@standards-kit/conform 0.1.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/dist/{chunk-RXA4FO7L.js → chunk-NADY2H35.js} +12 -8
  2. package/dist/chunk-NADY2H35.js.map +1 -0
  3. package/dist/chunk-O745CMWG.js +29 -0
  4. package/dist/chunk-O745CMWG.js.map +1 -0
  5. package/dist/chunk-RHM53NLG.js +49 -0
  6. package/dist/chunk-RHM53NLG.js.map +1 -0
  7. package/dist/{chunk-PZ2NVKI7.js → chunk-YGDEM6K5.js} +19 -5
  8. package/dist/chunk-YGDEM6K5.js.map +1 -0
  9. package/dist/cli.js +47 -36
  10. package/dist/cli.js.map +1 -1
  11. package/dist/{cloudwatch-KSZ4A256.js → cloudwatch-3LTDYG6G.js} +6 -10
  12. package/dist/cloudwatch-3LTDYG6G.js.map +1 -0
  13. package/dist/constants.d.ts +69 -0
  14. package/dist/core/schema.d.ts +28 -0
  15. package/dist/{core-KB2W6SE2.js → core-QRFGIQ42.js} +3 -2
  16. package/dist/{dynamodb-5KVESCVJ.js → dynamodb-HQH3IMAI.js} +6 -10
  17. package/dist/dynamodb-HQH3IMAI.js.map +1 -0
  18. package/dist/{ec2-HKPE6GZV.js → ec2-AEPT735A.js} +6 -10
  19. package/dist/ec2-AEPT735A.js.map +1 -0
  20. package/dist/{ecs-OS3NJZTA.js → ecs-UHKCH5A7.js} +6 -10
  21. package/dist/ecs-UHKCH5A7.js.map +1 -0
  22. package/dist/{elasticache-7TCRHYYM.js → elasticache-5Y6K7GKJ.js} +6 -10
  23. package/dist/elasticache-5Y6K7GKJ.js.map +1 -0
  24. package/dist/{elb-PEDLXW5R.js → elb-CN6ELVM5.js} +6 -10
  25. package/dist/elb-CN6ELVM5.js.map +1 -0
  26. package/dist/{iam-7H5HFWVQ.js → iam-YXMHK2MV.js} +6 -2
  27. package/dist/iam-YXMHK2MV.js.map +1 -0
  28. package/dist/index.d.ts +1 -1
  29. package/dist/index.js +92 -118
  30. package/dist/index.js.map +1 -1
  31. package/dist/infra/checkers/client-factory.d.ts +45 -0
  32. package/dist/infra/schemas.d.ts +4 -4
  33. package/dist/{infra-ZQRXX7AW.js → infra-TO54IUSC.js} +20 -18
  34. package/dist/{infra-ZQRXX7AW.js.map → infra-TO54IUSC.js.map} +1 -1
  35. package/dist/{lambda-NFB5UILT.js → lambda-YTJOCYV5.js} +6 -10
  36. package/dist/lambda-YTJOCYV5.js.map +1 -0
  37. package/dist/{mcp-WXYRFNEV.js → mcp-73FZXT3P.js} +4 -3
  38. package/dist/{mcp-WXYRFNEV.js.map → mcp-73FZXT3P.js.map} +1 -1
  39. package/dist/projects/tier-loader.d.ts +10 -3
  40. package/dist/projects/types.d.ts +4 -4
  41. package/dist/{rds-KLG5O5SI.js → rds-GZ5RVPIU.js} +6 -10
  42. package/dist/rds-GZ5RVPIU.js.map +1 -0
  43. package/dist/{registry-7CDIMOLZ.js → registry-JRCQAIHR.js} +3 -2
  44. package/dist/{s3-2DH7PRVR.js → s3-53UELUWT.js} +16 -12
  45. package/dist/s3-53UELUWT.js.map +1 -0
  46. package/dist/s3-S4GXNR7H.js +53 -0
  47. package/dist/s3-S4GXNR7H.js.map +1 -0
  48. package/dist/{scan-IKEHLZXV.js → scan-RHQWHASY.js} +4 -3
  49. package/dist/{scan-IKEHLZXV.js.map → scan-RHQWHASY.js.map} +1 -1
  50. package/dist/{secretsmanager-MOOIHLAO.js → secretsmanager-FJKTPIXI.js} +6 -10
  51. package/dist/secretsmanager-FJKTPIXI.js.map +1 -0
  52. package/dist/{sns-Y36LVTWA.js → sns-RV64OMK2.js} +6 -10
  53. package/dist/sns-RV64OMK2.js.map +1 -0
  54. package/dist/{sqs-RRS3GRHK.js → sqs-MHBW6UFC.js} +6 -10
  55. package/dist/sqs-MHBW6UFC.js.map +1 -0
  56. package/dist/{standards-RXK5G4IG.js → standards-XAZKTKYJ.js} +3 -2
  57. package/dist/{sync-XV6XBLVZ.js → sync-P3UZECLW.js} +3 -2
  58. package/dist/{sync-XV6XBLVZ.js.map → sync-P3UZECLW.js.map} +1 -1
  59. package/dist/validate/index.d.ts +1 -1
  60. package/dist/validate/tier.d.ts +3 -0
  61. package/dist/validate/types.d.ts +3 -9
  62. package/dist/{validate-DKEJICCK.js → validate-J5E336GX.js} +52 -83
  63. package/dist/validate-J5E336GX.js.map +1 -0
  64. package/package.json +5 -15
  65. package/dist/chunk-PZ2NVKI7.js.map +0 -1
  66. package/dist/chunk-RXA4FO7L.js.map +0 -1
  67. package/dist/cloudwatch-KSZ4A256.js.map +0 -1
  68. package/dist/dynamodb-5KVESCVJ.js.map +0 -1
  69. package/dist/ec2-HKPE6GZV.js.map +0 -1
  70. package/dist/ecs-OS3NJZTA.js.map +0 -1
  71. package/dist/elasticache-7TCRHYYM.js.map +0 -1
  72. package/dist/elb-PEDLXW5R.js.map +0 -1
  73. package/dist/iam-7H5HFWVQ.js.map +0 -1
  74. package/dist/lambda-NFB5UILT.js.map +0 -1
  75. package/dist/rds-KLG5O5SI.js.map +0 -1
  76. package/dist/s3-2DH7PRVR.js.map +0 -1
  77. package/dist/secretsmanager-MOOIHLAO.js.map +0 -1
  78. package/dist/sns-Y36LVTWA.js.map +0 -1
  79. package/dist/sqs-RRS3GRHK.js.map +0 -1
  80. package/dist/validate-DKEJICCK.js.map +0 -1
  81. /package/dist/{core-KB2W6SE2.js.map → core-QRFGIQ42.js.map} +0 -0
  82. /package/dist/{registry-7CDIMOLZ.js.map → registry-JRCQAIHR.js.map} +0 -0
  83. /package/dist/{standards-RXK5G4IG.js.map → standards-XAZKTKYJ.js.map} +0 -0
package/dist/s3-53UELUWT.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/infra/checkers/s3.ts"],"sourcesContent":["/**\n * S3 resource checker\n */\n\nimport { HeadBucketCommand, S3Client } from \"@aws-sdk/client-s3\";\n\nimport { AWS_DEFAULTS } from \"../../constants.js\";\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactoryWithConfig } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an S3 client for a region.\n * S3 is global, but we use the default region for global operations.\n * Uses followRegionRedirects for cross-region bucket access.\n */\nconst getClientForRegion = createClientFactoryWithConfig(\n (region: string) =>\n new S3Client({\n region,\n followRegionRedirects: true,\n })\n);\n\n/**\n * Get S3 client with fallback to default region\n */\nfunction getClient(region: string): S3Client {\n const effectiveRegion = region || AWS_DEFAULTS.globalRegion;\n return getClientForRegion(effectiveRegion);\n}\n\n/**\n * S3 bucket checker\n */\nexport const S3Checker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceType, resourceId, raw } = arn;\n\n // Only check bucket existence (not individual objects)\n if (resourceType === \"object\") {\n // For objects, we'd need to check if the key exists, which is expensive\n // For now, we just check if the bucket exists\n const bucketName = resourceId.split(\"/\")[0];\n return checkBucket(bucketName, arn.region, raw);\n }\n\n return checkBucket(resourceId, arn.region, raw);\n },\n};\n\n/**\n * Create a bucket check result\n */\nfunction bucketResult(\n arn: string,\n bucketName: string,\n exists: boolean,\n error?: string\n): ResourceCheckResult {\n return { arn, exists, error, service: \"s3\", resourceType: \"bucket\", resourceId: bucketName };\n}\n\n/**\n * Check if error indicates bucket doesn't exist (404 or 403)\n */\nfunction isBucketNotFound(err: Error & { name?: string; $metadata?: { httpStatusCode?: number } }): boolean {\n const httpStatus = err.$metadata?.httpStatusCode;\n // 404 = not found, 403 = access denied (S3 returns 403 for non-existent buckets to prevent enumeration)\n return err.name === \"NotFound\" || err.name === \"NoSuchBucket\" || httpStatus === 404 ||\n err.name === \"Forbidden\" || err.name === \"AccessDenied\" || httpStatus === 403;\n}\n\n/**\n * Check if an S3 bucket exists\n */\nasync function checkBucket(bucketName: string, region: string, arn: string): Promise<ResourceCheckResult> {\n const client = getClient(region);\n\n try {\n await client.send(new HeadBucketCommand({ Bucket: bucketName }));\n return bucketResult(arn, bucketName, true);\n } catch (error) {\n const err = error as Error & { name?: string; $metadata?: { httpStatusCode?: number } };\n if (isBucketNotFound(err)) {\n return bucketResult(arn, bucketName, false);\n }\n return bucketResult(arn, bucketName, false, err.message || \"Unknown error\");\n }\n}\n"],"mappings":";;;;;;;;AAIA,SAAS,mBAAmB,gBAAgB;AAY5C,IAAM,qBAAqB;AAAA,EACzB,CAAC,WACC,IAAI,SAAS;AAAA,IACX;AAAA,IACA,uBAAuB;AAAA,EACzB,CAAC;AACL;AAKA,SAAS,UAAU,QAA0B;AAC3C,QAAM,kBAAkB,UAAU,aAAa;AAC/C,SAAO,mBAAmB,eAAe;AAC3C;AAKO,IAAM,YAA6B;AAAA,EACxC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,cAAc,YAAY,IAAI,IAAI;AAG1C,QAAI,iBAAiB,UAAU;AAG7B,YAAM,aAAa,WAAW,MAAM,GAAG,EAAE,CAAC;AAC1C,aAAO,YAAY,YAAY,IAAI,QAAQ,GAAG;AAAA,IAChD;AAEA,WAAO,YAAY,YAAY,IAAI,QAAQ,GAAG;AAAA,EAChD;AACF;AAKA,SAAS,aACP,KACA,YACA,QACA,OACqB;AACrB,SAAO,EAAE,KAAK,QAAQ,OAAO,SAAS,MAAM,cAAc,UAAU,YAAY,WAAW;AAC7F;AAKA,SAAS,iBAAiB,KAAkF;AAC1G,QAAM,aAAa,IAAI,WAAW;AAElC,SAAO,IAAI,SAAS,cAAc,IAAI,SAAS,kBAAkB,eAAe,OACzE,IAAI,SAAS,eAAe,IAAI,SAAS,kBAAkB,eAAe;AACnF;AAKA,eAAe,YAAY,YAAoB,QAAgB,KAA2C;AACxG,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI;AACF,UAAM,OAAO,KAAK,IAAI,kBAAkB,EAAE,QAAQ,WAAW,CAAC,CAAC;AAC/D,WAAO,aAAa,KAAK,YAAY,IAAI;AAAA,EAC3C,SAAS,OAAO;AACd,UAAM,MAAM;AACZ,QAAI,iBAAiB,GAAG,GAAG;AACzB,aAAO,aAAa,KAAK,YAAY,KAAK;AAAA,IAC5C;AACA,WAAO,aAAa,KAAK,YAAY,OAAO,IAAI,WAAW,eAAe;AAAA,EAC5E;AACF;","names":[]}
package/dist/s3-S4GXNR7H.js ADDED
@@ -0,0 +1,53 @@
1
+ import {
2
+ createClientFactoryWithConfig
3
+ } from "./chunk-O745CMWG.js";
4
+ import {
5
+ AWS_DEFAULTS
6
+ } from "./chunk-RHM53NLG.js";
7
+
8
+ // src/infra/checkers/s3.ts
9
+ import { HeadBucketCommand, S3Client } from "@aws-sdk/client-s3";
10
+ var getClientForRegion = createClientFactoryWithConfig(
11
+ (region) => new S3Client({
12
+ region,
13
+ followRegionRedirects: true
14
+ })
15
+ );
16
+ function getClient(region) {
17
+ const effectiveRegion = region || AWS_DEFAULTS.globalRegion;
18
+ return getClientForRegion(effectiveRegion);
19
+ }
20
+ var S3Checker = {
21
+ async check(arn) {
22
+ const { resourceType, resourceId, raw } = arn;
23
+ if (resourceType === "object") {
24
+ const bucketName = resourceId.split("/")[0];
25
+ return checkBucket(bucketName, arn.region, raw);
26
+ }
27
+ return checkBucket(resourceId, arn.region, raw);
28
+ }
29
+ };
30
+ function bucketResult(arn, bucketName, exists, error) {
31
+ return { arn, exists, error, service: "s3", resourceType: "bucket", resourceId: bucketName };
32
+ }
33
+ function isBucketNotFound(err) {
34
+ const httpStatus = err.$metadata?.httpStatusCode;
35
+ return err.name === "NotFound" || err.name === "NoSuchBucket" || httpStatus === 404 || err.name === "Forbidden" || err.name === "AccessDenied" || httpStatus === 403;
36
+ }
37
+ async function checkBucket(bucketName, region, arn) {
38
+ const client = getClient(region);
39
+ try {
40
+ await client.send(new HeadBucketCommand({ Bucket: bucketName }));
41
+ return bucketResult(arn, bucketName, true);
42
+ } catch (error) {
43
+ const err = error;
44
+ if (isBucketNotFound(err)) {
45
+ return bucketResult(arn, bucketName, false);
46
+ }
47
+ return bucketResult(arn, bucketName, false, err.message || "Unknown error");
48
+ }
49
+ }
50
+ export {
51
+ S3Checker
52
+ };
53
+ //# sourceMappingURL=s3-S4GXNR7H.js.map
