autoremediator 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +3 -1
  2. package/dist/{chunk-DQKT2CUG.js → chunk-URM53GSJ.js} +388 -133
  3. package/dist/chunk-URM53GSJ.js.map +1 -0
  4. package/dist/cli.d.ts +5 -0
  5. package/dist/cli.js +51 -13
  6. package/dist/cli.js.map +1 -1
  7. package/dist/index.d.ts +42 -2
  8. package/dist/index.js +3 -1
  9. package/dist/mcp/server.d.ts +277 -0
  10. package/dist/mcp/server.js +115 -15
  11. package/dist/mcp/server.js.map +1 -1
  12. package/dist/openapi/server.d.ts +400 -1
  13. package/dist/openapi/server.js +192 -50
  14. package/dist/openapi/server.js.map +1 -1
  15. package/package.json +1 -1
  16. package/dist/chunk-DQKT2CUG.js.map +0 -1
package/dist/chunk-DQKT2CUG.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/remediation/pipeline.ts","../src/platform/config.ts","../src/platform/package-manager.ts","../src/remediation/tools/lookup-cve.ts","../src/intelligence/sources/osv.ts","../src/intelligence/sources/github-advisory.ts","../src/intelligence/sources/nvd.ts","../src/remediation/tools/check-inventory.ts","../src/remediation/tools/check-version-match.ts","../src/remediation/tools/find-fixed-version.ts","../src/intelligence/sources/registry.ts","../src/remediation/tools/apply-version-bump.ts","../src/platform/policy.ts","../src/remediation/tools/fetch-package-source.ts","../src/remediation/tools/generate-patch.ts","../src/remediation/tools/apply-patch-file.ts","../src/scanner/index.ts","../src/scanner/adapters/npm-audit.ts","../src/scanner/adapters/yarn-audit.ts","../src/scanner/adapters/sarif.ts","../src/platform/evidence.ts","../src/api.ts"],"sourcesContent":["/**\n * Autoremediator agentic loop\n *\n * Orchestrates the full CVE patching pipeline using Vercel AI SDK's\n * generateText with a tool-calling loop.\n *\n * Phase 1 tools: lookup-cve → check-inventory → check-version-match\n * → find-fixed-version → apply-version-bump\n * Phase 4 tools: fetch-package-source → generate-patch → apply-patch-file\n */\nimport { generateText } from \"ai\";\nimport { existsSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport semver from \"semver\";\nimport { createModel, resolveProvider } from \"../platform/config.js\";\nimport { detectPackageManager } from \"../platform/package-manager.js\";\nimport { lookupCveTool } from \"./tools/lookup-cve.js\";\nimport { checkInventoryTool } from \"./tools/check-inventory.js\";\nimport { checkVersionMatchTool } from \"./tools/check-version-match.js\";\nimport { findFixedVersionTool } from \"./tools/find-fixed-version.js\";\nimport { applyVersionBumpTool } from \"./tools/apply-version-bump.js\";\nimport { fetchPackageSourceTool } from \"./tools/fetch-package-source.js\";\nimport { generatePatchTool } from \"./tools/generate-patch.js\";\nimport { applyPatchFileTool } from \"./tools/apply-patch-file.js\";\nimport { lookupCveOsv } from \"../intelligence/sources/osv.js\";\nimport { lookupCveGitHub, mergeGhDataIntoCveDetails } from \"../intelligence/sources/github-advisory.js\";\nimport { enrichWithNvd } from \"../intelligence/sources/nvd.js\";\nimport { findSafeUpgradeVersion } from \"../intelligence/sources/registry.js\";\nimport type { RemediateOptions, RemediationReport, PatchResult, VulnerablePackage, CveDetails } from \"../platform/types.js\";\n\nexport async function runRemediationPipeline(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n const provider = resolveProvider(options);\n if (provider === \"local\") {\n return runLocalRemediationPipeline(cveId, options);\n }\n\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const dryRun = options.dryRun ?? false;\n const skipTests = options.skipTests ?? true;\n const policyPath = options.policyPath ?? \"\";\n const patchesDir = options.patchesDir || \"./patches\";\n\n const model = await createModel(options);\n\n const systemPrompt = loadOrchestrationPrompt({\n cveId,\n cwd,\n dryRun,\n skipTests,\n policyPath,\n patchesDir,\n packageManager,\n });\n\n const prompt = `Patch vulnerable dependencies affected by ${cveId} in the project at: ${cwd}. Package manager: ${packageManager}.`;\n\n const collectedResults: PatchResult[] = [];\n const vulnerablePackages: VulnerablePackage[] = [];\n let cveDetails: CveDetails | null = null;\n let agentSteps = 0;\n\n const result = await generateText({\n model,\n system: systemPrompt,\n prompt,\n tools: {\n \"lookup-cve\": lookupCveTool,\n \"check-inventory\": checkInventoryTool,\n \"check-version-match\": checkVersionMatchTool,\n \"find-fixed-version\": findFixedVersionTool,\n \"apply-version-bump\": applyVersionBumpTool,\n \"fetch-package-source\": fetchPackageSourceTool,\n \"generate-patch\": generatePatchTool,\n \"apply-patch-file\": applyPatchFileTool,\n },\n maxSteps: 25,\n onStepFinish(stepResult) {\n agentSteps += 1;\n\n const { toolResults } = stepResult;\n\n for (const tr of toolResults ?? []) {\n const toolResult = tr.result as Record<string, unknown> | undefined;\n\n if (tr.toolName === \"lookup-cve\" && toolResult?.data) {\n cveDetails = toolResult.data as CveDetails;\n }\n if (tr.toolName === \"check-version-match\" && toolResult?.vulnerablePackages) {\n vulnerablePackages.push(...(toolResult.vulnerablePackages as VulnerablePackage[]));\n }\n if (tr.toolName === \"apply-version-bump\") {\n collectedResults.push(toolResult as unknown as PatchResult);\n }\n\n if (tr.toolName === \"apply-patch-file\" && toolResult) {\n const validation = toolResult.validation as\n | { passed?: boolean; error?: string }\n | undefined;\n const message =\n typeof toolResult.message === \"string\"\n ? toolResult.message\n : typeof toolResult.error === \"string\"\n ? toolResult.error\n : \"Patch-file strategy finished.\";\n\n collectedResults.push({\n packageName:\n typeof toolResult.packageName === \"string\"\n ? toolResult.packageName\n : \"unknown-package\",\n strategy: \"patch-file\",\n fromVersion:\n typeof toolResult.vulnerableVersion === \"string\"\n ? toolResult.vulnerableVersion\n : \"unknown\",\n patchFilePath:\n typeof toolResult.patchFilePath === \"string\"\n ? toolResult.patchFilePath\n : typeof toolResult.patchPath === \"string\"\n ? toolResult.patchPath\n : undefined,\n applied: Boolean(toolResult.applied),\n dryRun: Boolean(toolResult.dryRun),\n message,\n validation:\n validation && typeof validation.passed === \"boolean\"\n ? {\n passed: validation.passed,\n error: typeof validation.error === \"string\" ? validation.error : undefined,\n }\n : undefined,\n });\n }\n }\n },\n });\n\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: result.text,\n };\n}\n\nasync function runLocalRemediationPipeline(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const dryRun = options.dryRun ?? false;\n const skipTests = options.skipTests ?? true;\n const policyPath = options.policyPath ?? \"\";\n\n const collectedResults: PatchResult[] = [];\n const vulnerablePackages: VulnerablePackage[] = [];\n let cveDetails: CveDetails | null = null;\n let agentSteps = 0;\n\n const normalizedId = cveId.toUpperCase();\n const [osvDetails, ghPackages] = await Promise.all([\n lookupCveOsv(normalizedId),\n lookupCveGitHub(normalizedId).catch(() => []),\n ]);\n agentSteps += 2;\n\n if (!osvDetails && ghPackages.length === 0) {\n return {\n cveId,\n cveDetails: null,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode failed at lookup-cve: ${normalizedId} not found in OSV or GitHub advisory data.`,\n };\n }\n\n cveDetails = osvDetails ?? {\n id: normalizedId,\n summary: \"Details sourced from GitHub Advisory Database.\",\n severity: \"UNKNOWN\",\n references: [],\n affectedPackages: [],\n };\n\n if (ghPackages.length > 0) {\n cveDetails = mergeGhDataIntoCveDetails(cveDetails, ghPackages);\n }\n cveDetails = await enrichWithNvd(cveDetails);\n\n if (cveDetails.affectedPackages.length === 0) {\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode lookup succeeded but no npm affected packages were found for ${normalizedId}.`,\n };\n }\n\n const inventory = await (checkInventoryTool as any).execute({ cwd, packageManager });\n agentSteps += 1;\n\n if (inventory?.error) {\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode failed at check-inventory: ${inventory.error}`,\n };\n }\n\n const installedPackages = (inventory.packages ?? []) as Array<{\n name: string;\n version: string;\n type: \"direct\" | \"indirect\";\n }>;\n\n for (const affected of cveDetails.affectedPackages) {\n if (!affected || typeof affected !== \"object\") continue;\n if (!affected.name || !affected.vulnerableRange) continue;\n if (affected.ecosystem !== \"npm\") continue;\n const matches = installedPackages.filter((p) => p.name === affected.name);\n for (const installed of matches) {\n if (!semver.valid(installed.version)) continue;\n let isVulnerable = false;\n try {\n isVulnerable = semver.satisfies(installed.version, affected.vulnerableRange, {\n includePrerelease: false,\n });\n } catch {\n continue;\n }\n if (isVulnerable) {\n vulnerablePackages.push({ installed, affected });\n }\n }\n }\n agentSteps += 1;\n\n for (const vulnerable of vulnerablePackages) {\n const pkg = vulnerable.installed;\n const firstPatchedVersion = vulnerable.affected.firstPatchedVersion;\n\n if (pkg.type === \"indirect\") {\n collectedResults.push({\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n message: `\"${pkg.name}\" is an indirect dependency; automatic version bump is limited to direct dependencies in local mode.`,\n });\n continue;\n }\n\n if (!firstPatchedVersion) {\n collectedResults.push({\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n message: `No firstPatchedVersion available for ${pkg.name}; cannot resolve deterministic upgrade in local mode.`,\n });\n continue;\n }\n\n const safeVersion = await findSafeUpgradeVersion(\n pkg.name,\n pkg.version,\n firstPatchedVersion,\n vulnerable.affected.vulnerableRange\n );\n agentSteps += 1;\n\n if (!safeVersion) {\n collectedResults.push({\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n message: `No safe upgrade version found for ${pkg.name}.`,\n });\n continue;\n }\n\n const applyResult = (await (applyVersionBumpTool as any).execute({\n cwd,\n packageManager,\n packageName: pkg.name,\n fromVersion: pkg.version,\n toVersion: safeVersion,\n dryRun,\n policyPath,\n skipTests,\n })) as PatchResult;\n agentSteps += 1;\n\n collectedResults.push(applyResult);\n }\n\n const appliedCount = collectedResults.filter((r) => r.applied).length;\n const unresolvedCount = collectedResults.filter((r) => !r.applied && !r.dryRun).length;\n const dryRunCount = collectedResults.filter((r) => r.dryRun).length;\n\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode completed: vulnerable=${vulnerablePackages.length}, applied=${appliedCount}, dryRun=${dryRunCount}, unresolved=${unresolvedCount}`,\n };\n}\n\ninterface PromptContext {\n cveId: string;\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n skipTests: boolean;\n policyPath: string;\n patchesDir: string;\n}\n\nfunction loadOrchestrationPrompt(ctx: PromptContext): string {\n const promptPath = join(process.cwd(), \".github\", \"instructions\", \"orchestration.instructions.md\");\n\n if (!existsSync(promptPath)) {\n return `You are autoremediator, an agentic security remediation system for Node.js package dependencies.\nWorking directory: ${ctx.cwd}\n Package manager: ${ctx.packageManager}\nDry run: ${ctx.dryRun}\nSkip tests: ${ctx.skipTests}\nPolicy path: ${ctx.policyPath || \"undefined\"}\nPatches dir: ${ctx.patchesDir}\n\nRequired sequence:\n1. lookup-cve\n2. check-inventory\n3. check-version-match\n4. find-fixed-version\n5. apply-version-bump\n\nFallback sequence (when strategy=\"none\"):\n1. fetch-package-source\n2. generate-patch\n3. apply-patch-file\n\nAlways respect dryRun and policy constraints.`;\n }\n\n const template = readFileSync(promptPath, \"utf8\");\n return template\n .replaceAll(\"{{cveId}}\", ctx.cveId)\n .replaceAll(\"{{cwd}}\", ctx.cwd)\n .replaceAll(\"{{packageManager}}\", ctx.packageManager)\n .replaceAll(\"{{dryRun}}\", String(ctx.dryRun))\n .replaceAll(\"{{skipTests}}\", String(ctx.skipTests))\n .replaceAll(\"{{policyPath}}\", ctx.policyPath || \"undefined\")\n .replaceAll(\"{{patchesDir}}\", ctx.patchesDir);\n}\n","import type { LanguageModelV1 } from \"ai\";\nimport type { RemediateOptions } from \"./types.js\";\n\nexport type SupportedProvider = \"openai\" | \"anthropic\" | \"local\";\n\n/**\n * Reads configuration from environment variables with option overrides.\n * Does NOT import provider packages — those are dynamically imported so\n * that missing optional peer deps don't blow up at startup.\n */\nexport function resolveProvider(options: RemediateOptions = {}): SupportedProvider {\n const raw =\n options.llmProvider ??\n process.env.AUTOREMEDIATOR_LLM_PROVIDER ??\n \"openai\";\n\n if (raw !== \"openai\" && raw !== \"anthropic\" && raw !== \"local\") {\n throw new Error(\n `Unsupported LLM provider \"${raw}\". Set AUTOREMEDIATOR_LLM_PROVIDER to \"openai\", \"anthropic\", or \"local\".`\n );\n }\n return raw as SupportedProvider;\n}\n\nexport function resolveModelName(\n provider: SupportedProvider,\n options: RemediateOptions = {}\n): string {\n if (options.model) return options.model;\n if (process.env.AUTOREMEDIATOR_MODEL) return process.env.AUTOREMEDIATOR_MODEL;\n\n const defaults: Record<SupportedProvider, string> = {\n openai: \"gpt-4o\",\n anthropic: \"claude-sonnet-4-5\",\n local: \"local\",\n };\n return defaults[provider];\n}\n\n/** Dynamically instantiates the LLM model at runtime. */\nexport async function createModel(options: RemediateOptions = {}): Promise<LanguageModelV1> {\n const provider = resolveProvider(options);\n\n if (provider === \"local\") {\n throw new Error(\n \"Local provider does not create a language model. Use the deterministic pipeline path instead.\"\n );\n }\n\n const modelName = resolveModelName(provider, options);\n\n if (provider === \"openai\") {\n const apiKey = process.env.OPENAI_API_KEY;\n if (!apiKey) {\n throw new Error(\n \"OPENAI_API_KEY environment variable is required when using the openai provider.\"\n );\n }\n const { createOpenAI } = await import(\"@ai-sdk/openai\");\n const openai = createOpenAI({ apiKey });\n return openai(modelName) as LanguageModelV1;\n }\n\n if (provider === \"anthropic\") {\n const apiKey = process.env.ANTHROPIC_API_KEY;\n if (!apiKey) {\n throw new Error(\n \"ANTHROPIC_API_KEY environment variable is required when using the anthropic provider.\"\n );\n }\n const { createAnthropic } = await import(\"@ai-sdk/anthropic\");\n const anthropic = createAnthropic({ apiKey });\n return anthropic(modelName) as LanguageModelV1;\n }\n\n throw new Error(`Unhandled provider: ${provider}`);\n}\n\nexport interface NvdConfig {\n apiKey?: string;\n}\n\nexport function getNvdConfig(): NvdConfig {\n return {\n apiKey: process.env.AUTOREMEDIATOR_NVD_API_KEY,\n };\n}\n\nexport function getGitHubToken(): string | undefined {\n return process.env.GITHUB_TOKEN;\n}\n","import { existsSync } from \"node:fs\";\nimport { join } from \"node:path\";\n\nexport type PackageManager = \"npm\" | \"pnpm\" | \"yarn\";\n\nexport interface PackageManagerCommands {\n install: string[];\n installPreferOffline: string[];\n installDev: (pkg: string) => string[];\n test: string[];\n list: string[];\n lockfileName: string;\n}\n\nexport function detectPackageManager(cwd: string): PackageManager {\n if (existsSync(join(cwd, \"pnpm-lock.yaml\"))) return \"pnpm\";\n if (existsSync(join(cwd, \"yarn.lock\"))) return \"yarn\";\n return \"npm\";\n}\n\nexport function getPackageManagerCommands(pm: PackageManager): PackageManagerCommands {\n if (pm === \"pnpm\") {\n return {\n install: [\"pnpm\", \"install\"],\n installPreferOffline: [\"pnpm\", \"install\", \"--prefer-offline\"],\n installDev: (pkg: string) => [\"pnpm\", \"add\", \"-D\", pkg],\n test: [\"pnpm\", \"test\"],\n list: [\"pnpm\", \"list\", \"--json\", \"--depth\", \"99\"],\n lockfileName: \"pnpm-lock.yaml\",\n };\n }\n\n if (pm === \"yarn\") {\n return {\n install: [\"yarn\", \"install\"],\n installPreferOffline: [\"yarn\", \"install\"],\n installDev: (pkg: string) => [\"yarn\", \"add\", \"--dev\", pkg],\n test: [\"yarn\", \"test\"],\n list: [\"yarn\", \"list\", \"--json\"],\n lockfileName: \"yarn.lock\",\n };\n }\n\n return {\n install: [\"npm\", \"install\"],\n installPreferOffline: [\"npm\", \"install\", \"--prefer-offline\"],\n installDev: (pkg: string) => [\"npm\", \"install\", \"--save-dev\", pkg],\n test: [\"npm\", \"test\"],\n list: [\"npm\", \"list\", \"--json\", \"--all\"],\n lockfileName: \"package-lock.json\",\n };\n}\n\nexport function parseListOutput(pm: PackageManager, stdout: string): Map<string, string> {\n const versions = new Map<string, string>();\n\n if (!stdout.trim()) return versions;\n\n if (pm === \"yarn\") {\n const lines = stdout\n .split(\"\\n\")\n .map((l) => l.