code-provenance 0.1.0

package/README.md

@@ -0,0 +1,99 @@
+# code-provenance
+
+Resolve Docker images in a docker-compose file to their exact source code commits on GitHub.
+
+## Installation
+
+```bash
+npm install code-provenance
+```
+
+Requires Node.js 20+.
+
+## CLI Usage
+
+```bash
+npx code-provenance [compose-file] [--json] [--verbose]
+```
+
+- `compose-file` -- path to a docker-compose file (default: `docker-compose.yml`)
+- `--json` -- output results as JSON
+- `--verbose`, `-v` -- show resolution steps for each image
+
+### Example
+
+```bash
+npx code-provenance docker-compose.yml
+```
+
+```
+┌─────────┬────────────────┬────────────────────────────┬──────────────┬──────────┬────────────┐
+│ SERVICE │ IMAGE          │ REPO                       │ COMMIT       │ STATUS   │ CONFIDENCE │
+├─────────┼────────────────┼────────────────────────────┼──────────────┼──────────┼────────────┤
+│ web     │ traefik:v3.6.0 │ github.com/traefik/traefik │ 06db5168c0d9 │ resolved │ exact      │
+└─────────┴────────────────┴────────────────────────────┴──────────────┴──────────┴────────────┘
+```
+
+## Library Usage
+
+```typescript
+import { readFileSync } from "node:fs";
+import { parseCompose, parseImageRef, resolveImage } from "code-provenance";
+
+const yaml = readFileSync("docker-compose.yml", "utf-8");
+for (const [service, image] of parseCompose(yaml)) {
+  const ref = parseImageRef(image);
+  const result = await resolveImage(service, ref);
+  console.log(`${result.service}: ${result.commit} (${result.confidence})`);
+}
+```
+
+## API Reference
+
+### Exports
+
+- `parseCompose(yaml: string): [string, string][]` -- parse a docker-compose YAML string and return `[serviceName, imageString]` pairs
+- `parseImageRef(image: string): ImageRef` -- parse a Docker image string into its components
+- `resolveImage(service: string, ref: ImageRef): Promise<ImageResult>` -- resolve an image reference to its source code commit
+- `formatTable(results: ImageResult[]): string` -- format results as a table
+- `formatJson(results: ImageResult[]): string` -- format results as JSON
+
+### ImageRef
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `registry` | `string` | e.g. `"ghcr.io"`, `"docker.io"` |
+| `namespace` | `string` | e.g. `"myorg"`, `"library"` |
+| `name` | `string` | e.g. `"traefik"`, `"postgres"` |
+| `tag` | `string` | e.g. `"v3.6.0"`, `"latest"` |
+| `raw` | `string` | original image string from docker-compose |
+
+### ImageResult
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `service` | `string` | service name from docker-compose |
+| `image` | `string` | original image string |
+| `registry` | `string` | image registry |
+| `repo` | `string \| null` | GitHub repository URL |
+| `tag` | `string` | image tag |
+| `commit` | `string \| null` | resolved commit SHA |
+| `commit_url` | `string \| null` | URL to the commit on GitHub |
+| `status` | `string` | `"resolved"`, `"repo_not_found"`, `"repo_found_tag_not_matched"`, or `"no_tag"` |
+| `resolution_method` | `string \| null` | how the commit was resolved (e.g. `"oci_labels"`, `"tag_match"`) |
+| `confidence` | `string \| null` | `"exact"` or `"approximate"` |
+| `steps` | `string[]` | resolution steps taken (useful with `--verbose`) |
+
+## Authentication
+
+Set `GITHUB_TOKEN` for full functionality (digest resolution, `:latest` on GHCR, higher rate limits):
+
+```bash
+export GITHUB_TOKEN=ghp_your_token_here
+```
+
+Create a classic token at https://github.com/settings/tokens with `read:packages` scope.
+
+## License
+
+MIT

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+import { readFileSync } from "node:fs";
+import { existsSync } from "node:fs";
+import { parseCompose, parseImageRef } from "./composeParser.js";
+import { resolveImage } from "./resolver.js";
+import { formatJson, formatTable } from "./output.js";
+function printHelp() {
+    console.log(`usage: code-provenance [-h] [--json] [compose_file]
+
+Resolve Docker images to their source code commits on GitHub.
