relsec 0.1.0 → 0.1.1

package/README.md

@@ -1,185 +1,185 @@
-# relevant
-
-[![CI](https://github.com/MistanKh/relsec/actions/workflows/ci.yml/badge.svg)](https://github.com/MistanKh/relsec/actions/workflows/ci.yml)
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-[![Node.js >=20](https://img.shields.io/badge/node-%3E%3D20-339933.svg)](package.json)
-
-Local-first security relevance for CVEs, advisories, IOCs, dependencies, logs, and service exposure.
-
-`relevant` helps answer the question most scanners leave to humans:
-
-> Does this finding actually matter in this environment?
-
-It is an open-source alpha for security engineers, AppSec teams, SOC analysts, platform teams, and curious builders who want evidence-first triage without sending code, logs, or inventories to a hosted service.
-
-The package name is `relsec`, and the CLI is exposed as both `relevant` and `relsec`.
-
-## The Problem
-
-Modern teams receive security findings faster than they can investigate them:
-
-- A scanner says a dependency is vulnerable.
-- A vendor advisory says a package needs urgent patching.
-- A threat feed publishes IPs, domains, hashes, or other indicators.
-- A SOC alert references activity that may or may not exist in local logs.
-- A spreadsheet says a service is internet-facing, but nobody is sure which repo owns it.
-
-The hard part is not seeing the alert. The hard part is proving whether it matters in your environment.
-
-For example, imagine a critical upload-library CVE lands during a release freeze. A scanner flags `multer` somewhere in your monorepo. Before waking up every service owner, you need answers:
-
-- Which service actually has the vulnerable version?
-- Is that service internet-facing or internal-only?
-- Is the vulnerable upload API used in source code?
-- What evidence can be pasted into a ticket?
-- What should be done next?
-
-`relevant` turns that into a local evidence-gathering workflow instead of a meeting.
-
-## What This Tool Does
-
-`relevant` reads local files and connects several pieces of security context:
-
-| Input | What it uses it for |
-| --- | --- |
-| Dependency manifests | Finds vulnerable package versions in `package-lock.json`, `requirements.txt`, and SBOM files. |
-| Advisory data | Maps CVEs, GHSA IDs, or imported OSV records to affected packages, ranges, and risky symbols. |
-| Service inventory | Understands whether a service is internet-facing, partner-facing, internal, or unknown. |
-| Source code | Searches for vulnerable symbols or APIs that make a package actually reachable. |
-| Logs | Matches IOCs against local log files, including gzip-compressed logs. |
-| Reports | Produces terminal, JSON, JSONL, Markdown, and SARIF output for humans and automation. |
-
-It does not try to replace a scanner. It helps explain scanner output with local evidence.
-
-## Real-World Examples
-
-### Example 1: Triage A Dependency CVE
-
-You receive a CVE for a vulnerable upload parser. Your scanner reports that `multer` exists somewhere in the repo.
-
-Run:
-
-```bash
-relevant cve CVE-2026-41001 \
-  --workspace examples/enterprise \
-  --inventory examples/enterprise/security/inventory.json \
-  --format markdown
-```
-
-`relevant` checks:
-
-1. Is there a local advisory record for the CVE?
-2. Which package and version range are affected?
-3. Which services contain the vulnerable package version?
-4. Are those services exposed?
-5. Does source code reference vulnerable symbols such as `upload.single` or `multer(`?
-
-Example result:
-
-```txt
-CVE-2026-41001: relevant (critical)
-
-Evidence:
-- Found multer 1.4.4 in services/checkout-api/package-lock.json.
-- Reachable symbol upload.single in src/uploads.ts.
-- checkout-api has public ingress: https://checkout.example.com/v1/receipts.
-
-Recommended actions:
-- Upgrade multer to >=1.4.5-lts.1.
-- Restrict public upload endpoints until patched.
-- Search access logs for unusual multipart upload paths.
-```
-
-That output gives AppSec, engineering, and incident response a shared artifact: vulnerable dependency, reachable code path, exposed service, and suggested next actions.
-
-### Example 2: Check Whether Threat Indicators Appear In Logs
-
-A threat report publishes suspicious IPs and domains. You want to know whether those indicators appear in local Okta, proxy, CloudTrail, or server logs.
-
-Run:
-
-```bash
-relevant ioc \
-  --indicators examples/enterprise/security/cisa-aa26-141a.iocs \
-  --logs examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log \
-  --logs examples/enterprise/security/logs/zscaler-web-prod-2026-05-21.log \
-  --format json
-```
-
-Example result:
-
-```json
-{
-  "totalMatches": 2,
-  "matches": [
-    {
-      "indicator": "203.0.113.77",
-      "type": "ip",
-      "line": 3
-    },
-    {
-      "indicator": "evil-update.example",
-      "type": "domain",
-      "line": 1
-    }
-  ]
-}
-```
-
-That helps a SOC analyst quickly move from "this IOC exists in a feed" to "this IOC appears in these local files on these lines."
-
-### Example 3: Build A Local Advisory File From OSV
-
-When you want broader advisory coverage, import OSV records for dependencies found in your inventory:
-
-```bash
-relevant import osv \
-  --workspace examples/enterprise \
-  --inventory examples/enterprise/security/inventory.json \
-  --output examples/enterprise/security/osv-advisories.json
-```
-
-After that, later CVE/GHSA checks can use the local file without calling OSV again:
-
-```bash
-relevant cve GHSA-example-id \
-  --workspace examples/enterprise \
-  --inventory examples/enterprise/security/inventory.json \
-  --advisories examples/enterprise/security/osv-advisories.json
-```
-
-## Status
-
-This project is a **developer preview**. It is useful today for local experiments, demos, evidence collection, and early workflow design, but it is not a replacement for a vulnerability management platform, SIEM, SCA product, or incident response process.