package/dist/s3-S4GXNR7H.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/infra/checkers/s3.ts"],"sourcesContent":["/**\n * S3 resource checker\n */\n\nimport { HeadBucketCommand, S3Client } from \"@aws-sdk/client-s3\";\n\nimport { AWS_DEFAULTS } from \"../../constants.js\";\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactoryWithConfig } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an S3 client for a region.\n * S3 is global, but we use the default region for global operations.\n * Uses followRegionRedirects for cross-region bucket access.\n */\nconst getClientForRegion = createClientFactoryWithConfig(\n (region: string) =>\n new S3Client({\n region,\n followRegionRedirects: true,\n })\n);\n\n/**\n * Get S3 client with fallback to default region\n */\nfunction getClient(region: string): S3Client {\n const effectiveRegion = region || AWS_DEFAULTS.globalRegion;\n return getClientForRegion(effectiveRegion);\n}\n\n/**\n * S3 bucket checker\n */\nexport const S3Checker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceType, resourceId, raw } = arn;\n\n // Only check bucket existence (not individual objects)\n if (resourceType === \"object\") {\n // For objects, we'd need to check if the key exists, which is expensive\n // For now, we just check if the bucket exists\n const bucketName = resourceId.split(\"/\")[0];\n return checkBucket(bucketName, arn.region, raw);\n }\n\n return checkBucket(resourceId, arn.region, raw);\n },\n};\n\n/**\n * Create a bucket check result\n */\nfunction bucketResult(\n arn: string,\n bucketName: string,\n exists: boolean,\n error?: string\n): ResourceCheckResult {\n return { arn, exists, error, service: \"s3\", resourceType: \"bucket\", resourceId: bucketName };\n}\n\n/**\n * Check if error indicates bucket doesn't exist (404 or 403)\n */\nfunction isBucketNotFound(err: Error & { name?: string; $metadata?: { httpStatusCode?: number } }): boolean {\n const httpStatus = err.$metadata?.httpStatusCode;\n // 404 = not found, 403 = access denied (S3 returns 403 for non-existent buckets to prevent enumeration)\n return err.name === \"NotFound\" || err.name === \"NoSuchBucket\" || httpStatus === 404 ||\n err.name === \"Forbidden\" || err.name === \"AccessDenied\" || httpStatus === 403;\n}\n\n/**\n * Check if an S3 bucket exists\n */\nasync function checkBucket(bucketName: string, region: string, arn: string): Promise<ResourceCheckResult> {\n const client = getClient(region);\n\n try {\n await client.send(new HeadBucketCommand({ Bucket: bucketName }));\n return bucketResult(arn, bucketName, true);\n } catch (error) {\n const err = error as Error & { name?: string; $metadata?: { httpStatusCode?: number } };\n if (isBucketNotFound(err)) {\n return bucketResult(arn, bucketName, false);\n }\n return bucketResult(arn, bucketName, false, err.message || \"Unknown error\");\n }\n}\n"],"mappings":";;;;;;;;AAIA,SAAS,mBAAmB,gBAAgB;AAY5C,IAAM,qBAAqB;AAAA,EACzB,CAAC,WACC,IAAI,SAAS;AAAA,IACX;AAAA,IACA,uBAAuB;AAAA,EACzB,CAAC;AACL;AAKA,SAAS,UAAU,QAA0B;AAC3C,QAAM,kBAAkB,UAAU,aAAa;AAC/C,SAAO,mBAAmB,eAAe;AAC3C;AAKO,IAAM,YAA6B;AAAA,EACxC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,cAAc,YAAY,IAAI,IAAI;AAG1C,QAAI,iBAAiB,UAAU;AAG7B,YAAM,aAAa,WAAW,MAAM,GAAG,EAAE,CAAC;AAC1C,aAAO,YAAY,YAAY,IAAI,QAAQ,GAAG;AAAA,IAChD;AAEA,WAAO,YAAY,YAAY,IAAI,QAAQ,GAAG;AAAA,EAChD;AACF;AAKA,SAAS,aACP,KACA,YACA,QACA,OACqB;AACrB,SAAO,EAAE,KAAK,QAAQ,OAAO,SAAS,MAAM,cAAc,UAAU,YAAY,WAAW;AAC7F;AAKA,SAAS,iBAAiB,KAAkF;AAC1G,QAAM,aAAa,IAAI,WAAW;AAElC,SAAO,IAAI,SAAS,cAAc,IAAI,SAAS,kBAAkB,eAAe,OACzE,IAAI,SAAS,eAAe,IAAI,SAAS,kBAAkB,eAAe;AACnF;AAKA,eAAe,YAAY,YAAoB,QAAgB,KAA2C;AACxG,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI;AACF,UAAM,OAAO,KAAK,IAAI,kBAAkB,EAAE,QAAQ,WAAW,CAAC,CAAC;AAC/D,WAAO,aAAa,KAAK,YAAY,IAAI;AAAA,EAC3C,SAAS,OAAO;AACd,UAAM,MAAM;AACZ,QAAI,iBAAiB,GAAG,GAAG;AACzB,aAAO,aAAa,KAAK,YAAY,KAAK;AAAA,IAC5C;AACA,WAAO,aAAa,KAAK,YAAY,OAAO,IAAI,WAAW,eAAe;AAAA,EAC5E;AACF;","names":[]}
package/dist/{scan-IKEHLZXV.js → scan-RHQWHASY.js} RENAMED
@@ -3,7 +3,8 @@ import {
3
3
  } from "./chunk-DXIYZR62.js";
4
4
  import {
5
5
  loadConfigAsync
6
- } from "./chunk-PZ2NVKI7.js";
6
+ } from "./chunk-YGDEM6K5.js";
7
+ import "./chunk-RHM53NLG.js";
7
8
 
8
9
  // src/process/scan/index.ts
9
10
  import chalk from "chalk";
@@ -512,7 +513,7 @@ async function scanRepository(repo, config) {
512
513
  return aggregateResults(repoInfo, [rulesetsResult, filesResult]);
513
514
  }
514
515
  async function validateProcess(options) {
515
- const { loadConfigAsync: loadConfigAsync2 } = await import("./core-KB2W6SE2.js");
516
+ const { loadConfigAsync: loadConfigAsync2 } = await import("./core-QRFGIQ42.js");
516
517
  const { config } = await loadConfigAsync2(options.config);
517
518
  const result = await scanRepository(options.repo, config);
518
519
  const fs = await import("fs");
@@ -590,4 +591,4 @@ export {
590
591
  scanRepository,
591
592
  validateProcess
592
593
  };
593
- //# sourceMappingURL=scan-IKEHLZXV.js.map
594
+ //# sourceMappingURL=scan-RHQWHASY.js.map
package/dist/{scan-IKEHLZXV.js.map → scan-RHQWHASY.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/process/scan/index.ts","../src/process/scan/scanner.ts","../src/process/scan/remote-fetcher.ts","../src/process/scan/validators.ts"],"sourcesContent":["import chalk from \"chalk\";\n\nimport { loadConfigAsync } from \"../../core/index.js\";\nimport { ExitCode } from \"../../core/index.js\";\nimport { scanRepository } from \"./scanner.js\";\nimport { type ScanOptions, type ScanResult } from \"./types.js\";\n\n// Re-export public API types\nexport {\n type RemoteRepoInfo,\n type ScanOptions,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\n\n// Re-export scanner\nexport { scanRepository, validateProcess } from \"./scanner.js\";\n\n/** Format scan result as text */\nfunction formatScanText(result: ScanResult): string {\n const lines: string[] = [];\n\n lines.push(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n lines.push(\"\");\n\n for (const check of result.checks) {\n if (check.skipped) {\n lines.push(chalk.yellow(`⊘ ${check.name} (skipped: ${check.skipReason})`));\n } else if (check.passed) {\n lines.push(chalk.green(`✓ ${check.name}`));\n } else {\n lines.push(chalk.red(`✗ ${check.name}`));\n for (const violation of check.violations) {\n lines.push(chalk.red(` • ${violation.message}`));\n }\n }\n }\n\n lines.push(\"\");\n lines.push(\n `Summary: ${result.summary.passedChecks} passed, ` +\n `${result.summary.failedChecks} failed, ` +\n `${result.summary.skippedChecks} skipped`\n );\n\n return lines.join(\"\\n\");\n}\n\n/** Format scan result as JSON */\nfunction formatScanJson(result: ScanResult): string {\n return JSON.stringify(result, null, 2);\n}\n\n/** Run the scan command */\nexport async function runScan(options: ScanOptions): Promise<void> {\n try {\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const output = options.format === \"json\" ? formatScanJson(result) : formatScanText(result);\n\n process.stdout.write(`${output}\\n`);\n process.exit(result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND);\n } catch (error) {\n if (options.format === \"json\") {\n const errorObj = {\n error: true,\n message: error instanceof Error ? error.message : String(error),\n code: (error as { code?: string }).code ?? \"UNKNOWN\",\n };\n process.stdout.write(`${JSON.stringify(errorObj, null, 2)}\\n`);\n } else {\n console.error(chalk.red(`Error: ${error instanceof Error ? error.message : String(error)}`));\n }\n process.exit(ExitCode.RUNTIME_ERROR);\n }\n}\n","import { execa } from \"execa\";\n\nimport { type Config } from \"../../core/index.js\";\nimport { type CheckResult, ExitCode, type Violation } from \"../../core/index.js\";\nimport {\n checkRemoteFiles,\n isGhAvailable,\n parseRepoString,\n RemoteFetcherError,\n standardFileChecks,\n verifyRepoAccess,\n} from \"./remote-fetcher.js\";\nimport {\n type FileCheckConfig,\n type RemoteRepoInfo,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\nimport { type RulesetResponse, validateRulesets } from \"./validators.js\";\n\n/** Fetch rulesets from GitHub API */\nasync function fetchRulesets(repoInfo: RemoteRepoInfo): Promise<RulesetResponse[]> {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n return JSON.parse(result.stdout) as RulesetResponse[];\n}\n\n/** Create a skipped check result */\nfunction createSkippedResult(\n name: string,\n rule: string,\n reason: string,\n duration: number\n): CheckResult {\n return { name, rule, passed: true, violations: [], skipped: true, skipReason: reason, duration };\n}\n\n/** Create an error check result */\nfunction createErrorResult(\n name: string,\n rule: string,\n message: string,\n duration: number\n): CheckResult {\n return {\n name,\n rule,\n passed: false,\n violations: [{ rule, tool: \"scan\", message, severity: \"error\" }],\n skipped: false,\n duration,\n };\n}\n\n/** Handle API errors for ruleset fetching */\nfunction handleRulesetError(\n error: unknown,\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"],\n elapsed: () => number\n): CheckResult {\n const msg = error instanceof Error ? error.message : String(error);\n\n if (msg.includes(\"403\") || msg.includes(\"Must have admin rights\")) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Cannot check rulesets: insufficient permissions (requires admin access)\",\n elapsed()\n );\n }\n\n if (msg.includes(\"404\")) {\n const violations: Violation[] = [];\n if (repoConfig?.require_branch_protection) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: \"No branch protection rulesets configured\",\n severity: \"error\",\n });\n }\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n }\n\n return createErrorResult(\n \"Repository Settings\",\n \"process.repo\",\n `Failed to check rulesets: ${msg}`,\n elapsed()\n );\n}\n\n/** Check repository rulesets and branch protection */\nasync function checkRulesets(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const repoConfig = config.process?.repo;\n\n if (!repoConfig?.enabled) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Repository settings check not enabled in config\",\n elapsed()\n );\n }\n\n try {\n const rulesets = await fetchRulesets(repoInfo);\n const violations = validateRulesets(rulesets, repoConfig);\n\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n return handleRulesetError(error, repoConfig, elapsed);\n }\n}\n\n/** Build file checks configuration from config */\nfunction buildFileChecks(config: Config): FileCheckConfig[] {\n const fileChecks: FileCheckConfig[] = [];\n\n if (config.process?.repo?.require_codeowners) {\n fileChecks.push({\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: true,\n description: \"CODEOWNERS file for code review assignment\",\n });\n }\n\n fileChecks.push(\n ...standardFileChecks.filter((check) => !fileChecks.some((fc) => fc.path === check.path))\n );\n\n return fileChecks;\n}\n\n/** Convert file check results to violations */\nfunction fileResultsToViolations(\n results: { path: string; exists: boolean; checkedPaths: string[] }[],\n fileChecks: FileCheckConfig[]\n): Violation[] {\n const violations: Violation[] = [];\n\n for (const result of results) {\n const checkConfig = fileChecks.find((fc) => fc.path === result.path);\n if (!result.exists && checkConfig?.required) {\n violations.push({\n rule: `process.scan.files.