action-pinner 0.1.0

package/dist/src/enforcement.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforcement.js","sourceRoot":"","sources":["../../src/enforcement.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAsBpD,MAAM,UAAU,mBAAmB,CACjC,MAAkB,EAClB,MAAyB,EACzB,UAAwC,EAAE;IAE1C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC9D,OAAO,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;AACpF,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,MAA2B,EAC3B,MAAyB,EACzB,UAAwC,EAAE;IAE1C,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;IACpF,MAAM,YAAY,GAAgC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACpF,GAAG,KAAK;QACR,WAAW,EAAE,iCAAiC,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC;KAC5F,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,YAAY;QACZ,OAAO,EAAE;YACP,mBAAmB,EAAE,YAAY,CAAC,MAAM;YACxC,0BAA0B,EAAE,YAAY,CAAC,MAAM,CAC7C,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CACnD,CAAC,MAAM;YACR,YAAY,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;YAC3F,eAAe,EAAE,YAAY,CAAC,MAAM,CAClC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EACxD,CAAC,CACF;YACD,aAAa,EAAE,YAAY,CAAC,MAAM,CAChC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EACtD,CAAC,CACF;YACD,YAAY,EAAE,YAAY,CAAC,MAAM,CAC/B,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,EAC5D,CAAC,CACF;YACD,cAAc,EAAE,YAAY,CAAC,MAAM,CACjC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,EAC9D,CAAC,CACF;YACD,qBAAqB,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM;SAChD;QACD,iBAAiB,EAAE,UAAU,CAAC,MAAM;QACpC,SAAS,EACP,UAAU,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAC9B,YAAY,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;KAC3E,CAAC;AACJ,CAAC;AAED,SAAS,iCAAiC,CACxC,MAAkB,EAClB,mBAA6B,EAC7B,UAAqC;IAErC,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEtF,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,MAAM,UAAU,GAAyB,EAAE,CAAC;IAE5C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,mBAAmB,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACxD,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAChD,CAAC;QACF,IAAI,mBAAmB,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,SAAS;gBACZ,OAAO,EAAE,SAAS;gBAClB,MAAM,EAAE,WAAW;gBACnB,OAAO,EAAE,gDAAgD,mBAAmB,IAAI;gBAChF,cAAc,EAAE,mBAAmB;aACpC,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,MAAM,iBAAiB,GAAG,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAC1E,gBAAgB,CAAC,SAAS,EAAE,SAAS,CAAC,CACvC,CAAC;QACF,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,SAAS;gBACZ,OAAO,EAAE,SAAS;gBAClB,MAAM,EAAE,WAAW;gBACnB,OAAO,EAAE,8BAA8B,CAAC,iBAAiB,CAAC;gBAC1D,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,cAAc,EAAE,qBAAqB,CAAC,iBAAiB,CAAC,SAAS,CAAC;aACnE,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CACrD,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,CAC7C,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,SAAS;gBACZ,OAAO,EAAE,WAAW;gBACpB,MAAM,EAAE,aAAa,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,mBAAmB;gBACtF,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,8EAA8E;gBAC/G,SAAS,EAAE,aAAa,CAAC,SAAS;gBAClC,cAAc,EAAE,qBAAqB,CAAC,aAAa,CAAC,SAAS,CAAC;aAC/D,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,UAAU,CAAC,IAAI,CAAC;YACd,GAAG,SAAS;YACZ,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,oFAAoF;SAC9F,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,EAAE;YACP,GAAG,MAAM,CAAC,OAAO;YACjB,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,cAAc,EAAE,UAAU,CAAC,MAAM;YACjC,qBAAqB,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM;SAChD;QACD,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,OAAO;QACP,UAAU;QACV,iBAAiB,EAAE,UAAU,CAAC,MAAM;QACpC,SAAS,EAAE,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC;YACjD,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAChC,CAAC,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;KAC9D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,MAAkB,EAClB,UAAkC,EAClC,UAAwC,EAAE;IAE1C,MAAM,eAAe,GAAG,kBAAkB,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,eAAe,CAAC;IAClG,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CACrC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CACxF,CAAC;IAEF,OAAO;QACL,GAAG,MAAM;QACT,OAAO,EAAE;YACP,GAAG,MAAM,CAAC,OAAO;YACjB,aAAa,EAAE,QAAQ,CAAC,MAAM;SAC/B;QACD,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,UAAkC,EAClC,GAAS;IAET,MAAM,eAAe,GAAgC,EAAE,CAAC;IACxD,MAAM,MAAM,GAAgC,EAAE,CAAC;IAE/C,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE;QACtC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;QAE9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK;gBACL,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE,cAAc,KAAK,GAAG,CAAC,4CAA4C;gBAC5E,SAAS;aACV,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,GAAG,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK;gBACL,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE,cAAc,KAAK,GAAG,CAAC,uDAAuD;gBACvF,SAAS;aACV,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,OAAO,EAAE,cAAc,KAAK,GAAG,CAAC,4DAA4D;gBAC5F,SAAS;aACV,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK;oBACL,MAAM,EAAE,gBAAgB;oBACxB,OAAO,EAAE,cAAc,KAAK,GAAG,CAAC,6DAA6D;oBAC7F,SAAS;iBACV,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK;oBACL,MAAM,EAAE,gBAAgB;oBACxB,OAAO,EAAE,cAAc,KAAK,GAAG,CAAC,wEAAwE;oBACxG,SAAS;iBACV,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,aAAa,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK;oBACL,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,cAAc,KAAK,GAAG,CAAC,eAAe,SAAS,GAAG;oBAC3D,SAAS;iBACV,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;QACH,CAAC;QAED,eAAe,CAAC,IAAI,CAAC;YACnB,KAAK;YACL,SAAS,EAAE;gBACT,GAAG,SAAS;gBACZ,MAAM;gBACN,GAAG;gBACH,QAAQ;gBACR,aAAa;gBACb,SAAS;aACV;YACD,aAAa;SACd,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,eAAe;QACf,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;KAC/D,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,SAA0B,EAAE,SAA+B;IACnF,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACvF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,QAAQ,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjG,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc,EAAE,OAAe;IAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IACzF,OAAO,cAAc,CAAC,MAAM,EAAE,iBAAiB,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,sBAAsB,CAAC,SAA+B;IAC7D,MAAM,KAAK,GAAG,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,MAAM,CAAC;IAC1D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,OAAO,OAAO,IAAI,SAAS,CAAC;AAC9B,CAAC;AAED,SAAS,8BAA8B,CAAC,SAAoC;IAC1E,MAAM,OAAO,GAAG,CAAC,qCAAqC,SAAS,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,SAAS,CAAC,aAAa,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC,kBAAkB,SAAS,CAAC,aAAa,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,SAAS,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC,cAAc,SAAS,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACnD,CAAC;AAED,SAAS,qBAAqB,CAAC,SAA+B;IAC5D,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACpI,CAAC"}

