autoremediator 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -1,22 +1,55 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
+ PACKAGE_VERSION
4
+ } from "./chunk-7XSZTGU7.js";
5
+ import {
6
+ OPTION_DESCRIPTIONS,
3
7
  ciExitCode,
4
8
  remediate,
5
9
  remediateFromScan,
6
10
  toCiSummary,
7
11
  toSarifOutput
8
- } from "./chunk-VLXGEH7U.js";
12
+ } from "./chunk-MUFP2DQX.js";
9
13
 
10
- // src/cli.ts
11
- import { Command } from "commander";
12
- import { existsSync, writeFileSync } from "fs";
14
+ // src/cli/index.ts
13
15
  import { fileURLToPath } from "url";
16
+
17
+ // src/cli/program.ts
18
+ import { Command } from "commander";
19
+ import { existsSync } from "fs";
20
+
21
+ // src/cli/runners.ts
22
+ import { writeFileSync } from "fs";
23
+
24
+ // src/cli/output.ts
14
25
  function logJson(value) {
15
26
  process.stdout.write(`${JSON.stringify(value, null, 2)}
16
27
  `);
17
28
  }
18
- function isCveId(value) {
19
- return /^CVE-\d{4}-\d+$/i.test(value);
29
+ function formatCountMap(counts) {
30
+ if (!counts) return void 0;
31
+ const entries = Object.entries(counts).filter(([, value]) => value > 0);
32
+ if (entries.length === 0) return void 0;
33
+ return entries.map(([key, value]) => `${key}=${value}`).join(", ");
34
+ }
35
+
36
+ // src/cli/runners.ts
37
+ function asSingleCveScanReport(report) {
38
+ return {
39
+ schemaVersion: "1.0",
40
+ status: report.results.some((result) => !result.applied && !result.dryRun) ? report.results.some((result) => result.applied || result.dryRun) ? "partial" : "failed" : "ok",
41
+ generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
42
+ cveIds: [report.cveId],
43
+ reports: [report],
44
+ successCount: report.results.filter((result) => result.applied || result.dryRun).length,
45
+ failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,
46
+ errors: [],
47
+ evidenceFile: report.evidenceFile,
48
+ patchCount: report.results.filter((result) => result.strategy === "patch-file").length,
49
+ correlation: report.correlation,
50
+ provenance: report.provenance,
51
+ constraints: report.constraints
52
+ };
20
53
  }
21
54
  async function runSingleCve(cveId, opts) {
22
55
  const report = await remediate(cveId, {
@@ -25,7 +58,9 @@ async function runSingleCve(cveId, opts) {
25
58
  dryRun: opts.dryRun,
26
59
  preview: opts.preview,
27
60
  runTests: opts.runTests,
61
+ patchesDir: opts.patchesDir,
28
62
  policy: opts.policy,
63
+ evidence: opts.evidence,
29
64
  llmProvider: opts.llmProvider,
30
65
  requestId: opts.requestId,
31
66
  sessionId: opts.sessionId,
@@ -39,14 +74,32 @@ async function runSingleCve(cveId, opts) {
39
74
  preferVersionBump: opts.preferVersionBump
40
75
  }
41
76
  });
77
+ const reportAsScan = asSingleCveScanReport(report);
78
+ if (opts.outputFormat === "sarif") {
79
+ logJson(toSarifOutput(reportAsScan));
80
+ if (opts.ci) {
81
+ process.exitCode = ciExitCode(toCiSummary(reportAsScan));
82
+ }
83
+ return;
84
+ }
42
85
  if (opts.json) {
43
86
  logJson(report);
87
+ if (opts.ci) {
88
+ process.exitCode = ciExitCode(toCiSummary(reportAsScan));
89
+ }
44
90
  return;
45
91
  }
46
92
  process.stdout.write(`${report.summary}
47
93
  `);
48
94
  process.stdout.write(`Results: ${report.results.length}
49
95
  `);
96
+ if (report.evidenceFile) {
97
+ process.stdout.write(`Evidence: ${report.evidenceFile}
98
+ `);
99
+ }
100
+ if (opts.ci) {
101
+ process.exitCode = ciExitCode(toCiSummary(reportAsScan));
102
+ }
50
103
  }
51
104
  async function runScanInput(inputPath, opts) {
52
105
  const report = await remediateFromScan(inputPath, {
@@ -54,6 +107,7 @@ async function runScanInput(inputPath, opts) {
54
107
  packageManager: opts.packageManager,
55
108
  format: opts.format,
56
109
  policy: opts.policy,
110
+ patchesDir: opts.patchesDir,
57
111
  dryRun: opts.dryRun,
58
112
  preview: opts.preview,
59
113
  runTests: opts.runTests,
@@ -97,6 +151,21 @@ async function runScanInput(inputPath, opts) {
97
151
  `);
98
152
  process.stdout.write(`Failed remediations: ${report.failedCount}
99
153
  `);
154
+ const strategyCounts = formatCountMap(report.strategyCounts);
155
+ if (strategyCounts) {
156
+ process.stdout.write(`Strategy counts: ${strategyCounts}
157
+ `);
158
