autoremediator 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -5,11 +5,14 @@ import {
5
5
  import {
6
6
  OPTION_DESCRIPTIONS,
7
7
  ciExitCode,
8
+ inspectPatchArtifact,
9
+ listPatchArtifacts,
8
10
  remediate,
9
11
  remediateFromScan,
10
12
  toCiSummary,
11
- toSarifOutput
12
- } from "./chunk-MUFP2DQX.js";
13
+ toSarifOutput,
14
+ validatePatchArtifact
15
+ } from "./chunk-EDPCMRUW.js";
13
16
 
14
17
  // src/cli/index.ts
15
18
  import { fileURLToPath } from "url";
@@ -62,6 +65,19 @@ async function runSingleCve(cveId, opts) {
62
65
  policy: opts.policy,
63
66
  evidence: opts.evidence,
64
67
  llmProvider: opts.llmProvider,
68
+ model: opts.model,
69
+ modelPersonality: opts.modelPersonality,
70
+ providerSafetyProfile: opts.providerSafetyProfile,
71
+ requireConsensusForHighRisk: opts.requireConsensusForHighRisk,
72
+ consensusProvider: opts.consensusProvider,
73
+ consensusModel: opts.consensusModel,
74
+ patchConfidenceThresholds: {
75
+ low: typeof opts.patchConfidenceLow === "number" ? opts.patchConfidenceLow : void 0,
76
+ medium: typeof opts.patchConfidenceMedium === "number" ? opts.patchConfidenceMedium : void 0,
77
+ high: typeof opts.patchConfidenceHigh === "number" ? opts.patchConfidenceHigh : void 0
78
+ },
79
+ dynamicModelRouting: opts.dynamicModelRouting,
80
+ dynamicRoutingThresholdChars: typeof opts.dynamicRoutingThresholdChars === "number" ? opts.dynamicRoutingThresholdChars : void 0,
65
81
  requestId: opts.requestId,
66
82
  sessionId: opts.sessionId,
67
83
  parentRunId: opts.parentRunId,
@@ -71,7 +87,11 @@ async function runSingleCve(cveId, opts) {
71
87
  source: opts.source ?? "cli",
72
88
  constraints: {
73
89
  directDependenciesOnly: opts.directDependenciesOnly,
74
- preferVersionBump: opts.preferVersionBump
90
+ preferVersionBump: opts.preferVersionBump,
91
+ installMode: opts.installMode,
92
+ installPreferOffline: opts.installPreferOffline,
93
+ enforceFrozenLockfile: opts.enforceFrozenLockfile,
94
+ workspace: opts.workspace
75
95
  }
76
96
  });
77
97
  const reportAsScan = asSingleCveScanReport(report);
@@ -106,12 +126,26 @@ async function runScanInput(inputPath, opts) {
106
126
  cwd: opts.cwd,
107
127
  packageManager: opts.packageManager,
108
128
  format: opts.format,
129
+ audit: opts.audit,
109
130
  policy: opts.policy,
110
131
  patchesDir: opts.patchesDir,
111
132
  dryRun: opts.dryRun,
112
133
  preview: opts.preview,
113
134
  runTests: opts.runTests,
114
135
  llmProvider: opts.llmProvider,
136
+ model: opts.model,
137
+ modelPersonality: opts.modelPersonality,
138
+ providerSafetyProfile: opts.providerSafetyProfile,
139
+ requireConsensusForHighRisk: opts.requireConsensusForHighRisk,
140
+ consensusProvider: opts.consensusProvider,
141
+ consensusModel: opts.consensusModel,
142
+ patchConfidenceThresholds: {
143
+ low: typeof opts.patchConfidenceLow === "number" ? opts.patchConfidenceLow : void 0,
144
+ medium: typeof opts.patchConfidenceMedium === "number" ? opts.patchConfidenceMedium : void 0,
145
+ high: typeof opts.patchConfidenceHigh === "number" ? opts.patchConfidenceHigh : void 0
146
+ },
147
+ dynamicModelRouting: opts.dynamicModelRouting,
148
+ dynamicRoutingThresholdChars: typeof opts.dynamicRoutingThresholdChars === "number" ? opts.dynamicRoutingThresholdChars : void 0,
115
149
  evidence: opts.evidence,
116
150
  requestId: opts.requestId,
117
151
  sessionId: opts.sessionId,
@@ -122,7 +156,11 @@ async function runScanInput(inputPath, opts) {
122
156
  source: opts.source ?? "cli",
123
157
  constraints: {
124
158
  directDependenciesOnly: opts.directDependenciesOnly,
125
- preferVersionBump: opts.preferVersionBump
159
+ preferVersionBump: opts.preferVersionBump,
160
+ installMode: opts.installMode,
161
+ installPreferOffline: opts.installPreferOffline,
162
+ enforceFrozenLockfile: opts.enforceFrozenLockfile,
163
+ workspace: opts.workspace
126
164
  }
127
165
  });
128
166
  if (opts.summaryFile) {
@@ -180,6 +218,97 @@ async function runScanInput(inputPath, opts) {
180
218
  process.exitCode = ciExitCode(toCiSummary(report));
181
219
  }
182
220
  }
221
+ async function runListPatches(opts) {
222
+ const patches = await listPatchArtifacts({
223
+ cwd: opts.cwd,
224
+ patchesDir: opts.patchesDir
225
+ });
226
+ if (opts.json) {
227
+ logJson(patches);
228
+ return;
229
+ }
230
+ process.stdout.write(`Patch artifacts: ${patches.length}
231
+ `);
232
+ for (const patch of patches) {
233
+ process.stdout.write(`- ${patch.patchFileName}`);
234
+ if (patch.packageName && patch.vulnerableVersion) {
235
+ process.stdout.write(` (${patch.packageName}@${patch.vulnerableVersion})`);
236
+ }
237
+ if (patch.confidence !== void 0) {
238
+ process.stdout.write(` confidence=${patch.confidence.toFixed(2)}`);
239
+ }
240
+ if (patch.riskLevel) {
241
+ process.stdout.write(` risk=${patch.riskLevel}`);
242
+ }
243
+ process.stdout.write(`
244
+ `);
245
+ }
246
+ }
247
+ async function runInspectPatch(patchPath, opts) {
248
+ const inspection = await inspectPatchArtifact(patchPath, { cwd: opts.cwd });
249
+ if (opts.json) {
250
+ logJson(inspection);
251
+ return;
252
+ }
253
+ process.stdout.write(`Patch: ${inspection.patchFilePath}
254
+ `);
255
+ process.stdout.write(`Exists: ${inspection.exists}
256
+ `);
257
+ process.stdout.write(`Diff valid: ${inspection.diffValid}
258
+ `);
259
+ if (inspection.packageName && inspection.vulnerableVersion) {
260
+ process.stdout.write(`Target: ${inspection.packageName}@${inspection.vulnerableVersion}
261
+ `);
262
+ }
263
+ if (inspection.manifestFilePath) {
264
+ process.stdout.write(`Manifest: ${inspection.manifestFilePath}
265
+ `);
266
+ }
267
+ if (inspection.files?.length) {
268
+ process.stdout.write(`Files: ${inspection.files.join(", ")}
269
