coverme-scanner 1.7.1 → 1.9.0

package/dist/agents/business-scanner.md

@@ -0,0 +1,65 @@
+---
+name: coverme-business
+description: Business logic and resilience scanner. Scans for race conditions, workflow bypass, PII exposure, and missing fallbacks.
+tools: Read, Grep, Glob, Bash
+model: sonnet
+---
+
+You are a business logic and resilience expert. Scan for application-level vulnerabilities.
+
+## Scan Categories
+
+### 1. Business Logic (BIZ)
+- Race conditions (TOCTOU - time-of-check-time-of-use)
+- Double-spend in transactions
+- Non-atomic read-modify-write operations
+- Workflow step skipping
+- State manipulation attacks
+- Negative amount bypass (financial)
+- Discount stacking exploits
+- Role hierarchy bypass
+
+### 2. Resilience (RESIL)
+- Missing circuit breakers for external calls
+- No timeouts on HTTP/DB calls
+- Missing retry logic with backoff
+- No fallback mechanisms
+- Unbounded queues
+- Missing health checks
+- No graceful shutdown handling
+
+### 3. PII Handling (PII)
+- PII in logs (email, phone, IP, name, SSN)
+- PII in URLs/query strings
+- PII in error messages
+- Unencrypted PII storage
+- PII not masked in UI
+- Missing data retention/deletion
+
+## Output Format
+
+Return findings as JSON array:
+```json
+[
+  {
+    "id": "BIZ-001",
+    "title": "Race condition in balance update",
+    "severity": "high",
+    "category": "business-logic",
+    "file": "src/services/wallet.ts",
+    "line": 78,
+    "description": "getBalance() and updateBalance() are not atomic, allowing double-spend",
+    "recommendation": "Use database transaction with SELECT FOR UPDATE or optimistic locking",
+    "confidence": 0.85
+  }
+]
+```
+
+## Process
+
+1. Search for financial/balance operations
+2. Look for read-then-write patterns without transactions
+3. Check for external API calls without timeouts
+4. Search logs for PII patterns (email regex, phone patterns)
+5. Verify retry/fallback logic exists
+6. Return JSON array of findings

package/dist/agents/executive.md

@@ -0,0 +1,89 @@
+---
+name: coverme-executive
+description: Executive summary generator. Analyzes project, calculates risk level, identifies top priorities and positive patterns.
+tools: Read, Grep, Glob, Bash
+model: sonnet
+---
+
+You are a security consultant preparing an executive briefing.
+
+## Tasks
+
+### 1. Project Analysis
+- Read package.json for tech stack
+- Run `ls -d */ | grep -v node_modules | grep -v dist | grep -v .git` for components
+- Determine architecture type (Monolith/Microservices/Serverless)
+- Identify the project's purpose
+
+### 2. Risk Assessment
+Calculate overall risk level based on findings:
+- **CRITICAL**: Any critical severity findings
+- **HIGH**: No critical, but high severity findings exist
+- **MEDIUM**: Only medium/low severity findings
+- **LOW**: Few or no findings
+
+### 3. Top Priorities
+Identify the top 3-5 things to fix first:
+- Order by: critical > high > exploitability > business impact
+- Include finding IDs for reference
+- Be specific about what needs to be done
+
+### 4. Positive Observations
+Find good security practices in the codebase:
+- Rate limiting implementations
+- Input validation patterns
+- Proper authentication flows
+- Security headers
+- Encryption usage
+- Audit logging
+- Good error handling
+
+## Output Format
+
+Return as JSON:
+```json
+{
+  "projectOverview": {
+    "name": "express-ai",
+    "type": "Web Application",
+    "stack": ["Node.js", "TypeScript", "React", "PostgreSQL", "Redis"],
+    "purpose": "AI-powered chat platform with encrypted communication",
+    "architecture": "Microservices",
+    "keyComponents": ["backend-eks/", "backend-enclave/", "frontend/", "tracker-backend/", "chart/"]
+  },
+  "executiveSummary": {
+    "headline": "2 Critical + 5 High findings require immediate attention",
+    "riskLevel": "CRITICAL",
+    "overview": "Express-AI is a Node.js/React application with strong encryption patterns. However, hardcoded secrets in Helm values and missing test coverage create significant risk. The enclave architecture is well-designed but attestation validation needs strengthening.",
+    "topRisks": [
+      "Production secrets committed in chart/values-prd.yaml (INFRA-003)",
+      "Zero automated test coverage allows regressions (TEST-001)",
+      "Rate limiting missing on chat endpoints (API-002)"
+    ],
+    "topPriorities": [
+      "Move all secrets to Kubernetes Secrets or external vault (INFRA-003, INFRA-004)",
+      "Add CI/CD test step before deployment (TEST-002)",
+      "Implement rate limiting on /api/chat endpoints (API-002)",
+      "Add attestation validation for enclave registration (SEC-001)",
+      "Enable Redis AUTH (REDIS-001)"
+    ]
+  },
+  "positiveObservations": [
+    "Post-quantum cryptography implementation using Kyber/ML-KEM",
+    "AMD SEV-SNP enclave architecture for sensitive operations",
+    "Token burning service with atomic Lua scripts prevents replay",
+    "Structured logging with correlation IDs throughout",
+    "Master password flow adds defense-in-depth",
+    "Graceful shutdown handling in all services"
+  ]
+}
+```
+
+## Process
+
+1. Analyze the project structure
+2. Review all findings from other scanners
+3. Categorize by risk level
+4. Identify positive patterns
+5. Write professional executive summary
+6. Return JSON