+ }
159
+ const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);
160
+ if (dependencyScopeCounts) {
161
+ process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}
162
+ `);
163
+ }
164
+ const unresolvedByReason = formatCountMap(report.unresolvedByReason);
165
+ if (unresolvedByReason) {
166
+ process.stdout.write(`Unresolved reasons: ${unresolvedByReason}
167
+ `);
168
+ }
100
169
  if (report.evidenceFile) {
101
170
  process.stdout.write(`Evidence: ${report.evidenceFile}
102
171
  `);
@@ -111,16 +180,43 @@ async function runScanInput(inputPath, opts) {
111
180
  process.exitCode = ciExitCode(toCiSummary(report));
112
181
  }
113
182
  }
183
+
184
+ // src/cli/types.ts
185
+ function isCveId(value) {
186
+ return /^CVE-\d{4}-\d+$/i.test(value);
187
+ }
188
+
189
+ // src/cli/program.ts
190
+ function addSharedOptions(program, includeInput = false) {
191
+ program.option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--dry-run", OPTION_DESCRIPTIONS.dryRun, false).option("--preview", OPTION_DESCRIPTIONS.preview, false).option("--run-tests", OPTION_DESCRIPTIONS.runTests, false).option("--llm-provider <provider>", OPTION_DESCRIPTIONS.llmProvider).option("--request-id <id>", OPTION_DESCRIPTIONS.requestId).option("--session-id <id>", OPTION_DESCRIPTIONS.sessionId).option("--parent-run-id <id>", OPTION_DESCRIPTIONS.parentRunId).option("--idempotency-key <key>", OPTION_DESCRIPTIONS.idempotencyKey).option("--resume", OPTION_DESCRIPTIONS.resume, false).option("--actor <name>", OPTION_DESCRIPTIONS.actor).option("--source <src>", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`).option("--direct-dependencies-only", OPTION_DESCRIPTIONS.directDependenciesOnly, false).option("--prefer-version-bump", OPTION_DESCRIPTIONS.preferVersionBump, false).option("--policy <path>", OPTION_DESCRIPTIONS.policy).option("--evidence", OPTION_DESCRIPTIONS.evidence, true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false);
192
+ if (includeInput) {
193
+ program.option("--input <path>", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);
194
+ }
195
+ return program;
196
+ }
114
197
  function createProgram() {
115
198
  const program = new Command();
116
- program.name("autoremediator").description("Scanner-first Node.js vulnerability auto-remediation tool").version("0.1.2").showHelpAfterError();
117
- program.command("cve").description("Remediate a single CVE ID").argument("<cveId>", "CVE ID, e.g. CVE-2021-23337").option("--cwd <path>", "Target project directory", process.cwd()).option("--package-manager <name>", "Package manager: npm|pnpm|yarn").option("--dry-run", "Plan changes only without mutating files", false).option("--preview", "Run non-mutating remediation preview mode", false).option("--run-tests", "Run package-manager test validation after apply", false).option("--llm-provider <provider>", "LLM provider: openai|anthropic|local").option("--request-id <id>", "Request correlation ID").option("--session-id <id>", "Session correlation ID").option("--parent-run-id <id>", "Parent run correlation ID").option("--idempotency-key <key>", "Idempotency key for replay-safe execution").option("--resume", "Resume by returning cached result for matching idempotency key", false).option("--actor <name>", "Actor identity for evidence provenance").option("--source <src>", "Source system: cli|sdk|mcp|openapi|unknown").option("--direct-dependencies-only", "Enforce direct-dependency-only remediation constraint", false).option("--prefer-version-bump", "Reject patch-file outcomes when version-bump is preferred", false).option("--json", "Print JSON output", false).action(async (cveId, opts) => {
118
- await runSingleCve(cveId, opts);
199
+ program.name("autoremediator").description("Scanner-first Node.js vulnerability auto-remediation tool").version(PACKAGE_VERSION).showHelpAfterError();
200
+ addSharedOptions(
201
+ program.command("cve").description("Remediate a single CVE ID").argument("<cveId>", OPTION_DESCRIPTIONS.cveId),
202
+ false
203
+ ).action(async (cveId, opts, command) => {
204
+ const merged = {
205
+ ...opts,
206
+ ...command.optsWithGlobals()
207
+ };
208
+ await runSingleCve(cveId, merged);
119
209
  });
120
