autoremediator 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,401 @@
1
+ /** A resolved CVE entry with affected npm package info */
2
+ interface CveDetails {
3
+ id: string;
4
+ summary: string;
5
+ severity: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | "UNKNOWN";
6
+ cvssScore?: number;
7
+ epss?: {
8
+ score: number;
9
+ percentile: number;
10
+ date?: string;
11
+ };
12
+ kev?: {
13
+ knownExploited: boolean;
14
+ dateAdded?: string;
15
+ dueDate?: string;
16
+ requiredAction?: string;
17
+ knownRansomwareCampaignUse?: string;
18
+ };
19
+ intelligence?: {
20
+ cveServicesEnriched?: boolean;
21
+ gitlabAdvisoryMatched?: boolean;
22
+ certCcMatched?: boolean;
23
+ depsDevEnrichedPackages?: number;
24
+ scorecardProjects?: number;
25
+ vendorAdvisories?: string[];
26
+ commercialFeeds?: string[];
27
+ sourceHealth?: Record<string, {
28
+ attempted: boolean;
29
+ changed: boolean;
30
+ error?: string;
31
+ }>;
32
+ };
33
+ references: string[];
34
+ affectedPackages: AffectedPackage[];
35
+ }
36
+ /** A single npm package affected by a CVE */
37
+ interface AffectedPackage {
38
+ name: string;
39
+ ecosystem: "npm";
40
+ /** Semver range string for the vulnerable version window, e.g. ">=0.0.0 <4.17.21" */
41
+ vulnerableRange: string;
42
+ /** The first version that is NOT vulnerable (the safe upgrade target) */
43
+ firstPatchedVersion?: string;
44
+ /** Source that provided this entry */
45
+ source: "osv" | "github-advisory";
46
+ }
47
+ /** A package found in the consumer's project */
48
+ interface InventoryPackage {
49
+ name: string;
50
+ version: string;
51
+ /** "direct" = listed in package.json; "indirect" = transitive dep */
52
+ type: "direct" | "indirect";
53
+ }
54
+ /** A package that is both installed and matches a vulnerable range */
55
+ interface VulnerablePackage {
56
+ installed: InventoryPackage;
57
+ affected: AffectedPackage;
58
+ /** The resolved safe upgrade version, if one exists on npm */
59
+ safeUpgradeVersion?: string;
60
+ }
61
+ /** The outcome of a single patch operation */
62
+ type PatchStrategy = "version-bump" | "override" | "patch-file" | "none";
63
+ type DependencyScope = "direct" | "transitive";
64
+ type PatchRiskLevel = "low" | "medium" | "high";
65
+ type PatchConfidenceThresholds = Partial<Record<PatchRiskLevel, number>>;
66
+ type PatchMode = "patch-package" | "native-pnpm" | "native-yarn";
67
+ type PatchValidationPhaseName = "diff-format" | "patch-write" | "manifest-write" | "apply" | "install" | "test" | "drift";
68
+ interface PatchValidationPhase {
69
+ phase: PatchValidationPhaseName;
70
+ passed: boolean;
71
+ message?: string;
72
+ error?: string;
73
+ }
74
+ interface PatchArtifact {
75
+ schemaVersion: "1.0";
76
+ cveId?: string;
77
+ packageName: string;
78
+ vulnerableVersion: string;
79
+ patchFilePath: string;
80
+ manifestFilePath?: string;
81
+ patchFileName: string;
82
+ patchesDir?: string;
83
+ patchMode?: PatchMode;
84
+ confidence?: number;
85
+ riskLevel?: PatchRiskLevel;
86
+ generatedAt: string;
87
+ files?: string[];
88
+ hunkCount?: number;
89
+ applied: boolean;
90
+ dryRun: boolean;
91
+ validationPhases?: PatchValidationPhase[];
92
+ }
93
+ interface PatchArtifactSummary {
94
+ patchFilePath: string;
95
+ manifestFilePath?: string;
96
+ patchFileName: string;
97
+ cveId?: string;
98
+ packageName?: string;
99
+ vulnerableVersion?: string;
100
+ patchMode?: PatchMode;
101
+ confidence?: number;
102