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n try {\n const obj = JSON.parse(line) as { type?: string; data?: { trees?: Array<{ name?: string }> } };\n if (obj.type !== \"tree\") continue;\n\n for (const tree of obj.data?.trees ?? []) {\n const raw = tree.name ?? \"\";\n const at = raw.lastIndexOf(\"@\");\n if (at <= 0) continue;\n const name = raw.slice(0, at);\n const version = raw.slice(at + 1);\n if (name && version) {\n versions.set(name, version);\n }\n }\n } catch {\n // Ignore non-json lines from yarn output.\n }\n }\n return versions;\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(stdout);\n } catch {\n return versions;\n }\n\n const root = Array.isArray(parsed) ? parsed[0] : parsed;\n\n type DependencyTree = {\n version?: string;\n dependencies?: Record<string, DependencyTree>;\n };\n\n function collectDependencies(tree?: Record<string, DependencyTree>): void {\n if (!tree) return;\n\n for (const [name, entry] of Object.entries(tree)) {\n if (!entry || typeof entry !== \"object\") continue;\n const version = entry.version;\n if (typeof version === \"string\" && version) {\n versions.set(name, version);\n }\n collectDependencies(entry.dependencies);\n }\n }\n\n collectDependencies((root as { dependencies?: Record<string, DependencyTree> } | undefined)?.dependencies);\n\n return versions;\n}","/**\n * Tool: lookup-cve\n *\n * Fetches CVE details from OSV (primary) and GitHub Advisory (secondary),\n * merges them, and optionally enriches with NVD CVSS scores.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { lookupCveOsv } from \"../../intelligence/sources/osv.js\";\nimport { lookupCveGitHub, mergeGhDataIntoCveDetails } from \"../../intelligence/sources/github-advisory.js\";\nimport { enrichWithNvd } from \"../../intelligence/sources/nvd.js\";\nimport type { CveDetails } from \"../../platform/types.js\";\n\nexport const lookupCveTool = tool({\n description:\n \"Look up a CVE ID and return the list of affected npm packages, their vulnerable version ranges, and the first patched version. Always call this first.\",\n parameters: z.object({\n cveId: z\n .string()\n .regex(/^CVE-\\d{4}-\\d+$/i, \"Must be a valid CVE ID like CVE-2021-23337\"),\n }),\n execute: async ({ cveId }): Promise<{ success: boolean; data?: CveDetails; error?: string }> => {\n const normalizedId = cveId.toUpperCase();\n\n // Fan out to OSV + GitHub Advisory in parallel\n const [osvDetails, ghPackages] = await Promise.all([\n lookupCveOsv(normalizedId),\n lookupCveGitHub(normalizedId),\n ]);\n\n if (!osvDetails && ghPackages.length === 0) {\n return {\n success: false,\n error: `CVE \"${normalizedId}\" was not found in OSV or GitHub Advisory databases. It may be too new, or not affect npm packages.`,\n };\n }\n\n // Start from OSV result or construct a minimal shell from GH data\n let details: CveDetails = osvDetails ?? {\n id: normalizedId,\n summary: \"Details sourced from GitHub Advisory Database.\",\n severity: \"UNKNOWN\",\n references: [],\n affectedPackages: [],\n };\n\n // Merge GitHub Advisory data (adds firstPatchedVersion, fills gaps)\n if (ghPackages.length > 0) {\n details = mergeGhDataIntoCveDetails(details, ghPackages);\n }\n\n // Enrich with NVD CVSS score (non-fatal)\n details = await enrichWithNvd(details);\n\n if (details.affectedPackages.length === 0) {\n return {\n success: false,\n error: `CVE \"${normalizedId}\" was found but has no npm-specific affected packages listed. It may affect a different ecosystem.`,\n };\n }\n\n return { success: true, data: details };\n },\n});\n","/**\n * OSV API client (https://osv.dev)\n *\n * Used as the primary source for CVE → affected npm package mapping.\n * No auth required. SEMVER event ranges are machine-readable.\n */\nimport type { AffectedPackage, CveDetails } from \"../../platform/types.js\";\n\nconst OSV_BASE = \"https://api.osv.dev/v1\";\n\n// ---------------------------------------------------------------------------\n// Raw OSV response types\n// ---------------------------------------------------------------------------\n\ninterface OsvSemverEvent {\n introduced?: string;\n fixed?: string;\n last_affected?: string;\n limit?: string;\n}\n\ninterface OsvRange {\n type: \"SEMVER\" | \"GIT\" | \"ECOSYSTEM\";\n events: OsvSemverEvent[];\n repo?: string;\n}\n\ninterface OsvAffected {\n package: {\n name: string;\n ecosystem: string;\n purl?: string;\n };\n ranges?: OsvRange[];\n versions?: string[];\n database_specific?: Record<string, unknown>;\n ecosystem_specific?: Record<string, unknown>;\n}\n\ninterface OsvVulnerability {\n id: string;\n aliases?: string[];\n summary?: string;\n details?: string;\n severity?: Array<{\n type: string;\n score: string;\n }>;\n affected?: OsvAffected[];\n references?: Array<{ type: string; url: string }>;\n schema_version?: string;\n modified?: string;\n published?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Fetch a vulnerability by CVE ID (or any OSV/GHSA ID).\n * Returns null if the CVE is not found in OSV.\n */\nexport async function fetchOsvVuln(cveId: string): Promise<OsvVulnerability | null> {\n const url = `${OSV_BASE}/vulns/${encodeURIComponent(cveId)}`;\n const res = await fetch(url, {\n headers: { Accept: \"application/json\" },\n });\n\n if (res.status === 404) return null;\n if (!res.ok) {\n throw new Error(`OSV API error ${res.status} for ${cveId}: ${await res.text()}`);\n }\n\n return res.json() as Promise<OsvVulnerability>;\n}\n\n/**\n * Convert an OSV SEMVER range event array to a semver range string.\n * OSV uses ordered [introduced, fixed) events.\n * e.g. [{ introduced: \"0\" }, { fixed: \"4.17.21\" }] → \">=0.0.0 <4.17.21\"\n */\nfunction osvEventsToSemverRange(events: OsvSemverEvent[]): string {\n const parts: string[] = [];\n\n for (const event of events) {\n if (event.introduced !== undefined) {\n const v = event.introduced === \"0\" ? \"0.0.0\" : event.introduced;\n parts.push(`>=${v}`);\n }\n if (event.fixed !== undefined) {\n parts.push(`<${event.fixed}`);\n }\n if (event.last_affected !== undefined) {\n parts.push(`<=${event.last_affected}`);\n }\n }\n\n return parts.join(\" \") || \">=0.0.0\";\n}\n\n/**\n * Parse an OSV vulnerability into autoremediator's CveDetails shape,\n * filtering affected entries to npm ecosystem only.\n */\nexport function parseOsvVuln(vuln: OsvVulnerability): CveDetails {\n const npmAffected: AffectedPackage[] = [];\n\n for (const affected of vuln.affected ?? []) {\n const ecosystem = affected.package?.ecosystem;\n const packageName = affected.package?.name;\n if (!ecosystem || typeof ecosystem !== \"string\") continue;\n if (!packageName || typeof packageName !== \"string\") continue;\n if (ecosystem.toLowerCase() !== \"npm\") continue;\n\n // Find the best SEMVER range\n const semverRange = affected.ranges?.find((r) => r.type === \"SEMVER\");\n const vulnerableRange = semverRange\n ? osvEventsToSemverRange(semverRange.events)\n : \">=0.0.0\";\n\n // Derive firstPatchedVersion from the \"fixed\" event\n const fixedEvent = semverRange?.events.find((e) => e.fixed !== undefined);\n\n npmAffected.push({\n name: packageName,\n ecosystem: \"npm\",\n vulnerableRange,\n firstPatchedVersion: fixedEvent?.fixed,\n source: \"osv\",\n });\n }\n\n // Best-effort severity from CVSS score string (e.g. \"CVSS:3.1/.../7.5\")\n const severity = deriveSeverity(vuln.severity);\n\n return {\n id: vuln.id,\n summary: vuln.summary ?? vuln.details ?? \"No summary available.\",\n severity,\n references: vuln.references?.map((r) => r.url) ?? [],\n affectedPackages: npmAffected,\n };\n}\n\nfunction deriveSeverity(\n severityEntries?: OsvVulnerability[\"severity\"]\n): CveDetails[\"severity\"] {\n if (!severityEntries?.length) return \"UNKNOWN\";\n\n // Prefer CVSS_V3 type\n const cvssEntry =\n severityEntries.find((s) => s.type === \"CVSS_V3\") ?? severityEntries[0];\n\n // Extract base score from vector string, e.g. \"CVSS:3.1/AV:N/AC:L/.../7.5/...\"\n const scoreMatch = cvssEntry.score.match(/(\\d+\\.\\d+)$/);\n if (scoreMatch) {\n const score = parseFloat(scoreMatch[1]);\n if (score >= 9.0) return \"CRITICAL\";\n if (score >= 7.0) return \"HIGH\";\n if (score >= 4.0) return \"MEDIUM\";\n return \"LOW\";\n }\n\n return \"UNKNOWN\";\n}\n\n/** High-level convenience: fetch + parse */\nexport async function lookupCveOsv(cveId: string): Promise<CveDetails | null> {\n const vuln = await fetchOsvVuln(cveId);\n if (!vuln) return null;\n return parseOsvVuln(vuln);\n}\n","/**\n * GitHub Advisory Database API client\n *\n * Used as a secondary source to enrich CVE data with `first_patched_version`.\n * Unauthenticated access works; set GITHUB_TOKEN env var for higher rate limits.\n */\nimport type { AffectedPackage, CveDetails } from \"../../platform/types.js\";\nimport { getGitHubToken } from \"../../platform/config.js\";\n\nconst GH_ADVISORY_BASE = \"https://api.github.com/advisories\";\n\n// ---------------------------------------------------------------------------\n// Raw GitHub Advisory response types\n// ---------------------------------------------------------------------------\n\ninterface GhVulnerability {\n package: {\n ecosystem: string;\n name: string;\n };\n vulnerable_version_range: string | null;\n first_patched_version: string | null;\n}\n\ninterface GhAdvisory {\n ghsa_id: string;\n cve_id: string | null;\n summary: string;\n severity: \"low\" | \"medium\" | \"high\" | \"critical\" | \"unknown\";\n vulnerabilities: GhVulnerability[];\n cvss?: { score: number; vector_string: string };\n references: Array<{ url: string }>;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\nfunction buildHeaders(): Record<string, string> {\n const headers: Record<string, string> = {\n Accept: \"application/vnd.github+json\",\n \"X-GitHub-Api-Version\": \"2022-11-28\",\n };\n const token = getGitHubToken();\n if (token) {\n headers.Authorization = `Bearer ${token}`;\n }\n return headers;\n}\n\n/**\n * Fetch GitHub advisories for a given CVE ID filtered to npm ecosystem.\n * Returns an empty array if none found.\n */\nexport async function fetchGhAdvisories(cveId: string): Promise<GhAdvisory[]> {\n const url = new URL(GH_ADVISORY_BASE);\n url.searchParams.set(\"cve_id\", cveId);\n url.searchParams.set(\"ecosystem\", \"npm\");\n url.searchParams.set(\"type\", \"reviewed\");\n url.searchParams.set(\"per_page\", \"10\");\n\n const res = await fetch(url.toString(), { headers: buildHeaders() });\n\n if (res.status === 404) return [];\n if (!res.ok) {\n // Non-fatal: log and return empty so OSV can still succeed\n console.warn(\n `[autoremediator] GitHub Advisory API returned ${res.status} for ${cveId} — skipping.`\n );\n return [];\n }\n\n return res.json() as Promise<GhAdvisory[]>;\n}\n\n/**\n * Parse GitHub advisories into AffectedPackage entries.\n * Deduplication against OSV results is handled in lookup-cve.ts.\n */\nexport function parseGhAdvisories(advisories: GhAdvisory[]): AffectedPackage[] {\n const packages: AffectedPackage[] = [];\n\n for (const advisory of advisories) {\n for (const vuln of advisory.vulnerabilities) {\n if (vuln.package.ecosystem.toLowerCase() !== \"npm\") continue;\n\n packages.push({\n name: vuln.package.name,\n ecosystem: \"npm\",\n vulnerableRange: vuln.vulnerable_version_range ?? \">=0.0.0\",\n firstPatchedVersion: vuln.first_patched_version ?? undefined,\n source: \"github-advisory\",\n });\n }\n }\n\n return packages;\n}\n\n/**\n * Merge data from GitHub advisory into a CveDetails object built from OSV.\n * Fills in `firstPatchedVersion` where OSV didn't have it, and enriches CVSS.\n */\nexport function mergeGhDataIntoCveDetails(\n details: CveDetails,\n ghPackages: AffectedPackage[]\n): CveDetails {\n const enriched = { ...details };\n\n for (const ghPkg of ghPackages) {\n const existing = enriched.affectedPackages.find(\n (p) => p.name === ghPkg.name\n );\n\n if (existing) {\n // Backfill firstPatchedVersion if OSV didn't have it\n if (!existing.firstPatchedVersion && ghPkg.firstPatchedVersion) {\n existing.firstPatchedVersion = ghPkg.firstPatchedVersion;\n }\n } else {\n // Package only known via GitHub Advisory (not yet in OSV)\n enriched.affectedPackages.push(ghPkg);\n }\n }\n\n return enriched;\n}\n\n/** High-level convenience: fetch + parse, returns enrichment packages */\nexport async function lookupCveGitHub(cveId: string): Promise<AffectedPackage[]> {\n const advisories = await fetchGhAdvisories(cveId);\n return parseGhAdvisories(advisories);\n}\n","/**\n * NVD (National Vulnerability Database) API v2 client\n *\n * Used ONLY for fetching authoritative CVSS scores and severity.\n * NVD CPE data is too inconsistent for npm package discovery — use OSV for that.\n *\n * Rate limits: 5 req/30s without key, 50 req/30s with AUTOREMEDIATOR_NVD_API_KEY\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getNvdConfig } from \"../../platform/config.js\";\n\nconst NVD_BASE = \"https://services.nvd.nist.gov/rest/json/cves/2.0\";\n\ninterface NvdCvssMetric {\n cvssData: {\n baseScore: number;\n baseSeverity: string;\n vectorString: string;\n };\n}\n\ninterface NvdVulnerability {\n cve: {\n id: string;\n metrics?: {\n cvssMetricV31?: NvdCvssMetric[];\n cvssMetricV30?: NvdCvssMetric[];\n cvssMetricV2?: NvdCvssMetric[];\n };\n references?: Array<{ url: string; tags?: string[] }>;\n };\n}\n\ninterface NvdResponse {\n vulnerabilities?: NvdVulnerability[];\n totalResults?: number;\n}\n\nfunction buildNvdHeaders(): Record<string, string> {\n const { apiKey } = getNvdConfig();\n const headers: Record<string, string> = { Accept: \"application/json\" };\n if (apiKey) {\n headers.apiKey = apiKey;\n }\n return headers;\n}\n\n/**\n * Fetch CVSS score for a CVE from NVD.\n * Returns undefined if NVD doesn't have data or the request fails.\n * Non-fatal — callers should handle undefined gracefully.\n */\nexport async function fetchNvdCvss(\n cveId: string\n): Promise<{ score: number; severity: CveDetails[\"severity\"] } | undefined> {\n const url = `${NVD_BASE}?cveId=${encodeURIComponent(cveId)}`;\n\n try {\n const res = await fetch(url, { headers: buildNvdHeaders() });\n if (!res.ok) return undefined;\n\n const data = (await res.json()) as NvdResponse;\n const vuln = data.vulnerabilities?.[0];\n if (!vuln) return undefined;\n\n const metrics = vuln.cve.metrics;\n const metric =\n metrics?.cvssMetricV31?.[0] ??\n metrics?.cvssMetricV30?.[0] ??\n metrics?.cvssMetricV2?.[0];\n\n if (!metric) return undefined;\n\n const score = metric.cvssData.baseScore;\n const rawSeverity = metric.cvssData.baseSeverity.toUpperCase();\n\n const severityMap: Record<string, CveDetails[\"severity\"]> = {\n CRITICAL: \"CRITICAL\",\n HIGH: \"HIGH\",\n MEDIUM: \"MEDIUM\",\n LOW: \"LOW\",\n };\n\n return {\n score,\n severity: severityMap[rawSeverity] ?? \"UNKNOWN\",\n };\n } catch {\n // NVD is non-critical; don't crash the pipeline on network failures\n return undefined;\n }\n}\n\n/**\n * Enrich an existing CveDetails with NVD CVSS data.\n * Mutates in place and returns the same object.\n */\nexport async function enrichWithNvd(details: CveDetails): Promise<CveDetails> {\n const cvss = await fetchNvdCvss(details.id);\n if (cvss) {\n details.cvssScore = cvss.score;\n if (details.severity === \"UNKNOWN\") {\n details.severity = cvss.severity;\n }\n }\n return details;\n}\n","/**\n * Tool: check-inventory\n *\n * Reads the consumer's package.json and installed dependency tree to produce\n * a flat list of installed packages and their resolved versions.