${result.path.replace(/[./]/g, \"_\")}`,\n tool: \"scan\",\n message: `Required file not found: ${result.path} (checked: ${result.checkedPaths.join(\", \")})`,\n severity: \"error\",\n });\n }\n }\n\n return violations;\n}\n\n/** Check remote files for existence */\nasync function checkFiles(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const fileChecks = buildFileChecks(config);\n\n if (fileChecks.length === 0) {\n return createSkippedResult(\n \"Repository Files\",\n \"process.scan.files\",\n \"No file checks configured\",\n elapsed()\n );\n }\n\n try {\n const results = await checkRemoteFiles(repoInfo, fileChecks);\n const violations = fileResultsToViolations(results, fileChecks);\n\n return {\n name: \"Repository Files\",\n rule: \"process.scan.files\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n const msg = error instanceof Error ? error.message : String(error);\n return createErrorResult(\n \"Repository Files\",\n \"process.scan.files\",\n `Failed to check files: ${msg}`,\n elapsed()\n );\n }\n}\n\n/** Aggregate check results into scan result */\nfunction aggregateResults(repoInfo: RemoteRepoInfo, checks: CheckResult[]): ScanResult {\n const violations = checks.flatMap((c) => c.violations);\n const passedChecks = checks.filter((c) => c.passed && !c.skipped).length;\n const failedChecks = checks.filter((c) => !c.passed && !c.skipped).length;\n const skippedChecks = checks.filter((c) => c.skipped).length;\n\n return {\n repoInfo,\n checks,\n violations,\n passed: failedChecks === 0,\n summary: { totalChecks: checks.length, passedChecks, failedChecks, skippedChecks },\n };\n}\n\n/** Run all remote scans for a repository */\nexport async function scanRepository(repo: string, config: Config): Promise<ScanResult> {\n const repoInfo = parseRepoString(repo);\n\n if (!(await isGhAvailable())) {\n throw new RemoteFetcherError(\n \"GitHub CLI (gh) not available. Install it from https://cli.github.com/\",\n \"NO_GH\"\n );\n }\n\n await verifyRepoAccess(repoInfo);\n\n const [rulesetsResult, filesResult] = await Promise.all([\n checkRulesets(repoInfo, config),\n checkFiles(repoInfo, config),\n ]);\n\n return aggregateResults(repoInfo, [rulesetsResult, filesResult]);\n}\n\n/** Programmatic API for validating remote process checks */\nexport async function validateProcess(\n options: ValidateProcessOptions\n): Promise<ValidateProcessResult> {\n const { loadConfigAsync } = await import(\"../../core/index.js\");\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const fs = await import(\"node:fs\");\n const path = await import(\"node:path\");\n const { fileURLToPath } = await import(\"node:url\");\n\n const __dirname = path.dirname(fileURLToPath(import.meta.url));\n const packageJsonPath = path.resolve(__dirname, \"..\", \"..\", \"..\", \"package.json\");\n const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, \"utf-8\")) as { version: string };\n\n return {\n version: packageJson.version,\n repoInfo: result.repoInfo,\n domain: \"process\",\n checks: result.checks,\n summary: {\n totalChecks: result.summary.totalChecks,\n passedChecks: result.summary.passedChecks,\n failedChecks: result.summary.failedChecks,\n totalViolations: result.violations.length,\n exitCode: result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND,\n },\n };\n}\n","import { execa } from \"execa\";\n\nimport { type FileCheckConfig, type FileCheckResult, type RemoteRepoInfo } from \"./types.js\";\n\n/** Error thrown when remote fetcher encounters an issue */\nexport class RemoteFetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\" | \"INVALID_REPO\"\n ) {\n super(message);\n this.name = \"RemoteFetcherError\";\n }\n}\n\n/** Parse owner/repo string into RemoteRepoInfo */\nexport function parseRepoString(repo: string): RemoteRepoInfo {\n const parts = repo.split(\"/\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n throw new RemoteFetcherError(\n `Invalid repository format: \"${repo}\". Expected \"owner/repo\" format.`,\n \"INVALID_REPO\"\n );\n }\n return { owner: parts[0], repo: parts[1] };\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Verify the repository exists and user has access */\nexport async function verifyRepoAccess(repoInfo: RemoteRepoInfo): Promise<boolean> {\n try {\n await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}`]);\n return true;\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"404\") || errorMessage.includes(\"Not Found\")) {\n throw new RemoteFetcherError(\n `Repository not found: ${repoInfo.owner}/${repoInfo.repo}`,\n \"NO_REPO\"\n );\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"401\")) {\n throw new RemoteFetcherError(\n `Cannot access repository: ${repoInfo.owner}/${repoInfo.repo}. Check your GITHUB_TOKEN permissions.`,\n \"NO_PERMISSION\"\n );\n }\n\n throw new RemoteFetcherError(\n `Failed to verify repository access: ${errorMessage}`,\n \"API_ERROR\"\n );\n }\n}\n\n/** Check if a file exists in the remote repository via GitHub Contents API */\nexport async function checkRemoteFileExists(\n repoInfo: RemoteRepoInfo,\n filePath: string\n): Promise<boolean> {\n try {\n await execa(\"gh\", [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/contents/${filePath}`,\n \"--silent\",\n ]);\n return true;\n } catch {\n // File doesn't exist or no access - both return false\n return false;\n }\n}\n\n/** Check multiple alternative paths for a file */\nasync function checkRemoteFileWithAlternatives(\n repoInfo: RemoteRepoInfo,\n config: FileCheckConfig\n): Promise<FileCheckResult> {\n const allPaths = [config.path, ...(config.alternativePaths ?? [])];\n\n for (const path of allPaths) {\n // Sequential check needed - stop on first match\n const exists = await checkRemoteFileExists(repoInfo, path);\n if (exists) {\n return { path: config.path, exists: true, checkedPaths: allPaths };\n }\n }\n\n return { path: config.path, exists: false, checkedPaths: allPaths };\n}\n\n/** Batch check multiple files in a repository */\nexport async function checkRemoteFiles(\n repoInfo: RemoteRepoInfo,\n configs: FileCheckConfig[]\n): Promise<FileCheckResult[]> {\n // Run checks in parallel for efficiency\n const results = await Promise.all(\n configs.map((config) => checkRemoteFileWithAlternatives(repoInfo, config))\n );\n return results;\n}\n\n/** Standard file checks for remote validation */\nexport const standardFileChecks: FileCheckConfig[] = [\n {\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: false,\n description: \"CODEOWNERS file for code review assignment\",\n },\n {\n path: \".github/PULL_REQUEST_TEMPLATE.md\",\n alternativePaths: [\n \".github/pull_request_template.md\",\n \"PULL_REQUEST_TEMPLATE.md\",\n \"pull_request_template.md\",\n ],\n required: false,\n description: \"Pull request template\",\n },\n {\n path: \"README.md\",\n alternativePaths: [\"readme.md\", \"README\"],\n required: false,\n description: \"Repository README\",\n },\n {\n path: \".github/workflows\",\n required: false,\n description: \"GitHub Actions workflows directory\",\n },\n];\n","import { type Config } from \"../../core/index.js\";\nimport { type Violation } from \"../../core/index.js\";\n\n/** GitHub Ruleset response types */\ninterface RulesetBypassActor {\n actor_id: number | null;\n actor_type: string;\n bypass_mode: string;\n}\n\ninterface RulesetRule {\n type: string;\n parameters?: {\n required_approving_review_count?: number;\n dismiss_stale_reviews_on_push?: boolean;\n require_code_owner_review?: boolean;\n required_status_checks?: { context: string }[];\n strict_required_status_checks_policy?: boolean;\n };\n}\n\nexport interface RulesetResponse {\n id: number;\n name: string;\n target: string;\n enforcement: string;\n conditions?: { ref_name?: { include?: string[]; exclude?: string[] } };\n bypass_actors?: RulesetBypassActor[];\n rules?: RulesetRule[];\n}\n\ntype RulesetConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"ruleset\"];\ntype TagProtectionConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"tag_protection\"];\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Find branch ruleset matching the target branch */\nfunction findBranchRuleset(\n rulesets: RulesetResponse[],\n branch: string\n): RulesetResponse | undefined {\n return rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n}\n\n/** Validate rulesets against config */\n// eslint-disable-next-line complexity\nexport function validateRulesets(\n rulesets: RulesetResponse[],\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"]\n): Violation[] {\n if (!repoConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rulesetConfig = repoConfig.ruleset;\n const branch = rulesetConfig?.branch ?? \"main\";\n const branchRuleset = findBranchRuleset(rulesets, branch);\n\n if (repoConfig.require_branch_protection && !branchRuleset) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: `Branch '${branch}' does not have a branch protection ruleset`,\n severity: \"error\",\n });\n }\n\n if (branchRuleset && rulesetConfig) {\n violations.push(...validateBranchRuleset(branchRuleset, rulesetConfig, branch));\n }\n\n if (repoConfig.tag_protection?.patterns?.length) {\n violations.push(...validateTagProtection(rulesets, repoConfig.tag_protection));\n }\n\n return violations;\n}\n\n/** Validate branch ruleset settings against config */\nfunction validateBranchRuleset(\n ruleset: RulesetResponse,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rules = ruleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n\n violations.push(...validatePullRequestRule(prRule, config, branch));\n violations.push(...validateStatusChecksRule(statusRule, config, branch));\n violations.push(...validateSignedCommits(rules, config, branch));\n violations.push(...validateBypassActors(ruleset.bypass_actors ?? [], config, branch));\n\n return violations;\n}\n\n/** Validate pull request rule settings */\n// eslint-disable-next-line complexity\nfunction validatePullRequestRule(\n prRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = prRule?.parameters;\n\n if (config.required_reviews !== undefined) {\n const actualReviews = params?.required_approving_review_count ?? 0;\n if (actualReviews < config.required_reviews) {\n violations.push({\n rule: \"process.repo.branch_protection.required_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' requires ${actualReviews} reviews, expected at least ${config.required_reviews}`,\n severity: \"error\",\n });\n }\n }\n\n if (config.dismiss_stale_reviews === true && !(params?.dismiss_stale_reviews_on_push ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.dismiss_stale_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not dismiss stale reviews on new commits`,\n severity: \"error\",\n });\n }\n\n if (config.require_code_owner_reviews === true && !(params?.require_code_owner_review ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.require_code_owner_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require code owner reviews`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate status checks rule settings */\n// eslint-disable-next-line complexity\nfunction validateStatusChecksRule(\n statusRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = statusRule?.parameters;\n\n if (config.require_status_checks && config.require_status_checks.length > 0) {\n const actualChecks = params?.required_status_checks?.map((c) => c.context) ?? [];\n const missingChecks = config.require_status_checks.filter(\n (check) => !actualChecks.includes(check)\n );\n if (missingChecks.length > 0) {\n violations.push({\n rule: \"process.repo.branch_protection.require_status_checks\",\n tool: \"scan\",\n message: `Branch '${branch}' missing required status checks: ${missingChecks.join(\", \")}`,\n severity: \"error\",\n });\n }\n }\n\n if (\n config.require_branches_up_to_date === true &&\n !