@vyuhlabs/dxkit 2.10.0 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +98 -0
- package/dist/allowlist/cli.d.ts +23 -23
- package/dist/allowlist/cli.d.ts.map +1 -1
- package/dist/allowlist/cli.js +72 -34
- package/dist/allowlist/cli.js.map +1 -1
- package/dist/allowlist/file.d.ts +7 -1
- package/dist/allowlist/file.d.ts.map +1 -1
- package/dist/allowlist/file.js +7 -1
- package/dist/allowlist/file.js.map +1 -1
- package/dist/analysis-result.d.ts +10 -0
- package/dist/analysis-result.d.ts.map +1 -1
- package/dist/analyzers/cache.d.ts +1 -0
- package/dist/analyzers/cache.d.ts.map +1 -1
- package/dist/analyzers/cache.js +69 -0
- package/dist/analyzers/cache.js.map +1 -1
- package/dist/analyzers/security/aggregator.d.ts +90 -90
- package/dist/analyzers/security/aggregator.d.ts.map +1 -1
- package/dist/analyzers/security/aggregator.js +140 -56
- package/dist/analyzers/security/aggregator.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts +2 -0
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +30 -4
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/security/types.d.ts +29 -7
- package/dist/analyzers/security/types.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.d.ts +133 -20
- package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.js +194 -20
- package/dist/analyzers/tools/fingerprint.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts +2 -2
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +7 -1
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +28 -0
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/grep-secrets.d.ts.map +1 -1
- package/dist/analyzers/tools/grep-secrets.js +22 -12
- package/dist/analyzers/tools/grep-secrets.js.map +1 -1
- package/dist/analyzers/tools/salt.d.ts +68 -0
- package/dist/analyzers/tools/salt.d.ts.map +1 -0
- package/dist/{baseline → analyzers/tools}/salt.js +59 -18
- package/dist/analyzers/tools/salt.js.map +1 -0
- package/dist/analyzers/tools/semgrep.d.ts +7 -7
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +14 -7
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +4 -4
- package/dist/baseline/baseline-file.d.ts +9 -2
- package/dist/baseline/baseline-file.d.ts.map +1 -1
- package/dist/baseline/baseline-file.js.map +1 -1
- package/dist/baseline/check-renderers.d.ts.map +1 -1
- package/dist/baseline/check-renderers.js +14 -0
- package/dist/baseline/check-renderers.js.map +1 -1
- package/dist/baseline/check.d.ts +33 -0
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +78 -2
- package/dist/baseline/check.js.map +1 -1
- package/dist/baseline/create.d.ts +1 -1
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +3 -1
- package/dist/baseline/create.js.map +1 -1
- package/dist/baseline/finding-identity.d.ts +20 -13
- package/dist/baseline/finding-identity.d.ts.map +1 -1
- package/dist/baseline/finding-identity.js +51 -20
- package/dist/baseline/finding-identity.js.map +1 -1
- package/dist/baseline/migrate.d.ts +94 -0
- package/dist/baseline/migrate.d.ts.map +1 -0
- package/dist/baseline/migrate.js +238 -0
- package/dist/baseline/migrate.js.map +1 -0
- package/dist/baseline/producers/security.d.ts +9 -9
- package/dist/baseline/producers/security.d.ts.map +1 -1
- package/dist/baseline/producers/security.js +16 -4
- package/dist/baseline/producers/security.js.map +1 -1
- package/dist/baseline/types.d.ts +145 -95
- package/dist/baseline/types.d.ts.map +1 -1
- package/dist/baseline/types.js +30 -26
- package/dist/baseline/types.js.map +1 -1
- package/dist/explore/finding-context.d.ts +17 -0
- package/dist/explore/finding-context.d.ts.map +1 -1
- package/dist/explore/finding-context.js +34 -0
- package/dist/explore/finding-context.js.map +1 -1
- package/dist/explore/queries.d.ts +32 -15
- package/dist/explore/queries.d.ts.map +1 -1
- package/dist/explore/queries.js +36 -6
- package/dist/explore/queries.js.map +1 -1
- package/dist/ingest/normalize.d.ts +1 -1
- package/dist/ingest/normalize.d.ts.map +1 -1
- package/dist/ingest/normalize.js +5 -1
- package/dist/ingest/normalize.js.map +1 -1
- package/dist/ingest/sarif.d.ts.map +1 -1
- package/dist/ingest/sarif.js +16 -7
- package/dist/ingest/sarif.js.map +1 -1
- package/dist/ingest/types.d.ts +23 -12
- package/dist/ingest/types.d.ts.map +1 -1
- package/dist/languages/capabilities/types.d.ts +64 -53
- package/dist/languages/capabilities/types.d.ts.map +1 -1
- package/dist/languages/capabilities/types.js +4 -4
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +49 -0
- package/dist/update.js.map +1 -1
- package/dist/upgrade.d.ts.map +1 -1
- package/dist/upgrade.js +2 -1
- package/dist/upgrade.js.map +1 -1
- package/package.json +6 -3
- package/templates/.claude/skills/dxkit-update/SKILL.md +45 -4
- package/dist/baseline/salt.d.ts +0 -45
- package/dist/baseline/salt.d.ts.map +0 -1
- package/dist/baseline/salt.js.map +0 -1
|
@@ -6,10 +6,10 @@
|
|
|
6
6
|
* runs, and aggregates. Each capability returns a strongly-typed envelope
|
|
7
7
|
* that extends `CapabilityEnvelope` so every result carries:
|
|
8
8
|
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
11
|
-
*
|
|
12
|
-
*
|
|
9
|
+
* - `schemaVersion`: pinned literal so downstream consumers can detect
|
|
10
|
+
* wire-format changes without inspecting fields.
|
|
11
|
+
* - `tool`: which underlying tool produced this result. Required for
|
|
12
|
+
* attribution in reports and for the `toolsUsed` aggregation.
