@visulima/vis 1.0.0-alpha.10 → 1.0.0-alpha.11

package/dist/packem_chunks/handler30.js

@@ -1,23 +1,170 @@
-var re=Object.defineProperty;var V=(t,n)=>re(t,"name",{value:n,configurable:!0});import{dim as b,yellow as Y,cyan as Z,magenta as _,red as ee}from"@visulima/colorize";import{isAccessibleSync as G,readFileSync as B,writeFileSync as Q}from"@visulima/fs";import{readYamlSync as se}from"@visulima/fs/yaml";import{join as H}from"@visulima/path";import{S as oe,R as ae,c as ce,p as a,V as le,U as de,q as ue,b as W}from"./bin.js";import{l as ge,f as fe,s as pe}from"../packem_shared/dependency-scan-Du0tBu64.js";import{m as he}from"../packem_shared/catalog-BVPerCwG.js";var me=Object.defineProperty,S=V((t,n)=>me(t,"name",{value:n,configurable:!0}),"o");const L=S(t=>Array.isArray(t)?t.filter(n=>typeof n=="string"):[],"toStringArray"),K=S((t,n)=>{for(const r of n)if(r===t||r.endsWith("*")&&t.startsWith(r.slice(0,-1)))return!0;return!1},"matchesGlobList"),te=S(t=>{const n=H(t,"pnpm-workspace.yaml");if(!G(n))return{excludedPackages:[],ignoredAdvisories:[]};try{const r=se(n);return{excludedPackages:[],ignoredAdvisories:[...L(r?.auditConfig?.ignoreCves),...L(r?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),ne=S(t=>{const n=H(t,".yarnrc.yml");if(!G(n))return{excludedPackages:[],ignoredAdvisories:[]};try{const r=se(n);return{excludedPackages:L(r?.npmAuditExcludePackages),ignoredAdvisories:L(r?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),ve=S((t,n)=>{switch(n){case"pnpm":return te(t);case"yarn":return ne(t);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),X=S((t,n,r)=>{if(K(t,n.ignoredAdvisories))return!0;if(r){for(const l of r)if(K(l,n.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),$e=S((t,n)=>K(t,n.excludedPackages),"isPackageExcluded"),ke=S((t,n,r)=>{if(r.length===0)return["No advisory IDs to sync."];const l=[];switch(t){case"bun":{l.push(`bun has no audit config file. Use CLI flags: bun audit ${r.map(f=>`--ignore ${f}`).join(" ")}`);break}case"npm":{l.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const f=H(n,"pnpm-workspace.yaml");if(!G(f)){l.push("pnpm-workspace.yaml not found. Cannot sync.");break}const h=te(n),k=new Set(h.ignoredAdvisories.filter(c=>c.startsWith("CVE-"))),v=new Set(h.ignoredAdvisories.filter(c=>c.startsWith("GHSA-"))),y=r.filter(c=>c.startsWith("CVE-")),$=r.filter(c=>c.startsWith("GHSA-")),p=[...new Set([...k,...y])],d=[...new Set([...v,...$])],m=y.filter(c=>!k.has(c)).length,w=$.filter(c=>!v.has(c)).length;if(m===0&&w===0){l.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let g=B(f);if(p.length>0){const c=`  ignoreCves:
-${p.map(x=>`    - ${x}`).join(`
-`)}
-`;/auditConfig:/.test(g)?g=/ignoreCves:/.test(g)?g.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,c):g.replace(/auditConfig:\s*\n/,`auditConfig:
-${c}`):g=`${g.trimEnd()}
+import { detectAllProviders, runProvider } from '@visulima/find-ai-runner';
+import { renderToString, Table } from '@visulima/tui';
+import React from 'react';
+import { a as resolveProvider, D as DEFAULT_PRIORITY } from '../packem_shared/ai-analysis-CHeB1joD.js';
+import { bold, dim, cyan, green, yellow } from '@visulima/colorize';
 
-auditConfig:
-${c}`,m>0&&l.push(`Added ${String(m)} new CVE${m===1?"":"s"} to pnpm-workspace.yaml (${String(p.length)} total)`)}if(d.length>0){const c=`  ignoreGhsas:
-${d.map(x=>`    - ${x}`).join(`
-`)}
-`;/auditConfig:/.test(g)&&(g=/ignoreGhsas:/.test(g)?g.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,c):g.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m,`$1${c}$2`)),w>0&&l.push(`Added ${String(w)} new GHSA${w===1?"":"s"} to pnpm-workspace.yaml (${String(d.length)} total)`)}Q(f,g);break}case"yarn":{const f=H(n,".yarnrc.yml");if(!G(f)){l.push(".yarnrc.yml not found. Cannot sync.");break}const h=ne(n),k=new Set(h.ignoredAdvisories),v=[...new Set([...k,...r])],y=r.filter(d=>!k.has(d)).length;if(y===0){l.push("All advisory IDs already present in .yarnrc.yml.");break}let $=B(f);const p=`npmAuditIgnoreAdvisories:
-${v.map(d=>`  - "${d}"`).join(`
-`)}
-`;$=/npmAuditIgnoreAdvisories:/.test($)?$.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,p):`${$.trimEnd()}
+const AI_DISCOVERY_META = {
+  command: "ai",
+  description: "AI-assisted commands: provider detection, cache management, and failure-fix proposals."
