autoremediator 0.2.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +16 -1
  2. package/dist/{chunk-DQKT2CUG.js → chunk-GBOD3DV6.js} +739 -159
  3. package/dist/chunk-GBOD3DV6.js.map +1 -0
  4. package/dist/cli.d.ts +5 -0
  5. package/dist/cli.js +55 -17
  6. package/dist/cli.js.map +1 -1
  7. package/dist/index.d.ts +77 -11
  8. package/dist/index.js +3 -1
  9. package/dist/mcp/server.d.ts +292 -0
  10. package/dist/mcp/server.js +120 -16
  11. package/dist/mcp/server.js.map +1 -1
  12. package/dist/openapi/server.d.ts +445 -1
  13. package/dist/openapi/server.js +215 -54
  14. package/dist/openapi/server.js.map +1 -1
  15. package/package.json +1 -1
  16. package/dist/chunk-DQKT2CUG.js.map +0 -1
package/dist/openapi/server.js CHANGED
@@ -1,10 +1,12 @@
1
1
  import {
2
+ planRemediation,
2
3
  remediate,
3
4
  remediateFromScan
4
- } from "../chunk-DQKT2CUG.js";
5
+ } from "../chunk-GBOD3DV6.js";
5
6
 
6
7
  // src/openapi/server.ts
7
8
  import http from "http";
9
+ import { fileURLToPath } from "url";
8
10
  var DEFAULT_PORT = 3e3;
9
11
  function parsePort() {
10
12
  const idx = process.argv.indexOf("--port");
@@ -43,53 +45,85 @@ function send(res, status, body) {
43
45
  });
44
46
  res.end(payload);
45
47
  }
46
- var server = http.createServer(async (req, res) => {
47
- const url = new URL(req.url ?? "/", `http://localhost`);
48
- const method = req.method?.toUpperCase();
49
- if (method === "GET" && url.pathname === "/health") {
50
- return send(res, 200, { status: "ok" });
51
- }
52
- if (method === "GET" && url.pathname === "/openapi.json") {
53
- return send(res, 200, OPENAPI_SPEC);
54
- }
55
- if (method === "POST" && url.pathname === "/remediate") {
56
- let body;
57
- try {
58
- body = await readBody(req);
59
- } catch {
60
- return send(res, 400, { error: "Invalid JSON body" });
61
- }
62
- if (typeof body.cveId !== "string" || !body.cveId) {
63
- return send(res, 400, { error: "cveId is required (string)" });
48
+ function withOpenApiSource(options) {
49
+ const normalized = typeof options === "object" && options !== null ? options : {};
50
+ return {
51
+ ...normalized,
52
+ source: typeof normalized.source === "string" ? normalized.source : "openapi"
53
+ };
54
+ }
55
+ var defaultDeps = {
56
+ remediateFn: remediate,
57
+ remediateFromScanFn: remediateFromScan,
58
+ planRemediationFn: planRemediation
59
+ };
60
+ function createOpenApiServer(deps = defaultDeps) {
61
+ return http.createServer(async (req, res) => {
62
+ const url = new URL(req.url ?? "/", `http://localhost`);
63
+ const method = req.method?.toUpperCase();
64
+ if (method === "GET" && url.pathname === "/health") {
65
+ return send(res, 200, { status: "ok" });
64
66
  }
65
- try {
66
- const report = await remediate(body.cveId, body.options ?? {});
67
- return send(res, 200, report);
68
- } catch (err) {
69
- const message = err instanceof Error ? err.message : String(err);
70
- return send(res, 400, { error: message });
67
+ if (method === "GET" && url.pathname === "/openapi.json") {
68
+ return send(res, 200, OPENAPI_SPEC);
71
69
  }
72
- }
73
- if (method === "POST" && url.pathname === "/remediate-from-scan") {
74
- let body;
75
- try {
76
- body = await readBody(req);
77
- } catch {
78
- return send(res, 400, { error: "Invalid JSON body" });
70
+ if (method === "POST" && url.pathname === "/remediate") {
71
+ let body;
72
+ try {
73
+ body = await readBody(req);
74
+ } catch {
75
+ return send(res, 400, { error: "Invalid JSON body" });
76
+ }
77
+ if (typeof body.cveId !== "string" || !body.cveId) {
78
+ return send(res, 400, { error: "cveId is required (string)" });
