lula2 0.0.5 → 0.0.6

package/dist/index.js

@@ -1,40 +1,2927 @@
 #!/usr/bin/env node
-import { Command } from "commander";
-import crawl from "./crawl.js";
-import fs from "fs";
-import path from "path";
-const program = new Command();
-import { fileURLToPath } from "url";
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-/**
- * Get the current version from package.json
- *
- * @returns The current version
- */
-export function getVersion() {
-    const pkgPath = path.resolve(__dirname, "../package.json"); // adjust path if index.ts is in src/
-    const packageJson = fs.readFileSync(pkgPath, "utf8");
-    const { version } = JSON.parse(packageJson);
-    return version;
-}
-program
-    .name("lula2")
-    .description("Reports and exports compliance status for defined controls")
-    .version(getVersion(), "-v, --version", "output the current version")
-    .option("-c, --config <path>", "path to config file", "compliance.json")
-    .addCommand(crawl())
-    .action(options => {
-    console.log("Checking compliance status...");
-    if (options.config) {
-        console.log(`Using config file: ${options.config}`);
-    }
-    else {
-        console.log("Using default configuration");
-    }
-    console.log("Compliance check completed!");
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// cli/utils/debug.ts
+var debug_exports = {};
+__export(debug_exports, {
+  debug: () => debug,
+  debugError: () => debugError,
+  isDebugEnabled: () => isDebugEnabled,
+  setDebugMode: () => setDebugMode
 });
-program.parse(process.argv);
-// If no command is provided, show help
-if (!process.argv.slice(1).length) {
-    program.help();
+function setDebugMode(enabled) {
+  debugEnabled = enabled || process.env.DEBUG === "true" || process.env.DEBUG === "1";
+}
+function debug(...args) {
+  if (debugEnabled) {
+    console.log("[DEBUG]", ...args);
+  }
+}
+function debugError(...args) {
+  if (debugEnabled) {
+    console.error("[DEBUG ERROR]", ...args);
+  }
+}
+function isDebugEnabled() {
+  return debugEnabled;
+}
+var debugEnabled;
+var init_debug = __esm({
+  "cli/utils/debug.ts"() {
+    "use strict";
+    debugEnabled = false;
+  }
+});
+
+// cli/server/infrastructure/controlHelpers.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import * as yaml from "js-yaml";
+function loadControlSetMetadata(baseDir) {
+  const path2 = join(baseDir, "lula.yaml");
+  if (metadataPath !== path2 || !controlSetMetadata) {
+    if (existsSync(path2)) {
+      try {
+        const content = readFileSync(path2, "utf8");
+        controlSetMetadata = yaml.load(content);
+        metadataPath = path2;
+      } catch (error) {
+        console.error(`Failed to parse lula.yaml at ${path2}:`, error);
+        controlSetMetadata = {};
+        metadataPath = path2;
+      }
+    } else {
+      controlSetMetadata = {};
+      metadataPath = path2;
+    }
+  }
+  return controlSetMetadata;
+}
+function getControlIdField(baseDir) {
+  if (baseDir) {
+    loadControlSetMetadata(baseDir);
+  }
+  return controlSetMetadata?.control_id_field || "id";
+}
+function getControlId(control, baseDir) {
+  if (!control || typeof control !== "object") {
+    throw new Error("Invalid control object provided");
+  }
+  const idField = getControlIdField(baseDir);
+  const configuredId = control[idField];
+  if (configuredId && typeof configuredId === "string") {
+    return configuredId;
+  }
+  if (idField !== "id" && control.id) {
+    return control.id;
+  }
+  const possibleIdFields = [
+    "ap-acronym",
+    "control-id",
+    "control_id",
+    "controlId"
+  ];
+  for (const field of possibleIdFields) {
+    const value = control[field];
+    if (value && typeof value === "string") {
+      return value;
+    }
+  }
+  const availableFields = Object.keys(control).filter(
+    (key) => control[key] !== void 0
+  );
+  throw new Error(
+    `No control ID found in control object. Available fields: ${availableFields.join(", ")}`
+  );
+}
+var controlSetMetadata, metadataPath;
+var init_controlHelpers = __esm({
+  "cli/server/infrastructure/controlHelpers.ts"() {
+    "use strict";
+    controlSetMetadata = null;
+    metadataPath = null;
+  }
+});
+
+// cli/server/infrastructure/fileStore.ts
+var fileStore_exports = {};
+__export(fileStore_exports, {
+  FileStore: () => FileStore
+});
+import {
+  existsSync as existsSync2,
+  promises as fs,
+  mkdirSync,
+  readdirSync,
+  readFileSync as readFileSync2,
+  statSync,
+  unlinkSync,
+  writeFileSync
+} from "fs";
+import * as yaml2 from "js-yaml";
+import { join as join2 } from "path";
+var FileStore;
+var init_fileStore = __esm({
+  "cli/server/infrastructure/fileStore.ts"() {
+    "use strict";
+    init_controlHelpers();
+    FileStore = class {
+      baseDir;
+      controlsDir;
+      mappingsDir;
+      // Simple cache - just control ID to filename mapping
+      controlMetadataCache = /* @__PURE__ */ new Map();
+      constructor(options) {
+        this.baseDir = options.baseDir;
+        this.controlsDir = join2(this.baseDir, "controls");
+        this.mappingsDir = join2(this.baseDir, "mappings");
+        if (existsSync2(this.controlsDir)) {
+          this.refreshControlsCache();
+        }
+      }
+      /**
+       * Get simple filename from control ID
+       */
+      getControlFilename(controlId) {
+        const sanitized = controlId.replace(/[^\w\-]/g, "_");
+        return `${sanitized}.yaml`;
+      }
+      /**
+       * Get family name from control ID
+       */
+      getControlFamily(controlId) {
+        return controlId.split("-")[0];
+      }
+      /**
+       * Ensure required directories exist
+       */
+      ensureDirectories() {
+        if (!this.baseDir || this.baseDir === "." || this.baseDir === process.cwd()) {
+          return;
+        }
+        const lulaConfigPath = join2(this.baseDir, "lula.yaml");
+        if (!existsSync2(lulaConfigPath)) {
+          return;
+        }
+        if (!existsSync2(this.controlsDir)) {
+          mkdirSync(this.controlsDir, { recursive: true });
+        }
+        if (!existsSync2(this.mappingsDir)) {
+          mkdirSync(this.mappingsDir, { recursive: true });
+        }
+      }
+      /**
+       * Get control metadata by ID
+       */
+      getControlMetadata(controlId) {
+        return this.controlMetadataCache.get(controlId);
+      }
+      /**
+       * Load a control by ID
+       */
+      async loadControl(controlId) {
+        const sanitizedId = controlId.replace(/[^\w\-]/g, "_");
+        const possibleFlatPaths = [
+          join2(this.controlsDir, `${controlId}.yaml`),
+          join2(this.controlsDir, `${sanitizedId}.yaml`)
+        ];
+        for (const flatFilePath of possibleFlatPaths) {
+          if (existsSync2(flatFilePath)) {
+            try {
+              const content = readFileSync2(flatFilePath, "utf8");
+              const parsed = yaml2.load(content);
+              if (!parsed.id) {
+                parsed.id = controlId.replace(/_(\d)/g, ".$1");
+              }
+              return parsed;
+            } catch (error) {
+              console.error(`Failed to load control ${controlId} from flat structure:`, error);
+              throw new Error(
+                `Failed to load control ${controlId}: ${error instanceof Error ? error.message : String(error)}`
+              );
+            }
+          }
+        }
+        const family = this.getControlFamily(controlId);
+        const familyDir = join2(this.controlsDir, family);
+        const possibleFamilyPaths = [
+          join2(familyDir, `${controlId}.yaml`),
+          join2(familyDir, `${sanitizedId}.yaml`)
+        ];
+        for (const filePath of possibleFamilyPaths) {
+          if (existsSync2(filePath)) {
+            try {
+              const content = readFileSync2(filePath, "utf8");
+              const parsed = yaml2.load(content);
+              if (!parsed.id) {
+                parsed.id = controlId.replace(/_(\d)/g, ".$1");
+              }
+              return parsed;
+            } catch (error) {
+              console.error(`Failed to load control ${controlId}:`, error);
+              throw new Error(
+                `Failed to load control ${controlId}: ${error instanceof Error ? error.message : String(error)}`
+              );
+            }
+          }
+        }
+        return null;
+      }
+      /**
+       * Save a control
+       */
+      async saveControl(control) {
+        this.ensureDirectories();
+        const controlId = getControlId(control, this.baseDir);
+        const family = this.getControlFamily(controlId);
+        const filename = this.getControlFilename(controlId);
+        const familyDir = join2(this.controlsDir, family);
+        const filePath = join2(familyDir, filename);
+        if (!existsSync2(familyDir)) {
+          mkdirSync(familyDir, { recursive: true });
+        }
+        try {
+          let yamlContent;
+          if (existsSync2(filePath)) {
+            const existingContent = readFileSync2(filePath, "utf8");
+            const existingControl = yaml2.load(existingContent);
+            const fieldsToUpdate = {};
+            for (const key in control) {
+              if (key === "timeline" || key === "unifiedHistory" || key === "_metadata" || key === "id") {
+                continue;
+              }
+              if (JSON.stringify(control[key]) !== JSON.stringify(existingControl[key])) {
+                fieldsToUpdate[key] = control[key];
+              }
+            }
+            if (Object.keys(fieldsToUpdate).length > 0) {
+              const updatedControl = { ...existingControl, ...fieldsToUpdate };
+              yamlContent = yaml2.dump(updatedControl, {
+                indent: 2,
+                lineWidth: 80,
+                noRefs: true,
+                sortKeys: false
+              });
+            } else {
+              yamlContent = existingContent;
+            }
+          } else {
+            const controlToSave = { ...control };
+            delete controlToSave.timeline;
+            delete controlToSave.unifiedHistory;
+            delete controlToSave._metadata;
+            delete controlToSave.id;
+            yamlContent = yaml2.dump(controlToSave, {
+              indent: 2,
+              lineWidth: 80,
+              noRefs: true,
+              sortKeys: false
+            });
+          }
+          writeFileSync(filePath, yamlContent, "utf8");
+          this.controlMetadataCache.set(controlId, {
+            controlId,
+            filename,
+            family
+          });
+        } catch (error) {
+          throw new Error(
+            `Failed to save control ${controlId}: ${error instanceof Error ? error.message : String(error)}`
+          );
+        }
+      }
+      /**
+       * Delete a control
+       */
+      async deleteControl(controlId) {
+        const family = this.getControlFamily(controlId);
+        const filename = this.getControlFilename(controlId);
+        const familyDir = join2(this.controlsDir, family);
+        const filePath = join2(familyDir, filename);
+        if (existsSync2(filePath)) {
+          unlinkSync(filePath);
+          this.controlMetadataCache.delete(controlId);
+        }
+      }
+      /**
+       * Load all controls
+       */
+      async loadAllControls() {
+        if (!existsSync2(this.controlsDir)) {
+          return [];
+        }
+        const entries = readdirSync(this.controlsDir);
+        const yamlFiles = entries.filter((file) => file.endsWith(".yaml"));
+        if (yamlFiles.length > 0) {
+          const promises = yamlFiles.map(async (file) => {
+            try {
+              const filePath = join2(this.controlsDir, file);
+              const content = await fs.readFile(filePath, "utf8");
+              const parsed = yaml2.load(content);
+              if (!parsed.id) {
+                parsed.id = getControlId(parsed, this.baseDir);
+              }
+              return parsed;
+            } catch (error) {
+              console.error(`Failed to load control from file ${file}:`, error);
+              return null;
+            }
+          });
+          const results2 = await Promise.all(promises);
+          return results2.filter((c) => c !== null);
+        }
+        const families = entries.filter((name) => {
+          const familyPath = join2(this.controlsDir, name);
+          return statSync(familyPath).isDirectory();
+        });
+        const allPromises = [];
+        for (const family of families) {
+          const familyPath = join2(this.controlsDir, family);
+          const files = readdirSync(familyPath).filter((file) => file.endsWith(".yaml"));
+          const familyPromises = files.map(async (file) => {
+            try {
+              const controlId = file.replace(".yaml", "");
+              const control = await this.loadControl(controlId);
+              return control;
+            } catch (error) {
+              console.error(`Failed to load control from file ${file}:`, error);
+              return null;
+            }
+          });
+          allPromises.push(...familyPromises);
+        }
+        const results = await Promise.all(allPromises);
+        return results.filter((c) => c !== null);
+      }
+      /**
+       * Load mappings from mappings directory
+       */
+      async loadMappings() {
+        const mappings = [];
+        if (!existsSync2(this.mappingsDir)) {
+          return mappings;
+        }
+        const families = readdirSync(this.mappingsDir).filter((name) => {
+          const familyPath = join2(this.mappingsDir, name);
+          return statSync(familyPath).isDirectory();
