relsec 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,376 @@
+# relevant
+
+[![CI](https://github.com/MistanKh/relsec/actions/workflows/ci.yml/badge.svg)](https://github.com/MistanKh/relsec/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Node.js >=20](https://img.shields.io/badge/node-%3E%3D20-339933.svg)](package.json)
+
+Local-first security relevance for CVEs, advisories, IOCs, dependencies, logs, and service exposure.
+
+`relevant` helps answer the question most scanners leave to humans:
+
+> Does this finding actually matter in this environment?
+
+It is an open-source alpha for security engineers, AppSec teams, SOC analysts, platform teams, and curious builders who want evidence-first triage without sending code, logs, or inventories to a hosted service.
+
+The package name is `relsec`, and the CLI is exposed as both `relevant` and `relsec`.
+
+## The Problem
+
+Modern teams receive security findings faster than they can investigate them:
+
+- A scanner says a dependency is vulnerable.
+- A vendor advisory says a package needs urgent patching.
+- A threat feed publishes IPs, domains, hashes, or other indicators.
+- A SOC alert references activity that may or may not exist in local logs.
+- A spreadsheet says a service is internet-facing, but nobody is sure which repo owns it.
+
+The hard part is not seeing the alert. The hard part is proving whether it matters in your environment.
+
+For example, imagine a critical upload-library CVE lands during a release freeze. A scanner flags `multer` somewhere in your monorepo. Before waking up every service owner, you need answers:
+
+- Which service actually has the vulnerable version?
+- Is that service internet-facing or internal-only?
+- Is the vulnerable upload API used in source code?
+- What evidence can be pasted into a ticket?
+- What should be done next?
+
+`relevant` turns that into a local evidence-gathering workflow instead of a meeting.
+
+## What This Tool Does
+
+`relevant` reads local files and connects several pieces of security context:
+
+| Input | What it uses it for |
+| --- | --- |
+| Dependency manifests | Finds vulnerable package versions in `package-lock.json`, `requirements.txt`, and SBOM files. |
+| Advisory data | Maps CVEs, GHSA IDs, or imported OSV records to affected packages, ranges, and risky symbols. |
+| Service inventory | Understands whether a service is internet-facing, partner-facing, internal, or unknown. |
+| Source code | Searches for vulnerable symbols or APIs that make a package actually reachable. |
+| Logs | Matches IOCs against local log files, including gzip-compressed logs. |
+| Reports | Produces terminal, JSON, JSONL, Markdown, and SARIF output for humans and automation. |
+
+It does not try to replace a scanner. It helps explain scanner output with local evidence.
+
+## Real-World Examples
+
+### Example 1: Triage A Dependency CVE
+
+You receive a CVE for a vulnerable upload parser. Your scanner reports that `multer` exists somewhere in the repo.
+
+Run:
+
+```bash
+relevant cve CVE-2026-41001 \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --format markdown
+```
+
+`relevant` checks:
+
+1. Is there a local advisory record for the CVE?
+2. Which package and version range are affected?
+3. Which services contain the vulnerable package version?
+4. Are those services exposed?
+5. Does source code reference vulnerable symbols such as `upload.single` or `multer(`?
+
+Example result:
+
+```txt
+CVE-2026-41001: relevant (critical)
+
+Evidence:
+- Found multer 1.4.4 in services/checkout-api/package-lock.json.
+- Reachable symbol upload.single in src/uploads.ts.
+- checkout-api has public ingress: https://checkout.example.com/v1/receipts.
+
+Recommended actions:
+- Upgrade multer to >=1.4.5-lts.1.
+- Restrict public upload endpoints until patched.
+- Search access logs for unusual multipart upload paths.
+```
+
+That output gives AppSec, engineering, and incident response a shared artifact: vulnerable dependency, reachable code path, exposed service, and suggested next actions.
+
+### Example 2: Check Whether Threat Indicators Appear In Logs
+
+A threat report publishes suspicious IPs and domains. You want to know whether those indicators appear in local Okta, proxy, CloudTrail, or server logs.
+
+Run:
+
+```bash
+relevant ioc \
+  --indicators examples/enterprise/security/cisa-aa26-141a.iocs \
+  --logs examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log \
+  --logs examples/enterprise/security/logs/zscaler-web-prod-2026-05-21.log \
+  --format json
+```
+
+Example result:
+
+```json
+{
+  "totalMatches": 2,
+  "matches": [
+    {
+      "indicator": "203.0.113.77",
+      "type": "ip",
+      "line": 3
+    },
+    {
+      "indicator": "evil-update.example",
+      "type": "domain",
+      "line": 1
+    }
+  ]
+}
+```
+
+That helps a SOC analyst quickly move from "this IOC exists in a feed" to "this IOC appears in these local files on these lines."