(params?.strict_required_status_checks_policy ?? false)\n ) {\n violations.push({\n rule: \"process.repo.branch_protection.require_branches_up_to_date\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require branches to be up to date before merging`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate signed commits requirement */\nfunction validateSignedCommits(\n rules: RulesetRule[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.require_signed_commits !== true) {\n return [];\n }\n\n if (!rules.some((r) => r.type === \"required_signatures\")) {\n return [\n {\n rule: \"process.repo.branch_protection.require_signed_commits\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require signed commits`,\n severity: \"error\",\n },\n ];\n }\n\n return [];\n}\n\n/** Validate bypass actors configuration */\nfunction validateBypassActors(\n actualBypass: RulesetBypassActor[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.enforce_admins !== true || actualBypass.length === 0) {\n return [];\n }\n\n return [\n {\n rule: \"process.repo.branch_protection.enforce_admins\",\n tool: \"scan\",\n message: `Branch '${branch}' has bypass actors configured but enforce_admins requires no bypasses`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rulesets */\nfunction validateTagProtection(\n rulesets: RulesetResponse[],\n tagConfig: TagProtectionConfig\n): Violation[] {\n if (!tagConfig?.patterns?.length) {\n return [];\n }\n\n const violations: Violation[] = [];\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.enforcement === \"active\");\n\n if (!tagRuleset) {\n return [\n {\n rule: \"process.repo.tag_protection\",\n tool: \"scan\",\n message: \"No active tag protection ruleset found\",\n severity: \"error\",\n },\n ];\n }\n\n violations.push(...validateTagPatterns(tagConfig.patterns, tagRuleset));\n violations.push(...validateTagRules(tagConfig, tagRuleset.rules ?? []));\n\n return violations;\n}\n\n/** Validate tag patterns match */\nfunction validateTagPatterns(expectedPatterns: string[], tagRuleset: RulesetResponse): Violation[] {\n const expected = expectedPatterns.map((p) => `refs/tags/${p}`).sort();\n const actual = [...(tagRuleset.conditions?.ref_name?.include ?? [])].sort();\n\n if (expected.length === actual.length && expected.every((v, i) => v === actual[i])) {\n return [];\n }\n\n const found = actual.map((p) => p.replace(/^refs\\/tags\\//, \"\")).join(\", \");\n return [\n {\n rule: \"process.repo.tag_protection.patterns\",\n tool: \"scan\",\n message: `Tag protection patterns mismatch: expected [${expectedPatterns.join(\", \")}], found [${found}]`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rules */\nfunction validateTagRules(tagConfig: TagProtectionConfig, rules: RulesetRule[]): Violation[] {\n if (!tagConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n\n if (tagConfig.prevent_deletion !== false && !rules.some((r) => r.type === \"deletion\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_deletion\",\n tool: \"scan\",\n message: \"Tag protection does not prevent deletion\",\n severity: \"error\",\n });\n }\n\n if (tagConfig.prevent_update !== false && !rules.some((r) => r.type === \"update\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_update\",\n tool: \"scan\",\n message: \"Tag protection does not prevent updates (force-push)\",\n severity: \"error\",\n });\n }\n\n return violations;\n}\n"],"mappings":";;;;;;;;AAAA,OAAO,WAAW;;;ACAlB,SAAS,SAAAA,cAAa;;;ACAtB,SAAS,aAAa;AAKf,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,SAAS,gBAAgB,MAA8B;AAC5D,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,+BAA+B,IAAI;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAE,OAAO,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,EAAE;AAC3C;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,iBAAiB,UAA4C;AACjF,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,EAAE,CAAC;AACrE,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,WAAW,GAAG;AACtE,YAAM,IAAI;AAAA,QACR,yBAAyB,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QACxD;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,KAAK,GAAG;AAChE,YAAM,IAAI;AAAA,QACR,6BAA6B,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QAC5D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,uCAAuC,YAAY;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBACpB,UACA,UACkB;AAClB,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,QAAQ;AAAA,MAC7D;AAAA,IACF,CAAC;AACD,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAGA,eAAe,gCACb,UACA,QAC0B;AAC1B,QAAM,WAAW,CAAC,OAAO,MAAM,GAAI,OAAO,oBAAoB,CAAC,CAAE;AAEjE,aAAW,QAAQ,UAAU;AAE3B,UAAM,SAAS,MAAM,sBAAsB,UAAU,IAAI;AACzD,QAAI,QAAQ;AACV,aAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,MAAM,cAAc,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,SAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,OAAO,cAAc,SAAS;AACpE;AAGA,eAAsB,iBACpB,UACA,SAC4B;AAE5B,QAAM,UAAU,MAAM,QAAQ;AAAA,IAC5B,QAAQ,IAAI,CAAC,WAAW,gCAAgC,UAAU,MAAM,CAAC;AAAA,EAC3E;AACA,SAAO;AACT;AAGO,IAAM,qBAAwC;AAAA,EACnD;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,IAC1D,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,aAAa,QAAQ;AAAA,IACxC,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;;;AC5GA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBACP,UACA,QAC6B;AAC7B,SAAO,SAAS;AAAA,IACd,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AACF;AAIO,SAAS,iBACd,UACA,YACa;AACb,MAAI,CAAC,YAAY;AACf,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,gBAAgB,WAAW;AACjC,QAAM,SAAS,eAAe,UAAU;AACxC,QAAM,gBAAgB,kBAAkB,UAAU,MAAM;AAExD,MAAI,WAAW,6BAA6B,CAAC,eAAe;AAC1D,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,iBAAiB,eAAe;AAClC,eAAW,KAAK,GAAG,sBAAsB,eAAe,eAAe,MAAM,CAAC;AAAA,EAChF;AAEA,MAAI,WAAW,gBAAgB,UAAU,QAAQ;AAC/C,eAAW,KAAK,GAAG,sBAAsB,UAAU,WAAW,cAAc,CAAC;AAAA,EAC/E;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,SACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,QAAQ,QAAQ,SAAS,CAAC;AAChC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AAExE,aAAW,KAAK,GAAG,wBAAwB,QAAQ,QAAQ,MAAM,CAAC;AAClE,aAAW,KAAK,GAAG,yBAAyB,YAAY,QAAQ,MAAM,CAAC;AACvE,aAAW,KAAK,GAAG,sBAAsB,OAAO,QAAQ,MAAM,CAAC;AAC/D,aAAW,KAAK,GAAG,qBAAqB,QAAQ,iBAAiB,CAAC,GAAG,QAAQ,MAAM,CAAC;AAEpF,SAAO;AACT;AAIA,SAAS,wBACP,QACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,QAAQ;AAEvB,MAAI,OAAO,qBAAqB,QAAW;AACzC,UAAM,gBAAgB,QAAQ,mCAAmC;AACjE,QAAI,gBAAgB,OAAO,kBAAkB;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,cAAc,aAAa,+BAA+B,OAAO,gBAAgB;AAAA,QAC3G,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,0BAA0B,QAAQ,EAAE,QAAQ,iCAAiC,QAAQ;AAC9F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,+BAA+B,QAAQ,EAAE,QAAQ,6BAA6B,QAAQ;AAC/F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAIA,SAAS,yBACP,YACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,YAAY;AAE3B,MAAI,OAAO,yBAAyB,OAAO,sBAAsB,SAAS,GAAG;AAC3E,UAAM,eAAe,QAAQ,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK,CAAC;AAC/E,UAAM,gBAAgB,OAAO,sBAAsB;AAAA,MACjD,CAAC,UAAU,CAAC,aAAa,SAAS,KAAK;AAAA,IACzC;AACA,QAAI,cAAc,SAAS,GAAG;AAC5B,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,qCAAqC,cAAc,KAAK,IAAI,CAAC;AAAA,QACvF,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MACE,OAAO,gCAAgC,QACvC,EAAE,QAAQ,wCAAwC,QAClD;AACA,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,OACA,QACA,QACa;AACb,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB,GAAG;AACxD,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM;AAAA,QAC1B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO,CAAC;AACV;AAGA,SAAS,qBACP,cACA,QACA,QACa;AACb,MAAI,QAAQ,mBAAmB,QAAQ,aAAa,WAAW,GAAG;AAChE,WAAO,CAAC;AAAA,EACV;AAEA,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,sBACP,UACA,WACa;AACb,MAAI,CAAC,WAAW,UAAU,QAAQ;AAChC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,gBAAgB,QAAQ;AAExF,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,aAAW,KAAK,GAAG,oBAAoB,UAAU,UAAU,UAAU,CAAC;AACtE,aAAW,KAAK,GAAG,iBAAiB,WAAW,WAAW,SAAS,CAAC,CAAC,CAAC;AAEtE,SAAO;AACT;AAGA,SAAS,oBAAoB,kBAA4B,YAA0C;AACjG,QAAM,WAAW,iBAAiB,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE,EAAE,KAAK;AACpE,QAAM,SAAS,CAAC,GAAI,WAAW,YAAY,UAAU,WAAW,CAAC,CAAE,EAAE,KAAK;AAE1E,MAAI,SAAS,WAAW,OAAO,UAAU,SAAS,MAAM,CAAC,GAAG,MAAM,MAAM,OAAO,CAAC,CAAC,GAAG;AAClF,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,EAAE,KAAK,IAAI;AACzE,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,+CAA+C,iBAAiB,KAAK,IAAI,CAAC,aAAa,KAAK;AAAA,MACrG,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,WAAgC,OAAmC;AAC3F,MAAI,CAAC,WAAW;AACd,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AAEjC,MAAI,UAAU,qBAAqB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU,GAAG;AACrF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,UAAU,mBAAmB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,GAAG;AACjF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AF7TA,eAAe,cAAc,UAAsD;AACjF,QAAM,SAAS,MAAMC,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAC7F,SAAO,KAAK,MAAM,OAAO,MAAM;AACjC;AAGA,SAAS,oBACP,MACA,MACA,QACA,UACa;AACb,SAAO,EAAE,MAAM,MAAM,QAAQ,MAAM,YAAY,CAAC,GAAG,SAAS,MAAM,YAAY,QAAQ,SAAS;AACjG;AAGA,SAAS,kBACP,MACA,MACA,SACA,UACa;AACb,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,YAAY,CAAC,EAAE,MAAM,MAAM,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAAA,IAC/D,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAGA,SAAS,mBACP,OACA,YACA,SACa;AACb,QAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAEjE,MAAI,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,wBAAwB,GAAG;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,IAAI,SAAS,KAAK,GAAG;AACvB,UAAM,aAA0B,CAAC;AACjC,QAAI,YAAY,2BAA2B;AACzC,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,6BAA6B,GAAG;AAAA,IAChC,QAAQ;AAAA,EACV;AACF;AAGA,eAAe,cAAc,UAA0B,QAAsC;AAC3F,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,OAAO,SAAS;AAEnC,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,cAAc,QAAQ;AAC7C,UAAM,aAAa,iBAAiB,UAAU,UAAU;AAExD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,WAAO,mBAAmB,OAAO,YAAY,OAAO;AAAA,EACtD;AACF;AAGA,SAAS,gBAAgB,QAAmC;AAC1D,QAAM,aAAgC,CAAC;AAEvC,MAAI,OAAO,SAAS,MAAM,oBAAoB;AAC5C,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,MAC1D,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,aAAW;AAAA,IACT,GAAG,mBAAmB,OAAO,CAAC,UAAU,CAAC,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,MAAM,IAAI,CAAC;AAAA,EAC1F;AAEA,SAAO;AACT;AAGA,SAAS,wBACP,SACA,YACa;AACb,QAAM,aAA0B,CAAC;AAEjC,aAAW,UAAU,SAAS;AAC5B,UAAM,cAAc,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,OAAO,IAAI;AACnE,QAAI,CAAC,OAAO,UAAU,aAAa,UAAU;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM,sBAAsB,OAAO,KAAK,QAAQ,SAAS,GAAG,CAAC;AAAA,QAC7D,MAAM;AAAA,QACN,SAAS,4BAA4B,OAAO,IAAI,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC;AAAA,QAC5F,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAe,WAAW,UAA0B,QAAsC;AACxF,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,gBAAgB,MAAM;AAEzC,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,UAAU,MAAM,iBAAiB,UAAU,UAAU;AAC3D,UAAM,aAAa,wBAAwB,SAAS,UAAU;AAE9D,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,UAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,0BAA0B,GAAG;AAAA,MAC7B,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,UAA0B,QAAmC;AACrF,QAAM,aAAa,OAAO,QAAQ,CAAC,MAAM,EAAE,UAAU;AACrD,