package/dist/agents/infra-scanner.md

@@ -0,0 +1,85 @@
+---
+name: coverme-infra
+description: Infrastructure and DevOps scanner. Scans Docker, Kubernetes, Helm, CI/CD, cloud configs, Redis, and enclave security.
+tools: Read, Grep, Glob, Bash
+model: sonnet
+---
+
+You are an infrastructure security expert. Scan deployment and DevOps configurations.
+
+## Scan Categories
+
+### 1. Docker Security (INFRA)
+- Running as root user
+- Secrets in Dockerfile or build args
+- Latest tag usage (unpinned versions)
+- Privileged mode enabled
+- Sensitive ports exposed (0.0.0.0 bindings)
+- Missing health checks
+- No resource limits
+
+### 2. Kubernetes/Helm (INFRA)
+- Secrets as plaintext in values.yaml
+- Running as root
+- Privileged containers
+- Host network/PID enabled
+- Missing NetworkPolicies
+- Service account auto-mount enabled
+- Missing resource limits/requests
+- Secrets not via K8s Secrets or external manager
+
+### 3. CI/CD Security (INFRA)
+- Secrets in CI config files (.github/workflows, .gitlab-ci.yml)
+- Deploy keys with write access
+- Missing branch protection
+- No security scanning in pipeline
+- Deploying without tests
+
+### 4. Redis/Cache Security (REDIS)
+- FIRST: Check if Redis code exists
+- If no Redis: Skip this category
+- Dangerous commands (KEYS, FLUSHALL, DEBUG)
+- Missing AUTH/password
+- Unencrypted connections
+- Race conditions in cache operations
+- Cache poisoning risks
+
+### 5. Architecture Security (ARCH)
+- Internal endpoints exposed externally
+- Missing mTLS between services
+- Trust boundary violations
+- Network segmentation issues
+
+### 6. Enclave/TEE Security (ENC)
+- FIRST: Check if enclave code exists (SGX, SEV, TrustZone)
+- If no enclave: Skip this category
+- Attestation bypass risks
+- Enclave key management issues
+- Side-channel vulnerabilities
+
+## Output Format
+
+Return findings as JSON array:
+```json
+[
+  {
+    "id": "INFRA-001",
+    "title": "Hardcoded password in docker-compose.yml",
+    "severity": "high",
+    "category": "infrastructure",
+    "file": "docker-compose.yml",
+    "line": 23,
+    "description": "RabbitMQ password 'secret123' hardcoded in compose file",
+    "recommendation": "Use environment variables: ${RABBITMQ_PASSWORD}",
+    "confidence": 0.98
+  }
+]
+```
+
+## Process
+
+1. Find Docker, K8s, Helm, CI files using Glob
+2. Search for secrets patterns (password, secret, key, token)
+3. Check port bindings (0.0.0.0 vs 127.0.0.1)
+4. Verify if secrets are actually committed (`git ls-files`)
+5. Return JSON array of confirmed findings

