guardvibe 1.3.3 → 1.5.0

package/build/tools/generate-policy.js

@@ -0,0 +1,368 @@
+import { readFileSync, existsSync, readdirSync } from "fs";
+import { join, resolve, extname } from "path";
+function tryRead(path) {
+    try {
+        return existsSync(path) ? readFileSync(path, "utf-8") : null;
+    }
+    catch {
+        return null;
+    }
+}
+function collectSourceFiles(dir, results, depth = 0) {
+    if (depth > 6)
+        return;
+    const skip = new Set(["node_modules", ".git", ".next", "build", "dist", "coverage", ".turbo", "vendor"]);
+    try {
+        const entries = readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (skip.has(entry.name))
+                continue;
+            const full = join(dir, entry.name);
+            if (entry.isDirectory()) {
+                collectSourceFiles(full, results, depth + 1);
+            }
+            else if (entry.isFile()) {
+                const ext = extname(entry.name).toLowerCase();
+                if ([".ts", ".tsx", ".js", ".jsx", ".mjs", ".env", ".json", ".toml", ".yaml", ".yml"].includes(ext) ||
+                    entry.name === ".env" || entry.name === ".env.local" || entry.name === ".env.example") {
+                    results.push(full);
+                }
+            }
+        }
+    }
+    catch { /* skip */ }
+}
+function detectStack(root) {
+    const pkg = tryRead(join(root, "package.json"));
+    const deps = pkg ? { ...JSON.parse(pkg).dependencies, ...JSON.parse(pkg).devDependencies } : {};
+    const depKeys = Object.keys(deps);
+    const files = [];
+    collectSourceFiles(root, files);
+    const allContent = files.slice(0, 200).map(f => {
+        try {
+            return readFileSync(f, "utf-8").substring(0, 5000);
+        }
+        catch {
+            return "";
+        }
+    }).join("\n");
+    const has = (pattern) => depKeys.some(d => d.includes(pattern)) || allContent.includes(pattern);
+    const stack = {
+        framework: null,
+        css: [], auth: [], database: [], payments: [],
+        ai: [], storage: [], cms: [], analytics: [], cdns: [],
+    };
+    // Framework
+    if (has("next"))
+        stack.framework = "nextjs";
+    else if (has("nuxt"))
+        stack.framework = "nuxt";
+    else if (has("svelte"))
+        stack.framework = "sveltekit";
+    else if (has("astro"))
+        stack.framework = "astro";
+    else if (has("remix"))
+        stack.framework = "remix";
+    // CSS
+    if (has("tailwindcss"))
+        stack.css.push("tailwindcss");
+    if (has("@radix-ui") || has("shadcn"))
+        stack.css.push("radix-ui");
+    // Auth
+    if (has("@clerk"))
+        stack.auth.push("clerk");
+    if (has("next-auth") || has("@auth/"))
+        stack.auth.push("next-auth");
+    if (has("@supabase/auth"))
+        stack.auth.push("supabase-auth");
+    if (has("firebase/auth") || has("firebase-admin"))
+        stack.auth.push("firebase-auth");
+    if (has("@descope"))
+        stack.auth.push("descope");
+    // Database
+    if (has("@supabase"))
+        stack.database.push("supabase");
+    if (has("prisma") || has("@prisma"))
+        stack.database.push("prisma");
+    if (has("drizzle"))
+        stack.database.push("drizzle");
+    if (has("@neondatabase") || has("@vercel/postgres"))
+        stack.database.push("neon");
+    if (has("mongoose") || has("mongodb"))
+        stack.database.push("mongodb");
+    if (has("@upstash/redis"))
+        stack.database.push("upstash-redis");
+    // Payments
+    if (has("stripe"))
+        stack.payments.push("stripe");
+    if (has("@polar"))
+        stack.payments.push("polar");
+    if (has("lemonsqueezy") || has("@lemonsqueezy"))
+        stack.payments.push("lemonsqueezy");
+    // AI
+    if (has("openai") || has("@ai-sdk") || has("OPENAI_API_KEY"))
+        stack.ai.push("openai");
+    if (has("anthropic") || has("ANTHROPIC_API_KEY"))
+        stack.ai.push("anthropic");
+    if (has("@google/generative-ai") || has("@ai-sdk/google"))
+        stack.ai.push("google-ai");
+    // Storage
+    if (has("@vercel/blob"))
+        stack.storage.push("vercel-blob");
+    if (has("@aws-sdk/client-s3") || has("aws-sdk"))
+        stack.storage.push("s3");
+    if (has("cloudinary"))
+        stack.storage.push("cloudinary");
+    if (has("@uploadthing"))
+        stack.storage.push("uploadthing");
+    // CMS
+    if (has("sanity") || has("@sanity"))
+        stack.cms.push("sanity");
+    if (has("contentful"))
+        stack.cms.push("contentful");
+    // Analytics
+    if (has("@vercel/analytics"))
+        stack.analytics.push("vercel-analytics");
+    if (has("posthog") || has("@posthog"))
+        stack.analytics.push("posthog");
+    if (has("@sentry"))
+        stack.analytics.push("sentry");
+    // CDN detection from content
+    const cdnPatterns = [
+        ["fonts.googleapis.com", /fonts\.googleapis\.com/],
+        ["fonts.gstatic.com", /fonts\.gstatic\.com/],
+        ["cdn.jsdelivr.net", /cdn\.jsdelivr\.net/],
+        ["unpkg.com", /unpkg\.com/],
+        ["cdnjs.cloudflare.com", /cdnjs\.cloudflare\.com/],
+        ["vercel.live", /vercel\.live/],
+        ["va.vercel-scripts.com", /va\.vercel-scripts\.com/],
+    ];
+    for (const [cdn, pattern] of cdnPatterns) {
+        if (pattern.test(allContent))
+            stack.cdns.push(cdn);
