autoremediator 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,14 +1,6 @@
1
+ import { J as JsonSchemaProperty } from '../options-schema-DfLBOsPI.js';
1
2
  import http from 'node:http';
2
- import { remediate, remediateFromScan, planRemediation } from '../index.js';
3
-
4
- /**
5
- * autoremediator OpenAPI HTTP server
6
- *
7
- * Exposes POST /remediate and POST /remediate-from-scan as a lightweight
8
- * HTTP server using Node.js built-in http module (no framework dependency).
9
- *
10
- * Start: node dist/openapi/server.js [--port 3000]
11
- */
3
+ import { r as remediate, l as remediateFromScan, p as planRemediation } from '../remediate-from-scan-C-E7gqxF.js';
12
4
 
13
5
  interface OpenApiServerDeps {
14
6
  remediateFn: typeof remediate;
@@ -38,73 +30,13 @@ declare const OPENAPI_SPEC: {
38
30
  properties: {
39
31
  cveId: {
40
32
  type: string;
41
- description: string;
33
+ description: "CVE ID, e.g. CVE-2021-23337";
42
34
  pattern: string;
43
35
  };
44
36
  options: {
45
37
  type: string;
46
38
  description: string;
47
- properties: {
48
- cwd: {
49
- type: string;
50
- };
51
- packageManager: {
52
- type: string;
53
- enum: string[];
54
- };
55
- dryRun: {
56
- type: string;
57
- };
58
- preview: {
59
- type: string;
60
- };
61
- runTests: {
62
- type: string;
63
- };
64
- llmProvider: {
65
- type: string;
66
- enum: string[];
67
- };
68
- patchesDir: {
69
- type: string;
70
- };
71
- policy: {
72
- type: string;
73
- };
74
- requestId: {
75
- type: string;
76
- };
77
- sessionId: {
78
- type: string;
79
- };
80
- parentRunId: {
81
- type: string;
82
- };
83
- idempotencyKey: {
84
- type: string;
85
- };
86
- resume: {
87
- type: string;
88
- };
89
- actor: {
90
- type: string;
91
- };
92
- source: {
93
- type: string;
94
- enum: string[];
95
- };
96
- constraints: {
97
- type: string;
98
- properties: {
99
- directDependenciesOnly: {
100
- type: string;
101
- };
102
- preferVersionBump: {
103
- type: string;
104
- };
105
- };
106
- };
107
- };
39
+ properties: Record<string, JsonSchemaProperty>;
108
40
  };
109
41
  };
110
42
  };
@@ -154,67 +86,13 @@ declare const OPENAPI_SPEC: {
154
86
  properties: {
155
87
  cveId: {
156
88
  type: string;
157
- description: string;
89
+ description: "CVE ID, e.g. CVE-2021-23337";
158
90
  pattern: string;
159
91
  };
160
92
  options: {
161
93
  type: string;
162
94
  description: string;
163
- properties: {
164
- cwd: {
165
- type: string;
166
- };
167
- packageManager: {
168
- type: string;
169
- enum: string[];
170
- };
171
- runTests: {
172
- type: string;
173
- };
174
- llmProvider: {
175
- type: string;
176
- enum: string[];
177
- };
178
- patchesDir: {
179
- type: string;
180
- };
181
- policy: {
182
- type: string;
183
- };
184
- requestId: {
185
- type: string;
186
- };
187
- sessionId: {
188
- type: string;
189
- };
190
- parentRunId: {
191
- type: string;
192
- };
193
- idempotencyKey: {
194
- type: string;
195
- };
196
- resume: {
197
- type: string;
198
- };
199
- actor: {
200
- type: string;
201
- };
202
- source: {
203
- type: string;
204
- enum: string[];
205
- };
206
- constraints: {
207
- type: string;
208
- properties: {
209
- directDependenciesOnly: {
210
- type: string;
211
- };
212
- preferVersionBump: {
213
- type: string;
214
- };
215
- };
216
- };
217
- };
95
+ properties: Record<string, JsonSchemaProperty>;
218
96
  };
219
97
  };
220
98
  };
@@ -264,79 +142,12 @@ declare const OPENAPI_SPEC: {
264
142
  properties: {
265
143
  inputPath: {
266
144
  type: string;
267
- description: string;
145
+ description: "Absolute path to the scanner output file";
268
146
  };
269
147
  options: {
270
148
  type: string;
271
149
  description: string;
272
- properties: {
273
- cwd: {
274
- type: string;
275
- };
276
- packageManager: {
277
- type: string;
278
- enum: string[];
279
- };
280
- dryRun: {
281
- type: string;
282
- };
283
- preview: {
284
- type: string;
285
- };
286
- runTests: {
287
- type: string;
288
- };
289
- llmProvider: {
290
- type: string;
291
- enum: string[];
292
- };
293
- format: {
294
- type: string;
295
- enum: string[];
296
- };
297
- patchesDir: {
298
- type: string;
299
- };
300
- policy: {
301
- type: string;
302
- };
303
- evidence: {
304
- type: string;
305
- };
306
- requestId: {
307
- type: string;
308
- };
309
- sessionId: {
310
- type: string;
311
- };
312
- parentRunId: {
313
- type: string;
314
- };
315
- idempotencyKey: {
316
- type: string;
317
- };
318
- resume: {
319
- type: string;
320
- };
321
- actor: {
322
- type: string;