+
+### Example 3: Build A Local Advisory File From OSV
+
+When you want broader advisory coverage, import OSV records for dependencies found in your inventory:
+
+```bash
+relevant import osv \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --output examples/enterprise/security/osv-advisories.json
+```
+
+After that, later CVE/GHSA checks can use the local file without calling OSV again:
+
+```bash
+relevant cve GHSA-example-id \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --advisories examples/enterprise/security/osv-advisories.json
+```
+
+## Status
+
+This project is a **developer preview**. It is useful today for local experiments, demos, evidence collection, and early workflow design, but it is not a replacement for a vulnerability management platform, SIEM, SCA product, or incident response process.
+
+What is ready:
+
+- Deterministic local CVE relevance checks.
+- Local IOC matching across plain and gzip logs.
+- Service exposure inventory support.
+- Reachability evidence from source-code symbol search.
+- Explicit OSV advisory import.
+- JSON, JSONL, Markdown, SARIF, and terminal output.
+- Interactive command shell with profiles, history, completions, modules, and exports.
+- Cross-platform CI for Node 20 and 22 on Linux, macOS, and Windows.
+
+What is still evolving:
+
+- OSV multi-affected and multi-range normalization.
+- NVD and CISA KEV import.
+- Deeper SBOM support.
+- Docker image and Kubernetes exposure analysis.
+- Full YARA and Sigma engines.
+- More precise reachability analysis.
+
+## Design Goals
+
+- Local-first by default.
+- Evidence over opaque risk scores.
+- Small enough to inspect.
+- Useful in terminals, scripts, tickets, and CI jobs.
+- Honest about uncertainty and limitations.
+
+## Quick Start
+
+Install from npm:
+
+```bash
+npm install -g relsec
+relevant --version
+```
+
+Run the bundled example after cloning the repository:
+
+```bash
+npm install
+npm run build
+node dist/cli.js cve CVE-2026-41001 --workspace examples/enterprise --inventory examples/enterprise/security/inventory.json --format markdown
+```
+
+Example output:
+
+```txt
+CVE-2026-41001: relevant (critical)
+Multer multipart upload path traversal in file field handling: vulnerable package is reachable from an externally exposed service.
+```
+
+## Quick Command Examples
+
+Check whether a CVE matters locally:
+
+```bash
+npx relsec cve CVE-2026-41001 \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --format markdown
+```
+
+Scan logs for indicators:
+
+```bash
+npx relsec ioc \
+  --indicators examples/enterprise/security/cisa-aa26-141a.iocs \
+  --logs examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log \
+  --logs examples/enterprise/security/logs/zscaler-web-prod-2026-05-21.log \
+  --format json
+```
+
+Open the interactive console:
+
+```bash
+npx relsec
+```
+
+## Commands
+
+```bash
+relevant cve <CVE-ID> --workspace . --inventory security/inventory.json --format json
+relevant ioc --indicators indicators.txt --logs auth.log --logs proxy.log --format json
+relevant import osv --workspace . --inventory security/inventory.json --output security/osv-advisories.json
+relevant advisories
+relevant version
+relevant
+```
+
+Output formats:
+
+- `text`
+- `json`
+- `jsonl`
+- `markdown`
+- `sarif`
+
+## Interactive Console
+
+Run `relevant` with no arguments to open a REPL-style command shell. It keeps session context, supports command history, profiles, named workspaces, path completion, and module-style workflows.
+
+```txt
+rel > set workspace examples/enterprise
+rel > set inventory examples/enterprise/security/inventory.json
+rel > scan CVE-2026-41001
+rel > evidence
+rel > actions
+rel > export markdown finding.md
+rel > set indicators examples/enterprise/security/cisa-aa26-141a.iocs
+rel > ioc examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log
+rel > exit
+```
+
+Module workflow:
+
+```txt
+rel > use cve
+rel(cve) > set cve CVE-2026-41001
+rel(cve) > show options
+rel(cve) > run
+rel(cve) > back
+rel > show modules
+```
+
+Available modules:
+
+- `cve`: dependency CVE relevance
+- `ioc`: IOC log matching
+- `exposure`: externally exposed services
+- `sbom`: dependency inventory
+- `secrets`: obvious local secret patterns
+- `cloudtrail`: CloudTrail triage heuristics
+- `auth`: identity/auth log triage heuristics
+- `yara`: simple YARA literal rules
+- `sigma`: simple Sigma keyword rules
+
+## Example Environment
+
+`examples/enterprise` is a dummy environment for testing and demos:
+
+- `checkout-api`: internet-facing Node service with vulnerable reachable `multer` upload usage.
