autoremediator 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-ZXPLOIB7.js → chunk-MUFP2DQX.js} +2720 -2484
- package/dist/chunk-MUFP2DQX.js.map +1 -0
- package/dist/cli.js +87 -13
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +5 -256
- package/dist/index.js +1 -1
- package/dist/mcp/server.d.ts +1 -1
- package/dist/mcp/server.js +2 -2
- package/dist/mcp/server.js.map +1 -1
- package/dist/openapi/server.d.ts +6 -22
- package/dist/openapi/server.js +2 -2
- package/dist/openapi/server.js.map +1 -1
- package/dist/options-schema-DfLBOsPI.d.ts +37 -0
- package/dist/remediate-from-scan-C-E7gqxF.d.ts +211 -0
- package/llms.txt +21 -6
- package/package.json +1 -1
- package/dist/chunk-ZXPLOIB7.js.map +0 -1
package/dist/cli.js
CHANGED
|
@@ -9,25 +9,48 @@ import {
|
|
|
9
9
|
remediateFromScan,
|
|
10
10
|
toCiSummary,
|
|
11
11
|
toSarifOutput
|
|
12
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-MUFP2DQX.js";
|
|
13
13
|
|
|
14
|
-
// src/cli.ts
|
|
15
|
-
import { Command } from "commander";
|
|
16
|
-
import { existsSync, writeFileSync } from "fs";
|
|
14
|
+
// src/cli/index.ts
|
|
17
15
|
import { fileURLToPath } from "url";
|
|
16
|
+
|
|
17
|
+
// src/cli/program.ts
|
|
18
|
+
import { Command } from "commander";
|
|
19
|
+
import { existsSync } from "fs";
|
|
20
|
+
|
|
21
|
+
// src/cli/runners.ts
|
|
22
|
+
import { writeFileSync } from "fs";
|
|
23
|
+
|
|
24
|
+
// src/cli/output.ts
|
|
18
25
|
function logJson(value) {
|
|
19
26
|
process.stdout.write(`${JSON.stringify(value, null, 2)}
|
|
20
27
|
`);
|
|
21
28
|
}
|
|
22
|
-
function isCveId(value) {
|
|
23
|
-
return /^CVE-\d{4}-\d+$/i.test(value);
|
|
24
|
-
}
|
|
25
29
|
function formatCountMap(counts) {
|
|
26
30
|
if (!counts) return void 0;
|
|
27
31
|
const entries = Object.entries(counts).filter(([, value]) => value > 0);
|
|
28
32
|
if (entries.length === 0) return void 0;
|
|
29
33
|
return entries.map(([key, value]) => `${key}=${value}`).join(", ");
|
|
30
34
|
}
|
|
35
|
+
|
|
36
|
+
// src/cli/runners.ts
|
|
37
|
+
function asSingleCveScanReport(report) {
|
|
38
|
+
return {
|
|
39
|
+
schemaVersion: "1.0",
|
|
40
|
+
status: report.results.some((result) => !result.applied && !result.dryRun) ? report.results.some((result) => result.applied || result.dryRun) ? "partial" : "failed" : "ok",
|
|
41
|
+
generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
42
|
+
cveIds: [report.cveId],
|
|
43
|
+
reports: [report],
|
|
44
|
+
successCount: report.results.filter((result) => result.applied || result.dryRun).length,
|
|
45
|
+
failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,
|
|
46
|
+
errors: [],
|
|
47
|
+
evidenceFile: report.evidenceFile,
|
|
48
|
+
patchCount: report.results.filter((result) => result.strategy === "patch-file").length,
|
|
49
|
+
correlation: report.correlation,
|
|
50
|
+
provenance: report.provenance,
|
|
51
|
+
constraints: report.constraints
|
|
52
|
+
};
|
|
53
|
+
}
|
|
31
54
|
async function runSingleCve(cveId, opts) {
|
|
32
55
|
const report = await remediate(cveId, {
|
|
33
56
|
cwd: opts.cwd,
|
|
@@ -37,6 +60,7 @@ async function runSingleCve(cveId, opts) {
|
|
|
37
60
|
runTests: opts.runTests,
|
|
38
61
|
patchesDir: opts.patchesDir,
|
|
39
62
|
policy: opts.policy,
|
|
63
|
+
evidence: opts.evidence,
|
|
40
64
|
llmProvider: opts.llmProvider,
|
|
41
65
|
requestId: opts.requestId,
|
|
42
66
|
sessionId: opts.sessionId,
|
|
@@ -50,14 +74,32 @@ async function runSingleCve(cveId, opts) {
|
|
|
50
74
|
preferVersionBump: opts.preferVersionBump
|
|
51
75
|
}
|
|
52
76
|
});
|
|
77
|
+
const reportAsScan = asSingleCveScanReport(report);
|
|
78
|
+
if (opts.outputFormat === "sarif") {
|
|
79
|
+
logJson(toSarifOutput(reportAsScan));
|
|
80
|
+
if (opts.ci) {
|
|
81
|
+
process.exitCode = ciExitCode(toCiSummary(reportAsScan));
|
|
82
|
+
}
|
|
83
|
+
return;
|
|
84
|
+
}
|
|
53
85
|
if (opts.json) {
|
|
54
86
|
logJson(report);
|
|
87
|
+
if (opts.ci) {
|
|
88
|
+
process.exitCode = ciExitCode(toCiSummary(reportAsScan));
|
|
89
|
+
}
|
|
55
90
|
return;
|
|
56
91
|
}
|
|
57
92
|
process.stdout.write(`${report.summary}
|
|
58
93
|
`);
|
|
59
94
|
process.stdout.write(`Results: ${report.results.length}
|
|
60
95
|
`);
|
|
96
|
+
if (report.evidenceFile) {
|
|
97
|
+
process.stdout.write(`Evidence: ${report.evidenceFile}
|
|
98
|
+
`);
|
|
99
|
+
}
|
|
100
|
+
if (opts.ci) {
|
|
101
|
+
process.exitCode = ciExitCode(toCiSummary(reportAsScan));
|
|
102
|
+
}
|
|
61
103
|
}
|
|
62
104
|
async function runScanInput(inputPath, opts) {
|
|
63
105
|
const report = await remediateFromScan(inputPath, {
|
|
@@ -138,16 +180,43 @@ async function runScanInput(inputPath, opts) {
|
|
|
138
180
|
process.exitCode = ciExitCode(toCiSummary(report));
|
|
139
181
|
}
|
|
140
182
|
}
|
|
183
|
+
|
|
184
|
+
// src/cli/types.ts
|
|
185
|
+
function isCveId(value) {
|
|
186
|
+
return /^CVE-\d{4}-\d+$/i.test(value);