+ `);
270
+ }
271
+ if (inspection.formatError) {
272
+ process.stdout.write(`Format error: ${inspection.formatError}
273
+ `);
274
+ }
275
+ }
276
+ async function runValidatePatch(patchPath, opts) {
277
+ const report = await validatePatchArtifact(patchPath, {
278
+ cwd: opts.cwd,
279
+ packageManager: opts.packageManager
280
+ });
281
+ if (opts.json) {
282
+ logJson(report);
283
+ return;
284
+ }
285
+ process.stdout.write(`Patch: ${report.patchFilePath}
286
+ `);
287
+ process.stdout.write(`Exists: ${report.exists}
288
+ `);
289
+ process.stdout.write(`Manifest found: ${report.manifestFound}
290
+ `);
291
+ process.stdout.write(`Diff valid: ${report.diffValid}
292
+ `);
293
+ process.stdout.write(`Drift detected: ${report.driftDetected}
294
+ `);
295
+ if (report.packageName && report.vulnerableVersion) {
296
+ process.stdout.write(`Target: ${report.packageName}@${report.vulnerableVersion}
297
+ `);
298
+ }
299
+ if (report.installedVersion) {
300
+ process.stdout.write(`Installed version: ${report.installedVersion}
301
+ `);
302
+ }
303
+ for (const phase of report.validationPhases) {
304
+ process.stdout.write(`Phase ${phase.phase}: ${phase.passed ? "ok" : "failed"}`);
305
+ if (phase.error) {
306
+ process.stdout.write(` (${phase.error})`);
307
+ }
308
+ process.stdout.write(`
309
+ `);
310
+ }
311
+ }
183
312
 
184
313
  // src/cli/types.ts
185
314
  function isCveId(value) {
@@ -188,7 +317,32 @@ function isCveId(value) {
188
317
 
189
318
  // src/cli/program.ts
190
319
  function addSharedOptions(program, includeInput = false) {
191
- program.option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--dry-run", OPTION_DESCRIPTIONS.dryRun, false).option("--preview", OPTION_DESCRIPTIONS.preview, false).option("--run-tests", OPTION_DESCRIPTIONS.runTests, false).option("--llm-provider <provider>", OPTION_DESCRIPTIONS.llmProvider).option("--request-id <id>", OPTION_DESCRIPTIONS.requestId).option("--session-id <id>", OPTION_DESCRIPTIONS.sessionId).option("--parent-run-id <id>", OPTION_DESCRIPTIONS.parentRunId).option("--idempotency-key <key>", OPTION_DESCRIPTIONS.idempotencyKey).option("--resume", OPTION_DESCRIPTIONS.resume, false).option("--actor <name>", OPTION_DESCRIPTIONS.actor).option("--source <src>", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`).option("--direct-dependencies-only", OPTION_DESCRIPTIONS.directDependenciesOnly, false).option("--prefer-version-bump", OPTION_DESCRIPTIONS.preferVersionBump, false).option("--policy <path>", OPTION_DESCRIPTIONS.policy).option("--evidence", OPTION_DESCRIPTIONS.evidence, true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false);
320
+ const parseBooleanFlag = (value) => value === "true";
321
+ program.option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--dry-run", OPTION_DESCRIPTIONS.dryRun, false).option("--preview", OPTION_DESCRIPTIONS.preview, false).option("--run-tests", OPTION_DESCRIPTIONS.runTests, false).option("--llm-provider <provider>", OPTION_DESCRIPTIONS.llmProvider).option("--model <name>", OPTION_DESCRIPTIONS.model).option("--model-personality <profile>", OPTION_DESCRIPTIONS.modelPersonality).option("--provider-safety-profile <profile>", OPTION_DESCRIPTIONS.providerSafetyProfile).option("--require-consensus-for-high-risk", OPTION_DESCRIPTIONS.requireConsensusForHighRisk, false).option("--consensus-provider <provider>", OPTION_DESCRIPTIONS.consensusProvider).option("--consensus-model <name>", OPTION_DESCRIPTIONS.consensusModel).option(
322
+ "--patch-confidence-low <value>",
323
+ OPTION_DESCRIPTIONS.patchConfidenceThresholdLow,
324
+ (value) => parseFloat(value)
325
+ ).option(
326
+ "--patch-confidence-medium <value>",
327
+ OPTION_DESCRIPTIONS.patchConfidenceThresholdMedium,
328
+ (value) => parseFloat(value)
329
+ ).option(
330
+ "--patch-confidence-high <value>",
331
+ OPTION_DESCRIPTIONS.patchConfidenceThresholdHigh,
332
+ (value) => parseFloat(value)
333
+ ).option("--dynamic-model-routing", OPTION_DESCRIPTIONS.dynamicModelRouting, false).option(
334
+ "--dynamic-routing-threshold-chars <count>",
335
+ OPTION_DESCRIPTIONS.dynamicRoutingThresholdChars,
336
+ (value) => parseInt(value, 10)
337
+ ).option("--request-id <id>", OPTION_DESCRIPTIONS.requestId).option("--session-id <id>", OPTION_DESCRIPTIONS.sessionId).option("--parent-run-id <id>", OPTION_DESCRIPTIONS.parentRunId).option("--idempotency-key <key>", OPTION_DESCRIPTIONS.idempotencyKey).option("--resume", OPTION_DESCRIPTIONS.resume, false).option("--actor <name>", OPTION_DESCRIPTIONS.actor).option("--source <src>", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`).option("--direct-dependencies-only", OPTION_DESCRIPTIONS.directDependenciesOnly, false).option("--prefer-version-bump", OPTION_DESCRIPTIONS.preferVersionBump, false).option("--install-mode <mode>", OPTION_DESCRIPTIONS.installMode).option(
338
+ "--install-prefer-offline <value>",
339
+ `${OPTION_DESCRIPTIONS.installPreferOffline} (true|false)`,
340
+ parseBooleanFlag
341
+ ).option(
342
+ "--enforce-frozen-lockfile <value>",
343
+ `${OPTION_DESCRIPTIONS.enforceFrozenLockfile} (true|false)`,
344
+ parseBooleanFlag
345
+ ).option("--workspace <name>", OPTION_DESCRIPTIONS.workspace).option("--audit", OPTION_DESCRIPTIONS.audit, false).option("--policy <path>", OPTION_DESCRIPTIONS.policy).option("--evidence", OPTION_DESCRIPTIONS.evidence, true).option("--no-evidence", "Disable evidence file output").option("--ci", "Enable CI behavior (non-zero exit on failed remediations)", false).option("--output-format <format>", "Output format: json|sarif", "json").option("--json", "Print JSON output", false);
192
346
  if (includeInput) {
193
347
  program.option("--input <path>", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);
194
348
  }
