autoremediator 0.7.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +92 -69
- package/dist/{chunk-MUFP2DQX.js → chunk-EDPCMRUW.js} +3510 -2170
- package/dist/chunk-EDPCMRUW.js.map +1 -0
- package/dist/cli.js +195 -8
- package/dist/cli.js.map +1 -1
- package/dist/index-Di8lB6CG.d.ts +401 -0
- package/dist/index.d.ts +4 -6
- package/dist/index.js +9 -5
- package/dist/mcp/server.d.ts +75 -2
- package/dist/mcp/server.js +72 -3
- package/dist/mcp/server.js.map +1 -1
- package/dist/openapi/server.d.ts +444 -137
- package/dist/openapi/server.js +358 -147
- package/dist/openapi/server.js.map +1 -1
- package/dist/{options-schema-DfLBOsPI.d.ts → options-schema-CH5GjZY1.d.ts} +18 -2
- package/llms.txt +36 -7
- package/package.json +10 -5
- package/dist/chunk-MUFP2DQX.js.map +0 -1
- package/dist/remediate-from-scan-C-E7gqxF.d.ts +0 -211
package/dist/cli.js
CHANGED
|
@@ -5,11 +5,14 @@ import {
|
|
|
5
5
|
import {
|
|
6
6
|
OPTION_DESCRIPTIONS,
|
|
7
7
|
ciExitCode,
|
|
8
|
+
inspectPatchArtifact,
|
|
9
|
+
listPatchArtifacts,
|
|
8
10
|
remediate,
|
|
9
11
|
remediateFromScan,
|
|
10
12
|
toCiSummary,
|
|
11
|
-
toSarifOutput
|
|
12
|
-
|
|
13
|
+
toSarifOutput,
|
|
14
|
+
validatePatchArtifact
|
|
15
|
+
} from "./chunk-EDPCMRUW.js";
|
|
13
16
|
|
|
14
17
|
// src/cli/index.ts
|
|
15
18
|
import { fileURLToPath } from "url";
|
|
@@ -62,6 +65,19 @@ async function runSingleCve(cveId, opts) {
|
|
|
62
65
|
policy: opts.policy,
|
|
63
66
|
evidence: opts.evidence,
|
|
64
67
|
llmProvider: opts.llmProvider,
|
|
68
|
+
model: opts.model,
|
|
69
|
+
modelPersonality: opts.modelPersonality,
|
|
70
|
+
providerSafetyProfile: opts.providerSafetyProfile,
|
|
71
|
+
requireConsensusForHighRisk: opts.requireConsensusForHighRisk,
|
|
72
|
+
consensusProvider: opts.consensusProvider,
|
|
73
|
+
consensusModel: opts.consensusModel,
|
|
74
|
+
patchConfidenceThresholds: {
|
|
75
|
+
low: typeof opts.patchConfidenceLow === "number" ? opts.patchConfidenceLow : void 0,
|
|
76
|
+
medium: typeof opts.patchConfidenceMedium === "number" ? opts.patchConfidenceMedium : void 0,
|
|
77
|
+
high: typeof opts.patchConfidenceHigh === "number" ? opts.patchConfidenceHigh : void 0
|
|
78
|
+
},
|
|
79
|
+
dynamicModelRouting: opts.dynamicModelRouting,
|
|
80
|
+
dynamicRoutingThresholdChars: typeof opts.dynamicRoutingThresholdChars === "number" ? opts.dynamicRoutingThresholdChars : void 0,
|
|
65
81
|
requestId: opts.requestId,
|
|
66
82
|
sessionId: opts.sessionId,
|
|
67
83
|
parentRunId: opts.parentRunId,
|
|
@@ -71,7 +87,11 @@ async function runSingleCve(cveId, opts) {
|
|
|
71
87
|
source: opts.source ?? "cli",
|
|
72
88
|
constraints: {
|
|
73
89
|
directDependenciesOnly: opts.directDependenciesOnly,
|
|
74
|
-
preferVersionBump: opts.preferVersionBump
|
|
90
|
+
preferVersionBump: opts.preferVersionBump,
|
|
91
|
+
installMode: opts.installMode,
|
|
92
|
+
installPreferOffline: opts.installPreferOffline,
|
|
93
|
+
enforceFrozenLockfile: opts.enforceFrozenLockfile,
|
|
94
|
+
workspace: opts.workspace
|
|
75
95
|
}
|
|
76
96
|
});
|
|
77
97
|
const reportAsScan = asSingleCveScanReport(report);
|
|
@@ -106,12 +126,26 @@ async function runScanInput(inputPath, opts) {
|
|
|
106
126
|
cwd: opts.cwd,
|
|
107
127
|
packageManager: opts.packageManager,
|
|
108
128
|
format: opts.format,
|
|
129
|
+
audit: opts.audit,
|
|
109
130
|
policy: opts.policy,
|
|
110
131
|
patchesDir: opts.patchesDir,
|
|
111
132
|
dryRun: opts.dryRun,
|
|
112
133
|
preview: opts.preview,
|
|
113
134
|
runTests: opts.runTests,
|
|
114
135
|
llmProvider: opts.llmProvider,
|
|
136
|
+
model: opts.model,
|
|
137
|
+
modelPersonality: opts.modelPersonality,
|
|
138
|
+
providerSafetyProfile: opts.providerSafetyProfile,
|
|
139
|
+
requireConsensusForHighRisk: opts.requireConsensusForHighRisk,
|
|
140
|
+
consensusProvider: opts.consensusProvider,
|
|
141
|
+
consensusModel: opts.consensusModel,
|
|
142
|
+
patchConfidenceThresholds: {
|
|
143
|
+