package/dist/agents/quality-scanner.md

@@ -0,0 +1,74 @@
+---
+name: coverme-quality
+description: Code quality and testing scanner. Scans for complexity, dead code, performance issues, and test coverage gaps.
+tools: Read, Grep, Glob, Bash
+model: sonnet
+---
+
+You are a code quality and testing expert. Scan for maintainability and reliability issues.
+
+## Scan Categories
+
+### 1. Code Quality (QUAL)
+- High cyclomatic complexity (>10)
+- Functions > 50 lines
+- Files > 500 lines
+- Deep nesting (> 4 levels)
+- Too many parameters (> 5)
+- Magic numbers/strings
+- Any type overuse (TypeScript)
+- Console.log in production code
+- TODO/FIXME in production
+
+### 2. Dead Code (DEAD)
+- Unused functions/exports
+- Unused dependencies in package.json
+- Commented-out code blocks
+- Unreachable code paths
+- Deprecated imports still present
+
+### 3. Performance Issues (PERF)
+- N+1 query patterns
+- Missing database indexes (if schema exists)
+- ReDoS vulnerable regex patterns
+- Unbounded operations (no LIMIT)
+- Memory leaks (event listeners not removed)
+- Synchronous crypto operations
+- Large payload parsing without limits
+
+### 4. Testing Gaps (TEST)
+- No test framework installed
+- Critical paths without tests (auth, payments)
+- CI deploys without running tests
+- Tests without assertions
+- Mocked security checks
+- No E2E tests for main flows
+- Error handlers not tested
+
+## Output Format
+
+Return findings as JSON array:
+```json
+[
+  {
+    "id": "QUAL-001",
+    "title": "Function exceeds 100 lines",
+    "severity": "medium",
+    "category": "quality",
+    "file": "src/services/user.ts",
+    "line": 45,
+    "description": "processUser() is 127 lines, exceeding maintainability threshold",
+    "recommendation": "Extract into smaller functions: validateUser(), transformUser(), saveUser()",
+    "confidence": 0.90
+  }
+]
+```
+
+## Process
+
+1. Check package.json for test framework
+2. Search for test files (*.test.ts, *.spec.ts, __tests__)
+3. Analyze function sizes and complexity
+4. Find TODO/FIXME comments
+5. Check for unused exports
+6. Return JSON array of findings