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AAClE,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AACnE,QAAM,gBAAgB,OAAO,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ,iBAAiB;AAAA,IACzB,SAAS,EAAE,aAAa,OAAO,QAAQ,cAAc,cAAc,cAAc;AAAA,EACnF;AACF;AAGA,eAAsB,eAAe,MAAc,QAAqC;AACtF,QAAM,WAAW,gBAAgB,IAAI;AAErC,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,QAAQ;AAE/B,QAAM,CAAC,gBAAgB,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,IACtD,cAAc,UAAU,MAAM;AAAA,IAC9B,WAAW,UAAU,MAAM;AAAA,EAC7B,CAAC;AAED,SAAO,iBAAiB,UAAU,CAAC,gBAAgB,WAAW,CAAC;AACjE;AAGA,eAAsB,gBACpB,SACgC;AAChC,QAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM,OAAO,oBAAqB;AAC9D,QAAM,EAAE,OAAO,IAAI,MAAMA,iBAAgB,QAAQ,MAAM;AACvD,QAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,QAAM,KAAK,MAAM,OAAO,IAAS;AACjC,QAAM,OAAO,MAAM,OAAO,MAAW;AACrC,QAAM,EAAE,cAAc,IAAI,MAAM,OAAO,KAAU;AAEjD,QAAM,YAAY,KAAK,QAAQ,cAAc,YAAY,GAAG,CAAC;AAC7D,QAAM,kBAAkB,KAAK,QAAQ,WAAW,MAAM,MAAM,MAAM,cAAc;AAChF,QAAM,cAAc,KAAK,MAAM,GAAG,aAAa,iBAAiB,OAAO,CAAC;AAExE,SAAO;AAAA,IACL,SAAS,YAAY;AAAA,IACrB,UAAU,OAAO;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ,OAAO;AAAA,IACf,SAAS;AAAA,MACP,aAAa,OAAO,QAAQ;AAAA,MAC5B,cAAc,OAAO,QAAQ;AAAA,MAC7B,cAAc,OAAO,QAAQ;AAAA,MAC7B,iBAAiB,OAAO,WAAW;AAAA,MACnC,UAAU,OAAO,SAAS,SAAS,UAAU,SAAS;AAAA,IACxD;AAAA,EACF;AACF;;;ADjQA,SAAS,eAAe,QAA4B;AAClD,QAAM,QAAkB,CAAC;AAEzB,QAAM,KAAK,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACzE,QAAM,KAAK,EAAE;AAEb,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI,MAAM,SAAS;AACjB,YAAM,KAAK,MAAM,OAAO,UAAK,MAAM,IAAI,cAAc,MAAM,UAAU,GAAG,CAAC;AAAA,IAC3E,WAAW,MAAM,QAAQ;AACvB,YAAM,KAAK,MAAM,MAAM,UAAK,MAAM,IAAI,EAAE,CAAC;AAAA,IAC3C,OAAO;AACL,YAAM,KAAK,MAAM,IAAI,UAAK,MAAM,IAAI,EAAE,CAAC;AACvC,iBAAW,aAAa,MAAM,YAAY;AACxC,cAAM,KAAK,MAAM,IAAI,YAAO,UAAU,OAAO,EAAE,CAAC;AAAA,MAClD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,KAAK,EAAE;AACb,QAAM;AAAA,IACJ,YAAY,OAAO,QAAQ,YAAY,YAClC,OAAO,QAAQ,YAAY,YAC3B,OAAO,QAAQ,aAAa;AAAA,EACnC;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGA,SAAS,eAAe,QAA4B;AAClD,SAAO,KAAK,UAAU,QAAQ,MAAM,CAAC;AACvC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,MAAM,gBAAgB,QAAQ,MAAM;AACvD,UAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,UAAM,SAAS,QAAQ,WAAW,SAAS,eAAe,MAAM,IAAI,eAAe,MAAM;AAEzF,YAAQ,OAAO,MAAM,GAAG,MAAM;AAAA,CAAI;AAClC,YAAQ,KAAK,OAAO,SAAS,SAAS,UAAU,SAAS,gBAAgB;AAAA,EAC3E,SAAS,OAAO;AACd,QAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,QACP,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D,MAAO,MAA4B,QAAQ;AAAA,MAC7C;AACA,cAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,IAC/D,OAAO;AACL,cAAQ,MAAM,MAAM,IAAI,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC,EAAE,CAAC;AAAA,IAC7F;AACA,YAAQ,KAAK,SAAS,aAAa;AAAA,EACrC;AACF;","names":["execa","execa","loadConfigAsync"]}
1
+ {"version":3,"sources":["../src/process/scan/index.ts","../src/process/scan/scanner.ts","../src/process/scan/remote-fetcher.ts","../src/process/scan/validators.ts"],"sourcesContent":["import chalk from \"chalk\";\n\nimport { loadConfigAsync } from \"../../core/index.js\";\nimport { ExitCode } from \"../../core/index.js\";\nimport { scanRepository } from \"./scanner.js\";\nimport { type ScanOptions, type ScanResult } from \"./types.js\";\n\n// Re-export public API types\nexport {\n type RemoteRepoInfo,\n type ScanOptions,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\n\n// Re-export scanner\nexport { scanRepository, validateProcess } from \"./scanner.js\";\n\n/** Format scan result as text */\nfunction formatScanText(result: ScanResult): string {\n const lines: string[] = [];\n\n lines.push(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n lines.push(\"\");\n\n for (const check of result.checks) {\n if (check.skipped) {\n lines.push(chalk.yellow(`⊘ ${check.name} (skipped: ${check.skipReason})`));\n } else if (check.passed) {\n lines.push(chalk.green(`✓ ${check.name}`));\n } else {\n lines.push(chalk.red(`✗ ${check.name}`));\n for (const violation of check.violations) {\n lines.push(chalk.red(` • ${violation.message}`));\n }\n }\n }\n\n lines.push(\"\");\n lines.push(\n `Summary: ${result.summary.passedChecks} passed, ` +\n `${result.summary.failedChecks} failed, ` +\n `${result.summary.skippedChecks} skipped`\n );\n\n return lines.join(\"\\n\");\n}\n\n/** Format scan result as JSON */\nfunction formatScanJson(result: ScanResult): string {\n return JSON.stringify(result, null, 2);\n}\n\n/** Run the scan command */\nexport async function runScan(options: ScanOptions): Promise<void> {\n try {\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const output = options.format === \"json\" ? formatScanJson(result) : formatScanText(result);\n\n process.stdout.write(`${output}\\n`);\n process.exit(result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND);\n } catch (error) {\n if (options.format === \"json\") {\n const errorObj = {\n error: true,\n message: error instanceof Error ? error.message : String(error),\n code: (error as { code?: string }).code ?? \"UNKNOWN\",\n };\n process.stdout.write(`${JSON.stringify(errorObj, null, 2)}\\n`);\n } else {\n console.error(chalk.red(`Error: ${error instanceof Error ? error.message : String(error)}`));\n }\n process.exit(ExitCode.RUNTIME_ERROR);\n }\n}\n","import { execa } from \"execa\";\n\nimport { type Config } from \"../../core/index.js\";\nimport { type CheckResult, ExitCode, type Violation } from \"../../core/index.js\";\nimport {\n checkRemoteFiles,\n isGhAvailable,\n parseRepoString,\n RemoteFetcherError,\n standardFileChecks,\n verifyRepoAccess,\n} from \"./remote-fetcher.js\";\nimport {\n type FileCheckConfig,\n type RemoteRepoInfo,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\nimport { type RulesetResponse, validateRulesets } from \"./validators.js\";\n\n/** Fetch rulesets from GitHub API */\nasync function fetchRulesets(repoInfo: RemoteRepoInfo): Promise<RulesetResponse[]> {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n return JSON.parse(result.stdout) as RulesetResponse[];\n}\n\n/** Create a skipped check result */\nfunction createSkippedResult(\n name: string,\n rule: string,\n reason: string,\n duration: number\n): CheckResult {\n return { name, rule, passed: true, violations: [], skipped: true, skipReason: reason, duration };\n}\n\n/** Create an error check result */\nfunction createErrorResult(\n name: string,\n rule: string,\n message: string,\n duration: number\n): CheckResult {\n return {\n name,\n rule,\n passed: false,\n violations: [{ rule, tool: \"scan\", message, severity: \"error\" }],\n skipped: false,\n duration,\n };\n}\n\n/** Handle API errors for ruleset fetching */\nfunction handleRulesetError(\n error: unknown,\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"],\n elapsed: () => number\n): CheckResult {\n const msg = error instanceof Error ? error.message : String(error);\n\n if (msg.includes(\"403\") || msg.includes(\"Must have admin rights\")) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Cannot check rulesets: insufficient permissions (requires admin access)\",\n elapsed()\n );\n }\n\n if (msg.includes(\"404\")) {\n const violations: Violation[] = [];\n if (repoConfig?.require_branch_protection) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: \"No branch protection rulesets configured\",\n severity: \"error\",\n });\n }\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n }\n\n return createErrorResult(\n \"Repository Settings\",\n \"process.repo\",\n `Failed to check rulesets: ${msg}`,\n elapsed()\n );\n}\n\n/** Check repository rulesets and branch protection */\nasync function checkRulesets(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const repoConfig = config.process?.repo;\n\n if (!repoConfig?.enabled) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Repository settings check not enabled in config\",\n elapsed()\n );\n }\n\n try {\n const rulesets = await fetchRulesets(repoInfo);\n const violations = validateRulesets(rulesets, repoConfig);\n\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n return handleRulesetError(error, repoConfig, elapsed);\n }\n}\n\n/** Build file checks configuration from config */\nfunction buildFileChecks(config: Config): FileCheckConfig[] {\n const fileChecks: FileCheckConfig[] = [];\n\n if (config.process?.repo?.require_codeowners) {\n fileChecks.push({\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: true,\n description: \"CODEOWNERS file for code review assignment\",\n });\n }\n\n fileChecks.push(\n ...standardFileChecks.filter((check) => !fileChecks.some((fc) => fc.path === check.path))\n );\n\n return fileChecks;\n}\n\n/** Convert file check results to violations */\nfunction fileResultsToViolations(\n results: { path: string; exists: boolean; checkedPaths: string[] }[],\n fileChecks: FileCheckConfig[]\n): Violation[] {\n const violations: Violation[] = [];\n\n for (const result of results) {\n const checkConfig = fileChecks.find((fc) => fc.path === result.path);\n if (!result.exists && checkConfig?.required) {\n violations.push({\n rule: `process.scan.files.${result.path.replace(/[./]/g, \"_\")}`,\n tool: \"scan\",\n message: `Required file not found: ${result.path} (checked: ${result.checkedPaths.join(\", \")})`,\n severity: \"error\",\n });\n }\n }\n\n return violations;\n}\n\n/** Check remote files for existence */\nasync function checkFiles(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const fileChecks = buildFileChecks(config);\n\n if (fileChecks.length === 0) {\n return createSkippedResult(\n \"Repository Files\",\n \"process.scan.files\",\n \"No file checks configured\",\n elapsed()\n );\n }\n\n try {\n const results = await checkRemoteFiles(repoInfo, fileChecks);\n const violations = fileResultsToViolations(results, fileChecks);\n\n return {\n name: \"Repository Files\",\n rule: \"process.scan.files\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n const msg = error instanceof Error ? error.message : String(error);\n return createErrorResult(\n \"Repository Files\",\n \"process.scan.files\",\n `Failed to check files: ${msg}`,\n elapsed()\n );\n }\n}\n\n/** Aggregate check results into scan result */\nfunction aggregateResults(repoInfo: RemoteRepoInfo, checks: CheckResult[]): ScanResult {\n const violations = checks.flatMap((c) => c.violations);\n const passedChecks = checks.filter((c) => c.passed && !c.skipped).length;\n const failedChecks = checks.filter((c) => !c.passed && !c.skipped).length;\n const skippedChecks = checks.filter((c) => c.skipped).length;\n\n return {\n repoInfo,\n checks,\n violations,\n passed: failedChecks === 0,\n summary: { totalChecks: checks.length, passedChecks, failedChecks, skippedChecks },\n };\n}\n\n/** Run all remote scans for a repository */\nexport async function scanRepository(repo: string, config: Config): Promise<ScanResult> {\n const repoInfo = parseRepoString(repo);\n\n if (!