ]);\n return true;\n } catch {\n // File doesn't exist or no access - both return false\n return false;\n }\n}\n\n/** Check multiple alternative paths for a file */\nasync function checkRemoteFileWithAlternatives(\n repoInfo: RemoteRepoInfo,\n config: FileCheckConfig\n): Promise<FileCheckResult> {\n const allPaths = [config.path, ...(config.alternativePaths ?? [])];\n\n for (const path of allPaths) {\n // Sequential check needed - stop on first match\n const exists = await checkRemoteFileExists(repoInfo, path);\n if (exists) {\n return { path: config.path, exists: true, checkedPaths: allPaths };\n }\n }\n\n return { path: config.path, exists: false, checkedPaths: allPaths };\n}\n\n/** Batch check multiple files in a repository */\nexport async function checkRemoteFiles(\n repoInfo: RemoteRepoInfo,\n configs: FileCheckConfig[]\n): Promise<FileCheckResult[]> {\n // Run checks in parallel for efficiency\n const results = await Promise.all(\n configs.map((config) => checkRemoteFileWithAlternatives(repoInfo, config))\n );\n return results;\n}\n\n/** Standard file checks for remote validation */\nexport const standardFileChecks: FileCheckConfig[] = [\n {\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: false,\n description: \"CODEOWNERS file for code review assignment\",\n },\n {\n path: \".github/PULL_REQUEST_TEMPLATE.md\",\n alternativePaths: [\n \".github/pull_request_template.md\",\n \"PULL_REQUEST_TEMPLATE.md\",\n \"pull_request_template.md\",\n ],\n required: false,\n description: \"Pull request template\",\n },\n {\n path: \"README.md\",\n alternativePaths: [\"readme.md\", \"README\"],\n required: false,\n description: \"Repository README\",\n },\n {\n path: \".github/workflows\",\n required: false,\n description: \"GitHub Actions workflows directory\",\n },\n];\n","import { type Config } from \"../../core/index.js\";\nimport { type Violation } from \"../../core/index.js\";\n\n/** GitHub Ruleset response types */\ninterface RulesetBypassActor {\n actor_id: number | null;\n actor_type: string;\n bypass_mode: string;\n}\n\ninterface RulesetRule {\n type: string;\n parameters?: {\n required_approving_review_count?: number;\n dismiss_stale_reviews_on_push?: boolean;\n require_code_owner_review?: boolean;\n required_status_checks?: { context: string }[];\n strict_required_status_checks_policy?: boolean;\n };\n}\n\nexport interface RulesetResponse {\n id: number;\n name: string;\n target: string;\n enforcement: string;\n conditions?: { ref_name?: { include?: string[]; exclude?: string[] } };\n bypass_actors?: RulesetBypassActor[];\n rules?: RulesetRule[];\n}\n\ntype RulesetConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"ruleset\"];\ntype TagProtectionConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"tag_protection\"];\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Find branch ruleset matching the target branch */\nfunction findBranchRuleset(\n rulesets: RulesetResponse[],\n branch: string\n): RulesetResponse | undefined {\n return rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n}\n\n/** Validate rulesets against config */\n// eslint-disable-next-line complexity\nexport function validateRulesets(\n rulesets: RulesetResponse[],\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"]\n): Violation[] {\n if (!repoConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rulesetConfig = repoConfig.ruleset;\n const branch = rulesetConfig?.branch ?? \"main\";\n const branchRuleset = findBranchRuleset(rulesets, branch);\n\n if (repoConfig.require_branch_protection && !branchRuleset) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: `Branch '${branch}' does not have a branch protection ruleset`,\n severity: \"error\",\n });\n }\n\n if (branchRuleset && rulesetConfig) {\n violations.push(...validateBranchRuleset(branchRuleset, rulesetConfig, branch));\n }\n\n if (repoConfig.tag_protection?.patterns?.length) {\n violations.push(...validateTagProtection(rulesets, repoConfig.tag_protection));\n }\n\n return violations;\n}\n\n/** Validate branch ruleset settings against config */\nfunction validateBranchRuleset(\n ruleset: RulesetResponse,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rules = ruleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n\n violations.push(...validatePullRequestRule(prRule, config, branch));\n violations.push(...validateStatusChecksRule(statusRule, config, branch));\n violations.push(...validateSignedCommits(rules, config, branch));\n violations.push(...validateBypassActors(ruleset.bypass_actors ?? [], config, branch));\n\n return violations;\n}\n\n/** Validate pull request rule settings */\n// eslint-disable-next-line complexity\nfunction validatePullRequestRule(\n prRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = prRule?.parameters;\n\n if (config.required_reviews !== undefined) {\n const actualReviews = params?.required_approving_review_count ?? 0;\n if (actualReviews < config.required_reviews) {\n violations.push({\n rule: \"process.repo.branch_protection.required_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' requires ${actualReviews} reviews, expected at least ${config.required_reviews}`,\n severity: \"error\",\n });\n }\n }\n\n if (config.dismiss_stale_reviews === true && !(params?.dismiss_stale_reviews_on_push ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.dismiss_stale_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not dismiss stale reviews on new commits`,\n severity: \"error\",\n });\n }\n\n if (config.require_code_owner_reviews === true && !(params?.require_code_owner_review ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.require_code_owner_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require code owner reviews`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate status checks rule settings */\n// eslint-disable-next-line complexity\nfunction validateStatusChecksRule(\n statusRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = statusRule?.parameters;\n\n if (config.require_status_checks && config.require_status_checks.length > 0) {\n const actualChecks = params?.required_status_checks?.map((c) => c.context) ?? [];\n const missingChecks = config.require_status_checks.filter(\n (check) => !actualChecks.includes(check)\n );\n if (missingChecks.length > 0) {\n violations.push({\n rule: \"process.repo.branch_protection.require_status_checks\",\n tool: \"scan\",\n message: `Branch '${branch}' missing required status checks: ${missingChecks.join(\", \")}`,\n severity: \"error\",\n });\n }\n }\n\n if (\n config.require_branches_up_to_date === true &&\n !(params?.strict_required_status_checks_policy ?? false)\n ) {\n violations.push({\n rule: \"process.repo.branch_protection.require_branches_up_to_date\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require branches to be up to date before merging`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate signed commits requirement */\nfunction validateSignedCommits(\n rules: RulesetRule[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.require_signed_commits !== true) {\n return [];\n }\n\n if (!rules.some((r) => r.type === \"required_signatures\")) {\n return [\n {\n rule: \"process.repo.branch_protection.require_signed_commits\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require signed commits`,\n severity: \"error\",\n },\n ];\n }\n\n return [];\n}\n\n/** Validate bypass actors configuration */\nfunction validateBypassActors(\n actualBypass: RulesetBypassActor[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.enforce_admins !== true || actualBypass.length === 0) {\n return [];\n }\n\n return [\n {\n rule: \"process.repo.branch_protection.enforce_admins\",\n tool: \"scan\",\n message: `Branch '${branch}' has bypass actors configured but enforce_admins requires no bypasses`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rulesets */\nfunction validateTagProtection(\n rulesets: RulesetResponse[],\n tagConfig: TagProtectionConfig\n): Violation[] {\n if (!tagConfig?.patterns?.length) {\n return [];\n }\n\n const violations: Violation[] = [];\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.enforcement === \"active\");\n\n if (!tagRuleset) {\n return [\n {\n rule: \"process.repo.tag_protection\",\n tool: \"scan\",\n message: \"No active tag protection ruleset found\",\n severity: \"error\",\n },\n ];\n }\n\n violations.push(...validateTagPatterns(tagConfig.patterns, tagRuleset));\n violations.push(...validateTagRules(tagConfig, tagRuleset.rules ?? []));\n\n return violations;\n}\n\n/** Validate tag patterns match */\nfunction validateTagPatterns(expectedPatterns: string[], tagRuleset: RulesetResponse): Violation[] {\n const expected = expectedPatterns.map((p) => `refs/tags/${p}`).sort();\n const actual = [...(tagRuleset.conditions?.ref_name?.include ?? [])].sort();\n\n if (expected.length === actual.length && expected.every((v, i) => v === actual[i])) {\n return [];\n }\n\n const found = actual.map((p) => p.replace(/^refs\\/tags\\//, \"\")).join(\", \");\n return [\n {\n rule: \"process.repo.tag_protection.patterns\",\n tool: \"scan\",\n message: `Tag protection patterns mismatch: expected [${expectedPatterns.join(\", \")}], found [${found}]`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rules */\nfunction validateTagRules(tagConfig: TagProtectionConfig, rules: RulesetRule[]): Violation[] {\n if (!tagConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n\n if (tagConfig.prevent_deletion !== false && !rules.some((r) => r.type === \"deletion\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_deletion\",\n tool: \"scan\",\n message: \"Tag protection does not prevent deletion\",\n severity: \"error\",\n });\n }\n\n if (tagConfig.prevent_update !== false && !rules.some((r) => r.type === \"update\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_update\",\n tool: \"scan\",\n message: \"Tag protection does not prevent updates (force-push)\",\n severity: \"error\",\n });\n }\n\n return violations;\n}\n"],"mappings":";;;;;;;;AAAA,OAAO,WAAW;;;ACAlB,SAAS,SAAAA,cAAa;;;ACAtB,SAAS,aAAa;AAKf,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,SAAS,gBAAgB,MAA8B;AAC5D,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,+BAA+B,IAAI;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAE,OAAO,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,EAAE;AAC3C;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,iBAAiB,UAA4C;AACjF,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,EAAE,CAAC;AACrE,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,WAAW,GAAG;AACtE,YAAM,IAAI;AAAA,QACR,yBAAyB,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QACxD;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,KAAK,GAAG;AAChE,YAAM,IAAI;AAAA,QACR,6BAA6B,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QAC5D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,uCAAuC,YAAY;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBACpB,UACA,UACkB;AAClB,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,QAAQ;AAAA,MAC7D;AAAA,IACF,CAAC;AACD,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAGA,eAAe,gCACb,UACA,QAC0B;AAC1B,QAAM,WAAW,CAAC,OAAO,MAAM,GAAI,OAAO,oBAAoB,CAAC,CAAE;AAEjE,aAAW,QAAQ,UAAU;AAE3B,UAAM,SAAS,MAAM,sBAAsB,UAAU,IAAI;AACzD,QAAI,QAAQ;AACV,aAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,MAAM,cAAc,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,SAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,OAAO,cAAc,SAAS;AACpE;AAGA,eAAsB,iBACpB,UACA,SAC4B;AAE5B,QAAM,UAAU,MAAM,QAAQ;AAAA,IAC5B,QAAQ,IAAI,CAAC,WAAW,gCAAgC,UAAU,MAAM,CAAC;AAAA,EAC3E;AACA,SAAO;AACT;AAGO,IAAM,qBAAwC;AAAA,EACnD;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,IAC1D,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,aAAa,QAAQ;AAAA,IACxC,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;;;AC5GA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBACP,UACA,QAC6B;AAC7B,SAAO,SAAS;AAAA,IACd,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AACF;AAIO,SAAS,iBACd,UACA,YACa;AACb,MAAI,CAAC,YAAY;AACf,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,gBAAgB,WAAW;AACjC,QAAM,SAAS,eAAe,UAAU;AACxC,QAAM,gBAAgB,kBAAkB,UAAU,MAAM;AAExD,MAAI,WAAW,6BAA6B,CAAC,eAAe;AAC1D,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,iBAAiB,eAAe;AAClC,eAAW,KAAK,GAAG,sBAAsB,eAAe,eAAe,MAAM,CAAC;AAAA,EAChF;AAEA,MAAI,WAAW,gBAAgB,UAAU,QAAQ;AAC/C,eAAW,KAAK,GAAG,sBAAsB,UAAU,WAAW,cAAc,CAAC;AAAA,EAC/E;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,SACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,QAAQ,QAAQ,SAAS,CAAC;AAChC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AAExE,aAAW,KAAK,GAAG,wBAAwB,QAAQ,QAAQ,MAAM,CAAC;AAClE,aAAW,KAAK,GAAG,yBAAyB,YAAY,QAAQ,MAAM,CAAC;AACvE,aAAW,KAAK,GAAG,sBAAsB,OAAO,QAAQ,MAAM,CAAC;AAC/D,aAAW,KAAK,GAAG,qBAAqB,QAAQ,iBAAiB,CAAC,GAAG,QAAQ,MAAM,CAAC;AAEpF,SAAO;AACT;AAIA,SAAS,wBACP,QACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,QAAQ;AAEvB,MAAI,OAAO,qBAAqB,QAAW;AACzC,UAAM,gBAAgB,QAAQ,mCAAmC;AACjE,QAAI,gBAAgB,OAAO,kBAAkB;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,cAAc,aAAa,+BAA+B,OAAO,gBAAgB;AAAA,QAC3G,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,0BAA0B,QAAQ,EAAE,QAAQ,iCAAiC,QAAQ;AAC9F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,+BAA+B,QAAQ,EAAE,QAAQ,6BAA6B,QAAQ;AAC/F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAIA,SAAS,yBACP,YACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,YAAY;AAE3B,MAAI,OAAO,yBAAyB,OAAO,sBAAsB,SAAS,GAAG;AAC3E,UAAM,eAAe,QAAQ,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK,CAAC;AAC/E,UAAM,gBAAgB,OAAO,sBAAsB;AAAA,MACjD,CAAC,UAAU,CAAC,aAAa,SAAS,KAAK;AAAA,IACzC;AACA,QAAI,cAAc,SAAS,GAAG;AAC5B,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,qCAAqC,cAAc,KAAK,IAAI,CAAC;AAAA,QACvF,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MACE,OAAO,gCAAgC,QACvC,EAAE,QAAQ,wCAAwC,QAClD;AACA,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,OACA,QACA,QACa;AACb,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB,GAAG;AACxD,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM;AAAA,QAC1B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO,CAAC;AACV;AAGA,SAAS,qBACP,cACA,QACA,QACa;AACb,MAAI,QAAQ,mBAAmB,QAAQ,aAAa,WAAW,GAAG;AAChE,WAAO,CAAC;AAAA,EACV;AAEA,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,sBACP,UACA,WACa;AACb,MAAI,CAAC,WAAW,UAAU,QAAQ;AAChC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,gBAAgB,QAAQ;AAExF,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,aAAW,KAAK,GAAG,oBAAoB,UAAU,UAAU,UAAU,CAAC;AACtE,aAAW,KAAK,GAAG,iBAAiB,WAAW,WAAW,SAAS,CAAC,CAAC,CAAC;AAEtE,SAAO;AACT;AAGA,SAAS,oBAAoB,kBAA4B,YAA0C;AACjG,QAAM,WAAW,iBAAiB,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE,EAAE,KAAK;AACpE,QAAM,SAAS,CAAC,GAAI,WAAW,YAAY,UAAU,WAAW,CAAC,CAAE,EAAE,KAAK;AAE1E,MAAI,SAAS,WAAW,OAAO,UAAU,SAAS,MAAM,CAAC,GAAG,MAAM,MAAM,OAAO,CAAC,CAAC,GAAG;AAClF,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,EAAE,KAAK,IAAI;AACzE,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,+CAA+C,iBAAiB,KAAK,IAAI,CAAC,aAAa,KAAK;AAAA,MACrG,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,WAAgC,OAAmC;AAC3F,MAAI,CAAC,WAAW;AACd,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AAEjC,MAAI,UAAU,qBAAqB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU,GAAG;AACrF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,UAAU,mBAAmB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,GAAG;AACjF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AF7TA,eAAe,cAAc,UAAsD;AACjF,QAAM,SAAS,MAAMC,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAC7F,SAAO,KAAK,MAAM,OAAO,MAAM;AACjC;AAGA,SAAS,oBACP,MACA,MACA,QACA,UACa;AACb,SAAO,EAAE,MAAM,MAAM,QAAQ,MAAM,YAAY,CAAC,GAAG,SAAS,MAAM,YAAY,QAAQ,SAAS;AACjG;AAGA,SAAS,kBACP,MACA,MACA,SACA,UACa;AACb,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,YAAY,CAAC,EAAE,MAAM,MAAM,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAAA,IAC/D,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAGA,SAAS,mBACP,OACA,YACA,SACa;AACb,QAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAEjE,MAAI,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,wBAAwB,GAAG;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,IAAI,SAAS,KAAK,GAAG;AACvB,UAAM,aAA0B,CAAC;AACjC,QAAI,YAAY,2BAA2B;AACzC,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,6BAA6B,GAAG;AAAA,IAChC,QAAQ;AAAA,EACV;AACF;AAGA,eAAe,cAAc,UAA0B,QAAsC;AAC3F,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,OAAO,SAAS;AAEnC,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,cAAc,QAAQ;AAC7C,UAAM,aAAa,iBAAiB,UAAU,UAAU;AAExD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,WAAO,mBAAmB,OAAO,YAAY,OAAO;AAAA,EACtD;AACF;AAGA,SAAS,gBAAgB,QAAmC;AAC1D,QAAM,aAAgC,CAAC;AAEvC,MAAI,OAAO,SAAS,MAAM,oBAAoB;AAC5C,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,MAC1D,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,aAAW;AAAA,IACT,GAAG,mBAAmB,OAAO,CAAC,UAAU,CAAC,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,MAAM,IAAI,CAAC;AAAA,EAC1F;AAEA,SAAO;AACT;AAGA,SAAS,wBACP,SACA,YACa;AACb,QAAM,aAA0B,CAAC;AAEjC,aAAW,UAAU,SAAS;AAC5B,UAAM,cAAc,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,OAAO,IAAI;AACnE,QAAI,CAAC,OAAO,UAAU,aAAa,UAAU;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM,sBAAsB,OAAO,KAAK,QAAQ,SAAS,GAAG,CAAC;AAAA,QAC7D,MAAM;AAAA,QACN,SAAS,4BAA4B,OAAO,IAAI,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC;AAAA,QAC5F,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAe,WAAW,UAA0B,QAAsC;AACxF,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,gBAAgB,MAAM;AAEzC,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,UAAU,MAAM,iBAAiB,UAAU,UAAU;AAC3D,UAAM,aAAa,wBAAwB,SAAS,UAAU;AAE9D,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,UAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,0BAA0B,GAAG;AAAA,MAC7B,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,UAA0B,QAAmC;AACrF,QAAM,aAAa,OAAO,QAAQ,CAAC,MAAM,EAAE,UAAU;AACrD,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AAClE,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AACnE,QAAM,gBAAgB,OAAO,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ,iBAAiB;AAAA,IACzB,SAAS,EAAE,aAAa,OAAO,QAAQ,cAAc,cAAc,cAAc;AAAA,EACnF;AACF;AAGA,eAAsB,eAAe,MAAc,QAAqC;AACtF,QAAM,WAAW,gBAAgB,IAAI;AAErC,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,QAAQ;AAE/B,QAAM,CAAC,gBAAgB,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,IACtD,cAAc,UAAU,MAAM;AAAA,IAC9B,WAAW,UAAU,MAAM;AAAA,EAC7B,CAAC;AAED,SAAO,iBAAiB,UAAU,CAAC,gBAAgB,WAAW,CAAC;AACjE;AAGA,eAAsB,gBACpB,SACgC;AAChC,QAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM,OAAO,oBAAqB;AAC9D,QAAM,EAAE,OAAO,IAAI,MAAMA,iBAAgB,QAAQ,MAAM;AACvD,QAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,QAAM,KAAK,MAAM,OAAO,IAAS;AACjC,QAAM,OAAO,MAAM,OAAO,MAAW;AACrC,QAAM,EAAE,cAAc,IAAI,MAAM,OAAO,KAAU;AAEjD,QAAM,YAAY,KAAK,QAAQ,cAAc,YAAY,GAAG,CAAC;AAC7D,QAAM,kBAAkB,KAAK,QAAQ,WAAW,MAAM,MAAM,MAAM,cAAc;AAChF,QAAM,cAAc,KAAK,MAAM,GAAG,aAAa,iBAAiB,OAAO,CAAC;AAExE,SAAO;AAAA,IACL,SAAS,YAAY;AAAA,IACrB,UAAU,OAAO;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ,OAAO;AAAA,IACf,SAAS;AAAA,MACP,aAAa,OAAO,QAAQ;AAAA,MAC5B,cAAc,OAAO,QAAQ;AAAA,MAC7B,cAAc,OAAO,QAAQ;AAAA,MAC7B,iBAAiB,OAAO,WAAW;AAAA,MACnC,UAAU,OAAO,SAAS,SAAS,UAAU,SAAS;AAAA,IACxD;AAAA,EACF;AACF;;;ADjQA,SAAS,eAAe,QAA4B;AAClD,QAAM,QAAkB,CAAC;AAEzB,QAAM,KAAK,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACzE,QAAM,KAAK,EAAE;AAEb,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI,MAAM,SAAS;AACjB,YAAM,KAAK,MAAM,OAAO,UAAK,MAAM,IAAI,cAAc,MAAM,UAAU,GAAG,CAAC;AAAA,IAC3E,WAAW,MAAM,QAAQ;AACvB,YAAM,KAAK,MAAM,MAAM,UAAK,MAAM,IAAI,EAAE,CAAC;AAAA,IAC3C,OAAO;AACL,YAAM,KAAK,MAAM,IAAI,UAAK,MAAM,IAAI,EAAE,CAAC;AACvC,iBAAW,aAAa,MAAM,YAAY;AACxC,cAAM,KAAK,MAAM,IAAI,YAAO,UAAU,OAAO,EAAE,CAAC;AAAA,MAClD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,KAAK,EAAE;AACb,QAAM;AAAA,IACJ,YAAY,OAAO,QAAQ,YAAY,YAClC,OAAO,QAAQ,YAAY,YAC3B,OAAO,QAAQ,aAAa;AAAA,EACnC;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGA,SAAS,eAAe,QAA4B;AAClD,SAAO,KAAK,UAAU,QAAQ,MAAM,CAAC;AACvC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,MAAM,gBAAgB,QAAQ,MAAM;AACvD,UAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,UAAM,SAAS,QAAQ,WAAW,SAAS,eAAe,MAAM,IAAI,eAAe,MAAM;AAEzF,YAAQ,OAAO,MAAM,GAAG,MAAM;AAAA,CAAI;AAClC,YAAQ,KAAK,OAAO,SAAS,SAAS,UAAU,SAAS,gBAAgB;AAAA,EAC3E,SAAS,OAAO;AACd,QAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,QACP,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D,MAAO,MAA4B,QAAQ;AAAA,MAC7C;AACA,cAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,IAC/D,OAAO;AACL,cAAQ,MAAM,MAAM,IAAI,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC,EAAE,CAAC;AAAA,IAC7F;AACA,YAAQ,KAAK,SAAS,aAAa;AAAA,EACrC;AACF;","names":["execa","execa","loadConfigAsync"]}
package/dist/{sync-RLYBGYNY.js → sync-XV6XBLVZ.js} RENAMED
@@ -1,8 +1,8 @@
1
- import "./chunk-P7TIZJ4C.js";
1
+ import "./chunk-DXIYZR62.js";
2
2
  import {
3
3
  getProjectRoot,
4
4
  loadConfig
5
- } from "./chunk-KHO6NIAI.js";
5
+ } from "./chunk-PZ2NVKI7.js";
6
6
 
7
7
  // src/process/sync/applier.ts
8
8
  import { execa } from "execa";
@@ -874,4 +874,4 @@ export {
874
874
  runTagDiff,
875
875
  runTagSync
876
876
  };
877
- //# sourceMappingURL=sync-RLYBGYNY.js.map
877
+ //# sourceMappingURL=sync-XV6XBLVZ.js.map
package/dist/{sync-RLYBGYNY.js.map → sync-XV6XBLVZ.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/process/sync/applier.ts","../src/process/sync/differ.ts","../src/process/sync/fetcher.ts","../src/process/sync/index.ts"],"sourcesContent":["import { execa } from \"execa\";\n\nimport {\n type DesiredBranchProtection,\n type DesiredTagProtection,\n type RepoInfo,\n type SettingDiff,\n type SyncDiffResult,\n type SyncResult,\n type TagProtectionDiffResult,\n} from \"./types.js\";\n\n/** Error thrown when applier encounters an issue */\nexport class ApplierError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_PERMISSION\" | \"API_ERROR\"\n ) {\n super(message);\n this.name = \"ApplierError\";\n }\n}\n\n/** Apply branch protection ruleset to GitHub */\nexport async function applyBranchProtection(\n repoInfo: RepoInfo,\n branch: string,\n desired: DesiredBranchProtection,\n diffResult: SyncDiffResult\n): Promise<SyncResult> {\n if (!diffResult.hasChanges) {\n return { success: true, applied: [], failed: [] };\n }\n\n const requestBody = buildBranchRulesetBody(branch, desired);\n\n try {\n if (diffResult.currentRulesetId === null) {\n // Create new ruleset\n await execa(\n \"gh\",\n [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, \"-X\", \"POST\", \"--input\", \"-\"],\n { input: JSON.stringify(requestBody) }\n );\n } else {\n // Update existing ruleset\n await execa(\n \"gh\",\n [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,\n \"-X\",\n \"PUT\",\n \"--input\",\n \"-\",\n ],\n { input: JSON.stringify(requestBody) }\n );\n }\n\n return { success: true, applied: diffResult.diffs, failed: [] };\n } catch (error) {\n return handleBranchApplyError(error, diffResult.diffs);\n }\n}\n\n/** Handle errors from applying branch protection */\nfunction handleBranchApplyError(error: unknown, diffs: SettingDiff[]): SyncResult {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new ApplierError(\n \"Cannot update branch protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n return {\n success: false,\n applied: [],\n failed: diffs.map((diff) => ({ diff, error: errorMessage })),\n };\n}\n\n/** Build GitHub API request body for branch ruleset */\nfunction buildBranchRulesetBody(\n branch: string,\n desired: DesiredBranchProtection\n): Record<string, unknown> {\n const rules: { type: string; parameters?: Record<string, unknown> }[] = [];\n\n // Build pull_request rule if any review settings specified\n const pullRequestRule = buildPullRequestRule(desired);\n if (pullRequestRule) {\n rules.push(pullRequestRule);\n }\n\n // Build required_status_checks rule\n const statusChecksRule = buildStatusChecksRule(desired);\n if (statusChecksRule) {\n rules.push(statusChecksRule);\n }\n\n // Build required_signatures rule\n if (desired.require_signed_commits === true) {\n rules.push({ type: \"required_signatures\" });\n }\n\n // Build bypass actors array\n const bypassActors =\n desired.bypass_actors?.map((actor) => ({\n actor_id: actor.actor_id ?? null,\n actor_type: actor.actor_type,\n bypass_mode: actor.bypass_mode ?? \"always\",\n })) ?? [];\n\n return {\n name: \"Branch Protection\",\n target: \"branch\",\n enforcement: \"active\",\n conditions: {\n ref_name: {\n include: [`refs/heads/${branch}`],\n exclude: [],\n },\n },\n bypass_actors: bypassActors,\n rules,\n };\n}\n\n/** Build pull_request rule for PR review settings */\nfunction buildPullRequestRule(\n desired: DesiredBranchProtection\n): { type: string; parameters: Record<string, unknown> } | null {\n const hasReviewSettings =\n desired.required_reviews !== undefined ||\n desired.dismiss_stale_reviews !== undefined ||\n desired.require_code_owner_reviews !== undefined;\n\n if (!hasReviewSettings) {\n return null;\n }\n\n return {\n type: \"pull_request\",\n parameters: {\n ...(desired.required_reviews !== undefined && {\n required_approving_review_count: desired.required_reviews,\n }),\n ...(desired.dismiss_stale_reviews !== undefined && {\n dismiss_stale_reviews_on_push: desired.dismiss_stale_reviews,\n }),\n ...(desired.require_code_owner_reviews !== undefined && {\n require_code_owner_review: desired.require_code_owner_reviews,\n }),\n },\n };\n}\n\n/** Build required_status_checks rule for status check settings */\nfunction buildStatusChecksRule(\n desired: DesiredBranchProtection\n): { type: string; parameters: Record<string, unknown> } | null {\n const hasStatusSettings =\n desired.require_status_checks !== undefined ||\n desired.require_branches_up_to_date !== undefined;\n\n if (!hasStatusSettings) {\n return null;\n }\n\n const statusChecks =\n desired.require_status_checks?.map((context) => ({\n context,\n })) ?? [];\n\n return {\n type: \"required_status_checks\",\n parameters: {\n required_status_checks: statusChecks,\n strict_required_status_checks_policy: desired.require_branches_up_to_date ?? false,\n },\n };\n}\n\n// =============================================================================\n// Tag Protection (GitHub Rulesets API)\n// =============================================================================\n\n/** Apply tag protection ruleset to GitHub */\nexport async function applyTagProtection(\n repoInfo: RepoInfo,\n desired: DesiredTagProtection,\n diffResult: TagProtectionDiffResult\n): Promise<SyncResult> {\n if (!diffResult.hasChanges) {\n return { success: true, applied: [], failed: [] };\n }\n\n const requestBody = buildTagRulesetBody(desired);\n\n try {\n if (diffResult.currentRulesetId === null) {\n // Create new ruleset\n await execa(\n \"gh\",\n [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, \"-X\", \"POST\", \"--input\", \"-\"],\n { input: JSON.stringify(requestBody) }\n );\n } else {\n // Update existing ruleset\n await execa(\n \"gh\",\n [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,\n \"-X\",\n \"PUT\",\n \"--input\",\n \"-\",\n ],\n { input: JSON.stringify(requestBody) }\n );\n }\n\n return { success: true, applied: diffResult.diffs, failed: [] };\n } catch (error) {\n return handleTagApplyError(error, diffResult.diffs);\n }\n}\n\n/** Build GitHub API request body for tag ruleset */\nfunction buildTagRulesetBody(desired: DesiredTagProtection): Record<string, unknown> {\n const rules: { type: string }[] = [];\n\n // Default to true if not specified\n if (desired.prevent_deletion !== false) {\n rules.push({ type: \"deletion\" });\n }\n if (desired.prevent_update !== false) {\n rules.push({ type: \"update\" });\n }\n\n const patterns = desired.patterns ?? [\"v*\"];\n const includePatterns = patterns.map((p) => `refs/tags/${p}`);\n\n return {\n name: \"Tag Protection\",\n target: \"tag\",\n enforcement: \"active\",\n conditions: {\n ref_name: {\n include: includePatterns,\n exclude: [],\n },\n },\n rules,\n };\n}\n\n/** Handle errors from applying tag protection */\nfunction handleTagApplyError(error: unknown, diffs: SettingDiff[]): SyncResult {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new ApplierError(\n \"Cannot update tag protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n return {\n success: false,\n applied: [],\n failed: diffs.map((diff) => ({ diff, error: errorMessage })),\n };\n}\n","import {\n type BranchProtectionSettings,\n type BypassActor,\n type DesiredBranchProtection,\n type DesiredTagProtection,\n type RepoInfo,\n type SettingDiff,\n type SyncDiffResult,\n type TagProtectionDiffResult,\n type TagProtectionSettings,\n} from \"./types.js\";\n\n/** Field mapping for comparison */\ninterface FieldMapping {\n name: string;\n getCurrentValue: (c: BranchProtectionSettings) => unknown;\n getDesiredValue: (d: DesiredBranchProtection) => unknown;\n isArray?: boolean;\n}\n\n/** All field mappings for branch protection settings */\nconst fieldMappings: FieldMapping[] = [\n {\n name: \"required_reviews\",\n getCurrentValue: (c) => c.requiredReviews,\n getDesiredValue: (d) => d.required_reviews,\n },\n {\n name: \"dismiss_stale_reviews\",\n getCurrentValue: (c) => c.dismissStaleReviews,\n getDesiredValue: (d) => d.dismiss_stale_reviews,\n },\n {\n name: \"require_code_owner_reviews\",\n getCurrentValue: (c) => c.requireCodeOwnerReviews,\n getDesiredValue: (d) => d.require_code_owner_reviews,\n },\n {\n name: \"require_status_checks\",\n getCurrentValue: (c) => c.requiredStatusChecks,\n getDesiredValue: (d) => d.require_status_checks,\n isArray: true,\n },\n {\n name: \"require_branches_up_to_date\",\n getCurrentValue: (c) => c.requireBranchesUpToDate,\n getDesiredValue: (d) => d.require_branches_up_to_date,\n },\n {\n name: \"require_signed_commits\",\n getCurrentValue: (c) => c.requireSignedCommits,\n getDesiredValue: (d) => d.require_signed_commits,\n },\n {\n name: \"enforce_admins\",\n getCurrentValue: (c) => c.enforceAdmins,\n getDesiredValue: (d) => d.enforce_admins,\n },\n];\n\n/** Compare current settings with desired and generate diffs */\nexport function computeDiff(\n repoInfo: RepoInfo,\n current: BranchProtectionSettings,\n desired: DesiredBranchProtection\n): SyncDiffResult {\n const diffs = collectDiffs(current, desired);\n\n // Add bypass_actors diff\n const bypassDiff = compareBypassActors(\n current.bypassActors,\n desired.bypass_actors,\n current.rulesetId\n );\n if (bypassDiff) {\n diffs.push(bypassDiff);\n }\n\n return {\n repoInfo,\n branch: current.branch,\n diffs,\n hasChanges: diffs.length > 0,\n currentRulesetId: current.rulesetId,\n };\n}\n\n/** Collect all diffs between current and desired settings */\nfunction collectDiffs(\n current: BranchProtectionSettings,\n desired: DesiredBranchProtection\n): SettingDiff[] {\n const diffs: SettingDiff[] = [];\n\n for (const mapping of fieldMappings) {\n const desiredValue = mapping.getDesiredValue(desired);\n if (desiredValue === undefined) {\n continue;\n }\n\n const currentValue = mapping.getCurrentValue(current);\n const diff = mapping.isArray\n ? compareArrayValue(mapping.name, currentValue as string[] | null, desiredValue as string[])\n : compareValue(mapping.name, currentValue, desiredValue);\n\n if (diff) {\n diffs.push(diff);\n }\n }\n\n return diffs;\n}\n\n/** Compare a single value and return diff if different */\nfunction compareValue(setting: string, current: unknown, desired: unknown): SettingDiff | null {\n const currentValue = current ?? null;\n if (currentValue === desired) {\n return null;\n }\n\n return {\n setting,\n current: currentValue,\n desired,\n action: currentValue === null ? \"add\" : \"change\",\n };\n}\n\n/** Compare arrays and return diff if different */\nfunction compareArrayValue(\n setting: string,\n current: string[] | null,\n desired: string[]\n): SettingDiff | null {\n const currentArray = current ?? [];\n const sortedCurrent = [...currentArray].sort();\n const sortedDesired = [...desired].sort();\n\n const areEqual =\n sortedCurrent.length === sortedDesired.length &&\n sortedCurrent.every((v, i) => v === sortedDesired[i]);\n\n if (areEqual) {\n return null;\n }\n\n return {\n setting,\n current: currentArray,\n desired,\n action: currentArray.length === 0 ? \"add\" : \"change\",\n };\n}\n\n/** Compare bypass actors arrays */\nfunction compareBypassActors(\n current: BypassActor[] | null,\n desired: BypassActor[] | undefined,\n rulesetId: number | null\n): SettingDiff | null {\n if (desired === undefined) {\n return null;\n }\n\n const currentActors = current ?? [];\n\n // Normalize and sort for comparison\n const sortKey = (a: BypassActor): string =>\n `${a.actor_type}:${a.actor_id ?? \"\"}:${a.bypass_mode ?? \"always\"}`;\n\n const sortedCurrent = [...currentActors].