+    }
+    return stack;
+}
+function generateCSP(stack) {
+    const directives = {
+        "default-src": ["'self'"],
+        "script-src": ["'self'"],
+        "style-src": ["'self'", "'unsafe-inline'"],
+        "img-src": ["'self'", "data:", "blob:"],
+        "font-src": ["'self'"],
+        "connect-src": ["'self'"],
+        "frame-src": ["'none'"],
+        "object-src": ["'none'"],
+        "base-uri": ["'self'"],
+        "form-action": ["'self'"],
+        "frame-ancestors": ["'none'"],
+    };
+    // Script sources
+    if (stack.framework === "nextjs") {
+        directives["script-src"].push("'unsafe-eval'"); // needed for dev, remove in production ideally
+    }
+    if (stack.analytics.includes("vercel-analytics")) {
+        directives["script-src"].push("https://va.vercel-scripts.com");
+        directives["connect-src"].push("https://vitals.vercel-insights.com");
+    }
+    if (stack.analytics.includes("posthog")) {
+        directives["script-src"].push("https://us.i.posthog.com", "https://eu.i.posthog.com");
+        directives["connect-src"].push("https://us.i.posthog.com", "https://eu.i.posthog.com");
+    }
+    if (stack.analytics.includes("sentry")) {
+        directives["script-src"].push("https://*.sentry.io");
+        directives["connect-src"].push("https://*.sentry.io");
+    }
+    // Image sources
+    if (stack.storage.includes("vercel-blob")) {
+        directives["img-src"].push("https://*.public.blob.vercel-storage.com");
+    }
+    if (stack.storage.includes("s3")) {
+        directives["img-src"].push("https://*.s3.amazonaws.com");
+    }
+    if (stack.storage.includes("cloudinary")) {
+        directives["img-src"].push("https://res.cloudinary.com");
+    }
+    if (stack.storage.includes("uploadthing")) {
+        directives["img-src"].push("https://utfs.io");
+    }
+    if (stack.cms.includes("sanity")) {
+        directives["img-src"].push("https://cdn.sanity.io");
+    }
+    if (stack.cms.includes("contentful")) {
+        directives["img-src"].push("https://images.ctfassets.net");
+    }
+    // Font sources
+    for (const cdn of stack.cdns) {
+        if (cdn.includes("fonts.googleapis")) {
+            directives["style-src"].push("https://fonts.googleapis.com");
+            directives["font-src"].push("https://fonts.gstatic.com");
+        }
+        if (cdn.includes("jsdelivr") || cdn.includes("unpkg") || cdn.includes("cdnjs")) {
+            directives["script-src"].push(`https://${cdn}`);
+        }
+    }
+    // Connect sources for auth
+    if (stack.auth.includes("clerk")) {
+        directives["connect-src"].push("https://*.clerk.accounts.dev", "https://clerk.com");
+        directives["script-src"].push("https://*.clerk.accounts.dev");
+        directives["frame-src"] = ["'self'", "https://*.clerk.accounts.dev"];
+    }
+    if (stack.auth.includes("supabase-auth")) {
+        directives["connect-src"].push("https://*.supabase.co");
+    }
+    if (stack.auth.includes("firebase-auth")) {
+        directives["connect-src"].push("https://*.firebaseapp.com", "https://*.googleapis.com");
+        directives["frame-src"] = ["'self'", "https://*.firebaseapp.com"];
+    }
+    // Connect sources for payments
+    if (stack.payments.includes("stripe")) {
+        directives["script-src"].push("https://js.stripe.com");
+        directives["frame-src"] = [...(directives["frame-src"].includes("'none'") ? ["'self'"] : directives["frame-src"]), "https://js.stripe.com"];
+        directives["connect-src"].push("https://api.stripe.com");
+    }
+    // Connect sources for AI
+    if (stack.ai.includes("openai"))
+        directives["connect-src"].push("https://api.openai.com");
+    if (stack.ai.includes("anthropic"))
+        directives["connect-src"].push("https://api.anthropic.com");
+    if (stack.ai.includes("google-ai"))
+        directives["connect-src"].push("https://generativelanguage.googleapis.com");
+    // Database connect
+    if (stack.database.includes("supabase")) {
+        directives["connect-src"].push("https://*.supabase.co");
+    }
+    // Deduplicate
+    for (const key of Object.keys(directives)) {
+        directives[key] = [...new Set(directives[key])];
+    }
+    return Object.entries(directives)
+        .map(([key, values]) => `${key} ${values.join(" ")}`)
+        .join("; ");
+}
+function generateCORS(stack) {
+    const origins = [];
+    if (stack.auth.includes("clerk"))
+        origins.push("https://*.clerk.accounts.dev");
+    if (stack.payments.includes("stripe"))
+        origins.push("https://js.stripe.com");
+    return {
+        allowedOrigins: origins.length > 0 ? origins : ["https://yourdomain.com"],
+        allowedMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+        allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+        maxAge: 86400,
+    };
+}
+function generateRLS(stack) {
+    const suggestions = [];
+    if (stack.database.includes("supabase")) {
+        suggestions.push({
+            table: "profiles",
+            policy: `CREATE POLICY "Users can view own profile" ON profiles FOR SELECT USING (auth.uid() = id);`,
+            description: "Restrict profile reads to the owner only.",
+        }, {
+            table: "profiles",
+            policy: `CREATE POLICY "Users can update own profile" ON profiles FOR UPDATE USING (auth.uid() = id) WITH CHECK (auth.uid() = id);`,