79
+ }
80
+ try {
81
+ const report = await deps.remediateFn(body.cveId, withOpenApiSource(body.options));
82
+ return send(res, 200, report);
83
+ } catch (err) {
84
+ const message = err instanceof Error ? err.message : String(err);
85
+ return send(res, 400, { error: message });
86
+ }
79
87
  }
80
- if (typeof body.inputPath !== "string" || !body.inputPath) {
81
- return send(res, 400, { error: "inputPath is required (string)" });
88
+ if (method === "POST" && url.pathname === "/plan-remediation") {
89
+ let body;
90
+ try {
91
+ body = await readBody(req);
92
+ } catch {
93
+ return send(res, 400, { error: "Invalid JSON body" });
94
+ }
95
+ if (typeof body.cveId !== "string" || !body.cveId) {
96
+ return send(res, 400, { error: "cveId is required (string)" });
97
+ }
98
+ try {
99
+ const report = await deps.planRemediationFn(body.cveId, withOpenApiSource(body.options));
100
+ return send(res, 200, report);
101
+ } catch (err) {
102
+ const message = err instanceof Error ? err.message : String(err);
103
+ return send(res, 400, { error: message });
104
+ }
82
105
  }
83
- try {
84
- const report = await remediateFromScan(body.inputPath, body.options ?? {});
85
- return send(res, 200, report);
86
- } catch (err) {
87
- const message = err instanceof Error ? err.message : String(err);
88
- return send(res, 400, { error: message });
106
+ if (method === "POST" && url.pathname === "/remediate-from-scan") {
107
+ let body;
108
+ try {
109
+ body = await readBody(req);
110
+ } catch {
111
+ return send(res, 400, { error: "Invalid JSON body" });
112
+ }
113
+ if (typeof body.inputPath !== "string" || !body.inputPath) {
114
+ return send(res, 400, { error: "inputPath is required (string)" });
115
+ }
116
+ try {
117
+ const report = await deps.remediateFromScanFn(body.inputPath, withOpenApiSource(body.options));
118
+ return send(res, 200, report);
119
+ } catch (err) {
120
+ const message = err instanceof Error ? err.message : String(err);
121
+ return send(res, 400, { error: message });
122
+ }
89
123
  }
90
- }
91
- return send(res, 404, { error: "Not found" });
92
- });
124
+ return send(res, 404, { error: "Not found" });
125
+ });
126
+ }
93
127
  var OPENAPI_SPEC = {
94
128
  openapi: "3.1.0",
95
129
  info: {
@@ -122,10 +156,92 @@ var OPENAPI_SPEC = {
122
156
  cwd: { type: "string" },
123
157
  packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
124
158
  dryRun: { type: "boolean" },
125
- skipTests: { type: "boolean" },
159
+ preview: { type: "boolean" },
160
+ runTests: { type: "boolean" },
161
+ llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
162
+ patchesDir: { type: "string" },
163
+ policy: { type: "string" },
164
+ requestId: { type: "string" },
165
+ sessionId: { type: "string" },
166
+ parentRunId: { type: "string" },
167
+ idempotencyKey: { type: "string" },
168
+ resume: { type: "boolean" },
169
+ actor: { type: "string" },
170
+ source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
171
+ constraints: {
172
+ type: "object",
173
+ properties: {
174
+ directDependenciesOnly: { type: "boolean" },
175
+ preferVersionBump: { type: "boolean" }
176
+ }
177
+ }
178
+ }
179
+ }
180
+ }
181
+ }
182
+ }
183
+ }
184
+ },
185
+ responses: {
186
+ "200": {
187
+ description: "RemediationReport",
188
+ content: { "application/json": { schema: { type: "object" } } }
189
+ },
190
+ "400": {
191
+ description: "Invalid input or remediation error",
192
+ content: {
193
+ "application/json": {
194
+ schema: {
195
+ type: "object",
196
+ properties: { error: { type: "string" } }
197
+ }
198
+ }
199
+ }
200
+ }
201
+ }
202