- program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").requiredOption("--input <path>", "Path to scanner output file").option("--format <type>", "Input format: auto|npm-audit|yarn-audit|sarif", "auto").option("--cwd <path>", "Target project directory", process.cwd()).option("--package-manager <name>", "Package manager: npm|pnpm|yarn").option("--policy <path>", "Path to policy file (.autoremediator.json)").option("--dry-run", "Plan changes only without mutating files", false).option("--preview", "Run non-mutating remediation preview mode", false).option("--run-tests", "Run package-manager test validation after apply", false).option("--llm-provider <provider>", "LLM provider: openai|anthropic|local").option("--request-id <id>", "Request correlation ID").option("--session-id <id>", "Session correlation ID").option("--parent-run-id <id>", "Parent run correlation ID").option("--idempotency-key <key>", "Idempotency key for replay-safe execution").option("--resume", "Resume by returning cached result for matching idempotency key", false).option("--actor <name>", "Actor identity for evidence provenance").option("--source <src>", "Source system: cli|sdk|mcp|openapi|unknown").option("--direct-dependencies-only", "Enforce direct-dependency-only remediation constraint", false).option("--prefer-version-bump", "Reject patch-file outcomes when version-bump is preferred", false).option("--evidence", "Enable evidence file output", true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--summary-file <path>", "Write machine-readable scan summary JSON to path").option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false).action(async (opts) => {
210
+ addSharedOptions(
211
+ program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").requiredOption("--input <path>", OPTION_DESCRIPTIONS.inputPath).option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
212
+ false
213
+ ).action(async (opts) => {
121
214
  await runScanInput(opts.input, opts);
122
215
  });
123
- program.argument("[target]", "Scanner output file path (or CVE ID fallback)").option("--cwd <path>", "Target project directory", process.cwd()).option("--package-manager <name>", "Package manager: npm|pnpm|yarn").option("--dry-run", "Plan changes only without mutating files", false).option("--preview", "Run non-mutating remediation preview mode", false).option("--run-tests", "Run package-manager test validation after apply", false).option("--llm-provider <provider>", "LLM provider: openai|anthropic|local").option("--request-id <id>", "Request correlation ID").option("--session-id <id>", "Session correlation ID").option("--parent-run-id <id>", "Parent run correlation ID").option("--idempotency-key <key>", "Idempotency key for replay-safe execution").option("--resume", "Resume by returning cached result for matching idempotency key", false).option("--actor <name>", "Actor identity for evidence provenance").option("--source <src>", "Source system: cli|sdk|mcp|openapi|unknown").option("--direct-dependencies-only", "Enforce direct-dependency-only remediation constraint", false).option("--prefer-version-bump", "Reject patch-file outcomes when version-bump is preferred", false).option("--input <path>", "Path to scanner output file (scanner-first mode)").option("--format <type>", "Input format: auto|npm-audit|yarn-audit|sarif", "auto").option("--policy <path>", "Path to policy file (.autoremediator.json)").option("--evidence", "Enable evidence file output", true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--summary-file <path>", "Write machine-readable scan summary JSON to path").option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false).action(async (target, opts) => {
216
+ addSharedOptions(
217
+ program.argument("[target]", "Scanner output file path (or CVE ID fallback)").option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
218
+ true
219
+ ).action(async (target, opts) => {
124
220
  if (opts.input) {
125
221
  await runScanInput(opts.input, opts);
126
222
  return;
@@ -143,8 +239,13 @@ function createProgram() {
143
239
  });
144
240
  return program;
145
241
  }
242
+
243
+ // src/cli/index.ts
244
+ function createProgram2() {
245
+ return createProgram();
246
+ }
146
247
  async function main(argv = process.argv) {
147