+            description: "Restrict profile updates to the owner only.",
+        }, {
+            table: "*",
+            policy: `ALTER TABLE your_table ENABLE ROW LEVEL SECURITY;`,
+            description: "Enable RLS on every table. Without RLS enabled, all data is publicly accessible via the Supabase client.",
+        }, {
+            table: "*",
+            policy: `REVOKE ALL ON your_table FROM anon; GRANT SELECT ON your_table TO anon;`,
+            description: "Restrict anonymous role to read-only on public tables.",
+        });
+        if (stack.payments.length > 0) {
+            suggestions.push({
+                table: "subscriptions",
+                policy: `CREATE POLICY "Users can view own subscription" ON subscriptions FOR SELECT USING (auth.uid() = user_id);`,
+                description: "Protect subscription data — users should only see their own.",
+            });
+        }
+    }
+    if (stack.database.includes("prisma") || stack.database.includes("drizzle")) {
+        suggestions.push({
+            table: "N/A (ORM-level)",
+            policy: `// Always filter by authenticated user\nconst items = await prisma.item.findMany({ where: { userId: session.user.id } });`,
+            description: "Without RLS, enforce row-level access in your ORM queries. Always include user ID in WHERE clauses.",
+        });
+    }
+    return suggestions;
+}
+function generateRateLimiting(stack) {
+    return {
+        global: { requests: 100, window: "1m" },
+        auth: { requests: 5, window: "1m" },
+        api: stack.ai.length > 0
+            ? { requests: 20, window: "1m" }
+            : { requests: 60, window: "1m" },
+    };
+}
+function generateHeaders(stack) {
+    const headers = [
+        { key: "Strict-Transport-Security", value: "max-age=63072000; includeSubDomains; preload", description: "Enforce HTTPS for all connections." },
+        { key: "X-Frame-Options", value: "DENY", description: "Prevent clickjacking by blocking iframe embedding." },
+        { key: "X-Content-Type-Options", value: "nosniff", description: "Prevent MIME-type sniffing attacks." },
+        { key: "Referrer-Policy", value: "strict-origin-when-cross-origin", description: "Control referrer information sent to other sites." },
+        { key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=()", description: "Disable sensitive browser APIs unless explicitly needed." },
+    ];
+    if (stack.framework === "nextjs") {
+        headers.push({ key: "X-DNS-Prefetch-Control", value: "on", description: "Enable DNS prefetching for performance." });
+    }
+    return headers;
+}
+export function generatePolicy(path, format = "markdown") {
+    const root = resolve(path);
+    const stack = detectStack(root);
+    const csp = generateCSP(stack);
+    const cors = generateCORS(stack);
+    const rls = generateRLS(stack);
+    const rateLimiting = generateRateLimiting(stack);
+    const headers = generateHeaders(stack);
+    const policy = { stack, csp, cors, rls, rateLimiting, headers };
+    if (format === "json") {
+        return JSON.stringify(policy);
+    }
+    const lines = [
+        `# GuardVibe Security Policy Generator`,
+        ``,
+        `Directory: ${root}`,
+        ``,
+        `## Detected Stack`,
+        `- Framework: ${stack.framework ?? "unknown"}`,
+    ];
+    if (stack.auth.length > 0)
+        lines.push(`- Auth: ${stack.auth.join(", ")}`);
+    if (stack.database.length > 0)
+        lines.push(`- Database: ${stack.database.join(", ")}`);
+    if (stack.payments.length > 0)
+        lines.push(`- Payments: ${stack.payments.join(", ")}`);
+    if (stack.ai.length > 0)
+        lines.push(`- AI: ${stack.ai.join(", ")}`);
+    if (stack.storage.length > 0)
+        lines.push(`- Storage: ${stack.storage.join(", ")}`);
+    if (stack.cms.length > 0)
+        lines.push(`- CMS: ${stack.cms.join(", ")}`);
+    if (stack.analytics.length > 0)
+        lines.push(`- Analytics: ${stack.analytics.join(", ")}`);
+    lines.push(``);
+    lines.push(`## Content-Security-Policy`, ``, "```", csp, "```", ``, `### Next.js Configuration`, ``, "```typescript", `// next.config.ts`, `async headers() {`, `  return [{`, `    source: "/(.*)",`, `    headers: [`, `      { key: "Content-Security-Policy", value: \`${csp}\` },`, ...headers.map(h => `      { key: "${h.key}", value: "${h.value}" },`), `    ]`, `  }];`, `}`, "```", ``);
+    lines.push(`## CORS Policy`, ``, "```typescript", `// Recommended CORS configuration`, `const corsConfig = {`, `  allowedOrigins: ${JSON.stringify(cors.allowedOrigins)},`, `  allowedMethods: ${JSON.stringify(cors.allowedMethods)},`, `  allowedHeaders: ${JSON.stringify(cors.allowedHeaders)},`, `  maxAge: ${cors.maxAge},`, `};`, "```", ``);
+    if (rls.length > 0) {
+        lines.push(`## Row-Level Security Suggestions`, ``);
+        for (const r of rls) {
+            lines.push(`### ${r.table}`, r.description, "```sql", r.policy, "```", ``);
+        }
+    }
+    lines.push(`## Rate Limiting`, ``, `| Endpoint | Limit | Window |`, `|----------|-------|--------|`, `| Global | ${rateLimiting.global.requests} req | ${rateLimiting.global.window} |`, `| Auth (login/register) | ${rateLimiting.auth.requests} req | ${rateLimiting.auth.window} |`, `| API | ${rateLimiting.api.requests} req | ${rateLimiting.api.window} |`, ``);