+- `ml-worker`: internal Python worker with a vulnerable package version but no vulnerable parser reachability.
+- Okta, Zscaler, and AWS CloudTrail-style logs.
+- CISA-style IOC list.
+- Service exposure inventory.
+
+No real customer data is included.
+
+## Privacy Model
+
+Normal scans are local-first:
+
+- CVE analysis reads local manifests, inventories, source files, SBOMs, and advisory files.
+- IOC analysis reads local logs directly.
+- Reports are written locally.
+- No telemetry is collected.
+- No cloud API is used during normal scans.
+
+The `import osv` command is the one intentional networked workflow. It sends discovered package names, ecosystems, and versions to the configured OSV API endpoint, then writes normalized advisory records to a local file for later offline use.
+
+## Limitations
+
+This is an alpha project with deliberate constraints:
+
+- CVE relevance depends on advisory quality, manifest coverage, inventory accuracy, and symbol search.
+- Reachability is currently evidence-oriented string matching, not full program analysis.
+- OSV import does not yet preserve every multi-affected or multi-range advisory shape.
+- YARA support handles literal string rules, not the full YARA language.
+- Sigma support handles simple keyword-style rules, not a full Sigma backend.
+- CloudTrail and auth modules are deterministic triage heuristics, not SIEM replacements.
+- Secret detection is heuristic and should not replace dedicated secret scanning.
+- Generated reports may contain sensitive local evidence.
+
+## Development
+
+```bash
+npm install
+npm run typecheck
+npm test
+npm run build
+```
+
+Full local release gate:
+
+```bash
+npm run release:check
+npm run pack:dry-run
+```
+
+CI runs typecheck, tests, build, and package dry-run on Node 20 and 22 across Linux, macOS, and Windows.
+
+## Contributing
+
+Contributions are welcome. Good first areas:
+
+- More fixture environments.
+- Additional advisory import formats.
+- Better SBOM parsing.
+- More report templates.
+- Safer scanner heuristics.
+- Documentation and examples.
+
+Please read [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request.
+
+## Roadmap
+
+- Preserve OSV multi-affected and multi-range records.
+- Add NVD and CISA KEV import.
+- Expand CycloneDX and SPDX support.
+- Add Docker image and Kubernetes manifest exposure analysis.
+- Add GitHub and Jira export templates.
+- Add optional local summarization through Ollama or LM Studio.
+- Improve reachability analysis while keeping the tool local-first.
+
+## Security
+
+See [SECURITY.md](SECURITY.md) for the security model, network behavior, sensitive data guidance, and vulnerability reporting notes.
+
+## License
+
+MIT. See [LICENSE](LICENSE).

package/SECURITY.md

@@ -0,0 +1,36 @@
+# Security and Privacy
+
+`relevant` is designed as a local-first security relevance CLI.
+
+## Local-First Behavior
+
+- CVE relevance analysis runs against local manifests, inventory files, source files, SBOMs, and logs.
+- IOC scans read local log files directly.
+- No telemetry is collected.
+- No project files, logs, indicators, or results are uploaded by default.
+
+## Network Access
+
+The current CLI does not make network requests during normal scans.
+
+The `import osv` command fetches public advisory data from OSV only when explicitly requested by the user. It sends discovered package names, ecosystems, and versions to the configured OSV API endpoint and writes the normalized advisory records to a local file for later offline scans.
+
+Future advisory import commands must document the target source and the identifiers being requested before they are enabled by default.
+
+## Sensitive Data
+
+The tool may process sensitive local logs, secrets, inventories, and source code. Treat generated reports as sensitive unless reviewed.
+
+The `secrets` module redacts obvious secret values in output, but it is heuristic and not a substitute for a dedicated secret-scanning product.
+
+## Detector Limitations
+
+- CVE relevance depends on available advisory data, manifest coverage, inventory accuracy, and simple symbol reachability.
+- YARA support currently handles literal string rules. It is not a full YARA engine.
