npm - devrail - Versions diffs - 0.1.0 - Mend

devrail 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/LICENSE +21 -0
package/README.md +273 -0
package/dist/chunk-J22FFU7Z.js +575 -0
package/dist/chunk-J22FFU7Z.js.map +1 -0
package/dist/chunk-ZDEEHXE7.js +1298 -0
package/dist/chunk-ZDEEHXE7.js.map +1 -0
package/dist/cli/index.d.ts +1 -0
package/dist/cli/index.js +1346 -0
package/dist/cli/index.js.map +1 -0
package/dist/index.d.ts +312 -0
package/dist/index.js +91 -0
package/dist/index.js.map +1 -0
package/dist/rules-XIWD4KI4.js +17 -0
package/dist/rules-XIWD4KI4.js.map +1 -0
package/package.json +88 -0
package/templates/github-actions/vibeguard.yml +102 -0
package/templates/gitlab-ci/vibeguard.yml +29 -0

package/dist/chunk-J22FFU7Z.js ADDED Viewed

@@ -0,0 +1,575 @@
+// src/rules/definitions.ts
+var rules = [
+  // ============================================
+  // SECRETS
+  // ============================================
+  {
+    id: "secrets.no-plaintext",
+    name: "No Plaintext Secrets",
+    description: "Detect hardcoded secrets, API keys, passwords in source code",
+    category: "secrets",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "gitleaks",
+    docs: "https://vibeguard.dev/rules/secrets-no-plaintext",
+    rationale: "Hardcoded secrets in source code are a critical security vulnerability. They can be exposed through version control, logs, or error messages.",
+    fix: "Move secrets to environment variables or a secrets manager. Use .env files for local development (never commit them).",
+    examples: {
+      bad: `const API_KEY = "sk-1234567890abcdef";`,
+      good: `const API_KEY = process.env.API_KEY;`
+    },
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "secrets.no-env-commit",
+    name: "No .env Files in Git",
+    description: "Ensure .env files are not committed to version control",
+    category: "secrets",
+    severity: "error",
+    autofix: true,
+    blocking: true,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/secrets-no-env-commit",
+    rationale: ".env files often contain sensitive configuration. They should never be committed.",
+    fix: "Add .env to .gitignore. Remove any committed .env files from git history.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "secrets.gitignore-required",
+    name: "Gitignore Required",
+    description: "Ensure .gitignore exists with common sensitive patterns",
+    category: "secrets",
+    severity: "warn",
+    autofix: true,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/secrets-gitignore-required",
+    rationale: "A proper .gitignore prevents accidental commits of sensitive files.",
+    fix: "Create or update .gitignore with patterns for .env, node_modules, etc.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  // ============================================
+  // DEPENDENCIES
+  // ============================================
+  {
+    id: "deps.lockfile.required",
+    name: "Lockfile Required",
+    description: "Ensure package-lock.json, yarn.lock, or pnpm-lock.yaml exists",
+    category: "deps",
+    severity: "error",
+    autofix: true,
+    blocking: true,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/deps-lockfile-required",
+    rationale: "Lockfiles ensure reproducible builds and prevent supply chain attacks through version drift.",
+    fix: "Run npm install, yarn install, or pnpm install to generate a lockfile.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "deps.no-unpinned",
+    name: "No Unpinned Dependencies",
+    description: "Warn about dependencies using ranges like ^, ~, or *",
+    category: "deps",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/deps-no-unpinned",
+    rationale: "Unpinned dependencies can introduce breaking changes or vulnerabilities unexpectedly.",
+    fix: "Pin dependencies to exact versions or use a lockfile.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "deps.no-git-deps",
+    name: "No Git Dependencies",
+    description: "Disallow dependencies from git URLs",
+    category: "deps",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/deps-no-git-deps",
+    rationale: "Git dependencies bypass npm registry security checks and can change without version bumps.",
+    fix: "Publish the dependency to npm or use a private registry.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "deps.no-vulnerable",
+    name: "No Vulnerable Dependencies",
+    description: "Scan dependencies for known vulnerabilities",
+    category: "deps",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "osv-scanner",
+    docs: "https://vibeguard.dev/rules/deps-no-vulnerable",
+    rationale: "Known vulnerabilities in dependencies are a common attack vector.",
+    fix: "Update vulnerable dependencies or find alternatives.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "deps.no-typosquatting",
+    name: "No Typosquatting Packages",