package/dist/src/github-app.d.ts

@@ -0,0 +1,6 @@
+export interface AppModeOptions {
+    appId: string;
+    privateKey: string;
+    webhookSecret: string;
+}
+export declare function runGitHubAppMode(_options: AppModeOptions): Promise<void>;

package/dist/src/github-app.js

@@ -0,0 +1,4 @@
+export async function runGitHubAppMode(_options) {
+    throw new Error("GitHub App mode is scaffolded but not yet implemented. Use CLI or Action mode.");
+}
+//# sourceMappingURL=github-app.js.map

package/dist/src/github-app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-app.js","sourceRoot":"","sources":["../../src/github-app.ts"],"names":[],"mappings":"AAMA,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,QAAwB;IAC7D,MAAM,IAAI,KAAK,CACb,gFAAgF,CACjF,CAAC;AACJ,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/index.js

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import { runActionMode } from "./action-mode.js";
+import { runCli } from "./cli.js";
+async function main() {
+    if (process.env.GITHUB_ACTIONS === "true" && process.env.INPUT_MODE) {
+        await runActionMode();
+        return;
+    }
+    await runCli();
+}
+main().catch((error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    console.error(message);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC,KAAK,UAAU,IAAI;IACjB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;QACpE,MAAM,aAAa,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,MAAM,MAAM,EAAE,CAAC;AACjB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACvB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/src/logging.d.ts