+ riskLevel?: PatchRiskLevel;
103
+ generatedAt?: string;
104
+ files?: string[];
105
+ hunkCount?: number;
106
+ diffValid?: boolean;
107
+ }
108
+ interface PatchArtifactInspection extends PatchArtifactSummary {
109
+ exists: boolean;
110
+ diffValid: boolean;
111
+ formatError?: string;
112
+ patchSizeBytes?: number;
113
+ lineCount?: number;
114
+ manifest?: PatchArtifact;
115
+ }
116
+ interface PatchArtifactValidationReport {
117
+ patchFilePath: string;
118
+ manifestFilePath?: string;
119
+ exists: boolean;
120
+ manifestFound: boolean;
121
+ diffValid: boolean;
122
+ formatError?: string;
123
+ driftDetected: boolean;
124
+ cveId?: string;
125
+ packageName?: string;
126
+ vulnerableVersion?: string;
127
+ installedVersion?: string;
128
+ inventoryMatch?: boolean;
129
+ validationPhases: PatchValidationPhase[];
130
+ }
131
+ interface PatchArtifactQueryOptions {
132
+ cwd?: string;
133
+ patchesDir?: string;
134
+ packageManager?: "npm" | "pnpm" | "yarn";
135
+ }
136
+ type UnresolvedReason = "consensus-failed" | "constraint-blocked" | "indirect-dependency" | "install-failed" | "major-bump-required" | "no-safe-version" | "override-apply-failed" | "package-json-not-found" | "patch-apply-failed" | "patch-confidence-too-low" | "patch-generation-failed" | "patch-validation-failed" | "policy-blocked" | "requires-llm-fallback" | "source-fetch-failed" | "validation-failed";
137
+ type PatchStrategyCounts = Partial<Record<PatchStrategy, number>>;
138
+ type DependencyScopeCounts = Partial<Record<DependencyScope, number>>;
139
+ type UnresolvedReasonCounts = Partial<Record<UnresolvedReason, number>>;
140
+ interface ReachabilityEvidence {
141
+ filePath: string;
142
+ matchType: "import" | "require" | "dynamic-import" | "manifest";
143
+ }
144
+ interface ReachabilityAssessment {
145
+ packageName: string;
146
+ status: "reachable" | "not-reachable" | "unknown";
147
+ reason: string;
148
+ evidence?: ReachabilityEvidence[];
149
+ }
150
+ interface AlternativePackageSuggestion {
151
+ packageName: string;
152
+ reason: string;
153
+ confidence: number;
154
+ source: "npm-search";
155
+ npmUrl?: string;
156
+ description?: string;
157
+ }
158
+ interface FixExplanation {
159
+ title: string;
160
+ summary: string;
161
+ riskSummary?: string;
162
+ reachabilitySummary?: string;
163
+ recommendedAction?: string;
164
+ }
165
+ type ChangeRequestProvider = "github" | "gitlab";
166
+ type ChangeRequestGrouping = "all" | "per-cve" | "per-package";
167
+ interface ChangeRequestOptions {
168
+ enabled?: boolean;
169
+ provider: ChangeRequestProvider;
170
+ grouping?: ChangeRequestGrouping;
171
+ repository?: string;
172
+ baseBranch?: string;
173
+ branchPrefix?: string;
174
+ titlePrefix?: string;
175
+ bodyFooter?: string;
176
+ draft?: boolean;
177
+ pushRemote?: string;
178
+ tokenEnvVar?: string;
179
+ }
180
+ interface ChangeRequestResult {
181
+ provider: ChangeRequestProvider;
182
+ grouping: ChangeRequestGrouping;
183
+ repository?: string;
184
+ branchName: string;
185
+ title: string;
186
+ body: string;
187
+ created: boolean;
188
+ draft?: boolean;
189
+ url?: string;
190
+ cveIds: string[];
191
+ packageNames: string[];
192
+ error?: string;
193
+ }
194
+ interface PatchResult {
195
+ packageName: string;
196
+ strategy: PatchStrategy;
197
+ fromVersion: string;
198
+ toVersion?: string;
199
+ patchFilePath?: string;
200
+ patchArtifact?: PatchArtifact;
201
+ applied: boolean;
202