323
- };
324
- source: {
325
- type: string;
326
- enum: string[];
327
- };
328
- constraints: {
329
- type: string;
330
- properties: {
331
- directDependenciesOnly: {
332
- type: string;
333
- };
334
- preferVersionBump: {
335
- type: string;
336
- };
337
- };
338
- };
339
- };
150
+ properties: Record<string, JsonSchemaProperty>;
340
151
  };
341
152
  };
342
153
  };
@@ -350,51 +161,7 @@ declare const OPENAPI_SPEC: {
350
161
  "application/json": {
351
162
  schema: {
352
163
  type: string;
353
- properties: {
354
- schemaVersion: {
355
- type: string;
356
- };
357
- status: {
358
- type: string;
359
- enum: string[];
360
- };
361
- generatedAt: {
362
- type: string;
363
- };
364
- cveIds: {
365
- type: string;
366
- items: {
367
- type: string;
368
- };
369
- };
370
- reports: {
371
- type: string;
372
- items: {
373
- type: string;
374
- };
375
- };
376
- successCount: {
377
- type: string;
378
- };
379
- failedCount: {
380
- type: string;
381
- };
382
- errors: {
383
- type: string;
384
- items: {
385
- type: string;
386
- };
387
- };
388
- evidenceFile: {
389
- type: string;
390
- };
391
- patchCount: {
392
- type: string;
393
- };
394
- patchesDir: {
395
- type: string;
396
- };
397
- };
164
+ properties: Record<string, JsonSchemaProperty>;
398
165
  };
399
166
  };
400
167
  };
@@ -1,8 +1,15 @@
1
1
  import {
2
+ PACKAGE_VERSION
3
+ } from "../chunk-7XSZTGU7.js";
4
+ import {
5
+ OPTION_DESCRIPTIONS,
6
+ createRemediateOptionSchemaProperties,
7
+ createScanOptionSchemaProperties,
8
+ createScanReportSchemaProperties,
2
9
  planRemediation,
3
10
  remediate,
4
11
  remediateFromScan
5
- } from "../chunk-VLXGEH7U.js";
12
+ } from "../chunk-MUFP2DQX.js";
6
13
 
7
14
  // src/openapi/server.ts
8
15
  import http from "http";
@@ -128,7 +135,7 @@ var OPENAPI_SPEC = {
128
135
  openapi: "3.1.0",
129
136
  info: {
130
137
  title: "autoremediator",
131
- version: "0.1.2",
138
+ version: PACKAGE_VERSION,
132
139
  description: "Agentic CVE remediation for Node.js dependency projects"
133
140
  },
134
141
  paths: {
@@ -146,36 +153,13 @@ var OPENAPI_SPEC = {
146
153
  properties: {
147
154
  cveId: {
148
155
  type: "string",
149
- description: "CVE identifier, e.g. CVE-2021-23337",
156
+ description: OPTION_DESCRIPTIONS.cveId,
150
157
  pattern: "^CVE-\\d{4}-\\d+$"
151
158
  },
152
159
  options: {
153
160
  type: "object",
154
161
  description: "RemediateOptions",
155
- properties: {
156
- cwd: { type: "string" },
157
- packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
158
- dryRun: { type: "boolean" },
159
- preview: { type: "boolean" },
160
- runTests: { type: "boolean" },
161
- llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
162
- patchesDir: { type: "string" },
163
- policy: { type: "string" },
164
- requestId: { type: "string" },
165
- sessionId: { type: "string" },
166
- parentRunId: { type: "string" },
167
- idempotencyKey: { type: "string" },
168
- resume: { type: "boolean" },
169
- actor: { type: "string" },
170
- source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
171
- constraints: {
172
- type: "object",
173
- properties: {
174
- directDependenciesOnly: { type: "boolean" },
175
- preferVersionBump: { type: "boolean" }
176
- }
177
- }
178
- }
162
+ properties: createRemediateOptionSchemaProperties()
179
163
  }
180
164
  }
181
165
  }
@@ -215,34 +199,13 @@ var OPENAPI_SPEC = {
215
199
  properties: {
216
200
  cveId: {
217
201
  type: "string",
218
- description: "CVE identifier, e.g. CVE-2021-23337",
202
+ description: OPTION_DESCRIPTIONS.cveId,
219
203
  pattern: "^CVE-\\d{4}-\\d+$"
220
204
  },
221
205
  options: {
222
206
  type: "object",
223
207
  description: "RemediateOptions",
224
- properties: {
225
- cwd: { type: "string" },
226
- packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
227
- runTests: { type: "boolean" },
228
- llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
229
- patchesDir: { type: "string" },
230
- policy: { type: "string" },
231
- requestId: { type: "string" },
232
- sessionId: { type: "string" },
233
- parentRunId: { type: "string" },
234
- idempotencyKey: { type: "string" },
235
- resume: { type: "boolean" },
236
- actor: { type: "string" },
237
- source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
238
- constraints: {
239
- type: "object",
240
- properties: {
241
- directDependenciesOnly: { type: "boolean" },
242
- preferVersionBump: { type: "boolean" }
243
- }
244
- }
245
- }
208
+ properties: createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false, includeEvidence: true })