low: typeof opts.patchConfidenceLow === "number" ? opts.patchConfidenceLow : void 0,
|
|
144
|
+
medium: typeof opts.patchConfidenceMedium === "number" ? opts.patchConfidenceMedium : void 0,
|
|
145
|
+
high: typeof opts.patchConfidenceHigh === "number" ? opts.patchConfidenceHigh : void 0
|
|
146
|
+
},
|
|
147
|
+
dynamicModelRouting: opts.dynamicModelRouting,
|
|
148
|
+
dynamicRoutingThresholdChars: typeof opts.dynamicRoutingThresholdChars === "number" ? opts.dynamicRoutingThresholdChars : void 0,
|
|
115
149
|
evidence: opts.evidence,
|
|
116
150
|
requestId: opts.requestId,
|
|
117
151
|
sessionId: opts.sessionId,
|
|
@@ -122,7 +156,11 @@ async function runScanInput(inputPath, opts) {
|
|
|
122
156
|
source: opts.source ?? "cli",
|
|
123
157
|
constraints: {
|
|
124
158
|
directDependenciesOnly: opts.directDependenciesOnly,
|
|
125
|
-
preferVersionBump: opts.preferVersionBump
|
|
159
|
+
preferVersionBump: opts.preferVersionBump,
|
|
160
|
+
installMode: opts.installMode,
|
|
161
|
+
installPreferOffline: opts.installPreferOffline,
|
|
162
|
+
enforceFrozenLockfile: opts.enforceFrozenLockfile,
|
|
163
|
+
workspace: opts.workspace
|
|
126
164
|
}
|
|
127
165
|
});
|
|
128
166
|
if (opts.summaryFile) {
|
|
@@ -180,6 +218,97 @@ async function runScanInput(inputPath, opts) {
|
|
|
180
218
|
process.exitCode = ciExitCode(toCiSummary(report));
|
|
181
219
|
}
|
|
182
220
|
}
|
|
221
|
+
async function runListPatches(opts) {
|
|
222
|
+
const patches = await listPatchArtifacts({
|
|
223
|
+
cwd: opts.cwd,
|
|
224
|
+
patchesDir: opts.patchesDir
|
|
225
|
+
});
|
|
226
|
+
if (opts.json) {
|
|
227
|
+
logJson(patches);
|
|
228
|
+
return;
|
|
229
|
+
}
|
|
230
|
+
process.stdout.write(`Patch artifacts: ${patches.length}
|
|
231
|
+
`);
|
|
232
|
+
for (const patch of patches) {
|
|
233
|
+
process.stdout.write(`- ${patch.patchFileName}`);
|
|
234
|
+
if (patch.packageName && patch.vulnerableVersion) {
|
|
235
|
+
process.stdout.write(` (${patch.packageName}@${patch.vulnerableVersion})`);
|
|
236
|
+
}
|
|
237
|
+
if (patch.confidence !== void 0) {
|
|
238
|
+
process.stdout.write(` confidence=${patch.confidence.toFixed(2)}`);
|
|
239
|
+
}
|
|
240
|
+
if (patch.riskLevel) {
|
|
241
|
+
process.stdout.write(` risk=${patch.riskLevel}`);
|
|
242
|
+
}
|
|
243
|
+
process.stdout.write(`
|
|
244
|
+
`);
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
async function runInspectPatch(patchPath, opts) {
|
|
248
|
+
const inspection = await inspectPatchArtifact(patchPath, { cwd: opts.cwd });
|
|
249
|
+
if (opts.json) {
|
|
250
|
+
logJson(inspection);
|
|
251
|
+
return;
|
|
252
|
+
}
|
|
253
|
+
process.stdout.write(`Patch: ${inspection.patchFilePath}
|
|
254
|
+
`);
|
|
255
|
+
process.stdout.write(`Exists: ${inspection.exists}
|
|
256
|
+
`);
|
|
257
|
+
process.stdout.write(`Diff valid: ${inspection.diffValid}
|
|
258
|
+
`);
|
|
259
|
+
if (inspection.packageName && inspection.vulnerableVersion) {
|
|
260
|
+
process.stdout.write(`Target: ${inspection.packageName}@${inspection.vulnerableVersion}
|
|
261
|
+
`);
|
|
262
|
+
}
|
|
263
|
+
if (inspection.manifestFilePath) {
|
|
264
|
+
process.stdout.write(`Manifest: ${inspection.manifestFilePath}
|
|
265
|
+
`);
|
|
266
|
+
}
|
|
267
|
+
if (inspection.files?.length) {
|
|
268
|
+
process.stdout.write(`Files: ${inspection.files.join(", ")}
|
|
269
|
+
`);
|
|
270
|
+
}
|
|
271
|
+
if (inspection.formatError) {
|
|
272
|
+
process.stdout.write(`Format error: ${inspection.formatError}
|
|
273
|
+
`);
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
async function runValidatePatch(patchPath, opts) {
|
|
277
|
+
const report = await validatePatchArtifact(patchPath, {
|
|
278
|
+
cwd: opts.cwd,
|
|
279
|
+
packageManager: opts.packageManager
|
|
280
|
+
});
|
|
281
|
+
if (opts.json) {
|
|
282
|
+
logJson(report);
|
|
283
|
+
return;
|
|
284
|
+
}
|
|
285
|
+
process.stdout.write(`Patch: ${report.patchFilePath}
|
|
286
|
+
`);
|
|
287
|
+
