@standards-kit/conform 0.1.3 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-PZ2NVKI7.js → chunk-FJZMUGYW.js} +30 -13
- package/dist/chunk-FJZMUGYW.js.map +1 -0
- package/dist/chunk-O745CMWG.js +29 -0
- package/dist/chunk-O745CMWG.js.map +1 -0
- package/dist/chunk-RHM53NLG.js +49 -0
- package/dist/chunk-RHM53NLG.js.map +1 -0
- package/dist/{chunk-RXA4FO7L.js → chunk-YKKWXHYS.js} +13 -9
- package/dist/chunk-YKKWXHYS.js.map +1 -0
- package/dist/cli/index.d.ts +3 -0
- package/dist/cli/process.d.ts +2 -0
- package/dist/cli/utils.d.ts +19 -0
- package/dist/cli/validate.d.ts +2 -0
- package/dist/cli.js +3905 -3875
- package/dist/cli.js.map +1 -1
- package/dist/{cloudwatch-KSZ4A256.js → cloudwatch-3LTDYG6G.js} +6 -10
- package/dist/cloudwatch-3LTDYG6G.js.map +1 -0
- package/dist/constants.d.ts +69 -0
- package/dist/core/schema.d.ts +170 -1684
- package/dist/{core-KB2W6SE2.js → core-LFX2BFLG.js} +3 -2
- package/dist/{dynamodb-5KVESCVJ.js → dynamodb-HQH3IMAI.js} +6 -10
- package/dist/dynamodb-HQH3IMAI.js.map +1 -0
- package/dist/{ec2-HKPE6GZV.js → ec2-AEPT735A.js} +6 -10
- package/dist/ec2-AEPT735A.js.map +1 -0
- package/dist/{ecs-OS3NJZTA.js → ecs-UHKCH5A7.js} +6 -10
- package/dist/ecs-UHKCH5A7.js.map +1 -0
- package/dist/{elasticache-7TCRHYYM.js → elasticache-5Y6K7GKJ.js} +6 -10
- package/dist/elasticache-5Y6K7GKJ.js.map +1 -0
- package/dist/{elb-PEDLXW5R.js → elb-CN6ELVM5.js} +6 -10
- package/dist/elb-CN6ELVM5.js.map +1 -0
- package/dist/{iam-7H5HFWVQ.js → iam-YXMHK2MV.js} +6 -2
- package/dist/iam-YXMHK2MV.js.map +1 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.js +93 -121
- package/dist/index.js.map +1 -1
- package/dist/infra/checkers/client-factory.d.ts +45 -0
- package/dist/infra/schemas.d.ts +41 -533
- package/dist/{infra-ZQRXX7AW.js → infra-RFEWGWPW.js} +20 -18
- package/dist/{infra-ZQRXX7AW.js.map → infra-RFEWGWPW.js.map} +1 -1
- package/dist/{lambda-NFB5UILT.js → lambda-YTJOCYV5.js} +6 -10
- package/dist/lambda-YTJOCYV5.js.map +1 -0
- package/dist/mcp/standards/parser.d.ts +2 -14
- package/dist/{mcp-WXYRFNEV.js → mcp-T2JFU4E2.js} +4 -3
- package/dist/{mcp-WXYRFNEV.js.map → mcp-T2JFU4E2.js.map} +1 -1
- package/dist/projects/tier-loader.d.ts +10 -3
- package/dist/projects/types.d.ts +4 -4
- package/dist/{rds-KLG5O5SI.js → rds-GZ5RVPIU.js} +6 -10
- package/dist/rds-GZ5RVPIU.js.map +1 -0
- package/dist/{registry-7CDIMOLZ.js → registry-J2LVW3M2.js} +3 -2
- package/dist/{s3-2DH7PRVR.js → s3-53UELUWT.js} +16 -12
- package/dist/s3-53UELUWT.js.map +1 -0
- package/dist/s3-S4GXNR7H.js +53 -0
- package/dist/s3-S4GXNR7H.js.map +1 -0
- package/dist/{scan-IKEHLZXV.js → scan-BZH5IR3Z.js} +4 -3
- package/dist/scan-BZH5IR3Z.js.map +1 -0
- package/dist/{secretsmanager-MOOIHLAO.js → secretsmanager-FJKTPIXI.js} +6 -10
- package/dist/secretsmanager-FJKTPIXI.js.map +1 -0
- package/dist/{sns-Y36LVTWA.js → sns-RV64OMK2.js} +6 -10
- package/dist/sns-RV64OMK2.js.map +1 -0
- package/dist/{sqs-RRS3GRHK.js → sqs-MHBW6UFC.js} +6 -10
- package/dist/sqs-MHBW6UFC.js.map +1 -0
- package/dist/{standards-RXK5G4IG.js → standards-ALMA4VIU.js} +3 -2
- package/dist/{sync-XV6XBLVZ.js → sync-EGJ2CSYK.js} +3 -2
- package/dist/sync-EGJ2CSYK.js.map +1 -0
- package/dist/validate/index.d.ts +1 -1
- package/dist/validate/tier.d.ts +3 -0
- package/dist/validate/types.d.ts +3 -9
- package/dist/{validate-DKEJICCK.js → validate-X4K2SHYT.js} +53 -84
- package/dist/validate-X4K2SHYT.js.map +1 -0
- package/package.json +10 -16
- package/dist/chunk-PZ2NVKI7.js.map +0 -1
- package/dist/chunk-RXA4FO7L.js.map +0 -1
- package/dist/cloudwatch-KSZ4A256.js.map +0 -1
- package/dist/dynamodb-5KVESCVJ.js.map +0 -1
- package/dist/ec2-HKPE6GZV.js.map +0 -1
- package/dist/ecs-OS3NJZTA.js.map +0 -1
- package/dist/elasticache-7TCRHYYM.js.map +0 -1
- package/dist/elb-PEDLXW5R.js.map +0 -1
- package/dist/iam-7H5HFWVQ.js.map +0 -1
- package/dist/lambda-NFB5UILT.js.map +0 -1
- package/dist/rds-KLG5O5SI.js.map +0 -1
- package/dist/s3-2DH7PRVR.js.map +0 -1
- package/dist/scan-IKEHLZXV.js.map +0 -1
- package/dist/secretsmanager-MOOIHLAO.js.map +0 -1
- package/dist/sns-Y36LVTWA.js.map +0 -1
- package/dist/sqs-RRS3GRHK.js.map +0 -1
- package/dist/sync-XV6XBLVZ.js.map +0 -1
- package/dist/validate-DKEJICCK.js.map +0 -1
- /package/dist/{core-KB2W6SE2.js.map → core-LFX2BFLG.js.map} +0 -0
- /package/dist/{registry-7CDIMOLZ.js.map → registry-J2LVW3M2.js.map} +0 -0
- /package/dist/{standards-RXK5G4IG.js.map → standards-ALMA4VIU.js.map} +0 -0
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createClientFactoryWithConfig
|
|
3
|
+
} from "./chunk-O745CMWG.js";
|
|
4
|
+
import {
|
|
5
|
+
AWS_DEFAULTS
|
|
6
|
+
} from "./chunk-RHM53NLG.js";
|
|
7
|
+
|
|
8
|
+
// src/infra/checkers/s3.ts
|
|
9
|
+
import { HeadBucketCommand, S3Client } from "@aws-sdk/client-s3";
|
|
10
|
+
var getClientForRegion = createClientFactoryWithConfig(
|
|
11
|
+
(region) => new S3Client({
|
|
12
|
+
region,
|
|
13
|
+
followRegionRedirects: true
|
|
14
|
+
})
|
|
15
|
+
);
|
|
16
|
+
function getClient(region) {
|
|
17
|
+
const effectiveRegion = region || AWS_DEFAULTS.globalRegion;
|
|
18
|
+
return getClientForRegion(effectiveRegion);
|
|
19
|
+
}
|
|
20
|
+
var S3Checker = {
|
|
21
|
+
async check(arn) {
|
|
22
|
+
const { resourceType, resourceId, raw } = arn;
|
|
23
|
+
if (resourceType === "object") {
|
|
24
|
+
const bucketName = resourceId.split("/")[0];
|
|
25
|
+
return checkBucket(bucketName, arn.region, raw);
|
|
26
|
+
}
|
|
27
|
+
return checkBucket(resourceId, arn.region, raw);
|
|
28
|
+
}
|
|
29
|
+
};
|
|
30
|
+
function bucketResult(arn, bucketName, exists, error) {
|
|
31
|
+
return { arn, exists, error, service: "s3", resourceType: "bucket", resourceId: bucketName };
|
|
32
|
+
}
|
|
33
|
+
function isBucketNotFound(err) {
|
|
34
|
+
const httpStatus = err.$metadata?.httpStatusCode;
|
|
35
|
+
return err.name === "NotFound" || err.name === "NoSuchBucket" || httpStatus === 404 || err.name === "Forbidden" || err.name === "AccessDenied" || httpStatus === 403;
|
|
36
|
+
}
|
|
37
|
+
async function checkBucket(bucketName, region, arn) {
|
|
38
|
+
const client = getClient(region);
|
|
39
|
+
try {
|
|
40
|
+
await client.send(new HeadBucketCommand({ Bucket: bucketName }));
|
|
41
|
+
return bucketResult(arn, bucketName, true);
|
|
42
|
+
} catch (error) {
|
|
43
|
+
const err = error;
|
|
44
|
+
if (isBucketNotFound(err)) {
|
|
45
|
+
return bucketResult(arn, bucketName, false);
|
|
46
|
+
}
|
|
47
|
+
return bucketResult(arn, bucketName, false, err.message || "Unknown error");
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
export {
|
|
51
|
+
S3Checker
|
|
52
|
+
};
|
|
53
|
+
//# sourceMappingURL=s3-S4GXNR7H.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/infra/checkers/s3.ts"],"sourcesContent":["/**\n * S3 resource checker\n */\n\nimport { HeadBucketCommand, S3Client } from \"@aws-sdk/client-s3\";\n\nimport { AWS_DEFAULTS } from \"../../constants.js\";\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactoryWithConfig } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an S3 client for a region.\n * S3 is global, but we use the default region for global operations.\n * Uses followRegionRedirects for cross-region bucket access.\n */\nconst getClientForRegion = createClientFactoryWithConfig(\n (region: string) =>\n new S3Client({\n region,\n followRegionRedirects: true,\n })\n);\n\n/**\n * Get S3 client with fallback to default region\n */\nfunction getClient(region: string): S3Client {\n const effectiveRegion = region || AWS_DEFAULTS.globalRegion;\n return getClientForRegion(effectiveRegion);\n}\n\n/**\n * S3 bucket checker\n */\nexport const S3Checker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceType, resourceId, raw } = arn;\n\n // Only check bucket existence (not individual objects)\n if (resourceType === \"object\") {\n // For objects, we'd need to check if the key exists, which is expensive\n // For now, we just check if the bucket exists\n const bucketName = resourceId.split(\"/\")[0];\n return checkBucket(bucketName, arn.region, raw);\n }\n\n return checkBucket(resourceId, arn.region, raw);\n },\n};\n\n/**\n * Create a bucket check result\n */\nfunction bucketResult(\n arn: string,\n bucketName: string,\n exists: boolean,\n error?: string\n): ResourceCheckResult {\n return { arn, exists, error, service: \"s3\", resourceType: \"bucket\", resourceId: bucketName };\n}\n\n/**\n * Check if error indicates bucket doesn't exist (404 or 403)\n */\nfunction isBucketNotFound(err: Error & { name?: string; $metadata?: { httpStatusCode?: number } }): boolean {\n const httpStatus = err.$metadata?.httpStatusCode;\n // 404 = not found, 403 = access denied (S3 returns 403 for non-existent buckets to prevent enumeration)\n return err.name === \"NotFound\" || err.name === \"NoSuchBucket\" || httpStatus === 404 ||\n err.name === \"Forbidden\" || err.name === \"AccessDenied\" || httpStatus === 403;\n}\n\n/**\n * Check if an S3 bucket exists\n */\nasync function checkBucket(bucketName: string, region: string, arn: string): Promise<ResourceCheckResult> {\n const client = getClient(region);\n\n try {\n await client.send(new HeadBucketCommand({ Bucket: bucketName }));\n return bucketResult(arn, bucketName, true);\n } catch (error) {\n const err = error as Error & { name?: string; $metadata?: { httpStatusCode?: number } };\n if (isBucketNotFound(err)) {\n return bucketResult(arn, bucketName, false);\n }\n return bucketResult(arn, bucketName, false, err.message || \"Unknown error\");\n }\n}\n"],"mappings":";;;;;;;;AAIA,SAAS,mBAAmB,gBAAgB;AAY5C,IAAM,qBAAqB;AAAA,EACzB,CAAC,WACC,IAAI,SAAS;AAAA,IACX;AAAA,IACA,uBAAuB;AAAA,EACzB,CAAC;AACL;AAKA,SAAS,UAAU,QAA0B;AAC3C,QAAM,kBAAkB,UAAU,aAAa;AAC/C,SAAO,mBAAmB,eAAe;AAC3C;AAKO,IAAM,YAA6B;AAAA,EACxC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,cAAc,YAAY,IAAI,IAAI;AAG1C,QAAI,iBAAiB,UAAU;AAG7B,YAAM,aAAa,WAAW,MAAM,GAAG,EAAE,CAAC;AAC1C,aAAO,YAAY,YAAY,IAAI,QAAQ,GAAG;AAAA,IAChD;AAEA,WAAO,YAAY,YAAY,IAAI,QAAQ,GAAG;AAAA,EAChD;AACF;AAKA,SAAS,aACP,KACA,YACA,QACA,OACqB;AACrB,SAAO,EAAE,KAAK,QAAQ,OAAO,SAAS,MAAM,cAAc,UAAU,YAAY,WAAW;AAC7F;AAKA,SAAS,iBAAiB,KAAkF;AAC1G,QAAM,aAAa,IAAI,WAAW;AAElC,SAAO,IAAI,SAAS,cAAc,IAAI,SAAS,kBAAkB,eAAe,OACzE,IAAI,SAAS,eAAe,IAAI,SAAS,kBAAkB,eAAe;AACnF;AAKA,eAAe,YAAY,YAAoB,QAAgB,KAA2C;AACxG,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI;AACF,UAAM,OAAO,KAAK,IAAI,kBAAkB,EAAE,QAAQ,WAAW,CAAC,CAAC;AAC/D,WAAO,aAAa,KAAK,YAAY,IAAI;AAAA,EAC3C,SAAS,OAAO;AACd,UAAM,MAAM;AACZ,QAAI,iBAAiB,GAAG,GAAG;AACzB,aAAO,aAAa,KAAK,YAAY,KAAK;AAAA,IAC5C;AACA,WAAO,aAAa,KAAK,YAAY,OAAO,IAAI,WAAW,eAAe;AAAA,EAC5E;AACF;","names":[]}
|
|
@@ -3,7 +3,8 @@ import {
|
|
|
3
3
|
} from "./chunk-DXIYZR62.js";
|
|
4
4
|
import {
|
|
5
5
|
loadConfigAsync
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-FJZMUGYW.js";
|
|
7
|
+
import "./chunk-RHM53NLG.js";
|
|
7
8
|
|
|
8
9
|
// src/process/scan/index.ts
|
|
9
10
|
import chalk from "chalk";
|
|
@@ -512,7 +513,7 @@ async function scanRepository(repo, config) {
|
|
|
512
513
|
return aggregateResults(repoInfo, [rulesetsResult, filesResult]);
|
|
513
514
|
}
|
|
514
515
|
async function validateProcess(options) {
|
|
515
|
-
const { loadConfigAsync: loadConfigAsync2 } = await import("./core-
|
|
516
|
+
const { loadConfigAsync: loadConfigAsync2 } = await import("./core-LFX2BFLG.js");
|
|
516
517
|
const { config } = await loadConfigAsync2(options.config);
|
|
517
518
|
const result = await scanRepository(options.repo, config);
|
|
518
519
|
const fs = await import("fs");
|
|
@@ -590,4 +591,4 @@ export {
|
|
|
590
591
|
scanRepository,
|
|
591
592
|
validateProcess
|
|
592
593
|
};
|
|
593
|
-
//# sourceMappingURL=scan-
|
|
594
|
+
//# sourceMappingURL=scan-BZH5IR3Z.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/process/scan/index.ts","../src/process/scan/scanner.ts","../src/process/scan/remote-fetcher.ts","../src/process/scan/validators.ts"],"sourcesContent":["import chalk from \"chalk\";\n\nimport { loadConfigAsync } from \"../../core/index.js\";\nimport { ExitCode } from \"../../core/index.js\";\nimport { scanRepository } from \"./scanner.js\";\nimport { type ScanOptions, type ScanResult } from \"./types.js\";\n\n// Re-export public API types\nexport {\n type RemoteRepoInfo,\n type ScanOptions,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\n\n// Re-export scanner\nexport { scanRepository, validateProcess } from \"./scanner.js\";\n\n/** Format scan result as text */\nfunction formatScanText(result: ScanResult): string {\n const lines: string[] = [];\n\n lines.push(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n lines.push(\"\");\n\n for (const check of result.checks) {\n if (check.skipped) {\n lines.push(chalk.yellow(`⊘ ${check.name} (skipped: ${check.skipReason})`));\n } else if (check.passed) {\n lines.push(chalk.green(`✓ ${check.name}`));\n } else {\n lines.push(chalk.red(`✗ ${check.name}`));\n for (const violation of check.violations) {\n lines.push(chalk.red(` • ${violation.message}`));\n }\n }\n }\n\n lines.push(\"\");\n lines.push(\n `Summary: ${result.summary.passedChecks} passed, ` +\n `${result.summary.failedChecks} failed, ` +\n `${result.summary.skippedChecks} skipped`\n );\n\n return lines.join(\"\\n\");\n}\n\n/** Format scan result as JSON */\nfunction formatScanJson(result: ScanResult): string {\n return JSON.stringify(result, null, 2);\n}\n\n/** Run the scan command */\nexport async function runScan(options: ScanOptions): Promise<void> {\n try {\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const output = options.format === \"json\" ? formatScanJson(result) : formatScanText(result);\n\n process.stdout.write(`${output}\\n`);\n process.exit(result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND);\n } catch (error) {\n if (options.format === \"json\") {\n const errorObj = {\n error: true,\n message: error instanceof Error ? error.message : String(error),\n code: (error as { code?: string }).code ?? \"UNKNOWN\",\n };\n process.stdout.write(`${JSON.stringify(errorObj, null, 2)}\\n`);\n } else {\n