- const program = createProgram();
248
+ const program = createProgram2();
148
249
  await program.parseAsync(argv);
149
250
  }
150
251
  function isMainModule() {
@@ -160,6 +261,6 @@ if (isMainModule()) {
160
261
  });
161
262
  }
162
263
  export {
163
- createProgram
264
+ createProgram2 as createProgram
164
265
  };
165
266
  //# sourceMappingURL=cli.js.map
package/dist/cli.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { ciExitCode, remediate, remediateFromScan, toCiSummary, toSarifOutput } from \"./api.js\";\nimport { existsSync, writeFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\n\ntype ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\ninterface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nfunction logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nfunction isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n\nasync function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n policy: opts.policy,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.json) {\n logJson(report);\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n}\n\nasync function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(\"0.1.2\")\n .showHelpAfterError();\n\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", \"CVE ID, e.g. CVE-2021-23337\")\n .option(\"--cwd <path>\", \"Target project directory\", process.cwd())\n .option(\"--package-manager <name>\", \"Package manager: npm|pnpm|yarn\")\n .option(\"--dry-run\", \"Plan changes only without mutating files\", false)\n .option(\"--preview\", \"Run non-mutating remediation preview mode\", false)\n .option(\"--run-tests\", \"Run package-manager test validation after apply\", false)\n .option(\"--llm-provider <provider>\", \"LLM provider: openai|anthropic|local\")\n .option(\"--request-id <id>\", \"Request correlation ID\")\n .option(\"--session-id <id>\", \"Session correlation ID\")\n .option(\"--parent-run-id <id>\", \"Parent run correlation ID\")\n .option(\"--idempotency-key <key>\", \"Idempotency key for replay-safe execution\")\n .option(\"--resume\", \"Resume by returning cached result for matching idempotency key\", false)\n .option(\"--actor <name>\", \"Actor identity for evidence provenance\")\n .option(\"--source <src>\", \"Source system: cli|sdk|mcp|openapi|unknown\")\n .option(\"--direct-dependencies-only\", \"Enforce direct-dependency-only remediation constraint\", false)\n .option(\"--prefer-version-bump\", \"Reject patch-file outcomes when version-bump is preferred\", false)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (cveId: string, opts: CommandOptions) => {\n await runSingleCve(cveId, opts);\n });\n\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", \"Path to scanner output file\")\n .option(\"--format <type>\", \"Input format: auto|npm-audit|yarn-audit|sarif\", \"auto\")\n .option(\"--cwd <path>\", \"Target project directory\", process.cwd())\n .option(\"--package-manager <name>\", \"Package manager: npm|pnpm|yarn\")\n .option(\"--policy <path>\", \"Path to policy file (.autoremediator.json)\")\n .option(\"--dry-run\", \"Plan changes only without mutating files\", false)\n .option(\"--preview\", \"Run non-mutating remediation preview mode\", false)\n .option(\"--run-tests\", \"Run package-manager test validation after apply\", false)\n .option(\"--llm-provider <provider>\", \"LLM provider: openai|anthropic|local\")\n .option(\"--request-id <id>\", \"Request correlation ID\")\n .option(\"--session-id <id>\", \"Session correlation ID\")\n .option(\"--parent-run-id <id>\", \"Parent run correlation ID\")\n .option(\"--idempotency-key <key>\", \"Idempotency key for replay-safe execution\")\n .option(\"--resume\", \"Resume by returning cached result for matching idempotency key\", false)\n .option(\"--actor <name>\", \"Actor identity for evidence provenance\")\n .option(\"--source <src>\", \"Source system: cli|sdk|mcp|openapi|unknown\")\n .option(\"--direct-dependencies-only\", \"Enforce direct-dependency-only remediation constraint\", false)\n .option(\"--prefer-version-bump\", \"Reject patch-file outcomes when version-bump is preferred\", false)\n .option(\"--evidence\", \"Enable evidence file output\", true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\")\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n // Scanner-first top-level mode (default):\n // autoremediator --input audit.json\n // autoremediator audit.json\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--cwd <path>\", \"Target project directory\", process.cwd())\n .option(\"--package-manager <name>\", \"Package manager: npm|pnpm|yarn\")\n .option(\"--dry-run\", \"Plan changes only without mutating files\", false)\n .option(\"--preview\", \"Run non-mutating remediation preview mode\", false)\n .option(\"--run-tests\", \"Run package-manager test validation after apply\", false)\n .option(\"--llm-provider <provider>\", \"LLM provider: openai|anthropic|local\")\n .option(\"--request-id <id>\", \"Request correlation ID\")\n .option(\"--session-id <id>\", \"Session correlation ID\")\n .option(\"--parent-run-id <id>\", \"Parent run correlation ID\")\n .option(\"--idempotency-key <key>\", \"Idempotency key for replay-safe execution\")\n .option(\"--resume\", \"Resume by returning cached result for matching idempotency key\", false)\n .option(\"--actor <name>\", \"Actor identity for evidence provenance\")\n .option(\"--source <src>\", \"Source system: cli|sdk|mcp|openapi|unknown\")\n .option(\"--direct-dependencies-only\", \"Enforce direct-dependency-only remediation constraint\", false)\n .option(\"--prefer-version-bump\", \"Reject patch-file outcomes when version-bump is preferred\", false)\n .option(\"--input <path>\", \"Path to scanner output file (scanner-first mode)\")\n .option(\"--format <type>\", \"Input format: auto|npm-audit|yarn-audit|sarif\", \"auto\")\n .option(\"--policy <path>\", \"Path to policy file (.autoremediator.json)\")\n .option(\"--evidence\", \"Enable evidence file output\", true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\")\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n"],"mappings":";;;;;;;;;;AAEA,SAAS,eAAe;AAExB,SAAS,YAAY,qBAAqB;AAC1C,SAAS,qBAAqB;AA8B9B,SAAS,QAAQ,OAAsB;AACrC,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEA,SAAS,QAAQ,OAAwB;AACvC,SAAO,mBAAmB,KAAK,KAAK;AACtC;AAEA,eAAe,aAAa,OAAe,MAAqC;AAC9E,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,QAAQ,KAAK;AAAA,IACb,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC5D;AAEA,eAAe,aAAa,WAAmB,MAAqC;AAClF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,OAAO,EACf,mBAAmB;AAEtB,UACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,6BAA6B,EACjD,OAAO,gBAAgB,4BAA4B,QAAQ,IAAI,CAAC,EAChE,OAAO,4BAA4B,gCAAgC,EACnE,OAAO,aAAa,4CAA4C,KAAK,EACrE,OAAO,aAAa,6CAA6C,KAAK,EACtE,OAAO,eAAe,mDAAmD,KAAK,EAC9E,OAAO,6BAA6B,sCAAsC,EAC1E,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,wBAAwB,2BAA2B,EAC1D,OAAO,2BAA2B,2CAA2C,EAC7E,OAAO,YAAY,kEAAkE,KAAK,EAC1F,OAAO,kBAAkB,wCAAwC,EACjE,OAAO,kBAAkB,4CAA4C,EACrE,OAAO,8BAA8B,yDAAyD,KAAK,EACnG,OAAO,yBAAyB,6DAA6D,KAAK,EAClG,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,OAAe,SAAyB;AACrD,UAAM,aAAa,OAAO,IAAI;AAAA,EAChC,CAAC;AAEH,UACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,6BAA6B,EAC9D,OAAO,mBAAmB,iDAAiD,MAAM,EACjF,OAAO,gBAAgB,4BAA4B,QAAQ,IAAI,CAAC,EAChE,OAAO,4BAA4B,gCAAgC,EACnE,OAAO,mBAAmB,4CAA4C,EACtE,OAAO,aAAa,4CAA4C,KAAK,EACrE,OAAO,aAAa,6CAA6C,KAAK,EACtE,OAAO,eAAe,mDAAmD,KAAK,EAC9E,OAAO,6BAA6B,sCAAsC,EAC1E,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,wBAAwB,2BAA2B,EAC1D,OAAO,2BAA2B,2CAA2C,EAC7E,OAAO,YAAY,kEAAkE,KAAK,EAC1F,OAAO,kBAAkB,wCAAwC,EACjE,OAAO,kBAAkB,4CAA4C,EACrE,OAAO,8BAA8B,yDAAyD,KAAK,EACnG,OAAO,yBAAyB,6DAA6D,KAAK,EAClG,OAAO,cAAc,+BAA+B,IAAI,EACxD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,yBAAyB,kDAAkD,EAClF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,SAAyB;AACtC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAKH,UACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,gBAAgB,4BAA4B,QAAQ,IAAI,CAAC,EAChE,OAAO,4BAA4B,gCAAgC,EACnE,OAAO,aAAa,4CAA4C,KAAK,EACrE,OAAO,aAAa,6CAA6C,KAAK,EACtE,OAAO,eAAe,mDAAmD,KAAK,EAC9E,OAAO,6BAA6B,sCAAsC,EAC1E,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,wBAAwB,2BAA2B,EAC1D,OAAO,2BAA2B,2CAA2C,EAC7E,OAAO,YAAY,kEAAkE,KAAK,EAC1F,OAAO,kBAAkB,wCAAwC,EACjE,OAAO,kBAAkB,4CAA4C,EACrE,OAAO,8BAA8B,yDAAyD,KAAK,EACnG,OAAO,yBAAyB,6DAA6D,KAAK,EAClG,OAAO,kBAAkB,kDAAkD,EAC3E,OAAO,mBAAmB,iDAAiD,MAAM,EACjF,OAAO,mBAAmB,4CAA4C,EACtE,OAAO,cAAc,+BAA+B,IAAI,EACxD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,yBAAyB,kDAAkD,EAClF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,QAA4B,SAAyB;AAClE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAEH,SAAO;AACT;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAU,cAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":[]}
