autoremediator 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -3
- package/dist/chunk-7XSZTGU7.js +16 -0
- package/dist/chunk-7XSZTGU7.js.map +1 -0
- package/dist/{chunk-VLXGEH7U.js → chunk-MUFP2DQX.js} +2623 -1732
- package/dist/chunk-MUFP2DQX.js.map +1 -0
- package/dist/cli.js +114 -13
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +5 -210
- package/dist/index.js +17 -1
- package/dist/mcp/server.d.ts +3 -241
- package/dist/mcp/server.js +14 -69
- package/dist/mcp/server.js.map +1 -1
- package/dist/openapi/server.d.ts +9 -242
- package/dist/openapi/server.js +16 -90
- package/dist/openapi/server.js.map +1 -1
- package/dist/options-schema-DfLBOsPI.d.ts +37 -0
- package/dist/remediate-from-scan-C-E7gqxF.d.ts +211 -0
- package/llms.txt +21 -6
- package/package.json +2 -2
- package/dist/chunk-VLXGEH7U.js.map +0 -1
package/dist/openapi/server.d.ts
CHANGED
|
@@ -1,14 +1,6 @@
|
|
|
1
|
+
import { J as JsonSchemaProperty } from '../options-schema-DfLBOsPI.js';
|
|
1
2
|
import http from 'node:http';
|
|
2
|
-
import { remediate, remediateFromScan, planRemediation } from '../
|
|
3
|
-
|
|
4
|
-
/**
|
|
5
|
-
* autoremediator OpenAPI HTTP server
|
|
6
|
-
*
|
|
7
|
-
* Exposes POST /remediate and POST /remediate-from-scan as a lightweight
|
|
8
|
-
* HTTP server using Node.js built-in http module (no framework dependency).
|
|
9
|
-
*
|
|
10
|
-
* Start: node dist/openapi/server.js [--port 3000]
|
|
11
|
-
*/
|
|
3
|
+
import { r as remediate, l as remediateFromScan, p as planRemediation } from '../remediate-from-scan-C-E7gqxF.js';
|
|
12
4
|
|
|
13
5
|
interface OpenApiServerDeps {
|
|
14
6
|
remediateFn: typeof remediate;
|
|
@@ -38,73 +30,13 @@ declare const OPENAPI_SPEC: {
|
|
|
38
30
|
properties: {
|
|
39
31
|
cveId: {
|
|
40
32
|
type: string;
|
|
41
|
-
description:
|
|
33
|
+
description: "CVE ID, e.g. CVE-2021-23337";
|
|
42
34
|
pattern: string;
|
|
43
35
|
};
|
|
44
36
|
options: {
|
|
45
37
|
type: string;
|
|
46
38
|
description: string;
|
|
47
|
-
properties:
|
|
48
|
-
cwd: {
|
|
49
|
-
type: string;
|
|
50
|
-
};
|
|
51
|
-
packageManager: {
|
|
52
|
-
type: string;
|
|
53
|
-
enum: string[];
|
|
54
|
-
};
|
|
55
|
-
dryRun: {
|
|
56
|
-
type: string;
|
|
57
|
-
};
|
|
58
|
-
preview: {
|
|
59
|
-
type: string;
|
|
60
|
-
};
|
|
61
|
-
runTests: {
|
|
62
|
-
type: string;
|
|
63
|
-
};
|
|
64
|
-
llmProvider: {
|
|
65
|
-
type: string;
|
|
66
|
-
enum: string[];
|
|
67
|
-
};
|
|
68
|
-
patchesDir: {
|
|
69
|
-
type: string;
|
|
70
|
-
};
|
|
71
|
-
policy: {
|
|
72
|
-
type: string;
|
|
73
|
-
};
|
|
74
|
-
requestId: {
|
|
75
|
-
type: string;
|
|
76
|
-
};
|
|
77
|
-
sessionId: {
|
|
78
|
-
type: string;
|
|
79
|
-
};
|
|
80
|
-
parentRunId: {
|
|
81
|
-
type: string;
|
|
82
|
-
};
|
|
83
|
-
idempotencyKey: {
|
|
84
|
-
type: string;
|
|
85
|
-
};
|
|
86
|
-
resume: {
|
|
87
|
-
type: string;
|
|
88
|
-
};
|
|
89
|
-
actor: {
|
|
90
|
-
type: string;
|
|
91
|
-
};
|
|
92
|
-
source: {
|
|
93
|
-
type: string;
|
|
94
|
-
enum: string[];
|
|
95
|
-
};
|
|
96
|
-
constraints: {
|
|
97
|
-
type: string;
|
|
98
|
-
properties: {
|
|
99
|
-
directDependenciesOnly: {
|
|
100
|
-
type: string;
|
|
101
|
-
};
|
|
102
|
-
preferVersionBump: {
|
|
103
|
-
type: string;
|
|
104
|
-
};
|
|
105
|
-
};
|
|
106
|
-
};
|
|
107
|
-
};
|
|
39
|
+
properties: Record<string, JsonSchemaProperty>;
|
|
108
40
|
};
|
|
109
41
|
};
|
|
110
42
|
};
|
|
@@ -154,67 +86,13 @@ declare const OPENAPI_SPEC: {
|
|
|
154
86
|
properties: {
|
|
155
87
|
cveId: {
|
|
156
88
|
type: string;
|
|
157
|
-
description:
|
|
89
|
+
description: "CVE ID, e.g. CVE-2021-23337";
|
|
158
90
|
pattern: string;
|
|
159
91
|
};
|
|
160
92
|
options: {
|
|
161
93
|
type: string;
|
|
162
94
|
description: string;
|
|
163
|
-
properties:
|
|
164
|
-
cwd: {
|
|
165
|
-
type: string;
|
|
166
|
-
};
|
|
167
|
-
packageManager: {
|
|
168
|
-
type: string;
|
|
169
|
-
enum: string[];
|
|
170
|
-
};
|
|
171
|
-
runTests: {
|
|
172
|
-
type: string;
|
|
173
|
-
};
|
|
174
|
-
llmProvider: {
|
|
175
|
-
type: string;
|
|
176
|
-
enum: string[];
|
|
177
|
-
};
|
|
178
|
-
patchesDir: {
|
|
179
|
-
type: string;
|
|
180
|
-
};
|
|
181
|
-
policy: {
|
|
182
|
-
type: string;
|
|
183
|
-
};
|
|
184
|
-
requestId: {
|
|
185
|
-
type: string;
|
|
186
|
-
};
|
|
187
|
-
sessionId: {
|
|
188
|
-
type: string;
|
|
189
|
-
};
|
|
190
|
-
parentRunId: {
|
|
191
|
-
type: string;
|
|
192
|
-
};
|
|
193
|
-
idempotencyKey: {
|
|
194
|
-
type: string;
|
|
195
|
-
};
|
|
196
|
-