console.error(chalk.red(`Error: ${error instanceof Error ? error.message : String(error)}`));\n }\n process.exit(ExitCode.RUNTIME_ERROR);\n }\n}\n","import { execa } from \"execa\";\n\nimport { type Config } from \"../../core/index.js\";\nimport { type CheckResult, ExitCode, type Violation } from \"../../core/index.js\";\nimport {\n checkRemoteFiles,\n isGhAvailable,\n parseRepoString,\n RemoteFetcherError,\n standardFileChecks,\n verifyRepoAccess,\n} from \"./remote-fetcher.js\";\nimport {\n type FileCheckConfig,\n type RemoteRepoInfo,\n type ScanResult,\n type ValidateProcessOptions,\n type ValidateProcessResult,\n} from \"./types.js\";\nimport { type RulesetResponse, validateRulesets } from \"./validators.js\";\n\n/** Fetch rulesets from GitHub API */\nasync function fetchRulesets(repoInfo: RemoteRepoInfo): Promise<RulesetResponse[]> {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n return JSON.parse(result.stdout) as RulesetResponse[];\n}\n\n/** Create a skipped check result */\nfunction createSkippedResult(\n name: string,\n rule: string,\n reason: string,\n duration: number\n): CheckResult {\n return { name, rule, passed: true, violations: [], skipped: true, skipReason: reason, duration };\n}\n\n/** Create an error check result */\nfunction createErrorResult(\n name: string,\n rule: string,\n message: string,\n duration: number\n): CheckResult {\n return {\n name,\n rule,\n passed: false,\n violations: [{ rule, tool: \"scan\", message, severity: \"error\" }],\n skipped: false,\n duration,\n };\n}\n\n/** Handle API errors for ruleset fetching */\nfunction handleRulesetError(\n error: unknown,\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"],\n elapsed: () => number\n): CheckResult {\n const msg = error instanceof Error ? error.message : String(error);\n\n if (msg.includes(\"403\") || msg.includes(\"Must have admin rights\")) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Cannot check rulesets: insufficient permissions (requires admin access)\",\n elapsed()\n );\n }\n\n if (msg.includes(\"404\")) {\n const violations: Violation[] = [];\n if (repoConfig?.require_branch_protection) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: \"No branch protection rulesets configured\",\n severity: \"error\",\n });\n }\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n }\n\n return createErrorResult(\n \"Repository Settings\",\n \"process.repo\",\n `Failed to check rulesets: ${msg}`,\n elapsed()\n );\n}\n\n/** Check repository rulesets and branch protection */\nasync function checkRulesets(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const repoConfig = config.process?.repo;\n\n if (!repoConfig?.enabled) {\n return createSkippedResult(\n \"Repository Settings\",\n \"process.repo\",\n \"Repository settings check not enabled in config\",\n elapsed()\n );\n }\n\n try {\n const rulesets = await fetchRulesets(repoInfo);\n const violations = validateRulesets(rulesets, repoConfig);\n\n return {\n name: \"Repository Settings\",\n rule: \"process.repo\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n return handleRulesetError(error, repoConfig, elapsed);\n }\n}\n\n/** Build file checks configuration from config */\nfunction buildFileChecks(config: Config): FileCheckConfig[] {\n const fileChecks: FileCheckConfig[] = [];\n\n if (config.process?.repo?.require_codeowners) {\n fileChecks.push({\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: true,\n description: \"CODEOWNERS file for code review assignment\",\n });\n }\n\n fileChecks.push(\n ...standardFileChecks.filter((check) => !fileChecks.some((fc) => fc.path === check.path))\n );\n\n return fileChecks;\n}\n\n/** Convert file check results to violations */\nfunction fileResultsToViolations(\n results: { path: string; exists: boolean; checkedPaths: string[] }[],\n fileChecks: FileCheckConfig[]\n): Violation[] {\n const violations: Violation[] = [];\n\n for (const result of results) {\n const checkConfig = fileChecks.find((fc) => fc.path === result.path);\n if (!result.exists && checkConfig?.required) {\n violations.push({\n rule: `process.scan.files.${result.path.replace(/[./]/g, \"_\")}`,\n tool: \"scan\",\n message: `Required file not found: ${result.path} (checked: ${result.checkedPaths.join(\", \")})`,\n severity: \"error\",\n });\n }\n }\n\n return violations;\n}\n\n/** Check remote files for existence */\nasync function checkFiles(repoInfo: RemoteRepoInfo, config: Config): Promise<CheckResult> {\n const startTime = Date.now();\n const elapsed = (): number => Date.now() - startTime;\n const fileChecks = buildFileChecks(config);\n\n if (fileChecks.length === 0) {\n return createSkippedResult(\n \"Repository Files\",\n \"process.scan.files\",\n \"No file checks configured\",\n elapsed()\n );\n }\n\n try {\n const results = await checkRemoteFiles(repoInfo, fileChecks);\n const violations = fileResultsToViolations(results, fileChecks);\n\n return {\n name: \"Repository Files\",\n rule: \"process.scan.files\",\n passed: violations.length === 0,\n violations,\n skipped: false,\n duration: elapsed(),\n };\n } catch (error) {\n const msg = error instanceof Error ? error.message : String(error);\n return createErrorResult(\n \"Repository Files\",\n \"process.scan.files\",\n `Failed to check files: ${msg}`,\n elapsed()\n );\n }\n}\n\n/** Aggregate check results into scan result */\nfunction aggregateResults(repoInfo: RemoteRepoInfo, checks: CheckResult[]): ScanResult {\n const violations = checks.flatMap((c) => c.violations);\n const passedChecks = checks.filter((c) => c.passed && !c.skipped).length;\n const failedChecks = checks.filter((c) => !c.passed && !c.skipped).length;\n const skippedChecks = checks.filter((c) => c.skipped).length;\n\n return {\n repoInfo,\n checks,\n violations,\n passed: failedChecks === 0,\n summary: { totalChecks: checks.length, passedChecks, failedChecks, skippedChecks },\n };\n}\n\n/** Run all remote scans for a repository */\nexport async function scanRepository(repo: string, config: Config): Promise<ScanResult> {\n const repoInfo = parseRepoString(repo);\n\n if (!(await isGhAvailable())) {\n throw new RemoteFetcherError(\n \"GitHub CLI (gh) not available. Install it from https://cli.github.com/\",\n \"NO_GH\"\n );\n }\n\n await verifyRepoAccess(repoInfo);\n\n const [rulesetsResult, filesResult] = await Promise.all([\n checkRulesets(repoInfo, config),\n checkFiles(repoInfo, config),\n ]);\n\n return aggregateResults(repoInfo, [rulesetsResult, filesResult]);\n}\n\n/** Programmatic API for validating remote process checks */\nexport async function validateProcess(\n options: ValidateProcessOptions\n): Promise<ValidateProcessResult> {\n const { loadConfigAsync } = await import(\"../../core/index.js\");\n const { config } = await loadConfigAsync(options.config);\n const result = await scanRepository(options.repo, config);\n\n const fs = await import(\"node:fs\");\n const path = await import(\"node:path\");\n const { fileURLToPath } = await import(\"node:url\");\n\n const __dirname = path.dirname(fileURLToPath(import.meta.url));\n const packageJsonPath = path.resolve(__dirname, \"..\", \"..\", \"..\", \"package.json\");\n const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, \"utf-8\")) as { version: string };\n\n return {\n version: packageJson.version,\n repoInfo: result.repoInfo,\n domain: \"process\",\n checks: result.checks,\n summary: {\n totalChecks: result.summary.totalChecks,\n passedChecks: result.summary.passedChecks,\n failedChecks: result.summary.failedChecks,\n totalViolations: result.violations.length,\n exitCode: result.passed ? ExitCode.SUCCESS : ExitCode.VIOLATIONS_FOUND,\n },\n };\n}\n","import { execa } from \"execa\";\n\nimport { type FileCheckConfig, type FileCheckResult, type RemoteRepoInfo } from \"./types.js\";\n\n/** Error thrown when remote fetcher encounters an issue */\nexport class RemoteFetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\" | \"INVALID_REPO\"\n ) {\n super(message);\n this.name = \"RemoteFetcherError\";\n }\n}\n\n/** Parse owner/repo string into RemoteRepoInfo */\nexport function parseRepoString(repo: string): RemoteRepoInfo {\n const parts = repo.split(\"/\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n throw new RemoteFetcherError(\n `Invalid repository format: \"${repo}\". Expected \"owner/repo\" format.`,\n \"INVALID_REPO\"\n );\n }\n return { owner: parts[0], repo: parts[1] };\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Verify the repository exists and user has access */\nexport async function verifyRepoAccess(repoInfo: RemoteRepoInfo): Promise<boolean> {\n try {\n await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}`]);\n return true;\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"404\") || errorMessage.includes(\"Not Found\")) {\n throw new RemoteFetcherError(\n `Repository not found: ${repoInfo.owner}/${repoInfo.repo}`,\n \"NO_REPO\"\n );\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"401\")) {\n throw new RemoteFetcherError(\n `Cannot access repository: ${repoInfo.owner}/${repoInfo.repo}. Check your GITHUB_TOKEN permissions.`,\n \"NO_PERMISSION\"\n );\n }\n\n throw new RemoteFetcherError(\n `Failed to verify repository access: ${errorMessage}`,\n \"API_ERROR\"\n );\n }\n}\n\n/** Check if a file exists in the remote repository via GitHub Contents API */\nexport async function checkRemoteFileExists(\n repoInfo: RemoteRepoInfo,\n filePath: string\n): Promise<boolean> {\n try {\n await execa(\"gh\", [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/contents/${filePath}`,\n \"--silent\",\n ]);\n return true;\n } catch {\n // File doesn't exist or no access - both return false\n return false;\n }\n}\n\n/** Check multiple alternative paths for a file */\nasync function checkRemoteFileWithAlternatives(\n repoInfo: RemoteRepoInfo,\n config: FileCheckConfig\n): Promise<FileCheckResult> {\n const allPaths = [config.path, ...(config.alternativePaths ?? [])];\n\n for (const path of allPaths) {\n // Sequential check needed - stop on first match\n const exists = await checkRemoteFileExists(repoInfo, path);\n if (exists) {\n return { path: config.path, exists: true, checkedPaths: allPaths };\n }\n }\n\n return { path: config.path, exists: false, checkedPaths: allPaths };\n}\n\n/** Batch check multiple files in a repository */\nexport async function checkRemoteFiles(\n repoInfo: RemoteRepoInfo,\n configs: FileCheckConfig[]\n): Promise<FileCheckResult[]> {\n // Run checks in parallel for efficiency\n const results = await Promise.all(\n configs.map((config) => checkRemoteFileWithAlternatives(repoInfo, config))\n );\n return results;\n}\n\n/** Standard file checks for remote validation */\nexport const standardFileChecks: FileCheckConfig[] = [\n {\n path: \"CODEOWNERS\",\n alternativePaths: [\".github/CODEOWNERS\", \"docs/CODEOWNERS\"],\n required: false,\n description: \"CODEOWNERS file for code review assignment\",\n },\n {\n path: \".github/PULL_REQUEST_TEMPLATE.md\",\n alternativePaths: [\n \".github/pull_request_template.md\",\n \"PULL_REQUEST_TEMPLATE.md\",\n \"pull_request_template.md\",\n ],\n required: false,\n description: \"Pull request template\",\n },\n {\n path: \"README.md\",\n alternativePaths: [\"readme.md\", \"README\"],\n required: false,\n description: \"Repository README\",\n },\n {\n path: \".github/workflows\",\n required: false,\n description: \"GitHub Actions workflows directory\",\n },\n];\n","import { type Config } from \"../../core/index.js\";\nimport { type Violation } from \"../../core/index.js\";\n\n/** GitHub Ruleset response types */\ninterface RulesetBypassActor {\n actor_id: number | null;\n actor_type: string;\n bypass_mode: string;\n}\n\ninterface RulesetRule {\n type: string;\n parameters?: {\n required_approving_review_count?: number;\n dismiss_stale_reviews_on_push?: boolean;\n require_code_owner_review?: boolean;\n required_status_checks?: { context: string }[];\n strict_required_status_checks_policy?: boolean;\n };\n}\n\nexport interface RulesetResponse {\n id: number;\n name: string;\n target: string;\n enforcement: string;\n conditions?: { ref_name?: { include?: string[]; exclude?: string[] } };\n bypass_actors?: RulesetBypassActor[];\n rules?: RulesetRule[];\n}\n\ntype RulesetConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"ruleset\"];\ntype TagProtectionConfig = NonNullable<NonNullable<Config[\"process\"]>[\"repo\"]>[\"tag_protection\"];\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Find branch ruleset matching the target branch */\nfunction findBranchRuleset(\n rulesets: RulesetResponse[],\n branch: string\n): RulesetResponse | undefined {\n return rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n}\n\n/** Validate rulesets against config */\n \nexport function validateRulesets(\n rulesets: RulesetResponse[],\n repoConfig: NonNullable<Config[\"process\"]>[\"repo\"]\n): Violation[] {\n if (!repoConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rulesetConfig = repoConfig.ruleset;\n const branch = rulesetConfig?.branch ?? \"main\";\n const branchRuleset = findBranchRuleset(rulesets, branch);\n\n if (repoConfig.require_branch_protection && !branchRuleset) {\n violations.push({\n rule: \"process.repo.branch_protection\",\n tool: \"scan\",\n message: `Branch '${branch}' does not have a branch protection ruleset`,\n severity: \"error\",\n });\n }\n\n if (branchRuleset && rulesetConfig) {\n violations.push(...validateBranchRuleset(branchRuleset, rulesetConfig, branch));\n }\n\n if (repoConfig.tag_protection?.patterns?.length) {\n violations.push(...validateTagProtection(rulesets, repoConfig.tag_protection));\n }\n\n return violations;\n}\n\n/** Validate branch ruleset settings against config */\nfunction validateBranchRuleset(\n ruleset: RulesetResponse,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const rules = ruleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n\n violations.push(...validatePullRequestRule(prRule, config, branch));\n violations.push(...validateStatusChecksRule(statusRule, config, branch));\n violations.push(...validateSignedCommits(rules, config, branch));\n violations.push(...validateBypassActors(ruleset.bypass_actors ?? [], config, branch));\n\n return violations;\n}\n\n/** Validate pull request rule settings */\n \nfunction validatePullRequestRule(\n prRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = prRule?.parameters;\n\n if (config.required_reviews !