autoremediator 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -3
- package/dist/chunk-7XSZTGU7.js +16 -0
- package/dist/chunk-7XSZTGU7.js.map +1 -0
- package/dist/{chunk-VLXGEH7U.js → chunk-MUFP2DQX.js} +2623 -1732
- package/dist/chunk-MUFP2DQX.js.map +1 -0
- package/dist/cli.js +114 -13
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +5 -210
- package/dist/index.js +17 -1
- package/dist/mcp/server.d.ts +3 -241
- package/dist/mcp/server.js +14 -69
- package/dist/mcp/server.js.map +1 -1
- package/dist/openapi/server.d.ts +9 -242
- package/dist/openapi/server.js +16 -90
- package/dist/openapi/server.js.map +1 -1
- package/dist/options-schema-DfLBOsPI.d.ts +37 -0
- package/dist/remediate-from-scan-C-E7gqxF.d.ts +211 -0
- package/llms.txt +21 -6
- package/package.json +2 -2
- package/dist/chunk-VLXGEH7U.js.map +0 -1
package/dist/cli.js
CHANGED
|
@@ -1,22 +1,55 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import {
|
|
3
|
+
PACKAGE_VERSION
|
|
4
|
+
} from "./chunk-7XSZTGU7.js";
|
|
5
|
+
import {
|
|
6
|
+
OPTION_DESCRIPTIONS,
|
|
3
7
|
ciExitCode,
|
|
4
8
|
remediate,
|
|
5
9
|
remediateFromScan,
|
|
6
10
|
toCiSummary,
|
|
7
11
|
toSarifOutput
|
|
8
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-MUFP2DQX.js";
|
|
9
13
|
|
|
10
|
-
// src/cli.ts
|
|
11
|
-
import { Command } from "commander";
|
|
12
|
-
import { existsSync, writeFileSync } from "fs";
|
|
14
|
+
// src/cli/index.ts
|
|
13
15
|
import { fileURLToPath } from "url";
|
|
16
|
+
|
|
17
|
+
// src/cli/program.ts
|
|
18
|
+
import { Command } from "commander";
|
|
19
|
+
import { existsSync } from "fs";
|
|
20
|
+
|
|
21
|
+
// src/cli/runners.ts
|
|
22
|
+
import { writeFileSync } from "fs";
|
|
23
|
+
|
|
24
|
+
// src/cli/output.ts
|
|
14
25
|
function logJson(value) {
|
|
15
26
|
process.stdout.write(`${JSON.stringify(value, null, 2)}
|
|
16
27
|
`);
|
|
17
28
|
}
|
|
18
|
-
function
|
|
19
|
-
|
|
29
|
+
function formatCountMap(counts) {
|
|
30
|
+
if (!counts) return void 0;
|
|
31
|
+
const entries = Object.entries(counts).filter(([, value]) => value > 0);
|
|
32
|
+
if (entries.length === 0) return void 0;
|
|
33
|
+
return entries.map(([key, value]) => `${key}=${value}`).join(", ");
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
// src/cli/runners.ts
|
|
37
|
+
function asSingleCveScanReport(report) {
|
|
38
|
+
return {
|
|
39
|
+
schemaVersion: "1.0",
|
|
40
|
+
status: report.results.some((result) => !result.applied && !result.dryRun) ? report.results.some((result) => result.applied || result.dryRun) ? "partial" : "failed" : "ok",
|
|
41
|
+
generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
42
|
+
cveIds: [report.cveId],
|
|
43
|
+
reports: [report],
|
|
44
|
+
successCount: report.results.filter((result) => result.applied || result.dryRun).length,
|
|
45
|
+
failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,
|
|
46
|
+
errors: [],
|
|
47
|
+
evidenceFile: report.evidenceFile,
|
|
48
|
+
patchCount: report.results.filter((result) => result.strategy === "patch-file").length,
|
|
49
|
+
correlation: report.correlation,
|
|
50
|
+
provenance: report.provenance,
|
|
51
|
+
constraints: report.constraints
|
|
52
|
+
};
|
|
20
53
|
}
|
|
21
54
|
async function runSingleCve(cveId, opts) {
|
|
22
55
|
const report = await remediate(cveId, {
|
|
@@ -25,7 +58,9 @@ async function runSingleCve(cveId, opts) {
|
|
|
25
58
|
dryRun: opts.dryRun,
|
|
26
59
|
preview: opts.preview,
|
|
27
60
|
runTests: opts.runTests,
|
|
61
|
+
patchesDir: opts.patchesDir,
|
|
28
62
|
policy: opts.policy,
|
|
63
|
+
evidence: opts.evidence,
|
|
29
64
|
llmProvider: opts.llmProvider,
|
|
30
65
|
requestId: opts.requestId,
|
|
31
66
|
sessionId: opts.sessionId,
|
|
@@ -39,14 +74,32 @@ async function runSingleCve(cveId, opts) {
|
|
|
39
74
|
preferVersionBump: opts.preferVersionBump
|
|
40
75
|
}
|
|
41
76
|
});
|
|
77
|
+
const reportAsScan = asSingleCveScanReport(report);
|
|
78
|
+
if (opts.outputFormat === "sarif") {