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport type { InventoryPackage } from \"../../platform/types.js\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n parseListOutput,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\n\ninterface PackageJson {\n dependencies?: Record<string, string>;\n devDependencies?: Record<string, string>;\n peerDependencies?: Record<string, string>;\n}\n\nexport const checkInventoryTool = tool({\n description:\n \"Read the project's package.json and installed dependencies to list packages and exact versions. Must be called before checking version matches.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project's root directory\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n }),\n execute: async ({ cwd, packageManager }): Promise<{ packages: InventoryPackage[]; error?: string }> => {\n let pkgJson: PackageJson;\n\n try {\n pkgJson = JSON.parse(readFileSync(join(cwd, \"package.json\"), \"utf8\")) as PackageJson;\n } catch {\n return {\n packages: [],\n error: `Could not read package.json in \"${cwd}\". Is this a Node.js project?`,\n };\n }\n\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const commands = getPackageManagerCommands(pm);\n let installedVersions = new Map<string, string>();\n\n try {\n const [cmd, ...args] = commands.list;\n const listResult = await execa(cmd, args, {\n cwd,\n stdio: \"pipe\",\n reject: false,\n });\n installedVersions = parseListOutput(pm, listResult.stdout || \"\");\n } catch {\n // Fallback to package.json-only view when list command fails.\n }\n\n const packages: InventoryPackage[] = [];\n\n for (const [name, version] of installedVersions.entries()) {\n const isDirect =\n Boolean(pkgJson.dependencies?.[name]) ||\n Boolean(pkgJson.devDependencies?.[name]) ||\n Boolean(pkgJson.peerDependencies?.[name]);\n\n packages.push({\n name,\n version,\n type: isDirect ? \"direct\" : \"indirect\",\n });\n }\n\n if (packages.length === 0) {\n // Fallback: only direct deps from package.json (best-effort versions)\n const allDeps = {\n ...pkgJson.dependencies,\n ...pkgJson.devDependencies,\n };\n for (const [name, version] of Object.entries(allDeps)) {\n const cleaned = version.replace(/^[\\^~>=<]+/, \"\").trim();\n packages.push({ name, version: cleaned, type: \"direct\" });\n }\n }\n\n return { packages };\n },\n});\n","/**\n * Tool: check-version-match\n *\n * Cross-references inventory packages against CVE-affected package ranges\n * to find which installed packages are actually vulnerable.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport semver from \"semver\";\nimport type { AffectedPackage, InventoryPackage, VulnerablePackage } from \"../../platform/types.js\";\n\nconst affectedPackageSchema = z.object({\n name: z.string(),\n ecosystem: z.literal(\"npm\"),\n vulnerableRange: z.string(),\n firstPatchedVersion: z.string().optional(),\n source: z.enum([\"osv\", \"github-advisory\"]),\n});\n\nconst inventoryPackageSchema = z.object({\n name: z.string(),\n version: z.string(),\n type: z.enum([\"direct\", \"indirect\"]),\n});\n\nexport const checkVersionMatchTool = tool({\n description:\n \"Check which of the project's installed packages fall within the CVE's vulnerable version ranges. Returns only the packages that are actually vulnerable.\",\n parameters: z.object({\n installedPackages: z\n .array(inventoryPackageSchema)\n .describe(\"Output from the check-inventory tool\"),\n affectedPackages: z\n .array(affectedPackageSchema)\n .describe(\"affectedPackages array from the lookup-cve tool result\"),\n }),\n execute: async ({ installedPackages, affectedPackages }): Promise<{\n vulnerablePackages: VulnerablePackage[];\n checkedCount: number;\n }> => {\n const vulnerable: VulnerablePackage[] = [];\n\n for (const affected of affectedPackages as AffectedPackage[]) {\n // Find all installed packages with matching name\n const matches = (installedPackages as InventoryPackage[]).filter(\n (p) => p.name === affected.name\n );\n\n for (const installed of matches) {\n // Validate the installed version is parseable\n if (!semver.valid(installed.version)) continue;\n\n let isVulnerable = false;\n try {\n isVulnerable = semver.satisfies(installed.version, affected.vulnerableRange, {\n includePrerelease: false,\n });\n } catch {\n // Malformed range — skip rather than crash\n continue;\n }\n\n if (isVulnerable) {\n vulnerable.push({ installed, affected });\n }\n }\n }\n\n return {\n vulnerablePackages: vulnerable,\n checkedCount: installedPackages.length,\n };\n },\n});\n","/**\n * Tool: find-fixed-version\n *\n * Queries the npm registry to find the best safe upgrade version\n * for a vulnerable package.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { findSafeUpgradeVersion } from \"../../intelligence/sources/registry.js\";\n\nexport const findFixedVersionTool = tool({\n description:\n \"Query the npm registry to find the lowest published version of a package that is >= the first patched version. Prefer same-major upgrades. Returns undefined if no safe version exists.\",\n parameters: z.object({\n packageName: z.string().describe(\"The npm package name\"),\n installedVersion: z.string().describe(\"The currently installed version (exact semver)\"),\n firstPatchedVersion: z\n .string()\n .describe(\n \"The first version that is NOT vulnerable (from lookup-cve). Use this as the floor.\"\n ),\n vulnerableRange: z\n .string()\n .optional()\n .describe(\"Optional vulnerable semver range used to exclude still-vulnerable versions\"),\n }),\n execute: async ({\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange,\n }): Promise<{\n safeVersion?: string;\n isMajorBump: boolean;\n message: string;\n }> => {\n const safeVersion = await findSafeUpgradeVersion(\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange\n );\n\n if (!safeVersion) {\n return {\n isMajorBump: false,\n message: `No safe upgrade version found for \"${packageName}\". The patch-file path will be needed.`,\n };\n }\n\n const installedMajor = parseInt(installedVersion.split(\".\")[0] ?? \"0\", 10);\n const safeMajor = parseInt(safeVersion.split(\".\")[0] ?? \"0\", 10);\n const isMajorBump = safeMajor > installedMajor;\n\n return {\n safeVersion,\n isMajorBump,\n message: isMajorBump\n ? `Found safe version ${safeVersion} for \"${packageName}\", but it is a major bump from ${installedVersion}. Applying anyway — consumer should review for breaking changes.`\n : `Found safe version ${safeVersion} for \"${packageName}\" (from ${installedVersion}).`,\n };\n },\n});\n","/**\n * npm registry API client\n *\n * Used to:\n * - Fetch the full list of published versions for a package\n * - Find the lowest semver-compatible safe upgrade from `firstPatchedVersion`\n * - Download tarballs for patch generation (fallback path)\n */\nimport semver from \"semver\";\n\nconst NPM_REGISTRY = \"https://registry.npmjs.org\";\n\n// ---------------------------------------------------------------------------\n// Raw registry types (abbreviated)\n// ---------------------------------------------------------------------------\n\ninterface NpmPackument {\n name: string;\n versions: Record<string, { version: string; dist: { tarball: string } }>;\n \"dist-tags\": Record<string, string>;\n time: Record<string, string>;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Fetch all published versions for an npm package.\n * Returns an empty array if the package is not found.\n */\nexport async function fetchPackageVersions(packageName: string): Promise<string[]> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}`;\n const res = await fetch(url, {\n headers: { Accept: \"application/json\" },\n });\n\n if (res.status === 404) return [];\n if (!res.ok) {\n throw new Error(\n `npm registry error ${res.status} for \"${packageName}\": ${await res.text()}`\n );\n }\n\n const data = (await res.json()) as NpmPackument;\n return Object.keys(data.versions);\n}\n\n/**\n * Find the lowest published version that satisfies `>= firstPatchedVersion`\n * and is semver-compatible with the currently installed version (same major,\n * unless there is no same-major option).\n *\n * Strategy:\n * 1. Try same-major, lowest version >= firstPatchedVersion\n * 2. Fallback: any published version >= firstPatchedVersion (lowest)\n * 3. Returns undefined if nothing found\n */\nexport async function findSafeUpgradeVersion(\n packageName: string,\n installedVersion: string,\n firstPatchedVersion: string,\n vulnerableRange?: string\n): Promise<string | undefined> {\n const versions = await fetchPackageVersions(packageName);\n if (!versions.length) return undefined;\n\n const installedMajor = semver.major(installedVersion);\n\n // All versions >= firstPatchedVersion, sorted ascending\n const candidates = versions\n .filter((v) => semver.valid(v) && semver.gte(v, firstPatchedVersion))\n .filter((v) => {\n if (!vulnerableRange) return true;\n try {\n return !semver.satisfies(v, vulnerableRange, { includePrerelease: false });\n } catch {\n // If vulnerable range cannot be parsed, avoid filtering out candidates.\n return true;\n }\n })\n .sort(semver.compare);\n\n if (!candidates.length) return undefined;\n\n // Prefer same-major bump (semver-compatible)\n const sameMajor = candidates.find(\n (v) => semver.major(v) === installedMajor\n );\n if (sameMajor) return sameMajor;\n\n // Fallback: next-lowest available — caller should warn about major bump\n return candidates[0];\n}\n\n/**\n * Get the tarball URL for a specific package version.\n * Used by the patch generation fallback path.\n */\nexport async function getTarballUrl(\n packageName: string,\n version: string\n): Promise<string | undefined> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}/${encodeURIComponent(version)}`;\n const res = await fetch(url, {\n headers: { Accept: \"application/json\" },\n });\n\n if (!res.ok) return undefined;\n\n const data = (await res.json()) as {\n dist?: { tarball?: string };\n };\n return data.dist?.tarball;\n}\n","/**\n * Tool: apply-version-bump\n *\n * Updates the consumer's package.json to the safe version and runs npm install.\n * Respects --dry-run: in dry-run mode it reports what would happen but writes nothing.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { join } from \"node:path\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { execa } from \"execa\";\nimport semver from \"semver\";\nimport type { PatchResult } from \"../../platform/types.js\";\nimport { isPackageAllowed, loadPolicy } from \"../../platform/policy.js\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\n\ninterface RawPackageJson {\n dependencies?: Record<string, string>;\n devDependencies?: Record<string, string>;\n peerDependencies?: Record<string, string>;\n [key: string]: unknown;\n}\n\ntype DepField = \"dependencies\" | \"devDependencies\" | \"peerDependencies\";\n\nexport const applyVersionBumpTool = tool({\n description:\n \"Update package.json to use the safe version of a vulnerable package and run the project's package manager install. In dry-run mode, only reports what would change.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project root\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n packageName: z.string().describe(\"The npm package to upgrade\"),\n fromVersion: z.string().describe(\"The currently installed vulnerable version\"),\n toVersion: z.string().describe(\"The safe target version to upgrade to\"),\n dryRun: z.boolean().default(false).describe(\"If true, report changes but do not write\"),\n policyPath: z\n .string()\n .optional()\n .describe(\"Optional path to .autoremediator policy file\"),\n skipTests: z\n .boolean()\n .default(true)\n .describe(\"If true, skip test validation after applying the fix\"),\n }),\n execute: async ({\n cwd,\n packageManager,\n packageName,\n fromVersion,\n toVersion,\n dryRun,\n policyPath,\n skipTests,\n }): Promise<PatchResult> => {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const commands = getPackageManagerCommands(pm);\n const pkgPath = join(cwd, \"package.json\");\n const policy = loadPolicy(cwd, policyPath);\n\n if (!isPackageAllowed(policy, packageName)) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n message: `Policy blocked changes for package \"${packageName}\".`,\n };\n }\n\n const isMajorBump =\n semver.valid(fromVersion) &&\n semver.valid(toVersion) &&\n semver.major(toVersion) > semver.major(fromVersion);\n\n if (isMajorBump && !policy.allowMajorBumps) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n message: `Policy blocked major bump for \"${packageName}\" (${fromVersion} -> ${toVersion}).`,\n };\n }\n\n let pkgJson: RawPackageJson;\n try {\n pkgJson = JSON.parse(readFileSync(pkgPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n applied: false,\n dryRun,\n message: `Could not read package.json at \"${pkgPath}\".`,\n };\n }\n\n // Locate which dependency field this package lives in\n const depField = ([\"dependencies\", \"devDependencies\", \"peerDependencies\"] as DepField[]).find(\n (f) => pkgJson[f]?.[packageName] !== undefined\n );\n\n if (!depField) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n applied: false,\n dryRun,\n message: `\"${packageName}\" was not found in package.json dependencies (it may be a transitive dep). Cannot auto-bump.`,\n };\n }\n\n const currentRange = pkgJson[depField]![packageName]!;\n\n // Preserve the range prefix (^, ~, empty) from the existing entry\n const prefixMatch = currentRange.match(/^([~^]?)/);\n const prefix = prefixMatch?.[1] ?? \"\";\n const newRange = `${prefix}${toVersion}`;\n\n if (dryRun) {\n const installCmd = commands.installPreferOffline.join(\" \");\n const testCmd = commands.test.join(\" \");\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would update ${depField}.${packageName}: \"${currentRange}\" → \"${newRange}\", then run ${installCmd}${skipTests ? \"\" : ` and ${testCmd}`}.`,\n };\n }\n\n // Write updated package.json\n pkgJson[depField]![packageName] = newRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n // Run package-manager install\n try {\n const [installCmd, ...installArgs] = commands.installPreferOffline;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n // Revert the package.json change on install failure\n pkgJson[depField]![packageName] = currentRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n message: `${commands.installPreferOffline.join(\" \")} failed after updating \"${packageName}\" to ${toVersion}. Reverted. Error: ${message}`,\n };\n }\n\n if (!skipTests) {\n try {\n const [testCmd, ...testArgs] = commands.test;\n await execa(testCmd, testArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n // Roll back both manifest and lock state by restoring dep range and reinstalling.\n pkgJson[depField]![packageName] = currentRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [rollbackCmd, ...rollbackArgs] = commands.installPreferOffline;\n await execa(rollbackCmd, rollbackArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch {\n // Ignore rollback install failure and return original test failure context.\n }\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n message: `${commands.test.join(\" \")} failed after upgrading \"${packageName}\" to ${toVersion}. Rolled back to ${currentRange}. Error: ${message}`,\n };\n }\n }\n\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: true,\n dryRun: false,\n message: `Successfully upgraded \"${packageName}\" from ${fromVersion} to ${toVersion}, ran ${commands.installPreferOffline.join(\" \")}${skipTests ? \"\" : `, and passed ${commands.test.join(\" \")}`}.`,\n };\n },\n});\n","import { existsSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\n\nexport interface AutoremediatorPolicy {\n allowMajorBumps: boolean;\n denyPackages: string[];\n allowPackages: string[];\n}\n\nexport const DEFAULT_POLICY: AutoremediatorPolicy = {\n allowMajorBumps: false,\n denyPackages: [],\n allowPackages: [],\n};\n\nexport function loadPolicy(cwd: string, explicitPath?: string): AutoremediatorPolicy {\n const candidate = explicitPath ?? join(cwd, \".autoremediator.json\");\n if (!existsSync(candidate)) return DEFAULT_POLICY;\n\n try {\n const parsed = JSON.parse(readFileSync(candidate, \"utf8\")) as Partial<AutoremediatorPolicy>;\n return {\n allowMajorBumps: parsed.allowMajorBumps ?? DEFAULT_POLICY.allowMajorBumps,\n denyPackages: parsed.denyPackages ?? DEFAULT_POLICY.denyPackages,\n allowPackages: parsed.allowPackages ?? DEFAULT_POLICY.allowPackages,\n };\n } catch {\n return DEFAULT_POLICY;\n }\n}\n\nexport function isPackageAllowed(policy: AutoremediatorPolicy, packageName: string): boolean {\n if (policy.denyPackages.includes(packageName)) return false;\n if (policy.allowPackages.length > 0 && !policy.allowPackages.includes(packageName)) {\n return false;\n }\n return true;\n}\n","/**\n * Tool: fetch-package-source\n *\n * Downloads a package tarball from npm registry and extracts source files for CVE analysis.