+ }
203
+ },
204
+ "/plan-remediation": {
205
+ post: {
206
+ operationId: "planRemediation",
207
+ summary: "Generate a non-mutating remediation preview",
208
+ requestBody: {
209
+ required: true,
210
+ content: {
211
+ "application/json": {
212
+ schema: {
213
+ type: "object",
214
+ required: ["cveId"],
215
+ properties: {
216
+ cveId: {
217
+ type: "string",
218
+ description: "CVE identifier, e.g. CVE-2021-23337",
219
+ pattern: "^CVE-\\d{4}-\\d+$"
220
+ },
221
+ options: {
222
+ type: "object",
223
+ description: "RemediateOptions",
224
+ properties: {
225
+ cwd: { type: "string" },
226
+ packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
227
+ runTests: { type: "boolean" },
126
228
  llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
127
229
  patchesDir: { type: "string" },
128
- policyPath: { type: "string" }
230
+ policy: { type: "string" },
231
+ requestId: { type: "string" },
232
+ sessionId: { type: "string" },
233
+ parentRunId: { type: "string" },
234
+ idempotencyKey: { type: "string" },
235
+ resume: { type: "boolean" },
236
+ actor: { type: "string" },
237
+ source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
238
+ constraints: {
239
+ type: "object",
240
+ properties: {
241
+ directDependenciesOnly: { type: "boolean" },
242
+ preferVersionBump: { type: "boolean" }
243
+ }
244
+ }
129
245
  }
130
246
  }
131
247
  }
@@ -175,12 +291,27 @@ var OPENAPI_SPEC = {
175
291
  cwd: { type: "string" },
176
292
  packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
177
293
  dryRun: { type: "boolean" },
178
- skipTests: { type: "boolean" },
294
+ preview: { type: "boolean" },
295
+ runTests: { type: "boolean" },
179
296
  llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
180
297
  format: { type: "string", enum: ["npm-audit", "yarn-audit", "sarif", "auto"] },
181
298
  patchesDir: { type: "string" },
182
- policyPath: { type: "string" },
183
- writeEvidence: { type: "boolean" }
299
+ policy: { type: "string" },
300
+ evidence: { type: "boolean" },
301
+ requestId: { type: "string" },
302
+ sessionId: { type: "string" },
303
+ parentRunId: { type: "string" },
304
+ idempotencyKey: { type: "string" },
305
+ resume: { type: "boolean" },
306
+ actor: { type: "string" },
307
+ source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
308
+ constraints: {
309
+ type: "object",
310
+ properties: {
311
+ directDependenciesOnly: { type: "boolean" },
312
+ preferVersionBump: { type: "boolean" }
313
+ }
314
+ }
184
315
  }
185
316
  }
186
317
  }
@@ -191,7 +322,26 @@ var OPENAPI_SPEC = {
191
322
  responses: {
192
323
  "200": {
193
324
  description: "ScanReport",
194
- content: { "application/json": { schema: { type: "object" } } }
325
+ content: {
326
+ "application/json": {
327
+ schema: {
328
+ type: "object",
329
+ properties: {
330
+ schemaVersion: { type: "string" },
331
+ status: { type: "string", enum: ["ok", "partial", "failed"] },
332
+ generatedAt: { type: "string" },
333
+ cveIds: { type: "array", items: { type: "string" } },
334
+ reports: { type: "array", items: { type: "object" } },
335
+ successCount: { type: "number" },
336
+ failedCount: { type: "number" },
337
+ errors: { type: "array", items: { type: "object" } },
338
+ evidenceFile: { type: "string" },
339
+ patchCount: { type: "number" },
340
+ patchesDir: { type: "string" }
341
+ }
342
+ }
343
+ }
344
+ }
195
345
  },
196
346
  "400": {
197
347
  description: "Invalid input or remediation error",
@@ -228,9 +378,20 @@ var OPENAPI_SPEC = {
228
378
  }
229
379
  }
230
380
  };
231
- var port = parsePort();
232
- server.listen(port, () => {
233