+};
+const typeName = (type) => {
+  if (typeof type !== "function") {
+    return String(type);
+  }
+  const { name } = type;
+  if (name === "Boolean") {
+    return "boolean";
+  }
+  if (name === "Number") {
+    return "number";
+  }
+  if (name === "String") {
+    return "string";
+  }
+  return name ?? "unknown";
+};
+const buildSubcommand = (command) => {
+  const path = [...command.commandPath ?? [], command.name].join(" ");
+  const examples = (command.examples ?? []).map(([cmd, description]) => {
+    return {
+      command: cmd ?? "",
+      description: description ?? ""
+    };
+  });
+  const options = (command.options ?? []).map((option) => {
+    return {
+      defaultValue: option.defaultValue,
+      description: option.description,
+      name: option.name,
+      type: typeName(option.type)
+    };
+  });
+  return {
+    argument: command.argument ? { description: command.argument.description, name: command.argument.name } : void 0,
+    description: command.description ?? "",
+    examples,
+    name: command.name,
+    options,
+    path
+  };
+};
+const buildDiscoveryPayload = (subcommands, meta = AI_DISCOVERY_META) => {
+  return {
+    command: meta.command,
+    description: meta.description,
+    subcommands: subcommands.map((subcommand) => buildSubcommand(subcommand))
+  };
+};
+const renderDiscoveryJson = (subcommands, meta = AI_DISCOVERY_META) => `${JSON.stringify(buildDiscoveryPayload(subcommands, meta), void 0, 2)}
+`;
+const renderDiscoveryText = (subcommands, meta = AI_DISCOVERY_META) => {
+  const payload = buildDiscoveryPayload(subcommands, meta);
+  const lines = [];
+  lines.push(bold(`vis ${payload.command} — ${payload.description}`));
+  lines.push("");
+  lines.push(dim("Subcommands:"));
+  for (const subcommand of payload.subcommands) {
+    const argumentSegment = subcommand.argument ? ` ${cyan(`<${subcommand.argument.name}>`)}` : "";
+    lines.push("");
+    lines.push(`  ${green(`vis ${subcommand.path}`)}${argumentSegment}`);
+    if (subcommand.description) {
+      lines.push(`    ${subcommand.description}`);
+    }
+    if (subcommand.options.length > 0) {
+      const optionList = subcommand.options.map((option) => `--${option.name}${option.type === "boolean" ? "" : `=<${option.type}>`}`).join(", ");
+      lines.push(dim(`    options: ${optionList}`));
+    }
+    if (subcommand.examples.length > 0) {
+      lines.push(dim("    examples:"));
+      for (const example of subcommand.examples) {
+        const trailing = example.description ? dim(` — ${example.description}`) : "";
+        lines.push(`      ${yellow(example.command)}${trailing}`);
+      }
+    }
+  }
+  lines.push("");
+  lines.push(dim(`Run \`vis ${payload.command} discover-help\` for the machine-readable JSON catalogue (designed for AI agents).`));
+  lines.push(dim(`Run \`vis ${payload.command} <subcommand> --help\` for full usage of a specific subcommand.`));
+  return `${lines.join("\n")}
+`;
+};
 