|
|
187
|
+
}
|
|
188
|
+
|
|
189
|
+
// src/cli/program.ts
|
|
190
|
+
function addSharedOptions(program, includeInput = false) {
|
|
191
|
+
program.option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--dry-run", OPTION_DESCRIPTIONS.dryRun, false).option("--preview", OPTION_DESCRIPTIONS.preview, false).option("--run-tests", OPTION_DESCRIPTIONS.runTests, false).option("--llm-provider <provider>", OPTION_DESCRIPTIONS.llmProvider).option("--request-id <id>", OPTION_DESCRIPTIONS.requestId).option("--session-id <id>", OPTION_DESCRIPTIONS.sessionId).option("--parent-run-id <id>", OPTION_DESCRIPTIONS.parentRunId).option("--idempotency-key <key>", OPTION_DESCRIPTIONS.idempotencyKey).option("--resume", OPTION_DESCRIPTIONS.resume, false).option("--actor <name>", OPTION_DESCRIPTIONS.actor).option("--source <src>", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`).option("--direct-dependencies-only", OPTION_DESCRIPTIONS.directDependenciesOnly, false).option("--prefer-version-bump", OPTION_DESCRIPTIONS.preferVersionBump, false).option("--policy <path>", OPTION_DESCRIPTIONS.policy).option("--evidence", OPTION_DESCRIPTIONS.evidence, true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false);
|
|
192
|
+
if (includeInput) {
|
|
193
|
+
program.option("--input <path>", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);
|
|
194
|
+
}
|
|
195
|
+
return program;
|
|
196
|
+
}
|
|
141
197
|
function createProgram() {
|
|
142
198
|
const program = new Command();
|
|
143
199
|
program.name("autoremediator").description("Scanner-first Node.js vulnerability auto-remediation tool").version(PACKAGE_VERSION).showHelpAfterError();
|
|
144
|
-
|
|
145
|
-
|
|
200
|
+
addSharedOptions(
|
|
201
|
+
program.command("cve").description("Remediate a single CVE ID").argument("<cveId>", OPTION_DESCRIPTIONS.cveId),
|
|
202
|
+
false
|
|
203
|
+
).action(async (cveId, opts, command) => {
|
|
204
|
+
const merged = {
|
|
205
|
+
...opts,
|
|
206
|
+
...command.optsWithGlobals()
|
|
207
|
+
};
|
|
208
|
+
await runSingleCve(cveId, merged);
|
|
146
209
|
});
|
|
147
|
-
|
|
210
|
+
addSharedOptions(
|
|
211
|
+
program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").requiredOption("--input <path>", OPTION_DESCRIPTIONS.inputPath).option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
|
|
212
|
+
false
|
|
213
|
+
).action(async (opts) => {
|
|
148
214
|
await runScanInput(opts.input, opts);
|
|
149
215
|
});
|
|
150
|
-
|
|
216
|
+
addSharedOptions(
|
|
217
|
+
program.argument("[target]", "Scanner output file path (or CVE ID fallback)").option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
|
|
218
|
+
true
|
|
219
|
+
).action(async (target, opts) => {
|
|
151
220
|
if (opts.input) {
|
|
152
221
|
await runScanInput(opts.input, opts);
|
|
153
222
|
return;
|
|
@@ -170,8 +239,13 @@ function createProgram() {
|
|
|
170
239
|
});
|
|
171
240
|
return program;
|
|
172
241
|
}
|
|
242
|
+
|
|
243
|
+
// src/cli/index.ts
|
|
244
|
+
function createProgram2() {
|
|
245
|
+
return createProgram();
|
|
246
|
+
}
|
|
173
247
|
async function main(argv = process.argv) {
|
|
174
|
-
const program =
|
|
248
|
+
const program = createProgram2();
|
|
175
249
|
await program.parseAsync(argv);
|
|
176
250
|
}
|
|
177
251
|
function isMainModule() {
|
|
@@ -187,6 +261,6 @@ if (isMainModule()) {
|
|
|
187
261
|
});
|
|
188
262
|
}
|
|
189
263
|
export {
|
|
190
|
-
createProgram
|
|
264
|
+
createProgram2 as createProgram
|
|
191
265
|
};
|
|
192
266
|
//# sourceMappingURL=cli.js.map
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport {\n ciExitCode,\n OPTION_DESCRIPTIONS,\n remediate,\n remediateFromScan,\n toCiSummary,\n toSarifOutput,\n} from \"./api.js\";\nimport { existsSync, writeFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { PACKAGE_VERSION } from \"./version\";\n\ntype ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\ninterface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nfunction logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nfunction isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n\nfunction formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n\nasync function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.json) {\n logJson(report);\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n}\n\nasync function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId)\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (cveId: string, opts: CommandOptions) => {\n await runSingleCve(cveId, opts);\n });\n\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\")\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n // Scanner-first top-level mode (default):\n // autoremediator --input audit.json\n // autoremediator