== undefined) {\n const actualReviews = params?.required_approving_review_count ?? 0;\n if (actualReviews < config.required_reviews) {\n violations.push({\n rule: \"process.repo.branch_protection.required_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' requires ${actualReviews} reviews, expected at least ${config.required_reviews}`,\n severity: \"error\",\n });\n }\n }\n\n if (config.dismiss_stale_reviews === true && !(params?.dismiss_stale_reviews_on_push ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.dismiss_stale_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not dismiss stale reviews on new commits`,\n severity: \"error\",\n });\n }\n\n if (config.require_code_owner_reviews === true && !(params?.require_code_owner_review ?? false)) {\n violations.push({\n rule: \"process.repo.branch_protection.require_code_owner_reviews\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require code owner reviews`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate status checks rule settings */\n \nfunction validateStatusChecksRule(\n statusRule: RulesetRule | undefined,\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (!config) {\n return [];\n }\n\n const violations: Violation[] = [];\n const params = statusRule?.parameters;\n\n if (config.require_status_checks && config.require_status_checks.length > 0) {\n const actualChecks = params?.required_status_checks?.map((c) => c.context) ?? [];\n const missingChecks = config.require_status_checks.filter(\n (check) => !actualChecks.includes(check)\n );\n if (missingChecks.length > 0) {\n violations.push({\n rule: \"process.repo.branch_protection.require_status_checks\",\n tool: \"scan\",\n message: `Branch '${branch}' missing required status checks: ${missingChecks.join(\", \")}`,\n severity: \"error\",\n });\n }\n }\n\n if (\n config.require_branches_up_to_date === true &&\n !(params?.strict_required_status_checks_policy ?? false)\n ) {\n violations.push({\n rule: \"process.repo.branch_protection.require_branches_up_to_date\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require branches to be up to date before merging`,\n severity: \"error\",\n });\n }\n\n return violations;\n}\n\n/** Validate signed commits requirement */\nfunction validateSignedCommits(\n rules: RulesetRule[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.require_signed_commits !== true) {\n return [];\n }\n\n if (!rules.some((r) => r.type === \"required_signatures\")) {\n return [\n {\n rule: \"process.repo.branch_protection.require_signed_commits\",\n tool: \"scan\",\n message: `Branch '${branch}' does not require signed commits`,\n severity: \"error\",\n },\n ];\n }\n\n return [];\n}\n\n/** Validate bypass actors configuration */\nfunction validateBypassActors(\n actualBypass: RulesetBypassActor[],\n config: RulesetConfig,\n branch: string\n): Violation[] {\n if (config?.enforce_admins !== true || actualBypass.length === 0) {\n return [];\n }\n\n return [\n {\n rule: \"process.repo.branch_protection.enforce_admins\",\n tool: \"scan\",\n message: `Branch '${branch}' has bypass actors configured but enforce_admins requires no bypasses`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rulesets */\nfunction validateTagProtection(\n rulesets: RulesetResponse[],\n tagConfig: TagProtectionConfig\n): Violation[] {\n if (!tagConfig?.patterns?.length) {\n return [];\n }\n\n const violations: Violation[] = [];\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.enforcement === \"active\");\n\n if (!tagRuleset) {\n return [\n {\n rule: \"process.repo.tag_protection\",\n tool: \"scan\",\n message: \"No active tag protection ruleset found\",\n severity: \"error\",\n },\n ];\n }\n\n violations.push(...validateTagPatterns(tagConfig.patterns, tagRuleset));\n violations.push(...validateTagRules(tagConfig, tagRuleset.rules ?? []));\n\n return violations;\n}\n\n/** Validate tag patterns match */\nfunction validateTagPatterns(expectedPatterns: string[], tagRuleset: RulesetResponse): Violation[] {\n const expected = expectedPatterns.map((p) => `refs/tags/${p}`).sort();\n const actual = [...(tagRuleset.conditions?.ref_name?.include ?? [])].sort();\n\n if (expected.length === actual.length && expected.every((v, i) => v === actual[i])) {\n return [];\n }\n\n const found = actual.map((p) => p.replace(/^refs\\/tags\\//, \"\")).join(\", \");\n return [\n {\n rule: \"process.repo.tag_protection.patterns\",\n tool: \"scan\",\n message: `Tag protection patterns mismatch: expected [${expectedPatterns.join(\", \")}], found [${found}]`,\n severity: \"error\",\n },\n ];\n}\n\n/** Validate tag protection rules */\nfunction validateTagRules(tagConfig: TagProtectionConfig, rules: RulesetRule[]): Violation[] {\n if (!tagConfig) {\n return [];\n }\n\n const violations: Violation[] = [];\n\n if (tagConfig.prevent_deletion !== false && !rules.some((r) => r.type === \"deletion\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_deletion\",\n tool: \"scan\",\n message: \"Tag protection does not prevent deletion\",\n severity: \"error\",\n });\n }\n\n if (tagConfig.prevent_update !== false && !rules.some((r) => r.type === \"update\")) {\n violations.push({\n rule: \"process.repo.tag_protection.prevent_update\",\n tool: \"scan\",\n message: \"Tag protection does not prevent updates (force-push)\",\n severity: \"error\",\n });\n }\n\n return violations;\n}\n"],"mappings":";;;;;;;;;AAAA,OAAO,WAAW;;;ACAlB,SAAS,SAAAA,cAAa;;;ACAtB,SAAS,aAAa;AAKf,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,SAAS,gBAAgB,MAA8B;AAC5D,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,+BAA+B,IAAI;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAE,OAAO,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,EAAE;AAC3C;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,iBAAiB,UAA4C;AACjF,MAAI;AACF,UAAM,MAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,EAAE,CAAC;AACrE,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,WAAW,GAAG;AACtE,YAAM,IAAI;AAAA,QACR,yBAAyB,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QACxD;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,KAAK,GAAG;AAChE,YAAM,IAAI;AAAA,QACR,6BAA6B,SAAS,KAAK,IAAI,SAAS,IAAI;AAAA,QAC5D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,uCAAuC,YAAY;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBACpB,UACA,UACkB;AAClB,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,QAAQ;AAAA,MAC7D;AAAA,IACF,CAAC;AACD,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAGA,eAAe,gCACb,UACA,QAC0B;AAC1B,QAAM,WAAW,CAAC,OAAO,MAAM,GAAI,OAAO,oBAAoB,CAAC,CAAE;AAEjE,aAAW,QAAQ,UAAU;AAE3B,UAAM,SAAS,MAAM,sBAAsB,UAAU,IAAI;AACzD,QAAI,QAAQ;AACV,aAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,MAAM,cAAc,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,SAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,OAAO,cAAc,SAAS;AACpE;AAGA,eAAsB,iBACpB,UACA,SAC4B;AAE5B,QAAM,UAAU,MAAM,QAAQ;AAAA,IAC5B,QAAQ,IAAI,CAAC,WAAW,gCAAgC,UAAU,MAAM,CAAC;AAAA,EAC3E;AACA,SAAO;AACT;AAGO,IAAM,qBAAwC;AAAA,EACnD;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,IAC1D,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,kBAAkB,CAAC,aAAa,QAAQ;AAAA,IACxC,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;;;AC5GA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBACP,UACA,QAC6B;AAC7B,SAAO,SAAS;AAAA,IACd,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AACF;AAIO,SAAS,iBACd,UACA,YACa;AACb,MAAI,CAAC,YAAY;AACf,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,gBAAgB,WAAW;AACjC,QAAM,SAAS,eAAe,UAAU;AACxC,QAAM,gBAAgB,kBAAkB,UAAU,MAAM;AAExD,MAAI,WAAW,6BAA6B,CAAC,eAAe;AAC1D,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,iBAAiB,eAAe;AAClC,eAAW,KAAK,GAAG,sBAAsB,eAAe,eAAe,MAAM,CAAC;AAAA,EAChF;AAEA,MAAI,WAAW,gBAAgB,UAAU,QAAQ;AAC/C,eAAW,KAAK,GAAG,sBAAsB,UAAU,WAAW,cAAc,CAAC;AAAA,EAC/E;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,SACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,QAAQ,QAAQ,SAAS,CAAC;AAChC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AAExE,aAAW,KAAK,GAAG,wBAAwB,QAAQ,QAAQ,MAAM,CAAC;AAClE,aAAW,KAAK,GAAG,yBAAyB,YAAY,QAAQ,MAAM,CAAC;AACvE,aAAW,KAAK,GAAG,sBAAsB,OAAO,QAAQ,MAAM,CAAC;AAC/D,aAAW,KAAK,GAAG,qBAAqB,QAAQ,iBAAiB,CAAC,GAAG,QAAQ,MAAM,CAAC;AAEpF,SAAO;AACT;AAIA,SAAS,wBACP,QACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,QAAQ;AAEvB,MAAI,OAAO,qBAAqB,QAAW;AACzC,UAAM,gBAAgB,QAAQ,mCAAmC;AACjE,QAAI,gBAAgB,OAAO,kBAAkB;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,cAAc,aAAa,+BAA+B,OAAO,gBAAgB;AAAA,QAC3G,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,0BAA0B,QAAQ,EAAE,QAAQ,iCAAiC,QAAQ;AAC9F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,+BAA+B,QAAQ,EAAE,QAAQ,6BAA6B,QAAQ;AAC/F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAIA,SAAS,yBACP,YACA,QACA,QACa;AACb,MAAI,CAAC,QAAQ;AACX,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,SAAS,YAAY;AAE3B,MAAI,OAAO,yBAAyB,OAAO,sBAAsB,SAAS,GAAG;AAC3E,UAAM,eAAe,QAAQ,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK,CAAC;AAC/E,UAAM,gBAAgB,OAAO,sBAAsB;AAAA,MACjD,CAAC,UAAU,CAAC,aAAa,SAAS,KAAK;AAAA,IACzC;AACA,QAAI,cAAc,SAAS,GAAG;AAC5B,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM,qCAAqC,cAAc,KAAK,IAAI,CAAC;AAAA,QACvF,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MACE,OAAO,gCAAgC,QACvC,EAAE,QAAQ,wCAAwC,QAClD;AACA,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,SAAS,sBACP,OACA,QACA,QACa;AACb,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB,GAAG;AACxD,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,WAAW,MAAM;AAAA,QAC1B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO,CAAC;AACV;AAGA,SAAS,qBACP,cACA,QACA,QACa;AACb,MAAI,QAAQ,mBAAmB,QAAQ,aAAa,WAAW,GAAG;AAChE,WAAO,CAAC;AAAA,EACV;AAEA,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,WAAW,MAAM;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,sBACP,UACA,WACa;AACb,MAAI,CAAC,WAAW,UAAU,QAAQ;AAChC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AACjC,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,gBAAgB,QAAQ;AAExF,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,aAAW,KAAK,GAAG,oBAAoB,UAAU,UAAU,UAAU,CAAC;AACtE,aAAW,KAAK,GAAG,iBAAiB,WAAW,WAAW,SAAS,CAAC,CAAC,CAAC;AAEtE,SAAO;AACT;AAGA,SAAS,oBAAoB,kBAA4B,YAA0C;AACjG,QAAM,WAAW,iBAAiB,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE,EAAE,KAAK;AACpE,QAAM,SAAS,CAAC,GAAI,WAAW,YAAY,UAAU,WAAW,CAAC,CAAE,EAAE,KAAK;AAE1E,MAAI,SAAS,WAAW,OAAO,UAAU,SAAS,MAAM,CAAC,GAAG,MAAM,MAAM,OAAO,CAAC,CAAC,GAAG;AAClF,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,EAAE,KAAK,IAAI;AACzE,SAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,+CAA+C,iBAAiB,KAAK,IAAI,CAAC,aAAa,KAAK;AAAA,MACrG,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,WAAgC,OAAmC;AAC3F,MAAI,CAAC,WAAW;AACd,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAA0B,CAAC;AAEjC,MAAI,UAAU,qBAAqB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU,GAAG;AACrF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,MAAI,UAAU,mBAAmB,SAAS,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,GAAG;AACjF,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AF7TA,eAAe,cAAc,UAAsD;AACjF,QAAM,SAAS,MAAMC,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAC7F,SAAO,KAAK,MAAM,OAAO,MAAM;AACjC;AAGA,SAAS,oBACP,MACA,MACA,QACA,UACa;AACb,SAAO,EAAE,MAAM,MAAM,QAAQ,MAAM,YAAY,CAAC,GAAG,SAAS,MAAM,YAAY,QAAQ,SAAS;AACjG;AAGA,SAAS,kBACP,MACA,MACA,SACA,UACa;AACb,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,YAAY,CAAC,EAAE,MAAM,MAAM,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAAA,IAC/D,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAGA,SAAS,mBACP,OACA,YACA,SACa;AACb,QAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAEjE,MAAI,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,wBAAwB,GAAG;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,IAAI,SAAS,KAAK,GAAG;AACvB,UAAM,aAA0B,CAAC;AACjC,QAAI,YAAY,2BAA2B;AACzC,iBAAW,KAAK;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,6BAA6B,GAAG;AAAA,IAChC,QAAQ;AAAA,EACV;AACF;AAGA,eAAe,cAAc,UAA0B,QAAsC;AAC3F,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,OAAO,SAAS;AAEnC,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,cAAc,QAAQ;AAC7C,UAAM,aAAa,iBAAiB,UAAU,UAAU;AAExD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,WAAO,mBAAmB,OAAO,YAAY,OAAO;AAAA,EACtD;AACF;AAGA,SAAS,gBAAgB,QAAmC;AAC1D,QAAM,aAAgC,CAAC;AAEvC,MAAI,OAAO,SAAS,MAAM,oBAAoB;AAC5C,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN,kBAAkB,CAAC,sBAAsB,iBAAiB;AAAA,MAC1D,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,aAAW;AAAA,IACT,GAAG,mBAAmB,OAAO,CAAC,UAAU,CAAC,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,MAAM,IAAI,CAAC;AAAA,EAC1F;AAEA,SAAO;AACT;AAGA,SAAS,wBACP,SACA,YACa;AACb,QAAM,aAA0B,CAAC;AAEjC,aAAW,UAAU,SAAS;AAC5B,UAAM,cAAc,WAAW,KAAK,CAAC,OAAO,GAAG,SAAS,OAAO,IAAI;AACnE,QAAI,CAAC,OAAO,UAAU,aAAa,UAAU;AAC3C,iBAAW,KAAK;AAAA,QACd,MAAM,sBAAsB,OAAO,KAAK,QAAQ,SAAS,GAAG,CAAC;AAAA,QAC7D,MAAM;AAAA,QACN,SAAS,4BAA4B,OAAO,IAAI,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC;AAAA,QAC5F,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAe,WAAW,UAA0B,QAAsC;AACxF,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,UAAU,MAAc,KAAK,IAAI,IAAI;AAC3C,QAAM,aAAa,gBAAgB,MAAM;AAEzC,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI;AACF,UAAM,UAAU,MAAM,iBAAiB,UAAU,UAAU;AAC3D,UAAM,aAAa,wBAAwB,SAAS,UAAU;AAE9D,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ,WAAW,WAAW;AAAA,MAC9B;AAAA,MACA,SAAS;AAAA,MACT,UAAU,QAAQ;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,UAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,0BAA0B,GAAG;AAAA,MAC7B,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,UAA0B,QAAmC;AACrF,QAAM,aAAa,OAAO,QAAQ,CAAC,MAAM,EAAE,UAAU;AACrD,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AAClE,QAAM,eAAe,