npm - @vigolium/piolium - Versions diffs - 0.0.1 - Mend

@vigolium/piolium 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/LICENSE +21 -0
package/README.md +117 -0
package/agents/access-auditor.md +300 -0
package/agents/assumption-breaker.md +154 -0
package/agents/attack-designer.md +116 -0
package/agents/code-scanner.md +139 -0
package/agents/concurrency-auditor.md +238 -0
package/agents/confirm-writer.md +257 -0
package/agents/context-reviewer.md +274 -0
package/agents/cross-verifier.md +165 -0
package/agents/cve-scout.md +381 -0
package/agents/env-builder.md +282 -0
package/agents/env-profiler.md +205 -0
package/agents/evidence-collector.md +140 -0
package/agents/finding-grader.md +142 -0
package/agents/finding-writer.md +148 -0
package/agents/flow-tracer.md +106 -0
package/agents/goal-backtracer.md +146 -0
package/agents/history-miner.md +467 -0
package/agents/independent-verifier.md +118 -0
package/agents/intent-mapper.md +183 -0
package/agents/longshot-collector.md +128 -0
package/agents/longshot-prober.md +126 -0
package/agents/patch-auditor.md +73 -0
package/agents/poc-author.md +124 -0
package/agents/poc-runner.md +194 -0
package/agents/probe-lead.md +269 -0
package/agents/red-challenger.md +101 -0
package/agents/report-composer.md +208 -0
package/agents/review-adjudicator.md +216 -0
package/agents/spec-auditor.md +155 -0
package/agents/taint-tracer.md +265 -0
package/agents/test-locator.md +209 -0
package/agents/threat-modeler.md +132 -0
package/agents/variant-scanner.md +108 -0
package/agents/variant-spotter.md +110 -0
package/bin/piolium.mjs +376 -0
package/extensions/piolium/_vendor/yaml.bundle.d.mts +6 -0
package/extensions/piolium/_vendor/yaml.bundle.mjs +139 -0
package/extensions/piolium/agent-runner.ts +322 -0
package/extensions/piolium/agents.ts +266 -0
package/extensions/piolium/audit-state.ts +522 -0
package/extensions/piolium/bundled-resources.ts +97 -0
package/extensions/piolium/candidate-scan.ts +966 -0
package/extensions/piolium/command-target.ts +177 -0
package/extensions/piolium/console-stream.ts +57 -0
package/extensions/piolium/export-results.ts +380 -0
package/extensions/piolium/findings.ts +448 -0
package/extensions/piolium/heartbeat.ts +182 -0
package/extensions/piolium/help.ts +234 -0
package/extensions/piolium/index.ts +1865 -0
package/extensions/piolium/longshot.ts +530 -0
package/extensions/piolium/matcher-suggestions.ts +196 -0
package/extensions/piolium/matcher-utils.ts +83 -0
package/extensions/piolium/modes/balanced.ts +750 -0
package/extensions/piolium/modes/confirm-bootstrap.ts +186 -0
package/extensions/piolium/modes/confirm.ts +697 -0
package/extensions/piolium/modes/deep.ts +917 -0
package/extensions/piolium/modes/diff.ts +177 -0
package/extensions/piolium/modes/lite.ts +540 -0
package/extensions/piolium/modes/longshot.ts +595 -0
package/extensions/piolium/modes/merge.ts +204 -0
package/extensions/piolium/modes/phase-runner.ts +267 -0
package/extensions/piolium/modes/reinvest.ts +546 -0
package/extensions/piolium/modes/revisit.ts +279 -0
package/extensions/piolium/modes.ts +48 -0
package/extensions/piolium/phase-labels.ts +123 -0
package/extensions/piolium/phase-status-strip.ts +92 -0
package/extensions/piolium/prompt-prefix-editor.ts +39 -0
package/extensions/piolium/providers/anthropic-vertex.ts +836 -0
package/extensions/piolium/recon.ts +409 -0
package/extensions/piolium/result-stats.ts +105 -0
package/extensions/piolium/retry.ts +120 -0
package/extensions/piolium/scheduler.ts +212 -0
package/extensions/piolium/secrets.ts +368 -0
package/extensions/piolium/tools/web-tools.ts +148 -0
package/package.json +77 -0
package/skills/agentic-actions-auditor/SKILL.md +327 -0
package/skills/agentic-actions-auditor/references/action-profiles.md +186 -0
package/skills/agentic-actions-auditor/references/cross-file-resolution.md +209 -0
package/skills/agentic-actions-auditor/references/foundations.md +94 -0
package/skills/agentic-actions-auditor/references/vector-a-env-var-intermediary.md +77 -0
package/skills/agentic-actions-auditor/references/vector-b-direct-expression-injection.md +83 -0