+ dryRun: boolean;
203
+ message: string;
204
+ dependencyScope?: DependencyScope;
205
+ confidence?: number;
206
+ riskLevel?: PatchRiskLevel;
207
+ unresolvedReason?: UnresolvedReason;
208
+ reachability?: ReachabilityAssessment;
209
+ alternativeSuggestions?: AlternativePackageSuggestion[];
210
+ fixExplanation?: FixExplanation;
211
+ validation?: {
212
+ passed: boolean;
213
+ error?: string;
214
+ };
215
+ validationPhases?: PatchValidationPhase[];
216
+ }
217
+ interface CorrelationContext {
218
+ requestId?: string;
219
+ sessionId?: string;
220
+ parentRunId?: string;
221
+ }
222
+ interface RemediationConstraints {
223
+ directDependenciesOnly?: boolean;
224
+ preferVersionBump?: boolean;
225
+ installMode?: "standard" | "prefer-offline" | "deterministic";
226
+ installPreferOffline?: boolean;
227
+ enforceFrozenLockfile?: boolean;
228
+ workspace?: string;
229
+ }
230
+ type ModelPersonality = "analytical" | "pragmatic" | "balanced";
231
+ type ProviderSafetyProfile = "strict" | "relaxed";
232
+ interface ProgressEvent {
233
+ stage: "pipeline-start" | "model-selected" | "agent-step" | "pipeline-finish" | "patch-fallback" | "patch-consensus";
234
+ detail: string;
235
+ at: string;
236
+ provider?: "remote" | "local";
237
+ model?: string;
238
+ }
239
+ interface LlmUsageMetrics {
240
+ purpose: "orchestration" | "patch-generation" | "patch-consensus";
241
+ provider: "remote" | "local";
242
+ model: string;
243
+ latencyMs?: number;
244
+ promptChars?: number;
245
+ completionChars?: number;
246
+ estimatedCostUsd?: number;
247
+ }
248
+ interface ProvenanceContext {
249
+ actor?: string;
250
+ source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
251
+ }
252
+ /** Top-level options for the remediate() API and CLI */
253
+ interface RemediateOptions extends CorrelationContext {
254
+ /** Working directory of the consumer's project (defaults to process.cwd()) */
255
+ cwd?: string;
256
+ /** Package manager to use (defaults to auto-detect from lockfile) */
257
+ packageManager?: "npm" | "pnpm" | "yarn";
258
+ /** If true, plan and report changes but do not write anything */
259
+ dryRun?: boolean;
260
+ /** If true, run package-manager tests after patching */
261
+ runTests?: boolean;
262
+ /** Override the LLM provider (vendor-neutral surface): remote or local. */
263
+ llmProvider?: "remote" | "local";
264
+ /** Override the model name */
265
+ model?: string;
266
+ /** Prompt behavior profile for model-guided orchestration and patch generation. */
267
+ modelPersonality?: ModelPersonality;
268
+ /** Safety posture for confidence and high-risk patch behavior. */
269
+ providerSafetyProfile?: ProviderSafetyProfile;
270
+ /** Require a second-provider agreement for high-risk generated patches. */
271
+ requireConsensusForHighRisk?: boolean;
272
+ /** Override provider used for high-risk consensus verification. */
273
+ consensusProvider?: "remote" | "local";
274
+ /** Override model used for high-risk consensus verification. */
275
+ consensusModel?: string;
276
+ /** Optional per-risk confidence thresholds used for patch acceptance. */
277
+ patchConfidenceThresholds?: PatchConfidenceThresholds;
278
+ /** Enable provider-specific dynamic model routing by prompt/input size. */
279
+ dynamicModelRouting?: boolean;
280
+ /** Input-size threshold used by dynamic model routing when enabled. */
281
+ dynamicRoutingThresholdChars?: number;
282