+
+positional arguments:
+  compose_file  Path to docker-compose file (default: docker-compose.yml)
+
+options:
+  -h, --help       show this help message and exit
+  --json           Output results as JSON
+  -v, --verbose    Show resolution steps`);
+}
+async function main() {
+    const args = process.argv.slice(2);
+    if (args.includes("-h") || args.includes("--help")) {
+        printHelp();
+        return 0;
+    }
+    const jsonOutput = args.includes("--json");
+    const verbose = args.includes("--verbose") || args.includes("-v");
+    const positionalArgs = args.filter((a) => a !== "--json" && a !== "--verbose" && a !== "-v");
+    const composeFile = positionalArgs[0] || "docker-compose.yml";
+    if (!existsSync(composeFile)) {
+        console.error(`Error: ${composeFile} not found`);
+        return 1;
+    }
+    const yamlContent = readFileSync(composeFile, "utf-8");
+    const services = parseCompose(yamlContent);
+    if (services.length === 0) {
+        console.error("No services with images found.");
+        return 0;
+    }
+    // Resolve all images in parallel
+    const results = await Promise.all(services.map(([serviceName, imageString]) => {
+        const ref = parseImageRef(imageString);
+        return resolveImage(serviceName, ref);
+    }));
+    if (verbose) {
+        for (const r of results) {
+            console.error(`\nResolving ${r.image} ...`);
+            for (const step of r.steps) {
+                console.error(`  ${step}`);
+            }
+            console.error(`  → ${r.status}` +
+                (r.status === "resolved"
+                    ? ` (${r.resolution_method}, ${r.confidence})`
+                    : ""));
+        }
+        console.error();
+    }
+    if (jsonOutput) {
+        console.log(formatJson(results));
+    }
+    else {
+        console.log(formatTable(results));
+    }
+    return 0;
+}
+main()
+    .then((code) => process.exit(code))
+    .catch((err) => {
+    console.error(err);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEtD,SAAS,SAAS;IAChB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;yCAU2B,CAAC,CAAC;AAC3C,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;IAC7F,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,oBAAoB,CAAC;IAE9D,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,KAAK,CAAC,UAAU,WAAW,YAAY,CAAC,CAAC;QACjD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,WAAW,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAE3C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAChD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,iCAAiC;IACjC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE;QAC1C,MAAM,GAAG,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;QACvC,OAAO,YAAY,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YAC5C,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YAC7B,CAAC;YACD,OAAO,CAAC,KAAK,CACX,OAAO,CAAC,CAAC,MAAM,EAAE;gBACf,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU;oBACtB,CAAC,CAAC,KAAK,CAAC,CAAC,iBAAiB,KAAK,CAAC,CAAC,UAAU,GAAG;oBAC9C,CAAC,CAAC,EAAE,CAAC,CACV,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,IAAI,EAAE;KACH,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KAClC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/composeParser.d.ts

@@ -0,0 +1,9 @@
+import type { ImageRef } from "./types.js";
+/**
+ * Parse a Docker image string into an ImageRef.
+ */
+export declare function parseImageRef(imageString: string): ImageRef;
+/**
+ * Parse docker-compose YAML and return list of [serviceName, imageString] pairs.
+ */
+export declare function parseCompose(yamlContent: string): [string, string][];

package/dist/composeParser.js

@@ -0,0 +1,72 @@
+import YAML from "yaml";
+/**
+ * Parse a Docker image string into an ImageRef.
+ */
+export function parseImageRef(imageString) {
+    const raw = imageString;
+    let tag;
+    let namePart;
+    // Handle digest references (image@sha256:...)