package/skills/agentic-actions-auditor/references/vector-c-cli-data-fetch.md +83 -0
package/skills/agentic-actions-auditor/references/vector-d-pr-target-checkout.md +88 -0
package/skills/agentic-actions-auditor/references/vector-e-error-log-injection.md +88 -0
package/skills/agentic-actions-auditor/references/vector-f-subshell-expansion.md +82 -0
package/skills/agentic-actions-auditor/references/vector-g-eval-of-ai-output.md +91 -0
package/skills/agentic-actions-auditor/references/vector-h-dangerous-sandbox-configs.md +102 -0
package/skills/agentic-actions-auditor/references/vector-i-wildcard-allowlists.md +88 -0
package/skills/audit/SKILL.md +562 -0
package/skills/audit/assets/icon.svg +7 -0
package/skills/audit/hooks/scripts/validate_phase_output.py +550 -0
package/skills/audit/references/adversarial-review.md +148 -0
package/skills/audit/references/architecture-aware-sast.md +306 -0
package/skills/audit/references/audit-workflow.md +737 -0
package/skills/audit/references/chamber-protocol.md +384 -0
package/skills/audit/references/creative-attack-modes.md +221 -0
package/skills/audit/references/deep-analysis.md +273 -0
package/skills/audit/references/domain-attack-playbooks.md +1129 -0
package/skills/audit/references/knowledge-base-template.md +513 -0
package/skills/audit/references/real-env-validation.md +191 -0
package/skills/audit/references/report-templates.md +417 -0
package/skills/audit/references/triage-and-prereqs.md +134 -0
package/skills/audit/scripts/consolidate_drafts.py +554 -0
package/skills/audit/scripts/partition_findings.py +152 -0
package/skills/audit/scripts/rg-hotspots.sh +121 -0
package/skills/audit/scripts/stamp_file_state.py +349 -0
package/skills/code-reviewer/SKILL.md +65 -0
package/skills/codeql/SKILL.md +281 -0
package/skills/codeql/references/build-fixes.md +90 -0
package/skills/codeql/references/diagnostic-query-templates.md +339 -0
package/skills/codeql/references/extension-yaml-format.md +209 -0
package/skills/codeql/references/important-only-suite.md +153 -0
package/skills/codeql/references/language-details.md +207 -0
package/skills/codeql/references/macos-arm64e-workaround.md +179 -0
package/skills/codeql/references/performance-tuning.md +111 -0
package/skills/codeql/references/quality-assessment.md +172 -0
package/skills/codeql/references/ruleset-catalog.md +63 -0
package/skills/codeql/references/run-all-suite.md +92 -0
package/skills/codeql/references/sarif-processing.md +79 -0
package/skills/codeql/references/threat-models.md +51 -0
package/skills/codeql/workflows/build-database.md +280 -0
package/skills/codeql/workflows/create-data-extensions.md +261 -0
package/skills/codeql/workflows/run-analysis.md +301 -0
package/skills/differential-review/SKILL.md +220 -0
package/skills/differential-review/adversarial.md +203 -0
package/skills/differential-review/methodology.md +234 -0
package/skills/differential-review/patterns.md +300 -0
package/skills/differential-review/reporting.md +369 -0
package/skills/fp-check/SKILL.md +125 -0
package/skills/fp-check/references/bug-class-verification.md +114 -0
package/skills/fp-check/references/deep-verification.md +143 -0
package/skills/fp-check/references/evidence-templates.md +91 -0
package/skills/fp-check/references/false-positive-patterns.md +115 -0
package/skills/fp-check/references/gate-reviews.md +27 -0
package/skills/fp-check/references/standard-verification.md +78 -0
package/skills/insecure-defaults/SKILL.md +117 -0
package/skills/insecure-defaults/references/examples.md +409 -0
package/skills/last30days/SKILL.md +444 -0
package/skills/sarif-parsing/SKILL.md +483 -0
package/skills/sarif-parsing/resources/jq-queries.md +162 -0
package/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
package/skills/security-threat-model/LICENSE.txt +201 -0
package/skills/security-threat-model/SKILL.md +81 -0
package/skills/security-threat-model/agents/openai.yaml +4 -0
package/skills/security-threat-model/references/prompt-template.md +255 -0