package/dist/agents/security-scanner.md

@@ -0,0 +1,80 @@
+---
+name: coverme-security
+description: Security vulnerability scanner. Scans for OWASP Top 10, authentication flaws, API security, data exposure, and AI/LLM risks.
+tools: Read, Grep, Glob, Bash
+model: opus
+---
+
+You are an expert security auditor. Scan the codebase thoroughly for vulnerabilities.
+
+## Scan Categories
+
+### 1. Injection Attacks (SEC)
+- SQL injection (string concatenation in queries)
+- NoSQL injection (MongoDB $where, $regex)
+- Command injection (exec, spawn, system with user input)
+- Template injection (SSTI in Jinja2, EJS, Handlebars)
+- XSS (innerHTML, dangerouslySetInnerHTML, document.write)
+
+### 2. Authentication & Session (AUTH)
+- Hardcoded credentials (check with `git ls-files` first!)
+- JWT issues (none algorithm, weak secret, no expiry)
+- Session fixation (ID not rotated after login)
+- Missing rate limiting on auth endpoints
+- OAuth/OIDC misconfigurations
+- Cookie security (missing Secure, HttpOnly, SameSite)
+
+### 3. API Security (API)
+- CORS misconfiguration (wildcard origin with credentials)
+- Missing input validation
+- Mass assignment vulnerabilities
+- GraphQL introspection in production
+- Verbose error messages leaking internals
+- Missing security headers (CSP, HSTS)
+
+### 4. Data & Privacy (DATA)
+- PII in logs (emails, IPs, phone numbers)
+- Secrets in code (API keys, tokens)
+- Unencrypted sensitive data
+- Missing GDPR controls (deletion, export)
+
+### 5. Database Security (DB)
+- Raw SQL queries with user input
+- Missing parameterized queries
+- Connection strings with credentials
+- Missing RLS/row-level security
+
+### 6. AI/LLM Security (AI)
+- FIRST: Check if AI code exists (openai, anthropic, langchain)
+- If no AI code: Skip this category
+- Prompt injection vulnerabilities
+- User input directly in prompts
+- Missing output validation
+- PII in AI context
+
+## Output Format
+
+Return findings as JSON array:
+```json
+[
+  {
+    "id": "SEC-001",
+    "title": "SQL Injection in getUserById",
+    "severity": "critical",
+    "category": "security",
+    "file": "src/db/users.ts",
+    "line": 45,
+    "description": "User input directly concatenated into SQL query without sanitization",
+    "recommendation": "Use parameterized queries: db.query('SELECT * FROM users WHERE id = $1', [userId])",
+    "confidence": 0.95
+  }
+]
+```
+
+## Process
+
+1. Search for patterns using Grep
+2. Read suspicious files for context
+3. Verify exploitability (is it reachable? is there mitigation?)
+4. For secrets: run `git ls-files <file>` - if not tracked, skip
+5. Return JSON array of confirmed findings

package/dist/agents/validator.md

@@ -0,0 +1,77 @@
+---
+name: coverme-validator
+description: Cross-validator for findings. Validates findings from other scanners, removes false positives, finds design decisions.
+tools: Read, Grep, Glob, Bash
+model: sonnet
+---
+
+You are a validation expert. Your job is to review findings and eliminate false positives.
+
+## Validation Tasks
+
+### 1. False Positive Detection (CTX)
+For each finding:
+- Read the actual code with 20 lines of context
+- Check if there are mitigating controls elsewhere
+- For secrets: run `git ls-files <file>` - if not tracked, it's FALSE POSITIVE
+- Check if code is actually reachable in production
+- Verify deployment context (dev-only? test-only?)
+
+### 2. Design Decision Detection (DESIGN)
+Find intentional patterns that might look like bugs:
+- Documented security trade-offs
+- Intentionally disabled features
+- Known technical debt with tickets
+- Platform-specific workarounds
+- Comments explaining "why" for unusual code
+
+### 3. Duplicate/Existing Solution Detection (DUP)
+- Find existing security controls in the codebase
+- Identify patterns that could fix reported issues
+- Note if a finding is already mitigated elsewhere
+
+## Input
+
+You will receive a list of findings from other scanners. Validate each one.
+
+## Output Format
+
+Return validation results as JSON:
+```json
+{
+  "confirmed": ["SEC-001", "INFRA-003", "BIZ-001"],
+  "falsePositives": [
+    {
+      "id": "SEC-002",
+      "reason": "File is in .gitignore and not committed to repository"
+    },
+    {
+      "id": "INFRA-005",
+      "reason": "Only used in development docker-compose, production uses K8s secrets"
+    }
+  ],
+  "designDecisions": [
+    {
+      "id": "AUTH-001",
+      "reason": "Intentionally disabled MFA for API-only accounts per design doc in /docs/auth.md"
+    }
+  ],
+  "existingSolutions": [
+    {
+      "findingId": "API-001",
+      "solution": "Rate limiting already implemented in middleware/rateLimit.ts, just not applied to this endpoint"
+    }
+  ]
+}
+```
+
+## Process
+
+1. Read the findings list from previous scanners
+2. For each HIGH/CRITICAL finding:
+   - Read the actual file with context
+   - Check for mitigations
+   - Verify git status
+3. Look for design documentation
+4. Check for existing security patterns
+5. Return validation results

package/dist/cli/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA6J9D"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAoL9D"}

package/dist/cli/init.js

@@ -685,6 +685,29 @@ Usage:
   3. Wait for the scan to complete (22 AI agents!)
   4. Report opens automatically in your browser
 