|
|
13
13
|
*
|
|
14
14
|
* `ImportsResult` landed in Phase 10e.B.4 — a pack pre-computes the full
|
|
15
15
|
* per-pack import graph (extracted specifiers + resolved edges) for every
|
|
@@ -46,12 +46,12 @@ export interface CapabilityEnvelope {
|
|
|
46
46
|
* `@loopback/cli@6.0.0` — the Tier-2 tool resolves that upgrading
|
|
47
47
|
* `@loopback/cli` to `7.0.1` pulls a patched `minimatch`:
|
|
48
48
|
*
|
|
49
|
-
*
|
|
50
|
-
*
|
|
51
|
-
*
|
|
52
|
-
*
|
|
53
|
-
*
|
|
54
|
-
*
|
|
49
|
+
* {
|
|
50
|
+
* parent: '@loopback/cli',
|
|
51
|
+
* parentVersion: '7.0.1',
|
|
52
|
+
* patches: ['GHSA-xxxx-yyyy-zzzz', 'CVE-2022-1234'],
|
|
53
|
+
* breaking: true,
|
|
54
|
+
* }
|
|
55
55
|
*
|
|
56
56
|
* `parent` equals the finding's own `package` when the vulnerable
|
|
57
57
|
* package itself is a direct dep. `patches` lists every advisory id the
|
|
@@ -63,34 +63,34 @@ export interface CapabilityEnvelope {
|
|
|
63
63
|
*/
|
|
64
64
|
export interface DepVulnUpgradePlan {
|
|
65
65
|
/** Package to upgrade (top-level dep when different from the
|
|
66
|
-
*
|
|
66
|
+
* finding's `package`; otherwise the finding's own package). */
|
|
67
67
|
parent: string;
|
|
68
68
|
/** Target version for the parent. Semver triple, no range prefix. */
|
|
69
69
|
parentVersion: string;
|
|
70
70
|
/** Advisory ids this upgrade resolves — always includes the finding's
|
|
71
|
-
*
|
|
72
|
-
*
|
|
71
|
+
* own `id`; may include sibling advisories when one parent bump
|
|
72
|
+
* patches several transitives at once. Sorted, deduplicated. */
|
|
73
73
|
patches: string[];
|
|
74
74
|
/** True when the target version crosses a major boundary from the
|
|
75
|
-
*
|
|
76
|
-
*
|
|
75
|
+
* installed parent version. Producer-classified; consumers treat it
|
|
76
|
+
* as a triage hint, not a guarantee. */
|
|
77
77
|
breaking: boolean;
|
|
78
78
|
}
|
|
79
79
|
/**
|
|
80
80
|
* Per-finding detail for dep-vuln reports that need more than counts.
|
|
81
81
|
*
|
|
82
82
|
* Field tiers (when each tier populates which fields):
|
|
83
|
-
*
|
|
84
|
-
*
|
|
85
|
-
*
|
|
86
|
-
*
|
|
87
|
-
*
|
|
88
|
-
*
|
|
89
|
-
*
|
|
90
|
-
*
|
|
91
|
-
*
|
|
92
|
-
*
|
|
93
|
-
*
|
|
83
|
+
* Tier 1 (per-pack native tool — npm-audit / pip-audit / govulncheck /
|
|
84
|
+
* cargo-audit / dotnet vulnerable):
|
|
85
|
+
* id, package, installedVersion, severity, tool, fixedVersion?,
|
|
86
|
+
* cvssScore?, aliases?, summary?, references?
|
|
87
|
+
* Tier 2 (per-pack fix-tool — osv-scanner fix / pip-audit --fix /
|
|
88
|
+
* cargo audit fix):
|
|
89
|
+
* upgradeAdvice, breakingUpgrade, upgradePlan, reachable (osv-scanner only)
|
|
90
|
+
* Tier 3 (exploitability enrichment — EPSS, CISA KEV):
|
|
91
|
+
* epssScore, kev
|
|
92
|
+
* Tier 4 (snyk opt-in):
|
|
93
|
+
* reachable, riskScore, upgradeAdvice, breakingUpgrade, upgradePlan
|
|
94
94
|
*
|
|
95
95
|
* All non-identity fields are optional so higher tiers can extend without
|
|
96
96
|
* changing this contract.
|
|
@@ -181,10 +181,10 @@ export interface LicenseFinding {
|
|
|
181
181
|
/** ISO 8601 release date; present when the registry exposes it. */
|
|
182
182
|
releaseDate?: string;
|
|
183
183
|
/** True when this package is a root manifest dep (direct or dev-dep) as
|
|
184
|
-
*
|
|
185
|
-
*
|
|
186
|
-
*
|
|
187
|
-
*
|
|
184
|
+
* opposed to a transitive. Populated per-pack by the same root-manifest
|
|
185
|
+
* parse that seeds `buildXxxTopLevelDepIndex`. Unset when the pack
|
|
186
|
+
* can't read the manifest/lockfile — the bom filter treats unset as
|
|
187
|
+
* "don't know" and passes the row through rather than dropping it. */
|
|
188
188
|
isTopLevel?: boolean;
|
|
189
189
|
}
|
|
190
190
|
/**
|
|
@@ -230,6 +230,17 @@ export interface CodePatternFinding {
|
|
|
230
230
|
title: string;
|
|
231
231
|
/** CWE identifier when the scanner supplies one (e.g. `CWE-79`). Empty otherwise. */
|
|
232
232
|
cwe: string;
|
|
233
|
+
/**
|
|
234
|
+
* Content-anchored identity material: the 16-char `spanHash` of
|
|
235
|
+
* the normalized matched code span, computed at the gather boundary
|
|
236
|
+
* (semgrep's `extra.lines`). Only the digest is carried downstream —
|
|
237
|
+
* never the raw matched text. The aggregator combines it with the
|
|
238
|
+
* enclosing-symbol `scope` (graph scope pre-pass) and an in-scope ordinal to
|
|
239
|
+
* form the finding's `contentAnchor`, so identity survives the
|
|
240
|
+
* construct moving lines. Absent when the scanner didn't surface the
|
|
241
|
+
* matched span → the identity layer falls back to the location scheme.
|
|
242
|
+
*/
|
|
243
|
+
spanHash?: string;
|
|
233
244
|
}
|
|
234
245
|
/**
|
|
235
246
|
* Code-pattern findings, the codePatterns capability. Produced by static
|
|
@@ -314,17 +325,17 @@ export interface StructuralResult extends CapabilityEnvelope {
|
|
|
314
325
|
* `tool-missing`, `no-output`, `parse-error`) that lumped together two
|
|
315
326
|
* semantically distinct cases:
|
|
316
327
|
*
|
|
317
|
-
*
|
|
318
|
-
*
|
|
319
|
-
*
|
|
320
|
-
*
|
|
321
|
-
*
|
|
328
|
+
* 1. **The dep-vuln scan was infrastructurally unavailable** — tool
|
|
329
|
+
* not installed, tool produced no output, output unparseable. From
|
|
330
|
+
* the user's perspective: "dxkit couldn't tell me if my deps are
|
|
331
|
+
* safe." This is the F4 baseline customer-credibility case
|
|
332
|
+
* (Security 100/100 on an unscannable repo). Maps to `unavailable`.