+    if (stack.database.includes("upstash-redis")) {
+        lines.push(`### Upstash Rate Limit Implementation`, ``, "```typescript", `import { Ratelimit } from "@upstash/ratelimit";`, `import { Redis } from "@upstash/redis";`, ``, `const ratelimit = new Ratelimit({`, `  redis: Redis.fromEnv(),`, `  limiter: Ratelimit.slidingWindow(${rateLimiting.api.requests}, "${rateLimiting.api.window}"),`, `});`, "```", ``);
+    }
+    lines.push(`## Security Headers`, ``, `| Header | Value | Purpose |`, `|--------|-------|---------|`);
+    for (const h of headers) {
+        lines.push(`| ${h.key} | ${h.value} | ${h.description} |`);
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=generate-policy.js.map

package/build/tools/generate-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-policy.js","sourceRoot":"","sources":["../../src/tools/generate-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAiD9C,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AAC1B,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW,EAAE,OAAiB,EAAE,KAAK,GAAG,CAAC;IACnE,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO;IACtB,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IACzG,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAC/F,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBAC1F,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAChG,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAElC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAC7C,IAAI,CAAC;YAAC,OAAO,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,EAAE,CAAC;QAAC,CAAC;IAClF,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,GAAG,GAAG,CAAC,OAAe,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAExG,MAAM,KAAK,GAAmB;QAC5B,SAAS,EAAE,IAAI;QACf,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;QAC7C,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE;KACtD,CAAC;IAEF,YAAY;IACZ,IAAI,GAAG,CAAC,MAAM,CAAC;QAAE,KAAK,CAAC,SAAS,GAAG,QAAQ,CAAC;SACvC,IAAI,GAAG,CAAC,MAAM,CAAC;QAAE,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC;SAC1C,IAAI,GAAG,CAAC,QAAQ,CAAC;QAAE,KAAK,CAAC,SAAS,GAAG,WAAW,CAAC;SACjD,IAAI,GAAG,CAAC,OAAO,CAAC;QAAE,KAAK,CAAC,SAAS,GAAG,OAAO,CAAC;SAC5C,IAAI,GAAG,CAAC,OAAO,CAAC;QAAE,KAAK,CAAC,SAAS,GAAG,OAAO,CAAC;IAEjD,MAAM;IACN,IAAI,GAAG,CAAC,aAAa,CAAC;QAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACtD,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;QAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAElE,OAAO;IACP,IAAI,GAAG,CAAC,QAAQ,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACpE,IAAI,GAAG,CAAC,gBAAgB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5D,IAAI,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACpF,IAAI,GAAG,CAAC,UAAU,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEhD,WAAW;IACX,IAAI,GAAG,CAAC,WAAW,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnE,IAAI,GAAG,CAAC,SAAS,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjF,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtE,IAAI,GAAG,CAAC,gBAAgB,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAEhE,WAAW;IACX,IAAI,GAAG,CAAC,QAAQ,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,QAAQ,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChD,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;QAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAErF,KAAK;IACL,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC;QAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtF,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,mBAAmB,CAAC;QAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7E,IAAI,GAAG,CAAC,uBAAuB,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC;QAAE,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAEtF,UAAU;IACV,IAAI,GAAG,CAAC,cAAc,CAAC;QAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3D,IAAI,GAAG,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC;QAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,IAAI,GAAG,CAAC,YAAY,CAAC;QAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACxD,IAAI,GAAG,CAAC,cAAc,CAAC;QAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAE3D,MAAM;IACN,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC;QAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,GAAG,CAAC,YAAY,CAAC;QAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEpD,YAAY;IACZ,IAAI,GAAG,CAAC,mBAAmB,CAAC;QAAE,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACvE,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC;QAAE,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACvE,IAAI,GAAG,CAAC,SAAS,CAAC;QAAE,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEnD,6BAA6B;IAC7B,MAAM,WAAW,GAAuB;QACtC,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;QAClD,CAAC,mBAAmB,EAAE,qBAAqB,CAAC;QAC5C,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;QAC1C,CAAC,WAAW,EAAE,YAAY,CAAC;QAC3B,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;QAClD,CAAC,aAAa,EAAE,cAAc,CAAC;QAC/B,CAAC,uBAAuB,EAAE,yBAAyB,CAAC;KACrD,CAAC;IACF,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,WAAW,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAAqB;IACxC,MAAM,UAAU,GAA6B;QAC3C,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;QAC1C,SAAS,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;QACvC