lula2 0.0.5 → 0.0.6

package/dist/cli/server/spreadsheetRoutes.js

@@ -0,0 +1,788 @@
+// cli/server/spreadsheetRoutes.ts
+import { parse as parseCSVSync } from "csv-parse/sync";
+import ExcelJS from "exceljs";
+import express from "express";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { glob } from "glob";
+import * as yaml4 from "js-yaml";
+import multer from "multer";
+import { dirname, join, relative } from "path";
+
+// cli/utils/debug.ts
+var debugEnabled = false;
+function debug(...args) {
+  if (debugEnabled) {
+    console.log("[DEBUG]", ...args);
+  }
+}
+
+// cli/server/infrastructure/fileStore.ts
+import * as yaml2 from "js-yaml";
+
+// cli/server/infrastructure/controlHelpers.ts
+import * as yaml from "js-yaml";
+
+// cli/server/infrastructure/gitHistory.ts
+import * as git from "isomorphic-git";
+
+// cli/server/infrastructure/yamlDiff.ts
+import * as yaml3 from "js-yaml";
+
+// cli/server/serverState.ts
+var serverState = void 0;
+function getServerState() {
+  if (!serverState) {
+    throw new Error("Server state not initialized. Call initializeServerState() first.");
+  }
+  return serverState;
+}
+
+// cli/server/spreadsheetRoutes.ts
+var router = express.Router();
+var upload = multer({
+  storage: multer.memoryStorage(),
+  limits: { fileSize: 50 * 1024 * 1024 }
+  // 50MB limit
+});
+async function scanControlSets() {
+  const state = getServerState();
+  const baseDir = state.CONTROL_SET_DIR;
+  const pattern = "**/lula.yaml";
+  const files = await glob(pattern, {
+    cwd: baseDir,
+    ignore: ["node_modules/**", "dist/**", "build/**"],
+    maxDepth: 5
+  });
+  const controlSets = files.map((file) => {
+    const fullPath = join(baseDir, file);
+    const dirPath = dirname(fullPath);
+    const relativePath = relative(baseDir, dirPath) || ".";
+    try {
+      const content = readFileSync(fullPath, "utf8");
+      const data = yaml4.load(content);
+      if (data.id === "default") {
+        return null;
+      }
+      return {
+        path: relativePath,
+        name: data.name || "Unnamed Control Set",
+        description: data.description || "",
+        controlCount: data.controlCount || 0,
+        file
+      };
+    } catch (_err) {
+      return {
+        path: relativePath,
+        name: "Invalid lula.yaml",
+        description: "Could not parse file",
+        controlCount: 0,
+        file
+      };
+    }
+  }).filter((cs) => cs !== null);
+  return { controlSets };
+}
+router.post("/import-spreadsheet", upload.single("file"), async (req, res) => {
+  try {
+    if (!req.file) {
+      return res.status(400).json({ error: "No file uploaded" });
+    }
+    const {
+      controlIdField = "Control ID",
+      startRow = "1",
+      controlSetName = "Imported Control Set",
+      controlSetDescription = "Imported from spreadsheet"
+    } = req.body;
+    debug("Import parameters received:", {
+      controlIdField,
+      startRow,
+      controlSetName,
+      controlSetDescription
+    });
+    const namingConvention = "kebab-case";
+    const skipEmpty = true;
+    const skipEmptyRows = true;
+    const fileName = req.file.originalname || "";
+    const isCSV = fileName.toLowerCase().endsWith(".csv");
+    let rawData = [];
+    if (isCSV) {
+      const csvContent = req.file.buffer.toString("utf-8");
+      rawData = parseCSV(csvContent);
+    } else {
+      const workbook = new ExcelJS.Workbook();
+      const buffer = Buffer.from(req.file.buffer);
+      await workbook.xlsx.load(buffer);
+      const worksheet = workbook.worksheets[0];
+      if (!worksheet) {
+        return res.status(400).json({ error: "No worksheet found in file" });
+      }
+      worksheet.eachRow({ includeEmpty: true }, (row, rowNumber) => {
+        const rowData = [];
+        row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
+          rowData[colNumber - 1] = cell.value;
+        });
+        rawData[rowNumber - 1] = rowData;
+      });
+    }
+    const startRowIndex = parseInt(startRow) - 1;
+    if (rawData.length <= startRowIndex) {
+      return res.status(400).json({ error: "Start row exceeds sheet data" });
+    }
+    const headers = rawData[startRowIndex];
+    if (!headers || headers.length === 0) {