|
|
322
333
|
*
|
|
323
|
-
*
|
|
324
|
-
*
|
|
325
|
-
*
|
|
326
|
-
*
|
|
327
|
-
*
|
|
334
|
+
* 2. **There's nothing in this stack to scan** — no `.csproj` in a
|
|
335
|
+
* csharp pack run, no `Cargo.lock` in a rust pack run, no
|
|
336
|
+
* `requirements.txt` in a python pack run. Legitimate state for
|
|
337
|
+
* polyglot repos where one pack activates but contributes no
|
|
338
|
+
* manifests. Maps to `no-manifest`.
|
|
328
339
|
*
|
|
329
340
|
* The split lets downstream scorers cap on (1) without penalizing (2).
|
|
330
341
|
* Pre-2.4.7 they both collapsed to `tool-missing` and the security
|
|
@@ -359,21 +370,21 @@ export type LintGatherOutcome = {
|
|
|
359
370
|
* licenses report can differentiate three distinct customer-facing
|
|
360
371
|
* states:
|
|
361
372
|
*
|
|
362
|
-
*
|
|
363
|
-
*
|
|
364
|
-
*
|
|
365
|
-
*
|
|
373
|
+
* - **success**: the canonical license extraction tool ran
|
|
374
|
+
* cleanly (e.g. `nuget-license` for csharp, `pip-licenses` for
|
|
375
|
+
* python, `cargo-license` for rust, etc.). Envelope carries the
|
|
376
|
+
* per-package license inventory.
|
|
366
377
|
*
|
|
367
|
-
*
|
|
368
|
-
*
|
|
369
|
-
*
|
|
370
|
-
*
|
|
371
|
-
*
|
|
378
|
+
* - **unavailable**: tool isn't installed OR the gather failed
|
|
379
|
+
* mid-run. F12 in the .NET WinForms benchmark baseline was exactly this:
|
|
380
|
+
* `nuget-license` absent → pre-D031 the licenses report rendered
|
|
381
|
+
* "0 packages" with no caveat, indistinguishable from a repo
|
|
382
|
+
* that legitimately has no third-party deps.
|
|
372
383
|
*
|
|
373
|
-
*
|
|
374
|
-
*
|
|
375
|
-
*
|
|
376
|
-
*
|
|
384
|
+
* - **no-manifest**: pack is active but the repo has no dep
|
|
385
|
+
* manifest in scope (no `.csproj` for csharp, no `package.json`
|
|
386
|
+
* for ts, no `Cargo.toml` for rust, no `requirements.txt`/
|
|
387
|
+
* `pyproject.toml` for python). Legitimate "nothing to license."
|
|
377
388
|
*
|
|
378
389
|
* The provider's `gather()` method continues to collapse non-success
|
|
379
390
|
* to null for dispatcher consumers; availability-aware analyzers
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/languages/capabilities/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,8DAA8D;AAC9D,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1B,wEAAwE;IACxE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,WAAW,kBAAkB;IACjC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/languages/capabilities/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,8DAA8D;AAC9D,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1B,wEAAwE;IACxE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,WAAW,kBAAkB;IACjC;oEACgE;IAChE,MAAM,EAAE,MAAM,CAAC;IACf,qEAAqE;IACrE,aAAa,EAAE,MAAM,CAAC;IACtB;;oEAEgE;IAChE,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB;;4CAEwC;IACxC,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,cAAc;IAE7B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAI1B,IAAI,EAAE,MAAM,CAAC;IASb,MAAM,CAAC,EAAE,UAAU,CAAC;IAIpB,QAAQ,EAAE,MAAM,cAAc,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IASnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,eAAe,CAAC,EAAE,OAAO,CAAC;IAK1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IAInB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAWtB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAWvB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,2DAA2D;AAC3D,MAAM,WAAW,aAAc,SAAQ,kBAAkB;IACvD,6DAA6D;IAC7D,MAAM,EAAE,cAAc,CAAC;IACvB,sEAAsE;IACtE,UAAU,EAAE,SAAS,GAAG,IAAI,CAAC;IAC7B,oEAAoE;IACpE,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC;CAC7B;AAED,kGAAkG;AAClG,MAAM,WAAW,UAAW,SAAQ,kBAAkB;IACpD,MAAM,EAAE,cAAc,CAAC;CACxB;AAED,gFAAgF;AAChF,MAAM,WAAW,cAAe,SAAQ,kBAAkB;IACxD,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,0DAA0D;AAC1D,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;IAC7D,mGAAmG;IACnG,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,aAAc,SAAQ,kBAAkB;IACvD,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjD,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/D,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;CAC1D;AAED,sDAAsD;AACtD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,+EAA+E;IAC/E,WAAW,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2EAA2E;IAC3E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mCAAmC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;0EAIsE;IACtE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,cAAe,SAAQ,kBAAkB;IACxD,QAAQ,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACzC;AAED,qDAAqD;AACrD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,cAAc,CAAC;IAC/B,wFAAwF;IACxF,KAAK,CAAC,EAAE,MAAM,CAAC;CAKhB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,aAAc,SAAQ,kBAAkB;IACvD,QAAQ,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IACvC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,0DAA0D;AAC1D,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,cAAc,CAAC;IAC/B,mFAAmF;IACnF,KAAK,EAAE,MAAM,CAAC;IACd,qFAAqF;IACrF,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;;;;OASG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,kBAAmB,SAAQ,kBAAkB;IAC5D,QAAQ,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC;IAC5C,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,kEAAkE;AAClE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,iEAAiE;AACjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,CAAC,EAAE,oBAAoB,CAAC;IACxB,CAAC,EAAE,oBAAoB,CAAC;CACzB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,8EAA8E;IAC9E,UAAU,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,SAAS,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC5C;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,gBAAiB,SAAQ,kBAAkB;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,2EAA2E;IAC3E,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,sFAAsF;IACtF,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,aAAa,CAAA;CAAE,GAC5C;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACvC;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,MAAM,iBAAiB,GACzB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,UAAU,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5C;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,MAAM,qBAAqB,GAC7B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,cAAc,CAAA;CAAE,GAC7C;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACvC;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC"}
|
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
* runs, and aggregates. Each capability returns a strongly-typed envelope
|
|
8
8
|
* that extends `CapabilityEnvelope` so every result carries:
|
|
9
9
|
*
|
|
10
|
-
*
|
|
11
|
-
*
|
|
12
|
-
*
|
|
13
|
-
*
|
|
10
|
+
* - `schemaVersion`: pinned literal so downstream consumers can detect
|
|
11
|
+
* wire-format changes without inspecting fields.