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE;AACnE,QAAM,gBAAgB,OAAO,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ,iBAAiB;AAAA,IACzB,SAAS,EAAE,aAAa,OAAO,QAAQ,cAAc,cAAc,cAAc;AAAA,EACnF;AACF;AAGA,eAAsB,eAAe,MAAc,QAAqC;AACtF,QAAM,WAAW,gBAAgB,IAAI;AAErC,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,QAAQ;AAE/B,QAAM,CAAC,gBAAgB,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,IACtD,cAAc,UAAU,MAAM;AAAA,IAC9B,WAAW,UAAU,MAAM;AAAA,EAC7B,CAAC;AAED,SAAO,iBAAiB,UAAU,CAAC,gBAAgB,WAAW,CAAC;AACjE;AAGA,eAAsB,gBACpB,SACgC;AAChC,QAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM,OAAO,oBAAqB;AAC9D,QAAM,EAAE,OAAO,IAAI,MAAMA,iBAAgB,QAAQ,MAAM;AACvD,QAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,QAAM,KAAK,MAAM,OAAO,IAAS;AACjC,QAAM,OAAO,MAAM,OAAO,MAAW;AACrC,QAAM,EAAE,cAAc,IAAI,MAAM,OAAO,KAAU;AAEjD,QAAM,YAAY,KAAK,QAAQ,cAAc,YAAY,GAAG,CAAC;AAC7D,QAAM,kBAAkB,KAAK,QAAQ,WAAW,MAAM,MAAM,MAAM,cAAc;AAChF,QAAM,cAAc,KAAK,MAAM,GAAG,aAAa,iBAAiB,OAAO,CAAC;AAExE,SAAO;AAAA,IACL,SAAS,YAAY;AAAA,IACrB,UAAU,OAAO;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ,OAAO;AAAA,IACf,SAAS;AAAA,MACP,aAAa,OAAO,QAAQ;AAAA,MAC5B,cAAc,OAAO,QAAQ;AAAA,MAC7B,cAAc,OAAO,QAAQ;AAAA,MAC7B,iBAAiB,OAAO,WAAW;AAAA,MACnC,UAAU,OAAO,SAAS,SAAS,UAAU,SAAS;AAAA,IACxD;AAAA,EACF;AACF;;;ADjQA,SAAS,eAAe,QAA4B;AAClD,QAAM,QAAkB,CAAC;AAEzB,QAAM,KAAK,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACzE,QAAM,KAAK,EAAE;AAEb,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI,MAAM,SAAS;AACjB,YAAM,KAAK,MAAM,OAAO,UAAK,MAAM,IAAI,cAAc,MAAM,UAAU,GAAG,CAAC;AAAA,IAC3E,WAAW,MAAM,QAAQ;AACvB,YAAM,KAAK,MAAM,MAAM,UAAK,MAAM,IAAI,EAAE,CAAC;AAAA,IAC3C,OAAO;AACL,YAAM,KAAK,MAAM,IAAI,UAAK,MAAM,IAAI,EAAE,CAAC;AACvC,iBAAW,aAAa,MAAM,YAAY;AACxC,cAAM,KAAK,MAAM,IAAI,YAAO,UAAU,OAAO,EAAE,CAAC;AAAA,MAClD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,KAAK,EAAE;AACb,QAAM;AAAA,IACJ,YAAY,OAAO,QAAQ,YAAY,YAClC,OAAO,QAAQ,YAAY,YAC3B,OAAO,QAAQ,aAAa;AAAA,EACnC;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGA,SAAS,eAAe,QAA4B;AAClD,SAAO,KAAK,UAAU,QAAQ,MAAM,CAAC;AACvC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,MAAM,gBAAgB,QAAQ,MAAM;AACvD,UAAM,SAAS,MAAM,eAAe,QAAQ,MAAM,MAAM;AAExD,UAAM,SAAS,QAAQ,WAAW,SAAS,eAAe,MAAM,IAAI,eAAe,MAAM;AAEzF,YAAQ,OAAO,MAAM,GAAG,MAAM;AAAA,CAAI;AAClC,YAAQ,KAAK,OAAO,SAAS,SAAS,UAAU,SAAS,gBAAgB;AAAA,EAC3E,SAAS,OAAO;AACd,QAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,QACP,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D,MAAO,MAA4B,QAAQ;AAAA,MAC7C;AACA,cAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,IAC/D,OAAO;AACL,cAAQ,MAAM,MAAM,IAAI,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC,EAAE,CAAC;AAAA,IAC7F;AACA,YAAQ,KAAK,SAAS,aAAa;AAAA,EACrC;AACF;","names":["execa","execa","loadConfigAsync"]}
|
|
@@ -1,14 +1,10 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createClientFactory
|
|
3
|
+
} from "./chunk-O745CMWG.js";
|
|
4
|
+
|
|
1
5
|
// src/infra/checkers/secretsmanager.ts
|
|
2
6
|
import { DescribeSecretCommand, SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
|
|
3
|
-
var
|
|
4
|
-
function getClient(region) {
|
|
5
|
-
let client = clientCache.get(region);
|
|
6
|
-
if (!client) {
|
|
7
|
-
client = new SecretsManagerClient({ region });
|
|
8
|
-
clientCache.set(region, client);
|
|
9
|
-
}
|
|
10
|
-
return client;
|
|
11
|
-
}
|
|
7
|
+
var getClient = createClientFactory(SecretsManagerClient);
|
|
12
8
|
var SecretsManagerChecker = {
|
|
13
9
|
async check(arn) {
|
|
14
10
|
const { resourceId, region, raw } = arn;
|
|
@@ -47,4 +43,4 @@ var SecretsManagerChecker = {
|
|
|
47
43
|
export {
|
|
48
44
|
SecretsManagerChecker
|
|
49
45
|
};
|
|
50
|
-
//# sourceMappingURL=secretsmanager-
|
|
46
|
+
//# sourceMappingURL=secretsmanager-FJKTPIXI.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/infra/checkers/secretsmanager.ts"],"sourcesContent":["/**\n * Secrets Manager resource checker\n */\n\nimport { DescribeSecretCommand, SecretsManagerClient } from \"@aws-sdk/client-secrets-manager\";\n\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactory } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create a Secrets Manager client for a region\n */\nconst getClient = createClientFactory(SecretsManagerClient);\n\n/**\n * Secrets Manager secret checker\n */\nexport const SecretsManagerChecker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceId, region, raw } = arn;\n\n const client = getClient(region);\n\n try {\n // Use the full ARN to get the secret\n await client.send(new DescribeSecretCommand({ SecretId: raw }));\n\n return {\n arn: raw,\n exists: true,\n service: \"secretsmanager\",\n resourceType: \"secret\",\n resourceId,\n };\n } catch (error) {\n const err = error as Error & { name?: string };\n\n if (err.name === \"ResourceNotFoundException\") {\n return {\n arn: raw,\n exists: false,\n service: \"secretsmanager\",\n resourceType: \"secret\",\n resourceId,\n };\n }\n\n return {\n arn: raw,\n exists: false,\n error: err.message || \"Unknown error\",\n service: \"secretsmanager\",\n resourceType: \"secret\",\n resourceId,\n };\n }\n },\n};\n"],"mappings":";;;;;AAIA,SAAS,uBAAuB,4BAA4B;AAS5D,IAAM,YAAY,oBAAoB,oBAAoB;AAKnD,IAAM,wBAAyC;AAAA,EACpD,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,YAAY,QAAQ,IAAI,IAAI;AAEpC,UAAM,SAAS,UAAU,MAAM;AAE/B,QAAI;AAEF,YAAM,OAAO,KAAK,IAAI,sBAAsB,EAAE,UAAU,IAAI,CAAC,CAAC;AAE9D,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AAEZ,UAAI,IAAI,SAAS,6BAA6B;AAC5C,eAAO;AAAA,UACL,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,cAAc;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,OAAO,IAAI,WAAW;AAAA,QACtB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,14 +1,10 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createClientFactory
|
|
3
|
+
} from "./chunk-O745CMWG.js";
|
|
4
|
+
|
|
1
5
|
// src/infra/checkers/sns.ts
|
|
2
6
|
import { GetTopicAttributesCommand, SNSClient } from "@aws-sdk/client-sns";
|
|
3
|
-
var
|
|
4
|
-
function getClient(region) {
|
|
5
|
-
let client = clientCache.get(region);
|
|
6
|
-
if (!client) {
|
|
7
|
-
client = new SNSClient({ region });
|
|
8
|
-
clientCache.set(region, client);
|
|
9
|
-
}
|
|
10
|
-
return client;
|
|
11
|
-
}
|
|
7
|
+
var getClient = createClientFactory(SNSClient);
|
|
12
8
|
var SNSChecker = {
|
|
13
9
|
async check(arn) {
|
|
14
10
|
const { resourceId, region, raw } = arn;
|
|
@@ -47,4 +43,4 @@ var SNSChecker = {
|
|
|
47
43
|
export {
|
|
48
44
|
SNSChecker
|
|
49
45
|
};
|
|
50
|
-
//# sourceMappingURL=sns-
|
|
46
|
+
//# sourceMappingURL=sns-RV64OMK2.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/infra/checkers/sns.ts"],"sourcesContent":["/**\n * SNS resource checker\n */\n\nimport { GetTopicAttributesCommand, SNSClient } from \"@aws-sdk/client-sns\";\n\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactory } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an SNS client for a region\n */\nconst getClient = createClientFactory(SNSClient);\n\n/**\n * SNS topic checker\n */\nexport const SNSChecker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceId, region, raw } = arn;\n\n const client = getClient(region);\n\n try {\n // Use the full ARN to get topic attributes\n await client.send(new GetTopicAttributesCommand({ TopicArn: raw }));\n\n return {\n arn: raw,\n exists: true,\n service: \"sns\",\n resourceType: \"topic\",\n resourceId,\n };\n } catch (error) {\n const err = error as Error & { name?: string };\n\n if (err.name === \"NotFoundException\" || err.name === \"NotFound\") {\n return {\n arn: raw,\n exists: false,\n service: \"sns\",\n resourceType: \"topic\",\n resourceId,\n };\n }\n\n return {\n arn: raw,\n exists: false,\n error: err.message || \"Unknown error\",\n service: \"sns\",\n resourceType: \"topic\",\n resourceId,\n };\n }\n },\n};\n"],"mappings":";;;;;AAIA,SAAS,2BAA2B,iBAAiB;AASrD,IAAM,YAAY,oBAAoB,SAAS;AAKxC,IAAM,aAA8B;AAAA,EACzC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,YAAY,QAAQ,IAAI,IAAI;AAEpC,UAAM,SAAS,UAAU,MAAM;AAE/B,QAAI;AAEF,YAAM,OAAO,KAAK,IAAI,0BAA0B,EAAE,UAAU,IAAI,CAAC,CAAC;AAElE,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AAEZ,UAAI,IAAI,SAAS,uBAAuB,IAAI,SAAS,YAAY;AAC/D,eAAO;AAAA,UACL,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,cAAc;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,OAAO,IAAI,WAAW;AAAA,QACtB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,14 +1,10 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createClientFactory
|
|
3
|
+
} from "./chunk-O745CMWG.js";
|
|
4
|
+
|
|
1
5
|
// src/infra/checkers/sqs.ts
|
|
2
6
|
import { GetQueueAttributesCommand, GetQueueUrlCommand, SQSClient } from "@aws-sdk/client-sqs";
|
|
3
|
-
var
|
|
4
|
-
function getClient(region) {
|
|
5
|
-
let client = clientCache.get(region);
|
|
6
|
-
if (!client) {
|
|
7
|
-
client = new SQSClient({ region });
|
|
8
|
-
clientCache.set(region, client);
|
|
9
|
-
}
|
|
10
|
-
return client;
|
|
11
|
-
}
|
|
7
|
+
var getClient = createClientFactory(SQSClient);
|
|
12
8
|
var SQSChecker = {
|
|
13
9
|
async check(arn) {
|
|
14
10
|
const { resourceId, region, accountId, raw } = arn;
|
|
@@ -58,4 +54,4 @@ var SQSChecker = {
|
|
|
58
54
|
export {
|
|
59
55
|
SQSChecker
|
|
60
56
|
};
|
|
61
|
-
//# sourceMappingURL=sqs-
|
|
57
|
+
//# sourceMappingURL=sqs-MHBW6UFC.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/infra/checkers/sqs.ts"],"sourcesContent":["/**\n * SQS resource checker\n */\n\nimport { GetQueueAttributesCommand, GetQueueUrlCommand, SQSClient } from \"@aws-sdk/client-sqs\";\n\nimport type { ParsedArn, ResourceCheckResult } from \"../types.js\";\nimport { createClientFactory } from \"./client-factory.js\";\nimport type { ResourceChecker } from \"./types.js\";\n\n/**\n * Get or create an SQS client for a region\n */\nconst getClient = createClientFactory(SQSClient);\n\n/**\n * SQS queue checker\n */\nexport const SQSChecker: ResourceChecker = {\n async check(arn: ParsedArn): Promise<ResourceCheckResult> {\n const { resourceId, region, accountId, raw } = arn;\n\n const client = getClient(region);\n\n try {\n // First, get the queue URL from the queue name and account ID\n const urlResponse = await client.send(\n new GetQueueUrlCommand({\n QueueName: resourceId,\n QueueOwnerAWSAccountId: accountId || undefined,\n })\n );\n\n // Then verify the queue exists by getting its attributes\n await client.send(\n new GetQueueAttributesCommand({\n QueueUrl: urlResponse.QueueUrl,\n AttributeNames: [\"QueueArn\"],\n })\n );\n\n return {\n arn: raw,\n exists: true,\n service: \"sqs\",\n resourceType: \"queue\",\n resourceId,\n };\n } catch (error) {\n const err = error as Error & { name?: string };\n\n if (\n err.name === \"QueueDoesNotExist\" ||\n err.name === \"AWS.SimpleQueueService.NonExistentQueue\"\n ) {\n return {\n arn: raw,\n exists: false,\n service: \"sqs\",\n resourceType: \"queue\",\n resourceId,\n };\n }\n\n return {\n arn: raw,\n exists: false,\n error: err.message || \"Unknown error\",\n service: \"sqs\",\n resourceType: \"queue\",\n resourceId,\n };\n }\n },\n};\n"],"mappings":";;;;;AAIA,SAAS,2BAA2B,oBAAoB,iBAAiB;AASzE,IAAM,YAAY,oBAAoB,SAAS;AAKxC,IAAM,aAA8B;AAAA,EACzC,MAAM,MAAM,KAA8C;AACxD,UAAM,EAAE,YAAY,QAAQ,WAAW,IAAI,IAAI;AAE/C,UAAM,SAAS,UAAU,MAAM;AAE/B,QAAI;AAEF,YAAM,cAAc,MAAM,OAAO;AAAA,QAC/B,IAAI,mBAAmB;AAAA,UACrB,WAAW;AAAA,UACX,wBAAwB,aAAa;AAAA,QACvC,CAAC;AAAA,MACH;AAGA,YAAM,OAAO;AAAA,QACX,IAAI,0BAA0B;AAAA,UAC5B,UAAU,YAAY;AAAA,UACtB,gBAAgB,CAAC,UAAU;AAAA,QAC7B,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM;AAEZ,UACE,IAAI,SAAS,uBACb,IAAI,SAAS,2CACb;AACA,eAAO;AAAA,UACL,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,cAAc;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,OAAO,IAAI,WAAW;AAAA,QACtB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
|
|
@@ -15,7 +15,8 @@ import {
|
|
|
15
15
|
parseGuideline,
|
|
16
16
|
scoreGuideline,
|
|
17
17
|
toListItems
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-YKKWXHYS.js";
|
|
19
|
+
import "./chunk-RHM53NLG.js";
|
|
19
20
|
export {
|
|
20
21
|
StandardsError,
|
|
21
22
|
composeGuidelines,
|
|
@@ -34,4 +35,4 @@ export {
|
|
|
34
35
|
scoreGuideline,
|
|
35
36
|
toListItems
|
|
36
37
|
};
|
|
37
|
-
//# sourceMappingURL=standards-
|
|
38
|
+
//# sourceMappingURL=standards-ALMA4VIU.js.map
|
|
@@ -2,7 +2,8 @@ import "./chunk-DXIYZR62.js";
|
|
|
2
2
|
import {
|
|
3
3
|
getProjectRoot,
|
|
4
4
|
loadConfig
|
|
5
|
-
} from "./chunk-
|
|
5
|
+
} from "./chunk-FJZMUGYW.js";
|
|
6
|
+
import "./chunk-RHM53NLG.js";
|
|
6
7
|
|
|
7
8
|
// src/process/sync/applier.ts
|
|
8
9
|
import { execa } from "execa";
|
|
@@ -874,4 +875,4 @@ export {
|
|
|
874
875
|
runTagDiff,
|
|
875
876
|
runTagSync
|
|
876
877
|
};
|
|
877
|
-
//# sourceMappingURL=sync-
|
|
878
|
+