audit.json\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\")\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;AAEA,SAAS,eAAe;AASxB,SAAS,YAAY,qBAAqB;AAC1C,SAAS,qBAAqB;AAgC9B,SAAS,QAAQ,OAAsB;AACrC,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEA,SAAS,QAAQ,OAAwB;AACvC,SAAO,mBAAmB,KAAK,KAAK;AACtC;AAEA,SAAS,eAAe,QAAgE;AACtF,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;AAEA,eAAe,aAAa,OAAe,MAAqC;AAC9E,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC5D;AAEA,eAAe,aAAa,WAAmB,MAAqC;AAClF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB,UACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK,EAC7C,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,OAAe,SAAyB;AACrD,UAAM,aAAa,OAAO,IAAI;AAAA,EAChC,CAAC;AAEH,UACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,oBAAoB,SAAS,EAC9D,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,yBAAyB,kDAAkD,EAClF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,SAAyB;AACtC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAKH,UACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB,EAChF,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,yBAAyB,kDAAkD,EAClF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,QAA4B,SAAyB;AAClE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAEH,SAAO;AACT;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAU,cAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runScanInput, runSingleCve } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACM3B,SAAS,qBAAqB;;;ACRvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADCA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;;;AEpIO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvBA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,oBAAoB,SAAS,EAC9D,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,SAAyB;AACvC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAED;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADtGO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,260 +1,12 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
summary: string;
|
|
5
|
-
severity: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | "UNKNOWN";
|
|
6
|
-
cvssScore?: number;
|
|
7
|
-
epss?: {
|
|
8
|
-
score: number;
|
|
9
|
-
percentile: number;
|
|
10
|
-
date?: string;
|
|
11
|
-
};
|
|
12
|
-
kev?: {
|
|
13
|
-
knownExploited: boolean;
|
|
14
|
-
dateAdded?: string;
|
|
15
|
-
dueDate?: string;
|
|
16
|
-
requiredAction?: string;
|
|
17
|
-
knownRansomwareCampaignUse?: string;
|
|
18
|
-
};
|
|
19
|
-
intelligence?: {
|
|
20
|
-
cveServicesEnriched?: boolean;
|
|
21
|
-
gitlabAdvisoryMatched?: boolean;
|
|
22
|
-
certCcMatched?: boolean;
|
|
23
|
-
depsDevEnrichedPackages?: number;
|
|
24
|
-
scorecardProjects?: number;
|
|
25
|
-
vendorAdvisories?: string[];
|
|
26
|
-
commercialFeeds?: string[];
|
|
27
|
-
sourceHealth?: Record<string, {
|
|
28
|
-
attempted: boolean;
|
|
29
|
-
changed: boolean;
|
|
30
|
-
error?: string;
|
|
31
|
-
}>;
|
|
32
|
-
};
|
|
33
|
-
references: string[];
|
|
34
|
-
affectedPackages: AffectedPackage[];
|
|
35
|
-
}
|
|
36
|
-
/** A single npm package affected by a CVE */
|
|
37
|
-
interface AffectedPackage {
|
|
38
|
-
name: string;
|
|
39
|
-
ecosystem: "npm";
|
|
40
|
-
/** Semver range string for the vulnerable version window, e.g. ">=0.0.0 <4.17.21" */
|
|
41
|
-
vulnerableRange: string;
|
|
42
|
-
/** The first version that is NOT vulnerable (the safe upgrade target) */
|
|
43
|
-
firstPatchedVersion?: string;
|
|
44
|
-
/** Source that provided this entry */
|
|
45
|
-
source: "osv" | "github-advisory";
|
|
46
|
-
}
|
|
47
|
-
/** A package found in the consumer's project */
|
|
48
|
-
interface InventoryPackage {
|
|
49
|
-
name: string;
|
|
50
|
-
version: string;
|
|
51
|
-
/** "direct" = listed in package.json; "indirect" = transitive dep */
|
|
52
|
-
type: "direct" | "indirect";
|
|
53
|
-
}
|
|
54
|
-
/** A package that is both installed and matches a vulnerable range */
|
|
55
|
-
interface VulnerablePackage {
|
|
56
|
-
installed: InventoryPackage;
|
|
57
|
-
affected: AffectedPackage;
|
|
58
|
-
/** The resolved safe upgrade version, if one exists on npm */
|
|
59
|
-
safeUpgradeVersion?: string;
|
|
60
|
-
}
|
|
61
|
-
/** The outcome of a single patch operation */
|
|
62
|
-
type PatchStrategy = "version-bump" | "override" | "patch-file" | "none";
|
|
63
|
-
type DependencyScope = "direct" | "transitive";
|
|
64
|
-
type UnresolvedReason = "constraint-blocked" | "indirect-dependency" | "install-failed" | "major-bump-required" | "no-safe-version" | "override-apply-failed" | "package-json-not-found" | "patch-apply-failed" | "patch-validation-failed" | "policy-blocked" | "validation-failed";
|
|
65
|
-
type PatchStrategyCounts = Partial<Record<PatchStrategy, number>>;
|
|
66
|
-
type DependencyScopeCounts = Partial<Record<DependencyScope, number>>;
|
|
67
|
-
type UnresolvedReasonCounts = Partial<Record<UnresolvedReason, number>>;
|
|
68
|
-
interface PatchResult {
|
|
69
|
-
packageName: string;
|
|
70
|
-
strategy: PatchStrategy;