+      return res.status(400).json({ error: "No headers found at specified row" });
+    }
+    debug("Headers found:", headers);
+    debug(
+      "After conversion, looking for control ID field:",
+      applyNamingConvention(controlIdField, namingConvention)
+    );
+    const controls = [];
+    const families = /* @__PURE__ */ new Map();
+    const fieldMetadata = /* @__PURE__ */ new Map();
+    headers.forEach((header) => {
+      if (header) {
+        const cleanName = applyNamingConvention(header, namingConvention);
+        fieldMetadata.set(cleanName, {
+          originalName: header,
+          cleanName,
+          type: "string",
+          maxLength: 0,
+          hasMultipleLines: false,
+          uniqueValues: /* @__PURE__ */ new Set(),
+          emptyCount: 0,
+          totalCount: 0,
+          examples: []
+        });
+      }
+    });
+    for (let i = startRowIndex + 1; i < rawData.length; i++) {
+      const row = rawData[i];
+      if (!row || row.length === 0) continue;
+      const control = {};
+      let hasData = false;
+      headers.forEach((header, index) => {
+        if (header && row[index] !== void 0 && row[index] !== null) {
+          const value = typeof row[index] === "string" ? row[index].trim() : row[index];
+          const fieldName = applyNamingConvention(header, namingConvention);
+          const metadata = fieldMetadata.get(fieldName);
+          metadata.totalCount++;
+          if (value === "" || value === null || value === void 0) {
+            metadata.emptyCount++;
+            if (skipEmpty) return;
+          } else {
+            const normalizedValue = typeof value === "string" ? value.trim() : value;
+            if (normalizedValue !== "") {
+              metadata.uniqueValues.add(normalizedValue);
+            }
+            const valueType = detectValueType(value);
+            if (metadata.type === "string" || metadata.totalCount === 1) {
+              metadata.type = valueType;
+            } else if (metadata.type !== valueType) {
+              metadata.type = "mixed";
+            }
+            if (typeof value === "string") {
+              const length = value.length;
+              if (length > metadata.maxLength) {
+                metadata.maxLength = length;
+              }
+              if (value.includes("\n") || length > 100) {
+                metadata.hasMultipleLines = true;
+              }
+            }
+            if (metadata.examples.length < 3 && normalizedValue !== "") {
+              metadata.examples.push(normalizedValue);
+            }
+          }
+          control[fieldName] = value;
+          hasData = true;
+        }
+      });
+      if (hasData && (!skipEmptyRows || Object.keys(control).length > 0)) {
+        const controlIdFieldName = applyNamingConvention(controlIdField, namingConvention);
+        const controlId = control[controlIdFieldName];
+        if (!controlId) {
+          continue;
+        }
+        const family = extractFamilyFromControlId(controlId);
+        control.family = family;
+        controls.push(control);
+        if (!families.has(family)) {
+          families.set(family, []);
+        }
+        families.get(family).push(control);
+      }
+    }
+    const state = getServerState();
+    const folderName = toKebabCase(controlSetName || "imported-controls");
+    const baseDir = join(state.CONTROL_SET_DIR || process.cwd(), folderName);
+    if (!existsSync(baseDir)) {
+      mkdirSync(baseDir, { recursive: true });
+    }
+    const uniqueFamilies = Array.from(families.keys()).filter((f) => f && f !== "UNKNOWN");
+    let frontendFieldSchema = null;
+    if (req.body.fieldSchema) {
+      try {
+        frontendFieldSchema = JSON.parse(req.body.fieldSchema);
+      } catch (e) {
+      }
+    }
+    const fields = {};
+    let displayOrder = 1;
+    const controlIdFieldNameClean = applyNamingConvention(controlIdField, namingConvention);
+    const familyOptions = Array.from(families.keys()).filter((f) => f && f !== "UNKNOWN").sort();
+    fields["family"] = {
+      type: "string",
+      ui_type: familyOptions.length <= 50 ? "select" : "short_text",
+      // Make select if reasonable number of families