(await isGhAvailable())) {\n throw new RemoteFetcherError(\n \"GitHub CLI (gh) not available. Install it from https://cli.github.com/\",\n \"NO_GH\"\n );\n }\n\n await verifyRepoAccess(repoInfo);\n\n const [rulesetsResult, filesResult] = await Promise.all([\n checkRulesets(repoInfo, config),\n checkFiles(repoInfo, config),\n ]);\n\n return aggregateResults(repoInfo, [rulesetsResult, filesResult]);\n}\n\n/** Programmatic API for validating remote process checks */\nexport async function validateProcess(\n options: ValidateProcessOptions\n): Promise<ValidateProcessResult> {\n const { loadConfigAsync } = await import(\"../../core/index.js\");\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const fs = await import(\"node:fs\");\n const path = await import(\"node:path\");\n const { fileURLToPath } = await import(\"node:url\");\n\n const __dirname = path.dirname(fileURLToPath(import.meta.url));\n const packageJsonPath = path.resolve(__dirname, \"..\", \"..\", \"..\", \"package.json\");\n const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, \"utf-8\")) as { version: string };\n\n return {\n version: packageJson.version,\n repoInfo: result.repoInfo,\n domain: \"process\",\n checks: result.checks,\n summary: {\n totalChecks: result.summary.totalChecks,\n passedChecks: result.summary.passedChecks,\n failedChecks: result.summary.failedChecks,\n totalViolations: result.violations.length,\n exitCode: result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND,\n },\n };\n}\n","import { execa } from \"execa\";\n\nimport { type FileCheckConfig, type FileCheckResult, type RemoteRepoInfo } from \"./types.js\";\n\n/** Error thrown when remote fetcher encounters an issue */\nexport class RemoteFetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\" | \"INVALID_REPO\"\n ) {\n super(message);\n this.name = \"RemoteFetcherError\";\n }\n}\n\n/** Parse owner/repo string into RemoteRepoInfo */\nexport function parseRepoString(repo: string): RemoteRepoInfo {\n const parts = repo.split(\"/\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n throw new RemoteFetcherError(\n `Invalid repository format: \"${repo}\". Expected \"owner/repo\" format.`,\n \"INVALID_REPO\"\n );\n }\n return { owner: parts[0], repo: parts[1] };\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Verify the repository exists and user has access */\nexport async function verifyRepoAccess(repoInfo: RemoteRepoInfo): Promise<boolean> {\n try {\n await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}`]);\n return true;\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"404\") || errorMessage.includes(\"Not Found\")) {\n throw new RemoteFetcherError(\n `Repository not found: ${repoInfo.owner}/${repoInfo.repo}`,\n \"NO_REPO\"\n );\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"401\")) {\n throw new RemoteFetcherError(\n `Cannot access repository: ${repoInfo.owner}/${repoInfo.repo}. Check your GITHUB_TOKEN permissions.`,\n \"NO_PERMISSION\"\n );\n }\n\n throw new RemoteFetcherError(\n `Failed to verify repository access: ${errorMessage}`,\n \"API_ERROR\"\n );\n }\n}\n\n/** Check if a file exists in the remote repository via GitHub Contents API */\nexport async function checkRemoteFileExists(\n repoInfo: RemoteRepoInfo,\n filePath: string\n): Promise<boolean> {\n try {\n await execa(\"gh\", [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/contents/${filePath}`,\n \"--silent\",\n ]);\n return true;\n } catch {\n // File doesn't exist or no access - both return false\n return false;\n }\n}\n\n/** Check multiple alternative paths for a file */\nasync function checkRemoteFileWithAlternatives(\n repoInfo: RemoteRepoInfo,\n config: FileCheckConfig\n): Promise<FileCheckResult> {\n const allPaths = [config.path, ...(config.alternativePaths ?? [])];\n\n for (const path of allPaths) {\n // Sequential check needed - stop on first match\n const exists = await checkRemoteFileExists(repoInfo, path);\n if (exists) {\n return { path: config.path, exists: true, checkedPaths: allPaths };\n }\n }\n\n return { path: config.path, exists: false, checkedPaths: allPaths };\n}\n\n/** Batch check multiple files in a repository */\nexport async function checkRemoteFiles(\n repoInfo: RemoteRepoInfo,\n configs: FileCheckConfig[]\n): Promise<FileCheckResult[]> {\n // Run checks in parallel for efficiency\n const results = await Promise.all(\n configs.map((config) => checkRemoteFileWithAlternatives(repoInfo, config))\n );\n return results;\n}\n\n/** Standard file checks for remote validation */\nexport const standardFileChecks: FileCheckConfig[] = [\n {\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: false,\n description: \"CODEOWNERS file for code review assignment\",\n },\n {\n path: \".github/PULL_REQUEST_TEMPLATE.md\",\n alternativePaths: [\n \".github/pull_request_template.md\",\n \"PULL_REQUEST_TEMPLATE.md\",\n \"pull_request_template.md\",\n ],\n required: false,\n description: \"Pull request template\",\n },\n {\n path: \"README.md\",\n alternativePaths: [\"readme.md\", \"README\"],\n required: false,\n description: \"Repository README\",\n },\n {\n path: \".github/workflows\",\n required: false,\n description: \"GitHub Actions workflows directory\",\n },\n];\n","import { type Config } from \"../../core/index.js\";\nimport { type Violation } from \"../../core/index.js\";\n\n/** GitHub Ruleset response types */\ninterface RulesetBypassActor {\n actor_id: number | null;\n actor_type: string;\n bypass_mode: string;\n}\n\ninterface RulesetRule {\n type: string;\n parameters?: {\n required_approving_review_count?: number;\n dismiss_stale_reviews_on_push?: boolean;\n require_code_owner_review?: boolean;\n required_status_checks?: { context: string }[];\n strict_required_status_checks_policy?: boolean;\n };\n}\n\nexport interface RulesetResponse {\n id: number;\n name: string;\n target: string;\n enforcement: string;\n conditions?: { ref_name?: { include?: string[]; exclude?: string[] } };\n bypass_actors?: RulesetBypassActor[];\n rules?: RulesetRule[];\n}\n\ntype RulesetConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"ruleset\"];\ntype TagProtectionConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"tag_protection\"];\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Find branch ruleset matching the target branch */\nfunction findBranchRuleset(\n rulesets: RulesetResponse[],\n branch: string\n): RulesetResponse | undefined {\n return rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n}\n\n/** Validate rulesets against config */\n// eslint-disable-next-line complexity\nexport function validateRulesets(\n rulesets: RulesetResponse[],\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"]\n): Violation[] {\n if (!repoConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rulesetConfig = repoConfig.ruleset;\n const branch = rulesetConfig?.branch ?? \"main\";\n const branchRuleset = findBranchRuleset(rulesets, branch);\n\n if (repoConfig.require_branch_protection && !branchRuleset) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: `Branch '${branch}' does not have a branch protection ruleset`,\n severity: \"error\",\n });\n }\n\n if (branchRuleset && rulesetConfig) {\n violations.push(...validateBranchRuleset(branchRuleset, rulesetConfig, branch));\n }\n\n if (repoConfig.tag_protection?.patterns?.length) {\n violations.push(...validateTagProtection(rulesets, repoConfig.tag_protection));\n }\n\n return violations;\n}\n\n/** Validate branch ruleset settings against config */\nfunction validateBranchRuleset(\n ruleset: RulesetResponse,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rules = ruleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n\n violations.push(...validatePullRequestRule(prRule, config, branch));\n violations.push(...validateStatusChecksRule(statusRule, config, branch));\n violations.push(...validateSignedCommits(rules, config, branch));\n violations.push(...validateBypassActors(ruleset.bypass_actors ?? [], config, branch));\n\n return violations;\n}\n\n/** Validate pull request rule settings */\n// eslint-disable-next-line complexity\nfunction validatePullRequestRule(\n prRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = prRule?.parameters;\n\n if (config.required_reviews !== undefined) {\n const actualReviews = params?.required_approving_review_count ?? 0;\n if (actualReviews < config.required_reviews) {\n violations.push({\n rule: \"process.repo.branch_protection.required_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' requires ${actualReviews} reviews, expected at least ${config.required_reviews}`,\n severity: \"error\",\n });\n }\n }\n\n if (config.dismiss_stale_reviews === true && !(params?.dismiss_stale_reviews_on_push ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.dismiss_stale_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not dismiss stale reviews on new commits`,\n severity: \"error\",\n });\n }\n\n if (config.require_code_owner_reviews === true && !(params?.require_code_owner_review ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.require_code_owner_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require code owner reviews`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate status checks rule settings */\n// eslint-disable-next-line complexity\nfunction validateStatusChecksRule(\n statusRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = statusRule?.parameters;\n\n if (config.require_status_checks && config.require_status_checks.length > 0) {\n const actualChecks = params?.required_status_checks?.map((c) => c.context) ?? [];\n const missingChecks = config.require_status_checks.filter(\n (check) => !actualChecks.includes(check)\n );\n if (missingChecks.length > 0) {\n violations.push({\n rule: \"process.repo.branch_protection.require_status_checks\",\n tool: \"scan\",\n message: `Branch '${branch}' missing required status checks: ${missingChecks.join(\", \")}`,\n severity: \"error\",\n });\n }\n }\n\n if (\n config.require_branches_up_to_date === true &&\n !(params?.strict_required_status_checks_policy ?? false)\n ) {\n violations.push({\n rule: \"process.repo.branch_protection.require_branches_up_to_date\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require branches to be up to date before merging`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate signed commits requirement */\nfunction validateSignedCommits(\n rules: RulesetRule[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.require_signed_commits !== true) {\n return [];\n }\n\n if (!rules.some((r) => r.type === \"required_signatures\")) {\n return [\n {\n rule: \"process.repo.branch_protection.require_signed_commits\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require signed commits`,\n severity: \"error\",\n },\n ];\n }\n\n return [];\n}\n\n/** Validate bypass actors configuration */\nfunction validateBypassActors(\n actualBypass: RulesetBypassActor[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.enforce_admins !