-${p}`,Q(f,$),l.push(`Synced ${String(y)} advisor${y===1?"y":"ies"} to .yarnrc.yml (${String(v.length)} total)`);break}default:l.push(`Unknown package manager: ${t}`)}return l},"syncAcceptedRisksToNativeConfig");var ye=Object.defineProperty,R=V((t,n)=>ye(t,"name",{value:n,configurable:!0}),"m");const U={CRITICAL:0,HIGH:1,LOW:3,MODERATE:2,UNKNOWN:4},Ae={critical:ee,high:_,low:Z,medium:Y},j=R((t,n)=>{const r=U[n.toUpperCase()]??U.MODERATE??2;return(U[t.toUpperCase()]??4)<=r},"severityPassesFilter"),Se={CRITICAL:ee,HIGH:_,LOW:Z,MODERATE:Y,UNKNOWN:b},we=R((t,n,r,l)=>{const f=Se[r.severity]??b,h=l?` ${b("[acknowledged]")}`:"",k=r.fixedVersions??[],v=k.length>0?` (fix: ${k.join(", ")})`:"";return`  ${f(r.severity)} ${r.id} — ${t}@${n}${h}
-    ${r.summary}${v}`},"formatVulnLine"),Ce=R((t,n)=>{const r=oe(t),l=`${String(Math.round(t.score.overall*100))}%`,f=n?` ${b("[acknowledged]")}`:"",h=t.alerts.length>0?`, ${String(t.alerts.length)} alert${t.alerts.length===1?"":"s"}`:"";return`  ${l} ${r}@${t.version} (${ae(t.score.overall)}${h})${f}`},"formatSocketLine"),Re=R(async(t,n,r,l)=>{const f=n.severity??"low",h=n.format==="json"||!!n.json,k=!!n.fix,v=!!n.showAccepted,y=r?.security?.socket,$=y?.acceptedRisks,p=ce(t),d=ve(t,p.name);(d.ignoredAdvisories.length>0||d.excludedPackages.length>0)&&a.info(`Loaded ${String(d.ignoredAdvisories.length)} ignored advisor${d.ignoredAdvisories.length===1?"y":"ies"} and ${String(d.excludedPackages.length)} excluded package${d.excludedPackages.length===1?"":"s"} from ${p.name} config.`);const m=ge(t,p.name);if(m.length===0){a.info(`No ${p.name} lockfile entries found. Run ${p.name} install first.`);return}h||a.info(`Scanning ${String(m.length)} installed packages…`);const w=m.map(e=>({name:e.name,version:e.version})),g=le(y),c=fe(t,p.name),x=[{id:"vulnerabilities",label:"Known vulnerabilities (OSV)"},...g?[{id:"socket",label:"Socket.dev supply-chain reports"}]:[]],C=pe(x,{live:!h}),ie=Date.now(),E=R(e=>{const s=Date.now()-e;return s>=1e3?`${(s/1e3).toFixed(1)}s`:`${String(Math.round(s))}ms`},"fmtElapsed");let q,J;try{const e=Date.now(),s=Date.now();C.start("vulnerabilities"),g&&C.start("socket"),[q,J]=await Promise.all([he(w).then(i=>{let o=0;for(const u of i.values())o+=u.length;return C.finish("vulnerabilities",o>0?"warn":"ok",o>0?`${String(o)} found · ${E(e)}`:`none found · ${E(e)}`),i}).catch(i=>{const o=i instanceof Error?i.message:String(i);return C.finish("vulnerabilities","error",o),new Map}),g?de(w,g).then(i=>{let o=0,u=0;for(const D of i.values())o+=D.alerts.length,D.score.overall<W&&(u+=1);const O=o+u;return C.finish("socket",O>0?"warn":"ok",O>0?`${String(o)} alert${o===1?"":"s"}, ${String(u)} low-score · ${E(s)}`:`clean · ${E(s)}`),i}).catch(i=>{const o=i instanceof Error?i.message:String(i);return C.finish("socket","error",o),new Map}):Promise.resolve(new Map)])}finally{C.stop()}h||a.info(b(`Scan completed in ${E(ie)}`));const M=[];for(const e of m){if($e(e.name,d))continue;const s=q.get(e.name)??[],i=J.get(`${e.name}@${e.version}`),o=ue(e.name,e.version,$),u=s.length>0,O=i?i.score.overall<W:!1,D=i?i.alerts.length>0:!1;(u||O||D)&&M.push({acceptedRisk:o,name:e.name,socketReport:i,version:e.version,vulnerabilities:s})}const A=M.filter(e=>{const s=e.vulnerabilities.some(u=>j(u.severity,f)),i=e.socketReport?.alerts.some(u=>j(u.severity==="medium"?"MODERATE":u.severity.toUpperCase(),f)),o=e.socketReport&&e.socketReport.score.overall<W;return s||i||o});if(h){const e={duplicates:c.map(s=>({name:s.name,versionCount:s.versions.length,versions:s.versions})),packages:m.length,results:A.map(s=>({acceptedRisk:s.acceptedRisk??null,name:s.name,socketAlerts:s.socketReport?.alerts??[],socketScore:s.socketReport?.score.overall??null,version:s.version,vulnerabilities:s.vulnerabilities})),summary:{accepted:A.filter(s=>s.acceptedRisk).length,duplicatePackages:c.length,issues:A.filter(s=>!s.acceptedRisk).length,total:A.length}};process.stdout.write(`${JSON.stringify(e,void 0,2)}