246
209
  }
247
210
  }
248
211
  }
@@ -282,37 +245,12 @@ var OPENAPI_SPEC = {
282
245
  properties: {
283
246
  inputPath: {
284
247
  type: "string",
285
- description: "Absolute or relative path to npm/pnpm/yarn audit JSON or SARIF file"
248
+ description: OPTION_DESCRIPTIONS.inputPath
286
249
  },
287
250
  options: {
288
251
  type: "object",
289
252
  description: "ScanOptions",
290
- properties: {
291
- cwd: { type: "string" },
292
- packageManager: { type: "string", enum: ["npm", "pnpm", "yarn"] },
293
- dryRun: { type: "boolean" },
294
- preview: { type: "boolean" },
295
- runTests: { type: "boolean" },
296
- llmProvider: { type: "string", enum: ["openai", "anthropic", "local"] },
297
- format: { type: "string", enum: ["npm-audit", "yarn-audit", "sarif", "auto"] },
298
- patchesDir: { type: "string" },
299
- policy: { type: "string" },
300
- evidence: { type: "boolean" },
301
- requestId: { type: "string" },
302
- sessionId: { type: "string" },
303
- parentRunId: { type: "string" },
304
- idempotencyKey: { type: "string" },
305
- resume: { type: "boolean" },
306
- actor: { type: "string" },
307
- source: { type: "string", enum: ["cli", "sdk", "mcp", "openapi", "unknown"] },
308
- constraints: {
309
- type: "object",
310
- properties: {
311
- directDependenciesOnly: { type: "boolean" },
312
- preferVersionBump: { type: "boolean" }
313
- }
314
- }
315
- }
253
+ properties: createScanOptionSchemaProperties()
316
254
  }
317
255
  }
318
256
  }
@@ -326,19 +264,7 @@ var OPENAPI_SPEC = {
326
264
  "application/json": {
327
265
  schema: {
328
266
  type: "object",
329
- properties: {
330
- schemaVersion: { type: "string" },
331
- status: { type: "string", enum: ["ok", "partial", "failed"] },
332
- generatedAt: { type: "string" },
333
- cveIds: { type: "array", items: { type: "string" } },
334
- reports: { type: "array", items: { type: "object" } },
335
- successCount: { type: "number" },
336
- failedCount: { type: "number" },
337
- errors: { type: "array", items: { type: "object" } },
338
- evidenceFile: { type: "string" },
339
- patchCount: { type: "number" },
340
- patchesDir: { type: "string" }
341
- }
267
+ properties: createScanReportSchemaProperties()
342
268
  }
343
269
  }
344
270
  }
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/openapi/server.ts"],"sourcesContent":["/**\n * autoremediator OpenAPI HTTP server\n *\n * Exposes POST /remediate and POST /remediate-from-scan as a lightweight\n * HTTP server using Node.js built-in http module (no framework dependency).\n *\n * Start: node dist/openapi/server.js [--port 3000]\n */\nimport http from \"node:http\";\nimport { fileURLToPath } from \"node:url\";\nimport { planRemediation, remediate, remediateFromScan } from \"../api.js\";\nimport type { RemediateOptions, ScanOptions } from \"../api.js\";\n\nconst DEFAULT_PORT = 3000;\n\nfunction parsePort(): number {\n const idx = process.argv.indexOf(\"--port\");\n if (idx !== -1 && process.argv[idx + 1]) {\n const p = parseInt(process.argv[idx + 1], 10);\n if (!isNaN(p)) return p;\n }\n if (process.env.PORT) {\n const p = parseInt(process.env.PORT, 10);\n if (!isNaN(p)) return p;\n }\n return DEFAULT_PORT;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let raw = \"\";\n req.setEncoding(\"utf8\");\n req.on(\"data\", (chunk: string) => { raw += chunk; });\n req.on(\"end\", () => {\n try {\n resolve(raw ? JSON.parse(raw) : {});\n } catch {\n reject(new Error(\"Invalid JSON body\"));\n }\n });\n req.on(\"error\", reject);\n });\n}\n\nfunction send(res: http.ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n \"Content-Length\": Buffer.byteLength(payload),\n });\n res.end(payload);\n}\n\nfunction withOpenApiSource(options: unknown): Record<string, unknown> {\n const normalized = typeof options === \"object\" && options !== null\n ? (options as Record<string, unknown>)\n : {};\n return {\n ...normalized,\n source: typeof normalized.source === \"string\" ? normalized.source : \"openapi\",\n };\n}\n\ninterface OpenApiServerDeps {\n remediateFn: typeof remediate;\n remediateFromScanFn: typeof remediateFromScan;\n planRemediationFn: typeof planRemediation;\n}\n\nconst defaultDeps: OpenApiServerDeps = {\n remediateFn: remediate,\n remediateFromScanFn: remediateFromScan,\n planRemediationFn: planRemediation,\n};\n\nexport function createOpenApiServer(deps: OpenApiServerDeps = defaultDeps): http.Server {\n return http.createServer(async (req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost`);\n const method = req.method?.toUpperCase();\n\n // Health check\n if (method === \"GET\" && url.pathname === \"/health\") {\n return send(res, 200, { status: \"ok\" });\n }\n\n // OpenAPI spec\n if (method === \"GET\" && url.pathname === \"/openapi.json\") {\n return send(res, 200, OPENAPI_SPEC);\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.remediateFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/plan-remediation\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.planRemediationFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate-from-scan\") {\n let body: { inputPath?