- console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);
234
- console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);
235
- });
381
+ function isMainModule() {
382
+ if (!process.argv[1]) return false;
383
+ return fileURLToPath(import.meta.url) === process.argv[1];
384
+ }
385
+ if (isMainModule()) {
386
+ const port = parsePort();
387
+ const server = createOpenApiServer();
388
+ server.listen(port, () => {
389
+ console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);
390
+ console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);
391
+ });
392
+ }
393
+ export {
394
+ OPENAPI_SPEC,
395
+ createOpenApiServer
396
+ };
236
397
  //# sourceMappingURL=server.js.map
package/dist/openapi/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/openapi/server.ts"],"sourcesContent":["/**\n * autoremediator OpenAPI HTTP server\n *\n * Exposes POST /remediate and POST /remediate-from-scan as a lightweight\n * HTTP server using Node.js built-in http module (no framework dependency).\n *\n * Start: node dist/openapi/server.js [--port 3000]\n */\nimport http from \"node:http\";\nimport { remediate, remediateFromScan } from \"../api.js\";\nimport type { RemediateOptions, ScanOptions } from \"../api.js\";\n\nconst DEFAULT_PORT = 3000;\n\nfunction parsePort(): number {\n const idx = process.argv.indexOf(\"--port\");\n if (idx !== -1 && process.argv[idx + 1]) {\n const p = parseInt(process.argv[idx + 1], 10);\n if (!isNaN(p)) return p;\n }\n if (process.env.PORT) {\n const p = parseInt(process.env.PORT, 10);\n if (!isNaN(p)) return p;\n }\n return DEFAULT_PORT;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let raw = \"\";\n req.setEncoding(\"utf8\");\n req.on(\"data\", (chunk: string) => { raw += chunk; });\n req.on(\"end\", () => {\n try {\n resolve(raw ? JSON.parse(raw) : {});\n } catch {\n reject(new Error(\"Invalid JSON body\"));\n }\n });\n req.on(\"error\", reject);\n });\n}\n\nfunction send(res: http.ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n \"Content-Length\": Buffer.byteLength(payload),\n });\n res.end(payload);\n}\n\nconst server = http.createServer(async (req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost`);\n const method = req.method?.toUpperCase();\n\n // Health check\n if (method === \"GET\" && url.pathname === \"/health\") {\n return send(res, 200, { status: \"ok\" });\n }\n\n // OpenAPI spec\n if (method === \"GET\" && url.pathname === \"/openapi.json\") {\n return send(res, 200, OPENAPI_SPEC);\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await remediate(body.cveId, (body.options ?? {}) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate-from-scan\") {\n let body: { inputPath?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.inputPath !== \"string\" || !body.inputPath) {\n return send(res, 400, { error: \"inputPath is required (string)\" });\n }\n try {\n const report = await remediateFromScan(body.inputPath, (body.options ?? {}) as ScanOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n return send(res, 404, { error: \"Not found\" });\n});\n\nconst OPENAPI_SPEC = {\n openapi: \"3.1.0\",\n info: {\n title: \"autoremediator\",\n version: \"0.1.2\",\n description: \"Agentic CVE remediation for Node.js dependency projects\",\n },\n paths: {\n \"/remediate\": {\n post: {\n operationId: \"remediate\",\n summary: \"Remediate a single CVE\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n skipTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policyPath: { type: \"string\" },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/remediate-from-scan\": {\n post: {\n operationId: \"remediateFromScan\",\n summary: \"Parse a scanner file and remediate all found CVEs\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: {\n type: \"string\",\n description: \"Absolute or relative path to npm/pnpm/yarn audit JSON or SARIF file\",\n },\n options: {\n type: \"object\",\n description: \"ScanOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n skipTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n format: { type: \"string\", enum: [\"npm-audit\", \"yarn-audit\", \"sarif\", \"auto\"] },\n patchesDir: { type: \"string\" },\n policyPath: { type: \"string\" },\n writeEvidence: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"ScanReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/health\": {\n get: {\n operationId: \"health\",\n summary: \"Health check\",\n responses: {\n \"200\": {\n description: \"Server is healthy\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { status: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n },\n};\n\nconst port = parsePort();\nserver.listen(port, () => {\n console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);\n console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);\n});\n"],"mappings":";;;;;;AAQA,OAAO,UAAU;AAIjB,IAAM,eAAe;AAErB,SAAS,YAAoB;AAC3B,QAAM,MAAM,QAAQ,KAAK,QAAQ,QAAQ;AACzC,MAAI,QAAQ,MAAM,QAAQ,KAAK,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,SAAS,QAAQ,KAAK,MAAM,CAAC,GAAG,EAAE;AAC5C,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,MAAI,QAAQ,IAAI,MAAM;AACpB,UAAM,IAAI,SAAS,QAAQ,IAAI,MAAM,EAAE;AACvC,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,MAAM;AACV,QAAI,YAAY,MAAM;AACtB,QAAI,GAAG,QAAQ,CAAC,UAAkB;AAAE,aAAO;AAAA,IAAO,CAAC;AACnD,QAAI,GAAG,OAAO,MAAM;AAClB,UAAI;AACF,gBAAQ,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;AAAA,MACpC,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,KAAK,KAA0B,QAAgB,MAAqB;AAC3E,QAAM,UAAU,KAAK,UAAU,IAAI;AACnC,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,OAAO;AAAA,EAC7C,CAAC;AACD,MAAI,IAAI,OAAO;AACjB;AAEA,IAAM,SAAS,KAAK,aAAa,OAAO,KAAK,QAAQ;AACnD,QAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,QAAM,SAAS,IAAI,QAAQ,YAAY;AAGvC,MAAI,WAAW,SAAS,IAAI,aAAa,WAAW;AAClD,WAAO,KAAK,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,EACxC;AAGA,MAAI,WAAW,SAAS,IAAI,aAAa,iBAAiB;AACxD,WAAO,KAAK,KAAK,KAAK,YAAY;AAAA,EACpC;AAEA,MAAI,WAAW,UAAU,IAAI,aAAa,cAAc;AACtD,QAAI;AACJ,QAAI;AACF,aAAQ,MAAM,SAAS,GAAG;AAAA,IAC5B,QAAQ;AACN,aAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,IACtD;AACA,QAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,aAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,IAC/D;AACA,QAAI;AACF,YAAM,SAAS,MAAM,UAAU,KAAK,OAAQ,KAAK,WAAW,CAAC,CAAsB;AACnF,aAAO,KAAK,KAAK,KAAK,MAAM;AAAA,IAC9B,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,aAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,IAC1C;AAAA,EACF;AAEA,MAAI,WAAW,UAAU,IAAI,aAAa,wBAAwB;AAChE,QAAI;AACJ,QAAI;AACF,aAAQ,MAAM,SAAS,GAAG;AAAA,IAC5B,QAAQ;AACN,aAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,IACtD;AACA,QAAI,OAAO,KAAK,cAAc,YAAY,CAAC,KAAK,WAAW;AACzD,aAAO,KAAK,KAAK,KAAK,EAAE,OAAO,iCAAiC,CAAC;AAAA,IACnE;AACA,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,WAAY,KAAK,WAAW,CAAC,CAAiB;AAC1F,aAAO,KAAK,KAAK,KAAK,MAAM;AAAA,IAC9B,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,aAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,KAAK,EAAE,OAAO,YAAY,CAAC;AAC9C,CAAC;AAED,IAAM,eAAe;AAAA,EACnB,SAAS;AAAA,EACT,MAAM;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,OAAO;AAAA,IACL,cAAc;AAAA,MACZ,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,WAAW,EAAE,MAAM,UAAU;AAAA,sBAC7B