+    if (imageString.includes("@")) {
+        const atIdx = imageString.indexOf("@");
+        namePart = imageString.slice(0, atIdx);
+        tag = imageString.slice(atIdx + 1);
+    }
+    else {
+        const lastSegment = imageString.split("/").pop();
+        if (lastSegment.includes(":")) {
+            const colonPos = imageString.lastIndexOf(":");
+            tag = imageString.slice(colonPos + 1);
+            namePart = imageString.slice(0, colonPos);
+        }
+        else {
+            tag = "latest";
+            namePart = imageString;
+        }
+    }
+    // Determine registry
+    const parts = namePart.split("/");
+    let registry;
+    let remaining;
+    if (parts.length >= 2 && (parts[0].includes(".") || parts[0].includes(":"))) {
+        registry = parts[0];
+        remaining = parts.slice(1);
+    }
+    else {
+        registry = "docker.io";
+        remaining = parts;
+    }
+    // Determine namespace and name
+    let namespace;
+    let name;
+    if (remaining.length === 1) {
+        namespace = "library";
+        name = remaining[0];
+    }
+    else if (remaining.length === 2) {
+        namespace = remaining[0];
+        name = remaining[1];
+    }
+    else {
+        namespace = remaining[0];
+        name = remaining.slice(1).join("/");
+    }
+    return { registry, namespace, name, tag, raw };
+}
+/**
+ * Parse docker-compose YAML and return list of [serviceName, imageString] pairs.
+ */
+export function parseCompose(yamlContent) {
+    const data = YAML.parse(yamlContent);
+    const services = data?.services ?? {};
+    const results = [];
+    for (const [serviceName, serviceConfig] of Object.entries(services)) {
+        if (serviceConfig !== null &&
+            typeof serviceConfig === "object" &&
+            "image" in serviceConfig) {
+            results.push([serviceName, serviceConfig.image]);
+        }
+    }
+    return results;
+}
+//# sourceMappingURL=composeParser.js.map

package/dist/composeParser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"composeParser.js","sourceRoot":"","sources":["../src/composeParser.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAGxB;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,MAAM,GAAG,GAAG,WAAW,CAAC;IACxB,IAAI,GAAW,CAAC;IAChB,IAAI,QAAgB,CAAC;IAErB,8CAA8C;IAC9C,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACvC,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC;QAClD,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAC9C,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;YACtC,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,QAAQ,CAAC;YACf,QAAQ,GAAG,WAAW,CAAC;QACzB,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAgB,CAAC;IACrB,IAAI,SAAmB,CAAC;IAExB,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAC5E,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACpB,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,WAAW,CAAC;QACvB,SAAS,GAAG,KAAK,CAAC;IACpB,CAAC;IAED,+BAA+B;IAC/B,IAAI,SAAiB,CAAC;IACtB,IAAI,IAAY,CAAC;IAEjB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,SAAS,GAAG,SAAS,CAAC;QACtB,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;SAAM,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,WAAmB;IAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;IACtC,MAAM,OAAO,GAAuB,EAAE,CAAC;IAEvC,KAAK,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,IACE,aAAa,KAAK,IAAI;YACtB,OAAO,aAAa,KAAK,QAAQ;YACjC,OAAO,IAAK,aAAyC,EACrD,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAG,aAAyC,CAAC,KAAe,CAAC,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/composeParser.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/composeParser.test.js

@@ -0,0 +1,65 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { parseImageRef, parseCompose } from "./composeParser.js";
+describe("parseImageRef", () => {
+    it("parses ghcr with tag", () => {
+        const ref = parseImageRef("ghcr.io/excalidraw/excalidraw:v0.17.3");
+        assert.equal(ref.registry, "ghcr.io");
+        assert.equal(ref.namespace, "excalidraw");
+        assert.equal(ref.name, "excalidraw");
+        assert.equal(ref.tag, "v0.17.3");
+    });
+    it("parses docker hub official image", () => {
+        const ref = parseImageRef("postgres:16");
+        assert.equal(ref.registry, "docker.io");
+        assert.equal(ref.namespace, "library");
+        assert.equal(ref.name, "postgres");
+        assert.equal(ref.tag, "16");
+    });
+    it("parses docker hub namespaced image", () => {
+        const ref = parseImageRef("traefik/whoami:v1.10.3");
+        assert.equal(ref.registry, "docker.io");
+        assert.equal(ref.namespace, "traefik");
+        assert.equal(ref.name, "whoami");
+        assert.equal(ref.tag, "v1.10.3");
+    });
+    it("defaults to latest when no tag", () => {
+        const ref = parseImageRef("nginx");
+        assert.equal(ref.registry, "docker.io");
+        assert.equal(ref.namespace, "library");
+        assert.equal(ref.name, "nginx");
+        assert.equal(ref.tag, "latest");
+    });
+    it("handles digest reference", () => {
+        const ref = parseImageRef("ghcr.io/org/app@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890");
+        assert.equal(ref.registry, "ghcr.io");
+        assert.equal(ref.namespace, "org");
+        assert.equal(ref.name, "app");
+        assert.equal(ref.tag, "sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890");
+    });
+});
+describe("parseCompose", () => {
+    it("extracts services with image field", () => {
+        const yaml = `
+services:
+  web:
+    image: nginx:latest
+  api:
+    build: .