+- Sigma support currently handles simple keyword-style rules. It is not a full Sigma backend.
+- CloudTrail and auth modules use deterministic heuristics for local triage.
+- False positives and false negatives are expected.
+
+## Reporting Vulnerabilities
+
+Before public release, use private issue reporting in the repository or contact the maintainer directly. Do not publish exploit details until a fix is available.

package/dist/advisories.d.ts

@@ -0,0 +1,5 @@
+import type { AdvisoryRecord } from './types.js';
+export declare function findAdvisory(id: string, extraAdvisories?: AdvisoryRecord[]): AdvisoryRecord | undefined;
+export declare function listAdvisories(): AdvisoryRecord[];
+export declare function loadAdvisoriesFromFile(filePath: string): Promise<AdvisoryRecord[]>;
+export declare function normalizeAdvisory(value: unknown): AdvisoryRecord;

package/dist/advisories.js

@@ -0,0 +1,111 @@
+import { readFile } from 'node:fs/promises';
+const ADVISORIES = [
+    {
+        id: 'CVE-2026-41001',
+        title: 'Multer multipart upload path traversal in file field handling',
+        ecosystem: 'npm',
+        packageName: 'multer',
+        vulnerableRange: '<1.4.5-lts.1',
+        fixedVersion: '1.4.5-lts.1',
+        vulnerableSymbols: ['upload.single', 'upload.array', 'multer('],
+        summary: 'Malformed multipart uploads may write attacker-controlled files when vulnerable Multer handlers are reachable.',
+        recommendedActions: [
+            'Upgrade multer to >=1.4.5-lts.1.',
+            'Restrict public upload endpoints until patched.',
+            'Search access logs for unusual multipart upload paths.'
+        ]
+    },
+    {
+        id: 'CVE-2026-41002',
+        title: 'Pillow image decoder heap overflow in unsafe parser path',
+        ecosystem: 'pypi',
+        packageName: 'pillow',
+        vulnerableRange: '<10.2.0',
+        fixedVersion: '10.2.0',
+        vulnerableSymbols: ['ImageFile.Parser', 'features.pilinfo', 'UnsafeImageDecode'],
+        summary: 'Specific Pillow parser APIs may crash or corrupt memory when processing hostile images.',
+        recommendedActions: [
+            'Upgrade pillow to >=10.2.0.',
+            'Confirm whether vulnerable parser APIs are reachable from untrusted input.',
+            'Keep image processing workers isolated from production credentials.'
+        ]
+    }
+];
+export function findAdvisory(id, extraAdvisories = []) {
+    return [...extraAdvisories, ...ADVISORIES].find((record) => record.id.toLowerCase() === id.toLowerCase());
+}
+export function listAdvisories() {
+    return [...ADVISORIES];
+}
+export async function loadAdvisoriesFromFile(filePath) {
+    const parsed = JSON.parse(await readFile(filePath, 'utf8'));
+    const records = Array.isArray(parsed) ? parsed : [parsed];
+    return records.map(normalizeAdvisory);
+}
+export function normalizeAdvisory(value) {
+    if (!isRecord(value))
+        throw new Error('Invalid advisory record');
+    if (typeof value.id !== 'string')
+        throw new Error('Advisory id is required');
+    if (Array.isArray(value.affected))
+        return normalizeOsv(value);
+    const ecosystem = value.ecosystem === 'pypi' ? 'pypi' : 'npm';
+    if (typeof value.packageName !== 'string')
+        throw new Error('Advisory packageName is required');
+    return {
+        id: value.id,
+        title: stringValue(value.title) ?? stringValue(value.summary) ?? value.id,
+        ecosystem,
+        packageName: value.packageName,
+        vulnerableRange: stringValue(value.vulnerableRange) ?? '<999999.0.0',
+        fixedVersion: stringValue(value.fixedVersion),
+        vulnerableSymbols: stringArray(value.vulnerableSymbols),
+        summary: stringValue(value.summary) ?? value.id,
+        recommendedActions: stringArray(value.recommendedActions, ['Review the imported advisory and patch affected services.'])