+    description: "Detect potentially malicious packages with names similar to popular ones",
+    category: "deps",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/deps-no-typosquatting",
+    rationale: "Typosquatting is a supply chain attack where malicious packages mimic popular package names.",
+    fix: "Verify package names carefully. Use official package names.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "deps.license-check",
+    name: "License Compatibility Check",
+    description: "Ensure dependencies have compatible licenses",
+    category: "deps",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/deps-license-check",
+    rationale: "Incompatible licenses can create legal issues for your project.",
+    fix: "Review and replace dependencies with incompatible licenses.",
+    levels: { basic: false, standard: false, strict: true }
+  },
+  // ============================================
+  // SECURITY
+  // ============================================
+  {
+    id: "security.headers.required",
+    name: "Security Headers Required",
+    description: "Ensure security headers are configured (CSP, HSTS, etc.)",
+    category: "security",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/security-headers-required",
+    rationale: "Security headers protect against XSS, clickjacking, and other browser-based attacks.",
+    fix: "Add helmet middleware (Express) or configure headers in next.config.js.",
+    examples: {
+      good: `import helmet from 'helmet';
+app.use(helmet());`
+    },
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "security.cors.safe-default",
+    name: "Safe CORS Configuration",
+    description: "Detect overly permissive CORS configurations",
+    category: "security",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/security-cors-safe-default",
+    rationale: "Permissive CORS (origin: *) can expose your API to cross-origin attacks.",
+    fix: "Restrict CORS to specific trusted origins.",
+    examples: {
+      bad: `cors({ origin: '*' })`,
+      good: `cors({ origin: ['https://myapp.com'] })`
+    },
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "security.no-eval",
+    name: "No eval() or Function()",
+    description: "Disallow eval, Function constructor, and similar dynamic code execution",
+    category: "security",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "eslint",
+    docs: "https://vibeguard.dev/rules/security-no-eval",
+    rationale: "Dynamic code execution is a major injection vulnerability vector.",
+    fix: "Use safer alternatives like JSON.parse for data, or refactor logic.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "security.no-unsafe-regex",
+    name: "No Unsafe Regular Expressions",
+    description: "Detect regex patterns vulnerable to ReDoS attacks",
+    category: "security",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "eslint",
+    docs: "https://vibeguard.dev/rules/security-no-unsafe-regex",
+    rationale: "Catastrophic backtracking in regex can cause denial of service.",
+    fix: "Simplify regex patterns or use a safe regex library.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "security.no-prototype-pollution",
+    name: "No Prototype Pollution",
+    description: "Detect patterns that could lead to prototype pollution",
+    category: "security",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/security-no-prototype-pollution",
+    rationale: "Prototype pollution can lead to property injection and RCE.",
+    fix: "Use Object.create(null) for dictionaries, validate object keys.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  // ============================================
+  // AUTH
+  // ============================================
+  {
+    id: "auth.no-weak-jwt",
+    name: "No Weak JWT Configuration",
+    description: "Detect weak JWT algorithms (none, HS256 with weak secrets)",
+    category: "auth",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/auth-no-weak-jwt",
+    rationale: "Weak JWT configuration allows token forgery and authentication bypass.",
+    fix: 'Use RS256 or ES256 algorithms. Never use "none". Use strong secrets.',
+    examples: {
+      bad: `jwt.sign(payload, 'secret', { algorithm: 'none' })`,
+      good: `jwt.sign(payload, privateKey, { algorithm: 'RS256' })`
+    },
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "auth.no-hardcoded-credentials",
+    name: "No Hardcoded Credentials",
+    description: "Detect hardcoded usernames, passwords, or tokens in auth logic",
+    category: "auth",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/auth-no-hardcoded-credentials",
+    rationale: "Hardcoded credentials are easily discovered and exploited.",
+    fix: "Use environment variables or a secrets manager.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "auth.session-secure",
+    name: "Secure Session Configuration",