+ /** Optional SDK callback for progress events during remediation execution. */
283
+ onProgress?: (event: ProgressEvent) => void;
284
+ /** Optional path to a policy file (.autoremediator.json) */
285
+ policy?: string;
286
+ /** If false, do not write evidence JSON for this run (default: true). */
287
+ evidence?: boolean;
288
+ /** Directory to write .patch files (default: ./patches) */
289
+ patchesDir?: string;
290
+ /** If true, run a non-mutating remediation preview (forces dryRun behavior for mutation tools). */
291
+ preview?: boolean;
292
+ /** Optional deterministic idempotency key for request replay handling. */
293
+ idempotencyKey?: string;
294
+ /** If true, return cached report for matching idempotency key + CVE when available. */
295
+ resume?: boolean;
296
+ /** Optional caller provenance fields for evidence and reporting. */
297
+ actor?: string;
298
+ source?: "cli" | "sdk" | "mcp" | "openapi" | "unknown";
299
+ /** Optional orchestration constraints for result enforcement. */
300
+ constraints?: RemediationConstraints;
301
+ /** Optional native pull request / merge request creation controls. */
302
+ changeRequest?: ChangeRequestOptions;
303
+ }
304
+ /** Final report returned by the remediation pipeline */
305
+ interface RemediationReport {
306
+ cveId: string;
307
+ cveDetails: CveDetails | null;
308
+ vulnerablePackages: VulnerablePackage[];
309
+ results: PatchResult[];
310
+ agentSteps: number;
311
+ summary: string;
312
+ evidenceFile?: string;
313
+ correlation?: CorrelationContext;
314
+ provenance?: ProvenanceContext;
315
+ constraints?: RemediationConstraints;
316
+ resumedFromCache?: boolean;
317
+ llmUsage?: LlmUsageMetrics[];
318
+ changeRequests?: ChangeRequestResult[];
319
+ }
320
+
321
+ type ScanInputFormat = "npm-audit" | "yarn-audit" | "sarif" | "auto";
322
+
323
+ interface ScanOptions extends RemediateOptions {
324
+ format?: ScanInputFormat;
325
+ policy?: string;
326
+ audit?: boolean;
327
+ }
328
+ interface ScanReport {
329
+ schemaVersion: "1.0";
330
+ status: "ok" | "partial" | "failed";
331
+ generatedAt: string;
332
+ cveIds: string[];
333
+ reports: RemediationReport[];
334
+ successCount: number;
335
+ failedCount: number;
336
+ errors: Array<{
337
+ cveId: string;
338
+ message: string;
339
+ }>;
340
+ evidenceFile?: string;
341
+ patchCount: number;
342
+ patchValidationFailures?: Array<{
343
+ packageName: string;
344
+ cveId: string;
345
+ error: string;
346
+ }>;
347
+ strategyCounts?: PatchStrategyCounts;
348
+ dependencyScopeCounts?: DependencyScopeCounts;
349
+ unresolvedByReason?: UnresolvedReasonCounts;
350
+ patchesDir?: string;
351
+ correlation?: CorrelationContext;
352
+ provenance?: ProvenanceContext;
353
+ constraints?: RemediationConstraints;
354
+ idempotencyKey?: string;
355
+ llmUsageCount?: number;
356
+ estimatedCostUsd?: number;
357
+ totalLlmLatencyMs?: number;
358
+ }
359
+ interface CiSummary {
360
+ schemaVersion: "1.0";
361
+ status: "ok" | "partial" | "failed";
362
+ generatedAt: string;
363
+ cveCount: number;
364
+ remediationCount: number;
365
+ successCount: number;
366
+ failedCount: number;
367
+ errors: Array<{
368
+ cveId: string;
369
+ message: string;
370
+ }>;
371
+ evidenceFile?: string;
372
+ patchCount?: number;
373
+ patchValidationFailures?: Array<{
374
+ packageName: string;
375
+ cveId: string;
376
+ error: string;
377
+ }>;
378
+ strategyCounts?: PatchStrategyCounts;
379
+ dependencyScopeCounts?: DependencyScopeCounts;
380