+        });
+        for (const family of families) {
+          const familyPath = join2(this.mappingsDir, family);
+          const files = readdirSync(familyPath).filter((file) => file.endsWith("-mappings.yaml"));
+          for (const file of files) {
+            const mappingFile = join2(familyPath, file);
+            try {
+              const content = readFileSync2(mappingFile, "utf8");
+              const parsed = yaml2.load(content);
+              if (Array.isArray(parsed)) {
+                mappings.push(...parsed);
+              }
+            } catch (error) {
+              console.error(`Failed to load mappings from ${family}/${file}:`, error);
+            }
+          }
+        }
+        return mappings;
+      }
+      /**
+       * Save a single mapping
+       */
+      async saveMapping(mapping) {
+        this.ensureDirectories();
+        const controlId = mapping.control_id;
+        const family = this.getControlFamily(controlId);
+        const familyDir = join2(this.mappingsDir, family);
+        const mappingFile = join2(familyDir, `${controlId}-mappings.yaml`);
+        if (!existsSync2(familyDir)) {
+          mkdirSync(familyDir, { recursive: true });
+        }
+        let existingMappings = [];
+        if (existsSync2(mappingFile)) {
+          try {
+            const content = readFileSync2(mappingFile, "utf8");
+            existingMappings = yaml2.load(content) || [];
+          } catch (error) {
+            console.error(`Failed to parse existing mappings file: ${mappingFile}`, error);
+            existingMappings = [];
+          }
+        }
+        const existingIndex = existingMappings.findIndex((m) => m.uuid === mapping.uuid);
+        if (existingIndex >= 0) {
+          existingMappings[existingIndex] = mapping;
+        } else {
+          existingMappings.push(mapping);
+        }
+        try {
+          const yamlContent = yaml2.dump(existingMappings, {
+            indent: 2,
+            lineWidth: -1,
+            noRefs: true
+          });
+          writeFileSync(mappingFile, yamlContent, "utf8");
+        } catch (error) {
+          throw new Error(
+            `Failed to save mapping for control ${controlId}: ${error instanceof Error ? error.message : String(error)}`
+          );
+        }
+      }
+      /**
+       * Delete a single mapping
+       */
+      async deleteMapping(uuid) {
+        const mappingFiles = this.getAllMappingFiles();
+        for (const file of mappingFiles) {
+          try {
+            const content = readFileSync2(file, "utf8");
+            let mappings = yaml2.load(content) || [];
+            const originalLength = mappings.length;
+            mappings = mappings.filter((m) => m.uuid !== uuid);
+            if (mappings.length < originalLength) {
+              if (mappings.length === 0) {
+                unlinkSync(file);
+              } else {
+                const yamlContent = yaml2.dump(mappings, {
+                  indent: 2,
+                  lineWidth: -1,
+                  noRefs: true
+                });
+                writeFileSync(file, yamlContent, "utf8");
+              }
+              return;
+            }
+          } catch (error) {
+            console.error(`Error processing mapping file ${file}:`, error);
+          }
+        }
+      }
+      /**
+       * Get all mapping files
+       */
+      getAllMappingFiles() {
+        const files = [];
+        if (!existsSync2(this.mappingsDir)) {
+          return files;
+        }
+        const flatFiles = readdirSync(this.mappingsDir).filter((file) => file.endsWith("-mappings.yaml")).map((file) => join2(this.mappingsDir, file));
+        files.push(...flatFiles);
+        const entries = readdirSync(this.mappingsDir, { withFileTypes: true });
+        for (const entry of entries) {
+          if (entry.isDirectory()) {
+            const familyDir = join2(this.mappingsDir, entry.name);
+            const familyFiles = readdirSync(familyDir).filter((file) => file.endsWith("-mappings.yaml")).map((file) => join2(familyDir, file));
+            files.push(...familyFiles);
+          }
+        }
+        return files;
+      }
+      /**
+       * Save mappings to per-control files
+       */
+      async saveMappings(mappings) {
+        this.ensureDirectories();
+        const mappingsByControl = /* @__PURE__ */ new Map();
+        for (const mapping of mappings) {
+          const controlId = mapping.control_id;
+          if (!mappingsByControl.has(controlId)) {
+            mappingsByControl.set(controlId, []);
+          }
+          mappingsByControl.get(controlId).push(mapping);
+        }
+        for (const [controlId, controlMappings] of mappingsByControl) {
+          const family = this.getControlFamily(controlId);
+          const familyDir = join2(this.mappingsDir, family);
+          const mappingFile = join2(familyDir, `${controlId}-mappings.yaml`);
+          if (!existsSync2(familyDir)) {
+            mkdirSync(familyDir, { recursive: true });
+          }
+          try {
+            const yamlContent = yaml2.dump(controlMappings, {
+              indent: 2,
+              lineWidth: -1,
+              noRefs: true
+            });
+            writeFileSync(mappingFile, yamlContent, "utf8");
+          } catch (error) {
+            throw new Error(
+              `Failed to save mappings for control ${controlId}: ${error instanceof Error ? error.message : String(error)}`
+            );
+          }
+        }
+      }
+      /**
+       * Refresh controls cache
+       */
+      refreshControlsCache() {
+        this.controlMetadataCache.clear();
+        if (!existsSync2(this.controlsDir)) {
+          return;
+        }
+        const entries = readdirSync(this.controlsDir);
+        const yamlFiles = entries.filter((file) => file.endsWith(".yaml"));
+        if (yamlFiles.length > 0) {
+          for (const filename of yamlFiles) {
+            const controlId = filename.replace(".yaml", "");
+            const family = this.getControlFamily(controlId);
+            this.controlMetadataCache.set(controlId, {
+              controlId,
+              filename,
+              family
+            });
+          }
+          return;
+        }
+        const families = entries.filter((name) => {
+          const familyPath = join2(this.controlsDir, name);
+          return statSync(familyPath).isDirectory();
+        });
+        for (const family of families) {
+          const familyPath = join2(this.controlsDir, family);
+          const files = readdirSync(familyPath).filter((file) => file.endsWith(".yaml"));
+          for (const filename of files) {
+            try {
+              const filePath = join2(familyPath, filename);
+              const content = readFileSync2(filePath, "utf8");
+              const parsed = yaml2.load(content);
+              const controlId = getControlId(parsed, this.baseDir);
+              this.controlMetadataCache.set(controlId, {
+                controlId,
+                filename,
+                family
+              });
+            } catch (error) {
+              console.error(`Failed to read control metadata from ${family}/${filename}:`, error);
+              const controlId = filename.replace(".yaml", "").replace(/_/g, "/");
+              this.controlMetadataCache.set(controlId, {
+                controlId,
+                filename,
+                family
+              });
+            }
+          }
+        }
+      }
+      /**
+       * Get file store statistics
+       */
+      getStats() {
+        const controlCount = this.controlMetadataCache.size;
+        let mappingCount = 0;
+        if (existsSync2(this.mappingsDir)) {
+          const families = readdirSync(this.mappingsDir).filter((name) => {
+            const familyPath = join2(this.mappingsDir, name);
+            return statSync(familyPath).isDirectory();
+          });
+          mappingCount = families.length;
+        }
+        const familyCount = new Set(
+          Array.from(this.controlMetadataCache.values()).map((meta) => meta.family)
+        ).size;
+        return {
+          controlCount,
+          mappingCount,
+          familyCount
+        };
+      }
+      /**
+       * Clear all caches
+       */
+      clearCache() {
+        this.controlMetadataCache.clear();
+        this.refreshControlsCache();
+      }
+    };
+  }
+});
+
+// cli/server/infrastructure/yamlDiff.ts
+import * as yaml3 from "js-yaml";
+function createYamlDiff(oldYaml, newYaml, isArrayFile = false) {
+  try {
+    const emptyDefault = isArrayFile ? "[]" : "{}";
+    const oldData = yaml3.load(oldYaml || emptyDefault);
+    const newData = yaml3.load(newYaml || emptyDefault);
+    const changes = compareValues(oldData, newData, "");
+    return {
+      hasChanges: changes.length > 0,
+      changes,
+      summary: generateSummary(changes)
+    };
+  } catch (error) {
+    console.error("Error parsing YAML for diff:", error);
+    return {
+      hasChanges: false,
+      changes: [],
+      summary: "Error parsing YAML content"
+    };
+  }
+}
+function compareValues(oldValue, newValue, basePath) {
+  const changes = [];
+  if (oldValue === null || oldValue === void 0) {
+    if (newValue !== null && newValue !== void 0) {
+      changes.push({
+        type: "added",
+        path: basePath || "root",
+        newValue,
+        description: `Added ${basePath || "content"}`
+      });
+    }
+    return changes;
+  }
+  if (newValue === null || newValue === void 0) {
+    changes.push({
+      type: "removed",
+      path: basePath || "root",
+      oldValue,
+      description: `Removed ${basePath || "content"}`
+    });
+    return changes;
+  }
+  if (Array.isArray(oldValue) || Array.isArray(newValue)) {
+    return compareArrays(oldValue, newValue, basePath);
+  }
+  if (typeof oldValue === "object" && typeof newValue === "object") {
+    return compareObjects(oldValue, newValue, basePath);
+  }
+  if (oldValue !== newValue) {
+    changes.push({
+      type: "modified",
+      path: basePath || "root",
+      oldValue,
+      newValue,
+      description: `Changed ${basePath || "value"}`
+    });
+  }
+  return changes;
+}
+function compareObjects(oldObj, newObj, basePath) {
+  const changes = [];
+  const allKeys = /* @__PURE__ */ new Set([...Object.keys(oldObj), ...Object.keys(newObj)]);
+  for (const key of allKeys) {
+    const currentPath = basePath ? `${basePath}.${key}` : key;
+    const oldValue = oldObj[key];
+    const newValue = newObj[key];
+    if (!(key in oldObj)) {
+      changes.push({
+        type: "added",
+        path: currentPath,
+        newValue,
+        description: `Added ${key}`
+      });
+    } else if (!(key in newObj)) {
+      changes.push({
+        type: "removed",
+        path: currentPath,
+        oldValue,
+        description: `Removed ${key}`
+      });
+    } else if (!deepEqual(oldValue, newValue)) {
+      if (typeof oldValue === "object" && typeof newValue === "object") {
+        changes.push(...compareValues(oldValue, newValue, currentPath));
+      } else {
+        changes.push({
+          type: "modified",
+          path: currentPath,
+          oldValue,
+          newValue,
+          description: `Changed ${key}`
+        });
+      }
+    }
+  }
+  return changes;
+}
+function compareArrays(oldArr, newArr, basePath) {
+  const changes = [];
+  if (!Array.isArray(oldArr) && Array.isArray(newArr)) {
+    changes.push({
+      type: "modified",
+      path: basePath || "root",
+      oldValue: oldArr,
+      newValue: newArr,
+      description: `Changed ${basePath || "value"} from non-array to array`
+    });
+    return changes;
+  }
+  if (Array.isArray(oldArr) && !Array.isArray(newArr)) {
+    changes.push({
+      type: "modified",
+      path: basePath || "root",
+      oldValue: oldArr,
+      newValue: newArr,
+      description: `Changed ${basePath || "value"} from array to non-array`
+    });
+    return changes;
+  }
+  const oldArray = oldArr;
+  const newArray = newArr;
+  if (isMappingArray(oldArray) || isMappingArray(newArray)) {
+    return compareMappingArrays(oldArray, newArray, basePath);
+  }
+  if (oldArray.length !== newArray.length) {
+    changes.push({
+      type: "modified",
+      path: basePath || "root",
+      oldValue: oldArray,
+      newValue: newArray,
+      description: `Array ${basePath || "items"} changed from ${oldArray.length} to ${newArray.length} items`
+    });
+  } else {
+    for (let i = 0; i < oldArray.length; i++) {
+      const elementPath = `${basePath}[${i}]`;
+      if (!deepEqual(oldArray[i], newArray[i])) {
+        changes.push(...compareValues(oldArray[i], newArray[i], elementPath));
+      }
+    }
+  }
+  return changes;
+}
+function isMappingArray(arr) {
+  if (!Array.isArray(arr) || arr.length === 0) return false;
+  const firstItem = arr[0];
+  return typeof firstItem === "object" && firstItem !== null && "control_id" in firstItem && "uuid" in firstItem;
+}
+function compareMappingArrays(oldArr, newArr, basePath) {
+  const changes = [];
+  const oldMappings = /* @__PURE__ */ new Map();
+  const newMappings = /* @__PURE__ */ new Map();
+  for (const item of oldArr) {
+    if (typeof item === "object" && item !== null && "uuid" in item) {
+      oldMappings.set(item.uuid, item);
+    }
+  }
+  for (const item of newArr) {
+    if (typeof item === "object" && item !== null && "uuid" in item) {
+      newMappings.set(item.uuid, item);
+    }
+  }
+  for (const [uuid, mapping] of newMappings) {
+    if (!oldMappings.has(uuid)) {
+      changes.push({
+        type: "added",