|
|
12
|
+
* - `tool`: which underlying tool produced this result. Required for
|
|
13
|
+
* attribution in reports and for the `toolsUsed` aggregation.
|
|
14
14
|
*
|
|
15
15
|
* `ImportsResult` landed in Phase 10e.B.4 — a pack pre-computes the full
|
|
16
16
|
* per-pack import graph (extracted specifiers + resolved edges) for every
|
package/dist/update.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../src/update.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../src/update.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAiBzD;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAEhD;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAY5D;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV;IAAE,KAAK,EAAE,YAAY,CAAC;IAAC,MAAM,EAAE,UAAU,GAAG,mBAAmB,CAAA;CAAE,CAKnE;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,OAAO,CAW3E;AAsBD,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,UAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAiJ1F"}
|
package/dist/update.js
CHANGED
|
@@ -43,6 +43,7 @@ const detect_1 = require("./detect");
|
|
|
43
43
|
const generator_1 = require("./generator");
|
|
44
44
|
const ship_installers_1 = require("./ship-installers");
|
|
45
45
|
const logger = __importStar(require("./logger"));
|
|
46
|
+
const migrate_1 = require("./baseline/migrate");
|
|
46
47
|
/**
|
|
47
48
|
* Workspace-derived flag detection. Used in two cases:
|
|
48
49
|
* 1. The manifest doesn't carry `installFlags` (pre-2.5.2 manifests
|
|
@@ -234,7 +235,55 @@ async function runUpdate(cwd, force, rescan = false) {
|
|
|
234
235
|
}
|
|
235
236
|
for (const note of aggregate.notes)
|
|
236
237
|
logger.dim(note);
|
|
238
|
+
// Identity-scheme migration: if this repo's committed baseline / allowlist
|
|
239
|
+
// were written under an older finding-identity scheme (a dxkit version
|
|
240
|
+
// bump changed it), carry them onto the current scheme automatically —
|
|
241
|
+
// remap the allowlist's fingerprints (preserving reviewed suppressions)
|
|
242
|
+
// and regenerate the baseline — so the guardrail keeps working without a
|
|
243
|
+
// manual re-baseline. Fail-soft: a migration error is reported, not fatal
|
|
244
|
+
// to the rest of the update.
|
|
245
|
+
await migrateIdentityIfStale(cwd);
|
|
237
246
|
console.log(''); // slop-ok
|
|
238
247
|
logger.success('Update complete. Evolved files (gotchas, conventions) preserved.');
|
|
239
248
|
}
|
|
249
|
+
/**
|
|
250
|
+
* Detect a stale finding-identity scheme on the repo's artifacts and, if
|
|
251
|
+
* found, migrate them to the current scheme. Reports a summary; never
|
|
252
|
+
* throws (a migration failure is surfaced as a warning so the rest of the
|
|
253
|
+
* update still succeeds).
|
|
254
|
+
*/
|
|
255
|
+
async function migrateIdentityIfStale(cwd) {
|
|
256
|
+
let from;
|
|
257
|
+
try {
|
|
258
|
+
from = (0, migrate_1.detectStaleScheme)(cwd);
|
|
259
|
+
}
|
|
260
|
+
catch {
|
|
261
|
+
return; // probe failed (unreadable artifacts) — nothing to do here
|
|
262
|
+
}
|
|
263
|
+
if (!from)
|
|
264
|
+
return;
|
|
265
|
+
logger.info(`Finding-identity scheme changed since last init — migrating baseline + allowlist…`);
|
|
266
|
+
try {
|
|
267
|
+
const result = await (0, migrate_1.migrateIdentity)({ cwd, from });
|
|
268
|
+
if (result.baselinePath) {
|
|
269
|
+
logger.success(`Re-baselined onto identity scheme ${result.toScheme}.`);
|
|
270
|
+
}
|
|
271
|
+
if (result.allowlistTotal > 0) {
|
|
272
|
+
logger.success(`Allowlist migrated: ${result.allowlistRemapped} re-anchored, ` +
|
|
273
|
+
`${result.allowlistUnchanged} unchanged.`);
|
|
274
|
+
}
|
|
275
|
+
if (result.allowlistUnmapped.length > 0) {
|
|
276
|
+
logger.warn(`${result.allowlistUnmapped.length} allowlist entr${result.allowlistUnmapped.length === 1 ? 'y' : 'ies'} matched no current finding (the suppressed finding is gone) — review + prune:`);
|
|
277
|
+
for (const e of result.allowlistUnmapped) {
|
|
278
|
+
logger.dim(` ${e.fingerprint} ${e.kind}/${e.category}`);
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
logger.dim(' → Commit .dxkit/baselines + .dxkit/allowlist.json to finish the migration.');
|
|
282
|
+
}
|
|
283
|
+
catch (err) {
|
|
284
|
+
logger.warn(`Identity migration could not complete: ${err.message}. ` +
|
|
285
|
+
`Run \`vyuh-dxkit baseline create --force\` and re-add fingerprint-based allowlist ` +
|
|
286
|
+
`entries manually.`);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
240
289
|
//# sourceMappingURL=update.js.map
|
package/dist/update.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.js","sourceRoot":"","sources":["../src/update.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"update.js","sourceRoot":"","sources":["../src/update.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,gDAYC;AAWD,kDAQC;AAWD,8CAWC;AAsBD,8BAiJC;AAhQD,uCAAyB;AACzB,2CAA6B;AAE7B,qCAAkC;AAClC,2CAAuC;AACvC,uDAU2B;AAC3B,iDAAmC;AACnC,gDAAwE;AASxE;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,OAAO;QACL,eAAe,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAClF,SAAS,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;QACjE,aAAa,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QACvE,gBAAgB,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC;QACrF,gBAAgB,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,sBAAsB,CAAC,CAAC;QAC/F,mBAAmB,EAAE,EAAE,CAAC,UAAU,CAChC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,4BAA4B,CAAC,CACrE;QACD,YAAY,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC;KACrF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,mBAAmB,CACjC,QAAkB,EAClB,GAAW;IAEX,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;AACzE,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAAC,GAAW,EAAE,KAAmB;IAChE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAa,CAAC;QAChF,QAAQ,CAAC,YAAY,GAAG,KAAK,CAAC;QAC9B,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AASD,SAAS,eAAe,CAAC,GAA0B,EAAE,MAAyB;IAC5E,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,2EAA2E;IAC3E,sEAAsE;IACtE,sEAAsE;IACtE,uEAAuE;IACvE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,OAAO,kDAAkD,CAAC,CAAC;IAClG,CAAC;IACD,IAAI,MAAM,CAAC,KAAK;QAAE,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC;AAEM,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,KAAc,EAAE,MAAM,GAAG,KAAK;IACzE,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,CAAC,WAAW,WAAW,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC;IAE/E,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,mBAAmB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;SACtC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