@@ -208,15 +362,48 @@ function createProgram() {
208
362
  await runSingleCve(cveId, merged);
209
363
  });
210
364
  addSharedOptions(
211
- program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").requiredOption("--input <path>", OPTION_DESCRIPTIONS.inputPath).option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
365
+ program.command("scan").description("Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)").option("--input <path>", OPTION_DESCRIPTIONS.inputPath).option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
212
366
  false
213
- ).action(async (opts) => {
214
- await runScanInput(opts.input, opts);
367
+ ).action(async (opts, command) => {
368
+ const merged = {
369
+ ...opts,
370
+ ...command.optsWithGlobals()
371
+ };
372
+ if (!merged.audit && !merged.input) {
373
+ throw new Error("scan mode requires --input unless --audit is enabled.");
374
+ }
375
+ await runScanInput(merged.input ?? "", merged);
376
+ });
377
+ const patches = program.command("patches").description("Inspect and validate stored patch artifacts");
378
+ patches.command("list").description("List patch artifacts in the configured patches directory").option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--patches-dir <path>", OPTION_DESCRIPTIONS.patchesDir).option("--json", "Print JSON output", false).action(async (opts, command) => {
379
+ const merged = {
380
+ ...command.optsWithGlobals(),
381
+ ...opts
382
+ };
383
+ await runListPatches(merged);
384
+ });
385
+ patches.command("inspect").description("Inspect a patch artifact and its manifest metadata").argument("<patchPath>", "Path to the .patch file to inspect").option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--json", "Print JSON output", false).action(async (patchPath, opts, command) => {
386
+ const merged = {
387
+ ...command.optsWithGlobals(),
388
+ ...opts
389
+ };
390
+ await runInspectPatch(patchPath, merged);
391
+ });
392
+ patches.command("validate").description("Validate a patch artifact against its manifest and the current dependency inventory").argument("<patchPath>", "Path to the .patch file to validate").option("--cwd <path>", OPTION_DESCRIPTIONS.cwd, process.cwd()).option("--package-manager <name>", OPTION_DESCRIPTIONS.packageManager).option("--json", "Print JSON output", false).action(async (patchPath, opts, command) => {
393
+ const merged = {
394
+ ...command.optsWithGlobals(),
395
+ ...opts
396
+ };
397
+ await runValidatePatch(patchPath, merged);
215
398
  });
216
399
  addSharedOptions(
217
400
  program.argument("[target]", "Scanner output file path (or CVE ID fallback)").option("--format <type>", OPTION_DESCRIPTIONS.format, "auto").option("--summary-file <path>", "Write machine-readable scan summary JSON to path"),
218
401
  true
219
402
  ).action(async (target, opts) => {
403
+ if (opts.audit) {
404
+ await runScanInput(opts.input ?? target ?? "", opts);
405
+ return;
406
+ }
220
407
  if (opts.input) {
221
408
  await runScanInput(opts.input, opts);
222
409
  return;
package/dist/cli.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runScanInput, runSingleCve } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .requiredOption(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions) => {\n await runScanInput(opts.input!, opts);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"openai\" | \"anthropic\" | \"local\";\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n input?: string;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACM3B,SAAS,qBAAqB;;;ACRvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADCA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;;;AEpIO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvBA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,eAAe,kBAAkB,oBAAoB,SAAS,EAC9D,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,SAAyB;AACvC,UAAM,aAAa,KAAK,OAAQ,IAAI;AAAA,EACtC,CAAC;AAED;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADtGO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}
1
+ {"version":3,"sources":["../src/cli/index.ts","../src/cli/program.ts","../src/cli/runners.ts","../src/cli/output.ts","../src/cli/types.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { Command } from \"commander\";\nimport { fileURLToPath } from \"node:url\";\nimport { createProgram as createCliProgram } from \"./program.js\";\n\nexport function createProgram(): Command {\n return createCliProgram();\n}\n\nasync function main(argv = process.argv): Promise<void> {\n const program = createProgram();\n await program.parseAsync(argv);\n}\n\nfunction isMainModule(): boolean {\n if (!process.argv[1]) return false;\n return fileURLToPath(import.meta.url) === process.argv[1];\n}\n\nif (isMainModule()) {\n main().catch((error) => {\n const message = error instanceof Error ? error.message : String(error);\n process.stderr.write(`[autoremediator] ${message}\\n`);\n process.exit(1);\n });\n}\n","import { Command } from \"commander\";\nimport { OPTION_DESCRIPTIONS } from \"../api/index.js\";\nimport { existsSync } from \"node:fs\";\nimport { PACKAGE_VERSION } from \"../version\";\nimport { runInspectPatch, runListPatches, runScanInput, runSingleCve, runValidatePatch } from \"./runners.js\";\nimport type { CommandOptions } from \"./types.js\";\nimport { isCveId } from \"./types.js\";\n\nfunction addSharedOptions(program: Command, includeInput = false): Command {\n const parseBooleanFlag = (value: string): boolean => value === \"true\";\n\n program\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--dry-run\", OPTION_DESCRIPTIONS.dryRun, false)\n .option(\"--preview\", OPTION_DESCRIPTIONS.preview, false)\n .option(\"--run-tests\", OPTION_DESCRIPTIONS.runTests, false)\n .option(\"--llm-provider <provider>\", OPTION_DESCRIPTIONS.llmProvider)\n .option(\"--model <name>\", OPTION_DESCRIPTIONS.model)\n .option(\"--model-personality <profile>\", OPTION_DESCRIPTIONS.modelPersonality)\n .option(\"--provider-safety-profile <profile>\", OPTION_DESCRIPTIONS.providerSafetyProfile)\n .option(\"--require-consensus-for-high-risk\", OPTION_DESCRIPTIONS.requireConsensusForHighRisk, false)\n .option(\"--consensus-provider <provider>\", OPTION_DESCRIPTIONS.consensusProvider)\n .option(\"--consensus-model <name>\", OPTION_DESCRIPTIONS.consensusModel)\n .option(\n \"--patch-confidence-low <value>\",\n OPTION_DESCRIPTIONS.patchConfidenceThresholdLow,\n (value: string) => parseFloat(value)\n )\n .option(\n \"--patch-confidence-medium <value>\",\n OPTION_DESCRIPTIONS.patchConfidenceThresholdMedium,\n (value: string) => parseFloat(value)\n )\n .option(\n \"--patch-confidence-high <value>\",\n OPTION_DESCRIPTIONS.patchConfidenceThresholdHigh,\n (value: string) => parseFloat(value)\n )\n .option(\"--dynamic-model-routing\", OPTION_DESCRIPTIONS.dynamicModelRouting, false)\n .option(\n \"--dynamic-routing-threshold-chars <count>\",\n OPTION_DESCRIPTIONS.dynamicRoutingThresholdChars,\n (value: string) => parseInt(value, 10)\n )\n .option(\"--request-id <id>\", OPTION_DESCRIPTIONS.requestId)\n .option(\"--session-id <id>\", OPTION_DESCRIPTIONS.sessionId)\n .option(\"--parent-run-id <id>\", OPTION_DESCRIPTIONS.parentRunId)\n .option(\"--idempotency-key <key>\", OPTION_DESCRIPTIONS.idempotencyKey)\n .option(\"--resume\", OPTION_DESCRIPTIONS.resume, false)\n .option(\"--actor <name>\", OPTION_DESCRIPTIONS.actor)\n .option(\"--source <src>\", `${OPTION_DESCRIPTIONS.source}: cli|sdk|mcp|openapi|unknown`)\n .option(\"--direct-dependencies-only\", OPTION_DESCRIPTIONS.directDependenciesOnly, false)\n .option(\"--prefer-version-bump\", OPTION_DESCRIPTIONS.preferVersionBump, false)\n .option(\"--install-mode <mode>\", OPTION_DESCRIPTIONS.installMode)\n .option(\n \"--install-prefer-offline <value>\",\n `${OPTION_DESCRIPTIONS.installPreferOffline} (true|false)`,\n parseBooleanFlag\n )\n .option(\n \"--enforce-frozen-lockfile <value>\",\n `${OPTION_DESCRIPTIONS.enforceFrozenLockfile} (true|false)`,\n parseBooleanFlag\n )\n .option(\"--workspace <name>\", OPTION_DESCRIPTIONS.workspace)\n .option(\"--audit\", OPTION_DESCRIPTIONS.audit, false)\n .option(\"--policy <path>\", OPTION_DESCRIPTIONS.policy)\n .option(\"--evidence\", OPTION_DESCRIPTIONS.evidence, true)\n .option(\"--no-evidence\", \"Disable evidence file output\")\n .option(\"--ci\", \"Enable CI behavior (non-zero exit on failed remediations)\", false)\n .option(\"--output-format <format>\", \"Output format: json|sarif\", \"json\")\n .option(\"--json\", \"Print JSON output\", false);\n\n if (includeInput) {\n program.option(\"--input <path>\", `${OPTION_DESCRIPTIONS.inputPath} (scanner-first mode)`);\n }\n\n return program;\n}\n\nexport function createProgram(): Command {\n const program = new Command();\n\n program\n .name(\"autoremediator\")\n .description(\"Scanner-first Node.js vulnerability auto-remediation tool\")\n .version(PACKAGE_VERSION)\n .showHelpAfterError();\n\n addSharedOptions(\n program\n .command(\"cve\")\n .description(\"Remediate a single CVE ID\")\n .argument(\"<cveId>\", OPTION_DESCRIPTIONS.cveId),\n false\n ).action(async (cveId: string, opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n await runSingleCve(cveId, merged);\n });\n\n addSharedOptions(\n program\n .command(\"scan\")\n .description(\"Remediate vulnerabilities from scanner output (npm/pnpm/yarn audit JSON or SARIF)\")\n .option(\"--input <path>\", OPTION_DESCRIPTIONS.inputPath)\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n false\n ).action(async (opts: CommandOptions, command: Command) => {\n const merged = {\n ...opts,\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n } as CommandOptions;\n\n if (!merged.audit && !merged.input) {\n throw new Error(\"scan mode requires --input unless --audit is enabled.\");\n }\n await runScanInput(merged.input ?? \"\", merged);\n });\n\n const patches = program.command(\"patches\").description(\"Inspect and validate stored patch artifacts\");\n\n patches\n .command(\"list\")\n .description(\"List patch artifacts in the configured patches directory\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--patches-dir <path>\", OPTION_DESCRIPTIONS.patchesDir)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (opts: Pick<CommandOptions, \"cwd\" | \"patchesDir\" | \"json\">, command: Command) => {\n const merged = {\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n ...opts,\n } as Pick<CommandOptions, \"cwd\" | \"patchesDir\" | \"json\">;\n await runListPatches(merged);\n });\n\n patches\n .command(\"inspect\")\n .description(\"Inspect a patch artifact and its manifest metadata\")\n .argument(\"<patchPath>\", \"Path to the .patch file to inspect\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (patchPath: string, opts: Pick<CommandOptions, \"cwd\" | \"json\">, command: Command) => {\n const merged = {\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n ...opts,\n } as Pick<CommandOptions, \"cwd\" | \"json\">;\n await runInspectPatch(patchPath, merged);\n });\n\n patches\n .command(\"validate\")\n .description(\"Validate a patch artifact against its manifest and the current dependency inventory\")\n .argument(\"<patchPath>\", \"Path to the .patch file to validate\")\n .option(\"--cwd <path>\", OPTION_DESCRIPTIONS.cwd, process.cwd())\n .option(\"--package-manager <name>\", OPTION_DESCRIPTIONS.packageManager)\n .option(\"--json\", \"Print JSON output\", false)\n .action(async (patchPath: string, opts: Pick<CommandOptions, \"cwd\" | \"packageManager\" | \"json\">, command: Command) => {\n const merged = {\n ...