1
+ {"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runScanInput, runSingleCve } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACM3B,SAAS,qBAAqB;;;ACRvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADCA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;;;AEpIO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvBA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,oBAAoB,SAAS,EAC9D,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,SAAyB;AACvC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAED;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADtGO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}
package/dist/index.d.ts CHANGED
@@ -1,214 +1,12 @@
1
- /** A resolved CVE entry with affected npm package info */
2
- interface CveDetails {
3
- id: string;
4
- summary: string;
5
- severity: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | "UNKNOWN";
6
- cvssScore?: number;
7
- epss?: {
8
- score: number;
9
- percentile: number;
10
- date?: string;
11
- };
12
- kev?: {
13
- knownExploited: boolean;
14
- dateAdded?: string;
15
- dueDate?: string;
16
- requiredAction?: string;
17
- knownRansomwareCampaignUse?: string;
18
- };
19
- intelligence?: {
20
- cveServicesEnriched?: boolean;
21
- gitlabAdvisoryMatched?: boolean;
22
- certCcMatched?: boolean;
23
- depsDevEnrichedPackages?: number;
24
- scorecardProjects?: number;
25
- vendorAdvisories?: string[];
26
- commercialFeeds?: string[];
27
- sourceHealth?: Record<string, {
28
- attempted: boolean;
29
- changed: boolean;
30
- error?: string;
31
- }>;
32
- };
33
- references: string[];
34
- affectedPackages: AffectedPackage[];
35
- }
36
- /** A single npm package affected by a CVE */
37
- interface AffectedPackage {
38
- name: string;
39
- ecosystem: "npm";
40
- /** Semver range string for the vulnerable version window, e.g. ">=0.0.0 <4.17.21" */
41
- vulnerableRange: string;
42
- /** The first version that is NOT vulnerable (the safe upgrade target) */
43
- firstPatchedVersion?: string;
44
- /** Source that provided this entry */
45
- source: "osv" | "github-advisory";
46
- }
47
- /** A package found in the consumer's project */
48
- interface InventoryPackage {
49
- name: string;
50
- version: string;
51
- /** "direct" = listed in package.json; "indirect" = transitive dep */
52
- type: "direct" | "indirect";
53
- }
54
- /** A package that is both installed and matches a vulnerable range */
55
- interface VulnerablePackage {
56
- installed: InventoryPackage;
57
- affected: AffectedPackage;
58
- /** The resolved safe upgrade version, if one exists on npm */
59
- safeUpgradeVersion?: string;
60
- }
61
- /** The outcome of a single patch operation */
62
- type PatchStrategy = "version-bump" | "patch-file" | "none";
63
- interface PatchResult {
64
- packageName: string;
65
- strategy: PatchStrategy;
66
- fromVersion: string;
67
- toVersion?: string;
68
- patchFilePath?: string;
69
- applied: boolean;
70
- dryRun: boolean;
71
- message: string;
72
- validation?: {
73
- passed: boolean;
74
- error?: string;
75
- };
76
- }
77
- interface CorrelationContext {
78
- requestId?: string;
79
- sessionId?: string;
80
- parentRunId?: string;
81
- }
82
- interface RemediationConstraints {
83
- directDependenciesOnly?: boolean;
84
- preferVersionBump?: boolean;
85
- }
86
- interface ProvenanceContext {
87
- actor?: string;
88
- source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
89
- }
90
- /** Top-level options for the remediate() API and CLI */
91
- interface RemediateOptions extends CorrelationContext {
92
- /** Working directory of the consumer's project (defaults to process.cwd()) */
93
- cwd?: string;
94
- /** Package manager to use (defaults to auto-detect from lockfile) */
95
- packageManager?: "npm" | "pnpm" | "yarn";
96
- /** If true, plan and report changes but do not write anything */
97
- dryRun?: boolean;
98