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));\n const sortedDesired = [...desired].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));\n\n // Normalize bypass_mode defaults for comparison\n const normalize = (actors: BypassActor[]): BypassActor[] =>\n actors.map((a) => ({\n actor_type: a.actor_type,\n actor_id: a.actor_id,\n bypass_mode: a.bypass_mode ?? \"always\",\n }));\n\n const normalizedCurrent = normalize(sortedCurrent);\n const normalizedDesired = normalize(sortedDesired);\n\n const areEqual =\n normalizedCurrent.length === normalizedDesired.length &&\n normalizedCurrent.every(\n (c, i) =>\n c.actor_type === normalizedDesired[i].actor_type &&\n c.actor_id === normalizedDesired[i].actor_id &&\n c.bypass_mode === normalizedDesired[i].bypass_mode\n );\n\n if (areEqual) {\n return null;\n }\n\n return {\n setting: \"bypass_actors\",\n current: currentActors,\n desired,\n action: rulesetId === null ? \"add\" : \"change\",\n };\n}\n\n/** Format a value for display */\nexport function formatValue(value: unknown): string {\n if (value === null || value === undefined) {\n return \"not set\";\n }\n if (Array.isArray(value)) {\n return value.length === 0 ? \"[]\" : `[${value.join(\", \")}]`;\n }\n return String(value);\n}\n\n// =============================================================================\n// Tag Protection Diff\n// =============================================================================\n\n/** Compare current tag protection with desired and generate diffs */\nexport function computeTagDiff(\n repoInfo: RepoInfo,\n current: TagProtectionSettings,\n desired: DesiredTagProtection\n): TagProtectionDiffResult {\n const diffs: SettingDiff[] = [];\n const rulesetId = current.rulesetId;\n\n collectPatternDiff(diffs, current, desired);\n collectBooleanDiff(diffs, {\n s: \"prevent_deletion\",\n c: current.preventDeletion,\n d: desired.prevent_deletion,\n r: rulesetId,\n });\n collectBooleanDiff(diffs, {\n s: \"prevent_update\",\n c: current.preventUpdate,\n d: desired.prevent_update,\n r: rulesetId,\n });\n\n return { repoInfo, diffs, hasChanges: diffs.length > 0, currentRulesetId: rulesetId };\n}\n\n/** Collect pattern diff if patterns don't match */\nfunction collectPatternDiff(\n diffs: SettingDiff[],\n current: TagProtectionSettings,\n desired: DesiredTagProtection\n): void {\n if (desired.patterns === undefined) {\n return;\n }\n const curr = [...current.patterns].sort();\n const des = [...desired.patterns].sort();\n const match = curr.length === des.length && curr.every((v, i) => v === des[i]);\n if (!match) {\n diffs.push({\n setting: \"patterns\",\n current: current.patterns,\n desired: desired.patterns,\n action: curr.length === 0 ? \"add\" : \"change\",\n });\n }\n}\n\n/** Collect boolean setting diff (s=setting, c=current, d=desired, r=rulesetId) */\nfunction collectBooleanDiff(\n diffs: SettingDiff[],\n o: { s: string; c: boolean; d: boolean | undefined; r: number | null }\n): void {\n if (o.d !== undefined && o.c !== o.d) {\n diffs.push({\n setting: o.s,\n current: o.c,\n desired: o.d,\n action: o.r === null ? \"add\" : \"change\",\n });\n }\n}\n","import { execa } from \"execa\";\n\nimport {\n type BranchProtectionSettings,\n type BypassActor,\n type GitHubRuleset,\n type GitHubRulesetBypassActor,\n type RepoInfo,\n type TagProtectionSettings,\n} from \"./types.js\";\n\n/** Error thrown when fetcher encounters an issue */\nexport class FetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\"\n ) {\n super(message);\n this.name = \"FetcherError\";\n }\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Get repository info from git remote */\nexport async function getRepoInfo(projectRoot: string): Promise<RepoInfo> {\n try {\n const result = await execa(\"gh\", [\"repo\", \"view\", \"--json\", \"owner,name\"], {\n cwd: projectRoot,\n });\n const data = JSON.parse(result.stdout) as { owner: { login: string }; name: string };\n return { owner: data.owner.login, repo: data.name };\n } catch {\n throw new FetcherError(\"Could not determine GitHub repository from git remote\", \"NO_REPO\");\n }\n}\n\n/** Fetch current branch protection settings from GitHub Rulesets */\nexport async function fetchBranchProtection(\n repoInfo: RepoInfo,\n branch: string\n): Promise<BranchProtectionSettings> {\n try {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n\n const rulesets = JSON.parse(result.stdout) as GitHubRuleset[];\n return parseBranchRuleset(rulesets, branch);\n } catch (error) {\n return handleBranchFetchError(error, branch);\n }\n}\n\n/** Handle errors from fetching branch protection */\nfunction handleBranchFetchError(error: unknown, branch: string): BranchProtectionSettings {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n // 404 means no rulesets exist - return empty settings\n if (errorMessage.includes(\"404\")) {\n return createEmptySettings(branch);\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new FetcherError(\n \"Cannot read branch protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n throw new FetcherError(`Failed to fetch branch protection: ${errorMessage}`, \"API_ERROR\");\n}\n\n/** Find and parse the branch protection ruleset */\n// eslint-disable-next-line complexity\nfunction parseBranchRuleset(rulesets: GitHubRuleset[], branch: string): BranchProtectionSettings {\n // Find ruleset targeting branches that includes the specified branch\n const branchRuleset = rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n\n if (!branchRuleset) {\n return createEmptySettings(branch);\n }\n\n const rules = branchRuleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n const signaturesRule = rules.find((r) => r.type === \"required_signatures\");\n\n // Parse bypass actors\n const bypassActors = parseBypassActors(branchRuleset.bypass_actors);\n\n // enforceAdmins is true when there are no bypass actors\n const enforceAdmins = bypassActors === null || bypassActors.length === 0;\n\n return {\n branch,\n requiredReviews: prRule?.parameters?.required_approving_review_count ?? null,\n dismissStaleReviews: prRule?.parameters?.dismiss_stale_reviews_on_push ?? null,\n requireCodeOwnerReviews: prRule?.parameters?.require_code_owner_review ?? null,\n requiredStatusChecks:\n statusRule?.parameters?.required_status_checks?.map((c) => c.context) ?? null,\n requireBranchesUpToDate: statusRule?.parameters?.strict_required_status_checks_policy ?? null,\n requireSignedCommits: signaturesRule !== undefined,\n enforceAdmins,\n bypassActors,\n rulesetId: branchRuleset.id,\n rulesetName: branchRuleset.name,\n };\n}\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n // Simple wildcard matching for patterns like \"release/*\"\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Parse bypass actors from GitHub API response */\nfunction parseBypassActors(actors: GitHubRulesetBypassActor[] | undefined): BypassActor[] | null {\n if (!actors || actors.length === 0) {\n return null;\n }\n\n return actors.map((actor) => ({\n actor_type: actor.actor_type,\n actor_id: actor.actor_id ?? undefined,\n bypass_mode: actor.bypass_mode,\n }));\n}\n\n/** Create empty settings for unprotected branch */\nfunction createEmptySettings(branch: string): BranchProtectionSettings {\n return {\n branch,\n requiredReviews: null,\n dismissStaleReviews: null,\n requireCodeOwnerReviews: null,\n requiredStatusChecks: null,\n requireBranchesUpToDate: null,\n requireSignedCommits: null,\n enforceAdmins: null,\n bypassActors: null,\n rulesetId: null,\n rulesetName: null,\n };\n}\n\n// =============================================================================\n// Tag Protection (GitHub Rulesets API)\n// =============================================================================\n\n/** Fetch current tag protection rulesets from GitHub */\nexport async function fetchTagProtection(repoInfo: RepoInfo): Promise<TagProtectionSettings> {\n try {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n\n const rulesets = JSON.parse(result.stdout) as GitHubRuleset[];\n return parseTagRuleset(rulesets);\n } catch (error) {\n return handleTagFetchError(error);\n }\n}\n\n/** Find and parse the tag protection ruleset */\nfunction parseTagRuleset(rulesets: GitHubRuleset[]): TagProtectionSettings {\n // Find existing tag protection ruleset (by target type and name)\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.name === \"Tag Protection\");\n\n if (!tagRuleset) {\n return createEmptyTagSettings();\n }\n\n const patterns =\n tagRuleset.conditions?.ref_name?.include?.map((p) => p.replace(/^refs\\/tags\\//, \"\")) ?? [];\n\n const rules = tagRuleset.rules ?? [];\n const preventDeletion = rules.some((r) => r.type === \"deletion\");\n const preventUpdate = rules.some((r) => r.type === \"update\");\n\n return {\n patterns,\n preventDeletion,\n preventUpdate,\n rulesetId: tagRuleset.id,\n rulesetName: tagRuleset.name,\n };\n}\n\n/** Create empty settings when no tag ruleset exists */\nfunction createEmptyTagSettings(): TagProtectionSettings {\n return {\n patterns: [],\n preventDeletion: false,\n preventUpdate: false,\n rulesetId: null,\n rulesetName: null,\n };\n}\n\n/** Handle errors from fetching tag protection */\nfunction handleTagFetchError(error: unknown): TagProtectionSettings {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n // 404 means no rulesets exist - return empty settings\n if (errorMessage.includes(\"404\")) {\n return createEmptyTagSettings();\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new FetcherError(\n \"Cannot read tag protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n throw new FetcherError(`Failed to fetch tag protection: ${errorMessage}`, \"API_ERROR\");\n}\n","import { getProjectRoot, loadConfig } from \"@standards-kit/core\";\nimport { ApplierError, applyBranchProtection, applyTagProtection } from \"./applier.js\";\nimport { computeDiff, computeTagDiff, formatValue } from \"./differ.js\";\nimport {\n fetchBranchProtection,\n FetcherError,\n fetchTagProtection,\n getRepoInfo,\n isGhAvailable,\n} from \"./fetcher.js\";\nimport {\n type SyncDiffResult,\n type SyncOptions,\n type SyncResult,\n type TagProtectionDiffResult,\n} from \"./types.js\";\n\n/** Helper to write to stdout */\nfunction writeLine(text: string): void {\n process.stdout.write(`${text}\\n`);\n}\n\n/** Run diff command - show what would change */\nexport async function runDiff(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getDiffResult(options);\n outputDiff(diffResult, options.format);\n process.exit(diffResult.hasChanges ? 1 : 0);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Run sync command - apply changes (or preview if --apply not set) */\n// eslint-disable-next-line max-statements\nexport async function runSync(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getDiffResult(options);\n\n if (!diffResult.hasChanges) {\n outputNoChanges(diffResult, options.format);\n process.exit(0);\n }\n\n // Validate actors if requested\n if (options.validateActors) {\n const validationPassed = await validateActorsBeforeApply(options);\n if (!validationPassed) {\n process.exit(1);\n }\n }\n\n if (!options.apply) {\n outputPreview(diffResult, options.format);\n process.exit(0);\n }\n\n const result = await applyChanges(options, diffResult);\n outputSyncResult(diffResult, result, options.format);\n process.exit(result.success ? 0 : 1);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Apply changes to GitHub */\nasync function applyChanges(options: SyncOptions, diffResult: SyncDiffResult): Promise<SyncResult> {\n const { config } = loadConfig(options.config);\n const projectRoot = getProjectRoot(loadConfig(options.config).configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n const desired = config.process?.repo?.ruleset ?? {};\n\n return applyBranchProtection(repoInfo, diffResult.branch, desired, diffResult);\n}\n\n/** Validate bypass actors before applying changes */\nasync function validateActorsBeforeApply(options: SyncOptions): Promise<boolean> {\n const { validateBypassActors, formatValidationResult } = await import(\"./validator.js\");\n const { config } = loadConfig(options.config);\n const projectRoot = getProjectRoot(loadConfig(options.config).configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const rulesetConfig = config.process?.repo?.ruleset;\n const actors = rulesetConfig?.bypass_actors ?? [];\n\n if (actors.length === 0) {\n return true;\n }\n\n const result = await validateBypassActors(repoInfo, actors);\n\n if (options.format === \"json\") {\n process.stdout.write(`${JSON.stringify(result, null, 2)}\\n`);\n } else {\n process.stdout.write(`${formatValidationResult(result)}\\n`);\n }\n\n return result.valid;\n}\n\n/** Get the diff result (shared by diff and sync) */\nasync function getDiffResult(options: SyncOptions): Promise<SyncDiffResult> {\n if (!(await isGhAvailable())) {\n throw new FetcherError(\"GitHub CLI (gh) not available\", \"NO_GH\");\n }\n\n const { config, configPath } = loadConfig(options.config);\n const projectRoot = getProjectRoot(configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const repoConfig = config.process?.repo;\n const desired = repoConfig?.ruleset;\n if (!desired) {\n throw new Error(\"No [process.repo.ruleset] configured in standards.toml\");\n }\n const branch = getBranch(desired.branch);\n const current = await fetchBranchProtection(repoInfo, branch);\n\n return computeDiff(repoInfo, current, desired);\n}\n\n/** Get branch name with default */\nfunction getBranch(configuredBranch: string | undefined): string {\n return configuredBranch ?? \"main\";\n}\n\n/** Output diff result */\nfunction outputDiff(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify(result, null, 2));\n } else {\n outputDiffText(result);\n }\n}\n\n/** Output diff in text format */\nfunction outputDiffText(result: SyncDiffResult): void {\n writeRepoHeader(result);\n\n if (!result.hasChanges) {\n writeLine(\"No changes needed. Settings match configuration.\");\n return;\n }\n\n writeDiffTable(result);\n writeLine(\"\");\n writeLine(\n `${result.diffs.length} setting(s) differ. Run 'conform process sync --apply' to apply changes.`\n );\n}\n\n/** Write repository header */\nfunction writeRepoHeader(result: SyncDiffResult): void {\n writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n writeLine(`Branch: ${result.branch}`);\n writeLine(\"\");\n}\n\n/** Write diff table */\nfunction writeDiffTable(result: SyncDiffResult): void {\n const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);\n const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);\n\n writeLine(`${\"Setting\".padEnd(settingWidth)} ${\"Current\".padEnd(currentWidth)} Desired`);\n writeLine(\"-\".repeat(settingWidth + currentWidth + 20));\n\n for (const diff of result.diffs) {\n const currentStr = formatValue(diff.current);\n const desiredStr = formatValue(diff.desired);\n writeLine(\n `${diff.setting.padEnd(settingWidth)} ${currentStr.padEnd(currentWidth)} ${desiredStr}`\n );\n }\n}\n\n/** Output when no changes are needed */\nfunction outputNoChanges(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, message: \"No changes needed\" }, null, 2));\n } else {\n writeRepoHeader(result);\n writeLine(\"No changes needed. Settings match configuration.\");\n }\n}\n\n/** Output preview (sync without --apply) */\nfunction outputPreview(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, preview: true }, null, 2));\n } else {\n writeRepoHeader(result);\n writeLine(\"Would apply the following changes:\");\n for (const diff of result.diffs) {\n writeLine(` ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n writeLine(\"\");\n writeLine(\"Run with --apply to make these changes.\");\n }\n}\n\n/** Output sync result */\nfunction outputSyncResult(\n diffResult: SyncDiffResult,\n result: SyncResult,\n format: \"text\" | \"json\"\n): void {\n if (format === \"json\") {\n writeLine(\n JSON.stringify(\n { repoInfo: diffResult.repoInfo, branch: diffResult.branch, ...result },\n null,\n 2\n )\n );\n } else {\n outputSyncResultText(diffResult, result);\n }\n}\n\n/** Output sync result in text format */\nfunction outputSyncResultText(diffResult: SyncDiffResult, result: SyncResult): void {\n writeRepoHeader(diffResult);\n writeLine(\"Applying changes...