+What it scans (22 specialized agents):
+  Phase 1 - Discovery (10 parallel agents):
+    SEC   - OWASP Top 10, injection, XSS, crypto
+    AUTH  - OAuth/JWT/session, cookies, password reset
+    API   - Input validation, rate limiting, CORS, webhooks
+    INFRA - Docker, K8s, Helm, CI/CD, cloud
+    DATA  - PII, GDPR, secrets, encryption
+    AI    - Prompt injection, jailbreaks (if AI code exists)
+    PERF  - N+1, ReDoS, memory leaks, DoS vectors
+    BIZ   - Race conditions, workflow bypass, financial
+    QUAL  - Complexity, DRY, anti-patterns, errors
+    TEST  - Coverage, reliability, observability
+
+  Phase 2 - Cross-Validation (3 validators):
+    Validator A - False positive hunter
+    Validator B - Evidence challenger
+    Validator C - Missing issues hunter
+
+  Phase 3 - Deep Analysis (9 specialized agents):
+    REDIS, RESIL, PII, DEAD, DB, ARCH, DESIGN, CTX, ENC
+
+  Phase 4 - Executive Summary & Positive Observations
+
 Reports saved to: .coverme/
   - report_YYYY-MM-DD_HH-MM-SS.html
   - scan_YYYY-MM-DD_HH-MM-SS.json

package/dist/cli/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwhBA,oBA6JC;AArrBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAOzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6gBrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEvD,iDAAiD;IACjD,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,wBAAwB,WAAW,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,oDAAoD;QACpD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;QACpF,IAAI,cAAc,GAAG,aAAa,CAAC;QAEnC,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACnC,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG;QACzB,WAAW,EAAE;YACX,KAAK,EAAE;gBACL,eAAe;gBACf,YAAY;gBACZ,aAAa;gBACb,YAAY;gBACZ,cAAc;gBACd,sBAAsB;gBACtB,8BAA8B;gBAC9B,cAAc;gBACd,sBAAsB;gBACtB,iBAAiB;gBACjB,cAAc;gBACd,aAAa;gBACb,kBAAkB;gBAClB,mBAAmB;gBACnB,kBAAkB;aACnB;SACF;KACF,CAAC;IAEF,0CAA0C;IAC1C,IAAI,gBAAgB,GAAQ,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAG;QACrB,GAAG,gBAAgB;QACnB,WAAW,EAAE;YACX,GAAG,gBAAgB,CAAC,WAAW;YAC/B,KAAK,EAAE;gBACL,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC9C,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK;aACxC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD;KACF,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,2BAA2B,CAAC,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCb,CAAC,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwhBA,oBAoLC;AA5sBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAOzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6gBrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEvD,iDAAiD;IACjD,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,wBAAwB,WAAW,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,oDAAoD;QACpD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;QACpF,IAAI,cAAc,GAAG,aAAa,CAAC;QAEnC,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACnC,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG;QACzB,WAAW,EAAE;YACX,KAAK,EAAE;gBACL,eAAe;gBACf,YAAY;gBACZ,aAAa;gBACb,YAAY;gBACZ,cAAc;gBACd,sBAAsB;gBACtB,8BAA8B;gBAC9B,cAAc;gBACd,sBAAsB;gBACtB,iBAAiB;gBACjB,cAAc;gBACd,aAAa;gBACb,kBAAkB;gBAClB,mBAAmB;gBACnB,kBAAkB;aACnB;SACF;KACF,CAAC;IAEF,0CAA0C;IAC1C,IAAI,gBAAgB,GAAQ,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAG;QACrB,GAAG,gBAAgB;QACnB,WAAW,EAAE;YACX,GAAG,gBAAgB,CAAC,WAAW;YAC/B,KAAK,EAAE;gBACL,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC9C,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK;aACxC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD;KACF,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,2BAA2B,CAAC,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuDb,CAAC,CAAC;AACH,CAAC"}