;SACpB,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,SAAS,GAAG,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,yBAAyB,CAAC;QACjF,MAAM,CAAC,IAAI,CAAC,qBAAqB,SAAS,MAAM,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,kEAAkE;IAClE,iEAAiE;IACjE,kEAAkE;IAClE,IAAI,MAAM,KAAK,mBAAmB,EAAE,CAAC;QACnC,IAAI,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAA,eAAM,EAAC,GAAG,CAAC,CAAC;IAE7B,MAAM,MAAM,GAAG;QACb,GAAG,QAAQ;QACX,iBAAiB,EAAE,QAAQ,CAAC,MAAM,CAAC,iBAAiB;QACpD,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;KACvC,CAAC;IAEF,yEAAyE;IACzE,qEAAqE;IACrE,6CAA6C;IAC7C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAsC,EAAE,CAAC;QACtF,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrF,CAAC;IAED,mEAAmE;IACnE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACrE,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAA0B;QACvC,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,2EAA2E;IAC3E,qEAAqE;IACrE,qEAAqE;IACrE,sEAAsE;IACtE,qEAAqE;IACrE,0EAA0E;IAC1E,MAAM,SAAS,GAAG,MAAM,IAAA,oBAAQ,EAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAClG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7C,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7C,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IAErD,2EAA2E;IAC3E,sEAAsE;IACtE,sEAAsE;IACtE,kEAAkE;IAClE,yEAAyE;IACzE,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,eAAe,CAAC,SAAS,EAAE,IAAA,qCAAmB,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,eAAe,CAAC,SAAS,EAAE,IAAA,8BAAY,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC7F,gEAAgE;QAChE,2DAA2D;QAC3D,eAAe,CAAC,SAAS,EAAE,IAAA,yCAAuB,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,eAAe,CAAC,SAAS,EAAE,IAAA,qCAAmB,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IACD,sEAAsE;IACtE,sEAAsE;IACtE,uEAAuE;IACvE,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC9C,eAAe,CAAC,SAAS,EAAE,IAAA,2CAAyB,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAC9B,eAAe,CAAC,SAAS,EAAE,IAAA,0CAAwB,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,eAAe,CAAC,SAAS,EAAE,IAAA,iCAAe,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,qEAAqE;IACrE,qEAAqE;IACrE,yBAAyB;IACzB,eAAe,CAAC,SAAS,EAAE,IAAA,oCAAkB,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAE/D,0EAA0E;IAC1E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;IAC3B,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAChC,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,CAAC,OAAO,CAAC,YAAY,SAAS,CAAC,OAAO,CAAC,MAAM,cAAc,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,WAAW,CAAC,MAAM,UAAU,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CACT,YAAY,SAAS,CAAC,OAAO,CAAC,MAAM,kDAAkD,CACvF,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAErD,2EAA2E;IAC3E,uEAAuE;IACvE,uEAAuE;IACvE,wEAAwE;IACxE,yEAAyE;IACzE,0EAA0E;IAC1E,6BAA6B;IAC7B,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAElC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;IAC3B,MAAM,CAAC,OAAO,CAAC,kEAAkE,CAAC,CAAC;AACrF,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,sBAAsB,CAAC,GAAW;IAC/C,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,2BAAiB,EAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,2DAA2D;IACrE,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,OAAO;IAElB,MAAM,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAe,EAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,qCAAqC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,MAAM,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,OAAO,CACZ,uBAAuB,MAAM,CAAC,iBAAiB,gBAAgB;gBAC7D,GAAG,MAAM,CAAC,kBAAkB,aAAa,CAC5C,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,GAAG,MAAM,CAAC,iBAAiB,CAAC,MAAM,kBAChC,MAAM,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAChD,gFAAgF,CACjF,CAAC;YACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBACzC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;IAC7F,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CACT,0CAA2C,GAAa,CAAC,OAAO,IAAI;YAClE,oFAAoF;YACpF,mBAAmB,CACtB,CAAC;IACJ,CAAC;AACH,CAAC"}
|
package/dist/upgrade.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade.d.ts","sourceRoot":"","sources":["../src/upgrade.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAQH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,WAAW,CAAC;AAE3E,MAAM,WAAW,WAAW;IAC1B,4DAA4D;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE;QACP,kEAAkE;QAClE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,6CAA6C;QAC7C,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,CAAC;IACF,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,SAAS,CAAC;IACjB;;;OAGG;IACH,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB;;;;OAIG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,wCAAwC;IACxC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,0EAA0E;IAC1E,IAAI,CAAC,EAAE,OAAO,CAAC;IACf;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,MAAM,CAAC;CAC5B;AA4CD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS,CAY/E;AAMD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,WAAW,
|
|
1
|
+
{"version":3,"file":"upgrade.d.ts","sourceRoot":"","sources":["../src/upgrade.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAQH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,WAAW,CAAC;AAE3E,MAAM,WAAW,WAAW;IAC1B,4DAA4D;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE;QACP,kEAAkE;QAClE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,6CAA6C;QAC7C,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,CAAC;IACF,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,SAAS,CAAC;IACjB;;;OAGG;IACH,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB;;;;OAIG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,wCAAwC;IACxC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,0EAA0E;IAC1E,IAAI,CAAC,EAAE,OAAO,CAAC;IACf;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,MAAM,CAAC;CAC5B;AA4CD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS,CAY/E;AAMD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,WAAW,CA+FjF;AAyHD,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAcnF"}
|
package/dist/upgrade.js
CHANGED
|
@@ -160,7 +160,8 @@ function buildUpgradePlan(cwd, opts = {}) {
|
|
|
160
160
|
if (latest) {
|
|
161
161
|
steps.push({
|
|
162
162
|
command: 'npx vyuh-dxkit update',
|
|
163
|
-
purpose: 'Refresh scaffold (.devcontainer, .githooks, .claude/skills, CI workflows)'
|
|
163
|
+
purpose: 'Refresh scaffold (.devcontainer, .githooks, .claude/skills, CI workflows) + ' +
|
|
164
|
+
'migrate baseline & allowlist if the finding-identity scheme changed',
|
|
164
165
|
});
|
|
165
166
|
}
|
|
166
167
|
// Step 3: verify with doctor.