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,WAAW,EAAE,CAAC,QAAQ,CAAC;QACvB,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,iBAAiB,EAAE,CAAC,QAAQ,CAAC;KAC9B,CAAC;IAEF,iBAAiB;IACjB,IAAI,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,+CAA+C;IACjG,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC/D,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,CAAC;QACtF,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,CAAC;IACzF,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACrD,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACxD,CAAC;IAED,gBAAgB;IAChB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACrC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC7D,CAAC;IAED,eAAe;IACf,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACrC,UAAU,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAC7D,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/E,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,8BAA8B,EAAE,mBAAmB,CAAC,CAAC;QACpF,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9D,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,8BAA8B,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,2BAA2B,EAAE,0BAA0B,CAAC,CAAC;QACxF,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,2BAA2B,CAAC,CAAC;IACpE,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtC,UAAU,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACvD,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC;QAC5I,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC3D,CAAC;IAED,yBAAyB;IACzB,IAAI,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC1F,IAAI,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAChG,IAAI,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAEhH,mBAAmB;IACnB,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACxC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAC1D,CAAC;IAED,cAAc;IACd,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;SAC9B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;SACpD,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,KAAqB;IACzC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC/E,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAE7E,OAAO;QACL,cAAc,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,wBAAwB,CAAC;QACzE,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC;QAC3D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,kBAAkB,CAAC;QACrE,MAAM,EAAE,KAAK;KACd,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAqB;IACxC,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACxC,WAAW,CAAC,IAAI,CACd;YACE,KAAK,EAAE,UAAU;YACjB,MAAM,EAAE,4FAA4F;YACpG,WAAW,EAAE,2CAA2C;SACzD,EACD;YACE,KAAK,EAAE,UAAU;YACjB,MAAM,EAAE,2HAA2H;YACnI,WAAW,EAAE,6CAA6C;SAC3D,EACD;YACE,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,mDAAmD;YAC3D,WAAW,EAAE,0GAA0G;SACxH,EACD;YACE,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,yEAAyE;YACjF,WAAW,EAAE,wDAAwD;SACtE,CACF,CAAC;QAEF,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,WAAW,CAAC,IAAI,CAAC;gBACf,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,2GAA2G;gBACnH,WAAW,EAAE,8DAA8D;aAC5E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5E,WAAW,CAAC,IAAI,CAAC;YACf,KAAK,EAAE,iBAAiB;YACxB,MAAM,EAAE,2HAA2H;YACnI,WAAW,EAAE,qGAAqG;SACnH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAqB;IACjD,OAAO;QACL,MAAM,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE;QACvC,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE;QACnC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC;YACtB,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;YAChC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAqB;IAC5C,MAAM,OAAO,GAAmB;QAC9B,EAAE,GAAG,EAAE,2BAA2B,EAAE,KAAK,EAAE,8CAA8C,EAAE,WAAW,EAAE,oCAAoC,EAAE;QAC9I,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,oDAAoD,EAAE;QAC5G,EAAE,GAAG,EAAE,wBAAwB,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,qCAAqC,EAAE;QACvG,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,iCAAiC,EAAE,WAAW,EAAE,mDAAmD,EAAE;QACtI,EAAE,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,0CAA0C,EAAE,WAAW,EAAE,0DAA0D,EAAE;KAC1J,CAAC;IAEF,IAAI,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,wBAAwB,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,yCAAyC,EAAE,CAAC,CAAC;IACvH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,SAA8B,UAAU;IAExC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,MAAM,GAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;IAE9E,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,uCAAuC;QACvC,EAAE;QACF,cAAc,IAAI,EAAE;QACpB,EAAE;QACF,mBAAmB;QACnB,gBAAgB,KAAK,CAAC,SAAS,IAAI,SAAS,EAAE;KAC/C,CAAC;IACF,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1E,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtF,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtF,IAAI,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpE,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnF,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvE,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CACR,4BAA4B,EAC5B,EAAE,EACF,KAAK,EACL,GAAG,EACH,KAAK,EACL,EAAE,EACF,2BAA2B,EAC3B,EAAE,EACF,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oDAAoD,GAAG,OAAO,EAC9D,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,KAAK,MAAM,CAAC,EACtE,OAAO,EACP,OAAO,EACP,GAAG,EACH,KAAK,EACL,EAAE,CACH,CAAC;IAEF,KAAK,CAAC,IAAI,CACR,gBAAgB,EAChB,EAAE,EACF,eAAe,EACf,mCAAmC,EACnC,