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.inputPath !== \"string\" || !body.inputPath) {\n return send(res, 400, { error: \"inputPath is required (string)\" });\n }\n try {\n const report = await deps.remediateFromScanFn(body.inputPath, withOpenApiSource(body.options) as ScanOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n return send(res, 404, { error: \"Not found\" });\n });\n}\n\nexport const OPENAPI_SPEC = {\n openapi: \"3.1.0\",\n info: {\n title: \"autoremediator\",\n version: \"0.1.2\",\n description: \"Agentic CVE remediation for Node.js dependency projects\",\n },\n paths: {\n \"/remediate\": {\n post: {\n operationId: \"remediate\",\n summary: \"Remediate a single CVE\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n preview: { type: \"boolean\" },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/plan-remediation\": {\n post: {\n operationId: \"planRemediation\",\n summary: \"Generate a non-mutating remediation preview\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: \"CVE identifier, e.g. CVE-2021-23337\",\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/remediate-from-scan\": {\n post: {\n operationId: \"remediateFromScan\",\n summary: \"Parse a scanner file and remediate all found CVEs\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: {\n type: \"string\",\n description: \"Absolute or relative path to npm/pnpm/yarn audit JSON or SARIF file\",\n },\n options: {\n type: \"object\",\n description: \"ScanOptions\",\n properties: {\n cwd: { type: \"string\" },\n packageManager: { type: \"string\", enum: [\"npm\", \"pnpm\", \"yarn\"] },\n dryRun: { type: \"boolean\" },\n preview: { type: \"boolean\" },\n runTests: { type: \"boolean\" },\n llmProvider: { type: \"string\", enum: [\"openai\", \"anthropic\", \"local\"] },\n format: { type: \"string\", enum: [\"npm-audit\", \"yarn-audit\", \"sarif\", \"auto\"] },\n patchesDir: { type: \"string\" },\n policy: { type: \"string\" },\n evidence: { type: \"boolean\" },\n requestId: { type: \"string\" },\n sessionId: { type: \"string\" },\n parentRunId: { type: \"string\" },\n idempotencyKey: { type: \"string\" },\n resume: { type: \"boolean\" },\n actor: { type: \"string\" },\n source: { type: \"string\", enum: [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] },\n constraints: {\n type: \"object\",\n properties: {\n directDependenciesOnly: { type: \"boolean\" },\n preferVersionBump: { type: \"boolean\" },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"ScanReport\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: {\n schemaVersion: { type: \"string\" },\n status: { type: \"string\", enum: [\"ok\", \"partial\", \"failed\"] },\n generatedAt: { type: \"string\" },\n cveIds: { type: \"array\", items: { type: \"string\" } },\n reports: { type: \"array\", items: { type: \"object\" } },\n successCount: { type: \"number\" },\n failedCount: { type: \"number\" },\n errors: { type: \"array\", items: { type: \"object\" } },\n evidenceFile: { type: \"string\" },\n patchCount: { type: \"number\" },\n patchesDir: { type: \"string\" },\n },\n },\n },\n },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/health\": {\n get: {\n operationId: \"health\",\n summary: \"Health check\",\n responses: {\n \"200\": {\n description: \"Server is healthy\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { status: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n },\n};\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n const port = parsePort();\n const server = createOpenApiServer();\n server.listen(port, () => {\n console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);\n console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);\n });\n}\n"],"mappings":";;;;;;;AAQA,OAAO,UAAU;AACjB,SAAS,qBAAqB;AAI9B,IAAM,eAAe;AAErB,SAAS,YAAoB;AAC3B,QAAM,MAAM,QAAQ,KAAK,QAAQ,QAAQ;AACzC,MAAI,QAAQ,MAAM,QAAQ,KAAK,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,SAAS,QAAQ,KAAK,MAAM,CAAC,GAAG,EAAE;AAC5C,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,MAAI,QAAQ,IAAI,MAAM;AACpB,UAAM,IAAI,SAAS,QAAQ,IAAI,MAAM,EAAE;AACvC,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,MAAM;AACV,QAAI,YAAY,MAAM;AACtB,QAAI,GAAG,QAAQ,CAAC,UAAkB;AAAE,aAAO;AAAA,IAAO,CAAC;AACnD,QAAI,GAAG,OAAO,MAAM;AAClB,UAAI;AACF,gBAAQ,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;AAAA,MACpC,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,KAAK,KAA0B,QAAgB,MAAqB;AAC3E,QAAM,UAAU,KAAK,UAAU,IAAI;AACnC,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,OAAO;AAAA,EAC7C,CAAC;AACD,MAAI,IAAI,OAAO;AACjB;AAEA,SAAS,kBAAkB,SAA2C;AACpE,QAAM,aAAa,OAAO,YAAY,YAAY,YAAY,OACzD,UACD,CAAC;AACL,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,OAAO,WAAW,WAAW,WAAW,WAAW,SAAS;AAAA,EACtE;AACF;AAQA,IAAM,cAAiC;AAAA,EACrC,aAAa;AAAA,EACb,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEO,SAAS,oBAAoB,OAA0B,aAA0B;AACtF,SAAO,KAAK,aAAa,OAAO,KAAK,QAAQ;AAC3C,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,SAAS,IAAI,QAAQ,YAAY;AAGzC,QAAI,WAAW,SAAS,IAAI,aAAa,WAAW;AAClD,aAAO,KAAK,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACxC;AAGA,QAAI,WAAW,SAAS,IAAI,aAAa,iBAAiB;AACxD,aAAO,KAAK,KAAK,KAAK,YAAY;AAAA,IACpC;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,cAAc;AACxD,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,YAAY,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AACrG,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,qBAAqB;AAC/D,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,kBAAkB,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AAC3G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,wBAAwB;AAClE,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,cAAc,YAAY,CAAC,KAAK,WAAW;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,iCAAiC,CAAC;AAAA,MACnE;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,oBAAoB,KAAK,WAAW,kBAAkB,KAAK,OAAO,CAAgB;AAC5G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,WAAO,KAAK,KAAK,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC9C,CAAC;AACH;AAEO,IAAM,eAAe;AAAA,EAC1B,SAAS;AAAA,EACT,MAAM;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,OAAO;AAAA,IACL,cAAc;AAAA,MACZ,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,SAAS,EAAE,MAAM,UAAU;AAAA,sBAC3B,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,qBAAqB;AAAA,MACnB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,wBAAwB;AAAA,MACtB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,WAAW;AAAA,gBACtB,YAAY;AAAA,kBACV,WAAW;AAAA,oBACT,MAAM;AAAA,oBACN,aAAa;AAAA,kBACf;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY;AAAA,sBACV,KAAK,EAAE,MAAM,SAAS;AAAA,sBACtB,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,QAAQ,MAAM,EAAE;AAAA,sBAChE,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,SAAS,EAAE,MAAM,UAAU;AAAA,sBAC3B,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,UAAU,aAAa,OAAO,EAAE;AAAA,sBACtE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,aAAa,cAAc,SAAS,MAAM,EAAE;AAAA,sBAC7E,YAAY,EAAE,MAAM,SAAS;AAAA,sBAC7B,QAAQ,EAAE,MAAM,SAAS;AAAA,sBACzB,UAAU,EAAE,MAAM,UAAU;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,WAAW,EAAE,MAAM,SAAS;AAAA,sBAC5B,aAAa,EAAE,MAAM,SAAS;AAAA,sBAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,sBACjC,QAAQ,EAAE,MAAM,UAAU;AAAA,sBAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,sBACxB,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS,EAAE;AAAA,sBAC5E,aAAa;AAAA,wBACX,MAAM;AAAA,wBACN,YAAY;AAAA,0BACV,wBAAwB,EAAE,MAAM,UAAU;AAAA,0BAC1C,mBAAmB,EAAE,MAAM,UAAU;AAAA,wBACvC;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY;AAAA,oBACV,eAAe,EAAE,MAAM,SAAS;AAAA,oBAChC,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,MAAM,WAAW,QAAQ,EAAE;AAAA,oBAC5D,aAAa,EAAE,MAAM,SAAS;AAAA,oBAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACnD,SAAS,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACpD,cAAc,EAAE,MAAM,SAAS;AAAA,oBAC/B,aAAa,EAAE,MAAM,SAAS;AAAA,oBAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,oBACnD,cAAc,EAAE,MAAM,SAAS;AAAA,oBAC/B,YAAY,EAAE,MAAM,SAAS;AAAA,oBAC7B,YAAY,EAAE,MAAM,SAAS;AAAA,kBAC/B;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,KAAK;AAAA,QACH,aAAa;AAAA,QACb,SAAS;AAAA,QACT,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC3C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,QAAM,OAAO,UAAU;AACvB,QAAM,SAAS,oBAAoB;AACnC,SAAO,OAAO,MAAM,MAAM;AACxB,YAAQ,IAAI,+DAA+D,IAAI,EAAE;AACjF,YAAQ,IAAI,oCAAoC,IAAI,eAAe;AAAA,EACrE,CAAC;AACH;","names":[]}
1