+ unresolvedByReason?: UnresolvedReasonCounts;
381
+ patchesDir?: string;
382
+ correlation?: CorrelationContext;
383
+ provenance?: ProvenanceContext;
384
+ constraints?: RemediationConstraints;
385
+ idempotencyKey?: string;
386
+ llmUsageCount?: number;
387
+ estimatedCostUsd?: number;
388
+ totalLlmLatencyMs?: number;
389
+ }
390
+
391
+ declare function listPatchArtifacts(options?: PatchArtifactQueryOptions): Promise<PatchArtifactSummary[]>;
392
+ declare function inspectPatchArtifact(patchFilePath: string, options?: PatchArtifactQueryOptions): Promise<PatchArtifactInspection>;
393
+
394
+ declare function validatePatchArtifact(patchFilePath: string, options?: PatchArtifactQueryOptions): Promise<PatchArtifactValidationReport>;
395
+
396
+ declare function remediate(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
397
+ declare function planRemediation(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
398
+
399
+ declare function remediateFromScan(inputPath: string, options?: ScanOptions): Promise<ScanReport>;
400
+
401
+ export { type AffectedPackage as A, remediate as B, type CiSummary as C, type DependencyScope as D, remediateFromScan as E, validatePatchArtifact as F, type InventoryPackage as I, type LlmUsageMetrics as L, type ModelPersonality as M, type PatchArtifact as P, type RemediateOptions as R, type ScanReport as S, type UnresolvedReason as U, type VulnerablePackage as V, type CorrelationContext as a, type CveDetails as b, type DependencyScopeCounts as c, type PatchArtifactInspection as d, type PatchArtifactQueryOptions as e, type PatchArtifactSummary as f, type PatchArtifactValidationReport as g, type PatchConfidenceThresholds as h, type PatchMode as i, type PatchResult as j, type PatchRiskLevel as k, type PatchStrategy as l, type PatchStrategyCounts as m, type PatchValidationPhase as n, type PatchValidationPhaseName as o, type ProgressEvent as p, type ProvenanceContext as q, type ProviderSafetyProfile as r, type RemediationConstraints as s, type RemediationReport as t, type ScanInputFormat as u, type ScanOptions as v, type UnresolvedReasonCounts as w, inspectPatchArtifact as x, listPatchArtifacts as y, planRemediation as z };
package/dist/index.d.ts CHANGED
@@ -1,8 +1,6 @@
1
- import { R as RemediateOptions, a as RemediationReport, C as CiSummary, S as ScanReport } from './remediate-from-scan-C-E7gqxF.js';
2
- export { A as AffectedPackage, b as CorrelationContext, c as CveDetails, D as DependencyScope, d as DependencyScopeCounts, I as InventoryPackage, P as PatchResult, e as PatchStrategy, f as PatchStrategyCounts, g as ProvenanceContext, h as RemediationConstraints, i as ScanInputFormat, j as ScanOptions, U as UnresolvedReason, k as UnresolvedReasonCounts, V as VulnerablePackage, p as planRemediation, r as remediate, l as remediateFromScan } from './remediate-from-scan-C-E7gqxF.js';
3
- export { L as LLM_PROVIDER_VALUES, O as OPTION_DESCRIPTIONS, P as PACKAGE_MANAGER_VALUES, a as PROVENANCE_SOURCE_VALUES, c as createConstraintSchemaProperties, b as createRemediateOptionSchemaProperties, d as createScanOptionSchemaProperties, e as createScanReportSchemaProperties } from './options-schema-DfLBOsPI.js';
4
-
5
- declare function runRemediationPipeline(cveId: string, options?: RemediateOptions): Promise<RemediationReport>;
1
+ import { C as CiSummary, S as ScanReport } from './index-Di8lB6CG.js';
2