sBAAsB,EACtB,qBAAqB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAC3D,qBAAqB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAC3D,qBAAqB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAC3D,aAAa,IAAI,CAAC,MAAM,GAAG,EAC3B,IAAI,EACJ,KAAK,EACL,EAAE,CACH,CAAC;IAEF,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,CAAC,CAAC;QACpD,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CACR,OAAO,CAAC,CAAC,KAAK,EAAE,EAChB,CAAC,CAAC,WAAW,EACb,QAAQ,EACR,CAAC,CAAC,MAAM,EACR,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CACR,kBAAkB,EAClB,EAAE,EACF,+BAA+B,EAC/B,+BAA+B,EAC/B,cAAc,YAAY,CAAC,MAAM,CAAC,QAAQ,UAAU,YAAY,CAAC,MAAM,CAAC,MAAM,IAAI,EAClF,6BAA6B,YAAY,CAAC,IAAI,CAAC,QAAQ,UAAU,YAAY,CAAC,IAAI,CAAC,MAAM,IAAI,EAC7F,WAAW,YAAY,CAAC,GAAG,CAAC,QAAQ,UAAU,YAAY,CAAC,GAAG,CAAC,MAAM,IAAI,EACzE,EAAE,CACH,CAAC;IAEF,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CACR,uCAAuC,EACvC,EAAE,EACF,eAAe,EACf,iDAAiD,EACjD,yCAAyC,EACzC,EAAE,EACF,mCAAmC,EACnC,2BAA2B,EAC3B,sCAAsC,YAAY,CAAC,GAAG,CAAC,QAAQ,MAAM,YAAY,CAAC,GAAG,CAAC,MAAM,KAAK,EACjG,KAAK,EACL,KAAK,EACL,EAAE,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CACR,qBAAqB,EACrB,EAAE,EACF,8BAA8B,EAC9B,8BAA8B,CAC/B,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/policy-check.d.ts

@@ -0,0 +1,3 @@
+import type { SecurityRule } from "../data/rules/types.js";
+export declare function policyCheck(path: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
+//# sourceMappingURL=policy-check.d.ts.map

package/build/tools/policy-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-check.d.ts","sourceRoot":"","sources":["../../src/tools/policy-check.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAiG3D,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,MAAM,GAAE,UAAU,GAAG,MAAmB,EACxC,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CAiJR"}

package/build/tools/policy-check.js

@@ -0,0 +1,208 @@
+import { readdirSync, readFileSync, statSync } from "fs";
+import { join, extname, basename, resolve } from "path";
+import { analyzeCode } from "./check-code.js";
+import { loadConfig } from "../utils/config.js";
+const EXTENSION_MAP = {
+    ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
+    ".ts": "typescript", ".tsx": "typescript", ".mts": "typescript", ".cts": "typescript",
+    ".py": "python", ".go": "go", ".html": "html",
+    ".sql": "sql", ".sh": "shell", ".bash": "shell",
+    ".yml": "yaml", ".yaml": "yaml", ".tf": "terraform",
+    ".toml": "toml", ".json": "json",
+};
+const CONFIG_FILE_MAP = {
+    "vercel.json": "vercel-config",
+    "next.config.js": "nextjs-config", "next.config.mjs": "nextjs-config", "next.config.ts": "nextjs-config",
+    "docker-compose.yml": "docker-compose", "docker-compose.yaml": "docker-compose",
+};
+const DEFAULT_EXCLUDES = new Set([
+    "node_modules", ".git", "build", "dist", "vendor", "__pycache__",
+    ".next", ".nuxt", "coverage", ".turbo",
+]);
+function walkDir(dir, excludes, results) {
+    let entries;
+    try {
+        entries = readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (excludes.has(entry.name))
+            continue;
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory())
+            walkDir(fullPath, excludes, results);
+        else if (entry.isFile()) {
+            const ext = extname(entry.name).toLowerCase();
+            if (EXTENSION_MAP[ext] || entry.name.startsWith("Dockerfile") || CONFIG_FILE_MAP[entry.name]) {
+                results.push(fullPath);
+            }
+        }
+    }
+}
+function isExcepted(ruleId, filePath, exceptions) {
+    for (const exc of exceptions) {
+        if (exc.ruleId !== ruleId && exc.ruleId !== "*")
+            continue;
+        // Check expiration
+        if (exc.expiresAt) {
+            const expiry = new Date(exc.expiresAt);
+            if (expiry < new Date())
+                continue; // expired
+        }
+        // Check file scope
+        if (exc.files && exc.files.length > 0) {
+            const matches = exc.files.some(pattern => {
+                if (pattern.includes("*")) {
+                    const regex = new RegExp(pattern.replace(/\*/g, ".*"));
+                    return regex.test(filePath);
+                }
+                return filePath.includes(pattern);
+            });
+            if (!matches)
+                continue;
+        }
+        return exc;
+    }
+    return null;
+}
+function getControlsForRule(rule, frameworks) {
+    if (!rule.compliance)
+        return [];
+    return rule.compliance.filter(c => {
+        const prefix = c.split(":")[0].toUpperCase();
+        return frameworks.some(f => f.toUpperCase() === prefix || f.toUpperCase() === "ALL");
+    });
+}
+export function policyCheck(path, format = "markdown", rules) {
+    const scanRoot = resolve(path);
+    const config = loadConfig(scanRoot);
+    const policy = config.compliance;
+    if (!policy) {
+        const msg = "No compliance policy defined. Add a `compliance` section to .guardviberc.";
+        if (format === "json")
+            return JSON.stringify({ error: msg });
+        return `# GuardVibe Policy Check\n\n${msg}\n\nExample:\n\`\`\`json\n{\n  "compliance": {\n    "frameworks": ["SOC2", "GDPR"],\n    "failOn": "high",\n    "exceptions": [],\n    "requiredControls": ["SOC2:CC6.1"]\n  }\n}\n\`\`\``;
+    }