+        path: `mapping`,
+        newValue: mapping,
+        description: `Added mapping`
+      });
+    }
+  }
+  for (const [uuid, mapping] of oldMappings) {
+    if (!newMappings.has(uuid)) {
+      changes.push({
+        type: "removed",
+        path: `mapping`,
+        oldValue: mapping,
+        description: `Removed mapping`
+      });
+    }
+  }
+  for (const [uuid, oldMapping] of oldMappings) {
+    if (newMappings.has(uuid)) {
+      const newMapping = newMappings.get(uuid);
+      if (!deepEqual(oldMapping, newMapping)) {
+        changes.push({
+          type: "modified",
+          path: `mapping`,
+          oldValue: oldMapping,
+          newValue: newMapping,
+          description: `Modified mapping`
+        });
+      }
+    }
+  }
+  if (changes.length === 0 && oldArr.length !== newArr.length) {
+    changes.push({
+      type: "modified",
+      path: basePath || "mappings",
+      oldValue: oldArr,
+      newValue: newArr,
+      description: `Mappings changed from ${oldArr.length} to ${newArr.length} items`
+    });
+  }
+  return changes;
+}
+function deepEqual(a, b) {
+  if (a === b) return true;
+  if (a === null || b === null) return false;
+  if (typeof a !== typeof b) return false;
+  if (Array.isArray(a) && Array.isArray(b)) {
+    if (a.length !== b.length) return false;
+    for (let i = 0; i < a.length; i++) {
+      if (!deepEqual(a[i], b[i])) return false;
+    }
+    return true;
+  }
+  if (typeof a === "object" && typeof b === "object") {
+    const aObj = a;
+    const bObj = b;
+    const aKeys = Object.keys(aObj);
+    const bKeys = Object.keys(bObj);
+    if (aKeys.length !== bKeys.length) return false;
+    for (const key of aKeys) {
+      if (!bKeys.includes(key)) return false;
+      if (!deepEqual(aObj[key], bObj[key])) return false;
+    }
+    return true;
+  }
+  return false;
+}
+function generateSummary(changes) {
+  if (changes.length === 0) {
+    return "No changes detected";
+  }
+  const added = changes.filter((c) => c.type === "added").length;
+  const removed = changes.filter((c) => c.type === "removed").length;
+  const modified = changes.filter((c) => c.type === "modified").length;
+  const parts = [];
+  if (added > 0) parts.push(`${added} added`);
+  if (removed > 0) parts.push(`${removed} removed`);
+  if (modified > 0) parts.push(`${modified} modified`);
+  return parts.join(", ");
+}
+var init_yamlDiff = __esm({
+  "cli/server/infrastructure/yamlDiff.ts"() {
+    "use strict";
+  }
+});
+
+// cli/server/infrastructure/gitHistory.ts
+var gitHistory_exports = {};
+__export(gitHistory_exports, {
+  GitHistoryUtil: () => GitHistoryUtil
+});
+import * as fs2 from "fs";
+import * as git from "isomorphic-git";
+import { relative } from "path";
+var GitHistoryUtil;
+var init_gitHistory = __esm({
+  "cli/server/infrastructure/gitHistory.ts"() {
+    "use strict";
+    init_yamlDiff();
+    GitHistoryUtil = class {
+      baseDir;
+      constructor(baseDir) {
+        this.baseDir = baseDir;
+      }
+      /**
+       * Check if the directory is a git repository
+       */
+      async isGitRepository() {
+        try {
+          const gitDir = await git.findRoot({ fs: fs2, filepath: process.cwd() });
+          return !!gitDir;
+        } catch {
+          return false;
+        }
+      }
+      /**
+       * Get git history for a specific file
+       */
+      async getFileHistory(filePath, limit = 50) {
+        const isGitRepo = await this.isGitRepository();
+        if (!isGitRepo) {
+          return {
+            filePath,
+            commits: [],
+            totalCommits: 0,
+            firstCommit: null,
+            lastCommit: null
+          };
+        }
+        try {
+          const gitRoot = await git.findRoot({ fs: fs2, filepath: process.cwd() });
+          const relativePath = relative(gitRoot, filePath);
+          const commits = await git.log({
+            fs: fs2,
+            dir: gitRoot,
+            filepath: relativePath,
+            depth: limit
+          });
+          if (!commits || commits.length === 0) {
+            return {
+              filePath,
+              commits: [],
+              totalCommits: 0,
+              firstCommit: null,
+              lastCommit: null
+            };
+          }
+          const gitCommits = await this.convertIsomorphicCommits(commits, relativePath, gitRoot);
+          return {
+            filePath,
+            commits: gitCommits,
+            totalCommits: gitCommits.length,
+            firstCommit: gitCommits[gitCommits.length - 1] || null,
+            lastCommit: gitCommits[0] || null
+          };
+        } catch (error) {
+          const err = error;
+          if (err?.code === "NotFoundError" || err?.message?.includes("Could not find file")) {
+            return {
+              filePath,
+              commits: [],
+              totalCommits: 0,
+              firstCommit: null,
+              lastCommit: null
+            };
+          }
+          console.error(`Unexpected error getting git history for ${filePath}:`, error);
+          return {
+            filePath,
+            commits: [],
+            totalCommits: 0,
+            firstCommit: null,
+            lastCommit: null
+          };
+        }
+      }
+      /**
+       * Get the total number of commits for a file
+       */
+      async getFileCommitCount(filePath) {
+        const isGitRepo = await this.isGitRepository();
+        if (!isGitRepo) {
+          return 0;
+        }
+        try {
+          const gitRoot = await git.findRoot({ fs: fs2, filepath: process.cwd() });
+          const relativePath = relative(gitRoot, filePath);
+          const commits = await git.log({
+            fs: fs2,
+            dir: gitRoot,
+            filepath: relativePath
+          });
+          return commits.length;
+        } catch {
+          return 0;
+        }
+      }
+      /**
+       * Get the latest commit info for a file
+       */
+      async getLatestCommit(filePath) {
+        const history = await this.getFileHistory(filePath, 1);
+        return history.lastCommit;
+      }
+      /**
+       * Get file content at a specific commit (public method)
+       */
+      async getFileContentAtCommit(filePath, commitHash) {
+        const isGitRepo = await this.isGitRepository();
+        if (!isGitRepo) {
+          return null;
+        }
+        try {
+          const gitRoot = await git.findRoot({ fs: fs2, filepath: process.cwd() });
+          const relativePath = relative(gitRoot, filePath);
+          return await this.getFileAtCommit(commitHash, relativePath, gitRoot);
+        } catch (error) {
+          console.error(`Error getting file content at commit ${commitHash}:`, error);
+          return null;
+        }
+      }
+      /**
+       * Convert isomorphic-git commits to our GitCommit format
+       */
+      async convertIsomorphicCommits(commits, relativePath, gitRoot) {
+        const gitCommits = [];
+        for (let i = 0; i < commits.length; i++) {
+          const commit = commits[i];
+          const includeDiff = i < 5;
+          let changes = { insertions: 0, deletions: 0, files: 1 };
+          let diff;
+          let yamlDiff;
+          if (includeDiff) {
+            try {
+              const diffResult = await this.getCommitDiff(commit.oid, relativePath, gitRoot);
+              changes = diffResult.changes;
+              diff = diffResult.diff;
+              yamlDiff = diffResult.yamlDiff;
+            } catch (error) {
+            }
+          }
+          gitCommits.push({
+            hash: commit.oid,
+            shortHash: commit.oid.substring(0, 7),
+            author: commit.commit.author.name,
+            authorEmail: commit.commit.author.email,
+            date: new Date(commit.commit.author.timestamp * 1e3).toISOString(),
+            message: commit.commit.message,
+            changes,
+            ...diff && { diff },
+            ...yamlDiff && { yamlDiff }
+          });
+        }
+        return gitCommits;
+      }
+      /**
+       * Get diff for a specific commit and file
+       */
+      async getCommitDiff(commitOid, relativePath, gitRoot) {
+        try {
+          const commit = await git.readCommit({ fs: fs2, dir: gitRoot, oid: commitOid });
+          const parentOid = commit.commit.parent.length > 0 ? commit.commit.parent[0] : null;
+          if (!parentOid) {
+            const currentContent2 = await this.getFileAtCommit(commitOid, relativePath, gitRoot);
+            if (currentContent2) {
+              const lines = currentContent2.split("\n");
+              const isMappingFile2 = relativePath.includes("-mappings.yaml");
+              const yamlDiff2 = createYamlDiff("", currentContent2, isMappingFile2);
+              return {
+                changes: { insertions: lines.length, deletions: 0, files: 1 },
+                diff: `--- /dev/null
++++ b/${relativePath}
+@@ -0,0 +1,${lines.length} @@
+` + lines.map((line) => "+" + line).join("\n"),
+                yamlDiff: yamlDiff2
+              };
+            }
+            return { changes: { insertions: 0, deletions: 0, files: 1 } };
+          }
+          const currentContent = await this.getFileAtCommit(commitOid, relativePath, gitRoot);
+          const parentContent = await this.getFileAtCommit(parentOid, relativePath, gitRoot);
+          if (!currentContent && !parentContent) {
+            return { changes: { insertions: 0, deletions: 0, files: 1 } };
+          }
+          const currentLines = currentContent ? currentContent.split("\n") : [];
+          const parentLines = parentContent ? parentContent.split("\n") : [];
+          const diff = this.createSimpleDiff(parentLines, currentLines, relativePath);
+          const { insertions, deletions } = this.countChanges(parentLines, currentLines);
+          const isMappingFile = relativePath.includes("-mappings.yaml");
+          const yamlDiff = createYamlDiff(parentContent || "", currentContent || "", isMappingFile);
+          return {
+            changes: { insertions, deletions, files: 1 },
+            diff,
+            yamlDiff
+          };
+        } catch (error) {
+          return { changes: { insertions: 0, deletions: 0, files: 1 } };
+        }
+      }
+      /**
+       * Get file content at a specific commit
+       */
+      async getFileAtCommit(commitOid, filepath, gitRoot) {
+        try {
+          const { blob } = await git.readBlob({
+            fs: fs2,
+            dir: gitRoot,
+            oid: commitOid,
+            filepath
+          });
+          return new TextDecoder().decode(blob);
+        } catch (_error) {
+          return null;
+        }
+      }
+      /**
+       * Create a simple unified diff between two file versions
+       */
+      createSimpleDiff(oldLines, newLines, filepath) {
+        const diffLines = [];
+        diffLines.push(`--- a/${filepath}`);
+        diffLines.push(`+++ b/${filepath}`);
+        const oldCount = oldLines.length;
+        const newCount = newLines.length;
+        diffLines.push(`@@ -1,${oldCount} +1,${newCount} @@`);
+        let i = 0, j = 0;
+        while (i < oldLines.length || j < newLines.length) {
+          if (i < oldLines.length && j < newLines.length && oldLines[i] === newLines[j]) {
+            diffLines.push(` ${oldLines[i]}`);
+            i++;
+            j++;
+          } else if (i < oldLines.length && (j >= newLines.length || oldLines[i] !== newLines[j])) {
+            diffLines.push(`-${oldLines[i]}`);
+            i++;
+          } else if (j < newLines.length) {
+            diffLines.push(`+${newLines[j]}`);
+            j++;
+          }
+        }
+        return diffLines.join("\n");
+      }
+      /**
+       * Count insertions and deletions between two file versions
+       */
+      countChanges(oldLines, newLines) {
+        let insertions = 0;
+        let deletions = 0;
+        const maxLines = Math.max(oldLines.length, newLines.length);
+        for (let i = 0; i < maxLines; i++) {
+          const oldLine = i < oldLines.length ? oldLines[i] : null;
+          const newLine = i < newLines.length ? newLines[i] : null;
+          if (oldLine === null) {
+            insertions++;
+          } else if (newLine === null) {
+            deletions++;
+          } else if (oldLine !== newLine) {
+            insertions++;
+            deletions++;
+          }
+        }
+        return { insertions, deletions };
+      }
+      /**
+       * Get git stats for the entire repository
+       */
+      async getRepositoryStats() {
+        const isGitRepo = await this.isGitRepository();
+        if (!isGitRepo) {
+          return {
+            totalCommits: 0,
+            contributors: 0,
+            lastCommitDate: null,
+            firstCommitDate: null
+          };
+        }
+        try {
+          const gitRoot = await git.findRoot({ fs: fs2, filepath: process.cwd() });
+          const commits = await git.log({ fs: fs2, dir: gitRoot });
+          const contributorEmails = /* @__PURE__ */ new Set();
+          commits.forEach((commit) => {
+            contributorEmails.add(commit.commit.author.email);
+          });
+          const firstCommit = commits[commits.length - 1];
+          const lastCommit = commits[0];
+          return {
+            totalCommits: commits.length,
+            contributors: contributorEmails.size,
+            lastCommitDate: lastCommit ? new Date(lastCommit.commit.author.timestamp * 1e3).toISOString() : null,
+            firstCommitDate: firstCommit ? new Date(firstCommit.commit.author.timestamp * 1e3).toISOString() : null
+          };