|
|
71
|
-
fromVersion: string;
|
|
72
|
-
toVersion?: string;
|
|
73
|
-
patchFilePath?: string;
|
|
74
|
-
applied: boolean;
|
|
75
|
-
dryRun: boolean;
|
|
76
|
-
message: string;
|
|
77
|
-
unresolvedReason?: UnresolvedReason;
|
|
78
|
-
validation?: {
|
|
79
|
-
passed: boolean;
|
|
80
|
-
error?: string;
|
|
81
|
-
};
|
|
82
|
-
}
|
|
83
|
-
interface CorrelationContext {
|
|
84
|
-
requestId?: string;
|
|
85
|
-
sessionId?: string;
|
|
86
|
-
parentRunId?: string;
|
|
87
|
-
}
|
|
88
|
-
interface RemediationConstraints {
|
|
89
|
-
directDependenciesOnly?: boolean;
|
|
90
|
-
preferVersionBump?: boolean;
|
|
91
|
-
}
|
|
92
|
-
interface ProvenanceContext {
|
|
93
|
-
actor?: string;
|
|
94
|
-
source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
|
|
95
|
-
}
|
|
96
|
-
/** Top-level options for the remediate() API and CLI */
|
|
97
|
-
interface RemediateOptions extends CorrelationContext {
|
|
98
|
-
/** Working directory of the consumer's project (defaults to process.cwd()) */
|
|
99
|
-
cwd?: string;
|
|
100
|
-
/** Package manager to use (defaults to auto-detect from lockfile) */
|
|
101
|
-
packageManager?: "npm" | "pnpm" | "yarn";
|
|
102
|
-
/** If true, plan and report changes but do not write anything */
|
|
103
|
-
dryRun?: boolean;
|
|
104
|
-
/** If true, run package-manager tests after patching */
|
|
105
|
-
runTests?: boolean;
|
|
106
|
-
/** Override the LLM provider (falls back to env AUTOREMEDIATOR_LLM_PROVIDER) */
|
|
107
|
-
llmProvider?: "openai" | "anthropic" | "local";
|
|
108
|
-
/** Override the model name */
|
|
109
|
-
model?: string;
|
|
110
|
-
/** Optional path to a policy file (.autoremediator.json) */
|
|
111
|
-
policy?: string;
|
|
112
|
-
/** Directory to write .patch files (default: ./patches) */
|
|
113
|
-
patchesDir?: string;
|
|
114
|
-
/** If true, run a non-mutating remediation preview (forces dryRun behavior for mutation tools). */
|
|
115
|
-
preview?: boolean;
|
|
116
|
-
/** Optional deterministic idempotency key for request replay handling. */
|
|
117
|
-
idempotencyKey?: string;
|
|
118
|
-
/** If true, return cached report for matching idempotency key + CVE when available. */
|
|
119
|
-
resume?: boolean;
|
|
120
|
-
/** Optional caller provenance fields for evidence and reporting. */
|
|
121
|
-
actor?: string;
|
|
122
|
-
source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
|
|
123
|
-
/** Optional orchestration constraints for result enforcement. */
|
|
124
|
-
constraints?: RemediationConstraints;
|
|
125
|
-
}
|
|
126
|
-
/** Final report returned by the remediation pipeline */
|
|
127
|
-
interface RemediationReport {
|
|
128
|
-
cveId: string;
|
|
129
|
-
cveDetails: CveDetails | null;
|
|
130
|
-
vulnerablePackages: VulnerablePackage[];
|
|
131
|
-
results: PatchResult[];
|
|
132
|
-
agentSteps: number;
|
|
133
|
-
summary: string;
|
|
134
|
-
correlation?: CorrelationContext;
|
|
135
|
-
provenance?: ProvenanceContext;
|
|
136
|
-
constraints?: RemediationConstraints;
|
|
137
|
-
resumedFromCache?: boolean;
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
type ScanInputFormat = "npm-audit" | "yarn-audit" | "sarif" | "auto";
|
|
1
|
+
import { R as RemediateOptions, a as RemediationReport, C as CiSummary, S as ScanReport } from './remediate-from-scan-C-E7gqxF.js';
|
|
2
|
+
export { A as AffectedPackage, b as CorrelationContext, c as CveDetails, D as DependencyScope, d as DependencyScopeCounts, I as InventoryPackage, P as PatchResult, e as PatchStrategy, f as PatchStrategyCounts, g as ProvenanceContext, h as RemediationConstraints, i as ScanInputFormat, j as ScanOptions, U as UnresolvedReason, k as UnresolvedReasonCounts, V as VulnerablePackage, p as planRemediation, r as remediate, l as remediateFromScan } from './remediate-from-scan-C-E7gqxF.js';
|
|
3
|
+
export { L as LLM_PROVIDER_VALUES, O as OPTION_DESCRIPTIONS, P as PACKAGE_MANAGER_VALUES, a as PROVENANCE_SOURCE_VALUES, c as createConstraintSchemaProperties, b as createRemediateOptionSchemaProperties, d as createScanOptionSchemaProperties, e as createScanReportSchemaProperties } from './options-schema-DfLBOsPI.js';
|
|
141
4
|
|
|
142
5
|
declare function runRemediationPipeline(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
|
|
143
6
|
|
|
144
|
-
interface ScanOptions extends RemediateOptions {
|
|
145
|
-
format?: ScanInputFormat;
|
|
146
|
-
policy?: string;
|
|
147
|
-
evidence?: boolean;
|
|
148
|
-
}
|
|
149
|
-
interface ScanReport {
|
|
150
|
-
schemaVersion: "1.0";
|
|
151
|
-
status: "ok" | "partial" | "failed";
|
|
152
|
-
generatedAt: string;
|
|
153
|
-
cveIds: string[];
|
|
154
|
-
reports: RemediationReport[];
|
|
155
|
-
successCount: number;
|
|
156
|
-
failedCount: number;
|
|
157
|
-
errors: Array<{
|
|
158
|
-
cveId: string;
|
|
159
|
-
message: string;
|
|
160
|
-
}>;
|
|
161
|
-
evidenceFile?: string;
|
|
162
|
-
patchCount: number;