process.stdout.write(`Exists: ${report.exists}
|
|
288
|
+
`);
|
|
289
|
+
process.stdout.write(`Manifest found: ${report.manifestFound}
|
|
290
|
+
`);
|
|
291
|
+
process.stdout.write(`Diff valid: ${report.diffValid}
|
|
292
|
+
`);
|
|
293
|
+
process.stdout.write(`Drift detected: ${report.driftDetected}
|
|
294
|
+
`);
|
|
295
|
+
if (report.packageName && report.vulnerableVersion) {
|
|
296
|
+
process.stdout.write(`Target: ${report.packageName}@${report.vulnerableVersion}
|
|
297
|
+
`);
|
|
298
|
+
}
|
|
299
|
+
if (report.installedVersion) {
|
|
300
|
+
process.stdout.write(`Installed version: ${report.installedVersion}
|
|
301
|
+
`);
|
|
302
|
+
}
|
|
303
|
+
for (const phase of report.validationPhases) {
|
|
304
|
+
process.stdout.write(`Phase ${phase.phase}: ${phase.passed ? "ok" : "failed"}`);
|
|
305
|
+
if (phase.error) {
|
|
306
|
+
process.stdout.write(` (${phase.error})`);
|
|
307
|
+
}
|
|
308
|
+
process.stdout.write(`
|
|
309
|
+
`);
|
|
310
|
+
}
|
|
311
|
+
}
|
|
183
312
|
|
|
184
313
|
// src/cli/types.ts
|
|
185
314
|
function isCveId(value) {
|
|
@@ -188,7 +317,32 @@ function isCveId(value) {
|
|
|
188
317
|
|
|
189
318
|
// src/cli/program.ts
|
|
190
319
|
function addSharedOptions(program, includeInput = false) {
|
|
191
|
-
|
|
320
|
+
const parseBooleanFlag = (value) => value === "true";
|
|
321
|
+
program.option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--dry-run", OPTION_DESCRIPTIONS.dryRun, false).option("--preview", OPTION_DESCRIPTIONS.preview, false).option("--run-tests", OPTION_DESCRIPTIONS.runTests, false).option("--llm-provider <provider>", OPTION_DESCRIPTIONS.llmProvider).option("--model <name>", OPTION_DESCRIPTIONS.model).option("--model-personality <profile>", OPTION_DESCRIPTIONS.modelPersonality).option("--provider-safety-profile <profile>", OPTION_DESCRIPTIONS.providerSafetyProfile).option("--require-consensus-for-high-risk", OPTION_DESCRIPTIONS.requireConsensusForHighRisk, false).option("--consensus-provider <provider>", OPTION_DESCRIPTIONS.consensusProvider).option("--consensus-model <name>", OPTION_DESCRIPTIONS.consensusModel).option(
|
|
322
|
+
"--patch-confidence-low <value>",
|
|
323
|
+
OPTION_DESCRIPTIONS.patchConfidenceThresholdLow,
|
|
324
|
+
(value) => parseFloat(value)
|
|
325
|
+
).option(
|
|
326
|
+
"--patch-confidence-medium <value>",
|
|
327
|
+
OPTION_DESCRIPTIONS.patchConfidenceThresholdMedium,
|
|
328
|
+
(value) => parseFloat(value)
|
|
329
|
+
).option(
|
|
330
|
+
"--patch-confidence-high <value>",
|
|
331
|
+
OPTION_DESCRIPTIONS.patchConfidenceThresholdHigh,
|
|
332
|
+
(value) => parseFloat(value)
|
|
333
|
+
).option("--dynamic-model-routing", OPTION_DESCRIPTIONS.dynamicModelRouting, false).option(
|
|
334
|
+
"--dynamic-routing-threshold-chars <count>",
|
|
335
|
+
OPTION_DESCRIPTIONS.dynamicRoutingThresholdChars,
|
|
336
|
+
(value) => parseInt(value, 10)
|
|
337
|
+
).option("--request-id <id>", OPTION_DESCRIPTIONS.requestId).option("--session-id <id>", OPTION_DESCRIPTIONS.sessionId).option("--parent-run-id <id>", OPTION_DESCRIPTIONS.parentRunId).option("--idempotency-key <key>", OPTION_DESCRIPTIONS.idempotencyKey).option("--resume", OPTION_DESCRIPTIONS.resume, false).option("--actor <name>", OPTION_DESCRIPTIONS.actor).option("--source <src>", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`).option("--direct-dependencies-only", OPTION_DESCRIPTIONS.directDependenciesOnly, false).option("--prefer-version-bump", OPTION_DESCRIPTIONS.preferVersionBump, false).option("--install-mode <mode>", OPTION_DESCRIPTIONS.installMode).option(
|
|
338
|
+
"--install-prefer-offline <value>",
|
|
339
|
+
`${OPTION_DESCRIPTIONS.installPreferOffline} (true|false)`,
|
|
340
|
+
parseBooleanFlag
|
|
341
|
+
).option(
|
|
342
|
+
"--enforce-frozen-lockfile <value>",
|
|
343
|
+
`${OPTION_DESCRIPTIONS.enforceFrozenLockfile} (true|false)`,
|
|
344
|
+
parseBooleanFlag
|
|
345
|
+