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,YAAY,EAAE,MAAM,SAAS;AAAA,oBAC/B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,wBAAwB;AAAA,MACtB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,WAAW;AAAA,gBACtB,YAAY;AAAA,kBACV,WAAW;AAAA,oBACT,MAAM;AAAA,oBACN,aAAa;AAAA,kBACf;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,WAAW,EAAE,MAAM,UAAU;AAAA,sBAC7B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,aAAa,cAAc,SAAS,MAAM,EAAE;AAAA,sBAC7E,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,eAAe,EAAE,MAAM,UAAU;AAAA,oBACnC;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,KAAK;AAAA,QACH,aAAa;AAAA,QACb,SAAS;AAAA,QACT,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC3C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAM,OAAO,UAAU;AACvB,OAAO,OAAO,MAAM,MAAM;AACxB,UAAQ,IAAI,+DAA+D,IAAI,EAAE;AACjF,UAAQ,IAAI,oCAAoC,IAAI,eAAe;AACrE,CAAC;","names":[]}
1
+ {"version":3,"sources":["../../src/openapi/server.ts"],"sourcesContent":["/**\n * autoremediator OpenAPI HTTP server\n *\n * Exposes POST /remediate and POST /remediate-from-scan as a lightweight\n * HTTP server using Node.js built-in http module (no framework dependency).\n *\n * Start: node dist/openapi/server.js [--port 3000]\n */\nimport http from \"node:http\";\nimport { fileURLToPath } from \"node:url\";\nimport { planRemediation, remediate, remediateFromScan } from \"../api.js\";\nimport type { RemediateOptions, ScanOptions } from \"../api.js\";\n\nconst DEFAULT_PORT = 3000;\n\nfunction parsePort(): number {\n const idx = process.argv.indexOf(\"--port\");\n if (idx !== -1 && process.argv[idx + 1]) {\n const p = parseInt(process.argv[idx + 1], 10);\n if (!isNaN(p)) return p;\n }\n if (process.env.PORT) {\n const p = parseInt(process.env.PORT, 10);\n if (!isNaN(p)) return p;\n }\n return DEFAULT_PORT;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let raw = \"\";\n req.setEncoding(\"utf8\");\n req.on(\"data\", (chunk: string) => { raw += chunk; });\n req.on(\"end\", () => {\n try {\n resolve(raw ? JSON.parse(raw) : {});\n } catch {\n reject(new Error(\"Invalid JSON body\"));\n }\n });\n req.on(\"error\", reject);\n });\n}\n\nfunction send(res: http.ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n \"Content-Length\": Buffer.byteLength(payload),\n });\n res.end(payload);\n}\n\nfunction withOpenApiSource(options: unknown): Record<string, unknown> {\n const normalized = typeof options === \"object\" && options !== null\n ? (options as Record<string, unknown>)\n : {};\n return {\n ...normalized,\n source: typeof normalized.source === \"string\" ? normalized.source : \"openapi\",\n };\n}\n\ninterface OpenApiServerDeps {\n remediateFn: typeof remediate;\n remediateFromScanFn: typeof remediateFromScan;\n planRemediationFn: typeof planRemediation;\n}\n\nconst defaultDeps: OpenApiServerDeps = {\n remediateFn: remediate,\n remediateFromScanFn: remediateFromScan,\n planRemediationFn: planRemediation,\n};\n\nexport function createOpenApiServer(deps: OpenApiServerDeps = defaultDeps): http.Server {\n return http.createServer(async (req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost`);\n const method = req.method?.toUpperCase();\n\n // Health check\n if (method === \"GET\" && url.pathname === \"/health\") {\n return send(res, 200, { status: \"ok\" });\n }\n\n // OpenAPI spec\n if (method === \"GET\" && url.pathname === \"/openapi.json\") {\n return send(res, 200, OPENAPI_SPEC);\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.remediateFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/plan-remediation\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.planRemediationFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate-from-scan\") {\n let body: { inputPath?