+      is_array: false,
+      max_length: 10,
+      usage_count: controls.length,
+      usage_percentage: 100,
+      required: true,
+      visible: true,
+      show_in_table: true,
+      editable: false,
+      display_order: displayOrder++,
+      category: "core",
+      tab: "overview"
+    };
+    if (familyOptions.length <= 50) {
+      fields["family"].options = familyOptions;
+    }
+    fieldMetadata.forEach((metadata, fieldName) => {
+      if (fieldName === "family" || fieldName === "id" && controlIdFieldNameClean !== "id") {
+        return;
+      }
+      const frontendConfig = frontendFieldSchema?.find((f) => f.fieldName === fieldName);
+      if (frontendFieldSchema && !frontendConfig) {
+        return;
+      }
+      const usageCount = metadata.totalCount - metadata.emptyCount;
+      const usagePercentage = metadata.totalCount > 0 ? Math.round(usageCount / metadata.totalCount * 100) : 0;
+      let uiType = "short_text";
+      const nonEmptyCount = metadata.totalCount - metadata.emptyCount;
+      const isDropdownCandidate = metadata.uniqueValues.size > 0 && metadata.uniqueValues.size <= 20 && // Max 20 unique values for dropdown
+      nonEmptyCount >= 10 && // At least 10 non-empty values to be meaningful
+      metadata.maxLength <= 100 && // Reasonably short values only
+      metadata.uniqueValues.size / nonEmptyCount <= 0.3;
+      if (metadata.hasMultipleLines || metadata.maxLength > 500) {
+        uiType = "textarea";
+      } else if (isDropdownCandidate) {
+        uiType = "select";
+      } else if (metadata.type === "boolean") {
+        uiType = "checkbox";
+      } else if (metadata.type === "number") {
+        uiType = "number";
+      } else if (metadata.type === "date") {
+        uiType = "date";
+      } else if (metadata.maxLength <= 50) {
+        uiType = "short_text";
+      } else if (metadata.maxLength <= 200) {
+        uiType = "medium_text";
+      } else {
+        uiType = "long_text";
+      }
+      let category = frontendConfig?.category || "custom";
+      if (!frontendConfig) {
+        if (fieldName.includes("status") || fieldName.includes("state")) {
+          category = "compliance";
+        } else if (fieldName.includes("title") || fieldName.includes("name") || fieldName.includes("description")) {
+          category = "core";
+        } else if (fieldName.includes("note") || fieldName.includes("comment")) {
+          category = "notes";
+        }
+      }
+      const isControlIdField = fieldName === controlIdFieldNameClean;
+      const fieldDef = {
+        type: metadata.type,
+        ui_type: uiType,
+        is_array: false,
+        max_length: metadata.maxLength,
+        usage_count: usageCount,
+        usage_percentage: usagePercentage,
+        required: isControlIdField ? true : frontendConfig?.required ?? usagePercentage > 95,
+        // Control ID is always required
+        visible: frontendConfig?.tab !== "hidden",
+        show_in_table: isControlIdField ? true : metadata.maxLength <= 100 && usagePercentage > 30,
+        // Always show control ID in table
+        editable: isControlIdField ? false : true,
+        // Control ID is not editable
+        display_order: isControlIdField ? 1 : frontendConfig?.displayOrder ?? displayOrder++,
+        // Control ID is always first
+        category: isControlIdField ? "core" : category,
+        // Control ID is always core
+        tab: isControlIdField ? "overview" : frontendConfig?.tab || void 0
+        // Control ID is always in overview
+      };
+      if (uiType === "select") {
+        fieldDef.options = Array.from(metadata.uniqueValues).sort();
+      }
+      if (frontendConfig?.originalName || metadata.originalName) {
+        fieldDef.original_name = frontendConfig?.originalName || metadata.originalName;
+      }
+      fields[fieldName] = fieldDef;
+    });
+    const fieldSchema = {
+      fields,
+      total_controls: controls.length,
+      analyzed_at: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const controlSetData = {
+      name: controlSetName,
+      description: controlSetDescription,
+      version: "1.0.0",
+      control_id_field: controlIdFieldNameClean,