resume: {
|
|
197
|
-
type: string;
|
|
198
|
-
};
|
|
199
|
-
actor: {
|
|
200
|
-
type: string;
|
|
201
|
-
};
|
|
202
|
-
source: {
|
|
203
|
-
type: string;
|
|
204
|
-
enum: string[];
|
|
205
|
-
};
|
|
206
|
-
constraints: {
|
|
207
|
-
type: string;
|
|
208
|
-
properties: {
|
|
209
|
-
directDependenciesOnly: {
|
|
210
|
-
type: string;
|
|
211
|
-
};
|
|
212
|
-
preferVersionBump: {
|
|
213
|
-
type: string;
|
|
214
|
-
};
|
|
215
|
-
};
|
|
216
|
-
};
|
|
217
|
-
};
|
|
95
|
+
properties: Record<string, JsonSchemaProperty>;
|
|
218
96
|
};
|
|
219
97
|
};
|
|
220
98
|
};
|
|
@@ -264,79 +142,12 @@ declare const OPENAPI_SPEC: {
|
|
|
264
142
|
properties: {
|
|
265
143
|
inputPath: {
|
|
266
144
|
type: string;
|
|
267
|
-
description:
|
|
145
|
+
description: "Absolute path to the scanner output file";
|
|
268
146
|
};
|
|
269
147
|
options: {
|
|
270
148
|
type: string;
|
|
271
149
|
description: string;
|
|
272
|
-
properties:
|
|
273
|
-
cwd: {
|
|
274
|
-
type: string;
|
|
275
|
-
};
|
|
276
|
-
packageManager: {
|
|
277
|
-
type: string;
|
|
278
|
-
enum: string[];
|
|
279
|
-
};
|
|
280
|
-
dryRun: {
|
|
281
|
-
type: string;
|
|
282
|
-
};
|
|
283
|
-
preview: {
|
|
284
|
-
type: string;
|
|
285
|
-
};
|
|
286
|
-
runTests: {
|
|
287
|
-
type: string;
|
|
288
|
-
};
|
|
289
|
-
llmProvider: {
|
|
290
|
-
type: string;
|
|
291
|
-
enum: string[];
|
|
292
|
-
};
|
|
293
|
-
format: {
|
|
294
|
-
type: string;
|
|
295
|
-
enum: string[];
|
|
296
|
-
};
|
|
297
|
-
patchesDir: {
|
|
298
|
-
type: string;
|
|
299
|
-
};
|
|
300
|
-
policy: {
|
|
301
|
-
type: string;
|
|
302
|
-
};
|
|
303
|
-
evidence: {
|
|
304
|
-
type: string;
|
|
305
|
-
};
|
|
306
|
-
requestId: {
|
|
307
|
-
type: string;
|
|
308
|
-
};
|
|
309
|
-
sessionId: {
|
|
310
|
-
type: string;
|
|
311
|
-
};
|
|
312
|
-
parentRunId: {
|
|
313
|
-
type: string;
|
|
314
|
-
};
|
|
315
|
-
idempotencyKey: {
|
|
316
|
-
type: string;
|
|
317
|
-
};
|
|
318
|
-
resume: {
|
|
319
|
-
type: string;
|
|
320
|
-
};
|
|
321
|
-
actor: {
|
|
322
|
-
type: string;
|
|
323
|
-
};
|
|
324
|
-
source: {
|
|
325
|
-
type: string;
|
|
326
|
-
enum: string[];
|
|
327
|
-
};
|
|
328
|
-
constraints: {
|
|
329
|
-
type: string;
|
|
330
|
-
properties: {
|
|
331
|
-
directDependenciesOnly: {
|
|
332
|
-
type: string;
|
|
333
|
-
};
|
|
334
|
-
preferVersionBump: {
|
|
335
|
-
type: string;
|
|
336
|
-
};
|
|
337
|
-
};
|
|
338
|
-
};
|
|
339
|
-
};
|
|
150
|
+
properties: Record<string, JsonSchemaProperty>;
|
|
340
151
|
};
|
|
341
152
|
};
|
|
342
153
|
};
|
|
@@ -350,51 +161,7 @@ declare const OPENAPI_SPEC: {
|
|
|
350
161
|
"application/json": {
|
|
351
162
|
schema: {
|
|
352
163
|
type: string;
|
|
353
|
-
properties:
|
|
354
|
-
schemaVersion: {
|
|
355
|
-
type: string;
|
|
356
|
-
};
|
|
357
|
-
status: {
|
|
358
|
-
type: string;
|
|
359
|
-
enum: string[];
|
|
360
|
-
};
|
|
361
|
-
generatedAt: {
|
|
362
|
-
type: string;
|
|
363
|
-
};
|
|
364
|
-
cveIds: {
|
|
365
|
-
type: string;
|
|
366
|
-
items: {
|
|
367
|
-
type: string;
|
|
368
|
-
};
|
|
369
|
-
};
|
|
370
|
-
reports: {
|
|
371
|
-
type: string;
|
|
372
|
-
items: {
|
|
373
|
-
type: string;
|
|
374
|
-
};
|
|
375
|
-
};
|
|
376
|
-
successCount: {
|
|
377
|
-
type: string;
|
|
378
|
-
};
|
|
379
|
-
failedCount: {
|
|
380
|
-
type: string;
|
|
381
|
-
};
|
|
382
|
-
errors: {
|
|
383
|
-
type: string;
|
|
384
|
-
items: {
|
|
385
|
-
type: string;
|
|
386
|
-
};
|
|
387
|
-
};
|
|
388
|
-
evidenceFile: {
|
|
389
|
-
type: string;
|
|
390
|
-
};
|
|
391
|
-
patchCount: {
|
|
392
|
-
type: string;
|
|
393
|
-
};
|
|
394
|
-
patchesDir: {
|
|
395
|
-
type: string;
|
|
396
|
-
};
|
|
397
|
-
};
|
|
164
|
+
properties: Record<string, JsonSchemaProperty>;
|
|
398
165
|
};
|
|
399
166
|
};
|
|
400
167
|
};
|
package/dist/openapi/server.js
CHANGED
|
@@ -1,8 +1,15 @@
|
|
|
1
1
|
import {
|
|
2
|
+
PACKAGE_VERSION
|
|
3
|
+
} from "../chunk-7XSZTGU7.js";
|
|
4
|
+
import {
|
|
5
|
+
OPTION_DESCRIPTIONS,
|
|
6
|
+
createRemediateOptionSchemaProperties,
|
|
7
|
+
createScanOptionSchemaProperties,
|
|
8
|
+
createScanReportSchemaProperties,
|
|
2
9
|
planRemediation,
|
|
3
10
|
remediate,
|
|
4
11
|
remediateFromScan
|
|
5
|
-
} from "../chunk-
|
|
12
|
+
} from "../chunk-MUFP2DQX.js";
|
|
6
13
|
|
|
7
14
|
// src/openapi/server.ts
|
|
8
15
|
import http from "http";
|
|
@@ -128,7 +135,7 @@ var OPENAPI_SPEC = {
|
|
|
128
135
|
openapi: "3.1.0",
|
|
129
136
|
info: {
|
|
130
137
|
title: "autoremediator",
|
|
131