\");\n\n for (const diff of result.applied) {\n writeLine(` + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n\n for (const { diff, error } of result.failed) {\n writeLine(` x ${diff.setting}: ${error}`);\n }\n\n writeLine(\"\");\n if (result.success) {\n writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);\n } else {\n writeLine(`x ${result.failed.length} setting(s) failed to sync.`);\n }\n}\n\n/** Handle errors */\nfunction handleError(error: unknown, format: \"text\" | \"json\"): void {\n const { message, code } = extractErrorInfo(error);\n\n if (format === \"json\") {\n writeLine(JSON.stringify({ error: true, code, message }, null, 2));\n } else {\n writeLine(`Error: ${message}`);\n }\n\n process.exit(2);\n}\n\n/** Extract error message and code */\nfunction extractErrorInfo(error: unknown): { message: string; code: string } {\n if (error instanceof FetcherError) {\n return { message: error.message, code: error.code };\n }\n if (error instanceof ApplierError) {\n return { message: error.message, code: error.code };\n }\n if (error instanceof Error) {\n return { message: error.message, code: \"ERROR\" };\n }\n return { message: String(error), code: \"ERROR\" };\n}\n\n// =============================================================================\n// Tag Protection Sync\n// =============================================================================\n\n/** Run tag protection diff command - show what would change */\nexport async function runTagDiff(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getTagDiffResult(options);\n outputTagDiff(diffResult, options.format);\n process.exit(diffResult.hasChanges ? 1 : 0);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Run tag protection sync command - apply changes (or preview if --apply not set) */\nexport async function runTagSync(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getTagDiffResult(options);\n\n if (!diffResult.hasChanges) {\n outputTagNoChanges(diffResult, options.format);\n process.exit(0);\n }\n\n if (!options.apply) {\n outputTagPreview(diffResult, options.format);\n process.exit(0);\n }\n\n const result = await applyTagChanges(options, diffResult);\n outputTagSyncResult(diffResult, result, options.format);\n process.exit(result.success ? 0 : 1);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Get the tag diff result */\nasync function getTagDiffResult(options: SyncOptions): Promise<TagProtectionDiffResult> {\n if (!(await isGhAvailable())) {\n throw new FetcherError(\"GitHub CLI (gh) not available\", \"NO_GH\");\n }\n\n const { config, configPath } = loadConfig(options.config);\n const projectRoot = getProjectRoot(configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const repoConfig = config.process?.repo;\n if (!repoConfig?.tag_protection?.patterns || repoConfig.tag_protection.patterns.length === 0) {\n throw new Error(\"No [process.repo.tag_protection] patterns configured in standards.toml\");\n }\n\n const desired = repoConfig.tag_protection;\n const current = await fetchTagProtection(repoInfo);\n\n return computeTagDiff(repoInfo, current, desired);\n}\n\n/** Apply tag protection changes to GitHub */\nasync function applyTagChanges(\n options: SyncOptions,\n diffResult: TagProtectionDiffResult\n): Promise<SyncResult> {\n const { config } = loadConfig(options.config);\n const desired = config.process?.repo?.tag_protection ?? {};\n\n return applyTagProtection(diffResult.repoInfo, desired, diffResult);\n}\n\n/** Output tag diff result */\nfunction outputTagDiff(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify(result, null, 2));\n } else {\n outputTagDiffText(result);\n }\n}\n\n/** Output tag diff in text format */\nfunction outputTagDiffText(result: TagProtectionDiffResult): void {\n writeTagRepoHeader(result);\n\n if (!result.hasChanges) {\n writeLine(\"No changes needed. Tag protection settings match configuration.\");\n return;\n }\n\n writeTagDiffTable(result);\n writeLine(\"\");\n writeLine(\n `${result.diffs.length} setting(s) differ. Run 'conform process sync-tags --apply' to apply changes.`\n );\n}\n\n/** Write tag repository header */\nfunction writeTagRepoHeader(result: TagProtectionDiffResult): void {\n writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n writeLine(`Target: Tag Protection Ruleset`);\n writeLine(\"\");\n}\n\n/** Write tag diff table */\nfunction writeTagDiffTable(result: TagProtectionDiffResult): void {\n const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);\n const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);\n\n writeLine(`${\"Setting\".padEnd(settingWidth)} ${\"Current\".padEnd(currentWidth)} Desired`);\n writeLine(\"-\".repeat(settingWidth + currentWidth + 20));\n\n for (const diff of result.diffs) {\n const currentStr = formatValue(diff.current);\n const desiredStr = formatValue(diff.desired);\n writeLine(\n `${diff.setting.padEnd(settingWidth)} ${currentStr.padEnd(currentWidth)} ${desiredStr}`\n );\n }\n}\n\n/** Output when no tag changes are needed */\nfunction outputTagNoChanges(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, message: \"No changes needed\" }, null, 2));\n } else {\n writeTagRepoHeader(result);\n writeLine(\"No changes needed. Tag protection settings match configuration.\");\n }\n}\n\n/** Output tag preview (sync without --apply) */\nfunction outputTagPreview(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, preview: true }, null, 2));\n } else {\n writeTagRepoHeader(result);\n writeLine(\"Would apply the following changes:\");\n for (const diff of result.diffs) {\n writeLine(` ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n writeLine(\"\");\n writeLine(\"Run with --apply to make these changes.\");\n }\n}\n\n/** Output tag sync result */\nfunction outputTagSyncResult(\n diffResult: TagProtectionDiffResult,\n result: SyncResult,\n format: \"text\" | \"json\"\n): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ repoInfo: diffResult.repoInfo, ...result }, null, 2));\n } else {\n outputTagSyncResultText(diffResult, result);\n }\n}\n\n/** Output tag sync result in text format */\nfunction outputTagSyncResultText(diffResult: TagProtectionDiffResult, result: SyncResult): void {\n writeTagRepoHeader(diffResult);\n writeLine(\"Applying tag protection changes...\");\n\n for (const diff of result.applied) {\n writeLine(` + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n\n for (const { diff, error } of result.failed) {\n writeLine(` x ${diff.setting}: ${error}`);\n }\n\n writeLine(\"\");\n if (result.success) {\n writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);\n } else {\n writeLine(`x ${result.failed.length} setting(s) failed to sync.`);\n }\n}\n"],"mappings":";;;;;;;AAAA,SAAS,aAAa;AAaf,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGA,eAAsB,sBACpB,UACA,QACA,SACA,YACqB;AACrB,MAAI,CAAC,WAAW,YAAY;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAClD;AAEA,QAAM,cAAc,uBAAuB,QAAQ,OAAO;AAE1D,MAAI;AACF,QAAI,WAAW,qBAAqB,MAAM;AAExC,YAAM;AAAA,QACJ;AAAA,QACA,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,MAAM,QAAQ,WAAW,GAAG;AAAA,QACzF,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,YAAM;AAAA,QACJ;AAAA,QACA;AAAA,UACE;AAAA,UACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,WAAW,gBAAgB;AAAA,UAChF;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,WAAW,OAAO,QAAQ,CAAC,EAAE;AAAA,EAChE,SAAS,OAAO;AACd,WAAO,uBAAuB,OAAO,WAAW,KAAK;AAAA,EACvD;AACF;AAGA,SAAS,uBAAuB,OAAgB,OAAkC;AAChF,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,CAAC;AAAA,IACV,QAAQ,MAAM,IAAI,CAAC,UAAU,EAAE,MAAM,OAAO,aAAa,EAAE;AAAA,EAC7D;AACF;AAGA,SAAS,uBACP,QACA,SACyB;AACzB,QAAM,QAAkE,CAAC;AAGzE,QAAM,kBAAkB,qBAAqB,OAAO;AACpD,MAAI,iBAAiB;AACnB,UAAM,KAAK,eAAe;AAAA,EAC5B;AAGA,QAAM,mBAAmB,sBAAsB,OAAO;AACtD,MAAI,kBAAkB;AACpB,UAAM,KAAK,gBAAgB;AAAA,EAC7B;AAGA,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,UAAM,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAAA,EAC5C;AAGA,QAAM,eACJ,QAAQ,eAAe,IAAI,CAAC,WAAW;AAAA,IACrC,UAAU,MAAM,YAAY;AAAA,IAC5B,YAAY,MAAM;AAAA,IAClB,aAAa,MAAM,eAAe;AAAA,EACpC,EAAE,KAAK,CAAC;AAEV,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,YAAY;AAAA,MACV,UAAU;AAAA,QACR,SAAS,CAAC,cAAc,MAAM,EAAE;AAAA,QAChC,SAAS,CAAC;AAAA,MACZ;AAAA,IACF;AAAA,IACA,eAAe;AAAA,IACf;AAAA,EACF;AACF;AAGA,SAAS,qBACP,SAC8D;AAC9D,QAAM,oBACJ,QAAQ,qBAAqB,UAC7B,QAAQ,0BAA0B,UAClC,QAAQ,+BAA+B;AAEzC,MAAI,CAAC,mBAAmB;AACtB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,GAAI,QAAQ,qBAAqB,UAAa;AAAA,QAC5C,iCAAiC,QAAQ;AAAA,MAC3C;AAAA,MACA,GAAI,QAAQ,0BAA0B,UAAa;AAAA,QACjD,+BAA+B,QAAQ;AAAA,MACzC;AAAA,MACA,GAAI,QAAQ,+BAA+B,UAAa;AAAA,QACtD,2BAA2B,QAAQ;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AACF;AAGA,SAAS,sBACP,SAC8D;AAC9D,QAAM,oBACJ,QAAQ,0BAA0B,UAClC,QAAQ,gCAAgC;AAE1C,MAAI,CAAC,mBAAmB;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,eACJ,QAAQ,uBAAuB,IAAI,CAAC,aAAa;AAAA,IAC/C;AAAA,EACF,EAAE,KAAK,CAAC;AAEV,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,wBAAwB;AAAA,MACxB,sCAAsC,QAAQ,+BAA+B;AAAA,IAC/E;AAAA,EACF;AACF;AAOA,eAAsB,mBACpB,UACA,SACA,YACqB;AACrB,MAAI,CAAC,WAAW,YAAY;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAClD;AAEA,QAAM,cAAc,oBAAoB,OAAO;AAE/C,MAAI;AACF,QAAI,WAAW,qBAAqB,MAAM;AAExC,YAAM;AAAA,QACJ;AAAA,QACA,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,MAAM,QAAQ,WAAW,GAAG;AAAA,QACzF,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,YAAM;AAAA,QACJ;AAAA,QACA;AAAA,UACE;AAAA,UACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,WAAW,gBAAgB;AAAA,UAChF;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,WAAW,OAAO,QAAQ,CAAC,EAAE;AAAA,EAChE,SAAS,OAAO;AACd,WAAO,oBAAoB,OAAO,WAAW,KAAK;AAAA,EACpD;AACF;AAGA,SAAS,oBAAoB,SAAwD;AACnF,QAAM,QAA4B,CAAC;AAGnC,MAAI,QAAQ,qBAAqB,OAAO;AACtC,UAAM,KAAK,EAAE,MAAM,WAAW,CAAC;AAAA,EACjC;AACA,MAAI,QAAQ,mBAAmB,OAAO;AACpC,UAAM,KAAK,EAAE,MAAM,SAAS,CAAC;AAAA,EAC/B;AAEA,QAAM,WAAW,QAAQ,YAAY,CAAC,IAAI;AAC1C,QAAM,kBAAkB,SAAS,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE;AAE5D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,YAAY;AAAA,MACV,UAAU;AAAA,QACR,SAAS;AAAA,QACT,SAAS,CAAC;AAAA,MACZ;AAAA,IACF;AAAA,IACA;AAAA,EACF;AACF;AAGA,SAAS,oBAAoB,OAAgB,OAAkC;AAC7E,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,CAAC;AAAA,IACV,QAAQ,MAAM,IAAI,CAAC,UAAU,EAAE,MAAM,OAAO,aAAa,EAAE;AAAA,EAC7D;AACF;;;AChQA,IAAM,gBAAgC;AAAA,EACpC;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,SAAS;AAAA,EACX;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AACF;AAGO,SAAS,YACd,UACA,SACA,SACgB;AAChB,QAAM,QAAQ,aAAa,SAAS,OAAO;AAG3C,QAAM,aAAa;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AACA,MAAI,YAAY;AACd,UAAM,KAAK,UAAU;AAAA,EACvB;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB;AAAA,IACA,YAAY,MAAM,SAAS;AAAA,IAC3B,kBAAkB,QAAQ;AAAA,EAC5B;AACF;AAGA,SAAS,aACP,SACA,SACe;AACf,QAAM,QAAuB,CAAC;AAE9B,aAAW,WAAW,eAAe;AACnC,UAAM,eAAe,QAAQ,gBAAgB,OAAO;AACpD,QAAI,iBAAiB,QAAW;AAC9B;AAAA,IACF;AAEA,UAAM,eAAe,QAAQ,gBAAgB,OAAO;AACpD,UAAM,OAAO,QAAQ,UACjB,kBAAkB,QAAQ,MAAM,cAAiC,YAAwB,IACzF,aAAa,QAAQ,MAAM,cAAc,YAAY;AAEzD,QAAI,MAAM;AACR,YAAM,KAAK,IAAI;AAAA,IACjB;AAAA,EACF;AAEA,SAAO;AACT;AAGA,SAAS,aAAa,SAAiB,SAAkB,SAAsC;AAC7F,QAAM,eAAe,WAAW;AAChC,MAAI,iBAAiB,SAAS;AAC5B,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,iBAAiB,OAAO,QAAQ;AAAA,EAC1C;AACF;AAGA,SAAS,kBACP,SACA,SACA,SACoB;AACpB,QAAM,eAAe,WAAW,CAAC;AACjC,QAAM,gBAAgB,CAAC,GAAG,YAAY,EAAE,KAAK;AAC7C,QAAM,gBAAgB,CAAC,GAAG,OAAO,EAAE,KAAK;AAExC,QAAM,WACJ,cAAc,WAAW,cAAc,UACvC,cAAc,MAAM,CAAC,GAAG,MAAM,MAAM,cAAc,CAAC,CAAC;AAEtD,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,aAAa,WAAW,IAAI,QAAQ;AAAA,EAC9C;AACF;AAGA,SAAS,oBACP,SACA,SACA,WACoB;AACpB,MAAI,YAAY,QAAW;AACzB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB,WAAW,CAAC;AAGlC,QAAM,UAAU,CAAC,MACf,GAAG,EAAE,UAAU,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,QAAQ;AAElE,QAAM,gBAAgB,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,GAAG,MAAM,QAAQ,CAAC,EAAE,cAAc,QAAQ,CAAC,CAAC,CAAC;AAC5F,QAAM,gBAAgB,CAAC,GAAG,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,QAAQ,CAAC,EAAE,cAAc,QAAQ,CAAC,CAAC,CAAC;AAGtF,QAAM,YAAY,CAAC,WACjB,OAAO,IAAI,CAAC,OAAO;AAAA,IACjB,YAAY,EAAE;AAAA,IACd,UAAU,EAAE;AAAA,IACZ,aAAa,EAAE,eAAe;AAAA,EAChC,EAAE;AAEJ,QAAM,oBAAoB,UAAU,aAAa;AACjD,QAAM,oBAAoB,UAAU,aAAa;AAEjD,QAAM,WACJ,kBAAkB,WAAW,kBAAkB,UAC/C,kBAAkB;AAAA,IAChB,CAAC,GAAG,MACF,EAAE,eAAe,kBAAkB,CAAC,EAAE,cACtC,EAAE,aAAa,kBAAkB,CAAC,EAAE,YACpC,EAAE,gBAAgB,kBAAkB,CAAC,EAAE;AAAA,EAC3C;AAEF,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,cAAc,OAAO,QAAQ;AAAA,EACvC;AACF;AAGO,SAAS,YAAY,OAAwB;AAClD,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;AAAA,EACT;AACA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,WAAW,IAAI,OAAO,IAAI,MAAM,KAAK,IAAI,CAAC;AAAA,EACzD;AACA,SAAO,OAAO,KAAK;AACrB;AAOO,SAAS,eACd,UACA,SACA,SACyB;AACzB,QAAM,QAAuB,CAAC;AAC9B,QAAM,YAAY,QAAQ;AAE1B,qBAAmB,OAAO,SAAS,OAAO;AAC1C,qBAAmB,OAAO;AAAA,IACxB,GAAG;AAAA,IACH,GAAG,QAAQ;AAAA,IACX,GAAG,QAAQ;AAAA,IACX,GAAG;AAAA,EACL,CAAC;AACD,qBAAmB,OAAO;AAAA,IACxB,GAAG;AAAA,IACH,GAAG,QAAQ;AAAA,IACX,GAAG,QAAQ;AAAA,IACX,GAAG;AAAA,EACL,CAAC;AAED,SAAO,EAAE,UAAU,OAAO,YAAY,MAAM,SAAS,GAAG,kBAAkB,UAAU;AACtF;AAGA,SAAS,mBACP,OACA,SACA,SACM;AACN,MAAI,QAAQ,aAAa,QAAW;AAClC;AAAA,EACF;AACA,QAAM,OAAO,CAAC,GAAG,QAAQ,QAAQ,EAAE,KAAK;AACxC,QAAM,MAAM,CAAC,GAAG,QAAQ,QAAQ,EAAE,KAAK;AACvC,QAAM,QAAQ,KAAK,WAAW,IAAI,UAAU,KAAK,MAAM,CAAC,GAAG,MAAM,MAAM,IAAI,CAAC,CAAC;AAC7E,MAAI,CAAC,OAAO;AACV,UAAM,KAAK;AAAA,MACT,SAAS;AAAA,MACT,SAAS,QAAQ;AAAA,MACjB,SAAS,QAAQ;AAAA,MACjB,QAAQ,KAAK,WAAW,IAAI,QAAQ;AAAA,IACtC,CAAC;AAAA,EACH;AACF;AAGA,SAAS,mBACP,OACA,GACM;AACN,MAAI,EAAE,MAAM,UAAa,EAAE,MAAM,EAAE,GAAG;AACpC,UAAM,KAAK;AAAA,MACT,SAAS,EAAE;AAAA,MACX,SAAS,EAAE;AAAA,MACX,SAAS,EAAE;AAAA,MACX,QAAQ,EAAE,MAAM,OAAO,QAAQ;AAAA,IACjC,CAAC;AAAA,EACH;AACF;;;ACzRA,SAAS,SAAAA,cAAa;AAYf,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAMA,OAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,YAAY,aAAwC;AACxE,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,QAAQ,QAAQ,UAAU,YAAY,GAAG;AAAA,MACzE,KAAK;AAAA,IACP,CAAC;AACD,UAAM,OAAO,KAAK,MAAM,OAAO,MAAM;AACrC,WAAO,EAAE,OAAO,KAAK,MAAM,OAAO,MAAM,KAAK,KAAK;AAAA,EACpD,QAAQ;AACN,UAAM,IAAI,aAAa,yDAAyD,SAAS;AAAA,EAC3F;AACF;AAGA,eAAsB,sBACpB,UACA,QACmC;AACnC,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAE7F,UAAM,WAAW,KAAK,MAAM,OAAO,MAAM;AACzC,WAAO,mBAAmB,UAAU,MAAM;AAAA,EAC5C,SAAS,OAAO;AACd,WAAO,uBAAuB,OAAO,MAAM;AAAA,EAC7C;AACF;AAGA,SAAS,uBAAuB,OAAgB,QAA0C;AACxF,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAG1E,MAAI,aAAa,SAAS,KAAK,GAAG;AAChC,WAAO,oBAAoB,MAAM;AAAA,EACnC;AAEA,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,aAAa,sCAAsC,YAAY,IAAI,WAAW;AAC1F;AAIA,SAAS,mBAAmB,UAA2B,QAA0C;AAE/F,QAAM,gBAAgB,SAAS;AAAA,IAC7B,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AAEA,MAAI,CAAC,eAAe;AAClB,WAAO,oBAAoB,MAAM;AAAA,EACnC;AAEA,QAAM,QAAQ,cAAc,SAAS,CAAC;AACtC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AACxE,QAAM,iBAAiB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB;AAGzE,QAAM,eAAe,kBAAkB,cAAc,aAAa;AAGlE,QAAM,gBAAgB,iBAAiB,QAAQ,aAAa,WAAW;AAEvE,SAAO;AAAA,IACL;AAAA,IACA,iBAAiB,QAAQ,YAAY,mCAAmC;AAAA,IACxE,qBAAqB,QAAQ,YAAY,iCAAiC;AAAA,IAC1E,yBAAyB,QAAQ,YAAY,6BAA6B;AAAA,IAC1E,sBACE,YAAY,YAAY,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK;AAAA,IAC3E,yBAAyB,YAAY,YAAY,wCAAwC;AAAA,IACzF,sBAAsB,mBAAmB;AAAA,IACzC;AAAA,IACA;AAAA,IACA,WAAW,cAAc;AAAA,IACzB,aAAa,cAAc;AAAA,EAC7B;AACF;AAGA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AAEA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBAAkB,QAAsE;AAC/F,MAAI,CAAC,UAAU,OAAO,WAAW,GAAG;AAClC,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,IAAI,CAAC,WAAW;AAAA,IAC5B,YAAY,MAAM;AAAA,IAClB,UAAU,MAAM,YAAY;AAAA,IAC5B,aAAa,MAAM;AAAA,EACrB,EAAE;AACJ;AAGA,SAAS,oBAAoB,QAA0C;AACrE,SAAO;AAAA,IACL;AAAA,IACA,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,eAAe;AAAA,IACf,cAAc;AAAA,IACd,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;AAOA,eAAsB,mBAAmB,UAAoD;AAC3F,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAE7F,UAAM,WAAW,KAAK,MAAM,OAAO,MAAM;AACzC,WAAO,gBAAgB,QAAQ;AAAA,EACjC,SAAS,OAAO;AACd,WAAO,oBAAoB,KAAK;AAAA,EAClC;AACF;AAGA,SAAS,gBAAgB,UAAkD;AAEzE,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,