+    const excludes = new Set([...DEFAULT_EXCLUDES, ...config.scan.exclude]);
+    const filePaths = [];
+    walkDir(scanRoot, excludes, filePaths);
+    const policyFindings = [];
+    const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+    const failLevel = severityOrder[policy.failOn] ?? 1;
+    for (const filePath of filePaths) {
+        try {
+            const stat = statSync(filePath);
+            if (stat.size > config.scan.maxFileSize)
+                continue;
+            const content = readFileSync(filePath, "utf-8");
+            const ext = extname(filePath).toLowerCase();
+            let language = EXTENSION_MAP[ext];
+            if (!language && basename(filePath).startsWith("Dockerfile"))
+                language = "dockerfile";
+            if (!language)
+                language = CONFIG_FILE_MAP[basename(filePath)];
+            if (!language)
+                continue;
+            const findings = analyzeCode(content, language, undefined, filePath, scanRoot, rules);
+            for (const f of findings) {
+                const controls = getControlsForRule(f.rule, policy.frameworks);
+                if (controls.length === 0)
+                    continue;
+                const exception = isExcepted(f.rule.id, filePath, policy.exceptions);
+                policyFindings.push({
+                    rule: f.rule, match: f.match, line: f.line, filePath,
+                    controls,
+                    excepted: !!exception,
+                    exceptionReason: exception?.reason,
+                });
+            }
+        }
+        catch { /* skip */ }
+    }
+    const activeFindings = policyFindings.filter(f => !f.excepted);
+    const exceptedFindings = policyFindings.filter(f => f.excepted);
+    const blockingFindings = activeFindings.filter(f => (severityOrder[f.rule.severity] ?? 4) <= failLevel);
+    // Required controls check
+    const controlStatus = {};
+    if (policy.requiredControls) {
+        for (const ctrl of policy.requiredControls) {
+            const violations = activeFindings.filter(f => f.controls.includes(ctrl));
+            controlStatus[ctrl] = violations.length === 0 ? "pass" : "fail";
+        }
+    }
+    const pass = blockingFindings.length === 0 && !Object.values(controlStatus).includes("fail");
+    const result = {
+        pass,
+        findings: activeFindings,
+        exceptions: exceptedFindings,
+        summary: {
+            total: policyFindings.length,
+            excepted: exceptedFindings.length,
+            blocking: blockingFindings.length,
+            frameworks: policy.frameworks,
+            failOn: policy.failOn,
+            requiredControlsStatus: controlStatus,
+        },
+    };
+    if (format === "json") {
+        return JSON.stringify({
+            pass: result.pass,
+            summary: result.summary,
+            findings: result.findings.map(f => ({
+                id: f.rule.id, name: f.rule.name, severity: f.rule.severity,
+                file: f.filePath, line: f.line, controls: f.controls,
+                fix: f.rule.fix,
+            })),
+            exceptions: result.exceptions.map(f => ({
+                id: f.rule.id, name: f.rule.name, severity: f.rule.severity,
+                file: f.filePath, line: f.line, reason: f.exceptionReason,
+            })),
+        });
+    }
+    // Markdown
+    const lines = [
+        `# GuardVibe Policy Check`,
+        ``,
+        `**Result:** ${pass ? "PASS" : "FAIL"}`,
+        `**Frameworks:** ${policy.frameworks.join(", ")}`,
+        `**Fail threshold:** ${policy.failOn}`,
+        `**Directory:** ${scanRoot}`,
+        ``,
+        `| Metric | Count |`,
+        `|--------|-------|`,
+        `| Total compliance findings | ${policyFindings.length} |`,
+        `| Excepted (accepted risk) | ${exceptedFindings.length} |`,
+        `| Blocking (above threshold) | ${blockingFindings.length} |`,
+        ``,
+    ];
+    // Required controls
+    if (Object.keys(controlStatus).length > 0) {
+        lines.push(`## Required Controls`, ``, `| Control | Status |`, `|---------|--------|`);
+        for (const [ctrl, status] of Object.entries(controlStatus)) {
+            lines.push(`| ${ctrl} | ${status === "pass" ? "PASS" : "**FAIL**"} |`);
+        }
+        lines.push(``);
+    }
+    // Blocking findings
+    if (blockingFindings.length > 0) {
+        lines.push(`## Blocking Findings`, ``);
+        for (const f of blockingFindings) {
+            lines.push(`- **[${f.rule.severity.toUpperCase()}]** ${f.rule.name} (${f.rule.id}) in \`${f.filePath}\`:${f.line}`, `  Controls: ${f.controls.join(", ")} | Fix: ${f.rule.fix}`, ``);
+        }
+    }
+    // Exceptions
+    if (exceptedFindings.length > 0) {
+        lines.push(`## Accepted Exceptions`, ``);
+        for (const f of exceptedFindings) {
+            lines.push(`- ~~${f.rule.name} (${f.rule.id})~~ in \`${f.filePath}\`:${f.line} — *${f.exceptionReason}*`);
+        }
+        lines.push(``);
+    }
+    if (pass && blockingFindings.length === 0) {
+        lines.push(`All compliance checks passed.`);
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=policy-check.js.map