|
-
version:
|
|
138
|
+
version: PACKAGE_VERSION,
|
|
132
139
|
description: "Agentic CVE remediation for Node.js dependency projects"
|
|
133
140
|
},
|
|
134
141
|
paths: {
|
|
@@ -146,36 +153,13 @@ var OPENAPI_SPEC = {
|
|
|
146
153
|
properties: {
|
|
147
154
|
cveId: {
|
|
148
155
|
type: "string",
|
|
149
|
-
description:
|
|
156
|
+
description: OPTION_DESCRIPTIONS.cveId,
|
|
150
157
|
pattern: "^CVE-\\d{4}-\\d+$"
|
|
151
158
|
},
|
|
152
159
|
options: {
|
|
153
160
|
type: "object",
|
|
154
161
|
description: "RemediateOptions",
|
|
155
|
-
properties:
|
|
156
|
-
cwd: { type: "string" },
|
|
157
|
-
packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
|
|
158
|
-
dryRun: { type: "boolean" },
|
|
159
|
-
preview: { type: "boolean" },
|
|
160
|
-
runTests: { type: "boolean" },
|
|
161
|
-
llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
|
|
162
|
-
patchesDir: { type: "string" },
|
|
163
|
-
policy: { type: "string" },
|
|
164
|
-
requestId: { type: "string" },
|
|
165
|
-
sessionId: { type: "string" },
|
|
166
|
-
parentRunId: { type: "string" },
|
|
167
|
-
idempotencyKey: { type: "string" },
|
|
168
|
-
resume: { type: "boolean" },
|
|
169
|
-
actor: { type: "string" },
|
|
170
|
-
source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
|
|
171
|
-
constraints: {
|
|
172
|
-
type: "object",
|
|
173
|
-
properties: {
|
|
174
|
-
directDependenciesOnly: { type: "boolean" },
|
|
175
|
-
preferVersionBump: { type: "boolean" }
|
|
176
|
-
}
|
|
177
|
-
}
|
|
178
|
-
}
|
|
162
|
+
properties: createRemediateOptionSchemaProperties()
|
|
179
163
|
}
|
|
180
164
|
}
|
|
181
165
|
}
|
|
@@ -215,34 +199,13 @@ var OPENAPI_SPEC = {
|
|
|
215
199
|
properties: {
|
|
216
200
|
cveId: {
|
|
217
201
|
type: "string",
|
|
218
|
-
description:
|
|
202
|
+
description: OPTION_DESCRIPTIONS.cveId,
|
|
219
203
|
pattern: "^CVE-\\d{4}-\\d+$"
|
|
220
204
|
},
|
|
221
205
|
options: {
|
|
222
206
|
type: "object",
|
|
223
207
|
description: "RemediateOptions",
|
|
224
|
-
properties: {
|
|
225
|
-
cwd: { type: "string" },
|
|
226
|
-
packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
|
|
227
|
-
runTests: { type: "boolean" },
|
|
228
|
-
llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
|
|
229
|
-
patchesDir: { type: "string" },
|
|
230
|
-
policy: { type: "string" },
|
|
231
|
-
requestId: { type: "string" },
|
|
232
|
-
sessionId: { type: "string" },
|
|
233
|
-
parentRunId: { type: "string" },
|
|
234
|
-
idempotencyKey: { type: "string" },
|
|
235
|
-
resume: { type: "boolean" },
|
|
236
|
-
actor: { type: "string" },
|
|
237
|
-
source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
|
|
238
|
-
constraints: {
|
|
239
|
-
type: "object",
|
|
240
|
-
properties: {
|
|
241
|
-
directDependenciesOnly: { type: "boolean" },
|
|
242
|
-
preferVersionBump: { type: "boolean" }
|
|
243
|
-
}
|
|
244
|
-
}
|
|
245
|
-
}
|
|
208
|
+
properties: createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false, includeEvidence: true })
|
|
246
209
|
}
|
|
247
210
|
}
|
|
248
211
|
}
|
|
@@ -282,37 +245,12 @@ var OPENAPI_SPEC = {
|
|
|
282
245
|
properties: {
|
|
283
246
|
inputPath: {
|
|
284
247
|
type: "string",
|
|
285
|
-
description:
|
|
248
|
+
description: OPTION_DESCRIPTIONS.inputPath
|
|
286
249
|
},
|
|
287
250
|
options: {
|
|
288
251
|
type: "object",
|
|
289
252
|
description: "ScanOptions",
|
|
290
|
-
properties:
|
|
291
|
-
cwd: { type: "string" },
|
|
292
|
-
packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
|
|
293
|
-
dryRun: { type: "boolean" },
|
|
294
|
-
preview: { type: "boolean" },
|
|
295
|
-
runTests: { type: "boolean" },
|
|
296
|
-
llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
|
|
297
|
-
format: { type: "string", enum: ["npm-audit", "yarn-audit", "sarif", "auto"] },
|
|
298
|
-
patchesDir: { type: "string" },
|
|
299
|
-
policy: { type: "string" },
|
|
300
|
-
evidence: { type: "boolean" },
|
|
301
|
-
requestId: { type: "string" },
|
|
302
|
-
sessionId: { type: "string" },
|
|
303
|
-
parentRunId: { type: "string" },
|
|
304
|
-
idempotencyKey: { type: "string" },
|
|
305
|
-
resume: { type: "boolean" },
|
|
306
|
-
actor: { type: "string" },
|
|
307
|
-
source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
|
|
308
|
-
constraints: {
|
|
309
|
-
type: "object",
|
|
310
|
-
properties: {
|
|
311
|
-
directDependenciesOnly: { type: "boolean" },
|
|
312
|
-
preferVersionBump: { type: "boolean" }
|
|
313
|
-
}
|
|
314
|
-
}
|
|
315
|
-
}
|
|
253
|
+