).option("--workspace <name>", OPTION_DESCRIPTIONS.workspace).option("--audit", OPTION_DESCRIPTIONS.audit, false).option("--policy <path>", OPTION_DESCRIPTIONS.policy).option("--evidence", OPTION_DESCRIPTIONS.evidence, true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false);
|
|
192
346
|
if (includeInput) {
|
|
193
347
|
program.option("--input <path>", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);
|
|
194
348
|
}
|
|
@@ -208,15 +362,48 @@ function createProgram() {
|
|
|
208
362
|
await runSingleCve(cveId, merged);
|
|
209
363
|
});
|
|
210
364
|
addSharedOptions(
|
|
211
|
-
program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").
|
|
365
|
+
program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").option("--input <path>", OPTION_DESCRIPTIONS.inputPath).option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
|
|
212
366
|
false
|
|
213
|
-
).action(async (opts) => {
|
|
214
|
-
|
|
367
|
+
).action(async (opts, command) => {
|
|
368
|
+
const merged = {
|
|
369
|
+
...opts,
|
|
370
|
+
...command.optsWithGlobals()
|
|
371
|
+
};
|
|
372
|
+
if (!merged.audit && !merged.input) {
|
|
373
|
+
throw new Error("scan mode requires --input unless --audit is enabled.");
|
|
374
|
+
}
|
|
375
|
+
await runScanInput(merged.input ?? "", merged);
|
|
376
|
+
});
|
|
377
|
+
const patches = program.command("patches").description("Inspect and validate stored patch artifacts");
|
|
378
|
+
patches.command("list").description("List patch artifacts in the configured patches directory").option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--json", "Print JSON output", false).action(async (opts, command) => {
|
|
379
|
+
const merged = {
|
|
380
|
+
...command.optsWithGlobals(),
|
|
381
|
+
...opts
|
|
382
|
+
};
|
|
383
|
+
await runListPatches(merged);
|
|
384
|
+
});
|
|
385
|
+
patches.command("inspect").description("Inspect a patch artifact and its manifest metadata").argument("<patchPath>", "Path to the .patch file to inspect").option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--json", "Print JSON output", false).action(async (patchPath, opts, command) => {
|
|
386
|
+
const merged = {
|
|
387
|
+
...command.optsWithGlobals(),
|
|
388
|
+
...opts
|
|
389
|
+
};
|
|
390
|
+
await runInspectPatch(patchPath, merged);
|
|
391
|
+
});
|
|
392
|
+
patches.command("validate").description("Validate a patch artifact against its manifest and the current dependency inventory").argument("<patchPath>", "Path to the .patch file to validate").option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--json", "Print JSON output", false).action(async (patchPath, opts, command) => {
|
|
393
|
+
const merged = {
|
|
394
|
+
...command.optsWithGlobals(),
|
|
395
|
+
...opts
|
|
396
|
+
};
|
|
397
|
+
await runValidatePatch(patchPath, merged);
|
|
215
398
|
});
|
|
216
399
|
addSharedOptions(
|
|
217
400
|
program.argument("[target]", "Scanner output file path (or CVE ID fallback)").option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
|
|
218
401
|
true
|
|
219
402
|
).action(async (target, opts) => {
|
|
403
|
+
if (opts.audit) {
|
|
404
|
+
await runScanInput(opts.input ?? target ?? "", opts);
|
|
405
|
+
return;
|
|
406
|
+
}
|
|
220
407
|
if (opts.input) {
|
|
221
408
|
await runScanInput(opts.input, opts);
|
|
222
409
|
return;
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runScanInput, runSingleCve } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACM3B,SAAS,qBAAqB;;;ACRvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADCA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;;;AEpIO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvBA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,oBAAoB,SAAS,EAC9D,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,SAAyB;AACvC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAED;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADtGO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}
|
|
1
|
+