|
|
79
|
+
logJson(toSarifOutput(reportAsScan));
|
|
80
|
+
if (opts.ci) {
|
|
81
|
+
process.exitCode = ciExitCode(toCiSummary(reportAsScan));
|
|
82
|
+
}
|
|
83
|
+
return;
|
|
84
|
+
}
|
|
42
85
|
if (opts.json) {
|
|
43
86
|
logJson(report);
|
|
87
|
+
if (opts.ci) {
|
|
88
|
+
process.exitCode = ciExitCode(toCiSummary(reportAsScan));
|
|
89
|
+
}
|
|
44
90
|
return;
|
|
45
91
|
}
|
|
46
92
|
process.stdout.write(`${report.summary}
|
|
47
93
|
`);
|
|
48
94
|
process.stdout.write(`Results: ${report.results.length}
|
|
49
95
|
`);
|
|
96
|
+
if (report.evidenceFile) {
|
|
97
|
+
process.stdout.write(`Evidence: ${report.evidenceFile}
|
|
98
|
+
`);
|
|
99
|
+
}
|
|
100
|
+
if (opts.ci) {
|
|
101
|
+
process.exitCode = ciExitCode(toCiSummary(reportAsScan));
|
|
102
|
+
}
|
|
50
103
|
}
|
|
51
104
|
async function runScanInput(inputPath, opts) {
|
|
52
105
|
const report = await remediateFromScan(inputPath, {
|
|
@@ -54,6 +107,7 @@ async function runScanInput(inputPath, opts) {
|
|
|
54
107
|
packageManager: opts.packageManager,
|
|
55
108
|
format: opts.format,
|
|
56
109
|
policy: opts.policy,
|
|
110
|
+
patchesDir: opts.patchesDir,
|
|
57
111
|
dryRun: opts.dryRun,
|
|
58
112
|
preview: opts.preview,
|
|
59
113
|
runTests: opts.runTests,
|
|
@@ -97,6 +151,21 @@ async function runScanInput(inputPath, opts) {
|
|
|
97
151
|
`);
|
|
98
152
|
process.stdout.write(`Failed remediations: ${report.failedCount}
|
|
99
153
|
`);
|
|
154
|
+
const strategyCounts = formatCountMap(report.strategyCounts);
|
|
155
|
+
if (strategyCounts) {
|
|
156
|
+
process.stdout.write(`Strategy counts: ${strategyCounts}
|
|
157
|
+
`);
|
|
158
|
+
}
|
|
159
|
+
const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);
|
|
160
|
+
if (dependencyScopeCounts) {
|
|
161
|
+
process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}
|
|
162
|
+
`);
|
|
163
|
+
}
|
|
164
|
+
const unresolvedByReason = formatCountMap(report.unresolvedByReason);
|
|
165
|
+
if (unresolvedByReason) {
|
|
166
|
+
process.stdout.write(`Unresolved reasons: ${unresolvedByReason}
|
|
167
|
+
`);
|
|
168
|
+
}
|
|
100
169
|
if (report.evidenceFile) {
|
|
101
170
|
process.stdout.write(`Evidence: ${report.evidenceFile}
|
|
102
171
|
`);
|
|
@@ -111,16 +180,43 @@ async function runScanInput(inputPath, opts) {
|
|
|
111
180
|
process.exitCode = ciExitCode(toCiSummary(report));
|
|
112
181
|
}
|
|
113
182
|
}
|
|
183
|
+
|
|
184
|
+
// src/cli/types.ts
|
|
185
|
+
function isCveId(value) {
|
|
186
|
+
return /^CVE-\d{4}-\d+$/i.test(value);
|
|
187
|
+
}
|
|
188
|
+
|
|
189
|
+
// src/cli/program.ts
|
|
190
|
+
function addSharedOptions(program, includeInput = false) {
|
|
191
|
+
program.option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--dry-run", OPTION_DESCRIPTIONS.dryRun, false).option("--preview", OPTION_DESCRIPTIONS.preview, false).option("--run-tests", OPTION_DESCRIPTIONS.runTests, false).option("--llm-provider <provider>", OPTION_DESCRIPTIONS.llmProvider).option("--request-id <id>", OPTION_DESCRIPTIONS.requestId).option("--session-id <id>", OPTION_DESCRIPTIONS.sessionId).option("--parent-run-id <id>", OPTION_DESCRIPTIONS.parentRunId).option("--idempotency-key <key>", OPTION_DESCRIPTIONS.idempotencyKey).option("--resume", OPTION_DESCRIPTIONS.resume, false).option("--actor <name>", OPTION_DESCRIPTIONS.actor).option("--source <src>", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`).option("--direct-dependencies-only", OPTION_DESCRIPTIONS.directDependenciesOnly, false).option("--prefer-version-bump", OPTION_DESCRIPTIONS.preferVersionBump, false).option("--policy <path>", OPTION_DESCRIPTIONS.policy).option("--evidence", OPTION_DESCRIPTIONS.evidence, true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false);
|
|
192
|
+
if (includeInput) {
|
|
193
|
+
program.option("--input <path>", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);
|
|
194
|
+
}
|
|
195
|
+
return program;
|
|
196
|
+
}
|
|
114
197
|