-`),n.exitCode&&e.summary.issues>0&&(process.exitCode=1);return}if(A.length===0){a.success(`No security issues found across ${String(m.length)} packages.`);return}const I={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const e of A)for(const s of e.vulnerabilities)if(j(s.severity,f)){const i=s.severity==="UNKNOWN"?"LOW":s.severity;I[i]?.push({entry:e,vuln:s})}let F=0,T=0;for(const e of["CRITICAL","HIGH","MODERATE","LOW"]){const s=I[e];if(!(!s||s.length===0)){a.info(`
-── ${e} (${String(s.length)}) ──`);for(const{entry:i,vuln:o}of s){const u=!!i.acceptedRisk||X(o.id,d,o.aliases);u&&(T++,!v)||(F++,a.info(we(i.name,i.version,o,u)),k&&(o.fixedVersions??[]).length>0&&a.notice(`    Fix: update to ${o.fixedVersions.at(-1)}`))}}}const P=A.filter(e=>e.socketReport&&(e.socketReport.score.overall<W||e.socketReport.alerts.length>0));if(P.length>0){a.info(`
-── Socket.dev Supply Chain (${String(P.length)}) ──`);for(const e of P){if(!e.socketReport)continue;const s=!!e.acceptedRisk;if(!(s&&!v)){a.info(Ce(e.socketReport,s));for(const i of e.socketReport.alerts){const o=Ae[i.severity]??b;a.info(`    ${o(`[${i.severity.toUpperCase()}]`)} ${i.type} — ${i.category}`)}}}}if(c.length>0){a.info(`
-── Duplicate Dependencies (${String(c.length)}) ──`);for(const e of c){const s=e.versions.join(", ");a.info(`  ${e.name} — ${String(e.versions.length)} versions: ${Y(s)}`)}}const N=R(e=>!!e.acceptedRisk||e.vulnerabilities.length>0&&e.vulnerabilities.every(s=>X(s.id,d,s.aliases)),"isEntryExcluded"),z=A.filter(e=>!N(e)).length;if(a.info(""),a.info("─ Audit Summary"),a.info(`  ${String(m.length)} packages scanned`),d.ignoredAdvisories.length>0&&a.info(`  ${String(d.ignoredAdvisories.length)} ${p.name} audit exclusion${d.ignoredAdvisories.length===1?"":"s"} applied`),F>0){const e=I.CRITICAL?.filter(i=>!N(i.entry)).length??0,s=I.HIGH?.filter(i=>!N(i.entry)).length??0;a.error(`  ${String(F)} vulnerabilit${F===1?"y":"ies"} found`),e>0&&a.error(`    ${String(e)} critical`),s>0&&a.warn(`    ${String(s)} high`)}else a.success("  No vulnerabilities found");if(P.length>0){const e=P.filter(s=>!N(s)).length;a.warn(`  ${String(e)} package${e===1?"":"s"} with Socket.dev supply chain issues`)}if(c.length>0&&(a.warn(`  ${String(c.length)} package${c.length===1?"":"s"} with duplicate versions`),a.notice("  Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates.")),T>0&&(a.info(`  ${String(T)} acknowledged (accepted risks)`),v||a.notice("  Use --show-accepted to see acknowledged issues.")),z===0&&a.success(`
-  All issues are acknowledged. No action required.`),n.sync&&$){const e=new Set;for(const i of M)if(i.acceptedRisk){for(const o of i.vulnerabilities)if((o.id.startsWith("CVE-")||o.id.startsWith("GHSA-"))&&e.add(o.id),o.aliases)for(const u of o.aliases)(u.startsWith("CVE-")||u.startsWith("GHSA-"))&&e.add(u)}const s=[...e];if(s.length>0){a.info("");const i=ke(p.name,t,s);for(const o of i)a.success(`  ${o}`)}else a.info(`