{"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runInspectPatch, runListPatches, runScanInput, runSingleCve, runValidatePatch } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n const parseBooleanFlag = (value: string): boolean => value === \"true\";\n\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--model <name>\", OPTION_DESCRIPTIONS.model)\n .option(\"--model-personality <profile>\", OPTION_DESCRIPTIONS.modelPersonality)\n .option(\"--provider-safety-profile <profile>\", OPTION_DESCRIPTIONS.providerSafetyProfile)\n .option(\"--require-consensus-for-high-risk\", OPTION_DESCRIPTIONS.requireConsensusForHighRisk, false)\n .option(\"--consensus-provider <provider>\", OPTION_DESCRIPTIONS.consensusProvider)\n .option(\"--consensus-model <name>\", OPTION_DESCRIPTIONS.consensusModel)\n .option(\n \"--patch-confidence-low <value>\",\n OPTION_DESCRIPTIONS.patchConfidenceThresholdLow,\n (value: string) => parseFloat(value)\n )\n .option(\n \"--patch-confidence-medium <value>\",\n OPTION_DESCRIPTIONS.patchConfidenceThresholdMedium,\n (value: string) => parseFloat(value)\n )\n .option(\n \"--patch-confidence-high <value>\",\n OPTION_DESCRIPTIONS.patchConfidenceThresholdHigh,\n (value: string) => parseFloat(value)\n )\n .option(\"--dynamic-model-routing\", OPTION_DESCRIPTIONS.dynamicModelRouting, false)\n .option(\n \"--dynamic-routing-threshold-chars <count>\",\n OPTION_DESCRIPTIONS.dynamicRoutingThresholdChars,\n (value: string) => parseInt(value, 10)\n )\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--install-mode <mode>\", OPTION_DESCRIPTIONS.installMode)\n .option(\n \"--install-prefer-offline <value>\",\n `${OPTION_DESCRIPTIONS.installPreferOffline} (true|false)`,\n parseBooleanFlag\n )\n .option(\n \"--enforce-frozen-lockfile <value>\",\n `${OPTION_DESCRIPTIONS.enforceFrozenLockfile} (true|false)`,\n parseBooleanFlag\n )\n .option(\"--workspace <name>\", OPTION_DESCRIPTIONS.workspace)\n .option(\"--audit\", OPTION_DESCRIPTIONS.audit, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .option(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n\n if (!merged.audit && !merged.input) {\n throw new Error(\"scan mode requires --input unless --audit is enabled.\");\n }\n await runScanInput(merged.input ?? \"\", merged);\n });\n\n const patches = program.command(\"patches\").description(\"Inspect and validate stored patch artifacts\");\n\n patches\n .command(\"list\")\n .description(\"List patch artifacts in the configured patches directory\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (opts: Pick<CommandOptions, \"cwd\" | \"patchesDir\" | \"json\">, command: Command) => {\n const merged = {\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n ...opts,\n } as Pick<CommandOptions, \"cwd\" | \"patchesDir\" | \"json\">;\n await runListPatches(merged);\n });\n\n patches\n .command(\"inspect\")\n .description(\"Inspect a patch artifact and its manifest metadata\")\n .argument(\"<patchPath>\", \"Path to the .patch file to inspect\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (patchPath: string, opts: Pick<CommandOptions, \"cwd\" | \"json\">, command: Command) => {\n const merged = {\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n ...opts,\n } as Pick<CommandOptions, \"cwd\" | \"json\">;\n await runInspectPatch(patchPath, merged);\n });\n\n patches\n .command(\"validate\")\n .description(\"Validate a patch artifact against its manifest and the current dependency inventory\")\n .argument(\"<patchPath>\", \"Path to the .patch file to validate\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (patchPath: string, opts: Pick<CommandOptions, \"cwd\" | \"packageManager\" | \"json\">, command: Command) => {\n const merged = {\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n ...opts,\n } as Pick<CommandOptions, \"cwd\" | \"packageManager\" | \"json\">;\n await runValidatePatch(patchPath, merged);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.audit) {\n await runScanInput(opts.input ?? target ?? \"\", opts);\n return;\n }\n\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n inspectPatchArtifact,\n listPatchArtifacts,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n validatePatchArtifact,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n model: opts.model,\n modelPersonality: opts.modelPersonality,\n providerSafetyProfile: opts.providerSafetyProfile,\n requireConsensusForHighRisk: opts.requireConsensusForHighRisk,\n consensusProvider: opts.consensusProvider,\n consensusModel: opts.consensusModel,\n patchConfidenceThresholds: {\n low: typeof opts.patchConfidenceLow === \"number\" ? opts.patchConfidenceLow : undefined,\n medium: typeof opts.patchConfidenceMedium === \"number\" ? opts.patchConfidenceMedium : undefined,\n high: typeof opts.patchConfidenceHigh === \"number\" ? opts.patchConfidenceHigh : undefined,\n },\n dynamicModelRouting: opts.dynamicModelRouting,\n dynamicRoutingThresholdChars:\n typeof opts.dynamicRoutingThresholdChars === \"number\"\n ? opts.dynamicRoutingThresholdChars\n : undefined,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n installMode: opts.installMode,\n installPreferOffline: opts.installPreferOffline,\n enforceFrozenLockfile: opts.enforceFrozenLockfile,\n workspace: opts.workspace,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n audit: opts.audit,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n model: opts.model,\n modelPersonality: opts.modelPersonality,\n providerSafetyProfile: opts.providerSafetyProfile,\n requireConsensusForHighRisk: opts.requireConsensusForHighRisk,\n consensusProvider: opts.consensusProvider,\n consensusModel: opts.consensusModel,\n patchConfidenceThresholds: {\n low: typeof opts.patchConfidenceLow === \"number\" ? opts.patchConfidenceLow : undefined,\n medium: typeof opts.patchConfidenceMedium === \"number\" ? opts.patchConfidenceMedium : undefined,\n high: typeof opts.patchConfidenceHigh === \"number\" ? opts.patchConfidenceHigh : undefined,\n },\n dynamicModelRouting: opts.dynamicModelRouting,\n dynamicRoutingThresholdChars:\n typeof opts.dynamicRoutingThresholdChars === \"number\"\n ? opts.dynamicRoutingThresholdChars\n : undefined,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n installMode: opts.installMode,\n installPreferOffline: opts.installPreferOffline,\n enforceFrozenLockfile: opts.enforceFrozenLockfile,\n workspace: opts.workspace,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n\nexport async function runListPatches(opts: Pick<CommandOptions, \"cwd\" | \"patchesDir\" | \"json\">): Promise<void> {\n const patches = await listPatchArtifacts({\n cwd: opts.cwd,\n patchesDir: opts.patchesDir,\n });\n\n if (opts.json) {\n logJson(patches);\n return;\n }\n\n process.stdout.write(`Patch artifacts: ${patches.length}\\n`);\n for (const patch of patches) {\n process.stdout.write(`- ${patch.patchFileName}`);\n if (patch.packageName && patch.vulnerableVersion) {\n process.stdout.write(` (${patch.packageName}@${patch.vulnerableVersion})`);\n }\n if (patch.confidence !== undefined) {\n process.stdout.write(` confidence=${patch.confidence.toFixed(2)}`);\n }\n if (patch.riskLevel) {\n process.stdout.write(` risk=${patch.riskLevel}`);\n }\n process.stdout.write(`\\n`);\n }\n}\n\nexport async function runInspectPatch(\n patchPath: string,\n opts: Pick<CommandOptions, \"cwd\" | \"json\">\n): Promise<void> {\n const inspection = await inspectPatchArtifact(patchPath, { cwd: opts.cwd });\n\n if (opts.json) {\n logJson(inspection);\n return;\n }\n\n process.stdout.write(`Patch: ${inspection.patchFilePath}\\n`);\n process.stdout.write(`Exists: ${inspection.exists}\\n`);\n process.stdout.write(`Diff valid: ${inspection.diffValid}\\n`);\n if (inspection.packageName && inspection.vulnerableVersion) {\n process.stdout.write(`Target: ${inspection.packageName}@${inspection.vulnerableVersion}\\n`);\n }\n if (inspection.manifestFilePath) {\n process.stdout.write(`Manifest: ${inspection.manifestFilePath}\\n`);\n }\n if (inspection.files?.length) {\n process.stdout.write(`Files: ${inspection.files.join(\", \")}\\n`);\n }\n if (inspection.formatError) {\n process.stdout.write(`Format error: ${inspection.formatError}\\n`);\n }\n}\n\nexport async function runValidatePatch(\n patchPath: string,\n opts: Pick<CommandOptions, \"cwd\" | \"packageManager\" | \"json\">\n): Promise<void> {\n const report = await validatePatchArtifact(patchPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n });\n\n if (opts.json) {\n logJson(report);\n return;\n }\n\n process.stdout.write(`Patch: ${report.patchFilePath}\\n`);\n process.stdout.write(`Exists: ${report.exists}\\n`);\n process.stdout.write(`Manifest found: ${report.manifestFound}\\n`);\n process.stdout.write(`Diff valid: ${report.diffValid}\\n`);\n process.stdout.write(`Drift detected: ${report.driftDetected}\\n`);\n if (report.packageName && report.vulnerableVersion) {\n process.stdout.write(`Target: ${report.packageName}@${report.vulnerableVersion}\\n`);\n }\n if (report.installedVersion) {\n process.stdout.write(`Installed version: ${report.installedVersion}\\n`);\n }\n for (const phase of report.validationPhases) {\n process.stdout.write(`Phase ${phase.phase}: ${phase.passed ? \"ok\" : \"failed\"}`);\n if (phase.error) {\n process.stdout.write(` (${phase.error})`);\n }\n process.stdout.write(`\\n`);\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"remote\" | \"local\";\n model?: string;\n modelPersonality?: \"analytical\" | \"pragmatic\" | \"balanced\";\n providerSafetyProfile?: \"strict\" | \"relaxed\";\n requireConsensusForHighRisk: boolean;\n consensusProvider?: \"remote\" | \"local\";\n consensusModel?: string;\n patchConfidenceLow?: number;\n patchConfidenceMedium?: number;\n patchConfidenceHigh?: number;\n dynamicModelRouting: boolean;\n dynamicRoutingThresholdChars?: number;\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n installMode?: \"standard\" | \"prefer-offline\" | \"deterministic\";\n installPreferOffline?: boolean;\n enforceFrozenLockfile?: boolean;\n workspace?: string;\n input?: string;\n audit: boolean;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACS3B,SAAS,qBAAqB;;;ACXvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADIA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,OAAO,KAAK;AAAA,IACZ,kBAAkB,KAAK;AAAA,IACvB,uBAAuB,KAAK;AAAA,IAC5B,6BAA6B,KAAK;AAAA,IAClC,mBAAmB,KAAK;AAAA,IACxB,gBAAgB,KAAK;AAAA,IACrB,2BAA2B;AAAA,MACzB,KAAK,OAAO,KAAK,uBAAuB,WAAW,KAAK,qBAAqB;AAAA,MAC7E,QAAQ,OAAO,KAAK,0BAA0B,WAAW,KAAK,wBAAwB;AAAA,MACtF,MAAM,OAAO,KAAK,wBAAwB,WAAW,KAAK,sBAAsB;AAAA,IAClF;AAAA,IACA,qBAAqB,KAAK;AAAA,IAC1B,8BACE,OAAO,KAAK,iCAAiC,WACzC,KAAK,+BACL;AAAA,IACN,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,MACxB,aAAa,KAAK;AAAA,MAClB,sBAAsB,KAAK;AAAA,MAC3B,uBAAuB,KAAK;AAAA,MAC5B,WAAW,KAAK;AAAA,IAClB;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,OAAO,KAAK;AAAA,IACZ,kBAAkB,KAAK;AAAA,IACvB,uBAAuB,KAAK;AAAA,IAC5B,6BAA6B,KAAK;AAAA,IAClC,mBAAmB,KAAK;AAAA,IACxB,gBAAgB,KAAK;AAAA,IACrB,2BAA2B;AAAA,MACzB,KAAK,OAAO,KAAK,uBAAuB,WAAW,KAAK,qBAAqB;AAAA,MAC7E,QAAQ,OAAO,KAAK,0BAA0B,WAAW,KAAK,wBAAwB;AAAA,MACtF,MAAM,OAAO,KAAK,wBAAwB,WAAW,KAAK,sBAAsB;AAAA,IAClF;AAAA,IACA,qBAAqB,KAAK;AAAA,IAC1B,8BACE,OAAO,KAAK,iCAAiC,WACzC,KAAK,+BACL;AAAA,IACN,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,MACxB,aAAa,KAAK;AAAA,MAClB,sBAAsB,KAAK;AAAA,MAC3B,uBAAuB,KAAK;AAAA,MAC5B,WAAW,KAAK;AAAA,IAClB;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;AAEA,eAAsB,eAAe,MAA0E;AAC7G,QAAM,UAAU,MAAM,mBAAmB;AAAA,IACvC,KAAK,KAAK;AAAA,IACV,YAAY,KAAK;AAAA,EACnB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,OAAO;AACf;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,oBAAoB,QAAQ,MAAM;AAAA,CAAI;AAC3D,aAAW,SAAS,SAAS;AAC3B,YAAQ,OAAO,MAAM,KAAK,MAAM,aAAa,EAAE;AAC/C,QAAI,MAAM,eAAe,MAAM,mBAAmB;AAChD,cAAQ,OAAO,MAAM,KAAK,MAAM,WAAW,IAAI,MAAM,iBAAiB,GAAG;AAAA,IAC3E;AACA,QAAI,MAAM,eAAe,QAAW;AAClC,cAAQ,OAAO,MAAM,eAAe,MAAM,WAAW,QAAQ,