SAAS,gBAAgB;AAEzF,MAAI,CAAC,YAAY;AACf,WAAO,uBAAuB;AAAA,EAChC;AAEA,QAAM,WACJ,WAAW,YAAY,UAAU,SAAS,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,KAAK,CAAC;AAE3F,QAAM,QAAQ,WAAW,SAAS,CAAC;AACnC,QAAM,kBAAkB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU;AAC/D,QAAM,gBAAgB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ;AAE3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,WAAW;AAAA,IACtB,aAAa,WAAW;AAAA,EAC1B;AACF;AAGA,SAAS,yBAAgD;AACvD,SAAO;AAAA,IACL,UAAU,CAAC;AAAA,IACX,iBAAiB;AAAA,IACjB,eAAe;AAAA,IACf,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;AAGA,SAAS,oBAAoB,OAAuC;AAClE,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAG1E,MAAI,aAAa,SAAS,KAAK,GAAG;AAChC,WAAO,uBAAuB;AAAA,EAChC;AAEA,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,aAAa,mCAAmC,YAAY,IAAI,WAAW;AACvF;;;AClOA,SAAS,UAAU,MAAoB;AACrC,UAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAClC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,aAAa,MAAM,cAAc,OAAO;AAC9C,eAAW,YAAY,QAAQ,MAAM;AACrC,YAAQ,KAAK,WAAW,aAAa,IAAI,CAAC;AAAA,EAC5C,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAIA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,aAAa,MAAM,cAAc,OAAO;AAE9C,QAAI,CAAC,WAAW,YAAY;AAC1B,sBAAgB,YAAY,QAAQ,MAAM;AAC1C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAGA,QAAI,QAAQ,gBAAgB;AAC1B,YAAM,mBAAmB,MAAM,0BAA0B,OAAO;AAChE,UAAI,CAAC,kBAAkB;AACrB,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,OAAO;AAClB,oBAAc,YAAY,QAAQ,MAAM;AACxC,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,aAAa,SAAS,UAAU;AACrD,qBAAiB,YAAY,QAAQ,QAAQ,MAAM;AACnD,YAAQ,KAAK,OAAO,UAAU,IAAI,CAAC;AAAA,EACrC,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAe,aAAa,SAAsB,YAAiD;AACjG,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,cAAc,eAAe,WAAW,QAAQ,MAAM,EAAE,UAAU;AACxE,QAAM,WAAW,MAAM,YAAY,WAAW;AAC9C,QAAM,UAAU,OAAO,SAAS,MAAM,WAAW,CAAC;AAElD,SAAO,sBAAsB,UAAU,WAAW,QAAQ,SAAS,UAAU;AAC/E;AAGA,eAAe,0BAA0B,SAAwC;AAC/E,QAAM,EAAE,sBAAsB,uBAAuB,IAAI,MAAM,OAAO,yBAAgB;AACtF,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,cAAc,eAAe,WAAW,QAAQ,MAAM,EAAE,UAAU;AACxE,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,gBAAgB,OAAO,SAAS,MAAM;AAC5C,QAAM,SAAS,eAAe,iBAAiB,CAAC;AAEhD,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,MAAM,qBAAqB,UAAU,MAAM;AAE1D,MAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,EAC7D,OAAO;AACL,YAAQ,OAAO,MAAM,GAAG,uBAAuB,MAAM,CAAC;AAAA,CAAI;AAAA,EAC5D;AAEA,SAAO,OAAO;AAChB;AAGA,eAAe,cAAc,SAA+C;AAC1E,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI,aAAa,iCAAiC,OAAO;AAAA,EACjE;AAEA,QAAM,EAAE,QAAQ,WAAW,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,aAAa,OAAO,SAAS;AACnC,QAAM,UAAU,YAAY;AAC5B,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AACA,QAAM,SAAS,UAAU,QAAQ,MAAM;AACvC,QAAM,UAAU,MAAM,sBAAsB,UAAU,MAAM;AAE5D,SAAO,YAAY,UAAU,SAAS,OAAO;AAC/C;AAGA,SAAS,UAAU,kBAA8C;AAC/D,SAAO,oBAAoB;AAC7B;AAGA,SAAS,WAAW,QAAwB,QAA+B;AACzE,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,EAC3C,OAAO;AACL,mBAAe,MAAM;AAAA,EACvB;AACF;AAGA,SAAS,eAAe,QAA8B;AACpD,kBAAgB,MAAM;AAEtB,MAAI,CAAC,OAAO,YAAY;AACtB,cAAU,kDAAkD;AAC5D;AAAA,EACF;AAEA,iBAAe,MAAM;AACrB,YAAU,EAAE;AACZ;AAAA,IACE,GAAG,OAAO,MAAM,MAAM;AAAA,EACxB;AACF;AAGA,SAAS,gBAAgB,QAA8B;AACrD,YAAU,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACxE,YAAU,WAAW,OAAO,MAAM,EAAE;AACpC,YAAU,EAAE;AACd;AAGA,SAAS,eAAe,QAA8B;AACpD,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,MAAM,GAAG,CAAC;AAC7E,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC;AAE1F,YAAU,GAAG,UAAU,OAAO,YAAY,CAAC,KAAK,UAAU,OAAO,YAAY,CAAC,WAAW;AACzF,YAAU,IAAI,OAAO,eAAe,eAAe,EAAE,CAAC;AAEtD,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C;AAAA,MACE,GAAG,KAAK,QAAQ,OAAO,YAAY,CAAC,KAAK,WAAW,OAAO,YAAY,CAAC,KAAK,UAAU;AAAA,IACzF;AAAA,EACF;AACF;AAGA,SAAS,gBAAgB,QAAwB,QAA+B;AAC9E,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,oBAAoB,GAAG,MAAM,CAAC,CAAC;AAAA,EAChF,OAAO;AACL,oBAAgB,MAAM;AACtB,cAAU,kDAAkD;AAAA,EAC9D;AACF;AAGA,SAAS,cAAc,QAAwB,QAA+B;AAC5E,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAAA,EACjE,OAAO;AACL,oBAAgB,MAAM;AACtB,cAAU,oCAAoC;AAC9C,eAAW,QAAQ,OAAO,OAAO;AAC/B,gBAAU,KAAK,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,IAC7F;AACA,cAAU,EAAE;AACZ,cAAU,yCAAyC;AAAA,EACrD;AACF;AAGA,SAAS,iBACP,YACA,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB;AAAA,MACE,KAAK;AAAA,QACH,EAAE,UAAU,WAAW,UAAU,QAAQ,WAAW,QAAQ,GAAG,OAAO;AAAA,QACtE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF,OAAO;AACL,yBAAqB,YAAY,MAAM;AAAA,EACzC;AACF;AAGA,SAAS,qBAAqB,YAA4B,QAA0B;AAClF,kBAAgB,UAAU;AAC1B,YAAU,qBAAqB;AAE/B,aAAW,QAAQ,OAAO,SAAS;AACjC,cAAU,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,EAC/F;AAEA,aAAW,EAAE,MAAM,MAAM,KAAK,OAAO,QAAQ;AAC3C,cAAU,OAAO,KAAK,OAAO,KAAK,KAAK,EAAE;AAAA,EAC3C;AAEA,YAAU,EAAE;AACZ,MAAI,OAAO,SAAS;AAClB,cAAU,KAAK,OAAO,QAAQ,MAAM,wCAAwC;AAAA,EAC9E,OAAO;AACL,cAAU,KAAK,OAAO,OAAO,MAAM,6BAA6B;AAAA,EAClE;AACF;AAGA,SAAS,YAAY,OAAgB,QAA+B;AAClE,QAAM,EAAE,SAAS,KAAK,IAAI,iBAAiB,KAAK;AAEhD,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,OAAO,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC;AAAA,EACnE,OAAO;AACL,cAAU,UAAU,OAAO,EAAE;AAAA,EAC/B;AAEA,UAAQ,KAAK,CAAC;AAChB;AAGA,SAAS,iBAAiB,OAAmD;AAC3E,MAAI,iBAAiB,cAAc;AACjC,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK;AAAA,EACpD;AACA,MAAI,iBAAiB,cAAc;AACjC,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK;AAAA,EACpD;AACA,MAAI,iBAAiB,OAAO;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,QAAQ;AAAA,EACjD;AACA,SAAO,EAAE,SAAS,OAAO,KAAK,GAAG,MAAM,QAAQ;AACjD;AAOA,eAAsB,WAAW,SAAqC;AACpE,MAAI;AACF,UAAM,aAAa,MAAM,iBAAiB,OAAO;AACjD,kBAAc,YAAY,QAAQ,MAAM;AACxC,YAAQ,KAAK,WAAW,aAAa,IAAI,CAAC;AAAA,EAC5C,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAsB,WAAW,SAAqC;AACpE,MAAI;AACF,UAAM,aAAa,MAAM,iBAAiB,OAAO;AAEjD,QAAI,CAAC,WAAW,YAAY;AAC1B,yBAAmB,YAAY,QAAQ,MAAM;AAC7C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,QAAI,CAAC,QAAQ,OAAO;AAClB,uBAAiB,YAAY,QAAQ,MAAM;AAC3C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,gBAAgB,SAAS,UAAU;AACxD,wBAAoB,YAAY,QAAQ,QAAQ,MAAM;AACtD,YAAQ,KAAK,OAAO,UAAU,IAAI,CAAC;AAAA,EACrC,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAe,iBAAiB,SAAwD;AACtF,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI,aAAa,iCAAiC,OAAO;AAAA,EACjE;AAEA,QAAM,EAAE,QAAQ,WAAW,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,aAAa,OAAO,SAAS;AACnC,MAAI,CAAC,YAAY,gBAAgB,YAAY,WAAW,eAAe,SAAS,WAAW,GAAG;AAC5F,UAAM,IAAI,MAAM,wEAAwE;AAAA,EAC1F;AAEA,QAAM,UAAU,WAAW;AAC3B,QAAM,UAAU,MAAM,mBAAmB,QAAQ;AAEjD,SAAO,eAAe,UAAU,SAAS,OAAO;AAClD;AAGA,eAAe,gBACb,SACA,YACqB;AACrB,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,UAAU,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzD,SAAO,mBAAmB,WAAW,UAAU,SAAS,UAAU;AACpE;AAGA,SAAS,cAAc,QAAiC,QAA+B;AACrF,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,EAC3C,OAAO;AACL,sBAAkB,MAAM;AAAA,EAC1B;AACF;AAGA,SAAS,kBAAkB,QAAuC;AAChE,qBAAmB,MAAM;AAEzB,MAAI,CAAC,OAAO,YAAY;AACtB,cAAU,iEAAiE;AAC3E;AAAA,EACF;AAEA,oBAAkB,MAAM;AACxB,YAAU,EAAE;AACZ;AAAA,IACE,GAAG,OAAO,MAAM,MAAM;AAAA,EACxB;AACF;AAGA,SAAS,mBAAmB,QAAuC;AACjE,YAAU,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACxE,YAAU,gCAAgC;AAC1C,YAAU,EAAE;AACd;AAGA,SAAS,kBAAkB,QAAuC;AAChE,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,MAAM,GAAG,CAAC;AAC7E,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC;AAE1F,YAAU,GAAG,UAAU,OAAO,YAAY,CAAC,KAAK,UAAU,OAAO,YAAY,CAAC,WAAW;AACzF,YAAU,IAAI,OAAO,eAAe,eAAe,EAAE,CAAC;AAEtD,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C;AAAA,MACE,GAAG,KAAK,QAAQ,OAAO,YAAY,CAAC,KAAK,WAAW,OAAO,YAAY,CAAC,KAAK,UAAU;AAAA,IACzF;AAAA,EACF;AACF;AAGA,SAAS,mBAAmB,QAAiC,QAA+B;AAC1F,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,oBAAoB,GAAG,MAAM,CAAC,CAAC;AAAA,EAChF,OAAO;AACL,uBAAmB,MAAM;AACzB,cAAU,iEAAiE;AAAA,EAC7E;AACF;AAGA,SAAS,iBAAiB,QAAiC,QAA+B;AACxF,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAAA,EACjE,OAAO;AACL,uBAAmB,MAAM;AACzB,cAAU,oCAAoC;AAC9C,eAAW,QAAQ,OAAO,OAAO;AAC/B,gBAAU,KAAK,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,IAC7F;AACA,cAAU,EAAE;AACZ,cAAU,yCAAyC;AAAA,EACrD;AACF;AAGA,SAAS,oBACP,YACA,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,UAAU,WAAW,UAAU,GAAG,OAAO,GAAG,MAAM,CAAC,CAAC;AAAA,EACjF,OAAO;AACL,4BAAwB,YAAY,MAAM;AAAA,EAC5C;AACF;AAGA,SAAS,wBAAwB,YAAqC,QAA0B;AAC9F,qBAAmB,UAAU;AAC7B,YAAU,oCAAoC;AAE9C,aAAW,QAAQ,OAAO,SAAS;AACjC,cAAU,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,EAC/F;AAEA,aAAW,EAAE,MAAM,MAAM,KAAK,OAAO,QAAQ;AAC3C,cAAU,OAAO,KAAK,OAAO,KAAK,KAAK,EAAE;AAAA,EAC3C;AAEA,YAAU,EAAE;AACZ,MAAI,OAAO,SAAS;AAClB,cAAU,KAAK,OAAO,QAAQ,MAAM,wCAAwC;AAAA,EAC9E,OAAO;AACL,cAAU,KAAK,OAAO,OAAO,MAAM,6BAA6B;AAAA,EAClE;AACF;","names":["execa"]}
1
+ {"version":3,"sources":["../src/process/sync/applier.ts","../src/process/sync/differ.ts","../src/process/sync/fetcher.ts","../src/process/sync/index.ts"],"sourcesContent":["import { execa } from \"execa\";\n\nimport {\n type DesiredBranchProtection,\n type DesiredTagProtection,\n type RepoInfo,\n type SettingDiff,\n type SyncDiffResult,\n type SyncResult,\n type TagProtectionDiffResult,\n} from \"./types.js\";\n\n/** Error thrown when applier encounters an issue */\nexport class ApplierError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_PERMISSION\" | \"API_ERROR\"\n ) {\n super(message);\n this.name = \"ApplierError\";\n }\n}\n\n/** Apply branch protection ruleset to GitHub */\nexport async function applyBranchProtection(\n repoInfo: RepoInfo,\n branch: string,\n desired: DesiredBranchProtection,\n diffResult: SyncDiffResult\n): Promise<SyncResult> {\n if (!diffResult.hasChanges) {\n return { success: true, applied: [], failed: [] };\n }\n\n const requestBody = buildBranchRulesetBody(branch, desired);\n\n try {\n if (diffResult.currentRulesetId === null) {\n // Create new ruleset\n await execa(\n \"gh\",\n [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, \"-X\", \"POST\", \"--input\", \"-\"],\n { input: JSON.stringify(requestBody) }\n );\n } else {\n // Update existing ruleset\n await execa(\n \"gh\",\n [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,\n \"-X\",\n \"PUT\",\n \"--input\",\n \"-\",\n ],\n { input: JSON.stringify(requestBody) }\n );\n }\n\n return { success: true, applied: diffResult.diffs, failed: [] };\n } catch (error) {\n return handleBranchApplyError(error, diffResult.diffs);\n }\n}\n\n/** Handle errors from applying branch protection */\nfunction handleBranchApplyError(error: unknown, diffs: SettingDiff[]): SyncResult {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new ApplierError(\n \"Cannot update branch protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n return {\n success: false,\n applied: [],\n failed: diffs.map((diff) => ({ diff, error: errorMessage })),\n };\n}\n\n/** Build GitHub API request body for branch ruleset */\nfunction buildBranchRulesetBody(\n branch: string,\n desired: DesiredBranchProtection\n): Record<string, unknown> {\n const rules: { type: string; parameters?: Record<string, unknown> }[] = [];\n\n // Build pull_request rule if any review settings specified\n const pullRequestRule = buildPullRequestRule(desired);\n if (pullRequestRule) {\n rules.push(pullRequestRule);\n }\n\n // Build required_status_checks rule\n const statusChecksRule = buildStatusChecksRule(desired);\n if (statusChecksRule) {\n rules.push(statusChecksRule);\n }\n\n // Build required_signatures rule\n if (desired.require_signed_commits === true) {\n rules.push({ type: \"required_signatures\" });\n }\n\n // Build bypass actors array\n const bypassActors =\n desired.bypass_actors?.map((actor) => ({\n actor_id: actor.actor_id ?? null,\n actor_type: actor.actor_type,\n bypass_mode: actor.bypass_mode ?? \"always\",\n })) ?? [];\n\n return {\n name: \"Branch Protection\",\n target: \"branch\",\n enforcement: \"active\",\n conditions: {\n ref_name: {\n include: [`refs/heads/${branch}`],\n exclude: [],\n },\n },\n bypass_actors: bypassActors,\n rules,\n };\n}\n\n/** Build pull_request rule for PR review settings */\nfunction buildPullRequestRule(\n desired: DesiredBranchProtection\n): { type: string; parameters: Record<string, unknown> } | null {\n const hasReviewSettings =\n desired.required_reviews !== undefined ||\n desired.dismiss_stale_reviews !== undefined ||\n desired.require_code_owner_reviews !== undefined;\n\n if (!hasReviewSettings) {\n return null;\n }\n\n return {\n type: \"pull_request\",\n parameters: {\n ...(desired.required_reviews !== undefined && {\n required_approving_review_count: desired.required_reviews,\n }),\n ...(desired.dismiss_stale_reviews !== undefined && {\n dismiss_stale_reviews_on_push: desired.dismiss_stale_reviews,\n }),\n ...(desired.require_code_owner_reviews !== undefined && {\n require_code_owner_review: desired.require_code_owner_reviews,\n }),\n },\n };\n}\n\n/** Build required_status_checks rule for status check settings */\nfunction buildStatusChecksRule(\n desired: DesiredBranchProtection\n): { type: string; parameters: Record<string, unknown> } | null {\n const hasStatusSettings =\n desired.require_status_checks !== undefined ||\n desired.require_branches_up_to_date !== undefined;\n\n if (!hasStatusSettings) {\n return null;\n }\n\n const statusChecks =\n desired.require_status_checks?.map((context) => ({\n context,\n })) ?? [];\n\n return {\n type: \"required_status_checks\",\n parameters: {\n required_status_checks: statusChecks,\n strict_required_status_checks_policy: desired.require_branches_up_to_date ?? false,\n },\n };\n}\n\n// =============================================================================\n// Tag Protection (GitHub Rulesets API)\n// =============================================================================\n\n/** Apply tag protection ruleset to GitHub */\nexport async function applyTagProtection(\n repoInfo: RepoInfo,\n desired: DesiredTagProtection,\n diffResult: TagProtectionDiffResult\n): Promise<SyncResult> {\n if (!diffResult.hasChanges) {\n return { success: true, applied: [], failed: [] };\n }\n\n const requestBody = buildTagRulesetBody(desired);\n\n try {\n if (diffResult.currentRulesetId === null) {\n // Create new ruleset\n await execa(\n \"gh\",\n [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, \"-X\", \"POST\", \"--input\", \"-\"],\n { input: JSON.stringify(requestBody) }\n );\n } else {\n // Update existing ruleset\n await execa(\n \"gh\",\n [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,\n \"-X\",\n \"PUT\",\n \"--input\",\n \"-\",\n ],\n { input: JSON.stringify(requestBody) }\n );\n }\n\n return { success: true, applied: diffResult.diffs, failed: [] };\n } catch (error) {\n return handleTagApplyError(error, diffResult.diffs);\n }\n}\n\n/** Build GitHub API request body for tag ruleset */\nfunction buildTagRulesetBody(desired: DesiredTagProtection): Record<string, unknown> {\n const rules: { type: string }[] = [];\n\n // Default to true if not specified\n if (desired.prevent_deletion !== false) {\n rules.push({ type: \"deletion\" });\n }\n if (desired.prevent_update !