+      // Add this to indicate which field is the control ID
+      controlCount: controls.length,
+      families: uniqueFamilies,
+      fieldSchema
+    };
+    writeFileSync(join(baseDir, "lula.yaml"), yaml4.dump(controlSetData));
+    const controlsDir = join(baseDir, "controls");
+    families.forEach((familyControls, family) => {
+      const familyDir = join(controlsDir, family);
+      if (!existsSync(familyDir)) {
+        mkdirSync(familyDir, { recursive: true });
+      }
+      familyControls.forEach((control) => {
+        const controlId = control[controlIdFieldNameClean];
+        if (!controlId) {
+          console.error("Missing control ID for control:", control);
+          return;
+        }
+        const controlIdStr = String(controlId).slice(0, 50);
+        const fileName2 = `${controlIdStr.replace(/[^a-zA-Z0-9-]/g, "_")}.yaml`;
+        const filePath = join(familyDir, fileName2);
+        const filteredControl = {};
+        if (control.family !== void 0) {
+          filteredControl.family = control.family;
+        }
+        Object.keys(control).forEach((fieldName) => {
+          if (fieldName === "family") return;
+          const isInFrontendSchema = frontendFieldSchema?.some((f) => f.fieldName === fieldName);
+          const isInFieldsMetadata = fields.hasOwnProperty(fieldName);
+          if (isInFrontendSchema || isInFieldsMetadata) {
+            filteredControl[fieldName] = control[fieldName];
+          }
+        });
+        writeFileSync(filePath, yaml4.dump(filteredControl));
+      });
+    });
+    res.json({
+      success: true,
+      controlCount: controls.length,
+      families: Array.from(families.keys()),
+      outputDir: folderName
+      // Return just the folder name, not full path
+    });
+  } catch (error) {
+    console.error("Error processing spreadsheet:", error);
+    res.status(500).json({ error: "Failed to process spreadsheet" });
+  }
+});
+function applyNamingConvention(fieldName, convention) {
+  if (!fieldName) return fieldName;
+  const cleanedName = fieldName.trim();
+  switch (convention) {
+    case "camelCase":
+      return toCamelCase(cleanedName);
+    case "snake_case":
+      return toSnakeCase(cleanedName);
+    case "kebab-case":
+      return toKebabCase(cleanedName);
+    case "lowercase":
+      return cleanedName.replace(/\W+/g, "").toLowerCase();
+    case "original":
+      return cleanedName;
+    default:
+      return toCamelCase(cleanedName);
+  }
+}
+function toCamelCase(str) {
+  return str.replace(/(?:^\w|[A-Z]|\b\w)/g, (word, index) => {
+    return index === 0 ? word.toLowerCase() : word.toUpperCase();
+  }).replace(/\s+/g, "");
+}
+function toSnakeCase(str) {
+  return str.replace(/\W+/g, " ").split(/ |\s/).map((word) => word.toLowerCase()).join("_");
+}
+function toKebabCase(str) {
+  return str.replace(/\W+/g, " ").split(/ |\s/).map((word) => word.toLowerCase()).join("-");
+}
+function detectValueType(value) {
+  if (typeof value === "boolean") return "boolean";
+  if (typeof value === "number") return "number";
+  if (typeof value === "string") {
+    const lowerValue = value.toLowerCase().trim();
+    if (lowerValue === "true" || lowerValue === "false" || lowerValue === "yes" || lowerValue === "no" || lowerValue === "y" || lowerValue === "n") {
+      return "boolean";
+    }
+    if (!isNaN(Number(value)) && value.trim() !== "") {
+      return "number";
+    }
+    const datePatterns = [
+      /^\d{4}-\d{2}-\d{2}$/,
+      // YYYY-MM-DD
+      /^\d{2}\/\d{2}\/\d{4}$/,
+      // MM/DD/YYYY
+      /^\d{1,2}\/\d{1,2}\/\d{2,4}$/
+      // M/D/YY or MM/DD/YYYY
+    ];
+    if (datePatterns.some((pattern) => pattern.test(value))) {
+      return "date";
+    }
+  }
+  return "string";
+}
+function parseCSV(content) {
+  try {
+    const records = parseCSVSync(content, {
+      // Don't treat first row as headers - we'll handle that ourselves
+      columns: false,
+      // Skip empty lines
+      skip_empty_lines: true,
+      // Handle different line endings
+      relax_column_count: true,
+      // Trim whitespace from fields
+      trim: true,
+      // Handle quoted fields properly
+      quote: '"',
+      // Standard escape character
+      escape: '"',