+ {"version":3,"sources":["../../src/openapi/server.ts"],"sourcesContent":["/**\n * autoremediator OpenAPI HTTP server\n *\n * Exposes POST /remediate and POST /remediate-from-scan as a lightweight\n * HTTP server using Node.js built-in http module (no framework dependency).\n *\n * Start: node dist/openapi/server.js [--port 3000]\n */\nimport http from \"node:http\";\nimport { fileURLToPath } from \"node:url\";\nimport {\n createRemediateOptionSchemaProperties,\n createScanOptionSchemaProperties,\n createScanReportSchemaProperties,\n OPTION_DESCRIPTIONS,\n planRemediation,\n remediate,\n remediateFromScan,\n} from \"../api/index.js\";\nimport type { RemediateOptions, ScanOptions } from \"../api/index.js\";\nimport { PACKAGE_VERSION } from \"../version\";\n\nconst DEFAULT_PORT = 3000;\n\nfunction parsePort(): number {\n const idx = process.argv.indexOf(\"--port\");\n if (idx !== -1 && process.argv[idx + 1]) {\n const p = parseInt(process.argv[idx + 1], 10);\n if (!isNaN(p)) return p;\n }\n if (process.env.PORT) {\n const p = parseInt(process.env.PORT, 10);\n if (!isNaN(p)) return p;\n }\n return DEFAULT_PORT;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let raw = \"\";\n req.setEncoding(\"utf8\");\n req.on(\"data\", (chunk: string) => { raw += chunk; });\n req.on(\"end\", () => {\n try {\n resolve(raw ? JSON.parse(raw) : {});\n } catch {\n reject(new Error(\"Invalid JSON body\"));\n }\n });\n req.on(\"error\", reject);\n });\n}\n\nfunction send(res: http.ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n \"Content-Length\": Buffer.byteLength(payload),\n });\n res.end(payload);\n}\n\nfunction withOpenApiSource(options: unknown): Record<string, unknown> {\n const normalized = typeof options === \"object\" && options !== null\n ? (options as Record<string, unknown>)\n : {};\n return {\n ...normalized,\n source: typeof normalized.source === \"string\" ? normalized.source : \"openapi\",\n };\n}\n\ninterface OpenApiServerDeps {\n remediateFn: typeof remediate;\n remediateFromScanFn: typeof remediateFromScan;\n planRemediationFn: typeof planRemediation;\n}\n\nconst defaultDeps: OpenApiServerDeps = {\n remediateFn: remediate,\n remediateFromScanFn: remediateFromScan,\n planRemediationFn: planRemediation,\n};\n\nexport function createOpenApiServer(deps: OpenApiServerDeps = defaultDeps): http.Server {\n return http.createServer(async (req, res) => {\n const url = new URL(req.url ?? \"/\", `http://localhost`);\n const method = req.method?.toUpperCase();\n\n // Health check\n if (method === \"GET\" && url.pathname === \"/health\") {\n return send(res, 200, { status: \"ok\" });\n }\n\n // OpenAPI spec\n if (method === \"GET\" && url.pathname === \"/openapi.json\") {\n return send(res, 200, OPENAPI_SPEC);\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.remediateFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/plan-remediation\") {\n let body: { cveId?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.cveId !== \"string\" || !body.cveId) {\n return send(res, 400, { error: \"cveId is required (string)\" });\n }\n try {\n const report = await deps.planRemediationFn(body.cveId, withOpenApiSource(body.options) as RemediateOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n if (method === \"POST\" && url.pathname === \"/remediate-from-scan\") {\n let body: { inputPath?: unknown; options?: unknown };\n try {\n body = (await readBody(req)) as typeof body;\n } catch {\n return send(res, 400, { error: \"Invalid JSON body\" });\n }\n if (typeof body.inputPath !== \"string\" || !body.inputPath) {\n return send(res, 400, { error: \"inputPath is required (string)\" });\n }\n try {\n const report = await deps.remediateFromScanFn(body.inputPath, withOpenApiSource(body.options) as ScanOptions);\n return send(res, 200, report);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return send(res, 400, { error: message });\n }\n }\n\n return send(res, 404, { error: \"Not found\" });\n });\n}\n\nexport const OPENAPI_SPEC = {\n openapi: \"3.1.0\",\n info: {\n title: \"autoremediator\",\n version: PACKAGE_VERSION,\n description: \"Agentic CVE remediation for Node.js dependency projects\",\n },\n paths: {\n \"/remediate\": {\n post: {\n operationId: \"remediate\",\n summary: \"Remediate a single CVE\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: OPTION_DESCRIPTIONS.cveId,\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: createRemediateOptionSchemaProperties(),\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/plan-remediation\": {\n post: {\n operationId: \"planRemediation\",\n summary: \"Generate a non-mutating remediation