+ export { A as AffectedPackage, a as CorrelationContext, b as CveDetails, D as DependencyScope, c as DependencyScopeCounts, I as InventoryPackage, L as LlmUsageMetrics, M as ModelPersonality, P as PatchArtifact, d as PatchArtifactInspection, e as PatchArtifactQueryOptions, f as PatchArtifactSummary, g as PatchArtifactValidationReport, h as PatchConfidenceThresholds, i as PatchMode, j as PatchResult, k as PatchRiskLevel, l as PatchStrategy, m as PatchStrategyCounts, n as PatchValidationPhase, o as PatchValidationPhaseName, p as ProgressEvent, q as ProvenanceContext, r as ProviderSafetyProfile, R as RemediateOptions, s as RemediationConstraints, t as RemediationReport, u as ScanInputFormat, v as ScanOptions, U as UnresolvedReason, w as UnresolvedReasonCounts, V as VulnerablePackage, x as inspectPatchArtifact, y as listPatchArtifacts, z as planRemediation, B as remediate, E as remediateFromScan, F as validatePatchArtifact } from './index-Di8lB6CG.js';
3
+ export { L as LLM_PROVIDER_VALUES, O as OPTION_DESCRIPTIONS, P as PACKAGE_MANAGER_VALUES, a as PROVENANCE_SOURCE_VALUES, c as createConstraintSchemaProperties, b as createRemediateOptionSchemaProperties, d as createScanOptionSchemaProperties, e as createScanReportSchemaProperties } from './options-schema-CH5GjZY1.js';
6
4
 
7
5
  declare function toCiSummary(report: ScanReport): CiSummary;
8
6
  declare function ciExitCode(summary: CiSummary): number;
@@ -56,4 +54,4 @@ interface SarifOutput {
56
54
  }
57
55
  declare function toSarifOutput(report: ScanReport): SarifOutput;
58
56
 
59
- export { CiSummary, RemediateOptions, RemediationReport, type SarifOutput, ScanReport, ciExitCode, runRemediationPipeline, toCiSummary, toSarifOutput };
57
+ export { CiSummary, type SarifOutput, ScanReport, ciExitCode, toCiSummary, toSarifOutput };
package/dist/index.js CHANGED
@@ -8,13 +8,15 @@ import {
8
8
  createRemediateOptionSchemaProperties,
9
9
  createScanOptionSchemaProperties,
10
10
  createScanReportSchemaProperties,
11
+ inspectPatchArtifact,
12
+ listPatchArtifacts,
11
13
  planRemediation,
12
14
  remediate,
13
15
  remediateFromScan,
14
- runRemediationPipeline,
15
16
  toCiSummary,
16
- toSarifOutput
17
- } from "./chunk-MUFP2DQX.js";
17
+ toSarifOutput,
18
+ validatePatchArtifact
19
+ } from "./chunk-EDPCMRUW.js";
18
20
  export {
19
21
  LLM_PROVIDER_VALUES,
20
22
  OPTION_DESCRIPTIONS,
@@ -25,11 +27,13 @@ export {
25
27
  createRemediateOptionSchemaProperties,
26
28
  createScanOptionSchemaProperties,
27
29
  createScanReportSchemaProperties,
30
+ inspectPatchArtifact,
31
+ listPatchArtifacts,
28
32
  planRemediation,
29
33
  remediate,
30
34
  remediateFromScan,
31
- runRemediationPipeline,
32
35
  toCiSummary,
33
- toSarifOutput
36
+ toSarifOutput,
37
+ validatePatchArtifact
34
38
  };
35
39
  //# sourceMappingURL=index.js.map
@@ -1,12 +1,12 @@
1
1
  #!/usr/bin/env node
2
2
  import { Server } from '@modelcontextprotocol/sdk/server/index.js';
3
- import { r as remediate, p as planRemediation, l as remediateFromScan } from '../remediate-from-scan-C-E7gqxF.js';
3
+ import { B as remediate, z as planRemediation, E as remediateFromScan, y as listPatchArtifacts, x as inspectPatchArtifact, F as validatePatchArtifact } from '../index-Di8lB6CG.js';
4
4
 
5
5
  /**
6
6
  * autoremediator MCP server
7
7
  *
8
8
  * Exposes all autoremediator tools via the Model Context Protocol so LLM hosts
9
- * (Claude Desktop, Cursor, Copilot, etc.) can invoke them directly.
9
+ * and compatible agent hosts can invoke them directly.