function createProgram() {
|
|
115
198
|
const program = new Command();
|
|
116
|
-
program.name("autoremediator").description("Scanner-first Node.js vulnerability auto-remediation tool").version(
|
|
117
|
-
|
|
118
|
-
|
|
199
|
+
program.name("autoremediator").description("Scanner-first Node.js vulnerability auto-remediation tool").version(PACKAGE_VERSION).showHelpAfterError();
|
|
200
|
+
addSharedOptions(
|
|
201
|
+
program.command("cve").description("Remediate a single CVE ID").argument("<cveId>", OPTION_DESCRIPTIONS.cveId),
|
|
202
|
+
false
|
|
203
|
+
).action(async (cveId, opts, command) => {
|
|
204
|
+
const merged = {
|
|
205
|
+
...opts,
|
|
206
|
+
...command.optsWithGlobals()
|
|
207
|
+
};
|
|
208
|
+
await runSingleCve(cveId, merged);
|
|
119
209
|
});
|
|
120
|
-
|
|
210
|
+
addSharedOptions(
|
|
211
|
+
program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").requiredOption("--input <path>", OPTION_DESCRIPTIONS.inputPath).option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
|
|
212
|
+
false
|
|
213
|
+
).action(async (opts) => {
|
|
121
214
|
await runScanInput(opts.input, opts);
|
|
122
215
|
});
|
|
123
|
-
|
|
216
|
+
addSharedOptions(
|
|
217
|
+
program.argument("[target]", "Scanner output file path (or CVE ID fallback)").option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
|
|
218
|
+
true
|
|
219
|
+
).action(async (target, opts) => {
|
|
124
220
|
if (opts.input) {
|
|
125
221
|
await runScanInput(opts.input, opts);
|
|
126
222
|
return;
|
|
@@ -143,8 +239,13 @@ function createProgram() {
|
|
|
143
239
|
});
|
|
144
240
|
return program;
|
|
145
241
|
}
|
|
242
|
+
|
|
243
|
+
// src/cli/index.ts
|
|
244
|
+
function createProgram2() {
|
|
245
|
+
return createProgram();
|
|
246
|
+
}
|
|
146
247
|
async function main(argv = process.argv) {
|
|
147
|
-
const program =
|
|
248
|
+
const program = createProgram2();
|
|
148
249
|
await program.parseAsync(argv);
|
|
149
250
|
}
|
|
150
251
|
function isMainModule() {
|
|
@@ -160,6 +261,6 @@ if (isMainModule()) {
|
|
|
160
261
|
});
|
|
161
262
|
}
|
|
162
263
|
export {
|
|
163
|
-
createProgram
|
|
264
|
+
createProgram2 as createProgram
|
|
164
265
|
};
|
|
165
266
|
//# sourceMappingURL=cli.js.map
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { ciExitCode, remediate, remediateFromScan, toCiSummary, toSarifOutput } from \"./api.js\";\nimport { existsSync, writeFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\n\ntype ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\ninterface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nfunction logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nfunction isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n\nasync function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n policy: opts.policy,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.json) {\n logJson(report);\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n}\n\nasync function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(\"0.1.2\")\n .showHelpAfterError();\n\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", \"CVE ID, e.g. CVE-2021-23337\")\n .option(\"--cwd <path>\", \"Target project directory\", process.cwd())\n .option(\"--package-manager <name>\", \"Package manager: npm|pnpm|yarn\")\n .option(\"--dry-run\", \"Plan changes only without mutating files\", false)\n .option(\"--preview\", \"Run non-mutating remediation preview mode\", false)\n .option(\"--run-tests\", \"Run package-manager test validation after apply\", false)\n .option(\"--llm-provider <provider>\", \"LLM provider: openai|anthropic|local\")\n .option(\"--request-id <id>\", \"Request correlation ID\")\n .option(\"--session-id <id>\", \"Session correlation ID\")\n .option(\"--parent-run-id <id>\", \"Parent run correlation ID\")\n .option(\"--idempotency-key <key>\", \"Idempotency key for replay-safe execution\")\n .option(\"--resume\", \"Resume by returning cached result for matching