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.inputPath !== \"string\" || !body.inputPath) {\n return send(res, 400, { error: \"inputPath is required (string)\" });\n }\n try {\n const report = await deps.remediateFromScanFn(body.inputPath, withOpenApiSource(body.options) as ScanOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n return send(res, 404, { error: \"Not found\" });\n });\n}\n\nexport const OPENAPI_SPEC = {\n openapi: \"3.1.0\",\n info: {\n title: \"autoremediator\",\n version: \"0.1.2\",\n description: \"Agentic CVE remediation for Node.js dependency projects\",\n },\n paths: {\n \"/remediate\": {\n post: {\n operationId: \"remediate\",\n summary: \"Remediate a single CVE\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n preview: { type: \"boolean\" },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/plan-remediation\": {\n post: {\n operationId: \"planRemediation\",\n summary: \"Generate a non-mutating remediation preview\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/remediate-from-scan\": {\n post: {\n operationId: \"remediateFromScan\",\n summary: \"Parse a scanner file and remediate all found CVEs\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: {\n type: \"string\",\n description: \"Absolute or relative path to npm/pnpm/yarn audit JSON or SARIF file\",\n },\n options: {\n type: \"object\",\n description: \"ScanOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n preview: { type: \"boolean\" },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n format: { type: \"string\", enum: [\"npm-audit\", \"yarn-audit\", \"sarif\", \"auto\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n evidence: { type: \"boolean\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"ScanReport\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: {\n schemaVersion: { type: \"string\" },\n status: { type: \"string\", enum: [\"ok\", \"partial\", \"failed\"] },\n generatedAt: { type: \"string\" },\n cveIds: { type: \"array\", items: { type: \"string\" } },\n reports: { type: \"array\", items: { type: \"object\" } },\n successCount: { type: \"number\" },\n failedCount: { type: \"number\" },\n errors: { type: \"array\", items: { type: \"object\" } },\n evidenceFile: { type: \"string\" },\n patchCount: { type: \"number\" },\n patchesDir: { type: \"string\" },\n },\n },\n },\n },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/health\": {\n get: {\n operationId: \"health\",\n summary: \"Health check\",\n responses: {\n \"200\": {\n description: \"Server is healthy\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { status: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n },\n};\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n const port = parsePort();\n const server = createOpenApiServer();\n server.listen(port, () => {\n console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);\n console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);\n });\n}\n"],"mappings":";;;;;;;AAQA,OAAO,UAAU;AACjB,SAAS,qBAAqB;AAI9B,IAAM,eAAe;AAErB,SAAS,YAAoB;AAC3B,QAAM,MAAM,QAAQ,KAAK,QAAQ,QAAQ;AACzC,MAAI,QAAQ,MAAM,QAAQ,KAAK,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,SAAS,QAAQ,KAAK,MAAM,CAAC,GAAG,EAAE;AAC5C,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,MAAI,QAAQ,IAAI,MAAM;AACpB,UAAM,IAAI,SAAS,QAAQ,IAAI,MAAM,EAAE;AACvC,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,MAAM;AACV,QAAI,YAAY,MAAM;AACtB,QAAI,GAAG,QAAQ,CAAC,UAAkB;AAAE,aAAO;AAAA,IAAO,CAAC;AACnD,QAAI,GAAG,OAAO,MAAM;AAClB,UAAI;AACF,gBAAQ,