package/skills/security-threat-model/references/security-controls-and-assets.md +32 -0
package/skills/semgrep/SKILL.md +212 -0
package/skills/semgrep/references/rulesets.md +162 -0
package/skills/semgrep/references/scan-modes.md +110 -0
package/skills/semgrep/references/scanner-task-prompt.md +140 -0
package/skills/semgrep/scripts/merge_sarif.py +203 -0
package/skills/semgrep/workflows/scan-workflow.md +311 -0
package/skills/semgrep-rule-creator/SKILL.md +168 -0
package/skills/semgrep-rule-creator/references/quick-reference.md +202 -0
package/skills/semgrep-rule-creator/references/workflow.md +240 -0
package/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
package/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
package/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
package/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
package/skills/sharp-edges/SKILL.md +292 -0
package/skills/sharp-edges/references/auth-patterns.md +252 -0
package/skills/sharp-edges/references/case-studies.md +274 -0
package/skills/sharp-edges/references/config-patterns.md +333 -0
package/skills/sharp-edges/references/crypto-apis.md +190 -0
package/skills/sharp-edges/references/lang-c.md +205 -0
package/skills/sharp-edges/references/lang-csharp.md +285 -0
package/skills/sharp-edges/references/lang-go.md +270 -0
package/skills/sharp-edges/references/lang-java.md +263 -0
package/skills/sharp-edges/references/lang-javascript.md +269 -0
package/skills/sharp-edges/references/lang-kotlin.md +265 -0
package/skills/sharp-edges/references/lang-php.md +245 -0
package/skills/sharp-edges/references/lang-python.md +274 -0
package/skills/sharp-edges/references/lang-ruby.md +273 -0
package/skills/sharp-edges/references/lang-rust.md +272 -0
package/skills/sharp-edges/references/lang-swift.md +287 -0
package/skills/sharp-edges/references/language-specific.md +588 -0
package/skills/spec-to-code-compliance/SKILL.md +357 -0
package/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
package/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
package/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
package/skills/supply-chain-risk-auditor/SKILL.md +67 -0
package/skills/supply-chain-risk-auditor/resources/results-template.md +41 -0
package/skills/variant-analysis/METHODOLOGY.md +327 -0
package/skills/variant-analysis/SKILL.md +142 -0
package/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
package/skills/variant-analysis/resources/codeql/go.ql +69 -0
package/skills/variant-analysis/resources/codeql/java.ql +71 -0
package/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
package/skills/variant-analysis/resources/codeql/python.ql +80 -0
package/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
package/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
package/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
package/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
package/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
package/skills/variant-analysis/resources/variant-report-template.md +75 -0
package/skills/vuln-report/SKILL.md +137 -0
package/skills/vuln-report/agents/openai.yaml +4 -0
package/skills/vuln-report/references/report-template.md +135 -0
package/skills/wooyun-legacy/SKILL.md +367 -0
package/skills/wooyun-legacy/references/bank-penetration.md +222 -0
package/skills/wooyun-legacy/references/checklists/command-execution-checklist.md +119 -0
package/skills/wooyun-legacy/references/checklists/csrf-checklist.md +74 -0
package/skills/wooyun-legacy/references/checklists/file-upload-checklist.md +108 -0
package/skills/wooyun-legacy/references/checklists/info-disclosure-checklist.md +114 -0
package/skills/wooyun-legacy/references/checklists/logic-flaws-checklist.md +95 -0
package/skills/wooyun-legacy/references/checklists/misconfig-checklist.md +124 -0
package/skills/wooyun-legacy/references/checklists/path-traversal-checklist.md +87 -0
package/skills/wooyun-legacy/references/checklists/rce-checklist.md +93 -0
package/skills/wooyun-legacy/references/checklists/sql-injection-checklist.md +97 -0