|
|
163
|
-
patchValidationFailures?: Array<{
|
|
164
|
-
packageName: string;
|
|
165
|
-
cveId: string;
|
|
166
|
-
error: string;
|
|
167
|
-
}>;
|
|
168
|
-
strategyCounts?: PatchStrategyCounts;
|
|
169
|
-
dependencyScopeCounts?: DependencyScopeCounts;
|
|
170
|
-
unresolvedByReason?: UnresolvedReasonCounts;
|
|
171
|
-
patchesDir?: string;
|
|
172
|
-
correlation?: CorrelationContext;
|
|
173
|
-
provenance?: ProvenanceContext;
|
|
174
|
-
constraints?: RemediationConstraints;
|
|
175
|
-
idempotencyKey?: string;
|
|
176
|
-
}
|
|
177
|
-
interface CiSummary {
|
|
178
|
-
schemaVersion: "1.0";
|
|
179
|
-
status: "ok" | "partial" | "failed";
|
|
180
|
-
generatedAt: string;
|
|
181
|
-
cveCount: number;
|
|
182
|
-
remediationCount: number;
|
|
183
|
-
successCount: number;
|
|
184
|
-
failedCount: number;
|
|
185
|
-
errors: Array<{
|
|
186
|
-
cveId: string;
|
|
187
|
-
message: string;
|
|
188
|
-
}>;
|
|
189
|
-
evidenceFile?: string;
|
|
190
|
-
patchCount?: number;
|
|
191
|
-
patchValidationFailures?: Array<{
|
|
192
|
-
packageName: string;
|
|
193
|
-
cveId: string;
|
|
194
|
-
error: string;
|
|
195
|
-
}>;
|
|
196
|
-
strategyCounts?: PatchStrategyCounts;
|
|
197
|
-
dependencyScopeCounts?: DependencyScopeCounts;
|
|
198
|
-
unresolvedByReason?: UnresolvedReasonCounts;
|
|
199
|
-
patchesDir?: string;
|
|
200
|
-
correlation?: CorrelationContext;
|
|
201
|
-
provenance?: ProvenanceContext;
|
|
202
|
-
constraints?: RemediationConstraints;
|
|
203
|
-
idempotencyKey?: string;
|
|
204
|
-
}
|
|
205
|
-
type JsonSchemaProperty = Record<string, unknown>;
|
|
206
|
-
declare const PACKAGE_MANAGER_VALUES: readonly ["npm", "pnpm", "yarn"];
|
|
207
|
-
declare const LLM_PROVIDER_VALUES: readonly ["openai", "anthropic", "local"];
|
|
208
|
-
declare const PROVENANCE_SOURCE_VALUES: readonly ["cli", "sdk", "mcp", "openapi", "unknown"];
|
|
209
|
-
declare const OPTION_DESCRIPTIONS: {
|
|
210
|
-
readonly cveId: "CVE ID, e.g. CVE-2021-23337";
|
|
211
|
-
readonly inputPath: "Absolute path to the scanner output file";
|
|
212
|
-
readonly cwd: "Absolute path to the project root (default: process.cwd())";
|
|
213
|
-
readonly packageManager: "Package manager override (auto-detected by default)";
|
|
214
|
-
readonly dryRun: "If true, plan changes but write nothing";
|
|
215
|
-
readonly preview: "If true, enforce non-mutating preview mode";
|
|
216
|
-
readonly runTests: "Run package-manager test command after applying fix";
|
|
217
|
-
readonly llmProvider: "LLM provider override";
|
|
218
|
-
readonly patchesDir: "Directory to write .patch files (default: ./patches)";
|
|
219
|
-
readonly policy: "Optional path to .autoremediator policy file";
|
|
220
|
-
readonly requestId: "Request correlation ID";
|
|
221
|
-
readonly sessionId: "Session correlation ID";
|
|
222
|
-
readonly parentRunId: "Parent run correlation ID";
|
|
223
|
-
readonly idempotencyKey: "Idempotency key for replay-safe execution";
|
|
224
|
-
readonly resume: "Return cached result for matching idempotency key when available";
|
|
225
|
-
readonly actor: "Actor identity for evidence provenance";
|
|
226
|
-
readonly source: "Source system for provenance";
|
|
227
|
-
readonly format: "Scanner format (default: auto)";
|
|
228
|
-
readonly evidence: "Write evidence JSON to .autoremediator/evidence/ (default: true)";
|
|
229
|
-
readonly directDependenciesOnly: "Restrict remediation to direct dependencies only";
|
|
230
|
-
readonly preferVersionBump: "Reject override and patch remediation when version-bump-only policy is required";
|
|
231
|
-
};
|
|
232
|
-
declare function createConstraintSchemaProperties(): Record<string, JsonSchemaProperty>;
|
|
233
|
-
declare function createRemediateOptionSchemaProperties(options?: {
|
|
234
|
-
includeDryRun?: boolean;
|
|
235
|
-
includePreview?: boolean;
|
|
236
|
-
}): Record<string, JsonSchemaProperty>;
|
|
237
|
-
declare function createScanOptionSchemaProperties(): Record<string, JsonSchemaProperty>;
|
|
238
|
-
declare function createScanReportSchemaProperties(): Record<string, JsonSchemaProperty>;
|
|
239
|
-
/**
|
|
240
|
-
* Main entry point for programmatic use.
|
|
241
|
-
*
|
|
242
|
-
* @param cveId - CVE identifier, e.g. "CVE-2021-23337"
|
|
243
|
-
* @param options - Optional configuration (cwd, dryRun, llmProvider, etc.)
|
|
244
|
-
* @returns A RemediationReport describing what was found and done
|
|
245
|
-
*/
|
|
246
|
-
declare function remediate(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
|
|
247
|
-
/**
|
|
248
|
-
* Non-mutating preview entrypoint for planning and orchestration.
|
|
249
|
-
*/
|
|
250
|
-
declare function planRemediation(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
|
|
251
|
-
/**
|
|
252
|
-
* Scanner-first entrypoint: parse a scanner output file (npm audit JSON or SARIF),
|
|
253
|
-
* extract CVEs, and run remediations one-by-one.