+    description: "Ensure session cookies have secure, httpOnly, sameSite flags",
+    category: "auth",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/auth-session-secure",
+    rationale: "Insecure session cookies can be stolen via XSS or MITM attacks.",
+    fix: 'Set secure: true, httpOnly: true, sameSite: "strict" on session cookies.',
+    levels: { basic: false, standard: true, strict: true }
+  },
+  // ============================================
+  // API
+  // ============================================
+  {
+    id: "api.validation.required",
+    name: "Input Validation Required",
+    description: "Ensure API endpoints validate input with a schema library",
+    category: "api",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/api-validation-required",
+    rationale: "Unvalidated input is the root cause of most injection vulnerabilities.",
+    fix: "Use zod, joi, yup, or similar for input validation.",
+    examples: {
+      bad: `app.post('/user', (req, res) => { db.insert(req.body); });`,
+      good: `app.post('/user', (req, res) => { const data = userSchema.parse(req.body); });`
+    },
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "api.rate-limiting",
+    name: "Rate Limiting Required",
+    description: "Ensure rate limiting is configured on API endpoints",
+    category: "api",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/api-rate-limiting",
+    rationale: "Without rate limiting, APIs are vulnerable to brute force and DoS attacks.",
+    fix: "Add express-rate-limit or similar middleware.",
+    levels: { basic: false, standard: false, strict: true }
+  },
+  {
+    id: "api.no-sensitive-logging",
+    name: "No Sensitive Data in Logs",
+    description: "Detect logging of passwords, tokens, or PII",
+    category: "api",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/api-no-sensitive-logging",
+    rationale: "Sensitive data in logs can be exposed through log aggregation systems.",
+    fix: "Redact sensitive fields before logging. Use structured logging.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  // ============================================
+  // SQL
+  // ============================================
+  {
+    id: "sql.no-string-concat",
+    name: "No SQL String Concatenation",
+    description: "Detect SQL queries built with string concatenation",
+    category: "sql",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/sql-no-string-concat",
+    rationale: "String concatenation in SQL queries leads to SQL injection.",
+    fix: "Use parameterized queries or an ORM.",
+    examples: {
+      bad: `db.query("SELECT * FROM users WHERE id = " + userId)`,
+      good: `db.query("SELECT * FROM users WHERE id = $1", [userId])`
+    },
+    levels: { basic: true, standard: true, strict: true }
+  },
+  {
+    id: "sql.no-raw-queries",
+    name: "Prefer ORM Over Raw Queries",
+    description: "Warn when using raw SQL queries instead of ORM methods",
+    category: "sql",
+    severity: "info",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/sql-no-raw-queries",
+    rationale: "ORMs provide built-in protection against SQL injection.",
+    fix: "Use Prisma, Drizzle, or TypeORM query builders.",
+    levels: { basic: false, standard: false, strict: true }
+  },
+  // ============================================
+  // TESTS
+  // ============================================
+  {
+    id: "tests.unit.required",
+    name: "Unit Tests Required",
+    description: "Ensure test files exist for the project",
+    category: "tests",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/tests-unit-required",
+    rationale: "Tests catch regressions and document expected behavior.",
+    fix: "Create test files using Jest, Vitest, or your preferred test runner.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "tests.coverage.min-50",
+    name: "Minimum 50% Test Coverage",
+    description: "Ensure at least 50% code coverage",
+    category: "tests",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "vitest",
+    docs: "https://vibeguard.dev/rules/tests-coverage-min-50",
+    rationale: "Minimum coverage ensures critical paths are tested.",
+    fix: "Add tests for uncovered code paths.",
+    levels: { basic: false, standard: true, strict: false }
+  },
+  {
+    id: "tests.coverage.min-80",
+    name: "Minimum 80% Test Coverage",
+    description: "Ensure at least 80% code coverage",
+    category: "tests",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "vitest",
+    docs: "https://vibeguard.dev/rules/tests-coverage-min-80",
+    rationale: "High coverage reduces the risk of regressions.",
+    fix: "Add tests for uncovered code paths.",
+    levels: { basic: false, standard: false, strict: true }
+  },
+  {
+    id: "tests.no-skipped",
+    name: "No Skipped Tests",
+    description: "Detect .skip() or .only() left in test files",