+  db:
+    image: postgres:16
+`;
+        const result = parseCompose(yaml);
+        assert.equal(result.length, 2);
+        assert.deepEqual(result[0], ["web", "nginx:latest"]);
+        assert.deepEqual(result[1], ["db", "postgres:16"]);
+    });
+    it("handles empty services", () => {
+        const yaml = `
+services: {}
+`;
+        const result = parseCompose(yaml);
+        assert.equal(result.length, 0);
+    });
+});
+//# sourceMappingURL=composeParser.test.js.map

package/dist/composeParser.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"composeParser.test.js","sourceRoot":"","sources":["../src/composeParser.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEjE,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,GAAG,GAAG,aAAa,CAAC,uCAAuC,CAAC,CAAC;QACnE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,GAAG,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,GAAG,GAAG,aAAa,CAAC,wBAAwB,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,GAAG,GAAG,aAAa,CACvB,yFAAyF,CAC1F,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CACV,GAAG,CAAC,GAAG,EACP,yEAAyE,CAC1E,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,IAAI,GAAG;;;;;;;;CAQhB,CAAC;QACE,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC;QACrD,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,IAAI,GAAG;;CAEhB,CAAC;QACE,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/github.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Resolve an image tag to a commit SHA by matching against git tags.
+ * Tries exact match first, then prefix match (e.g., v2.10 -> highest v2.10.x).
+ * Returns [commit_sha, is_exact_match] or null.
+ */
+export declare function resolveTagToCommit(owner: string, repo: string, tag: string): Promise<[string, boolean] | null>;
+/**
+ * Get the commit SHA of the latest GitHub release.
+ * Returns [commit_sha, tag_name] or null.
+ */
+export declare function getLatestReleaseCommit(owner: string, repo: string): Promise<[string, string] | null>;
+/**
+ * Get the latest commit SHA on the default branch.
+ */
+export declare function getLatestCommit(owner: string, repo: string): Promise<string | null>;
+/**
+ * Check if a GitHub repo exists.
+ */
+export declare function checkGithubRepoExists(owner: string, repo: string): Promise<boolean>;
+interface PackageVersionResult {
+    repo: string;
+    commit: string | null;
+    tags: string[];
+}
+/**
+ * Find the commit for a GHCR image by its digest.
+ */
+export declare function resolveGhcrDigestViaPackages(owner: string, packageName: string, digest: string): Promise<PackageVersionResult | null>;
+/**
+ * Find the commit for a GHCR image's :latest tag.
+ */
+export declare function resolveGhcrLatestViaPackages(owner: string, packageName: string): Promise<PackageVersionResult | null>;
+/**
+ * Try to find the GitHub repo for a Docker Hub image.
+ */
+export declare function inferRepoFromDockerhub(namespace: string, name: string): Promise<[string, string] | null>;
+export {};

package/dist/github.js

@@ -0,0 +1,270 @@
+function githubHeaders() {
+    const headers = {
+        Accept: "application/vnd.github+json",
+    };
+    const token = process.env.GITHUB_TOKEN;
+    if (token) {
+        headers.Authorization = `Bearer ${token}`;
+    }
+    return headers;
+}
+function normalizeTag(tag) {
+    return tag.replace(/^v+/, "");
+}
+function isPrefixMatch(imageTag, gitTag) {
+    const normImage = normalizeTag(imageTag);
+    const normGit = normalizeTag(gitTag);
+    return normGit.startsWith(normImage + ".");
+}
+function parseVersionTuple(tag) {
+    let norm = normalizeTag(tag);
+    // Strip pre-release suffixes like -rc1, -beta2
+    norm = norm.split(/[-+]/)[0];
+    const parts = norm.split(".");
+    try {
+        const nums = parts.map((p) => {
+            const n = parseInt(p, 10);
+            if (isNaN(n))
+                throw new Error();
+            return n;
+        });
+        return nums;
+    }
+    catch {
+        return null;
+    }
+}
+function compareVersions(a, b) {
+    const len = Math.max(a.length, b.length);
+    for (let i = 0; i < len; i++) {
+        const av = a[i] ?? 0;
+        const bv = b[i] ?? 0;
+        if (av !== bv)
+            return av - bv;
+    }
+    return 0;
+}
+/**
+ * Parse the Link header for pagination.