10
10
  *
11
11
  * Start: autoremediator-mcp (stdio transport)
12
12
  */
@@ -15,6 +15,9 @@ interface McpApiDeps {
15
15
  remediateFn: typeof remediate;
16
16
  planRemediationFn: typeof planRemediation;
17
17
  remediateFromScanFn: typeof remediateFromScan;
18
+ listPatchArtifactsFn: typeof listPatchArtifacts;
19
+ inspectPatchArtifactFn: typeof inspectPatchArtifact;
20
+ validatePatchArtifactFn: typeof validatePatchArtifact;
18
21
  }
19
22
  declare const TOOLS: ({
20
23
  name: string;
@@ -27,6 +30,8 @@ declare const TOOLS: ({
27
30
  type: string;
28
31
  description: "CVE ID, e.g. CVE-2021-23337";
29
32
  };
33
+ patchFilePath?: undefined;
34
+ cwd?: undefined;
30
35
  };
31
36
  };
32
37
  } | {
@@ -40,6 +45,74 @@ declare const TOOLS: ({
40
45
  type: string;
41
46
  description: "Absolute path to the scanner output file";
42
47
  };
48
+ patchFilePath?: undefined;
49
+ cwd?: undefined;
50
+ };
51
+ };
52
+ } | {
53
+ name: string;
54
+ description: string;
55
+ inputSchema: {
56
+ type: string;
57
+ properties: {
58
+ cwd: {
59
+ readonly type: "string";
60
+ readonly description: "Absolute path to the project root (default: process.cwd())";
61
+ };
62
+ patchesDir: {
63
+ readonly type: "string";
64
+ readonly description: "Directory to write .patch files (default: ./patches)";
65
+ };
66
+ packageManager: {
67
+ readonly type: "string";
68
+ readonly enum: readonly ["npm", "pnpm", "yarn"];
69
+ readonly description: "Package manager override (auto-detected by default)";
70
+ };
71
+ patchFilePath?: undefined;
72
+ };
73
+ required?: undefined;
74
+ };
75
+ } | {
76
+ name: string;
77
+ description: string;
78
+ inputSchema: {
79
+ type: string;
80
+ required: string[];
81
+ properties: {
82
+ patchFilePath: {
83
+ type: string;
84
+ description: string;
85
+ };
86
+ cwd: {
87
+ readonly type: "string";
88
+ readonly description: "Absolute path to the project root (default: process.cwd())";
89
+ };
90
+ };
91
+ };
92
+ } | {
93
+ name: string;
94
+ description: string;
95
+ inputSchema: {
96
+ type: string;
97
+ required: string[];
98
+ properties: {
99
+ cwd: {
100
+ readonly type: "string";
101
+ readonly description: "Absolute path to the project root (default: process.cwd())";
102
+ };
103
+ patchesDir: {
104
+ readonly type: "string";
105
+ readonly description: "Directory to write .patch files (default: ./patches)";
106
+ };
107
+ packageManager: {
108
+ readonly type: "string";
109
+ readonly enum: readonly ["npm", "pnpm", "yarn"];
110
+ readonly description: "Package manager override (auto-detected by default)";
111
+ };
112
+ patchFilePath: {
113
+ type: string;
114
+ description: string;
115
+ };
43
116
  };
44
117
  };
45
118
  })[];
@@ -6,10 +6,13 @@ import {
6
6
  OPTION_DESCRIPTIONS,
7
7
  createRemediateOptionSchemaProperties,
8
8
  createScanOptionSchemaProperties,
9
+ inspectPatchArtifact,
10
+ listPatchArtifacts,
9
11
  planRemediation,
10
12
  remediate,
11
- remediateFromScan
12
- } from "../chunk-MUFP2DQX.js";
13
+ remediateFromScan,
14
+ validatePatchArtifact
15
+ } from "../chunk-EDPCMRUW.js";
13
16
 
14
17
  // src/mcp/server.ts
15
18
  import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -19,10 +22,22 @@ import {
19
22
  ListToolsRequestSchema
20
23
  } from "@modelcontextprotocol/sdk/types.js";
