autoremediator 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/{chunk-ZXPLOIB7.js → chunk-MUFP2DQX.js} +2720 -2484
  2. package/dist/chunk-MUFP2DQX.js.map +1 -0
  3. package/dist/cli.js +87 -13
  4. package/dist/cli.js.map +1 -1
  5. package/dist/index.d.ts +5 -256
  6. package/dist/index.js +1 -1
  7. package/dist/mcp/server.d.ts +1 -1
  8. package/dist/mcp/server.js +2 -2
  9. package/dist/mcp/server.js.map +1 -1
  10. package/dist/openapi/server.d.ts +6 -22
  11. package/dist/openapi/server.js +2 -2
  12. package/dist/openapi/server.js.map +1 -1
  13. package/dist/options-schema-DfLBOsPI.d.ts +37 -0
  14. package/dist/remediate-from-scan-C-E7gqxF.d.ts +211 -0
  15. package/llms.txt +21 -6
  16. package/package.json +1 -1
  17. package/dist/chunk-ZXPLOIB7.js.map +0 -1
package/dist/chunk-MUFP2DQX.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/remediation/pipeline.ts","../src/platform/config.ts","../src/platform/package-manager.ts","../src/remediation/tools/apply-version-bump.ts","../src/platform/policy.ts","../src/platform/repo-lock.ts","../src/remediation/tools/apply-package-override.ts","../src/remediation/tools/apply-patch-file.ts","../src/remediation/strategies/patch-utils.ts","../src/remediation/local/run.ts","../src/intelligence/sources/osv.ts","../src/intelligence/sources/github-advisory.ts","../src/intelligence/sources/nvd.ts","../src/remediation/tools/check-inventory.ts","../src/intelligence/sources/registry.ts","../src/remediation/local/primary-strategy.ts","../src/remediation/tools/fetch-package-source.ts","../src/remediation/tools/generate-patch.ts","../src/remediation/local/fallback.ts","../src/remediation/tools/lookup-cve.ts","../src/intelligence/sources/cisa-kev.ts","../src/intelligence/sources/epss.ts","../src/intelligence/sources/cve-services.ts","../src/intelligence/sources/gitlab-advisory.ts","../src/intelligence/sources/certcc.ts","../src/intelligence/sources/deps-dev.ts","../src/intelligence/sources/ossf-scorecard.ts","../src/intelligence/sources/external-feeds.ts","../src/remediation/tools/check-version-match.ts","../src/remediation/tools/find-fixed-version.ts","../src/remediation/runtime-tools.ts","../src/remediation/orchestration-prompt.ts","../src/api/options-schema.ts","../src/api/reporting.ts","../src/api/sarif.ts","../src/platform/evidence.ts","../src/platform/idempotency.ts","../src/api/context.ts","../src/api/remediate.ts","../src/scanner/parse-input.ts","../src/scanner/adapters/npm-audit.ts","../src/scanner/adapters/yarn-audit.ts","../src/scanner/adapters/sarif.ts","../src/scanner/unique-cve-ids.ts","../src/api/scan-execution.ts","../src/api/scan-outcome.ts","../src/api/remediate-from-scan.ts"],"sourcesContent":["/**\n * Autoremediator agentic loop\n *\n * Orchestrates the full CVE patching pipeline using Vercel AI SDK's\n * generateText with a tool-calling loop.\n *\n * Phase 1 tools: lookup-cve → check-inventory → check-version-match\n * → find-fixed-version → apply-version-bump\n * Phase 4 tools: fetch-package-source → generate-patch → apply-patch-file\n */\nimport { generateText } from \"ai\";\nimport { createModel, resolveProvider } from \"../platform/config.js\";\nimport { detectPackageManager } from \"../platform/package-manager.js\";\nimport { applyVersionBumpTool } from \"./tools/apply-version-bump.js\";\nimport { applyPackageOverrideTool } from \"./tools/apply-package-override.js\";\nimport { applyPatchFileTool } from \"./tools/apply-patch-file.js\";\nimport type {\n RemediateOptions,\n RemediationReport,\n PatchResult,\n VulnerablePackage,\n CveDetails,\n} from \"../platform/types.js\";\nimport { runLocalRemediationPipeline } from \"./local/index.js\";\nimport { buildRuntimeTools } from \"./runtime-tools.js\";\nimport { loadOrchestrationPrompt } from \"./orchestration-prompt.js\";\n\nexport async function runRemediationPipeline(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n const provider = resolveProvider(options);\n if (provider === \"local\") {\n return runLocalRemediationPipeline(cveId, options);\n }\n\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const preview = options.preview ?? false;\n const dryRun = (options.dryRun ?? false) || preview;\n const runTests = options.runTests ?? false;\n const policy = options.policy ?? \"\";\n const patchesDir = options.patchesDir || \"./patches\";\n const constraints = options.constraints ?? {};\n\n const model = await createModel(options);\n\n const systemPrompt = loadOrchestrationPrompt({\n cveId,\n cwd,\n dryRun,\n runTests,\n policy,\n patchesDir,\n packageManager,\n constraints,\n });\n\n const prompt = `Patch vulnerable dependencies affected by ${cveId} in the project at: ${cwd}. Package manager: ${packageManager}.`;\n\n const collectedResults: PatchResult[] = [];\n const vulnerablePackages: VulnerablePackage[] = [];\n let cveDetails: CveDetails | null = null;\n let agentSteps = 0;\n\n const applyVersionBumpToolForRun = preview\n ? {\n ...applyVersionBumpTool,\n execute: async (input: Record<string, unknown>) =>\n (applyVersionBumpTool as any).execute({ ...input, dryRun: true }),\n } as typeof applyVersionBumpTool\n : applyVersionBumpTool;\n const applyPackageOverrideToolForRun = preview\n ? {\n ...applyPackageOverrideTool,\n execute: async (input: Record<string, unknown>) =>\n (applyPackageOverrideTool as any).execute({ ...input, dryRun: true }),\n } as typeof applyPackageOverrideTool\n : applyPackageOverrideTool;\n const applyPatchFileToolForRun = preview\n ? {\n ...applyPatchFileTool,\n execute: async (input: Record<string, unknown>) =>\n (applyPatchFileTool as any).execute({ ...input, dryRun: true }),\n } as typeof applyPatchFileTool\n : applyPatchFileTool;\n const tools = buildRuntimeTools({\n applyVersionBumpToolForRun,\n applyPackageOverrideToolForRun,\n applyPatchFileToolForRun,\n constraints,\n });\n\n const result = await generateText({\n model,\n system: systemPrompt,\n prompt,\n tools: tools as any,\n maxSteps: 25,\n onStepFinish(stepResult) {\n agentSteps += 1;\n\n const toolResults = (stepResult.toolResults ?? []) as Array<{\n toolName: string;\n result?: unknown;\n }>;\n\n for (const tr of toolResults) {\n const toolResult = tr.result as Record<string, unknown> | undefined;\n\n if (tr.toolName === \"lookup-cve\" && toolResult?.data) {\n cveDetails = toolResult.data as CveDetails;\n }\n if (tr.toolName === \"check-version-match\" && toolResult?.vulnerablePackages) {\n vulnerablePackages.push(...(toolResult.vulnerablePackages as VulnerablePackage[]));\n }\n if (tr.toolName === \"apply-version-bump\") {\n collectedResults.push(toolResult as unknown as PatchResult);\n }\n\n if (tr.toolName === \"apply-package-override\") {\n collectedResults.push(toolResult as unknown as PatchResult);\n }\n\n if (tr.toolName === \"apply-patch-file\" && toolResult) {\n const validation = toolResult.validation as\n | { passed?: boolean; error?: string }\n | undefined;\n const message =\n typeof toolResult.message === \"string\"\n ? toolResult.message\n : typeof toolResult.error === \"string\"\n ? toolResult.error\n : \"Patch-file strategy finished.\";\n\n collectedResults.push({\n packageName:\n typeof toolResult.packageName === \"string\"\n ? toolResult.packageName\n : \"unknown-package\",\n strategy: \"patch-file\",\n fromVersion:\n typeof toolResult.vulnerableVersion === \"string\"\n ? toolResult.vulnerableVersion\n : \"unknown\",\n patchFilePath:\n typeof toolResult.patchFilePath === \"string\"\n ? toolResult.patchFilePath\n : typeof toolResult.patchPath === \"string\"\n ? toolResult.patchPath\n : undefined,\n applied: Boolean(toolResult.applied),\n dryRun: Boolean(toolResult.dryRun),\n unresolvedReason:\n !Boolean(toolResult.applied) && !Boolean(toolResult.dryRun)\n ? validation && validation.passed === false\n ? \"patch-validation-failed\"\n : \"patch-apply-failed\"\n : undefined,\n message,\n validation:\n validation && typeof validation.passed === \"boolean\"\n ? {\n passed: validation.passed,\n error: typeof validation.error === \"string\" ? validation.error : undefined,\n }\n : undefined,\n });\n }\n }\n },\n });\n\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: result.text,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n}\n\n","import type { LanguageModelV1 } from \"ai\";\nimport type { RemediateOptions } from \"./types.js\";\n\nexport type SupportedProvider = \"openai\" | \"anthropic\" | \"local\";\n\n/**\n * Reads configuration from environment variables with option overrides.\n * Does NOT import provider packages — those are dynamically imported so\n * that missing optional peer deps don't blow up at startup.\n */\nexport function resolveProvider(options: RemediateOptions = {}): SupportedProvider {\n const raw =\n options.llmProvider ??\n process.env.AUTOREMEDIATOR_LLM_PROVIDER ??\n \"openai\";\n\n if (raw !== \"openai\" && raw !== \"anthropic\" && raw !== \"local\") {\n throw new Error(\n `Unsupported LLM provider \"${raw}\". Set AUTOREMEDIATOR_LLM_PROVIDER to \"openai\", \"anthropic\", or \"local\".`\n );\n }\n return raw as SupportedProvider;\n}\n\nexport function resolveModelName(\n provider: SupportedProvider,\n options: RemediateOptions = {}\n): string {\n if (options.model) return options.model;\n if (process.env.AUTOREMEDIATOR_MODEL) return process.env.AUTOREMEDIATOR_MODEL;\n\n const defaults: Record<SupportedProvider, string> = {\n openai: \"gpt-4o\",\n anthropic: \"claude-sonnet-4-5\",\n local: \"local\",\n };\n return defaults[provider];\n}\n\n/** Dynamically instantiates the LLM model at runtime. */\nexport async function createModel(options: RemediateOptions = {}): Promise<LanguageModelV1> {\n const provider = resolveProvider(options);\n\n if (provider === \"local\") {\n throw new Error(\n \"Local provider does not create a language model. Use the deterministic pipeline path instead.\"\n );\n }\n\n const modelName = resolveModelName(provider, options);\n\n if (provider === \"openai\") {\n const apiKey = process.env.OPENAI_API_KEY;\n if (!apiKey) {\n throw new Error(\n \"OPENAI_API_KEY environment variable is required when using the openai provider.\"\n );\n }\n const { createOpenAI } = await import(\"@ai-sdk/openai\");\n const openai = createOpenAI({ apiKey });\n return openai(modelName) as LanguageModelV1;\n }\n\n if (provider === \"anthropic\") {\n const apiKey = process.env.ANTHROPIC_API_KEY;\n if (!apiKey) {\n throw new Error(\n \"ANTHROPIC_API_KEY environment variable is required when using the anthropic provider.\"\n );\n }\n const { createAnthropic } = await import(\"@ai-sdk/anthropic\");\n const anthropic = createAnthropic({ apiKey });\n return anthropic(modelName) as LanguageModelV1;\n }\n\n throw new Error(`Unhandled provider: ${provider}`);\n}\n\nexport interface NvdConfig {\n apiKey?: string;\n}\n\nexport function getNvdConfig(): NvdConfig {\n return {\n apiKey: process.env.AUTOREMEDIATOR_NVD_API_KEY,\n };\n}\n\nexport function getGitHubToken(): string | undefined {\n return process.env.GITHUB_TOKEN;\n}\n\nexport interface IntelligenceSourceConfig {\n gitLabAdvisoryApi?: string;\n certCcSearchUrl?: string;\n epssApi?: string;\n cveServicesApi?: string;\n depsDevApi?: string;\n scorecardApi?: string;\n vendorAdvisoryFeeds: string[];\n commercialFeeds: string[];\n commercialFeedToken?: string;\n}\n\nexport function getIntelligenceSourceConfig(): IntelligenceSourceConfig {\n return {\n gitLabAdvisoryApi:\n process.env.AUTOREMEDIATOR_GITLAB_ADVISORY_API ??\n \"https://advisories.gitlab.com/api/v1/advisories\",\n certCcSearchUrl:\n process.env.AUTOREMEDIATOR_CERTCC_SEARCH_URL ??\n \"https://www.kb.cert.org/vuls/search\",\n epssApi:\n process.env.AUTOREMEDIATOR_EPSS_API ??\n \"https://api.first.org/data/v1/epss\",\n cveServicesApi:\n process.env.AUTOREMEDIATOR_CVE_SERVICES_API ??\n \"https://cveawg.mitre.org/api/cve\",\n depsDevApi:\n process.env.AUTOREMEDIATOR_DEPSDEV_API ??\n \"https://api.deps.dev/v3\",\n scorecardApi:\n process.env.AUTOREMEDIATOR_SCORECARD_API ??\n \"https://api.securityscorecards.dev\",\n vendorAdvisoryFeeds: (process.env.AUTOREMEDIATOR_VENDOR_ADVISORY_FEEDS ?? \"\")\n .split(\",\")\n .map((v) => v.trim())\n .filter(Boolean),\n commercialFeeds: (process.env.AUTOREMEDIATOR_COMMERCIAL_FEEDS ?? \"\")\n .split(\",\")\n .map((v) => v.trim())\n .filter(Boolean),\n commercialFeedToken: process.env.AUTOREMEDIATOR_COMMERCIAL_FEED_TOKEN,\n };\n}\n","import { existsSync } from \"node:fs\";\nimport { join } from \"node:path\";\n\nexport type PackageManager = \"npm\" | \"pnpm\" | \"yarn\";\n\nexport interface PackageManagerCommands {\n install: string[];\n installPreferOffline: string[];\n installDev: (pkg: string) => string[];\n test: string[];\n list: string[];\n lockfileName: string;\n}\n\nexport function detectPackageManager(cwd: string): PackageManager {\n if (existsSync(join(cwd, \"pnpm-lock.yaml\"))) return \"pnpm\";\n if (existsSync(join(cwd, \"yarn.lock\"))) return \"yarn\";\n return \"npm\";\n}\n\nexport function getPackageManagerCommands(pm: PackageManager): PackageManagerCommands {\n if (pm === \"pnpm\") {\n return {\n install: [\"pnpm\", \"install\"],\n installPreferOffline: [\"pnpm\", \"install\", \"--prefer-offline\"],\n installDev: (pkg: string) => [\"pnpm\", \"add\", \"-D\", pkg],\n test: [\"pnpm\", \"test\"],\n list: [\"pnpm\", \"list\", \"--json\", \"--depth\", \"99\"],\n lockfileName: \"pnpm-lock.yaml\",\n };\n }\n\n if (pm === \"yarn\") {\n return {\n install: [\"yarn\", \"install\"],\n installPreferOffline: [\"yarn\", \"install\"],\n installDev: (pkg: string) => [\"yarn\", \"add\", \"--dev\", pkg],\n test: [\"yarn\", \"test\"],\n list: [\"yarn\", \"list\", \"--json\"],\n lockfileName: \"yarn.lock\",\n };\n }\n\n return {\n install: [\"npm\", \"install\"],\n installPreferOffline: [\"npm\", \"install\", \"--prefer-offline\"],\n installDev: (pkg: string) => [\"npm\", \"install\", \"--save-dev\", pkg],\n test: [\"npm\", \"test\"],\n list: [\"npm\", \"list\", \"--json\", \"--all\"],\n lockfileName: \"package-lock.json\",\n };\n}\n\nexport function parseListOutput(pm: PackageManager, stdout: string): Map<string, string> {\n const versions = new Map<string, string>();\n\n if (!stdout.trim()) return versions;\n\n if (pm === \"yarn\") {\n const lines = stdout\n .split(\"\\n\")\n .map((l) => l.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n try {\n const obj = JSON.parse(line) as { type?: string; data?: { trees?: Array<{ name?: string }> } };\n if (obj.type !== \"tree\") continue;\n\n for (const tree of obj.data?.trees ?? []) {\n const raw = tree.name ?? \"\";\n const at = raw.lastIndexOf(\"@\");\n if (at <= 0) continue;\n const name = raw.slice(0, at);\n const version = raw.slice(at + 1);\n if (name && version) {\n versions.set(name, version);\n }\n }\n } catch {\n // Ignore non-json lines from yarn output.\n }\n }\n return versions;\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(stdout);\n } catch {\n return versions;\n }\n\n const root = Array.isArray(parsed) ? parsed[0] : parsed;\n\n type DependencyTree = {\n version?: string;\n dependencies?: Record<string, DependencyTree>;\n };\n\n function collectDependencies(tree?: Record<string, DependencyTree>): void {\n if (!tree) return;\n\n for (const [name, entry] of Object.entries(tree)) {\n if (!entry || typeof entry !== \"object\") continue;\n const version = entry.version;\n if (typeof version === \"string\" && version) {\n versions.set(name, version);\n }\n collectDependencies(entry.dependencies);\n }\n }\n\n collectDependencies((root as { dependencies?: Record<string, DependencyTree> } | undefined)?.dependencies);\n\n return versions;\n}","/**\n * Tool: apply-version-bump\n *\n * Updates the consumer's package.json to the safe version and runs npm install.\n * Respects --dry-run: in dry-run mode it reports what would happen but writes nothing.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { join } from \"node:path\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { execa } from \"execa\";\nimport semver from \"semver\";\nimport type { PatchResult } from \"../../platform/types.js\";\nimport { isPackageAllowed, loadPolicy } from \"../../platform/policy.js\";\nimport { withRepoLock } from \"../../platform/repo-lock.js\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\n\ninterface RawPackageJson {\n dependencies?: Record<string, string>;\n devDependencies?: Record<string, string>;\n peerDependencies?: Record<string, string>;\n [key: string]: unknown;\n}\n\ntype DepField = \"dependencies\" | \"devDependencies\" | \"peerDependencies\";\n\nexport const applyVersionBumpTool = tool({\n description:\n \"Update package.json to use the safe version of a vulnerable package and run the project's package manager install. In dry-run mode, only reports what would change.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project root\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n packageName: z.string().describe(\"The npm package to upgrade\"),\n fromVersion: z.string().describe(\"The currently installed vulnerable version\"),\n toVersion: z.string().describe(\"The safe target version to upgrade to\"),\n dryRun: z.boolean().default(false).describe(\"If true, report changes but do not write\"),\n policy: z\n .string()\n .optional()\n .describe(\"Optional path to .autoremediator policy file\"),\n runTests: z\n .boolean()\n .default(false)\n .describe(\"If true, run test validation after applying the fix\"),\n }),\n execute: async ({\n cwd,\n packageManager,\n packageName,\n fromVersion,\n toVersion,\n dryRun,\n policy,\n runTests,\n }): Promise<PatchResult> => {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const commands = getPackageManagerCommands(pm);\n const pkgPath = join(cwd, \"package.json\");\n const loadedPolicy = loadPolicy(cwd, policy);\n\n if (!isPackageAllowed(loadedPolicy, packageName)) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"policy-blocked\",\n message: `Policy blocked changes for package \"${packageName}\".`,\n };\n }\n\n const isMajorBump =\n semver.valid(fromVersion) &&\n semver.valid(toVersion) &&\n semver.major(toVersion) > semver.major(fromVersion);\n\n if (isMajorBump && !loadedPolicy.allowMajorBumps) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"major-bump-required\",\n message: `Policy blocked major bump for \"${packageName}\" (${fromVersion} -> ${toVersion}).`,\n };\n }\n\n let pkgJson: RawPackageJson;\n try {\n pkgJson = JSON.parse(readFileSync(pkgPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"package-json-not-found\",\n message: `Could not read package.json at \"${pkgPath}\".`,\n };\n }\n\n // Locate which dependency field this package lives in\n const depField = ([\"dependencies\", \"devDependencies\", \"peerDependencies\"] as DepField[]).find(\n (f) => pkgJson[f]?.[packageName] !== undefined\n );\n\n if (!depField) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"indirect-dependency\",\n message: `\"${packageName}\" was not found in package.json dependencies (it may be a transitive dep). Cannot auto-bump.`,\n };\n }\n\n const currentRange = pkgJson[depField]![packageName]!;\n\n // Preserve the range prefix (^, ~, empty) from the existing entry\n const prefixMatch = currentRange.match(/^([~^]?)/);\n const prefix = prefixMatch?.[1] ?? \"\";\n const newRange = `${prefix}${toVersion}`;\n\n if (dryRun) {\n const installCmd = commands.installPreferOffline.join(\" \");\n const testCmd = commands.test.join(\" \");\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would update ${depField}.${packageName}: \"${currentRange}\" -> \"${newRange}\", then run ${installCmd}${runTests ? ` and ${testCmd}` : \"\"}.`,\n };\n }\n\n return withRepoLock(cwd, async () => {\n // Write updated package.json\n pkgJson[depField]![packageName] = newRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n // Run package-manager install\n try {\n const [installCmd, ...installArgs] = commands.installPreferOffline;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n // Revert the package.json change on install failure\n pkgJson[depField]![packageName] = currentRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"install-failed\",\n message: `${commands.installPreferOffline.join(\" \")} failed after updating \"${packageName}\" to ${toVersion}. Reverted. Error: ${message}`,\n };\n }\n\n if (runTests) {\n try {\n const [testCmd, ...testArgs] = commands.test;\n await execa(testCmd, testArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n // Roll back both manifest and lock state by restoring dep range and reinstalling.\n pkgJson[depField]![packageName] = currentRange;\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [rollbackCmd, ...rollbackArgs] = commands.installPreferOffline;\n await execa(rollbackCmd, rollbackArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch {\n // Ignore rollback install failure and return original test failure context.\n }\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"validation-failed\",\n message: `${commands.test.join(\" \")} failed after upgrading \"${packageName}\" to ${toVersion}. Rolled back to ${currentRange}. Error: ${message}`,\n };\n }\n }\n\n return {\n packageName,\n strategy: \"version-bump\",\n fromVersion,\n toVersion,\n applied: true,\n dryRun: false,\n message: `Successfully upgraded \"${packageName}\" from ${fromVersion} to ${toVersion}, ran ${commands.installPreferOffline.join(\" \")}${runTests ? `, and passed ${commands.test.join(\" \")}` : \"\"}.`,\n };\n });\n },\n});\n","import { existsSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport type { RemediationConstraints } from \"./types.js\";\n\nexport interface AutoremediatorPolicy {\n allowMajorBumps: boolean;\n denyPackages: string[];\n allowPackages: string[];\n constraints?: RemediationConstraints;\n}\n\nexport const DEFAULT_POLICY: AutoremediatorPolicy = {\n allowMajorBumps: false,\n denyPackages: [],\n allowPackages: [],\n constraints: {\n directDependenciesOnly: false,\n preferVersionBump: false,\n },\n};\n\nexport function loadPolicy(cwd: string, explicitPath?: string): AutoremediatorPolicy {\n const candidate = explicitPath ?? join(cwd, \".autoremediator.json\");\n if (!existsSync(candidate)) return DEFAULT_POLICY;\n\n try {\n const parsed = JSON.parse(readFileSync(candidate, \"utf8\")) as Partial<AutoremediatorPolicy>;\n return {\n allowMajorBumps: parsed.allowMajorBumps ?? DEFAULT_POLICY.allowMajorBumps,\n denyPackages: parsed.denyPackages ?? DEFAULT_POLICY.denyPackages,\n allowPackages: parsed.allowPackages ?? DEFAULT_POLICY.allowPackages,\n constraints: {\n directDependenciesOnly:\n parsed.constraints?.directDependenciesOnly ??\n DEFAULT_POLICY.constraints?.directDependenciesOnly ??\n false,\n preferVersionBump:\n parsed.constraints?.preferVersionBump ??\n DEFAULT_POLICY.constraints?.preferVersionBump ??\n false,\n },\n };\n } catch {\n return DEFAULT_POLICY;\n }\n}\n\nexport function isPackageAllowed(policy: AutoremediatorPolicy, packageName: string): boolean {\n if (policy.denyPackages.includes(packageName)) return false;\n if (policy.allowPackages.length > 0 && !policy.allowPackages.includes(packageName)) {\n return false;\n }\n return true;\n}\n","import { mkdir, rm } from \"node:fs/promises\";\nimport { join } from \"node:path\";\n\ninterface RepoLockOptions {\n timeoutMs?: number;\n retryDelayMs?: number;\n}\n\ninterface RepoLock {\n lockPath: string;\n release: () => Promise<void>;\n}\n\nasync function sleep(ms: number): Promise<void> {\n await new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nexport async function acquireRepoLock(cwd: string, options: RepoLockOptions = {}): Promise<RepoLock> {\n const timeoutMs = options.timeoutMs ?? 15000;\n const retryDelayMs = options.retryDelayMs ?? 125;\n const lockRoot = join(cwd, \".autoremediator\", \"locks\");\n const lockPath = join(cwd, \".autoremediator\", \"locks\", \"remediation.lock\");\n const startedAt = Date.now();\n\n await mkdir(lockRoot, { recursive: true });\n\n while (true) {\n try {\n await mkdir(lockPath, { recursive: false });\n return {\n lockPath,\n release: async () => {\n await rm(lockPath, { recursive: true, force: true });\n },\n };\n } catch {\n if (Date.now() - startedAt > timeoutMs) {\n throw new Error(`Timed out waiting for repository lock at ${lockPath}.`);\n }\n await sleep(retryDelayMs);\n }\n }\n}\n\nexport async function withRepoLock<T>(cwd: string, fn: () => Promise<T>, options?: RepoLockOptions): Promise<T> {\n const lock = await acquireRepoLock(cwd, options);\n try {\n return await fn();\n } finally {\n await lock.release();\n }\n}\n","import { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { join } from \"node:path\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { execa } from \"execa\";\nimport semver from \"semver\";\nimport type { PatchResult } from \"../../platform/types.js\";\nimport { isPackageAllowed, loadPolicy } from \"../../platform/policy.js\";\nimport { withRepoLock } from \"../../platform/repo-lock.js\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\n\ninterface RawPackageJson {\n overrides?: Record<string, string>;\n resolutions?: Record<string, string>;\n pnpm?: {\n overrides?: Record<string, string>;\n [key: string]: unknown;\n };\n [key: string]: unknown;\n}\n\nexport const applyPackageOverrideTool = tool({\n description:\n \"Apply a package-manager-native package.json override for a vulnerable transitive dependency and reinstall. Uses npm overrides, pnpm.overrides, or yarn resolutions.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project root\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n packageName: z.string().describe(\"The npm package to override\"),\n fromVersion: z.string().describe(\"The currently installed vulnerable version\"),\n toVersion: z.string().describe(\"The safe target version to override to\"),\n dryRun: z.boolean().default(false).describe(\"If true, report changes but do not write\"),\n policy: z.string().optional().describe(\"Optional path to .autoremediator policy file\"),\n runTests: z.boolean().default(false).describe(\"If true, run test validation after applying the override\"),\n }),\n execute: async ({\n cwd,\n packageManager,\n packageName,\n fromVersion,\n toVersion,\n dryRun,\n policy,\n runTests,\n }): Promise<PatchResult> => {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const commands = getPackageManagerCommands(pm);\n const pkgPath = join(cwd, \"package.json\");\n const loadedPolicy = loadPolicy(cwd, policy);\n\n if (!isPackageAllowed(loadedPolicy, packageName)) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"policy-blocked\",\n message: `Policy blocked changes for package \"${packageName}\".`,\n };\n }\n\n const isMajorBump =\n semver.valid(fromVersion) &&\n semver.valid(toVersion) &&\n semver.major(toVersion) > semver.major(fromVersion);\n\n if (isMajorBump && !loadedPolicy.allowMajorBumps) {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"major-bump-required\",\n message: `Policy blocked major override for \"${packageName}\" (${fromVersion} -> ${toVersion}).`,\n };\n }\n\n let pkgJson: RawPackageJson;\n try {\n pkgJson = JSON.parse(readFileSync(pkgPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n packageName,\n strategy: \"none\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun,\n unresolvedReason: \"package-json-not-found\",\n message: `Could not read package.json at \"${pkgPath}\".`,\n };\n }\n\n const overrideLabel = describeOverrideField(pm);\n const previousValue = getOverrideValue(pkgJson, pm, packageName);\n\n if (dryRun) {\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would set ${overrideLabel}.${packageName} to \"${toVersion}\", then run ${commands.installPreferOffline.join(\" \")}${runTests ? ` and ${commands.test.join(\" \")}` : \"\"}.`,\n };\n }\n\n return withRepoLock(cwd, async () => {\n setOverrideValue(pkgJson, pm, packageName, toVersion);\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [installCmd, ...installArgs] = commands.installPreferOffline;\n await execa(installCmd, installArgs, { cwd, stdio: \"pipe\" });\n } catch (err) {\n restoreOverrideValue(pkgJson, pm, packageName, previousValue);\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"override-apply-failed\",\n message: `${commands.installPreferOffline.join(\" \")} failed after applying ${overrideLabel} for \"${packageName}\" to ${toVersion}. Reverted. Error: ${message}`,\n };\n }\n\n if (runTests) {\n try {\n const [testCmd, ...testArgs] = commands.test;\n await execa(testCmd, testArgs, { cwd, stdio: \"pipe\" });\n } catch (err) {\n restoreOverrideValue(pkgJson, pm, packageName, previousValue);\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n\n try {\n const [rollbackCmd, ...rollbackArgs] = commands.installPreferOffline;\n await execa(rollbackCmd, rollbackArgs, { cwd, stdio: \"pipe\" });\n } catch {\n // Ignore rollback install failure and return original test failure context.\n }\n\n const message = err instanceof Error ? err.message : String(err);\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: false,\n dryRun: false,\n unresolvedReason: \"validation-failed\",\n message: `${commands.test.join(\" \")} failed after applying ${overrideLabel} for \"${packageName}\" to ${toVersion}. Reverted. Error: ${message}`,\n };\n }\n }\n\n return {\n packageName,\n strategy: \"override\",\n fromVersion,\n toVersion,\n applied: true,\n dryRun: false,\n message: `Successfully applied ${overrideLabel} for \"${packageName}\" from ${fromVersion} to ${toVersion}, then ran ${commands.installPreferOffline.join(\" \")}${runTests ? ` and passed ${commands.test.join(\" \")}` : \"\"}.