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;AAAA,MACpC,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,KAAK,KAA0B,QAAgB,MAAqB;AAC3E,QAAM,UAAU,KAAK,UAAU,IAAI;AACnC,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,OAAO;AAAA,EAC7C,CAAC;AACD,MAAI,IAAI,OAAO;AACjB;AAEA,SAAS,kBAAkB,SAA2C;AACpE,QAAM,aAAa,OAAO,YAAY,YAAY,YAAY,OACzD,UACD,CAAC;AACL,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,OAAO,WAAW,WAAW,WAAW,WAAW,SAAS;AAAA,EACtE;AACF;AAQA,IAAM,cAAiC;AAAA,EACrC,aAAa;AAAA,EACb,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEO,SAAS,oBAAoB,OAA0B,aAA0B;AACtF,SAAO,KAAK,aAAa,OAAO,KAAK,QAAQ;AAC3C,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,SAAS,IAAI,QAAQ,YAAY;AAGzC,QAAI,WAAW,SAAS,IAAI,aAAa,WAAW;AAClD,aAAO,KAAK,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACxC;AAGA,QAAI,WAAW,SAAS,IAAI,aAAa,iBAAiB;AACxD,aAAO,KAAK,KAAK,KAAK,YAAY;AAAA,IACpC;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,cAAc;AACxD,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,YAAY,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AACrG,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,qBAAqB;AAC/D,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,kBAAkB,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AAC3G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,wBAAwB;AAClE,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,cAAc,YAAY,CAAC,KAAK,WAAW;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,iCAAiC,CAAC;AAAA,MACnE;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,oBAAoB,KAAK,WAAW,kBAAkB,KAAK,OAAO,CAAgB;AAC5G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,WAAO,KAAK,KAAK,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC9C,CAAC;AACH;AAEO,IAAM,eAAe;AAAA,EAC1B,SAAS;AAAA,EACT,MAAM;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,OAAO;AAAA,IACL,cAAc;AAAA,MACZ,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,SAAS,EAAE,MAAM,UAAU;AAAA,sBAC3B,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,qBAAqB;AAAA,MACnB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,wBAAwB;AAAA,MACtB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,WAAW;AAAA,gBACtB,YAAY;AAAA,kBACV,WAAW;AAAA,oBACT,MAAM;AAAA,oBACN,aAAa;AAAA,kBACf;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,SAAS,EAAE,MAAM,UAAU;AAAA,sBAC3B,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,aAAa,cAAc,SAAS,MAAM,EAAE;AAAA,sBAC7E,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY;AAAA,oBACV,eAAe,EAAE,MAAM,SAAS;AAAA,oBAChC,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,MAAM,WAAW,QAAQ,EAAE;AAAA,oBAC5D,aAAa,EAAE,MAAM,SAAS;AAAA,oBAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACnD,SAAS,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACpD,cAAc,EAAE,MAAM,SAAS;AAAA,oBAC/B,aAAa,EAAE,MAAM,SAAS;AAAA,oBAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACnD,cAAc,EAAE,MAAM,SAAS;AAAA,oBAC/B,YAAY,EAAE,MAAM,SAAS;AAAA,oBAC7B,YAAY,EAAE,MAAM,SAAS;AAAA,kBAC/B;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,KAAK;AAAA,QACH,aAAa;AAAA,QACb,SAAS;AAAA,QACT,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC3C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,QAAM,OAAO,UAAU;AACvB,QAAM,SAAS,oBAAoB;AACnC,SAAO,OAAO,MAAM,MAAM;AACxB,YAAQ,IAAI,+DAA+D,IAAI,EAAE;AACjF,YAAQ,IAAI,oCAAoC,IAAI,eAAe;AAAA,EACrE,CAAC;AACH;","names":[]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "autoremediator",
3
3
  "private": false,
4
- "version": "0.2.2",
4
+ "version": "0.4.0",
5
5
  "description": "Automated CVE remediation for Node.js dependencies with CLI, SDK, MCP, and scanner-to-fix workflows.",
6
6
  "keywords": [
7
7
  "security-remediation",