21
24
  import { fileURLToPath } from "url";
25
+ var PATCH_ARTIFACT_SCHEMA_PROPERTIES = {
26
+ cwd: { type: "string", description: OPTION_DESCRIPTIONS.cwd },
27
+ patchesDir: { type: "string", description: OPTION_DESCRIPTIONS.patchesDir },
28
+ packageManager: {
29
+ type: "string",
30
+ enum: ["npm", "pnpm", "yarn"],
31
+ description: OPTION_DESCRIPTIONS.packageManager
32
+ }
33
+ };
22
34
  var defaultDeps = {
23
35
  remediateFn: remediate,
24
36
  planRemediationFn: planRemediation,
25
- remediateFromScanFn: remediateFromScan
37
+ remediateFromScanFn: remediateFromScan,
38
+ listPatchArtifactsFn: listPatchArtifacts,
39
+ inspectPatchArtifactFn: inspectPatchArtifact,
40
+ validatePatchArtifactFn: validatePatchArtifact
26
41
  };
27
42
  function createBaseServer() {
28
43
  return new Server(
@@ -66,6 +81,40 @@ var TOOLS = [
66
81
  ...createScanOptionSchemaProperties()
67
82
  }
68
83
  }
84
+ },
85
+ {
86
+ name: "listPatchArtifacts",
87
+ description: "List stored patch artifacts in the configured patches directory. Returns patch summaries with manifest metadata when available.",
88
+ inputSchema: {
89
+ type: "object",
90
+ properties: {
91
+ ...PATCH_ARTIFACT_SCHEMA_PROPERTIES
92
+ }
93
+ }
94
+ },
95
+ {
96
+ name: "inspectPatchArtifact",
97
+ description: "Inspect a stored .patch file and its optional manifest metadata.",
98
+ inputSchema: {
99
+ type: "object",
100
+ required: ["patchFilePath"],
101
+ properties: {
102
+ patchFilePath: { type: "string", description: "Path to the .patch file" },
103
+ cwd: PATCH_ARTIFACT_SCHEMA_PROPERTIES.cwd
104
+ }
105
+ }
106
+ },
107
+ {
108
+ name: "validatePatchArtifact",
109
+ description: "Validate a stored patch artifact against its manifest and the current dependency inventory.",
110
+ inputSchema: {
111
+ type: "object",
112
+ required: ["patchFilePath"],
113
+ properties: {
114
+ patchFilePath: { type: "string", description: "Path to the .patch file" },
115
+ ...PATCH_ARTIFACT_SCHEMA_PROPERTIES
116
+ }
117
+ }
69
118
  }
70
119
  ];
71
120
  async function handleToolCall(name, args = {}, deps = defaultDeps) {
@@ -89,6 +138,26 @@ async function handleToolCall(name, args = {}, deps = defaultDeps) {
89
138
  const report = await deps.remediateFromScanFn(inputPath, withMcpSource(options));
90
139
  return { content: [{ type: "text", text: JSON.stringify(report, null, 2) }] };
91
140
  }
141
+ if (name === "listPatchArtifacts") {
142
+ const report = await deps.listPatchArtifactsFn(args);
143
+ return { content: [{ type: "text", text: JSON.stringify(report, null, 2) }] };
144
+ }
145
+ if (name === "inspectPatchArtifact") {
146
+ const { patchFilePath, ...options } = args;
147
+ const report = await deps.inspectPatchArtifactFn(
148
+ patchFilePath,
149
+ options
150
+ );
151
+ return { content: [{ type: "text", text: JSON.stringify(report, null, 2) }] };
152
+ }
153
+ if (name === "validatePatchArtifact") {
154
+ const { patchFilePath, ...options } = args;
155
+ const report = await deps.validatePatchArtifactFn(
156
+ patchFilePath,
157
+ options
158
+ );
159
+ return { content: [{ type: "text", text: JSON.stringify(report, null, 2) }] };
160
+ }
92
161
  return {
93
162
  content: [{ type: "text", text: `Unknown tool: ${name}` }],
94
163
  isError: true