`,\n };\n });\n },\n});\n\nfunction describeOverrideField(packageManager: PackageManager): string {\n if (packageManager === \"npm\") return \"overrides\";\n if (packageManager === \"pnpm\") return \"pnpm.overrides\";\n return \"resolutions\";\n}\n\nfunction getOverrideValue(\n pkgJson: RawPackageJson,\n packageManager: PackageManager,\n packageName: string\n): string | undefined {\n if (packageManager === \"npm\") return pkgJson.overrides?.[packageName];\n if (packageManager === \"pnpm\") return pkgJson.pnpm?.overrides?.[packageName];\n return pkgJson.resolutions?.[packageName];\n}\n\nfunction setOverrideValue(\n pkgJson: RawPackageJson,\n packageManager: PackageManager,\n packageName: string,\n version: string\n): void {\n if (packageManager === \"npm\") {\n pkgJson.overrides = { ...(pkgJson.overrides ?? {}), [packageName]: version };\n return;\n }\n\n if (packageManager === \"pnpm\") {\n pkgJson.pnpm = {\n ...(pkgJson.pnpm ?? {}),\n overrides: {\n ...(pkgJson.pnpm?.overrides ?? {}),\n [packageName]: version,\n },\n };\n return;\n }\n\n pkgJson.resolutions = { ...(pkgJson.resolutions ?? {}), [packageName]: version };\n}\n\nfunction restoreOverrideValue(\n pkgJson: RawPackageJson,\n packageManager: PackageManager,\n packageName: string,\n previousValue?: string\n): void {\n if (packageManager === \"npm\") {\n pkgJson.overrides = restoreRecord(pkgJson.overrides, packageName, previousValue);\n return;\n }\n\n if (packageManager === \"pnpm\") {\n pkgJson.pnpm = {\n ...(pkgJson.pnpm ?? {}),\n overrides: restoreRecord(pkgJson.pnpm?.overrides, packageName, previousValue),\n };\n if (!pkgJson.pnpm.overrides) {\n delete pkgJson.pnpm.overrides;\n }\n if (Object.keys(pkgJson.pnpm).length === 0) {\n delete pkgJson.pnpm;\n }\n return;\n }\n\n pkgJson.resolutions = restoreRecord(pkgJson.resolutions, packageName, previousValue);\n}\n\nfunction restoreRecord(\n record: Record<string, string> | undefined,\n key: string,\n previousValue?: string\n): Record<string, string> | undefined {\n const nextRecord = { ...(record ?? {}) };\n\n if (previousValue === undefined) {\n delete nextRecord[key];\n } else {\n nextRecord[key] = previousValue;\n }\n\n return Object.keys(nextRecord).length > 0 ? nextRecord : undefined;\n}","/**\n * Tool: apply-patch-file\n *\n * Writes generated patch files to disk and applies them using package-manager-aware\n * patch mechanisms (native pnpm/yarn when available, patch-package compatibility otherwise).\n * Optionally validates patches by running tests.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { existsSync } from \"node:fs\";\nimport { mkdir, mkdtemp, readFile, rm, writeFile } from \"node:fs/promises\";\nimport { tmpdir } from \"node:os\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\nimport { withRepoLock } from \"../../platform/repo-lock.js\";\nimport { validatePatchDiff } from \"../strategies/patch-utils.js\";\n\n/**\n * Validation result object.\n */\ninterface ValidationResult {\n passed: boolean;\n error?: string;\n output?: string;\n failedTests?: string[];\n}\n\n/**\n * Tool result interface.\n */\ninterface ApplyPatchFileResult {\n success: boolean;\n packageName: string;\n vulnerableVersion: string;\n applied: boolean;\n dryRun: boolean;\n message: string;\n patchFilePath?: string;\n patchPath?: string;\n patchMode?: \"patch-package\" | \"native-pnpm\" | \"native-yarn\";\n postinstallConfigured?: boolean;\n validation?: ValidationResult;\n error?: string;\n}\n\n/**\n * Raw package.json structure for type safety.\n */\ninterface RawPackageJson {\n devDependencies?: Record<string, string>;\n scripts?: Record<string, string>;\n [key: string]: unknown;\n}\n\nexport const applyPatchFileTool = tool({\n description:\n \"Write generated patch file and apply it using package-manager-native patch flow when available, falling back to patch-package when needed.\",\n parameters: z.object({\n packageName: z.string().min(1).describe(\"The npm package name\"),\n vulnerableVersion: z\n .string()\n .describe(\"The vulnerable version string\"),\n patchContent: z\n .string()\n .min(10)\n .optional()\n .describe(\"Unified diff patch content from generate-patch\"),\n patches: z\n .array(\n z.object({\n filePath: z.string().min(1),\n unifiedDiff: z.string().min(10),\n })\n )\n .optional()\n .describe(\"Patch list from generate-patch; first patch is applied\"),\n patchesDir: z\n .string()\n .optional()\n .default(\"./patches\")\n .describe(\"Directory to store patch files\"),\n cwd: z.string().describe(\"Project root directory (for package.json)\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n validateWithTests: z\n .boolean()\n .optional()\n .default(true)\n .describe(\"Run package manager test command to validate patch doesn't break anything\"),\n dryRun: z.boolean().optional().default(false).describe(\"If true, report but do not mutate files\"),\n }).refine((value) => Boolean(value.patchContent || (value.patches && value.patches.length > 0)), {\n message: \"Either patchContent or patches must be provided\",\n }),\n execute: async ({\n packageName,\n vulnerableVersion,\n patchContent,\n patches,\n patchesDir,\n cwd,\n packageManager,\n validateWithTests,\n dryRun,\n }): Promise<ApplyPatchFileResult> => {\n try {\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const selectedPatch = patchContent ?? patches?.[0]?.unifiedDiff;\n\n if (!selectedPatch) {\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: \"No patch content provided.\",\n error: \"No patch content provided.\",\n };\n }\n\n const patchValidation = validatePatchDiff(selectedPatch);\n if (!patchValidation.valid) {\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: patchValidation.error ?? \"Patch content is not a valid unified diff.\",\n error: patchValidation.error ?? \"Patch content is not a valid unified diff.\",\n };\n }\n\n const patchFileName = buildPatchFileName(packageName, vulnerableVersion);\n const patchFilePath = join(cwd, patchesDir, patchFileName);\n\n if (dryRun) {\n return {\n success: true,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: true,\n message: `[DRY RUN] Would write and configure patch at ${patchFilePath}.`,\n patchFilePath,\n patchPath: patchFilePath,\n };\n }\n\n return withRepoLock(cwd, async () => {\n const packageJsonSnapshot =\n patchModeRequiresPackageJsonSnapshot(pm, cwd)\n ? await capturePackageJsonSnapshot(cwd)\n : undefined;\n\n // Step 1: Create patches directory if it doesn't exist\n const patchesDirPath = join(cwd, patchesDir);\n await mkdir(patchesDirPath, { recursive: true });\n\n // Step 2: Write patch file with proper naming convention\n await writeFile(patchFilePath, selectedPatch, \"utf8\");\n\n let validationResult: ValidationResult | undefined;\n const patchMode = await resolvePatchMode(pm, cwd);\n const commands = getPackageManagerCommands(pm);\n\n // Step 3: Apply patch via native package-manager workflow when available.\n // npm always uses patch-package, yarn v1 falls back to patch-package.\n const applyResult =\n patchMode === \"patch-package\"\n ? await configurePatchPackagePostinstall(cwd, pm)\n : await applyNativePatch({\n cwd,\n packageName,\n vulnerableVersion,\n patchContent: selectedPatch,\n patchMode,\n });\n\n if (!applyResult.success) {\n await cleanupPatchArtifacts({\n cwd,\n packageManager: pm,\n patchFilePath,\n patchMode,\n packageJsonSnapshot,\n rerunInstall: patchMode === \"patch-package\",\n });\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: applyResult.error,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\" ? false : undefined,\n error: applyResult.error,\n };\n }\n\n if (patchMode === \"patch-package\") {\n try {\n const [installCmd, ...installArgs] = commands.installPreferOffline;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n await cleanupPatchArtifacts({\n cwd,\n packageManager: pm,\n patchFilePath,\n patchMode,\n packageJsonSnapshot,\n rerunInstall: true,\n });\n const error = err instanceof Error ? err.message : String(err);\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: `Failed to apply patch-package workflow for ${packageName}@${vulnerableVersion}: ${error}`,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: false,\n error: `Failed to apply patch-package workflow for ${packageName}@${vulnerableVersion}: ${error}`,\n };\n }\n }\n\n // Step 4: Validate with tests if requested\n if (validateWithTests) {\n validationResult = await validatePatchWithTests(cwd, pm);\n if (!validationResult.passed) {\n await cleanupPatchArtifacts({\n cwd,\n packageManager: pm,\n patchFilePath,\n patchMode,\n packageJsonSnapshot,\n rerunInstall: patchMode === \"patch-package\",\n });\n const validationError = \"Patch validation failed after apply; patch marked unresolved.\";\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun: false,\n message: validationError,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: false,\n validation: validationResult,\n error: validationError,\n };\n }\n }\n\n return {\n success: true,\n packageName,\n vulnerableVersion,\n applied: true,\n dryRun: false,\n message: `Patch applied successfully for ${packageName}@${vulnerableVersion}.`,\n patchFilePath,\n patchPath: patchFilePath,\n patchMode,\n postinstallConfigured: patchMode === \"patch-package\",\n validation: validationResult,\n };\n });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n return {\n success: false,\n packageName,\n vulnerableVersion,\n applied: false,\n dryRun,\n message: `Failed to apply patch file: ${message}`,\n error: `Failed to apply patch file: ${message}`,\n };\n }\n },\n});\n\ntype PatchMode = \"patch-package\" | \"native-pnpm\" | \"native-yarn\";\n\ninterface PackageJsonSnapshot {\n path: string;\n content: string;\n}\n\nasync function resolvePatchMode(packageManager: PackageManager, cwd: string): Promise<PatchMode> {\n if (packageManager === \"npm\") return \"patch-package\";\n if (packageManager === \"pnpm\") return \"native-pnpm\";\n\n // Yarn v1 does not provide native patch commands; use patch-package compatibility path.\n try {\n const result = await execa(\"yarn\", [\"--version\"], {\n cwd,\n stdio: \"pipe\",\n });\n const version = result.stdout.trim();\n const major = Number.parseInt(version.split(\".\")[0] || \"0\", 10);\n return major >= 2 ? \"native-yarn\" : \"patch-package\";\n } catch {\n return \"patch-package\";\n }\n}\n\nfunction patchModeRequiresPackageJsonSnapshot(packageManager: PackageManager, cwd: string): boolean {\n if (packageManager === \"npm\") return true;\n if (packageManager === \"pnpm\") return false;\n\n return true;\n}\n\nfunction buildPatchFileName(packageName: string, vulnerableVersion: string): string {\n const safeName = packageName.replace(/^@/, \"\").replace(/\\//g, \"+\");\n return `${safeName}+${vulnerableVersion}.patch`;\n}\n\nasync function configurePatchPackagePostinstall(cwd: string, packageManager: PackageManager): Promise<{ success: true } | { success: false; error: string }> {\n const pkgJsonPath = join(cwd, \"package.json\");\n let pkgJson: RawPackageJson;\n\n try {\n pkgJson = JSON.parse(await readFile(pkgJsonPath, \"utf8\")) as RawPackageJson;\n } catch {\n return {\n success: false,\n error: `Could not read package.json at ${pkgJsonPath}`,\n };\n }\n\n const devDependencies = pkgJson.devDependencies ?? {};\n if (!devDependencies[\"patch-package\"]) {\n try {\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.installDev(\"patch-package\");\n await execa(cmd, args, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n return {\n success: false,\n error: `Failed to install patch-package: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n }\n\n if (!pkgJson.scripts) {\n pkgJson.scripts = {};\n }\n\n const patchApplyCmd = \"patch-package\";\n const currentPostinstall = pkgJson.scripts.postinstall || \"\";\n\n if (currentPostinstall && !currentPostinstall.includes(\"patch-package\")) {\n pkgJson.scripts.postinstall = `${currentPostinstall} && ${patchApplyCmd}`;\n } else if (!currentPostinstall) {\n pkgJson.scripts.postinstall = patchApplyCmd;\n }\n\n await writeFile(pkgJsonPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n return { success: true };\n}\n\nasync function capturePackageJsonSnapshot(cwd: string): Promise<PackageJsonSnapshot | undefined> {\n const path = join(cwd, \"package.json\");\n\n try {\n const content = await readFile(path, \"utf8\");\n return { path, content };\n } catch {\n return undefined;\n }\n}\n\nasync function cleanupPatchArtifacts(params: {\n cwd: string;\n packageManager: PackageManager;\n patchFilePath: string;\n patchMode: PatchMode;\n packageJsonSnapshot?: PackageJsonSnapshot;\n rerunInstall: boolean;\n}): Promise<void> {\n const { cwd, packageManager, patchFilePath, patchMode, packageJsonSnapshot, rerunInstall } = params;\n\n await rm(patchFilePath, { force: true }).catch(() => undefined);\n\n if (patchMode === \"patch-package\" && packageJsonSnapshot) {\n await writeFile(packageJsonSnapshot.path, packageJsonSnapshot.content, \"utf8\").catch(() => undefined);\n }\n\n if (!rerunInstall) return;\n\n try {\n const commands = getPackageManagerCommands(packageManager);\n const [installCmd, ...installArgs] = commands.installPreferOffline;\n await execa(installCmd, installArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch {\n // Ignore cleanup install failures and preserve the original remediation error.\n }\n}\n\nasync function applyNativePatch(params: {\n cwd: string;\n packageName: string;\n vulnerableVersion: string;\n patchContent: string;\n patchMode: \"native-pnpm\" | \"native-yarn\";\n}): Promise<{ success: true } | { success: false; error: string }> {\n const { cwd, packageName, vulnerableVersion, patchContent, patchMode } = params;\n const packageSpec = `${packageName}@${vulnerableVersion}`;\n\n const createCommand = patchMode === \"native-pnpm\" ? \"pnpm\" : \"yarn\";\n const createArgs = [\"patch\", packageSpec];\n\n let patchDir: string;\n try {\n const createResult = await execa(createCommand, createArgs, {\n cwd,\n stdio: \"pipe\",\n });\n patchDir = extractPatchDirectory(`${createResult.stdout}\\n${createResult.stderr}`);\n } catch (err) {\n return {\n success: false,\n error: `Failed to create native patch workspace for ${packageSpec}: ${\n err instanceof Error ? err.message : String(err)\n }`,\n };\n }\n\n if (!patchDir) {\n return {\n success: false,\n error: `Could not determine native patch directory for ${packageSpec}.`,\n };\n }\n\n const tempPatchDir = await mkdtemp(join(tmpdir(), \"autoremediator-native-patch-\"));\n const tempPatchFile = join(tempPatchDir, \"change.patch\");\n\n try {\n await writeFile(tempPatchFile, patchContent, \"utf8\");\n await execa(\"patch\", [\"-p1\", \"-i\", tempPatchFile], {\n cwd: patchDir,\n stdio: \"pipe\",\n });\n\n const commitCommand = patchMode === \"native-pnpm\" ? \"pnpm\" : \"yarn\";\n const commitArgs =\n patchMode === \"native-pnpm\"\n ? [\"patch-commit\", patchDir]\n : [\"patch-commit\", \"-s\", patchDir];\n\n await execa(commitCommand, commitArgs, {\n cwd,\n stdio: \"pipe\",\n });\n } catch (err) {\n return {\n success: false,\n error: `Failed to apply native patch for ${packageSpec}: ${\n err instanceof Error ? err.message : String(err)\n }`,\n };\n } finally {\n await rm(tempPatchDir, { recursive: true, force: true });\n }\n\n return { success: true };\n}\n\nfunction extractPatchDirectory(output: string): string {\n const lines = output\n .split(/\\r?\\n/)\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n if (existsSync(line)) {\n return line;\n }\n\n const tokens = line.split(/\\s+/).map((token) => token.replace(/^['\"]|['\"]$/g, \"\"));\n for (const token of tokens) {\n if (token.startsWith(\"/\") && existsSync(token)) {\n return token;\n }\n }\n }\n\n return \"\";\n}\n\n/**\n * Validate patch by running tests in the project.\n */\nasync function validatePatchWithTests(cwd: string, packageManager: PackageManager): Promise<ValidationResult> {\n try {\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.test;\n\n // Run package manager test command with a timeout\n const result = await execa(cmd, args, {\n cwd,\n timeout: 60000, // 60 second timeout\n stdio: \"pipe\",\n });\n\n return {\n passed: true,\n output: result.stdout,\n };\n } catch (err) {\n // Extract useful error information\n const errorOutput =\n typeof err === \"object\" && err !== null && \"stdout\" in err\n ? String((err as Record<string, unknown>).stdout ?? \"\")\n : \"\";\n const failedTests = extractFailedTests(errorOutput);\n\n return {\n passed: false,\n error:\n failedTests.length > 0\n ? `Failed tests: ${failedTests.join(\", \")}`\n : \"Package-manager test validation failed.\",\n output: errorOutput,\n failedTests,\n };\n }\n}\n\n/**\n * Parse test output to extract names of failed tests.\n * (Basic implementation; real implementation would parse different test runners)\n */\nfunction extractFailedTests(output: string): string[] {\n const failedTests: string[] = [];\n\n // Common test failure patterns\n const patterns = [\n /✖\\s+(.+?)(?:\\n|$)/g, // Mocha style\n /●\\s+(.+)(?:\\n|$)/g, // Jest style\n /^FAIL\\s+(.+?)(?:\\n|$)/gm, // Generic FAIL\n ];\n\n for (const pattern of patterns) {\n let match;\n while ((match = pattern.exec(output)) !== null) {\n if (match[1]) {\n failedTests.push(match[1].trim());\n }\n }\n }\n\n return failedTests.slice(0, 5); // Return first 5 failures\n}\n","/**\n * Patch generation utilities for Autoremediator\n *\n * Provides functions for:\n * - Writing patch files to disk\n * - Validating unified diff format\n * - Managing patch-package integration\n * - Fetching source files from npm\n */\n\nimport { existsSync, mkdirSync, writeFileSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport { detectPackageManager, getPackageManagerCommands } from \"../../platform/package-manager.js\";\n\n/**\n * Validation result type for patch diffs\n */\nexport interface PatchValidationResult {\n valid: boolean;\n error?: string;\n}\n\n/**\n * Write a unified diff patch to the patches directory\n *\n * Creates patches/ directory if it doesn't exist and writes the patch with\n * naming convention: <packageName>+<version>.patch\n *\n * @param packageName - The npm package name\n * @param version - The package version\n * @param patchContent - The unified diff content\n * @param projectDir - Project root directory\n * @returns Full file path to the written patch file\n */\nexport function writePatchFile(\n packageName: string,\n version: string,\n patchContent: string,\n projectDir: string\n): string {\n const patchesDir = join(projectDir, \"patches\");\n\n // Create patches directory if missing\n if (!existsSync(patchesDir)) {\n mkdirSync(patchesDir, { recursive: true });\n }\n\n // Sanitize package name for filename (remove @ from scoped packages)\n const safeName = packageName.replace(/^@/, \"\").replace(/\\//g, \"+\");\n const filename = `${safeName}+${version}.patch`;\n const filePath = join(patchesDir, filename);\n\n // Write patch file\n writeFileSync(filePath, patchContent, \"utf8\");\n\n return filePath;\n}\n\n/**\n * Validate that patch content matches unified diff format\n *\n * Checks for:\n * - Presence of --- and +++ header lines\n * - Presence of @@ hunk headers\n * - Valid unified diff structure\n *\n * @param patchContent - The patch content to validate\n * @returns Validation result with error details if invalid\n */\nexport function validatePatchDiff(patchContent: string): PatchValidationResult {\n if (!patchContent || typeof patchContent !== \"string\") {\n return {\n valid: false,\n error: \"Patch content must be a non-empty string\",\n };\n }\n\n // Check for basic unified diff structure\n const hasFromLine = /^---\\s+\\S+/m.test(patchContent);\n const hasToLine = /^\\+\\+\\+\\s+\\S+/m.test(patchContent);\n const hasHunkHeader = /^@@\\s+-\\d+/m.test(patchContent);\n\n if (!hasFromLine) {\n return {\n valid: false,\n error: 'Missing \"---\" line in patch format',\n };\n }\n\n if (!hasToLine) {\n return {\n valid: false,\n error: 'Missing \"+++\" line in patch format',\n };\n }\n\n if (!hasHunkHeader) {\n return {\n valid: false,\n error: \"No hunk headers (@@...) found in patch\",\n };\n }\n\n return { valid: true };\n}\n\n/**\n * Ensure patch-package is installed and configured\n *\n * Checks if patch-package is in devDependencies. If not, either:\n * - Installs it automatically (if not in dry-run context)\n * - Logs a warning with installation instructions\n *\n * Updates package.json postinstall script if needed:\n * Add \"postinstall\": \"patch-package\" or append to existing script\n *\n * @param projectDir - Project root directory\n * @returns Promise that resolves when patch-package is ensured\n */\nexport async function ensurePatchPackage(projectDir: string): Promise<void> {\n const pkgPath = join(projectDir, \"package.json\");\n\n // Read package.json\n let pkgJson: Record<string, unknown>;\n try {\n const content = readFileSync(pkgPath, \"utf8\");\n pkgJson = JSON.parse(content) as Record<string, unknown>;\n } catch (err) {\n throw new Error(\n `Failed to read package.json: ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n const devDeps = (pkgJson.devDependencies as Record<string, string> | undefined) || {};\n\n // Check if patch-package is already installed\n if (devDeps[\"patch-package\"]) {\n return; // Already present\n }\n\n // Install patch-package\n try {\n const packageManager = detectPackageManager(projectDir);\n const commands = getPackageManagerCommands(packageManager);\n const [cmd, ...args] = commands.installDev(\"patch-package\");\n await execa(cmd, args, {\n cwd: projectDir,\n stdio: \"inherit\",\n });\n } catch (err) {\n throw new Error(\n `Failed to install patch-package: ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n // Update postinstall script in package.json\n let scripts = (pkgJson.scripts as Record<string, string> | undefined) || {};\n const existingPostinstall = scripts.postinstall || \"\";\n const newPostinstall = existingPostinstall\n ? `${existingPostinstall} && patch-package`\n : \"patch-package\";\n\n scripts.postinstall = newPostinstall;\n pkgJson.scripts = scripts;\n\n // Write updated package.json\n try {\n writeFileSync(pkgPath, JSON.stringify(pkgJson, null, 2) + \"\\n\", \"utf8\");\n } catch (err) {\n throw new Error(`Failed to update package.json: ${err instanceof Error ? err.message : String(err)}`);\n }\n}\n\n/**\n * Fetch the content of a specific file from an npm package\n *\n * Downloads the package tarball from npm, extracts the specified file,\n * and returns its content. Useful for LLM analysis of vulnerable source code.\n *\n * @param packageName - The npm package name\n * @param version - The package version\n * @param filePath - Path to file within package (relative to package root)\n * @returns Promise resolving to file content as string\n */\nexport async function getVulnerableFileContent(\n packageName: string,\n version: string,\n filePath: string\n): Promise<string> {\n // Use npm view to fetch tarball URL\n let tarballUrl: string;\n try {\n const result = await execa(\"npm\", [\"view\", `${packageName}@${version}`, \"dist.tarball\"], {\n stdio: \"pipe\",\n });\n tarballUrl = (result.stdout as string).trim();\n } catch (err) {\n throw new Error(\n `Failed to get tarball URL for ${packageName}@${version}: ${\n err instanceof Error ? err.message : String(err)\n }`\n );\n }\n\n if (!tarballUrl) {\n throw new Error(`No tarball URL found for ${packageName}@${version}`);\n }\n\n // Create temporary directory for extraction\n const tempDir = join(\"/tmp\", `autoremediator-${packageName}-${version}-${Date.now()}`);\n mkdirSync(tempDir, { recursive: true });\n\n try {\n // Alternative: use curl and tar\n await execa(\"bash\", [\n \"-c\",\n `curl -s \"${tarballUrl}\" | tar xz -C \"${tempDir}\"`,\n ]);\n\n // Read the file from extracted package (npm extracts under \"package/\" directory)\n const extractedPath = join(tempDir, \"package\", filePath);\n const content = readFileSync(extractedPath, \"utf8\");\n\n return content;\n } catch (err) {\n throw new Error(\n `Failed to fetch file ${filePath} from ${packageName}@${version}: ${\n err instanceof Error ? err.message : String(err)\n }`\n );\n } finally {\n // Clean up temporary directory\n try {\n await execa(\"rm\", [\"-rf\", tempDir]);\n } catch (cleanupErr) {\n // Ignore cleanup errors\n }\n }\n}\n","import semver from \"semver\";\nimport { lookupCveOsv } from \"../../intelligence/sources/osv.js\";\nimport { lookupCveGitHub, mergeGhDataIntoCveDetails } from \"../../intelligence/sources/github-advisory.js\";\nimport { enrichWithNvd } from \"../../intelligence/sources/nvd.js\";\nimport type {\n CveDetails,\n PatchResult,\n RemediateOptions,\n RemediationReport,\n VulnerablePackage,\n} from \"../../platform/types.js\";\nimport { detectPackageManager } from \"../../platform/package-manager.js\";\nimport { checkInventoryTool } from \"../tools/check-inventory.js\";\nimport { resolvePrimaryResult } from \"./primary-strategy.js\";\nimport { shouldAttemptPatchFallback, tryLocalPatchFallback } from \"./fallback.js\";\n\nexport async function runLocalRemediationPipeline(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n const cwd = options.cwd ?? process.cwd();\n const packageManager = options.packageManager ?? detectPackageManager(cwd);\n const preview = options.preview ?? false;\n const dryRun = (options.dryRun ?? false) || preview;\n const runTests = options.runTests ?? false;\n const policy = options.policy ?? \"\";\n const patchesDir = options.patchesDir || \"./patches\";\n const constraints = options.constraints ?? {};\n\n const collectedResults: PatchResult[] = [];\n const vulnerablePackages: VulnerablePackage[] = [];\n let cveDetails: CveDetails | null = null;\n let agentSteps = 0;\n\n const normalizedId = cveId.toUpperCase();\n const [osvDetails, ghPackages] = await Promise.all([\n lookupCveOsv(normalizedId),\n lookupCveGitHub(normalizedId).catch(() => []),\n ]);\n agentSteps += 2;\n\n if (!osvDetails && ghPackages.length === 0) {\n return {\n cveId,\n cveDetails: null,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode failed at lookup-cve: ${normalizedId} not found in OSV or GitHub advisory data.`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n }\n\n cveDetails = osvDetails ?? {\n id: normalizedId,\n summary: \"Details sourced from GitHub Advisory Database.\",\n severity: \"UNKNOWN\",\n references: [],\n affectedPackages: [],\n };\n\n if (ghPackages.length > 0) {\n cveDetails = mergeGhDataIntoCveDetails(cveDetails, ghPackages);\n }\n cveDetails = await enrichWithNvd(cveDetails);\n\n if (cveDetails.affectedPackages.length === 0) {\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode lookup succeeded but no npm affected packages were found for ${normalizedId}.`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n }\n\n const inventory = await (checkInventoryTool as any).execute({ cwd, packageManager });\n agentSteps += 1;\n\n if (inventory?.error) {\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode failed at check-inventory: ${inventory.error}`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n }\n\n const installedPackages = (inventory.packages ?? []) as Array<{\n name: string;\n version: string;\n type: \"direct\" | \"indirect\";\n }>;\n\n for (const affected of cveDetails.affectedPackages) {\n if (!affected || typeof affected !== \"object\") continue;\n if (!affected.name || !affected.vulnerableRange) continue;\n if (affected.ecosystem !== \"npm\") continue;\n const matches = installedPackages.filter((pkg) => pkg.name === affected.name);\n for (const installed of matches) {\n if (!semver.valid(installed.version)) continue;\n let isVulnerable = false;\n try {\n isVulnerable = semver.satisfies(installed.version, affected.vulnerableRange, {\n includePrerelease: false,\n });\n } catch {\n continue;\n }\n if (isVulnerable) {\n vulnerablePackages.push({ installed, affected });\n }\n }\n }\n agentSteps += 1;\n\n for (const vulnerable of vulnerablePackages) {\n const primary = await resolvePrimaryResult({\n vulnerable,\n cwd,\n packageManager,\n dryRun,\n policy,\n runTests,\n constraints,\n });\n agentSteps += primary.steps;\n\n if (shouldAttemptPatchFallback(primary.result, constraints.preferVersionBump ?? false)) {\n const fallback = await tryLocalPatchFallback({\n cwd,\n packageManager,\n packageName: vulnerable.installed.name,\n vulnerableVersion: vulnerable.installed.version,\n cveId: normalizedId,\n cveSummary: cveDetails?.summary ?? normalizedId,\n dryRun,\n runTests,\n patchesDir,\n });\n agentSteps += fallback.steps;\n collectedResults.push(fallback.result);\n continue;\n }\n\n collectedResults.push(primary.result);\n }\n\n const appliedCount = collectedResults.filter((result) => result.applied).length;\n const unresolvedCount = collectedResults.filter((result) => !result.applied && !result.dryRun).length;\n const dryRunCount = collectedResults.filter((result) => result.dryRun).length;\n\n return {\n cveId,\n cveDetails,\n vulnerablePackages,\n results: collectedResults,\n agentSteps,\n summary: `Local mode completed: vulnerable=${vulnerablePackages.length}, applied=${appliedCount}, dryRun=${dryRunCount}, unresolved=${unresolvedCount}`,\n correlation: {\n requestId: options.requestId,\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n },\n };\n}\n","/**\n * OSV API client (https://osv.dev)\n *\n * Used as the primary source for CVE → affected npm package mapping.