+      // Auto-detect delimiter (usually comma)
+      delimiter: ","
+    });
+    return records;
+  } catch (error) {
+    console.error("CSV parsing error:", error);
+    return content.split(/\r?\n/).map((line) => line.split(","));
+  }
+}
+function extractFamilyFromControlId(controlId) {
+  if (!controlId) return "UNKNOWN";
+  controlId = controlId.trim();
+  const match = controlId.match(/^([A-Za-z]+)[-._ ]?\d/);
+  if (match) {
+    return match[1].toUpperCase();
+  }
+  const letterMatch = controlId.match(/^([A-Za-z]+)/);
+  if (letterMatch) {
+    return letterMatch[1].toUpperCase();
+  }
+  return controlId.substring(0, 2).toUpperCase();
+}
+router.get("/export-controls", async (req, res) => {
+  try {
+    const format = req.query.format || "csv";
+    const state = getServerState();
+    const fileStore = state.fileStore;
+    if (!fileStore) {
+      return res.status(500).json({ error: "No control set loaded" });
+    }
+    const controls = await fileStore.loadAllControls();
+    const mappings = await fileStore.loadMappings();
+    let metadata = {};
+    try {
+      const metadataPath = join(state.CONTROL_SET_DIR, "lula.yaml");
+      if (existsSync(metadataPath)) {
+        const metadataContent = readFileSync(metadataPath, "utf8");
+        metadata = yaml4.load(metadataContent);
+      }
+    } catch (err) {
+      debug("Could not load metadata:", err);
+    }
+    if (!controls || controls.length === 0) {
+      return res.status(404).json({ error: "No controls found" });
+    }
+    const controlsWithMappings = controls.map((control) => {
+      const controlIdField = metadata?.control_id_field || "id";
+      const controlId = control[controlIdField] || control.id;
+      const controlMappings = mappings.filter((m) => m.control_id === controlId);
+      return {
+        ...control,
+        mappings_count: controlMappings.length,
+        mappings: controlMappings.map((m) => ({
+          uuid: m.uuid,
+          status: m.status,
+          description: m.justification || ""
+        }))
+      };
+    });
+    debug(`Exporting ${controlsWithMappings.length} controls as ${format}`);
+    switch (format.toLowerCase()) {
+      case "csv":
+        return exportAsCSV(controlsWithMappings, metadata, res);
+      case "excel":
+      case "xlsx":
+        return await exportAsExcel(controlsWithMappings, metadata, res);
+      case "json":
+        return exportAsJSON(controlsWithMappings, metadata, res);
+      default:
+        return res.status(400).json({ error: `Unsupported format: ${format}` });
+    }
+  } catch (error) {
+    console.error("Export error:", error);
+    res.status(500).json({ error: error.message });
+  }
+});
+function exportAsCSV(controls, metadata, res) {
+  const fieldSchema = metadata?.fieldSchema?.fields || {};
+  const controlIdField = metadata?.control_id_field || "id";
+  const allFields = /* @__PURE__ */ new Set();
+  controls.forEach((control) => {
+    Object.keys(control).forEach((key) => allFields.add(key));
+  });
+  const fieldMapping = [];
+  if (allFields.has(controlIdField)) {
+    const idSchema = fieldSchema[controlIdField];
+    fieldMapping.push({
+      fieldName: controlIdField,
+      displayName: idSchema?.original_name || "Control ID"
+    });
+    allFields.delete(controlIdField);
+  } else if (allFields.has("id")) {
+    fieldMapping.push({
+      fieldName: "id",
+      displayName: "Control ID"
+    });
+    allFields.delete("id");
+  }
+  if (allFields.has("family")) {
+    const familySchema = fieldSchema["family"];
+    fieldMapping.push({
+      fieldName: "family",
+      displayName: familySchema?.original_name || "Family"
+    });
+    allFields.delete("family");
+  }
+  Array.from(allFields).filter((field) => field !== "mappings" && field !== "mappings_count").sort().forEach((field) => {
+    const schema = fieldSchema[field];
+    const displayName = schema?.original_name || field.replace(/-/g, " ").replace(/\b\w/g, (l) => l.toUpperCase());
+    fieldMapping.push({ fieldName: field, displayName });
+  });
+  if (allFields.has("mappings_count")) {
+    fieldMapping.push({ fieldName: "mappings_count", displayName: "Mappings Count" });
+  }