+ * Returns the "next" URL or null.
+ */
+function parseNextLink(linkHeader) {
+    if (!linkHeader)
+        return null;
+    const match = linkHeader.match(/<([^>]+)>;\s*rel="next"/);
+    return match ? match[1] : null;
+}
+/**
+ * Resolve an image tag to a commit SHA by matching against git tags.
+ * Tries exact match first, then prefix match (e.g., v2.10 -> highest v2.10.x).
+ * Returns [commit_sha, is_exact_match] or null.
+ */
+export async function resolveTagToCommit(owner, repo, tag) {
+    const headers = githubHeaders();
+    let url = `https://api.github.com/repos/${owner}/${repo}/tags?per_page=100`;
+    const prefixCandidates = [];
+    while (url) {
+        const resp = await fetch(url, {
+            headers,
+            signal: AbortSignal.timeout(10000),
+        });
+        if (!resp.ok)
+            return null;
+        const gitTags = await resp.json();
+        for (const gitTag of gitTags) {
+            const name = gitTag.name;
+            // Exact match (with/without v prefix)
+            if (name === tag ||
+                name === `v${tag}` ||
+                normalizeTag(name) === normalizeTag(tag)) {
+                return [gitTag.commit.sha, true];
+            }
+            // Collect prefix match candidates
+            if (isPrefixMatch(tag, name)) {
+                const version = parseVersionTuple(name);
+                if (version !== null) {
+                    prefixCandidates.push([version, gitTag.commit.sha]);
+                }
+            }
+        }
+        url = parseNextLink(resp.headers.get("link"));
+    }
+    // Return the highest version among prefix matches
+    if (prefixCandidates.length > 0) {
+        prefixCandidates.sort((a, b) => compareVersions(b[0], a[0]));
+        return [prefixCandidates[0][1], false];
+    }
+    return null;
+}
+/**
+ * Get the commit SHA of the latest GitHub release.
+ * Returns [commit_sha, tag_name] or null.
+ */
+export async function getLatestReleaseCommit(owner, repo) {
+    const headers = githubHeaders();
+    try {
+        const resp = await fetch(`https://api.github.com/repos/${owner}/${repo}/releases/latest`, { headers, signal: AbortSignal.timeout(10000) });
+        if (!resp.ok)
+            return null;
+        const data = (await resp.json());
+        const tagName = data.tag_name;
+        if (!tagName)
+            return null;
+        const tagResult = await resolveTagToCommit(owner, repo, tagName);
+        if (tagResult) {
+            return [tagResult[0], tagName];
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Get the latest commit SHA on the default branch.
+ */
+export async function getLatestCommit(owner, repo) {
+    const headers = githubHeaders();
+    try {
+        const resp = await fetch(`https://api.github.com/repos/${owner}/${repo}/commits?per_page=1`, { headers, signal: AbortSignal.timeout(10000) });
+        if (!resp.ok)
+            return null;
+        const commits = (await resp.json());
+        if (commits.length > 0)
+            return commits[0].sha;
+    }
+    catch {
+        // ignore
+    }
+    return null;
+}
+/**
+ * Check if a GitHub repo exists.
+ */
+export async function checkGithubRepoExists(owner, repo) {
+    const headers = githubHeaders();
+    try {
+        const resp = await fetch(`https://api.github.com/repos/${owner}/${repo}`, { headers, signal: AbortSignal.timeout(10000) });
+        return resp.status === 200;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Find a GHCR package version by digest or tag via the GitHub Packages API.