\n * No auth required. SEMVER event ranges are machine-readable.\n */\nimport type { AffectedPackage, CveDetails } from \"../../platform/types.js\";\n\nconst OSV_BASE = \"https://api.osv.dev/v1\";\n\n// ---------------------------------------------------------------------------\n// Raw OSV response types\n// ---------------------------------------------------------------------------\n\ninterface OsvSemverEvent {\n introduced?: string;\n fixed?: string;\n last_affected?: string;\n limit?: string;\n}\n\ninterface OsvRange {\n type: \"SEMVER\" | \"GIT\" | \"ECOSYSTEM\";\n events: OsvSemverEvent[];\n repo?: string;\n}\n\ninterface OsvAffected {\n package: {\n name: string;\n ecosystem: string;\n purl?: string;\n };\n ranges?: OsvRange[];\n versions?: string[];\n database_specific?: Record<string, unknown>;\n ecosystem_specific?: Record<string, unknown>;\n}\n\ninterface OsvVulnerability {\n id: string;\n aliases?: string[];\n summary?: string;\n details?: string;\n severity?: Array<{\n type: string;\n score: string;\n }>;\n affected?: OsvAffected[];\n references?: Array<{ type: string; url: string }>;\n schema_version?: string;\n modified?: string;\n published?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Fetch a vulnerability by CVE ID (or any OSV/GHSA ID).\n * Returns null if the CVE is not found in OSV.\n */\nexport async function fetchOsvVuln(cveId: string): Promise<OsvVulnerability | null> {\n const url = `${OSV_BASE}/vulns/${encodeURIComponent(cveId)}`;\n const res = await fetch(url, {\n headers: { Accept: \"application/json\" },\n });\n\n if (res.status === 404) return null;\n if (!res.ok) {\n throw new Error(`OSV API error ${res.status} for ${cveId}: ${await res.text()}`);\n }\n\n return res.json() as Promise<OsvVulnerability>;\n}\n\n/**\n * Convert an OSV SEMVER range event array to a semver range string.\n * OSV uses ordered [introduced, fixed) events.\n * e.g. [{ introduced: \"0\" }, { fixed: \"4.17.21\" }] → \">=0.0.0 <4.17.21\"\n */\nfunction osvEventsToSemverRange(events: OsvSemverEvent[]): string {\n const parts: string[] = [];\n\n for (const event of events) {\n if (event.introduced !== undefined) {\n const v = event.introduced === \"0\" ? \"0.0.0\" : event.introduced;\n parts.push(`>=${v}`);\n }\n if (event.fixed !== undefined) {\n parts.push(`<${event.fixed}`);\n }\n if (event.last_affected !== undefined) {\n parts.push(`<=${event.last_affected}`);\n }\n }\n\n return parts.join(\" \") || \">=0.0.0\";\n}\n\n/**\n * Parse an OSV vulnerability into autoremediator's CveDetails shape,\n * filtering affected entries to npm ecosystem only.\n */\nexport function parseOsvVuln(vuln: OsvVulnerability): CveDetails {\n const npmAffected: AffectedPackage[] = [];\n\n for (const affected of vuln.affected ?? []) {\n const ecosystem = affected.package?.ecosystem;\n const packageName = affected.package?.name;\n if (!ecosystem || typeof ecosystem !== \"string\") continue;\n if (!packageName || typeof packageName !== \"string\") continue;\n if (ecosystem.toLowerCase() !== \"npm\") continue;\n\n // Find the best SEMVER range\n const semverRange = affected.ranges?.find((r) => r.type === \"SEMVER\");\n const vulnerableRange = semverRange\n ? osvEventsToSemverRange(semverRange.events)\n : \">=0.0.0\";\n\n // Derive firstPatchedVersion from the \"fixed\" event\n const fixedEvent = semverRange?.events.find((e) => e.fixed !== undefined);\n\n npmAffected.push({\n name: packageName,\n ecosystem: \"npm\",\n vulnerableRange,\n firstPatchedVersion: fixedEvent?.fixed,\n source: \"osv\",\n });\n }\n\n // Best-effort severity from CVSS score string (e.g. \"CVSS:3.1/.../7.5\")\n const severity = deriveSeverity(vuln.severity);\n\n return {\n id: vuln.id,\n summary: vuln.summary ?? vuln.details ?? \"No summary available.\",\n severity,\n references: vuln.references?.map((r) => r.url) ?? [],\n affectedPackages: npmAffected,\n };\n}\n\nfunction deriveSeverity(\n severityEntries?: OsvVulnerability[\"severity\"]\n): CveDetails[\"severity\"] {\n if (!severityEntries?.length) return \"UNKNOWN\";\n\n // Prefer CVSS_V3 type\n const cvssEntry =\n severityEntries.find((s) => s.type === \"CVSS_V3\") ?? severityEntries[0];\n\n // Extract base score from vector string, e.g. \"CVSS:3.1/AV:N/AC:L/.../7.5/...\"\n const scoreMatch = cvssEntry.score.match(/(\\d+\\.\\d+)$/);\n if (scoreMatch) {\n const score = parseFloat(scoreMatch[1]);\n if (score >= 9.0) return \"CRITICAL\";\n if (score >= 7.0) return \"HIGH\";\n if (score >= 4.0) return \"MEDIUM\";\n return \"LOW\";\n }\n\n return \"UNKNOWN\";\n}\n\n/** High-level convenience: fetch + parse */\nexport async function lookupCveOsv(cveId: string): Promise<CveDetails | null> {\n const vuln = await fetchOsvVuln(cveId);\n if (!vuln) return null;\n return parseOsvVuln(vuln);\n}\n","/**\n * GitHub Advisory Database API client\n *\n * Used as a secondary source to enrich CVE data with `first_patched_version`.\n * Unauthenticated access works; set GITHUB_TOKEN env var for higher rate limits.\n */\nimport type { AffectedPackage, CveDetails } from \"../../platform/types.js\";\nimport { getGitHubToken } from \"../../platform/config.js\";\n\nconst GH_ADVISORY_BASE = \"https://api.github.com/advisories\";\n\n// ---------------------------------------------------------------------------\n// Raw GitHub Advisory response types\n// ---------------------------------------------------------------------------\n\ninterface GhVulnerability {\n package: {\n ecosystem: string;\n name: string;\n };\n vulnerable_version_range: string | null;\n first_patched_version: string | null;\n}\n\ninterface GhAdvisory {\n ghsa_id: string;\n cve_id: string | null;\n summary: string;\n severity: \"low\" | \"medium\" | \"high\" | \"critical\" | \"unknown\";\n vulnerabilities: GhVulnerability[];\n cvss?: { score: number; vector_string: string };\n references: Array<{ url: string }>;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\nfunction buildHeaders(): Record<string, string> {\n const headers: Record<string, string> = {\n Accept: \"application/vnd.github+json\",\n \"X-GitHub-Api-Version\": \"2022-11-28\",\n };\n const token = getGitHubToken();\n if (token) {\n headers.Authorization = `Bearer ${token}`;\n }\n return headers;\n}\n\n/**\n * Fetch GitHub advisories for a given CVE ID filtered to npm ecosystem.\n * Returns an empty array if none found.\n */\nexport async function fetchGhAdvisories(cveId: string): Promise<GhAdvisory[]> {\n const url = new URL(GH_ADVISORY_BASE);\n url.searchParams.set(\"cve_id\", cveId);\n url.searchParams.set(\"ecosystem\", \"npm\");\n url.searchParams.set(\"type\", \"reviewed\");\n url.searchParams.set(\"per_page\", \"10\");\n\n const res = await fetch(url.toString(), { headers: buildHeaders() });\n\n if (res.status === 404) return [];\n if (!res.ok) {\n // Non-fatal: log and return empty so OSV can still succeed\n console.warn(\n `[autoremediator] GitHub Advisory API returned ${res.status} for ${cveId} — skipping.`\n );\n return [];\n }\n\n return res.json() as Promise<GhAdvisory[]>;\n}\n\n/**\n * Parse GitHub advisories into AffectedPackage entries.\n * Deduplication against OSV results is handled in lookup-cve.ts.\n */\nexport function parseGhAdvisories(advisories: GhAdvisory[]): AffectedPackage[] {\n const packages: AffectedPackage[] = [];\n\n for (const advisory of advisories) {\n for (const vuln of advisory.vulnerabilities) {\n if (vuln.package.ecosystem.toLowerCase() !== \"npm\") continue;\n\n packages.push({\n name: vuln.package.name,\n ecosystem: \"npm\",\n vulnerableRange: vuln.vulnerable_version_range ?? \">=0.0.0\",\n firstPatchedVersion: vuln.first_patched_version ?? undefined,\n source: \"github-advisory\",\n });\n }\n }\n\n return packages;\n}\n\n/**\n * Merge data from GitHub advisory into a CveDetails object built from OSV.\n * Fills in `firstPatchedVersion` where OSV didn't have it, and enriches CVSS.\n */\nexport function mergeGhDataIntoCveDetails(\n details: CveDetails,\n ghPackages: AffectedPackage[]\n): CveDetails {\n const enriched = { ...details };\n\n for (const ghPkg of ghPackages) {\n const existing = enriched.affectedPackages.find(\n (p) => p.name === ghPkg.name\n );\n\n if (existing) {\n // Backfill firstPatchedVersion if OSV didn't have it\n if (!existing.firstPatchedVersion && ghPkg.firstPatchedVersion) {\n existing.firstPatchedVersion = ghPkg.firstPatchedVersion;\n }\n } else {\n // Package only known via GitHub Advisory (not yet in OSV)\n enriched.affectedPackages.push(ghPkg);\n }\n }\n\n return enriched;\n}\n\n/** High-level convenience: fetch + parse, returns enrichment packages */\nexport async function lookupCveGitHub(cveId: string): Promise<AffectedPackage[]> {\n const advisories = await fetchGhAdvisories(cveId);\n return parseGhAdvisories(advisories);\n}\n","/**\n * NVD (National Vulnerability Database) API v2 client\n *\n * Used ONLY for fetching authoritative CVSS scores and severity.\n * NVD CPE data is too inconsistent for npm package discovery — use OSV for that.\n *\n * Rate limits: 5 req/30s without key, 50 req/30s with AUTOREMEDIATOR_NVD_API_KEY\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getNvdConfig } from \"../../platform/config.js\";\n\nconst NVD_BASE = \"https://services.nvd.nist.gov/rest/json/cves/2.0\";\n\ninterface NvdCvssMetric {\n cvssData: {\n baseScore: number;\n baseSeverity: string;\n vectorString: string;\n };\n}\n\ninterface NvdVulnerability {\n cve: {\n id: string;\n metrics?: {\n cvssMetricV31?: NvdCvssMetric[];\n cvssMetricV30?: NvdCvssMetric[];\n cvssMetricV2?: NvdCvssMetric[];\n };\n references?: Array<{ url: string; tags?: string[] }>;\n };\n}\n\ninterface NvdResponse {\n vulnerabilities?: NvdVulnerability[];\n totalResults?: number;\n}\n\nfunction buildNvdHeaders(): Record<string, string> {\n const { apiKey } = getNvdConfig();\n const headers: Record<string, string> = { Accept: \"application/json\" };\n if (apiKey) {\n headers.apiKey = apiKey;\n }\n return headers;\n}\n\n/**\n * Fetch CVSS score for a CVE from NVD.\n * Returns undefined if NVD doesn't have data or the request fails.\n * Non-fatal — callers should handle undefined gracefully.\n */\nexport async function fetchNvdCvss(\n cveId: string\n): Promise<{ score: number; severity: CveDetails[\"severity\"] } | undefined> {\n const url = `${NVD_BASE}?cveId=${encodeURIComponent(cveId)}`;\n\n try {\n const res = await fetch(url, { headers: buildNvdHeaders() });\n if (!res.ok) return undefined;\n\n const data = (await res.json()) as NvdResponse;\n const vuln = data.vulnerabilities?.[0];\n if (!vuln) return undefined;\n\n const metrics = vuln.cve.metrics;\n const metric =\n metrics?.cvssMetricV31?.[0] ??\n metrics?.cvssMetricV30?.[0] ??\n metrics?.cvssMetricV2?.[0];\n\n if (!metric) return undefined;\n\n const score = metric.cvssData.baseScore;\n const rawSeverity = metric.cvssData.baseSeverity.toUpperCase();\n\n const severityMap: Record<string, CveDetails[\"severity\"]> = {\n CRITICAL: \"CRITICAL\",\n HIGH: \"HIGH\",\n MEDIUM: \"MEDIUM\",\n LOW: \"LOW\",\n };\n\n return {\n score,\n severity: severityMap[rawSeverity] ?? \"UNKNOWN\",\n };\n } catch {\n // NVD is non-critical; don't crash the pipeline on network failures\n return undefined;\n }\n}\n\n/**\n * Enrich an existing CveDetails with NVD CVSS data.\n * Mutates in place and returns the same object.\n */\nexport async function enrichWithNvd(details: CveDetails): Promise<CveDetails> {\n const cvss = await fetchNvdCvss(details.id);\n if (cvss) {\n details.cvssScore = cvss.score;\n if (details.severity === \"UNKNOWN\") {\n details.severity = cvss.severity;\n }\n }\n return details;\n}\n","/**\n * Tool: check-inventory\n *\n * Reads the consumer's package.json and installed dependency tree to produce\n * a flat list of installed packages and their resolved versions.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\nimport type { InventoryPackage } from \"../../platform/types.js\";\nimport {\n detectPackageManager,\n getPackageManagerCommands,\n parseListOutput,\n type PackageManager,\n} from \"../../platform/package-manager.js\";\n\ninterface PackageJson {\n dependencies?: Record<string, string>;\n devDependencies?: Record<string, string>;\n peerDependencies?: Record<string, string>;\n}\n\nexport const checkInventoryTool = tool({\n description:\n \"Read the project's package.json and installed dependencies to list packages and exact versions. Must be called before checking version matches.\",\n parameters: z.object({\n cwd: z.string().describe(\"Absolute path to the consumer project's root directory\"),\n packageManager: z.enum([\"npm\", \"pnpm\", \"yarn\"]).optional().describe(\"Package manager used by the target project (auto-detected if omitted)\"),\n }),\n execute: async ({ cwd, packageManager }): Promise<{ packages: InventoryPackage[]; error?: string }> => {\n let pkgJson: PackageJson;\n\n try {\n pkgJson = JSON.parse(readFileSync(join(cwd, \"package.json\"), \"utf8\")) as PackageJson;\n } catch {\n return {\n packages: [],\n error: `Could not read package.json in \"${cwd}\". Is this a Node.js project?`,\n };\n }\n\n const pm = (packageManager ?? detectPackageManager(cwd)) as PackageManager;\n const commands = getPackageManagerCommands(pm);\n let installedVersions = new Map<string, string>();\n\n try {\n const [cmd, ...args] = commands.list;\n const listResult = await execa(cmd, args, {\n cwd,\n stdio: \"pipe\",\n reject: false,\n });\n installedVersions = parseListOutput(pm, listResult.stdout || \"\");\n } catch {\n // Fallback to package.json-only view when list command fails.\n }\n\n const packages: InventoryPackage[] = [];\n\n for (const [name, version] of installedVersions.entries()) {\n const isDirect =\n Boolean(pkgJson.dependencies?.[name]) ||\n Boolean(pkgJson.devDependencies?.[name]) ||\n Boolean(pkgJson.peerDependencies?.[name]);\n\n packages.push({\n name,\n version,\n type: isDirect ? \"direct\" : \"indirect\",\n });\n }\n\n if (packages.length === 0) {\n // Fallback: only direct deps from package.json (best-effort versions)\n const allDeps = {\n ...pkgJson.dependencies,\n ...pkgJson.devDependencies,\n };\n for (const [name, version] of Object.entries(allDeps)) {\n const cleaned = version.replace(/^[\\^~>=<]+/, \"\").trim();\n packages.push({ name, version: cleaned, type: \"direct\" });\n }\n }\n\n return { packages };\n },\n});\n","/**\n * npm registry API client\n *\n * Used to:\n * - Fetch the full list of published versions for a package\n * - Find the lowest semver-compatible safe upgrade from `firstPatchedVersion`\n * - Download tarballs for patch generation (fallback path)\n */\nimport semver from \"semver\";\n\nconst NPM_REGISTRY = \"https://registry.npmjs.org\";\n\nexport type SafeUpgradeLevel = \"patch\" | \"minor\" | \"major\";\n\nexport interface SafeUpgradeResolution {\n safeVersion?: string;\n upgradeLevel?: SafeUpgradeLevel;\n candidates: Partial<Record<SafeUpgradeLevel, string>>;\n majorOnlyFixAvailable: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Raw registry types (abbreviated)\n// ---------------------------------------------------------------------------\n\ninterface NpmPackument {\n name: string;\n versions: Record<string, { version: string; dist: { tarball: string } }>;\n \"dist-tags\": Record<string, string>;\n time: Record<string, string>;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Fetch all published versions for an npm package.\n * Returns an empty array if the package is not found.\n */\nexport async function fetchPackageVersions(packageName: string): Promise<string[]> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}`;\n const res = await fetch(url, {\n headers: { Accept: \"application/json\" },\n });\n\n if (res.status === 404) return [];\n if (!res.ok) {\n throw new Error(\n `npm registry error ${res.status} for \"${packageName}\": ${await res.text()}`\n );\n }\n\n const data = (await res.json()) as NpmPackument;\n return Object.keys(data.versions);\n}\n\n/**\n * Find the lowest published version that satisfies `>= firstPatchedVersion`\n * and is semver-compatible with the currently installed version (same major,\n * unless there is no same-major option).\n *\n * Strategy:\n * 1. Try same-major, lowest version >= firstPatchedVersion\n * 2. Fallback: any published version >= firstPatchedVersion (lowest)\n * 3. Returns undefined if nothing found\n */\nexport async function findSafeUpgradeVersion(\n packageName: string,\n installedVersion: string,\n firstPatchedVersion: string,\n vulnerableRange?: string\n): Promise<string | undefined> {\n const resolution = await resolveSafeUpgradeVersion(\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange\n );\n\n return resolution.safeVersion;\n}\n\nexport async function resolveSafeUpgradeVersion(\n packageName: string,\n installedVersion: string,\n firstPatchedVersion: string,\n vulnerableRange?: string\n): Promise<SafeUpgradeResolution> {\n const versions = await fetchPackageVersions(packageName);\n if (!versions.length) {\n return {\n candidates: {},\n majorOnlyFixAvailable: false,\n };\n }\n\n const installed = semver.parse(installedVersion);\n\n // All versions >= firstPatchedVersion, sorted ascending\n const candidates = versions\n .filter((v) => semver.valid(v) && semver.gte(v, firstPatchedVersion))\n .filter((v) => {\n if (!vulnerableRange) return true;\n try {\n return !semver.satisfies(v, vulnerableRange, { includePrerelease: false });\n } catch {\n // If vulnerable range cannot be parsed, avoid filtering out candidates.\n return true;\n }\n })\n .sort(semver.compare);\n\n if (!candidates.length) {\n return {\n candidates: {},\n majorOnlyFixAvailable: false,\n };\n }\n\n const categorizedCandidates: SafeUpgradeResolution[\"candidates\"] = {};\n\n for (const candidate of candidates) {\n const level = classifyUpgradeLevel(installedVersion, candidate);\n if (!level) continue;\n if (!categorizedCandidates[level]) {\n categorizedCandidates[level] = candidate;\n }\n }\n\n const safeVersion =\n categorizedCandidates.patch ?? categorizedCandidates.minor ?? categorizedCandidates.major;\n\n if (!safeVersion) {\n return {\n candidates: categorizedCandidates,\n majorOnlyFixAvailable: false,\n };\n }\n\n const upgradeLevel = classifyUpgradeLevel(installedVersion, safeVersion);\n const majorOnlyFixAvailable =\n !categorizedCandidates.patch &&\n !categorizedCandidates.minor &&\n Boolean(categorizedCandidates.major);\n\n if (!installed || !upgradeLevel) {\n return {\n safeVersion,\n upgradeLevel,\n candidates: categorizedCandidates,\n majorOnlyFixAvailable,\n };\n }\n\n return {\n safeVersion,\n upgradeLevel,\n candidates: categorizedCandidates,\n majorOnlyFixAvailable,\n };\n}\n\nfunction classifyUpgradeLevel(\n installedVersion: string,\n candidateVersion: string\n): SafeUpgradeLevel | undefined {\n const installed = semver.parse(installedVersion);\n const candidate = semver.parse(candidateVersion);\n\n if (!installed || !candidate) return undefined;\n if (candidate.major > installed.major) return \"major\";\n if (candidate.minor > installed.minor) return \"minor\";\n if (candidate.patch > installed.patch || candidate.version === installed.version) {\n return \"patch\";\n }\n\n return undefined;\n}\n\n/**\n * Get the tarball URL for a specific package version.\n * Used by the patch generation fallback path.\n */\nexport async function getTarballUrl(\n packageName: string,\n version: string\n): Promise<string | undefined> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}/${encodeURIComponent(version)}`;\n const res = await fetch(url, {\n headers: { Accept: \"application/json\" },\n });\n\n if (!res.ok) return undefined;\n\n const data = (await res.json()) as {\n dist?: { tarball?: string };\n };\n return data.dist?.tarball;\n}\n","import { resolveSafeUpgradeVersion } from \"../../intelligence/sources/registry.js\";\nimport { applyVersionBumpTool } from \"../tools/apply-version-bump.js\";\nimport { applyPackageOverrideTool } from \"../tools/apply-package-override.js\";\nimport type { PatchResult, VulnerablePackage } from \"../../platform/types.js\";\n\nexport async function resolvePrimaryResult(params: {\n vulnerable: VulnerablePackage;\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n policy: string;\n runTests: boolean;\n constraints: {\n directDependenciesOnly?: boolean;\n preferVersionBump?: boolean;\n };\n}): Promise<{ result: PatchResult; steps: number }> {\n const { vulnerable, cwd, packageManager, dryRun, policy, runTests, constraints } = params;\n const pkg = vulnerable.installed;\n const firstPatchedVersion = vulnerable.affected.firstPatchedVersion;\n\n if (pkg.type === \"indirect\") {\n if (constraints.directDependenciesOnly) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"constraint-blocked\",\n message: `Constraint blocked remediation for indirect dependency \"${pkg.name}\".`,\n },\n };\n }\n\n if (constraints.preferVersionBump) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"constraint-blocked\",\n message: `Constraint prefers version-bump and rejected override remediation for \"${pkg.name}\".`,\n },\n };\n }\n\n if (!firstPatchedVersion) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No firstPatchedVersion available for ${pkg.name}; cannot resolve deterministic override in local mode.`,\n },\n };\n }\n\n const safeUpgrade = await resolveSafeUpgradeVersion(\n pkg.name,\n pkg.version,\n firstPatchedVersion,\n vulnerable.affected.vulnerableRange\n );\n\n if (!safeUpgrade.safeVersion) {\n return {\n steps: 1,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No safe override version found for ${pkg.name}.`,\n },\n };\n }\n\n const overrideResult = (await (applyPackageOverrideTool as any).execute({\n cwd,\n packageManager,\n packageName: pkg.name,\n fromVersion: pkg.version,\n toVersion: safeUpgrade.safeVersion,\n dryRun,\n policy,\n runTests,\n })) as PatchResult;\n\n return {\n steps: 2,\n result: overrideResult,\n };\n }\n\n if (!firstPatchedVersion) {\n return {\n steps: 0,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No firstPatchedVersion available for ${pkg.name}; cannot resolve deterministic upgrade in local mode.`,\n },\n };\n }\n\n const safeUpgrade = await resolveSafeUpgradeVersion(\n pkg.name,\n pkg.version,\n firstPatchedVersion,\n vulnerable.affected.vulnerableRange\n );\n\n if (!safeUpgrade.safeVersion) {\n return {\n steps: 1,\n result: {\n packageName: pkg.name,\n strategy: \"none\",\n fromVersion: pkg.version,\n applied: false,\n dryRun,\n unresolvedReason: \"no-safe-version\",\n message: `No safe upgrade version found for ${pkg.name}.`,\n },\n };\n }\n\n const applyResult = (await (applyVersionBumpTool as any).execute({\n cwd,\n packageManager,\n packageName: pkg.name,\n fromVersion: pkg.version,\n toVersion: safeUpgrade.safeVersion,\n dryRun,\n policy,\n runTests,\n })) as PatchResult;\n\n return {\n steps: 2,\n result: applyResult,\n };\n}\n","/**\n * Tool: fetch-package-source\n *\n * Downloads a package tarball from npm registry and extracts source files for CVE analysis.\n * Uses Node.js fetch API to download and execa to extract tar archives.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { mkdir, readdir, readFile, rm } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport { execa } from \"execa\";\n\n/**\n * Interface for the tool's return value.\n */\ninterface FetchPackageSourceResult {\n success: boolean;\n sourceFiles?: Record<string, string>;\n packageDir?: string;\n error?: string;\n}\n\nexport const fetchPackageSourceTool = tool({\n description:\n \"Download package tarball from npm and extract source files for CVE analysis. Supports custom file patterns (default: *.js, *.ts).\",\n parameters: z.object({\n packageName: z\n .string()\n .min(1)\n .describe(\"The npm package name (e.g., 'lodash', '@scope/package')\"),\n version: z\n .string()\n .regex(/^\\d+\\.\\d+\\.\\d+/, \"Must be a valid semver version\")\n .describe(\"Exact package version to download\"),\n filePatterns: z\n .array(z.string())\n .optional()\n .default([\"*.js\", \"*.ts\"])\n .describe(\n \"File patterns to extract (glob patterns, default: *.js, *.ts)\"\n ),\n }),\n execute: async ({\n packageName,\n version,\n filePatterns,\n }): Promise<FetchPackageSourceResult> => {\n const tempBaseDir = `/tmp/autoremediator-pkg-${Date.now()}`;\n const extractDir = join(tempBaseDir, \"out\");\n\n try {\n // Step 1: Construct npm registry URL and download tarball\n const npmUrl = `https://registry.npmjs.org/${packageName}/-/${packageName.split(\"/\").pop()}-${version}.tgz`;\n\n // Create temp directory\n await mkdir(tempBaseDir, { recursive: true });\n\n // Download tarball using curl (reliable method)\n const tarballPath = join(tempBaseDir, \"package.tgz\");\n await execa(\"curl\", [\"-L\", \"-o\", tarballPath, npmUrl]);\n\n // Step 2: Extract tar.gz\n await mkdir(extractDir, { recursive: true });\n await execa(\"tar\", [\"-xzf\", tarballPath, \"-C\", extractDir]);\n\n // Step 3: Discover package root (tar extracts to 'package/' subdirectory)\n const extractedContents = await readdir(extractDir);\n const packageRootDir = extractedContents.includes(\"package\")\n ? join(extractDir, \"package\")\n : extractDir;\n\n // Step 4: Recursively find and read matching source files\n const sourceCode: Record<string, string> = {};\n\n async function walkDir(dir: string, relativeBase: string): Promise<void> {\n try {\n const files = await readdir(dir, { withFileTypes: true });\n\n for (const file of files) {\n const fullPath = join(dir, file.name);\n const relPath = join(relativeBase, file.name);\n\n if (file.isDirectory()) {\n // Skip common non-source directories\n if (\n ![\n \"node_modules\",\n \".git\",\n \"dist\",\n \"build\",\n \"coverage\",\n \".next\",\n \"out\",\n ]\n .includes(file.name)\n ) {\n await walkDir(fullPath, relPath);\n }\n } else if (file.isFile()) {\n // Check if file matches any pattern\n const matches = filePatterns!.some((pattern) => {\n const regex = new RegExp(\n `^${pattern.replace(/\\*/g, \".*\").replace(/\\./g, \"\\\\.\")}$`\n );\n return regex.test(file.name);\n });\n\n if (matches) {\n try {\n const content = await readFile(fullPath, \"utf8\");\n sourceCode[relPath] = content;\n } catch {\n // Skip files that can't be read as UTF-8\n }\n }\n }\n }\n } catch {\n // Skip directories that can't be read\n }\n }\n\n await walkDir(packageRootDir, \"\");\n\n if (Object.keys(sourceCode).length === 0) {\n return {\n success: false,\n error: `No source files matching patterns [${filePatterns!.join(\", \")}] found in ${packageName}@${version}. Download succeeded but extraction yielded no matching files.`,\n };\n }\n\n return {\n success: true,\n sourceFiles: sourceCode,\n packageDir: packageRootDir,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n\n // Check if it's a 404 from npm\n if (message.includes(\"404\") || message.includes(\"not found\")) {\n return {\n success: false,\n error: `Package ${packageName}@${version} not found on npm registry. It may not exist or the version may be incorrect.`,\n };\n }\n\n return {\n success: false,\n error: `Failed to fetch and extract package ${packageName}@${version}: ${message}`,\n };\n } finally {\n await rm(tempBaseDir, { recursive: true, force: true });\n }\n },\n});\n","/**\n * Tool: generate-patch\n *\n * Calls the LLM to analyze vulnerable source code and generate a unified diff patch.\n * Parses LLM response and validates patch format.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { generateText } from \"ai\";\nimport { createModel } from \"../../platform/config.js\";\n\n/**\n * Represents a single generated patch file.\n */\ninterface GeneratedPatch {\n filePath: string;\n unifiedDiff: string;\n}\n\n/**\n * Result from the patch generation tool.\n */\ninterface GeneratePatchResult {\n success: boolean;\n patches?: GeneratedPatch[];\n patchContent?: string;\n llmModel: string;\n confidence: number;\n riskLevel: \"low\" | \"medium\" | \"high\";\n error?: string;\n}\n\n/**\n * LLM analysis response schema.\n */\ninterface LlmAnalysis {\n analysis: string;\n fixedCode: Record<string, string>;\n confidence: number;\n riskLevel: \"low\" | \"medium\" | \"high\";\n}\n\n/**\n * Vulnerability category descriptions for the LLM.\n */\nconst VULNERABILITY_DESCRIPTIONS: Record<string, string> = {\n redos:\n \"Regular Expression Denial of Service (ReDoS): The vulnerability is caused by poorly constructed regular expressions that cause excessive backtracking when processing certain inputs. The fix should optimize the regex to avoid catastrophic backtracking or replace it with a safer alternative.\",\n \"code-injection\":\n \"Code Injection: The vulnerability allows injected code to be executed. The fix must properly sanitize/validate inputs and prevent dynamic code execution, or use safe alternatives like template literals with proper escaping.\",\n \"path-traversal\":\n \"Path Traversal: The vulnerability allows access to files outside intended directories through path traversal sequences (../, etc.). The fix must validate and normalize file paths, use path.resolve() and path.relative() checks.