+  if (allFields.has("mappings")) {
+    fieldMapping.push({ fieldName: "mappings", displayName: "Mappings" });
+  }
+  const csvRows = [];
+  csvRows.push(fieldMapping.map((field) => `"${field.displayName}"`).join(","));
+  controls.forEach((control) => {
+    const row = fieldMapping.map(({ fieldName }) => {
+      const value = control[fieldName];
+      if (value === void 0 || value === null) return '""';
+      if (fieldName === "mappings" && Array.isArray(value)) {
+        const mappingsStr = value.map(
+          (m) => `${m.status}: ${m.description.substring(0, 50)}${m.description.length > 50 ? "..." : ""}`
+        ).join("; ");
+        return `"${mappingsStr.replace(/"/g, '""')}"`;
+      }
+      if (Array.isArray(value)) return `"${value.join("; ").replace(/"/g, '""')}"`;
+      if (typeof value === "object") return `"${JSON.stringify(value).replace(/"/g, '""')}"`;
+      return `"${String(value).replace(/"/g, '""')}"`;
+    });
+    csvRows.push(row.join(","));
+  });
+  const csvContent = csvRows.join("\n");
+  const fileName = `${metadata?.name || "controls"}_export_${Date.now()}.csv`;
+  res.setHeader("Content-Type", "text/csv");
+  res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
+  res.send(csvContent);
+}
+async function exportAsExcel(controls, metadata, res) {
+  const fieldSchema = metadata?.fieldSchema?.fields || {};
+  const controlIdField = metadata?.control_id_field || "id";
+  const worksheetData = controls.map((control) => {
+    const exportControl = {};
+    if (control[controlIdField]) {
+      const idSchema = fieldSchema[controlIdField];
+      const idDisplayName = idSchema?.original_name || "Control ID";
+      exportControl[idDisplayName] = control[controlIdField];
+    } else if (control.id) {
+      exportControl["Control ID"] = control.id;
+    }
+    if (control.family) {
+      const familySchema = fieldSchema["family"];
+      const familyDisplayName = familySchema?.original_name || "Family";
+      exportControl[familyDisplayName] = control.family;
+    }
+    Object.keys(control).forEach((key) => {
+      if (key === controlIdField || key === "id" || key === "family") return;
+      const schema = fieldSchema[key];
+      const displayName = schema?.original_name || (key === "mappings_count" ? "Mappings Count" : key === "mappings" ? "Mappings" : key.replace(/-/g, " ").replace(/\b\w/g, (l) => l.toUpperCase()));
+      const value = control[key];
+      if (key === "mappings" && Array.isArray(value)) {
+        exportControl[displayName] = value.map(
+          (m) => `${m.status}: ${m.description.substring(0, 100)}${m.description.length > 100 ? "..." : ""}`
+        ).join("\n");
+      } else if (Array.isArray(value)) {
+        exportControl[displayName] = value.join("; ");
+      } else if (typeof value === "object" && value !== null) {
+        exportControl[displayName] = JSON.stringify(value);
+      } else {
+        exportControl[displayName] = value;
+      }
+    });
+    return exportControl;
+  });
+  const wb = new ExcelJS.Workbook();
+  const ws = wb.addWorksheet("Controls");
+  const headers = Object.keys(worksheetData[0] || {});
+  ws.columns = headers.map((header) => ({
+    header,
+    key: header,
+    width: Math.min(
+      Math.max(
+        header.length,
+        ...worksheetData.map((row) => String(row[header] || "").length)
+      ) + 2,
+      50
+    )
+    // Auto-size with max width of 50
+  }));
+  worksheetData.forEach((row) => {
+    ws.addRow(row);
+  });
+  ws.getRow(1).font = { bold: true };
+  ws.getRow(1).fill = {
+    type: "pattern",
+    pattern: "solid",
+    fgColor: { argb: "FFE0E0E0" }
+  };
+  if (metadata) {
+    const metaSheet = wb.addWorksheet("Metadata");
+    const cleanMetadata = { ...metadata };
+    delete cleanMetadata.fieldSchema;
+    metaSheet.columns = [
+      { header: "Property", key: "property", width: 30 },
+      { header: "Value", key: "value", width: 50 }
+    ];
+    Object.entries(cleanMetadata).forEach(([key, value]) => {
+      metaSheet.addRow({ property: key, value: String(value) });
+    });
+  }
+  const buffer = await wb.xlsx.writeBuffer();
+  const fileName = `${metadata?.name || "controls"}_export_${Date.now()}.xlsx`;
+  res.setHeader(