(command.optsWithGlobals() as Partial<CommandOptions>),\n ...opts,\n } as Pick<CommandOptions, \"cwd\" | \"packageManager\" | \"json\">;\n await runValidatePatch(patchPath, merged);\n });\n\n addSharedOptions(\n program\n .argument(\"[target]\", \"Scanner output file path (or CVE ID fallback)\")\n .option(\"--format <type>\", OPTION_DESCRIPTIONS.format, \"auto\")\n .option(\"--summary-file <path>\", \"Write machine-readable scan summary JSON to path\"),\n true\n ).action(async (target: string | undefined, opts: CommandOptions) => {\n if (opts.audit) {\n await runScanInput(opts.input ?? target ?? \"\", opts);\n return;\n }\n\n if (opts.input) {\n await runScanInput(opts.input, opts);\n return;\n }\n\n if (!target) {\n program.outputHelp();\n return;\n }\n\n if (isCveId(target)) {\n await runSingleCve(target, opts);\n return;\n }\n\n if (existsSync(target)) {\n await runScanInput(target, opts);\n return;\n }\n\n throw new Error(\n `Target \"${target}\" is neither a valid CVE ID nor an existing scan file path.`\n );\n });\n\n return program;\n}\n","import {\n ciExitCode,\n inspectPatchArtifact,\n listPatchArtifacts,\n remediate,\n remediateFromScan,\n type ScanReport,\n toCiSummary,\n toSarifOutput,\n validatePatchArtifact,\n} from \"../api/index.js\";\nimport { writeFileSync } from \"node:fs\";\nimport { formatCountMap, logJson } from \"./output.js\";\nimport type { CommandOptions } from \"./types.js\";\n\nfunction asSingleCveScanReport(report: Awaited<ReturnType<typeof remediate>>): ScanReport {\n return {\n schemaVersion: \"1.0\",\n status: report.results.some((result) => !result.applied && !result.dryRun)\n ? report.results.some((result) => result.applied || result.dryRun)\n ? \"partial\"\n : \"failed\"\n : \"ok\",\n generatedAt: new Date().toISOString(),\n cveIds: [report.cveId],\n reports: [report],\n successCount: report.results.filter((result) => result.applied || result.dryRun).length,\n failedCount: report.results.filter((result) => !result.applied && !result.dryRun).length,\n errors: [],\n evidenceFile: report.evidenceFile,\n patchCount: report.results.filter((result) => result.strategy === \"patch-file\").length,\n correlation: report.correlation,\n provenance: report.provenance,\n constraints: report.constraints,\n };\n}\n\nexport async function runSingleCve(cveId: string, opts: CommandOptions): Promise<void> {\n const report = await remediate(cveId, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n patchesDir: opts.patchesDir,\n policy: opts.policy,\n evidence: opts.evidence,\n llmProvider: opts.llmProvider,\n model: opts.model,\n modelPersonality: opts.modelPersonality,\n providerSafetyProfile: opts.providerSafetyProfile,\n requireConsensusForHighRisk: opts.requireConsensusForHighRisk,\n consensusProvider: opts.consensusProvider,\n consensusModel: opts.consensusModel,\n patchConfidenceThresholds: {\n low: typeof opts.patchConfidenceLow === \"number\" ? opts.patchConfidenceLow : undefined,\n medium: typeof opts.patchConfidenceMedium === \"number\" ? opts.patchConfidenceMedium : undefined,\n high: typeof opts.patchConfidenceHigh === \"number\" ? opts.patchConfidenceHigh : undefined,\n },\n dynamicModelRouting: opts.dynamicModelRouting,\n dynamicRoutingThresholdChars:\n typeof opts.dynamicRoutingThresholdChars === \"number\"\n ? opts.dynamicRoutingThresholdChars\n : undefined,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n installMode: opts.installMode,\n installPreferOffline: opts.installPreferOffline,\n enforceFrozenLockfile: opts.enforceFrozenLockfile,\n workspace: opts.workspace,\n },\n });\n\n const reportAsScan = asSingleCveScanReport(report);\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(reportAsScan));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n return;\n }\n\n process.stdout.write(`${report.summary}\\n`);\n process.stdout.write(`Results: ${report.results.length}\\n`);\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(reportAsScan));\n }\n}\n\nexport async function runScanInput(inputPath: string, opts: CommandOptions): Promise<void> {\n const report = await remediateFromScan(inputPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n format: opts.format,\n audit: opts.audit,\n policy: opts.policy,\n patchesDir: opts.patchesDir,\n dryRun: opts.dryRun,\n preview: opts.preview,\n runTests: opts.runTests,\n llmProvider: opts.llmProvider,\n model: opts.model,\n modelPersonality: opts.modelPersonality,\n providerSafetyProfile: opts.providerSafetyProfile,\n requireConsensusForHighRisk: opts.requireConsensusForHighRisk,\n consensusProvider: opts.consensusProvider,\n consensusModel: opts.consensusModel,\n patchConfidenceThresholds: {\n low: typeof opts.patchConfidenceLow === \"number\" ? opts.patchConfidenceLow : undefined,\n medium: typeof opts.patchConfidenceMedium === \"number\" ? opts.patchConfidenceMedium : undefined,\n high: typeof opts.patchConfidenceHigh === \"number\" ? opts.patchConfidenceHigh : undefined,\n },\n dynamicModelRouting: opts.dynamicModelRouting,\n dynamicRoutingThresholdChars:\n typeof opts.dynamicRoutingThresholdChars === \"number\"\n ? opts.dynamicRoutingThresholdChars\n : undefined,\n evidence: opts.evidence,\n requestId: opts.requestId,\n sessionId: opts.sessionId,\n parentRunId: opts.parentRunId,\n idempotencyKey: opts.idempotencyKey,\n resume: opts.resume,\n actor: opts.actor,\n source: opts.source ?? \"cli\",\n constraints: {\n directDependenciesOnly: opts.directDependenciesOnly,\n preferVersionBump: opts.preferVersionBump,\n installMode: opts.installMode,\n installPreferOffline: opts.installPreferOffline,\n enforceFrozenLockfile: opts.enforceFrozenLockfile,\n workspace: opts.workspace,\n },\n });\n\n if (opts.summaryFile) {\n const summary = toCiSummary(report);\n