+        } catch (error) {
+          console.error("Error getting repository stats:", error);
+          return {
+            totalCommits: 0,
+            contributors: 0,
+            lastCommitDate: null,
+            firstCommitDate: null
+          };
+        }
+      }
+    };
+  }
+});
+
+// cli/server/serverState.ts
+var serverState_exports = {};
+__export(serverState_exports, {
+  addControlToIndexes: () => addControlToIndexes,
+  addMappingToIndexes: () => addMappingToIndexes,
+  getCurrentControlSetPath: () => getCurrentControlSetPath,
+  getServerState: () => getServerState,
+  initializeServerState: () => initializeServerState,
+  loadAllData: () => loadAllData,
+  saveMappingsToFile: () => saveMappingsToFile
+});
+import { join as join3 } from "path";
+function initializeServerState(controlSetDir, subdir = ".") {
+  const fullPath = subdir === "." ? controlSetDir : join3(controlSetDir, subdir);
+  serverState = {
+    CONTROL_SET_DIR: controlSetDir,
+    currentSubdir: subdir,
+    fileStore: new FileStore({ baseDir: fullPath }),
+    gitHistory: new GitHistoryUtil(fullPath),
+    controlsCache: /* @__PURE__ */ new Map(),
+    mappingsCache: /* @__PURE__ */ new Map(),
+    controlsByFamily: /* @__PURE__ */ new Map(),
+    mappingsByFamily: /* @__PURE__ */ new Map(),
+    mappingsByControl: /* @__PURE__ */ new Map()
+  };
+  return serverState;
+}
+function getServerState() {
+  if (!serverState) {
+    throw new Error("Server state not initialized. Call initializeServerState() first.");
+  }
+  return serverState;
+}
+function getCurrentControlSetPath() {
+  const state = getServerState();
+  return state.currentSubdir === "." ? state.CONTROL_SET_DIR : join3(state.CONTROL_SET_DIR, state.currentSubdir);
+}
+function addControlToIndexes(control) {
+  const state = getServerState();
+  const family = control.family;
+  if (!family) {
+    return;
+  }
+  if (!state.controlsByFamily.has(family)) {
+    state.controlsByFamily.set(family, /* @__PURE__ */ new Set());
+  }
+  state.controlsByFamily.get(family).add(control.id);
+}
+function addMappingToIndexes(mapping) {
+  const state = getServerState();
+  const family = mapping.control_id.split("-")[0];
+  if (!state.mappingsByFamily.has(family)) {
+    state.mappingsByFamily.set(family, /* @__PURE__ */ new Set());
+  }
+  state.mappingsByFamily.get(family).add(mapping.uuid);
+  if (!state.mappingsByControl.has(mapping.control_id)) {
+    state.mappingsByControl.set(mapping.control_id, /* @__PURE__ */ new Set());
+  }
+  state.mappingsByControl.get(mapping.control_id).add(mapping.uuid);
+}
+async function loadAllData() {
+  const state = getServerState();
+  debug("Loading data into memory...");
+  try {
+    const controls = await state.fileStore.loadAllControls();
+    for (const control of controls) {
+      state.controlsCache.set(control.id, control);
+      addControlToIndexes(control);
+    }
+    debug(`Loaded ${controls.length} controls from individual files`);
+    const mappings = await state.fileStore.loadMappings();
+    for (const mapping of mappings) {
+      state.mappingsCache.set(mapping.uuid, mapping);
+      addMappingToIndexes(mapping);
+    }
+    debug(`Loaded ${mappings.length} mappings`);
+  } catch (error) {
+    console.error("Error loading data:", error);
+  }
 }
+async function saveMappingsToFile() {
+  const state = getServerState();
+  try {
+    const allMappings = Array.from(state.mappingsCache.values());
+    await state.fileStore.saveMappings(allMappings);
+    debug(`Saved ${allMappings.length} mappings`);
+  } catch (error) {
+    console.error("Error saving mappings:", error);
+  }
+}
+var serverState;
+var init_serverState = __esm({
+  "cli/server/serverState.ts"() {
+    "use strict";
+    init_debug();
+    init_fileStore();
+    init_gitHistory();
+    serverState = void 0;
+  }
+});
+
+// cli/server/spreadsheetRoutes.ts
+var spreadsheetRoutes_exports = {};
+__export(spreadsheetRoutes_exports, {
+  default: () => spreadsheetRoutes_default,
+  scanControlSets: () => scanControlSets
+});
+import { parse as parseCSVSync } from "csv-parse/sync";
+import ExcelJS from "exceljs";
+import express from "express";
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
+import { glob } from "glob";
+import * as yaml4 from "js-yaml";
+import multer from "multer";
+import { dirname, join as join4, relative as relative2 } from "path";
+async function scanControlSets() {
+  const state = getServerState();
+  const baseDir = state.CONTROL_SET_DIR;
+  const pattern = "**/lula.yaml";
+  const files = await glob(pattern, {
+    cwd: baseDir,
+    ignore: ["node_modules/**", "dist/**", "build/**"],
+    maxDepth: 5
+  });
+  const controlSets = files.map((file) => {
+    const fullPath = join4(baseDir, file);
+    const dirPath = dirname(fullPath);
+    const relativePath = relative2(baseDir, dirPath) || ".";
+    try {
+      const content = readFileSync3(fullPath, "utf8");
+      const data = yaml4.load(content);
+      if (data.id === "default") {
+        return null;
+      }
+      return {
+        path: relativePath,
+        name: data.name || "Unnamed Control Set",
+        description: data.description || "",
+        controlCount: data.controlCount || 0,
+        file
+      };
+    } catch (_err) {
+      return {
+        path: relativePath,
+        name: "Invalid lula.yaml",
+        description: "Could not parse file",
+        controlCount: 0,
+        file
+      };
+    }
+  }).filter((cs) => cs !== null);
+  return { controlSets };
+}
+function applyNamingConvention(fieldName, convention) {
+  if (!fieldName) return fieldName;
+  const cleanedName = fieldName.trim();
+  switch (convention) {
+    case "camelCase":
+      return toCamelCase(cleanedName);
+    case "snake_case":
+      return toSnakeCase(cleanedName);
+    case "kebab-case":
+      return toKebabCase(cleanedName);
+    case "lowercase":
+      return cleanedName.replace(/\W+/g, "").toLowerCase();
+    case "original":
+      return cleanedName;
+    default:
+      return toCamelCase(cleanedName);
+  }
+}
+function toCamelCase(str) {
+  return str.replace(/(?:^\w|[A-Z]|\b\w)/g, (word, index) => {
+    return index === 0 ? word.toLowerCase() : word.toUpperCase();
+  }).replace(/\s+/g, "");
+}
+function toSnakeCase(str) {
+  return str.replace(/\W+/g, " ").split(/ |\s/).map((word) => word.toLowerCase()).join("_");
+}
+function toKebabCase(str) {
+  return str.replace(/\W+/g, " ").split(/ |\s/).map((word) => word.toLowerCase()).join("-");
+}
+function detectValueType(value) {
+  if (typeof value === "boolean") return "boolean";
+  if (typeof value === "number") return "number";
+  if (typeof value === "string") {
+    const lowerValue = value.toLowerCase().trim();
+    if (lowerValue === "true" || lowerValue === "false" || lowerValue === "yes" || lowerValue === "no" || lowerValue === "y" || lowerValue === "n") {
+      return "boolean";
+    }
+    if (!isNaN(Number(value)) && value.trim() !== "") {
+      return "number";
+    }
+    const datePatterns = [
+      /^\d{4}-\d{2}-\d{2}$/,
+      // YYYY-MM-DD
+      /^\d{2}\/\d{2}\/\d{4}$/,
+      // MM/DD/YYYY
+      /^\d{1,2}\/\d{1,2}\/\d{2,4}$/
+      // M/D/YY or MM/DD/YYYY
+    ];
+    if (datePatterns.some((pattern) => pattern.test(value))) {
+      return "date";
+    }
+  }
+  return "string";
+}
+function parseCSV(content) {
+  try {
+    const records = parseCSVSync(content, {
+      // Don't treat first row as headers - we'll handle that ourselves
+      columns: false,
+      // Skip empty lines
+      skip_empty_lines: true,
+      // Handle different line endings
+      relax_column_count: true,
+      // Trim whitespace from fields
+      trim: true,
+      // Handle quoted fields properly
+      quote: '"',
+      // Standard escape character
+      escape: '"',
+      // Auto-detect delimiter (usually comma)
+      delimiter: ","
+    });
+    return records;
+  } catch (error) {
+    console.error("CSV parsing error:", error);
+    return content.split(/\r?\n/).map((line) => line.split(","));
+  }
+}
+function extractFamilyFromControlId(controlId) {
+  if (!controlId) return "UNKNOWN";
+  controlId = controlId.trim();
+  const match = controlId.match(/^([A-Za-z]+)[-._ ]?\d/);
+  if (match) {
+    return match[1].toUpperCase();
+  }
+  const letterMatch = controlId.match(/^([A-Za-z]+)/);
+  if (letterMatch) {
+    return letterMatch[1].toUpperCase();
+  }
+  return controlId.substring(0, 2).toUpperCase();
+}
+function exportAsCSV(controls, metadata, res) {
+  const fieldSchema = metadata?.fieldSchema?.fields || {};
+  const controlIdField = metadata?.control_id_field || "id";
+  const allFields = /* @__PURE__ */ new Set();
+  controls.forEach((control) => {
+    Object.keys(control).forEach((key) => allFields.add(key));
+  });
+  const fieldMapping = [];
+  if (allFields.has(controlIdField)) {
+    const idSchema = fieldSchema[controlIdField];
+    fieldMapping.push({
+      fieldName: controlIdField,
+      displayName: idSchema?.original_name || "Control ID"
+    });
+    allFields.delete(controlIdField);
+  } else if (allFields.has("id")) {
+    fieldMapping.push({
+      fieldName: "id",
+      displayName: "Control ID"
+    });
+    allFields.delete("id");
+  }
+  if (allFields.has("family")) {
+    const familySchema = fieldSchema["family"];
+    fieldMapping.push({
+      fieldName: "family",
+      displayName: familySchema?.original_name || "Family"
+    });
+    allFields.delete("family");
+  }
+  Array.from(allFields).filter((field) => field !== "mappings" && field !== "mappings_count").sort().forEach((field) => {
+    const schema = fieldSchema[field];
+    const displayName = schema?.original_name || field.replace(/-/g, " ").replace(/\b\w/g, (l) => l.toUpperCase());
+    fieldMapping.push({ fieldName: field, displayName });
+  });
+  if (allFields.has("mappings_count")) {
+    fieldMapping.push({ fieldName: "mappings_count", displayName: "Mappings Count" });
+  }
+  if (allFields.has("mappings")) {
+    fieldMapping.push({ fieldName: "mappings", displayName: "Mappings" });
+  }
+  const csvRows = [];
+  csvRows.push(fieldMapping.map((field) => `"${field.displayName}"`).join(","));
+  controls.forEach((control) => {
+    const row = fieldMapping.map(({ fieldName }) => {
+      const value = control[fieldName];
+      if (value === void 0 || value === null) return '""';
+      if (fieldName === "mappings" && Array.isArray(value)) {
+        const mappingsStr = value.map(
+          (m) => `${m.status}: ${m.description.substring(0, 50)}${m.description.length > 50 ? "..." : ""}`
+        ).join("; ");
+        return `"${mappingsStr.replace(/"/g, '""')}"`;
+      }
+      if (Array.isArray(value)) return `"${value.join("; ").replace(/"/g, '""')}"`;
+      if (typeof value === "object") return `"${JSON.stringify(value).replace(/"/g, '""')}"`;
+      return `"${String(value).replace(/"/g, '""')}"`;
+    });
+    csvRows.push(row.join(","));
+  });
+  const csvContent = csvRows.join("\n");
+  const fileName = `${metadata?.name || "controls"}_export_${Date.now()}.csv`;
+  res.setHeader("Content-Type", "text/csv");
+  res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
+  res.send(csvContent);
+}
+async function exportAsExcel(controls, metadata, res) {
+  const fieldSchema = metadata?.fieldSchema?.fields || {};
+  const controlIdField = metadata?.control_id_field || "id";
+  const worksheetData = controls.map((control) => {
+    const exportControl = {};
+    if (control[controlIdField]) {
+      const idSchema = fieldSchema[controlIdField];
+      const idDisplayName = idSchema?.original_name || "Control ID";
+      exportControl[idDisplayName] = control[controlIdField];
+    } else if (control.id) {
+      exportControl["Control ID"] = control.id;
+    }
+    if (control.family) {
+      const familySchema = fieldSchema["family"];
+      const familyDisplayName = familySchema?.original_name || "Family";
+      exportControl[familyDisplayName] = control.family;
+    }
+    Object.keys(control).forEach((key) => {
+      if (key === controlIdField || key === "id" || key === "family") return;
+      const schema = fieldSchema[key];
+      const displayName = schema?.original_name || (key === "mappings_count" ? "Mappings Count" : key === "mappings" ? "Mappings" : key.replace(/-/g, " ").replace(/\b\w/g, (l) => l.toUpperCase()));
+      const value = control[key];
+      if (key === "mappings" && Array.isArray(value)) {
+        exportControl[displayName] = value.map(
+          (m) => `${m.status}: ${m.description.substring(0, 100)}${m.description.length > 100 ? "..." : ""}`
+        ).join("\n");
+      } else if (Array.isArray(value)) {
+        exportControl[displayName] = value.join("; ");
+      } else if (typeof value === "object" && value !== null) {
+        exportControl[displayName] = JSON.stringify(value);
+      } else {
+        exportControl[displayName] = value;
+      }
+    });
+    return exportControl;
+  });
+  const wb = new ExcelJS.Workbook();
+  const ws = wb.addWorksheet("Controls");
+  const headers = Object.keys(worksheetData[0] || {});
+  ws.columns = headers.map((header) => ({
+    header,
+    key: header,
+    width: Math.min(
+      Math.max(
+        header.length,
+        ...worksheetData.map((row) => String(row[header] || "").length)
+      ) + 2,
+      50
+    )
+    // Auto-size with max width of 50
+  }));
+  worksheetData.forEach((row) => {
+    ws.addRow(row);
+  });
+  ws.getRow(1).font = { bold: true };
+  ws.getRow(1).fill = {
+    type: "pattern",
+    pattern: "solid",
+    fgColor: { argb: "FFE0E0E0" }
+  };
+  if (metadata) {