\",\n unknown:\n \"Unknown vulnerability type: Analyze the CVE summary carefully and implement the most appropriate fix for the security issue described.\",\n};\n\nexport const generatePatchTool = tool({\n description:\n \"Generate a unified diff patch for a CVE using LLM analysis of vulnerable source code.\",\n parameters: z.object({\n packageName: z.string().min(1).describe(\"The npm package name\"),\n vulnerableVersion: z\n .string()\n .describe(\"The vulnerable version string\"),\n cveId: z\n .string()\n .regex(/^CVE-\\d{4}-\\d+$/i)\n .describe(\"CVE ID (e.g., CVE-2021-23337)\"),\n cveSummary: z.string().min(10).describe(\"CVE description and impact\"),\n sourceFiles: z\n .record(z.string())\n .describe(\n \"Map of file paths to source code contents from fetch-package-source\"\n ),\n vulnerabilityCategory: z\n .enum([\"redos\", \"code-injection\", \"path-traversal\", \"unknown\"])\n .optional()\n .default(\"unknown\")\n .describe(\"Category of the vulnerability for better context\"),\n dryRun: z\n .boolean()\n .optional()\n .default(false)\n .describe(\"If true, return analysis without generating patches\"),\n }),\n execute: async ({\n packageName,\n vulnerableVersion,\n cveId,\n cveSummary,\n sourceFiles,\n vulnerabilityCategory,\n dryRun,\n }): Promise<GeneratePatchResult> => {\n try {\n const resolvedSourceFiles = sourceFiles;\n if (Object.keys(resolvedSourceFiles).length === 0) {\n return {\n success: false,\n llmModel: \"unknown\",\n confidence: 0,\n riskLevel: \"high\",\n error: \"No source files were provided. Call fetch-package-source first and pass sourceFiles.\",\n };\n }\n\n // Create LLM model\n const model = await createModel();\n const modelName = model.modelId || \"unknown-model\";\n\n // Build source files context\n const sourceContext = Object.entries(resolvedSourceFiles)\n .map(([filePath, content]) => `\\n### File: ${filePath}\\n\\`\\`\\`typescript\\n${content}\\n\\`\\`\\``)\n .join(\"\\n\");\n\n // Build the LLM prompt\n const vulnerabilityContext =\n VULNERABILITY_DESCRIPTIONS[vulnerabilityCategory] ||\n VULNERABILITY_DESCRIPTIONS.unknown;\n\n const prompt = `You are a security expert tasked with analyzing a CVE vulnerability and generating a secure patch.\n\n## CVE Information\n- CVE ID: ${cveId}\n- Package: ${packageName}@${vulnerableVersion}\n- Category: ${vulnerabilityCategory}\n\n## Vulnerability Summary\n${cveSummary}\n\n## Vulnerability Type Context\n${vulnerabilityContext}\n\n## Vulnerable Source Code\n${sourceContext}\n\n## Your Task\nAnalyze the source code to:\n1. Identify the exact code location causing the vulnerability\n2. Explain the root cause of the security issue\n3. Propose a secure fix that addresses the vulnerability\n4. Provide the complete fixed version of affected files\n\n## Response Format\nRespond ONLY with valid JSON (no markdown, no extra text):\n{\n \"analysis\": \"Detailed explanation of the vulnerability root cause and why it's a security issue\",\n \"fixedCode\": {\n \"path/to/file.js\": \"Complete fixed source code for this file\",\n \"path/to/other.ts\": \"Complete fixed source code for this file\"\n },\n \"confidence\": 0.95,\n \"riskLevel\": \"medium\"\n}\n\nImportant:\n- confidence: number between 0 and 1 indicating how confident you are in the fix\n- riskLevel: \"low\", \"medium\", or \"high\" - assess the risk of the proposed fix breaking functionality\n- fixedCode: must contain the COMPLETE file contents (not just diffs), with the vulnerability addressed\n- Only include files that need modification`;\n\n // Call LLM\n const { text } = await generateText({\n model,\n prompt,\n temperature: 0.3, // Lower temperature for more consistent code generation\n });\n\n // Parse LLM response\n let analysis: LlmAnalysis;\n try {\n // Extract JSON from response (in case LLM includes extra text)\n const jsonMatch = text.match(/\\{[\\s\\S]*\\}/);\n if (!jsonMatch) {\n throw new Error(\"No JSON found in LLM response\");\n }\n analysis = JSON.parse(jsonMatch[0]) as LlmAnalysis;\n } catch (err) {\n return {\n success: false,\n llmModel: modelName,\n confidence: 0,\n riskLevel: \"high\",\n error: `Failed to parse LLM response: ${err instanceof Error ? err.message : \"unknown error\"}`,\n };\n }\n\n // Validate analysis structure\n if (\n !analysis.analysis ||\n !analysis.fixedCode ||\n typeof analysis.confidence !== \"number\" ||\n ![\"low\", \"medium\", \"high\"].includes(analysis.riskLevel)\n ) {\n return {\n success: false,\n llmModel: modelName,\n confidence: 0,\n riskLevel: \"high\",\n error: \"LLM response missing required fields (analysis, fixedCode, confidence, riskLevel)\",\n };\n }\n\n if (dryRun) {\n return {\n success: true,\n llmModel: modelName,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n };\n }\n\n // Step 3: Generate unified diffs\n const patches: GeneratedPatch[] = [];\n\n for (const [filePath, fixedCode] of Object.entries(\n analysis.fixedCode\n )) {\n const sourceFile = resolvedSourceFiles[filePath];\n\n if (!sourceFile) {\n continue; // Skip files not in original source\n }\n\n // Generate unified diff\n const unifiedDiff = generateUnifiedDiff(\n sourceFile,\n fixedCode,\n filePath\n );\n\n if (unifiedDiff) {\n patches.push({\n filePath,\n unifiedDiff,\n });\n }\n }\n\n if (patches.length === 0) {\n return {\n success: false,\n llmModel: modelName,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n error: \"No valid patches could be generated from LLM response\",\n };\n }\n\n return {\n success: true,\n patches,\n patchContent: patches[0]?.unifiedDiff,\n llmModel: modelName,\n confidence: analysis.confidence,\n riskLevel: analysis.riskLevel,\n };\n } catch (err) {\n const message =\n err instanceof Error ? err.message : String(err);\n return {\n success: false,\n llmModel: \"unknown\",\n confidence: 0,\n riskLevel: \"high\",\n error: `Patch generation failed: ${message}`,\n };\n }\n },\n});\n\n/**\n * Generate a unified diff between two strings.\n * Returns a unified diff format or null if there are no differences.\n */\nfunction generateUnifiedDiff(\n original: string,\n fixed: string,\n filePath: string\n): string | null {\n if (original === fixed) {\n return null;\n }\n\n const originalLines = original.split(\"\\n\");\n const fixedLines = fixed.split(\"\\n\");\n\n // Simple unified diff generation\n // In a production system, use a library like 'diff' for more accurate diffs\n const diff: string[] = [];\n diff.push(`--- a/${filePath}`);\n diff.push(`+++ b/${filePath}`);\n diff.push(\"@@ -1,\" + originalLines.length + \" +1,\" + fixedLines.length + \" @@\");\n\n // Find longest common subsequence for better diff\n // For now, simple line-by-line comparison\n const maxLen = Math.max(originalLines.length, fixedLines.length);\n\n for (let i = 0; i < maxLen; i++) {\n const origLine = originalLines[i] || \"\";\n const fixedLine = fixedLines[i] || \"\";\n\n if (origLine !== fixedLine) {\n if (origLine) {\n diff.push(\"-\" + origLine);\n }\n if (fixedLine) {\n diff.push(\"+\" + fixedLine);\n }\n } else if (origLine) {\n diff.push(\" \" + origLine);\n }\n }\n\n return diff.join(\"\\n\");\n}\n","import { fetchPackageSourceTool } from \"../tools/fetch-package-source.js\";\nimport { generatePatchTool } from \"../tools/generate-patch.js\";\nimport { applyPatchFileTool } from \"../tools/apply-patch-file.js\";\nimport type { PatchResult, UnresolvedReason } from \"../../platform/types.js\";\n\nexport function shouldAttemptPatchFallback(result: PatchResult, preferVersionBump: boolean): boolean {\n if (preferVersionBump) return false;\n if (result.applied || result.dryRun) return false;\n\n return (\n result.unresolvedReason === \"no-safe-version\" ||\n result.unresolvedReason === \"install-failed\" ||\n result.unresolvedReason === \"override-apply-failed\" ||\n result.unresolvedReason === \"validation-failed\" ||\n result.unresolvedReason === \"major-bump-required\" ||\n result.unresolvedReason === \"indirect-dependency\"\n );\n}\n\nexport async function tryLocalPatchFallback(params: {\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n packageName: string;\n vulnerableVersion: string;\n cveId: string;\n cveSummary: string;\n dryRun: boolean;\n runTests: boolean;\n patchesDir: string;\n}): Promise<{ result: PatchResult; steps: number }> {\n let steps = 0;\n\n const sourceResult = (await (fetchPackageSourceTool as any).execute({\n packageName: params.packageName,\n version: params.vulnerableVersion,\n })) as {\n success?: boolean;\n sourceFiles?: Record<string, string>;\n error?: string;\n };\n steps += 1;\n\n if (!sourceResult?.success || !sourceResult.sourceFiles) {\n return {\n steps,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n unresolvedReason: \"source-fetch-failed\",\n message: sourceResult?.error ?? `Failed to fetch source for ${params.packageName}@${params.vulnerableVersion}.`,\n },\n };\n }\n\n const patchResult = (await (generatePatchTool as any).execute({\n packageName: params.packageName,\n vulnerableVersion: params.vulnerableVersion,\n cveId: params.cveId,\n cveSummary: params.cveSummary,\n sourceFiles: sourceResult.sourceFiles,\n vulnerabilityCategory: \"unknown\",\n dryRun: params.dryRun,\n })) as {\n success?: boolean;\n patches?: Array<{ filePath: string; unifiedDiff: string }>;\n patchContent?: string;\n confidence?: number;\n error?: string;\n };\n steps += 1;\n\n if (!patchResult?.success) {\n const error = patchResult?.error ?? \"Patch generation failed.\";\n const unresolvedReason: UnresolvedReason =\n error.includes(\"API_KEY\") || error.includes(\"does not create a language model\")\n ? \"requires-llm-fallback\"\n : \"patch-generation-failed\";\n return {\n steps,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n unresolvedReason,\n message: error,\n },\n };\n }\n\n if (typeof patchResult.confidence === \"number\" && patchResult.confidence < 0.7) {\n return {\n steps,\n result: {\n packageName: params.packageName,\n strategy: \"none\",\n fromVersion: params.vulnerableVersion,\n applied: false,\n dryRun: params.dryRun,\n unresolvedReason: \"patch-confidence-too-low\",\n message: `Patch confidence ${patchResult.confidence.toFixed(2)} is below threshold 0.70.`,\n },\n };\n }\n\n const applyResult = (await (applyPatchFileTool as any).execute({\n packageName: params.packageName,\n vulnerableVersion: params.vulnerableVersion,\n patchContent: patchResult.patchContent,\n patches: patchResult.patches,\n patchesDir: params.patchesDir,\n cwd: params.cwd,\n packageManager: params.packageManager,\n validateWithTests: params.runTests,\n dryRun: params.dryRun,\n })) as {\n applied?: boolean;\n dryRun?: boolean;\n message?: string;\n error?: string;\n patchFilePath?: string;\n patchPath?: string;\n validation?: { passed?: boolean; error?: string };\n };\n steps += 1;\n\n return {\n steps,\n result: {\n packageName: params.packageName,\n strategy: \"patch-file\",\n fromVersion: params.vulnerableVersion,\n patchFilePath: applyResult.patchFilePath ?? applyResult.patchPath,\n applied: Boolean(applyResult.applied),\n dryRun: Boolean(applyResult.dryRun),\n unresolvedReason:\n !Boolean(applyResult.applied) && !Boolean(applyResult.dryRun)\n ? applyResult.validation?.passed === false\n ? \"patch-validation-failed\"\n : \"patch-apply-failed\"\n : undefined,\n message: applyResult.message ?? applyResult.error ?? \"Patch-file strategy finished.\",\n validation:\n typeof applyResult.validation?.passed === \"boolean\"\n ? {\n passed: applyResult.validation.passed,\n error: applyResult.validation.error,\n }\n : undefined,\n },\n };\n}\n","/**\n * Tool: lookup-cve\n *\n * Fetches CVE details from OSV (primary) and GitHub Advisory (secondary),\n * merges them, and optionally enriches with supplemental intelligence data.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { lookupCveOsv } from \"../../intelligence/sources/osv.js\";\nimport { lookupCveGitHub, mergeGhDataIntoCveDetails } from \"../../intelligence/sources/github-advisory.js\";\nimport { enrichWithNvd } from \"../../intelligence/sources/nvd.js\";\nimport { enrichWithCisaKev } from \"../../intelligence/sources/cisa-kev.js\";\nimport { enrichWithEpss } from \"../../intelligence/sources/epss.js\";\nimport { enrichWithCveServices } from \"../../intelligence/sources/cve-services.js\";\nimport { enrichWithGitLabAdvisory } from \"../../intelligence/sources/gitlab-advisory.js\";\nimport { enrichWithCertCc } from \"../../intelligence/sources/certcc.js\";\nimport { enrichWithDepsDev } from \"../../intelligence/sources/deps-dev.js\";\nimport { enrichWithOssfScorecard } from \"../../intelligence/sources/ossf-scorecard.js\";\nimport { enrichWithExternalFeeds } from \"../../intelligence/sources/external-feeds.js\";\nimport type { CveDetails } from \"../../platform/types.js\";\n\nexport const lookupCveTool = tool({\n description:\n \"Look up a CVE ID and return the list of affected npm packages, their vulnerable version ranges, and the first patched version. Always call this first.\",\n parameters: z.object({\n cveId: z\n .string()\n .regex(/^CVE-\\d{4}-\\d+$/i, \"Must be a valid CVE ID like CVE-2021-23337\"),\n }),\n execute: async ({ cveId }): Promise<{ success: boolean; data?: CveDetails; error?: string }> => {\n const normalizedId = cveId.toUpperCase();\n\n // Fan out to OSV + GitHub Advisory in parallel\n const [osvDetails, ghPackages] = await Promise.all([\n lookupCveOsv(normalizedId),\n lookupCveGitHub(normalizedId),\n ]);\n\n if (!osvDetails && ghPackages.length === 0) {\n return {\n success: false,\n error: `CVE \"${normalizedId}\" was not found in OSV or GitHub Advisory databases. It may be too new, or not affect npm packages.`,\n };\n }\n\n // Start from OSV result or construct a minimal shell from GH data\n let details: CveDetails = osvDetails ?? {\n id: normalizedId,\n summary: \"Details sourced from GitHub Advisory Database.\",\n severity: \"UNKNOWN\",\n references: [],\n affectedPackages: [],\n };\n\n // Merge GitHub Advisory data (adds firstPatchedVersion, fills gaps)\n if (ghPackages.length > 0) {\n details = mergeGhDataIntoCveDetails(details, ghPackages);\n }\n\n const sourceHealth: Record<string, { attempted: boolean; changed: boolean; error?: string }> = {};\n\n const applyEnricher = async (\n sourceName: string,\n enricher: (input: CveDetails) => Promise<CveDetails>\n ): Promise<void> => {\n const before = JSON.stringify(details);\n try {\n details = await enricher(details);\n const after = JSON.stringify(details);\n sourceHealth[sourceName] = {\n attempted: true,\n changed: before !== after,\n };\n } catch (error) {\n sourceHealth[sourceName] = {\n attempted: true,\n changed: false,\n error: error instanceof Error ? error.message : String(error),\n };\n }\n };\n\n await applyEnricher(\"nvd\", enrichWithNvd);\n await applyEnricher(\"cisa-kev\", enrichWithCisaKev);\n await applyEnricher(\"epss\", enrichWithEpss);\n await applyEnricher(\"cve-services\", enrichWithCveServices);\n await applyEnricher(\"gitlab-advisory\", enrichWithGitLabAdvisory);\n await applyEnricher(\"certcc\", enrichWithCertCc);\n await applyEnricher(\"deps-dev\", enrichWithDepsDev);\n await applyEnricher(\"ossf-scorecard\", enrichWithOssfScorecard);\n await applyEnricher(\"external-feeds\", enrichWithExternalFeeds);\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n sourceHealth,\n };\n\n if (details.affectedPackages.length === 0) {\n return {\n success: false,\n error: `CVE \"${normalizedId}\" was found but has no npm-specific affected packages listed. It may affect a different ecosystem.`,\n };\n }\n\n return { success: true, data: details };\n },\n});\n","/**\n * CISA Known Exploited Vulnerabilities (KEV) feed client.\n *\n * Used for risk-priority enrichment only. This source does not provide\n * npm package range intelligence.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\n\nconst CISA_KEV_URL =\n \"https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\";\n\ninterface CisaKevVulnerability {\n cveID: string;\n dateAdded?: string;\n dueDate?: string;\n requiredAction?: string;\n knownRansomwareCampaignUse?: string;\n}\n\ninterface CisaKevFeed {\n vulnerabilities?: CisaKevVulnerability[];\n}\n\nexport async function fetchCisaKevFeed(): Promise<CisaKevFeed | undefined> {\n try {\n const res = await fetch(CISA_KEV_URL, {\n headers: { Accept: \"application/json\" },\n });\n if (!res.ok) return undefined;\n return (await res.json()) as CisaKevFeed;\n } catch {\n // KEV is enrichment only; failures are non-fatal.\n return undefined;\n }\n}\n\nexport function findKevEntry(\n feed: CisaKevFeed | undefined,\n cveId: string\n): CisaKevVulnerability | undefined {\n if (!feed?.vulnerabilities?.length) return undefined;\n const normalized = cveId.toUpperCase();\n return feed.vulnerabilities.find((v) => v.cveID.toUpperCase() === normalized);\n}\n\nexport async function enrichWithCisaKev(details: CveDetails): Promise<CveDetails> {\n const feed = await fetchCisaKevFeed();\n const entry = findKevEntry(feed, details.id);\n if (!entry) return details;\n\n details.kev = {\n knownExploited: true,\n dateAdded: entry.dateAdded,\n dueDate: entry.dueDate,\n requiredAction: entry.requiredAction,\n knownRansomwareCampaignUse: entry.knownRansomwareCampaignUse,\n };\n\n if (!details.references.includes(CISA_KEV_URL)) {\n details.references.push(CISA_KEV_URL);\n }\n\n return details;\n}\n","/**\n * FIRST EPSS API client.\n *\n * Adds exploitation probability metadata for prioritization.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\ninterface EpssRow {\n cve: string;\n epss: string;\n percentile: string;\n date?: string;\n}\n\ninterface EpssResponse {\n data?: EpssRow[];\n}\n\nexport async function fetchEpss(cveId: string): Promise<EpssRow | undefined> {\n const { epssApi } = getIntelligenceSourceConfig();\n if (!epssApi) return undefined;\n\n try {\n const url = new URL(epssApi);\n url.searchParams.set(\"cve\", cveId);\n\n const res = await fetch(url.toString(), {\n headers: { Accept: \"application/json\" },\n });\n if (!res.ok) return undefined;\n\n const body = (await res.json()) as EpssResponse;\n return body.data?.[0];\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithEpss(details: CveDetails): Promise<CveDetails> {\n const row = await fetchEpss(details.id);\n if (!row) return details;\n\n const score = Number.parseFloat(row.epss);\n const percentile = Number.parseFloat(row.percentile);\n if (!Number.isFinite(score) || !Number.isFinite(percentile)) {\n return details;\n }\n\n details.epss = {\n score,\n percentile,\n date: row.date,\n };\n return details;\n}\n","/**\n * CVE Services (CVE.org/MITRE) client.\n *\n * Adds supplemental references and summary data when available.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\ninterface CveContainer {\n descriptions?: Array<{ lang?: string; value?: string }>;\n references?: Array<{ url?: string }>;\n}\n\ninterface CveRecord {\n containers?: {\n cna?: CveContainer;\n adp?: CveContainer[];\n };\n}\n\nfunction pickEnglishDescription(container?: CveContainer): string | undefined {\n if (!container?.descriptions?.length) return undefined;\n const en = container.descriptions.find((d) => d.lang === \"en\" && d.value);\n return (en?.value ?? container.descriptions[0]?.value)?.trim() || undefined;\n}\n\nfunction collectReferences(record: CveRecord): string[] {\n const refs = new Set<string>();\n const cnaRefs = record.containers?.cna?.references ?? [];\n const adpRefs = (record.containers?.adp ?? []).flatMap((c) => c.references ?? []);\n\n for (const ref of [...cnaRefs, ...adpRefs]) {\n if (ref.url) refs.add(ref.url);\n }\n return Array.from(refs);\n}\n\nexport async function fetchCveServicesRecord(cveId: string): Promise<CveRecord | undefined> {\n const { cveServicesApi } = getIntelligenceSourceConfig();\n if (!cveServicesApi) return undefined;\n\n try {\n const res = await fetch(`${cveServicesApi}/${encodeURIComponent(cveId)}`, {\n headers: { Accept: \"application/json\" },\n });\n if (!res.ok) return undefined;\n return (await res.json()) as CveRecord;\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithCveServices(details: CveDetails): Promise<CveDetails> {\n const record = await fetchCveServicesRecord(details.id);\n if (!record) return details;\n\n const summary = pickEnglishDescription(record.containers?.cna);\n if (summary && (!details.summary || details.summary.includes(\"No summary available\"))) {\n details.summary = summary;\n }\n\n const refs = collectReferences(record);\n if (refs.length > 0) {\n const merged = new Set([...details.references, ...refs]);\n details.references = Array.from(merged);\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n cveServicesEnriched: true,\n };\n\n return details;\n}\n","/**\n * GitLab advisory enrichment client.\n *\n * Endpoint is configurable because deployment paths vary by mirror.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\ninterface GitLabAdvisoryRecord {\n identifiers?: Array<{ type?: string; value?: string }>;\n references?: string[];\n}\n\nfunction advisoryMatchesCve(advisory: GitLabAdvisoryRecord, cveId: string): boolean {\n const normalized = cveId.toUpperCase();\n return (advisory.identifiers ?? []).some(\n (id) => id.type?.toUpperCase() === \"CVE\" && id.value?.toUpperCase() === normalized\n );\n}\n\nexport async function fetchGitLabAdvisories(cveId: string): Promise<GitLabAdvisoryRecord[]> {\n const { gitLabAdvisoryApi } = getIntelligenceSourceConfig();\n if (!gitLabAdvisoryApi) return [];\n\n try {\n const url = new URL(gitLabAdvisoryApi);\n url.searchParams.set(\"identifier\", cveId);\n url.searchParams.set(\"ecosystem\", \"npm\");\n\n const res = await fetch(url.toString(), {\n headers: { Accept: \"application/json\" },\n });\n if (!res.ok) return [];\n\n const body = (await res.json()) as unknown;\n return Array.isArray(body) ? (body as GitLabAdvisoryRecord[]) : [];\n } catch {\n return [];\n }\n}\n\nexport async function enrichWithGitLabAdvisory(details: CveDetails): Promise<CveDetails> {\n const advisories = await fetchGitLabAdvisories(details.id);\n const matched = advisories.filter((a) => advisoryMatchesCve(a, details.id));\n if (matched.length === 0) return details;\n\n const refs = matched.flatMap((m) => m.references ?? []);\n if (refs.length > 0) {\n const merged = new Set([...details.references, ...refs]);\n details.references = Array.from(merged);\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n gitlabAdvisoryMatched: true,\n };\n\n return details;\n}\n","/**\n * CERT/CC search enrichment.\n *\n * This source tries to locate a CERT/CC page mentioning a CVE.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\nconst CERTCC_HOME = \"https://www.kb.cert.org/vuls/\";\n\nexport async function findCertCcReference(cveId: string): Promise<string | undefined> {\n const { certCcSearchUrl } = getIntelligenceSourceConfig();\n if (!certCcSearchUrl) return undefined;\n\n try {\n const url = new URL(certCcSearchUrl);\n url.searchParams.set(\"query\", cveId);\n\n const res = await fetch(url.toString(), {\n headers: { Accept: \"text/html\" },\n });\n if (!res.ok) return undefined;\n\n const html = await res.text();\n const match = html.match(/https:\\/\\/www\\.kb\\.cert\\.org\\/vuls\\/id\\/\\d+/i);\n return match?.[0] ?? undefined;\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithCertCc(details: CveDetails): Promise<CveDetails> {\n const ref = await findCertCcReference(details.id);\n if (!ref) return details;\n\n if (!details.references.includes(ref)) {\n details.references.push(ref);\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n certCcMatched: true,\n };\n\n if (!details.references.includes(CERTCC_HOME)) {\n details.references.push(CERTCC_HOME);\n }\n\n return details;\n}\n","/**\n * deps.dev enrichment.\n *\n * Adds package metadata lookup coverage count for affected npm packages.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\nasync function fetchDepsDevPackage(name: string): Promise<boolean> {\n const { depsDevApi } = getIntelligenceSourceConfig();\n if (!depsDevApi) return false;\n\n try {\n const url = `${depsDevApi}/systems/npm/packages/${encodeURIComponent(name)}`;\n const res = await fetch(url, { headers: { Accept: \"application/json\" } });\n return res.ok;\n } catch {\n return false;\n }\n}\n\nexport async function enrichWithDepsDev(details: CveDetails): Promise<CveDetails> {\n const names = Array.from(new Set(details.affectedPackages.map((p) => p.name))).slice(0, 20);\n if (names.length === 0) return details;\n\n const checks = await Promise.all(names.map((name) => fetchDepsDevPackage(name)));\n const matched = checks.filter(Boolean).length;\n if (matched === 0) return details;\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n depsDevEnrichedPackages: matched,\n };\n return details;\n}\n","/**\n * OpenSSF Scorecard enrichment.\n *\n * Uses best-effort project checks from affected package names.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\nasync function checkProject(project: string): Promise<boolean> {\n const { scorecardApi } = getIntelligenceSourceConfig();\n if (!scorecardApi) return false;\n\n try {\n const url = new URL(`${scorecardApi}/projects`);\n url.searchParams.set(\"project\", project);\n const res = await fetch(url.toString(), {\n headers: { Accept: \"application/json\" },\n });\n return res.ok;\n } catch {\n return false;\n }\n}\n\nexport async function enrichWithOssfScorecard(details: CveDetails): Promise<CveDetails> {\n const projects = Array.from(\n new Set(details.affectedPackages.map((p) => `github.com/${p.name}/${p.name}`))\n ).slice(0, 10);\n\n if (projects.length === 0) return details;\n\n const checks = await Promise.all(projects.map((project) => checkProject(project)));\n const matched = checks.filter(Boolean).length;\n if (matched === 0) return details;\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n scorecardProjects: matched,\n };\n\n return details;\n}\n","/**\n * Optional vendor and commercial intelligence connectors.\n *\n * Connectors are URL-based and environment configured so enterprise users can\n * plug in proprietary feeds without hard-coding dependencies.\n */\nimport type { CveDetails } from \"../../platform/types.js\";\nimport { getIntelligenceSourceConfig } from \"../../platform/config.js\";\n\nasync function probeFeed(url: string, cveId: string, token?: string): Promise<string | undefined> {\n try {\n const feedUrl = new URL(url);\n feedUrl.searchParams.set(\"cve\", cveId);\n\n const headers: Record<string, string> = { Accept: \"application/json\" };\n if (token) headers.Authorization = `Bearer ${token}`;\n\n const res = await fetch(feedUrl.toString(), { headers });\n if (!res.ok) return undefined;\n return feedUrl.toString();\n } catch {\n return undefined;\n }\n}\n\nexport async function enrichWithExternalFeeds(details: CveDetails): Promise<CveDetails> {\n const {\n vendorAdvisoryFeeds,\n commercialFeeds,\n commercialFeedToken,\n } = getIntelligenceSourceConfig();\n\n const vendorHits = (\n await Promise.all(vendorAdvisoryFeeds.map((url) => probeFeed(url, details.id)))\n ).filter((v): v is string => Boolean(v));\n\n const commercialHits = (\n await Promise.all(\n commercialFeeds.map((url) => probeFeed(url, details.id, commercialFeedToken))\n )\n ).filter((v): v is string => Boolean(v));\n\n if (vendorHits.length === 0 && commercialHits.length === 0) {\n return details;\n }\n\n details.intelligence = {\n ...(details.intelligence ?? {}),\n vendorAdvisories: vendorHits.length > 0 ? vendorHits : details.intelligence?.vendorAdvisories,\n commercialFeeds:\n commercialHits.length > 0 ? commercialHits : details.intelligence?.commercialFeeds,\n };\n\n const mergedRefs = new Set([...details.references, ...vendorHits, ...commercialHits]);\n details.references = Array.from(mergedRefs);\n\n return details;\n}\n","/**\n * Tool: check-version-match\n *\n * Cross-references inventory packages against CVE-affected package ranges\n * to find which installed packages are actually vulnerable.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport semver from \"semver\";\nimport type { AffectedPackage, InventoryPackage, VulnerablePackage } from \"../../platform/types.js\";\n\nconst affectedPackageSchema = z.object({\n name: z.string(),\n ecosystem: z.literal(\"npm\"),\n vulnerableRange: z.string(),\n firstPatchedVersion: z.string().optional(),\n source: z.enum([\"osv\", \"github-advisory\"]),\n});\n\nconst inventoryPackageSchema = z.object({\n name: z.string(),\n version: z.string(),\n type: z.enum([\"direct\", \"indirect\"]),\n});\n\nexport const checkVersionMatchTool = tool({\n description:\n \"Check which of the project's installed packages fall within the CVE's vulnerable version ranges. Returns only the packages that are actually vulnerable.