== false) {\n rules.push({ type: \"update\" });\n }\n\n const patterns = desired.patterns ?? [\"v*\"];\n const includePatterns = patterns.map((p) => `refs/tags/${p}`);\n\n return {\n name: \"Tag Protection\",\n target: \"tag\",\n enforcement: \"active\",\n conditions: {\n ref_name: {\n include: includePatterns,\n exclude: [],\n },\n },\n rules,\n };\n}\n\n/** Handle errors from applying tag protection */\nfunction handleTagApplyError(error: unknown, diffs: SettingDiff[]): SyncResult {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new ApplierError(\n \"Cannot update tag protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n return {\n success: false,\n applied: [],\n failed: diffs.map((diff) => ({ diff, error: errorMessage })),\n };\n}\n","import {\n type BranchProtectionSettings,\n type BypassActor,\n type DesiredBranchProtection,\n type DesiredTagProtection,\n type RepoInfo,\n type SettingDiff,\n type SyncDiffResult,\n type TagProtectionDiffResult,\n type TagProtectionSettings,\n} from \"./types.js\";\n\n/** Field mapping for comparison */\ninterface FieldMapping {\n name: string;\n getCurrentValue: (c: BranchProtectionSettings) => unknown;\n getDesiredValue: (d: DesiredBranchProtection) => unknown;\n isArray?: boolean;\n}\n\n/** All field mappings for branch protection settings */\nconst fieldMappings: FieldMapping[] = [\n {\n name: \"required_reviews\",\n getCurrentValue: (c) => c.requiredReviews,\n getDesiredValue: (d) => d.required_reviews,\n },\n {\n name: \"dismiss_stale_reviews\",\n getCurrentValue: (c) => c.dismissStaleReviews,\n getDesiredValue: (d) => d.dismiss_stale_reviews,\n },\n {\n name: \"require_code_owner_reviews\",\n getCurrentValue: (c) => c.requireCodeOwnerReviews,\n getDesiredValue: (d) => d.require_code_owner_reviews,\n },\n {\n name: \"require_status_checks\",\n getCurrentValue: (c) => c.requiredStatusChecks,\n getDesiredValue: (d) => d.require_status_checks,\n isArray: true,\n },\n {\n name: \"require_branches_up_to_date\",\n getCurrentValue: (c) => c.requireBranchesUpToDate,\n getDesiredValue: (d) => d.require_branches_up_to_date,\n },\n {\n name: \"require_signed_commits\",\n getCurrentValue: (c) => c.requireSignedCommits,\n getDesiredValue: (d) => d.require_signed_commits,\n },\n {\n name: \"enforce_admins\",\n getCurrentValue: (c) => c.enforceAdmins,\n getDesiredValue: (d) => d.enforce_admins,\n },\n];\n\n/** Compare current settings with desired and generate diffs */\nexport function computeDiff(\n repoInfo: RepoInfo,\n current: BranchProtectionSettings,\n desired: DesiredBranchProtection\n): SyncDiffResult {\n const diffs = collectDiffs(current, desired);\n\n // Add bypass_actors diff\n const bypassDiff = compareBypassActors(\n current.bypassActors,\n desired.bypass_actors,\n current.rulesetId\n );\n if (bypassDiff) {\n diffs.push(bypassDiff);\n }\n\n return {\n repoInfo,\n branch: current.branch,\n diffs,\n hasChanges: diffs.length > 0,\n currentRulesetId: current.rulesetId,\n };\n}\n\n/** Collect all diffs between current and desired settings */\nfunction collectDiffs(\n current: BranchProtectionSettings,\n desired: DesiredBranchProtection\n): SettingDiff[] {\n const diffs: SettingDiff[] = [];\n\n for (const mapping of fieldMappings) {\n const desiredValue = mapping.getDesiredValue(desired);\n if (desiredValue === undefined) {\n continue;\n }\n\n const currentValue = mapping.getCurrentValue(current);\n const diff = mapping.isArray\n ? compareArrayValue(mapping.name, currentValue as string[] | null, desiredValue as string[])\n : compareValue(mapping.name, currentValue, desiredValue);\n\n if (diff) {\n diffs.push(diff);\n }\n }\n\n return diffs;\n}\n\n/** Compare a single value and return diff if different */\nfunction compareValue(setting: string, current: unknown, desired: unknown): SettingDiff | null {\n const currentValue = current ?? null;\n if (currentValue === desired) {\n return null;\n }\n\n return {\n setting,\n current: currentValue,\n desired,\n action: currentValue === null ? \"add\" : \"change\",\n };\n}\n\n/** Compare arrays and return diff if different */\nfunction compareArrayValue(\n setting: string,\n current: string[] | null,\n desired: string[]\n): SettingDiff | null {\n const currentArray = current ?? [];\n const sortedCurrent = [...currentArray].sort();\n const sortedDesired = [...desired].sort();\n\n const areEqual =\n sortedCurrent.length === sortedDesired.length &&\n sortedCurrent.every((v, i) => v === sortedDesired[i]);\n\n if (areEqual) {\n return null;\n }\n\n return {\n setting,\n current: currentArray,\n desired,\n action: currentArray.length === 0 ? \"add\" : \"change\",\n };\n}\n\n/** Compare bypass actors arrays */\nfunction compareBypassActors(\n current: BypassActor[] | null,\n desired: BypassActor[] | undefined,\n rulesetId: number | null\n): SettingDiff | null {\n if (desired === undefined) {\n return null;\n }\n\n const currentActors = current ?? [];\n\n // Normalize and sort for comparison\n const sortKey = (a: BypassActor): string =>\n `${a.actor_type}:${a.actor_id ?? \"\"}:${a.bypass_mode ?? \"always\"}`;\n\n const sortedCurrent = [...currentActors].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));\n const sortedDesired = [...desired].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));\n\n // Normalize bypass_mode defaults for comparison\n const normalize = (actors: BypassActor[]): BypassActor[] =>\n actors.map((a) => ({\n actor_type: a.actor_type,\n actor_id: a.actor_id,\n bypass_mode: a.bypass_mode ?? \"always\",\n }));\n\n const normalizedCurrent = normalize(sortedCurrent);\n const normalizedDesired = normalize(sortedDesired);\n\n const areEqual =\n normalizedCurrent.length === normalizedDesired.length &&\n normalizedCurrent.every(\n (c, i) =>\n c.actor_type === normalizedDesired[i].actor_type &&\n c.actor_id === normalizedDesired[i].actor_id &&\n c.bypass_mode === normalizedDesired[i].bypass_mode\n );\n\n if (areEqual) {\n return null;\n }\n\n return {\n setting: \"bypass_actors\",\n current: currentActors,\n desired,\n action: rulesetId === null ? \"add\" : \"change\",\n };\n}\n\n/** Format a value for display */\nexport function formatValue(value: unknown): string {\n if (value === null || value === undefined) {\n return \"not set\";\n }\n if (Array.isArray(value)) {\n return value.length === 0 ? \"[]\" : `[${value.join(\", \")}]`;\n }\n return String(value);\n}\n\n// =============================================================================\n// Tag Protection Diff\n// =============================================================================\n\n/** Compare current tag protection with desired and generate diffs */\nexport function computeTagDiff(\n repoInfo: RepoInfo,\n current: TagProtectionSettings,\n desired: DesiredTagProtection\n): TagProtectionDiffResult {\n const diffs: SettingDiff[] = [];\n const rulesetId = current.rulesetId;\n\n collectPatternDiff(diffs, current, desired);\n collectBooleanDiff(diffs, {\n s: \"prevent_deletion\",\n c: current.preventDeletion,\n d: desired.prevent_deletion,\n r: rulesetId,\n });\n collectBooleanDiff(diffs, {\n s: \"prevent_update\",\n c: current.preventUpdate,\n d: desired.prevent_update,\n r: rulesetId,\n });\n\n return { repoInfo, diffs, hasChanges: diffs.length > 0, currentRulesetId: rulesetId };\n}\n\n/** Collect pattern diff if patterns don't match */\nfunction collectPatternDiff(\n diffs: SettingDiff[],\n current: TagProtectionSettings,\n desired: DesiredTagProtection\n): void {\n if (desired.patterns === undefined) {\n return;\n }\n const curr = [...current.patterns].sort();\n const des = [...desired.patterns].sort();\n const match = curr.length === des.length && curr.every((v, i) => v === des[i]);\n if (!match) {\n diffs.push({\n setting: \"patterns\",\n current: current.patterns,\n desired: desired.patterns,\n action: curr.length === 0 ? \"add\" : \"change\",\n });\n }\n}\n\n/** Collect boolean setting diff (s=setting, c=current, d=desired, r=rulesetId) */\nfunction collectBooleanDiff(\n diffs: SettingDiff[],\n o: { s: string; c: boolean; d: boolean | undefined; r: number | null }\n): void {\n if (o.d !== undefined && o.c !== o.d) {\n diffs.push({\n setting: o.s,\n current: o.c,\n desired: o.d,\n action: o.r === null ? \"add\" : \"change\",\n });\n }\n}\n","import { execa } from \"execa\";\n\nimport {\n type BranchProtectionSettings,\n type BypassActor,\n type GitHubRuleset,\n type GitHubRulesetBypassActor,\n type RepoInfo,\n type TagProtectionSettings,\n} from \"./types.js\";\n\n/** Error thrown when fetcher encounters an issue */\nexport class FetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\"\n ) {\n super(message);\n this.name = \"FetcherError\";\n }\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Get repository info from git remote */\nexport async function getRepoInfo(projectRoot: string): Promise<RepoInfo> {\n try {\n const result = await execa(\"gh\", [\"repo\", \"view\", \"--json\", \"owner,name\"], {\n cwd: projectRoot,\n });\n const data = JSON.parse(result.stdout) as { owner: { login: string }; name: string };\n return { owner: data.owner.login, repo: data.name };\n } catch {\n throw new FetcherError(\"Could not determine GitHub repository from git remote\", \"NO_REPO\");\n }\n}\n\n/** Fetch current branch protection settings from GitHub Rulesets */\nexport async function fetchBranchProtection(\n repoInfo: RepoInfo,\n branch: string\n): Promise<BranchProtectionSettings> {\n try {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n\n const rulesets = JSON.parse(result.stdout) as GitHubRuleset[];\n return parseBranchRuleset(rulesets, branch);\n } catch (error) {\n return handleBranchFetchError(error, branch);\n }\n}\n\n/** Handle errors from fetching branch protection */\nfunction handleBranchFetchError(error: unknown, branch: string): BranchProtectionSettings {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n // 404 means no rulesets exist - return empty settings\n if (errorMessage.includes(\"404\")) {\n return createEmptySettings(branch);\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new FetcherError(\n \"Cannot read branch protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n throw new FetcherError(`Failed to fetch branch protection: ${errorMessage}`, \"API_ERROR\");\n}\n\n/** Find and parse the branch protection ruleset */\n// eslint-disable-next-line complexity\nfunction parseBranchRuleset(rulesets: GitHubRuleset[], branch: string): BranchProtectionSettings {\n // Find ruleset targeting branches that includes the specified branch\n const branchRuleset = rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n\n if (!branchRuleset) {\n return createEmptySettings(branch);\n }\n\n const rules = branchRuleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n const signaturesRule = rules.find((r) => r.type === \"required_signatures\");\n\n // Parse bypass actors\n const bypassActors = parseBypassActors(branchRuleset.bypass_actors);\n\n // enforceAdmins is true when there are no bypass actors\n const enforceAdmins = bypassActors === null || bypassActors.length === 0;\n\n return {\n branch,\n requiredReviews: prRule?.parameters?.required_approving_review_count ?? null,\n dismissStaleReviews: prRule?.parameters?.dismiss_stale_reviews_on_push ?? null,\n requireCodeOwnerReviews: prRule?.parameters?.require_code_owner_review ?? null,\n requiredStatusChecks:\n statusRule?.parameters?.required_status_checks?.map((c) => c.context) ?? null,\n requireBranchesUpToDate: statusRule?.parameters?.strict_required_status_checks_policy ?? null,\n requireSignedCommits: signaturesRule !== undefined,\n enforceAdmins,\n bypassActors,\n rulesetId: branchRuleset.id,\n rulesetName: branchRuleset.name,\n };\n}\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n // Simple wildcard matching for patterns like \"release/*\"\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Parse bypass actors from GitHub API response */\nfunction parseBypassActors(actors: GitHubRulesetBypassActor[] | undefined): BypassActor[] | null {\n if (!actors || actors.length === 0) {\n return null;\n }\n\n return actors.map((actor) => ({\n actor_type: actor.actor_type,\n actor_id: actor.actor_id ?? undefined,\n bypass_mode: actor.bypass_mode,\n }));\n}\n\n/** Create empty settings for unprotected branch */\nfunction createEmptySettings(branch: string): BranchProtectionSettings {\n return {\n branch,\n requiredReviews: null,\n dismissStaleReviews: null,\n requireCodeOwnerReviews: null,\n requiredStatusChecks: null,\n requireBranchesUpToDate: null,\n requireSignedCommits: null,\n enforceAdmins: null,\n bypassActors: null,\n rulesetId: null,\n rulesetName: null,\n };\n}\n\n// =============================================================================\n// Tag Protection (GitHub Rulesets API)\n// =============================================================================\n\n/** Fetch current tag protection rulesets from GitHub */\nexport async function fetchTagProtection(repoInfo: RepoInfo): Promise<TagProtectionSettings> {\n try {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n\n const rulesets = JSON.parse(result.stdout) as GitHubRuleset[];\n return parseTagRuleset(rulesets);\n } catch (error) {\n return handleTagFetchError(error);\n }\n}\n\n/** Find and parse the tag protection ruleset */\nfunction parseTagRuleset(rulesets: GitHubRuleset[]): TagProtectionSettings {\n // Find existing tag protection ruleset (by target type and name)\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.name === \"Tag Protection\");\n\n if (!tagRuleset) {\n return createEmptyTagSettings();\n }\n\n const patterns =\n tagRuleset.conditions?.ref_name?.include?.map((p) => p.replace(/^refs\\/tags\\//, \"\")) ?? [];\n\n const rules = tagRuleset.rules ?? [];\n const preventDeletion = rules.some((r) => r.type === \"deletion\");\n const preventUpdate = rules.some((r) => r.type === \"update\");\n\n return {\n patterns,\n preventDeletion,\n preventUpdate,\n rulesetId: tagRuleset.id,\n rulesetName: tagRuleset.name,\n };\n}\n\n/** Create empty settings when no tag ruleset exists */\nfunction createEmptyTagSettings(): TagProtectionSettings {\n return {\n patterns: [],\n preventDeletion: false,\n preventUpdate: false,\n rulesetId: null,\n rulesetName: null,\n };\n}\n\n/** Handle errors from fetching tag protection */\nfunction handleTagFetchError(error: unknown): TagProtectionSettings {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n // 404 means no rulesets exist - return empty settings\n if (errorMessage.includes(\"404\")) {\n return createEmptyTagSettings();\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new FetcherError(\n \"Cannot read tag protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n throw new FetcherError(`Failed to fetch tag protection: ${errorMessage}`, \"API_ERROR\");\n}\n","import { getProjectRoot, loadConfig } from \"../../core/index.js\";\nimport { ApplierError, applyBranchProtection, applyTagProtection } from \"./applier.js\";\nimport { computeDiff, computeTagDiff, formatValue } from \"./differ.js\";\nimport {\n fetchBranchProtection,\n FetcherError,\n fetchTagProtection,\n getRepoInfo,\n isGhAvailable,\n} from \"./fetcher.js\";\nimport {\n type SyncDiffResult,\n type SyncOptions,\n type SyncResult,\n type TagProtectionDiffResult,\n} from \"./types.js\";\n\n/** Helper to write to stdout */\nfunction writeLine(text: string): void {\n process.stdout.write(`${text}\\n`);\n}\n\n/** Run diff command - show what would change */\nexport async function runDiff(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getDiffResult(options);\n outputDiff(diffResult, options.format);\n process.exit(diffResult.hasChanges ? 1 : 0);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Run sync command - apply changes (or preview if --apply not set) */\n// eslint-disable-next-line max-statements\nexport async function runSync(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getDiffResult(options);\n\n if (!diffResult.hasChanges) {\n outputNoChanges(diffResult, options.format);\n process.exit(0);\n }\n\n // Validate actors if requested\n if (options.validateActors) {\n const validationPassed = await validateActorsBeforeApply(options);\n if (!validationPassed) {\n process.exit(1);\n }\n }\n\n if (!options.apply) {\n outputPreview(diffResult, options.format);\n process.exit(0);\n }\n\n const result = await applyChanges(options, diffResult);\n outputSyncResult(diffResult, result, options.format);\n process.exit(result.success ? 0 : 1);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Apply changes to GitHub */\nasync function applyChanges(options: SyncOptions, diffResult: SyncDiffResult): Promise<SyncResult> {\n const { config } = loadConfig(options.config);\n const projectRoot = getProjectRoot(loadConfig(options.config).configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n const desired = config.process?.repo?.ruleset ?? {};\n\n return applyBranchProtection(repoInfo, diffResult.branch, desired, diffResult);\n}\n\n/** Validate bypass actors before applying changes */\nasync function validateActorsBeforeApply(options: SyncOptions): Promise<boolean> {\n const { validateBypassActors, formatValidationResult } = await import(\"./validator.js\");\n const { config } = loadConfig(options.config);\n const projectRoot = getProjectRoot(loadConfig(options.config).configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const rulesetConfig = config.process?.repo?.ruleset;\n const actors = rulesetConfig?.bypass_actors ?? [];\n\n if (actors.length === 0) {\n return true;\n }\n\n const result = await validateBypassActors(repoInfo, actors);\n\n if (options.format === \"json\") {\n process.stdout.write(`${JSON.stringify(result, null, 2)}\\n`);\n } else {\n process.stdout.write(`${formatValidationResult(result)}\\n`);\n }\n\n return result.valid;\n}\n\n/** Get the diff result (shared by diff and sync) */\nasync function getDiffResult(options: SyncOptions): Promise<SyncDiffResult> {\n if (!