|
package/dist/upgrade.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../src/upgrade.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqHH,sCAYC;AAMD,
|
|
1
|
+
{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../src/upgrade.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqHH,sCAYC;AAMD,4CA+FC;AAyHD,gCAcC;AA3WD,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAoD;AAEpD,iDAAmC;AAiEnC,uEAAuE;AACvE,kBAAkB;AAClB,uEAAuE;AAEvE,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAa,CAAC;QAChF,OAAO,QAAQ,CAAC,OAAO,IAAI,IAAI,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,uCAAuC,EAAE;YAC5D,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,kCAAkC,EAAE;YACvD,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,OAAsB,EAAE,MAAc;IAClE,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM;QAAE,OAAO,MAAM,CAAC;IACvC,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACpE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACnE,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAAE,OAAO,MAAM,CAAC;IACxD,IAAI,EAAE,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IAC5B,IAAI,EAAE,GAAG,EAAE;QAAE,OAAO,WAAW,CAAC;IAChC,IAAI,EAAE,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IAC5B,IAAI,EAAE,GAAG,EAAE;QAAE,OAAO,WAAW,CAAC;IAChC,IAAI,EAAE,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IAC5B,IAAI,EAAE,GAAG,EAAE;QAAE,OAAO,WAAW,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uEAAuE;AACvE,oBAAoB;AACpB,uEAAuE;AAEvE,SAAgB,gBAAgB,CAAC,GAAW,EAAE,OAAoB,EAAE;IAClE,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,mBAAmB,CAAC,EAAE,CAAC;IAC1E,wEAAwE;IACxE,uEAAuE;IACvE,sEAAsE;IACtE,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE5C,MAAM,KAAK,GAAkB,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,QAAQ,CAAC,IAAI,CACX,qFAAqF;YACnF,uDAAuD,CAC1D,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,4BAA4B;IAC5B,IAAI,KAAK,KAAK,MAAM,IAAI,CAAC,QAAQ,IAAI,MAAM,IAAI,QAAQ,KAAK,MAAM,CAAC,EAAE,CAAC;QACpE,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,CAAC,IAAI,CAAC;gBACT,OAAO,EAAE,+BAA+B,MAAM,EAAE;gBAChD,OAAO,EAAE,wBAAwB,MAAM,IAAI,WAAW,MAAM,MAAM,EAAE;aACrE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,yEAAyE;IACzE,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,CAAC,IAAI,CAAC;YACT,OAAO,EAAE,uBAAuB;YAChC,OAAO,EACL,8EAA8E;gBAC9E,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,CAAC,IAAI,CAAC;YACT,OAAO,EAAE,uBAAuB;YAChC,OAAO,EAAE,wCAAwC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,uEAAuE;IACvE,kDAAkD;IAClD,MAAM,eAAe,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAC5F,IAAI,eAAe,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC;YACT,OAAO,EACL,sFAAsF;YACxF,OAAO,EAAE,0DAA0D;YACnE,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IAED,YAAY;IACZ,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CACX,uBAAuB,MAAM,MAAM,MAAM,4CAA4C;YACnF,6BAA6B,CAChC,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CACX,kBAAkB,MAAM,4BAA4B,MAAM,IAAI;YAC5D,kFAAkF,CACrF,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,IAAI,MAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CACX,qBAAqB,QAAQ,2BAA2B,MAAM,KAAK;YACjE,4CAA4C,CAC/C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,GAAG;QACH,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC7B,MAAM,EAAE,MAAM;QACd,KAAK;QACL,KAAK;QACL,QAAQ;QACR,aAAa,EAAE,MAAM;YACnB,CAAC,CAAC,oFAAoF;YACtF,CAAC,CAAC,EAAE;KACP,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,YAAY;AACZ,uEAAuE;AAEvE,SAAS,eAAe,CAAC,IAAiB;IACxC,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;IAC3C,MAAM,CAAC,IAAI,CACT,qBAAqB,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,QAAQ,aAAa,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,QAAQ,EAAE,CACrG,CAAC;IACF,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,IAAI,sBAAsB,EAAE,CAAC,CAAC;IACjE,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAEtC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;QAC3B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC1B,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACtC,MAAM,CAAC,GAAG,CAAC,KAAK,MAAM,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;QAC3B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,YAAY;AACZ,uEAAuE;AAEvE,SAAS,OAAO,CAAC,IAAiB,EAAE,GAAW,EAAE,MAAe;IAC9D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,4DAA4D;QAC5D,2BAA2B;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,gEAAgE;IAChE,iEAAiE;IACjE,kEAAkE;IAClE,kDAAkD;IAClD,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;QACrD,GAAG;QACH,KAAK,EAAE,SAAS;KACjB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,GAAW,EACX,IAAiB,EACjB,IAAiB;IAEjB,8DAA8D;IAC9D,eAAe,CAAC,IAAI,CAAC,CAAC;IAEtB,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;QAC3B,MAAM,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QAC9B,8DAA8D;QAC9D,2DAA2D;QAC3D,+DAA+D;QAC/D,wDAAwD;QACxD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;QAC3B,MAAM,CAAC,IAAI,CACT,gEAAgE;YAC9D,sEAAsE;YACtE,qDAAqD,CACxD,CAAC;QACF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;IAC3B,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAEnC,MAAM,aAAa,GAAkB,EAAE,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzB,SAAS;QACX,CAAC;QACD,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;YAClF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;IAC3B,MAAM,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9C,IAAI,aAAa,CAAC,MAAM,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU;QAC3B,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC5C,KAAK,MAAM,CAAC,IAAI,aAAa;YAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,OAAO,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,cAAc;AACd,uEAAuE;AAEhE,KAAK,UAAU,UAAU,CAAC,GAAW,EAAE,OAAoB,EAAE;IAClE,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAEzC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,mEAAmE;YACnE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU;QACxD,CAAC;aAAM,CAAC;YACN,eAAe,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,mBAAmB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAC7C,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vyuhlabs/dxkit",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.11.0",
|
|
4
4
|
"description": "AI-native developer experience toolkit for any codebase",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Vyuh Labs",
|
|
@@ -53,6 +53,9 @@
|
|
|
53
53
|
"test:coverage": "npm run build && vitest run --coverage",
|
|
54
54
|
"test:integration": "npm run build && vitest run --config vitest.integration.config.ts",
|
|
55
55
|
"new-lang": "node scripts/scaffold-language.js",
|
|
56
|
+
"dxkit:health": "npm run build && node dist/index.js health",
|
|
57
|
+
"dxkit:guardrail": "npm run build && node dist/index.js guardrail check",
|
|
58
|
+
"dxkit:baseline:refresh": "npm run build && node dist/index.js baseline create --force",
|
|
56
59
|
"prepare": "husky || true"
|
|
57
60
|
},
|
|
58
61
|
"lint-staged": {
|
|
@@ -68,7 +71,7 @@
|
|
|
68
71
|
"@eslint/js": "^9.13.0",
|
|
69
72
|
"@types/hosted-git-info": "^3.0.5",
|
|
70
73
|
"@types/node": "^20.0.0",
|
|
71
|
-
"@vitest/coverage-v8": "^
|
|
74
|
+
"@vitest/coverage-v8": "^4.1.9",
|
|
72
75
|
"eslint": "^9.13.0",
|
|
73
76
|
"eslint-config-prettier": "^9.1.0",
|
|
74
77
|
"globals": "^17.4.0",
|
|
@@ -78,7 +81,7 @@
|
|
|
78
81
|
"typescript": "^5.4.0",
|
|
79
82
|
"typescript-eslint": "^8.11.0",
|
|
80
83
|
"vis-network": "^9.1.13",
|
|
81
|
-
"vitest": "^
|
|
84
|
+
"vitest": "^4.1.9"
|
|
82
85
|
},
|
|
83
86
|
"keywords": [
|
|
84
87
|
"ai-coding-agents",
|
|
@@ -31,7 +31,9 @@ dxkit ships in two layers and an upgrade touches both:
|
|
|
31
31
|
1. **The binary** — `@vyuhlabs/dxkit` npm package. `npm update` or `npm install @vyuhlabs/dxkit@<version>` replaces the local binary.