package/build/tools/policy-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-check.js","sourceRoot":"","sources":["../../src/tools/policy-check.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAA+C,MAAM,oBAAoB,CAAC;AAG7F,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;IACnD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CACjC,CAAC;AAEF,MAAM,eAAe,GAA2B;IAC9C,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,eAAe,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe;IACxG,oBAAoB,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,gBAAgB;CAChF,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AA0BH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE;YAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;aACzD,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7F,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAc,EAAE,QAAgB,EAAE,UAA6B;IACjF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,SAAS;QAE1D,mBAAmB;QACnB,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvC,IAAI,MAAM,GAAG,IAAI,IAAI,EAAE;gBAAE,SAAS,CAAC,UAAU;QAC/C,CAAC;QAED,mBAAmB;QACnB,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;oBACvD,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC9B,CAAC;gBACD,OAAO,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,OAAO;gBAAE,SAAS;QACzB,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAkB,EAAE,UAAoB;IAClE,IAAI,CAAC,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,CAAC;IAChC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAChC,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,SAA8B,UAAU,EACxC,KAAsB;IAEtB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC;IAEjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,GAAG,2EAA2E,CAAC;QACxF,IAAI,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7D,OAAO,+BAA+B,GAAG,2LAA2L,CAAC;IACvO,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEvC,MAAM,cAAc,GAAoB,EAAE,CAAC;IAC3C,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAEpD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACtF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBAEpC,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;gBACrE,cAAc,CAAC,IAAI,CAAC;oBAClB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,QAAQ;oBACpD,QAAQ;oBACR,QAAQ,EAAE,CAAC,CAAC,SAAS;oBACrB,eAAe,EAAE,SAAS,EAAE,MAAM;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC/D,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAChE,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAExG,0BAA0B;IAC1B,MAAM,aAAa,GAAoC,EAAE,CAAC;IAC1D,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC3C,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YACzE,aAAa,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QAClE,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,gBAAgB,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE7F,MAAM,MAAM,GAAiB;QAC3B,IAAI;QACJ,QAAQ,EAAE,cAAc;QACxB,UAAU,EAAE,gBAAgB;QAC5B,OAAO,EAAE;YACP,KAAK,EAAE,cAAc,CAAC,MAAM;YAC5B,QAAQ,EAAE,gBAAgB,CAAC,MAAM;YACjC,QAAQ,EAAE,gBAAgB,CAAC,MAAM;YACjC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,sBAAsB,EAAE,aAAa;SACtC;KACF,CAAC;IAEF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAClC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBAC3D,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpD,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG;aAChB,CAAC,CAAC;YACH,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACtC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBAC3D,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,eAAe;aAC1D,CAAC,CAAC;SACJ,CAAC,CAAC;IACL,CAAC;IAED,WAAW;IACX,MAAM,KAAK,GAAa;QACtB,0BAA0B;QAC1B,EAAE;QACF,eAAe,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE;QACvC,mBAAmB,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACjD,uBAAuB,MAAM,CAAC,MAAM,EAAE;QACtC,kBAAkB,QAAQ,EAAE;QAC5B,EAAE;QACF,oBAAoB;QACpB,oBAAoB;QACpB,iCAAiC,cAAc,CAAC,MAAM,IAAI;QAC1D,gCAAgC,gBAAgB,CAAC,MAAM,IAAI;QAC3D,kCAAkC,gBAAgB,CAAC,MAAM,IAAI;QAC7D,EAAE;KACH,CAAC;IAEF,oBAAoB;IACpB,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;QACvF,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,MAAM,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC;QACzE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,oBAAoB;IACpB,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,EAAE,EACvG,eAAe,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,EAC3D,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,aAAa;IACb,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CACR,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,eAAe,GAAG,CAC9F,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,IAAI,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/review-pr.d.ts

@@ -0,0 +1,3 @@
+import type { SecurityRule } from "../data/rules/types.js";
+export declare function reviewPr(cwd?: string, base?: string, format?: "markdown" | "json" | "annotations", diffOnly?: boolean, failOn?: "critical" | "high" | "medium" | "low" | "none", rules?: SecurityRule[]): string;
+//# sourceMappingURL=review-pr.d.ts.map

package/build/tools/review-pr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"review-pr.d.ts","sourceRoot":"","sources":["../../src/tools/review-pr.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AA0F3D,wBAAgB,QAAQ,CACtB,GAAG,GAAE,MAAsB,EAC3B,IAAI,GAAE,MAAe,EACrB,MAAM,GAAE,UAAU,GAAG,MAAM,GAAG,aAA0B,EACxD,QAAQ,GAAE,OAAc,EACxB,MAAM,GAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAe,EAChE,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CA8HR"}