package/skills/wooyun-legacy/references/checklists/ssrf-checklist.md +99 -0
package/skills/wooyun-legacy/references/checklists/unauthorized-access-checklist.md +89 -0
package/skills/wooyun-legacy/references/checklists/weak-password-checklist.md +115 -0
package/skills/wooyun-legacy/references/checklists/xss-checklist.md +103 -0
package/skills/wooyun-legacy/references/checklists/xxe-checklist.md +130 -0
package/skills/wooyun-legacy/references/info-disclosure.md +975 -0
package/skills/wooyun-legacy/references/logic-flaws.md +721 -0
package/skills/wooyun-legacy/references/path-traversal.md +1191 -0
package/skills/wooyun-legacy/references/telecom-penetration.md +156 -0
package/skills/wooyun-legacy/references/unauthorized-access.md +980 -0
package/skills/wooyun-legacy/references/xss.md +746 -0
package/skills/zeroize-audit/SKILL.md +371 -0
package/skills/zeroize-audit/configs/c.yaml +21 -0
package/skills/zeroize-audit/configs/default.yaml +128 -0
package/skills/zeroize-audit/configs/rust.yaml +83 -0
package/skills/zeroize-audit/prompts/report_template.md +238 -0
package/skills/zeroize-audit/prompts/system.md +163 -0
package/skills/zeroize-audit/prompts/task.md +97 -0
package/skills/zeroize-audit/references/compile-commands.md +231 -0
package/skills/zeroize-audit/references/detection-strategy.md +191 -0
package/skills/zeroize-audit/references/ir-analysis.md +252 -0
package/skills/zeroize-audit/references/mcp-analysis.md +221 -0
package/skills/zeroize-audit/references/poc-generation.md +470 -0
package/skills/zeroize-audit/references/rust-zeroization-patterns.md +867 -0
package/skills/zeroize-audit/schemas/input.json +83 -0
package/skills/zeroize-audit/schemas/output.json +140 -0
package/skills/zeroize-audit/tools/analyze_asm.sh +202 -0
package/skills/zeroize-audit/tools/analyze_cfg.py +381 -0
package/skills/zeroize-audit/tools/analyze_heap.sh +211 -0
package/skills/zeroize-audit/tools/analyze_ir_semantic.py +429 -0
package/skills/zeroize-audit/tools/diff_ir.sh +135 -0
package/skills/zeroize-audit/tools/diff_rust_mir.sh +189 -0
package/skills/zeroize-audit/tools/emit_asm.sh +67 -0
package/skills/zeroize-audit/tools/emit_ir.sh +77 -0
package/skills/zeroize-audit/tools/emit_rust_asm.sh +178 -0
package/skills/zeroize-audit/tools/emit_rust_ir.sh +150 -0
package/skills/zeroize-audit/tools/emit_rust_mir.sh +158 -0
package/skills/zeroize-audit/tools/extract_compile_flags.py +284 -0
package/skills/zeroize-audit/tools/generate_poc.py +1329 -0
package/skills/zeroize-audit/tools/mcp/apply_confidence_gates.py +113 -0
package/skills/zeroize-audit/tools/mcp/check_mcp.sh +68 -0
package/skills/zeroize-audit/tools/mcp/normalize_mcp_evidence.py +125 -0
package/skills/zeroize-audit/tools/scripts/check_llvm_patterns.py +481 -0
package/skills/zeroize-audit/tools/scripts/check_mir_patterns.py +554 -0
package/skills/zeroize-audit/tools/scripts/check_rust_asm.py +424 -0
package/skills/zeroize-audit/tools/scripts/check_rust_asm_aarch64.py +300 -0
package/skills/zeroize-audit/tools/scripts/check_rust_asm_x86.py +283 -0
package/skills/zeroize-audit/tools/scripts/find_dangerous_apis.py +375 -0
package/skills/zeroize-audit/tools/scripts/semantic_audit.py +923 -0
package/skills/zeroize-audit/tools/track_dataflow.sh +196 -0
package/skills/zeroize-audit/tools/validate_rust_toolchain.sh +298 -0
package/skills/zeroize-audit/workflows/phase-0-preflight.md +150 -0
package/skills/zeroize-audit/workflows/phase-1-source-analysis.md +144 -0
package/skills/zeroize-audit/workflows/phase-2-compiler-analysis.md +139 -0
package/skills/zeroize-audit/workflows/phase-3-interim-report.md +46 -0
package/skills/zeroize-audit/workflows/phase-4-poc-generation.md +46 -0
package/skills/zeroize-audit/workflows/phase-5-poc-validation.md +136 -0
package/skills/zeroize-audit/workflows/phase-6-final-report.md +44 -0
package/skills/zeroize-audit/workflows/phase-7-test-generation.md +42 -0
package/themes/piolium-srcery.json +94 -0

package/extensions/piolium/modes/confirm-bootstrap.ts ADDED Viewed

@@ -0,0 +1,186 @@
+/**
+ * Results-only bootstrap for `/piolium-confirm`.