|
|
32
32
|
2. **The scaffold** — files in the customer's repo (`.devcontainer/`, `.githooks/`, `.claude/skills/dxkit-*/`, `AGENTS.md`, `CLAUDE.md`, `.github/workflows/dxkit-*.yml`). `npx vyuh-dxkit update` refreshes these to match the new binary's templates.
|
|
33
33
|
|
|
34
|
-
|
|
34
|
+
`vyuh-dxkit update` also does one more thing automatically: if the new binary changed the **finding-identity scheme** (how baselines + allowlists fingerprint findings), it **migrates the committed baseline and allowlist** onto the new scheme — re-anchoring every reviewed suppression so nothing has to be re-reviewed. This is deterministic and lives in the CLI; the skill's job is to surface what it did, handle the rare entry it couldn't map, and get the result committed. See "Identity-scheme migration" below.
|
|
35
|
+
|
|
36
|
+
Both stages run for any non-trivial upgrade. The CLI subcommand `vyuh-dxkit upgrade` orchestrates them (its plan includes `vyuh-dxkit update` as a step); this skill drives the customer through the orchestration with explanations and confirmations.
|
|
35
37
|
|
|
36
38
|
## The upgrade loop
|
|
37
39
|
|
|
@@ -104,10 +106,46 @@ future installs don't re-hit it: `echo "legacy-peer-deps=true" >> .npmrc`.
|
|
|
104
106
|
After it succeeds, continue the loop. (`doctor` flags a missing `.npmrc`
|
|
105
107
|
persistence as its own operational check.)
|
|
106
108
|
|
|
107
|
-
###
|
|
109
|
+
### 5b. Identity-scheme migration (automatic, inside `vyuh-dxkit update`)
|
|
110
|
+
|
|
111
|
+
When the new binary changed the finding-identity scheme, the `vyuh-dxkit update`
|
|
112
|
+
step (5) migrates the committed baseline + allowlist automatically. You don't run
|
|
113
|
+
a separate command — you **read its output and react**. Two signals tell you a
|
|
114
|
+
migration happened:
|
|
115
|
+
|
|
116
|
+
- The console prints lines like `✓ Re-baselined onto identity scheme vN.` and
|
|
117
|
+
`✓ Allowlist migrated: X re-anchored, Y unchanged` (and, if any, `Z unmapped`).
|
|
118
|
+
- A pre-`update` guardrail run would have stopped with
|
|
119
|
+
`Baseline "<name>" was captured under finding-identity scheme vA, but this
|
|
120
|
+
dxkit mints vB … Run vyuh-dxkit update`. (If the customer hit that message
|
|
121
|
+
first, this is the fix — reassure them it's expected, not a failure.)
|
|
122
|
+
|
|
123
|
+
What to do with the report:
|
|
124
|
+
|
|
125
|
+
1. **Explain it in one line.** "Your fingerprints changed in this version; dxkit
|
|
126
|
+
re-anchored your baseline and all X reviewed suppressions automatically — no
|
|
127
|
+
re-reviewing needed."
|
|
128
|
+
2. **Handle `unmapped` entries — the one spot that needs judgment.** An unmapped
|
|
129
|
+
allowlist entry is a suppression whose finding no longer exists under the new
|
|
130
|
+
scheme (the finding was fixed/removed, or its metadata is insufficient to
|
|
131
|
+
recompute). Do NOT silently drop them. List each (`fingerprint`, `kind`,
|
|
132
|
+
`reason`) and ask the customer whether to remove it (likely stale) or keep it
|
|
133
|
+
(defer). `0 unmapped` → say so and move on.
|
|
134
|
+
3. **Get it committed.** `update` prints "Commit .dxkit/baselines + .dxkit/allowlist.json
|
|
135
|
+
to finish the migration." Offer to stage and commit exactly those:
|
|
136
|
+
```bash
|
|
137
|
+
git add .dxkit/baselines .dxkit/allowlist.json
|
|
138
|
+
git commit -m "chore(dxkit): migrate finding-identity scheme on upgrade"
|
|
139
|
+
```
|
|
140
|
+
For `ref-based` repos (no committed baseline) there's nothing to commit —
|
|
141
|
+
each run re-gathers both sides under the new scheme. Say so and skip.
|
|
142
|
+
|
|
143
|
+
### 6. Verify with doctor (+ guardrail if a migration ran)
|
|
108
144
|
|
|
109
145
|
If all steps succeeded, run `npx vyuh-dxkit doctor` and report. If doctor surfaces operational issues post-upgrade (e.g. `summary.fixable[]` not empty), **hand off to dxkit-fix** — say "Upgrade complete, but doctor surfaced N gaps. Walking through dxkit-fix to close them."