\",\n parameters: z.object({\n installedPackages: z\n .array(inventoryPackageSchema)\n .describe(\"Output from the check-inventory tool\"),\n affectedPackages: z\n .array(affectedPackageSchema)\n .describe(\"affectedPackages array from the lookup-cve tool result\"),\n }),\n execute: async ({ installedPackages, affectedPackages }): Promise<{\n vulnerablePackages: VulnerablePackage[];\n checkedCount: number;\n }> => {\n const vulnerable: VulnerablePackage[] = [];\n\n for (const affected of affectedPackages as AffectedPackage[]) {\n // Find all installed packages with matching name\n const matches = (installedPackages as InventoryPackage[]).filter(\n (p) => p.name === affected.name\n );\n\n for (const installed of matches) {\n // Validate the installed version is parseable\n if (!semver.valid(installed.version)) continue;\n\n let isVulnerable = false;\n try {\n isVulnerable = semver.satisfies(installed.version, affected.vulnerableRange, {\n includePrerelease: false,\n });\n } catch {\n // Malformed range — skip rather than crash\n continue;\n }\n\n if (isVulnerable) {\n vulnerable.push({ installed, affected });\n }\n }\n }\n\n return {\n vulnerablePackages: vulnerable,\n checkedCount: installedPackages.length,\n };\n },\n});\n","/**\n * Tool: find-fixed-version\n *\n * Queries the npm registry to find the best safe upgrade version\n * for a vulnerable package.\n */\nimport { tool } from \"ai\";\nimport { z } from \"zod\";\nimport { resolveSafeUpgradeVersion } from \"../../intelligence/sources/registry.js\";\n\nexport const findFixedVersionTool = tool({\n description:\n \"Query the npm registry to find the safest published upgrade version for a package that is >= the first patched version. Prefer patch upgrades first, then minor, and only fall back to major when no same-major fix exists.\",\n parameters: z.object({\n packageName: z.string().describe(\"The npm package name\"),\n installedVersion: z.string().describe(\"The currently installed version (exact semver)\"),\n firstPatchedVersion: z\n .string()\n .describe(\n \"The first version that is NOT vulnerable (from lookup-cve). Use this as the floor.\"\n ),\n vulnerableRange: z\n .string()\n .optional()\n .describe(\"Optional vulnerable semver range used to exclude still-vulnerable versions\"),\n }),\n execute: async ({\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange,\n }): Promise<{\n safeVersion?: string;\n upgradeLevel?: \"patch\" | \"minor\" | \"major\";\n candidates: Partial<Record<\"patch\" | \"minor\" | \"major\", string>>;\n isMajorBump: boolean;\n majorOnlyFixAvailable: boolean;\n message: string;\n }> => {\n const resolution = await resolveSafeUpgradeVersion(\n packageName,\n installedVersion,\n firstPatchedVersion,\n vulnerableRange\n );\n const { safeVersion, upgradeLevel, candidates, majorOnlyFixAvailable } = resolution;\n\n if (!safeVersion) {\n return {\n candidates,\n isMajorBump: false,\n majorOnlyFixAvailable: false,\n message: `No safe upgrade version found for \"${packageName}\". The patch-file path will be needed.`,\n };\n }\n\n const installedMajor = parseInt(installedVersion.split(\".\")[0] ?? \"0\", 10);\n const safeMajor = parseInt(safeVersion.split(\".\")[0] ?? \"0\", 10);\n const isMajorBump = safeMajor > installedMajor;\n\n return {\n safeVersion,\n upgradeLevel,\n candidates,\n isMajorBump,\n majorOnlyFixAvailable,\n message: isMajorBump\n ? `Found safe version ${safeVersion} for \"${packageName}\", but only a major upgrade is available from ${installedVersion}. This should remain blocked unless policy explicitly allows major bumps.`\n : `Found ${upgradeLevel ?? \"safe\"} upgrade ${safeVersion} for \"${packageName}\" (from ${installedVersion}).`,\n };\n },\n});\n","import { lookupCveTool } from \"./tools/lookup-cve.js\";\nimport { checkInventoryTool } from \"./tools/check-inventory.js\";\nimport { checkVersionMatchTool } from \"./tools/check-version-match.js\";\nimport { findFixedVersionTool } from \"./tools/find-fixed-version.js\";\nimport { applyVersionBumpTool } from \"./tools/apply-version-bump.js\";\nimport { applyPackageOverrideTool } from \"./tools/apply-package-override.js\";\nimport { fetchPackageSourceTool } from \"./tools/fetch-package-source.js\";\nimport { generatePatchTool } from \"./tools/generate-patch.js\";\nimport { applyPatchFileTool } from \"./tools/apply-patch-file.js\";\n\ninterface RuntimeToolContext {\n applyVersionBumpToolForRun: typeof applyVersionBumpTool;\n applyPackageOverrideToolForRun: typeof applyPackageOverrideTool;\n applyPatchFileToolForRun: typeof applyPatchFileTool;\n constraints: {\n directDependenciesOnly?: boolean;\n preferVersionBump?: boolean;\n };\n}\n\nexport function buildRuntimeTools(ctx: RuntimeToolContext): Record<string, unknown> {\n const tools = {\n \"lookup-cve\": lookupCveTool,\n \"check-inventory\": checkInventoryTool,\n \"check-version-match\": checkVersionMatchTool,\n \"find-fixed-version\": findFixedVersionTool,\n \"apply-version-bump\": ctx.applyVersionBumpToolForRun,\n } as Record<string, unknown>;\n\n if (!ctx.constraints.directDependenciesOnly && !ctx.constraints.preferVersionBump) {\n tools[\"apply-package-override\"] = ctx.applyPackageOverrideToolForRun;\n }\n\n if (!ctx.constraints.preferVersionBump) {\n tools[\"fetch-package-source\"] = fetchPackageSourceTool;\n tools[\"generate-patch\"] = generatePatchTool;\n tools[\"apply-patch-file\"] = ctx.applyPatchFileToolForRun;\n }\n\n return tools;\n}\n","import { existsSync, readFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\n\ninterface PromptContext {\n cveId: string;\n cwd: string;\n packageManager: \"npm\" | \"pnpm\" | \"yarn\";\n dryRun: boolean;\n runTests: boolean;\n policy: string;\n patchesDir: string;\n constraints: {\n directDependenciesOnly?: boolean;\n preferVersionBump?: boolean;\n };\n}\n\nexport function loadOrchestrationPrompt(ctx: PromptContext): string {\n const promptPath = join(process.cwd(), \".github\", \"instructions\", \"orchestration.instructions.md\");\n\n if (!existsSync(promptPath)) {\n return `You are autoremediator, an agentic security remediation system for Node.js package dependencies.\nWorking directory: ${ctx.cwd}\n Package manager: ${ctx.packageManager}\nDry run: ${ctx.dryRun}\nRun tests: ${ctx.runTests}\nPolicy: ${ctx.policy || \"undefined\"}\nPatches dir: ${ctx.patchesDir}\nDirect dependencies only: ${String(ctx.constraints.directDependenciesOnly ?? false)}\nPrefer version bump: ${String(ctx.constraints.preferVersionBump ?? false)}\n\nRequired sequence:\n1. lookup-cve\n2. check-inventory\n3. check-version-match\n4. find-fixed-version\n5. apply-version-bump\n6. apply-package-override\n\nFallback sequence (when neither version bump nor override can be applied):\n1. fetch-package-source\n2. generate-patch\n3. apply-patch-file\n\nAlways respect dryRun and policy constraints.`;\n }\n\n const template = readFileSync(promptPath, \"utf8\");\n return template\n .replaceAll(\"{{cveId}}\", ctx.cveId)\n .replaceAll(\"{{cwd}}\", ctx.cwd)\n .replaceAll(\"{{packageManager}}\", ctx.packageManager)\n .replaceAll(\"{{dryRun}}\", String(ctx.dryRun))\n .replaceAll(\"{{runTests}}\", String(ctx.runTests))\n .replaceAll(\"{{policy}}\", ctx.policy || \"undefined\")\n .replaceAll(\"{{patchesDir}}\", ctx.patchesDir)\n .replaceAll(\"{{directDependenciesOnly}}\", String(ctx.constraints.directDependenciesOnly ?? false))\n .replaceAll(\"{{preferVersionBump}}\", String(ctx.constraints.preferVersionBump ?? false));\n}\n","export type JsonSchemaProperty = Record<string, unknown>;\n\nexport const PACKAGE_MANAGER_VALUES = [\"npm\", \"pnpm\", \"yarn\"] as const;\nexport const LLM_PROVIDER_VALUES = [\"openai\", \"anthropic\", \"local\"] as const;\nexport const PROVENANCE_SOURCE_VALUES = [\"cli\", \"sdk\", \"mcp\", \"openapi\", \"unknown\"] as const;\n\nexport const OPTION_DESCRIPTIONS = {\n cveId: \"CVE ID, e.g. CVE-2021-23337\",\n inputPath: \"Absolute path to the scanner output file\",\n cwd: \"Absolute path to the project root (default: process.cwd())\",\n packageManager: \"Package manager override (auto-detected by default)\",\n dryRun: \"If true, plan changes but write nothing\",\n preview: \"If true, enforce non-mutating preview mode\",\n runTests: \"Run package-manager test command after applying fix\",\n llmProvider: \"LLM provider override\",\n patchesDir: \"Directory to write .patch files (default: ./patches)\",\n policy: \"Optional path to .autoremediator policy file\",\n requestId: \"Request correlation ID\",\n sessionId: \"Session correlation ID\",\n parentRunId: \"Parent run correlation ID\",\n idempotencyKey: \"Idempotency key for replay-safe execution\",\n resume: \"Return cached result for matching idempotency key when available\",\n actor: \"Actor identity for evidence provenance\",\n source: \"Source system for provenance\",\n format: \"Scanner format (default: auto)\",\n evidence: \"Write evidence JSON to .autoremediator/evidence/ (default: true)\",\n directDependenciesOnly: \"Restrict remediation to direct dependencies only\",\n preferVersionBump: \"Reject override and patch remediation when version-bump-only policy is required\",\n} as const;\n\nexport function createConstraintSchemaProperties(): Record<string, JsonSchemaProperty> {\n return {\n directDependenciesOnly: { type: \"boolean\", description: OPTION_DESCRIPTIONS.directDependenciesOnly },\n preferVersionBump: { type: \"boolean\", description: OPTION_DESCRIPTIONS.preferVersionBump },\n };\n}\n\nexport function createRemediateOptionSchemaProperties(options?: {\n includeDryRun?: boolean;\n includePreview?: boolean;\n includeEvidence?: boolean;\n}): Record<string, JsonSchemaProperty> {\n const includeDryRun = options?.includeDryRun ?? true;\n const includePreview = options?.includePreview ?? true;\n const includeEvidence = options?.includeEvidence ?? true;\n\n return {\n cwd: { type: \"string\", description: OPTION_DESCRIPTIONS.cwd },\n packageManager: { type: \"string\", enum: [...PACKAGE_MANAGER_VALUES], description: OPTION_DESCRIPTIONS.packageManager },\n ...(includeDryRun ? { dryRun: { type: \"boolean\", description: OPTION_DESCRIPTIONS.dryRun } } : {}),\n ...(includePreview ? { preview: { type: \"boolean\", description: OPTION_DESCRIPTIONS.preview } } : {}),\n runTests: { type: \"boolean\", description: OPTION_DESCRIPTIONS.runTests },\n llmProvider: { type: \"string\", enum: [...LLM_PROVIDER_VALUES], description: OPTION_DESCRIPTIONS.llmProvider },\n patchesDir: { type: \"string\", description: OPTION_DESCRIPTIONS.patchesDir },\n policy: { type: \"string\", description: OPTION_DESCRIPTIONS.policy },\n ...(includeEvidence ? { evidence: { type: \"boolean\", description: OPTION_DESCRIPTIONS.evidence } } : {}),\n requestId: { type: \"string\", description: OPTION_DESCRIPTIONS.requestId },\n sessionId: { type: \"string\", description: OPTION_DESCRIPTIONS.sessionId },\n parentRunId: { type: \"string\", description: OPTION_DESCRIPTIONS.parentRunId },\n idempotencyKey: { type: \"string\", description: OPTION_DESCRIPTIONS.idempotencyKey },\n resume: { type: \"boolean\", description: OPTION_DESCRIPTIONS.resume },\n actor: { type: \"string\", description: OPTION_DESCRIPTIONS.actor },\n source: { type: \"string\", enum: [...PROVENANCE_SOURCE_VALUES], description: OPTION_DESCRIPTIONS.source },\n constraints: {\n type: \"object\",\n properties: createConstraintSchemaProperties(),\n },\n };\n}\n\nexport function createScanOptionSchemaProperties(): Record<string, JsonSchemaProperty> {\n return {\n ...createRemediateOptionSchemaProperties({ includeEvidence: true }),\n format: { type: \"string\", enum: [\"npm-audit\", \"yarn-audit\", \"sarif\", \"auto\"], description: OPTION_DESCRIPTIONS.format },\n };\n}\n\nexport function createScanReportSchemaProperties(): Record<string, JsonSchemaProperty> {\n return {\n schemaVersion: { type: \"string\" },\n status: { type: \"string\", enum: [\"ok\", \"partial\", \"failed\"] },\n generatedAt: { type: \"string\" },\n cveIds: { type: \"array\", items: { type: \"string\" } },\n reports: { type: \"array\", items: { type: \"object\" } },\n successCount: { type: \"number\" },\n failedCount: { type: \"number\" },\n errors: { type: \"array\", items: { type: \"object\" } },\n evidenceFile: { type: \"string\" },\n patchCount: { type: \"number\" },\n patchValidationFailures: { type: \"array\", items: { type: \"object\" } },\n strategyCounts: {\n type: \"object\",\n additionalProperties: { type: \"number\" },\n },\n dependencyScopeCounts: {\n type: \"object\",\n additionalProperties: { type: \"number\" },\n },\n unresolvedByReason: {\n type: \"object\",\n additionalProperties: { type: \"number\" },\n },\n patchesDir: { type: \"string\" },\n correlation: { type: \"object\" },\n provenance: { type: \"object\" },\n constraints: { type: \"object\" },\n idempotencyKey: { type: \"string\" },\n };\n}\n","import type {\n DependencyScope,\n DependencyScopeCounts,\n PatchStrategyCounts,\n RemediationReport,\n UnresolvedReasonCounts,\n} from \"../platform/types.js\";\nimport type { CiSummary, ScanReport } from \"./contracts.js\";\n\nexport function buildStrategyCounts(reports: RemediationReport[]): PatchStrategyCounts | undefined {\n const counts: PatchStrategyCounts = {};\n\n for (const report of reports) {\n for (const result of report.results) {\n counts[result.strategy] = (counts[result.strategy] ?? 0) + 1;\n }\n }\n\n return Object.keys(counts).length > 0 ? counts : undefined;\n}\n\nfunction toDependencyScope(installedType: \"direct\" | \"indirect\"): DependencyScope {\n return installedType === \"direct\" ? \"direct\" : \"transitive\";\n}\n\nexport function buildDependencyScopeCounts(reports: RemediationReport[]): DependencyScopeCounts | undefined {\n const counts: DependencyScopeCounts = {};\n\n for (const report of reports) {\n const packageScopes = new Map<string, DependencyScope>();\n\n for (const vulnerablePackage of report.vulnerablePackages) {\n const scope = toDependencyScope(vulnerablePackage.installed.type);\n const current = packageScopes.get(vulnerablePackage.installed.name);\n if (!current || current !== \"direct\") {\n packageScopes.set(vulnerablePackage.installed.name, scope);\n }\n }\n\n for (const result of report.results) {\n const scope = packageScopes.get(result.packageName);\n if (!scope) continue;\n counts[scope] = (counts[scope] ?? 0) + 1;\n }\n }\n\n return Object.keys(counts).length > 0 ? counts : undefined;\n}\n\nexport function buildUnresolvedReasonCounts(reports: RemediationReport[]): UnresolvedReasonCounts | undefined {\n const counts: UnresolvedReasonCounts = {};\n\n for (const report of reports) {\n for (const result of report.results) {\n if (!result.unresolvedReason) continue;\n counts[result.unresolvedReason] = (counts[result.unresolvedReason] ?? 0) + 1;\n }\n }\n\n return Object.keys(counts).length > 0 ? counts : undefined;\n}\n\nexport function toCiSummary(report: ScanReport): CiSummary {\n let remediationCount = 0;\n for (const cveReport of report.reports) {\n remediationCount += cveReport.results.length;\n }\n\n return {\n schemaVersion: report.schemaVersion,\n status: report.status,\n generatedAt: report.generatedAt,\n cveCount: report.cveIds.length,\n remediationCount,\n successCount: report.successCount,\n failedCount: report.failedCount,\n errors: report.errors,\n evidenceFile: report.evidenceFile,\n patchCount: report.patchCount || 0,\n patchValidationFailures: report.patchValidationFailures,\n strategyCounts: report.strategyCounts,\n dependencyScopeCounts: report.dependencyScopeCounts,\n unresolvedByReason: report.unresolvedByReason,\n patchesDir: report.patchesDir,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n idempotencyKey: report.idempotencyKey,\n };\n}\n\nexport function ciExitCode(summary: CiSummary): number {\n return summary.failedCount > 0 ? 1 : 0;\n}\n","import type { ScanReport } from \"./contracts.js\";\n\ntype SarifLevel = \"error\" | \"warning\" | \"note\" | \"none\";\n\ninterface SarifRule {\n id: string;\n name: string;\n shortDescription: { text: string };\n fullDescription: { text: string };\n defaultConfiguration: { level: SarifLevel };\n helpUri: string;\n properties: { severity: string };\n}\n\ninterface SarifResult {\n ruleId: string;\n level: SarifLevel;\n message: { text: string };\n locations: Array<{\n physicalLocation: {\n artifactLocation: { uri: string; uriBaseId: string };\n };\n }>;\n}\n\nexport interface SarifOutput {\n version: \"2.1.0\";\n $schema: string;\n runs: Array<{\n tool: {\n driver: {\n name: string;\n informationUri: string;\n rules: SarifRule[];\n };\n };\n results: SarifResult[];\n }>;\n}\n\nfunction severityToSarifLevel(severity: string): SarifLevel {\n if (severity === \"CRITICAL\" || severity === \"HIGH\") return \"error\";\n if (severity === \"MEDIUM\") return \"warning\";\n if (severity === \"LOW\") return \"note\";\n return \"warning\";\n}\n\nexport function toSarifOutput(report: ScanReport): SarifOutput {\n const rules: SarifRule[] = [];\n const results: SarifResult[] = [];\n const seenRules = new Set<string>();\n\n for (const cveReport of report.reports) {\n const severity = cveReport.cveDetails?.severity ?? \"UNKNOWN\";\n const level = severityToSarifLevel(severity);\n const summary = cveReport.cveDetails?.summary ?? cveReport.cveId;\n\n if (!seenRules.has(cveReport.cveId)) {\n seenRules.add(cveReport.cveId);\n rules.push({\n id: cveReport.cveId,\n name: \"VulnerableDependency\",\n shortDescription: { text: cveReport.cveId },\n fullDescription: { text: summary },\n defaultConfiguration: { level },\n helpUri: `https://osv.dev/vulnerability/${cveReport.cveId}`,\n properties: { severity },\n });\n }\n\n for (const vulnerablePackage of cveReport.vulnerablePackages) {\n const fixText = vulnerablePackage.affected.firstPatchedVersion\n ? ` Fix: upgrade to ${vulnerablePackage.affected.firstPatchedVersion}.`\n : \" No fixed version available.\";\n results.push({\n ruleId: cveReport.cveId,\n level,\n message: {\n text: `${vulnerablePackage.installed.name}@${vulnerablePackage.installed.version} is vulnerable to ${cveReport.cveId}: ${summary}${fixText}`,\n },\n locations: [\n {\n physicalLocation: {\n artifactLocation: { uri: \"package.json\", uriBaseId: \"%SRCROOT%\" },\n },\n },\n ],\n });\n }\n }\n\n return {\n version: \"2.1.0\",\n $schema:\n \"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Documents/CommitteeSpecifications/2.1.0/sarif-schema-2.1.0.json\",\n runs: [\n {\n tool: {\n driver: {\n name: \"autoremediator\",\n informationUri: \"https://github.com/Rawlings/autoremediator\",\n rules,\n },\n },\n results,\n },\n ],\n };\n}\n","import { mkdirSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport type { DependencyScopeCounts, PatchStrategyCounts, UnresolvedReasonCounts } from \"./types.js\";\n\nexport interface EvidenceStep {\n at: string;\n action: string;\n input?: Record<string, unknown>;\n output?: Record<string, unknown>;\n error?: string;\n}\n\nexport interface EvidenceSummary {\n status: \"ok\" | \"partial\" | \"failed\";\n cveCount: number;\n remediationCount: number;\n successCount: number;\n failedCount: number;\n patchCount: number;\n patchValidationFailures?: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }>;\n strategyCounts?: PatchStrategyCounts;\n unresolvedByReason?: UnresolvedReasonCounts;\n dependencyScopeCounts?: DependencyScopeCounts;\n patchesDir?: string;\n}\n\nexport interface EvidenceLog {\n runId: string;\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n idempotencyKey?: string;\n cveIds: string[];\n cwd: string;\n startedAt: string;\n finishedAt?: string;\n summary?: EvidenceSummary;\n steps: EvidenceStep[];\n}\n\ninterface EvidenceContext {\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n idempotencyKey?: string;\n}\n\nexport function createEvidenceLog(cwd: string, cveIds: string[], context: EvidenceContext = {}): EvidenceLog {\n return {\n runId: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,\n requestId: context.requestId,\n sessionId: context.sessionId,\n parentRunId: context.parentRunId,\n actor: context.actor,\n source: context.source,\n idempotencyKey: context.idempotencyKey,\n cveIds,\n cwd,\n startedAt: new Date().toISOString(),\n steps: [],\n };\n}\n\nexport function addEvidenceStep(\n log: EvidenceLog,\n action: string,\n input?: Record<string, unknown>,\n output?: Record<string, unknown>,\n error?: string\n): void {\n log.steps.push({\n at: new Date().toISOString(),\n action,\n input,\n output,\n error,\n });\n}\n\nexport function finalizeEvidence(log: EvidenceLog): EvidenceLog {\n log.finishedAt = new Date().toISOString();\n return log;\n}\n\nexport function writeEvidenceLog(cwd: string, log: EvidenceLog): string {\n const dir = join(cwd, \".autoremediator\", \"evidence\");\n mkdirSync(dir, { recursive: true });\n const filePath = join(dir, `${log.runId}.json`);\n writeFileSync(filePath, JSON.stringify(log, null, 2) + \"\\n\", \"utf8\");\n return filePath;\n}\n","import { existsSync, mkdirSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport type { RemediationReport } from \"./types.js\";\n\ninterface IdempotencyEntry {\n key: string;\n cveId: string;\n report: RemediationReport;\n savedAt: string;\n}\n\ninterface IdempotencyIndex {\n schemaVersion: \"1.0\";\n entries: Record<string, IdempotencyEntry>;\n}\n\nconst DEFAULT_INDEX: IdempotencyIndex = {\n schemaVersion: \"1.0\",\n entries: {},\n};\n\nfunction indexFilePath(cwd: string): string {\n return join(cwd, \".autoremediator\", \"state\", \"idempotency.json\");\n}\n\nfunction entryKey(idempotencyKey: string, cveId: string): string {\n return `${idempotencyKey}::${cveId.toUpperCase()}`;\n}\n\nfunction loadIndex(cwd: string): IdempotencyIndex {\n const filePath = indexFilePath(cwd);\n if (!existsSync(filePath)) return DEFAULT_INDEX;\n\n try {\n const parsed = JSON.parse(readFileSync(filePath, \"utf8\")) as IdempotencyIndex;\n if (parsed && parsed.schemaVersion === \"1.0\" && parsed.entries) {\n return parsed;\n }\n return DEFAULT_INDEX;\n } catch {\n return DEFAULT_INDEX;\n }\n}\n\nfunction saveIndex(cwd: string, index: IdempotencyIndex): void {\n const filePath = indexFilePath(cwd);\n mkdirSync(join(cwd, \".autoremediator\", \"state\"), { recursive: true });\n writeFileSync(filePath, JSON.stringify(index, null, 2) + \"\\n\", \"utf8\");\n}\n\nexport function readIdempotentReport(\n cwd: string,\n idempotencyKey: string,\n cveId: string\n): RemediationReport | undefined {\n const index = loadIndex(cwd);\n const key = entryKey(idempotencyKey, cveId);\n return index.entries[key]?.report;\n}\n\nexport function storeIdempotentReport(\n cwd: string,\n idempotencyKey: string,\n cveId: string,\n report: RemediationReport\n): void {\n const index = loadIndex(cwd);\n const key = entryKey(idempotencyKey, cveId);\n index.entries[key] = {\n key: idempotencyKey,\n cveId: cveId.toUpperCase(),\n report,\n savedAt: new Date().toISOString(),\n };\n saveIndex(cwd, index);\n}\n","import type {\n CorrelationContext,\n ProvenanceContext,\n RemediateOptions,\n RemediationConstraints,\n} from \"../platform/types.js\";\nimport { loadPolicy } from \"../platform/policy.js\";\n\nfunction buildRequestId(): string {\n return `req-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n}\n\nexport function resolveCorrelationContext(options: RemediateOptions): Required<Pick<CorrelationContext, \"requestId\">> & CorrelationContext {\n return {\n requestId: options.requestId ?? buildRequestId(),\n sessionId: options.sessionId,\n parentRunId: options.parentRunId,\n };\n}\n\nexport function resolveProvenanceContext(options: RemediateOptions): ProvenanceContext {\n return {\n actor: options.actor,\n source: options.source ?? \"sdk\",\n };\n}\n\nexport function resolveConstraints(options: RemediateOptions, cwd: string): RemediationConstraints {\n const policy = loadPolicy(cwd, options.policy);\n return {\n directDependenciesOnly:\n options.constraints?.directDependenciesOnly ??\n policy.constraints?.directDependenciesOnly ??\n false,\n preferVersionBump:\n options.constraints?.preferVersionBump ??\n policy.constraints?.preferVersionBump ??\n false,\n };\n}\n","import { runRemediationPipeline } from \"../remediation/pipeline.js\";\nimport type { RemediateOptions, RemediationReport } from \"../platform/types.js\";\nimport { addEvidenceStep, createEvidenceLog, finalizeEvidence, writeEvidenceLog } from \"../platform/evidence.js\";\nimport { readIdempotentReport, storeIdempotentReport } from \"../platform/idempotency.js\";\nimport { resolveConstraints, resolveCorrelationContext, resolveProvenanceContext } from \"./context.js\";\n\nexport async function remediate(cveId: string, options: RemediateOptions = {}): Promise<RemediationReport> {\n if (!/^CVE-\\d{4}-\\d+$/i.test(cveId)) {\n throw new Error(\n `Invalid CVE ID: \"${cveId}\". Expected format: CVE-YYYY-NNNNN (e.g. CVE-2021-23337).`\n );\n }\n\n const normalizedCveId = cveId.toUpperCase();\n const cwd = options.cwd ?? process.cwd();\n const constraints = resolveConstraints(options, cwd);\n const provenance = resolveProvenanceContext(options);\n const correlation = resolveCorrelationContext(options);\n const evidenceEnabled = options.evidence !== false;\n const evidence = evidenceEnabled\n ? createEvidenceLog(cwd, [normalizedCveId], {\n ...correlation,\n actor: provenance.actor,\n source: provenance.source,\n idempotencyKey: options.idempotencyKey,\n })\n : undefined;\n\n if (options.resume && options.idempotencyKey) {\n const cached = readIdempotentReport(cwd, options.idempotencyKey, normalizedCveId);\n if (cached) {\n if (evidence) {\n addEvidenceStep(evidence, \"remediate.resume-cache\", { cveId: normalizedCveId });\n finalizeEvidence(evidence);\n }\n const evidenceFile = evidence ? writeEvidenceLog(cwd, evidence) : undefined;\n return {\n ...cached,\n summary: `${cached.summary} (resumed from idempotency cache)`,\n evidenceFile,\n correlation,\n provenance,\n constraints,\n resumedFromCache: true,\n };\n }\n }\n\n if (evidence) {\n addEvidenceStep(\n evidence,\n \"remediate.start\",\n {\n cveId: normalizedCveId,\n dryRun: Boolean(options.dryRun),\n preview: Boolean(options.preview),\n },\n {\n directDependenciesOnly: Boolean(constraints.directDependenciesOnly),\n preferVersionBump: Boolean(constraints.preferVersionBump),\n }\n );\n }\n\n let report: RemediationReport;\n try {\n report = await runRemediationPipeline(normalizedCveId, {\n ...options,\n ...correlation,\n constraints,\n });\n } catch (error) {\n if (evidence) {\n const message = error instanceof Error ? error.message : String(error);\n addEvidenceStep(evidence, \"remediate.error\", { cveId: normalizedCveId }, undefined, message);\n finalizeEvidence(evidence);\n writeEvidenceLog(cwd, evidence);\n }\n throw error;\n }\n\n if (evidence) {\n for (const result of report.results) {\n addEvidenceStep(\n evidence,\n \"remediate.package-result\",\n {\n packageName: result.packageName,\n strategy: result.strategy,\n fromVersion: result.fromVersion,\n toVersion: result.toVersion,\n },\n {\n applied: result.applied,\n dryRun: result.dryRun,\n unresolvedReason: result.unresolvedReason,\n }\n );\n }\n\n addEvidenceStep(\n evidence,\n \"remediate.finish\",\n { cveId: normalizedCveId },\n {\n resultCount: report.results.length,\n vulnerableCount: report.vulnerablePackages.length,\n }\n );\n finalizeEvidence(evidence);\n }\n\n const evidenceFile = evidence ? writeEvidenceLog(cwd, evidence) : undefined;\n\n const finalReport: RemediationReport = {\n ...report,\n evidenceFile,\n correlation,\n provenance,\n constraints,\n resumedFromCache: false,\n };\n\n if (options.idempotencyKey && !options.dryRun && !options.preview) {\n storeIdempotentReport(cwd, options.idempotencyKey, normalizedCveId, finalReport);\n }\n\n return finalReport;\n}\n\nexport async function planRemediation(\n cveId: string,\n options: RemediateOptions = {}\n): Promise<RemediationReport> {\n return remediate(cveId, {\n ...options,\n preview: true,\n dryRun: true,\n });\n}\n","import { extname } from \"node:path\";\nimport { readFileSync } from \"node:fs\";\nimport { parseNpmAuditJsonFile, type NormalizedFinding } from \"./adapters/npm-audit.js\";\nimport { parseYarnAuditJsonFile } from \"./adapters/yarn-audit.js\";\nimport { parseSarifFile } from \"./adapters/sarif.js\";\nimport type { ScanInputFormat } from \"./index.js\";\n\nexport function parseScanInput(filePath: string, format: ScanInputFormat): NormalizedFinding[] {\n const resolved = format === \"auto\" ? inferFormat(filePath) : format;\n\n if (resolved === \"npm-audit\") {\n return parseNpmAuditJsonFile(filePath);\n }\n if (resolved === \"yarn-audit\") {\n return parseYarnAuditJsonFile(filePath);\n }\n if (resolved === \"sarif\") {\n return parseSarifFile(filePath);\n }\n\n throw new Error(`Unsupported input format: ${resolved}`);\n}\n\nfunction inferFormat(filePath: string): Exclude<ScanInputFormat, \"auto\"> {\n const ext = extname(filePath).toLowerCase();\n if (ext === \".sarif\") return \"sarif\";\n\n try {\n const content = readFileSync(filePath, \"utf8\");\n const firstLine = content.split(\"\\n\").find((line) => line.trim().startsWith(\"{\"));\n if (firstLine) {\n const parsed = JSON.parse(firstLine) as { type?: string };\n if (parsed.type === \"auditAdvisory\" || parsed.type === \"auditSummary\") {\n return \"yarn-audit\";\n }\n }\n } catch {\n // Ignore parse failures and fall back to npm-audit.