idempotency key\", false)\n .option(\"--actor <name>\", \"Actor identity for evidence provenance\")\n .option(\"--source <src>\", \"Source system: cli|sdk|mcp|openapi|unknown\")\n .option(\"--direct-dependencies-only\", \"Enforce direct-dependency-only remediation constraint\", false)\n .option(\"--prefer-version-bump\", \"Reject patch-file outcomes when version-bump is preferred\", false)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (cveId: string, opts: CommandOptions) => {\n await runSingleCve(cveId, opts);\n });\n\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", \"Path to scanner output file\")\n .option(\"--format <type>\", \"Input format: auto|npm-audit|yarn-audit|sarif\", \"auto\")\n .option(\"--cwd <path>\", \"Target project directory\", process.cwd())\n .option(\"--package-manager <name>\", \"Package manager: npm|pnpm|yarn\")\n .option(\"--policy <path>\", \"Path to policy file (.autoremediator.json)\")\n .option(\"--dry-run\", \"Plan changes only without mutating files\", false)\n .option(\"--preview\", \"Run non-mutating remediation preview mode\", false)\n .option(\"--run-tests\", \"Run package-manager test validation after apply\", false)\n .option(\"--llm-provider <provider>\", \"LLM provider: openai|anthropic|local\")\n .option(\"--request-id <id>\", \"Request correlation ID\")\n .option(\"--session-id <id>\", \"Session correlation ID\")\n .option(\"--parent-run-id <id>\", \"Parent run correlation ID\")\n .option(\"--idempotency-key <key>\", \"Idempotency key for replay-safe execution\")\n .option(\"--resume\", \"Resume by returning cached result for matching idempotency key\", false)\n .option(\"--actor <name>\", \"Actor identity for evidence provenance\")\n .option(\"--source <src>\", \"Source system: cli|sdk|mcp|openapi|unknown\")\n .option(\"--direct-dependencies-only\", \"Enforce direct-dependency-only remediation constraint\", false)\n .option(\"--prefer-version-bump\", \"Reject patch-file outcomes when version-bump is preferred\", false)\n .option(\"--evidence\", \"Enable evidence file output\", true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\")\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n // Scanner-first top-level mode (default):\n // autoremediator --input audit.json\n // autoremediator audit.json\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--cwd <path>\", \"Target project directory\", process.cwd())\n .option(\"--package-manager <name>\", \"Package manager: npm|pnpm|yarn\")\n .option(\"--dry-run\", \"Plan changes only without mutating files\", false)\n .option(\"--preview\", \"Run non-mutating remediation preview mode\", false)\n .option(\"--run-tests\", \"Run package-manager test validation after apply\", false)\n .option(\"--llm-provider <provider>\", \"LLM provider: openai|anthropic|local\")\n .option(\"--request-id <id>\", \"Request correlation ID\")\n .option(\"--session-id <id>\", \"Session correlation ID\")\n .option(\"--parent-run-id <id>\", \"Parent run correlation ID\")\n .option(\"--idempotency-key <key>\", \"Idempotency key for replay-safe execution\")\n .option(\"--resume\", \"Resume by returning cached result for matching idempotency key\", false)\n .option(\"--actor <name>\", \"Actor identity for evidence provenance\")\n .option(\"--source <src>\", \"Source system: cli|sdk|mcp|openapi|unknown\")\n .option(\"--direct-dependencies-only\", \"Enforce direct-dependency-only remediation constraint\", false)\n .option(\"--prefer-version-bump\", \"Reject patch-file outcomes when version-bump is preferred\", false)\n .option(\"--input <path>\", \"Path to scanner output file (scanner-first mode)\")\n .option(\"--format <type>\", \"Input format: auto|npm-audit|yarn-audit|sarif\", \"auto\")\n .option(\"--policy <path>\", \"Path to policy file (.autoremediator.json)\")\n .option(\"--evidence\", \"Enable evidence file