+ *
+ * Lets the user run confirmation against a directory that contains only the
+ * `piolium/` results folder from a previous audit (no source checkout). The
+ * bootstrap clones the original repository into a sibling `<repo>-confirm/`
+ * directory, checks out the audit commit, copies the results into the clone,
+ * and returns the new cwd for `runConfirmAudit` to use.
+ *
+ * Trigger: cwd has `piolium/findings/` but no `.git/`.
+ *
+ * Clone URL resolution:
+ *   - `--repo <url>` overrides everything.
+ *   - Else infer `https://github.com/<owner>/<repo>.git` from
+ *     `latestAudit(state).repository`.
+ *   - Else fail with a message asking the user to pass `--repo`.
+ *
+ * Pre-existing destination: reuse if its origin matches the resolved URL,
+ * abort otherwise so we never silently confirm against the wrong code.
+ */
+import { execFileSync } from "node:child_process";
+import { cpSync, existsSync, statSync } from "node:fs";
+import { join } from "node:path";
+import { latestAudit, readAuditState } from "../audit-state.ts";
+export type BootstrapNotify = (text: string, level?: "info" | "warning" | "error") => void;
+export interface BootstrapOptions {
+	cwd: string;
+	repoOverride?: string;
+	notify?: BootstrapNotify;
+}
+export interface BootstrapResult {
+	cwd: string;
+	bootstrapped: boolean;
+	cloneDir?: string;
+	cloneUrl?: string;
+	checkedOutCommit?: string;
+}
+export function isResultsOnlyDir(cwd: string): boolean {
+	if (existsSync(join(cwd, ".git"))) return false;
+	const findings = join(cwd, "piolium", "findings");
+	if (!existsSync(findings)) return false;
+	try {
+		return statSync(findings).isDirectory();
+	} catch {
+		return false;
+	}
+}
+export function inferGithubCloneUrl(repository: string | undefined): string | undefined {
+	if (!repository) return undefined;
+	if (!/^[^/\s]+\/[^/\s]+$/.test(repository)) return undefined;
+	return `https://github.com/${repository}.git`;
+}
+export function repoBasenameFromUrl(url: string): string {
+	const trimmed = url.trim().replace(/\/+$/, "");
+	const tail = trimmed.split(/[/:]/).pop() ?? trimmed;
+	return tail.replace(/\.git$/, "");
+}
+function normalizeRemote(url: string): string {
+	let out = url.trim().toLowerCase();
+	out = out.replace(/\.git$/, "");
+	const sshMatch = out.match(/^git@([^:]+):(.+)$/);
+	if (sshMatch) out = `https://${sshMatch[1]}/${sshMatch[2]}`;
+	out = out.replace(/^ssh:\/\/git@/, "https://");
+	return out.replace(/\/+$/, "");
+}
+function remoteUrlsMatch(a: string, b: string): boolean {
+	return normalizeRemote(a) === normalizeRemote(b);
+}
+type ExecResult = { ok: true; stdout: string } | { ok: false; error: string };
+function safeExec(file: string, args: string[]): ExecResult {
+	try {
+		const stdout = execFileSync(file, args, {
+			encoding: "utf8",
+			stdio: ["ignore", "pipe", "pipe"],
+		}).trim();
+		return { ok: true, stdout };
+	} catch (err) {
+		return { ok: false, error: err instanceof Error ? err.message : String(err) };
+	}
+}
+export function bootstrapResultsOnlyConfirm(opts: BootstrapOptions): BootstrapResult {