@@ -0,0 +1,8 @@
+export interface SafeLogRule {
+    name: string;
+    pattern: RegExp;
+    replacement: string;
+}
+export declare const SAFE_LOG_RULES: SafeLogRule[];
+export declare function redactToken(str: string): string;
+export declare function safeLog(message: string): string;

package/dist/src/logging.js

@@ -0,0 +1,38 @@
+export const SAFE_LOG_RULES = [
+    {
+        name: "token_parameter",
+        pattern: /token=[^\s&"']+/gi,
+        replacement: "token=***REDACTED***"
+    },
+    {
+        name: "authorization_header",
+        pattern: /Authorization:\s*Bearer\s+[^\s]+/gi,
+        replacement: "Authorization: Bearer ***REDACTED***"
+    },
+    {
+        name: "github_token_env",
+        pattern: /GITHUB_TOKEN=[^\s"']+/gi,
+        replacement: "GITHUB_TOKEN=***REDACTED***"
+    },
+    {
+        name: "url_with_credentials",
+        pattern: /https?:\/\/[^:]+:[^\s@]+@/gi,
+        replacement: "https://***REDACTED***:***REDACTED***@"
+    },
+    {
+        name: "personal_access_token",
+        pattern: /gh[pousr]_[A-Za-z0-9_]+/g,
+        replacement: "***REDACTED_TOKEN***"
+    }
+];
+export function redactToken(str) {
+    let result = str;
+    for (const rule of SAFE_LOG_RULES) {
+        result = result.replace(rule.pattern, rule.replacement);
+    }
+    return result;
+}
+export function safeLog(message) {
+    return redactToken(message);
+}
+//# sourceMappingURL=logging.js.map

package/dist/src/logging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/logging.ts"],"names":[],"mappings":"AAMA,MAAM,CAAC,MAAM,cAAc,GAAkB;IAC3C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EAAE,sBAAsB;KACpC;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,oCAAoC;QAC7C,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,yBAAyB;QAClC,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,6BAA6B;QACtC,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,0BAA0B;QACnC,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,OAAe;IACrC,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC;AAC9B,CAAC"}

package/dist/src/multi-repo-scanner.d.ts

@@ -0,0 +1,69 @@
+import type { ScanResult } from "./types.js";
+export interface MultiRepoScanOptions {
+    includePatterns: string[];
+    excludePatterns: string[];
+    includeActions: string[];
+    excludeActions: string[];
+    token?: string;
+    githubApiUrl?: string;
+}
+export interface MultiRepoScanEntry {
+    repository: string;
+    defaultBranch: string;
+    scan: ScanResult;
+}
+export interface RepositoryScanTarget {
+    repository: string;
+    defaultBranch?: string;
+}
+export interface MultiRepoScanResult {
+    repositories: MultiRepoScanEntry[];
+    consolidated: ScanResult;
+    summary: {
+        repositoriesScanned: number;
+        repositoriesWithUnpinned: number;
+        filesScanned: number;
+        referencesFound: number;
+        unpinnedFound: number;
+    };
+}
+interface RepoClient {
+    repos: {
+        get: (params: {
+            owner: string;
+            repo: string;
+        }) => Promise<{
+            data: {
+                default_branch: string;
+            };
+        }>;
+        getContent: (params: {
+            owner: string;
+            repo: string;
+            path: string;
+            ref: string;
+        }) => Promise<{
+            data: {
+                content: string;
+                encoding: string;
+            } | unknown[];
+        }>;
+    };
+    git: {
+        getTree: (params: {
+            owner: string;
+            repo: string;
+            tree_sha: string;
+            recursive: "true";
+        }) => Promise<{
+            data: {
+                tree: Array<{
+                    path?: string;
+                    type?: string;
+                }>;
+            };
+        }>;
+    };
+}
+export declare function scanRepositories(repositories: Array<string | RepositoryScanTarget>, options: MultiRepoScanOptions, client?: RepoClient): Promise<MultiRepoScanResult>;
+export {};