|
|
254
|
-
*/
|
|
255
|
-
declare function remediateFromScan(inputPath: string, options?: ScanOptions): Promise<ScanReport>;
|
|
256
7
|
declare function toCiSummary(report: ScanReport): CiSummary;
|
|
257
8
|
declare function ciExitCode(summary: CiSummary): number;
|
|
9
|
+
|
|
258
10
|
type SarifLevel = "error" | "warning" | "note" | "none";
|
|
259
11
|
interface SarifRule {
|
|
260
12
|
id: string;
|
|
@@ -302,9 +54,6 @@ interface SarifOutput {
|
|
|
302
54
|
results: SarifResult[];
|
|
303
55
|
}>;
|
|
304
56
|
}
|
|
305
|
-
/**
|
|
306
|
-
* Convert a ScanReport to SARIF 2.1.0 format for GitHub Code Scanning upload.
|
|
307
|
-
*/
|
|
308
57
|
declare function toSarifOutput(report: ScanReport): SarifOutput;
|
|
309
58
|
|
|
310
|
-
export {
|
|
59
|
+
export { CiSummary, RemediateOptions, RemediationReport, type SarifOutput, ScanReport, ciExitCode, runRemediationPipeline, toCiSummary, toSarifOutput };
|
package/dist/index.js
CHANGED
package/dist/mcp/server.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
|
|
3
|
-
import { remediate, planRemediation, remediateFromScan } from '../
|
|
3
|
+
import { r as remediate, p as planRemediation, l as remediateFromScan } from '../remediate-from-scan-C-E7gqxF.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* autoremediator MCP server
|
package/dist/mcp/server.js
CHANGED
|
@@ -9,7 +9,7 @@ import {
|
|
|
9
9
|
planRemediation,
|
|
10
10
|
remediate,
|
|
11
11
|
remediateFromScan
|
|
12
|
-
} from "../chunk-
|
|
12
|
+
} from "../chunk-MUFP2DQX.js";
|
|
13
13
|
|
|
14
14
|
// src/mcp/server.ts
|
|
15
15
|
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
|
|
@@ -51,7 +51,7 @@ var TOOLS = [
|
|
|
51
51
|
required: ["cveId"],
|
|
52
52
|
properties: {
|
|
53
53
|
cveId: { type: "string", description: OPTION_DESCRIPTIONS.cveId },
|
|
54
|
-
...createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false })
|
|
54
|
+
...createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false, includeEvidence: true })
|
|
55
55
|
}
|
|
56
56
|
}
|
|
57
57
|
},
|
package/dist/mcp/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/mcp/server.ts"],"sourcesContent":["#!/usr/bin/env node\n/**\n * autoremediator MCP server\n *\n * Exposes all autoremediator tools via the Model Context Protocol so LLM hosts\n * (Claude Desktop, Cursor, Copilot, etc.) can invoke them directly.\n *\n * Start: autoremediator-mcp (stdio transport)\n */\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\nimport {\n CallToolRequestSchema,\n ListToolsRequestSchema,\n} from \"@modelcontextprotocol/sdk/types.js\";\nimport { fileURLToPath } from \"node:url\";\nimport {\n createRemediateOptionSchemaProperties,\n createScanOptionSchemaProperties,\n OPTION_DESCRIPTIONS,\n planRemediation,\n remediate,\n remediateFromScan,\n} from \"../api.js\";\nimport { PACKAGE_VERSION } from \"../version\";\n\ninterface McpApiDeps {\n remediateFn: typeof remediate;\n planRemediationFn: typeof planRemediation;\n remediateFromScanFn: typeof remediateFromScan;\n}\n\nconst defaultDeps: McpApiDeps = {\n remediateFn: remediate,\n planRemediationFn: planRemediation,\n remediateFromScanFn: remediateFromScan,\n};\n\nfunction createBaseServer(): Server {\n return new Server(\n { name: \"autoremediator\", version: PACKAGE_VERSION },\n { capabilities: { tools: {} } }\n );\n}\n\n// ---------------------------------------------------------------------------\n// Tool definitions\n// ---------------------------------------------------------------------------\n\nexport const TOOLS = [\n {\n name: \"remediate\",\n description:\n \"Remediate a single CVE in a Node.js project. Looks up the CVE, scans the project inventory, and applies a version bump or generates a patch file. Returns a RemediationReport.\",\n inputSchema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: { type: \"string\", description: OPTION_DESCRIPTIONS.cveId },\n ...createRemediateOptionSchemaProperties(),\n },\n },\n },\n {\n name: \"planRemediation\",\n description:\n \"Generate a non-mutating remediation preview for a single CVE in a Node.js project. Returns a RemediationReport with planned results.\",\n inputSchema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: { type: \"string\", description: OPTION_DESCRIPTIONS.cveId },\n ...createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false }),\n },\n },\n },\n {\n name: \"remediateFromScan\",\n description:\n \"Parse an npm/pnpm/yarn audit JSON or SARIF scan file, extract all CVE IDs, and remediate each one. Returns a ScanReport.