output\", true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\")\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n"],"mappings":";;;;;;;;;;AAEA,SAAS,eAAe;AAExB,SAAS,YAAY,qBAAqB;AAC1C,SAAS,qBAAqB;AA8B9B,SAAS,QAAQ,OAAsB;AACrC,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEA,SAAS,QAAQ,OAAwB;AACvC,SAAO,mBAAmB,KAAK,KAAK;AACtC;AAEA,eAAe,aAAa,OAAe,MAAqC;AAC9E,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,QAAQ,KAAK;AAAA,IACb,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC5D;AAEA,eAAe,aAAa,WAAmB,MAAqC;AAClF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,OAAO,EACf,mBAAmB;AAEtB,UACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,6BAA6B,EACjD,OAAO,gBAAgB,4BAA4B,QAAQ,IAAI,CAAC,EAChE,OAAO,4BAA4B,gCAAgC,EACnE,OAAO,aAAa,4CAA4C,KAAK,EACrE,OAAO,aAAa,6CAA6C,KAAK,EACtE,OAAO,eAAe,mDAAmD,KAAK,EAC9E,OAAO,6BAA6B,sCAAsC,EAC1E,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,wBAAwB,2BAA2B,EAC1D,OAAO,2BAA2B,2CAA2C,EAC7E,OAAO,YAAY,kEAAkE,KAAK,EAC1F,OAAO,kBAAkB,wCAAwC,EACjE,OAAO,kBAAkB,4CAA4C,EACrE,OAAO,8BAA8B,yDAAyD,KAAK,EACnG,OAAO,yBAAyB,6DAA6D,KAAK,EAClG,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,OAAe,SAAyB;AACrD,UAAM,aAAa,OAAO,IAAI;AAAA,EAChC,CAAC;AAEH,UACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,6BAA6B,EAC9D,OAAO,mBAAmB,iDAAiD,MAAM,EACjF,OAAO,gBAAgB,4BAA4B,QAAQ,IAAI,CAAC,EAChE,OAAO,4BAA4B,gCAAgC,EACnE,OAAO,mBAAmB,4CAA4C,EACtE,OAAO,aAAa,4CAA4C,KAAK,EACrE,OAAO,aAAa,6CAA6C,KAAK,EACtE,OAAO,eAAe,mDAAmD,KAAK,EAC9E,OAAO,6BAA6B,sCAAsC,EAC1E,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,wBAAwB,2BAA2B,EAC1D,OAAO,2BAA2B,2CAA2C,EAC7E,OAAO,YAAY,kEAAkE,KAAK,EAC1F,OAAO,kBAAkB,wCAAwC,EACjE,OAAO,kBAAkB,4CAA4C,EACrE,OAAO,8BAA8B,yDAAyD,KAAK,EACnG,OAAO,yBAAyB,6DAA6D,KAAK,EAClG,OAAO,cAAc,+BAA+B,IAAI,EACxD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,yBAAyB,kDAAkD,EAClF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,SAAyB;AACtC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAKH,UACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,gBAAgB,4BAA4B,QAAQ,IAAI,CAAC,EAChE,OAAO,4BAA4B,gCAAgC,EACnE,OAAO,aAAa,4CAA4C,KAAK,EACrE,OAAO,aAAa,6CAA6C,KAAK,EACtE,OAAO,eAAe,mDAAmD,KAAK,EAC9E,OAAO,6BAA6B,sCAAsC,EAC1E,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,qBAAqB,wBAAwB,EACpD,OAAO,wBAAwB,2BAA2B,EAC1D,OAAO,2BAA2B,2CAA2C,EAC7E,OAAO,YAAY,kEAAkE,KAAK,EAC1F,OAAO,kBAAkB,wCAAwC,EACjE,OAAO,kBAAkB,4CAA4C,EACrE,OAAO,8BAA8B,yDAAyD,KAAK,EACnG,OAAO,yBAAyB,6DAA6D,KAAK,EAClG,OAAO,kBAAkB,kDAAkD,EAC3E,OAAO,mBAAmB,iDAAiD,MAAM,EACjF,OAAO,mBAAmB,4CAA4C,EACtE,OAAO,cAAc,+BAA+B,IAAI,EACxD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,yBAAyB,kDAAkD,EAClF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,QAA4B,SAAyB;AAClE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAEH,SAAO;AACT;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAU,cAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runScanInput, runSingleCve } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACM3B,SAAS,qBAAqB;;;ACRvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADCA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;;;AEpIO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvBA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,oBAAoB,SAAS,EAC9D,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,SAAyB;AACvC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAED;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADtGO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,214 +1,12 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
summary: string;
|
|
5
|
-
severity: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | "UNKNOWN";
|
|
6
|
-
cvssScore?: number;
|
|
7
|
-
epss?: {
|
|
8
|
-
score: number;
|
|
9
|
-
percentile: number;
|
|
10
|
-
date?: string;
|
|
11
|
-
};
|
|
12
|
-
kev?: {
|
|
13
|
-
knownExploited: boolean;
|
|
14
|
-
dateAdded?: string;
|
|
15
|
-
dueDate?: string;
|
|
16
|
-
requiredAction?: string;
|
|
17
|
-
knownRansomwareCampaignUse?: string;
|
|
18
|
-
};
|
|
19
|
-
intelligence?: {
|
|
20
|
-
cveServicesEnriched?: boolean;
|
|
21
|
-