properties: createScanOptionSchemaProperties()
|
|
316
254
|
}
|
|
317
255
|
}
|
|
318
256
|
}
|
|
@@ -326,19 +264,7 @@ var OPENAPI_SPEC = {
|
|
|
326
264
|
"application/json": {
|
|
327
265
|
schema: {
|
|
328
266
|
type: "object",
|
|
329
|
-
properties:
|
|
330
|
-
schemaVersion: { type: "string" },
|
|
331
|
-
status: { type: "string", enum: ["ok", "partial", "failed"] },
|
|
332
|
-
generatedAt: { type: "string" },
|
|
333
|
-
cveIds: { type: "array", items: { type: "string" } },
|
|
334
|
-
reports: { type: "array", items: { type: "object" } },
|
|
335
|
-
successCount: { type: "number" },
|
|
336
|
-
failedCount: { type: "number" },
|
|
337
|
-
errors: { type: "array", items: { type: "object" } },
|
|
338
|
-
evidenceFile: { type: "string" },
|
|
339
|
-
patchCount: { type: "number" },
|
|
340
|
-
patchesDir: { type: "string" }
|
|
341
|
-
}
|
|
267
|
+
properties: createScanReportSchemaProperties()
|
|
342
268
|
}
|
|
343
269
|
}
|
|
344
270
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/openapi/server.ts"],"sourcesContent":["/**\n * autoremediator OpenAPI HTTP server\n *\n * Exposes POST /remediate and POST /remediate-from-scan as a lightweight\n * HTTP server using Node.js built-in http module (no framework dependency).\n *\n * Start: node dist/openapi/server.js [--port 3000]\n */\nimport http from \"node:http\";\nimport { fileURLToPath } from \"node:url\";\nimport { planRemediation, remediate, remediateFromScan } from \"../api.js\";\nimport type { RemediateOptions, ScanOptions } from \"../api.js\";\n\nconst DEFAULT_PORT = 3000;\n\nfunction parsePort(): number {\n const idx = process.argv.indexOf(\"--port\");\n if (idx !== -1 && process.argv[idx + 1]) {\n const p = parseInt(process.argv[idx + 1], 10);\n if (!isNaN(p)) return p;\n }\n if (process.env.PORT) {\n const p = parseInt(process.env.PORT, 10);\n if (!isNaN(p)) return p;\n }\n return DEFAULT_PORT;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let raw = \"\";\n req.setEncoding(\"utf8\");\n req.on(\"data\", (chunk: string) => { raw += chunk; });\n req.on(\"end\", () => {\n try {\n resolve(raw ? JSON.parse(raw) : {});\n } catch {\n reject(new Error(\"Invalid JSON body\"));\n }\n });\n req.on(\"error\", reject);\n });\n}\n\nfunction send(res: http.ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n \"Content-Length\": Buffer.byteLength(payload),\n });\n res.end(payload);\n}\n\nfunction withOpenApiSource(options: unknown): Record<string, unknown> {\n const normalized = typeof options === \"object\" && options !== null\n ? (options as Record<string, unknown>)\n : {};\n return {\n ...normalized,\n source: typeof normalized.source === \"string\" ? normalized.source : \"openapi\",\n };\n}\n\ninterface OpenApiServerDeps {\n remediateFn: typeof remediate;\n remediateFromScanFn: typeof remediateFromScan;\n planRemediationFn: typeof planRemediation;\n}\n\nconst defaultDeps: OpenApiServerDeps = {\n remediateFn: remediate,\n remediateFromScanFn: remediateFromScan,\n planRemediationFn: planRemediation,\n};\n\nexport function createOpenApiServer(deps: OpenApiServerDeps = defaultDeps): http.Server {\n return http.createServer(async (req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost`);\n const method = req.method?.toUpperCase();\n\n // Health check\n if (method === \"GET\" && url.pathname === \"/health\") {\n return send(res, 200, { status: \"ok\" });\n }\n\n // OpenAPI spec\n if (method === \"GET\" && url.pathname === \"/openapi.json\") {\n return send(res, 200, OPENAPI_SPEC);\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.remediateFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/plan-remediation\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.planRemediationFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate-from-scan\") {\n let body: { inputPath?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.inputPath !