\",\n inputSchema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: { type: \"string\", description: OPTION_DESCRIPTIONS.inputPath },\n ...createScanOptionSchemaProperties(),\n },\n },\n },\n];\n\nexport async function handleToolCall(\n name: string,\n args: Record<string, unknown> = {},\n deps: McpApiDeps = defaultDeps\n): Promise<{ content: Array<{ type: \"text\"; text: string }>; isError?: boolean }> {\n const withMcpSource = (options: Record<string, unknown>): Record<string, unknown> => ({\n ...options,\n source: typeof options.source === \"string\" ? options.source : \"mcp\",\n });\n\n try {\n if (name === \"remediate\") {\n const { cveId, ...options } = args as { cveId: string; [key: string]: unknown };\n const report = await deps.remediateFn(cveId, withMcpSource(options) as Parameters<typeof remediate>[1]);\n return { content: [{ type: \"text\", text: JSON.stringify(report, null, 2) }] };\n }\n\n if (name === \"planRemediation\") {\n const { cveId, ...options } = args as { cveId: string; [key: string]: unknown };\n const report = await deps.planRemediationFn(cveId, withMcpSource(options) as Parameters<typeof planRemediation>[1]);\n return { content: [{ type: \"text\", text: JSON.stringify(report, null, 2) }] };\n }\n\n if (name === \"remediateFromScan\") {\n const { inputPath, ...options } = args as { inputPath: string; [key: string]: unknown };\n const report = await deps.remediateFromScanFn(inputPath, withMcpSource(options) as Parameters<typeof remediateFromScan>[1]);\n return { content: [{ type: \"text\", text: JSON.stringify(report, null, 2) }] };\n }\n\n return {\n content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n isError: true,\n };\n } catch (err) {\n return {\n content: [{ type: \"text\", text: err instanceof Error ? err.message : String(err) }],\n isError: true,\n };\n }\n}\n\nexport function createMcpServer(): Server {\n const server = createBaseServer();\n\n server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));\n\n server.setRequestHandler(CallToolRequestSchema, async (request) => {\n const { name, arguments: args } = request.params;\n return handleToolCall(name, (args ?? {}) as Record<string, unknown>);\n });\n\n return server;\n}\n\n// ---------------------------------------------------------------------------\n// Start\n// ---------------------------------------------------------------------------\n\nasync function startMcpServer(): Promise<void> {\n const transport = new StdioServerTransport();\n const server = createMcpServer();\n await server.connect(transport);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n await startMcpServer();\n}\n"],"mappings":";;;;;;;;;;;;;;AASA,SAAS,cAAc;AACvB,SAAS,4BAA4B;AACrC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,qBAAqB;AAiB9B,IAAM,cAA0B;AAAA,EAC9B,aAAa;AAAA,EACb,mBAAmB;AAAA,EACnB,qBAAqB;AACvB;AAEA,SAAS,mBAA2B;AAClC,SAAO,IAAI;AAAA,IACT,EAAE,MAAM,kBAAkB,SAAS,gBAAgB;AAAA,IACnD,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,EAAE;AAAA,EAChC;AACF;AAMO,IAAM,QAAQ;AAAA,EACnB;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IACF,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU,CAAC,OAAO;AAAA,MAClB,YAAY;AAAA,QACV,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,QAChE,GAAG,sCAAsC;AAAA,MAC3C;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IACF,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU,CAAC,OAAO;AAAA,MAClB,YAAY;AAAA,QACV,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,QAChE,GAAG,sCAAsC,EAAE,eAAe,OAAO,gBAAgB,
|
|
1
|
+
{"version":3,"sources":["../../src/mcp/server.ts"],"sourcesContent":["#!/usr/bin/env node\n/**\n * autoremediator MCP server\n *\n * Exposes all autoremediator tools via the Model Context Protocol so LLM hosts\n * (Claude Desktop, Cursor, Copilot, etc.) can invoke them directly.\n *\n * Start: autoremediator-mcp (stdio transport)\n */\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\nimport {\n CallToolRequestSchema,\n ListToolsRequestSchema,\n} from \"@modelcontextprotocol/sdk/types.js\";\nimport { fileURLToPath } from \"node:url\";\nimport {\n createRemediateOptionSchemaProperties,\n createScanOptionSchemaProperties,\n OPTION_DESCRIPTIONS,\n planRemediation,\n remediate,\n remediateFromScan,\n} from \"../api/index.js\";\nimport { PACKAGE_VERSION } from \"../version\";\n\ninterface McpApiDeps {\n remediateFn: typeof remediate;\n planRemediationFn: typeof planRemediation;\n remediateFromScanFn: typeof remediateFromScan;\n}\n\nconst defaultDeps: McpApiDeps = {\n remediateFn: remediate,\n planRemediationFn: planRemediation,\n remediateFromScanFn: remediateFromScan,\n};\n\nfunction createBaseServer(): Server {\n return new Server(\n { name: \"autoremediator\", version: PACKAGE_VERSION },\n { capabilities: { tools: {} } }\n );\n}\n\n// ---------------------------------------------------------------------------\n// Tool definitions\n// ---------------------------------------------------------------------------\n\nexport const TOOLS = [\n {\n name: \"remediate\",\n description:\n \"Remediate a single CVE in a Node.js project. Looks up the CVE, scans the project inventory, and applies a version bump or generates a patch file. Returns a RemediationReport.\",\n inputSchema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: { type: \"string\", description: OPTION_DESCRIPTIONS.cveId },\n ...createRemediateOptionSchemaProperties(),\n },\n },\n },\n {\n name: \"planRemediation\",\n description:\n \"Generate a non-mutating remediation preview for a single CVE in a Node.js project. Returns a RemediationReport with planned results.\",\n inputSchema: {\n type: \"object\",\n required: [\"cveId\"],\n properties: {\n cveId: { type: \"string\", description: OPTION_DESCRIPTIONS.cveId },\n ...createRemediateOptionSchemaProperties({ includeDryRun: false, includePreview: false, includeEvidence: true }),\n },\n },\n },\n {\n name: \"remediateFromScan\",\n description:\n \"Parse an npm/pnpm/yarn audit JSON or SARIF scan file, extract all CVE IDs, and remediate each one. Returns a ScanReport.