package/dist/src/multi-repo-scanner.js

@@ -0,0 +1,121 @@
+import { Buffer } from "node:buffer";
+import { Octokit } from "@octokit/rest";
+import { matchesAnyPattern } from "./pattern-match.js";
+import { normalizeGithubApiUrl } from "./resolver.js";
+import { buildScanResult, extractActionReferences } from "./scanner.js";
+import { resolveWorkflowPatterns } from "./workflow-paths.js";
+export async function scanRepositories(repositories, options, client = createRepoClient(options)) {
+    const sortedRepositories = normalizeScanTargets(repositories);
+    const entries = [];
+    for (const repository of sortedRepositories) {
+        const scan = await scanSingleRepository(repository, options, client);
+        entries.push(scan);
+    }
+    const consolidated = buildScanResult(entries.flatMap((entry) => entry.scan.references), entries.reduce((sum, entry) => sum + entry.scan.summary.filesScanned, 0));
+    return {
+        repositories: entries,
+        consolidated,
+        summary: {
+            repositoriesScanned: entries.length,
+            repositoriesWithUnpinned: entries.filter((entry) => entry.scan.unpinned.length > 0).length,
+            filesScanned: consolidated.summary.filesScanned,
+            referencesFound: consolidated.summary.referencesFound,
+            unpinnedFound: consolidated.summary.unpinnedFound
+        }
+    };
+}
+async function scanSingleRepository(target, options, client) {
+    const repository = target.repository;
+    const { owner, repo } = splitRepository(repository);
+    const defaultBranch = target.defaultBranch ?? (await client.repos.get({ owner, repo })).data.default_branch;
+    const tree = await client.git.getTree({
+        owner,
+        repo,
+        tree_sha: defaultBranch,
+        recursive: "true"
+    });
+    const includePatterns = resolveWorkflowPatterns(options.includePatterns);
+    const workflowPaths = tree.data.tree
+        .filter((entry) => entry.type === "blob" && typeof entry.path === "string")
+        .map((entry) => entry.path)
+        .filter((path) => path.endsWith(".yml") || path.endsWith(".yaml"))
+        .filter((path) => matchesAnyPattern(path, includePatterns, { caseInsensitive: true }))
+        .filter((path) => !(options.excludePatterns.length > 0 &&
+        matchesAnyPattern(path, options.excludePatterns, { caseInsensitive: true })))
+        .sort((left, right) => left.localeCompare(right));
+    const references = [];
+    for (const path of workflowPaths) {
+        const contentResponse = await client.repos.getContent({
+            owner,
+            repo,
+            path,
+            ref: defaultBranch
+        });
+        if (Array.isArray(contentResponse.data)) {
+            continue;
+        }
+        const content = decodeContent(contentResponse.data.content, contentResponse.data.encoding);
+        const fileReferences = extractActionReferences(`${repository}/${path}`, content).filter((reference) => {
+            if (options.includeActions.length > 0 &&
+                !matchesActionPattern(reference.action, options.includeActions)) {
+                return false;
+            }
+            if (options.excludeActions.length > 0 &&
+                matchesActionPattern(reference.action, options.excludeActions)) {
+                return false;
+            }
+            return true;
+        });
+        references.push(...fileReferences);
+    }
+    return {
+        repository,
+        defaultBranch,
+        scan: buildScanResult(references, workflowPaths.length)
+    };
+}
+function decodeContent(content, encoding) {
+    if (encoding === "base64") {
+        return Buffer.from(content, "base64").toString("utf8");
+    }
+    throw new Error(`Unsupported content encoding: ${encoding}`);
+}
+function createRepoClient(options) {
+    return new Octokit({
+        auth: options.token,
+        baseUrl: normalizeGithubApiUrl(options.githubApiUrl)
+    });
+}
+function normalizeScanTargets(repositories) {
+    const deduped = new Map();
+    for (const repository of repositories) {
+        const target = typeof repository === "string" ? { repository } : repository;
+        const normalized = splitRepository(target.repository);
+        const fullName = `${normalized.owner}/${normalized.repo}`;
+        const existing = deduped.get(fullName.toLowerCase());
+        deduped.set(fullName.toLowerCase(), {
+            repository: fullName,
+            defaultBranch: existing?.defaultBranch ?? target.defaultBranch
+        });
+    }
+    return [...deduped.values()].sort((left, right) => left.repository.localeCompare(right.repository, "en", { sensitivity: "base" }));
+}
+function splitRepository(repository) {
+    const trimmed = repository.trim();
+    const parts = trimmed.split("/");
+    if (parts.length !== 2 || parts.some((part) => part.length === 0)) {
+        throw new Error(`Invalid repository '${repository}'. Expected format is 'owner/repo'.`);
+    }
+    return { owner: parts[0], repo: parts[1] };
+}
+function matchesActionPattern(action, patterns) {
+    return patterns.some((pattern) => {
+        const normalizedPattern = pattern.trim();
+        if (!normalizedPattern) {
+            return false;
+        }
+        const target = normalizedPattern.includes("/") ? action : action.split("/")[1] ?? action;
+        return matchesAnyPattern(target, [normalizedPattern], { caseInsensitive: true });
+    });
+}
+//# sourceMappingURL=multi-repo-scanner.js.map