preview\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: {\n type: \"string\",\n description: OPTION_DESCRIPTIONS.cveId,\n pattern: \"^CVE-\\\\d{4}-\\\\d+$\",\n },\n options: {\n type: \"object\",\n description: \"RemediateOptions\",\n properties: createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false, includeEvidence: true }),\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"RemediationReport\",\n content: { \"application/json\": { schema: { type: \"object\" } } },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/remediate-from-scan\": {\n post: {\n operationId: \"remediateFromScan\",\n summary: \"Parse a scanner file and remediate all found CVEs\",\n requestBody: {\n required: true,\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: {\n type: \"string\",\n description: OPTION_DESCRIPTIONS.inputPath,\n },\n options: {\n type: \"object\",\n description: \"ScanOptions\",\n properties: createScanOptionSchemaProperties(),\n },\n },\n },\n },\n },\n },\n responses: {\n \"200\": {\n description: \"ScanReport\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: createScanReportSchemaProperties(),\n },\n },\n },\n },\n \"400\": {\n description: \"Invalid input or remediation error\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { error: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n \"/health\": {\n get: {\n operationId: \"health\",\n summary: \"Health check\",\n responses: {\n \"200\": {\n description: \"Server is healthy\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: { status: { type: \"string\" } },\n },\n },\n },\n },\n },\n },\n },\n },\n};\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n const port = parsePort();\n const server = createOpenApiServer();\n server.listen(port, () => {\n console.log(`autoremediator OpenAPI server listening on http://localhost:${port}`);\n console.log(` OpenAPI spec: http://localhost:${port}/openapi.json`);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;AAQA,OAAO,UAAU;AACjB,SAAS,qBAAqB;AAa9B,IAAM,eAAe;AAErB,SAAS,YAAoB;AAC3B,QAAM,MAAM,QAAQ,KAAK,QAAQ,QAAQ;AACzC,MAAI,QAAQ,MAAM,QAAQ,KAAK,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,SAAS,QAAQ,KAAK,MAAM,CAAC,GAAG,EAAE;AAC5C,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,MAAI,QAAQ,IAAI,MAAM;AACpB,UAAM,IAAI,SAAS,QAAQ,IAAI,MAAM,EAAE;AACvC,QAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AAAA,EACxB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,MAAM;AACV,QAAI,YAAY,MAAM;AACtB,QAAI,GAAG,QAAQ,CAAC,UAAkB;AAAE,aAAO;AAAA,IAAO,CAAC;AACnD,QAAI,GAAG,OAAO,MAAM;AAClB,UAAI;AACF,gBAAQ,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;AAAA,MACpC,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,KAAK,KAA0B,QAAgB,MAAqB;AAC3E,QAAM,UAAU,KAAK,UAAU,IAAI;AACnC,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,OAAO;AAAA,EAC7C,CAAC;AACD,MAAI,IAAI,OAAO;AACjB;AAEA,SAAS,kBAAkB,SAA2C;AACpE,QAAM,aAAa,OAAO,YAAY,YAAY,YAAY,OACzD,UACD,CAAC;AACL,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,OAAO,WAAW,WAAW,WAAW,WAAW,SAAS;AAAA,EACtE;AACF;AAQA,IAAM,cAAiC;AAAA,EACrC,aAAa;AAAA,EACb,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEO,SAAS,oBAAoB,OAA0B,aAA0B;AACtF,SAAO,KAAK,aAAa,OAAO,KAAK,QAAQ;AAC3C,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,SAAS,IAAI,QAAQ,YAAY;AAGzC,QAAI,WAAW,SAAS,IAAI,aAAa,WAAW;AAClD,aAAO,KAAK,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACxC;AAGA,QAAI,WAAW,SAAS,IAAI,aAAa,iBAAiB;AACxD,aAAO,KAAK,KAAK,KAAK,YAAY;AAAA,IACpC;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,cAAc;AACxD,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,YAAY,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AACrG,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,qBAAqB;AAC/D,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,UAAU,YAAY,CAAC,KAAK,OAAO;AACjD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC/D;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,kBAAkB,KAAK,OAAO,kBAAkB,KAAK,OAAO,CAAqB;AAC3G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,QAAI,WAAW,UAAU,IAAI,aAAa,wBAAwB;AAClE,UAAI;AACJ,UAAI;AACF,eAAQ,MAAM,SAAS,GAAG;AAAA,MAC5B,QAAQ;AACN,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,oBAAoB,CAAC;AAAA,MACtD;AACA,UAAI,OAAO,KAAK,cAAc,YAAY,CAAC,KAAK,WAAW;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,iCAAiC,CAAC;AAAA,MACnE;AACA,UAAI;AACF,cAAM,SAAS,MAAM,KAAK,oBAAoB,KAAK,WAAW,kBAAkB,KAAK,OAAO,CAAgB;AAC5G,eAAO,KAAK,KAAK,KAAK,MAAM;AAAA,MAC9B,SAAS,KAAK;AACZ,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MAC1C;AAAA,IACF;AAEE,WAAO,KAAK,KAAK,