-No advisory IDs to sync to native PM config.`)}n.exitCode&&z>0&&(process.exitCode=1)},"executeAudit"),De=R(async({logger:t,options:n,visConfig:r,workspaceRoot:l})=>{if(!l)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await Re(l,n,r,t)},"execute");export{De as default};
+const loadDiscoverableSubcommands = async () => {
+  const { default: aiCommands } = await import('./bin.js').then(n => n.ac);
+  return aiCommands.filter((cmd) => cmd.name !== "ai");
+};
+const aiRootExecute = async () => {
+  const subcommands = await loadDiscoverableSubcommands();
+  process.stderr.write(renderDiscoveryText(subcommands));
+};
+const aiDiscoverHelpExecute = async () => {
+  const subcommands = await loadDiscoverableSubcommands();
+  process.stdout.write(renderDiscoveryJson(subcommands));
+};
+const aiTestExecute = async ({ logger, visConfig }) => {
+  const aiConfig = visConfig?.ai;
+  const provider = resolveProvider(aiConfig);
+  if (!provider) {
+    logger.error("No AI provider available to test.");
+    process.exitCode = 1;
+    return;
+  }
+  logger.info(`Testing ${provider.name}...`);
+  try {
+    const result = await runProvider(provider, "Reply with exactly: OK", { timeoutMs: 3e4 });
+    logger.info(`Provider ${provider.name} responded: ${result.stdout.trim().slice(0, 200)}`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    logger.error(`Provider ${provider.name} failed: ${message}`);
+    process.exitCode = 1;
+  }
+};
+const aiProvidersExecute = ({ logger, options, visConfig }) => {
+  const format = options.format ?? "table";
+  const aiConfig = visConfig?.ai;
+  const allProviders = detectAllProviders();
+  const selected = resolveProvider(aiConfig);
+  if (format === "json") {
+    const output2 = allProviders.map((p) => {
+      return {
+        available: p.available,
+        method: p.detectionMethod,
+        name: p.name,
+        path: p.path,
+        priority: DEFAULT_PRIORITY[p.name] ?? 0,
+        selected: p.name === selected?.name,
+        version: p.version
+      };
+    });
+    process.stdout.write(`${JSON.stringify(output2, void 0, 2)}
+`);
+    return;
+  }
+  const tableData = allProviders.map((provider) => {
+    return {
+      method: provider.detectionMethod ?? "-",
+      path: provider.path ?? "-",
+      priority: String(DEFAULT_PRIORITY[provider.name] ?? 0),
+      provider: provider.name,
+      selected: provider.name === selected?.name ? ">>>" : "",
+      status: provider.available ? "available" : "not found",
+      version: provider.version ?? "-"
+    };
+  });
+  const columns = process.stdout.columns || 80;
+  const output = renderToString(React.createElement(Table, { data: tableData }), { columns });
+  logger.info(output);
+  if (selected) {
+    logger.info(`
+Selected provider: ${selected.name} (priority ${String(DEFAULT_PRIORITY[selected.name] ?? 0)})`);
+  } else {
+    logger.info("\nNo AI provider available. Install one of the supported AI CLI tools.");
+  }
+};
+const aiFixExecute = async (toolbox) => {
+  const { aiFix } = await import('./fix.js');
+  await aiFix(toolbox);
+};
+
+export { aiDiscoverHelpExecute, aiFixExecute, aiProvidersExecute, aiRootExecute, aiTestExecute };