\n * Uses Node.js fetch API to download and execa to extract tar archives.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { mkdir, readdir, readFile, rm } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\n\n/**\n * Interface for the tool's return value.\n */\ninterface FetchPackageSourceResult {\n success: boolean;\n sourceFiles?: Record<string, string>;\n packageDir?: string;\n error?: string;\n}\n\nexport const fetchPackageSourceTool = tool({\n description:\n \"Download package tarball from npm and extract source files for CVE analysis. Supports custom file patterns (default: *.js, *.ts).\",\n parameters: z.object({\n packageName: z\n .string()\n .min(1)\n .describe(\"The npm package name (e.g., 'lodash', '@scope/package')\"),\n version: z\n .string()\n .regex(/^\\d+\\.\\d+\\.\\d+/, \"Must be a valid semver version\")\n .describe(\"Exact package version to download\"),\n filePatterns: z\n .array(z.string())\n .optional()\n .default([\"*.js\", \"*.ts\"])\n .describe(\n \"File patterns to extract (glob patterns, default: *.js, *.ts)\"\n ),\n }),\n execute: async ({\n packageName,\n version,\n filePatterns,\n }): Promise<FetchPackageSourceResult> => {\n const tempBaseDir = `/tmp/autoremediator-pkg-${Date.now()}`;\n const extractDir = join(tempBaseDir, \"out\");\n\n try {\n // Step 1: Construct npm registry URL and download tarball\n const npmUrl = `https://registry.npmjs.org/${packageName}/-/${packageName.split(\"/\").pop()}-${version}.tgz`;\n\n // Create temp directory\n await mkdir(tempBaseDir, { recursive: true });\n\n // Download tarball using curl (reliable method)\n const tarballPath = join(tempBaseDir, \"package.tgz\");\n await execa(\"curl\", [\"-L\", \"-o\", tarballPath, npmUrl]);\n\n // Step 2: Extract tar.gz\n await mkdir(extractDir, { recursive: true });\n await execa(\"tar\", [\"-xzf\", tarballPath, \"-C\", extractDir]);\n\n // Step 3: Discover package root (tar extracts to 'package/' subdirectory)\n const extractedContents = await readdir(extractDir);\n const packageRootDir = extractedContents.includes(\"package\")\n ? join(extractDir, \"package\")\n : extractDir;\n\n // Step 4: Recursively find and read matching source files\n const sourceCode: Record<string, string> = {};\n\n async function walkDir(dir: string, relativeBase: string): Promise<void> {\n try {\n const files = await readdir(dir, { withFileTypes: true });\n\n for (const file of files) {\n const fullPath = join(dir, file.name);\n const relPath = join(relativeBase, file.name);\n\n if (file.isDirectory()) {\n // Skip common non-source directories\n if (\n ![\n \"node_modules\",\n \".git\",\n \"dist\",\n \"build\",\n \"coverage\",\n \".next\",\n \"out\",\n ]\n .includes(file.name)\n ) {\n await walkDir(fullPath, relPath);\n }\n } else if (file.isFile()) {\n // Check if file matches any pattern\n const matches = filePatterns!.some((pattern) => {\n const regex = new RegExp(\n `^${pattern.replace(/\\*/g, \".*\").replace(/\\./g, \"\\\\.\")}$`\n );\n return regex.test(file.name);\n });\n\n if (matches) {\n try {\n const content = await readFile(fullPath, \"utf8\");\n sourceCode[relPath] = content;\n } catch {\n // Skip files that can't be read as UTF-8\n }\n }\n }\n }\n } catch {\n // Skip directories that can't be read\n }\n }\n\n await walkDir(packageRootDir, \"\");\n\n if (Object.keys(sourceCode).length === 0) {\n return {\n success: false,\n error: `No source files matching patterns [${filePatterns!.join(\", \")}] found in ${packageName}@${version}. Download succeeded but extraction yielded no matching files.`,\n };\n }\n\n return {\n success: true,\n sourceFiles: sourceCode,\n packageDir: packageRootDir,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n\n // Check if it's a 404 from npm\n if (message.includes(\"404\") || message.includes(\"not found\")) {\n return {\n success: false,\n error: `Package ${packageName}@${version} not found on npm registry. It may not exist or the version may be incorrect.`,\n };\n }\n\n return {\n success: false,\n error: `Failed to fetch and extract package ${packageName}@${version}: ${message}`,\n };\n } finally {\n await rm(tempBaseDir, { recursive: true, force: true });\n }\n },\n});\n","/**\n * Tool: generate-patch\n *\n * Calls the LLM to analyze vulnerable source code and generate a unified diff patch.\n * Parses LLM response and validates patch format.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { generateText } from \"ai\";\nimport { createModel } from \"../../platform/config.js\";\n\n/**\n * Represents a single generated patch file.\n */\ninterface GeneratedPatch {\n filePath: string;\n unifiedDiff: string;\n}\n\n/**\n * Result from the patch generation tool.\n */\ninterface GeneratePatchResult {\n success: boolean;\n patches?: GeneratedPatch[];\n patchContent?: string;\n llmModel: string;\n confidence: number;\n riskLevel: \"low\" | \"medium\" | \"high\";\n error?: string;\n}\n\n/**\n * LLM analysis response schema.\n */\ninterface LlmAnalysis {\n analysis: string;\n fixedCode: Record<string, string>;\n confidence: number;\n riskLevel: \"low\" | \"medium\" | \"high\";\n}\n\n/**\n * Vulnerability category descriptions for the LLM.\n */\nconst VULNERABILITY_DESCRIPTIONS: Record<string, string> = {\n redos:\n \"Regular Expression Denial of Service (ReDoS): The vulnerability is caused by poorly constructed regular expressions that cause excessive backtracking when processing certain inputs. The fix should optimize the regex to avoid catastrophic backtracking or replace it with a safer alternative.\",\n \"code-injection\":\n \"Code Injection: The vulnerability allows injected code to be executed. The fix must properly sanitize/validate inputs and prevent dynamic code execution, or use safe alternatives like template literals with proper escaping.\",\n \"path-traversal\":\n \"Path Traversal: The vulnerability allows access to files outside intended directories through path traversal sequences (../, etc.). The fix must validate and normalize file paths, use path.resolve() and path.relative() checks.\",\n unknown:\n \"Unknown vulnerability type: Analyze the CVE summary carefully and implement the most appropriate fix for the security issue described.\",\n};\n\nexport const generatePatchTool = tool({\n description:\n \"Generate a unified diff patch for a CVE using LLM analysis of vulnerable source code.\",\n parameters: z.object({\n packageName: z.string().min(1).describe(\"The npm package name\"),\n vulnerableVersion: z\n .string()\n .describe(\"The vulnerable version string\"),\n cveId: z\n .string()\n .regex(/^CVE-\\d{4}-\\d+$/i)\n .describe(\"CVE ID (e.g., CVE-2021-23337)\"),\n cveSummary: z.string().min(10).describe(\"CVE description and impact\"),\n sourceFiles: z\n .record(z.string())\n .describe(\n \"Map of file paths to source code contents from fetch-package-source\"\n ),\n vulnerabilityCategory: z\n .enum([\"redos\", \"code-injection\", \"path-traversal\", \"unknown\"])\n .optional()\n .default(\"unknown\")\n .describe(\"Category of the vulnerability for better context\"),\n dryRun: z\n .boolean()\n .optional()\n .default(false)\n .describe(\"If true, return analysis without generating patches\"),\n }),\n execute: async ({\n packageName,\n vulnerableVersion,\n cveId,\n cveSummary,\n sourceFiles,\n vulnerabilityCategory,\n dryRun,\n }): Promise<GeneratePatchResult> => {\n try {\n const resolvedSourceFiles = sourceFiles;\n if (Object.keys(resolvedSourceFiles).length === 0) {\n return {\n success: false,\n llmModel: \"unknown\",\n confidence: 0,\n riskLevel: \"high\",\n error: \"No source files were provided. Call fetch-package-source first and pass sourceFiles.\",\n };\n }\n\n // Create LLM model\n const model = await createModel();\n const modelName = model.modelId || \"unknown-model\";\n\n // Build source files context\n const sourceContext = Object.entries(resolvedSourceFiles)\n .map(([filePath, content]) => `\\n### File: ${filePath}\\n\\`\\`\\`typescript\\n${content}\\n\\`\\`\\``)\n .join(\"\\n\");\n\n // Build the LLM prompt\n const vulnerabilityContext =\n VULNERABILITY_DESCRIPTIONS[vulnerabilityCategory] ||\n VULNERABILITY_DESCRIPTIONS.unknown;\n\n const prompt = `You are a security expert tasked with analyzing a CVE vulnerability and generating a secure patch.\n\n## CVE Information\n- CVE ID: ${cveId}\n- Package: ${packageName}@${vulnerableVersion}\n- Category: ${vulnerabilityCategory}\n\n## Vulnerability Summary\n${cveSummary}\n\n## Vulnerability Type Context\n${vulnerabilityContext}\n\n## Vulnerable Source Code\n${sourceContext}\n\n## Your Task\nAnalyze the source code to:\n1. Identify the exact code location causing the vulnerability\n2. Explain the root cause of the security issue\n3. Propose a secure fix that addresses the vulnerability\n4. Provide the complete fixed version of affected files\n\n## Response Format\nRespond ONLY with valid JSON (no markdown, no extra text):\n{\n \"analysis\": \"Detailed explanation of the vulnerability root cause and why it's a security issue\",\n \"fixedCode\": {\n \"path/to/file.js\": \"Complete fixed source code for this file\",\n \"path/to/other.ts\": \"Complete fixed source code for this file\"\n },\n \"confidence\": 0.95,\n \"riskLevel\": \"medium\"\n}\n\nImportant:\n- confidence: number between 0 and 1 indicating how confident you are in the fix\n- riskLevel: \"low\", \"medium\", or \"high\" - assess the risk of the proposed fix breaking functionality\n- fixedCode: must contain the COMPLETE file contents (not just diffs), with the vulnerability addressed\n- Only include files that need modification`;\n\n // Call LLM\n const { text } = await generateText({\n model,\n prompt,\n temperature: 0.3, // Lower temperature for more consistent code generation\n });\n\n // Parse LLM response\n let analysis: LlmAnalysis;\n try {\n // Extract JSON from response (in case LLM includes extra text)\n const jsonMatch = text.match(/\\{[\\s\\S]*\\}/);\n if (!jsonMatch) {\n throw new Error(\"No JSON found in LLM response\");\n }\n analysis = JSON.parse(jsonMatch[0]) as LlmAnalysis;\n } catch (err) {\n return {\n success: false,\n llmModel: modelName,\n confidence: 0,\n riskLevel: \"high\",\n error: `Failed to parse LLM response: ${err instanceof Error ? err.message : \"unknown error\"}`,\n };\n }\n\n // Validate analysis structure\n if (\n !analysis.analysis ||\n !analysis.fixedCode ||\n typeof analysis.confidence !== \"number\" ||\n ![\"low\", \"medium\", \"high\"].includes(analysis.riskLevel)\n ) {\n return {\n success: false,\n llmModel: modelName,\n confidence: 0,\n riskLevel: \"high\",\n error: \"LLM response missing required fields (analysis, fixedCode, confidence, riskLevel)\",\n };\n }\n\n if (dryRun) {\n return {\n success: true,\n llmModel: modelName,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n };\n }\n\n // Step 3: Generate unified diffs\n const patches: GeneratedPatch[] = [];\n\n for (const [filePath, fixedCode] of Object.entries(\n analysis.fixedCode\n )) {\n const sourceFile = resolvedSourceFiles[filePath];\n\n if (!sourceFile) {\n continue; // Skip files not in original source\n }\n\n // Generate unified diff\n const unifiedDiff = generateUnifiedDiff(\n sourceFile,\n fixedCode,\n filePath\n );\n\n if (unifiedDiff) {\n patches.push({\n filePath,\n unifiedDiff,\n });\n }\n }\n\n if (patches.length === 0) {\n return {\n success: false,\n llmModel: modelName,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n error: \"No valid patches could be generated from LLM response\",\n };\n }\n\n return {\n success: true,\n patches,\n patchContent: patches[0]?.unifiedDiff,\n llmModel: modelName,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n return {\n success: false,\n llmModel: \"unknown\",\n confidence: 0,\n riskLevel: \"high\",\n error: `Patch generation failed: ${message}`,\n };\n }\n },\n});\n\n/**\n * Generate a unified diff between two strings.\n * Returns a unified diff format or null if there are no differences.\n */\nfunction generateUnifiedDiff(\n original: string,\n fixed: string,\n filePath: string\n): string | null {\n if (original === fixed) {\n return null;\n }\n\n const originalLines = original.split(\"\\n\");\n const fixedLines = fixed.split(\"\\n\");\n\n // Simple unified diff generation\n // In a production system, use a library like 'diff' for more accurate diffs\n const diff: string[] = [];\n diff.push(`--- a/${filePath}`);\n diff.push(`+++ b/${filePath}`);\n diff.push(\"@@ -1,\" + originalLines.length + \" +1,\" + fixedLines.length + \" @@\");\n\n // Find longest common subsequence for better diff\n // For now, simple line-by-line comparison\n const maxLen = Math.max(originalLines.length, fixedLines.length);\n\n for (let i = 0; i < maxLen; i++) {\n const origLine = originalLines[i] || \"\";\n const fixedLine = fixedLines[i] || \"\";\n\n if (origLine !== fixedLine) {\n if (origLine) {\n diff.push(\"-\" + origLine);\n }\n if (fixedLine) {\n diff.push(\"+\" + fixedLine);\n }\n } else if (origLine) {\n diff.push(\" \" + origLine);\n }\n }\n\n return diff.join(\"\\n\");\n}\n","/**\n * Tool: apply-patch-file\n *\n * Writes generated patch files to disk and applies them using package-manager-aware\n * patch mechanisms (native pnpm/yarn when available, patch-package compatibility otherwise).\n * Optionally validates patches by running tests.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { existsSync } from \"node:fs\";\nimport { mkdir, mkdtemp, readFile, rm, writeFile } from \"node:fs/promises\";\nimport { tmpdir } from \"node:os\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\n\n/**\n * Validation result object.\n */\ninterface ValidationResult {\n passed: boolean;\n output?: string;\n failedTests?: string[];\n}\n\n/**\n * Tool result interface.\n */\ninterface ApplyPatchFileResult {\n success: boolean;\n packageName: string;\n vulnerableVersion: string;\n applied: boolean;\n dryRun: boolean;\n message: string;\n patchFilePath?: string;\n patchPath?: string;\n patchMode?: \"patch-package\" | \"native-pnpm\" | \"native-yarn\";\n postinstallConfigured?: boolean;\n validation?: ValidationResult;\n error?: string;\n}\n\n/**\n * Raw package.json structure for type safety.\n */\ninterface RawPackageJson {\n devDependencies?: Record<string, string>;\n scripts?: Record<string, string>;\n [key: string]: unknown;\n}\n\nexport const applyPatchFileTool = tool({\n description:\n \"Write generated patch file and apply it using package-manager-native patch flow when available, falling back to patch-package when needed.\",\n parameters: z.object({\n packageName: z.string().min(1).describe(\"The npm package name\"),\n vulnerableVersion: z\n .string()\n .describe(\"The vulnerable version string\"),\n patchContent: z\n .string()\n .min(10)\n .optional()\n .describe(\"Unified diff patch content from generate-patch\"),\n patches: z\n .array(\n z.object({\n filePath: z.string().min(1),\n unifiedDiff: z.string().min(10),\n })\n )\n .optional()\n .describe(\"Patch list from generate-patch; first patch is applied\"),\n patchesDir: z\n .string()\n .optional()\n .default(\"./patches\")\n .describe(\"Directory to store patch files\"),\n cwd: z.string().describe(\"Project root directory (for package.json)\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n validateWithTests: z\n .boolean()\n .optional()\n .default(true)\n .describe(\"Run package manager test command to validate patch doesn't break anything\"),\n dryRun: z.boolean().optional().default(false).describe(\"If true, report but do not mutate files\"),\n }).refine((value) => Boolean(value.patchContent || (value.patches && value.patches.length > 0)), {\n message: \"Either patchContent or patches must be provided\",\n }),\n execute: async ({\n packageName,\n vulnerableVersion,\n patchContent,\n patches,\n patchesDir,\n cwd,\n packageManager,\n validateWithTests,\n dryRun,\n }): Promise<ApplyPatchFileResult> => {\n try {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const selectedPatch = patchContent ?? patches?.