//# sourceMappingURL=sync-EGJ2CSYK.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/process/sync/applier.ts","../src/process/sync/differ.ts","../src/process/sync/fetcher.ts","../src/process/sync/index.ts"],"sourcesContent":["import { execa } from \"execa\";\n\nimport {\n type DesiredBranchProtection,\n type DesiredTagProtection,\n type RepoInfo,\n type SettingDiff,\n type SyncDiffResult,\n type SyncResult,\n type TagProtectionDiffResult,\n} from \"./types.js\";\n\n/** Error thrown when applier encounters an issue */\nexport class ApplierError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_PERMISSION\" | \"API_ERROR\"\n ) {\n super(message);\n this.name = \"ApplierError\";\n }\n}\n\n/** Apply branch protection ruleset to GitHub */\nexport async function applyBranchProtection(\n repoInfo: RepoInfo,\n branch: string,\n desired: DesiredBranchProtection,\n diffResult: SyncDiffResult\n): Promise<SyncResult> {\n if (!diffResult.hasChanges) {\n return { success: true, applied: [], failed: [] };\n }\n\n const requestBody = buildBranchRulesetBody(branch, desired);\n\n try {\n if (diffResult.currentRulesetId === null) {\n // Create new ruleset\n await execa(\n \"gh\",\n [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, \"-X\", \"POST\", \"--input\", \"-\"],\n { input: JSON.stringify(requestBody) }\n );\n } else {\n // Update existing ruleset\n await execa(\n \"gh\",\n [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,\n \"-X\",\n \"PUT\",\n \"--input\",\n \"-\",\n ],\n { input: JSON.stringify(requestBody) }\n );\n }\n\n return { success: true, applied: diffResult.diffs, failed: [] };\n } catch (error) {\n return handleBranchApplyError(error, diffResult.diffs);\n }\n}\n\n/** Handle errors from applying branch protection */\nfunction handleBranchApplyError(error: unknown, diffs: SettingDiff[]): SyncResult {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new ApplierError(\n \"Cannot update branch protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n return {\n success: false,\n applied: [],\n failed: diffs.map((diff) => ({ diff, error: errorMessage })),\n };\n}\n\n/** Build GitHub API request body for branch ruleset */\nfunction buildBranchRulesetBody(\n branch: string,\n desired: DesiredBranchProtection\n): Record<string, unknown> {\n const rules: { type: string; parameters?: Record<string, unknown> }[] = [];\n\n // Build pull_request rule if any review settings specified\n const pullRequestRule = buildPullRequestRule(desired);\n if (pullRequestRule) {\n rules.push(pullRequestRule);\n }\n\n // Build required_status_checks rule\n const statusChecksRule = buildStatusChecksRule(desired);\n if (statusChecksRule) {\n rules.push(statusChecksRule);\n }\n\n // Build required_signatures rule\n if (desired.require_signed_commits === true) {\n rules.push({ type: \"required_signatures\" });\n }\n\n // Build bypass actors array\n const bypassActors =\n desired.bypass_actors?.map((actor) => ({\n actor_id: actor.actor_id ?? null,\n actor_type: actor.actor_type,\n bypass_mode: actor.bypass_mode ?? \"always\",\n })) ?? [];\n\n return {\n name: \"Branch Protection\",\n target: \"branch\",\n enforcement: \"active\",\n conditions: {\n ref_name: {\n include: [`refs/heads/${branch}`],\n exclude: [],\n },\n },\n bypass_actors: bypassActors,\n rules,\n };\n}\n\n/** Build pull_request rule for PR review settings */\nfunction buildPullRequestRule(\n desired: DesiredBranchProtection\n): { type: string; parameters: Record<string, unknown> } | null {\n const hasReviewSettings =\n desired.required_reviews !== undefined ||\n desired.dismiss_stale_reviews !== undefined ||\n desired.require_code_owner_reviews !== undefined;\n\n if (!hasReviewSettings) {\n return null;\n }\n\n return {\n type: \"pull_request\",\n parameters: {\n ...(desired.required_reviews !== undefined && {\n required_approving_review_count: desired.required_reviews,\n }),\n ...(desired.dismiss_stale_reviews !== undefined && {\n dismiss_stale_reviews_on_push: desired.dismiss_stale_reviews,\n }),\n ...(desired.require_code_owner_reviews !== undefined && {\n require_code_owner_review: desired.require_code_owner_reviews,\n }),\n },\n };\n}\n\n/** Build required_status_checks rule for status check settings */\nfunction buildStatusChecksRule(\n desired: DesiredBranchProtection\n): { type: string; parameters: Record<string, unknown> } | null {\n const hasStatusSettings =\n desired.require_status_checks !== undefined ||\n desired.require_branches_up_to_date !== undefined;\n\n if (!hasStatusSettings) {\n return null;\n }\n\n const statusChecks =\n desired.require_status_checks?.map((context) => ({\n context,\n })) ?? [];\n\n return {\n type: \"required_status_checks\",\n parameters: {\n required_status_checks: statusChecks,\n strict_required_status_checks_policy: desired.require_branches_up_to_date ?? false,\n },\n };\n}\n\n// =============================================================================\n// Tag Protection (GitHub Rulesets API)\n// =============================================================================\n\n/** Apply tag protection ruleset to GitHub */\nexport async function applyTagProtection(\n repoInfo: RepoInfo,\n desired: DesiredTagProtection,\n diffResult: TagProtectionDiffResult\n): Promise<SyncResult> {\n if (!diffResult.hasChanges) {\n return { success: true, applied: [], failed: [] };\n }\n\n const requestBody = buildTagRulesetBody(desired);\n\n try {\n if (diffResult.currentRulesetId === null) {\n // Create new ruleset\n await execa(\n \"gh\",\n [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`, \"-X\", \"POST\", \"--input\", \"-\"],\n { input: JSON.stringify(requestBody) }\n );\n } else {\n // Update existing ruleset\n await execa(\n \"gh\",\n [\n \"api\",\n `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets/${diffResult.currentRulesetId}`,\n \"-X\",\n \"PUT\",\n \"--input\",\n \"-\",\n ],\n { input: JSON.stringify(requestBody) }\n );\n }\n\n return { success: true, applied: diffResult.diffs, failed: [] };\n } catch (error) {\n return handleTagApplyError(error, diffResult.diffs);\n }\n}\n\n/** Build GitHub API request body for tag ruleset */\nfunction buildTagRulesetBody(desired: DesiredTagProtection): Record<string, unknown> {\n const rules: { type: string }[] = [];\n\n // Default to true if not specified\n if (desired.prevent_deletion !== false) {\n rules.push({ type: \"deletion\" });\n }\n if (desired.prevent_update !== false) {\n rules.push({ type: \"update\" });\n }\n\n const patterns = desired.patterns ?? [\"v*\"];\n const includePatterns = patterns.map((p) => `refs/tags/${p}`);\n\n return {\n name: \"Tag Protection\",\n target: \"tag\",\n enforcement: \"active\",\n conditions: {\n ref_name: {\n include: includePatterns,\n exclude: [],\n },\n },\n rules,\n };\n}\n\n/** Handle errors from applying tag protection */\nfunction handleTagApplyError(error: unknown, diffs: SettingDiff[]): SyncResult {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new ApplierError(\n \"Cannot update tag protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n return {\n success: false,\n applied: [],\n failed: diffs.map((diff) => ({ diff, error: errorMessage })),\n };\n}\n","import {\n type BranchProtectionSettings,\n type BypassActor,\n type DesiredBranchProtection,\n type DesiredTagProtection,\n type RepoInfo,\n type SettingDiff,\n type SyncDiffResult,\n type TagProtectionDiffResult,\n type TagProtectionSettings,\n} from \"./types.js\";\n\n/** Field mapping for comparison */\ninterface FieldMapping {\n name: string;\n getCurrentValue: (c: BranchProtectionSettings) => unknown;\n getDesiredValue: (d: DesiredBranchProtection) => unknown;\n isArray?: boolean;\n}\n\n/** All field mappings for branch protection settings */\nconst fieldMappings: FieldMapping[] = [\n {\n name: \"required_reviews\",\n getCurrentValue: (c) => c.requiredReviews,\n getDesiredValue: (d) => d.required_reviews,\n },\n {\n name: \"dismiss_stale_reviews\",\n getCurrentValue: (c) => c.dismissStaleReviews,\n getDesiredValue: (d) => d.dismiss_stale_reviews,\n },\n {\n name: \"require_code_owner_reviews\",\n getCurrentValue: (c) => c.requireCodeOwnerReviews,\n getDesiredValue: (d) => d.require_code_owner_reviews,\n },\n {\n name: \"require_status_checks\",\n getCurrentValue: (c) => c.requiredStatusChecks,\n getDesiredValue: (d) => d.require_status_checks,\n isArray: true,\n },\n {\n name: \"require_branches_up_to_date\",\n getCurrentValue: (c) => c.requireBranchesUpToDate,\n getDesiredValue: (d) => d.require_branches_up_to_date,\n },\n {\n name: \"require_signed_commits\",\n getCurrentValue: (c) => c.requireSignedCommits,\n getDesiredValue: (d) => d.require_signed_commits,\n },\n {\n name: \"enforce_admins\",\n getCurrentValue: (c) => c.enforceAdmins,\n getDesiredValue: (d) => d.enforce_admins,\n },\n];\n\n/** Compare current settings with desired and generate diffs */\nexport function computeDiff(\n repoInfo: RepoInfo,\n current: BranchProtectionSettings,\n desired: DesiredBranchProtection\n): SyncDiffResult {\n const diffs = collectDiffs(current, desired);\n\n // Add bypass_actors diff\n const bypassDiff = compareBypassActors(\n current.bypassActors,\n desired.bypass_actors,\n current.rulesetId\n );\n if (bypassDiff) {\n diffs.push(bypassDiff);\n }\n\n return {\n repoInfo,\n branch: current.branch,\n diffs,\n hasChanges: diffs.length > 0,\n currentRulesetId: current.rulesetId,\n };\n}\n\n/** Collect all diffs between current and desired settings */\nfunction collectDiffs(\n current: BranchProtectionSettings,\n desired: DesiredBranchProtection\n): SettingDiff[] {\n const diffs: SettingDiff[] = [];\n\n for (const mapping of fieldMappings) {\n const desiredValue = mapping.getDesiredValue(desired);\n if (desiredValue === undefined) {\n continue;\n }\n\n const currentValue = mapping.getCurrentValue(current);\n const diff = mapping.isArray\n ? compareArrayValue(mapping.name, currentValue as string[] | null, desiredValue as string[])\n : compareValue(mapping.name, currentValue, desiredValue);\n\n if (diff) {\n diffs.push(diff);\n }\n }\n\n return diffs;\n}\n\n/** Compare a single value and return diff if different */\nfunction compareValue(setting: string, current: unknown, desired: unknown): SettingDiff | null {\n const currentValue = current ?? null;\n if (currentValue === desired) {\n return null;\n }\n\n return {\n setting,\n current: currentValue,\n desired,\n action: currentValue === null ? \"add\" : \"change\",\n };\n}\n\n/** Compare arrays and return diff if different */\nfunction compareArrayValue(\n setting: string,\n current: string[] | null,\n desired: string[]\n): SettingDiff | null {\n const currentArray = current ?? [];\n const sortedCurrent = [...currentArray].sort();\n const sortedDesired = [...desired].sort();\n\n const areEqual =\n sortedCurrent.length === sortedDesired.length &&\n sortedCurrent.every((v, i) => v === sortedDesired[i]);\n\n if (areEqual) {\n return null;\n }\n\n return {\n setting,\n current: currentArray,\n desired,\n action: currentArray.length === 0 ? \"add\" : \"change\",\n };\n}\n\n/** Compare bypass actors arrays */\nfunction compareBypassActors(\n current: BypassActor[] | null,\n desired: BypassActor[] | undefined,\n rulesetId: number | null\n): SettingDiff | null {\n if (desired === undefined) {\n return null;\n }\n\n const currentActors = current ?? [];\n\n // Normalize and sort for comparison\n const sortKey = (a: BypassActor): string =>\n `${a.actor_type}:${a.actor_id ?? \"\"}:${a.bypass_mode ?? \"always\"}`;\n\n const sortedCurrent = [...currentActors].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));\n const sortedDesired = [...desired].sort((a, b) => sortKey(a).localeCompare(sortKey(b)));\n\n // Normalize bypass_mode defaults for comparison\n const normalize = (actors: BypassActor[]): BypassActor[] =>\n actors.map((a) => ({\n actor_type: a.actor_type,\n actor_id: a.actor_id,\n bypass_mode: a.bypass_mode ?? \"always\",\n }));\n\n const normalizedCurrent = normalize(sortedCurrent);\n const normalizedDesired = normalize(sortedDesired);\n\n const areEqual =\n normalizedCurrent.length === normalizedDesired.length &&\n normalizedCurrent.every(\n (c, i) =>\n c.actor_type === normalizedDesired[i].actor_type &&\n c.actor_id === normalizedDesired[i].actor_id &&\n c.bypass_mode === normalizedDesired[i].bypass_mode\n );\n\n if (areEqual) {\n return null;\n }\n\n return {\n setting: \"bypass_actors\",\n current: currentActors,\n desired,\n action: rulesetId === null ? \"add\" : \"change\",\n };\n}\n\n/** Format a value for display */\nexport function formatValue(value: unknown): string {\n if (value === null || value === undefined) {\n return \"not set\";\n }\n if (Array.isArray(value)) {\n return value.length === 0 ? \"[]\" : `[${value.join(\", \")}]`;\n }\n return String(value);\n}\n\n// =============================================================================\n// Tag Protection Diff\n// =============================================================================\n\n/** Compare current tag protection with desired and generate diffs */\nexport function computeTagDiff(\n repoInfo: RepoInfo,\n current: TagProtectionSettings,\n desired: DesiredTagProtection\n): TagProtectionDiffResult {\n const diffs: SettingDiff[] = [];\n const rulesetId = current.rulesetId;\n\n collectPatternDiff(diffs, current, desired);\n collectBooleanDiff(diffs, {\n s: \"prevent_deletion\",\n c: current.preventDeletion,\n d: desired.prevent_deletion,\n r: rulesetId,\n });\n collectBooleanDiff(diffs, {\n s: \"prevent_update\",\n c: current.preventUpdate,\n d: desired.prevent_update,\n r: rulesetId,\n });\n\n return { repoInfo, diffs, hasChanges: diffs.length > 0, currentRulesetId: rulesetId };\n}\n\n/** Collect pattern diff if patterns don't match */\nfunction collectPatternDiff(\n diffs: SettingDiff[],\n current: TagProtectionSettings,\n desired: DesiredTagProtection\n): void {\n if (desired.patterns === undefined) {\n return;\n }\n const curr = [...current.patterns].sort();\n const des = [...desired.patterns].sort();\n const match = curr.length === des.length && curr.every((v, i) => v === des[i]);\n if (!match) {\n diffs.push({\n setting: \"patterns\",\n current: current.patterns,\n desired: desired.patterns,\n action: curr.length === 0 ? \"add\" : \"change\",\n });\n }\n}\n\n/** Collect boolean setting diff (s=setting, c=current, d=desired, r=rulesetId) */\nfunction collectBooleanDiff(\n diffs: SettingDiff[],\n o: { s: string; c: boolean; d: boolean | undefined; r: number | null }\n): void {\n if (o.d !== undefined && o.c !