+ */
+async function findGhcrPackageVersion(owner, packageName, options) {
+    const headers = githubHeaders();
+    if (!headers.Authorization)
+        return null;
+    for (const entityType of ["orgs", "users"]) {
+        const pkgBase = `https://api.github.com/${entityType}/${owner}/packages/container/${packageName}`;
+        // Get package metadata for source repo
+        let fullName;
+        try {
+            const pkgResp = await fetch(pkgBase, {
+                headers,
+                signal: AbortSignal.timeout(10000),
+            });
+            if (pkgResp.status === 403)
+                return null;
+            if (!pkgResp.ok)
+                continue;
+            const pkgData = await pkgResp.json();
+            fullName = pkgData?.repository?.full_name;
+            if (!fullName)
+                continue;
+        }
+        catch {
+            continue;
+        }
+        // Search versions
+        let versionsUrl = `${pkgBase}/versions?per_page=50`;
+        try {
+            while (versionsUrl) {
+                const resp = await fetch(versionsUrl, {
+                    headers,
+                    signal: AbortSignal.timeout(10000),
+                });
+                if (!resp.ok)
+                    break;
+                const versions = (await resp.json());
+                for (const version of versions) {
+                    const name = version.name ?? "";
+                    const metadata = version.metadata?.container ?? {};
+                    const tags = metadata.tags ?? [];
+                    // Match by digest (version name is the digest)
+                    if (options.matchDigest && name !== options.matchDigest) {
+                        if (!options.matchTag)
+                            continue;
+                    }
+                    // Match by tag
+                    if (options.matchTag && !tags.includes(options.matchTag))
+                        continue;
+                    // Found matching version - resolve tags to a commit
+                    const [repoOwner, repoName] = fullName.split("/", 2);
+                    const resolvableTags = tags.filter((t) => t !== "latest");
+                    for (const t of resolvableTags) {
+                        const tagResult = await resolveTagToCommit(repoOwner, repoName, t);
+                        if (tagResult) {
+                            return { repo: fullName, commit: tagResult[0], tags };
+                        }
+                    }
+                    return { repo: fullName, commit: null, tags };
+                }
+                versionsUrl = parseNextLink(resp.headers.get("link"));
+            }
+        }
+        catch {
+            continue;
+        }
+    }
+    return null;
+}
+/**
+ * Find the commit for a GHCR image by its digest.
+ */
+export async function resolveGhcrDigestViaPackages(owner, packageName, digest) {
+    return findGhcrPackageVersion(owner, packageName, { matchDigest: digest });
+}
+/**
+ * Find the commit for a GHCR image's :latest tag.
+ */
+export async function resolveGhcrLatestViaPackages(owner, packageName) {
+    return findGhcrPackageVersion(owner, packageName, { matchTag: "latest" });
+}
+/**
+ * Try to find the GitHub repo for a Docker Hub image.
+ */
+export async function inferRepoFromDockerhub(namespace, name) {
+    // For official images (library/X), try the image name as org/repo directly
+    if (namespace === "library") {
+        if (await checkGithubRepoExists(name, name)) {
+            return [name, name];
+        }
+    }
+    // For namespaced images, try namespace/name on GitHub
+    if (namespace !== "library") {
+        if (await checkGithubRepoExists(namespace, name)) {
+            return [namespace, name];
+        }
+    }
+    // Fall back to scraping Docker Hub description for GitHub links
+    try {
+        const resp = await fetch(`https://hub.docker.com/v2/repositories/${namespace}/${name}`, { signal: AbortSignal.timeout(10000) });
+        if (!resp.ok)
+            return null;
+        const data = (await resp.json());
+        const text = (data.full_description || "") + " " + (data.description || "");
+        const match = text.match(/https?:\/\/github\.com\/([\w.-]+)\/([\w.-]+)/);
+        if (match) {
+            return [match[1], match[2]];
+        }
+    }
+    catch {
+        // ignore
+    }
+    return null;
+}
+//# sourceMappingURL=github.js.map