[0]?.unifiedDiff;\n\n if (!selectedPatch) {\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: \"No patch content provided.\",\n error: \"No patch content provided.\",\n };\n }\n\n const patchFileName = buildPatchFileName(packageName, vulnerableVersion);\n const patchFilePath = join(cwd, patchesDir, patchFileName);\n\n if (dryRun) {\n return {\n success: true,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would write and configure patch at ${patchFilePath}.`,\n patchFilePath,\n patchPath: patchFilePath,\n };\n }\n\n // Step 1: Create patches directory if it doesn't exist\n const patchesDirPath = join(cwd, patchesDir);\n await mkdir(patchesDirPath, { recursive: true });\n\n // Step 2: Write patch file with proper naming convention\n await writeFile(patchFilePath, selectedPatch, \"utf8\");\n\n let validationResult: ValidationResult | undefined;\n const patchMode = await resolvePatchMode(pm, cwd);\n\n // Step 3: Apply patch via native package-manager workflow when available.\n // npm always uses patch-package, yarn v1 falls back to patch-package.\n const applyResult =\n patchMode === \"patch-package\"\n ? await configurePatchPackagePostinstall(cwd, pm)\n : await applyNativePatch({\n cwd,\n packageName,\n vulnerableVersion,\n patchContent: selectedPatch,\n patchMode,\n });\n\n if (!applyResult.success) {\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: applyResult.error,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\" ? false : undefined,\n error: applyResult.error,\n };\n }\n\n // Step 4: Validate with tests if requested\n if (validateWithTests) {\n validationResult = await validatePatchWithTests(cwd, pm);\n if (!validationResult.passed) {\n const validationError = \"Patch validation failed after apply; patch marked unresolved.\";\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: validationError,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\",\n validation: validationResult,\n error: validationError,\n };\n }\n }\n\n return {\n success: true,\n packageName,\n vulnerableVersion,\n applied: true,\n dryRun: false,\n message: `Patch applied successfully for ${packageName}@${vulnerableVersion}.`,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\",\n validation: validationResult,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: `Failed to apply patch file: ${message}`,\n error: `Failed to apply patch file: ${message}`,\n };\n }\n },\n});\n\ntype PatchMode = \"patch-package\" | \"native-pnpm\" | \"native-yarn\";\n\nasync function resolvePatchMode(packageManager: PackageManager, cwd: string): Promise<PatchMode> {\n if (packageManager === \"npm\") return \"patch-package\";\n if (packageManager === \"pnpm\") return \"native-pnpm\";\n\n // Yarn v1 does not provide native patch commands; use patch-package compatibility path.\n try {\n const result = await execa(\"yarn\", [\"--version\"], {\n cwd,\n stdio: \"pipe\",\n });\n const version = result.stdout.trim();\n const major = Number.parseInt(version.split(\".\")[0] || \"0\", 10);\n return major >= 2 ? \"native-yarn\" : \"patch-package\";\n } catch {\n return \"patch-package\";\n }\n}\n\nfunction buildPatchFileName(packageName: string, vulnerableVersion: string): string {\n const safeName = packageName.replace(/^@/, \"\").replace(/\\//g, \"+\");\n return `${safeName}+${vulnerableVersion}.patch`;\n}\n\nasync function configurePatchPackagePostinstall(cwd: string, packageManager: PackageManager): Promise<{ success: true } | { success: false; error: string }> {\n const pkgJsonPath = join(cwd, \"package.json\");\n let pkgJson: RawPackageJson;\n\n try {\n pkgJson = JSON.parse(await readFile(pkgJsonPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n success: false,\n error: `Could not read package.json at ${pkgJsonPath}`,\n };\n }\n\n const devDependencies = pkgJson.devDependencies ?? {};\n if (!devDependencies[\"patch-package\"]) {\n try {\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.installDev(\"patch-package\");\n await execa(cmd, args, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n return {\n success: false,\n error: `Failed to install patch-package: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n }\n\n if (!pkgJson.scripts) {\n pkgJson.scripts = {};\n }\n\n const patchApplyCmd = \"patch-package\";\n const currentPostinstall = pkgJson.scripts.postinstall || \"\";\n\n if (currentPostinstall && !currentPostinstall.includes(\"patch-package\")) {\n pkgJson.scripts.postinstall = `${currentPostinstall} && ${patchApplyCmd}`;\n } else if (!currentPostinstall) {\n pkgJson.scripts.postinstall = patchApplyCmd;\n }\n\n await writeFile(pkgJsonPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n return { success: true };\n}\n\nasync function applyNativePatch(params: {\n cwd: string;\n packageName: string;\n vulnerableVersion: string;\n patchContent: string;\n patchMode: \"native-pnpm\" | \"native-yarn\";\n}): Promise<{ success: true } | { success: false; error: string }> {\n const { cwd, packageName, vulnerableVersion, patchContent, patchMode } = params;\n const packageSpec = `${packageName}@${vulnerableVersion}`;\n\n const createCommand = patchMode === \"native-pnpm\" ? \"pnpm\" : \"yarn\";\n const createArgs = [\"patch\", packageSpec];\n\n let patchDir: string;\n try {\n const createResult = await execa(createCommand, createArgs, {\n cwd,\n stdio: \"pipe\",\n });\n patchDir = extractPatchDirectory(`${createResult.stdout}\\n${createResult.stderr}`);\n } catch (err) {\n return {\n success: false,\n error: `Failed to create native patch workspace for ${packageSpec}: ${\n err instanceof Error ? err.message : String(err)\n }`,\n };\n }\n\n if (!patchDir) {\n return {\n success: false,\n error: `Could not determine native patch directory for ${packageSpec}.`,\n };\n }\n\n const tempPatchDir = await mkdtemp(join(tmpdir(), \"autoremediator-native-patch-\"));\n const tempPatchFile = join(tempPatchDir, \"change.patch\");\n\n try {\n await writeFile(tempPatchFile, patchContent, \"utf8\");\n await execa(\"patch\", [\"-p1\", \"-i\", tempPatchFile], {\n cwd: patchDir,\n stdio: \"pipe\",\n });\n\n const commitCommand = patchMode === \"native-pnpm\" ? \"pnpm\" : \"yarn\";\n const commitArgs =\n patchMode === \"native-pnpm\"\n ? [\"patch-commit\", patchDir]\n : [\"patch-commit\", \"-s\", patchDir];\n\n await execa(commitCommand, commitArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n return {\n success: false,\n error: `Failed to apply native patch for ${packageSpec}: ${\n err instanceof Error ? err.message : String(err)\n }`,\n };\n } finally {\n await rm(tempPatchDir, { recursive: true, force: true });\n }\n\n return { success: true };\n}\n\nfunction extractPatchDirectory(output: string): string {\n const lines = output\n .split(/\\r?\\n/)\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n if (existsSync(line)) {\n return line;\n }\n\n const tokens = line.split(/\\s+/).map((token) => token.replace(/^['\"]|['\"]$/g, \"\"));\n for (const token of tokens) {\n if (token.startsWith(\"/\") && existsSync(token)) {\n return token;\n }\n }\n }\n\n return \"\";\n}\n\n/**\n * Validate patch by running tests in the project.\n */\nasync function validatePatchWithTests(cwd: string, packageManager: PackageManager): Promise<ValidationResult> {\n try {\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.test;\n\n // Run package manager test command with a timeout\n const result = await execa(cmd, args, {\n cwd,\n timeout: 60000, // 60 second timeout\n stdio: \"pipe\",\n });\n\n return {\n passed: true,\n output: result.stdout,\n };\n } catch (err) {\n // Extract useful error information\n const errorOutput =\n err instanceof Error && \"stdout\" in err\n ? (err as Record<string, string>).stdout\n : \"\";\n const failedTests = extractFailedTests(errorOutput);\n\n return {\n passed: false,\n output: errorOutput,\n failedTests,\n };\n }\n}\n\n/**\n * Parse test output to extract names of failed tests.\n * (Basic implementation; real implementation would parse different test runners)\n */\nfunction extractFailedTests(output: string): string[] {\n const failedTests: string[] = [];\n\n // Common test failure patterns\n const patterns = [\n /✖\\s+(.+?)(?:\\n|$)/g, // Mocha style\n /●\\s+(.+)(?:\\n|$)/g, // Jest style\n /FAIL.*?(.+?)(?:\\n|$)/g, // Generic FAIL\n ];\n\n for (const pattern of patterns) {\n let match;\n while ((match = pattern.exec(output)) !== null) {\n if (match[1]) {\n failedTests.push(match[1].trim());\n }\n }\n }\n\n return failedTests.slice(0, 5); // Return first 5 failures\n}\n","import { extname } from \"node:path\";\nimport { readFileSync } from \"node:fs\";\nimport { parseNpmAuditJsonFile, type NormalizedFinding } from \"./adapters/npm-audit.js\";\nimport { parseYarnAuditJsonFile } from \"./adapters/yarn-audit.js\";\nimport { parseSarifFile } from \"./adapters/sarif.js\";\n\nexport type { NormalizedFinding } from \"./adapters/npm-audit.js\";\nexport type ScanInputFormat = \"npm-audit\" | \"yarn-audit\" | \"sarif\" | \"auto\";\n\nexport function parseScanInput(filePath: string, format: ScanInputFormat): NormalizedFinding[] {\n const resolved = format === \"auto\" ? inferFormat(filePath) : format;\n\n if (resolved === \"npm-audit\") {\n return parseNpmAuditJsonFile(filePath);\n }\n if (resolved === \"yarn-audit\") {\n return parseYarnAuditJsonFile(filePath);\n }\n if (resolved === \"sarif\") {\n return parseSarifFile(filePath);\n }\n\n throw new Error(`Unsupported input format: ${resolved}`);\n}\n\nfunction inferFormat(filePath: string): Exclude<ScanInputFormat, \"auto\"> {\n const ext = extname(filePath).toLowerCase();\n if (ext === \".sarif\") return \"sarif\";\n\n try {\n const content = readFileSync(filePath, \"utf8\");\n const firstLine = content.split(\"\\n\").find((line) => line.trim().startsWith(\"{\"));\n if (firstLine) {\n const parsed = JSON.parse(firstLine) as { type?: string };\n if (parsed.type === \"auditAdvisory\" || parsed.type === \"auditSummary\") {\n return \"yarn-audit\";\n }\n }\n } catch {\n // Ignore parse failures and fall back to npm-audit.\n }\n\n return \"npm-audit\";\n}\n\nexport function uniqueCveIds(findings: NormalizedFinding[]): string[] {\n return [...new Set(findings.map((f) => f.cveId.toUpperCase()))];\n}\n","import { readFileSync } from \"node:fs\";\n\nexport interface NormalizedFinding {\n cveId: string;\n source: \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n packageName?: string;\n severity?: \"LOW\" | \"MEDIUM\" | \"HIGH\" | \"CRITICAL\" | \"UNKNOWN\";\n}\n\ninterface NpmAuditVulnerability {\n name: string;\n via: Array<string | { source?: number; name?: string; url?: string; severity?: string; cwe?: string[]; cvss?: { score?: number } }>;\n severity?: string;\n}\n\ninterface NpmAuditReport {\n vulnerabilities?: Record<string, NpmAuditVulnerability>;\n}\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction normalizeSeverity(raw?: string): NormalizedFinding[\"severity\"] {\n if (!raw) return \"UNKNOWN\";\n const up = raw.toUpperCase();\n if (up === \"CRITICAL\" || up === \"HIGH\" || up === \"MEDIUM\" || up === \"LOW\") {\n return up;\n }\n return \"UNKNOWN\";\n}\n\nexport function parseNpmAuditJsonFromString(content: string): NormalizedFinding[] {\n const report = JSON.parse(content) as NpmAuditReport;\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n for (const vuln of Object.values(report.vulnerabilities ?? {})) {\n for (const viaEntry of vuln.via ?? []) {\n const text = typeof viaEntry === \"string\" ? viaEntry : `${viaEntry.url ?? \"\"} ${viaEntry.name ?? \"\"}`;\n const matches = text.match(CVE_REGEX) ?? [];\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const key = `${cveId}:${vuln.name}`;\n if (seen.has(key)) continue;\n seen.add(key);\n findings.push({\n cveId,\n source: \"npm-audit\",\n packageName: vuln.name,\n severity: normalizeSeverity(vuln.severity),\n });\n }\n }\n }\n\n return findings;\n}\n\nexport function parseNpmAuditJsonFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseNpmAuditJsonFromString(content);\n}\n","import { readFileSync } from \"node:fs\";\nimport type { NormalizedFinding } from \"./npm-audit.js\";\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction normalizeSeverity(raw?: string): NormalizedFinding[\"severity\"] {\n if (!raw) return \"UNKNOWN\";\n const up = raw.toUpperCase();\n if (up === \"CRITICAL\" || up === \"HIGH\" || up === \"MEDIUM\" || up === \"LOW\") {\n return up;\n }\n return \"UNKNOWN\";\n}\n\nexport function parseYarnAuditJsonFromString(content: string): NormalizedFinding[] {\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n const lines = content\n .split(\"\\n\")\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n let parsed: unknown;\n try {\n parsed = JSON.parse(line);\n } catch {\n continue;\n }\n\n const event = parsed as {\n type?: string;\n data?: {\n advisory?: {\n module_name?: string;\n severity?: string;\n url?: string;\n cves?: string[];\n };\n };\n };\n\n if (event.type !== \"auditAdvisory\") continue;\n\n const advisory = event.data?.advisory;\n const packageName = advisory?.module_name;\n const severity = normalizeSeverity(advisory?.severity);\n\n const text = `${advisory?.url ?? \"\"} ${(advisory?.cves ?? []).join(\" \")}`;\n const matches = text.match(CVE_REGEX) ?? [];\n\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const key = `${cveId}:${packageName ?? \"\"}`;\n if (seen.has(key)) continue;\n seen.add(key);\n\n findings.push({\n cveId,\n source: \"yarn-audit\",\n packageName,\n severity,\n });\n }\n }\n\n return findings;\n}\n\nexport function parseYarnAuditJsonFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseYarnAuditJsonFromString(content);\n}\n","import { readFileSync } from \"node:fs\";\nimport type { NormalizedFinding } from \"./npm-audit.js\";\n\ninterface SarifResult {\n ruleId?: string;\n message?: { text?: string };\n properties?: Record<string, unknown>;\n}\n\ninterface SarifRun {\n results?: SarifResult[];\n}\n\ninterface SarifReport {\n runs?: SarifRun[];\n}\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction extractPackageName(result: SarifResult): string | undefined {\n const pkg = result.properties?.