== \"string\" || !body.inputPath) {\n return send(res, 400, { error: \"inputPath is required (string)\" });\n }\n try {\n const report = await deps.remediateFromScanFn(body.inputPath, withOpenApiSource(body.options) as ScanOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n return send(res, 404, { error: \"Not found\" });\n });\n}\n\nexport const OPENAPI_SPEC = {\n openapi: \"3.1.0\",\n info: {\n title: \"autoremediator\",\n version: \"0.1.2\",\n description: \"Agentic CVE remediation for Node.js dependency projects\",\n },\n paths: {\n \"/remediate\": {\n post: {\n operationId: \"remediate\",\n summary: \"Remediate a single CVE\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n preview: { type: \"boolean\" },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/plan-remediation\": {\n post: {\n operationId: \"planRemediation\",\n summary: \"Generate a non-mutating remediation preview\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/remediate-from-scan\": {\n post: {\n operationId: \"remediateFromScan\",\n summary: \"Parse a scanner file and remediate all found CVEs\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: {\n type: \"string\",\n description: \"Absolute or relative path to npm/pnpm/yarn audit JSON or SARIF file\",\n },\n options: {\n type: \"object\",\n description: \"ScanOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n preview: { type: \"boolean\" },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n format: { type: \"string\", enum: [\"npm-audit\", \"yarn-audit\", \"sarif\", \"auto\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n evidence: { type: \"boolean\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"ScanReport\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: {\n schemaVersion: { type: \"string\" },\n status: { type: \"string\", enum: [\"ok\", \"partial\", \"failed\"] },\n generatedAt: { type: \"string\" },\n cveIds: { type: \"array\", items: { type: \"string\" } },\n reports: { type: \"array\", items: { type: \"object\" } },\n successCount: { type: \"number\" },\n failedCount: { type: \"number\" },\n errors: { type: \"array\", items: { type: \"object\" } },\n evidenceFile: { type: \"string\" },\n patchCount: { type: \"number\" },\n patchesDir: { type: \"string\" },\n },\n },\n },\n },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/health\": {\n get: {\n operationId: \"health\",\n summary: \"Health check\",\n responses: {\n \"200\": {\n description: \"Server is healthy\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { status: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n },\n};\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n const port = parsePort();\n const server = createOpenApiServer();\n server.listen(port, () => {\n console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);\n console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);\n });\n}\n"],"mappings":";;;;;;;AAQA,OAAO,UAAU;AACjB,SAAS,qBAAqB;AAI9B,IAAM,eAAe;AAErB,SAAS,YAAoB;AAC3B,QAAM,MAAM,QAAQ,KAAK,QAAQ,QAAQ;AACzC,MAAI,QAAQ,MAAM,QAAQ,KAAK,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,SAAS,QAAQ,KAAK,MAAM,CAAC,GAAG,EAAE;AAC5C,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,MAAI,QAAQ,IAAI,MAAM;AACpB,UAAM,IAAI,SAAS,QAAQ,IAAI,MAAM,EAAE;AACvC,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,MAAM;AACV,QAAI,YAAY,MAAM;AACtB,QAAI,GAAG,QAAQ,CAAC,UAAkB;AAAE,aAAO;AAAA,IAAO,CAAC;AACnD,QAAI,GAAG,OAAO,MAAM;AAClB,UAAI;AACF,gBAAQ,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;AAAA,MACpC,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,KAAK,KAA0B,QAAgB,MAAqB;AAC3E,QAAM,UAAU,KAAK,UAAU,IAAI;AACnC,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,OAAO;AAAA,EAC7C,CAAC;AACD,MAAI,IAAI,OAAO;AACjB;AAEA,SAAS,kBAAkB,SAA2C;AACpE,QAAM,aAAa,OAAO,YAAY,YAAY,YAAY,OACzD,UACD,CAAC;AACL,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,OAAO,WAAW,WAAW,WAAW,WAAW,SAAS;AAAA,EACtE;AACF;AAQA,IAAM,cAAiC;AAAA,EACrC,aAAa;AAAA,EACb,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEO,SAAS,oBAAoB,OAA0B,aAA0B;AACtF,SAAO,KAAK,aAAa,OAAO,KAAK,QAAQ;AAC3C,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,SAAS,IAAI,QAAQ,YAAY;AAGzC,QAAI,WAAW,SAAS,IAAI,aAAa,WAAW;AAClD,aAAO,KAAK,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACxC;AAGA,QAAI,WAAW,SAAS,IAAI,aAAa,iBAAiB;AACxD,aAAO,KAAK,KAAK,KAAK,YAAY;AAAA,IACpC;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,cAAc;AACxD,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,YAAY,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AACrG,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,qBAAqB;AAC/D,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,kBAAkB,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AAC3G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,wBAAwB;AAClE,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,cAAc,YAAY,CAAC,KAAK,WAAW;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,iCAAiC,CAAC;AAAA,MACnE;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,oBAAoB,KAAK,WAAW,kBAAkB,KAAK,OAAO,CAAgB;AAC5G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,WAAO,KAAK,KAAK,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC9C,CAAC