package/dist/github.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":"AAAA,SAAS,aAAa;IACpB,MAAM,OAAO,GAA2B;QACtC,MAAM,EAAE,6BAA6B;KACtC,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACvC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB,EAAE,MAAc;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO,OAAO,CAAC,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,IAAI,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAC7B,+CAA+C;IAC/C,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1B,IAAI,KAAK,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,EAAE,CAAC;YAChC,OAAO,CAAC,CAAC;QACX,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,CAAW,EAAE,CAAW;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrB,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAChC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,UAAyB;IAC9C,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAOD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,IAAY,EACZ,GAAW;IAEX,MAAM,OAAO,GAAG,aAAa,EAAE,CAAC;IAChC,IAAI,GAAG,GACL,gCAAgC,KAAK,IAAI,IAAI,oBAAoB,CAAC;IAEpE,MAAM,gBAAgB,GAAyB,EAAE,CAAC;IAElD,OAAO,GAAG,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC5B,OAAO;YACP,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,OAAO,GAAa,MAAM,IAAI,CAAC,IAAI,EAAc,CAAC;QAExD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACzB,sCAAsC;YACtC,IACE,IAAI,KAAK,GAAG;gBACZ,IAAI,KAAK,IAAI,GAAG,EAAE;gBAClB,YAAY,CAAC,IAAI,CAAC,KAAK,YAAY,CAAC,GAAG,CAAC,EACxC,CAAC;gBACD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACnC,CAAC;YAED,kCAAkC;YAClC,IAAI,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACxC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;oBACrB,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QAED,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,kDAAkD;IAClD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7D,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,KAAa,EACb,IAAY;IAEZ,MAAM,OAAO,GAAG,aAAa,EAAE,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CACtB,gCAAgC,KAAK,IAAI,IAAI,kBAAkB,EAC/D,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAChD,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA0B,CAAC;QAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,IAAY;IAEZ,MAAM,OAAO,GAAG,aAAa,EAAE,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CACtB,gCAAgC,KAAK,IAAI,IAAI,qBAAqB,EAClE,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAChD,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAsB,CAAC;QACzD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,IAAY;IAEZ,MAAM,OAAO,GAAG,aAAa,EAAE,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CACtB,gCAAgC,KAAK,IAAI,IAAI,EAAE,EAC/C,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAChD,CAAC;QACF,OAAO,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAQD;;GAEG;AACH,KAAK,UAAU,sBAAsB,CACnC,KAAa,EACb,WAAmB,EACnB,OAAoD;IAEpD,MAAM,OAAO,GAAG,aAAa,EAAE,CAAC;IAChC,IAAI,CAAC,OAAO,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAExC,KAAK,MAAM,UAAU,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC3C,MAAM,OAAO,GAAG,0BAA0B,UAAU,IAAI,KAAK,uBAAuB,WAAW,EAAE,CAAC;QAElG,uCAAuC;QACvC,IAAI,QAA4B,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;gBACnC,OAAO;gBACP,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;aACnC,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,EAAE;gBAAE,SAAS;YAC1B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,GAAI,OAAe,EAAE,UAAU,EAAE,SAAS,CAAC;YACnD,IAAI,CAAC,QAAQ;gBAAE,SAAS;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,kBAAkB;QAClB,IAAI,WAAW,GAAkB,GAAG,OAAO,uBAAuB,CAAC;QACnE,IAAI,CAAC;YACH,OAAO,WAAW,EAAE,CAAC;gBACnB,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;oBACpC,OAAO;oBACP,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;iBACnC,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,EAAE;oBAAE,MAAM;gBAEpB,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAU,CAAC;gBAE9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,MAAM,IAAI,GAAW,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;oBACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;oBACnD,MAAM,IAAI,GAAa,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;oBAE3C,+CAA+C;oBAC/C,IAAI,OAAO,CAAC,WAAW,IAAI,IAAI,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;wBACxD,IAAI,CAAC,OAAO,CAAC,QAAQ;4BAAE,SAAS;oBAClC,CAAC;oBACD,eAAe;oBACf,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;wBAAE,SAAS;oBAEnE,oDAAoD;oBACpD,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,GAAG,QAAS,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;oBACtD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;oBAC1D,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;wBAC/B,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;wBACnE,IAAI,SAAS,EAAE,CAAC;4BACd,OAAO,EAAE,IAAI,EAAE,QAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;wBACzD,CAAC;oBACH,CAAC;oBAED,OAAO,EAAE,IAAI,EAAE,QAAS,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;gBACjD,CAAC;gBAED,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,KAAa,EACb,WAAmB,EACnB,MAAc;IAEd,OAAO,sBAAsB,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,KAAa,EACb,WAAmB;IAEnB,OAAO,sBAAsB,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAAiB,EACjB,IAAY;IAEZ,2EAA2E;IAC3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,MAAM,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,MAAM,qBAAqB,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CACtB,0CAA0C,SAAS,IAAI,IAAI,EAAE,EAC7D,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACvC,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAG9B,CAAC;QACF,MAAM,IAAI,GACR,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACjE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}