[\"packageName\"];\n return typeof pkg === \"string\" ? pkg : undefined;\n}\n\nexport function parseSarifFromString(content: string): NormalizedFinding[] {\n const report = JSON.parse(content) as SarifReport;\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n for (const run of report.runs ?? []) {\n for (const result of run.results ?? []) {\n const combined = `${result.ruleId ?? \"\"} ${result.message?.text ?? \"\"}`;\n const matches = combined.match(CVE_REGEX) ?? [];\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const pkg = extractPackageName(result);\n const key = `${cveId}:${pkg ?? \"\"}`;\n if (seen.has(key)) continue;\n seen.add(key);\n findings.push({\n cveId,\n source: \"sarif\",\n packageName: pkg,\n severity: \"UNKNOWN\",\n });\n }\n }\n }\n\n return findings;\n}\n\nexport function parseSarifFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseSarifFromString(content);\n}\n","import { mkdirSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\n\nexport interface EvidenceStep {\n at: string;\n action: string;\n input?: Record<string, unknown>;\n output?: Record<string, unknown>;\n error?: string;\n}\n\nexport interface EvidenceLog {\n runId: string;\n cveIds: string[];\n cwd: string;\n startedAt: string;\n finishedAt?: string;\n steps: EvidenceStep[];\n}\n\nexport function createEvidenceLog(cwd: string, cveIds: string[]): EvidenceLog {\n return {\n runId: `${Date.now()}`,\n cveIds,\n cwd,\n startedAt: new Date().toISOString(),\n steps: [],\n };\n}\n\nexport function addEvidenceStep(\n log: EvidenceLog,\n action: string,\n input?: Record<string, unknown>,\n output?: Record<string, unknown>,\n error?: string\n): void {\n log.steps.push({\n at: new Date().toISOString(),\n action,\n input,\n output,\n error,\n });\n}\n\nexport function finalizeEvidence(log: EvidenceLog): EvidenceLog {\n log.finishedAt = new Date().toISOString();\n return log;\n}\n\nexport function writeEvidenceLog(cwd: string, log: EvidenceLog): string {\n const dir = join(cwd, \".autoremediator\", \"evidence\");\n mkdirSync(dir, { recursive: true });\n const filePath = join(dir, `${log.runId}.json`);\n writeFileSync(filePath, JSON.stringify(log, null, 2) + \"\\n\", \"utf8\");\n return filePath;\n}\n","/**\n * autoremediator public SDK\n *\n * Usage:\n * import { remediate } from 'autoremediator';\n * const report = await remediate('CVE-2021-23337', { cwd: '/my/project' });\n */\nimport { runRemediationPipeline } from \"./remediation/pipeline.js\";\nimport type { RemediateOptions, RemediationReport } from \"./platform/types.js\";\nimport { parseScanInput, type ScanInputFormat, uniqueCveIds } from \"./scanner/index.js\";\nimport { addEvidenceStep, createEvidenceLog, finalizeEvidence, writeEvidenceLog } from \"./platform/evidence.js\";\nimport { isPackageAllowed, loadPolicy } from \"./platform/policy.js\";\n\nexport { runRemediationPipeline } from \"./remediation/pipeline.js\";\n\nexport type {\n RemediateOptions,\n RemediationReport,\n CveDetails,\n AffectedPackage,\n InventoryPackage,\n VulnerablePackage,\n PatchResult,\n PatchStrategy,\n} from \"./platform/types.js\";\nexport type { ScanInputFormat } from \"./scanner/index.js\";\n\nexport interface ScanOptions extends RemediateOptions {\n format?: ScanInputFormat;\n policyPath?: string;\n writeEvidence?: boolean;\n}\n\nexport interface ScanReport {\n schemaVersion: \"1.0\";\n status: \"ok\" | \"partial\" | \"failed\";\n generatedAt: string;\n cveIds: string[];\n reports: RemediationReport[];\n successCount: number;\n failedCount: number;\n errors: Array<{ cveId: string; message: string }>;\n evidenceFile?: string;\n patchFileCount: number;\n patchValidationFailures?: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }>;\n patchStorageDir?: string;\n}\n\nexport interface CiSummary {\n schemaVersion: \"1.0\";\n status: \"ok\" | \"partial\" | \"failed\";\n generatedAt: string;\n cveCount: number;\n remediationCount: number;\n successCount: number;\n failedCount: number;\n errors: Array<{ cveId: string; message: string }>;\n evidenceFile?: string;\n patchFileCount?: number;\n patchValidationFailures?: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }>;\n patchStorageDir?: string;\n}\n\n/**\n * Main entry point for programmatic use.\n *\n * @param cveId - CVE identifier, e.g. \"CVE-2021-23337\"\n * @param options - Optional configuration (cwd, dryRun, llmProvider, etc.)\n * @returns A RemediationReport describing what was found and done\n */\nexport async function remediate(cveId: string, options: RemediateOptions = {}): Promise<RemediationReport> {\n if (!/^CVE-\\d{4}-\\d+$/i.test(cveId)) {\n throw new Error(\n `Invalid CVE ID: \"${cveId}\". Expected format: CVE-YYYY-NNNNN (e.g. CVE-2021-23337).`\n );\n }\n return runRemediationPipeline(cveId.toUpperCase(), options);\n}\n\n/**\n * Scanner-first entrypoint: parse a scanner output file (npm audit JSON or SARIF),\n * extract CVEs, and run remediations one-by-one.\n */\nexport async function remediateFromScan(\n inputPath: string,\n options: ScanOptions = {}\n): Promise<ScanReport> {\n const cwd = options.cwd ?? process.cwd();\n const format = options.format ?? \"auto\";\n const patchesDir = options.patchesDir ?? \"./patches\";\n\n const findings = parseScanInput(inputPath, format);\n const cveIds = uniqueCveIds(findings);\n const policy = loadPolicy(cwd, options.policyPath);\n\n const evidence = createEvidenceLog(cwd, cveIds);\n addEvidenceStep(evidence, \"scan.parse\", { inputPath, format }, { findingCount: findings.length, cveCount: cveIds.length });\n\n const reports: RemediationReport[] = [];\n const errors: Array<{ cveId: string; message: string }> = [];\n const patchValidationFailures: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }> = [];\n let patchFileCount = 0;\n\n for (const cveId of cveIds) {\n try {\n addEvidenceStep(evidence, \"remediate.start\", { cveId });\n const report = await remediate(cveId, {\n ...options,\n patchesDir,\n });\n\n // Keep a defensive filter in case upstream tools return unexpected packages.\n report.results = report.results.filter((r) => isPackageAllowed(policy, r.packageName));\n\n // Count patches and collect validation failures\n for (const result of report.results) {\n if (result.strategy === \"patch-file\") {\n patchFileCount += 1;\n }\n if (result.validation?.passed === false && result.validation?.error) {\n patchValidationFailures.push({\n packageName: result.packageName,\n cveId,\n error: result.validation.error,\n });\n }\n }\n\n reports.push(report);\n addEvidenceStep(evidence, \"remediate.finish\", { cveId }, { results: report.results.length });\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n errors.push({ cveId, message });\n addEvidenceStep(evidence, \"remediate.error\", { cveId }, undefined, message);\n }\n }\n\n let successCount = 0;\n let failedCount = 0;\n for (const report of reports) {\n for (const result of report.results) {\n if (result.applied || result.dryRun) {\n successCount += 1;\n } else {\n failedCount += 1;\n }\n }\n }\n\n failedCount += errors.length;\n\n let status: ScanReport[\"status\"] = \"ok\";\n if (failedCount > 0 && successCount > 0) {\n status = \"partial\";\n } else if (failedCount > 0 && successCount === 0) {\n status = \"failed\";\n }\n\n finalizeEvidence(evidence);\n const evidenceFile = options.writeEvidence === false ? undefined : writeEvidenceLog(cwd, evidence);\n\n return {\n schemaVersion: \"1.0\",\n status,\n generatedAt: new Date().toISOString(),\n cveIds,\n reports,\n successCount,\n failedCount,\n errors,\n evidenceFile,\n patchFileCount,\n patchValidationFailures: patchValidationFailures.length > 0 ? patchValidationFailures : undefined,\n patchStorageDir: patchFileCount > 0 ? patchesDir : undefined,\n };\n}\n\nexport function toCiSummary(report: ScanReport): CiSummary {\n let remediationCount = 0;\n for (const cveReport of report.reports) {\n remediationCount += cveReport.results.length;\n }\n\n return {\n schemaVersion: report.schemaVersion,\n status: report.status,\n generatedAt: report.generatedAt,\n cveCount: report.cveIds.length,\n remediationCount,\n successCount: report.successCount,\n failedCount: report.failedCount,\n errors: report.errors,\n evidenceFile: report.evidenceFile,\n patchFileCount: report.patchFileCount || 0,\n patchValidationFailures: report.patchValidationFailures,\n patchStorageDir: report.patchStorageDir,\n };\n}\n\nexport function ciExitCode(summary: CiSummary): number {\n return summary.failedCount > 0 ? 1 : 0;\n}\n"],"mappings":";AAUA,SAAS,gBAAAA,qBAAoB;AAC7B,SAAS,cAAAC,aAAY,gBAAAC,qBAAoB;AACzC,SAAS,QAAAC,aAAY;AACrB,OAAOC,aAAY;;;ACHZ,SAAS,gBAAgB,UAA4B,CAAC,GAAsB;AACjF,QAAM,MACJ,QAAQ,eACR,QAAQ,IAAI,+BACZ;AAEF,MAAI,QAAQ,YAAY,QAAQ,eAAe,QAAQ,SAAS;AAC9D,UAAM,IAAI;AAAA,MACR,6BAA6B,GAAG;AAAA,IAClC;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,iBACd,UACA,UAA4B,CAAC,GACrB;AACR,MAAI,QAAQ,MAAO,QAAO,QAAQ;AAClC,MAAI,QAAQ,IAAI,qBAAsB,QAAO,QAAQ,IAAI;AAEzD,QAAM,WAA8C;AAAA,IAClD,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,OAAO;AAAA,EACT;AACA,SAAO,SAAS,QAAQ;AAC1B;AAGA,eAAsB,YAAY,UAA4B,CAAC,GAA6B;AAC1F,QAAM,WAAW,gBAAgB,OAAO;AAExC,MAAI,aAAa,SAAS;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YAAY,iBAAiB,UAAU,OAAO;AAEpD,MAAI,aAAa,UAAU;AACzB,UAAM,SAAS,QAAQ,IAAI;AAC3B,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,EAAE,aAAa,IAAI,MAAM,OAAO,gBAAgB;AACtD,UAAM,SAAS,aAAa,EAAE,OAAO,CAAC;AACtC,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,aAAa,aAAa;AAC5B,UAAM,SAAS,QAAQ,IAAI;AAC3B,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,mBAAmB;AAC5D,UAAM,YAAY,gBAAgB,EAAE,OAAO,CAAC;AAC5C,WAAO,UAAU,SAAS;AAAA,EAC5B;AAEA,QAAM,IAAI,MAAM,uBAAuB,QAAQ,EAAE;AACnD;AAMO,SAAS,eAA0B;AACxC,SAAO;AAAA,IACL,QAAQ,QAAQ,IAAI;AAAA,EACtB;AACF;AAEO,SAAS,iBAAqC;AACnD,SAAO,QAAQ,IAAI;AACrB;;;AC1FA,SAAS,kBAAkB;AAC3B,SAAS,YAAY;AAad,SAAS,qBAAqB,KAA6B;AAChE,MAAI,WAAW,KAAK,KAAK,gBAAgB,CAAC,EAAG,QAAO;AACpD,MAAI,WAAW,KAAK,KAAK,WAAW,CAAC,EAAG,QAAO;AAC/C,SAAO;AACT;AAEO,SAAS,0BAA0B,IAA4C;AACpF,MAAI,OAAO,QAAQ;AACjB,WAAO;AAAA,MACL,SAAS,CAAC,QAAQ,SAAS;AAAA,MAC3B,sBAAsB,CAAC,QAAQ,WAAW,kBAAkB;AAAA,MAC5D,YAAY,CAAC,QAAgB,CAAC,QAAQ,OAAO,MAAM,GAAG;AAAA,MACtD,MAAM,CAAC,QAAQ,MAAM;AAAA,MACrB,MAAM,CAAC,QAAQ,QAAQ,UAAU,WAAW,IAAI;AAAA,MAChD,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,MAAI,OAAO,QAAQ;AACjB,WAAO;AAAA,MACL,SAAS,CAAC,QAAQ,SAAS;AAAA,MAC3B,sBAAsB,CAAC,QAAQ,SAAS;AAAA,MACxC,YAAY,CAAC,QAAgB,CAAC,QAAQ,OAAO,SAAS,GAAG;AAAA,MACzD,MAAM,CAAC,QAAQ,MAAM;AAAA,MACrB,MAAM,CAAC,QAAQ,QAAQ,QAAQ;AAAA,MAC/B,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS,CAAC,OAAO,SAAS;AAAA,IAC1B,sBAAsB,CAAC,OAAO,WAAW,kBAAkB;AAAA,IAC3D,YAAY,CAAC,QAAgB,CAAC,OAAO,WAAW,cAAc,GAAG;AAAA,IACjE,MAAM,CAAC,OAAO,MAAM;AAAA,IACpB,MAAM,CAAC,OAAO,QAAQ,UAAU,OAAO;AAAA,IACvC,cAAc;AAAA,EAChB;AACF;AAEO,SAAS,gBAAgB,IAAoB,QAAqC;AACvF,QAAM,WAAW,oBAAI,IAAoB;AAEzC,MAAI,CAAC,OAAO,KAAK,EAAG,QAAO;AAE3B,MAAI,OAAO,QAAQ;AACjB,UAAM,QAAQ,OACX,MAAM,IAAI,EACV,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,OAAO;AAEjB,eAAW,QAAQ,OAAO;AACxB,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,YAAI,IAAI,SAAS,OAAQ;AAEzB,mBAAW,QAAQ,IAAI,MAAM,SAAS,CAAC,GAAG;AACxC,gBAAM,MAAM,KAAK,QAAQ;AACzB,gBAAM,KAAK,IAAI,YAAY,GAAG;AAC9B,cAAI,MAAM,EAAG;AACb,gBAAM,OAAO,IAAI,MAAM,GAAG,EAAE;AAC5B,gBAAM,UAAU,IAAI,MAAM,KAAK,CAAC;AAChC,cAAI,QAAQ,SAAS;AACnB,qBAAS,IAAI,MAAM,OAAO;AAAA,UAC5B;AAAA,QACF;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,MAAM;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,QAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,OAAO,CAAC,IAAI;AAOjD,WAAS,oBAAoB,MAA6C;AACxE,QAAI,CAAC,KAAM;AAEX,eAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAChD,UAAI,CAAC,SAAS,OAAO,UAAU,SAAU;AACzC,YAAM,UAAU,MAAM;AACtB,UAAI,OAAO,YAAY,YAAY,SAAS;AAC1C,iBAAS,IAAI,MAAM,OAAO;AAAA,MAC5B;AACA,0BAAoB,MAAM,YAAY;AAAA,IACxC;AAAA,EACF;AAEA,sBAAqB,MAAwE,YAAY;AAEzG,SAAO;AACT;;;AC9GA,SAAS,YAAY;AACrB,SAAS,SAAS;;;ACClB,IAAM,WAAW;AAuDjB,eAAsB,aAAa,OAAiD;AAClF,QAAM,MAAM,GAAG,QAAQ,UAAU,mBAAmB,KAAK,CAAC;AAC1D,QAAM,MAAM,MAAM,MAAM,KAAK;AAAA,IAC3B,SAAS,EAAE,QAAQ,mBAAmB;AAAA,EACxC,CAAC;AAED,MAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,iBAAiB,IAAI,MAAM,QAAQ,KAAK,KAAK,MAAM,IAAI,KAAK,CAAC,EAAE;AAAA,EACjF;AAEA,SAAO,IAAI,KAAK;AAClB;AAOA,SAAS,uBAAuB,QAAkC;AAChE,QAAM,QAAkB,CAAC;AAEzB,aAAW,SAAS,QAAQ;AAC1B,QAAI,MAAM,eAAe,QAAW;AAClC,YAAM,IAAI,MAAM,eAAe,MAAM,UAAU,MAAM;AACrD,YAAM,KAAK,KAAK,CAAC,EAAE;AAAA,IACrB;AACA,QAAI,MAAM,UAAU,QAAW;AAC7B,YAAM,KAAK,IAAI,MAAM,KAAK,EAAE;AAAA,IAC9B;AACA,QAAI,MAAM,kBAAkB,QAAW;AACrC,YAAM,KAAK,KAAK,MAAM,aAAa,EAAE;AAAA,IACvC;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,GAAG,KAAK;AAC5B;AAMO,SAAS,aAAa,MAAoC;AAC/D,QAAM,cAAiC,CAAC;AAExC,aAAW,YAAY,KAAK,YAAY,CAAC,GAAG;AAC1C,UAAM,YAAY,SAAS,SAAS;AACpC,UAAM,cAAc,SAAS,SAAS;AACtC,QAAI,CAAC,aAAa,OAAO,cAAc,SAAU;AACjD,QAAI,CAAC,eAAe,OAAO,gBAAgB,SAAU;AACrD,QAAI,UAAU,YAAY,MAAM,MAAO;AAGvC,UAAM,cAAc,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ;AACpE,UAAM,kBAAkB,cACpB,uBAAuB,YAAY,MAAM,IACzC;AAGJ,UAAM,aAAa,aAAa,OAAO,KAAK,CAAC,MAAM,EAAE,UAAU,MAAS;AAExE,gBAAY,KAAK;AAAA,MACf,MAAM;AAAA,MACN,WAAW;AAAA,MACX;AAAA,MACA,qBAAqB,YAAY;AAAA,MACjC,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,eAAe,KAAK,QAAQ;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,SAAS,KAAK,WAAW,KAAK,WAAW;AAAA,IACzC;AAAA,IACA,YAAY,KAAK,YAAY,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC;AAAA,IACnD,kBAAkB;AAAA,EACpB;AACF;AAEA,SAAS,eACP,iBACwB;AACxB,MAAI,CAAC,iBAAiB,OAAQ,QAAO;AAGrC,QAAM,YACJ,gBAAgB,KAAK,CAAC,MAAM,EAAE,SAAS,SAAS,KAAK,gBAAgB,CAAC;AAGxE,QAAM,aAAa,UAAU,MAAM,MAAM,aAAa;AACtD,MAAI,YAAY;AACd,UAAM,QAAQ,WAAW,WAAW,CAAC,CAAC;AACtC,QAAI,SAAS,EAAK,QAAO;AACzB,QAAI,SAAS,EAAK,QAAO;AACzB,QAAI,SAAS,EAAK,QAAO;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAGA,eAAsB,aAAa,OAA2C;AAC5E,QAAM,OAAO,MAAM,aAAa,KAAK;AACrC,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,aAAa,IAAI;AAC1B;;;ACnKA,IAAM,mBAAmB;AA6BzB,SAAS,eAAuC;AAC9C,QAAM,UAAkC;AAAA,IACtC,QAAQ;AAAA,IACR,wBAAwB;AAAA,EAC1B;AACA,QAAM,QAAQ,eAAe;AAC7B,MAAI,OAAO;AACT,YAAQ,gBAAgB,UAAU,KAAK;AAAA,EACzC;AACA,SAAO;AACT;AAMA,eAAsB,kBAAkB,OAAsC;AAC5E,QAAM,MAAM,IAAI,IAAI,gBAAgB;AACpC,MAAI,aAAa,IAAI,UAAU,KAAK;AACpC,MAAI,aAAa,IAAI,aAAa,KAAK;AACvC,MAAI,aAAa,IAAI,QAAQ,UAAU;AACvC,MAAI,aAAa,IAAI,YAAY,IAAI;AAErC,QAAM,MAAM,MAAM,MAAM,IAAI,SAAS,GAAG,EAAE,SAAS,aAAa,EAAE,CAAC;AAEnE,MAAI,IAAI,WAAW,IAAK,QAAO,CAAC;AAChC,MAAI,CAAC,IAAI,IAAI;AAEX,YAAQ;AAAA,MACN,iDAAiD,IAAI,MAAM,QAAQ,KAAK;AAAA,IAC1E;AACA,WAAO,CAAC;AAAA,EACV;AAEA,SAAO,IAAI,KAAK;AAClB;AAMO,SAAS,kBAAkB,YAA6C;AAC7E,QAAM,WAA8B,CAAC;AAErC,aAAW,YAAY,YAAY;AACjC,eAAW,QAAQ,SAAS,iBAAiB;AAC3C,UAAI,KAAK,QAAQ,UAAU,YAAY,MAAM,MAAO;AAEpD,eAAS,KAAK;AAAA,QACZ,MAAM,KAAK,QAAQ;AAAA,QACnB,WAAW;AAAA,QACX,iBAAiB,KAAK,4BAA4B;AAAA,QAClD,qBAAqB,KAAK,yBAAyB;AAAA,QACnD,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAMO,SAAS,0BACd,SACA,YACY;AACZ,QAAM,WAAW,EAAE,GAAG,QAAQ;AAE9B,aAAW,SAAS,YAAY;AAC9B,UAAM,WAAW,SAAS,iBAAiB;AAAA,MACzC,CAAC,MAAM,EAAE,SAAS,MAAM;AAAA,IAC1B;AAEA,QAAI,UAAU;AAEZ,UAAI,CAAC,SAAS,uBAAuB,MAAM,qBAAqB;AAC9D,iBAAS,sBAAsB,MAAM;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,eAAS,iBAAiB,KAAK,KAAK;AAAA,IACtC;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAsB,gBAAgB,OAA2C;AAC/E,QAAM,aAAa,MAAM,kBAAkB,KAAK;AAChD,SAAO,kBAAkB,UAAU;AACrC;;;ACzHA,IAAM,WAAW;AA2BjB,SAAS,kBAA0C;AACjD,QAAM,EAAE,OAAO,IAAI,aAAa;AAChC,QAAM,UAAkC,EAAE,QAAQ,mBAAmB;AACrE,MAAI,QAAQ;AACV,YAAQ,SAAS;AAAA,EACnB;AACA,SAAO;AACT;AAOA,eAAsB,aACpB,OAC0E;AAC1E,QAAM,MAAM,GAAG,QAAQ,UAAU,mBAAmB,KAAK,CAAC;AAE1D,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,KAAK,EAAE,SAAS,gBAAgB,EAAE,CAAC;AAC3D,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,UAAM,OAAO,KAAK,kBAAkB,CAAC;AACrC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,UAAU,KAAK,IAAI;AACzB,UAAM,SACJ,SAAS,gBAAgB,CAAC,KAC1B,SAAS,gBAAgB,CAAC,KAC1B,SAAS,eAAe,CAAC;AAE3B,QAAI,CAAC,OAAQ,QAAO;AAEpB,UAAM,QAAQ,OAAO,SAAS;AAC9B,UAAM,cAAc,OAAO,SAAS,aAAa,YAAY;AAE7D,UAAM,cAAsD;AAAA,MAC1D,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,KAAK;AAAA,IACP;AAEA,WAAO;AAAA,MACL;AAAA,MACA,UAAU,YAAY,WAAW,KAAK;AAAA,IACxC;AAAA,EACF,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAMA,eAAsB,cAAc,SAA0C;AAC5E,QAAM,OAAO,MAAM,aAAa,QAAQ,EAAE;AAC1C,MAAI,MAAM;AACR,YAAQ,YAAY,KAAK;AACzB,QAAI,QAAQ,aAAa,WAAW;AAClC,cAAQ,WAAW,KAAK;AAAA,IAC1B;AAAA,EACF;AACA,SAAO;AACT;;;AH7FO,IAAM,gBAAgB,KAAK;AAAA,EAChC,aACE;AAAA,EACF,YAAY,EAAE,OAAO;AAAA,IACnB,OAAO,EACJ,OAAO,EACP,MAAM,oBAAoB,4CAA4C;AAAA,EAC3E,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,MAAM,MAAwE;AAC9F,UAAM,eAAe,MAAM,YAAY;AAGvC,UAAM,CAAC,YAAY,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,MACjD,aAAa,YAAY;AAAA,MACzB,gBAAgB,YAAY;AAAA,IAC9B,CAAC;AAED,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,QAAQ,YAAY;AAAA,MAC7B;AAAA,IACF;AAGA,QAAI,UAAsB,cAAc;AAAA,MACtC,IAAI;AAAA,MACJ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,YAAY,CAAC;AAAA,MACb,kBAAkB,CAAC;AAAA,IACrB;AAGA,QAAI,WAAW,SAAS,GAAG;AACzB,gBAAU,0BAA0B,SAAS,UAAU;AAAA,IACzD;AAGA,cAAU,MAAM,cAAc,OAAO;AAErC,QAAI,QAAQ,iBAAiB,WAAW,GAAG;AACzC,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,QAAQ,YAAY;AAAA,MAC7B;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,MAAM,QAAQ;AAAA,EACxC;AACF,CAAC;;;AIzDD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,oBAAoB;AAC7B,SAAS,QAAAC,aAAY;AACrB,SAAS,aAAa;AAef,IAAM,qBAAqBC,MAAK;AAAA,EACrC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,KAAKA,GAAE,OAAO,EAAE,SAAS,wDAAwD;AAAA,IACjF,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,EAC7I,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,KAAK,eAAe,MAAiE;AACrG,QAAI;AAEJ,QAAI;AACF,gBAAU,KAAK,MAAM,aAAaC,MAAK,KAAK,cAAc,GAAG,MAAM,CAAC;AAAA,IACtE,QAAQ;AACN,aAAO;AAAA,QACL,UAAU,CAAC;AAAA,QACX,OAAO,mCAAmC,GAAG;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,WAAW,0BAA0B,EAAE;AAC7C,QAAI,oBAAoB,oBAAI,IAAoB;AAEhD,QAAI;AACF,YAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS;AAChC,YAAM,aAAa,MAAM,MAAM,KAAK,MAAM;AAAA,QACxC;