- /** If true, run package-manager tests after patching */
99
- runTests?: boolean;
100
- /** Override the LLM provider (falls back to env AUTOREMEDIATOR_LLM_PROVIDER) */
101
- llmProvider?: "openai" | "anthropic" | "local";
102
- /** Override the model name */
103
- model?: string;
104
- /** Optional path to a policy file (.autoremediator.json) */
105
- policy?: string;
106
- /** Directory to write .patch files (default: ./patches) */
107
- patchesDir?: string;
108
- /** If true, run a non-mutating remediation preview (forces dryRun behavior for mutation tools). */
109
- preview?: boolean;
110
- /** Optional deterministic idempotency key for request replay handling. */
111
- idempotencyKey?: string;
112
- /** If true, return cached report for matching idempotency key + CVE when available. */
113
- resume?: boolean;
114
- /** Optional caller provenance fields for evidence and reporting. */
115
- actor?: string;
116
- source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
117
- /** Optional orchestration constraints for result enforcement. */
118
- constraints?: RemediationConstraints;
119
- }
120
- /** Final report returned by the remediation pipeline */
121
- interface RemediationReport {
122
- cveId: string;
123
- cveDetails: CveDetails | null;
124
- vulnerablePackages: VulnerablePackage[];
125
- results: PatchResult[];
126
- agentSteps: number;
127
- summary: string;
128
- correlation?: CorrelationContext;
129
- provenance?: ProvenanceContext;
130
- constraints?: RemediationConstraints;
131
- resumedFromCache?: boolean;
132
- }
133
-
134
- type ScanInputFormat = "npm-audit" | "yarn-audit" | "sarif" | "auto";
1
+ import { R as RemediateOptions, a as RemediationReport, C as CiSummary, S as ScanReport } from './remediate-from-scan-C-E7gqxF.js';
2
+ export { A as AffectedPackage, b as CorrelationContext, c as CveDetails, D as DependencyScope, d as DependencyScopeCounts, I as InventoryPackage, P as PatchResult, e as PatchStrategy, f as PatchStrategyCounts, g as ProvenanceContext, h as RemediationConstraints, i as ScanInputFormat, j as ScanOptions, U as UnresolvedReason, k as UnresolvedReasonCounts, V as VulnerablePackage, p as planRemediation, r as remediate, l as remediateFromScan } from './remediate-from-scan-C-E7gqxF.js';
3
+ export { L as LLM_PROVIDER_VALUES, O as OPTION_DESCRIPTIONS, P as PACKAGE_MANAGER_VALUES, a as PROVENANCE_SOURCE_VALUES, c as createConstraintSchemaProperties, b as createRemediateOptionSchemaProperties, d as createScanOptionSchemaProperties, e as createScanReportSchemaProperties } from './options-schema-DfLBOsPI.js';
135
4
 
136
5
  declare function runRemediationPipeline(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
137
6
 
138
- interface ScanOptions extends RemediateOptions {
139
- format?: ScanInputFormat;
140
- policy?: string;
141
- evidence?: boolean;
142
- }
143
- interface ScanReport {
144
- schemaVersion: "1.0";
145
- status: "ok" | "partial" | "failed";
146
- generatedAt: string;
147
- cveIds: string[];
148
- reports: RemediationReport[];
149
- successCount: number;
150
- failedCount: number;
151
- errors: Array<{
152
- cveId: string;
153
- message: string;
154
- }>;
155
- evidenceFile?: string;
156
- patchCount: number;
157
- patchValidationFailures?: Array<{
158
- packageName: string;
159
- cveId: string;
160
- error: string;
161
- }>;
162
- patchesDir?: string;
163
- correlation?: CorrelationContext;
164
- provenance?: ProvenanceContext;
165
- constraints?: RemediationConstraints;
166
- idempotencyKey?: string;
167
- }
168
- interface CiSummary {
169
- schemaVersion: "1.0";
170
- status: "ok" | "partial" | "failed";
171
- generatedAt: string;
172
- cveCount: number;
173
- remediationCount: number;
174
- successCount: number;
175
- failedCount: number;
176
- errors: Array<{
177
- cveId: string;
178
- message: string;
179
- }>;
180
- evidenceFile?: string;
181
- patchCount?: number;
182
- patchValidationFailures?: Array<{
183
- packageName: string;
184
- cveId: string;
185
- error: string;
186
- }>;
187
- patchesDir?: string;
188
- correlation?: CorrelationContext;
189
- provenance?: ProvenanceContext;
190
- constraints?: RemediationConstraints;
191
- idempotencyKey?: string;
192
- }
193
- /**
194
- * Main entry point for programmatic use.