writeFileSync(opts.summaryFile, JSON.stringify(summary, null, 2) + \"\\n\", \"utf8\");\n }\n\n if (opts.outputFormat === \"sarif\") {\n logJson(toSarifOutput(report));\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n if (opts.json) {\n logJson(report);\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n return;\n }\n\n process.stdout.write(`CVEs found: ${report.cveIds.length}\\n`);\n process.stdout.write(`Remediation reports: ${report.reports.length}\\n`);\n process.stdout.write(`Successful remediations: ${report.successCount}\\n`);\n process.stdout.write(`Failed remediations: ${report.failedCount}\\n`);\n const strategyCounts = formatCountMap(report.strategyCounts);\n if (strategyCounts) {\n process.stdout.write(`Strategy counts: ${strategyCounts}\\n`);\n }\n const dependencyScopeCounts = formatCountMap(report.dependencyScopeCounts);\n if (dependencyScopeCounts) {\n process.stdout.write(`Dependency scope counts: ${dependencyScopeCounts}\\n`);\n }\n const unresolvedByReason = formatCountMap(report.unresolvedByReason);\n if (unresolvedByReason) {\n process.stdout.write(`Unresolved reasons: ${unresolvedByReason}\\n`);\n }\n if (report.evidenceFile) {\n process.stdout.write(`Evidence: ${report.evidenceFile}\\n`);\n }\n\n if (report.errors.length > 0) {\n for (const error of report.errors) {\n process.stdout.write(`Error ${error.cveId}: ${error.message}\\n`);\n }\n }\n\n if (opts.ci) {\n process.exitCode = ciExitCode(toCiSummary(report));\n }\n}\n\nexport async function runListPatches(opts: Pick<CommandOptions, \"cwd\" | \"patchesDir\" | \"json\">): Promise<void> {\n const patches = await listPatchArtifacts({\n cwd: opts.cwd,\n patchesDir: opts.patchesDir,\n });\n\n if (opts.json) {\n logJson(patches);\n return;\n }\n\n process.stdout.write(`Patch artifacts: ${patches.length}\\n`);\n for (const patch of patches) {\n process.stdout.write(`- ${patch.patchFileName}`);\n if (patch.packageName && patch.vulnerableVersion) {\n process.stdout.write(` (${patch.packageName}@${patch.vulnerableVersion})`);\n }\n if (patch.confidence !== undefined) {\n process.stdout.write(` confidence=${patch.confidence.toFixed(2)}`);\n }\n if (patch.riskLevel) {\n process.stdout.write(` risk=${patch.riskLevel}`);\n }\n process.stdout.write(`\\n`);\n }\n}\n\nexport async function runInspectPatch(\n patchPath: string,\n opts: Pick<CommandOptions, \"cwd\" | \"json\">\n): Promise<void> {\n const inspection = await inspectPatchArtifact(patchPath, { cwd: opts.cwd });\n\n if (opts.json) {\n logJson(inspection);\n return;\n }\n\n process.stdout.write(`Patch: ${inspection.patchFilePath}\\n`);\n process.stdout.write(`Exists: ${inspection.exists}\\n`);\n process.stdout.write(`Diff valid: ${inspection.diffValid}\\n`);\n if (inspection.packageName && inspection.vulnerableVersion) {\n process.stdout.write(`Target: ${inspection.packageName}@${inspection.vulnerableVersion}\\n`);\n }\n if (inspection.manifestFilePath) {\n process.stdout.write(`Manifest: ${inspection.manifestFilePath}\\n`);\n }\n if (inspection.files?.length) {\n process.stdout.write(`Files: ${inspection.files.join(\", \")}\\n`);\n }\n if (inspection.formatError) {\n process.stdout.write(`Format error: ${inspection.formatError}\\n`);\n }\n}\n\nexport async function runValidatePatch(\n patchPath: string,\n opts: Pick<CommandOptions, \"cwd\" | \"packageManager\" | \"json\">\n): Promise<void> {\n const report = await validatePatchArtifact(patchPath, {\n cwd: opts.cwd,\n packageManager: opts.packageManager,\n });\n\n if (opts.json) {\n logJson(report);\n return;\n }\n\n process.stdout.write(`Patch: ${report.patchFilePath}\\n`);\n process.stdout.write(`Exists: ${report.exists}\\n`);\n process.stdout.write(`Manifest found: ${report.manifestFound}\\n`);\n process.stdout.write(`Diff valid: ${report.diffValid}\\n`);\n process.stdout.write(`Drift detected: ${report.driftDetected}\\n`);\n if (report.packageName && report.vulnerableVersion) {\n process.stdout.write(`Target: ${report.packageName}@${report.vulnerableVersion}\\n`);\n }\n if (report.installedVersion) {\n process.stdout.write(`Installed version: ${report.installedVersion}\\n`);\n }\n for (const phase of report.validationPhases) {\n process.stdout.write(`Phase ${phase.phase}: ${phase.passed ? \"ok\" : \"failed\"}`);\n if (phase.error) {\n process.stdout.write(` (${phase.error})`);\n }\n process.stdout.write(`\\n`);\n }\n}\n","export function logJson(value: unknown): void {\n process.stdout.write(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nexport function formatCountMap(counts: Record<string, number> | undefined): string | undefined {\n if (!counts) return undefined;\n\n const entries = Object.entries(counts).filter(([, value]) => value > 0);\n if (entries.length === 0) return undefined;\n\n return entries.map(([key, value]) => `${key}=${value}`).join(\", \");\n}\n","export type ScanFormat = \"auto\" | \"npm-audit\" | \"yarn-audit\" | \"sarif\";\n\nexport interface CommandOptions {\n cwd: string;\n packageManager?: \"npm\" | \"pnpm\" | \"yarn\";\n patchesDir?: string;\n dryRun: boolean;\n preview: boolean;\n runTests: boolean;\n json: boolean;\n outputFormat: \"json\" | \"sarif\";\n llmProvider?: \"remote\" | \"local\";\n model?: string;\n modelPersonality?: \"analytical\" | \"pragmatic\" | \"balanced\";\n providerSafetyProfile?: \"strict\" | \"relaxed\";\n requireConsensusForHighRisk: boolean;\n consensusProvider?: \"remote\" | \"local\";\n consensusModel?: string;\n patchConfidenceLow?: number;\n patchConfidenceMedium?: number;\n patchConfidenceHigh?: number;\n dynamicModelRouting: boolean;\n dynamicRoutingThresholdChars?: number;\n requestId?: string;\n sessionId?: string;\n parentRunId?: string;\n idempotencyKey?: string;\n resume: boolean;\n actor?: string;\n