+	const { cwd, repoOverride } = opts;
+	const notify: BootstrapNotify = opts.notify ?? (() => {});
+	if (!isResultsOnlyDir(cwd)) {
+		return { cwd, bootstrapped: false };
+	}
+	const stateRes = readAuditState(cwd);
+	if (stateRes.parseError) {
+		throw new Error(
+			`Found piolium/findings/ but cannot read piolium/audit-state.json: ${stateRes.parseError}`,
+		);
+	}
+	const audit = stateRes.state ? latestAudit(stateRes.state) : undefined;
+	const auditRepository = audit?.repository;
+	const auditCommit = audit?.commit ?? undefined;
+	let cloneUrl: string;
+	if (repoOverride) {
+		cloneUrl = repoOverride;
+	} else {
+		const inferred = inferGithubCloneUrl(auditRepository);
+		if (!inferred) {
+			throw new Error(
+				"Cannot infer source repository to clone — piolium/audit-state.json has no usable `repository` field. Re-run with `--repo <url>`.",
+			);
+		}
+		cloneUrl = inferred;
+	}
+	const repoName = repoBasenameFromUrl(cloneUrl);
+	if (!repoName) {
+		throw new Error(`Unable to derive repo name from clone URL: ${cloneUrl}`);
+	}
+	const cloneDir = join(cwd, `${repoName}-confirm`);
+	if (existsSync(cloneDir)) {
+		if (!existsSync(join(cloneDir, ".git"))) {
+			throw new Error(
+				`Clone destination ${cloneDir} exists but is not a git working tree. Remove or rename it.`,
+			);
+		}
+		const remote = safeExec("git", ["-C", cloneDir, "remote", "get-url", "origin"]);
+		if (!remote.ok) {
+			throw new Error(
+				`Clone destination ${cloneDir} exists but \`git remote get-url origin\` failed: ${remote.error}`,
+			);
+		}
+		if (!remoteUrlsMatch(remote.stdout, cloneUrl)) {
+			throw new Error(
+				`Clone destination ${cloneDir} has origin "${remote.stdout}" but expected "${cloneUrl}". Remove/rename the directory, or pass --repo matching the existing clone.`,
+			);
+		}
+		notify(`Reusing existing clone at ${cloneDir}.`, "info");
+	} else {
+		notify(`Cloning ${cloneUrl} → ${cloneDir} ...`, "info");
+		const clone = safeExec("git", ["clone", "--", cloneUrl, cloneDir]);
+		if (!clone.ok) {
+			throw new Error(
+				`git clone failed: ${clone.error}\nIf the inferred URL is wrong (private repo, non-github host, etc.), re-run with --repo <url>.`,
+			);
+		}
+	}
+	let checkedOutCommit: string | undefined;
+	if (auditCommit) {
+		const checkout = safeExec("git", ["-C", cloneDir, "checkout", auditCommit]);
+		if (checkout.ok) {
+			checkedOutCommit = auditCommit;
+			notify(`Checked out audit commit ${auditCommit}.`, "info");
+		} else {
+			notify(
+				`Could not checkout audit commit ${auditCommit} (${checkout.error}). Falling back to current branch HEAD.`,
+				"warning",
+			);
+		}
+	} else {
+		notify("Audit-state has no commit recorded; using current branch HEAD.", "warning");
+	}
+	const srcResults = join(cwd, "piolium");
+	const destResults = join(cloneDir, "piolium");
+	cpSync(srcResults, destResults, { recursive: true });
+	notify(`Copied results into ${destResults}.`, "info");
+	return {
+		cwd: cloneDir,
+		bootstrapped: true,
+		cloneDir,
+		cloneUrl,
+		...(checkedOutCommit ? { checkedOutCommit } : {}),
+	};
+}