;AACH;AAEO,IAAM,eAAe;AAAA,EAC1B,SAAS;AAAA,EACT,MAAM;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,OAAO;AAAA,IACL,cAAc;AAAA,MACZ,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,SAAS,EAAE,MAAM,UAAU;AAAA,sBAC3B,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,qBAAqB;AAAA,MACnB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,wBAAwB;AAAA,MACtB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,WAAW;AAAA,gBACtB,YAAY;AAAA,kBACV,WAAW;AAAA,oBACT,MAAM;AAAA,oBACN,aAAa;AAAA,kBACf;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,SAAS,EAAE,MAAM,UAAU;AAAA,sBAC3B,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,aAAa,cAAc,SAAS,MAAM,EAAE;AAAA,sBAC7E,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY;AAAA,oBACV,eAAe,EAAE,MAAM,SAAS;AAAA,oBAChC,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,MAAM,WAAW,QAAQ,EAAE;AAAA,oBAC5D,aAAa,EAAE,MAAM,SAAS;AAAA,oBAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACnD,SAAS,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACpD,cAAc,EAAE,MAAM,SAAS;AAAA,oBAC/B,aAAa,EAAE,MAAM,SAAS;AAAA,oBAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACnD,cAAc,EAAE,MAAM,SAAS;AAAA,oBAC/B,YAAY,EAAE,MAAM,SAAS;AAAA,oBAC7B,YAAY,EAAE,MAAM,SAAS;AAAA,kBAC/B;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,KAAK;AAAA,QACH,aAAa;AAAA,QACb,SAAS;AAAA,QACT,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC3C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,QAAM,OAAO,UAAU;AACvB,QAAM,SAAS,oBAAoB;AACnC,SAAO,OAAO,MAAM,MAAM;AACxB,YAAQ,IAAI,+DAA+D,IAAI,EAAE;AACjF,YAAQ,IAAI,oCAAoC,IAAI,eAAe;AAAA,EACrE,CAAC;AACH;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/openapi/server.ts"],"sourcesContent":["/**\n * autoremediator OpenAPI HTTP server\n *\n * Exposes POST /remediate and POST /remediate-from-scan as a lightweight\n * HTTP server using Node.js built-in http module (no framework dependency).\n *\n * Start: node dist/openapi/server.js [--port 3000]\n */\nimport http from \"node:http\";\nimport { fileURLToPath } from \"node:url\";\nimport {\n createRemediateOptionSchemaProperties,\n createScanOptionSchemaProperties,\n createScanReportSchemaProperties,\n OPTION_DESCRIPTIONS,\n planRemediation,\n remediate,\n remediateFromScan,\n} from \"../api/index.js\";\nimport type { RemediateOptions, ScanOptions } from \"../api/index.js\";\nimport { PACKAGE_VERSION } from \"../version\";\n\nconst DEFAULT_PORT = 3000;\n\nfunction parsePort(): number {\n const idx = process.argv.indexOf(\"--port\");\n if (idx !== -1 && process.argv[idx + 1]) {\n const p = parseInt(process.argv[idx + 1], 10);\n if (!isNaN(p)) return p;\n }\n if (process.env.PORT) {\n const p = parseInt(process.env.PORT, 10);\n if (!isNaN(p)) return p;\n }\n return DEFAULT_PORT;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let raw = \"\";\n req.setEncoding(\"utf8\");\n req.on(\"data\", (chunk: string) => { raw += chunk; });\n req.on(\"end\", () => {\n try {\n resolve(raw ? JSON.parse(raw) : {});\n } catch {\n reject(new Error(\"Invalid JSON body\"));\n }\n });\n req.on(\"error\", reject);\n });\n}\n\nfunction send(res: http.ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n \"Content-Length\": Buffer.byteLength(payload),\n });\n res.end(payload);\n}\n\nfunction withOpenApiSource(options: unknown): Record<string, unknown> {\n const normalized = typeof options === \"object\" && options !== null\n ? (options as Record<string, unknown>)\n : {};\n return {\n ...normalized,\n source: typeof normalized.source === \"string\" ? normalized.source : \"openapi\",\n };\n}\n\ninterface OpenApiServerDeps {\n remediateFn: typeof remediate;\n remediateFromScanFn: typeof remediateFromScan;\n planRemediationFn: typeof planRemediation;\n}\n\nconst defaultDeps: OpenApiServerDeps = {\n remediateFn: remediate,\n remediateFromScanFn: remediateFromScan,\n planRemediationFn: planRemediation,\n};\n\nexport function createOpenApiServer(deps: OpenApiServerDeps = defaultDeps): http.Server {\n return http.createServer(async (req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost`);\n const method = req.method?.toUpperCase();\n\n // Health check\n if (method === \"GET\" && url.pathname === \"/health\") {\n return send(res, 200, { status: \"ok\" });\n }\n\n // OpenAPI spec\n if (method === \"GET\" && url.pathname === \"/openapi.json\") {\n return send(res, 200, OPENAPI_SPEC);\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.remediateFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/plan-remediation\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.planRemediationFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate-from-scan\") {\n let body: { inputPath?