AAAA,QACA,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AACD,0BAAoB,gBAAgB,IAAI,WAAW,UAAU,EAAE;AAAA,IACjE,QAAQ;AAAA,IAER;AAEA,UAAM,WAA+B,CAAC;AAEtC,eAAW,CAAC,MAAM,OAAO,KAAK,kBAAkB,QAAQ,GAAG;AACzD,YAAM,WACJ,QAAQ,QAAQ,eAAe,IAAI,CAAC,KACpC,QAAQ,QAAQ,kBAAkB,IAAI,CAAC,KACvC,QAAQ,QAAQ,mBAAmB,IAAI,CAAC;AAE1C,eAAS,KAAK;AAAA,QACZ;AAAA,QACA;AAAA,QACA,MAAM,WAAW,WAAW;AAAA,MAC9B,CAAC;AAAA,IACH;AAEA,QAAI,SAAS,WAAW,GAAG;AAEzB,YAAM,UAAU;AAAA,QACd,GAAG,QAAQ;AAAA,QACX,GAAG,QAAQ;AAAA,MACb;AACA,iBAAW,CAAC,MAAM,OAAO,KAAK,OAAO,QAAQ,OAAO,GAAG;AACrD,cAAM,UAAU,QAAQ,QAAQ,cAAc,EAAE,EAAE,KAAK;AACvD,iBAAS,KAAK,EAAE,MAAM,SAAS,SAAS,MAAM,SAAS,CAAC;AAAA,MAC1D;AAAA,IACF;AAEA,WAAO,EAAE,SAAS;AAAA,EACpB;AACF,CAAC;;;ACnFD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,OAAO,YAAY;AAGnB,IAAM,wBAAwBA,GAAE,OAAO;AAAA,EACrC,MAAMA,GAAE,OAAO;AAAA,EACf,WAAWA,GAAE,QAAQ,KAAK;AAAA,EAC1B,iBAAiBA,GAAE,OAAO;AAAA,EAC1B,qBAAqBA,GAAE,OAAO,EAAE,SAAS;AAAA,EACzC,QAAQA,GAAE,KAAK,CAAC,OAAO,iBAAiB,CAAC;AAC3C,CAAC;AAED,IAAM,yBAAyBA,GAAE,OAAO;AAAA,EACtC,MAAMA,GAAE,OAAO;AAAA,EACf,SAASA,GAAE,OAAO;AAAA,EAClB,MAAMA,GAAE,KAAK,CAAC,UAAU,UAAU,CAAC;AACrC,CAAC;AAEM,IAAM,wBAAwBD,MAAK;AAAA,EACxC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,mBAAmBA,GAChB,MAAM,sBAAsB,EAC5B,SAAS,sCAAsC;AAAA,IAClD,kBAAkBA,GACf,MAAM,qBAAqB,EAC3B,SAAS,wDAAwD;AAAA,EACtE,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,mBAAmB,iBAAiB,MAGhD;AACJ,UAAM,aAAkC,CAAC;AAEzC,eAAW,YAAY,kBAAuC;AAE5D,YAAM,UAAW,kBAAyC;AAAA,QACxD,CAAC,MAAM,EAAE,SAAS,SAAS;AAAA,MAC7B;AAEA,iBAAW,aAAa,SAAS;AAE/B,YAAI,CAAC,OAAO,MAAM,UAAU,OAAO,EAAG;AAEtC,YAAI,eAAe;AACnB,YAAI;AACF,yBAAe,OAAO,UAAU,UAAU,SAAS,SAAS,iBAAiB;AAAA,YAC3E,mBAAmB;AAAA,UACrB,CAAC;AAAA,QACH,QAAQ;AAEN;AAAA,QACF;AAEA,YAAI,cAAc;AAChB,qBAAW,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,QACzC;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,oBAAoB;AAAA,MACpB,cAAc,kBAAkB;AAAA,IAClC;AAAA,EACF;AACF,CAAC;;;ACnED,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;;;ACClB,OAAOC,aAAY;AAEnB,IAAM,eAAe;AAqBrB,eAAsB,qBAAqB,aAAwC;AACjF,QAAM,MAAM,GAAG,YAAY,IAAI,mBAAmB,WAAW,CAAC;AAC9D,QAAM,MAAM,MAAM,MAAM,KAAK;AAAA,IAC3B,SAAS,EAAE,QAAQ,mBAAmB;AAAA,EACxC,CAAC;AAED,MAAI,IAAI,WAAW,IAAK,QAAO,CAAC;AAChC,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI;AAAA,MACR,sBAAsB,IAAI,MAAM,SAAS,WAAW,MAAM,MAAM,IAAI,KAAK,CAAC;AAAA,IAC5E;AAAA,EACF;AAEA,QAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,SAAO,OAAO,KAAK,KAAK,QAAQ;AAClC;AAYA,eAAsB,uBACpB,aACA,kBACA,qBACA,iBAC6B;AAC7B,QAAM,WAAW,MAAM,qBAAqB,WAAW;AACvD,MAAI,CAAC,SAAS,OAAQ,QAAO;AAE7B,QAAM,iBAAiBA,QAAO,MAAM,gBAAgB;AAGpD,QAAM,aAAa,SAChB,OAAO,CAAC,MAAMA,QAAO,MAAM,CAAC,KAAKA,QAAO,IAAI,GAAG,mBAAmB,CAAC,EACnE,OAAO,CAAC,MAAM;AACb,QAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAI;AACF,aAAO,CAACA,QAAO,UAAU,GAAG,iBAAiB,EAAE,mBAAmB,MAAM,CAAC;AAAA,IAC3E,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF,CAAC,EACA,KAAKA,QAAO,OAAO;AAEtB,MAAI,CAAC,WAAW,OAAQ,QAAO;AAG/B,QAAM,YAAY,WAAW;AAAA,IAC3B,CAAC,MAAMA,QAAO,MAAM,CAAC,MAAM;AAAA,EAC7B;AACA,MAAI,UAAW,QAAO;AAGtB,SAAO,WAAW,CAAC;AACrB;;;ADnFO,IAAM,uBAAuBC,MAAK;AAAA,EACvC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,SAAS,sBAAsB;AAAA,IACvD,kBAAkBA,GAAE,OAAO,EAAE,SAAS,gDAAgD;AAAA,IACtF,qBAAqBA,GAClB,OAAO,EACP;AAAA,MACC;AAAA,IACF;AAAA,IACF,iBAAiBA,GACd,OAAO,EACP,SAAS,EACT,SAAS,4EAA4E;AAAA,EAC1F,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAIM;AACJ,UAAM,cAAc,MAAM;AAAA,MACxB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,aAAa;AAAA,QACb,SAAS,sCAAsC,WAAW;AAAA,MAC5D;AAAA,IACF;AAEA,UAAM,iBAAiB,SAAS,iBAAiB,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AACzE,UAAM,YAAY,SAAS,YAAY,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AAC/D,UAAM,cAAc,YAAY;AAEhC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,SAAS,cACL,sBAAsB,WAAW,SAAS,WAAW,kCAAkC,gBAAgB,0EACvG,sBAAsB,WAAW,SAAS,WAAW,WAAW,gBAAgB;AAAA,IACtF;AAAA,EACF;AACF,CAAC;;;AExDD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAAC,eAAc,qBAAqB;AAC5C,SAAS,SAAAC,cAAa;AACtB,OAAOC,aAAY;;;ACXnB,SAAS,cAAAC,aAAY,gBAAAC,qBAAoB;AACzC,SAAS,QAAAC,aAAY;AAQd,IAAM,iBAAuC;AAAA,EAClD,iBAAiB;AAAA,EACjB,cAAc,CAAC;AAAA,EACf,eAAe,CAAC;AAClB;AAEO,SAAS,WAAW,KAAa,cAA6C;AACnF,QAAM,YAAY,gBAAgBA,MAAK,KAAK,sBAAsB;AAClE,MAAI,CAACF,YAAW,SAAS,EAAG,QAAO;AAEnC,MAAI;AACF,UAAM,SAAS,KAAK,MAAMC,cAAa,WAAW,MAAM,CAAC;AACzD,WAAO;AAAA,MACL,iBAAiB,OAAO,mBAAmB,eAAe;AAAA,MAC1D,cAAc,OAAO,gBAAgB,eAAe;AAAA,MACpD,eAAe,OAAO,iBAAiB,eAAe;AAAA,IACxD;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,iBAAiB,QAA8B,aAA8B;AAC3F,MAAI,OAAO,aAAa,SAAS,WAAW,EAAG,QAAO;AACtD,MAAI,OAAO,cAAc,SAAS,KAAK,CAAC,OAAO,cAAc,SAAS,WAAW,GAAG;AAClF,WAAO;AAAA,EACT;AACA,SAAO;AACT;;;ADRO,IAAM,uBAAuBE,MAAK;AAAA,EACvC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,KAAKA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IACrE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,aAAaA,GAAE,OAAO,EAAE,SAAS,4BAA4B;AAAA,IAC7D,aAAaA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IAC7E,WAAWA,GAAE,OAAO,EAAE,SAAS,uCAAuC;AAAA,IACtE,QAAQA,GAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0CAA0C;AAAA,IACtF,YAAYA,GACT,OAAO,EACP,SAAS,EACT,SAAS,8CAA8C;AAAA,IAC1D,WAAWA,GACR,QAAQ,EACR,QAAQ,IAAI,EACZ,SAAS,sDAAsD;AAAA,EACpE,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAA4B;AAC1B,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,WAAW,0BAA0B,EAAE;AAC7C,UAAM,UAAUC,MAAK,KAAK,cAAc;AACxC,UAAM,SAAS,WAAW,KAAK,UAAU;AAEzC,QAAI,CAAC,iBAAiB,QAAQ,WAAW,GAAG;AAC1C,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,uCAAuC,WAAW;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,cACJC,QAAO,MAAM,WAAW,KACxBA,QAAO,MAAM,SAAS,KACtBA,QAAO,MAAM,SAAS,IAAIA,QAAO,MAAM,WAAW;AAEpD,QAAI,eAAe,CAAC,OAAO,iBAAiB;AAC1C,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,kCAAkC,WAAW,MAAM,WAAW,OAAO,SAAS;AAAA,MACzF;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,gBAAU,KAAK,MAAMC,cAAa,SAAS,MAAM,CAAC;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,mCAAmC,OAAO;AAAA,MACrD;AAAA,IACF;AAGA,UAAM,WAAY,CAAC,gBAAgB,mBAAmB,kBAAkB,EAAiB;AAAA,MACvF,CAAC,MAAM,QAAQ,CAAC,IAAI,WAAW,MAAM;AAAA,IACvC;AAEA,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,IAAI,WAAW;AAAA,MAC1B;AAAA,IACF;AAEA,UAAM,eAAe,QAAQ,QAAQ,EAAG,WAAW;AAGnD,UAAM,cAAc,aAAa,MAAM,UAAU;AACjD,UAAM,SAAS,cAAc,CAAC,KAAK;AACnC,UAAM,WAAW,GAAG,MAAM,GAAG,SAAS;AAEtC,QAAI,QAAQ;AACV,YAAM,aAAa,SAAS,qBAAqB,KAAK,GAAG;AACzD,YAAM,UAAU,SAAS,KAAK,KAAK,GAAG;AACtC,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,0BAA0B,QAAQ,IAAI,WAAW,MAAM,YAAY,aAAQ,QAAQ,eAAe,UAAU,GAAG,YAAY,KAAK,QAAQ,OAAO,EAAE;AAAA,MAC5J;AAAA,IACF;AAGA,YAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,kBAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAGtE,QAAI;AACF,YAAM,CAAC,YAAY,GAAG,WAAW,IAAI,SAAS;AAC9C,YAAMC,OAAM,YAAY,aAAa;AAAA,QACnC;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,oBAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,GAAG,SAAS,qBAAqB,KAAK,GAAG,CAAC,2BAA2B,WAAW,QAAQ,SAAS,sBAAsB,OAAO;AAAA,MACzI;AAAA,IACF;AAEA,QAAI,CAAC,WAAW;AACd,UAAI;AACF,cAAM,CAAC,SAAS,GAAG,QAAQ,IAAI,SAAS;AACxC,cAAMA,OAAM,SAAS,UAAU;AAAA,UAC7B;AAAA,UACA,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,KAAK;AAEZ,gBAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,sBAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,YAAI;AACF,gBAAM,CAAC,aAAa,GAAG,YAAY,IAAI,SAAS;AAChD,gBAAMA,OAAM,aAAa,cAAc;AAAA,YACrC;AAAA,YACA,OAAO;AAAA,UACT,CAAC;AAAA,QACH,QAAQ;AAAA,QAER;AAEA,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO;AAAA,UACL;AAAA,UACA,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,GAAG,SAAS,KAAK,KAAK,GAAG,CAAC,4BAA4B,WAAW,QAAQ,SAAS,oBAAoB,YAAY,YAAY,OAAO;AAAA,QAChJ;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL;AAAA,MACA,UAAU;AAAA,MACV;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,QAAQ;AAAA,MACR,SAAS,0BAA0B,WAAW,UAAU,WAAW,OAAO,SAAS,SAAS,SAAS,qBAAqB,KAAK,GAAG,CAAC,GAAG,YAAY,KAAK,gBAAgB,SAAS,KAAK,KAAK,GAAG,CAAC,EAAE;AAAA,IAClM;AAAA,EACF;AACF,CAAC;;;AElND,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,OAAO,SAAS,UAAU,UAAU;AAC7C,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;AAYf,IAAM,yBAAyBH,MAAK;AAAA,EACzC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GACV,OAAO,EACP,IAAI,CAAC,EACL,SAAS,yDAAyD;AAAA,IACrE,SAASA,GACN,OAAO,EACP,MAAM,kBAAkB,gCAAgC,EACxD,SAAS,mCAAmC;AAAA,IAC/C,cAAcA,GACX,MAAMA,GAAE,OAAO,CAAC,EAChB,SAAS,EACT,QAAQ,CAAC,QAAQ,MAAM,CAAC,EACxB;AAAA,MACC;AAAA,IACF;AAAA,EACJ,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAyC;AACvC,UAAM,cAAc,2BAA2B,KAAK,IAAI,CAAC;AACzD,UAAM,aAAaC,MAAK,aAAa,KAAK;AAE1C,QAAI;AAEF,YAAM,SAAS,8BAA8B,WAAW,MAAM,YAAY,MAAM,GAAG,EAAE,IAAI,CAAC,IAAI,OAAO;AAGrG,YAAM,MAAM,aAAa,EAAE,WAAW,KAAK,CAAC;AAG5C,YAAM,cAAcA,MAAK,aAAa,aAAa;AACnD,YAAMC,OAAM,QAAQ,CAAC,MAAM,MAAM,aAAa,MAAM,CAAC;AAGrD,YAAM,MAAM,YAAY,EAAE,WAAW,KAAK,CAAC;AAC3C,YAAMA,OAAM,OAAO,CAAC,QAAQ,aAAa,MAAM,UAAU,CAAC;AAG1D,YAAM,oBAAoB,MAAM,QAAQ,UAAU;AAClD,YAAM,iBAAiB,kBAAkB,SAAS,SAAS,IACvDD,MAAK,YAAY,SAAS,IAC1B;AAGJ,YAAM,aAAqC,CAAC;AAE5C,qBAAe,QAAQ,KAAa,cAAqC;AACvE,YAAI;AACF,gBAAM,QAAQ,MAAM,QAAQ,KAAK,EAAE,eAAe,KAAK,CAAC;AAExD,qBAAW,QAAQ,OAAO;AACxB,kBAAM,WAAWA,MAAK,KAAK,KAAK,IAAI;AACpC,kBAAM,UAAUA,MAAK,cAAc,KAAK,IAAI;AAE5C,gBAAI,KAAK,YAAY,GAAG;AAEtB,kBACE,CAAC;AAAA,gBACC;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF,EACG,SAAS,KAAK,IAAI,GACrB;AACA,sBAAM,QAAQ,UAAU,OAAO;AAAA,cACjC;AAAA,YACF,WAAW,KAAK,OAAO,GAAG;AAExB,oBAAM,UAAU,aAAc,KAAK,CAAC,YAAY;AAC9C,sBAAM,QAAQ,IAAI;AAAA,kBAChB,IAAI,QAAQ,QAAQ,OAAO,IAAI,EAAE,QAAQ,OAAO,KAAK,CAAC;AAAA,gBACxD;AACA,uBAAO,MAAM,KAAK,KAAK,IAAI;AAAA,cAC7B,CAAC;AAED,kBAAI,SAAS;AACX,oBAAI;AACF,wBAAM,UAAU,MAAM,SAAS,UAAU,MAAM;AAC/C,6BAAW,OAAO,IAAI;AAAA,gBACxB,QAAQ;AAAA,gBAER;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAEA,YAAM,QAAQ,gBAAgB,EAAE;AAEhC,UAAI,OAAO,KAAK,UAAU,EAAE,WAAW,GAAG;AACxC,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,sCAAsC,aAAc,KAAK,IAAI,CAAC,cAAc,WAAW,IAAI,OAAO;AAAA,QAC3G;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,aAAa;AAAA,QACb,YAAY;AAAA,MACd;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAGjD,UAAI,QAAQ,SAAS,KAAK,KAAK,QAAQ,SAAS,WAAW,GAAG;AAC5D,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,WAAW,WAAW,IAAI,OAAO;AAAA,QAC1C;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,uCAAuC,WAAW,IAAI,OAAO,KAAK,OAAO;AAAA,MAClF;AAAA,IACF,UAAE;AACA,YAAM,GAAG,aAAa,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AACF,CAAC;;;ACtJD,SAAS,QAAAE,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,oBAAoB;AAqC7B,IAAM,6BAAqD;AAAA,EACzD,OACE;AAAA,EACF,kBACE;AAAA,EACF,kBACE;AAAA,EACF,SACE;AACJ;AAEO,IAAM,oBAAoBC,MAAK;AAAA,EACpC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sBAAsB;AAAA,IAC9D,mBAAmBA,GAChB,OAAO,EACP,SAAS,+BAA+B;AAAA,IAC3C,OAAOA,GACJ,OAAO,EACP,MAAM,kBAAkB,EACxB,SAAS,+BAA+B;AAAA,IAC3C,YAAYA,GAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,4BAA4B;AAAA,IACpE,aAAaA,GACV,OAAOA,GAAE,OAAO,CAAC,EACjB;AAAA,MACC;AAAA,IACF;AAAA,IACF,uBAAuBA,GACpB,KAAK,CAAC,SAAS,kBAAkB,kBAAkB,SAAS,CAAC,EAC7D,SAAS,EACT,QAAQ,SAAS,EACjB,SAAS,kDAAkD;AAAA,IAC9D,QAAQA,GACL,QAAQ,EACR,SAAS,EACT,QAAQ,KAAK,EACb,SAAS,qDAAqD;AAAA,EACnE,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAoC;AAClC,QAAI;AACF,YAAM,sBAAsB;AAC5B,UAAI,OAAO,KAAK,mBAAmB,EAAE,WAAW,GAAG;AACjD,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO;AAAA,QACT;AAAA,MACF;AAGA,YAAM,QAAQ,MAAM,YAAY;AAChC,YAAM,YAAY,MAAM,WAAW;AAGnC,YAAM,gBAAgB,OAAO,QAAQ,mBAAmB,EACrD,IAAI,CAAC,CAAC,UAAU,OAAO,MAAM;AAAA,YAAe,QAAQ;AAAA;AAAA,EAAuB,OAAO;AAAA,OAAU,EAC5F,KAAK,IAAI;AAGZ,YAAM,uBACJ,2BAA2B,qBAAqB,KAChD,2BAA2B;AAE7B,YAAM,SAAS;AAAA;AAAA;AAAA,YAGT,KAAK;AAAA,aACJ,WAAW,IAAI,iBAAiB;AAAA,cAC/B,qBAAqB;AAAA;AAAA;AAAA,EAGjC,UAAU;AAAA;AAAA;AAAA,EAGV,oBAAoB;AAAA;AAAA;AAAA,EAGpB,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA4BT,YAAM,EAAE,KAAK,IAAI,MAAM,aAAa;AAAA,QAClC;AAAA,QACA;AAAA,QACA,aAAa;AAAA;AAAA,MACf,CAAC;AAGD,UAAI;AACJ,UAAI;AAEF,cAAM,YAAY,KAAK,MAAM,aAAa;AAC1C,YAAI,CAAC,WAAW;AACd,gBAAM,IAAI,MAAM,+BAA+B;AAAA,QACjD;AACA,mBAAW,KAAK,MAAM,UAAU,CAAC,CAAC;AAAA,MACpC,SAAS,KAAK;AACZ,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO,iCAAiC,eAAe,QAAQ,IAAI,UAAU,eAAe;AAAA,QAC9F;AAAA,MACF;AAGA,UACE,CAAC,SAAS,YACV,CAAC,SAAS,aACV,OAAO,SAAS,eAAe,YAC/B,CAAC,CAAC,OAAO,UAAU,MAAM,EAAE,SAAS,SAAS,SAAS,GACtD;AACA,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO;AAAA,QACT;AAAA,MACF;AAEA,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY,SAAS;AAAA,UACrB,WAAW,SAAS;AAAA,QACtB;AAAA,MACF;AAGA,YAAM,UAA4B,CAAC;AAEnC,iBAAW,CAAC,UAAU,SAAS,KAAK,OAAO;AAAA,QACzC,SAAS;AAAA,MACX,GAAG;AACD,cAAM,aAAa,oBAAoB,QAAQ;AAE/C,YAAI,CAAC,YAAY;AACf;AAAA,QACF;AAGA,cAAM,cAAc;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAEA,YAAI,aAAa;AACf,kBAAQ,KAAK;AAAA,YACX;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,UAAI,QAAQ,WAAW,GAAG;AACxB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY,SAAS;AAAA,UACrB,WAAW,SAAS;AAAA,UACpB,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA,cAAc,QAAQ,CAAC,GAAG;AAAA,QAC1B,UAAU;AAAA,QACV,YAAY,SAAS;AAAA,QACrB,WAAW,SAAS;AAAA,MACtB;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AACjD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,OAAO,4BAA4B,OAAO;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AACF,CAAC;AAMD,SAAS,oBACP,UACA,OACA,UACe;AACf,MAAI,aAAa,OAAO;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB,SAAS,MAAM,IAAI;AACzC,QAAM,aAAa,MAAM,MAAM,IAAI;AAInC,QAAM,OAAiB,CAAC;AACxB,OAAK,KAAK,SAAS,QAAQ,EAAE;AAC7B,OAAK,KAAK,SAAS,QAAQ,EAAE;AAC7B,OAAK,KAAK,WAAW,cAAc,SAAS,SAAS,WAAW,SAAS,KAAK;AAI9E,QAAM,SAAS,KAAK,IAAI,cAAc,QAAQ,WAAW,MAAM;AAE/D,WAAS,IAAI,GAAG,IAAI,QAAQ,KAAK;AAC/B,UAAM,WAAW,cAAc,CAAC,KAAK;AACrC,UAAM,YAAY,WAAW,CAAC,KAAK;AAEnC,QAAI,aAAa,WAAW;AAC1B,UAAI,UAAU;AACZ,aAAK,KAAK,MAAM,QAAQ;AAAA,MAC1B;AACA,UAAI,WAAW;AACb,aAAK,KAAK,MAAM,SAAS;AAAA,MAC3B;AAAA,IACF,WAAW,UAAU;AACnB,WAAK,KAAK,MAAM,QAAQ;AAAA,IAC1B;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,IAAI;AACvB;;;ACpTA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,SAAAC,QAAO,SAAS,YAAAC,WAAU,MAAAC,KAAI,iBAAiB;AACxD,SAAS,cAAc;AACvB,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;AA2Cf,IAAM,qBAAqBC,MAAK;AAAA,EACrC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sBAAsB;AAAA,IAC9D,mBAAmBA,GAChB,OAAO,EACP,SAAS,+BAA+B;AAAA,IAC3C,cAAcA,GACX,OAAO,EACP,IAAI,EAAE,EACN,SAAS,EACT,SAAS,gDAAgD;AAAA,IAC5D,SAASA,GACN;AAAA,MACCA,GAAE,OAAO;AAAA,QACP,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,QAC1B,aAAaA,GAAE,OAAO,EAAE,IAAI,EAAE;AAAA,MAChC,CAAC;AAAA,IACH,EACC,SAAS,EACT,SAAS,wDAAwD;AAAA,IACpE,YAAYA,GACT,OAAO,EACP,SAAS,EACT,QAAQ,WAAW,EACnB,SAAS,gCAAgC;AAAA,IAC5C,KAAKA,GAAE,OAAO,EAAE,SAAS,2CAA2C;AAAA,IACpE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT,QAAQ,IAAI,EACZ,SAAS,2EAA2E;AAAA,IACvF,QAAQA,GAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK,EAAE,SAAS,yCAAyC;AAAA,EAClG,CAAC,EAAE,OAAO,CAAC,UAAU,QAAQ,MAAM,gBAAiB,MAAM,WAAW,MAAM,QAAQ,SAAS,CAAE,GAAG;AAAA,IAC/F,SAAS;AAAA,EACX,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAqC;AACnC,QAAI;AACF,YAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,YAAM,gBAAgB,gBAAgB,UAAU,CAAC,GAAG;AAEpD,UAAI,CAAC,eAAe;AAClB,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,gBAAgB,mBAAmB,aAAa,iBAAiB;AACvE,YAAM,gBAAgBC,MAAK,KAAK,YAAY,aAAa;AAEzD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,gDAAgD,aAAa;AAAA,UACtE;AAAA,UACA,WAAW;AAAA,QACb;AAAA,MACF;AAGA,YAAM,iBAAiBA,MAAK,KAAK,UAAU;AAC3C,YAAMC,OAAM,gBAAgB,EAAE,WAAW,KAAK,CAAC;AAG/C,YAAM,UAAU,eAAe,eAAe,MAAM;AAEpD,UAAI;AACJ,YAAM,YAAY,MAAM,iBAAiB,IAAI,GAAG;AAIhD,YAAM,cACJ,cAAc,kBACV,MAAM,iCAAiC,KAAK,EAAE,IAC9C,MAAM,iBAAiB;AAAA,QACrB;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc;AAAA,QACd;AAAA,MACF,CAAC;AAEP,UAAI,CAAC,YAAY,SAAS;AACxB,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,YAAY;AAAA,UACrB;AAAA,UACA,WAAW;AAAA,UACX;AAAA,UACA,uBAAuB,cAAc,kBAAkB,QAAQ;AAAA,UAC/D,OAAO,YAAY;AAAA,QACrB;AAAA,MACF;AAGA,UAAI,mBAAmB;AACrB,2BAAmB,MAAM,uBAAuB,KAAK,EAAE;AACvD,YAAI,CAAC,iBAAiB,QAAQ;AAC5B,gBAAM,kBAAkB;AACxB,iBAAO;AAAA,YACL,SAAS;AAAA,YACT;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,SAAS;AAAA,YACT;AAAA,YACA,WAAW;AAAA,YACX;AAAA,YACA,uBAAuB,cAAc;AAAA,YACrC,YAAY;AAAA,YACZ,OAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,kCAAkC,WAAW,IAAI,iBAAiB;AAAA,QAC3E;AAAA,QACA,WAAW;AAAA,QACX;AAAA,QACA,uBAAuB,cAAc;AAAA,QACrC,YAAY;AAAA,MACd;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AACjD,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