package/dist/src/multi-repo-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi-repo-scanner.js","sourceRoot":"","sources":["../../src/multi-repo-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AA0D9D,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,YAAkD,EAClD,OAA6B,EAC7B,SAAqB,gBAAgB,CAAC,OAAO,CAAC;IAE9C,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAyB,EAAE,CAAC;IAEzC,KAAK,MAAM,UAAU,IAAI,kBAAkB,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,eAAe,CAClC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EACjD,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CACzE,CAAC;IAEF,OAAO;QACL,YAAY,EAAE,OAAO;QACrB,YAAY;QACZ,OAAO,EAAE;YACP,mBAAmB,EAAE,OAAO,CAAC,MAAM;YACnC,wBAAwB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM;YAC1F,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,YAAY;YAC/C,eAAe,EAAE,YAAY,CAAC,OAAO,CAAC,eAAe;YACrD,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC,aAAa;SAClD;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,MAA4B,EAC5B,OAA6B,EAC7B,MAAkB;IAElB,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACrC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,aAAa,GACjB,MAAM,CAAC,aAAa,IAAI,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;IAExF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QACpC,KAAK;QACL,IAAI;QACJ,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;KAClB,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,uBAAuB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACzE,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI;SACjC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC;SAC1E,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAc,CAAC;SACpC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;SACjE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,eAAe,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;SACrF,MAAM,CACL,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QAClC,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,eAAe,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,CACjF;SACA,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAsB,EAAE,CAAC;IACzC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YACpD,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,GAAG,EAAE,aAAa;SACnB,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3F,MAAM,cAAc,GAAG,uBAAuB,CAAC,GAAG,UAAU,IAAI,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC,MAAM,CACrF,CAAC,SAAS,EAAE,EAAE;YACZ,IACE,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,EAC/D,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IACE,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;gBACjC,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,EAC9D,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;QACF,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;IACrC,CAAC;IAED,OAAO;QACL,UAAU;QACV,aAAa;QACb,IAAI,EAAE,eAAe,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,OAAe,EAAE,QAAgB;IACtD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,gBAAgB,CAAC,OAA6B;IACrD,OAAO,IAAI,OAAO,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC,KAAK;QACnB,OAAO,EAAE,qBAAqB,CAAC,OAAO,CAAC,YAAY,CAAC;KACrD,CAA0B,CAAC;AAC9B,CAAC;AAED,SAAS,oBAAoB,CAC3B,YAAkD;IAElD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgC,CAAC;IACxD,KAAK,MAAM,UAAU,IAAI,YAAY,EAAE,CAAC;QACtC,MAAM,MAAM,GACV,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;QAC/D,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,GAAG,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE;YAClC,UAAU,EAAE,QAAQ;YACpB,aAAa,EAAE,QAAQ,EAAE,aAAa,IAAI,MAAM,CAAC,aAAa;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAChD,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAC/E,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uBAAuB,UAAU,qCAAqC,CACvE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc,EAAE,QAAkB;IAC9D,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC/B,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;QACzF,OAAO,iBAAiB,CAAC,MAAM,EAAE,CAAC,iBAAiB,CAAC,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/netrc-auth.d.ts

@@ -0,0 +1,13 @@
+export interface NetrcCredentials {
+    login: string;
+    password: string;
+}
+export declare function loadNetrc(overridePath?: string): Promise<Map<string, NetrcCredentials>>;
+export declare function getNetrcCredentials(host: string, overridePath?: string): Promise<NetrcCredentials | null>;
+export declare function getNetrcPath(): string;
+export declare function encodeNetrcAuth(login: string, password: string): string;
+export interface OctokitAuth {
+    auth?: string | Record<string, unknown>;
+}
+export declare function applyNetrcAuth(client: OctokitAuth, host: string): Promise<void>;
+export declare function redactNetrcAuth(auth: string | undefined): string;