CAAC,CAAC,EAAE;AAAA,IACnE;AACA,QAAI,MAAM,WAAW;AACnB,cAAQ,OAAO,MAAM,SAAS,MAAM,SAAS,EAAE;AAAA,IACjD;AACA,YAAQ,OAAO,MAAM;AAAA,CAAI;AAAA,EAC3B;AACF;AAEA,eAAsB,gBACpB,WACA,MACe;AACf,QAAM,aAAa,MAAM,qBAAqB,WAAW,EAAE,KAAK,KAAK,IAAI,CAAC;AAE1E,MAAI,KAAK,MAAM;AACb,YAAQ,UAAU;AAClB;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,UAAU,WAAW,aAAa;AAAA,CAAI;AAC3D,UAAQ,OAAO,MAAM,WAAW,WAAW,MAAM;AAAA,CAAI;AACrD,UAAQ,OAAO,MAAM,eAAe,WAAW,SAAS;AAAA,CAAI;AAC5D,MAAI,WAAW,eAAe,WAAW,mBAAmB;AAC1D,YAAQ,OAAO,MAAM,WAAW,WAAW,WAAW,IAAI,WAAW,iBAAiB;AAAA,CAAI;AAAA,EAC5F;AACA,MAAI,WAAW,kBAAkB;AAC/B,YAAQ,OAAO,MAAM,aAAa,WAAW,gBAAgB;AAAA,CAAI;AAAA,EACnE;AACA,MAAI,WAAW,OAAO,QAAQ;AAC5B,YAAQ,OAAO,MAAM,UAAU,WAAW,MAAM,KAAK,IAAI,CAAC;AAAA,CAAI;AAAA,EAChE;AACA,MAAI,WAAW,aAAa;AAC1B,YAAQ,OAAO,MAAM,iBAAiB,WAAW,WAAW;AAAA,CAAI;AAAA,EAClE;AACF;AAEA,eAAsB,iBACpB,WACA,MACe;AACf,QAAM,SAAS,MAAM,sBAAsB,WAAW;AAAA,IACpD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,EACvB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,UAAU,OAAO,aAAa;AAAA,CAAI;AACvD,UAAQ,OAAO,MAAM,WAAW,OAAO,MAAM;AAAA,CAAI;AACjD,UAAQ,OAAO,MAAM,mBAAmB,OAAO,aAAa;AAAA,CAAI;AAChE,UAAQ,OAAO,MAAM,eAAe,OAAO,SAAS;AAAA,CAAI;AACxD,UAAQ,OAAO,MAAM,mBAAmB,OAAO,aAAa;AAAA,CAAI;AAChE,MAAI,OAAO,eAAe,OAAO,mBAAmB;AAClD,YAAQ,OAAO,MAAM,WAAW,OAAO,WAAW,IAAI,OAAO,iBAAiB;AAAA,CAAI;AAAA,EACpF;AACA,MAAI,OAAO,kBAAkB;AAC3B,YAAQ,OAAO,MAAM,sBAAsB,OAAO,gBAAgB;AAAA,CAAI;AAAA,EACxE;AACA,aAAW,SAAS,OAAO,kBAAkB;AAC3C,YAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,SAAS,OAAO,QAAQ,EAAE;AAC9E,QAAI,MAAM,OAAO;AACf,cAAQ,OAAO,MAAM,KAAK,MAAM,KAAK,GAAG;AAAA,IAC1C;AACA,YAAQ,OAAO,MAAM;AAAA,CAAI;AAAA,EAC3B;AACF;;;AEzPO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvCA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,QAAM,mBAAmB,CAAC,UAA2B,UAAU;AAE/D,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,iCAAiC,oBAAoB,gBAAgB,EAC5E,OAAO,uCAAuC,oBAAoB,qBAAqB,EACvF,OAAO,qCAAqC,oBAAoB,6BAA6B,KAAK,EAClG,OAAO,mCAAmC,oBAAoB,iBAAiB,EAC/E,OAAO,4BAA4B,oBAAoB,cAAc,EACrE;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,WAAW,KAAK;AAAA,EACrC,EACC;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,WAAW,KAAK;AAAA,EACrC,EACC;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,WAAW,KAAK;AAAA,EACrC,EACC,OAAO,2BAA2B,oBAAoB,qBAAqB,KAAK,EAChF;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,SAAS,OAAO,EAAE;AAAA,EACvC,EACC,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,yBAAyB,oBAAoB,WAAW,EAC/D;AAAA,IACC;AAAA,IACA,GAAG,oBAAoB,oBAAoB;AAAA,IAC3C;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA,GAAG,oBAAoB,qBAAqB;AAAA,IAC5C;AAAA,EACF,EACC,OAAO,sBAAsB,oBAAoB,SAAS,EAC1D,OAAO,WAAW,oBAAoB,OAAO,KAAK,EAClD,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,OAAO,kBAAkB,oBAAoB,SAAS,EACtD,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,MAAsB,YAAqB;AACzD,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AAEA,QAAI,CAAC,OAAO,SAAS,CAAC,OAAO,OAAO;AAClC,YAAM,IAAI,MAAM,uDAAuD;AAAA,IACzE;AACA,UAAM,aAAa,OAAO,SAAS,IAAI,MAAM;AAAA,EAC/C,CAAC;AAED,QAAM,UAAU,QAAQ,QAAQ,SAAS,EAAE,YAAY,6CAA6C;AAEpG,UACG,QAAQ,MAAM,EACd,YAAY,0DAA0D,EACtE,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,MAA2D,YAAqB;AAC7F,UAAM,SAAS;AAAA,MACb,GAAI,QAAQ,gBAAgB;AAAA,MAC5B,GAAG;AAAA,IACL;AACA,UAAM,eAAe,MAAM;AAAA,EAC7B,CAAC;AAEH,UACG,QAAQ,SAAS,EACjB,YAAY,oDAAoD,EAChE,SAAS,eAAe,oCAAoC,EAC5D,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,WAAmB,MAA4C,YAAqB;AACjG,UAAM,SAAS;AAAA,MACb,GAAI,QAAQ,gBAAgB;AAAA,MAC5B,GAAG;AAAA,IACL;AACA,UAAM,gBAAgB,WAAW,MAAM;AAAA,EACzC,CAAC;AAEH,UACG,QAAQ,UAAU,EAClB,YAAY,qFAAqF,EACjG,SAAS,eAAe,qCAAqC,EAC7D,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,WAAmB,MAA+D,YAAqB;AACpH,UAAM,SAAS;AAAA,MACb,GAAI,QAAQ,gBAAgB;AAAA,MAC5B,GAAG;AAAA,IACL;AACA,UAAM,iBAAiB,WAAW,MAAM;AAAA,EAC1C,CAAC;AAEH;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,SAAS,UAAU,IAAI,IAAI;AACnD;AAAA,IACF;AAEA,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;AD1MO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}
|