source?: \"cli\" | \"sdk\" | \"mcp\" | \"openapi\" | \"unknown\";\n directDependenciesOnly: boolean;\n preferVersionBump: boolean;\n installMode?: \"standard\" | \"prefer-offline\" | \"deterministic\";\n installPreferOffline?: boolean;\n enforceFrozenLockfile?: boolean;\n workspace?: string;\n input?: string;\n audit: boolean;\n format: ScanFormat;\n policy?: string;\n evidence: boolean;\n ci: boolean;\n summaryFile?: string;\n}\n\nexport function isCveId(value: string): boolean {\n return /^CVE-\\d{4}-\\d+$/i.test(value);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAGA,SAAS,qBAAqB;;;ACH9B,SAAS,eAAe;AAExB,SAAS,kBAAkB;;;ACS3B,SAAS,qBAAqB;;;ACXvB,SAAS,QAAQ,OAAsB;AAC5C,UAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAEO,SAAS,eAAe,QAAgE;AAC7F,MAAI,CAAC,OAAQ,QAAO;AAEpB,QAAM,UAAU,OAAO,QAAQ,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,QAAQ,CAAC;AACtE,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,SAAO,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,KAAK,EAAE,EAAE,KAAK,IAAI;AACnE;;;ADIA,SAAS,sBAAsB,QAA2D;AACxF,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ,OAAO,QAAQ,KAAK,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,IACrE,OAAO,QAAQ,KAAK,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,IAC7D,YACA,WACF;AAAA,IACJ,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,QAAQ,CAAC,OAAO,KAAK;AAAA,IACrB,SAAS,CAAC,MAAM;AAAA,IAChB,cAAc,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,WAAW,OAAO,MAAM,EAAE;AAAA,IACjF,aAAa,OAAO,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,EAAE;AAAA,IAClF,QAAQ,CAAC;AAAA,IACT,cAAc,OAAO;AAAA,IACrB,YAAY,OAAO,QAAQ,OAAO,CAAC,WAAW,OAAO,aAAa,YAAY,EAAE;AAAA,IAChF,aAAa,OAAO;AAAA,IACpB,YAAY,OAAO;AAAA,IACnB,aAAa,OAAO;AAAA,EACtB;AACF;AAEA,eAAsB,aAAa,OAAe,MAAqC;AACrF,QAAM,SAAS,MAAM,UAAU,OAAO;AAAA,IACpC,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,OAAO,KAAK;AAAA,IACZ,kBAAkB,KAAK;AAAA,IACvB,uBAAuB,KAAK;AAAA,IAC5B,6BAA6B,KAAK;AAAA,IAClC,mBAAmB,KAAK;AAAA,IACxB,gBAAgB,KAAK;AAAA,IACrB,2BAA2B;AAAA,MACzB,KAAK,OAAO,KAAK,uBAAuB,WAAW,KAAK,qBAAqB;AAAA,MAC7E,QAAQ,OAAO,KAAK,0BAA0B,WAAW,KAAK,wBAAwB;AAAA,MACtF,MAAM,OAAO,KAAK,wBAAwB,WAAW,KAAK,sBAAsB;AAAA,IAClF;AAAA,IACA,qBAAqB,KAAK;AAAA,IAC1B,8BACE,OAAO,KAAK,iCAAiC,WACzC,KAAK,+BACL;AAAA,IACN,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,MACxB,aAAa,KAAK;AAAA,MAClB,sBAAsB,KAAK;AAAA,MAC3B,uBAAuB,KAAK;AAAA,MAC5B,WAAW,KAAK;AAAA,IAClB;AAAA,EACF,CAAC;AAED,QAAM,eAAe,sBAAsB,MAAM;AAEjD,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,YAAY,CAAC;AACnC,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,IACzD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,GAAG,OAAO,OAAO;AAAA,CAAI;AAC1C,UAAQ,OAAO,MAAM,YAAY,OAAO,QAAQ,MAAM;AAAA,CAAI;AAC1D,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AACA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,YAAY,CAAC;AAAA,EACzD;AACF;AAEA,eAAsB,aAAa,WAAmB,MAAqC;AACzF,QAAM,SAAS,MAAM,kBAAkB,WAAW;AAAA,IAChD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,SAAS,KAAK;AAAA,IACd,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,OAAO,KAAK;AAAA,IACZ,kBAAkB,KAAK;AAAA,IACvB,uBAAuB,KAAK;AAAA,IAC5B,6BAA6B,KAAK;AAAA,IAClC,mBAAmB,KAAK;AAAA,IACxB,gBAAgB,KAAK;AAAA,IACrB,2BAA2B;AAAA,MACzB,KAAK,OAAO,KAAK,uBAAuB,WAAW,KAAK,qBAAqB;AAAA,MAC7E,QAAQ,OAAO,KAAK,0BAA0B,WAAW,KAAK,wBAAwB;AAAA,MACtF,MAAM,OAAO,KAAK,wBAAwB,WAAW,KAAK,sBAAsB;AAAA,IAClF;AAAA,IACA,qBAAqB,KAAK;AAAA,IAC1B,8BACE,OAAO,KAAK,iCAAiC,WACzC,KAAK,+BACL;AAAA,IACN,UAAU,KAAK;AAAA,IACf,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK;AAAA,IACrB,QAAQ,KAAK;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,QAAQ,KAAK,UAAU;AAAA,IACvB,aAAa;AAAA,MACX,wBAAwB,KAAK;AAAA,MAC7B,mBAAmB,KAAK;AAAA,MACxB,aAAa,KAAK;AAAA,MAClB,sBAAsB,KAAK;AAAA,MAC3B,uBAAuB,KAAK;AAAA,MAC5B,WAAW,KAAK;AAAA,IAClB;AAAA,EACF,CAAC;AAED,MAAI,KAAK,aAAa;AACpB,UAAM,UAAU,YAAY,MAAM;AAClC,kBAAc,KAAK,aAAa,KAAK,UAAU,SAAS,MAAM,CAAC,IAAI,MAAM,MAAM;AAAA,EACjF;AAEA,MAAI,KAAK,iBAAiB,SAAS;AACjC,YAAQ,cAAc,MAAM,CAAC;AAC7B,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd,QAAI,KAAK,IAAI;AACX,cAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,IACnD;AACA;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,eAAe,OAAO,OAAO,MAAM;AAAA,CAAI;AAC5D,UAAQ,OAAO,MAAM,wBAAwB,OAAO,QAAQ,MAAM;AAAA,CAAI;AACtE,UAAQ,OAAO,MAAM,4BAA4B,OAAO,YAAY;AAAA,CAAI;AACxE,UAAQ,OAAO,MAAM,wBAAwB,OAAO,WAAW;AAAA,CAAI;AACnE,QAAM,iBAAiB,eAAe,OAAO,cAAc;AAC3D,MAAI,gBAAgB;AAClB,YAAQ,OAAO,MAAM,oBAAoB,cAAc;AAAA,CAAI;AAAA,EAC7D;AACA,QAAM,wBAAwB,eAAe,OAAO,qBAAqB;AACzE,MAAI,uBAAuB;AACzB,YAAQ,OAAO,MAAM,4BAA4B,qBAAqB;AAAA,CAAI;AAAA,EAC5E;AACA,QAAM,qBAAqB,eAAe,OAAO,kBAAkB;AACnE,MAAI,oBAAoB;AACtB,YAAQ,OAAO,MAAM,uBAAuB,kBAAkB;AAAA,CAAI;AAAA,EACpE;AACA,MAAI,OAAO,cAAc;AACvB,YAAQ,OAAO,MAAM,aAAa,OAAO,YAAY;AAAA,CAAI;AAAA,EAC3D;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,eAAW,SAAS,OAAO,QAAQ;AACjC,cAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,OAAO;AAAA,CAAI;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,KAAK,IAAI;AACX,YAAQ,WAAW,WAAW,YAAY,MAAM,CAAC;AAAA,EACnD;AACF;AAEA,eAAsB,eAAe,MAA0E;AAC7G,QAAM,UAAU,MAAM,mBAAmB;AAAA,IACvC,KAAK,KAAK;AAAA,IACV,YAAY,KAAK;AAAA,EACnB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,OAAO;AACf;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,oBAAoB,QAAQ,MAAM;AAAA,CAAI;AAC3D,aAAW,SAAS,SAAS;AAC3B,YAAQ,OAAO,MAAM,KAAK,MAAM,aAAa,EAAE;AAC/C,QAAI,MAAM,eAAe,MAAM,mBAAmB;AAChD,cAAQ,OAAO,MAAM,KAAK,MAAM,WAAW,IAAI,MAAM,iBAAiB,GAAG;AAAA,IAC3E;AACA,QAAI,MAAM,eAAe,QAAW;AAClC,cAAQ,OAAO,MAAM,eAAe,MAAM,WAAW,QAAQ,CAAC,CAAC,EAAE;AAAA,IACnE;AACA,QAAI,MAAM,WAAW;AACnB,cAAQ,OAAO,MAAM,SAAS,MAAM,SAAS,EAAE;AAAA,IACjD;AACA,YAAQ,OAAO,MAAM;AAAA,CAAI;AAAA,EAC3B;AACF;AAEA,eAAsB,gBACpB,WACA,MACe;AACf,QAAM,aAAa,MAAM,qBAAqB,WAAW,EAAE,KAAK,KAAK,IAAI,CAAC;AAE1E,MAAI,KAAK,MAAM;AACb,YAAQ,UAAU;AAClB;