+    category: "tests",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "eslint",
+    docs: "https://vibeguard.dev/rules/tests-no-skipped",
+    rationale: "Skipped tests can hide failures. .only() can exclude other tests.",
+    fix: "Remove .skip() and .only() before committing.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  // ============================================
+  // LOGGING
+  // ============================================
+  {
+    id: "logging.no-pii",
+    name: "No PII in Logs",
+    description: "Detect logging of personally identifiable information",
+    category: "logging",
+    severity: "error",
+    autofix: false,
+    blocking: true,
+    scope: "all",
+    tool: "semgrep",
+    docs: "https://vibeguard.dev/rules/logging-no-pii",
+    rationale: "PII in logs violates privacy regulations (GDPR, CCPA).",
+    fix: "Redact or hash PII before logging.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "logging.no-console",
+    name: "No console.log in Production",
+    description: "Detect console.log statements that should use a logger",
+    category: "logging",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "eslint",
+    docs: "https://vibeguard.dev/rules/logging-no-console",
+    rationale: "console.log lacks log levels, formatting, and can leak sensitive data.",
+    fix: "Use a structured logger like pino or winston.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  // ============================================
+  // CODE QUALITY
+  // ============================================
+  {
+    id: "code.no-any",
+    name: "No TypeScript any",
+    description: "Disallow the any type in TypeScript",
+    category: "code",
+    severity: "warn",
+    autofix: false,
+    blocking: false,
+    scope: "all",
+    tool: "eslint",
+    docs: "https://vibeguard.dev/rules/code-no-any",
+    rationale: "any disables type checking and can hide bugs.",
+    fix: "Use proper types, unknown, or generics instead.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "code.strict-mode",
+    name: "TypeScript Strict Mode",
+    description: "Ensure TypeScript strict mode is enabled",
+    category: "code",
+    severity: "warn",
+    autofix: true,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/code-strict-mode",
+    rationale: "Strict mode catches more errors at compile time.",
+    fix: 'Add "strict": true to tsconfig.json.',
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "code.no-unused-vars",
+    name: "No Unused Variables",
+    description: "Detect unused variables and imports",
+    category: "code",
+    severity: "warn",
+    autofix: true,
+    blocking: false,
+    scope: "all",
+    tool: "eslint",
+    docs: "https://vibeguard.dev/rules/code-no-unused-vars",
+    rationale: "Unused code is dead weight and can indicate bugs.",
+    fix: "Remove unused variables or prefix with underscore.",
+    levels: { basic: true, standard: true, strict: true }
+  },
+  // ============================================
+  // CONFIG
+  // ============================================
+  {
+    id: "config.node-version",
+    name: "Node Version Specified",
+    description: "Ensure Node.js version is specified in package.json or .nvmrc",
+    category: "config",
+    severity: "info",
+    autofix: true,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/config-node-version",
+    rationale: "Specifying Node version ensures consistent environments.",
+    fix: "Add engines.node to package.json or create .nvmrc.",
+    levels: { basic: false, standard: true, strict: true }
+  },
+  {
+    id: "config.editor-config",
+    name: "EditorConfig Present",
+    description: "Ensure .editorconfig exists for consistent formatting",
+    category: "config",
+    severity: "info",
+    autofix: true,
+    blocking: false,
+    scope: "all",
+    tool: "builtin",
+    docs: "https://vibeguard.dev/rules/config-editor-config",
+    rationale: "EditorConfig ensures consistent formatting across editors.",
+    fix: "Create .editorconfig with project standards.",
+    levels: { basic: false, standard: true, strict: true }
+  }
+];
+var ruleMap = new Map(rules.map((r) => [r.id, r]));
+function getRuleById(id) {
+  return ruleMap.get(id);
+}
+function getRulesByCategory(category) {
+  return rules.filter((r) => r.category === category);
+}
+function getRulesByLevel(level) {
+  return rules.filter((r) => r.levels[level]);
+}
+function getRulesByTool(tool) {
+  return rules.filter((r) => r.tool === tool);
+}
+export {
+  rules,
+  ruleMap,
+  getRuleById,
+  getRulesByCategory,
+  getRulesByLevel,
+  getRulesByTool
+};
+//# sourceMappingURL=chunk-J22FFU7Z.js.map