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.inputPath !== \"string\" || !body.inputPath) {\n return send(res, 400, { error: \"inputPath is required (string)\" });\n }\n try {\n const report = await deps.remediateFromScanFn(body.inputPath, withOpenApiSource(body.options) as ScanOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n return send(res, 404, { error: \"Not found\" });\n });\n}\n\nexport const OPENAPI_SPEC = {\n openapi: \"3.1.0\",\n info: {\n title: \"autoremediator\",\n version: PACKAGE_VERSION,\n description: \"Agentic CVE remediation for Node.js dependency projects\",\n },\n paths: {\n \"/remediate\": {\n post: {\n operationId: \"remediate\",\n summary: \"Remediate a single CVE\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: OPTION_DESCRIPTIONS.cveId,\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: createRemediateOptionSchemaProperties(),\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/plan-remediation\": {\n post: {\n operationId: \"planRemediation\",\n summary: \"Generate a non-mutating remediation preview\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: OPTION_DESCRIPTIONS.cveId,\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false, includeEvidence: true }),\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/remediate-from-scan\": {\n post: {\n operationId: \"remediateFromScan\",\n summary: \"Parse a scanner file and remediate all found CVEs\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: {\n type: \"string\",\n description: OPTION_DESCRIPTIONS.inputPath,\n },\n options: {\n type: \"object\",\n description: \"ScanOptions\",\n properties: createScanOptionSchemaProperties(),\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"ScanReport\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: createScanReportSchemaProperties(),\n },\n },\n },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/health\": {\n get: {\n operationId: \"health\",\n summary: \"Health check\",\n responses: {\n \"200\": {\n description: \"Server is healthy\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { status: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n },\n};\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n const port = parsePort();\n const server = createOpenApiServer();\n server.listen(port, () => {\n console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);\n console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;AAQA,OAAO,UAAU;AACjB,SAAS,qBAAqB;AAa9B,IAAM,eAAe;AAErB,SAAS,YAAoB;AAC3B,QAAM,MAAM,QAAQ,KAAK,QAAQ,QAAQ;AACzC,MAAI,QAAQ,MAAM,QAAQ,KAAK,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,SAAS,QAAQ,KAAK,MAAM,CAAC,GAAG,EAAE;AAC5C,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,MAAI,QAAQ,IAAI,MAAM;AACpB,UAAM,IAAI,SAAS,QAAQ,IAAI,MAAM,EAAE;AACvC,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,MAAM;AACV,QAAI,YAAY,MAAM;AACtB,QAAI,GAAG,QAAQ,CAAC,UAAkB;AAAE,aAAO;AAAA,IAAO,CAAC;AACnD,QAAI,GAAG,OAAO,MAAM;AAClB,UAAI;AACF,gBAAQ,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;AAAA,MACpC,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,KAAK,KAA0B,QAAgB,MAAqB;AAC3E,QAAM,UAAU,KAAK,UAAU,IAAI;AACnC,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,OAAO;AAAA,EAC7C,CAAC;AACD,MAAI,IAAI,OAAO;AACjB;AAEA,SAAS,kBAAkB,SAA2C;AACpE,QAAM,aAAa,OAAO,YAAY,YAAY,YAAY,OACzD,UACD,CAAC;AACL,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,OAAO,WAAW,WAAW,WAAW,WAAW,SAAS;AAAA,EACtE;AACF;AAQA,IAAM,cAAiC;AAAA,EACrC,aAAa;AAAA,EACb,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEO,SAAS,oBAAoB,OAA0B,aAA0B;AACtF,SAAO,KAAK,aAAa,OAAO,KAAK,QAAQ;AAC3C,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,SAAS,IAAI,QAAQ,YAAY;AAGzC,QAAI,WAAW,SAAS,IAAI,aAAa,WAAW;AAClD,aAAO,KAAK,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACxC;AAGA,QAAI,WAAW,SAAS,IAAI,aAAa,iBAAiB;AACxD,aAAO,KAAK,KAAK,KAAK,YAAY;AAAA,IACpC;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,cAAc;AACxD,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,YAAY,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AACrG,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,qBAAqB;AAC/D,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,kBAAkB,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AAC3G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,wBAAwB;AAClE,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,cAAc,YAAY,CAAC,KAAK,WAAW;