== o.d) {\n diffs.push({\n setting: o.s,\n current: o.c,\n desired: o.d,\n action: o.r === null ? \"add\" : \"change\",\n });\n }\n}\n","import { execa } from \"execa\";\n\nimport {\n type BranchProtectionSettings,\n type BypassActor,\n type GitHubRuleset,\n type GitHubRulesetBypassActor,\n type RepoInfo,\n type TagProtectionSettings,\n} from \"./types.js\";\n\n/** Error thrown when fetcher encounters an issue */\nexport class FetcherError extends Error {\n constructor(\n message: string,\n public readonly code: \"NO_GH\" | \"NO_REPO\" | \"NO_PERMISSION\" | \"API_ERROR\"\n ) {\n super(message);\n this.name = \"FetcherError\";\n }\n}\n\n/** Check if gh CLI is available */\nexport async function isGhAvailable(): Promise<boolean> {\n try {\n await execa(\"gh\", [\"--version\"]);\n return true;\n } catch {\n return false;\n }\n}\n\n/** Get repository info from git remote */\nexport async function getRepoInfo(projectRoot: string): Promise<RepoInfo> {\n try {\n const result = await execa(\"gh\", [\"repo\", \"view\", \"--json\", \"owner,name\"], {\n cwd: projectRoot,\n });\n const data = JSON.parse(result.stdout) as { owner: { login: string }; name: string };\n return { owner: data.owner.login, repo: data.name };\n } catch {\n throw new FetcherError(\"Could not determine GitHub repository from git remote\", \"NO_REPO\");\n }\n}\n\n/** Fetch current branch protection settings from GitHub Rulesets */\nexport async function fetchBranchProtection(\n repoInfo: RepoInfo,\n branch: string\n): Promise<BranchProtectionSettings> {\n try {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n\n const rulesets = JSON.parse(result.stdout) as GitHubRuleset[];\n return parseBranchRuleset(rulesets, branch);\n } catch (error) {\n return handleBranchFetchError(error, branch);\n }\n}\n\n/** Handle errors from fetching branch protection */\nfunction handleBranchFetchError(error: unknown, branch: string): BranchProtectionSettings {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n // 404 means no rulesets exist - return empty settings\n if (errorMessage.includes(\"404\")) {\n return createEmptySettings(branch);\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new FetcherError(\n \"Cannot read branch protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n throw new FetcherError(`Failed to fetch branch protection: ${errorMessage}`, \"API_ERROR\");\n}\n\n/** Find and parse the branch protection ruleset */\n \nfunction parseBranchRuleset(rulesets: GitHubRuleset[], branch: string): BranchProtectionSettings {\n // Find ruleset targeting branches that includes the specified branch\n const branchRuleset = rulesets.find(\n (r) =>\n r.target === \"branch\" &&\n r.enforcement === \"active\" &&\n matchesBranch(r.conditions?.ref_name?.include ?? [], branch)\n );\n\n if (!branchRuleset) {\n return createEmptySettings(branch);\n }\n\n const rules = branchRuleset.rules ?? [];\n const prRule = rules.find((r) => r.type === \"pull_request\");\n const statusRule = rules.find((r) => r.type === \"required_status_checks\");\n const signaturesRule = rules.find((r) => r.type === \"required_signatures\");\n\n // Parse bypass actors\n const bypassActors = parseBypassActors(branchRuleset.bypass_actors);\n\n // enforceAdmins is true when there are no bypass actors\n const enforceAdmins = bypassActors === null || bypassActors.length === 0;\n\n return {\n branch,\n requiredReviews: prRule?.parameters?.required_approving_review_count ?? null,\n dismissStaleReviews: prRule?.parameters?.dismiss_stale_reviews_on_push ?? null,\n requireCodeOwnerReviews: prRule?.parameters?.require_code_owner_review ?? null,\n requiredStatusChecks:\n statusRule?.parameters?.required_status_checks?.map((c) => c.context) ?? null,\n requireBranchesUpToDate: statusRule?.parameters?.strict_required_status_checks_policy ?? null,\n requireSignedCommits: signaturesRule !== undefined,\n enforceAdmins,\n bypassActors,\n rulesetId: branchRuleset.id,\n rulesetName: branchRuleset.name,\n };\n}\n\n/** Check if branch matches any of the include patterns */\nfunction matchesBranch(patterns: string[], branch: string): boolean {\n for (const pattern of patterns) {\n const cleanPattern = pattern.replace(/^refs\\/heads\\//, \"\");\n if (cleanPattern === branch) {\n return true;\n }\n if (cleanPattern === \"~DEFAULT_BRANCH\" && branch === \"main\") {\n return true;\n }\n if (cleanPattern === \"~ALL\") {\n return true;\n }\n // Simple wildcard matching for patterns like \"release/*\"\n if (cleanPattern.includes(\"*\")) {\n const regex = new RegExp(`^${cleanPattern.replace(/\\*/g, \".*\")}$`);\n if (regex.test(branch)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/** Parse bypass actors from GitHub API response */\nfunction parseBypassActors(actors: GitHubRulesetBypassActor[] | undefined): BypassActor[] | null {\n if (!actors || actors.length === 0) {\n return null;\n }\n\n return actors.map((actor) => ({\n actor_type: actor.actor_type,\n actor_id: actor.actor_id ?? undefined,\n bypass_mode: actor.bypass_mode,\n }));\n}\n\n/** Create empty settings for unprotected branch */\nfunction createEmptySettings(branch: string): BranchProtectionSettings {\n return {\n branch,\n requiredReviews: null,\n dismissStaleReviews: null,\n requireCodeOwnerReviews: null,\n requiredStatusChecks: null,\n requireBranchesUpToDate: null,\n requireSignedCommits: null,\n enforceAdmins: null,\n bypassActors: null,\n rulesetId: null,\n rulesetName: null,\n };\n}\n\n// =============================================================================\n// Tag Protection (GitHub Rulesets API)\n// =============================================================================\n\n/** Fetch current tag protection rulesets from GitHub */\nexport async function fetchTagProtection(repoInfo: RepoInfo): Promise<TagProtectionSettings> {\n try {\n const result = await execa(\"gh\", [\"api\", `repos/${repoInfo.owner}/${repoInfo.repo}/rulesets`]);\n\n const rulesets = JSON.parse(result.stdout) as GitHubRuleset[];\n return parseTagRuleset(rulesets);\n } catch (error) {\n return handleTagFetchError(error);\n }\n}\n\n/** Find and parse the tag protection ruleset */\nfunction parseTagRuleset(rulesets: GitHubRuleset[]): TagProtectionSettings {\n // Find existing tag protection ruleset (by target type and name)\n const tagRuleset = rulesets.find((r) => r.target === \"tag\" && r.name === \"Tag Protection\");\n\n if (!tagRuleset) {\n return createEmptyTagSettings();\n }\n\n const patterns =\n tagRuleset.conditions?.ref_name?.include?.map((p) => p.replace(/^refs\\/tags\\//, \"\")) ?? [];\n\n const rules = tagRuleset.rules ?? [];\n const preventDeletion = rules.some((r) => r.type === \"deletion\");\n const preventUpdate = rules.some((r) => r.type === \"update\");\n\n return {\n patterns,\n preventDeletion,\n preventUpdate,\n rulesetId: tagRuleset.id,\n rulesetName: tagRuleset.name,\n };\n}\n\n/** Create empty settings when no tag ruleset exists */\nfunction createEmptyTagSettings(): TagProtectionSettings {\n return {\n patterns: [],\n preventDeletion: false,\n preventUpdate: false,\n rulesetId: null,\n rulesetName: null,\n };\n}\n\n/** Handle errors from fetching tag protection */\nfunction handleTagFetchError(error: unknown): TagProtectionSettings {\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n // 404 means no rulesets exist - return empty settings\n if (errorMessage.includes(\"404\")) {\n return createEmptyTagSettings();\n }\n\n if (errorMessage.includes(\"403\") || errorMessage.includes(\"Must have admin rights\")) {\n throw new FetcherError(\n \"Cannot read tag protection: insufficient permissions (requires admin access)\",\n \"NO_PERMISSION\"\n );\n }\n\n throw new FetcherError(`Failed to fetch tag protection: ${errorMessage}`, \"API_ERROR\");\n}\n","import { getProjectRoot, loadConfig } from \"../../core/index.js\";\nimport { ApplierError, applyBranchProtection, applyTagProtection } from \"./applier.js\";\nimport { computeDiff, computeTagDiff, formatValue } from \"./differ.js\";\nimport {\n fetchBranchProtection,\n FetcherError,\n fetchTagProtection,\n getRepoInfo,\n isGhAvailable,\n} from \"./fetcher.js\";\nimport {\n type SyncDiffResult,\n type SyncOptions,\n type SyncResult,\n type TagProtectionDiffResult,\n} from \"./types.js\";\n\n/** Helper to write to stdout */\nfunction writeLine(text: string): void {\n process.stdout.write(`${text}\\n`);\n}\n\n/** Run diff command - show what would change */\nexport async function runDiff(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getDiffResult(options);\n outputDiff(diffResult, options.format);\n process.exit(diffResult.hasChanges ? 1 : 0);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Run sync command - apply changes (or preview if --apply not set) */\n \nexport async function runSync(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getDiffResult(options);\n\n if (!diffResult.hasChanges) {\n outputNoChanges(diffResult, options.format);\n process.exit(0);\n }\n\n // Validate actors if requested\n if (options.validateActors) {\n const validationPassed = await validateActorsBeforeApply(options);\n if (!validationPassed) {\n process.exit(1);\n }\n }\n\n if (!options.apply) {\n outputPreview(diffResult, options.format);\n process.exit(0);\n }\n\n const result = await applyChanges(options, diffResult);\n outputSyncResult(diffResult, result, options.format);\n process.exit(result.success ? 0 : 1);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Apply changes to GitHub */\nasync function applyChanges(options: SyncOptions, diffResult: SyncDiffResult): Promise<SyncResult> {\n const { config } = loadConfig(options.config);\n const projectRoot = getProjectRoot(loadConfig(options.config).configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n const desired = config.process?.repo?.ruleset ?? {};\n\n return applyBranchProtection(repoInfo, diffResult.branch, desired, diffResult);\n}\n\n/** Validate bypass actors before applying changes */\nasync function validateActorsBeforeApply(options: SyncOptions): Promise<boolean> {\n const { validateBypassActors, formatValidationResult } = await import(\"./validator.js\");\n const { config } = loadConfig(options.config);\n const projectRoot = getProjectRoot(loadConfig(options.config).configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const rulesetConfig = config.process?.repo?.ruleset;\n const actors = rulesetConfig?.bypass_actors ?? [];\n\n if (actors.length === 0) {\n return true;\n }\n\n const result = await validateBypassActors(repoInfo, actors);\n\n if (options.format === \"json\") {\n process.stdout.write(`${JSON.stringify(result, null, 2)}\\n`);\n } else {\n process.stdout.write(`${formatValidationResult(result)}\\n`);\n }\n\n return result.valid;\n}\n\n/** Get the diff result (shared by diff and sync) */\nasync function getDiffResult(options: SyncOptions): Promise<SyncDiffResult> {\n if (!(await isGhAvailable())) {\n throw new FetcherError(\"GitHub CLI (gh) not available\", \"NO_GH\");\n }\n\n const { config, configPath } = loadConfig(options.config);\n const projectRoot = getProjectRoot(configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const repoConfig = config.process?.repo;\n const desired = repoConfig?.ruleset;\n if (!desired) {\n throw new Error(\"No [process.repo.ruleset] configured in standards.toml\");\n }\n const branch = getBranch(desired.branch);\n const current = await fetchBranchProtection(repoInfo, branch);\n\n return computeDiff(repoInfo, current, desired);\n}\n\n/** Get branch name with default */\nfunction getBranch(configuredBranch: string | undefined): string {\n return configuredBranch ?? \"main\";\n}\n\n/** Output diff result */\nfunction outputDiff(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify(result, null, 2));\n } else {\n outputDiffText(result);\n }\n}\n\n/** Output diff in text format */\nfunction outputDiffText(result: SyncDiffResult): void {\n writeRepoHeader(result);\n\n if (!result.hasChanges) {\n writeLine(\"No changes needed. Settings match configuration.\");\n return;\n }\n\n writeDiffTable(result);\n writeLine(\"\");\n writeLine(\n `${result.diffs.length} setting(s) differ. Run 'conform process sync --apply' to apply changes.`\n );\n}\n\n/** Write repository header */\nfunction writeRepoHeader(result: SyncDiffResult): void {\n writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n writeLine(`Branch: ${result.branch}`);\n writeLine(\"\");\n}\n\n/** Write diff table */\nfunction writeDiffTable(result: SyncDiffResult): void {\n const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);\n const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);\n\n writeLine(`${\"Setting\".padEnd(settingWidth)} ${\"Current\".padEnd(currentWidth)} Desired`);\n writeLine(\"-\".repeat(settingWidth + currentWidth + 20));\n\n for (const diff of result.diffs) {\n const currentStr = formatValue(diff.current);\n const desiredStr = formatValue(diff.desired);\n writeLine(\n `${diff.setting.padEnd(settingWidth)} ${currentStr.padEnd(currentWidth)} ${desiredStr}`\n );\n }\n}\n\n/** Output when no changes are needed */\nfunction outputNoChanges(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, message: \"No changes needed\" }, null, 2));\n } else {\n writeRepoHeader(result);\n writeLine(\"No changes needed. Settings match configuration.\");\n }\n}\n\n/** Output preview (sync without --apply) */\nfunction outputPreview(result: SyncDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, preview: true }, null, 2));\n } else {\n writeRepoHeader(result);\n writeLine(\"Would apply the following changes:\");\n for (const diff of result.diffs) {\n writeLine(` ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n writeLine(\"\");\n writeLine(\"Run with --apply to make these changes.\");\n }\n}\n\n/** Output sync result */\nfunction outputSyncResult(\n diffResult: SyncDiffResult,\n result: SyncResult,\n format: \"text\" | \"json\"\n): void {\n if (format === \"json\") {\n writeLine(\n JSON.stringify(\n { repoInfo: diffResult.repoInfo, branch: diffResult.branch, ...result },\n null,\n 2\n )\n );\n } else {\n outputSyncResultText(diffResult, result);\n }\n}\n\n/** Output sync result in text format */\nfunction outputSyncResultText(diffResult: SyncDiffResult, result: SyncResult): void {\n writeRepoHeader(diffResult);\n writeLine(\"Applying changes...\");\n\n for (const diff of result.applied) {\n writeLine(` + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n\n for (const { diff, error } of result.failed) {\n writeLine(` x ${diff.setting}: ${error}`);\n }\n\n writeLine(\"\");\n if (result.success) {\n writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);\n } else {\n writeLine(`x ${result.failed.length} setting(s) failed to sync.