== true || actualBypass.length === 0) {\n return [];\n }\n\n return [\n {\n rule: \"process.repo.branch_protection.enforce_admins\",\n tool: \"scan\",\n message: `Branch '${branch}' has bypass actors configured but enforce_admins requires no bypasses`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rulesets */\nfunction validateTagProtection(\n rulesets: RulesetResponse[],\n tagConfig: TagProtectionConfig\n): Violation[] {\n if (!tagConfig?.patterns?.length) {\n return [];\n }\n\n const violations: Violation[] = [];\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.enforcement === \"active\");\n\n if (!tagRuleset) {\n return [\n {\n rule: \"process.repo.tag_protection\",\n tool: \"scan\",\n message: \"No active tag protection ruleset found\",\n severity: \"error\",\n },\n ];\n }\n\n violations.push(...validateTagPatterns(tagConfig.patterns, tagRuleset));\n violations.push(...validateTagRules(tagConfig, tagRuleset.rules ?? []));\n\n return violations;\n}\n\n/** Validate tag patterns match */\nfunction validateTagPatterns(expectedPatterns: string[], tagRuleset: RulesetResponse): Violation[] {\n const expected = expectedPatterns.map((p) => `refs/tags/${p}`).sort();\n const actual = [...(tagRuleset.conditions?.ref_name?.include ?? [])].sort();\n\n if (expected.length === actual.length && expected.every((v, i) => v === actual[i])) {\n return [];\n }\n\n const found = actual.map((p) => p.replace(/^refs\\/tags\\//, \"\")).join(\", \");\n return [\n {\n rule: \"process.repo.tag_protection.patterns\",\n tool: \"scan\",\n message: `Tag protection patterns mismatch: expected [${expectedPatterns.join(\", \")}], found [${found}]`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rules */\nfunction validateTagRules(tagConfig: TagProtectionConfig, rules: RulesetRule[]): Violation[] {\n if (!tagConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n\n if (tagConfig.prevent_deletion !== false && !rules.some((r) => r.type === \"deletion\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_deletion\",\n tool: \"scan\",\n message: \"Tag protection does not prevent deletion\",\n severity: \"error\",\n });\n }\n\n if (tagConfig.prevent_update !== false && !rules.some((r) => r.type === \"update\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_update\",\n tool: \"scan\",\n message: \"Tag protection does not prevent updates (force-push)\",\n severity: \"error\",\n });\n }\n\n return violations;\n}\n"],"mappings":";;;;;;;;;AAAA,OAAO,WAAW;;;ACAlB,SAAS,SAAAA,cAAa;;;ACAtB,SAAS,aAAa;AAKf,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,SAAS,gBAAgB,MAA8B;AAC5D,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,+BAA+B,IAAI;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAE,OAAO,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,EAAE;AAC3C;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,iBAAiB,UAA4C;AACjF,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,EAAE,CAAC;AACrE,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,WAAW,GAAG;AACtE,YAAM,IAAI;AAAA,QACR,yBAAyB,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QACxD;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,KAAK,GAAG;AAChE,YAAM,IAAI;AAAA,QACR,6BAA6B,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QAC5D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,uCAAuC,YAAY;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBACpB,UACA,UACkB;AAClB,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,QAAQ;AAAA,MAC7D;AAAA,IACF,CAAC;AACD,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAGA,eAAe,gCACb,UACA,QAC0B;AAC1B,QAAM,WAAW,CAAC,OAAO,MAAM,GAAI,OAAO,oBAAoB,CAAC,CAAE;AAEjE,aAAW,QAAQ,UAAU;AAE3B,UAAM,SAAS,MAAM,sBAAsB,UAAU,IAAI;AACzD,QAAI,QAAQ;AACV,aAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,MAAM,cAAc,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,SAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,OAAO,cAAc,SAAS;AACpE;AAGA,eAAsB,iBACpB,UACA,SAC4B;AAE5B,QAAM,UAAU,MAAM,QAAQ;AAAA,IAC5B,QAAQ,IAAI,CAAC,WAAW,gCAAgC,UAAU,MAAM,CAAC;AAAA,EAC3E;AACA,SAAO;AACT;AAGO,IAAM,qBAAwC;AAAA,EACnD;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,IAC1D,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,aAAa,QAAQ;AAAA,IACxC,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;;;AC5GA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBACP,UACA,QAC6B;AAC7B,SAAO,SAAS;AAAA,IACd,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AACF;AAIO,SAAS,iBACd,UACA,YACa;AACb,MAAI,CAAC,YAAY;AACf,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,gBAAgB,WAAW;AACjC,QAAM,SAAS,eAAe,UAAU;AACxC,QAAM,gBAAgB,kBAAkB,UAAU,MAAM;AAExD,MAAI,WAAW,6BAA6B,CAAC,eAAe;AAC1D,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,iBAAiB,eAAe;AAClC,eAAW,KAAK,GAAG,sBAAsB,eAAe,eAAe,MAAM,CAAC;AAAA,EAChF;AAEA,MAAI,WAAW,gBAAgB,UAAU,QAAQ;AAC/C,eAAW,KAAK,GAAG,sBAAsB,UAAU,WAAW,cAAc,CAAC;AAAA,EAC/E;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,SACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,QAAQ,QAAQ,SAAS,CAAC;AAChC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AAExE,aAAW,KAAK,GAAG,wBAAwB,QAAQ,QAAQ,MAAM,CAAC;AAClE,aAAW,KAAK,GAAG,yBAAyB,YAAY,QAAQ,MAAM,CAAC;AACvE,aAAW,KAAK,GAAG,sBAAsB,OAAO,QAAQ,MAAM,CAAC;AAC/D,aAAW,KAAK,GAAG,qBAAqB,QAAQ,iBAAiB,CAAC,GAAG,QAAQ,MAAM,CAAC;AAEpF,SAAO;AACT;AAIA,SAAS,wBACP,QACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,QAAQ;AAEvB,MAAI,OAAO,qBAAqB,QAAW;AACzC,UAAM,gBAAgB,QAAQ,mCAAmC;AACjE,QAAI,gBAAgB,OAAO,kBAAkB;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,cAAc,aAAa,+BAA+B,OAAO,gBAAgB;AAAA,QAC3G,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,0BAA0B,QAAQ,EAAE,QAAQ,iCAAiC,QAAQ;AAC9F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,+BAA+B,QAAQ,EAAE,QAAQ,6BAA6B,QAAQ;AAC/F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAIA,SAAS,yBACP,YACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,YAAY;AAE3B,MAAI,OAAO,yBAAyB,OAAO,sBAAsB,SAAS,GAAG;AAC3E,UAAM,eAAe,QAAQ,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK,CAAC;AAC/E,UAAM,gBAAgB,OAAO,sBAAsB;AAAA,MACjD,CAAC,UAAU,CAAC,aAAa,SAAS,KAAK;AAAA,IACzC;AACA,QAAI,cAAc,SAAS,GAAG;AAC5B,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,qCAAqC,cAAc,KAAK,IAAI,CAAC;AAAA,QACvF,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MACE,OAAO,gCAAgC,QACvC,EAAE,QAAQ,wCAAwC,QAClD;AACA,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,OACA,QACA,QACa;AACb,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB,GAAG;AACxD,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM;AAAA,QAC1B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO,CAAC;AACV;AAGA,SAAS,qBACP,cACA,QACA,QACa;AACb,MAAI,QAAQ,mBAAmB,QAAQ,aAAa,WAAW,GAAG;AAChE,WAAO,CAAC;AAAA,EACV;AAEA,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,sBACP,UACA,WACa;AACb,MAAI,CAAC,WAAW,UAAU,QAAQ;AAChC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,gBAAgB,QAAQ;AAExF,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,aAAW,KAAK,GAAG,oBAAoB,UAAU,UAAU,UAAU,CAAC;AACtE,aAAW,KAAK,GAAG,iBAAiB,WAAW,WAAW,SAAS,CAAC,CAAC,CAAC;AAEtE,SAAO;AACT;AAGA,SAAS,oBAAoB,kBAA4B,YAA0C;AACjG,QAAM,WAAW,iBAAiB,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE,EAAE,KAAK;AACpE,QAAM,SAAS,CAAC,GAAI,WAAW,YAAY,UAAU,WAAW,CAAC,CAAE,EAAE,KAAK;AAE1E,MAAI,SAAS,WAAW,OAAO,UAAU,SAAS,MAAM,CAAC,GAAG,MAAM,MAAM,OAAO,CAAC,CAAC,GAAG;AAClF,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,EAAE,KAAK,IAAI;AACzE,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,+CAA+C,iBAAiB,KAAK,IAAI,CAAC,aAAa,KAAK;AAAA,MACrG,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,WAAgC,OAAmC;AAC3F,MAAI,CAAC,WAAW;AACd,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AAEjC,MAAI,UAAU,qBAAqB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU,GAAG;AACrF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,UAAU,mBAAmB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,GAAG;AACjF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AF7TA,eAAe,cAAc,UAAsD;AACjF,QAAM,SAAS,MAAMC,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAC7F,SAAO,KAAK,MAAM,OAAO,MAAM;AACjC;AAGA,SAAS,oBACP,MACA,MACA,QACA,UACa;AACb,SAAO,EAAE,MAAM,MAAM,QAAQ,MAAM,YAAY,CAAC,GAAG,SAAS,MAAM,YAAY,QAAQ,SAAS;AACjG;AAGA,SAAS,kBACP,MACA,MACA,SACA,UACa;AACb,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,YAAY,CAAC,EAAE,MAAM,MAAM,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAAA,IAC/D,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAGA,SAAS,mBACP,OACA,YACA,SACa;AACb,QAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAEjE,MAAI,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,wBAAwB,GAAG;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,IAAI,SAAS,KAAK,GAAG;AACvB,UAAM,aAA0B,CAAC;AACjC,QAAI,YAAY,2BAA2B;AACzC,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,6BAA6B,GAAG;AAAA,IAChC,QAAQ;AAAA,EACV;AACF;AAGA,eAAe,cAAc,UAA0B,QAAsC;AAC3F,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,OAAO,SAAS;AAEnC,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,cAAc,QAAQ;AAC7C,UAAM,aAAa,iBAAiB,UAAU,UAAU;AAExD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,WAAO,mBAAmB,OAAO,YAAY,OAAO;AAAA,EACtD;AACF;AAGA,SAAS,gBAAgB,QAAmC;AAC1D,QAAM,aAAgC,CAAC;AAEvC,MAAI,OAAO,SAAS,MAAM,oBAAoB;AAC5C,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,MAC1D,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,aAAW;AAAA,IACT,GAAG,mBAAmB,OAAO,CAAC,UAAU,CAAC,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,MAAM,IAAI,CAAC;AAAA,EAC1F;AAEA,SAAO;AACT;AAGA,SAAS,wBACP,SACA,YACa;AACb,QAAM,aAA0B,CAAC;AAEjC,aAAW,UAAU,SAAS;AAC5B,UAAM,cAAc,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,OAAO,IAAI;AACnE,QAAI,CAAC,OAAO,UAAU,aAAa,UAAU;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM,sBAAsB,OAAO,KAAK,QAAQ,SAAS,GAAG,CAAC;AAAA,QAC7D,MAAM;AAAA,QACN,SAAS,4BAA4B,OAAO,IAAI,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC;AAAA,QAC5F,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAe,WAAW,UAA0B,QAAsC;AACxF,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,gBAAgB,MAAM;AAEzC,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,UAAU,MAAM,iBAAiB,UAAU,UAAU;AAC3D,UAAM,aAAa,wBAAwB,SAAS,UAAU;AAE9D,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,UAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,0BAA0B,GAAG;AAAA,MAC7B,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,UAA0B,QAAmC;AACrF,QAAM,aAAa,OAAO,QAAQ,CAAC,MAAM,EAAE,UAAU;AACrD,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AAClE,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AACnE,QAAM,gBAAgB,OAAO,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ,iBAAiB;AAAA,IACzB,SAAS,EAAE,aAAa,OAAO,QAAQ,cAAc,cAAc,cAAc;AAAA,EACnF;AACF;AAGA,eAAsB,eAAe,MAAc,QAAqC;AACtF,QAAM,WAAW,gBAAgB,IAAI;AAErC,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,QAAQ;AAE/B,QAAM,CAAC,gBAAgB,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,IACtD,cAAc,UAAU,MAAM;AAAA,IAC9B,WAAW,UAAU,MAAM;AAAA,EAC7B,CAAC;AAED,SAAO,iBAAiB,UAAU,CAAC,gBAAgB,WAAW,CAAC;AACjE;AAGA,eAAsB,gBACpB,SACgC;AAChC,QAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM,OAAO,oBAAqB;AAC9D,QAAM,EAAE,OAAO,IAAI,MAAMA,iBAAgB,QAAQ,MAAM;AACvD,QAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,QAAM,KAAK,MAAM,OAAO,IAAS;AACjC,QAAM,OAAO,MAAM,OAAO,MAAW;AACrC,QAAM,EAAE,cAAc,IAAI,MAAM,OAAO,KAAU;AAEjD,QAAM,YAAY,KAAK,QAAQ,cAAc,YAAY,GAAG,CAAC;AAC7D,QAAM,kBAAkB,KAAK,QAAQ,WAAW,MAAM,MAAM,MAAM,cAAc;AAChF,QAAM,cAAc,KAAK,MAAM,GAAG,aAAa,iBAAiB,OAAO,CAAC;AAExE,SAAO;AAAA,IACL,SAAS,YAAY;AAAA,IACrB,UAAU,OAAO;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ,OAAO;AAAA,IACf,SAAS;AAAA,MACP,aAAa,OAAO,QAAQ;AAAA,MAC5B,cAAc,OAAO,QAAQ;AAAA,MAC7B,cAAc,OAAO,QAAQ;AAAA,MAC7B,iBAAiB,OAAO,WAAW;AAAA,MACnC,UAAU,OAAO,SAAS,SAAS,UAAU,SAAS;AAAA,IACxD;AAAA,EACF;AACF;;;ADjQA,SAAS,eAAe,QAA4B;AAClD,QAAM,QAAkB,CAAC;AAEzB,QAAM,KAAK,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACzE,QAAM,KAAK,EAAE;AAEb,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI,MAAM,SAAS;AACjB,YAAM,KAAK,MAAM,OAAO,UAAK,MAAM,IAAI,cAAc,MAAM,UAAU,GAAG,CAAC;AAAA,IAC3E,WAAW,MAAM,QAAQ;AACvB,YAAM,KAAK,MAAM,MAAM,UAAK,MAAM,IAAI,EAAE,CAAC;AAAA,IAC3C,OAAO;AACL,YAAM,KAAK,MAAM,IAAI,UAAK,MAAM,IAAI,EAAE,CAAC;AACvC,iBAAW,aAAa,MAAM,YAAY;AACxC,cAAM,KAAK,MAAM,IAAI,YAAO,UAAU,OAAO,EAAE,CAAC;AAAA,MAClD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,KAAK,EAAE;AACb,QAAM;AAAA,IACJ,YAAY,OAAO,QAAQ,YAAY,YAClC,OAAO,QAAQ,YAAY,YAC3B,OAAO,QAAQ,aAAa;AAAA,EACnC;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGA,SAAS,eAAe,QAA4B;AAClD,SAAO,KAAK,UAAU,QAAQ,MAAM,CAAC;AACvC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,MAAM,gBAAgB,QAAQ,MAAM;AACvD,UAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,UAAM,SAAS,QAAQ,WAAW,SAAS,eAAe,MAAM,IAAI,eAAe,MAAM;AAEzF,YAAQ,OAAO,MAAM,GAAG,MAAM;AAAA,CAAI;AAClC,YAAQ,KAAK,OAAO,SAAS,SAAS,UAAU,SAAS,gBAAgB;AAAA,EAC3E,SAAS,OAAO;AACd,QAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,QACP,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D,MAAO,MAA4B,QAAQ;AAAA,MAC7C;AACA,cAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,IAC/D,OAAO;AACL,cAAQ,MAAM,MAAM,IAAI,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC,EAAE,CAAC;AAAA,IAC7F;AACA,YAAQ,KAAK,SAAS,aAAa;AAAA,EACrC;AACF;","names":["execa","execa","loadConfigAsync"]}