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC9C,CAAC;AACH;AAEO,IAAM,eAAe;AAAA,EAC1B,SAAS;AAAA,EACT,MAAM;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,OAAO;AAAA,IACL,cAAc;AAAA,MACZ,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa,oBAAoB;AAAA,oBACjC,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY,sCAAsC;AAAA,kBACpD;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,qBAAqB;AAAA,MACnB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,OAAO;AAAA,gBAClB,YAAY;AAAA,kBACV,OAAO;AAAA,oBACL,MAAM;AAAA,oBACN,aAAa,oBAAoB;AAAA,oBACjC,SAAS;AAAA,kBACX;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY,sCAAsC,EAAE,eAAe,OAAO,gBAAgB,OAAO,iBAAiB,KAAK,CAAC;AAAA,kBAC1H;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE,EAAE;AAAA,UAChE;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,wBAAwB;AAAA,MACtB,MAAM;AAAA,QACJ,aAAa;AAAA,QACb,SAAS;AAAA,QACT,aAAa;AAAA,UACX,UAAU;AAAA,UACV,SAAS;AAAA,YACP,oBAAoB;AAAA,cAClB,QAAQ;AAAA,gBACN,MAAM;AAAA,gBACN,UAAU,CAAC,WAAW;AAAA,gBACtB,YAAY;AAAA,kBACV,WAAW;AAAA,oBACT,MAAM;AAAA,oBACN,aAAa,oBAAoB;AAAA,kBACnC;AAAA,kBACA,SAAS;AAAA,oBACP,MAAM;AAAA,oBACN,aAAa;AAAA,oBACb,YAAY,iCAAiC;AAAA,kBAC/C;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,iCAAiC;AAAA,gBAC/C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,UACA,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC1C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,KAAK;AAAA,QACH,aAAa;AAAA,QACb,SAAS;AAAA,QACT,WAAW;AAAA,UACT,OAAO;AAAA,YACL,aAAa;AAAA,YACb,SAAS;AAAA,cACP,oBAAoB;AAAA,gBAClB,QAAQ;AAAA,kBACN,MAAM;AAAA,kBACN,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,EAAE;AAAA,gBAC3C;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,QAAM,OAAO,UAAU;AACvB,QAAM,SAAS,oBAAoB;AACnC,SAAO,OAAO,MAAM,MAAM;AACxB,YAAQ,IAAI,+DAA+D,IAAI,EAAE;AACjF,YAAQ,IAAI,oCAAoC,IAAI,eAAe;AAAA,EACrE,CAAC;AACH;","names":[]}
@@ -0,0 +1,37 @@
1
+ type JsonSchemaProperty = Record<string, unknown>;
2
+ declare const PACKAGE_MANAGER_VALUES: readonly ["npm", "pnpm", "yarn"];
3
+ declare const LLM_PROVIDER_VALUES: readonly ["openai", "anthropic", "local"];
4
+ declare const PROVENANCE_SOURCE_VALUES: readonly ["cli", "sdk", "mcp", "openapi", "unknown"];
5
+ declare const OPTION_DESCRIPTIONS: {
6
+ readonly cveId: "CVE ID, e.g. CVE-2021-23337";
7
+ readonly inputPath: "Absolute path to the scanner output file";
8
+ readonly cwd: "Absolute path to the project root (default: process.cwd())";
9
+ readonly packageManager: "Package manager override (auto-detected by default)";
10
+ readonly dryRun: "If true, plan changes but write nothing";
11
+ readonly preview: "If true, enforce non-mutating preview mode";
12
+ readonly runTests: "Run package-manager test command after applying fix";
13
+ readonly llmProvider: "LLM provider override";
14
+ readonly patchesDir: "Directory to write .patch files (default: ./patches)";
15
+ readonly policy: "Optional path to .autoremediator policy file";
16
+ readonly requestId: "Request correlation ID";
17
+ readonly sessionId: "Session correlation ID";
18
+ readonly parentRunId: "Parent run correlation ID";
19
+ readonly idempotencyKey: "Idempotency key for replay-safe execution";
20
+ readonly resume: "Return cached result for matching idempotency key when available";
21
+ readonly actor: "Actor identity for evidence provenance";
22
+ readonly source: "Source system for provenance";
23
+ readonly format: "Scanner format (default: auto)";
24
+ readonly evidence: "Write evidence JSON to .autoremediator/evidence/ (default: true)";
25
+ readonly directDependenciesOnly: "Restrict remediation to direct dependencies only";
26
+ readonly preferVersionBump: "Reject override and patch remediation when version-bump-only policy is required";
27
+ };
28
+ declare function createConstraintSchemaProperties(): Record<string, JsonSchemaProperty>;
29
+ declare function createRemediateOptionSchemaProperties(options?: {
30
+ includeDryRun?: boolean;
31
+ includePreview?: boolean;
32
+ includeEvidence?: boolean;
33
+ }): Record<string, JsonSchemaProperty>;
34
+ declare function createScanOptionSchemaProperties(): Record<string, JsonSchemaProperty>;
35
+ declare function createScanReportSchemaProperties(): Record<string, JsonSchemaProperty>;
36
+
37
+ export { type JsonSchemaProperty as J, LLM_PROVIDER_VALUES as L, OPTION_DESCRIPTIONS as O, PACKAGE_MANAGER_VALUES as P, PROVENANCE_SOURCE_VALUES as a, createRemediateOptionSchemaProperties as b, createConstraintSchemaProperties as c, createScanOptionSchemaProperties as d, createScanReportSchemaProperties as e };