+    "Content-Type",
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+  );
+  res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
+  res.send(buffer);
+}
+function exportAsJSON(controls, metadata, res) {
+  const exportData = {
+    metadata: metadata || {},
+    controlCount: controls.length,
+    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    controls
+  };
+  const fileName = `${metadata?.name || "controls"}_export_${Date.now()}.json`;
+  res.setHeader("Content-Type", "application/json");
+  res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
+  res.json(exportData);
+}
+router.post("/parse-excel", upload.single("file"), async (req, res) => {
+  try {
+    if (!req.file) {
+      return res.status(400).json({ error: "No file uploaded" });
+    }
+    const fileName = req.file.originalname || "";
+    const isCSV = fileName.toLowerCase().endsWith(".csv");
+    let sheets = [];
+    let rows = [];
+    if (isCSV) {
+      const csvContent = req.file.buffer.toString("utf-8");
+      rows = parseCSV(csvContent);
+      sheets = ["Sheet1"];
+    } else {
+      const workbook = new ExcelJS.Workbook();
+      const buffer = Buffer.from(req.file.buffer);
+      await workbook.xlsx.load(buffer);
+      sheets = workbook.worksheets.map((ws) => ws.name);
+      const worksheet = workbook.worksheets[0];
+      if (!worksheet) {
+        return res.status(400).json({ error: "No worksheet found in file" });
+      }
+      worksheet.eachRow({ includeEmpty: false }, (row, rowNumber) => {
+        const rowData = [];
+        row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
+          rowData[colNumber - 1] = cell.value;
+        });
+        rows.push(rowData);
+      });
+    }
+    const headerCandidates = rows.slice(0, 5).map((row, index) => ({
+      row: index + 1,
+      preview: row.slice(0, 4).filter((v) => v != null).join(", ") + (row.length > 4 ? ", ..." : "")
+    }));
+    res.json({
+      sheets,
+      selectedSheet: sheets[0],
+      rowPreviews: headerCandidates,
+      totalRows: rows.length,
+      sampleData: rows.slice(0, 10)
+      // First 10 rows for preview
+    });
+  } catch (error) {
+    console.error("Error parsing Excel file:", error);
+    res.status(500).json({ error: "Failed to parse Excel file" });
+  }
+});
+router.post("/parse-excel-sheet", upload.single("file"), async (req, res) => {
+  try {
+    const { sheetName, headerRow } = req.body;
+    if (!req.file) {
+      return res.status(400).json({ error: "No file uploaded" });
+    }
+    const fileName = req.file.originalname || "";
+    const isCSV = fileName.toLowerCase().endsWith(".csv");
+    let rows = [];
+    if (isCSV) {
+      const csvContent = req.file.buffer.toString("utf-8");
+      rows = parseCSV(csvContent);
+    } else {
+      const workbook = new ExcelJS.Workbook();
+      const buffer = Buffer.from(req.file.buffer);
+      await workbook.xlsx.load(buffer);
+      const worksheet = workbook.getWorksheet(sheetName);
+      if (!worksheet) {
+        return res.status(400).json({ error: `Sheet "${sheetName}" not found` });
+      }
+      worksheet.eachRow({ includeEmpty: false }, (row, rowNumber) => {
+        const rowData = [];
+        row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
+          rowData[colNumber - 1] = cell.value;
+        });
+        rows.push(rowData);
+      });
+    }
+    const headerRowIndex = parseInt(headerRow) - 1;
+    const headers = rows[headerRowIndex] || [];
+    const fields = headers.filter((h) => h && typeof h === "string");
+    const sampleData = rows.slice(headerRowIndex + 1, headerRowIndex + 4).map((row) => {
+      const obj = {};
+      headers.forEach((header, index) => {
+        if (header) {
+          obj[header] = row[index];
+        }
+      });
+      return obj;
+    });
+    res.json({
+      fields,
+      sampleData,
+      controlCount: rows.length - headerRowIndex - 1
+    });
+  } catch (error) {
+    console.error("Error parsing Excel sheet:", error);
+    res.status(500).json({ error: "Failed to parse Excel sheet" });
+  }
+});
+var spreadsheetRoutes_default = router;
+export {
+  spreadsheetRoutes_default as default,
+  scanControlSets
+};