package/dist/{secretsmanager-MOOIHLAO.js → secretsmanager-FJKTPIXI.js} RENAMED
@@ -1,14 +1,10 @@
1
+ import {
2
+ createClientFactory
3
+ } from "./chunk-O745CMWG.js";
4
+
1
5
  // src/infra/checkers/secretsmanager.ts
2
6
  import { DescribeSecretCommand, SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
3
- var clientCache = /* @__PURE__ */ new Map();
4
- function getClient(region) {
5
- let client = clientCache.get(region);
6
- if (!client) {
7
- client = new SecretsManagerClient({ region });
8
- clientCache.set(region, client);
9
- }
10
- return client;
11
- }
7
+ var getClient = createClientFactory(SecretsManagerClient);
12
8
  var SecretsManagerChecker = {
13
9
  async check(arn) {
14
10
  const { resourceId, region, raw } = arn;
@@ -47,4 +43,4 @@ var SecretsManagerChecker = {
47
43
  export {
48
44
  SecretsManagerChecker
49
45
  };
50
- //# sourceMappingURL=secretsmanager-MOOIHLAO.js.map
46
+ //# sourceMappingURL=secretsmanager-FJKTPIXI.js.map
package/dist/secretsmanager-FJKTPIXI.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/infra/checkers/secretsmanager.ts"],"sourcesContent":["/**\n * Secrets Manager resource checker\n */\n\nimport { DescribeSecretCommand, SecretsManagerClient } from \"@aws-sdk/client-secrets-manager\";\n\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactory } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create a Secrets Manager client for a region\n */\nconst getClient = createClientFactory(SecretsManagerClient);\n\n/**\n * Secrets Manager secret checker\n */\nexport const SecretsManagerChecker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceId, region, raw } = arn;\n\n const client = getClient(region);\n\n try {\n // Use the full ARN to get the secret\n await client.send(new DescribeSecretCommand({ SecretId: raw }));\n\n return {\n arn: raw,\n exists: true,\n service: \"secretsmanager\",\n resourceType: \"secret\",\n resourceId,\n };\n } catch (error) {\n const err = error as Error & { name?: string };\n\n if (err.name === \"ResourceNotFoundException\") {\n return {\n arn: raw,\n exists: false,\n service: \"secretsmanager\",\n resourceType: \"secret\",\n resourceId,\n };\n }\n\n return {\n arn: raw,\n exists: false,\n error: err.message || \"Unknown error\",\n service: \"secretsmanager\",\n resourceType: \"secret\",\n resourceId,\n };\n }\n },\n};\n"],"mappings":";;;;;AAIA,SAAS,uBAAuB,4BAA4B;AAS5D,IAAM,YAAY,oBAAoB,oBAAoB;AAKnD,IAAM,wBAAyC;AAAA,EACpD,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,YAAY,QAAQ,IAAI,IAAI;AAEpC,UAAM,SAAS,UAAU,MAAM;AAE/B,QAAI;AAEF,YAAM,OAAO,KAAK,IAAI,sBAAsB,EAAE,UAAU,IAAI,CAAC,CAAC;AAE9D,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AAEZ,UAAI,IAAI,SAAS,6BAA6B;AAC5C,eAAO;AAAA,UACL,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,cAAc;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,OAAO,IAAI,WAAW;AAAA,QACtB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
package/dist/{sns-Y36LVTWA.js → sns-RV64OMK2.js} RENAMED
@@ -1,14 +1,10 @@
1
+ import {
2
+ createClientFactory
3
+ } from "./chunk-O745CMWG.js";
4
+
1
5
  // src/infra/checkers/sns.ts
2
6
  import { GetTopicAttributesCommand, SNSClient } from "@aws-sdk/client-sns";
3
- var clientCache = /* @__PURE__ */ new Map();
4
- function getClient(region) {
5
- let client = clientCache.get(region);
6
- if (!client) {
7
- client = new SNSClient({ region });
8
- clientCache.set(region, client);
9
- }
10
- return client;
11
- }
7
+ var getClient = createClientFactory(SNSClient);
12
8
  var SNSChecker = {
13
9
  async check(arn) {
14
10
  const { resourceId, region, raw } = arn;
@@ -47,4 +43,4 @@ var SNSChecker = {
47
43
  export {
48
44
  SNSChecker
49
45
  };
50
- //# sourceMappingURL=sns-Y36LVTWA.js.map
46
+ //# sourceMappingURL=sns-RV64OMK2.js.map
package/dist/sns-RV64OMK2.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/infra/checkers/sns.ts"],"sourcesContent":["/**\n * SNS resource checker\n */\n\nimport { GetTopicAttributesCommand, SNSClient } from \"@aws-sdk/client-sns\";\n\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactory } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an SNS client for a region\n */\nconst getClient = createClientFactory(SNSClient);\n\n/**\n * SNS topic checker\n */\nexport const SNSChecker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceId, region, raw } = arn;\n\n const client = getClient(region);\n\n try {\n // Use the full ARN to get topic attributes\n await client.send(new GetTopicAttributesCommand({ TopicArn: raw }));\n\n return {\n arn: raw,\n exists: true,\n service: \"sns\",\n resourceType: \"topic\",\n resourceId,\n };\n } catch (error) {\n const err = error as Error & { name?: string };\n\n if (err.name === \"NotFoundException\" || err.name === \"NotFound\") {\n return {\n arn: raw,\n exists: false,\n service: \"sns\",\n resourceType: \"topic\",\n resourceId,\n };\n }\n\n return {\n arn: raw,\n exists: false,\n error: err.message || \"Unknown error\",\n service: \"sns\",\n resourceType: \"topic\",\n resourceId,\n };\n }\n },\n};\n"],"mappings":";;;;;AAIA,SAAS,2BAA2B,iBAAiB;AASrD,IAAM,YAAY,oBAAoB,SAAS;AAKxC,IAAM,aAA8B;AAAA,EACzC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,YAAY,QAAQ,IAAI,IAAI;AAEpC,UAAM,SAAS,UAAU,MAAM;AAE/B,QAAI;AAEF,YAAM,OAAO,KAAK,IAAI,0BAA0B,EAAE,UAAU,IAAI,CAAC,CAAC;AAElE,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AAEZ,UAAI,IAAI,SAAS,uBAAuB,IAAI,SAAS,YAAY;AAC/D,eAAO;AAAA,UACL,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,cAAc;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,OAAO,IAAI,WAAW;AAAA,QACtB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
package/dist/{sqs-RRS3GRHK.js → sqs-MHBW6UFC.js} RENAMED
@@ -1,14 +1,10 @@
1
+ import {
2
+ createClientFactory
3
+ } from "./chunk-O745CMWG.js";
4
+
1
5
  // src/infra/checkers/sqs.ts
2
6
  import { GetQueueAttributesCommand, GetQueueUrlCommand, SQSClient } from "@aws-sdk/client-sqs";
3
- var clientCache = /* @__PURE__ */ new Map();
4
- function getClient(region) {
5
- let client = clientCache.get(region);
6
- if (!client) {
7
- client = new SQSClient({ region });
8
- clientCache.set(region, client);
9
- }
10
- return client;
11
- }
7
+ var getClient = createClientFactory(SQSClient);
12
8
  var SQSChecker = {
13
9
  async check(arn) {
14
10
  const { resourceId, region, accountId, raw } = arn;
@@ -58,4 +54,4 @@ var SQSChecker = {
58
54
  export {
59
55
  SQSChecker
60
56
  };
61
- //# sourceMappingURL=sqs-RRS3GRHK.js.map
57
+ //# sourceMappingURL=sqs-MHBW6UFC.js.map
package/dist/sqs-MHBW6UFC.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/infra/checkers/sqs.ts"],"sourcesContent":["/**\n * SQS resource checker\n */\n\nimport { GetQueueAttributesCommand, GetQueueUrlCommand, SQSClient } from \"@aws-sdk/client-sqs\";\n\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactory } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an SQS client for a region\n */\nconst getClient = createClientFactory(SQSClient);\n\n/**\n * SQS queue checker\n */\nexport const SQSChecker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceId, region, accountId, raw } = arn;\n\n const client = getClient(region);\n\n try {\n // First, get the queue URL from the queue name and account ID\n const urlResponse = await client.send(\n new GetQueueUrlCommand({\n QueueName: resourceId,\n QueueOwnerAWSAccountId: accountId || undefined,\n })\n );\n\n // Then verify the queue exists by getting its attributes\n await client.send(\n new GetQueueAttributesCommand({\n QueueUrl: urlResponse.QueueUrl,\n AttributeNames: [\"QueueArn\"],\n })\n );\n\n return {\n arn: raw,\n exists: true,\n service: \"sqs\",\n resourceType: \"queue\",\n resourceId,\n };\n } catch (error) {\n const err = error as Error & { name?: string };\n\n if (\n err.name === \"QueueDoesNotExist\" ||\n err.name === \"AWS.SimpleQueueService.NonExistentQueue\"\n ) {\n return {\n arn: raw,\n exists: false,\n service: \"sqs\",\n resourceType: \"queue\",\n resourceId,\n };\n }\n\n return {\n arn: raw,\n exists: false,\n error: err.message || \"Unknown error\",\n service: \"sqs\",\n resourceType: \"queue\",\n resourceId,\n };\n }\n },\n};\n"],"mappings":";;;;;AAIA,SAAS,2BAA2B,oBAAoB,iBAAiB;AASzE,IAAM,YAAY,oBAAoB,SAAS;AAKxC,IAAM,aAA8B;AAAA,EACzC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,YAAY,QAAQ,WAAW,IAAI,IAAI;AAE/C,UAAM,SAAS,UAAU,MAAM;AAE/B,QAAI;AAEF,YAAM,cAAc,MAAM,OAAO;AAAA,QAC/B,IAAI,mBAAmB;AAAA,UACrB,WAAW;AAAA,UACX,wBAAwB,aAAa;AAAA,QACvC,CAAC;AAAA,MACH;AAGA,YAAM,OAAO;AAAA,QACX,IAAI,0BAA0B;AAAA,UAC5B,UAAU,YAAY;AAAA,UACtB,gBAAgB,CAAC,UAAU;AAAA,QAC7B,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AAEZ,UACE,IAAI,SAAS,uBACb,IAAI,SAAS,2CACb;AACA,eAAO;AAAA,UACL,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,cAAc;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,OAAO,IAAI,WAAW;AAAA,QACtB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
package/dist/{standards-RXK5G4IG.js → standards-XAZKTKYJ.js} RENAMED
@@ -15,7 +15,8 @@ import {
15
15
  parseGuideline,
16
16
  scoreGuideline,
17
17
  toListItems
18
- } from "./chunk-RXA4FO7L.js";
18
+ } from "./chunk-NADY2H35.js";
19
+ import "./chunk-RHM53NLG.js";
19
20
  export {
20
21
  StandardsError,
21
22
  composeGuidelines,
@@ -34,4 +35,4 @@ export {
34
35
  scoreGuideline,
35
36
  toListItems
36
37
  };
37
- //# sourceMappingURL=standards-RXK5G4IG.js.map
38
+ //# sourceMappingURL=standards-XAZKTKYJ.js.map
package/dist/{sync-XV6XBLVZ.js → sync-P3UZECLW.js} RENAMED
@@ -2,7 +2,8 @@ import "./chunk-DXIYZR62.js";
2
2
  import {
3
3
  getProjectRoot,
4
4
  loadConfig
5
- } from "./chunk-PZ2NVKI7.js";
5
+ } from "./chunk-YGDEM6K5.js";
6
+ import "./chunk-RHM53NLG.js";
6
7
 
7
8
  // src/process/sync/applier.ts
8
9
  import { execa } from "execa";
@@ -874,4 +875,4 @@ export {
874
875
  runTagDiff,
875
876
  runTagSync
876
877
  };
877
- //# sourceMappingURL=sync-XV6XBLVZ.js.map
878
+ //# sourceMappingURL=sync-P3UZECLW.js.map