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,UAAU,WAAW,aAAa;AAAA,CAAI;AAC3D,UAAQ,OAAO,MAAM,WAAW,WAAW,MAAM;AAAA,CAAI;AACrD,UAAQ,OAAO,MAAM,eAAe,WAAW,SAAS;AAAA,CAAI;AAC5D,MAAI,WAAW,eAAe,WAAW,mBAAmB;AAC1D,YAAQ,OAAO,MAAM,WAAW,WAAW,WAAW,IAAI,WAAW,iBAAiB;AAAA,CAAI;AAAA,EAC5F;AACA,MAAI,WAAW,kBAAkB;AAC/B,YAAQ,OAAO,MAAM,aAAa,WAAW,gBAAgB;AAAA,CAAI;AAAA,EACnE;AACA,MAAI,WAAW,OAAO,QAAQ;AAC5B,YAAQ,OAAO,MAAM,UAAU,WAAW,MAAM,KAAK,IAAI,CAAC;AAAA,CAAI;AAAA,EAChE;AACA,MAAI,WAAW,aAAa;AAC1B,YAAQ,OAAO,MAAM,iBAAiB,WAAW,WAAW;AAAA,CAAI;AAAA,EAClE;AACF;AAEA,eAAsB,iBACpB,WACA,MACe;AACf,QAAM,SAAS,MAAM,sBAAsB,WAAW;AAAA,IACpD,KAAK,KAAK;AAAA,IACV,gBAAgB,KAAK;AAAA,EACvB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,YAAQ,MAAM;AACd;AAAA,EACF;AAEA,UAAQ,OAAO,MAAM,UAAU,OAAO,aAAa;AAAA,CAAI;AACvD,UAAQ,OAAO,MAAM,WAAW,OAAO,MAAM;AAAA,CAAI;AACjD,UAAQ,OAAO,MAAM,mBAAmB,OAAO,aAAa;AAAA,CAAI;AAChE,UAAQ,OAAO,MAAM,eAAe,OAAO,SAAS;AAAA,CAAI;AACxD,UAAQ,OAAO,MAAM,mBAAmB,OAAO,aAAa;AAAA,CAAI;AAChE,MAAI,OAAO,eAAe,OAAO,mBAAmB;AAClD,YAAQ,OAAO,MAAM,WAAW,OAAO,WAAW,IAAI,OAAO,iBAAiB;AAAA,CAAI;AAAA,EACpF;AACA,MAAI,OAAO,kBAAkB;AAC3B,YAAQ,OAAO,MAAM,sBAAsB,OAAO,gBAAgB;AAAA,CAAI;AAAA,EACxE;AACA,aAAW,SAAS,OAAO,kBAAkB;AAC3C,YAAQ,OAAO,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,SAAS,OAAO,QAAQ,EAAE;AAC9E,QAAI,MAAM,OAAO;AACf,cAAQ,OAAO,MAAM,KAAK,MAAM,KAAK,GAAG;AAAA,IAC1C;AACA,YAAQ,OAAO,MAAM;AAAA,CAAI;AAAA,EAC3B;AACF;;;AEzPO,SAAS,QAAQ,OAAwB;AAC9C,SAAO,mBAAmB,KAAK,KAAK;AACtC;;;AHvCA,SAAS,iBAAiB,SAAkB,eAAe,OAAgB;AACzE,QAAM,mBAAmB,CAAC,UAA2B,UAAU;AAE/D,UACG,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,aAAa,oBAAoB,QAAQ,KAAK,EACrD,OAAO,aAAa,oBAAoB,SAAS,KAAK,EACtD,OAAO,eAAe,oBAAoB,UAAU,KAAK,EACzD,OAAO,6BAA6B,oBAAoB,WAAW,EACnE,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,iCAAiC,oBAAoB,gBAAgB,EAC5E,OAAO,uCAAuC,oBAAoB,qBAAqB,EACvF,OAAO,qCAAqC,oBAAoB,6BAA6B,KAAK,EAClG,OAAO,mCAAmC,oBAAoB,iBAAiB,EAC/E,OAAO,4BAA4B,oBAAoB,cAAc,EACrE;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,WAAW,KAAK;AAAA,EACrC,EACC;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,WAAW,KAAK;AAAA,EACrC,EACC;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,WAAW,KAAK;AAAA,EACrC,EACC,OAAO,2BAA2B,oBAAoB,qBAAqB,KAAK,EAChF;AAAA,IACC;AAAA,IACA,oBAAoB;AAAA,IACpB,CAAC,UAAkB,SAAS,OAAO,EAAE;AAAA,EACvC,EACC,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,qBAAqB,oBAAoB,SAAS,EACzD,OAAO,wBAAwB,oBAAoB,WAAW,EAC9D,OAAO,2BAA2B,oBAAoB,cAAc,EACpE,OAAO,YAAY,oBAAoB,QAAQ,KAAK,EACpD,OAAO,kBAAkB,oBAAoB,KAAK,EAClD,OAAO,kBAAkB,GAAG,oBAAoB,MAAM,+BAA+B,EACrF,OAAO,8BAA8B,oBAAoB,wBAAwB,KAAK,EACtF,OAAO,yBAAyB,oBAAoB,mBAAmB,KAAK,EAC5E,OAAO,yBAAyB,oBAAoB,WAAW,EAC/D;AAAA,IACC;AAAA,IACA,GAAG,oBAAoB,oBAAoB;AAAA,IAC3C;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA,GAAG,oBAAoB,qBAAqB;AAAA,IAC5C;AAAA,EACF,EACC,OAAO,sBAAsB,oBAAoB,SAAS,EAC1D,OAAO,WAAW,oBAAoB,OAAO,KAAK,EAClD,OAAO,mBAAmB,oBAAoB,MAAM,EACpD,OAAO,cAAc,oBAAoB,UAAU,IAAI,EACvD,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,QAAQ,6DAA6D,KAAK,EACjF,OAAO,4BAA4B,6BAA6B,MAAM,EACtE,OAAO,UAAU,qBAAqB,KAAK;AAE9C,MAAI,cAAc;AAChB,YAAQ,OAAO,kBAAkB,GAAG,oBAAoB,SAAS,uBAAuB;AAAA,EAC1F;AAEA,SAAO;AACT;AAEO,SAAS,gBAAyB;AACvC,QAAM,UAAU,IAAI,QAAQ;AAE5B,UACG,KAAK,gBAAgB,EACrB,YAAY,2DAA2D,EACvE,QAAQ,eAAe,EACvB,mBAAmB;AAEtB;AAAA,IACE,QACG,QAAQ,KAAK,EACb,YAAY,2BAA2B,EACvC,SAAS,WAAW,oBAAoB,KAAK;AAAA,IAChD;AAAA,EACF,EAAE,OAAO,OAAO,OAAe,MAAsB,YAAqB;AACxE,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AACA,UAAM,aAAa,OAAO,MAAM;AAAA,EAClC,CAAC;AAED;AAAA,IACE,QACG,QAAQ,MAAM,EACd,YAAY,mFAAmF,EAC/F,OAAO,kBAAkB,oBAAoB,SAAS,EACtD,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,MAAsB,YAAqB;AACzD,UAAM,SAAS;AAAA,MACb,GAAG;AAAA,MACH,GAAI,QAAQ,gBAAgB;AAAA,IAC9B;AAEA,QAAI,CAAC,OAAO,SAAS,CAAC,OAAO,OAAO;AAClC,YAAM,IAAI,MAAM,uDAAuD;AAAA,IACzE;AACA,UAAM,aAAa,OAAO,SAAS,IAAI,MAAM;AAAA,EAC/C,CAAC;AAED,QAAM,UAAU,QAAQ,QAAQ,SAAS,EAAE,YAAY,6CAA6C;AAEpG,UACG,QAAQ,MAAM,EACd,YAAY,0DAA0D,EACtE,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,wBAAwB,oBAAoB,UAAU,EAC7D,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,MAA2D,YAAqB;AAC7F,UAAM,SAAS;AAAA,MACb,GAAI,QAAQ,gBAAgB;AAAA,MAC5B,GAAG;AAAA,IACL;AACA,UAAM,eAAe,MAAM;AAAA,EAC7B,CAAC;AAEH,UACG,QAAQ,SAAS,EACjB,YAAY,oDAAoD,EAChE,SAAS,eAAe,oCAAoC,EAC5D,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,WAAmB,MAA4C,YAAqB;AACjG,UAAM,SAAS;AAAA,MACb,GAAI,QAAQ,gBAAgB;AAAA,MAC5B,GAAG;AAAA,IACL;AACA,UAAM,gBAAgB,WAAW,MAAM;AAAA,EACzC,CAAC;AAEH,UACG,QAAQ,UAAU,EAClB,YAAY,qFAAqF,EACjG,SAAS,eAAe,qCAAqC,EAC7D,OAAO,gBAAgB,oBAAoB,KAAK,QAAQ,IAAI,CAAC,EAC7D,OAAO,4BAA4B,oBAAoB,cAAc,EACrE,OAAO,UAAU,qBAAqB,KAAK,EAC3C,OAAO,OAAO,WAAmB,MAA+D,YAAqB;AACpH,UAAM,SAAS;AAAA,MACb,GAAI,QAAQ,gBAAgB;AAAA,MAC5B,GAAG;AAAA,IACL;AACA,UAAM,iBAAiB,WAAW,MAAM;AAAA,EAC1C,CAAC;AAEH;AAAA,IACE,QACG,SAAS,YAAY,+CAA+C,EACpE,OAAO,mBAAmB,oBAAoB,QAAQ,MAAM,EAC5D,OAAO,yBAAyB,kDAAkD;AAAA,IACrF;AAAA,EACF,EAAE,OAAO,OAAO,QAA4B,SAAyB;AACnE,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,SAAS,UAAU,IAAI,IAAI;AACnD;AAAA,IACF;AAEA,QAAI,KAAK,OAAO;AACd,YAAM,aAAa,KAAK,OAAO,IAAI;AACnC;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,QAAI,QAAQ,MAAM,GAAG;AACnB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,QAAI,WAAW,MAAM,GAAG;AACtB,YAAM,aAAa,QAAQ,IAAI;AAC/B;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,WAAW,MAAM;AAAA,IACnB;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;AD1MO,SAASA,iBAAyB;AACvC,SAAO,cAAiB;AAC1B;AAEA,eAAe,KAAK,OAAO,QAAQ,MAAqB;AACtD,QAAM,UAAUA,eAAc;AAC9B,QAAM,QAAQ,WAAW,IAAI;AAC/B;AAEA,SAAS,eAAwB;AAC/B,MAAI,CAAC,QAAQ,KAAK,CAAC,EAAG,QAAO;AAC7B,SAAO,cAAc,YAAY,GAAG,MAAM,QAAQ,KAAK,CAAC;AAC1D;AAEA,IAAI,aAAa,GAAG;AAClB,OAAK,EAAE,MAAM,CAAC,UAAU;AACtB,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,OAAO,MAAM,oBAAoB,OAAO;AAAA,CAAI;AACpD,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["createProgram"]}