\n }\n\n return \"npm-audit\";\n}\n","import { readFileSync } from \"node:fs\";\n\nexport interface NormalizedFinding {\n cveId: string;\n source: \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n packageName?: string;\n severity?: \"LOW\" | \"MEDIUM\" | \"HIGH\" | \"CRITICAL\" | \"UNKNOWN\";\n}\n\ninterface NpmAuditVulnerability {\n name: string;\n via: Array<string | { source?: number; name?: string; url?: string; severity?: string; cwe?: string[]; cvss?: { score?: number } }>;\n severity?: string;\n}\n\ninterface NpmAuditReport {\n vulnerabilities?: Record<string, NpmAuditVulnerability>;\n}\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction normalizeSeverity(raw?: string): NormalizedFinding[\"severity\"] {\n if (!raw) return \"UNKNOWN\";\n const up = raw.toUpperCase();\n if (up === \"CRITICAL\" || up === \"HIGH\" || up === \"MEDIUM\" || up === \"LOW\") {\n return up;\n }\n return \"UNKNOWN\";\n}\n\nexport function parseNpmAuditJsonFromString(content: string): NormalizedFinding[] {\n const report = JSON.parse(content) as NpmAuditReport;\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n for (const vuln of Object.values(report.vulnerabilities ?? {})) {\n for (const viaEntry of vuln.via ?? []) {\n const text = typeof viaEntry === \"string\" ? viaEntry : `${viaEntry.url ?? \"\"} ${viaEntry.name ?? \"\"}`;\n const matches = text.match(CVE_REGEX) ?? [];\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const key = `${cveId}:${vuln.name}`;\n if (seen.has(key)) continue;\n seen.add(key);\n findings.push({\n cveId,\n source: \"npm-audit\",\n packageName: vuln.name,\n severity: normalizeSeverity(vuln.severity),\n });\n }\n }\n }\n\n return findings;\n}\n\nexport function parseNpmAuditJsonFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseNpmAuditJsonFromString(content);\n}\n","import { readFileSync } from \"node:fs\";\nimport type { NormalizedFinding } from \"./npm-audit.js\";\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction normalizeSeverity(raw?: string): NormalizedFinding[\"severity\"] {\n if (!raw) return \"UNKNOWN\";\n const up = raw.toUpperCase();\n if (up === \"CRITICAL\" || up === \"HIGH\" || up === \"MEDIUM\" || up === \"LOW\") {\n return up;\n }\n return \"UNKNOWN\";\n}\n\nexport function parseYarnAuditJsonFromString(content: string): NormalizedFinding[] {\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n const lines = content\n .split(\"\\n\")\n .map((line) => line.trim())\n .filter(Boolean);\n\n for (const line of lines) {\n let parsed: unknown;\n try {\n parsed = JSON.parse(line);\n } catch {\n continue;\n }\n\n const event = parsed as {\n type?: string;\n data?: {\n advisory?: {\n module_name?: string;\n severity?: string;\n url?: string;\n cves?: string[];\n };\n };\n };\n\n if (event.type !== \"auditAdvisory\") continue;\n\n const advisory = event.data?.advisory;\n const packageName = advisory?.module_name;\n const severity = normalizeSeverity(advisory?.severity);\n\n const text = `${advisory?.url ?? \"\"} ${(advisory?.cves ?? []).join(\" \")}`;\n const matches = text.match(CVE_REGEX) ?? [];\n\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const key = `${cveId}:${packageName ?? \"\"}`;\n if (seen.has(key)) continue;\n seen.add(key);\n\n findings.push({\n cveId,\n source: \"yarn-audit\",\n packageName,\n severity,\n });\n }\n }\n\n return findings;\n}\n\nexport function parseYarnAuditJsonFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseYarnAuditJsonFromString(content);\n}\n","import { readFileSync } from \"node:fs\";\nimport type { NormalizedFinding } from \"./npm-audit.js\";\n\ninterface SarifResult {\n ruleId?: string;\n message?: { text?: string };\n properties?: Record<string, unknown>;\n}\n\ninterface SarifRun {\n results?: SarifResult[];\n}\n\ninterface SarifReport {\n runs?: SarifRun[];\n}\n\nconst CVE_REGEX = /CVE-\\d{4}-\\d+/gi;\n\nfunction extractPackageName(result: SarifResult): string | undefined {\n const pkg = result.properties?.[\"packageName\"];\n return typeof pkg === \"string\" ? pkg : undefined;\n}\n\nexport function parseSarifFromString(content: string): NormalizedFinding[] {\n const report = JSON.parse(content) as SarifReport;\n const findings: NormalizedFinding[] = [];\n const seen = new Set<string>();\n\n for (const run of report.runs ?? []) {\n for (const result of run.results ?? []) {\n const combined = `${result.ruleId ?? \"\"} ${result.message?.text ?? \"\"}`;\n const matches = combined.match(CVE_REGEX) ?? [];\n for (const match of matches) {\n const cveId = match.toUpperCase();\n const pkg = extractPackageName(result);\n const key = `${cveId}:${pkg ?? \"\"}`;\n if (seen.has(key)) continue;\n seen.add(key);\n findings.push({\n cveId,\n source: \"sarif\",\n packageName: pkg,\n severity: \"UNKNOWN\",\n });\n }\n }\n }\n\n return findings;\n}\n\nexport function parseSarifFile(filePath: string): NormalizedFinding[] {\n const content = readFileSync(filePath, \"utf8\");\n return parseSarifFromString(content);\n}\n","import type { NormalizedFinding } from \"./adapters/npm-audit.js\";\n\nexport function uniqueCveIds(findings: NormalizedFinding[]): string[] {\n return [...new Set(findings.map((f) => f.cveId.toUpperCase()))];\n}\n","import type { RemediationReport } from \"../platform/types.js\";\nimport type { ProvenanceContext } from \"../platform/types.js\";\nimport { addEvidenceStep } from \"../platform/evidence.js\";\nimport type { EvidenceLog } from \"../platform/evidence.js\";\nimport { isPackageAllowed } from \"../platform/policy.js\";\nimport type { AutoremediatorPolicy } from \"../platform/policy.js\";\nimport type { ScanOptions } from \"./contracts.js\";\nimport { remediate } from \"./remediate.js\";\n\nexport interface ScanExecutionResult {\n reports: RemediationReport[];\n errors: Array<{ cveId: string; message: string }>;\n patchCount: number;\n patchValidationFailures: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }>;\n}\n\nexport async function executeScanRemediations(params: {\n cveIds: string[];\n options: ScanOptions;\n patchesDir: string;\n policy: AutoremediatorPolicy;\n correlation: { requestId: string; sessionId?: string; parentRunId?: string };\n provenance: ProvenanceContext;\n constraints: { directDependenciesOnly?: boolean; preferVersionBump?: boolean };\n evidence: EvidenceLog;\n}): Promise<ScanExecutionResult> {\n const reports: RemediationReport[] = [];\n const errors: Array<{ cveId: string; message: string }> = [];\n const patchValidationFailures: Array<{\n packageName: string;\n cveId: string;\n error: string;\n }> = [];\n let patchCount = 0;\n\n for (const cveId of params.cveIds) {\n try {\n addEvidenceStep(params.evidence, \"remediate.start\", { cveId });\n const report = await remediate(cveId, {\n ...params.options,\n patchesDir: params.patchesDir,\n evidence: false,\n ...params.correlation,\n actor: params.provenance.actor,\n source: params.provenance.source,\n constraints: params.constraints,\n });\n\n report.results = report.results.filter((result) => isPackageAllowed(params.policy, result.packageName));\n\n for (const result of report.results) {\n if (result.strategy === \"patch-file\") {\n patchCount += 1;\n }\n if (result.validation?.passed === false && result.validation?.error) {\n patchValidationFailures.push({\n packageName: result.packageName,\n cveId,\n error: result.validation.error,\n });\n }\n }\n\n reports.push(report);\n addEvidenceStep(params.evidence, \"remediate.finish\", { cveId }, { results: report.results.length });\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n errors.push({ cveId, message });\n addEvidenceStep(params.evidence, \"remediate.error\", { cveId }, undefined, message);\n }\n }\n\n return {\n reports,\n errors,\n patchCount,\n patchValidationFailures,\n };\n}","import type { RemediationReport } from \"../platform/types.js\";\nimport type { ScanReport } from \"./contracts.js\";\nimport {\n buildDependencyScopeCounts,\n buildStrategyCounts,\n buildUnresolvedReasonCounts,\n} from \"./reporting.js\";\n\nexport interface ScanOutcome {\n status: ScanReport[\"status\"];\n successCount: number;\n failedCount: number;\n strategyCounts: ReturnType<typeof buildStrategyCounts>;\n dependencyScopeCounts: ReturnType<typeof buildDependencyScopeCounts>;\n unresolvedByReason: ReturnType<typeof buildUnresolvedReasonCounts>;\n remediationCount: number;\n}\n\nexport function buildScanOutcome(params: {\n reports: RemediationReport[];\n errors: Array<{ cveId: string; message: string }>;\n}): ScanOutcome {\n let successCount = 0;\n let failedCount = 0;\n for (const report of params.reports) {\n for (const result of report.results) {\n if (result.applied || result.dryRun) {\n successCount += 1;\n } else {\n failedCount += 1;\n }\n }\n }\n\n failedCount += params.errors.length;\n\n let status: ScanReport[\"status\"] = \"ok\";\n if (failedCount > 0 && successCount > 0) {\n status = \"partial\";\n } else if (failedCount > 0 && successCount === 0) {\n status = \"failed\";\n }\n\n const strategyCounts = buildStrategyCounts(params.reports);\n const dependencyScopeCounts = buildDependencyScopeCounts(params.reports);\n const unresolvedByReason = buildUnresolvedReasonCounts(params.reports);\n const remediationCount = params.reports.reduce((sum, report) => sum + report.results.length, 0);\n\n return {\n status,\n successCount,\n failedCount,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n remediationCount,\n };\n}","import type { RemediationReport } from \"../platform/types.js\";\nimport { parseScanInput, uniqueCveIds } from \"../scanner/index.js\";\nimport { addEvidenceStep, createEvidenceLog, finalizeEvidence, writeEvidenceLog } from \"../platform/evidence.js\";\nimport { loadPolicy } from \"../platform/policy.js\";\nimport type { ScanOptions, ScanReport } from \"./contracts.js\";\nimport { resolveConstraints, resolveCorrelationContext, resolveProvenanceContext } from \"./context.js\";\nimport { executeScanRemediations } from \"./scan-execution.js\";\nimport { buildScanOutcome } from \"./scan-outcome.js\";\n\nexport async function remediateFromScan(\n inputPath: string,\n options: ScanOptions = {}\n): Promise<ScanReport> {\n const cwd = options.cwd ?? process.cwd();\n const format = options.format ?? \"auto\";\n const patchesDir = options.patchesDir ?? \"./patches\";\n\n const findings = parseScanInput(inputPath, format);\n const cveIds = uniqueCveIds(findings);\n const policy = loadPolicy(cwd, options.policy);\n const correlation = resolveCorrelationContext(options);\n const provenance = resolveProvenanceContext(options);\n const constraints = resolveConstraints(options, cwd);\n\n const evidence = createEvidenceLog(cwd, cveIds, {\n ...correlation,\n actor: provenance.actor,\n source: provenance.source,\n idempotencyKey: options.idempotencyKey,\n });\n addEvidenceStep(evidence, \"scan.parse\", { inputPath, format }, { findingCount: findings.length, cveCount: cveIds.length });\n\n const execution = await executeScanRemediations({\n cveIds,\n options,\n patchesDir,\n policy,\n correlation,\n provenance,\n constraints,\n evidence,\n });\n const reports: RemediationReport[] = execution.reports;\n const errors = execution.errors;\n const patchCount = execution.patchCount;\n const patchValidationFailures = execution.patchValidationFailures;\n\n const outcome = buildScanOutcome({ reports, errors });\n const { status, successCount, failedCount, strategyCounts, dependencyScopeCounts, unresolvedByReason, remediationCount } = outcome;\n\n evidence.summary = {\n status,\n cveCount: cveIds.length,\n remediationCount,\n successCount,\n failedCount,\n patchCount,\n patchValidationFailures: patchValidationFailures.length > 0 ? patchValidationFailures : undefined,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n patchesDir: patchCount > 0 ? patchesDir : undefined,\n };\n\n finalizeEvidence(evidence);\n const evidenceFile = options.evidence === false ? undefined : writeEvidenceLog(cwd, evidence);\n\n return {\n schemaVersion: \"1.0\",\n status,\n generatedAt: new Date().toISOString(),\n cveIds,\n reports,\n successCount,\n failedCount,\n errors,\n evidenceFile,\n patchCount,\n patchValidationFailures: patchValidationFailures.length > 0 ? patchValidationFailures : undefined,\n strategyCounts,\n dependencyScopeCounts,\n unresolvedByReason,\n patchesDir: patchCount > 0 ? patchesDir : undefined,\n correlation,\n provenance,\n constraints,\n idempotencyKey: options.idempotencyKey,\n };\n}\n"],"mappings":";AAUA,SAAS,gBAAAA,qBAAoB;;;ACAtB,SAAS,gBAAgB,UAA4B,CAAC,GAAsB;AACjF,QAAM,MACJ,QAAQ,eACR,QAAQ,IAAI,+BACZ;AAEF,MAAI,QAAQ,YAAY,QAAQ,eAAe,QAAQ,SAAS;AAC9D,UAAM,IAAI;AAAA,MACR,6BAA6B,GAAG;AAAA,IAClC;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,iBACd,UACA,UAA4B,CAAC,GACrB;AACR,MAAI,QAAQ,MAAO,QAAO,QAAQ;AAClC,MAAI,QAAQ,IAAI,qBAAsB,QAAO,QAAQ,IAAI;AAEzD,QAAM,WAA8C;AAAA,IAClD,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,OAAO;AAAA,EACT;AACA,SAAO,SAAS,QAAQ;AAC1B;AAGA,eAAsB,YAAY,UAA4B,CAAC,GAA6B;AAC1F,QAAM,WAAW,gBAAgB,OAAO;AAExC,MAAI,aAAa,SAAS;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YAAY,iBAAiB,UAAU,OAAO;AAEpD,MAAI,aAAa,UAAU;AACzB,UAAM,SAAS,QAAQ,IAAI;AAC3B,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,EAAE,aAAa,IAAI,MAAM,OAAO,gBAAgB;AACtD,UAAM,SAAS,aAAa,EAAE,OAAO,CAAC;AACtC,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,aAAa,aAAa;AAC5B,UAAM,SAAS,QAAQ,IAAI;AAC3B,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,mBAAmB;AAC5D,UAAM,YAAY,gBAAgB,EAAE,OAAO,CAAC;AAC5C,WAAO,UAAU,SAAS;AAAA,EAC5B;AAEA,QAAM,IAAI,MAAM,uBAAuB,QAAQ,EAAE;AACnD;AAMO,SAAS,eAA0B;AACxC,SAAO;AAAA,IACL,QAAQ,QAAQ,IAAI;AAAA,EACtB;AACF;AAEO,SAAS,iBAAqC;AACnD,SAAO,QAAQ,IAAI;AACrB;AAcO,SAAS,8BAAwD;AACtE,SAAO;AAAA,IACL,mBACE,QAAQ,IAAI,sCACZ;AAAA,IACF,iBACE,QAAQ,IAAI,oCACZ;AAAA,IACF,SACE,QAAQ,IAAI,2BACZ;AAAA,IACF,gBACE,QAAQ,IAAI,mCACZ;AAAA,IACF,YACE,QAAQ,IAAI,8BACZ;AAAA,IACF,cACE,QAAQ,IAAI,gCACZ;AAAA,IACF,sBAAsB,QAAQ,IAAI,wCAAwC,IACvE,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,OAAO;AAAA,IACjB,kBAAkB,QAAQ,IAAI,mCAAmC,IAC9D,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,OAAO;AAAA,IACjB,qBAAqB,QAAQ,IAAI;AAAA,EACnC;AACF;;;ACtIA,SAAS,kBAAkB;AAC3B,SAAS,YAAY;AAad,SAAS,qBAAqB,KAA6B;AAChE,MAAI,WAAW,KAAK,KAAK,gBAAgB,CAAC,EAAG,QAAO;AACpD,MAAI,WAAW,KAAK,KAAK,WAAW,CAAC,EAAG,QAAO;AAC/C,SAAO;AACT;AAEO,SAAS,0BAA0B,IAA4C;AACpF,MAAI,OAAO,QAAQ;AACjB,WAAO;AAAA,MACL,SAAS,CAAC,QAAQ,SAAS;AAAA,MAC3B,sBAAsB,CAAC,QAAQ,WAAW,kBAAkB;AAAA,MAC5D,YAAY,CAAC,QAAgB,CAAC,QAAQ,OAAO,MAAM,GAAG;AAAA,MACtD,MAAM,CAAC,QAAQ,MAAM;AAAA,MACrB,MAAM,CAAC,QAAQ,QAAQ,UAAU,WAAW,IAAI;AAAA,MAChD,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,MAAI,OAAO,QAAQ;AACjB,WAAO;AAAA,MACL,SAAS,CAAC,QAAQ,SAAS;AAAA,MAC3B,sBAAsB,CAAC,QAAQ,SAAS;AAAA,MACxC,YAAY,CAAC,QAAgB,CAAC,QAAQ,OAAO,SAAS,GAAG;AAAA,MACzD,MAAM,CAAC,QAAQ,MAAM;AAAA,MACrB,MAAM,CAAC,QAAQ,QAAQ,QAAQ;AAAA,MAC/B,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS,CAAC,OAAO,SAAS;AAAA,IAC1B,sBAAsB,CAAC,OAAO,WAAW,kBAAkB;AAAA,IAC3D,YAAY,CAAC,QAAgB,CAAC,OAAO,WAAW,cAAc,GAAG;AAAA,IACjE,MAAM,CAAC,OAAO,MAAM;AAAA,IACpB,MAAM,CAAC,OAAO,QAAQ,UAAU,OAAO;AAAA,IACvC,cAAc;AAAA,EAChB;AACF;AAEO,SAAS,gBAAgB,IAAoB,QAAqC;AACvF,QAAM,WAAW,oBAAI,IAAoB;AAEzC,MAAI,CAAC,OAAO,KAAK,EAAG,QAAO;AAE3B,MAAI,OAAO,QAAQ;AACjB,UAAM,QAAQ,OACX,MAAM,IAAI,EACV,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,OAAO;AAEjB,eAAW,QAAQ,OAAO;AACxB,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,YAAI,IAAI,SAAS,OAAQ;AAEzB,mBAAW,QAAQ,IAAI,MAAM,SAAS,CAAC,GAAG;AACxC,gBAAM,MAAM,KAAK,QAAQ;AACzB,gBAAM,KAAK,IAAI,YAAY,GAAG;AAC9B,cAAI,MAAM,EAAG;AACb,gBAAM,OAAO,IAAI,MAAM,GAAG,EAAE;AAC5B,gBAAM,UAAU,IAAI,MAAM,KAAK,CAAC;AAChC,cAAI,QAAQ,SAAS;AACnB,qBAAS,IAAI,MAAM,OAAO;AAAA,UAC5B;AAAA,QACF;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,MAAM;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,QAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,OAAO,CAAC,IAAI;AAOjD,WAAS,oBAAoB,MAA6C;AACxE,QAAI,CAAC,KAAM;AAEX,eAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAChD,UAAI,CAAC,SAAS,OAAO,UAAU,SAAU;AACzC,YAAM,UAAU,MAAM;AACtB,UAAI,OAAO,YAAY,YAAY,SAAS;AAC1C,iBAAS,IAAI,MAAM,OAAO;AAAA,MAC5B;AACA,0BAAoB,MAAM,YAAY;AAAA,IACxC;AAAA,EACF;AAEA,sBAAqB,MAAwE,YAAY;AAEzG,SAAO;AACT;;;AC9GA,SAAS,YAAY;AACrB,SAAS,SAAS;AAClB,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAAC,eAAc,qBAAqB;AAC5C,SAAS,aAAa;AACtB,OAAO,YAAY;;;ACXnB,SAAS,cAAAC,aAAY,oBAAoB;AACzC,SAAS,QAAAC,aAAY;AAUd,IAAM,iBAAuC;AAAA,EAClD,iBAAiB;AAAA,EACjB,cAAc,CAAC;AAAA,EACf,eAAe,CAAC;AAAA,EAChB,aAAa;AAAA,IACX,wBAAwB;AAAA,IACxB,mBAAmB;AAAA,EACrB;AACF;AAEO,SAAS,WAAW,KAAa,cAA6C;AACnF,QAAM,YAAY,gBAAgBA,MAAK,KAAK,sBAAsB;AAClE,MAAI,CAACD,YAAW,SAAS,EAAG,QAAO;AAEnC,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,aAAa,WAAW,MAAM,CAAC;AACzD,WAAO;AAAA,MACL,iBAAiB,OAAO,mBAAmB,eAAe;AAAA,MAC1D,cAAc,OAAO,gBAAgB,eAAe;AAAA,MACpD,eAAe,OAAO,iBAAiB,eAAe;AAAA,MACtD,aAAa;AAAA,QACX,wBACE,OAAO,aAAa,0BACpB,eAAe,aAAa,0BAC5B;AAAA,QACF,mBACE,OAAO,aAAa,qBACpB,eAAe,aAAa,qBAC5B;AAAA,MACJ;AAAA,IACF;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,iBAAiB,QAA8B,aAA8B;AAC3F,MAAI,OAAO,aAAa,SAAS,WAAW,EAAG,QAAO;AACtD,MAAI,OAAO,cAAc,SAAS,KAAK,CAAC,OAAO,cAAc,SAAS,WAAW,GAAG;AAClF,WAAO;AAAA,EACT;AACA,SAAO;AACT;;;ACrDA,SAAS,OAAO,UAAU;AAC1B,SAAS,QAAAE,aAAY;AAYrB,eAAe,MAAM,IAA2B;AAC9C,QAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACxD;AAEA,eAAsB,gBAAgB,KAAa,UAA2B,CAAC,GAAsB;AACnG,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,eAAe,QAAQ,gBAAgB;AAC7C,QAAM,WAAWA,MAAK,KAAK,mBAAmB,OAAO;AACrD,QAAM,WAAWA,MAAK,KAAK,mBAAmB,SAAS,kBAAkB;AACzE,QAAM,YAAY,KAAK,IAAI;AAE3B,QAAM,MAAM,UAAU,EAAE,WAAW,KAAK,CAAC;AAEzC,SAAO,MAAM;AACX,QAAI;AACF,YAAM,MAAM,UAAU,EAAE,WAAW,MAAM,CAAC;AAC1C,aAAO;AAAA,QACL;AAAA,QACA,SAAS,YAAY;AACnB,gBAAM,GAAG,UAAU,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,QACrD;AAAA,MACF;AAAA,IACF,QAAQ;AACN,UAAI,KAAK,IAAI,IAAI,YAAY,WAAW;AACtC,cAAM,IAAI,MAAM,4CAA4C,QAAQ,GAAG;AAAA,MACzE;AACA,YAAM,MAAM,YAAY;AAAA,IAC1B;AAAA,EACF;AACF;AAEA,eAAsB,aAAgB,KAAa,IAAsB,SAAuC;AAC9G,QAAM,OAAO,MAAM,gBAAgB,KAAK,OAAO;AAC/C,MAAI;AACF,WAAO,MAAM,GAAG;AAAA,EAClB,UAAE;AACA,UAAM,KAAK,QAAQ;AAAA,EACrB;AACF;;;AFrBO,IAAM,uBAAuB,KAAK;AAAA,EACvC,aACE;AAAA,EACF,YAAY,EAAE,OAAO;AAAA,IACnB,KAAK,EAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IACrE,gBAAgB,EAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,aAAa,EAAE,OAAO,EAAE,SAAS,4BAA4B;AAAA,IAC7D,aAAa,EAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IAC7E,WAAW,EAAE,OAAO,EAAE,SAAS,uCAAuC;AAAA,IACtE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0CAA0C;AAAA,IACtF,QAAQ,EACL,OAAO,EACP,SAAS,EACT,SAAS,8CAA8C;AAAA,IAC1D,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb,SAAS,qDAAqD;AAAA,EACnE,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAA4B;AAC1B,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,WAAW,0BAA0B,EAAE;AAC7C,UAAM,UAAUC,MAAK,KAAK,cAAc;AACxC,UAAM,eAAe,WAAW,KAAK,MAAM;AAE3C,QAAI,CAAC,iBAAiB,cAAc,WAAW,GAAG;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,uCAAuC,WAAW;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,cACJ,OAAO,MAAM,WAAW,KACxB,OAAO,MAAM,SAAS,KACtB,OAAO,MAAM,SAAS,IAAI,OAAO,MAAM,WAAW;AAEpD,QAAI,eAAe,CAAC,aAAa,iBAAiB;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,kCAAkC,WAAW,MAAM,WAAW,OAAO,SAAS;AAAA,MACzF;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,gBAAU,KAAK,MAAMC,cAAa,SAAS,MAAM,CAAC;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,mCAAmC,OAAO;AAAA,MACrD;AAAA,IACF;AAGA,UAAM,WAAY,CAAC,gBAAgB,mBAAmB,kBAAkB,EAAiB;AAAA,MACvF,CAAC,MAAM,QAAQ,CAAC,IAAI,WAAW,MAAM;AAAA,IACvC;AAEA,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,IAAI,WAAW;AAAA,MAC1B;AAAA,IACF;AAEA,UAAM,eAAe,QAAQ,QAAQ,EAAG,WAAW;AAGnD,UAAM,cAAc,aAAa,MAAM,UAAU;AACjD,UAAM,SAAS,cAAc,CAAC,KAAK;AACnC,UAAM,WAAW,GAAG,MAAM,GAAG,SAAS;AAEtC,QAAI,QAAQ;AACV,YAAM,aAAa,SAAS,qBAAqB,KAAK,GAAG;AACzD,YAAM,UAAU,SAAS,KAAK,KAAK,GAAG;AACtC,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,0BAA0B,QAAQ,IAAI,WAAW,MAAM,YAAY,SAAS,QAAQ,eAAe,UAAU,GAAG,WAAW,QAAQ,OAAO,KAAK,EAAE;AAAA,MAC5J;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,YAAY;AAEnC,cAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,oBAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAGtE,UAAI;AACF,cAAM,CAAC,YAAY,GAAG,WAAW,IAAI,SAAS;AAC9C,cAAM,MAAM,YAAY,aAAa;AAAA,UACnC;AAAA,UACA,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,KAAK;AAEZ,gBAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,sBAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO;AAAA,UACL;AAAA,UACA,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,kBAAkB;AAAA,UAClB,SAAS,GAAG,SAAS,qBAAqB,KAAK,GAAG,CAAC,2BAA2B,WAAW,QAAQ,SAAS,sBAAsB,OAAO;AAAA,QACzI;AAAA,MACF;AAEA,UAAI,UAAU;AACZ,YAAI;AACF,gBAAM,CAAC,SAAS,GAAG,QAAQ,IAAI,SAAS;AACxC,gBAAM,MAAM,SAAS,UAAU;AAAA,YAC7B;AAAA,YACA,OAAO;AAAA,UACT,CAAC;AAAA,QACH,SAAS,KAAK;AAEZ,kBAAQ,QAAQ,EAAG,WAAW,IAAI;AAClC,wBAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,cAAI;AACF,kBAAM,CAAC,aAAa,GAAG,YAAY,IAAI,SAAS;AAChD,kBAAM,MAAM,aAAa,cAAc;AAAA,cACrC;AAAA,cACA,OAAO;AAAA,YACT,CAAC;AAAA,UACH,QAAQ;AAAA,UAER;AAEA,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,iBAAO;AAAA,YACL;AAAA,YACA,UAAU;AAAA,YACV;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,kBAAkB;AAAA,YAClB,SAAS,GAAG,SAAS,KAAK,KAAK,GAAG,CAAC,4BAA4B,WAAW,QAAQ,SAAS,oBAAoB,YAAY,YAAY,OAAO;AAAA,UAChJ;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,0BAA0B,WAAW,UAAU,WAAW,OAAO,SAAS,SAAS,SAAS,qBAAqB,KAAK,GAAG,CAAC,GAAG,WAAW,gBAAgB,SAAS,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE;AAAA,MACjM;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;AGjOD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAAC,eAAc,iBAAAC,sBAAqB;AAC5C,SAAS,SAAAC,cAAa;AACtB,OAAOC,aAAY;AAoBZ,IAAM,2BAA2BC,MAAK;AAAA,EAC3C,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,KAAKA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IACrE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,aAAaA,GAAE,OAAO,EAAE,SAAS,6BAA6B;AAAA,IAC9D,aAAaA,GAAE,OAAO,EAAE,SAAS,4CAA4C;AAAA,IAC7E,WAAWA,GAAE,OAAO,EAAE,SAAS,wCAAwC;AAAA,IACvE,QAAQA,GAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0CAA0C;AAAA,IACtF,QAAQA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS,8CAA8C;AAAA,IACrF,UAAUA,GAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS,0DAA0D;AAAA,EAC1G,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAA4B;AAC1B,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,WAAW,0BAA0B,EAAE;AAC7C,UAAM,UAAUC,MAAK,KAAK,cAAc;AACxC,UAAM,eAAe,WAAW,KAAK,MAAM;AAE3C,QAAI,CAAC,iBAAiB,cAAc,WAAW,GAAG;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,uCAAuC,WAAW;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,cACJC,QAAO,MAAM,WAAW,KACxBA,QAAO,MAAM,SAAS,KACtBA,QAAO,MAAM,SAAS,IAAIA,QAAO,MAAM,WAAW;AAEpD,QAAI,eAAe,CAAC,aAAa,iBAAiB;AAChD,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,sCAAsC,WAAW,MAAM,WAAW,OAAO,SAAS;AAAA,MAC7F;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,gBAAU,KAAK,MAAMC,cAAa,SAAS,MAAM,CAAC;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,mCAAmC,OAAO;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,gBAAgB,sBAAsB,EAAE;AAC9C,UAAM,gBAAgB,iBAAiB,SAAS,IAAI,WAAW;AAE/D,QAAI,QAAQ;AACV,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,uBAAuB,aAAa,IAAI,WAAW,QAAQ,SAAS,eAAe,SAAS,qBAAqB,KAAK,GAAG,CAAC,GAAG,WAAW,QAAQ,SAAS,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE;AAAA,MACzL;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,YAAY;AACnC,uBAAiB,SAAS,IAAI,aAAa,SAAS;AACpD,MAAAC,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,UAAI;AACF,cAAM,CAAC,YAAY,GAAG,WAAW,IAAI,SAAS;AAC9C,cAAMC,OAAM,YAAY,aAAa,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,MAC7D,SAAS,KAAK;AACZ,6BAAqB,SAAS,IAAI,aAAa,aAAa;AAC5D,QAAAD,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AACtE,cAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,eAAO;AAAA,UACL;AAAA,UACA,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,kBAAkB;AAAA,UAClB,SAAS,GAAG,SAAS,qBAAqB,KAAK,GAAG,CAAC,0BAA0B,aAAa,SAAS,WAAW,QAAQ,SAAS,sBAAsB,OAAO;AAAA,QAC9J;AAAA,MACF;AAEA,UAAI,UAAU;AACZ,YAAI;AACF,gBAAM,CAAC,SAAS,GAAG,QAAQ,IAAI,SAAS;AACxC,gBAAMC,OAAM,SAAS,UAAU,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,QACvD,SAAS,KAAK;AACZ,+BAAqB,SAAS,IAAI,aAAa,aAAa;AAC5D,UAAAD,eAAc,SAAS,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAEtE,cAAI;AACF,kBAAM,CAAC,aAAa,GAAG,YAAY,IAAI,SAAS;AAChD,kBAAMC,OAAM,aAAa,cAAc,EAAE,KAAK,OAAO,OAAO,CAAC;AAAA,UAC/D,QAAQ;AAAA,UAER;AAEA,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,iBAAO;AAAA,YACL;AAAA,YACA,UAAU;AAAA,YACV;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,kBAAkB;AAAA,YAClB,SAAS,GAAG,SAAS,KAAK,KAAK,GAAG,CAAC,0BAA0B,aAAa,SAAS,WAAW,QAAQ,SAAS,sBAAsB,OAAO;AAAA,UAC9I;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL;AAAA,QACA,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,QAAQ;AAAA,QACR,SAAS,wBAAwB,aAAa,SAAS,WAAW,UAAU,WAAW,OAAO,SAAS,cAAc,SAAS,qBAAqB,KAAK,GAAG,CAAC,GAAG,WAAW,eAAe,SAAS,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE;AAAA,MACzN;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;AAED,SAAS,sBAAsB,gBAAwC;AACrE,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AACtC,SAAO;AACT;AAEA,SAAS,iBACP,SACA,gBACA,aACoB;AACpB,MAAI,mBAAmB,MAAO,QAAO,QAAQ,YAAY,WAAW;AACpE,MAAI,mBAAmB,OAAQ,QAAO,QAAQ,MAAM,YAAY,WAAW;AAC3E,SAAO,QAAQ,cAAc,WAAW;AAC1C;AAEA,SAAS,iBACP,SACA,gBACA,aACA,SACM;AACN,MAAI,mBAAmB,OAAO;AAC5B,YAAQ,YAAY,EAAE,GAAI,QAAQ,aAAa,CAAC,GAAI,CAAC,WAAW,GAAG,QAAQ;AAC3E;AAAA,EACF;AAEA,MAAI,mBAAmB,QAAQ;AAC7B,YAAQ,OAAO;AAAA,MACb,GAAI,QAAQ,QAAQ,CAAC;AAAA,MACrB,WAAW;AAAA,QACT,GAAI,QAAQ,MAAM,aAAa,CAAC;AAAA,QAChC,CAAC,WAAW,GAAG;AAAA,MACjB;AAAA,IACF;AACA;AAAA,EACF;AAEA,UAAQ,cAAc,EAAE,GAAI,QAAQ,eAAe,CAAC,GAAI,CAAC,WAAW,GAAG,QAAQ;AACjF;AAEA,SAAS,qBACP,SACA,gBACA,aACA,eACM;AACN,MAAI,mBAAmB,OAAO;AAC5B,YAAQ,YAAY,cAAc,QAAQ,WAAW,aAAa,aAAa;AAC/E;AAAA,EACF;AAEA,MAAI,mBAAmB,QAAQ;AAC7B,YAAQ,OAAO;AAAA,MACb,GAAI,QAAQ,QAAQ,CAAC;AAAA,MACrB,WAAW,cAAc,QAAQ,MAAM,WAAW,aAAa,aAAa;AAAA,IAC9E;AACA,QAAI,CAAC,QAAQ,KAAK,WAAW;AAC3B,aAAO,QAAQ,KAAK;AAAA,IACtB;AACA,QAAI,OAAO,KAAK,QAAQ,IAAI,EAAE,WAAW,GAAG;AAC1C,aAAO,QAAQ;AAAA,IACjB;AACA;AAAA,EACF;AAEA,UAAQ,cAAc,cAAc,QAAQ,aAAa,aAAa,aAAa;AACrF;AAEA,SAAS,cACP,QACA,KACA,eACoC;AACpC,QAAM,aAAa,EAAE,GAAI,UAAU,CAAC,EAAG;AAEvC,MAAI,kBAAkB,QAAW;AAC/B,WAAO,WAAW,GAAG;AAAA,EACvB,OAAO;AACL,eAAW,GAAG,IAAI;AAAA,EACpB;AAEA,SAAO,OAAO,KAAK,UAAU,EAAE,SAAS,IAAI,aAAa;AAC3D;;;AChQA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,SAAAC,QAAO,SAAS,UAAU,MAAAC,KAAI,iBAAiB;AACxD,SAAS,cAAc;AACvB,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;;;ACHtB,SAAS,cAAAC,aAAY,WAAW,iBAAAC,gBAAe,gBAAAC,qBAAoB;AACnE,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;AA0Df,SAAS,kBAAkB,cAA6C;AAC7E,MAAI,CAAC,gBAAgB,OAAO,iBAAiB,UAAU;AACrD,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAGA,QAAM,cAAc,cAAc,KAAK,YAAY;AACnD,QAAM,YAAY,iBAAiB,KAAK,YAAY;AACpD,QAAM,gBAAgB,cAAc,KAAK,YAAY;AAErD,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,CAAC,eAAe;AAClB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;;;AD9CO,IAAM,qBAAqBC,MAAK;AAAA,EACrC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sBAAsB;AAAA,IAC9D,mBAAmBA,GAChB,OAAO,EACP,SAAS,+BAA+B;AAAA,IAC3C,cAAcA,GACX,OAAO,EACP,IAAI,EAAE,EACN,SAAS,EACT,SAAS,gDAAgD;AAAA,IAC5D,SAASA,GACN;AAAA,MACCA,GAAE,OAAO;AAAA,QACP,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,QAC1B,aAAaA,GAAE,OAAO,EAAE,IAAI,EAAE;AAAA,MAChC,CAAC;AAAA,IACH,EACC,SAAS,EACT,SAAS,wDAAwD;AAAA,IACpE,YAAYA,GACT,OAAO,EACP,SAAS,EACT,QAAQ,WAAW,EACnB,SAAS,gCAAgC;AAAA,IAC5C,KAAKA,GAAE,OAAO,EAAE,SAAS,2CAA2C;AAAA,IACpE,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,IAC3I,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT,QAAQ,IAAI,EACZ,SAAS,2EAA2E;AAAA,IACvF,QAAQA,GAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK,EAAE,SAAS,yCAAyC;AAAA,EAClG,CAAC,EAAE,OAAO,CAAC,UAAU,QAAQ,MAAM,gBAAiB,MAAM,WAAW,MAAM,QAAQ,SAAS,CAAE,GAAG;AAAA,IAC/F,SAAS;AAAA,EACX,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAqC;AACnC,QAAI;AACF,YAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,YAAM,gBAAgB,gBAAgB,UAAU,CAAC,GAAG;AAEpD,UAAI,CAAC,eAAe;AAClB,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,kBAAkB,kBAAkB,aAAa;AACvD,UAAI,CAAC,gBAAgB,OAAO;AAC1B,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA,SAAS,gBAAgB,SAAS;AAAA,UAClC,OAAO,gBAAgB,SAAS;AAAA,QAClC;AAAA,MACF;AAEA,YAAM,gBAAgB,mBAAmB,aAAa,iBAAiB;AACvE,YAAM,gBAAgBC,MAAK,KAAK,YAAY,aAAa;AAEzD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,gDAAgD,aAAa;AAAA,UACtE;AAAA,UACA,WAAW;AAAA,QACb;AAAA,MACF;AAEA,aAAO,aAAa,KAAK,YAAY;AACnC,cAAM,sBACJ,qCAAqC,IAAI,GAAG,IACxC,MAAM,2BAA2B,GAAG,IACpC;AAGN,cAAM,iBAAiBA,MAAK,KAAK,UAAU;AAC3C,cAAMC,OAAM,gBAAgB,EAAE,WAAW,KAAK,CAAC;AAG/C,cAAM,UAAU,eAAe,eAAe,MAAM;AAEpD,YAAI;AACJ,cAAM,YAAY,MAAM,iBAAiB,IAAI,GAAG;AAChD,cAAM,WAAW,0BAA0B,EAAE;AAI7C,cAAM,cACJ,cAAc,kBACV,MAAM,iCAAiC,KAAK,EAAE,IAC9C,MAAM,iBAAiB;AAAA,UACrB;AAAA,UACA;AAAA,UACA;AAAA,UACA,cAAc;AAAA,UACd;AAAA,QACF,CAAC;AAEP,YAAI,CAAC,YAAY,SAAS;AACxB,gBAAM,sBAAsB;AAAA,YAC1B;AAAA,YACA,gBAAgB;AAAA,YAChB;AAAA,YACA;AAAA,YACA;AAAA,YACA,cAAc,cAAc;AAAA,UAC9B,CAAC;AACD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT;AAAA,YACA;AAAA,YACA,SAAS;AAAA,YACT,QAAQ;AAAA,YACR,SAAS,YAAY;AAAA,YACrB;AAAA,YACA,WAAW;AAAA,YACX;AAAA,YACA,uBAAuB,cAAc,kBAAkB,QAAQ;AAAA,YAC/D,OAAO,YAAY;AAAA,UACrB;AAAA,QACF;AAEA,YAAI,cAAc,iBAAiB;AACjC,cAAI;AACF,kBAAM,CAAC,YAAY,GAAG,WAAW,IAAI,SAAS;AAC9C,kBAAMC,OAAM,YAAY,aAAa;AAAA,cACnC;AAAA,cACA,OAAO;AAAA,YACT,CAAC;AAAA,UACH,SAAS,KAAK;AACZ,kBAAM,sBAAsB;AAAA,cAC1B;AAAA,cACA,gBAAgB;AAAA,cAChB;AAAA,cACA;AAAA,cACA;AAAA,cACA,cAAc;AAAA,YAChB,CAAC;AACD,kBAAM,QAAQ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC7D,mBAAO;AAAA,cACL,SAAS;AAAA,cACT;AAAA,cACA;AAAA,cACA,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,SAAS,8CAA8C,WAAW,IAAI,iBAAiB,KAAK,KAAK;AAAA,cACjG;AAAA,cACA,WAAW;AAAA,cACX;AAAA,cACA,uBAAuB;AAAA,cACvB,OAAO,8CAA8C,WAAW,IAAI,iBAAiB,KAAK,KAAK;AAAA,YACjG;AAAA,UACF;AAAA,QACF;AAGA,YAAI,mBAAmB;AACrB,6BAAmB,MAAM,uBAAuB,KAAK,EAAE;AACvD,cAAI,CAAC,iBAAiB,QAAQ;AAC5B,kBAAM,sBAAsB;AAAA,cAC1B;AAAA,cACA,gBAAgB;AAAA,cAChB;AAAA,cACA;AAAA,cACA;AAAA,cACA,cAAc,cAAc;AAAA,YAC9B,CAAC;AACD,kBAAM,kBAAkB;AACxB,mBAAO;AAAA,cACL,SAAS;AAAA,cACT;AAAA,cACA;AAAA,cACA,