package/dist/chunk-J22FFU7Z.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/rules/definitions.ts"],"sourcesContent":["import type { RuleDefinition } from '../types/index.js';\n\nexport const rules: RuleDefinition[] = [\n // ============================================\n // SECRETS\n // ============================================\n {\n id: 'secrets.no-plaintext',\n name: 'No Plaintext Secrets',\n description: 'Detect hardcoded secrets, API keys, passwords in source code',\n category: 'secrets',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'gitleaks',\n docs: 'https://vibeguard.dev/rules/secrets-no-plaintext',\n rationale:\n 'Hardcoded secrets in source code are a critical security vulnerability. They can be exposed through version control, logs, or error messages.',\n fix: 'Move secrets to environment variables or a secrets manager. Use .env files for local development (never commit them).',\n examples: {\n bad: `const API_KEY = \"sk-1234567890abcdef\";`,\n good: `const API_KEY = process.env.API_KEY;`,\n },\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'secrets.no-env-commit',\n name: 'No .env Files in Git',\n description: 'Ensure .env files are not committed to version control',\n category: 'secrets',\n severity: 'error',\n autofix: true,\n blocking: true,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/secrets-no-env-commit',\n rationale:\n '.env files often contain sensitive configuration. They should never be committed.',\n fix: 'Add .env to .gitignore. Remove any committed .env files from git history.',\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'secrets.gitignore-required',\n name: 'Gitignore Required',\n description: 'Ensure .gitignore exists with common sensitive patterns',\n category: 'secrets',\n severity: 'warn',\n autofix: true,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/secrets-gitignore-required',\n rationale: 'A proper .gitignore prevents accidental commits of sensitive files.',\n fix: 'Create or update .gitignore with patterns for .env, node_modules, etc.',\n levels: { basic: true, standard: true, strict: true },\n },\n\n // ============================================\n // DEPENDENCIES\n // ============================================\n {\n id: 'deps.lockfile.required',\n name: 'Lockfile Required',\n description: 'Ensure package-lock.json, yarn.lock, or pnpm-lock.yaml exists',\n category: 'deps',\n severity: 'error',\n autofix: true,\n blocking: true,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/deps-lockfile-required',\n rationale:\n 'Lockfiles ensure reproducible builds and prevent supply chain attacks through version drift.',\n fix: 'Run npm install, yarn install, or pnpm install to generate a lockfile.',\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'deps.no-unpinned',\n name: 'No Unpinned Dependencies',\n description: 'Warn about dependencies using ranges like ^, ~, or *',\n category: 'deps',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/deps-no-unpinned',\n rationale:\n 'Unpinned dependencies can introduce breaking changes or vulnerabilities unexpectedly.',\n fix: 'Pin dependencies to exact versions or use a lockfile.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'deps.no-git-deps',\n name: 'No Git Dependencies',\n description: 'Disallow dependencies from git URLs',\n category: 'deps',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/deps-no-git-deps',\n rationale:\n 'Git dependencies bypass npm registry security checks and can change without version bumps.',\n fix: 'Publish the dependency to npm or use a private registry.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'deps.no-vulnerable',\n name: 'No Vulnerable Dependencies',\n description: 'Scan dependencies for known vulnerabilities',\n category: 'deps',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'osv-scanner',\n docs: 'https://vibeguard.dev/rules/deps-no-vulnerable',\n rationale: 'Known vulnerabilities in dependencies are a common attack vector.',\n fix: 'Update vulnerable dependencies or find alternatives.',\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'deps.no-typosquatting',\n name: 'No Typosquatting Packages',\n description: 'Detect potentially malicious packages with names similar to popular ones',\n category: 'deps',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/deps-no-typosquatting',\n rationale:\n 'Typosquatting is a supply chain attack where malicious packages mimic popular package names.',\n fix: 'Verify package names carefully. Use official package names.',\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'deps.license-check',\n name: 'License Compatibility Check',\n description: 'Ensure dependencies have compatible licenses',\n category: 'deps',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/deps-license-check',\n rationale: 'Incompatible licenses can create legal issues for your project.',\n fix: 'Review and replace dependencies with incompatible licenses.',\n levels: { basic: false, standard: false, strict: true },\n },\n\n // ============================================\n // SECURITY\n // ============================================\n {\n id: 'security.headers.required',\n name: 'Security Headers Required',\n description: 'Ensure security headers are configured (CSP, HSTS, etc.)',\n category: 'security',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/security-headers-required',\n rationale:\n 'Security headers protect against XSS, clickjacking, and other browser-based attacks.',\n fix: 'Add helmet middleware (Express) or configure headers in next.config.js.',\n examples: {\n good: `import helmet from 'helmet';\\napp.use(helmet());`,\n },\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'security.cors.safe-default',\n name: 'Safe CORS Configuration',\n description: 'Detect overly permissive CORS configurations',\n category: 'security',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/security-cors-safe-default',\n rationale: 'Permissive CORS (origin: *) can expose your API to cross-origin attacks.',\n fix: 'Restrict CORS to specific trusted origins.',\n examples: {\n bad: `cors({ origin: '*' })`,\n good: `cors({ origin: ['https://myapp.com'] })`,\n },\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'security.no-eval',\n name: 'No eval() or Function()',\n description: 'Disallow eval, Function constructor, and similar dynamic code execution',\n category: 'security',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'eslint',\n docs: 'https://vibeguard.dev/rules/security-no-eval',\n rationale: 'Dynamic code execution is a major injection vulnerability vector.',\n fix: 'Use safer alternatives like JSON.parse for data, or refactor logic.',\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'security.no-unsafe-regex',\n name: 'No Unsafe Regular Expressions',\n description: 'Detect regex patterns vulnerable to ReDoS attacks',\n category: 'security',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'eslint',\n docs: 'https://vibeguard.dev/rules/security-no-unsafe-regex',\n rationale: 'Catastrophic backtracking in regex can cause denial of service.',\n fix: 'Simplify regex patterns or use a safe regex library.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'security.no-prototype-pollution',\n name: 'No Prototype Pollution',\n description: 'Detect patterns that could lead to prototype pollution',\n category: 'security',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/security-no-prototype-pollution',\n rationale: 'Prototype pollution can lead to property injection and RCE.',\n fix: 'Use Object.create(null) for dictionaries, validate object keys.',\n levels: { basic: true, standard: true, strict: true },\n },\n\n // ============================================\n // AUTH\n // ============================================\n {\n id: 'auth.no-weak-jwt',\n name: 'No Weak JWT Configuration',\n description: 'Detect weak JWT algorithms (none, HS256 with weak secrets)',\n category: 'auth',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/auth-no-weak-jwt',\n rationale: 'Weak JWT configuration allows token forgery and authentication bypass.',\n fix: 'Use RS256 or ES256 algorithms. Never use \"none\". Use strong secrets.',\n examples: {\n bad: `jwt.sign(payload, 'secret', { algorithm: 'none' })`,\n good: `jwt.sign(payload, privateKey, { algorithm: 'RS256' })`,\n },\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'auth.no-hardcoded-credentials',\n name: 'No Hardcoded Credentials',\n description: 'Detect hardcoded usernames, passwords, or tokens in auth logic',\n category: 'auth',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/auth-no-hardcoded-credentials',\n rationale: 'Hardcoded credentials are easily discovered and exploited.',\n fix: 'Use environment variables or a secrets manager.',\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'auth.session-secure',\n name: 'Secure Session Configuration',\n description: 'Ensure session cookies have secure, httpOnly, sameSite flags',\n category: 'auth',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/auth-session-secure',\n rationale: 'Insecure session cookies can be stolen via XSS or MITM attacks.',\n fix: 'Set secure: true, httpOnly: true, sameSite: \"strict\" on session cookies.',\n levels: { basic: false, standard: true, strict: true },\n },\n\n // ============================================\n // API\n // ============================================\n {\n id: 'api.validation.required',\n name: 'Input Validation Required',\n description: 'Ensure API endpoints validate input with a schema library',\n category: 'api',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/api-validation-required',\n rationale: 'Unvalidated input is the root cause of most injection vulnerabilities.',\n fix: 'Use zod, joi, yup, or similar for input validation.',\n examples: {\n bad: `app.post('/user', (req, res) => { db.insert(req.body); });`,\n good: `app.post('/user', (req, res) => { const data = userSchema.parse(req.body); });`,\n },\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'api.rate-limiting',\n name: 'Rate Limiting Required',\n description: 'Ensure rate limiting is configured on API endpoints',\n category: 'api',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/api-rate-limiting',\n rationale: 'Without rate limiting, APIs are vulnerable to brute force and DoS attacks.',\n fix: 'Add express-rate-limit or similar middleware.',\n levels: { basic: false, standard: false, strict: true },\n },\n {\n id: 'api.no-sensitive-logging',\n name: 'No Sensitive Data in Logs',\n description: 'Detect logging of passwords, tokens, or PII',\n category: 'api',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/api-no-sensitive-logging',\n rationale: 'Sensitive data in logs can be exposed through log aggregation systems.',\n fix: 'Redact sensitive fields before logging. Use structured logging.',\n levels: { basic: true, standard: true, strict: true },\n },\n\n // ============================================\n // SQL\n // ============================================\n {\n id: 'sql.no-string-concat',\n name: 'No SQL String Concatenation',\n description: 'Detect SQL queries built with string concatenation',\n category: 'sql',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/sql-no-string-concat',\n rationale: 'String concatenation in SQL queries leads to SQL injection.',\n fix: 'Use parameterized queries or an ORM.',\n examples: {\n bad: `db.query(\"SELECT * FROM users WHERE id = \" + userId)`,\n good: `db.query(\"SELECT * FROM users WHERE id = $1\", [userId])`,\n },\n levels: { basic: true, standard: true, strict: true },\n },\n {\n id: 'sql.no-raw-queries',\n name: 'Prefer ORM Over Raw Queries',\n description: 'Warn when using raw SQL queries instead of ORM methods',\n category: 'sql',\n severity: 'info',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/sql-no-raw-queries',\n rationale: 'ORMs provide built-in protection against SQL injection.',\n fix: 'Use Prisma, Drizzle, or TypeORM query builders.',\n levels: { basic: false, standard: false, strict: true },\n },\n\n // ============================================\n // TESTS\n // ============================================\n {\n id: 'tests.unit.required',\n name: 'Unit Tests Required',\n description: 'Ensure test files exist for the project',\n category: 'tests',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/tests-unit-required',\n rationale: 'Tests catch regressions and document expected behavior.',\n fix: 'Create test files using Jest, Vitest, or your preferred test runner.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'tests.coverage.min-50',\n name: 'Minimum 50% Test Coverage',\n description: 'Ensure at least 50% code coverage',\n category: 'tests',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'vitest',\n docs: 'https://vibeguard.dev/rules/tests-coverage-min-50',\n rationale: 'Minimum coverage ensures critical paths are tested.',\n fix: 'Add tests for uncovered code paths.',\n levels: { basic: false, standard: true, strict: false },\n },\n {\n id: 'tests.coverage.min-80',\n name: 'Minimum 80% Test Coverage',\n description: 'Ensure at least 80% code coverage',\n category: 'tests',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'vitest',\n docs: 'https://vibeguard.dev/rules/tests-coverage-min-80',\n rationale: 'High coverage reduces the risk of regressions.',\n fix: 'Add tests for uncovered code paths.',\n levels: { basic: false, standard: false, strict: true },\n },\n {\n id: 'tests.no-skipped',\n name: 'No Skipped Tests',\n description: 'Detect .skip() or .only() left in test files',\n category: 'tests',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'eslint',\n docs: 'https://vibeguard.dev/rules/tests-no-skipped',\n rationale: 'Skipped tests can hide failures. .only() can exclude other tests.',\n fix: 'Remove .skip() and .only() before committing.',\n levels: { basic: true, standard: true, strict: true },\n },\n\n // ============================================\n // LOGGING\n // ============================================\n {\n id: 'logging.no-pii',\n name: 'No PII in Logs',\n description: 'Detect logging of personally identifiable information',\n category: 'logging',\n severity: 'error',\n autofix: false,\n blocking: true,\n scope: 'all',\n tool: 'semgrep',\n docs: 'https://vibeguard.dev/rules/logging-no-pii',\n rationale: 'PII in logs violates privacy regulations (GDPR, CCPA).',\n fix: 'Redact or hash PII before logging.