(await isGhAvailable())) {\n throw new FetcherError(\"GitHub CLI (gh) not available\", \"NO_GH\");\n }\n\n const { config, configPath } = loadConfig(options.config);\n const projectRoot = getProjectRoot(configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const repoConfig = config.process?.repo;\n const desired = repoConfig?.ruleset;\n if (!desired) {\n throw new Error(\"No [process.repo.ruleset] configured in standards.toml\");\n }\n const branch = getBranch(desired.branch);\n const current = await fetchBranchProtection(repoInfo, branch);\n\n return computeDiff(repoInfo, current, desired);\n}\n\n/** Get branch name with default */\nfunction getBranch(configuredBranch: string | undefined): string {\n return configuredBranch ?? \"main\";\n}\n\n/** Output diff result */\nfunction outputDiff(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify(result, null, 2));\n } else {\n outputDiffText(result);\n }\n}\n\n/** Output diff in text format */\nfunction outputDiffText(result: SyncDiffResult): void {\n writeRepoHeader(result);\n\n if (!result.hasChanges) {\n writeLine(\"No changes needed. Settings match configuration.\");\n return;\n }\n\n writeDiffTable(result);\n writeLine(\"\");\n writeLine(\n `${result.diffs.length} setting(s) differ. Run 'conform process sync --apply' to apply changes.`\n );\n}\n\n/** Write repository header */\nfunction writeRepoHeader(result: SyncDiffResult): void {\n writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n writeLine(`Branch: ${result.branch}`);\n writeLine(\"\");\n}\n\n/** Write diff table */\nfunction writeDiffTable(result: SyncDiffResult): void {\n const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);\n const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);\n\n writeLine(`${\"Setting\".padEnd(settingWidth)} ${\"Current\".padEnd(currentWidth)} Desired`);\n writeLine(\"-\".repeat(settingWidth + currentWidth + 20));\n\n for (const diff of result.diffs) {\n const currentStr = formatValue(diff.current);\n const desiredStr = formatValue(diff.desired);\n writeLine(\n `${diff.setting.padEnd(settingWidth)} ${currentStr.padEnd(currentWidth)} ${desiredStr}`\n );\n }\n}\n\n/** Output when no changes are needed */\nfunction outputNoChanges(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, message: \"No changes needed\" }, null, 2));\n } else {\n writeRepoHeader(result);\n writeLine(\"No changes needed. Settings match configuration.\");\n }\n}\n\n/** Output preview (sync without --apply) */\nfunction outputPreview(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, preview: true }, null, 2));\n } else {\n writeRepoHeader(result);\n writeLine(\"Would apply the following changes:\");\n for (const diff of result.diffs) {\n writeLine(` ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n writeLine(\"\");\n writeLine(\"Run with --apply to make these changes.\");\n }\n}\n\n/** Output sync result */\nfunction outputSyncResult(\n diffResult: SyncDiffResult,\n result: SyncResult,\n format: \"text\" | \"json\"\n): void {\n if (format === \"json\") {\n writeLine(\n JSON.stringify(\n { repoInfo: diffResult.repoInfo, branch: diffResult.branch, ...result },\n null,\n 2\n )\n );\n } else {\n outputSyncResultText(diffResult, result);\n }\n}\n\n/** Output sync result in text format */\nfunction outputSyncResultText(diffResult: SyncDiffResult, result: SyncResult): void {\n writeRepoHeader(diffResult);\n writeLine(\"Applying changes...\");\n\n for (const diff of result.applied) {\n writeLine(` + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n\n for (const { diff, error } of result.failed) {\n writeLine(` x ${diff.setting}: ${error}`);\n }\n\n writeLine(\"\");\n if (result.success) {\n writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);\n } else {\n writeLine(`x ${result.failed.length} setting(s) failed to sync.`);\n }\n}\n\n/** Handle errors */\nfunction handleError(error: unknown, format: \"text\" | \"json\"): void {\n const { message, code } = extractErrorInfo(error);\n\n if (format === \"json\") {\n writeLine(JSON.stringify({ error: true, code, message }, null, 2));\n } else {\n writeLine(`Error: ${message}`);\n }\n\n process.exit(2);\n}\n\n/** Extract error message and code */\nfunction extractErrorInfo(error: unknown): { message: string; code: string } {\n if (error instanceof FetcherError) {\n return { message: error.message, code: error.code };\n }\n if (error instanceof ApplierError) {\n return { message: error.message, code: error.code };\n }\n if (error instanceof Error) {\n return { message: error.message, code: \"ERROR\" };\n }\n return { message: String(error), code: \"ERROR\" };\n}\n\n// =============================================================================\n// Tag Protection Sync\n// =============================================================================\n\n/** Run tag protection diff command - show what would change */\nexport async function runTagDiff(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getTagDiffResult(options);\n outputTagDiff(diffResult, options.format);\n process.exit(diffResult.hasChanges ? 1 : 0);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Run tag protection sync command - apply changes (or preview if --apply not set) */\nexport async function runTagSync(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getTagDiffResult(options);\n\n if (!diffResult.hasChanges) {\n outputTagNoChanges(diffResult, options.format);\n process.exit(0);\n }\n\n if (!options.apply) {\n outputTagPreview(diffResult, options.format);\n process.exit(0);\n }\n\n const result = await applyTagChanges(options, diffResult);\n outputTagSyncResult(diffResult, result, options.format);\n process.exit(result.success ? 0 : 1);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Get the tag diff result */\nasync function getTagDiffResult(options: SyncOptions): Promise<TagProtectionDiffResult> {\n if (!(await isGhAvailable())) {\n throw new FetcherError(\"GitHub CLI (gh) not available\", \"NO_GH\");\n }\n\n const { config, configPath } = loadConfig(options.config);\n const projectRoot = getProjectRoot(configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const repoConfig = config.process?.repo;\n if (!repoConfig?.tag_protection?.patterns || repoConfig.tag_protection.patterns.length === 0) {\n throw new Error(\"No [process.repo.tag_protection] patterns configured in standards.toml\");\n }\n\n const desired = repoConfig.tag_protection;\n const current = await fetchTagProtection(repoInfo);\n\n return computeTagDiff(repoInfo, current, desired);\n}\n\n/** Apply tag protection changes to GitHub */\nasync function applyTagChanges(\n options: SyncOptions,\n diffResult: TagProtectionDiffResult\n): Promise<SyncResult> {\n const { config } = loadConfig(options.config);\n const desired = config.process?.repo?.tag_protection ?? {};\n\n return applyTagProtection(diffResult.repoInfo, desired, diffResult);\n}\n\n/** Output tag diff result */\nfunction outputTagDiff(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify(result, null, 2));\n } else {\n outputTagDiffText(result);\n }\n}\n\n/** Output tag diff in text format */\nfunction outputTagDiffText(result: TagProtectionDiffResult): void {\n writeTagRepoHeader(result);\n\n if (!result.hasChanges) {\n writeLine(\"No changes needed. Tag protection settings match configuration.\");\n return;\n }\n\n writeTagDiffTable(result);\n writeLine(\"\");\n writeLine(\n `${result.diffs.length} setting(s) differ. Run 'conform process sync-tags --apply' to apply changes.`\n );\n}\n\n/** Write tag repository header */\nfunction writeTagRepoHeader(result: TagProtectionDiffResult): void {\n writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n writeLine(`Target: Tag Protection Ruleset`);\n writeLine(\"\");\n}\n\n/** Write tag diff table */\nfunction writeTagDiffTable(result: TagProtectionDiffResult): void {\n const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);\n const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);\n\n writeLine(`${\"Setting\".padEnd(settingWidth)} ${\"Current\".padEnd(currentWidth)} Desired`);\n writeLine(\"-\".repeat(settingWidth + currentWidth + 20));\n\n for (const diff of result.diffs) {\n const currentStr = formatValue(diff.current);\n const desiredStr = formatValue(diff.desired);\n writeLine(\n `${diff.setting.padEnd(settingWidth)} ${currentStr.padEnd(currentWidth)} ${desiredStr}`\n );\n }\n}\n\n/** Output when no tag changes are needed */\nfunction outputTagNoChanges(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, message: \"No changes needed\" }, null, 2));\n } else {\n writeTagRepoHeader(result);\n writeLine(\"No changes needed. Tag protection settings match configuration.\");\n }\n}\n\n/** Output tag preview (sync without --apply) */\nfunction outputTagPreview(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, preview: true }, null, 2));\n } else {\n writeTagRepoHeader(result);\n writeLine(\"Would apply the following changes:\");\n for (const diff of result.diffs) {\n writeLine(` ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n writeLine(\"\");\n writeLine(\"Run with --apply to make these changes.\");\n }\n}\n\n/** Output tag sync result */\nfunction outputTagSyncResult(\n diffResult: TagProtectionDiffResult,\n result: SyncResult,\n format: \"text\" | \"json\"\n): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ repoInfo: diffResult.repoInfo, ...result }, null, 2));\n } else {\n outputTagSyncResultText(diffResult, result);\n }\n}\n\n/** Output tag sync result in text format */\nfunction outputTagSyncResultText(diffResult: TagProtectionDiffResult, result: SyncResult): void {\n writeTagRepoHeader(diffResult);\n writeLine(\"Applying tag protection changes...\");\n\n for (const diff of result.applied) {\n writeLine(` + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n\n for (const { diff, error } of result.failed) {\n writeLine(` x ${diff.setting}: ${error}`);\n }\n\n writeLine(\"\");\n if (result.success) {\n writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);\n } else {\n writeLine(`x ${result.failed.length} setting(s) failed to sync.`);\n }\n}\n"],"mappings":";;;;;;;AAAA,SAAS,aAAa;AAaf,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGA,eAAsB,sBACpB,UACA,QACA,SACA,YACqB;AACrB,MAAI,CAAC,WAAW,YAAY;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAClD;AAEA,QAAM,cAAc,uBAAuB,QAAQ,OAAO;AAE1D,MAAI;AACF,QAAI,WAAW,qBAAqB,MAAM;AAExC,YAAM;AAAA,QACJ;AAAA,QACA,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,MAAM,QAAQ,WAAW,GAAG;AAAA,QACzF,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,YAAM;AAAA,QACJ;AAAA,QACA;AAAA,UACE;AAAA,UACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,WAAW,gBAAgB;AAAA,UAChF;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,WAAW,OAAO,QAAQ,CAAC,EAAE;AAAA,EAChE,SAAS,OAAO;AACd,WAAO,uBAAuB,OAAO,WAAW,KAAK;AAAA,EACvD;AACF;AAGA,SAAS,uBAAuB,OAAgB,OAAkC;AAChF,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,CAAC;AAAA,IACV,QAAQ,MAAM,IAAI,CAAC,UAAU,EAAE,MAAM,OAAO,aAAa,EAAE;AAAA,EAC7D;AACF;AAGA,SAAS,uBACP,QACA,SACyB;AACzB,QAAM,QAAkE,CAAC;AAGzE,QAAM,kBAAkB,qBAAqB,OAAO;AACpD,MAAI,iBAAiB;AACnB,UAAM,KAAK,eAAe;AAAA,EAC5B;AAGA,QAAM,mBAAmB,sBAAsB,OAAO;AACtD,MAAI,kBAAkB;AACpB,UAAM,KAAK,gBAAgB;AAAA,EAC7B;AAGA,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,UAAM,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAAA,EAC5C;AAGA,QAAM,eACJ,QAAQ,eAAe,IAAI,CAAC,WAAW;AAAA,IACrC,UAAU,MAAM,YAAY;AAAA,IAC5B,YAAY,MAAM;AAAA,IAClB,aAAa,MAAM,eAAe;AAAA,EACpC,EAAE,KAAK,CAAC;AAEV,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,YAAY;AAAA,MACV,UAAU;AAAA,QACR,SAAS,CAAC,cAAc,MAAM,EAAE;AAAA,QAChC,SAAS,CAAC;AAAA,MACZ;AAAA,IACF;AAAA,IACA,eAAe;AAAA,IACf;AAAA,EACF;AACF;AAGA,SAAS,qBACP,SAC8D;AAC9D,QAAM,oBACJ,QAAQ,qBAAqB,UAC7B,QAAQ,0BAA0B,UAClC,QAAQ,+BAA+B;AAEzC,MAAI,CAAC,mBAAmB;AACtB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,GAAI,QAAQ,qBAAqB,UAAa;AAAA,QAC5C,iCAAiC,QAAQ;AAAA,MAC3C;AAAA,MACA,GAAI,QAAQ,0BAA0B,UAAa;AAAA,QACjD,+BAA+B,QAAQ;AAAA,MACzC;AAAA,MACA,GAAI,QAAQ,+BAA+B,UAAa;AAAA,QACtD,2BAA2B,QAAQ;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AACF;AAGA,SAAS,sBACP,SAC8D;AAC9D,QAAM,oBACJ,QAAQ,0BAA0B,UAClC,QAAQ,gCAAgC;AAE1C,MAAI,CAAC,mBAAmB;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,eACJ,QAAQ,uBAAuB,IAAI,CAAC,aAAa;AAAA,IAC/C;AAAA,EACF,EAAE,KAAK,CAAC;AAEV,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,wBAAwB;AAAA,MACxB,sCAAsC,QAAQ,+BAA+B;AAAA,IAC/E;AAAA,EACF;AACF;AAOA,eAAsB,mBACpB,UACA,SACA,YACqB;AACrB,MAAI,CAAC,WAAW,YAAY;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAClD;AAEA,QAAM,cAAc,oBAAoB,OAAO;AAE/C,MAAI;AACF,QAAI,WAAW,qBAAqB,MAAM;AAExC,YAAM;AAAA,QACJ;AAAA,QACA,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,MAAM,QAAQ,WAAW,GAAG;AAAA,QACzF,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,YAAM;AAAA,QACJ;AAAA,QACA;AAAA,UACE;AAAA,UACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,WAAW,gBAAgB;AAAA,UAChF;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,WAAW,OAAO,QAAQ,CAAC,EAAE;AAAA,EAChE,SAAS,OAAO;AACd,WAAO,oBAAoB,OAAO,WAAW,KAAK;AAAA,EACpD;AACF;AAGA,SAAS,oBAAoB,SAAwD;AACnF,QAAM,QAA4B,CAAC;AAGnC,MAAI,QAAQ,qBAAqB,OAAO;AACtC,UAAM,KAAK,EAAE,MAAM,WAAW,CAAC;AAAA,EACjC;AACA,MAAI,QAAQ,mBAAmB,OAAO;AACpC,UAAM,KAAK,EAAE,MAAM,SAAS,CAAC;AAAA,EAC/B;AAEA,QAAM,WAAW,QAAQ,YAAY,CAAC,IAAI;AAC1C,QAAM,kBAAkB,SAAS,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE;AAE5D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,YAAY;AAAA,MACV,UAAU;AAAA,QACR,SAAS;AAAA,QACT,SAAS,CAAC;AAAA,MACZ;AAAA,IACF;AAAA,IACA;AAAA,EACF;AACF;AAGA,SAAS,oBAAoB,OAAgB,OAAkC;AAC7E,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,CAAC;AAAA,IACV,QAAQ,MAAM,IAAI,CAAC,UAAU,EAAE,MAAM,OAAO,aAAa,EAAE;AAAA,EAC7D;AACF;;;AChQA,IAAM,gBAAgC;AAAA,EACpC;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,SAAS;AAAA,EACX;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AACF;AAGO,SAAS,YACd,UACA,SACA,SACgB;AAChB,QAAM,QAAQ,aAAa,SAAS,OAAO;AAG3C,QAAM,aAAa;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AACA,MAAI,YAAY;AACd,UAAM,KAAK,UAAU;AAAA,EACvB;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB;AAAA,IACA,YAAY,MAAM,SAAS;AAAA,IAC3B,kBAAkB,QAAQ;AAAA,EAC5B;AACF;AAGA,SAAS,aACP,SACA,SACe;AACf,QAAM,QAAuB,CAAC;AAE9B,aAAW,WAAW,eAAe;AACnC,UAAM,eAAe,QAAQ,gBAAgB,OAAO;AACpD,QAAI,iBAAiB,QAAW;AAC9B;AAAA,IACF;AAEA,UAAM,eAAe,QAAQ,gBAAgB,OAAO;AACpD,UAAM,OAAO,QAAQ,UACjB,kBAAkB,QAAQ,MAAM,cAAiC,YAAwB,IACzF,aAAa,QAAQ,MAAM,cAAc,YAAY;AAEzD,QAAI,MAAM;AACR,YAAM,KAAK,IAAI;AAAA,IACjB;AAAA,EACF;AAEA,SAAO;AACT;AAGA,SAAS,aAAa,SAAiB,SAAkB,SAAsC;AAC7F,QAAM,eAAe,WAAW;AAChC,MAAI,iBAAiB,SAAS;AAC5B,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,iBAAiB,OAAO,QAAQ;AAAA,EAC1C;AACF;AAGA,SAAS,kBACP,SACA,SACA,SACoB;AACpB,QAAM,eAAe,WAAW,CAAC;AACjC,QAAM,gBAAgB,CAAC,GAAG,YAAY,EAAE,KAAK;AAC7C,QAAM,gBAAgB,CAAC,GAAG,OAAO,EAAE,KAAK;AAExC,QAAM,WACJ,cAAc,WAAW,cAAc,UACvC,cAAc,MAAM,CAAC,GAAG,MAAM,MAAM,cAAc,CAAC,CAAC;AAEtD,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,aAAa,WAAW,IAAI,QAAQ;AAAA,EAC9C;AACF;AAGA,SAAS,oBACP,SACA,SACA,WACoB;AACpB,MAAI,YAAY,QAAW;AACzB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB,WAAW,CAAC;AAGlC,QAAM,UAAU,CAAC,MACf,GAAG,EAAE,UAAU,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,QAAQ;AAElE,QAAM,gBAAgB,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,GAAG,MAAM,QAAQ,CAAC,EAAE,cAAc,QAAQ,CAAC,CAAC,CAAC;AAC5F,QAAM,gBAAgB,CAAC,GAAG,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,QAAQ,CAAC,EAAE,cAAc,QAAQ,CAAC,CAAC,CAAC;AAGtF,QAAM,YAAY,CAAC,WACjB,OAAO,IAAI,CAAC,OAAO;AAAA,IACjB,YAAY,EAAE;AAAA,IACd,UAAU,EAAE;AAAA,IACZ,aAAa,EAAE,eAAe;AAAA,EAChC,EAAE;AAEJ,QAAM,oBAAoB,UAAU,aAAa;AACjD,QAAM,oBAAoB,UAAU,aAAa;AAEjD,QAAM,WACJ,kBAAkB,WAAW,kBAAkB,UAC/C,kBAAkB;AAAA,IAChB,CAAC,GAAG,MACF,EAAE,eAAe,kBAAkB,CAAC,EAAE,cACtC,EAAE,aAAa,kBAAkB,CAAC,EAAE,YACpC,EAAE,gBAAgB,kBAAkB,CAAC,EAAE;AAAA,EAC3C;AAEF,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,cAAc,OAAO,QAAQ;AAAA,EACvC;AACF;AAGO,SAAS,YAAY,OAAwB;AAClD,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;AAAA,EACT;AACA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,WAAW,IAAI,OAAO,IAAI,MAAM,KAAK,IAAI,CAAC;AAAA,EACzD;AACA,SAAO,OAAO,KAAK;AACrB;AAOO,SAAS,eACd,UACA,SACA,SACyB;AACzB,QAAM,QAAuB,CAAC;AAC9B,QAAM,YAAY,QAAQ;AAE1B,qBAAmB,OAAO,SAAS,OAAO;AAC1C,qBAAmB,OAAO;AAAA,IACxB,GAAG;AAAA,IACH,GAAG,QAAQ;AAAA,IACX,GAAG,QAAQ;AAAA,IACX,GAAG;AAAA,EACL,CAAC;AACD,qBAAmB,OAAO;AAAA,IACxB,GAAG;AAAA,IACH,GAAG,QAAQ;AAAA,IACX,GAAG,QAAQ;AAAA,IACX,GAAG;AAAA,EACL,CAAC;AAED,SAAO,EAAE,UAAU,OAAO,YAAY,MAAM,SAAS,GAAG,kBAAkB,UAAU;AACtF;AAGA,SAAS,mBACP,OACA,SACA,SACM;AACN,MAAI,QAAQ,aAAa,QAAW;AAClC;AAAA,EACF;AACA,QAAM,OAAO,CAAC,GAAG,QAAQ,QAAQ,EAAE,KAAK;AACxC,QAAM,MAAM,CAAC,GAAG,QAAQ,QAAQ,EAAE,KAAK;AACvC,QAAM,QAAQ,KAAK,WAAW,IAAI,UAAU,KAAK,MAAM,CAAC,GAAG,MAAM,MAAM,IAAI,CAAC,CAAC;AAC7E,MAAI,CAAC,OAAO;AACV,UAAM,KAAK;AAAA,MACT,SAAS;AAAA,MACT,SAAS,QAAQ;AAAA,MACjB,SAAS,QAAQ;AAAA,MACjB,QAAQ,KAAK,WAAW,IAAI,QAAQ;AAAA,IACtC,CAAC;AAAA,EACH;AACF;AAGA,SAAS,mBACP,OACA,GACM;AACN,MAAI,EAAE,MAAM,UAAa,EAAE,MAAM,EAAE,GAAG;AACpC,UAAM,KAAK;AAAA,MACT,SAAS,EAAE;AAAA,MACX,SAAS,EAAE;AAAA,MACX,SAAS,EAAE;AAAA,MACX,QAAQ,EAAE,MAAM,OAAO,QAAQ;AAAA,IACjC,CAAC;AAAA,EACH;AACF;;;ACzRA,SAAS,SAAAA,cAAa;AAYf,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAMA,OAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,YAAY,aAAwC;AACxE,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,QAAQ,QAAQ,UAAU,YAAY,GAAG;AAAA,MACzE,KAAK;AAAA,IACP,CAAC;AACD,UAAM,OAAO,KAAK,MAAM,OAAO,MAAM;AACrC,WAAO,EAAE,OAAO,KAAK,MAAM,OAAO,MAAM,KAAK,KAAK;AAAA,EACpD,QAAQ;AACN,UAAM,IAAI,aAAa,yDAAyD,SAAS;AAAA,EAC3F;AACF;AAGA,eAAsB,sBACpB,UACA,QACmC;AACnC,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAE7F,UAAM,WAAW,KAAK,MAAM,OAAO,MAAM;AACzC,WAAO,mBAAmB,UAAU,MAAM;AAAA,EAC5C,SAAS,OAAO;AACd,WAAO,uBAAuB,OAAO,MAAM;AAAA,EAC7C;AACF;AAGA,SAAS,uBAAuB,OAAgB,QAA0C;AACxF,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAG1E,MAAI,aAAa,SAAS,KAAK,GAAG;AAChC,WAAO,oBAAoB,MAAM;AAAA,EACnC;AAEA,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,aAAa,sCAAsC,YAAY,IAAI,WAAW;AAC1F;AAIA,SAAS,mBAAmB,UAA2B,QAA0C;AAE/F,QAAM,gBAAgB,SAAS;AAAA,IAC7B,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AAEA,MAAI,CAAC,eAAe;AAClB,WAAO,oBAAoB,MAAM;AAAA,EACnC;AAEA,QAAM,QAAQ,cAAc,SAAS,CAAC;AACtC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AACxE,QAAM,iBAAiB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB;AAGzE,QAAM,eAAe,kBAAkB,cAAc,aAAa;AAGlE,QAAM,gBAAgB,iBAAiB,QAAQ,aAAa,WAAW;AAEvE,SAAO;AAAA,IACL;AAAA,IACA,iBAAiB,QAAQ,YAAY,mCAAmC;AAAA,IACxE,qBAAqB,QAAQ,YAAY,iCAAiC;AAAA,IAC1E,yBAAyB,QAAQ,YAAY,6BAA6B;AAAA,IAC1E,sBACE,YAAY,YAAY,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK;AAAA,IAC3E,yBAAyB,YAAY,YAAY,wCAAwC;AAAA,IACzF,sBAAsB,mBAAmB;AAAA,IACzC;AAAA,IACA;AAAA,IACA,WAAW,cAAc;AAAA,IACzB,aAAa,cAAc;AAAA,EAC7B;AACF;AAGA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AAEA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBAAkB,QAAsE;AAC/F,MAAI,CAAC,UAAU,OAAO,WAAW,GAAG;AAClC,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,IAAI,CAAC,WAAW;AAAA,IAC5B,YAAY,MAAM;AAAA,IAClB,UAAU,MAAM,YAAY;AAAA,IAC5B,aAAa,MAAM;AAAA,EACrB,EAAE;AACJ;AAGA,SAAS,oBAAoB,QAA0C;AACrE,SAAO;AAAA,IACL;AAAA,IACA,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,eAAe;AAAA,IACf,cAAc;AAAA,IACd,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;AAOA,eAAsB,mBAAmB,UAAoD;AAC3F,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAE7F,UAAM,WAAW,KAAK,MAAM,OAAO,MAAM;AACzC,WAAO,gBAAgB,QAAQ;AAAA,EACjC,SAAS,OAAO;AACd,WAAO,oBAAoB,KAAK;AAAA,EAClC;AACF;AAGA,SAAS,gBAAgB,UAAkD;AAEzE,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,SAAS,gBAAgB;AAEzF,MAAI,CAAC,YAAY;AACf,WAAO,uBAAuB;AAAA,EAChC;AAEA,QAAM,WACJ,WAAW,YAAY,UAAU,SAAS,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,KAAK,CAAC;AAE3F,QAAM,QAAQ,WAAW,SAAS,CAAC;AACnC,QAAM,kBAAkB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU;AAC/D,QAAM,gBAAgB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ;AAE3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,WAAW;AAAA,IACtB,aAAa,WAAW;AAAA,EAC1B;AACF;AAGA,SAAS,yBAAgD;AACvD,SAAO;AAAA,IACL,UAAU,CAAC;AAAA,IACX,iBAAiB;AAAA,IACjB,eAAe;AAAA,IACf,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;AAGA,SAAS,oBAAoB,OAAuC;AAClE,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAG1E,MAAI,aAAa,SAAS,KAAK,GAAG;AAChC,WAAO,uBAAuB;AAAA,EAChC;AAEA,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,aAAa,mCAAmC,YAAY,IAAI,WAAW;AACvF;;;AClOA,SAAS,UAAU,MAAoB;AACrC,UAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAClC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,aAAa,MAAM,cAAc,OAAO;AAC9C,eAAW,YAAY,QAAQ,MAAM;AACrC,YAAQ,KAAK,WAAW,aAAa,IAAI,CAAC;AAAA,EAC5C,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAIA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,aAAa,MAAM,cAAc,OAAO;AAE9C,QAAI,CAAC,WAAW,YAAY;AAC1B,sBAAgB,YAAY,QAAQ,MAAM;AAC1C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAGA,QAAI,QAAQ,gBAAgB;AAC1B,YAAM,mBAAmB,MAAM,0BAA0B,OAAO;AAChE,UAAI,CAAC,kBAAkB;AACrB,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,OAAO;AAClB,oBAAc,YAAY,QAAQ,MAAM;AACxC,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,aAAa,SAAS,UAAU;AACrD,qBAAiB,YAAY,QAAQ,QAAQ,MAAM;AACnD,YAAQ,KAAK,OAAO,UAAU,IAAI,CAAC;AAAA,EACrC,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAe,aAAa,SAAsB,YAAiD;AACjG,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,cAAc,eAAe,WAAW,QAAQ,MAAM,EAAE,UAAU;AACxE,QAAM,WAAW,MAAM,YAAY,WAAW;AAC9C,QAAM,UAAU,OAAO,SAAS,MAAM,WAAW,CAAC;AAElD,SAAO,sBAAsB,UAAU,WAAW,QAAQ,SAAS,UAAU;AAC/E;AAGA,eAAe,0BAA0B,SAAwC;AAC/E,QAAM,EAAE,sBAAsB,uBAAuB,IAAI,MAAM,OAAO,yBAAgB;AACtF,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,cAAc,eAAe,WAAW,QAAQ,MAAM,EAAE,UAAU;AACxE,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,gBAAgB,OAAO,SAAS,MAAM;AAC5C,QAAM,SAAS,eAAe,iBAAiB,CAAC;AAEhD,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,MAAM,qBAAqB,UAAU,MAAM;AAE1D,MAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,EAC7D,OAAO;AACL,YAAQ,OAAO,MAAM,GAAG,uBAAuB,MAAM,CAAC;AAAA,CAAI;AAAA,EAC5D;AAEA,SAAO,OAAO;AAChB;AAGA,eAAe,cAAc,SAA+C;AAC1E,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI,aAAa,iCAAiC,OAAO;AAAA,EACjE;AAEA,QAAM,EAAE,QAAQ,WAAW,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,aAAa,OAAO,SAAS;AACnC,QAAM,UAAU,YAAY;AAC5B,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AACA,QAAM,SAAS,UAAU,QAAQ,MAAM;AACvC,QAAM,UAAU,MAAM,sBAAsB,UAAU,MAAM;AAE5D,SAAO,YAAY,UAAU,SAAS,OAAO;AAC/C;AAGA,SAAS,UAAU,kBAA8C;AAC/D,SAAO,oBAAoB;AAC7B;AAGA,SAAS,WAAW,QAAwB,QAA+B;AACzE,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,EAC3C,OAAO;AACL,mBAAe,MAAM;AAAA,EACvB;AACF;AAGA,SAAS,eAAe,QAA8B;AACpD,kBAAgB,MAAM;AAEtB,MAAI,CAAC,OAAO,YAAY;AACtB,cAAU,kDAAkD;AAC5D;AAAA,EACF;AAEA,iBAAe,MAAM;AACrB,YAAU,EAAE;AACZ;AAAA,IACE,GAAG,OAAO,MAAM,MAAM;AAAA,EACxB;AACF;AAGA,SAAS,gBAAgB,QAA8B;AACrD,YAAU,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACxE,YAAU,WAAW,OAAO,MAAM,EAAE;AACpC,YAAU,EAAE;AACd;AAGA,SAAS,eAAe,QAA8B;AACpD,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,MAAM,GAAG,CAAC;AAC7E,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC;AAE1F,YAAU,GAAG,UAAU,OAAO,YAAY,CAAC,KAAK,UAAU,OAAO,YAAY,CAAC,WAAW;AACzF,YAAU,IAAI,OAAO,eAAe,eAAe,EAAE,CAAC;AAEtD,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C;AAAA,MACE,GAAG,KAAK,QAAQ,OAAO,YAAY,CAAC,KAAK,WAAW,OAAO,YAAY,CAAC,KAAK,UAAU;AAAA,IACzF;AAAA,EACF;AACF;AAGA,SAAS,gBAAgB,QAAwB,QAA+B;AAC9E,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,oBAAoB,GAAG,MAAM,CAAC,CAAC;AAAA,EAChF,OAAO;AACL,oBAAgB,MAAM;AACtB,cAAU,kDAAkD;AAAA,EAC9D;AACF;AAGA,SAAS,cAAc,QAAwB,QAA+B;AAC5E,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAAA,EACjE,OAAO;AACL,oBAAgB,MAAM;AACtB,cAAU,oCAAoC;AAC9C,eAAW,QAAQ,OAAO,OAAO;AAC/B,gBAAU,KAAK,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,IAC7F;AACA,cAAU,EAAE;AACZ,cAAU,yCAAyC;AAAA,EACrD;AACF;AAGA,SAAS,iBACP,YACA,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB;AAAA,MACE,KAAK;AAAA,QACH,EAAE,UAAU,WAAW,UAAU,QAAQ,WAAW,QAAQ,GAAG,OAAO;AAAA,QACtE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF,OAAO;AACL,yBAAqB,YAAY,MAAM;AAAA,EACzC;AACF;AAGA,SAAS,qBAAqB,YAA4B,QAA0B;AAClF,kBAAgB,UAAU;AAC1B,YAAU,qBAAqB;AAE/B,aAAW,QAAQ,OAAO,SAAS;AACjC,cAAU,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,EAC/F;AAEA,aAAW,EAAE,MAAM,MAAM,KAAK,OAAO,QAAQ;AAC3C,cAAU,OAAO,KAAK,OAAO,KAAK,KAAK,EAAE;AAAA,EAC3C;AAEA,YAAU,EAAE;AACZ,MAAI,OAAO,SAAS;AAClB,cAAU,KAAK,OAAO,QAAQ,MAAM,wCAAwC;AAAA,EAC9E,OAAO;AACL,cAAU,KAAK,OAAO,OAAO,MAAM,6BAA6B;AAAA,EAClE;AACF;AAGA,SAAS,YAAY,OAAgB,QAA+B;AAClE,QAAM,EAAE,SAAS,KAAK,IAAI,iBAAiB,KAAK;AAEhD,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,OAAO,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC;AAAA,EACnE,OAAO;AACL,cAAU,UAAU,OAAO,EAAE;AAAA,EAC/B;AAEA,UAAQ,KAAK,CAAC;AAChB;AAGA,SAAS,iBAAiB,OAAmD;AAC3E,MAAI,iBAAiB,cAAc;AACjC,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK;AAAA,EACpD;AACA,MAAI,iBAAiB,cAAc;AACjC,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK;AAAA,EACpD;AACA,MAAI,iBAAiB,OAAO;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,QAAQ;AAAA,EACjD;AACA,SAAO,EAAE,SAAS,OAAO,KAAK,GAAG,MAAM,QAAQ;AACjD;AAOA,eAAsB,WAAW,SAAqC;AACpE,MAAI;AACF,UAAM,aAAa,MAAM,iBAAiB,OAAO;AACjD,kBAAc,YAAY,QAAQ,MAAM;AACxC,YAAQ,KAAK,WAAW,aAAa,IAAI,CAAC;AAAA,EAC5C,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAsB,WAAW,SAAqC;AACpE,MAAI;AACF,UAAM,aAAa,MAAM,iBAAiB,OAAO;AAEjD,QAAI,CAAC,WAAW,YAAY;AAC1B,yBAAmB,YAAY,QAAQ,MAAM;AAC7C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,QAAI,CAAC,QAAQ,OAAO;AAClB,uBAAiB,YAAY,QAAQ,MAAM;AAC3C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,gBAAgB,SAAS,UAAU;AACxD,wBAAoB,YAAY,QAAQ,QAAQ,MAAM;AACtD,YAAQ,KAAK,OAAO,UAAU,IAAI,CAAC;AAAA,EACrC,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAe,iBAAiB,SAAwD;AACtF,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI,aAAa,iCAAiC,OAAO;AAAA,EACjE;AAEA,QAAM,EAAE,QAAQ,WAAW,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,aAAa,OAAO,SAAS;AACnC,MAAI,CAAC,YAAY,gBAAgB,YAAY,WAAW,eAAe,SAAS,WAAW,GAAG;AAC5F,UAAM,IAAI,MAAM,wEAAwE;AAAA,EAC1F;AAEA,QAAM,UAAU,WAAW;AAC3B,QAAM,UAAU,MAAM,mBAAmB,QAAQ;AAEjD,SAAO,eAAe,UAAU,SAAS,OAAO;AAClD;AAGA,eAAe,gBACb,SACA,YACqB;AACrB,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,UAAU,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzD,SAAO,mBAAmB,WAAW,UAAU,SAAS,UAAU;AACpE;AAGA,SAAS,cAAc,QAAiC,QAA+B;AACrF,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,EAC3C,OAAO;AACL,sBAAkB,MAAM;AAAA,EAC1B;AACF;AAGA,SAAS,kBAAkB,QAAuC;AAChE,qBAAmB,MAAM;AAEzB,MAAI,CAAC,OAAO,YAAY;AACtB,cAAU,iEAAiE;AAC3E;AAAA,EACF;AAEA,oBAAkB,MAAM;AACxB,YAAU,EAAE;AACZ;AAAA,IACE,GAAG,OAAO,MAAM,MAAM;AAAA,EACxB;AACF;AAGA,SAAS,mBAAmB,QAAuC;AACjE,YAAU,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACxE,YAAU,gCAAgC;AAC1C,YAAU,EAAE;AACd;AAGA,SAAS,kBAAkB,QAAuC;AAChE,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,MAAM,GAAG,CAAC;AAC7E,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC;AAE1F,YAAU,GAAG,UAAU,OAAO,YAAY,CAAC,KAAK,UAAU,OAAO,YAAY,CAAC,WAAW;AACzF,YAAU,IAAI,OAAO,eAAe,eAAe,EAAE,CAAC;AAEtD,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C;AAAA,MACE,GAAG,KAAK,QAAQ,OAAO,YAAY,CAAC,KAAK,WAAW,OAAO,YAAY,CAAC,KAAK,UAAU;AAAA,IACzF;AAAA,EACF;AACF;AAGA,SAAS,mBAAmB,QAAiC,QAA+B;AAC1F,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,oBAAoB,GAAG,MAAM,CAAC,CAAC;AAAA,EAChF,OAAO;AACL,uBAAmB,MAAM;AACzB,cAAU,iEAAiE;AAAA,EAC7E;AACF;AAGA,SAAS,iBAAiB,QAAiC,QAA+B;AACxF,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAAA,EACjE,OAAO;AACL,uBAAmB,MAAM;AACzB,cAAU,oCAAoC;AAC9C,eAAW,QAAQ,OAAO,OAAO;AAC/B,gBAAU,KAAK,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,IAC7F;AACA,cAAU,EAAE;AACZ,cAAU,yCAAyC;AAAA,EACrD;AACF;AAGA,SAAS,oBACP,YACA,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,UAAU,WAAW,UAAU,GAAG,OAAO,GAAG,MAAM,CAAC,CAAC;AAAA,EACjF,OAAO;AACL,4BAAwB,YAAY,MAAM;AAAA,EAC5C;AACF;AAGA,SAAS,wBAAwB,YAAqC,QAA0B;AAC9F,qBAAmB,UAAU;AAC7B,YAAU,oCAAoC;AAE9C,aAAW,QAAQ,OAAO,SAAS;AACjC,cAAU,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,EAC/F;AAEA,aAAW,EAAE,MAAM,MAAM,KAAK,OAAO,QAAQ;AAC3C,cAAU,OAAO,KAAK,OAAO,KAAK,KAAK,EAAE;AAAA,EAC3C;AAEA,YAAU,EAAE;AACZ,MAAI,OAAO,SAAS;AAClB,cAAU,KAAK,OAAO,QAAQ,MAAM,wCAAwC;AAAA,EAC9E,OAAO;AACL,cAAU,KAAK,OAAO,OAAO,MAAM,6BAA6B;AAAA,EAClE;AACF;","names":["execa"]}
package/dist/validate/guidelines.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ /** Single file validation error */
2
+ export interface GuidelineValidationError {
3
+ file: string;
4
+ errors: string[];
5
+ }
6
+ /** Overall validation result */
7
+ export interface GuidelineValidationResult {
8
+ valid: boolean;
9
+ validCount: number;
10
+ invalidCount: number;
11
+ errors: GuidelineValidationError[];
12
+ }
13
+ /** Validate a directory of guideline files */
14
+ export declare function validateGuidelinesDir(dirPath: string): GuidelineValidationResult;
15
+ /** Run the validate guidelines command */
16
+ export declare function runValidateGuidelines(dirPath: string, options: {
17
+ format: string;
18
+ }): Promise<void>;
package/dist/validate/index.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ export { runValidateGuidelines, validateGuidelinesDir } from "./guidelines.js";
2
+ export type { GuidelineValidationError, GuidelineValidationResult } from "./guidelines.js";
3
+ export { formatTierResultJson, formatTierResultText, validateTierRuleset } from "./tier.js";
4
+ export type { RepoMetadata, Tier, TierSourceDetail, ValidateTierOptions, ValidateTierResult, } from "./types.js";
5
+ export { VALID_TIERS } from "./types.js";
package/dist/validate/tier.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ import { type ValidateTierOptions, type ValidateTierResult } from "./types.js";
2
+ /**
3
+ * Validate that project tier matches its rulesets.
4
+ * This is the programmatic API exported for library consumers.
5
+ */
6
+ export declare function validateTierRuleset(options?: ValidateTierOptions): ValidateTierResult;
7
+ /**
8
+ * Format tier validation result as text
9
+ */
10
+ export declare function formatTierResultText(result: ValidateTierResult): string;
11
+ /**
12
+ * Format tier validation result as JSON
13
+ */
14
+ export declare function formatTierResultJson(result: ValidateTierResult): string;
package/dist/validate/types.d.ts ADDED
@@ -0,0 +1,56 @@
1
+ /**
2
+ * Valid project tiers
3
+ */
4
+ export type Tier = "production" | "internal" | "prototype";
5
+ /**
6
+ * Valid tier values as a constant array for validation and export
7
+ */
8
+ export declare const VALID_TIERS: readonly Tier[];
9
+ /**
10
+ * Parsed repo-metadata.yaml structure
11
+ */
12
+ export interface RepoMetadata {
13
+ tier?: Tier;
14
+ }
15
+ /**
16
+ * Detailed tier source indicating why a default was used
17
+ */
18
+ export type TierSourceDetail = "repo-metadata.yaml" | "default" | "default (file not found)" | "default (file empty)" | "default (parse error)" | "default (tier not specified)" | "default (invalid value)";
19
+ /**
20
+ * Options for the tier validation command
21
+ */
22
+ export interface ValidateTierOptions {
23
+ /** Path to standards.toml config file */
24
+ config?: string;
25
+ /** Output format */
26
+ format?: "text" | "json";
27
+ }
28
+ /**
29
+ * Result of tier validation
30
+ */
31
+ export interface ValidateTierResult {
32
+ /** Whether validation passed */
33
+ valid: boolean;
34
+ /** Project tier from repo-metadata.yaml (defaults to "internal") */
35
+ tier: Tier;
36
+ /** Source of tier value */
37
+ tierSource: "repo-metadata.yaml" | "default";
38
+ /** Detailed source of tier value with reason for default */
39
+ tierSourceDetail?: TierSourceDetail;
40
+ /** Rulesets from standards.toml extends section */
41
+ rulesets: string[];
42
+ /** Expected ruleset suffix pattern */
43
+ expectedPattern: string;
44
+ /** Matched rulesets (those that satisfy the tier requirement) */
45
+ matchedRulesets: string[];
46
+ /** Error message if invalid */
47
+ error?: string;
48
+ /** Invalid tier value that was rejected (for error messages) */
49
+ invalidTierValue?: string;
50
+ /** Whether extends is configured but has empty rulesets */
51
+ hasEmptyRulesets?: boolean;
52
+ /** Registry URL if extends is configured */
53
+ registryUrl?: string;
54
+ /** Warnings about configuration */
55
+ warnings?: string[];
56
+ }