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,SAAS;AAAA,cACT;AAAA,cACA,WAAW;AAAA,cACX;AAAA,cACA,uBAAuB;AAAA,cACvB,YAAY;AAAA,cACZ,OAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAEA,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,SAAS,kCAAkC,WAAW,IAAI,iBAAiB;AAAA,UAC3E;AAAA,UACA,WAAW;AAAA,UACX;AAAA,UACA,uBAAuB,cAAc;AAAA,UACrC,YAAY;AAAA,QACd;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AACjD,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT;AAAA,QACA,SAAS,+BAA+B,OAAO;AAAA,QAC/C,OAAO,+BAA+B,OAAO;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACF,CAAC;AASD,eAAe,iBAAiB,gBAAgC,KAAiC;AAC/F,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AAGtC,MAAI;AACF,UAAM,SAAS,MAAMA,OAAM,QAAQ,CAAC,WAAW,GAAG;AAAA,MAChD;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AACD,UAAM,UAAU,OAAO,OAAO,KAAK;AACnC,UAAM,QAAQ,OAAO,SAAS,QAAQ,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AAC9D,WAAO,SAAS,IAAI,gBAAgB;AAAA,EACtC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,qCAAqC,gBAAgC,KAAsB;AAClG,MAAI,mBAAmB,MAAO,QAAO;AACrC,MAAI,mBAAmB,OAAQ,QAAO;AAEtC,SAAO;AACT;AAEA,SAAS,mBAAmB,aAAqB,mBAAmC;AAClF,QAAM,WAAW,YAAY,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,GAAG;AACjE,SAAO,GAAG,QAAQ,IAAI,iBAAiB;AACzC;AAEA,eAAe,iCAAiC,KAAa,gBAAgG;AAC3J,QAAM,cAAcF,MAAK,KAAK,cAAc;AAC5C,MAAI;AAEJ,MAAI;AACF,cAAU,KAAK,MAAM,MAAM,SAAS,aAAa,MAAM,CAAC;AAAA,EAC1D,QAAQ;AACN,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,kCAAkC,WAAW;AAAA,IACtD;AAAA,EACF;AAEA,QAAM,kBAAkB,QAAQ,mBAAmB,CAAC;AACpD,MAAI,CAAC,gBAAgB,eAAe,GAAG;AACrC,QAAI;AACF,YAAM,WAAW,0BAA0B,cAAc;AACzD,YAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS,WAAW,eAAe;AAC1D,YAAME,OAAM,KAAK,MAAM;AAAA,QACrB;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,oCAAoC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,MAC7F;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ,SAAS;AACpB,YAAQ,UAAU,CAAC;AAAA,EACrB;AAEA,QAAM,gBAAgB;AACtB,QAAM,qBAAqB,QAAQ,QAAQ,eAAe;AAE1D,MAAI,sBAAsB,CAAC,mBAAmB,SAAS,eAAe,GAAG;AACvE,YAAQ,QAAQ,cAAc,GAAG,kBAAkB,OAAO,aAAa;AAAA,EACzE,WAAW,CAAC,oBAAoB;AAC9B,YAAQ,QAAQ,cAAc;AAAA,EAChC;AAEA,QAAM,UAAU,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAC5E,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,eAAe,2BAA2B,KAAuD;AAC/F,QAAM,OAAOF,MAAK,KAAK,cAAc;AAErC,MAAI;AACF,UAAM,UAAU,MAAM,SAAS,MAAM,MAAM;AAC3C,WAAO,EAAE,MAAM,QAAQ;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,sBAAsB,QAOnB;AAChB,QAAM,EAAE,KAAK,gBAAgB,eAAe,WAAW,qBAAqB,aAAa,IAAI;AAE7F,QAAMG,IAAG,eAAe,EAAE,OAAO,KAAK,CAAC,EAAE,MAAM,MAAM,MAAS;AAE9D,MAAI,cAAc,mBAAmB,qBAAqB;AACxD,UAAM,UAAU,oBAAoB,MAAM,oBAAoB,SAAS,MAAM,EAAE,MAAM,MAAM,MAAS;AAAA,EACtG;AAEA,MAAI,CAAC,aAAc;AAEnB,MAAI;AACF,UAAM,WAAW,0BAA0B,cAAc;AACzD,UAAM,CAAC,YAAY,GAAG,WAAW,IAAI,SAAS;AAC9C,UAAMD,OAAM,YAAY,aAAa;AAAA,MACnC;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAAA,EACH,QAAQ;AAAA,EAER;AACF;AAEA,eAAe,iBAAiB,QAMmC;AACjE,QAAM,EAAE,KAAK,aAAa,mBAAmB,cAAc,UAAU,IAAI;AACzE,QAAM,cAAc,GAAG,WAAW,IAAI,iBAAiB;AAEvD,QAAM,gBAAgB,cAAc,gBAAgB,SAAS;AAC7D,QAAM,aAAa,CAAC,SAAS,WAAW;AAExC,MAAI;AACJ,MAAI;AACF,UAAM,eAAe,MAAMA,OAAM,eAAe,YAAY;AAAA,MAC1D;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AACD,eAAW,sBAAsB,GAAG,aAAa,MAAM;AAAA,EAAK,aAAa,MAAM,EAAE;AAAA,EACnF,SAAS,KAAK;AACZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,+CAA+C,WAAW,KAC/D,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,kDAAkD,WAAW;AAAA,IACtE;AAAA,EACF;AAEA,QAAM,eAAe,MAAM,QAAQF,MAAK,OAAO,GAAG,8BAA8B,CAAC;AACjF,QAAM,gBAAgBA,MAAK,cAAc,cAAc;AAEvD,MAAI;AACF,UAAM,UAAU,eAAe,cAAc,MAAM;AACnD,UAAME,OAAM,SAAS,CAAC,OAAO,MAAM,aAAa,GAAG;AAAA,MACjD,KAAK;AAAA,MACL,OAAO;AAAA,IACT,CAAC;AAED,UAAM,gBAAgB,cAAc,gBAAgB,SAAS;AAC7D,UAAM,aACJ,cAAc,gBACV,CAAC,gBAAgB,QAAQ,IACzB,CAAC,gBAAgB,MAAM,QAAQ;AAErC,UAAMA,OAAM,eAAe,YAAY;AAAA,MACrC;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,oCAAoC,WAAW,KACpD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,IACF;AAAA,EACF,UAAE;AACA,UAAMC,IAAG,cAAc,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,EACzD;AAEA,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,SAAS,sBAAsB,QAAwB;AACrD,QAAM,QAAQ,OACX,MAAM,OAAO,EACb,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAIC,YAAW,IAAI,GAAG;AACpB,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,KAAK,MAAM,KAAK,EAAE,IAAI,CAAC,UAAU,MAAM,QAAQ,gBAAgB,EAAE,CAAC;AACjF,eAAW,SAAS,QAAQ;AAC1B,UAAI,MAAM,WAAW,GAAG,KAAKA,YAAW,KAAK,GAAG;AAC9C,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAKA,eAAe,uBAAuB,KAAa,gBAA2D;AAC5G,MAAI;AACF,UAAM,WAAW,0BAA0B,cAAc;AACzD,UAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS;AAGhC,UAAM,SAAS,MAAMF,OAAM,KAAK,MAAM;AAAA,MACpC;AAAA,MACA,SAAS;AAAA;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AAED,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,SAAS,KAAK;AAEZ,UAAM,cACJ,OAAO,QAAQ,YAAY,QAAQ,QAAQ,YAAY,MACnD,OAAQ,IAAgC,UAAU,EAAE,IACpD;AACN,UAAM,cAAc,mBAAmB,WAAW;AAElD,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OACE,YAAY,SAAS,IACjB,iBAAiB,YAAY,KAAK,IAAI,CAAC,KACvC;AAAA,MACN,QAAQ;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,mBAAmB,QAA0B;AACpD,QAAM,cAAwB,CAAC;AAG/B,QAAM,WAAW;AAAA,IACf;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAEA,aAAW,WAAW,UAAU;AAC9B,QAAI;AACJ,YAAQ,QAAQ,QAAQ,KAAK,MAAM,OAAO,MAAM;AAC9C,UAAI,MAAM,CAAC,GAAG;AACZ,oBAAY,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAEA,SAAO,YAAY,MAAM,GAAG,CAAC;AAC/B;;;AEpkBA,OAAOG,aAAY;;;ACQnB,IAAM,WAAW;AAuDjB,eAAsB,aAAa,OAAiD;AAClF,QAAM,MAAM,GAAG,QAAQ,UAAU,mBAAmB,KAAK,CAAC;AAC1D,QAAM,MAAM,MAAM,MAAM,KAAK;AAAA,IAC3B,SAAS,EAAE,QAAQ,mBAAmB;AAAA,EACxC,CAAC;AAED,MAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,iBAAiB,IAAI,MAAM,QAAQ,KAAK,KAAK,MAAM,IAAI,KAAK,CAAC,EAAE;AAAA,EACjF;AAEA,SAAO,IAAI,KAAK;AAClB;AAOA,SAAS,uBAAuB,QAAkC;AAChE,QAAM,QAAkB,CAAC;AAEzB,aAAW,SAAS,QAAQ;AAC1B,QAAI,MAAM,eAAe,QAAW;AAClC,YAAM,IAAI,MAAM,eAAe,MAAM,UAAU,MAAM;AACrD,YAAM,KAAK,KAAK,CAAC,EAAE;AAAA,IACrB;AACA,QAAI,MAAM,UAAU,QAAW;AAC7B,YAAM,KAAK,IAAI,MAAM,KAAK,EAAE;AAAA,IAC9B;AACA,QAAI,MAAM,kBAAkB,QAAW;AACrC,YAAM,KAAK,KAAK,MAAM,aAAa,EAAE;AAAA,IACvC;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,GAAG,KAAK;AAC5B;AAMO,SAAS,aAAa,MAAoC;AAC/D,QAAM,cAAiC,CAAC;AAExC,aAAW,YAAY,KAAK,YAAY,CAAC,GAAG;AAC1C,UAAM,YAAY,SAAS,SAAS;AACpC,UAAM,cAAc,SAAS,SAAS;AACtC,QAAI,CAAC,aAAa,OAAO,cAAc,SAAU;AACjD,QAAI,CAAC,eAAe,OAAO,gBAAgB,SAAU;AACrD,QAAI,UAAU,YAAY,MAAM,MAAO;AAGvC,UAAM,cAAc,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ;AACpE,UAAM,kBAAkB,cACpB,uBAAuB,YAAY,MAAM,IACzC;AAGJ,UAAM,aAAa,aAAa,OAAO,KAAK,CAAC,MAAM,EAAE,UAAU,MAAS;AAExE,gBAAY,KAAK;AAAA,MACf,MAAM;AAAA,MACN,WAAW;AAAA,MACX;AAAA,MACA,qBAAqB,YAAY;AAAA,MACjC,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,eAAe,KAAK,QAAQ;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,SAAS,KAAK,WAAW,KAAK,WAAW;AAAA,IACzC;AAAA,IACA,YAAY,KAAK,YAAY,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC;AAAA,IACnD,kBAAkB;AAAA,EACpB;AACF;AAEA,SAAS,eACP,iBACwB;AACxB,MAAI,CAAC,iBAAiB,OAAQ,QAAO;AAGrC,QAAM,YACJ,gBAAgB,KAAK,CAAC,MAAM,EAAE,SAAS,SAAS,KAAK,gBAAgB,CAAC;AAGxE,QAAM,aAAa,UAAU,MAAM,MAAM,aAAa;AACtD,MAAI,YAAY;AACd,UAAM,QAAQ,WAAW,WAAW,CAAC,CAAC;AACtC,QAAI,SAAS,EAAK,QAAO;AACzB,QAAI,SAAS,EAAK,QAAO;AACzB,QAAI,SAAS,EAAK,QAAO;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAGA,eAAsB,aAAa,OAA2C;AAC5E,QAAM,OAAO,MAAM,aAAa,KAAK;AACrC,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,aAAa,IAAI;AAC1B;;;ACnKA,IAAM,mBAAmB;AA6BzB,SAAS,eAAuC;AAC9C,QAAM,UAAkC;AAAA,IACtC,QAAQ;AAAA,IACR,wBAAwB;AAAA,EAC1B;AACA,QAAM,QAAQ,eAAe;AAC7B,MAAI,OAAO;AACT,YAAQ,gBAAgB,UAAU,KAAK;AAAA,EACzC;AACA,SAAO;AACT;AAMA,eAAsB,kBAAkB,OAAsC;AAC5E,QAAM,MAAM,IAAI,IAAI,gBAAgB;AACpC,MAAI,aAAa,IAAI,UAAU,KAAK;AACpC,MAAI,aAAa,IAAI,aAAa,KAAK;AACvC,MAAI,aAAa,IAAI,QAAQ,UAAU;AACvC,MAAI,aAAa,IAAI,YAAY,IAAI;AAErC,QAAM,MAAM,MAAM,MAAM,IAAI,SAAS,GAAG,EAAE,SAAS,aAAa,EAAE,CAAC;AAEnE,MAAI,IAAI,WAAW,IAAK,QAAO,CAAC;AAChC,MAAI,CAAC,IAAI,IAAI;AAEX,YAAQ;AAAA,MACN,iDAAiD,IAAI,MAAM,QAAQ,KAAK;AAAA,IAC1E;AACA,WAAO,CAAC;AAAA,EACV;AAEA,SAAO,IAAI,KAAK;AAClB;AAMO,SAAS,kBAAkB,YAA6C;AAC7E,QAAM,WAA8B,CAAC;AAErC,aAAW,YAAY,YAAY;AACjC,eAAW,QAAQ,SAAS,iBAAiB;AAC3C,UAAI,KAAK,QAAQ,UAAU,YAAY,MAAM,MAAO;AAEpD,eAAS,KAAK;AAAA,QACZ,MAAM,KAAK,QAAQ;AAAA,QACnB,WAAW;AAAA,QACX,iBAAiB,KAAK,4BAA4B;AAAA,QAClD,qBAAqB,KAAK,yBAAyB;AAAA,QACnD,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAMO,SAAS,0BACd,SACA,YACY;AACZ,QAAM,WAAW,EAAE,GAAG,QAAQ;AAE9B,aAAW,SAAS,YAAY;AAC9B,UAAM,WAAW,SAAS,iBAAiB;AAAA,MACzC,CAAC,MAAM,EAAE,SAAS,MAAM;AAAA,IAC1B;AAEA,QAAI,UAAU;AAEZ,UAAI,CAAC,SAAS,uBAAuB,MAAM,qBAAqB;AAC9D,iBAAS,sBAAsB,MAAM;AAAA,MACvC;AAAA,IACF,OAAO;AAEL,eAAS,iBAAiB,KAAK,KAAK;AAAA,IACtC;AAAA,EACF;AAEA,SAAO;AACT;AAGA,eAAsB,gBAAgB,OAA2C;AAC/E,QAAM,aAAa,MAAM,kBAAkB,KAAK;AAChD,SAAO,kBAAkB,UAAU;AACrC;;;ACzHA,IAAM,WAAW;AA2BjB,SAAS,kBAA0C;AACjD,QAAM,EAAE,OAAO,IAAI,aAAa;AAChC,QAAM,UAAkC,EAAE,QAAQ,mBAAmB;AACrE,MAAI,QAAQ;AACV,YAAQ,SAAS;AAAA,EACnB;AACA,SAAO;AACT;AAOA,eAAsB,aACpB,OAC0E;AAC1E,QAAM,MAAM,GAAG,QAAQ,UAAU,mBAAmB,KAAK,CAAC;AAE1D,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,KAAK,EAAE,SAAS,gBAAgB,EAAE,CAAC;AAC3D,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,UAAM,OAAO,KAAK,kBAAkB,CAAC;AACrC,QAAI,CAAC,KAAM,QAAO;AAElB,UAAM,UAAU,KAAK,IAAI;AACzB,UAAM,SACJ,SAAS,gBAAgB,CAAC,KAC1B,SAAS,gBAAgB,CAAC,KAC1B,SAAS,eAAe,CAAC;AAE3B,QAAI,CAAC,OAAQ,QAAO;AAEpB,UAAM,QAAQ,OAAO,SAAS;AAC9B,UAAM,cAAc,OAAO,SAAS,aAAa,YAAY;AAE7D,UAAM,cAAsD;AAAA,MAC1D,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,KAAK;AAAA,IACP;AAEA,WAAO;AAAA,MACL;AAAA,MACA,UAAU,YAAY,WAAW,KAAK;AAAA,IACxC;AAAA,EACF,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAMA,eAAsB,cAAc,SAA0C;AAC5E,QAAM,OAAO,MAAM,aAAa,QAAQ,EAAE;AAC1C,MAAI,MAAM;AACR,YAAQ,YAAY,KAAK;AACzB,QAAI,QAAQ,aAAa,WAAW;AAClC,cAAQ,WAAW,KAAK;AAAA,IAC1B;AAAA,EACF;AACA,SAAO;AACT;;;ACpGA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;AAef,IAAM,qBAAqBC,MAAK;AAAA,EACrC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,KAAKA,GAAE,OAAO,EAAE,SAAS,wDAAwD;AAAA,IACjF,gBAAgBA,GAAE,KAAK,CAAC,OAAO,QAAQ,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,uEAAuE;AAAA,EAC7I,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,KAAK,eAAe,MAAiE;AACrG,QAAI;AAEJ,QAAI;AACF,gBAAU,KAAK,MAAMC,cAAaC,MAAK,KAAK,cAAc,GAAG,MAAM,CAAC;AAAA,IACtE,QAAQ;AACN,aAAO;AAAA,QACL,UAAU,CAAC;AAAA,QACX,OAAO,mCAAmC,GAAG;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,KAAM,kBAAkB,qBAAqB,GAAG;AACtD,UAAM,WAAW,0BAA0B,EAAE;AAC7C,QAAI,oBAAoB,oBAAI,IAAoB;AAEhD,QAAI;AACF,YAAM,CAAC,KAAK,GAAG,IAAI,IAAI,SAAS;AAChC,YAAM,aAAa,MAAMC,OAAM,KAAK,MAAM;AAAA,QACxC;AAAA,QACA,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AACD,0BAAoB,gBAAgB,IAAI,WAAW,UAAU,EAAE;AAAA,IACjE,QAAQ;AAAA,IAER;AAEA,UAAM,WAA+B,CAAC;AAEtC,eAAW,CAAC,MAAM,OAAO,KAAK,kBAAkB,QAAQ,GAAG;AACzD,YAAM,WACJ,QAAQ,QAAQ,eAAe,IAAI,CAAC,KACpC,QAAQ,QAAQ,kBAAkB,IAAI,CAAC,KACvC,QAAQ,QAAQ,mBAAmB,IAAI,CAAC;AAE1C,eAAS,KAAK;AAAA,QACZ;AAAA,QACA;AAAA,QACA,MAAM,WAAW,WAAW;AAAA,MAC9B,CAAC;AAAA,IACH;AAEA,QAAI,SAAS,WAAW,GAAG;AAEzB,YAAM,UAAU;AAAA,QACd,GAAG,QAAQ;AAAA,QACX,GAAG,QAAQ;AAAA,MACb;AACA,iBAAW,CAAC,MAAM,OAAO,KAAK,OAAO,QAAQ,OAAO,GAAG;AACrD,cAAM,UAAU,QAAQ,QAAQ,cAAc,EAAE,EAAE,KAAK;AACvD,iBAAS,KAAK,EAAE,MAAM,SAAS,SAAS,MAAM,SAAS,CAAC;AAAA,MAC1D;AAAA,IACF;AAEA,WAAO,EAAE,SAAS;AAAA,EACpB;AACF,CAAC;;;ACjFD,OAAOC,aAAY;AAEnB,IAAM,eAAe;AA8BrB,eAAsB,qBAAqB,aAAwC;AACjF,QAAM,MAAM,GAAG,YAAY,IAAI,mBAAmB,WAAW,CAAC;AAC9D,QAAM,MAAM,MAAM,MAAM,KAAK;AAAA,IAC3B,SAAS,EAAE,QAAQ,mBAAmB;AAAA,EACxC,CAAC;AAED,MAAI,IAAI,WAAW,IAAK,QAAO,CAAC;AAChC,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI;AAAA,MACR,sBAAsB,IAAI,MAAM,SAAS,WAAW,MAAM,MAAM,IAAI,KAAK,CAAC;AAAA,IAC5E;AAAA,EACF;AAEA,QAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,SAAO,OAAO,KAAK,KAAK,QAAQ;AAClC;AA4BA,eAAsB,0BACpB,aACA,kBACA,qBACA,iBACgC;AAChC,QAAM,WAAW,MAAM,qBAAqB,WAAW;AACvD,MAAI,CAAC,SAAS,QAAQ;AACpB,WAAO;AAAA,MACL,YAAY,CAAC;AAAA,MACb,uBAAuB;AAAA,IACzB;AAAA,EACF;AAEA,QAAM,YAAYC,QAAO,MAAM,gBAAgB;AAG/C,QAAM,aAAa,SAChB,OAAO,CAAC,MAAMA,QAAO,MAAM,CAAC,KAAKA,QAAO,IAAI,GAAG,mBAAmB,CAAC,EACnE,OAAO,CAAC,MAAM;AACb,QAAI,CAAC,gBAAiB,QAAO;AAC7B,QAAI;AACF,aAAO,CAACA,QAAO,UAAU,GAAG,iBAAiB,EAAE,mBAAmB,MAAM,CAAC;AAAA,IAC3E,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF,CAAC,EACA,KAAKA,QAAO,OAAO;AAEtB,MAAI,CAAC,WAAW,QAAQ;AACtB,WAAO;AAAA,MACL,YAAY,CAAC;AAAA,MACb,uBAAuB;AAAA,IACzB;AAAA,EACF;AAEA,QAAM,wBAA6D,CAAC;AAEpE,aAAW,aAAa,YAAY;AAClC,UAAM,QAAQ,qBAAqB,kBAAkB,SAAS;AAC9D,QAAI,CAAC,MAAO;AACZ,QAAI,CAAC,sBAAsB,KAAK,GAAG;AACjC,4BAAsB,KAAK,IAAI;AAAA,IACjC;AAAA,EACF;AAEA,QAAM,cACJ,sBAAsB,SAAS,sBAAsB,SAAS,sBAAsB;AAEtF,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,uBAAuB;AAAA,IACzB;AAAA,EACF;AAEA,QAAM,eAAe,qBAAqB,kBAAkB,WAAW;AACvE,QAAM,wBACJ,CAAC,sBAAsB,SACvB,CAAC,sBAAsB,SACvB,QAAQ,sBAAsB,KAAK;AAErC,MAAI,CAAC,aAAa,CAAC,cAAc;AAC/B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,YAAY;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,EACF;AACF;AAEA,SAAS,qBACP,kBACA,kBAC8B;AAC9B,QAAM,YAAYA,QAAO,MAAM,gBAAgB;AAC/C,QAAM,YAAYA,QAAO,MAAM,gBAAgB;AAE/C,MAAI,CAAC,aAAa,CAAC,UAAW,QAAO;AACrC,MAAI,UAAU,QAAQ,UAAU,MAAO,QAAO;AAC9C,MAAI,UAAU,QAAQ,UAAU,MAAO,QAAO;AAC9C,MAAI,UAAU,QAAQ,UAAU,SAAS,UAAU,YAAY,UAAU,SAAS;AAChF,WAAO;AAAA,EACT;AAEA,SAAO;AACT;;;AC7KA,eAAsB,qBAAqB,QAWS;AAClD,QAAM,EAAE,YAAY,KAAK,gBAAgB,QAAQ,QAAQ,UAAU,YAAY,IAAI;AACnF,QAAM,MAAM,WAAW;AACvB,QAAM,sBAAsB,WAAW,SAAS;AAEhD,MAAI,IAAI,SAAS,YAAY;AAC3B,QAAI,YAAY,wBAAwB;AACtC,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,2DAA2D,IAAI,IAAI;AAAA,QAC9E;AAAA,MACF;AAAA,IACF;AAEA,QAAI,YAAY,mBAAmB;AACjC,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,0EAA0E,IAAI,IAAI;AAAA,QAC7F;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,wCAAwC,IAAI,IAAI;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAEA,UAAMC,eAAc,MAAM;AAAA,MACxB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,WAAW,SAAS;AAAA,IACtB;AAEA,QAAI,CAACA,aAAY,aAAa;AAC5B,aAAO;AAAA,QACL,OAAO;AAAA,QACP,QAAQ;AAAA,UACN,aAAa,IAAI;AAAA,UACjB,UAAU;AAAA,UACV,aAAa,IAAI;AAAA,UACjB,SAAS;AAAA,UACT;AAAA,UACA,kBAAkB;AAAA,UAClB,SAAS,sCAAsC,IAAI,IAAI;AAAA,QACzD;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAkB,MAAO,yBAAiC,QAAQ;AAAA,MACtE;AAAA,MACA;AAAA,MACA,aAAa,IAAI;AAAA,MACjB,aAAa,IAAI;AAAA,MACjB,WAAWA,aAAY;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,CAAC,qBAAqB;AACxB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,QACN,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,wCAAwC,IAAI,IAAI;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,MAAM;AAAA,IACxB,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ;AAAA,IACA,WAAW,SAAS;AAAA,EACtB;AAEA,MAAI,CAAC,YAAY,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,QACN,aAAa,IAAI;AAAA,QACjB,UAAU;AAAA,QACV,aAAa,IAAI;AAAA,QACjB,SAAS;AAAA,QACT;AAAA,QACA,kBAAkB;AAAA,QAClB,SAAS,qCAAqC,IAAI,IAAI;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAe,MAAO,qBAA6B,QAAQ;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,aAAa,IAAI;AAAA,IACjB,aAAa,IAAI;AAAA,IACjB,WAAW,YAAY;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,OAAO;AAAA,IACP,QAAQ;AAAA,EACV;AACF;;;ACxJA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,SAAAC,QAAO,SAAS,YAAAC,WAAU,MAAAC,WAAU;AAC7C,SAAS,QAAAC,aAAY;AACrB,SAAS,SAAAC,cAAa;AAYf,IAAM,yBAAyBN,MAAK;AAAA,EACzC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GACV,OAAO,EACP,IAAI,CAAC,EACL,SAAS,yDAAyD;AAAA,IACrE,SAASA,GACN,OAAO,EACP,MAAM,kBAAkB,gCAAgC,EACxD,SAAS,mCAAmC;AAAA,IAC/C,cAAcA,GACX,MAAMA,GAAE,OAAO,CAAC,EAChB,SAAS,EACT,QAAQ,CAAC,QAAQ,MAAM,CAAC,EACxB;AAAA,MACC;AAAA,IACF;AAAA,EACJ,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAyC;AACvC,UAAM,cAAc,2BAA2B,KAAK,IAAI,CAAC;AACzD,UAAM,aAAaI,MAAK,aAAa,KAAK;AAE1C,QAAI;AAEF,YAAM,SAAS,8BAA8B,WAAW,MAAM,YAAY,MAAM,GAAG,EAAE,IAAI,CAAC,IAAI,OAAO;AAGrG,YAAMH,OAAM,aAAa,EAAE,WAAW,KAAK,CAAC;AAG5C,YAAM,cAAcG,MAAK,aAAa,aAAa;AACnD,YAAMC,OAAM,QAAQ,CAAC,MAAM,MAAM,aAAa,MAAM,CAAC;AAGrD,YAAMJ,OAAM,YAAY,EAAE,WAAW,KAAK,CAAC;AAC3C,YAAMI,OAAM,OAAO,CAAC,QAAQ,aAAa,MAAM,UAAU,CAAC;AAG1D,YAAM,oBAAoB,MAAM,QAAQ,UAAU;AAClD,YAAM,iBAAiB,kBAAkB,SAAS,SAAS,IACvDD,MAAK,YAAY,SAAS,IAC1B;AAGJ,YAAM,aAAqC,CAAC;AAE5C,qBAAe,QAAQ,KAAa,cAAqC;AACvE,YAAI;AACF,gBAAM,QAAQ,MAAM,QAAQ,KAAK,EAAE,eAAe,KAAK,CAAC;AAExD,qBAAW,QAAQ,OAAO;AACxB,kBAAM,WAAWA,MAAK,KAAK,KAAK,IAAI;AACpC,kBAAM,UAAUA,MAAK,cAAc,KAAK,IAAI;AAE5C,gBAAI,KAAK,YAAY,GAAG;AAEtB,kBACE,CAAC;AAAA,gBACC;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF,EACG,SAAS,KAAK,IAAI,GACrB;AACA,sBAAM,QAAQ,UAAU,OAAO;AAAA,cACjC;AAAA,YACF,WAAW,KAAK,OAAO,GAAG;AAExB,oBAAM,UAAU,aAAc,KAAK,CAAC,YAAY;AAC9C,sBAAM,QAAQ,IAAI;AAAA,kBAChB,IAAI,QAAQ,QAAQ,OAAO,IAAI,EAAE,QAAQ,OAAO,KAAK,CAAC;AAAA,gBACxD;AACA,uBAAO,MAAM,KAAK,KAAK,IAAI;AAAA,cAC7B,CAAC;AAED,kBAAI,SAAS;AACX,oBAAI;AACF,wBAAM,UAAU,MAAMF,UAAS,UAAU,MAAM;AAC/C,6BAAW,OAAO,IAAI;AAAA,gBACxB,QAAQ;AAAA,gBAER;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAEA,YAAM,QAAQ,gBAAgB,EAAE;AAEhC,UAAI,OAAO,KAAK,UAAU,EAAE,WAAW,GAAG;AACxC,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,sCAAsC,aAAc,KAAK,IAAI,CAAC,cAAc,WAAW,IAAI,OAAO;AAAA,QAC3G;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,aAAa;AAAA,QACb,YAAY;AAAA,MACd;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAGjD,UAAI,QAAQ,SAAS,KAAK,KAAK,QAAQ,SAAS,WAAW,GAAG;AAC5D,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,WAAW,WAAW,IAAI,OAAO;AAAA,QAC1C;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,uCAAuC,WAAW,IAAI,OAAO,KAAK,OAAO;AAAA,MAClF;AAAA,IACF,UAAE;AACA,YAAMC,IAAG,aAAa,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AACF,CAAC;;;ACtJD,SAAS,QAAAG,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,SAAS,oBAAoB;AAqC7B,IAAM,6BAAqD;AAAA,EACzD,OACE;AAAA,EACF,kBACE;AAAA,EACF,kBACE;AAAA,EACF,SACE;AACJ;AAEO,IAAM,oBAAoBC,MAAK;AAAA,EACpC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sBAAsB;AAAA,IAC9D,mBAAmBA,GAChB,OAAO,EACP,SAAS,+BAA+B;AAAA,IAC3C,OAAOA,GACJ,OAAO,EACP,MAAM,kBAAkB,EACxB,SAAS,+BAA+B;AAAA,IAC3C,YAAYA,GAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,4BAA4B;AAAA,IACpE,aAAaA,GACV,OAAOA,GAAE,OAAO,CAAC,EACjB;AAAA,MACC;AAAA,IACF;AAAA,IACF,uBAAuBA,GACpB,KAAK,CAAC,SAAS,kBAAkB,kBAAkB,SAAS,CAAC,EAC7D,SAAS,EACT,QAAQ,SAAS,EACjB,SAAS,kDAAkD;AAAA,IAC9D,QAAQA,GACL,QAAQ,EACR,SAAS,EACT,QAAQ,KAAK,EACb,SAAS,qDAAqD;AAAA,EACnE,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAAoC;AAClC,QAAI;AACF,YAAM,sBAAsB;AAC5B,UAAI,OAAO,KAAK,mBAAmB,EAAE,WAAW,GAAG;AACjD,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO;AAAA,QACT;AAAA,MACF;AAGA,YAAM,QAAQ,MAAM,YAAY;AAChC,YAAM,YAAY,MAAM,WAAW;AAGnC,YAAM,gBAAgB,OAAO,QAAQ,mBAAmB,EACrD,IAAI,CAAC,CAAC,UAAU,OAAO,MAAM;AAAA,YAAe,QAAQ;AAAA;AAAA,EAAuB,OAAO;AAAA,OAAU,EAC5F,KAAK,IAAI;AAGZ,YAAM,uBACJ,2BAA2B,qBAAqB,KAChD,2BAA2B;AAE7B,YAAM,SAAS;AAAA;AAAA;AAAA,YAGT,KAAK;AAAA,aACJ,WAAW,IAAI,iBAAiB;AAAA,cAC/B,qBAAqB;AAAA;AAAA;AAAA,EAGjC,UAAU;AAAA;AAAA;AAAA,EAGV,oBAAoB;AAAA;AAAA;AAAA,EAGpB,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA4BT,YAAM,EAAE,KAAK,IAAI,MAAM,aAAa;AAAA,QAClC;AAAA,QACA;AAAA,QACA,aAAa;AAAA;AAAA,MACf,CAAC;AAGD,UAAI;AACJ,UAAI;AAEF,cAAM,YAAY,KAAK,MAAM,aAAa;AAC1C,YAAI,CAAC,WAAW;AACd,gBAAM,IAAI,MAAM,+BAA+B;AAAA,QACjD;AACA,mBAAW,KAAK,MAAM,UAAU,CAAC,CAAC;AAAA,MACpC,SAAS,KAAK;AACZ,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO,iCAAiC,eAAe,QAAQ,IAAI,UAAU,eAAe;AAAA,QAC9F;AAAA,MACF;AAGA,UACE,CAAC,SAAS,YACV,CAAC,SAAS,aACV,OAAO,SAAS,eAAe,YAC/B,CAAC,CAAC,OAAO,UAAU,MAAM,EAAE,SAAS,SAAS,SAAS,GACtD;AACA,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,OAAO;AAAA,QACT;AAAA,MACF;AAEA,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY,SAAS;AAAA,UACrB,WAAW,SAAS;AAAA,QACtB;AAAA,MACF;AAGA,YAAM,UAA4B,CAAC;AAEnC,iBAAW,CAAC,UAAU,SAAS,KAAK,OAAO;AAAA,QACzC,SAAS;AAAA,MACX,GAAG;AACD,cAAM,aAAa,oBAAoB,QAAQ;AAE/C,YAAI,CAAC,YAAY;AACf;AAAA,QACF;AAGA,cAAM,cAAc;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAEA,YAAI,aAAa;AACf,kBAAQ,KAAK;AAAA,YACX;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,UAAI,QAAQ,WAAW,GAAG;AACxB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,UAAU;AAAA,UACV,YAAY,SAAS;AAAA,UACrB,WAAW,SAAS;AAAA,UACpB,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA,cAAc,QAAQ,CAAC,GAAG;AAAA,QAC1B,UAAU;AAAA,QACV,YAAY,SAAS;AAAA,QACrB,WAAW,SAAS;AAAA,MACtB;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AACjD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,OAAO,4BAA4B,OAAO;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AACF,CAAC;AAMD,SAAS,oBACP,UACA,OACA,UACe;AACf,MAAI,aAAa,OAAO;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB,SAAS,MAAM,IAAI;AACzC,QAAM,aAAa,MAAM,MAAM,IAAI;AAInC,QAAM,OAAiB,CAAC;AACxB,OAAK,KAAK,SAAS,QAAQ,EAAE;AAC7B,OAAK,KAAK,SAAS,QAAQ,EAAE;AAC7B,OAAK,KAAK,WAAW,cAAc,SAAS,SAAS,WAAW,SAAS,KAAK;AAI9E,QAAM,SAAS,KAAK,IAAI,cAAc,QAAQ,WAAW,MAAM;AAE/D,WAAS,IAAI,GAAG,IAAI,QAAQ,KAAK;AAC/B,UAAM,WAAW,cAAc,CAAC,KAAK;AACrC,UAAM,YAAY,WAAW,CAAC,KAAK;AAEnC,QAAI,aAAa,WAAW;AAC1B,UAAI,UAAU;AACZ,aAAK,KAAK,MAAM,QAAQ;AAAA,MAC1B;AACA,UAAI,WAAW;AACb,aAAK,KAAK,MAAM,SAAS;AAAA,MAC3B;AAAA,IACF,WAAW,UAAU;AACnB,WAAK,KAAK,MAAM,QAAQ;AAAA,IAC1B;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,IAAI;AACvB;;;ACtTO,SAAS,2BAA2B,QAAqB,mBAAqC;AACnG,MAAI,kBAAmB,QAAO;AAC9B,MAAI,OAAO,WAAW,OAAO,OAAQ,QAAO;AAE5C,SACE,OAAO,qBAAqB,qBAC5B,OAAO,qBAAqB,oBAC5B,OAAO,qBAAqB,2BAC5B,OAAO,qBAAqB,uBAC5B,OAAO,qBAAqB,yBAC5B,OAAO,qBAAqB;AAEhC;AAEA,eAAsB,sBAAsB,QAUQ;AAClD,MAAI,QAAQ;AAEZ,QAAM,eAAgB,MAAO,uBAA+B,QAAQ;AAAA,IAClE,aAAa,OAAO;AAAA,IACpB,SAAS,OAAO;AAAA,EAClB,CAAC;AAKD,WAAS;AAET,MAAI,CAAC,cAAc,WAAW,CAAC,aAAa,aAAa;AACvD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,QACN,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,QACV,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,QAAQ,OAAO;AAAA,QACf,kBAAkB;AAAA,QAClB,SAAS,cAAc,SAAS,8BAA8B,OAAO,WAAW,IAAI,OAAO,iBAAiB;AAAA,MAC9G;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAe,MAAO,kBAA0B,QAAQ;AAAA,IAC5D,aAAa,OAAO;AAAA,IACpB,mBAAmB,OAAO;AAAA,IAC1B,OAAO,OAAO;AAAA,IACd,YAAY,OAAO;AAAA,IACnB,aAAa,aAAa;AAAA,IAC1B,uBAAuB;AAAA,IACvB,QAAQ,OAAO;AAAA,EACjB,CAAC;AAOD,WAAS;AAET,MAAI,CAAC,aAAa,SAAS;AACzB,UAAM,QAAQ,aAAa,SAAS;AACpC,UAAM,mBACJ,MAAM,SAAS,SAAS,KAAK,MAAM,SAAS,kCAAkC,IAC1E,0BACA;AACN,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,QACN,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,QACV,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,QAAQ,OAAO;AAAA,QACf;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,YAAY,eAAe,YAAY,YAAY,aAAa,KAAK;AAC9E,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,QACN,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,QACV,aAAa,OAAO;AAAA,QACpB,SAAS;AAAA,QACT,QAAQ,OAAO;AAAA,QACf,kBAAkB;AAAA,QAClB,SAAS,oBAAoB,YAAY,WAAW,QAAQ,CAAC,CAAC;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAe,MAAO,mBAA2B,QAAQ;AAAA,IAC7D,aAAa,OAAO;AAAA,IACpB,mBAAmB,OAAO;AAAA,IAC1B,cAAc,YAAY;AAAA,IAC1B,SAAS,YAAY;AAAA,IACrB,YAAY,OAAO;AAAA,IACnB,KAAK,OAAO;AAAA,IACZ,gBAAgB,OAAO;AAAA,IACvB,mBAAmB,OAAO;AAAA,IAC1B,QAAQ,OAAO;AAAA,EACjB,CAAC;AASD,WAAS;AAET,SAAO;AAAA,IACL;AAAA,IACA,QAAQ;AAAA,MACN,aAAa,OAAO;AAAA,MACpB,UAAU;AAAA,MACV,aAAa,OAAO;AAAA,MACpB,eAAe,YAAY,iBAAiB,YAAY;AAAA,MACxD,SAAS,QAAQ,YAAY,OAAO;AAAA,MACpC,QAAQ,QAAQ,YAAY,MAAM;AAAA,MAClC,kBACE,CAAC,QAAQ,YAAY,OAAO,KAAK,CAAC,QAAQ,YAAY,MAAM,IACxD,YAAY,YAAY,WAAW,QACjC,4BACA,uBACF;AAAA,MACN,SAAS,YAAY,WAAW,YAAY,SAAS;AAAA,MACrD,YACE,OAAO,YAAY,YAAY,WAAW,YACtC;AAAA,QACE,QAAQ,YAAY,WAAW;AAAA,QAC/B,OAAO,YAAY,WAAW;AAAA,MAChC,IACA;AAAA,IACR;AAAA,EACF;AACF;;;AT3IA,eAAsB,4BACpB,OACA,UAA4B,CAAC,GACD;AAC5B,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,UAAU,QAAQ,UAAU,UAAU;AAC5C,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAE5C,QAAM,mBAAkC,CAAC;AACzC,QAAM,qBAA0C,CAAC;AACjD,MAAI,aAAgC;AACpC,MAAI,aAAa;AAEjB,QAAM,eAAe,MAAM,YAAY;AACvC,QAAM,CAAC,YAAY,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,IACjD,aAAa,YAAY;AAAA,IACzB,gBAAgB,YAAY,EAAE,MAAM,MAAM,CAAC,CAAC;AAAA,EAC9C,CAAC;AACD,gBAAc;AAEd,MAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,WAAO;AAAA,MACL;AAAA,MACA,YAAY;AAAA,MACZ;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,oCAAoC,YAAY;AAAA,MACzD,aAAa;AAAA,QACX,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,aAAa,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,eAAa,cAAc;AAAA,IACzB,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,YAAY,CAAC;AAAA,IACb,kBAAkB,CAAC;AAAA,EACrB;AAEA,MAAI,WAAW,SAAS,GAAG;AACzB,iBAAa,0BAA0B,YAAY,UAAU;AAAA,EAC/D;AACA,eAAa,MAAM,cAAc,UAAU;AAE3C,MAAI,WAAW,iBAAiB,WAAW,GAAG;AAC5C,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,2EAA2E,YAAY;AAAA,MAChG,aAAa;AAAA,QACX,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,aAAa,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YAAY,MAAO,mBAA2B,QAAQ,EAAE,KAAK,eAAe,CAAC;AACnF,gBAAc;AAEd,MAAI,WAAW,OAAO;AACpB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT;AAAA,MACA,SAAS,yCAAyC,UAAU,KAAK;AAAA,MACjE,aAAa;AAAA,QACX,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,aAAa,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,oBAAqB,UAAU,YAAY,CAAC;AAMlD,aAAW,YAAY,WAAW,kBAAkB;AAClD,QAAI,CAAC,YAAY,OAAO,aAAa,SAAU;AAC/C,QAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,gBAAiB;AACjD,QAAI,SAAS,cAAc,MAAO;AAClC,UAAM,UAAU,kBAAkB,OAAO,CAAC,QAAQ,IAAI,SAAS,SAAS,IAAI;AAC5E,eAAW,aAAa,SAAS;AAC/B,UAAI,CAACC,QAAO,MAAM,UAAU,OAAO,EAAG;AACtC,UAAI,eAAe;AACnB,UAAI;AACF,uBAAeA,QAAO,UAAU,UAAU,SAAS,SAAS,iBAAiB;AAAA,UAC3E,mBAAmB;AAAA,QACrB,CAAC;AAAA,MACH,QAAQ;AACN;AAAA,MACF;AACA,UAAI,cAAc;AAChB,2BAAmB,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AACA,gBAAc;AAEd,aAAW,cAAc,oBAAoB;AAC3C,UAAM,UAAU,MAAM,qBAAqB;AAAA,MACzC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AACD,kBAAc,QAAQ;AAEtB,QAAI,2BAA2B,QAAQ,QAAQ,YAAY,qBAAqB,KAAK,GAAG;AACtF,YAAM,WAAW,MAAM,sBAAsB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,aAAa,WAAW,UAAU;AAAA,QAClC,mBAAmB,WAAW,UAAU;AAAA,QACxC,OAAO;AAAA,QACP,YAAY,YAAY,WAAW;AAAA,QACnC;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AACD,oBAAc,SAAS;AACvB,uBAAiB,KAAK,SAAS,MAAM;AACrC;AAAA,IACF;AAEA,qBAAiB,KAAK,QAAQ,MAAM;AAAA,EACtC;AAEA,QAAM,eAAe,iBAAiB,OAAO,CAAC,WAAW,OAAO,OAAO,EAAE;AACzE,QAAM,kBAAkB,iBAAiB,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAC/F,QAAM,cAAc,iBAAiB,OAAO,CAAC,WAAW,OAAO,MAAM,EAAE;AAEvE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,oCAAoC,mBAAmB,MAAM,aAAa,YAAY,YAAY,WAAW,gBAAgB,eAAe;AAAA,IACrJ,aAAa;AAAA,MACX,WAAW,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,MACnB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;;;AUhLA,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;;;ACClB,IAAM,eACJ;AAcF,eAAsB,mBAAqD;AACzE,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,cAAc;AAAA,MACpC,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,WAAQ,MAAM,IAAI,KAAK;AAAA,EACzB,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,aACd,MACA,OACkC;AAClC,MAAI,CAAC,MAAM,iBAAiB,OAAQ,QAAO;AAC3C,QAAM,aAAa,MAAM,YAAY;AACrC,SAAO,KAAK,gBAAgB,KAAK,CAAC,MAAM,EAAE,MAAM,YAAY,MAAM,UAAU;AAC9E;AAEA,eAAsB,kBAAkB,SAA0C;AAChF,QAAM,OAAO,MAAM,iBAAiB;AACpC,QAAM,QAAQ,aAAa,MAAM,QAAQ,EAAE;AAC3C,MAAI,CAAC,MAAO,QAAO;AAEnB,UAAQ,MAAM;AAAA,IACZ,gBAAgB;AAAA,IAChB,WAAW,MAAM;AAAA,IACjB,SAAS,MAAM;AAAA,IACf,gBAAgB,MAAM;AAAA,IACtB,4BAA4B,MAAM;AAAA,EACpC;AAEA,MAAI,CAAC,QAAQ,WAAW,SAAS,YAAY,GAAG;AAC9C,YAAQ,WAAW,KAAK,YAAY;AAAA,EACtC;AAEA,SAAO;AACT;;;AC5CA,eAAsB,UAAU,OAA6C;AAC3E,QAAM,EAAE,QAAQ,IAAI,4BAA4B;AAChD,MAAI,CAAC,QAAS,QAAO;AAErB,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,OAAO;AAC3B,QAAI,aAAa,IAAI,OAAO,KAAK;AAEjC,UAAM,MAAM,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACtC,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,WAAO,KAAK,OAAO,CAAC;AAAA,EACtB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,eAAe,SAA0C;AAC7E,QAAM,MAAM,MAAM,UAAU,QAAQ,EAAE;AACtC,MAAI,CAAC,IAAK,QAAO;AAEjB,QAAM,QAAQ,OAAO,WAAW,IAAI,IAAI;AACxC,QAAM,aAAa,OAAO,WAAW,IAAI,UAAU;AACnD,MAAI,CAAC,OAAO,SAAS,KAAK,KAAK,CAAC,OAAO,SAAS,UAAU,GAAG;AAC3D,WAAO;AAAA,EACT;AAEA,UAAQ,OAAO;AAAA,IACb;AAAA,IACA;AAAA,IACA,MAAM,IAAI;AAAA,EACZ;AACA,SAAO;AACT;;;ACnCA,SAAS,uBAAuB,WAA8C;AAC5E,MAAI,CAAC,WAAW,cAAc,OAAQ,QAAO;AAC7C,QAAM,KAAK,UAAU,aAAa,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,EAAE,KAAK;AACxE,UAAQ,IAAI,SAAS,UAAU,aAAa,CAAC,GAAG,QAAQ,KAAK,KAAK;AACpE;AAEA,SAAS,kBAAkB,QAA6B;AACtD,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,UAAU,OAAO,YAAY,KAAK,cAAc,CAAC;AACvD,QAAM,WAAW,OAAO,YAAY,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAEhF,aAAW,OAAO,CAAC,GAAG,SAAS,GAAG,OAAO,GAAG;AAC1C,QAAI,IAAI,IAAK,MAAK,IAAI,IAAI,GAAG;AAAA,EAC/B;AACA,SAAO,MAAM,KAAK,IAAI;AACxB;AAEA,eAAsB,uBAAuB,OAA+C;AAC1F,QAAM,EAAE,eAAe,IAAI,4BAA4B;AACvD,MAAI,CAAC,eAAgB,QAAO;AAE5B,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,GAAG,cAAc,IAAI,mBAAmB,KAAK,CAAC,IAAI;AAAA,MACxE,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,WAAQ,MAAM,IAAI,KAAK;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,sBAAsB,SAA0C;AACpF,QAAM,SAAS,MAAM,uBAAuB,QAAQ,EAAE;AACtD,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,uBAAuB,OAAO,YAAY,GAAG;AAC7D,MAAI,YAAY,CAAC,QAAQ,WAAW,QAAQ,QAAQ,SAAS,sBAAsB,IAAI;AACrF,YAAQ,UAAU;AAAA,EACpB;AAEA,QAAM,OAAO,kBAAkB,MAAM;AACrC,MAAI,KAAK,SAAS,GAAG;AACnB,UAAM,SAAS,oBAAI,IAAI,CAAC,GAAG,QAAQ,YAAY,GAAG,IAAI,CAAC;AACvD,YAAQ,aAAa,MAAM,KAAK,MAAM;AAAA,EACxC;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,qBAAqB;AAAA,EACvB;AAEA,SAAO;AACT;;;AC5DA,SAAS,mBAAmB,UAAgC,OAAwB;AAClF,QAAM,aAAa,MAAM,YAAY;AACrC,UAAQ,SAAS,eAAe,CAAC,GAAG;AAAA,IAClC,CAAC,OAAO,GAAG,MAAM,YAAY,MAAM,SAAS,GAAG,OAAO,YAAY,MAAM;AAAA,EAC1E;AACF;AAEA,eAAsB,sBAAsB,OAAgD;AAC1F,QAAM,EAAE,kBAAkB,IAAI,4BAA4B;AAC1D,MAAI,CAAC,kBAAmB,QAAO,CAAC;AAEhC,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,iBAAiB;AACrC,QAAI,aAAa,IAAI,cAAc,KAAK;AACxC,QAAI,aAAa,IAAI,aAAa,KAAK;AAEvC,UAAM,MAAM,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACtC,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO,CAAC;AAErB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,WAAO,MAAM,QAAQ,IAAI,IAAK,OAAkC,CAAC;AAAA,EACnE,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAsB,yBAAyB,SAA0C;AACvF,QAAM,aAAa,MAAM,sBAAsB,QAAQ,EAAE;AACzD,QAAM,UAAU,WAAW,OAAO,CAAC,MAAM,mBAAmB,GAAG,QAAQ,EAAE,CAAC;AAC1E,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,QAAM,OAAO,QAAQ,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACtD,MAAI,KAAK,SAAS,GAAG;AACnB,UAAM,SAAS,oBAAI,IAAI,CAAC,GAAG,QAAQ,YAAY,GAAG,IAAI,CAAC;AACvD,YAAQ,aAAa,MAAM,KAAK,MAAM;AAAA,EACxC;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,uBAAuB;AAAA,EACzB;AAEA,SAAO;AACT;;;AClDA,IAAM,cAAc;AAEpB,eAAsB,oBAAoB,OAA4C;AACpF,QAAM,EAAE,gBAAgB,IAAI,4BAA4B;AACxD,MAAI,CAAC,gBAAiB,QAAO;AAE7B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,eAAe;AACnC,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,MAAM,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACtC,SAAS,EAAE,QAAQ,YAAY;AAAA,IACjC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAM,QAAQ,KAAK,MAAM,8CAA8C;AACvE,WAAO,QAAQ,CAAC,KAAK;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,iBAAiB,SAA0C;AAC/E,QAAM,MAAM,MAAM,oBAAoB,QAAQ,EAAE;AAChD,MAAI,CAAC,IAAK,QAAO;AAEjB,MAAI,CAAC,QAAQ,WAAW,SAAS,GAAG,GAAG;AACrC,YAAQ,WAAW,KAAK,GAAG;AAAA,EAC7B;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,eAAe;AAAA,EACjB;AAEA,MAAI,CAAC,QAAQ,WAAW,SAAS,WAAW,GAAG;AAC7C,YAAQ,WAAW,KAAK,WAAW;AAAA,EACrC;AAEA,SAAO;AACT;;;ACzCA,eAAe,oBAAoB,MAAgC;AACjE,QAAM,EAAE,WAAW,IAAI,4BAA4B;AACnD,MAAI,CAAC,WAAY,QAAO;AAExB,MAAI;AACF,UAAM,MAAM,GAAG,UAAU,yBAAyB,mBAAmB,IAAI,CAAC;AAC1E,UAAM,MAAM,MAAM,MAAM,KAAK,EAAE,SAAS,EAAE,QAAQ,mBAAmB,EAAE,CAAC;AACxE,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBAAkB,SAA0C;AAChF,QAAM,QAAQ,MAAM,KAAK,IAAI,IAAI,QAAQ,iBAAiB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,MAAM,GAAG,EAAE;AAC1F,MAAI,MAAM,WAAW,EAAG,QAAO;AAE/B,QAAM,SAAS,MAAM,QAAQ,IAAI,MAAM,IAAI,CAAC,SAAS,oBAAoB,IAAI,CAAC,CAAC;AAC/E,QAAM,UAAU,OAAO,OAAO,OAAO,EAAE;AACvC,MAAI,YAAY,EAAG,QAAO;AAE1B,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,yBAAyB;AAAA,EAC3B;AACA,SAAO;AACT;;;AC1BA,eAAe,aAAa,SAAmC;AAC7D,QAAM,EAAE,aAAa,IAAI,4BAA4B;AACrD,MAAI,CAAC,aAAc,QAAO;AAE1B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,GAAG,YAAY,WAAW;AAC9C,QAAI,aAAa,IAAI,WAAW,OAAO;AACvC,UAAM,MAAM,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACtC,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,wBAAwB,SAA0C;AACtF,QAAM,WAAW,MAAM;AAAA,IACrB,IAAI,IAAI,QAAQ,iBAAiB,IAAI,CAAC,MAAM,cAAc,EAAE,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;AAAA,EAC/E,EAAE,MAAM,GAAG,EAAE;AAEb,MAAI,SAAS,WAAW,EAAG,QAAO;AAElC,QAAM,SAAS,MAAM,QAAQ,IAAI,SAAS,IAAI,CAAC,YAAY,aAAa,OAAO,CAAC,CAAC;AACjF,QAAM,UAAU,OAAO,OAAO,OAAO,EAAE;AACvC,MAAI,YAAY,EAAG,QAAO;AAE1B,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,mBAAmB;AAAA,EACrB;AAEA,SAAO;AACT;;;AChCA,eAAe,UAAU,KAAa,OAAe,OAA6C;AAChG,MAAI;AACF,UAAM,UAAU,IAAI,IAAI,GAAG;AAC3B,YAAQ,aAAa,IAAI,OAAO,KAAK;AAErC,UAAM,UAAkC,EAAE,QAAQ,mBAAmB;AACrE,QAAI,MAAO,SAAQ,gBAAgB,UAAU,KAAK;AAElD,UAAM,MAAM,MAAM,MAAM,QAAQ,SAAS,GAAG,EAAE,QAAQ,CAAC;AACvD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,WAAO,QAAQ,SAAS;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,wBAAwB,SAA0C;AACtF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,4BAA4B;AAEhC,QAAM,cACJ,MAAM,QAAQ,IAAI,oBAAoB,IAAI,CAAC,QAAQ,UAAU,KAAK,QAAQ,EAAE,CAAC,CAAC,GAC9E,OAAO,CAAC,MAAmB,QAAQ,CAAC,CAAC;AAEvC,QAAM,kBACJ,MAAM,QAAQ;AAAA,IACZ,gBAAgB,IAAI,CAAC,QAAQ,UAAU,KAAK,QAAQ,IAAI,mBAAmB,CAAC;AAAA,EAC9E,GACA,OAAO,CAAC,MAAmB,QAAQ,CAAC,CAAC;AAEvC,MAAI,WAAW,WAAW,KAAK,eAAe,WAAW,GAAG;AAC1D,WAAO;AAAA,EACT;AAEA,UAAQ,eAAe;AAAA,IACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,IAC7B,kBAAkB,WAAW,SAAS,IAAI,aAAa,QAAQ,cAAc;AAAA,IAC7E,iBACE,eAAe,SAAS,IAAI,iBAAiB,QAAQ,cAAc;AAAA,EACvE;AAEA,QAAM,aAAa,oBAAI,IAAI,CAAC,GAAG,QAAQ,YAAY,GAAG,YAAY,GAAG,cAAc,CAAC;AACpF,UAAQ,aAAa,MAAM,KAAK,UAAU;AAE1C,SAAO;AACT;;;ARpCO,IAAM,gBAAgBC,MAAK;AAAA,EAChC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,OAAOA,GACJ,OAAO,EACP,MAAM,oBAAoB,4CAA4C;AAAA,EAC3E,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,MAAM,MAAwE;AAC9F,UAAM,eAAe,MAAM,YAAY;AAGvC,UAAM,CAAC,YAAY,UAAU,IAAI,MAAM,QAAQ,IAAI;AAAA,MACjD,aAAa,YAAY;AAAA,MACzB,gBAAgB,YAAY;AAAA,IAC9B,CAAC;AAED,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,QAAQ,YAAY;AAAA,MAC7B;AAAA,IACF;AAGA,QAAI,UAAsB,cAAc;AAAA,MACtC,IAAI;AAAA,MACJ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,YAAY,CAAC;AAAA,MACb,kBAAkB,CAAC;AAAA,IACrB;AAGA,QAAI,WAAW,SAAS,GAAG;AACzB,gBAAU,0BAA0B,SAAS,UAAU;AAAA,IACzD;AAEA,UAAM,eAAyF,CAAC;AAEhG,UAAM,gBAAgB,OACpB,YACA,aACkB;AAClB,YAAM,SAAS,KAAK,UAAU,OAAO;AACrC,UAAI;AACF,kBAAU,MAAM,SAAS,OAAO;AAChC,cAAM,QAAQ,KAAK,UAAU,OAAO;AACpC,qBAAa,UAAU,IAAI;AAAA,UACzB,WAAW;AAAA,UACX,SAAS,WAAW;AAAA,QACtB;AAAA,MACF,SAAS,OAAO;AACd,qBAAa,UAAU,IAAI;AAAA,UACzB,WAAW;AAAA,UACX,SAAS;AAAA,UACT,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,OAAO,aAAa;AACxC,UAAM,cAAc,YAAY,iBAAiB;AACjD,UAAM,cAAc,QAAQ,cAAc;AAC1C,UAAM,cAAc,gBAAgB,qBAAqB;AACzD,UAAM,cAAc,mBAAmB,wBAAwB;AAC/D,UAAM,cAAc,UAAU,gBAAgB;AAC9C,UAAM,cAAc,YAAY,iBAAiB;AACjD,UAAM,cAAc,kBAAkB,uBAAuB;AAC7D,UAAM,cAAc,kBAAkB,uBAAuB;AAE7D,YAAQ,eAAe;AAAA,MACrB,GAAI,QAAQ,gBAAgB,CAAC;AAAA,MAC7B;AAAA,IACF;AAEA,QAAI,QAAQ,iBAAiB,WAAW,GAAG;AACzC,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,QAAQ,YAAY;AAAA,MAC7B;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,MAAM,QAAQ;AAAA,EACxC;AACF,CAAC;;;ASpGD,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAClB,OAAOC,aAAY;AAGnB,IAAM,wBAAwBD,GAAE,OAAO;AAAA,EACrC,MAAMA,GAAE,OAAO;AAAA,EACf,WAAWA,GAAE,QAAQ,KAAK;AAAA,EAC1B,iBAAiBA,GAAE,OAAO;AAAA,EAC1B,qBAAqBA,GAAE,OAAO,EAAE,SAAS;AAAA,EACzC,QAAQA,GAAE,KAAK,CAAC,OAAO,iBAAiB,CAAC;AAC3C,CAAC;AAED,IAAM,yBAAyBA,GAAE,OAAO;AAAA,EACtC,MAAMA,GAAE,OAAO;AAAA,EACf,SAASA,GAAE,OAAO;AAAA,EAClB,MAAMA,GAAE,KAAK,CAAC,UAAU,UAAU,CAAC;AACrC,CAAC;AAEM,IAAM,wBAAwBD,MAAK;AAAA,EACxC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,mBAAmBA,GAChB,MAAM,sBAAsB,EAC5B,SAAS,sCAAsC;AAAA,IAClD,kBAAkBA,GACf,MAAM,qBAAqB,EAC3B,SAAS,wDAAwD;AAAA,EACtE,CAAC;AAAA,EACD,SAAS,OAAO,EAAE,mBAAmB,iBAAiB,MAGhD;AACJ,UAAM,aAAkC,CAAC;AAEzC,eAAW,YAAY,kBAAuC;AAE5D,YAAM,UAAW,kBAAyC;AAAA,QACxD,CAAC,MAAM,EAAE,SAAS,SAAS;AAAA,MAC7B;AAEA,iBAAW,aAAa,SAAS;AAE/B,YAAI,CAACC,QAAO,MAAM,UAAU,OAAO,EAAG;AAEtC,YAAI,eAAe;AACnB,YAAI;AACF,yBAAeA,QAAO,UAAU,UAAU,SAAS,SAAS,iBAAiB;AAAA,YAC3E,mBAAmB;AAAA,UACrB,CAAC;AAAA,QACH,QAAQ;AAEN;AAAA,QACF;AAEA,YAAI,cAAc;AAChB,qBAAW,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,QACzC;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,oBAAoB;AAAA,MACpB,cAAc,kBAAkB;AAAA,IAClC;AAAA,EACF;AACF,CAAC;;;ACnED,SAAS,QAAAC,aAAY;AACrB,SAAS,KAAAC,UAAS;AAGX,IAAM,uBAAuBC,MAAK;AAAA,EACvC,aACE;AAAA,EACF,YAAYC,GAAE,OAAO;AAAA,IACnB,aAAaA,GAAE,OAAO,EAAE,SAAS,sBAAsB;AAAA,IACvD,kBAAkBA,GAAE,OAAO,EAAE,SAAS,gDAAgD;AAAA,IACtF,qBAAqBA,GAClB,OAAO,EACP;AAAA,MACC;AAAA,IACF;AAAA,IACF,iBAAiBA,GACd,OAAO,EACP,SAAS,EACT,SAAS,4EAA4E;AAAA,EAC1F,CAAC;AAAA,EACD,SAAS,OAAO;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,MAOM;AACJ,UAAM,aAAa,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,EAAE,aAAa,cAAc,YAAY,sBAAsB,IAAI;AAEzE,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL;AAAA,QACA,aAAa;AAAA,QACb,uBAAuB;AAAA,QACvB,SAAS,sCAAsC,WAAW;AAAA,MAC5D;AAAA,IACF;AAEA,UAAM,iBAAiB,SAAS,iBAAiB,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AACzE,UAAM,YAAY,SAAS,YAAY,MAAM,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE;AAC/D,UAAM,cAAc,YAAY;AAEhC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS,cACL,sBAAsB,WAAW,SAAS,WAAW,iDAAiD,gBAAgB,8EACtH,SAAS,gBAAgB,MAAM,YAAY,WAAW,SAAS,WAAW,WAAW,gBAAgB;AAAA,IAC3G;AAAA,EACF;AACF,CAAC;;;ACnDM,SAAS,kBAAkB,KAAkD;AAClF,QAAM,QAAQ;AAAA,IACZ,cAAc;AAAA,IACd,mBAAmB;AAAA,IACnB,uBAAuB;AAAA,IACvB,sBAAsB;AAAA,IACtB,sBAAsB,IAAI;AAAA,EAC5B;AAEA,MAAI,CAAC,IAAI,YAAY,0BAA0B,CAAC,IAAI,YAAY,mBAAmB;AACjF,UAAM,wBAAwB,IAAI,IAAI;AAAA,EACxC;AAEA,MAAI,CAAC,IAAI,YAAY,mBAAmB;AACtC,UAAM,sBAAsB,IAAI;AAChC,UAAM,gBAAgB,IAAI;AAC1B,UAAM,kBAAkB,IAAI,IAAI;AAAA,EAClC;AAEA,SAAO;AACT;;;ACxCA,SAAS,cAAAC,aAAY,gBAAAC,qBAAoB;AACzC,SAAS,QAAAC,cAAY;AAgBd,SAAS,wBAAwB,KAA4B;AAClE,QAAM,aAAaA,OAAK,QAAQ,IAAI,GAAG,WAAW,gBAAgB,+BAA+B;AAEjG,MAAI,CAACF,YAAW,UAAU,GAAG;AAC3B,WAAO;AAAA,qBACU,IAAI,GAAG;AAAA,qBACP,IAAI,cAAc;AAAA,WAC5B,IAAI,MAAM;AAAA,aACR,IAAI,QAAQ;AAAA,UACf,IAAI,UAAU,WAAW;AAAA,eACpB,IAAI,UAAU;AAAA,4BACD,OAAO,IAAI,YAAY,0BAA0B,KAAK,CAAC;AAAA,uBAC5D,OAAO,IAAI,YAAY,qBAAqB,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBvE;AAEA,QAAM,WAAWC,cAAa,YAAY,MAAM;AAChD,SAAO,SACJ,WAAW,aAAa,IAAI,KAAK,EACjC,WAAW,WAAW,IAAI,GAAG,EAC7B,WAAW,sBAAsB,IAAI,cAAc,EACnD,WAAW,cAAc,OAAO,IAAI,MAAM,CAAC,EAC3C,WAAW,gBAAgB,OAAO,IAAI,QAAQ,CAAC,EAC/C,WAAW,cAAc,IAAI,UAAU,WAAW,EAClD,WAAW,kBAAkB,IAAI,UAAU,EAC3C,WAAW,8BAA8B,OAAO,IAAI,YAAY,0BAA0B,KAAK,CAAC,EAChG,WAAW,yBAAyB,OAAO,IAAI,YAAY,qBAAqB,KAAK,CAAC;AAC3F;;;A/B/BA,eAAsB,uBACpB,OACA,UAA4B,CAAC,GACD;AAC5B,QAAM,WAAW,gBAAgB,OAAO;AACxC,MAAI,aAAa,SAAS;AACxB,WAAO,4BAA4B,OAAO,OAAO;AAAA,EACnD;AAEA,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,iBAAiB,QAAQ,kBAAkB,qBAAqB,GAAG;AACzE,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,UAAU,QAAQ,UAAU,UAAU;AAC5C,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAE5C,QAAM,QAAQ,MAAM,YAAY,OAAO;AAEvC,QAAM,eAAe,wBAAwB;AAAA,IAC3C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,SAAS,6CAA6C,KAAK,uBAAuB,GAAG,sBAAsB,cAAc;AAE/H,QAAM,mBAAkC,CAAC;AACzC,QAAM,qBAA0C,CAAC;AACjD,MAAI,aAAgC;AACpC,MAAI,aAAa;AAEjB,QAAM,6BAA6B,UAC/B;AAAA,IACE,GAAG;AAAA,IACH,SAAS,OAAO,UACb,qBAA6B,QAAQ,EAAE,GAAG,OAAO,QAAQ,KAAK,CAAC;AAAA,EACpE,IACA;AACJ,QAAM,iCAAiC,UACnC;AAAA,IACE,GAAG;AAAA,IACH,SAAS,OAAO,UACb,yBAAiC,QAAQ,EAAE,GAAG,OAAO,QAAQ,KAAK,CAAC;AAAA,EACxE,IACA;AACJ,QAAM,2BAA2B,UAC7B;AAAA,IACE,GAAG;AAAA,IACH,SAAS,OAAO,UACb,mBAA2B,QAAQ,EAAE,GAAG,OAAO,QAAQ,KAAK,CAAC;AAAA,EAClE,IACA;AACJ,QAAM,QAAQ,kBAAkB;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,SAAS,MAAME,cAAa;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA,UAAU;AAAA,IACV,aAAa,YAAY;AACvB,oBAAc;AAEd,YAAM,cAAe,WAAW,eAAe,CAAC;AAKhD,iBAAW,MAAM,aAAa;AAC5B,cAAM,aAAa,GAAG;AAEtB,YAAI,GAAG,aAAa,gBAAgB,YAAY,MAAM;AACpD,uBAAa,WAAW;AAAA,QAC1B;AACA,YAAI,GAAG,aAAa,yBAAyB,YAAY,oBAAoB;AAC3E,6BAAmB,KAAK,GAAI,WAAW,kBAA0C;AAAA,QACnF;AACA,YAAI,GAAG,aAAa,sBAAsB;AACxC,2BAAiB,KAAK,UAAoC;AAAA,QAC5D;AAEA,YAAI,GAAG,aAAa,0BAA0B;AAC5C,2BAAiB,KAAK,UAAoC;AAAA,QAC5D;AAEA,YAAI,GAAG,aAAa,sBAAsB,YAAY;AACpD,gBAAM,aAAa,WAAW;AAG9B,gBAAM,UACJ,OAAO,WAAW,YAAY,WAC1B,WAAW,UACX,OAAO,WAAW,UAAU,WAC1B,WAAW,QACX;AAER,2BAAiB,KAAK;AAAA,YACpB,aACE,OAAO,WAAW,gBAAgB,WAC9B,WAAW,cACX;AAAA,YACN,UAAU;AAAA,YACV,aACE,OAAO,WAAW,sBAAsB,WACpC,WAAW,oBACX;AAAA,YACN,eACE,OAAO,WAAW,kBAAkB,WAChC,WAAW,gBACX,OAAO,WAAW,cAAc,WAC9B,WAAW,YACX;AAAA,YACR,SAAS,QAAQ,WAAW,OAAO;AAAA,YACnC,QAAQ,QAAQ,WAAW,MAAM;AAAA,YACjC,kBACE,CAAC,QAAQ,WAAW,OAAO,KAAK,CAAC,QAAQ,WAAW,MAAM,IACtD,cAAc,WAAW,WAAW,QAClC,4BACA,uBACF;AAAA,YACN;AAAA,YACA,YACE,cAAc,OAAO,WAAW,WAAW,YACvC;AAAA,cACE,QAAQ,WAAW;AAAA,cACnB,OAAO,OAAO,WAAW,UAAU,WAAW,WAAW,QAAQ;AAAA,YACnE,IACA;AAAA,UACR,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,OAAO;AAAA,IAChB,aAAa;AAAA,MACX,WAAW,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,MACnB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;;;AgCxLO,IAAM,yBAAyB,CAAC,OAAO,QAAQ,MAAM;AACrD,IAAM,sBAAsB,CAAC,UAAU,aAAa,OAAO;AAC3D,IAAM,2BAA2B,CAAC,OAAO,OAAO,OAAO,WAAW,SAAS;AAE3E,IAAM,sBAAsB;AAAA,EACjC,OAAO;AAAA,EACP,WAAW;AAAA,EACX,KAAK;AAAA,EACL,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,UAAU;AAAA,EACV,aAAa;AAAA,EACb,YAAY;AAAA,EACZ,QAAQ;AAAA,EACR,WAAW;AAAA,EACX,WAAW;AAAA,EACX,aAAa;AAAA,EACb,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,wBAAwB;AAAA,EACxB,mBAAmB;AACrB;AAEO,SAAS,mCAAuE;AACrF,SAAO;AAAA,IACL,wBAAwB,EAAE,MAAM,WAAW,aAAa,oBAAoB,uBAAuB;AAAA,IACnG,mBAAmB,EAAE,MAAM,WAAW,aAAa,oBAAoB,kBAAkB;AAAA,EAC3F;AACF;AAEO,SAAS,sCAAsC,SAIf;AACrC,QAAM,gBAAgB,SAAS,iBAAiB;AAChD,QAAM,iBAAiB,SAAS,kBAAkB;AAClD,QAAM,kBAAkB,SAAS,mBAAmB;AAEpD,SAAO;AAAA,IACL,KAAK,EAAE,MAAM,UAAU,aAAa,oBAAoB,IAAI;AAAA,IAC5D,gBAAgB,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,sBAAsB,GAAG,aAAa,oBAAoB,eAAe;AAAA,IACrH,GAAI,gBAAgB,EAAE,QAAQ,EAAE,MAAM,WAAW,aAAa,oBAAoB,OAAO,EAAE,IAAI,CAAC;AAAA,IAChG,GAAI,iBAAiB,EAAE,SAAS,EAAE,MAAM,WAAW,aAAa,oBAAoB,QAAQ,EAAE,IAAI,CAAC;AAAA,IACnG,UAAU,EAAE,MAAM,WAAW,aAAa,oBAAoB,SAAS;AAAA,IACvE,aAAa,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,mBAAmB,GAAG,aAAa,oBAAoB,YAAY;AAAA,IAC5G,YAAY,EAAE,MAAM,UAAU,aAAa,oBAAoB,WAAW;AAAA,IAC1E,QAAQ,EAAE,MAAM,UAAU,aAAa,oBAAoB,OAAO;AAAA,IAClE,GAAI,kBAAkB,EAAE,UAAU,EAAE,MAAM,WAAW,aAAa,oBAAoB,SAAS,EAAE,IAAI,CAAC;AAAA,IACtG,WAAW,EAAE,MAAM,UAAU,aAAa,oBAAoB,UAAU;AAAA,IACxE,WAAW,EAAE,MAAM,UAAU,aAAa,oBAAoB,UAAU;AAAA,IACxE,aAAa,EAAE,MAAM,UAAU,aAAa,oBAAoB,YAAY;AAAA,IAC5E,gBAAgB,EAAE,MAAM,UAAU,aAAa,oBAAoB,eAAe;AAAA,IAClF,QAAQ,EAAE,MAAM,WAAW,aAAa,oBAAoB,OAAO;AAAA,IACnE,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,IAChE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,GAAG,wBAAwB,GAAG,aAAa,oBAAoB,OAAO;AAAA,IACvG,aAAa;AAAA,MACX,MAAM;AAAA,MACN,YAAY,iCAAiC;AAAA,IAC/C;AAAA,EACF;AACF;AAEO,SAAS,mCAAuE;AACrF,SAAO;AAAA,IACL,GAAG,sCAAsC,EAAE,iBAAiB,KAAK,CAAC;AAAA,IAClE,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,aAAa,cAAc,SAAS,MAAM,GAAG,aAAa,oBAAoB,OAAO;AAAA,EACxH;AACF;AAEO,SAAS,mCAAuE;AACrF,SAAO;AAAA,IACL,eAAe,EAAE,MAAM,SAAS;AAAA,IAChC,QAAQ,EAAE,MAAM,UAAU,MAAM,CAAC,MAAM,WAAW,QAAQ,EAAE;AAAA,IAC5D,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACnD,SAAS,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACpD,cAAc,EAAE,MAAM,SAAS;AAAA,IAC/B,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,QAAQ,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACnD,cAAc,EAAE,MAAM,SAAS;AAAA,IAC/B,YAAY,EAAE,MAAM,SAAS;AAAA,IAC7B,yBAAyB,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACpE,gBAAgB;AAAA,MACd,MAAM;AAAA,MACN,sBAAsB,EAAE,MAAM,SAAS;AAAA,IACzC;AAAA,IACA,uBAAuB;AAAA,MACrB,MAAM;AAAA,MACN,sBAAsB,EAAE,MAAM,SAAS;AAAA,IACzC;AAAA,IACA,oBAAoB;AAAA,MAClB,MAAM;AAAA,MACN,sBAAsB,EAAE,MAAM,SAAS;AAAA,IACzC;AAAA,IACA,YAAY,EAAE,MAAM,SAAS;AAAA,IAC7B,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,YAAY,EAAE,MAAM,SAAS;AAAA,IAC7B,aAAa,EAAE,MAAM,SAAS;AAAA,IAC9B,gBAAgB,EAAE,MAAM,SAAS;AAAA,EACnC;AACF;;;ACnGO,SAAS,oBAAoB,SAA+D;AACjG,QAAM,SAA8B,CAAC;AAErC,aAAW,UAAU,SAAS;AAC5B,eAAW,UAAU,OAAO,SAAS;AACnC,aAAO,OAAO,QAAQ,KAAK,OAAO,OAAO,QAAQ,KAAK,KAAK;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,SAAS;AACnD;AAEA,SAAS,kBAAkB,eAAuD;AAChF,SAAO,kBAAkB,WAAW,WAAW;AACjD;AAEO,SAAS,2BAA2B,SAAiE;AAC1G,QAAM,SAAgC,CAAC;AAEvC,aAAW,UAAU,SAAS;AAC5B,UAAM,gBAAgB,oBAAI,IAA6B;AAEvD,eAAW,qBAAqB,OAAO,oBAAoB;AACzD,YAAM,QAAQ,kBAAkB,kBAAkB,UAAU,IAAI;AAChE,YAAM,UAAU,cAAc,IAAI,kBAAkB,UAAU,IAAI;AAClE,UAAI,CAAC,WAAW,YAAY,UAAU;AACpC,sBAAc,IAAI,kBAAkB,UAAU,MAAM,KAAK;AAAA,MAC3D;AAAA,IACF;AAEA,eAAW,UAAU,OAAO,SAAS;AACnC,YAAM,QAAQ,cAAc,IAAI,OAAO,WAAW;AAClD,UAAI,CAAC,MAAO;AACZ,aAAO,KAAK,KAAK,OAAO,KAAK,KAAK,KAAK;AAAA,IACzC;AAAA,EACF;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,SAAS;AACnD;AAEO,SAAS,4BAA4B,SAAkE;AAC5G,QAAM,SAAiC,CAAC;AAExC,aAAW,UAAU,SAAS;AAC5B,eAAW,UAAU,OAAO,SAAS;AACnC,UAAI,CAAC,OAAO,iBAAkB;AAC9B,aAAO,OAAO,gBAAgB,KAAK,OAAO,OAAO,gBAAgB,KAAK,KAAK;AAAA,IAC7E;AAAA,EACF;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,SAAS;AACnD;AAEO,SAAS,YAAY,QAA+B;AACzD,MAAI,mBAAmB;AACvB,aAAW,aAAa,OAAO,SAAS;AACtC,wBAAoB,UAAU,QAAQ;AAAA,EACxC;AAEA,SAAO;AAAA,IACL,eAAe,OAAO;AAAA,IACtB,QAAQ,OAAO;AAAA,IACf,aAAa,OAAO;AAAA,IACpB,UAAU,OAAO,OAAO;AAAA,IACxB;AAAA,IACA,cAAc,OAAO;AAAA,IACrB,aAAa,OAAO;AAAA,IACpB,QAAQ,OAAO;AAAA,IACf,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,cAAc;AAAA,IACjC,yBAAyB,OAAO;AAAA,IAChC,gBAAgB,OAAO;AAAA,IACvB,uBAAuB,OAAO;AAAA,IAC9B,oBAAoB,OAAO;AAAA,IAC3B,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,IACpB,gBAAgB,OAAO;AAAA,EACzB;AACF;AAEO,SAAS,WAAW,SAA4B;AACrD,SAAO,QAAQ,cAAc,IAAI,IAAI;AACvC;;;ACrDA,SAAS,qBAAqB,UAA8B;AAC1D,MAAI,aAAa,cAAc,aAAa,OAAQ,QAAO;AAC3D,MAAI,aAAa,SAAU,QAAO;AAClC,MAAI,aAAa,MAAO,QAAO;AAC/B,SAAO;AACT;AAEO,SAAS,cAAc,QAAiC;AAC7D,QAAM,QAAqB,CAAC;AAC5B,QAAM,UAAyB,CAAC;AAChC,QAAM,YAAY,oBAAI,IAAY;AAElC,aAAW,aAAa,OAAO,SAAS;AACtC,UAAM,WAAW,UAAU,YAAY,YAAY;AACnD,UAAM,QAAQ,qBAAqB,QAAQ;AAC3C,UAAM,UAAU,UAAU,YAAY,WAAW,UAAU;AAE3D,QAAI,CAAC,UAAU,IAAI,UAAU,KAAK,GAAG;AACnC,gBAAU,IAAI,UAAU,KAAK;AAC7B,YAAM,KAAK;AAAA,QACT,IAAI,UAAU;AAAA,QACd,MAAM;AAAA,QACN,kBAAkB,EAAE,MAAM,UAAU,MAAM;AAAA,QAC1C,iBAAiB,EAAE,MAAM,QAAQ;AAAA,QACjC,sBAAsB,EAAE,MAAM;AAAA,QAC9B,SAAS,iCAAiC,UAAU,KAAK;AAAA,QACzD,YAAY,EAAE,SAAS;AAAA,MACzB,CAAC;AAAA,IACH;AAEA,eAAW,qBAAqB,UAAU,oBAAoB;AAC5D,YAAM,UAAU,kBAAkB,SAAS,sBACvC,oBAAoB,kBAAkB,SAAS,mBAAmB,MAClE;AACJ,cAAQ,KAAK;AAAA,QACX,QAAQ,UAAU;AAAA,QAClB;AAAA,QACA,SAAS;AAAA,UACP,MAAM,GAAG,kBAAkB,UAAU,IAAI,IAAI,kBAAkB,UAAU,OAAO,qBAAqB,UAAU,KAAK,KAAK,OAAO,GAAG,OAAO;AAAA,QAC5I;AAAA,QACA,WAAW;AAAA,UACT;AAAA,YACE,kBAAkB;AAAA,cAChB,kBAAkB,EAAE,KAAK,gBAAgB,WAAW,YAAY;AAAA,YAClE;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SACE;AAAA,IACF,MAAM;AAAA,MACJ;AAAA,QACE,MAAM;AAAA,UACJ,QAAQ;AAAA,YACN,MAAM;AAAA,YACN,gBAAgB;AAAA,YAChB;AAAA,UACF;AAAA,QACF;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;AC5GA,SAAS,aAAAC,YAAW,iBAAAC,sBAAqB;AACzC,SAAS,QAAAC,cAAY;AAsDd,SAAS,kBAAkB,KAAa,QAAkB,UAA2B,CAAC,GAAgB;AAC3G,SAAO;AAAA,IACL,OAAO,GAAG,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AAAA,IAC9D,WAAW,QAAQ;AAAA,IACnB,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ;AAAA,IACrB,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ;AAAA,IAChB,gBAAgB,QAAQ;AAAA,IACxB;AAAA,IACA;AAAA,IACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,OAAO,CAAC;AAAA,EACV;AACF;AAEO,SAAS,gBACd,KACA,QACA,OACA,QACA,OACM;AACN,MAAI,MAAM,KAAK;AAAA,IACb,KAAI,oBAAI,KAAK,GAAE,YAAY;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEO,SAAS,iBAAiB,KAA+B;AAC9D,MAAI,cAAa,oBAAI,KAAK,GAAE,YAAY;AACxC,SAAO;AACT;AAEO,SAAS,iBAAiB,KAAa,KAA0B;AACtE,QAAM,MAAMA,OAAK,KAAK,mBAAmB,UAAU;AACnD,EAAAF,WAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAClC,QAAM,WAAWE,OAAK,KAAK,GAAG,IAAI,KAAK,OAAO;AAC9C,EAAAD,eAAc,UAAU,KAAK,UAAU,KAAK,MAAM,CAAC,IAAI,MAAM,MAAM;AACnE,SAAO;AACT;;;AClGA,SAAS,cAAAE,aAAY,aAAAC,YAAW,gBAAAC,eAAc,iBAAAC,sBAAqB;AACnE,SAAS,QAAAC,cAAY;AAerB,IAAM,gBAAkC;AAAA,EACtC,eAAe;AAAA,EACf,SAAS,CAAC;AACZ;AAEA,SAAS,cAAc,KAAqB;AAC1C,SAAOA,OAAK,KAAK,mBAAmB,SAAS,kBAAkB;AACjE;AAEA,SAAS,SAAS,gBAAwB,OAAuB;AAC/D,SAAO,GAAG,cAAc,KAAK,MAAM,YAAY,CAAC;AAClD;AAEA,SAAS,UAAU,KAA+B;AAChD,QAAM,WAAW,cAAc,GAAG;AAClC,MAAI,CAACJ,YAAW,QAAQ,EAAG,QAAO;AAElC,MAAI;AACF,UAAM,SAAS,KAAK,MAAME,cAAa,UAAU,MAAM,CAAC;AACxD,QAAI,UAAU,OAAO,kBAAkB,SAAS,OAAO,SAAS;AAC9D,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,UAAU,KAAa,OAA+B;AAC7D,QAAM,WAAW,cAAc,GAAG;AAClC,EAAAD,WAAUG,OAAK,KAAK,mBAAmB,OAAO,GAAG,EAAE,WAAW,KAAK,CAAC;AACpE,EAAAD,eAAc,UAAU,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,MAAM,MAAM;AACvE;AAEO,SAAS,qBACd,KACA,gBACA,OAC+B;AAC/B,QAAM,QAAQ,UAAU,GAAG;AAC3B,QAAM,MAAM,SAAS,gBAAgB,KAAK;AAC1C,SAAO,MAAM,QAAQ,GAAG,GAAG;AAC7B;AAEO,SAAS,sBACd,KACA,gBACA,OACA,QACM;AACN,QAAM,QAAQ,UAAU,GAAG;AAC3B,QAAM,MAAM,SAAS,gBAAgB,KAAK;AAC1C,QAAM,QAAQ,GAAG,IAAI;AAAA,IACnB,KAAK;AAAA,IACL,OAAO,MAAM,YAAY;AAAA,IACzB;AAAA,IACA,UAAS,oBAAI,KAAK,GAAE,YAAY;AAAA,EAClC;AACA,YAAU,KAAK,KAAK;AACtB;;;ACnEA,SAAS,iBAAyB;AAChC,SAAO,OAAO,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AACpE;AAEO,SAAS,0BAA0B,SAAiG;AACzI,SAAO;AAAA,IACL,WAAW,QAAQ,aAAa,eAAe;AAAA,IAC/C,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,SAAS,yBAAyB,SAA8C;AACrF,SAAO;AAAA,IACL,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ,UAAU;AAAA,EAC5B;AACF;AAEO,SAAS,mBAAmB,SAA2B,KAAqC;AACjG,QAAM,SAAS,WAAW,KAAK,QAAQ,MAAM;AAC7C,SAAO;AAAA,IACL,wBACE,QAAQ,aAAa,0BACrB,OAAO,aAAa,0BACpB;AAAA,IACF,mBACE,QAAQ,aAAa,qBACrB,OAAO,aAAa,qBACpB;AAAA,EACJ;AACF;;;ACjCA,eAAsB,UAAU,OAAe,UAA4B,CAAC,GAA+B;AACzG,MAAI,CAAC,mBAAmB,KAAK,KAAK,GAAG;AACnC,UAAM,IAAI;AAAA,MACR,oBAAoB,KAAK;AAAA,IAC3B;AAAA,EACF;AAEA,QAAM,kBAAkB,MAAM,YAAY;AAC1C,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,cAAc,mBAAmB,SAAS,GAAG;AACnD,QAAM,aAAa,yBAAyB,OAAO;AACnD,QAAM,cAAc,0BAA0B,OAAO;AACrD,QAAM,kBAAkB,QAAQ,aAAa;AAC7C,QAAM,WAAW,kBACb,kBAAkB,KAAK,CAAC,eAAe,GAAG;AAAA,IACxC,GAAG;AAAA,IACH,OAAO,WAAW;AAAA,IAClB,QAAQ,WAAW;AAAA,IACnB,gBAAgB,QAAQ;AAAA,EAC1B,CAAC,IACD;AAEJ,MAAI,QAAQ,UAAU,QAAQ,gBAAgB;AAC5C,UAAM,SAAS,qBAAqB,KAAK,QAAQ,gBAAgB,eAAe;AAChF,QAAI,QAAQ;AACV,UAAI,UAAU;AACZ,wBAAgB,UAAU,0BAA0B,EAAE,OAAO,gBAAgB,CAAC;AAC9E,yBAAiB,QAAQ;AAAA,MAC3B;AACA,YAAME,gBAAe,WAAW,iBAAiB,KAAK,QAAQ,IAAI;AAClE,aAAO;AAAA,QACL,GAAG;AAAA,QACH,SAAS,GAAG,OAAO,OAAO;AAAA,QAC1B,cAAAA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,kBAAkB;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAEA,MAAI,UAAU;AACZ;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,QAAQ,QAAQ,QAAQ,MAAM;AAAA,QAC9B,SAAS,QAAQ,QAAQ,OAAO;AAAA,MAClC;AAAA,MACA;AAAA,QACE,wBAAwB,QAAQ,YAAY,sBAAsB;AAAA,QAClE,mBAAmB,QAAQ,YAAY,iBAAiB;AAAA,MAC1D;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,uBAAuB,iBAAiB;AAAA,MACrD,GAAG;AAAA,MACH,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,UAAU;AACZ,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,sBAAgB,UAAU,mBAAmB,EAAE,OAAO,gBAAgB,GAAG,QAAW,OAAO;AAC3F,uBAAiB,QAAQ;AACzB,uBAAiB,KAAK,QAAQ;AAAA,IAChC;AACA,UAAM;AAAA,EACR;AAEA,MAAI,UAAU;AACZ,eAAW,UAAU,OAAO,SAAS;AACnC;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,UACE,aAAa,OAAO;AAAA,UACpB,UAAU,OAAO;AAAA,UACjB,aAAa,OAAO;AAAA,UACpB,WAAW,OAAO;AAAA,QACpB;AAAA,QACA;AAAA,UACE,SAAS,OAAO;AAAA,UAChB,QAAQ,OAAO;AAAA,UACf,kBAAkB,OAAO;AAAA,QAC3B;AAAA,MACF;AAAA,IACF;AAEA;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,OAAO,gBAAgB;AAAA,MACzB;AAAA,QACE,aAAa,OAAO,QAAQ;AAAA,QAC5B,iBAAiB,OAAO,mBAAmB;AAAA,MAC7C;AAAA,IACF;AACA,qBAAiB,QAAQ;AAAA,EAC3B;AAEA,QAAM,eAAe,WAAW,iBAAiB,KAAK,QAAQ,IAAI;AAElE,QAAM,cAAiC;AAAA,IACrC,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,kBAAkB;AAAA,EACpB;AAEA,MAAI,QAAQ,kBAAkB,CAAC,QAAQ,UAAU,CAAC,QAAQ,SAAS;AACjE,0BAAsB,KAAK,QAAQ,gBAAgB,iBAAiB,WAAW;AAAA,EACjF;AAEA,SAAO;AACT;AAEA,eAAsB,gBACpB,OACA,UAA4B,CAAC,GACD;AAC5B,SAAO,UAAU,OAAO;AAAA,IACtB,GAAG;AAAA,IACH,SAAS;AAAA,IACT,QAAQ;AAAA,EACV,CAAC;AACH;;;AC3IA,SAAS,eAAe;AACxB,SAAS,gBAAAC,sBAAoB;;;ACD7B,SAAS,gBAAAC,qBAAoB;AAmB7B,IAAM,YAAY;AAElB,SAAS,kBAAkB,KAA6C;AACtE,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,KAAK,IAAI,YAAY;AAC3B,MAAI,OAAO,cAAc,OAAO,UAAU,OAAO,YAAY,OAAO,OAAO;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,4BAA4B,SAAsC;AAChF,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,QAAQ,OAAO,OAAO,OAAO,mBAAmB,CAAC,CAAC,GAAG;AAC9D,eAAW,YAAY,KAAK,OAAO,CAAC,GAAG;AACrC,YAAM,OAAO,OAAO,aAAa,WAAW,WAAW,GAAG,SAAS,OAAO,EAAE,IAAI,SAAS,QAAQ,EAAE;AACnG,YAAM,UAAU,KAAK,MAAM,SAAS,KAAK,CAAC;AAC1C,iBAAW,SAAS,SAAS;AAC3B,cAAM,QAAQ,MAAM,YAAY;AAChC,cAAM,MAAM,GAAG,KAAK,IAAI,KAAK,IAAI;AACjC,YAAI,KAAK,IAAI,GAAG,EAAG;AACnB,aAAK,IAAI,GAAG;AACZ,iBAAS,KAAK;AAAA,UACZ;AAAA,UACA,QAAQ;AAAA,UACR,aAAa,KAAK;AAAA,UAClB,UAAU,kBAAkB,KAAK,QAAQ;AAAA,QAC3C,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,sBAAsB,UAAuC;AAC3E,QAAM,UAAUA,cAAa,UAAU,MAAM;AAC7C,SAAO,4BAA4B,OAAO;AAC5C;;;AC5DA,SAAS,gBAAAC,qBAAoB;AAG7B,IAAMC,aAAY;AAElB,SAASC,mBAAkB,KAA6C;AACtE,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,KAAK,IAAI,YAAY;AAC3B,MAAI,OAAO,cAAc,OAAO,UAAU,OAAO,YAAY,OAAO,OAAO;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,6BAA6B,SAAsC;AACjF,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,QAAM,QAAQ,QACX,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,OAAO;AAEjB,aAAW,QAAQ,OAAO;AACxB,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,IAAI;AAAA,IAC1B,QAAQ;AACN;AAAA,IACF;AAEA,UAAM,QAAQ;AAYd,QAAI,MAAM,SAAS,gBAAiB;AAEpC,UAAM,WAAW,MAAM,MAAM;AAC7B,UAAM,cAAc,UAAU;AAC9B,UAAM,WAAWA,mBAAkB,UAAU,QAAQ;AAErD,UAAM,OAAO,GAAG,UAAU,OAAO,EAAE,KAAK,UAAU,QAAQ,CAAC,GAAG,KAAK,GAAG,CAAC;AACvE,UAAM,UAAU,KAAK,MAAMD,UAAS,KAAK,CAAC;AAE1C,eAAW,SAAS,SAAS;AAC3B,YAAM,QAAQ,MAAM,YAAY;AAChC,YAAM,MAAM,GAAG,KAAK,IAAI,eAAe,EAAE;AACzC,UAAI,KAAK,IAAI,GAAG,EAAG;AACnB,WAAK,IAAI,GAAG;AAEZ,eAAS,KAAK;AAAA,QACZ;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,uBAAuB,UAAuC;AAC5E,QAAM,UAAUD,cAAa,UAAU,MAAM;AAC7C,SAAO,6BAA6B,OAAO;AAC7C;;;ACzEA,SAAS,gBAAAG,sBAAoB;AAiB7B,IAAMC,aAAY;AAElB,SAAS,mBAAmB,QAAyC;AACnE,QAAM,MAAM,OAAO,aAAa,aAAa;AAC7C,SAAO,OAAO,QAAQ,WAAW,MAAM;AACzC;AAEO,SAAS,qBAAqB,SAAsC;AACzE,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,WAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,OAAO,OAAO,QAAQ,CAAC,GAAG;AACnC,eAAW,UAAU,IAAI,WAAW,CAAC,GAAG;AACtC,YAAM,WAAW,GAAG,OAAO,UAAU,EAAE,IAAI,OAAO,SAAS,QAAQ,EAAE;AACrE,YAAM,UAAU,SAAS,MAAMA,UAAS,KAAK,CAAC;AAC9C,iBAAW,SAAS,SAAS;AAC3B,cAAM,QAAQ,MAAM,YAAY;AAChC,cAAM,MAAM,mBAAmB,MAAM;AACrC,cAAM,MAAM,GAAG,KAAK,IAAI,OAAO,EAAE;AACjC,YAAI,KAAK,IAAI,GAAG,EAAG;AACnB,aAAK,IAAI,GAAG;AACZ,iBAAS,KAAK;AAAA,UACZ;AAAA,UACA,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,UAAU;AAAA,QACZ,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,UAAuC;AACpE,QAAM,UAAUD,eAAa,UAAU,MAAM;AAC7C,SAAO,qBAAqB,OAAO;AACrC;;;AHhDO,SAAS,eAAe,UAAkB,QAA8C;AAC7F,QAAM,WAAW,WAAW,SAAS,YAAY,QAAQ,IAAI;AAE7D,MAAI,aAAa,aAAa;AAC5B,WAAO,sBAAsB,QAAQ;AAAA,EACvC;AACA,MAAI,aAAa,cAAc;AAC7B,WAAO,uBAAuB,QAAQ;AAAA,EACxC;AACA,MAAI,aAAa,SAAS;AACxB,WAAO,eAAe,QAAQ;AAAA,EAChC;AAEA,QAAM,IAAI,MAAM,6BAA6B,QAAQ,EAAE;AACzD;AAEA,SAAS,YAAY,UAAoD;AACvE,QAAM,MAAM,QAAQ,QAAQ,EAAE,YAAY;AAC1C,MAAI,QAAQ,SAAU,QAAO;AAE7B,MAAI;AACF,UAAM,UAAUE,eAAa,UAAU,MAAM;AAC7C,UAAM,YAAY,QAAQ,MAAM,IAAI,EAAE,KAAK,CAAC,SAAS,KAAK,KAAK,EAAE,WAAW,GAAG,CAAC;AAChF,QAAI,WAAW;AACb,YAAM,SAAS,KAAK,MAAM,SAAS;AACnC,UAAI,OAAO,SAAS,mBAAmB,OAAO,SAAS,gBAAgB;AACrE,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,SAAO;AACT;;;AIvCO,SAAS,aAAa,UAAyC;AACpE,SAAO,CAAC,GAAG,IAAI,IAAI,SAAS,IAAI,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,CAAC,CAAC;AAChE;;;ACgBA,eAAsB,wBAAwB,QASb;AAC/B,QAAM,UAA+B,CAAC;AACtC,QAAM,SAAoD,CAAC;AAC3D,QAAM,0BAID,CAAC;AACN,MAAI,aAAa;AAEjB,aAAW,SAAS,OAAO,QAAQ;AACjC,QAAI;AACF,sBAAgB,OAAO,UAAU,mBAAmB,EAAE,MAAM,CAAC;AAC7D,YAAM,SAAS,MAAM,UAAU,OAAO;AAAA,QACpC,GAAG,OAAO;AAAA,QACV,YAAY,OAAO;AAAA,QACnB,UAAU;AAAA,QACV,GAAG,OAAO;AAAA,QACV,OAAO,OAAO,WAAW;AAAA,QACzB,QAAQ,OAAO,WAAW;AAAA,QAC1B,aAAa,OAAO;AAAA,MACtB,CAAC;AAED,aAAO,UAAU,OAAO,QAAQ,OAAO,CAAC,WAAW,iBAAiB,OAAO,QAAQ,OAAO,WAAW,CAAC;AAEtG,iBAAW,UAAU,OAAO,SAAS;AACnC,YAAI,OAAO,aAAa,cAAc;AACpC,wBAAc;AAAA,QAChB;AACA,YAAI,OAAO,YAAY,WAAW,SAAS,OAAO,YAAY,OAAO;AACnE,kCAAwB,KAAK;AAAA,YAC3B,aAAa,OAAO;AAAA,YACpB;AAAA,YACA,OAAO,OAAO,WAAW;AAAA,UAC3B,CAAC;AAAA,QACH;AAAA,MACF;AAEA,cAAQ,KAAK,MAAM;AACnB,sBAAgB,OAAO,UAAU,oBAAoB,EAAE,MAAM,GAAG,EAAE,SAAS,OAAO,QAAQ,OAAO,CAAC;AAAA,IACpG,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,aAAO,KAAK,EAAE,OAAO,QAAQ,CAAC;AAC9B,sBAAgB,OAAO,UAAU,mBAAmB,EAAE,MAAM,GAAG,QAAW,OAAO;AAAA,IACnF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChEO,SAAS,iBAAiB,QAGjB;AACd,MAAI,eAAe;AACnB,MAAI,cAAc;AAClB,aAAW,UAAU,OAAO,SAAS;AACnC,eAAW,UAAU,OAAO,SAAS;AACnC,UAAI,OAAO,WAAW,OAAO,QAAQ;AACnC,wBAAgB;AAAA,MAClB,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAO,OAAO;AAE7B,MAAI,SAA+B;AACnC,MAAI,cAAc,KAAK,eAAe,GAAG;AACvC,aAAS;AAAA,EACX,WAAW,cAAc,KAAK,iBAAiB,GAAG;AAChD,aAAS;AAAA,EACX;AAEA,QAAM,iBAAiB,oBAAoB,OAAO,OAAO;AACzD,QAAM,wBAAwB,2BAA2B,OAAO,OAAO;AACvE,QAAM,qBAAqB,4BAA4B,OAAO,OAAO;AACrE,QAAM,mBAAmB,OAAO,QAAQ,OAAO,CAAC,KAAK,WAAW,MAAM,OAAO,QAAQ,QAAQ,CAAC;AAE9F,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChDA,eAAsB,kBACpB,WACA,UAAuB,CAAC,GACH;AACrB,QAAM,MAAM,QAAQ,OAAO,QAAQ,IAAI;AACvC,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,cAAc;AAEzC,QAAM,WAAW,eAAe,WAAW,MAAM;AACjD,QAAM,SAAS,aAAa,QAAQ;AACpC,QAAM,SAAS,WAAW,KAAK,QAAQ,MAAM;AAC7C,QAAM,cAAc,0BAA0B,OAAO;AACrD,QAAM,aAAa,yBAAyB,OAAO;AACnD,QAAM,cAAc,mBAAmB,SAAS,GAAG;AAEnD,QAAM,WAAW,kBAAkB,KAAK,QAAQ;AAAA,IAC9C,GAAG;AAAA,IACH,OAAO,WAAW;AAAA,IAClB,QAAQ,WAAW;AAAA,IACnB,gBAAgB,QAAQ;AAAA,EAC1B,CAAC;AACD,kBAAgB,UAAU,cAAc,EAAE,WAAW,OAAO,GAAG,EAAE,cAAc,SAAS,QAAQ,UAAU,OAAO,OAAO,CAAC;AAEzH,QAAM,YAAY,MAAM,wBAAwB;AAAA,IAC9C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,UAA+B,UAAU;AAC/C,QAAM,SAAS,UAAU;AACzB,QAAM,aAAa,UAAU;AAC7B,QAAM,0BAA0B,UAAU;AAE1C,QAAM,UAAU,iBAAiB,EAAE,SAAS,OAAO,CAAC;AACpD,QAAM,EAAE,QAAQ,cAAc,aAAa,gBAAgB,uBAAuB,oBAAoB,iBAAiB,IAAI;AAE3H,WAAS,UAAU;AAAA,IACjB;AAAA,IACA,UAAU,OAAO;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,yBAAyB,wBAAwB,SAAS,IAAI,0BAA0B;AAAA,IACxF;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,aAAa,IAAI,aAAa;AAAA,EAC5C;AAEA,mBAAiB,QAAQ;AACzB,QAAM,eAAe,QAAQ,aAAa,QAAQ,SAAY,iBAAiB,KAAK,QAAQ;AAE5F,SAAO;AAAA,IACL,eAAe;AAAA,IACf;AAAA,IACA,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,yBAAyB,wBAAwB,SAAS,IAAI,0BAA0B;AAAA,IACxF;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,aAAa,IAAI,aAAa;AAAA,IAC1C;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB,QAAQ;AAAA,EAC1B;AACF;","names":["generateText","join","readFileSync","existsSync","join","join","join","readFileSync","tool","z","join","readFileSync","writeFileSync","execa","semver","tool","z","join","semver","readFileSync","writeFileSync","execa","tool","z","existsSync","mkdir","rm","join","execa","existsSync","writeFileSync","readFileSync","join","execa","tool","z","join","mkdir","execa","rm","existsSync","semver","tool","z","readFileSync","join","execa","tool","z","readFileSync","join","execa","semver","semver","safeUpgrade","tool","z","mkdir","readFile","rm","join","execa","tool","z","tool","z","semver","tool","z","tool","z","tool","z","semver","tool","z","tool","z","existsSync","readFileSync","join","generateText","mkdirSync","writeFileSync","join","existsSync","mkdirSync","readFileSync","writeFileSync","join","evidenceFile","readFileSync","readFileSync","readFileSync","CVE_REGEX","normalizeSeverity","readFileSync","CVE_REGEX","readFileSync"]}