195
- *
196
- * @param cveId - CVE identifier, e.g. "CVE-2021-23337"
197
- * @param options - Optional configuration (cwd, dryRun, llmProvider, etc.)
198
- * @returns A RemediationReport describing what was found and done
199
- */
200
- declare function remediate(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
201
- /**
202
- * Non-mutating preview entrypoint for planning and orchestration.
203
- */
204
- declare function planRemediation(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
205
- /**
206
- * Scanner-first entrypoint: parse a scanner output file (npm audit JSON or SARIF),
207
- * extract CVEs, and run remediations one-by-one.
208
- */
209
- declare function remediateFromScan(inputPath: string, options?: ScanOptions): Promise<ScanReport>;
210
7
  declare function toCiSummary(report: ScanReport): CiSummary;
211
8
  declare function ciExitCode(summary: CiSummary): number;
9
+
212
10
  type SarifLevel = "error" | "warning" | "note" | "none";
213
11
  interface SarifRule {
214
12
  id: string;
@@ -256,9 +54,6 @@ interface SarifOutput {
256
54
  results: SarifResult[];
257
55
  }>;
258
56
  }
259
- /**
260
- * Convert a ScanReport to SARIF 2.1.0 format for GitHub Code Scanning upload.
261
- */
262
57
  declare function toSarifOutput(report: ScanReport): SarifOutput;
263
58
 
264
- export { type AffectedPackage, type CiSummary, type CorrelationContext, type CveDetails, type InventoryPackage, type PatchResult, type PatchStrategy, type ProvenanceContext, type RemediateOptions, type RemediationConstraints, type RemediationReport, type SarifOutput, type ScanInputFormat, type ScanOptions, type ScanReport, type VulnerablePackage, ciExitCode, planRemediation, remediate, remediateFromScan, runRemediationPipeline, toCiSummary, toSarifOutput };
59
+ export { CiSummary, RemediateOptions, RemediationReport, type SarifOutput, ScanReport, ciExitCode, runRemediationPipeline, toCiSummary, toSarifOutput };
package/dist/index.js CHANGED
@@ -1,14 +1,30 @@
1
1
  import {
2
+ LLM_PROVIDER_VALUES,
3
+ OPTION_DESCRIPTIONS,
4
+ PACKAGE_MANAGER_VALUES,
5
+ PROVENANCE_SOURCE_VALUES,
2
6
  ciExitCode,
7
+ createConstraintSchemaProperties,
8
+ createRemediateOptionSchemaProperties,
9
+ createScanOptionSchemaProperties,
10
+ createScanReportSchemaProperties,
3
11
  planRemediation,
4
12
  remediate,
5
13
  remediateFromScan,
6
14
  runRemediationPipeline,
7
15
  toCiSummary,
8
16
  toSarifOutput
9
- } from "./chunk-VLXGEH7U.js";
17
+ } from "./chunk-MUFP2DQX.js";
10
18
  export {
19
+ LLM_PROVIDER_VALUES,
20
+ OPTION_DESCRIPTIONS,
21
+ PACKAGE_MANAGER_VALUES,
22
+ PROVENANCE_SOURCE_VALUES,
11
23
  ciExitCode,
24
+ createConstraintSchemaProperties,
25
+ createRemediateOptionSchemaProperties,
26
+ createScanOptionSchemaProperties,
27
+ createScanReportSchemaProperties,
12
28
  planRemediation,
13
29
  remediate,
14
30
  remediateFromScan,