autoremediator 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,211 +0,0 @@
1
- /** A resolved CVE entry with affected npm package info */
2
- interface CveDetails {
3
- id: string;
4
- summary: string;
5
- severity: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | "UNKNOWN";
6
- cvssScore?: number;
7
- epss?: {
8
- score: number;
9
- percentile: number;
10
- date?: string;
11
- };
12
- kev?: {
13
- knownExploited: boolean;
14
- dateAdded?: string;
15
- dueDate?: string;
16
- requiredAction?: string;
17
- knownRansomwareCampaignUse?: string;
18
- };
19
- intelligence?: {
20
- cveServicesEnriched?: boolean;
21
- gitlabAdvisoryMatched?: boolean;
22
- certCcMatched?: boolean;
23
- depsDevEnrichedPackages?: number;
24
- scorecardProjects?: number;
25
- vendorAdvisories?: string[];
26
- commercialFeeds?: string[];
27
- sourceHealth?: Record<string, {
28
- attempted: boolean;
29
- changed: boolean;
30
- error?: string;
31
- }>;
32
- };
33
- references: string[];
34
- affectedPackages: AffectedPackage[];
35
- }
36
- /** A single npm package affected by a CVE */
37
- interface AffectedPackage {
38
- name: string;
39
- ecosystem: "npm";
40
- /** Semver range string for the vulnerable version window, e.g. ">=0.0.0 <4.17.21" */
41
- vulnerableRange: string;
42
- /** The first version that is NOT vulnerable (the safe upgrade target) */
43
- firstPatchedVersion?: string;
44
- /** Source that provided this entry */
45
- source: "osv" | "github-advisory";
46
- }
47
- /** A package found in the consumer's project */
48
- interface InventoryPackage {
49
- name: string;
50
- version: string;
51
- /** "direct" = listed in package.json; "indirect" = transitive dep */
52
- type: "direct" | "indirect";
53
- }
54
- /** A package that is both installed and matches a vulnerable range */
55
- interface VulnerablePackage {
56
- installed: InventoryPackage;
57
- affected: AffectedPackage;
58
- /** The resolved safe upgrade version, if one exists on npm */
59
- safeUpgradeVersion?: string;
60
- }
61
- /** The outcome of a single patch operation */
62
- type PatchStrategy = "version-bump" | "override" | "patch-file" | "none";
63
- type DependencyScope = "direct" | "transitive";
64
- type UnresolvedReason = "constraint-blocked" | "indirect-dependency" | "install-failed" | "major-bump-required" | "no-safe-version" | "override-apply-failed" | "package-json-not-found" | "patch-apply-failed" | "patch-confidence-too-low" | "patch-generation-failed" | "patch-validation-failed" | "policy-blocked" | "requires-llm-fallback" | "source-fetch-failed" | "validation-failed";
65
- type PatchStrategyCounts = Partial<Record<PatchStrategy, number>>;
66
- type DependencyScopeCounts = Partial<Record<DependencyScope, number>>;
67
- type UnresolvedReasonCounts = Partial<Record<UnresolvedReason, number>>;
68
- interface PatchResult {
69
- packageName: string;
70
- strategy: PatchStrategy;
71
- fromVersion: string;
72
- toVersion?: string;
73
- patchFilePath?: string;
74
- applied: boolean;
75
- dryRun: boolean;
76
- message: string;
77
- unresolvedReason?: UnresolvedReason;
78
- validation?: {
79
- passed: boolean;
80
- error?: string;
81
- };
82
- }
83
- interface CorrelationContext {
84
- requestId?: string;
85
- sessionId?: string;
86
- parentRunId?: string;
87
- }
88
- interface RemediationConstraints {
89
- directDependenciesOnly?: boolean;
90
- preferVersionBump?: boolean;
91
- }
92
- interface ProvenanceContext {
93
- actor?: string;
94
- source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
95
- }
96
- /** Top-level options for the remediate() API and CLI */
97
- interface RemediateOptions extends CorrelationContext {
98
- /** Working directory of the consumer's project (defaults to process.cwd()) */
99
- cwd?: string;
100
- /** Package manager to use (defaults to auto-detect from lockfile) */
101
- packageManager?: "npm" | "pnpm" | "yarn";
102
- /** If true, plan and report changes but do not write anything */
103
- dryRun?: boolean;
104
- /** If true, run package-manager tests after patching */
105
- runTests?: boolean;
106
- /** Override the LLM provider (falls back to env AUTOREMEDIATOR_LLM_PROVIDER) */
107
- llmProvider?: "openai" | "anthropic" | "local";
108
- /** Override the model name */