gitlabAdvisoryMatched?: boolean;
|
|
22
|
-
certCcMatched?: boolean;
|
|
23
|
-
depsDevEnrichedPackages?: number;
|
|
24
|
-
scorecardProjects?: number;
|
|
25
|
-
vendorAdvisories?: string[];
|
|
26
|
-
commercialFeeds?: string[];
|
|
27
|
-
sourceHealth?: Record<string, {
|
|
28
|
-
attempted: boolean;
|
|
29
|
-
changed: boolean;
|
|
30
|
-
error?: string;
|
|
31
|
-
}>;
|
|
32
|
-
};
|
|
33
|
-
references: string[];
|
|
34
|
-
affectedPackages: AffectedPackage[];
|
|
35
|
-
}
|
|
36
|
-
/** A single npm package affected by a CVE */
|
|
37
|
-
interface AffectedPackage {
|
|
38
|
-
name: string;
|
|
39
|
-
ecosystem: "npm";
|
|
40
|
-
/** Semver range string for the vulnerable version window, e.g. ">=0.0.0 <4.17.21" */
|
|
41
|
-
vulnerableRange: string;
|
|
42
|
-
/** The first version that is NOT vulnerable (the safe upgrade target) */
|
|
43
|
-
firstPatchedVersion?: string;
|
|
44
|
-
/** Source that provided this entry */
|
|
45
|
-
source: "osv" | "github-advisory";
|
|
46
|
-
}
|
|
47
|
-
/** A package found in the consumer's project */
|
|
48
|
-
interface InventoryPackage {
|
|
49
|
-
name: string;
|
|
50
|
-
version: string;
|
|
51
|
-
/** "direct" = listed in package.json; "indirect" = transitive dep */
|
|
52
|
-
type: "direct" | "indirect";
|
|
53
|
-
}
|
|
54
|
-
/** A package that is both installed and matches a vulnerable range */
|
|
55
|
-
interface VulnerablePackage {
|
|
56
|
-
installed: InventoryPackage;
|
|
57
|
-
affected: AffectedPackage;
|
|
58
|
-
/** The resolved safe upgrade version, if one exists on npm */
|
|
59
|
-
safeUpgradeVersion?: string;
|
|
60
|
-
}
|
|
61
|
-
/** The outcome of a single patch operation */
|
|
62
|
-
type PatchStrategy = "version-bump" | "patch-file" | "none";
|
|
63
|
-
interface PatchResult {
|
|
64
|
-
packageName: string;
|
|
65
|
-
strategy: PatchStrategy;
|
|
66
|
-
fromVersion: string;
|
|
67
|
-
toVersion?: string;
|
|
68
|
-
patchFilePath?: string;
|
|
69
|
-
applied: boolean;
|
|
70
|
-
dryRun: boolean;
|
|
71
|
-
message: string;
|
|
72
|
-
validation?: {
|
|
73
|
-
passed: boolean;
|
|
74
|
-
error?: string;
|
|
75
|
-
};
|
|
76
|
-
}
|
|
77
|
-
interface CorrelationContext {
|
|
78
|
-
requestId?: string;
|
|
79
|
-
sessionId?: string;
|
|
80
|
-
parentRunId?: string;
|
|
81
|
-
}
|
|
82
|
-
interface RemediationConstraints {
|
|
83
|
-
directDependenciesOnly?: boolean;
|
|
84
|
-
preferVersionBump?: boolean;
|
|
85
|
-
}
|
|
86
|
-
interface ProvenanceContext {
|
|
87
|
-
actor?: string;
|
|
88
|
-
source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
|
|
89
|
-
}
|
|
90
|
-
/** Top-level options for the remediate() API and CLI */
|
|
91
|
-
interface RemediateOptions extends CorrelationContext {
|
|
92
|
-
/** Working directory of the consumer's project (defaults to process.cwd()) */
|
|
93
|
-
cwd?: string;
|
|
94
|
-
/** Package manager to use (defaults to auto-detect from lockfile) */
|
|
95
|
-
packageManager?: "npm" | "pnpm" | "yarn";
|
|
96
|
-
/** If true, plan and report changes but do not write anything */
|
|
97
|
-
dryRun?: boolean;
|
|
98
|
-
/** If true, run package-manager tests after patching */
|
|
99
|
-
runTests?: boolean;
|
|
100
|
-
/** Override the LLM provider (falls back to env AUTOREMEDIATOR_LLM_PROVIDER) */
|
|
101
|
-
llmProvider?: "openai" | "anthropic" | "local";
|
|
102
|
-
/** Override the model name */
|
|
103
|
-
model?: string;
|
|
104
|
-
/** Optional path to a policy file (.autoremediator.json) */
|
|
105
|
-
policy?: string;
|
|
106
|
-
/** Directory to write .patch files (default: ./patches) */
|
|
107
|
-
patchesDir?: string;
|
|
108
|
-
/** If true, run a non-mutating remediation preview (forces dryRun behavior for mutation tools). */
|
|
109
|
-
preview?: boolean;
|
|
110
|
-
/** Optional deterministic idempotency key for request replay handling. */
|
|
111
|
-
idempotencyKey?: string;
|
|
112
|
-
/** If true, return cached report for matching idempotency key + CVE when available. */