+    const metaSheet = wb.addWorksheet("Metadata");
+    const cleanMetadata = { ...metadata };
+    delete cleanMetadata.fieldSchema;
+    metaSheet.columns = [
+      { header: "Property", key: "property", width: 30 },
+      { header: "Value", key: "value", width: 50 }
+    ];
+    Object.entries(cleanMetadata).forEach(([key, value]) => {
+      metaSheet.addRow({ property: key, value: String(value) });
+    });
+  }
+  const buffer = await wb.xlsx.writeBuffer();
+  const fileName = `${metadata?.name || "controls"}_export_${Date.now()}.xlsx`;
+  res.setHeader(
+    "Content-Type",
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+  );
+  res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
+  res.send(buffer);
+}
+function exportAsJSON(controls, metadata, res) {
+  const exportData = {
+    metadata: metadata || {},
+    controlCount: controls.length,
+    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    controls
+  };
+  const fileName = `${metadata?.name || "controls"}_export_${Date.now()}.json`;
+  res.setHeader("Content-Type", "application/json");
+  res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
+  res.json(exportData);
+}
+var router, upload, spreadsheetRoutes_default;
+var init_spreadsheetRoutes = __esm({
+  "cli/server/spreadsheetRoutes.ts"() {
+    "use strict";
+    init_debug();
+    init_serverState();
+    router = express.Router();
+    upload = multer({
+      storage: multer.memoryStorage(),
+      limits: { fileSize: 50 * 1024 * 1024 }
+      // 50MB limit
+    });
+    router.post("/import-spreadsheet", upload.single("file"), async (req, res) => {
+      try {
+        if (!req.file) {
+          return res.status(400).json({ error: "No file uploaded" });
+        }
+        const {
+          controlIdField = "Control ID",
+          startRow = "1",
+          controlSetName = "Imported Control Set",
+          controlSetDescription = "Imported from spreadsheet"
+        } = req.body;
+        debug("Import parameters received:", {
+          controlIdField,
+          startRow,
+          controlSetName,
+          controlSetDescription
+        });
+        const namingConvention = "kebab-case";
+        const skipEmpty = true;
+        const skipEmptyRows = true;
+        const fileName = req.file.originalname || "";
+        const isCSV = fileName.toLowerCase().endsWith(".csv");
+        let rawData = [];
+        if (isCSV) {
+          const csvContent = req.file.buffer.toString("utf-8");
+          rawData = parseCSV(csvContent);
+        } else {
+          const workbook = new ExcelJS.Workbook();
+          const buffer = Buffer.from(req.file.buffer);
+          await workbook.xlsx.load(buffer);
+          const worksheet = workbook.worksheets[0];
+          if (!worksheet) {
+            return res.status(400).json({ error: "No worksheet found in file" });
+          }
+          worksheet.eachRow({ includeEmpty: true }, (row, rowNumber) => {
+            const rowData = [];
+            row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
+              rowData[colNumber - 1] = cell.value;
+            });
+            rawData[rowNumber - 1] = rowData;
+          });
+        }
+        const startRowIndex = parseInt(startRow) - 1;
+        if (rawData.length <= startRowIndex) {
+          return res.status(400).json({ error: "Start row exceeds sheet data" });
+        }
+        const headers = rawData[startRowIndex];
+        if (!headers || headers.length === 0) {
+          return res.status(400).json({ error: "No headers found at specified row" });
+        }
+        debug("Headers found:", headers);
+        debug(
+          "After conversion, looking for control ID field:",
+          applyNamingConvention(controlIdField, namingConvention)
+        );
+        const controls = [];
+        const families = /* @__PURE__ */ new Map();
+        const fieldMetadata = /* @__PURE__ */ new Map();
+        headers.forEach((header) => {
+          if (header) {
+            const cleanName = applyNamingConvention(header, namingConvention);
+            fieldMetadata.set(cleanName, {
+              originalName: header,
+              cleanName,
+              type: "string",
+              maxLength: 0,
+              hasMultipleLines: false,
+              uniqueValues: /* @__PURE__ */ new Set(),
+              emptyCount: 0,
+              totalCount: 0,
+              examples: []
+            });
+          }
+        });
+        for (let i = startRowIndex + 1; i < rawData.length; i++) {
+          const row = rawData[i];
+          if (!row || row.length === 0) continue;
+          const control = {};
+          let hasData = false;
+          headers.forEach((header, index) => {
+            if (header && row[index] !== void 0 && row[index] !== null) {
+              const value = typeof row[index] === "string" ? row[index].trim() : row[index];
+              const fieldName = applyNamingConvention(header, namingConvention);
+              const metadata = fieldMetadata.get(fieldName);
+              metadata.totalCount++;
+              if (value === "" || value === null || value === void 0) {
+                metadata.emptyCount++;
+                if (skipEmpty) return;
+              } else {
+                const normalizedValue = typeof value === "string" ? value.trim() : value;
+                if (normalizedValue !== "") {
+                  metadata.uniqueValues.add(normalizedValue);
+                }
+                const valueType = detectValueType(value);
+                if (metadata.type === "string" || metadata.totalCount === 1) {
+                  metadata.type = valueType;
+                } else if (metadata.type !== valueType) {
+                  metadata.type = "mixed";
+                }
+                if (typeof value === "string") {
+                  const length = value.length;
+                  if (length > metadata.maxLength) {
+                    metadata.maxLength = length;
+                  }
+                  if (value.includes("\n") || length > 100) {
+                    metadata.hasMultipleLines = true;
+                  }
+                }
+                if (metadata.examples.length < 3 && normalizedValue !== "") {
+                  metadata.examples.push(normalizedValue);
+                }
+              }
+              control[fieldName] = value;
+              hasData = true;
+            }
+          });
+          if (hasData && (!skipEmptyRows || Object.keys(control).length > 0)) {
+            const controlIdFieldName = applyNamingConvention(controlIdField, namingConvention);
+            const controlId = control[controlIdFieldName];
+            if (!controlId) {
+              continue;
+            }
+            const family = extractFamilyFromControlId(controlId);
+            control.family = family;
+            controls.push(control);
+            if (!families.has(family)) {
+              families.set(family, []);
+            }
+            families.get(family).push(control);
+          }
+        }
+        const state = getServerState();
+        const folderName = toKebabCase(controlSetName || "imported-controls");
+        const baseDir = join4(state.CONTROL_SET_DIR || process.cwd(), folderName);
+        if (!existsSync3(baseDir)) {
+          mkdirSync2(baseDir, { recursive: true });
+        }
+        const uniqueFamilies = Array.from(families.keys()).filter((f) => f && f !== "UNKNOWN");
+        let frontendFieldSchema = null;
+        if (req.body.fieldSchema) {
+          try {
+            frontendFieldSchema = JSON.parse(req.body.fieldSchema);
+          } catch (e) {
+          }
+        }
+        const fields = {};
+        let displayOrder = 1;
+        const controlIdFieldNameClean = applyNamingConvention(controlIdField, namingConvention);
+        const familyOptions = Array.from(families.keys()).filter((f) => f && f !== "UNKNOWN").sort();
+        fields["family"] = {
+          type: "string",
+          ui_type: familyOptions.length <= 50 ? "select" : "short_text",
+          // Make select if reasonable number of families
+          is_array: false,
+          max_length: 10,
+          usage_count: controls.length,
+          usage_percentage: 100,
+          required: true,
+          visible: true,
+          show_in_table: true,
+          editable: false,
+          display_order: displayOrder++,
+          category: "core",
+          tab: "overview"
+        };
+        if (familyOptions.length <= 50) {
+          fields["family"].options = familyOptions;
+        }
+        fieldMetadata.forEach((metadata, fieldName) => {
+          if (fieldName === "family" || fieldName === "id" && controlIdFieldNameClean !== "id") {
+            return;
+          }
+          const frontendConfig = frontendFieldSchema?.find((f) => f.fieldName === fieldName);
+          if (frontendFieldSchema && !frontendConfig) {
+            return;
+          }
+          const usageCount = metadata.totalCount - metadata.emptyCount;
+          const usagePercentage = metadata.totalCount > 0 ? Math.round(usageCount / metadata.totalCount * 100) : 0;
+          let uiType = "short_text";
+          const nonEmptyCount = metadata.totalCount - metadata.emptyCount;
+          const isDropdownCandidate = metadata.uniqueValues.size > 0 && metadata.uniqueValues.size <= 20 && // Max 20 unique values for dropdown
+          nonEmptyCount >= 10 && // At least 10 non-empty values to be meaningful
+          metadata.maxLength <= 100 && // Reasonably short values only
+          metadata.uniqueValues.size / nonEmptyCount <= 0.3;
+          if (metadata.hasMultipleLines || metadata.maxLength > 500) {
+            uiType = "textarea";
+          } else if (isDropdownCandidate) {
+            uiType = "select";
+          } else if (metadata.type === "boolean") {
+            uiType = "checkbox";
+          } else if (metadata.type === "number") {
+            uiType = "number";
+          } else if (metadata.type === "date") {
+            uiType = "date";
+          } else if (metadata.maxLength <= 50) {
+            uiType = "short_text";
+          } else if (metadata.maxLength <= 200) {
+            uiType = "medium_text";
+          } else {
+            uiType = "long_text";
+          }
+          let category = frontendConfig?.category || "custom";
+          if (!frontendConfig) {
+            if (fieldName.includes("status") || fieldName.includes("state")) {
+              category = "compliance";
+            } else if (fieldName.includes("title") || fieldName.includes("name") || fieldName.includes("description")) {
+              category = "core";
+            } else if (fieldName.includes("note") || fieldName.includes("comment")) {
+              category = "notes";
+            }
+          }
+          const isControlIdField = fieldName === controlIdFieldNameClean;
+          const fieldDef = {
+            type: metadata.type,
+            ui_type: uiType,
+            is_array: false,
+            max_length: metadata.maxLength,
+            usage_count: usageCount,
+            usage_percentage: usagePercentage,
+            required: isControlIdField ? true : frontendConfig?.required ?? usagePercentage > 95,
+            // Control ID is always required
+            visible: frontendConfig?.tab !== "hidden",
+            show_in_table: isControlIdField ? true : metadata.maxLength <= 100 && usagePercentage > 30,
+            // Always show control ID in table
+            editable: isControlIdField ? false : true,
+            // Control ID is not editable
+            display_order: isControlIdField ? 1 : frontendConfig?.displayOrder ?? displayOrder++,
+            // Control ID is always first
+            category: isControlIdField ? "core" : category,
+            // Control ID is always core
+            tab: isControlIdField ? "overview" : frontendConfig?.tab || void 0
+            // Control ID is always in overview
+          };
+          if (uiType === "select") {
+            fieldDef.options = Array.from(metadata.uniqueValues).sort();
+          }
+          if (frontendConfig?.originalName || metadata.originalName) {
+            fieldDef.original_name = frontendConfig?.originalName || metadata.originalName;
+          }
+          fields[fieldName] = fieldDef;
+        });
+        const fieldSchema = {
+          fields,
+          total_controls: controls.length,
+          analyzed_at: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        const controlSetData = {
+          name: controlSetName,
+          description: controlSetDescription,
+          version: "1.0.0",
+          control_id_field: controlIdFieldNameClean,
+          // Add this to indicate which field is the control ID
+          controlCount: controls.length,
+          families: uniqueFamilies,
+          fieldSchema
+        };
+        writeFileSync2(join4(baseDir, "lula.yaml"), yaml4.dump(controlSetData));
+        const controlsDir = join4(baseDir, "controls");
+        families.forEach((familyControls, family) => {
+          const familyDir = join4(controlsDir, family);
+          if (!existsSync3(familyDir)) {
+            mkdirSync2(familyDir, { recursive: true });
+          }
+          familyControls.forEach((control) => {
+            const controlId = control[controlIdFieldNameClean];
+            if (!controlId) {
+              console.error("Missing control ID for control:", control);
+              return;
+            }
+            const controlIdStr = String(controlId).slice(0, 50);
+            const fileName2 = `${controlIdStr.replace(/[^a-zA-Z0-9-]/g, "_")}.yaml`;