package/dist/src/netrc-auth.js

@@ -0,0 +1,123 @@
+import { readFile } from "node:fs/promises";
+import { statSync } from "node:fs";
+import { homedir } from "node:os";
+import { resolve, join } from "node:path";
+import { platform } from "node:os";
+export async function loadNetrc(overridePath) {
+    const netrcPath = overridePath ?? getNetrcPath();
+    const credentials = new Map();
+    try {
+        const content = await readFile(netrcPath, "utf8");
+        // Warn if .netrc is world-readable (security issue)
+        try {
+            const stats = statSync(netrcPath);
+            // eslint-disable-next-line no-bitwise
+            if ((stats.mode & 0o077) !== 0) {
+                console.warn(`Warning: ${netrcPath} is readable by others. Fix with: chmod 600 ${netrcPath}`);
+            }
+        }
+        catch {
+            // Ignore stat errors
+        }
+        const lines = content.split("\n");
+        let currentMachine = null;
+        let currentLogin = null;
+        let currentPassword = null;
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#")) {
+                continue;
+            }
+            const parts = trimmed.split(/\s+/);
+            let i = 0;
+            while (i < parts.length) {
+                const key = parts[i];
+                i += 1;
+                if (key === "machine") {
+                    const value = parts[i];
+                    if (value) {
+                        if (currentMachine && currentLogin && currentPassword) {
+                            credentials.set(currentMachine, {
+                                login: currentLogin,
+                                password: currentPassword
+                            });
+                        }
+                        currentMachine = value;
+                        currentLogin = null;
+                        currentPassword = null;
+                    }
+                    i += 1;
+                }
+                else if (key === "login") {
+                    currentLogin = parts[i] ?? null;
+                    i += 1;
+                }
+                else if (key === "password") {
+                    // Capture the rest of the line to handle passwords containing spaces
+                    const passwordTokens = parts.slice(i);
+                    currentPassword = passwordTokens.length > 0 ? passwordTokens.join(" ") : null;
+                    break;
+                }
+            }
+        }
+        if (currentMachine && currentLogin && currentPassword) {
+            credentials.set(currentMachine, {
+                login: currentLogin,
+                password: currentPassword
+            });
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (!message.includes("ENOENT")) {
+            console.warn(`Failed to load netrc from ${netrcPath}: ${message}`);
+        }
+    }
+    return credentials;
+}
+export async function getNetrcCredentials(host, overridePath) {
+    const credentials = await loadNetrc(overridePath);
+    // Exact match
+    if (credentials.has(host)) {
+        return credentials.get(host) ?? null;
+    }
+    // Try wildcard matching for subdomains (e.g., *.github.com matches api.github.com)
+    for (const [machine, creds] of credentials.entries()) {
+        if (machine.startsWith("*.") && host.endsWith(machine.substring(1))) {
+            return creds;
+        }
+    }
+    return null;
+}
+export function getNetrcPath() {
+    const home = homedir();
+    if (platform() === "win32") {
+        return join(home, "_netrc");
+    }
+    return resolve(home, ".netrc");
+}
+export function encodeNetrcAuth(login, password) {
+    const credentials = `${login}:${password}`;
+    return Buffer.from(credentials).toString("base64");
+}
+export async function applyNetrcAuth(client, host) {
+    const creds = await getNetrcCredentials(host);
+    if (creds) {
+        // Use login:password format as expected by Octokit's basic auth strategy
+        client.auth = `${creds.login}:${creds.password}`;
+    }
+}
+export function redactNetrcAuth(auth) {
+    if (!auth) {
+        return "none";
+    }
+    if (auth.startsWith("Basic ")) {
+        return "netrc";
+    }
+    // Detect login:password format used by netrc/basic auth
+    if (auth.includes(":") && !auth.startsWith("token ")) {
+        return "netrc";
+    }
+    return "token (redacted)";
+}
+//# sourceMappingURL=netrc-auth.js.map