\",\n inputSchema: {\n type: \"object\",\n required: [\"inputPath\"],\n properties: {\n inputPath: { type: \"string\", description: OPTION_DESCRIPTIONS.inputPath },\n ...createScanOptionSchemaProperties(),\n },\n },\n },\n];\n\nexport async function handleToolCall(\n name: string,\n args: Record<string, unknown> = {},\n deps: McpApiDeps = defaultDeps\n): Promise<{ content: Array<{ type: \"text\"; text: string }>; isError?: boolean }> {\n const withMcpSource = (options: Record<string, unknown>): Record<string, unknown> => ({\n ...options,\n source: typeof options.source === \"string\" ? options.source : \"mcp\",\n });\n\n try {\n if (name === \"remediate\") {\n const { cveId, ...options } = args as { cveId: string; [key: string]: unknown };\n const report = await deps.remediateFn(cveId, withMcpSource(options) as Parameters<typeof remediate>[1]);\n return { content: [{ type: \"text\", text: JSON.stringify(report, null, 2) }] };\n }\n\n if (name === \"planRemediation\") {\n const { cveId, ...options } = args as { cveId: string; [key: string]: unknown };\n const report = await deps.planRemediationFn(cveId, withMcpSource(options) as Parameters<typeof planRemediation>[1]);\n return { content: [{ type: \"text\", text: JSON.stringify(report, null, 2) }] };\n }\n\n if (name === \"remediateFromScan\") {\n const { inputPath, ...options } = args as { inputPath: string; [key: string]: unknown };\n const report = await deps.remediateFromScanFn(inputPath, withMcpSource(options) as Parameters<typeof remediateFromScan>[1]);\n return { content: [{ type: \"text\", text: JSON.stringify(report, null, 2) }] };\n }\n\n return {\n content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n isError: true,\n };\n } catch (err) {\n return {\n content: [{ type: \"text\", text: err instanceof Error ? err.message : String(err) }],\n isError: true,\n };\n }\n}\n\nexport function createMcpServer(): Server {\n const server = createBaseServer();\n\n server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));\n\n server.setRequestHandler(CallToolRequestSchema, async (request) => {\n const { name, arguments: args } = request.params;\n return handleToolCall(name, (args ?? {}) as Record<string, unknown>);\n });\n\n return server;\n}\n\n// ---------------------------------------------------------------------------\n// Start\n// ---------------------------------------------------------------------------\n\nasync function startMcpServer(): Promise<void> {\n const transport = new StdioServerTransport();\n const server = createMcpServer();\n await server.connect(transport);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n await startMcpServer();\n}\n"],"mappings":";;;;;;;;;;;;;;AASA,SAAS,cAAc;AACvB,SAAS,4BAA4B;AACrC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,qBAAqB;AAiB9B,IAAM,cAA0B;AAAA,EAC9B,aAAa;AAAA,EACb,mBAAmB;AAAA,EACnB,qBAAqB;AACvB;AAEA,SAAS,mBAA2B;AAClC,SAAO,IAAI;AAAA,IACT,EAAE,MAAM,kBAAkB,SAAS,gBAAgB;AAAA,IACnD,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,EAAE;AAAA,EAChC;AACF;AAMO,IAAM,QAAQ;AAAA,EACnB;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IACF,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU,CAAC,OAAO;AAAA,MAClB,YAAY;AAAA,QACV,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,QAChE,GAAG,sCAAsC;AAAA,MAC3C;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IACF,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU,CAAC,OAAO;AAAA,MAClB,YAAY;AAAA,QACV,OAAO,EAAE,MAAM,UAAU,aAAa,oBAAoB,MAAM;AAAA,QAChE,GAAG,sCAAsC,EAAE,eAAe,OAAO,gBAAgB,OAAO,iBAAiB,KAAK,CAAC;AAAA,MACjH;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IACF,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU,CAAC,WAAW;AAAA,MACtB,YAAY;AAAA,QACV,WAAW,EAAE,MAAM,UAAU,aAAa,oBAAoB,UAAU;AAAA,QACxE,GAAG,iCAAiC;AAAA,MACtC;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,eACpB,MACA,OAAgC,CAAC,GACjC,OAAmB,aAC6D;AAChF,QAAM,gBAAgB,CAAC,aAA+D;AAAA,IACpF,GAAG;AAAA,IACH,QAAQ,OAAO,QAAQ,WAAW,WAAW,QAAQ,SAAS;AAAA,EAChE;AAEA,MAAI;AACF,QAAI,SAAS,aAAa;AACxB,YAAM,EAAE,OAAO,GAAG,QAAQ,IAAI;AAC9B,YAAM,SAAS,MAAM,KAAK,YAAY,OAAO,cAAc,OAAO,CAAoC;AACtG,aAAO,EAAE,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,KAAK,UAAU,QAAQ,MAAM,CAAC,EAAE,CAAC,EAAE;AAAA,IAC9E;AAEA,QAAI,SAAS,mBAAmB;AAC9B,YAAM,EAAE,OAAO,GAAG,QAAQ,IAAI;AAC9B,YAAM,SAAS,MAAM,KAAK,kBAAkB,OAAO,cAAc,OAAO,CAA0C;AAClH,aAAO,EAAE,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,KAAK,UAAU,QAAQ,MAAM,CAAC,EAAE,CAAC,EAAE;AAAA,IAC9E;AAEA,QAAI,SAAS,qBAAqB;AAChC,YAAM,EAAE,WAAW,GAAG,QAAQ,IAAI;AAClC,YAAM,SAAS,MAAM,KAAK,oBAAoB,WAAW,cAAc,OAAO,CAA4C;AAC1H,aAAO,EAAE,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,KAAK,UAAU,QAAQ,MAAM,CAAC,EAAE,CAAC,EAAE;AAAA,IAC9E;AAEA,WAAO;AAAA,MACL,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,iBAAiB,IAAI,GAAG,CAAC;AAAA,MACzD,SAAS;AAAA,IACX;AAAA,EACF,SAAS,KAAK;AACZ,WAAO;AAAA,MACL,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,EAAE,CAAC;AAAA,MAClF,SAAS;AAAA,IACX;AAAA,EACF;AACF;AAEO,SAAS,kBAA0B;AACxC,QAAM,SAAS,iBAAiB;AAEhC,SAAO,kBAAkB,wBAAwB,aAAa,EAAE,OAAO,MAAM,EAAE;AAE/E,SAAO,kBAAkB,uBAAuB,OAAO,YAAY;AACjE,UAAM,EAAE,MAAM,WAAW,KAAK,IAAI,QAAQ;AAC1C,WAAO,eAAe,MAAO,QAAQ,CAAC,CAA6B;AAAA,EACrE,CAAC;AAED,SAAO;AACT;AAMA,eAAe,iBAAgC;AAC7C,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,SAAS,gBAAgB;AAC/B,QAAM,OAAO,QAAQ,SAAS;AAChC;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,QAAM,eAAe;AACvB;","names":[]}
|