,+BAA+B,OAAO;AAAA,QAC/C,OAAO,+BAA+B,OAAO;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACF,CAAC;AAID,eAAe,iBAAiB,gBAAgC,KAAiC;AAC/F,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AAGtC,MAAI;AACF,UAAM,SAAS,MAAMC,OAAM,QAAQ,CAAC,WAAW,GAAG;AAAA,MAChD;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AACD,UAAM,UAAU,OAAO,OAAO,KAAK;AACnC,UAAM,QAAQ,OAAO,SAAS,QAAQ,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AAC9D,WAAO,SAAS,IAAI,gBAAgB;AAAA,EACtC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,mBAAmB,aAAqB,mBAAmC;AAClF,QAAM,WAAW,YAAY,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,GAAG;AACjE,SAAO,GAAG,QAAQ,IAAI,iBAAiB;AACzC;AAEA,eAAe,iCAAiC,KAAa,gBAAgG;AAC3J,QAAM,cAAcF,MAAK,KAAK,cAAc;AAC5C,MAAI;AAEJ,MAAI;AACF,cAAU,KAAK,MAAM,MAAMG,UAAS,aAAa,MAAM,CAAC;AAAA,EAC1D,QAAQ;AACN,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,kCAAkC,WAAW;AAAA,IACtD;AAAA,EACF;AAEA,QAAM,kBAAkB,QAAQ,mBAAmB,CAAC;AACpD,MAAI,CAAC,gBAAgB,eAAe,GAAG;AACrC,QAAI;AACF,YAAM,WAAW,0BAA0B,cAAc;AACzD,YAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS,WAAW,eAAe;AAC1D,YAAMD,OAAM,KAAK,MAAM;AAAA,QACrB;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,oCAAoC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,MAC7F;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ,SAAS;AACpB,YAAQ,UAAU,CAAC;AAAA,EACrB;AAEA,QAAM,gBAAgB;AACtB,QAAM,qBAAqB,QAAQ,QAAQ,eAAe;AAE1D,MAAI,sBAAsB,CAAC,mBAAmB,SAAS,eAAe,GAAG;AACvE,YAAQ,QAAQ,cAAc,GAAG,kBAAkB,OAAO,aAAa;AAAA,EACzE,WAAW,CAAC,oBAAoB;AAC9B,YAAQ,QAAQ,cAAc;AAAA,EAChC;AAEA,QAAM,UAAU,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAC5E,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,eAAe,iBAAiB,QAMmC;AACjE,QAAM,EAAE,KAAK,aAAa,mBAAmB,cAAc,UAAU,IAAI;AACzE,QAAM,cAAc,GAAG,WAAW,IAAI,iBAAiB;AAEvD,QAAM,gBAAgB,cAAc,gBAAgB,SAAS;AAC7D,QAAM,aAAa,CAAC,SAAS,WAAW;AAExC,MAAI;AACJ,MAAI;AACF,UAAM,eAAe,MAAMA,OAAM,eAAe,YAAY;AAAA,MAC1D;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AACD,eAAW,sBAAsB,GAAG,aAAa,MAAM;AAAA,EAAK,aAAa,MAAM,EAAE;AAAA,EACnF,SAAS,KAAK;AACZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,+CAA+C,WAAW,KAC/D,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,kDAAkD,WAAW;AAAA,IACtE;AAAA,EACF;AAEA,QAAM,eAAe,MAAM,QAAQF,MAAK,OAAO,GAAG,8BAA8B,CAAC;AACjF,QAAM,gBAAgBA,MAAK,cAAc,cAAc;AAEvD,MAAI;AACF,UAAM,UAAU,eAAe,cAAc,MAAM;AACnD,UAAME,OAAM,SAAS,CAAC,OAAO,MAAM,aAAa,GAAG;AAAA,MACjD,KAAK;AAAA,MACL,OAAO;AAAA,IACT,CAAC;AAED,UAAM,gBAAgB,cAAc,gBAAgB,SAAS;AAC7D,UAAM,aACJ,cAAc,gBACV,CAAC,gBAAgB,QAAQ,IACzB,CAAC,gBAAgB,MAAM,QAAQ;AAErC,UAAMA,OAAM,eAAe,YAAY;AAAA,MACrC;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,oCAAoC,WAAW,KACpD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,IACF;AAAA,EACF,UAAE;AACA,UAAME,IAAG,cAAc,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,EACzD;AAEA,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,SAAS,sBAAsB,QAAwB;AACrD,QAAM,QAAQ,OACX,MAAM,OAAO,EACb,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAIC,YAAW,IAAI,GAAG;AACpB,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,KAAK,MAAM,KAAK,EAAE,IAAI,CAAC,UAAU,MAAM,QAAQ,gBAAgB,EAAE,CAAC;AACjF,eAAW,SAAS,QAAQ;AAC1B,UAAI,MAAM,WAAW,GAAG,KAAKA,YAAW,KAAK,GAAG;AAC9C,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAKA,eAAe,uBAAuB,KAAa,gBAA2D;AAC5G,MAAI;AACF,UAAM,WAAW,0BAA0B,cAAc;AACzD,UAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS;AAGhC,UAAM,SAAS,MAAMH,OAAM,KAAK,MAAM;AAAA,MACpC;AAAA,MACA,SAAS;AAAA;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AAED,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,SAAS,KAAK;AAEZ,UAAM,cACJ,eAAe,SAAS,YAAY,MAC/B,IAA+B,SAChC;AACN,UAAM,cAAc,mBAAmB,WAAW;AAElD,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,mBAAmB,QAA0B;AACpD,QAAM,cAAwB,CAAC;AAG/B,QAAM,WAAW;AAAA,IACf;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAEA,aAAW,WAAW,UAAU;AAC9B,QAAI;AACJ,YAAQ,QAAQ,QAAQ,KAAK,MAAM,OAAO,MAAM;AAC9C,UAAI,MAAM,CAAC,GAAG;AACZ,oBAAY,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAEA,SAAO,YAAY,MAAM,GAAG,CAAC;AAC/B;;;AfpaA,eAAsB,uBACpB,OACA,UAA4B,CAAC,GACD;AAC5B,QAAM,WAAW,gBAAgB,OAAO;AACxC,MAAI,aAAa,SAAS;AACxB,WAAO,4BAA4B,OAAO,OAAO;AAAA,EACnD;AAEA,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,aAAa,QAAQ,cAAc;AAEzC,QAAM,QAAQ,MAAM,YAAY,OAAO;AAEvC,QAAM,eAAe,wBAAwB;AAAA,IAC3C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,SAAS,6CAA6C,KAAK,uBAAuB,GAAG,sBAAsB,cAAc;AAE/H,QAAM,mBAAkC,CAAC;AACzC,QAAM,qBAA0C,CAAC;AACjD,MAAI,aAAgC;AACpC,MAAI,aAAa;AAEjB,QAAM,SAAS,MAAMI,cAAa;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,IACR;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,uBAAuB;AAAA,MACvB,sBAAsB;AAAA,MACtB,sBAAsB;AAAA,MACtB,wBAAwB;AAAA,MACxB,kBAAkB;AAAA,MAClB,oBAAoB;AAAA,IACtB;AAAA,IACA,UAAU;AAAA,IACV,aAAa,YAAY;AACvB,oBAAc;AAEd,YAAM,EAAE,YAAY,IAAI;AAExB,iBAAW,MAAM,eAAe,CAAC,GAAG;AAClC,cAAM,aAAa,GAAG;AAEtB,YAAI,GAAG,aAAa,gBAAgB,YAAY,MAAM;AACpD,uBAAa,WAAW;AAAA,QAC1B;AACA,YAAI,GAAG,aAAa,yBAAyB,YAAY,oBAAoB;AAC3E,6BAAmB,KAAK,GAAI,WAAW,kBAA0C;AAAA,QACnF;AACA,YAAI,GAAG,aAAa,sBAAsB;AACxC,2BAAiB,KAAK,UAAoC;AAAA,QAC5D;AAEA,YAAI,GAAG,aAAa,sBAAsB,YAAY;AACpD,gBAAM,aAAa,WAAW;AAG9B,gBAAM,UACJ,OAAO,WAAW,YAAY,WAC1B,WAAW,UACX,OAAO,WAAW,UAAU,WAC1B,WAAW,QACX;AAER,2BAAiB,KAAK;AAAA,YACpB,aACE,OAAO,WAAW,gBAAgB,WAC9B,WAAW,cACX;AAAA,YACN,UAAU;AAAA,YACV,aACE,OAAO,WAAW,sBAAsB,WACpC,WAAW,oBACX;AAAA,YACN,eACE,OAAO,WAAW,kBAAkB,WAChC,WAAW,gBACX,OAAO,WAAW,cAAc,WAC9B,WAAW,YACX;AAAA,YACR,SAAS,QAAQ,WAAW,OAAO;AAAA,YACnC,QAAQ,QAAQ,WAAW,MAAM;AAAA,YACjC;AAAA,YACA,YACE,cAAc,OAAO,WAAW,WAAW,YACvC;AAAA,cACE,QAAQ,WAAW;AAAA,cACnB,OAAO,OAAO,WAAW,UAAU,WAAW,WAAW,QAAQ;AAAA,YACnE,IACA;AAAA,UACR,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,OAAO;AAAA,EAClB;AACF;AAEA,eAAe,4BACb,OACA,UAA4B,CAAC,GACD;AAC5B,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,aAAa,QAAQ,cAAc;AAEzC,QAAM,mBAAkC,CAAC;AACzC,QAAM,qBAA0C,CAAC;AACjD,MAAI,aAAgC;AACpC,MAAI,aAAa;AAEjB,QAAM,eAAe,MAAM,YAAY;AACvC,QAAM,CAAC,YAAY,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,IACjD,aAAa,YAAY;AAAA,IACzB,gBAAgB,YAAY,EAAE,MAAM,MAAM,CAAC,CAAC;AAAA,EAC9C,CAAC;AACD,gBAAc;AAEd,MAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,WAAO;AAAA,MACL;AAAA,MACA,YAAY;AAAA,MACZ;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,oCAAoC,YAAY;AAAA,IAC3D;AAAA,EACF;AAEA,eAAa,cAAc;AAAA,IACzB,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,YAAY,CAAC;AAAA,IACb,kBAAkB,CAAC;AAAA,EACrB;AAEA,MAAI,WAAW,SAAS,GAAG;AACzB,iBAAa,0BAA0B,YAAY,UAAU;AAAA,EAC/D;AACA,eAAa,MAAM,cAAc,UAAU;AAE3C,MAAI,WAAW,iBAAiB,WAAW,GAAG;AAC5C,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,2EAA2E,YAAY;AAAA,IAClG;AAAA,EACF;AAEA,QAAM,YAAY,MAAO,mBAA2B,QAAQ,EAAE,KAAK,eAAe,CAAC;AACnF,gBAAc;AAEd,MAAI,WAAW,OAAO;AACpB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,yCAAyC,UAAU,KAAK;AAAA,IACnE;AAAA,EACF;AAEA,QAAM,oBAAqB,UAAU,YAAY,CAAC;AAMlD,aAAW,YAAY,WAAW,kBAAkB;AAClD,QAAI,CAAC,YAAY,OAAO,aAAa,SAAU;AAC/C,QAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,gBAAiB;AACjD,QAAI,SAAS,cAAc,MAAO;AAClC,UAAM,UAAU,kBAAkB,OAAO,CAAC,MAAM,EAAE,SAAS,SAAS,IAAI;AACxE,eAAW,aAAa,SAAS;AAC/B,UAAI,CAACC,QAAO,MAAM,UAAU,OAAO,EAAG;AACtC,UAAI,eAAe;AACnB,UAAI;AACF,uBAAeA,QAAO,UAAU,UAAU,SAAS,SAAS,iBAAiB;AAAA,UAC3E,mBAAmB;AAAA,QACrB,CAAC;AAAA,MACH,QAAQ;AACN;AAAA,MACF;AACA,UAAI,cAAc;AAChB,2BAAmB,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AACA,gBAAc;AAEd,aAAW,cAAc,oBAAoB;AAC3C,UAAM,MAAM,WAAW;AACvB,UAAM,sBAAsB,WAAW,SAAS;AAEhD,QAAI,IAAI,SAAS,YAAY;AAC3B,uBAAiB,KAAK;AAAA,QACpB,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,SAAS,IAAI,IAAI,IAAI;AAAA,MACvB,CAAC;AACD;AAAA,IACF;AAEA,QAAI,CAAC,qBAAqB;AACxB,uBAAiB,KAAK;AAAA,QACpB,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,SAAS,wCAAwC,IAAI,IAAI;AAAA,MAC3D,CAAC;AACD;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AAAA,MACxB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,WAAW,SAAS;AAAA,IACtB;AACA,kBAAc;AAEd,QAAI,CAAC,aAAa;AAChB,uBAAiB,KAAK;AAAA,QACpB,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,SAAS,qCAAqC,IAAI,IAAI;AAAA,MACxD,CAAC;AACD;AAAA,IACF;AAEA,UAAM,cAAe,MAAO,qBAA6B,QAAQ;AAAA,MAC/D;AAAA,MACA;AAAA,MACA,aAAa,IAAI;AAAA,MACjB,aAAa,IAAI;AAAA,MACjB,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AACD,kBAAc;AAEd,qBAAiB,KAAK,WAAW;AAAA,EACnC;AAEA,QAAM,eAAe,iBAAiB,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE;AAC/D,QAAM,kBAAkB,iBAAiB,OAAO,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE;AAChF,QAAM,cAAc,iBAAiB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE;AAE7D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,oCAAoC,mBAAmB,MAAM,aAAa,YAAY,YAAY,WAAW,gBAAgB,eAAe;AAAA,EACvJ;AACF;AAYA,SAAS,wBAAwB,KAA4B;AAC3D,QAAM,aAAaC,MAAK,QAAQ,IAAI,GAAG,WAAW,gBAAgB,+BAA+B;AAEjG,MAAI,CAACC,YAAW,UAAU,GAAG;AAC3B,WAAO;AAAA,qBACU,IAAI,GAAG;AAAA,qBACP,IAAI,cAAc;AAAA,WAC5B,IAAI,MAAM;AAAA,cACP,IAAI,SAAS;AAAA,eACZ,IAAI,cAAc,WAAW;AAAA,eAC7B,IAAI,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe3B;AAEA,QAAM,WAAWC,cAAa,YAAY,MAAM;AAChD,SAAO,SACJ,WAAW,aAAa,IAAI,KAAK,EACjC,WAAW,WAAW,IAAI,GAAG,EAC7B,WAAW,sBAAsB,IAAI,cAAc,EACnD,WAAW,cAAc,OAAO,IAAI,MAAM,CAAC,EAC3C,WAAW,iBAAiB,OAAO,IAAI,SAAS,CAAC,EACjD,WAAW,kBAAkB,IAAI,cAAc,WAAW,EAC1D,WAAW,kBAAkB,IAAI,UAAU;AAChD;;;AgBrXA,SAAS,eAAe;AACxB,SAAS,gBAAAC,qBAAoB;;;ACD7B,SAAS,gBAAAC,qBAAoB;AAmB7B,IAAM,YAAY;AAElB,SAAS,kBAAkB,KAA6C;AACtE,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,KAAK,IAAI,YAAY;AAC3B,MAAI,OAAO,cAAc,OAAO,UAAU,OAAO,YAAY,OAAO,OAAO;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,4BAA4B,SAAsC;AAChF,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,QAAQ,OAAO,OAAO,OAAO,mBAAmB,CAAC,CAAC,GAAG;AAC9D,eAAW,YAAY,KAAK,OAAO,CAAC,GAAG;AACrC,YAAM,OAAO,OAAO,aAAa,WAAW,WAAW,GAAG,SAAS,OAAO,EAAE,IAAI,SAAS,QAAQ,EAAE;AACnG,YAAM,UAAU,KAAK,MAAM,SAAS,KAAK,CAAC;AAC1C,iBAAW,SAAS,SAAS;AAC3B,cAAM,QAAQ,MAAM,YAAY;AAChC,cAAM,MAAM,GAAG,KAAK,IAAI,KAAK,IAAI;AACjC,YAAI,KAAK,IAAI,GAAG,EAAG;AACnB,aAAK,IAAI,GAAG;AACZ,iBAAS,KAAK;AAAA,UACZ;AAAA,UACA,QAAQ;AAAA,UACR,aAAa,KAAK;AAAA,UAClB,UAAU,kBAAkB,KAAK,QAAQ;AAAA,QAC3C,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,sBAAsB,UAAuC;AAC3E,QAAM,UAAUA,cAAa,UAAU,MAAM;AAC7C,SAAO,4BAA4B,OAAO;AAC5C;;;AC5DA,SAAS,gBAAAC,qBAAoB;AAG7B,IAAMC,aAAY;AAElB,SAASC,mBAAkB,KAA6C;AACtE,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,KAAK,IAAI,YAAY;AAC3B,MAAI,OAAO,cAAc,OAAO,UAAU,OAAO,YAAY,OAAO,OAAO;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,6BAA6B,SAAsC;AACjF,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,QAAM,QAAQ,QACX,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,IAAI;AAAA,IAC1B,QAAQ;AACN;AAAA,IACF;AAEA,UAAM,QAAQ;AAYd,QAAI,MAAM,SAAS,gBAAiB;AAEpC,UAAM,WAAW,MAAM,MAAM;AAC7B,UAAM,cAAc,UAAU;AAC9B,UAAM,WAAWA,mBAAkB,UAAU,QAAQ;AAErD,UAAM,OAAO,GAAG,UAAU,OAAO,EAAE,KAAK,UAAU,QAAQ,CAAC,GAAG,KAAK,GAAG,CAAC;AACvE,UAAM,UAAU,KAAK,MAAMD,UAAS,KAAK,CAAC;AAE1C,eAAW,SAAS,SAAS;AAC3B,YAAM,QAAQ,MAAM,YAAY;AAChC,YAAM,MAAM,GAAG,KAAK,IAAI,eAAe,EAAE;AACzC,UAAI,KAAK,IAAI,GAAG,EAAG;AACnB,WAAK,IAAI,GAAG;AAEZ,eAAS,KAAK;AAAA,QACZ;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,uBAAuB,UAAuC;AAC5E,QAAM,UAAUD,cAAa,UAAU,MAAM;AAC7C,SAAO,6BAA6B,OAAO;AAC7C;;;ACzEA,SAAS,gBAAAG,qBAAoB;AAiB7B,IAAMC,aAAY;AAElB,SAAS,mBAAmB,QAAyC;AACnE,QAAM,MAAM,OAAO,aAAa,aAAa;AAC7C,SAAO,OAAO,QAAQ,WAAW,MAAM;AACzC;AAEO,SAAS,qBAAqB,SAAsC;AACzE,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,OAAO,OAAO,QAAQ,CAAC,GAAG;AACnC,eAAW,UAAU,IAAI,WAAW,CAAC,GAAG;AACtC,YAAM,WAAW,GAAG,OAAO,UAAU,EAAE,IAAI,OAAO,SAAS,QAAQ,EAAE;AACrE,YAAM,UAAU,SAAS,MAAMA,UAAS,KAAK,CAAC;AAC9C,iBAAW,SAAS,SAAS;AAC3B,cAAM,QAAQ,MAAM,YAAY;AAChC,cAAM,MAAM,mBAAmB,MAAM;AACrC,cAAM,MAAM,GAAG,KAAK,IAAI,OAAO,EAAE;AACjC,YAAI,KAAK,IAAI,GAAG,EAAG;AACnB,aAAK,IAAI,GAAG;AACZ,iBAAS,KAAK;AAAA,UACZ;AAAA,UACA,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,UAAU;AAAA,QACZ,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,UAAuC;AACpE,QAAM,UAAUD,cAAa,UAAU,MAAM;AAC7C,SAAO,qBAAqB,OAAO;AACrC;;;AH9CO,SAAS,eAAe,UAAkB,QAA8C;AAC7F,QAAM,WAAW,WAAW,SAAS,YAAY,QAAQ,IAAI;AAE7D,MAAI,aAAa,aAAa;AAC5B,WAAO,sBAAsB,QAAQ;AAAA,EACvC;AACA,MAAI,aAAa,cAAc;AAC7B,WAAO,uBAAuB,QAAQ;AAAA,EACxC;AACA,MAAI,aAAa,SAAS;AACxB,WAAO,eAAe,QAAQ;AAAA,EAChC;AAEA,QAAM,IAAI,MAAM,6BAA6B,QAAQ,EAAE;AACzD;AAEA,SAAS,YAAY,UAAoD;AACvE,QAAM,MAAM,QAAQ,QAAQ,EAAE,YAAY;AAC1C,MAAI,QAAQ,SAAU,QAAO;AAE7B,MAAI;AACF,UAAM,UAAUE,cAAa,UAAU,MAAM;AAC7C,UAAM,YAAY,QAAQ,MAAM,IAAI,EAAE,KAAK,CAAC,SAAS,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AAChF,QAAI,WAAW;AACb,YAAM,SAAS,KAAK,MAAM,SAAS;AACnC,UAAI,OAAO,SAAS,mBAAmB,OAAO,SAAS,gBAAgB;AACrE,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,SAAO;AACT;AAEO,SAAS,aAAa,UAAyC;AACpE,SAAO,CAAC,GAAG,IAAI,IAAI,SAAS,IAAI,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,CAAC,CAAC;AAChE;;;AI/CA,SAAS,WAAW,iBAAAC,sBAAqB;AACzC,SAAS,QAAAC,aAAY;AAmBd,SAAS,kBAAkB,KAAa,QAA+B;AAC5E,SAAO;AAAA,IACL,OAAO,GAAG,KAAK,IAAI,CAAC;AAAA,IACpB;AAAA,IACA;AAAA,IACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,OAAO,CAAC;AAAA,EACV;AACF;AAEO,SAAS,gBACd,KACA,QACA,OACA,QACA,OACM;AACN,MAAI,MAAM,KAAK;AAAA,IACb,KAAI,oBAAI,KAAK,GAAE,YAAY;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEO,SAAS,iBAAiB,KAA+B;AAC9D,MAAI,cAAa,oBAAI,KAAK,GAAE,YAAY;AACxC,SAAO;AACT;AAEO,SAAS,iBAAiB,KAAa,KAA0B;AACtE,QAAM,MAAMA,MAAK,KAAK,mBAAmB,UAAU;AACnD,YAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAClC,QAAM,WAAWA,MAAK,KAAK,GAAG,IAAI,KAAK,OAAO;AAC9C,EAAAD,eAAc,UAAU,KAAK,UAAU,KAAK,MAAM,CAAC,IAAI,MAAM,MAAM;AACnE,SAAO;AACT;;;ACqBA,eAAsB,UAAU,OAAe,UAA4B,CAAC,GAA+B;AACzG,MAAI,CAAC,mBAAmB,KAAK,KAAK,GAAG;AACnC,UAAM,IAAI;AAAA,MACR,oBAAoB,KAAK;AAAA,IAC3B;AAAA,EACF;AACA,SAAO,uBAAuB,MAAM,YAAY,GAAG,OAAO;AAC5D;AAMA,eAAsB,kBACpB,WACA,UAAuB,CAAC,GACH;AACrB,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AAEzC,QAAM,WAAW,eAAe,WAAW,MAAM;AACjD,QAAM,SAAS,aAAa,QAAQ;AACpC,QAAM,SAAS,WAAW,KAAK,QAAQ,UAAU;AAEjD,QAAM,WAAW,kBAAkB,KAAK,MAAM;AAC9C,kBAAgB,UAAU,cAAc,EAAE,WAAW,OAAO,GAAG,EAAE,cAAc,SAAS,QAAQ,UAAU,OAAO,OAAO,CAAC;AAEzH,QAAM,UAA+B,CAAC;AACtC,QAAM,SAAoD,CAAC;AAC3D,QAAM,0BAID,CAAC;AACN,MAAI,iBAAiB;AAErB,aAAW,SAAS,QAAQ;AAC1B,QAAI;AACF,sBAAgB,UAAU,mBAAmB,EAAE,MAAM,CAAC;AACtD,YAAM,SAAS,MAAM,UAAU,OAAO;AAAA,QACpC,GAAG;AAAA,QACH;AAAA,MACF,CAAC;AAGD,aAAO,UAAU,OAAO,QAAQ,OAAO,CAAC,MAAM,iBAAiB,QAAQ,EAAE,WAAW,CAAC;AAGrF,iBAAW,UAAU,OAAO,SAAS;AACnC,YAAI,OAAO,aAAa,cAAc;AACpC,4BAAkB;AAAA,QACpB;AACA,YAAI,OAAO,YAAY,WAAW,SAAS,OAAO,YAAY,OAAO;AACnE,kCAAwB,KAAK;AAAA,YAC3B,aAAa,OAAO;AAAA,YACpB;AAAA,YACA,OAAO,OAAO,WAAW;AAAA,UAC3B,CAAC;AAAA,QACH;AAAA,MACF;AAEA,cAAQ,KAAK,MAAM;AACnB,sBAAgB,UAAU,oBAAoB,EAAE,MAAM,GAAG,EAAE,SAAS,OAAO,QAAQ,OAAO,CAAC;AAAA,IAC7F,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,aAAO,KAAK,EAAE,OAAO,QAAQ,CAAC;AAC9B,sBAAgB,UAAU,mBAAmB,EAAE,MAAM,GAAG,QAAW,OAAO;AAAA,IAC5E;AAAA,EACF;AAEA,MAAI,eAAe;AACnB,MAAI,cAAc;AAClB,aAAW,UAAU,SAAS;AAC5B,eAAW,UAAU,OAAO,SAAS;AACnC,UAAI,OAAO,WAAW,OAAO,QAAQ;AACnC,wBAAgB;AAAA,MAClB,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAO;AAEtB,MAAI,SAA+B;AACnC,MAAI,cAAc,KAAK,eAAe,GAAG;AACvC,aAAS;AAAA,EACX,WAAW,cAAc,KAAK,iBAAiB,GAAG;AAChD,aAAS;AAAA,EACX;AAEA,mBAAiB,QAAQ;AACzB,QAAM,eAAe,QAAQ,kBAAkB,QAAQ,SAAY,iBAAiB,KAAK,QAAQ;AAEjG,SAAO;AAAA,IACL,eAAe;AAAA,IACf;AAAA,IACA,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,yBAAyB,wBAAwB,SAAS,IAAI,0BAA0B;AAAA,IACxF,iBAAiB,iBAAiB,IAAI,aAAa;AAAA,EACrD;AACF;AAEO,SAAS,YAAY,QAA+B;AACzD,MAAI,mBAAmB;AACvB,aAAW,aAAa,OAAO,SAAS;AACtC,wBAAoB,UAAU,QAAQ;AAAA,EACxC;AAEA,SAAO;AAAA,IACL,eAAe,OAAO;AAAA,IACtB,QAAQ,OAAO;AAAA,IACf,aAAa,OAAO;AAAA,IACpB,UAAU,OAAO,OAAO;AAAA,IACxB;AAAA,IACA,cAAc,OAAO;AAAA,IACrB,aAAa,OAAO;AAAA,IACpB,QAAQ,OAAO;AAAA,IACf,cAAc,OAAO;AAAA,IACrB,gBAAgB,OAAO,kBAAkB;AAAA,IACzC,yBAAyB,OAAO;AAAA,IAChC,iBAAiB,OAAO;AAAA,EAC1B;AACF;AAEO,SAAS,WAAW,SAA4B;AACrD,SAAO,QAAQ,cAAc,IAAI,IAAI;AACvC;","names":["generateText","existsSync","readFileSync","join","semver","tool","z","join","tool","z","join","tool","z","tool","z","semver","tool","z","tool","z","join","readFileSync","execa","semver","existsSync","readFileSync","join","tool","z","join","semver","readFileSync","execa","tool","z","join","execa","tool","z","tool","z","tool","z","existsSync","mkdir","readFile","rm","join","execa","tool","z","join","mkdir","execa","readFile","rm","existsSync","generateText","semver","join","existsSync","readFileSync","readFileSync","readFileSync","readFileSync","CVE_REGEX","normalizeSeverity","readFileSync","CVE_REGEX","readFileSync","writeFileSync","join"]}