109
- model?: string;
110
- /** Optional path to a policy file (.autoremediator.json) */
111
- policy?: string;
112
- /** If false, do not write evidence JSON for this run (default: true). */
113
- evidence?: boolean;
114
- /** Directory to write .patch files (default: ./patches) */
115
- patchesDir?: string;
116
- /** If true, run a non-mutating remediation preview (forces dryRun behavior for mutation tools). */
117
- preview?: boolean;
118
- /** Optional deterministic idempotency key for request replay handling. */
119
- idempotencyKey?: string;
120
- /** If true, return cached report for matching idempotency key + CVE when available. */
121
- resume?: boolean;
122
- /** Optional caller provenance fields for evidence and reporting. */
123
- actor?: string;
124
- source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
125
- /** Optional orchestration constraints for result enforcement. */
126
- constraints?: RemediationConstraints;
127
- }
128
- /** Final report returned by the remediation pipeline */
129
- interface RemediationReport {
130
- cveId: string;
131
- cveDetails: CveDetails | null;
132
- vulnerablePackages: VulnerablePackage[];
133
- results: PatchResult[];
134
- agentSteps: number;
135
- summary: string;
136
- evidenceFile?: string;
137
- correlation?: CorrelationContext;
138
- provenance?: ProvenanceContext;
139
- constraints?: RemediationConstraints;
140
- resumedFromCache?: boolean;
141
- }
142
-
143
- type ScanInputFormat = "npm-audit" | "yarn-audit" | "sarif" | "auto";
144
-
145
- interface ScanOptions extends RemediateOptions {
146
- format?: ScanInputFormat;
147
- policy?: string;
148
- }
149
- interface ScanReport {
150
- schemaVersion: "1.0";
151
- status: "ok" | "partial" | "failed";
152
- generatedAt: string;
153
- cveIds: string[];
154
- reports: RemediationReport[];
155
- successCount: number;
156
- failedCount: number;
157
- errors: Array<{
158
- cveId: string;
159
- message: string;
160
- }>;
161
- evidenceFile?: string;
162
- patchCount: number;
163
- patchValidationFailures?: Array<{
164
- packageName: string;
165
- cveId: string;
166
- error: string;
167
- }>;
168
- strategyCounts?: PatchStrategyCounts;
169
- dependencyScopeCounts?: DependencyScopeCounts;
170
- unresolvedByReason?: UnresolvedReasonCounts;
171
- patchesDir?: string;
172
- correlation?: CorrelationContext;
173
- provenance?: ProvenanceContext;
174
- constraints?: RemediationConstraints;
175
- idempotencyKey?: string;
176
- }
177
- interface CiSummary {
178
- schemaVersion: "1.0";
179
- status: "ok" | "partial" | "failed";
180
- generatedAt: string;
181
- cveCount: number;
182
- remediationCount: number;
183
- successCount: number;
184
- failedCount: number;
185
- errors: Array<{
186
- cveId: string;
187
- message: string;
188
- }>;
189
- evidenceFile?: string;
190
- patchCount?: number;
191
- patchValidationFailures?: Array<{
192
- packageName: string;
193
- cveId: string;
194
- error: string;
195
- }>;
196
- strategyCounts?: PatchStrategyCounts;
197
- dependencyScopeCounts?: DependencyScopeCounts;
198
- unresolvedByReason?: UnresolvedReasonCounts;
199
- patchesDir?: string;
200
- correlation?: CorrelationContext;
201
- provenance?: ProvenanceContext;
202
- constraints?: RemediationConstraints;
203
- idempotencyKey?: string;
204
- }
205
-
206
- declare function remediate(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
207
- declare function planRemediation(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
208
-
209
- declare function remediateFromScan(inputPath: string, options?: ScanOptions): Promise<ScanReport>;
210
-
211
- export { type AffectedPackage as A, type CiSummary as C, type DependencyScope as D, type InventoryPackage as I, type PatchResult as P, type RemediateOptions as R, type ScanReport as S, type UnresolvedReason as U, type VulnerablePackage as V, type RemediationReport as a, type CorrelationContext as b, type CveDetails as c, type DependencyScopeCounts as d, type PatchStrategy as e, type PatchStrategyCounts as f, type ProvenanceContext as g, type RemediationConstraints as h, type ScanInputFormat as i, type ScanOptions as j, type UnresolvedReasonCounts as k, remediateFromScan as l, planRemediation as p, remediate as r };