package/dist/src/netrc-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"netrc-auth.js","sourceRoot":"","sources":["../../src/netrc-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAOnC,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAqB;IACnD,MAAM,SAAS,GAAG,YAAY,IAAI,YAAY,EAAE,CAAC;IACjD,MAAM,WAAW,GAAG,IAAI,GAAG,EAA4B,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAElD,oDAAoD;QACpD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;YAClC,sCAAsC;YACtC,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CACV,YAAY,SAAS,+CAA+C,SAAS,EAAE,CAChF,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,cAAc,GAAkB,IAAI,CAAC;QACzC,IAAI,YAAY,GAAkB,IAAI,CAAC;QACvC,IAAI,eAAe,GAAkB,IAAI,CAAC;QAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAE5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,IAAI,CAAC,GAAG,CAAC,CAAC;YACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACrB,CAAC,IAAI,CAAC,CAAC;gBAEP,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;oBACtB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;oBACvB,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,cAAc,IAAI,YAAY,IAAI,eAAe,EAAE,CAAC;4BACtD,WAAW,CAAC,GAAG,CAAC,cAAc,EAAE;gCAC9B,KAAK,EAAE,YAAY;gCACnB,QAAQ,EAAE,eAAe;6BAC1B,CAAC,CAAC;wBACL,CAAC;wBACD,cAAc,GAAG,KAAK,CAAC;wBACvB,YAAY,GAAG,IAAI,CAAC;wBACpB,eAAe,GAAG,IAAI,CAAC;oBACzB,CAAC;oBACD,CAAC,IAAI,CAAC,CAAC;gBACT,CAAC;qBAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;oBAC3B,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;oBAChC,CAAC,IAAI,CAAC,CAAC;gBACT,CAAC;qBAAM,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;oBAC9B,qEAAqE;oBACrE,MAAM,cAAc,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACtC,eAAe,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;oBAC9E,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,cAAc,IAAI,YAAY,IAAI,eAAe,EAAE,CAAC;YACtD,WAAW,CAAC,GAAG,CAAC,cAAc,EAAE;gBAC9B,KAAK,EAAE,YAAY;gBACnB,QAAQ,EAAE,eAAe;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,6BAA6B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAY,EACZ,YAAqB;IAErB,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;IAElD,cAAc;IACd,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;IACvC,CAAC;IAED,mFAAmF;IACnF,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;QACrD,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,QAAgB;IAC7D,MAAM,WAAW,GAAG,GAAG,KAAK,IAAI,QAAQ,EAAE,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAMD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAmB,EACnB,IAAY;IAEZ,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAE9C,IAAI,KAAK,EAAE,CAAC;QACV,yEAAyE;QACzE,MAAM,CAAC,IAAI,GAAG,GAAG,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;IACnD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAwB;IACtD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,wDAAwD;IACxD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,kBAAkB,CAAC;AAC5B,CAAC"}

package/dist/src/org.d.ts

@@ -0,0 +1,49 @@
+export type RepositoryOwnerType = "org" | "user";
+export interface RepositoryMetadata {
+    fullName: string;
+    defaultBranch: string;
+    archived: boolean;
+}
+export interface OrgScanOptions {
+    org: string;
+    includePrivate: boolean;
+    includeArchived: boolean;
+    githubApiUrl?: string;
+}
+export interface OwnerScanOptions {
+    target: string;
+    targetType: RepositoryOwnerType;
+    includePrivate: boolean;
+    includeArchived: boolean;
+    githubApiUrl?: string;
+}
+interface RepositoryEnumerationClient {
+    paginate: <T>(route: unknown, params: Record<string, unknown>) => Promise<T[]>;
+    repos: {
+        listForOrg: unknown;
+        listForUser: unknown;
+        listForAuthenticatedUser: unknown;
+    };
+    users: {
+        getAuthenticated: () => Promise<{
+            data: {
+                login: string;
+            };
+        }>;
+    };
+}
+export declare function listOrgRepositories(options: OrgScanOptions, token?: string, client?: RepositoryEnumerationClient): Promise<string[]>;
+export declare function listUserRepositories(options: Omit<OrgScanOptions, "org"> & {
+    user: string;
+}, token?: string, client?: RepositoryEnumerationClient): Promise<string[]>;
+export declare function listOwnerRepositories(options: OwnerScanOptions, token?: string, client?: RepositoryEnumerationClient): Promise<RepositoryMetadata[]>;
+export declare function filterRepositories(repositories: string[], options?: {
+    includePatterns?: string[];
+    excludePatterns?: string[];
+}): string[];
+export declare function filterRepositoryMetadata(repositories: RepositoryMetadata[], options?: {
+    includePatterns?: string[];
+    excludePatterns?: string[];
+}): RepositoryMetadata[];
+export declare function normalizeAndSortRepositories(repositories: string[]): string[];
+export {};