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'logging.no-console',\n name: 'No console.log in Production',\n description: 'Detect console.log statements that should use a logger',\n category: 'logging',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'eslint',\n docs: 'https://vibeguard.dev/rules/logging-no-console',\n rationale: 'console.log lacks log levels, formatting, and can leak sensitive data.',\n fix: 'Use a structured logger like pino or winston.',\n levels: { basic: false, standard: true, strict: true },\n },\n\n // ============================================\n // CODE QUALITY\n // ============================================\n {\n id: 'code.no-any',\n name: 'No TypeScript any',\n description: 'Disallow the any type in TypeScript',\n category: 'code',\n severity: 'warn',\n autofix: false,\n blocking: false,\n scope: 'all',\n tool: 'eslint',\n docs: 'https://vibeguard.dev/rules/code-no-any',\n rationale: 'any disables type checking and can hide bugs.',\n fix: 'Use proper types, unknown, or generics instead.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'code.strict-mode',\n name: 'TypeScript Strict Mode',\n description: 'Ensure TypeScript strict mode is enabled',\n category: 'code',\n severity: 'warn',\n autofix: true,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/code-strict-mode',\n rationale: 'Strict mode catches more errors at compile time.',\n fix: 'Add \"strict\": true to tsconfig.json.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'code.no-unused-vars',\n name: 'No Unused Variables',\n description: 'Detect unused variables and imports',\n category: 'code',\n severity: 'warn',\n autofix: true,\n blocking: false,\n scope: 'all',\n tool: 'eslint',\n docs: 'https://vibeguard.dev/rules/code-no-unused-vars',\n rationale: 'Unused code is dead weight and can indicate bugs.',\n fix: 'Remove unused variables or prefix with underscore.',\n levels: { basic: true, standard: true, strict: true },\n },\n\n // ============================================\n // CONFIG\n // ============================================\n {\n id: 'config.node-version',\n name: 'Node Version Specified',\n description: 'Ensure Node.js version is specified in package.json or .nvmrc',\n category: 'config',\n severity: 'info',\n autofix: true,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/config-node-version',\n rationale: 'Specifying Node version ensures consistent environments.',\n fix: 'Add engines.node to package.json or create .nvmrc.',\n levels: { basic: false, standard: true, strict: true },\n },\n {\n id: 'config.editor-config',\n name: 'EditorConfig Present',\n description: 'Ensure .editorconfig exists for consistent formatting',\n category: 'config',\n severity: 'info',\n autofix: true,\n blocking: false,\n scope: 'all',\n tool: 'builtin',\n docs: 'https://vibeguard.dev/rules/config-editor-config',\n rationale: 'EditorConfig ensures consistent formatting across editors.',\n fix: 'Create .editorconfig with project standards.',\n levels: { basic: false, standard: true, strict: true },\n },\n];\n\nexport const ruleMap = new Map<string, RuleDefinition>(rules.map((r) => [r.id, r]));\n\nexport function getRuleById(id: string): RuleDefinition | undefined {\n return ruleMap.get(id);\n}\n\nexport function getRulesByCategory(category: string): RuleDefinition[] {\n return rules.filter((r) => r.category === category);\n}\n\nexport function getRulesByLevel(level: 'basic' | 'standard' | 'strict'): RuleDefinition[] {\n return rules.filter((r) => r.levels[level]);\n}\n\nexport function getRulesByTool(tool: string): RuleDefinition[] {\n return rules.filter((r) => r.tool === tool);\n}\n"],"mappings":";AAEO,IAAM,QAA0B;AAAA;AAAA;AAAA;AAAA,EAIrC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,UAAU;AAAA,MACR,KAAK;AAAA,MACL,MAAM;AAAA,IACR;AAAA,IACA,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,OAAO,QAAQ,KAAK;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WACE;AAAA,IACF,KAAK;AAAA,IACL,UAAU;AAAA,MACR,MAAM;AAAA;AAAA,IACR;AAAA,IACA,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,UAAU;AAAA,MACR,KAAK;AAAA,MACL,MAAM;AAAA,IACR;AAAA,IACA,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,UAAU;AAAA,MACR,KAAK;AAAA,MACL,MAAM;AAAA,IACR;AAAA,IACA,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,UAAU;AAAA,MACR,KAAK;AAAA,MACL,MAAM;AAAA,IACR;AAAA,IACA,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,OAAO,QAAQ,KAAK;AAAA,EACxD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,UAAU;AAAA,MACR,KAAK;AAAA,MACL,MAAM;AAAA,IACR;AAAA,IACA,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,OAAO,QAAQ,KAAK;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,MAAM;AAAA,EACxD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,OAAO,QAAQ,KAAK;AAAA,EACxD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,MAAM,UAAU,MAAM,QAAQ,KAAK;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,IACX,KAAK;AAAA,IACL,QAAQ,EAAE,OAAO,OAAO,UAAU,MAAM,QAAQ,KAAK;AAAA,EACvD;AACF;AAEO,IAAM,UAAU,IAAI,IAA4B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAE3E,SAAS,YAAY,IAAwC;AAClE,SAAO,QAAQ,IAAI,EAAE;AACvB;AAEO,SAAS,mBAAmB,UAAoC;AACrE,SAAO,MAAM,OAAO,CAAC,MAAM,EAAE,aAAa,QAAQ;AACpD;AAEO,SAAS,gBAAgB,OAA0D;AACxF,SAAO,MAAM,OAAO,CAAC,MAAM,EAAE,OAAO,KAAK,CAAC;AAC5C;AAEO,SAAS,eAAe,MAAgC;AAC7D,SAAO,MAAM,OAAO,CAAC,MAAM,EAAE,SAAS,IAAI;AAC5C;","names":[]}