+    };
+}
+function normalizeOsv(value) {
+    const affectedList = Array.isArray(value.affected) ? value.affected : [];
+    const affected = affectedList[0];
+    if (!isRecord(affected))
+        throw new Error('OSV advisory affected package is required');
+    const packageInfo = affected.package;
+    if (!isRecord(packageInfo) || typeof packageInfo.name !== 'string')
+        throw new Error('OSV package name is required');
+    const ecosystem = String(packageInfo.ecosystem ?? '').toLowerCase() === 'pypi' ? 'pypi' : 'npm';
+    const fixedVersion = osvFixedVersion(affected);
+    const ecosystemSpecific = affected.ecosystem_specific;
+    return {
+        id: value.id,
+        title: stringValue(value.summary) ?? value.id,
+        ecosystem,
+        packageName: packageInfo.name,
+        vulnerableRange: fixedVersion ? `<${fixedVersion}` : '<999999.0.0',
+        fixedVersion,
+        vulnerableSymbols: isRecord(ecosystemSpecific) ? stringArray(ecosystemSpecific.vulnerable_symbols) : [],
+        summary: stringValue(value.details) ?? stringValue(value.summary) ?? value.id,
+        recommendedActions: fixedVersion ? [`Upgrade ${packageInfo.name} to >=${fixedVersion}.`] : [`Review advisory ${value.id}.`]
+    };
+}
+function osvFixedVersion(affected) {
+    const ranges = Array.isArray(affected.ranges) ? affected.ranges : [];
+    for (const range of ranges) {
+        if (!isRecord(range) || !Array.isArray(range.events))
+            continue;
+        for (const event of range.events) {
+            if (isRecord(event) && typeof event.fixed === 'string')
+                return event.fixed;
+        }
+    }
+    return undefined;
+}
+function stringValue(value) {
+    return typeof value === 'string' ? value : undefined;
+}
+function stringArray(value, fallback = []) {
+    return Array.isArray(value) ? value.filter((item) => typeof item === 'string') : fallback;
+}
+function isRecord(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+//# sourceMappingURL=advisories.js.map

package/dist/advisories.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"advisories.js","sourceRoot":"","sources":["../src/advisories.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,MAAM,UAAU,GAAqB;IACnC;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,+DAA+D;QACtE,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,QAAQ;QACrB,eAAe,EAAE,cAAc;QAC/B,YAAY,EAAE,aAAa;QAC3B,iBAAiB,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,SAAS,CAAC;QAC/D,OAAO,EAAE,gHAAgH;QACzH,kBAAkB,EAAE;YAClB,kCAAkC;YAClC,iDAAiD;YACjD,wDAAwD;SACzD;KACF;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,0DAA0D;QACjE,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,QAAQ;QACrB,eAAe,EAAE,SAAS;QAC1B,YAAY,EAAE,QAAQ;QACtB,iBAAiB,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;QAChF,OAAO,EAAE,yFAAyF;QAClG,kBAAkB,EAAE;YAClB,6BAA6B;YAC7B,4EAA4E;YAC5E,qEAAqE;SACtE;KACF;CACF,CAAC;AAEF,MAAM,UAAU,YAAY,CAAC,EAAU,EAAE,kBAAoC,EAAE;IAC7E,OAAO,CAAC,GAAG,eAAe,EAAE,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AAC5G,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,CAAC,GAAG,UAAU,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,QAAgB;IAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAY,CAAC;IACvE,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1D,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACjE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAE7E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC;QAAE,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAE9D,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAC9D,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC/F,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE;QACzE,SAAS;QACT,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,aAAa;QACpE,YAAY,EAAE,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC;QAC7C,iBAAiB,EAAE,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC;QACvD,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE;QAC/C,kBAAkB,EAAE,WAAW,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,2DAA2D,CAAC,CAAC;KACzH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAA8B;IAClD,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IACzE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IACjC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC;IACrC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACpH,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAChG,MAAM,YAAY,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,iBAAiB,GAAG,QAAQ,CAAC,kBAAkB,CAAC;IACtD,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAY;QACtB,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAY;QACvD,SAAS;QACT,WAAW,EAAE,WAAW,CAAC,IAAI;QAC7B,eAAe,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,aAAa;QAClE,YAAY;QACZ,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,EAAE;QACvG,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAY;QACvF,kBAAkB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,WAAW,WAAW,CAAC,IAAI,SAAS,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB,KAAK,CAAC,EAAE,GAAG,CAAC;KAC5H,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAiC;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,SAAS;QAC/D,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ;gBAAE,OAAO,KAAK,CAAC,KAAK,CAAC;QAC7E,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,WAAqB,EAAE;IAC1D,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC5G,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export declare function runCli(argv: string[]): Promise<string>;