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,iCAAiC,CAAC;AAAA,MACnE;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,oBAAoB,KAAK,WAAW,kBAAkB,KAAK,OAAO,CAAgB;AAC5G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,WAAO,KAAK,KAAK,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC9C,CAAC;AACH;AAEO,IAAM,eAAe;AAAA,EAC1B,SAAS;AAAA,EACT,MAAM;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,OAAO;AAAA,IACL,cAAc;AAAA,MACZ,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa,oBAAoB;AAAA,oBACjC,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY,sCAAsC;AAAA,kBACpD;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,qBAAqB;AAAA,MACnB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa,oBAAoB;AAAA,oBACjC,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY,sCAAsC,EAAE,eAAe,OAAO,gBAAgB,OAAO,iBAAiB,KAAK,CAAC;AAAA,kBAC1H;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,wBAAwB;AAAA,MACtB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,WAAW;AAAA,gBACtB,YAAY;AAAA,kBACV,WAAW;AAAA,oBACT,MAAM;AAAA,oBACN,aAAa,oBAAoB;AAAA,kBACnC;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY,iCAAiC;AAAA,kBAC/C;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,iCAAiC;AAAA,gBAC/C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,KAAK;AAAA,QACH,aAAa;AAAA,QACb,SAAS;AAAA,QACT,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC3C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,QAAM,OAAO,UAAU;AACvB,QAAM,SAAS,oBAAoB;AACnC,SAAO,OAAO,MAAM,MAAM;AACxB,YAAQ,IAAI,+DAA+D,IAAI,EAAE;AACjF,YAAQ,IAAI,oCAAoC,IAAI,eAAe;AAAA,EACrE,CAAC;AACH;","names":[]}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
type JsonSchemaProperty = Record<string, unknown>;
|
|
2
|
+
declare const PACKAGE_MANAGER_VALUES: readonly ["npm", "pnpm", "yarn"];
|
|
3
|
+
declare const LLM_PROVIDER_VALUES: readonly ["openai", "anthropic", "local"];
|
|
4
|
+
declare const PROVENANCE_SOURCE_VALUES: readonly ["cli", "sdk", "mcp", "openapi", "unknown"];
|
|
5
|
+
declare const OPTION_DESCRIPTIONS: {
|
|
6
|
+
readonly cveId: "CVE ID, e.g. CVE-2021-23337";
|
|
7
|
+
readonly inputPath: "Absolute path to the scanner output file";
|
|
8
|
+
readonly cwd: "Absolute path to the project root (default: process.cwd())";
|
|
9
|
+
readonly packageManager: "Package manager override (auto-detected by default)";
|
|
10
|
+
readonly dryRun: "If true, plan changes but write nothing";
|
|
11
|
+
readonly preview: "If true, enforce non-mutating preview mode";
|
|
12
|
+
readonly runTests: "Run package-manager test command after applying fix";
|
|
13
|
+
readonly llmProvider: "LLM provider override";
|
|
14
|
+
readonly patchesDir: "Directory to write .patch files (default: ./patches)";
|
|
15
|
+
readonly policy: "Optional path to .autoremediator policy file";
|
|
16
|
+
readonly requestId: "Request correlation ID";
|
|
17
|
+
readonly sessionId: "Session correlation ID";
|
|
18
|
+
readonly parentRunId: "Parent run correlation ID";
|
|
19
|
+
readonly idempotencyKey: "Idempotency key for replay-safe execution";
|
|
20
|
+
readonly resume: "Return cached result for matching idempotency key when available";
|
|
21
|
+
readonly actor: "Actor identity for evidence provenance";
|
|
22
|
+
readonly source: "Source system for provenance";
|
|
23
|
+
readonly format: "Scanner format (default: auto)";
|
|
24
|
+
readonly evidence: "Write evidence JSON to .autoremediator/evidence/ (default: true)";
|
|
25
|
+
readonly directDependenciesOnly: "Restrict remediation to direct dependencies only";
|
|
26
|
+
readonly preferVersionBump: "Reject override and patch remediation when version-bump-only policy is required";
|
|
27
|
+
};
|
|
28
|
+
declare function createConstraintSchemaProperties(): Record<string, JsonSchemaProperty>;
|
|
29
|
+
declare function createRemediateOptionSchemaProperties(options?: {
|
|
30
|
+
includeDryRun?: boolean;
|
|
31
|
+
includePreview?: boolean;
|
|
32
|
+
includeEvidence?: boolean;
|
|
33
|
+
}): Record<string, JsonSchemaProperty>;
|
|
34
|
+
declare function createScanOptionSchemaProperties(): Record<string, JsonSchemaProperty>;
|
|
35
|
+
declare function createScanReportSchemaProperties(): Record<string, JsonSchemaProperty>;
|
|
36
|
+
|
|
37
|
+
export { type JsonSchemaProperty as J, LLM_PROVIDER_VALUES as L, OPTION_DESCRIPTIONS as O, PACKAGE_MANAGER_VALUES as P, PROVENANCE_SOURCE_VALUES as a, createRemediateOptionSchemaProperties as b, createConstraintSchemaProperties as c, createScanOptionSchemaProperties as d, createScanReportSchemaProperties as e };
|