+            const filePath = join4(familyDir, fileName2);
+            const filteredControl = {};
+            if (control.family !== void 0) {
+              filteredControl.family = control.family;
+            }
+            Object.keys(control).forEach((fieldName) => {
+              if (fieldName === "family") return;
+              const isInFrontendSchema = frontendFieldSchema?.some((f) => f.fieldName === fieldName);
+              const isInFieldsMetadata = fields.hasOwnProperty(fieldName);
+              if (isInFrontendSchema || isInFieldsMetadata) {
+                filteredControl[fieldName] = control[fieldName];
+              }
+            });
+            writeFileSync2(filePath, yaml4.dump(filteredControl));
+          });
+        });
+        res.json({
+          success: true,
+          controlCount: controls.length,
+          families: Array.from(families.keys()),
+          outputDir: folderName
+          // Return just the folder name, not full path
+        });
+      } catch (error) {
+        console.error("Error processing spreadsheet:", error);
+        res.status(500).json({ error: "Failed to process spreadsheet" });
+      }
+    });
+    router.get("/export-controls", async (req, res) => {
+      try {
+        const format = req.query.format || "csv";
+        const state = getServerState();
+        const fileStore = state.fileStore;
+        if (!fileStore) {
+          return res.status(500).json({ error: "No control set loaded" });
+        }
+        const controls = await fileStore.loadAllControls();
+        const mappings = await fileStore.loadMappings();
+        let metadata = {};
+        try {
+          const metadataPath2 = join4(state.CONTROL_SET_DIR, "lula.yaml");
+          if (existsSync3(metadataPath2)) {
+            const metadataContent = readFileSync3(metadataPath2, "utf8");
+            metadata = yaml4.load(metadataContent);
+          }
+        } catch (err) {
+          debug("Could not load metadata:", err);
+        }
+        if (!controls || controls.length === 0) {
+          return res.status(404).json({ error: "No controls found" });
+        }
+        const controlsWithMappings = controls.map((control) => {
+          const controlIdField = metadata?.control_id_field || "id";
+          const controlId = control[controlIdField] || control.id;
+          const controlMappings = mappings.filter((m) => m.control_id === controlId);
+          return {
+            ...control,
+            mappings_count: controlMappings.length,
+            mappings: controlMappings.map((m) => ({
+              uuid: m.uuid,
+              status: m.status,
+              description: m.justification || ""
+            }))
+          };
+        });
+        debug(`Exporting ${controlsWithMappings.length} controls as ${format}`);
+        switch (format.toLowerCase()) {
+          case "csv":
+            return exportAsCSV(controlsWithMappings, metadata, res);
+          case "excel":
+          case "xlsx":
+            return await exportAsExcel(controlsWithMappings, metadata, res);
+          case "json":
+            return exportAsJSON(controlsWithMappings, metadata, res);
+          default:
+            return res.status(400).json({ error: `Unsupported format: ${format}` });
+        }
+      } catch (error) {
+        console.error("Export error:", error);
+        res.status(500).json({ error: error.message });
+      }
+    });
+    router.post("/parse-excel", upload.single("file"), async (req, res) => {
+      try {
+        if (!req.file) {
+          return res.status(400).json({ error: "No file uploaded" });
+        }
+        const fileName = req.file.originalname || "";
+        const isCSV = fileName.toLowerCase().endsWith(".csv");
+        let sheets = [];
+        let rows = [];
+        if (isCSV) {
+          const csvContent = req.file.buffer.toString("utf-8");
+          rows = parseCSV(csvContent);
+          sheets = ["Sheet1"];
+        } else {
+          const workbook = new ExcelJS.Workbook();
+          const buffer = Buffer.from(req.file.buffer);
+          await workbook.xlsx.load(buffer);
+          sheets = workbook.worksheets.map((ws) => ws.name);
+          const worksheet = workbook.worksheets[0];
+          if (!worksheet) {
+            return res.status(400).json({ error: "No worksheet found in file" });
+          }
+          worksheet.eachRow({ includeEmpty: false }, (row, rowNumber) => {
+            const rowData = [];
+            row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
+              rowData[colNumber - 1] = cell.value;
+            });
+            rows.push(rowData);
+          });
+        }
+        const headerCandidates = rows.slice(0, 5).map((row, index) => ({
+          row: index + 1,
+          preview: row.slice(0, 4).filter((v) => v != null).join(", ") + (row.length > 4 ? ", ..." : "")
+        }));
+        res.json({
+          sheets,
+          selectedSheet: sheets[0],
+          rowPreviews: headerCandidates,
+          totalRows: rows.length,
+          sampleData: rows.slice(0, 10)
+          // First 10 rows for preview
+        });
+      } catch (error) {
+        console.error("Error parsing Excel file:", error);
+        res.status(500).json({ error: "Failed to parse Excel file" });
+      }
+    });
+    router.post("/parse-excel-sheet", upload.single("file"), async (req, res) => {
+      try {
+        const { sheetName, headerRow } = req.body;
+        if (!req.file) {
+          return res.status(400).json({ error: "No file uploaded" });
+        }
+        const fileName = req.file.originalname || "";
+        const isCSV = fileName.toLowerCase().endsWith(".csv");
+        let rows = [];
+        if (isCSV) {
+          const csvContent = req.file.buffer.toString("utf-8");
+          rows = parseCSV(csvContent);
+        } else {
+          const workbook = new ExcelJS.Workbook();
+          const buffer = Buffer.from(req.file.buffer);
+          await workbook.xlsx.load(buffer);
+          const worksheet = workbook.getWorksheet(sheetName);
+          if (!worksheet) {
+            return res.status(400).json({ error: `Sheet "${sheetName}" not found` });
+          }
+          worksheet.eachRow({ includeEmpty: false }, (row, rowNumber) => {
+            const rowData = [];
+            row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
+              rowData[colNumber - 1] = cell.value;
+            });
+            rows.push(rowData);
+          });
+        }
+        const headerRowIndex = parseInt(headerRow) - 1;
+        const headers = rows[headerRowIndex] || [];
+        const fields = headers.filter((h) => h && typeof h === "string");
+        const sampleData = rows.slice(headerRowIndex + 1, headerRowIndex + 4).map((row) => {
+          const obj = {};
+          headers.forEach((header, index) => {
+            if (header) {
+              obj[header] = row[index];
+            }
+          });
+          return obj;
+        });
+        res.json({
+          fields,
+          sampleData,
+          controlCount: rows.length - headerRowIndex - 1
+        });
+      } catch (error) {
+        console.error("Error parsing Excel sheet:", error);
+        res.status(500).json({ error: "Failed to parse Excel sheet" });
+      }
+    });
+    spreadsheetRoutes_default = router;
+  }
+});
+
+// index.ts
+import { Command as Command2 } from "commander";
+
+// cli/commands/ui.ts
+import { existsSync as existsSync5 } from "fs";
+import open from "open";
+import { join as join7 } from "path";
+
+// cli/server/server.ts
+init_serverState();
+init_spreadsheetRoutes();
+import cors from "cors";
+import express2 from "express";
+import { existsSync as existsSync4, mkdirSync as mkdirSync3 } from "fs";
+import { createServer as createHttpServer } from "http";
+import { dirname as dirname2, join as join6 } from "path";
+import { fileURLToPath } from "url";
+
+// cli/server/websocketServer.ts
+import { readFileSync as readFileSync4 } from "fs";
+init_debug();
+init_controlHelpers();
+init_serverState();
+import * as yaml5 from "js-yaml";
+import { join as join5 } from "path";
+import { WebSocket, WebSocketServer } from "ws";
+var WebSocketManager = class {
+  wss = null;
+  clients = /* @__PURE__ */ new Set();
+  /**
+   * Handle incoming commands from WebSocket clients
+   * @param message - The command message from the client
+   * @param ws - The WebSocket connection that sent the message
+   */
+  async handleCommand(message, ws) {
+    const { type, payload } = message;
+    try {
+      switch (type) {
+        case "update-control": {
+          const state = getServerState();
+          if (payload && payload.id) {
+            const existingControl = state.controlsCache.get(payload.id);
+            if (!existingControl) {
+              console.error("Control not found:", payload.id);
+              return;
+            }
+            const updatedControl = { ...existingControl, ...payload };
+            await state.fileStore.saveControl(updatedControl);
+            state.controlsCache.set(updatedControl.id, updatedControl);
+            const family = updatedControl.family || updatedControl.id.split("-")[0];
+            if (!state.controlsByFamily.has(family)) {
+              state.controlsByFamily.set(family, /* @__PURE__ */ new Set());
+            }
+            const familyControlIds = state.controlsByFamily.get(family);
+            if (familyControlIds) {
+              familyControlIds.add(updatedControl.id);
+            }
+            ws.send(
+              JSON.stringify({
+                type: "control-updated",
+                payload: { id: payload.id, success: true }
+              })
+            );
+          }
+          break;
+        }
+        case "refresh-controls": {
+          const state = getServerState();
+          state.controlsCache.clear();
+          state.controlsByFamily.clear();
+          const { loadAllData: loadAllData2 } = await Promise.resolve().then(() => (init_serverState(), serverState_exports));
+          await loadAllData2();
+          this.broadcastState();
+          break;
+        }
+        case "switch-control-set": {
+          if (payload && payload.path) {
+            const { initializeServerState: initializeServerState2, loadAllData: loadAllData2 } = await Promise.resolve().then(() => (init_serverState(), serverState_exports));
+            const currentState = getServerState();
+            initializeServerState2(currentState.CONTROL_SET_DIR, payload.path);
+            await loadAllData2();
+            this.broadcastState();
+          }
+          break;
+        }
+        case "create-mapping": {
+          const state = getServerState();
+          if (payload && payload.control_id) {
+            const mapping = payload;
+            if (!mapping.uuid) {
+              const crypto = await import("crypto");
+              mapping.uuid = crypto.randomUUID();
+            }
+            await state.fileStore.saveMapping(mapping);
+            state.mappingsCache.set(mapping.uuid, mapping);
+            const family = mapping.control_id.split("-")[0];
+            if (!state.mappingsByFamily.has(family)) {
+              state.mappingsByFamily.set(family, /* @__PURE__ */ new Set());
+            }
+            state.mappingsByFamily.get(family)?.add(mapping.uuid);
+            if (!state.mappingsByControl.has(mapping.control_id)) {
+              state.mappingsByControl.set(mapping.control_id, /* @__PURE__ */ new Set());
+            }
+            state.mappingsByControl.get(mapping.control_id)?.add(mapping.uuid);
+            ws.send(
+              JSON.stringify({
+                type: "mapping-created",
+                payload: { uuid: mapping.uuid, success: true }
+              })
+            );
+            this.broadcastState();
+          }
+          break;
+        }
+        case "update-mapping": {
+          const state = getServerState();
+          if (payload && payload.uuid) {
+            const mapping = payload;
+            await state.fileStore.saveMapping(mapping);
+            state.mappingsCache.set(mapping.uuid, mapping);
+            ws.send(
+              JSON.stringify({
+                type: "mapping-updated",
+                payload: { uuid: mapping.uuid, success: true }
+              })
+            );
+            this.broadcastState();
+          }
+          break;
+        }
+        case "delete-mapping": {
+          const state = getServerState();
+          if (payload && payload.uuid) {
+            const uuid = payload.uuid;
+            const mapping = state.mappingsCache.get(uuid);
+            if (mapping) {
+              await state.fileStore.deleteMapping(uuid);
+              state.mappingsCache.delete(uuid);
+              const family = mapping.control_id.split("-")[0];
+              state.mappingsByFamily.get(family)?.delete(uuid);
+              state.mappingsByControl.get(mapping.control_id)?.delete(uuid);
+              ws.send(
+                JSON.stringify({
+                  type: "mapping-deleted",
+                  payload: { uuid, success: true }
+                })
+              );
+              this.broadcastState();
+            }
+          }
+          break;
+        }
+        case "scan-control-sets": {
+          const { scanControlSets: scanControlSets2 } = await Promise.resolve().then(() => (init_spreadsheetRoutes(), spreadsheetRoutes_exports));
+          try {
+            const controlSets = await scanControlSets2();
+            ws.send(
+              JSON.stringify({
+                type: "control-sets-list",