|
|
110
146
|
|
|
147
|
+
If an identity-scheme migration ran in step 5b, also run `npx vyuh-dxkit guardrail check` once. The migration succeeded iff the guardrail **does not** report a wave of net-new findings caused by the scheme change (a clean run shows the prior findings as `persisted`, blocking 0). If it instead blocks on many net-new at once, the migration didn't take — surface the output and hand off to dxkit-fix rather than letting the customer commit a broken baseline.
|
|
148
|
+
|
|
111
149
|
### 7. Surface manual follow-ups
|
|
112
150
|
|
|
113
151
|
Iterate optional steps in the plan:
|
|
@@ -122,7 +160,8 @@ Iterate optional steps in the plan:
|
|
|
122
160
|
## What dxkit-update can NOT do
|
|
123
161
|
|
|
124
162
|
- **Cross-major migrations** — major bumps may need MIGRATION.md guidance + manual policy edits. Surface the link; don't auto-execute.
|
|
125
|
-
- **Customer code changes** — if the upgrade requires changes to the customer's scoring policy
|
|
163
|
+
- **Customer code changes** — if the upgrade requires changes to the customer's scoring policy or workflow file customizations, point at the CHANGELOG.md section and stop. (Finding-identity scheme changes are the exception: `vyuh-dxkit update` migrates the baseline + allowlist automatically — see step 5b. Don't stop for those; drive them.)
|
|
164
|
+
- **Re-derive a finding's identity by hand** — the old→new fingerprint mapping is deterministic and owned by the CLI's migrator. The skill explains, surfaces unmapped entries, and commits the result; it never recomputes a fingerprint itself.
|
|
126
165
|
- **Downgrades** — never auto-execute. Always confirm; warn about schema differences; suggest backing up `.dxkit/baselines/` first.
|
|
127
166
|
- **Rollback** — if execution mid-step fails, dxkit-update can't undo the binary install. Customer needs to `npm install @vyuhlabs/dxkit@<previous-version>` themselves.
|
|
128
167
|
|
|
@@ -163,8 +202,10 @@ After the loop completes:
|
|
|
163
202
|
```
|
|
164
203
|
✓ Upgraded: dxkit X → Y
|
|
165
204
|
✓ Scaffold refreshed: N files updated, M new (e.g. dxkit-fix skill if upgrading from <2.5.2)
|
|
166
|
-
✓
|
|
205
|
+
✓ Identity scheme migrated: baseline re-anchored, K suppressions carried over (0 unmapped) ← only if a migration ran
|
|
206
|
+
✓ Doctor: all green · Guardrail: clean (no scheme-driven net-new)
|
|
167
207
|
○ Manual: rebuild devcontainer to pick up changes
|
|
208
|
+
○ Committed .dxkit/baselines + .dxkit/allowlist.json (migration)
|
|
168
209
|
```
|
|
169
210
|
|
|
170
211
|
Or if something failed:
|
package/dist/baseline/salt.d.ts
DELETED
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Per-repo salt resolution for secret HMAC identity.
|
|
3
|
-
*
|
|
4
|
-
* The secret-HMAC scheme uses a salt that's:
|
|
5
|
-
* 1. Consistent across `baseline create` (writes HMACs) and every
|
|
6
|
-
* subsequent `guardrail check` (reads them).
|
|
7
|
-
* 2. Not stored in git — a baseline-file leak should not enable
|
|
8
|
-
* secret recovery via rainbow tables.
|
|
9
|
-
* 3. Reachable from every consumer — single dev, multiple devs on
|
|
10
|
-
* one repo, CI, shallow clones, detached HEADs.
|
|
11
|
-
*
|
|
12
|
-
* A three-step waterfall satisfies all three:
|
|
13
|
-
*
|
|
14
|
-
* 1. `DXKIT_BASELINE_SALT` env var — opt-in override for teams
|
|
15
|
-
* who want stronger isolation than the deterministic default.
|
|
16
|
-
* 2. `.dxkit/salt` file — reserved for environments where env-vars
|
|
17
|
-
* are awkward (cron jobs, embedded runners). Gitignored by
|
|
18
|
-
* default.
|
|
19
|
-
* 3. Deterministic default — `HMAC("dxkit-baseline-salt-v1",
|
|
20
|
-
* initialCommitSha)`. Zero-setup; same across clones of the
|
|
21
|
-
* same repo; different across different repos; reachable in
|
|
22
|
-
* shallow clones (git always includes the root commit).
|
|
23
|
-
*
|
|
24
|
-
* Every baseline file records which mode produced it so the
|
|
25
|
-
* matcher can either match the same mode (HMAC compare works) or
|
|
26
|
-
* gracefully degrade to location-only matching when the salt is
|
|
27
|
-
* unrecoverable on the current run.
|
|
28
|
-
*/
|
|
29
|
-
/** Resolution path that produced the salt. Stamped on every baseline
|
|
30
|
-
* file so the guardrail check knows what the matcher needs. */
|
|
31
|
-
export type SaltMode = 'env-var' | 'file' | 'deterministic';
|
|
32
|
-
export interface ResolvedSalt {
|
|
33
|
-
readonly mode: SaltMode;
|
|
34
|
-
readonly salt: string;
|
|
35
|
-
}
|
|
36
|
-
/**
|
|
37
|
-
* Resolve the salt for a repo. Pure dispatch over the three-step
|
|
38
|
-
* waterfall; no I/O happens past the resolution step that succeeds.
|
|
39
|
-
*
|
|
40
|
-
* Throws when none of the three paths can produce a salt — typically
|
|
41
|
-
* a non-git checkout with no env var set. Callers should surface the
|
|
42
|
-
* message verbatim so users learn which mode to configure.
|
|
43
|
-
*/
|
|
44
|
-
export declare function resolveSalt(cwd: string): ResolvedSalt;
|
|
45
|
-
//# sourceMappingURL=salt.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"salt.d.ts","sourceRoot":"","sources":["../../src/baseline/salt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAOH;gEACgE;AAChE,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,MAAM,GAAG,eAAe,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAQD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAiCrD"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"salt.js","sourceRoot":"","sources":["../../src/baseline/salt.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BH,kCAiCC;AA7DD,iDAA6C;AAC7C,mCAAoC;AACpC,uCAAyB;AACzB,2CAA6B;AAW7B;;;mDAGmD;AACnD,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;AAEtD;;;;;;;GAOG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAChD,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClD,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,iBAAiB,EAAE,MAAM,CAAC,EAAE;YACvE,GAAG;YACH,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC;aACC,IAAI,EAAE;aACN,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClF,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,qFAAqF;YACnF,oFAAoF,CACvF,CAAC;IACJ,CAAC;AACH,CAAC"}
|