|
|
113
|
-
resume?: boolean;
|
|
114
|
-
/** Optional caller provenance fields for evidence and reporting. */
|
|
115
|
-
actor?: string;
|
|
116
|
-
source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
|
|
117
|
-
/** Optional orchestration constraints for result enforcement. */
|
|
118
|
-
constraints?: RemediationConstraints;
|
|
119
|
-
}
|
|
120
|
-
/** Final report returned by the remediation pipeline */
|
|
121
|
-
interface RemediationReport {
|
|
122
|
-
cveId: string;
|
|
123
|
-
cveDetails: CveDetails | null;
|
|
124
|
-
vulnerablePackages: VulnerablePackage[];
|
|
125
|
-
results: PatchResult[];
|
|
126
|
-
agentSteps: number;
|
|
127
|
-
summary: string;
|
|
128
|
-
correlation?: CorrelationContext;
|
|
129
|
-
provenance?: ProvenanceContext;
|
|
130
|
-
constraints?: RemediationConstraints;
|
|
131
|
-
resumedFromCache?: boolean;
|
|
132
|
-
}
|
|
133
|
-
|
|
134
|
-
type ScanInputFormat = "npm-audit" | "yarn-audit" | "sarif" | "auto";
|
|
1
|
+
import { R as RemediateOptions, a as RemediationReport, C as CiSummary, S as ScanReport } from './remediate-from-scan-C-E7gqxF.js';
|
|
2
|
+
export { A as AffectedPackage, b as CorrelationContext, c as CveDetails, D as DependencyScope, d as DependencyScopeCounts, I as InventoryPackage, P as PatchResult, e as PatchStrategy, f as PatchStrategyCounts, g as ProvenanceContext, h as RemediationConstraints, i as ScanInputFormat, j as ScanOptions, U as UnresolvedReason, k as UnresolvedReasonCounts, V as VulnerablePackage, p as planRemediation, r as remediate, l as remediateFromScan } from './remediate-from-scan-C-E7gqxF.js';
|
|
3
|
+
export { L as LLM_PROVIDER_VALUES, O as OPTION_DESCRIPTIONS, P as PACKAGE_MANAGER_VALUES, a as PROVENANCE_SOURCE_VALUES, c as createConstraintSchemaProperties, b as createRemediateOptionSchemaProperties, d as createScanOptionSchemaProperties, e as createScanReportSchemaProperties } from './options-schema-DfLBOsPI.js';
|
|
135
4
|
|
|
136
5
|
declare function runRemediationPipeline(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
|
|
137
6
|
|
|
138
|
-
interface ScanOptions extends RemediateOptions {
|
|
139
|
-
format?: ScanInputFormat;
|
|
140
|
-
policy?: string;
|
|
141
|
-
evidence?: boolean;
|
|
142
|
-
}
|
|
143
|
-
interface ScanReport {
|
|
144
|
-
schemaVersion: "1.0";
|
|
145
|
-
status: "ok" | "partial" | "failed";
|
|
146
|
-
generatedAt: string;
|
|
147
|
-
cveIds: string[];
|
|
148
|
-
reports: RemediationReport[];
|
|
149
|
-
successCount: number;
|
|
150
|
-
failedCount: number;
|
|
151
|
-
errors: Array<{
|
|
152
|
-
cveId: string;
|
|
153
|
-
message: string;
|
|
154
|
-
}>;
|
|
155
|
-
evidenceFile?: string;
|
|
156
|
-
patchCount: number;
|
|
157
|
-
patchValidationFailures?: Array<{
|
|
158
|
-
packageName: string;
|
|
159
|
-
cveId: string;
|
|
160
|
-
error: string;
|
|
161
|
-
}>;
|
|
162
|
-
patchesDir?: string;
|
|
163
|
-
correlation?: CorrelationContext;
|
|
164
|
-
provenance?: ProvenanceContext;
|
|
165
|
-
constraints?: RemediationConstraints;
|
|
166
|
-
idempotencyKey?: string;
|
|
167
|
-
}
|
|
168
|
-
interface CiSummary {
|
|
169
|
-
schemaVersion: "1.0";
|
|
170
|
-
status: "ok" | "partial" | "failed";
|
|
171
|
-
generatedAt: string;
|
|
172
|
-
cveCount: number;
|
|
173
|
-
remediationCount: number;
|
|
174
|
-
successCount: number;
|
|
175
|
-
failedCount: number;
|
|
176
|
-
errors: Array<{
|
|
177
|
-
cveId: string;
|
|
178
|
-
message: string;
|
|
179
|
-
}>;
|
|
180
|
-
evidenceFile?: string;
|
|
181
|
-
patchCount?: number;
|
|
182
|
-
patchValidationFailures?: Array<{
|
|
183
|
-
packageName: string;
|
|
184
|
-
cveId: string;
|
|
185
|
-
error: string;
|
|
186
|
-
}>;
|
|
187
|
-
patchesDir?: string;
|
|
188
|
-
correlation?: CorrelationContext;
|
|
189
|
-
provenance?: ProvenanceContext;
|
|
190
|
-
constraints?: RemediationConstraints;
|
|
191
|
-
idempotencyKey?: string;
|
|
192
|
-
}
|
|
193
|
-
/**
|
|
194
|
-
* Main entry point for programmatic use.