+                payload: controlSets
+              })
+            );
+          } catch (error) {
+            console.error("Error scanning control sets:", error);
+            ws.send(
+              JSON.stringify({
+                type: "error",
+                payload: { message: `Failed to scan control sets: ${error.message}` }
+              })
+            );
+          }
+          break;
+        }
+        case "get-control": {
+          if (payload && payload.id) {
+            const { FileStore: FileStore2 } = await Promise.resolve().then(() => (init_fileStore(), fileStore_exports));
+            const currentPath = getCurrentControlSetPath();
+            const fileStore = new FileStore2({ baseDir: currentPath });
+            const controlId = payload.id;
+            const control = await fileStore.loadControl(controlId);
+            if (control) {
+              if (!control.id) {
+                control.id = controlId;
+              }
+              const { GitHistoryUtil: GitHistoryUtil2 } = await Promise.resolve().then(() => (init_gitHistory(), gitHistory_exports));
+              const { execSync } = await import("child_process");
+              let timeline = null;
+              try {
+                const currentPath2 = getCurrentControlSetPath();
+                const { existsSync: existsSync6 } = await import("fs");
+                const family = control.family || control.id.split("-")[0];
+                const familyDir = join5(currentPath2, "controls", family);
+                const possibleFilenames = [
+                  `${control.id}.yaml`,
+                  `${control.id.replace(/\./g, "_")}.yaml`,
+                  // AC-1.1 -> AC-1_1.yaml
+                  `${control.id.replace(/[^\w\-]/g, "_")}.yaml`
+                  // General sanitization
+                ];
+                let controlPath = "";
+                for (const filename of possibleFilenames) {
+                  const testPath = join5(familyDir, filename);
+                  if (existsSync6(testPath)) {
+                    controlPath = testPath;
+                    break;
+                  }
+                }
+                if (!controlPath) {
+                  for (const filename of possibleFilenames) {
+                    const testPath = join5(currentPath2, "controls", filename);
+                    if (existsSync6(testPath)) {
+                      controlPath = testPath;
+                      break;
+                    }
+                  }
+                }
+                debug(`Getting timeline for control ${control.id}:`);
+                debug(`  Current path: ${currentPath2}`);
+                debug(`  Control path found: ${controlPath}`);
+                debug(`  File exists: ${existsSync6(controlPath)}`);
+                if (!controlPath) {
+                  console.error(`Could not find file for control ${control.id}`);
+                  timeline = null;
+                } else {
+                  const gitUtil = new GitHistoryUtil2(currentPath2);
+                  const controlHistory = await gitUtil.getFileHistory(controlPath);
+                  debug(`Git history for ${control.id}:`, {
+                    path: controlPath,
+                    totalCommits: controlHistory.totalCommits,
+                    commits: controlHistory.commits?.length || 0
+                  });
+                  const mappingFilename = `${control.id}-mappings.yaml`;
+                  const mappingPath = join5(currentPath2, "mappings", family, mappingFilename);
+                  let mappingHistory = { commits: [], totalCommits: 0 };
+                  if (existsSync6(mappingPath)) {
+                    mappingHistory = await gitUtil.getFileHistory(mappingPath);
+                    debug(`Mapping history for ${control.id}:`, {
+                      path: mappingPath,
+                      totalCommits: mappingHistory.totalCommits,
+                      commits: mappingHistory.commits?.length || 0
+                    });
+                  }
+                  let hasPendingChanges = false;
+                  try {
+                    try {
+                      execSync(`git ls-files --error-unmatch "${controlPath}"`, {
+                        encoding: "utf8",
+                        cwd: process.cwd(),
+                        stdio: "pipe"
+                      });
+                      const gitStatus = execSync(`git status --porcelain "${controlPath}"`, {
+                        encoding: "utf8",
+                        cwd: process.cwd()
+                      }).trim();
+                      hasPendingChanges = gitStatus.length > 0;
+                      if (hasPendingChanges) {
+                        debug(
+                          `Control ${payload.id} has pending changes: ${gitStatus.substring(0, 2)}`
+                        );
+                      }
+                    } catch {
+                      hasPendingChanges = true;
+                      debug(`Control ${payload.id} is untracked (new file)`);
+                    }
+                  } catch {
+                  }
+                  if (existsSync6(mappingPath)) {
+                    try {
+                      try {
+                        execSync(`git ls-files --error-unmatch "${mappingPath}"`, {
+                          encoding: "utf8",
+                          cwd: process.cwd(),
+                          stdio: "pipe"
+                        });
+                        const gitStatus = execSync(`git status --porcelain "${mappingPath}"`, {
+                          encoding: "utf8",
+                          cwd: process.cwd()
+                        }).trim();
+                        if (gitStatus.length > 0) {
+                          hasPendingChanges = true;
+                          debug(`Mapping file has pending changes: ${gitStatus.substring(0, 2)}`);
+                        }
+                      } catch {
+                        hasPendingChanges = true;
+                        debug(`Mapping file is untracked`);
+                      }
+                    } catch {
+                    }
+                  }
+                  const allCommits = [
+                    ...(controlHistory.commits || []).map((c) => ({
+                      ...c,
+                      source: "control"
+                    })),
+                    ...(mappingHistory.commits || []).map((c) => ({ ...c, source: "mapping" }))
+                  ];
+                  allCommits.sort(
+                    (a, b) => new Date(b.date).getTime() - new Date(a.date).getTime()
+                  );
+                  timeline = {
+                    commits: allCommits,
+                    totalCommits: controlHistory.totalCommits + mappingHistory.totalCommits,
+                    controlCommits: controlHistory.totalCommits || 0,
+                    mappingCommits: mappingHistory.totalCommits || 0,
+                    hasPendingChanges
+                  };
+                  if (timeline.totalCommits === 0 && hasPendingChanges) {
+                    debug(`No git history for control ${payload.id} - showing as pending`);
+                    timeline.commits = [
+                      {
+                        hash: "pending",
+                        shortHash: "pending",
+                        author: "Current User",
+                        authorEmail: "",
+                        date: (/* @__PURE__ */ new Date()).toISOString(),
+                        message: "Pending changes (uncommitted)",
+                        isPending: true,
+                        changes: {
+                          insertions: 0,
+                          deletions: 0,
+                          files: 1
+                        },
+                        source: "control"
+                      }
+                    ];
+                    timeline.totalCommits = 1;
+                  } else if (hasPendingChanges && timeline.totalCommits > 0) {
+                    timeline.commits.unshift({
+                      hash: "pending",
+                      shortHash: "pending",
+                      author: "Current User",
+                      authorEmail: "",
+                      date: (/* @__PURE__ */ new Date()).toISOString(),
+                      message: "Pending changes (uncommitted)",
+                      isPending: true,
+                      changes: {
+                        insertions: 0,
+                        deletions: 0,
+                        files: 1
+                      },
+                      source: "control"
+                    });
+                    timeline.totalCommits += 1;
+                  }
+                  debug(`Final timeline for ${control.id}:`, {
+                    totalCommits: timeline.totalCommits,
+                    commits: timeline.commits?.length || 0,
+                    hasPending: timeline.hasPendingChanges
+                  });
+                }
+              } catch (error) {
+                console.error("Error fetching timeline:", error);
+                timeline = null;
+              }
+              ws.send(
+                JSON.stringify({
+                  type: "control-details",
+                  payload: { ...control, timeline }
+                })
+              );
+            } else {
+              ws.send(
+                JSON.stringify({
+                  type: "error",
+                  payload: { message: `Control not found: ${payload.id}` }
+                })
+              );
+            }
+          }
+          break;
+        }
+        default:
+          console.warn("Unknown command type:", type);
+          ws.send(
+            JSON.stringify({
+              type: "error",
+              payload: { message: `Unknown command: ${type}` }
+            })
+          );
+      }
+    } catch (error) {
+      console.error("Error handling command:", error);
+      ws.send(
+        JSON.stringify({
+          type: "error",
+          payload: { message: error.message }
+        })
+      );
+    }
+  }
+  /**
+   * Get the complete application state for broadcasting
+   * @returns The complete state object or null if error
+   */
+  getCompleteState() {
+    try {
+      const state = getServerState();
+      const currentPath = getCurrentControlSetPath();
+      let controlSetData = {};
+      try {
+        const controlSetFile = join5(currentPath, "lula.yaml");
+        const content = readFileSync4(controlSetFile, "utf8");
+        controlSetData = yaml5.load(content);
+      } catch {
+        controlSetData = {
+          id: "unknown",
+          name: "Unknown Control Set"
+        };
+      }
+      const controlsMetadata = Array.from(state.controlsCache.values()).map((control) => {
+        if (!control.id) {
+          control.id = getControlId(control, currentPath);
+        }
+        const metadata = {
+          id: control.id,
+          family: control.family
+        };
+        const fieldSchema = controlSetData.fieldSchema?.fields || {};
+        for (const [fieldName, fieldConfig] of Object.entries(fieldSchema)) {
+          if (fieldConfig.tab === "overview" && control[fieldName] !== void 0) {
+            metadata[fieldName] = control[fieldName];
+          }
+        }
+        if (control.title !== void 0) metadata.title = control.title;
+        if (control.implementation_status !== void 0)
+          metadata.implementation_status = control.implementation_status;
+        if (control.compliance_status !== void 0)
+          metadata.compliance_status = control.compliance_status;
+        return metadata;
+      });
+      return {
+        ...controlSetData,
+        // Spread control set properties at root level
+        currentPath,
+        controls: controlsMetadata,
+        // Send lightweight metadata instead of full controls
+        mappings: Array.from(state.mappingsCache.values()),
+        families: Array.from(state.controlsByFamily.keys()).sort(),
+        totalControls: state.controlsCache.size,
+        totalMappings: state.mappingsCache.size
+      };
+    } catch (error) {
+      console.error("Error getting complete state:", error);
+      return null;
+    }
+  }
+  /**
+   * Send state updates to client in chunks for better performance
+   * @param ws - The WebSocket connection to send to
+   * @param fullData - Whether to send full data or summaries
+   */
+  sendStateInChunks(ws, fullData = false) {
+    try {
+      const state = getServerState();
+      const currentPath = getCurrentControlSetPath();
+      let controlSetData = {};
+      try {
+        const controlSetFile = join5(currentPath, "lula.yaml");
+        const content = readFileSync4(controlSetFile, "utf8");
+        controlSetData = yaml5.load(content);
+      } catch {
+        controlSetData = {
+          id: "unknown",
+          name: "Unknown Control Set"
+        };
+      }
+      ws.send(
+        JSON.stringify({
+          type: "metadata-update",
+          payload: {
+            ...controlSetData,
+            currentPath,
+            families: Array.from(state.controlsByFamily.keys()).sort(),
+            totalControls: state.controlsCache.size,
+            totalMappings: state.mappingsCache.size
+          }
+        })
+      );
+      const controlSummaries = Array.from(state.controlsCache.values()).map((control) => {
+        const controlId = control.id || getControlId(control, currentPath);
+        const summary = {
+          id: controlId,
+          family: control.family || control["control-acronym"]?.toString().split("-")[0] || ""
+        };