`);\n }\n}\n\n/** Handle errors */\nfunction handleError(error: unknown, format: \"text\" | \"json\"): void {\n const { message, code } = extractErrorInfo(error);\n\n if (format === \"json\") {\n writeLine(JSON.stringify({ error: true, code, message }, null, 2));\n } else {\n writeLine(`Error: ${message}`);\n }\n\n process.exit(2);\n}\n\n/** Extract error message and code */\nfunction extractErrorInfo(error: unknown): { message: string; code: string } {\n if (error instanceof FetcherError) {\n return { message: error.message, code: error.code };\n }\n if (error instanceof ApplierError) {\n return { message: error.message, code: error.code };\n }\n if (error instanceof Error) {\n return { message: error.message, code: \"ERROR\" };\n }\n return { message: String(error), code: \"ERROR\" };\n}\n\n// =============================================================================\n// Tag Protection Sync\n// =============================================================================\n\n/** Run tag protection diff command - show what would change */\nexport async function runTagDiff(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getTagDiffResult(options);\n outputTagDiff(diffResult, options.format);\n process.exit(diffResult.hasChanges ? 1 : 0);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Run tag protection sync command - apply changes (or preview if --apply not set) */\nexport async function runTagSync(options: SyncOptions): Promise<void> {\n try {\n const diffResult = await getTagDiffResult(options);\n\n if (!diffResult.hasChanges) {\n outputTagNoChanges(diffResult, options.format);\n process.exit(0);\n }\n\n if (!options.apply) {\n outputTagPreview(diffResult, options.format);\n process.exit(0);\n }\n\n const result = await applyTagChanges(options, diffResult);\n outputTagSyncResult(diffResult, result, options.format);\n process.exit(result.success ? 0 : 1);\n } catch (error) {\n handleError(error, options.format);\n }\n}\n\n/** Get the tag diff result */\nasync function getTagDiffResult(options: SyncOptions): Promise<TagProtectionDiffResult> {\n if (!(await isGhAvailable())) {\n throw new FetcherError(\"GitHub CLI (gh) not available\", \"NO_GH\");\n }\n\n const { config, configPath } = loadConfig(options.config);\n const projectRoot = getProjectRoot(configPath);\n const repoInfo = await getRepoInfo(projectRoot);\n\n const repoConfig = config.process?.repo;\n if (!repoConfig?.tag_protection?.patterns || repoConfig.tag_protection.patterns.length === 0) {\n throw new Error(\"No [process.repo.tag_protection] patterns configured in standards.toml\");\n }\n\n const desired = repoConfig.tag_protection;\n const current = await fetchTagProtection(repoInfo);\n\n return computeTagDiff(repoInfo, current, desired);\n}\n\n/** Apply tag protection changes to GitHub */\nasync function applyTagChanges(\n options: SyncOptions,\n diffResult: TagProtectionDiffResult\n): Promise<SyncResult> {\n const { config } = loadConfig(options.config);\n const desired = config.process?.repo?.tag_protection ?? {};\n\n return applyTagProtection(diffResult.repoInfo, desired, diffResult);\n}\n\n/** Output tag diff result */\nfunction outputTagDiff(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify(result, null, 2));\n } else {\n outputTagDiffText(result);\n }\n}\n\n/** Output tag diff in text format */\nfunction outputTagDiffText(result: TagProtectionDiffResult): void {\n writeTagRepoHeader(result);\n\n if (!result.hasChanges) {\n writeLine(\"No changes needed. Tag protection settings match configuration.\");\n return;\n }\n\n writeTagDiffTable(result);\n writeLine(\"\");\n writeLine(\n `${result.diffs.length} setting(s) differ. Run 'conform process sync-tags --apply' to apply changes.`\n );\n}\n\n/** Write tag repository header */\nfunction writeTagRepoHeader(result: TagProtectionDiffResult): void {\n writeLine(`Repository: ${result.repoInfo.owner}/${result.repoInfo.repo}`);\n writeLine(`Target: Tag Protection Ruleset`);\n writeLine(\"\");\n}\n\n/** Write tag diff table */\nfunction writeTagDiffTable(result: TagProtectionDiffResult): void {\n const settingWidth = Math.max(...result.diffs.map((d) => d.setting.length), 7);\n const currentWidth = Math.max(...result.diffs.map((d) => formatValue(d.current).length), 7);\n\n writeLine(`${\"Setting\".padEnd(settingWidth)} ${\"Current\".padEnd(currentWidth)} Desired`);\n writeLine(\"-\".repeat(settingWidth + currentWidth + 20));\n\n for (const diff of result.diffs) {\n const currentStr = formatValue(diff.current);\n const desiredStr = formatValue(diff.desired);\n writeLine(\n `${diff.setting.padEnd(settingWidth)} ${currentStr.padEnd(currentWidth)} ${desiredStr}`\n );\n }\n}\n\n/** Output when no tag changes are needed */\nfunction outputTagNoChanges(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, message: \"No changes needed\" }, null, 2));\n } else {\n writeTagRepoHeader(result);\n writeLine(\"No changes needed. Tag protection settings match configuration.\");\n }\n}\n\n/** Output tag preview (sync without --apply) */\nfunction outputTagPreview(result: TagProtectionDiffResult, format: \"text\" | \"json\"): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ ...result, preview: true }, null, 2));\n } else {\n writeTagRepoHeader(result);\n writeLine(\"Would apply the following changes:\");\n for (const diff of result.diffs) {\n writeLine(` ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n writeLine(\"\");\n writeLine(\"Run with --apply to make these changes.\");\n }\n}\n\n/** Output tag sync result */\nfunction outputTagSyncResult(\n diffResult: TagProtectionDiffResult,\n result: SyncResult,\n format: \"text\" | \"json\"\n): void {\n if (format === \"json\") {\n writeLine(JSON.stringify({ repoInfo: diffResult.repoInfo, ...result }, null, 2));\n } else {\n outputTagSyncResultText(diffResult, result);\n }\n}\n\n/** Output tag sync result in text format */\nfunction outputTagSyncResultText(diffResult: TagProtectionDiffResult, result: SyncResult): void {\n writeTagRepoHeader(diffResult);\n writeLine(\"Applying tag protection changes...\");\n\n for (const diff of result.applied) {\n writeLine(` + ${diff.setting}: ${formatValue(diff.current)} -> ${formatValue(diff.desired)}`);\n }\n\n for (const { diff, error } of result.failed) {\n writeLine(` x ${diff.setting}: ${error}`);\n }\n\n writeLine(\"\");\n if (result.success) {\n writeLine(`+ ${result.applied.length} setting(s) synchronized successfully.`);\n } else {\n writeLine(`x ${result.failed.length} setting(s) failed to sync.`);\n }\n}\n"],"mappings":";;;;;;;;AAAA,SAAS,aAAa;AAaf,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGA,eAAsB,sBACpB,UACA,QACA,SACA,YACqB;AACrB,MAAI,CAAC,WAAW,YAAY;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAClD;AAEA,QAAM,cAAc,uBAAuB,QAAQ,OAAO;AAE1D,MAAI;AACF,QAAI,WAAW,qBAAqB,MAAM;AAExC,YAAM;AAAA,QACJ;AAAA,QACA,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,MAAM,QAAQ,WAAW,GAAG;AAAA,QACzF,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,YAAM;AAAA,QACJ;AAAA,QACA;AAAA,UACE;AAAA,UACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,WAAW,gBAAgB;AAAA,UAChF;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,WAAW,OAAO,QAAQ,CAAC,EAAE;AAAA,EAChE,SAAS,OAAO;AACd,WAAO,uBAAuB,OAAO,WAAW,KAAK;AAAA,EACvD;AACF;AAGA,SAAS,uBAAuB,OAAgB,OAAkC;AAChF,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,CAAC;AAAA,IACV,QAAQ,MAAM,IAAI,CAAC,UAAU,EAAE,MAAM,OAAO,aAAa,EAAE;AAAA,EAC7D;AACF;AAGA,SAAS,uBACP,QACA,SACyB;AACzB,QAAM,QAAkE,CAAC;AAGzE,QAAM,kBAAkB,qBAAqB,OAAO;AACpD,MAAI,iBAAiB;AACnB,UAAM,KAAK,eAAe;AAAA,EAC5B;AAGA,QAAM,mBAAmB,sBAAsB,OAAO;AACtD,MAAI,kBAAkB;AACpB,UAAM,KAAK,gBAAgB;AAAA,EAC7B;AAGA,MAAI,QAAQ,2BAA2B,MAAM;AAC3C,UAAM,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAAA,EAC5C;AAGA,QAAM,eACJ,QAAQ,eAAe,IAAI,CAAC,WAAW;AAAA,IACrC,UAAU,MAAM,YAAY;AAAA,IAC5B,YAAY,MAAM;AAAA,IAClB,aAAa,MAAM,eAAe;AAAA,EACpC,EAAE,KAAK,CAAC;AAEV,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,YAAY;AAAA,MACV,UAAU;AAAA,QACR,SAAS,CAAC,cAAc,MAAM,EAAE;AAAA,QAChC,SAAS,CAAC;AAAA,MACZ;AAAA,IACF;AAAA,IACA,eAAe;AAAA,IACf;AAAA,EACF;AACF;AAGA,SAAS,qBACP,SAC8D;AAC9D,QAAM,oBACJ,QAAQ,qBAAqB,UAC7B,QAAQ,0BAA0B,UAClC,QAAQ,+BAA+B;AAEzC,MAAI,CAAC,mBAAmB;AACtB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,GAAI,QAAQ,qBAAqB,UAAa;AAAA,QAC5C,iCAAiC,QAAQ;AAAA,MAC3C;AAAA,MACA,GAAI,QAAQ,0BAA0B,UAAa;AAAA,QACjD,+BAA+B,QAAQ;AAAA,MACzC;AAAA,MACA,GAAI,QAAQ,+BAA+B,UAAa;AAAA,QACtD,2BAA2B,QAAQ;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AACF;AAGA,SAAS,sBACP,SAC8D;AAC9D,QAAM,oBACJ,QAAQ,0BAA0B,UAClC,QAAQ,gCAAgC;AAE1C,MAAI,CAAC,mBAAmB;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,eACJ,QAAQ,uBAAuB,IAAI,CAAC,aAAa;AAAA,IAC/C;AAAA,EACF,EAAE,KAAK,CAAC;AAEV,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,wBAAwB;AAAA,MACxB,sCAAsC,QAAQ,+BAA+B;AAAA,IAC/E;AAAA,EACF;AACF;AAOA,eAAsB,mBACpB,UACA,SACA,YACqB;AACrB,MAAI,CAAC,WAAW,YAAY;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAClD;AAEA,QAAM,cAAc,oBAAoB,OAAO;AAE/C,MAAI;AACF,QAAI,WAAW,qBAAqB,MAAM;AAExC,YAAM;AAAA,QACJ;AAAA,QACA,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,MAAM,QAAQ,WAAW,GAAG;AAAA,QACzF,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,YAAM;AAAA,QACJ;AAAA,QACA;AAAA,UACE;AAAA,UACA,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,aAAa,WAAW,gBAAgB;AAAA,UAChF;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,EAAE,OAAO,KAAK,UAAU,WAAW,EAAE;AAAA,MACvC;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,WAAW,OAAO,QAAQ,CAAC,EAAE;AAAA,EAChE,SAAS,OAAO;AACd,WAAO,oBAAoB,OAAO,WAAW,KAAK;AAAA,EACpD;AACF;AAGA,SAAS,oBAAoB,SAAwD;AACnF,QAAM,QAA4B,CAAC;AAGnC,MAAI,QAAQ,qBAAqB,OAAO;AACtC,UAAM,KAAK,EAAE,MAAM,WAAW,CAAC;AAAA,EACjC;AACA,MAAI,QAAQ,mBAAmB,OAAO;AACpC,UAAM,KAAK,EAAE,MAAM,SAAS,CAAC;AAAA,EAC/B;AAEA,QAAM,WAAW,QAAQ,YAAY,CAAC,IAAI;AAC1C,QAAM,kBAAkB,SAAS,IAAI,CAAC,MAAM,aAAa,CAAC,EAAE;AAE5D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,YAAY;AAAA,MACV,UAAU;AAAA,QACR,SAAS;AAAA,QACT,SAAS,CAAC;AAAA,MACZ;AAAA,IACF;AAAA,IACA;AAAA,EACF;AACF;AAGA,SAAS,oBAAoB,OAAgB,OAAkC;AAC7E,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAE1E,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,CAAC;AAAA,IACV,QAAQ,MAAM,IAAI,CAAC,UAAU,EAAE,MAAM,OAAO,aAAa,EAAE;AAAA,EAC7D;AACF;;;AChQA,IAAM,gBAAgC;AAAA,EACpC;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,SAAS;AAAA,EACX;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,iBAAiB,CAAC,MAAM,EAAE;AAAA,IAC1B,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B;AACF;AAGO,SAAS,YACd,UACA,SACA,SACgB;AAChB,QAAM,QAAQ,aAAa,SAAS,OAAO;AAG3C,QAAM,aAAa;AAAA,IACjB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AACA,MAAI,YAAY;AACd,UAAM,KAAK,UAAU;AAAA,EACvB;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB;AAAA,IACA,YAAY,MAAM,SAAS;AAAA,IAC3B,kBAAkB,QAAQ;AAAA,EAC5B;AACF;AAGA,SAAS,aACP,SACA,SACe;AACf,QAAM,QAAuB,CAAC;AAE9B,aAAW,WAAW,eAAe;AACnC,UAAM,eAAe,QAAQ,gBAAgB,OAAO;AACpD,QAAI,iBAAiB,QAAW;AAC9B;AAAA,IACF;AAEA,UAAM,eAAe,QAAQ,gBAAgB,OAAO;AACpD,UAAM,OAAO,QAAQ,UACjB,kBAAkB,QAAQ,MAAM,cAAiC,YAAwB,IACzF,aAAa,QAAQ,MAAM,cAAc,YAAY;AAEzD,QAAI,MAAM;AACR,YAAM,KAAK,IAAI;AAAA,IACjB;AAAA,EACF;AAEA,SAAO;AACT;AAGA,SAAS,aAAa,SAAiB,SAAkB,SAAsC;AAC7F,QAAM,eAAe,WAAW;AAChC,MAAI,iBAAiB,SAAS;AAC5B,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,iBAAiB,OAAO,QAAQ;AAAA,EAC1C;AACF;AAGA,SAAS,kBACP,SACA,SACA,SACoB;AACpB,QAAM,eAAe,WAAW,CAAC;AACjC,QAAM,gBAAgB,CAAC,GAAG,YAAY,EAAE,KAAK;AAC7C,QAAM,gBAAgB,CAAC,GAAG,OAAO,EAAE,KAAK;AAExC,QAAM,WACJ,cAAc,WAAW,cAAc,UACvC,cAAc,MAAM,CAAC,GAAG,MAAM,MAAM,cAAc,CAAC,CAAC;AAEtD,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,aAAa,WAAW,IAAI,QAAQ;AAAA,EAC9C;AACF;AAGA,SAAS,oBACP,SACA,SACA,WACoB;AACpB,MAAI,YAAY,QAAW;AACzB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB,WAAW,CAAC;AAGlC,QAAM,UAAU,CAAC,MACf,GAAG,EAAE,UAAU,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,QAAQ;AAElE,QAAM,gBAAgB,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,GAAG,MAAM,QAAQ,CAAC,EAAE,cAAc,QAAQ,CAAC,CAAC,CAAC;AAC5F,QAAM,gBAAgB,CAAC,GAAG,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,QAAQ,CAAC,EAAE,cAAc,QAAQ,CAAC,CAAC,CAAC;AAGtF,QAAM,YAAY,CAAC,WACjB,OAAO,IAAI,CAAC,OAAO;AAAA,IACjB,YAAY,EAAE;AAAA,IACd,UAAU,EAAE;AAAA,IACZ,aAAa,EAAE,eAAe;AAAA,EAChC,EAAE;AAEJ,QAAM,oBAAoB,UAAU,aAAa;AACjD,QAAM,oBAAoB,UAAU,aAAa;AAEjD,QAAM,WACJ,kBAAkB,WAAW,kBAAkB,UAC/C,kBAAkB;AAAA,IAChB,CAAC,GAAG,MACF,EAAE,eAAe,kBAAkB,CAAC,EAAE,cACtC,EAAE,aAAa,kBAAkB,CAAC,EAAE,YACpC,EAAE,gBAAgB,kBAAkB,CAAC,EAAE;AAAA,EAC3C;AAEF,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,cAAc,OAAO,QAAQ;AAAA,EACvC;AACF;AAGO,SAAS,YAAY,OAAwB;AAClD,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;AAAA,EACT;AACA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,WAAW,IAAI,OAAO,IAAI,MAAM,KAAK,IAAI,CAAC;AAAA,EACzD;AACA,SAAO,OAAO,KAAK;AACrB;AAOO,SAAS,eACd,UACA,SACA,SACyB;AACzB,QAAM,QAAuB,CAAC;AAC9B,QAAM,YAAY,QAAQ;AAE1B,qBAAmB,OAAO,SAAS,OAAO;AAC1C,qBAAmB,OAAO;AAAA,IACxB,GAAG;AAAA,IACH,GAAG,QAAQ;AAAA,IACX,GAAG,QAAQ;AAAA,IACX,GAAG;AAAA,EACL,CAAC;AACD,qBAAmB,OAAO;AAAA,IACxB,GAAG;AAAA,IACH,GAAG,QAAQ;AAAA,IACX,GAAG,QAAQ;AAAA,IACX,GAAG;AAAA,EACL,CAAC;AAED,SAAO,EAAE,UAAU,OAAO,YAAY,MAAM,SAAS,GAAG,kBAAkB,UAAU;AACtF;AAGA,SAAS,mBACP,OACA,SACA,SACM;AACN,MAAI,QAAQ,aAAa,QAAW;AAClC;AAAA,EACF;AACA,QAAM,OAAO,CAAC,GAAG,QAAQ,QAAQ,EAAE,KAAK;AACxC,QAAM,MAAM,CAAC,GAAG,QAAQ,QAAQ,EAAE,KAAK;AACvC,QAAM,QAAQ,KAAK,WAAW,IAAI,UAAU,KAAK,MAAM,CAAC,GAAG,MAAM,MAAM,IAAI,CAAC,CAAC;AAC7E,MAAI,CAAC,OAAO;AACV,UAAM,KAAK;AAAA,MACT,SAAS;AAAA,MACT,SAAS,QAAQ;AAAA,MACjB,SAAS,QAAQ;AAAA,MACjB,QAAQ,KAAK,WAAW,IAAI,QAAQ;AAAA,IACtC,CAAC;AAAA,EACH;AACF;AAGA,SAAS,mBACP,OACA,GACM;AACN,MAAI,EAAE,MAAM,UAAa,EAAE,MAAM,EAAE,GAAG;AACpC,UAAM,KAAK;AAAA,MACT,SAAS,EAAE;AAAA,MACX,SAAS,EAAE;AAAA,MACX,SAAS,EAAE;AAAA,MACX,QAAQ,EAAE,MAAM,OAAO,QAAQ;AAAA,IACjC,CAAC;AAAA,EACH;AACF;;;ACzRA,SAAS,SAAAA,cAAa;AAYf,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YACE,SACgB,MAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAGA,eAAsB,gBAAkC;AACtD,MAAI;AACF,UAAMA,OAAM,MAAM,CAAC,WAAW,CAAC;AAC/B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,YAAY,aAAwC;AACxE,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,QAAQ,QAAQ,UAAU,YAAY,GAAG;AAAA,MACzE,KAAK;AAAA,IACP,CAAC;AACD,UAAM,OAAO,KAAK,MAAM,OAAO,MAAM;AACrC,WAAO,EAAE,OAAO,KAAK,MAAM,OAAO,MAAM,KAAK,KAAK;AAAA,EACpD,QAAQ;AACN,UAAM,IAAI,aAAa,yDAAyD,SAAS;AAAA,EAC3F;AACF;AAGA,eAAsB,sBACpB,UACA,QACmC;AACnC,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAE7F,UAAM,WAAW,KAAK,MAAM,OAAO,MAAM;AACzC,WAAO,mBAAmB,UAAU,MAAM;AAAA,EAC5C,SAAS,OAAO;AACd,WAAO,uBAAuB,OAAO,MAAM;AAAA,EAC7C;AACF;AAGA,SAAS,uBAAuB,OAAgB,QAA0C;AACxF,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAG1E,MAAI,aAAa,SAAS,KAAK,GAAG;AAChC,WAAO,oBAAoB,MAAM;AAAA,EACnC;AAEA,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,aAAa,sCAAsC,YAAY,IAAI,WAAW;AAC1F;AAIA,SAAS,mBAAmB,UAA2B,QAA0C;AAE/F,QAAM,gBAAgB,SAAS;AAAA,IAC7B,CAAC,MACC,EAAE,WAAW,YACb,EAAE,gBAAgB,YAClB,cAAc,EAAE,YAAY,UAAU,WAAW,CAAC,GAAG,MAAM;AAAA,EAC/D;AAEA,MAAI,CAAC,eAAe;AAClB,WAAO,oBAAoB,MAAM;AAAA,EACnC;AAEA,QAAM,QAAQ,cAAc,SAAS,CAAC;AACtC,QAAM,SAAS,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,cAAc;AAC1D,QAAM,aAAa,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,wBAAwB;AACxE,QAAM,iBAAiB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,qBAAqB;AAGzE,QAAM,eAAe,kBAAkB,cAAc,aAAa;AAGlE,QAAM,gBAAgB,iBAAiB,QAAQ,aAAa,WAAW;AAEvE,SAAO;AAAA,IACL;AAAA,IACA,iBAAiB,QAAQ,YAAY,mCAAmC;AAAA,IACxE,qBAAqB,QAAQ,YAAY,iCAAiC;AAAA,IAC1E,yBAAyB,QAAQ,YAAY,6BAA6B;AAAA,IAC1E,sBACE,YAAY,YAAY,wBAAwB,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK;AAAA,IAC3E,yBAAyB,YAAY,YAAY,wCAAwC;AAAA,IACzF,sBAAsB,mBAAmB;AAAA,IACzC;AAAA,IACA;AAAA,IACA,WAAW,cAAc;AAAA,IACzB,aAAa,cAAc;AAAA,EAC7B;AACF;AAGA,SAAS,cAAc,UAAoB,QAAyB;AAClE,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,QAAQ,QAAQ,kBAAkB,EAAE;AACzD,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,qBAAqB,WAAW,QAAQ;AAC3D,aAAO;AAAA,IACT;AACA,QAAI,iBAAiB,QAAQ;AAC3B,aAAO;AAAA,IACT;AAEA,QAAI,aAAa,SAAS,GAAG,GAAG;AAC9B,YAAM,QAAQ,IAAI,OAAO,IAAI,aAAa,QAAQ,OAAO,IAAI,CAAC,GAAG;AACjE,UAAI,MAAM,KAAK,MAAM,GAAG;AACtB,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,kBAAkB,QAAsE;AAC/F,MAAI,CAAC,UAAU,OAAO,WAAW,GAAG;AAClC,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,IAAI,CAAC,WAAW;AAAA,IAC5B,YAAY,MAAM;AAAA,IAClB,UAAU,MAAM,YAAY;AAAA,IAC5B,aAAa,MAAM;AAAA,EACrB,EAAE;AACJ;AAGA,SAAS,oBAAoB,QAA0C;AACrE,SAAO;AAAA,IACL;AAAA,IACA,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,eAAe;AAAA,IACf,cAAc;AAAA,IACd,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;AAOA,eAAsB,mBAAmB,UAAoD;AAC3F,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,MAAM,CAAC,OAAO,SAAS,SAAS,KAAK,IAAI,SAAS,IAAI,WAAW,CAAC;AAE7F,UAAM,WAAW,KAAK,MAAM,OAAO,MAAM;AACzC,WAAO,gBAAgB,QAAQ;AAAA,EACjC,SAAS,OAAO;AACd,WAAO,oBAAoB,KAAK;AAAA,EAClC;AACF;AAGA,SAAS,gBAAgB,UAAkD;AAEzE,QAAM,aAAa,SAAS,KAAK,CAAC,MAAM,EAAE,WAAW,SAAS,EAAE,SAAS,gBAAgB;AAEzF,MAAI,CAAC,YAAY;AACf,WAAO,uBAAuB;AAAA,EAChC;AAEA,QAAM,WACJ,WAAW,YAAY,UAAU,SAAS,IAAI,CAAC,MAAM,EAAE,QAAQ,iBAAiB,EAAE,CAAC,KAAK,CAAC;AAE3F,QAAM,QAAQ,WAAW,SAAS,CAAC;AACnC,QAAM,kBAAkB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,UAAU;AAC/D,QAAM,gBAAgB,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ;AAE3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,WAAW;AAAA,IACtB,aAAa,WAAW;AAAA,EAC1B;AACF;AAGA,SAAS,yBAAgD;AACvD,SAAO;AAAA,IACL,UAAU,CAAC;AAAA,IACX,iBAAiB;AAAA,IACjB,eAAe;AAAA,IACf,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;AAGA,SAAS,oBAAoB,OAAuC;AAClE,QAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAG1E,MAAI,aAAa,SAAS,KAAK,GAAG;AAChC,WAAO,uBAAuB;AAAA,EAChC;AAEA,MAAI,aAAa,SAAS,KAAK,KAAK,aAAa,SAAS,wBAAwB,GAAG;AACnF,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,aAAa,mCAAmC,YAAY,IAAI,WAAW;AACvF;;;AClOA,SAAS,UAAU,MAAoB;AACrC,UAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAClC;AAGA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,aAAa,MAAM,cAAc,OAAO;AAC9C,eAAW,YAAY,QAAQ,MAAM;AACrC,YAAQ,KAAK,WAAW,aAAa,IAAI,CAAC;AAAA,EAC5C,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAIA,eAAsB,QAAQ,SAAqC;AACjE,MAAI;AACF,UAAM,aAAa,MAAM,cAAc,OAAO;AAE9C,QAAI,CAAC,WAAW,YAAY;AAC1B,sBAAgB,YAAY,QAAQ,MAAM;AAC1C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAGA,QAAI,QAAQ,gBAAgB;AAC1B,YAAM,mBAAmB,MAAM,0BAA0B,OAAO;AAChE,UAAI,CAAC,kBAAkB;AACrB,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,OAAO;AAClB,oBAAc,YAAY,QAAQ,MAAM;AACxC,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,aAAa,SAAS,UAAU;AACrD,qBAAiB,YAAY,QAAQ,QAAQ,MAAM;AACnD,YAAQ,KAAK,OAAO,UAAU,IAAI,CAAC;AAAA,EACrC,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAe,aAAa,SAAsB,YAAiD;AACjG,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,cAAc,eAAe,WAAW,QAAQ,MAAM,EAAE,UAAU;AACxE,QAAM,WAAW,MAAM,YAAY,WAAW;AAC9C,QAAM,UAAU,OAAO,SAAS,MAAM,WAAW,CAAC;AAElD,SAAO,sBAAsB,UAAU,WAAW,QAAQ,SAAS,UAAU;AAC/E;AAGA,eAAe,0BAA0B,SAAwC;AAC/E,QAAM,EAAE,sBAAsB,uBAAuB,IAAI,MAAM,OAAO,yBAAgB;AACtF,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,cAAc,eAAe,WAAW,QAAQ,MAAM,EAAE,UAAU;AACxE,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,gBAAgB,OAAO,SAAS,MAAM;AAC5C,QAAM,SAAS,eAAe,iBAAiB,CAAC;AAEhD,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,MAAM,qBAAqB,UAAU,MAAM;AAE1D,MAAI,QAAQ,WAAW,QAAQ;AAC7B,YAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,EAC7D,OAAO;AACL,YAAQ,OAAO,MAAM,GAAG,uBAAuB,MAAM,CAAC;AAAA,CAAI;AAAA,EAC5D;AAEA,SAAO,OAAO;AAChB;AAGA,eAAe,cAAc,SAA+C;AAC1E,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI,aAAa,iCAAiC,OAAO;AAAA,EACjE;AAEA,QAAM,EAAE,QAAQ,WAAW,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,aAAa,OAAO,SAAS;AACnC,QAAM,UAAU,YAAY;AAC5B,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AACA,QAAM,SAAS,UAAU,QAAQ,MAAM;AACvC,QAAM,UAAU,MAAM,sBAAsB,UAAU,MAAM;AAE5D,SAAO,YAAY,UAAU,SAAS,OAAO;AAC/C;AAGA,SAAS,UAAU,kBAA8C;AAC/D,SAAO,oBAAoB;AAC7B;AAGA,SAAS,WAAW,QAAwB,QAA+B;AACzE,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,EAC3C,OAAO;AACL,mBAAe,MAAM;AAAA,EACvB;AACF;AAGA,SAAS,eAAe,QAA8B;AACpD,kBAAgB,MAAM;AAEtB,MAAI,CAAC,OAAO,YAAY;AACtB,cAAU,kDAAkD;AAC5D;AAAA,EACF;AAEA,iBAAe,MAAM;AACrB,YAAU,EAAE;AACZ;AAAA,IACE,GAAG,OAAO,MAAM,MAAM;AAAA,EACxB;AACF;AAGA,SAAS,gBAAgB,QAA8B;AACrD,YAAU,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACxE,YAAU,WAAW,OAAO,MAAM,EAAE;AACpC,YAAU,EAAE;AACd;AAGA,SAAS,eAAe,QAA8B;AACpD,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,MAAM,GAAG,CAAC;AAC7E,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC;AAE1F,YAAU,GAAG,UAAU,OAAO,YAAY,CAAC,KAAK,UAAU,OAAO,YAAY,CAAC,WAAW;AACzF,YAAU,IAAI,OAAO,eAAe,eAAe,EAAE,CAAC;AAEtD,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C;AAAA,MACE,GAAG,KAAK,QAAQ,OAAO,YAAY,CAAC,KAAK,WAAW,OAAO,YAAY,CAAC,KAAK,UAAU;AAAA,IACzF;AAAA,EACF;AACF;AAGA,SAAS,gBAAgB,QAAwB,QAA+B;AAC9E,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,oBAAoB,GAAG,MAAM,CAAC,CAAC;AAAA,EAChF,OAAO;AACL,oBAAgB,MAAM;AACtB,cAAU,kDAAkD;AAAA,EAC9D;AACF;AAGA,SAAS,cAAc,QAAwB,QAA+B;AAC5E,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAAA,EACjE,OAAO;AACL,oBAAgB,MAAM;AACtB,cAAU,oCAAoC;AAC9C,eAAW,QAAQ,OAAO,OAAO;AAC/B,gBAAU,KAAK,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,IAC7F;AACA,cAAU,EAAE;AACZ,cAAU,yCAAyC;AAAA,EACrD;AACF;AAGA,SAAS,iBACP,YACA,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB;AAAA,MACE,KAAK;AAAA,QACH,EAAE,UAAU,WAAW,UAAU,QAAQ,WAAW,QAAQ,GAAG,OAAO;AAAA,QACtE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF,OAAO;AACL,yBAAqB,YAAY,MAAM;AAAA,EACzC;AACF;AAGA,SAAS,qBAAqB,YAA4B,QAA0B;AAClF,kBAAgB,UAAU;AAC1B,YAAU,qBAAqB;AAE/B,aAAW,QAAQ,OAAO,SAAS;AACjC,cAAU,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,EAC/F;AAEA,aAAW,EAAE,MAAM,MAAM,KAAK,OAAO,QAAQ;AAC3C,cAAU,OAAO,KAAK,OAAO,KAAK,KAAK,EAAE;AAAA,EAC3C;AAEA,YAAU,EAAE;AACZ,MAAI,OAAO,SAAS;AAClB,cAAU,KAAK,OAAO,QAAQ,MAAM,wCAAwC;AAAA,EAC9E,OAAO;AACL,cAAU,KAAK,OAAO,OAAO,MAAM,6BAA6B;AAAA,EAClE;AACF;AAGA,SAAS,YAAY,OAAgB,QAA+B;AAClE,QAAM,EAAE,SAAS,KAAK,IAAI,iBAAiB,KAAK;AAEhD,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,OAAO,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC;AAAA,EACnE,OAAO;AACL,cAAU,UAAU,OAAO,EAAE;AAAA,EAC/B;AAEA,UAAQ,KAAK,CAAC;AAChB;AAGA,SAAS,iBAAiB,OAAmD;AAC3E,MAAI,iBAAiB,cAAc;AACjC,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK;AAAA,EACpD;AACA,MAAI,iBAAiB,cAAc;AACjC,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK;AAAA,EACpD;AACA,MAAI,iBAAiB,OAAO;AAC1B,WAAO,EAAE,SAAS,MAAM,SAAS,MAAM,QAAQ;AAAA,EACjD;AACA,SAAO,EAAE,SAAS,OAAO,KAAK,GAAG,MAAM,QAAQ;AACjD;AAOA,eAAsB,WAAW,SAAqC;AACpE,MAAI;AACF,UAAM,aAAa,MAAM,iBAAiB,OAAO;AACjD,kBAAc,YAAY,QAAQ,MAAM;AACxC,YAAQ,KAAK,WAAW,aAAa,IAAI,CAAC;AAAA,EAC5C,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAsB,WAAW,SAAqC;AACpE,MAAI;AACF,UAAM,aAAa,MAAM,iBAAiB,OAAO;AAEjD,QAAI,CAAC,WAAW,YAAY;AAC1B,yBAAmB,YAAY,QAAQ,MAAM;AAC7C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,QAAI,CAAC,QAAQ,OAAO;AAClB,uBAAiB,YAAY,QAAQ,MAAM;AAC3C,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,gBAAgB,SAAS,UAAU;AACxD,wBAAoB,YAAY,QAAQ,QAAQ,MAAM;AACtD,YAAQ,KAAK,OAAO,UAAU,IAAI,CAAC;AAAA,EACrC,SAAS,OAAO;AACd,gBAAY,OAAO,QAAQ,MAAM;AAAA,EACnC;AACF;AAGA,eAAe,iBAAiB,SAAwD;AACtF,MAAI,CAAE,MAAM,cAAc,GAAI;AAC5B,UAAM,IAAI,aAAa,iCAAiC,OAAO;AAAA,EACjE;AAEA,QAAM,EAAE,QAAQ,WAAW,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,WAAW,MAAM,YAAY,WAAW;AAE9C,QAAM,aAAa,OAAO,SAAS;AACnC,MAAI,CAAC,YAAY,gBAAgB,YAAY,WAAW,eAAe,SAAS,WAAW,GAAG;AAC5F,UAAM,IAAI,MAAM,wEAAwE;AAAA,EAC1F;AAEA,QAAM,UAAU,WAAW;AAC3B,QAAM,UAAU,MAAM,mBAAmB,QAAQ;AAEjD,SAAO,eAAe,UAAU,SAAS,OAAO;AAClD;AAGA,eAAe,gBACb,SACA,YACqB;AACrB,QAAM,EAAE,OAAO,IAAI,WAAW,QAAQ,MAAM;AAC5C,QAAM,UAAU,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzD,SAAO,mBAAmB,WAAW,UAAU,SAAS,UAAU;AACpE;AAGA,SAAS,cAAc,QAAiC,QAA+B;AACrF,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,EAC3C,OAAO;AACL,sBAAkB,MAAM;AAAA,EAC1B;AACF;AAGA,SAAS,kBAAkB,QAAuC;AAChE,qBAAmB,MAAM;AAEzB,MAAI,CAAC,OAAO,YAAY;AACtB,cAAU,iEAAiE;AAC3E;AAAA,EACF;AAEA,oBAAkB,MAAM;AACxB,YAAU,EAAE;AACZ;AAAA,IACE,GAAG,OAAO,MAAM,MAAM;AAAA,EACxB;AACF;AAGA,SAAS,mBAAmB,QAAuC;AACjE,YAAU,eAAe,OAAO,SAAS,KAAK,IAAI,OAAO,SAAS,IAAI,EAAE;AACxE,YAAU,gCAAgC;AAC1C,YAAU,EAAE;AACd;AAGA,SAAS,kBAAkB,QAAuC;AAChE,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,MAAM,GAAG,CAAC;AAC7E,QAAM,eAAe,KAAK,IAAI,GAAG,OAAO,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC;AAE1F,YAAU,GAAG,UAAU,OAAO,YAAY,CAAC,KAAK,UAAU,OAAO,YAAY,CAAC,WAAW;AACzF,YAAU,IAAI,OAAO,eAAe,eAAe,EAAE,CAAC;AAEtD,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C,UAAM,aAAa,YAAY,KAAK,OAAO;AAC3C;AAAA,MACE,GAAG,KAAK,QAAQ,OAAO,YAAY,CAAC,KAAK,WAAW,OAAO,YAAY,CAAC,KAAK,UAAU;AAAA,IACzF;AAAA,EACF;AACF;AAGA,SAAS,mBAAmB,QAAiC,QAA+B;AAC1F,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,oBAAoB,GAAG,MAAM,CAAC,CAAC;AAAA,EAChF,OAAO;AACL,uBAAmB,MAAM;AACzB,cAAU,iEAAiE;AAAA,EAC7E;AACF;AAGA,SAAS,iBAAiB,QAAiC,QAA+B;AACxF,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,GAAG,QAAQ,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAAA,EACjE,OAAO;AACL,uBAAmB,MAAM;AACzB,cAAU,oCAAoC;AAC9C,eAAW,QAAQ,OAAO,OAAO;AAC/B,gBAAU,KAAK,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,IAC7F;AACA,cAAU,EAAE;AACZ,cAAU,yCAAyC;AAAA,EACrD;AACF;AAGA,SAAS,oBACP,YACA,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB,cAAU,KAAK,UAAU,EAAE,UAAU,WAAW,UAAU,GAAG,OAAO,GAAG,MAAM,CAAC,CAAC;AAAA,EACjF,OAAO;AACL,4BAAwB,YAAY,MAAM;AAAA,EAC5C;AACF;AAGA,SAAS,wBAAwB,YAAqC,QAA0B;AAC9F,qBAAmB,UAAU;AAC7B,YAAU,oCAAoC;AAE9C,aAAW,QAAQ,OAAO,SAAS;AACjC,cAAU,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,CAAC,OAAO,YAAY,KAAK,OAAO,CAAC,EAAE;AAAA,EAC/F;AAEA,aAAW,EAAE,MAAM,MAAM,KAAK,OAAO,QAAQ;AAC3C,cAAU,OAAO,KAAK,OAAO,KAAK,KAAK,EAAE;AAAA,EAC3C;AAEA,YAAU,EAAE;AACZ,MAAI,OAAO,SAAS;AAClB,cAAU,KAAK,OAAO,QAAQ,MAAM,wCAAwC;AAAA,EAC9E,OAAO;AACL,cAAU,KAAK,OAAO,OAAO,MAAM,6BAA6B;AAAA,EAClE;AACF;","names":["execa"]}
|
package/dist/validate/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { runValidateGuidelines, validateGuidelinesDir } from "./guidelines.js";
|
|
2
2
|
export type { GuidelineValidationError, GuidelineValidationResult } from "./guidelines.js";
|
|
3
3
|
export { formatTierResultJson, formatTierResultText, validateTierRuleset } from "./tier.js";
|
|
4
|
-
export type {
|
|
4
|
+
export type { Tier, TierSourceDetail, ValidateTierOptions, ValidateTierResult, } from "./types.js";
|
|
5
5
|
export { VALID_TIERS } from "./types.js";
|
package/dist/validate/tier.d.ts
CHANGED
|
@@ -2,6 +2,9 @@ import { type ValidateTierOptions, type ValidateTierResult } from "./types.js";
|
|
|
2
2
|
/**
|
|
3
3
|
* Validate that project tier matches its rulesets.
|
|
4
4
|
* This is the programmatic API exported for library consumers.
|
|
5
|
+
*
|
|
6
|
+
* Tier is loaded from standards.toml [metadata].tier
|
|
7
|
+
* Defaults to "internal" if not specified
|
|
5
8
|
*/
|
|
6
9
|
export declare function validateTierRuleset(options?: ValidateTierOptions): ValidateTierResult;
|
|
7
10
|
/**
|
package/dist/validate/types.d.ts
CHANGED
|
@@ -6,16 +6,10 @@ export type Tier = "production" | "internal" | "prototype";
|
|
|
6
6
|
* Valid tier values as a constant array for validation and export
|
|
7
7
|
*/
|
|
8
8
|
export declare const VALID_TIERS: readonly Tier[];
|
|
9
|
-
/**
|
|
10
|
-
* Parsed repo-metadata.yaml structure
|
|
11
|
-
*/
|
|
12
|
-
export interface RepoMetadata {
|
|
13
|
-
tier?: Tier;
|
|
14
|
-
}
|
|
15
9
|
/**
|
|
16
10
|
* Detailed tier source indicating why a default was used
|
|
17
11
|
*/
|
|
18
|
-
export type TierSourceDetail = "
|
|
12
|
+
export type TierSourceDetail = "standards.toml" | "default" | "default (file not found)" | "default (no metadata)" | "default (tier not specified)" | "default (invalid value)";
|
|
19
13
|
/**
|
|
20
14
|
* Options for the tier validation command
|
|
21
15
|
*/
|
|
@@ -31,10 +25,10 @@ export interface ValidateTierOptions {
|
|
|
31
25
|
export interface ValidateTierResult {
|
|
32
26
|
/** Whether validation passed */
|
|
33
27
|
valid: boolean;
|
|
34
|
-
/** Project tier from
|
|
28
|
+
/** Project tier from standards.toml [metadata] (defaults to "internal") */
|
|
35
29
|
tier: Tier;
|
|
36
30
|
/** Source of tier value */
|
|
37
|
-
tierSource: "
|
|
31
|
+
tierSource: "standards.toml" | "default";
|
|
38
32
|
/** Detailed source of tier value with reason for default */
|
|
39
33
|
tierSourceDetail?: TierSourceDetail;
|
|
40
34
|
/** Rulesets from standards.toml extends section */
|