|
|
195
|
-
*
|
|
196
|
-
* @param cveId - CVE identifier, e.g. "CVE-2021-23337"
|
|
197
|
-
* @param options - Optional configuration (cwd, dryRun, llmProvider, etc.)
|
|
198
|
-
* @returns A RemediationReport describing what was found and done
|
|
199
|
-
*/
|
|
200
|
-
declare function remediate(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
|
|
201
|
-
/**
|
|
202
|
-
* Non-mutating preview entrypoint for planning and orchestration.
|
|
203
|
-
*/
|
|
204
|
-
declare function planRemediation(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
|
|
205
|
-
/**
|
|
206
|
-
* Scanner-first entrypoint: parse a scanner output file (npm audit JSON or SARIF),
|
|
207
|
-
* extract CVEs, and run remediations one-by-one.
|
|
208
|
-
*/
|
|
209
|
-
declare function remediateFromScan(inputPath: string, options?: ScanOptions): Promise<ScanReport>;
|
|
210
7
|
declare function toCiSummary(report: ScanReport): CiSummary;
|
|
211
8
|
declare function ciExitCode(summary: CiSummary): number;
|
|
9
|
+
|
|
212
10
|
type SarifLevel = "error" | "warning" | "note" | "none";
|
|
213
11
|
interface SarifRule {
|
|
214
12
|
id: string;
|
|
@@ -256,9 +54,6 @@ interface SarifOutput {
|
|
|
256
54
|
results: SarifResult[];
|
|
257
55
|
}>;
|
|
258
56
|
}
|
|
259
|
-
/**
|
|
260
|
-
* Convert a ScanReport to SARIF 2.1.0 format for GitHub Code Scanning upload.
|
|
261
|
-
*/
|
|
262
57
|
declare function toSarifOutput(report: ScanReport): SarifOutput;
|
|
263
58
|
|
|
264
|
-
export {
|
|
59
|
+
export { CiSummary, RemediateOptions, RemediationReport, type SarifOutput, ScanReport, ciExitCode, runRemediationPipeline, toCiSummary, toSarifOutput };
|
package/dist/index.js
CHANGED
|
@@ -1,14 +1,30 @@
|
|
|
1
1
|
import {
|
|
2
|
+
LLM_PROVIDER_VALUES,
|
|
3
|
+
OPTION_DESCRIPTIONS,
|
|
4
|
+
PACKAGE_MANAGER_VALUES,
|
|
5
|
+
PROVENANCE_SOURCE_VALUES,
|
|
2
6
|
ciExitCode,
|
|
7
|
+
createConstraintSchemaProperties,
|
|
8
|
+
createRemediateOptionSchemaProperties,
|
|
9
|
+
createScanOptionSchemaProperties,
|
|
10
|
+
createScanReportSchemaProperties,
|
|
3
11
|
planRemediation,
|
|
4
12
|
remediate,
|
|
5
13
|
remediateFromScan,
|
|
6
14
|
runRemediationPipeline,
|
|
7
15
|
toCiSummary,
|
|
8
16
|
toSarifOutput
|
|
9
|
-
} from "./chunk-
|
|
17
|
+
} from "./chunk-MUFP2DQX.js";
|
|
10
18
|
export {
|
|
19
|
+
LLM_PROVIDER_VALUES,
|
|
20
|
+
OPTION_DESCRIPTIONS,
|
|
21
|
+
PACKAGE_MANAGER_VALUES,
|
|
22
|
+
PROVENANCE_SOURCE_VALUES,
|
|
11
23
|
ciExitCode,
|
|
24
|
+
createConstraintSchemaProperties,
|
|
25
|
+
createRemediateOptionSchemaProperties,
|
|
26
|
+
createScanOptionSchemaProperties,
|
|
27
|
+
createScanReportSchemaProperties,
|
|
12
28
|
planRemediation,
|
|
13
29
|
remediate,
|
|
14
30
|
remediateFromScan,
|