+        if (controlSetData.field_schema?.fields) {
+          for (const [fieldName] of Object.entries(controlSetData.field_schema.fields)) {
+            if (control[fieldName] !== void 0) {
+              summary[fieldName] = control[fieldName];
+            }
+          }
+        } else {
+          Object.assign(summary, control);
+        }
+        return summary;
+      });
+      setTimeout(() => {
+        ws.send(
+          JSON.stringify({
+            type: "controls-update",
+            payload: fullData ? Array.from(state.controlsCache.values()) : controlSummaries
+          })
+        );
+      }, 10);
+      setTimeout(() => {
+        ws.send(
+          JSON.stringify({
+            type: "mappings-update",
+            payload: Array.from(state.mappingsCache.values())
+          })
+        );
+      }, 20);
+    } catch (error) {
+      console.error("Error sending state in chunks:", error);
+    }
+  }
+  /**
+   * Initialize the WebSocket server
+   * @param server - The HTTP server to attach to
+   */
+  initialize(server) {
+    this.wss = new WebSocketServer({ server, path: "/ws" });
+    this.wss.on("connection", (ws) => {
+      debug("New WebSocket client connected");
+      this.clients.add(ws);
+      const initialState = this.getCompleteState();
+      if (initialState) {
+        ws.send(
+          JSON.stringify({
+            type: "state-update",
+            payload: initialState
+          })
+        );
+      }
+      ws.on("message", async (message) => {
+        try {
+          const data = JSON.parse(message.toString());
+          debug("Received WebSocket message:", data);
+          await this.handleCommand(data, ws);
+        } catch (error) {
+          console.error("Invalid WebSocket message:", error);
+          ws.send(
+            JSON.stringify({
+              type: "error",
+              payload: { message: "Invalid message format" }
+            })
+          );
+        }
+      });
+      ws.on("close", () => {
+        debug("WebSocket client disconnected");
+        this.clients.delete(ws);
+      });
+      ws.on("error", (error) => {
+        console.error("WebSocket error:", error);
+        this.clients.delete(ws);
+      });
+      ws.send(JSON.stringify({ type: "connected" }));
+      this.sendStateInChunks(ws);
+    });
+  }
+  /**
+   * Broadcast a message to all connected clients
+   * @param message - The message to broadcast
+   */
+  broadcast(message) {
+    const data = JSON.stringify(message);
+    this.clients.forEach((client) => {
+      if (client.readyState === WebSocket.OPEN) {
+        client.send(data);
+      }
+    });
+  }
+  /**
+   * Broadcast the complete state to all connected clients
+   */
+  broadcastState() {
+    const completeState = this.getCompleteState();
+    if (completeState) {
+      this.broadcast({
+        type: "state-update",
+        payload: completeState
+      });
+    }
+  }
+  /**
+   * Notify all clients that a control was updated
+   * @param _controlId - The ID of the updated control (unused but kept for API compatibility)
+   */
+  notifyControlUpdate(_controlId) {
+    this.broadcastState();
+  }
+  /**
+   * Notify all clients that a mapping was created
+   * @param _mapping - The created mapping (unused but kept for API compatibility)
+   */
+  notifyMappingCreated(_mapping) {
+    this.broadcastState();
+  }
+  /**
+   * Notify all clients that a mapping was updated
+   * @param _mapping - The updated mapping (unused but kept for API compatibility)
+   */
+  notifyMappingUpdated(_mapping) {
+    this.broadcastState();
+  }
+  /**
+   * Notify all clients that a mapping was deleted
+   * @param _uuid - The UUID of the deleted mapping (unused but kept for API compatibility)
+   */
+  notifyMappingDeleted(_uuid) {
+    this.broadcastState();
+  }
+  /**
+   * Notify all clients to refresh their data
+   */
+  notifyDataRefresh() {
+    this.broadcastState();
+  }
+};
+var wsManager = new WebSocketManager();
+
+// cli/server/server.ts
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = dirname2(__filename);
+async function createServer(options) {
+  const { controlSetDir, port } = options;
+  if (!existsSync4(controlSetDir)) {
+    mkdirSync3(controlSetDir, { recursive: true });
+  }
+  initializeServerState(controlSetDir);
+  await loadAllData();
+  const app = express2();
+  app.use(cors());
+  app.use(express2.json({ limit: "50mb" }));
+  const distPath = join6(__dirname, "../dist");
+  app.use(express2.static(distPath));
+  app.use("/api", spreadsheetRoutes_default);
+  app.get("*", (req, res) => {
+    res.sendFile(join6(distPath, "index.html"));
+  });
+  const httpServer = createHttpServer(app);
+  wsManager.initialize(httpServer);
+  return {
+    app,
+    start: () => {
+      return new Promise((resolve) => {
+        httpServer.listen(port, () => {
+          console.log(`
+\u2728 Lula is running at http://localhost:${port}`);
+          resolve();
+        });
+      });
+    }
+  };
+}
+async function startServer(options) {
+  const server = await createServer(options);
+  await server.start();
+  if (process.stdin.isTTY) {
+    process.stdin.setRawMode(true);
+    process.stdin.resume();
+    process.stdin.setEncoding("utf8");
+    console.log("\nPress ESC to close the app\n");
+    process.stdin.on("data", async (key) => {
+      const keyStr = key.toString();
+      if (keyStr === "\x1B" || keyStr === "") {
+        console.log("\n\nShutting down server...");
+        try {
+          await saveMappingsToFile();
+          console.log("Changes saved successfully");
+        } catch (error) {
+          console.error("Error saving changes:", error);
+        }
+        process.exit(0);
+      }
+    });
+  }
+  process.on("SIGINT", async () => {
+    try {
+      await saveMappingsToFile();
+    } catch (error) {
+      console.error("Error saving changes:", error);
+    }
+    process.exit(0);
+  });
+}
+
+// cli/server/index.ts
+init_serverState();
+init_fileStore();
+init_gitHistory();
+
+// cli/commands/ui.ts
+var UICommand = class _UICommand {
+  /**
+   * Register the serve command with Commander
+   * @param program The Commander program instance
+   * @param parentDebugGetter Function to get debug flag from parent command
+   */
+  static register(program2, parentDebugGetter) {
+    return program2.command("ui", { isDefault: true }).description("Start the Lula web interface (default)").option("--dir <directory>", "Control set directory path").option("--port <port>", "Server port", "3000").option("--no-open-browser", "Do not open browser when starting the server").action(async (options) => {
+      if (parentDebugGetter()) {
+        console.log("Debug mode enabled");
+        const { setDebugMode: setDebugMode2 } = await Promise.resolve().then(() => (init_debug(), debug_exports));
+        setDebugMode2(true);
+      }
+      const uiCommand = new _UICommand();
+      const controlSetDir = options.dir || process.cwd();
+      await uiCommand.run({
+        dir: controlSetDir,
+        port: parseInt(options.port),
+        openBrowser: options.openBrowser !== false
+        // Default to true unless explicitly disabled
+      });
+    });
+  }
+  async run(options) {
+    const { dir, port, openBrowser } = options;
+    const controlSetPath = join7(dir, "lula.yaml");
+    const hasControlSet = existsSync5(controlSetPath);
+    await startServer({ controlSetDir: dir, port });
+    if (openBrowser) {
+      const url = `http://localhost:${port}`;
+      if (!hasControlSet) {
+        await open(`${url}/setup`);
+      } else {
+        await open(url);
+      }
+    }
+  }
+};
+
+// cli/commands/version.ts
+import fs3 from "fs";
+import path from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+function getVersion() {
+  const __dirname2 = path.dirname(fileURLToPath2(import.meta.url));
+  const possiblePaths = [
+    path.resolve(__dirname2, "../../package.json"),
+    // dev: cli/commands -> root
+    path.resolve(__dirname2, "../../../package.json"),
+    // alt dev path
+    path.resolve(__dirname2, "../package.json"),
+    // dist: dist/cli/commands -> dist -> root
+    path.resolve(__dirname2, "./package.json"),
+    // dist bundled
+    path.resolve(process.cwd(), "package.json")
+    // current directory fallback
+  ];
+  for (const pkgPath of possiblePaths) {
+    if (fs3.existsSync(pkgPath)) {
+      const packageJson = fs3.readFileSync(pkgPath, "utf8");
+      const { version } = JSON.parse(packageJson);
+      return version;
+    }
+  }
+  return "unknown";
+}
+
+// cli/commands/crawl.ts
+import fs4 from "fs";
+import { Octokit } from "@octokit/rest";
+import { Command } from "commander";
+import { createHash } from "crypto";
+function getPRContext() {
+  const fallbackOwner = process.env.OWNER;
+  const fallbackRepo = process.env.REPO;
+  const fallbackNumber = process.env.PULL_NUMBER;
+  if (process.env.GITHUB_EVENT_PATH && process.env.GITHUB_REPOSITORY) {
+    const event = JSON.parse(fs4.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8"));
+    const [owner, repo] = process.env.GITHUB_REPOSITORY.split("/");
+    const pull_number = event.pull_request?.number;
+    if (!pull_number) throw new Error("PR number not found in GitHub event payload.");
+    return { owner, repo, pull_number };
+  }
+  if (!fallbackOwner || !fallbackRepo || !fallbackNumber) {
+    throw new Error("Set OWNER, REPO, and PULL_NUMBER in the environment for local use.");
+  }
+  return {
+    owner: fallbackOwner,
+    repo: fallbackRepo,
+    pull_number: parseInt(fallbackNumber, 10)
+  };
+}
+async function fetchRawFileViaAPI({
+  octokit,
+  owner,
+  repo,
+  path: path2,
+  ref
+}) {
+  const res = await octokit.repos.getContent({
+    owner,
+    repo,
+    path: path2,
+    ref,
+    headers: {
+      accept: "application/vnd.github.v3.raw"
+    }
+  });
+  if (typeof res.data === "string") {
+    return res.data;
+  }
+  if (typeof res.data === "object" && res.data !== null && "content" in res.data && typeof res.data.content === "string") {
+    const { content } = res.data;
+    return Buffer.from(content, "base64").toString("utf-8");
+  }
+  throw new Error("Unexpected GitHub API response shape");
+}
+function extractMapBlocks(content) {
+  const lines = content.split("\n");
+  const blocks = [];
+  const stack = [];
+  lines.forEach((line, idx) => {
+    const start = line.match(/@lulaStart\s+([a-f0-9-]+)/);
+    const end = line.match(/@lulaEnd\s+([a-f0-9-]+)/);
+    if (start) {
+      stack.push({ uuid: start[1], line: idx });
+    } else if (end) {
+      const last = stack.find((s) => s.uuid === end[1]);
+      if (last) {
+        blocks.push({ uuid: last.uuid, startLine: last.line, endLine: idx + 1 });
+        stack.splice(stack.indexOf(last), 1);
+      }
+    }
+  });
+  return blocks;
+}
+function getChangedBlocks(oldText, newText) {
+  const oldBlocks = extractMapBlocks(oldText);
+  const newBlocks = extractMapBlocks(newText);
+  const changed = [];
+  for (const newBlock of newBlocks) {
+    const oldMatch = oldBlocks.find((b) => b.uuid === newBlock.uuid);
+    if (!oldMatch) continue;
+    const oldSegment = oldText.split("\n").slice(oldMatch.startLine, oldMatch.endLine).join("\n");
+    const newSegment = newText.split("\n").slice(newBlock.startLine, newBlock.endLine).join("\n");
+    if (oldSegment !== newSegment) {
+      changed.push(newBlock);
+    }
+  }
+  return changed;
+}
+function crawlCommand() {
+  return new Command().command("crawl").description("Detect compliance-related changes between @lulaStart and @lulaEnd in PR files").action(async () => {
+    const { owner, repo, pull_number } = getPRContext();
+    const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN });
+    const pr = await octokit.pulls.get({ owner, repo, pull_number });
+    const prBranch = pr.data.head.ref;
+    const { data: files } = await octokit.pulls.listFiles({ owner, repo, pull_number });
+    for (const file of files) {
+      if (file.status === "added") continue;
+      try {
+        const [oldText, newText] = await Promise.all([
+          fetchRawFileViaAPI({ octokit, owner, repo, path: file.filename, ref: "main" }),
+          fetchRawFileViaAPI({ octokit, owner, repo, path: file.filename, ref: prBranch })
+        ]);
+        const changedBlocks = getChangedBlocks(oldText, newText);
+        for (const block of changedBlocks) {
+          const newBlockText = newText.split("\n").slice(block.startLine, block.endLine).join("\n");
+          const blockSha256 = createHash("sha256").update(newBlockText).digest("hex");
+          const commentBody = `**Compliance Alert**:\`${file.filename}\` changed between lines ${block.startLine + 1}\u2013${block.endLine}.
+UUID \`${block.uuid}\` may be out of compliance.
+SHA-256 of block contents: \`${blockSha256}\`.
+
+ Please review the changes to ensure they meet compliance standards.`;
+          console.log(`Commenting on ${file.filename}: ${commentBody}`);
+          await octokit.issues.createComment({
+            owner,
+            repo,
+            issue_number: pull_number,
+            body: commentBody
+          });
+        }
+      } catch (err) {
+        console.error(`Error processing ${file.filename}: ${err}`);
+      }
+    }
+  });
+}
+
+// index.ts
+var program = new Command2();
+program.name("lula2").description("Lula - Git-friendly compliance control management").version(getVersion(), "-v, --version", "output the current version").option("--debug", "Enable debug logging");
+UICommand.register(program, () => program.opts().debug || false);
+program.addCommand(crawlCommand());
+program.parse(process.argv);