-
-What is ready:
-
-- Deterministic local CVE relevance checks.
-- Local IOC matching across plain and gzip logs.
-- Service exposure inventory support.
-- Reachability evidence from source-code symbol search.
-- Explicit OSV advisory import.
-- JSON, JSONL, Markdown, SARIF, and terminal output.
-- Interactive command shell with profiles, history, completions, modules, and exports.
-- Cross-platform CI for Node 20 and 22 on Linux, macOS, and Windows.
-
-What is still evolving:
-
-- OSV multi-affected and multi-range normalization.
-- NVD and CISA KEV import.
-- Deeper SBOM support.
-- Docker image and Kubernetes exposure analysis.
-- Full YARA and Sigma engines.
-- More precise reachability analysis.
-
-## Design Goals
-
-- Local-first by default.
-- Evidence over opaque risk scores.
-- Small enough to inspect.
-- Useful in terminals, scripts, tickets, and CI jobs.
-- Honest about uncertainty and limitations.
-
+# relevant
+
+[![CI](https://github.com/MistanKh/relsec/actions/workflows/ci.yml/badge.svg)](https://github.com/MistanKh/relsec/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Node.js >=20](https://img.shields.io/badge/node-%3E%3D20-339933.svg)](package.json)
+
+Local-first security relevance for CVEs, advisories, IOCs, dependencies, logs, and service exposure.
+
+`relevant` helps answer the question most scanners leave to humans:
+
+> Does this finding actually matter in this environment?
+
+It is an open-source alpha for security engineers, AppSec teams, SOC analysts, platform teams, and curious builders who want evidence-first triage without sending code, logs, or inventories to a hosted service.
+
+The package name is `relsec`, and the CLI is exposed as both `relevant` and `relsec`.
+
+## The Problem
+
+Modern teams receive security findings faster than they can investigate them:
+
+- A scanner says a dependency is vulnerable.
+- A vendor advisory says a package needs urgent patching.
+- A threat feed publishes IPs, domains, hashes, or other indicators.
+- A SOC alert references activity that may or may not exist in local logs.
+- A spreadsheet says a service is internet-facing, but nobody is sure which repo owns it.
+
+The hard part is not seeing the alert. The hard part is proving whether it matters in your environment.
+
+For example, imagine a critical upload-library CVE lands during a release freeze. A scanner flags `multer` somewhere in your monorepo. Before waking up every service owner, you need answers:
+
+- Which service actually has the vulnerable version?
+- Is that service internet-facing or internal-only?
+- Is the vulnerable upload API used in source code?
+- What evidence can be pasted into a ticket?
+- What should be done next?
+
+`relevant` turns that into a local evidence-gathering workflow instead of a meeting.
+
+## What This Tool Does
+
+`relevant` reads local files and connects several pieces of security context:
+
+| Input | What it uses it for |
+| --- | --- |
+| Dependency manifests | Finds vulnerable package versions in `package-lock.json`, `requirements.txt`, and SBOM files. |
+| Advisory data | Maps CVEs, GHSA IDs, or imported OSV records to affected packages, ranges, and risky symbols. |
+| Service inventory | Understands whether a service is internet-facing, partner-facing, internal, or unknown. |
+| Source code | Searches for vulnerable symbols or APIs that make a package actually reachable. |
+| Logs | Matches IOCs against local log files, including gzip-compressed logs. |
+| Reports | Produces terminal, JSON, JSONL, Markdown, and SARIF output for humans and automation. |
+
+It does not try to replace a scanner. It helps explain scanner output with local evidence.
+
+## Real-World Examples
+
+### Example 1: Triage A Dependency CVE
+
+You receive a CVE for a vulnerable upload parser. Your scanner reports that `multer` exists somewhere in the repo.
+
+Run:
+
+```bash
+relevant cve CVE-2026-41001 \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --format markdown
+```
+
+`relevant` checks:
+
+1. Is there a local advisory record for the CVE?
+2. Which package and version range are affected?
+3. Which services contain the vulnerable package version?
+4. Are those services exposed?
+5. Does source code reference vulnerable symbols such as `upload.single` or `multer(`?
+
+Example result:
+
+```txt
+CVE-2026-41001: relevant (critical)
+
+Evidence:
+- Found multer 1.4.4 in services/checkout-api/package-lock.json.
+- Reachable symbol upload.single in src/uploads.ts.
+- checkout-api has public ingress: https://checkout.example.com/v1/receipts.
+
+Recommended actions:
+- Upgrade multer to >=1.4.5-lts.1.
+- Restrict public upload endpoints until patched.
+- Search access logs for unusual multipart upload paths.
+```
+
+That output gives AppSec, engineering, and incident response a shared artifact: vulnerable dependency, reachable code path, exposed service, and suggested next actions.
+
+### Example 2: Check Whether Threat Indicators Appear In Logs
+
+A threat report publishes suspicious IPs and domains. You want to know whether those indicators appear in local Okta, proxy, CloudTrail, or server logs.
+
+Run:
+
+```bash
+relevant ioc \
+  --indicators examples/enterprise/security/cisa-aa26-141a.iocs \
+  --logs examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log \
+  --logs examples/enterprise/security/logs/zscaler-web-prod-2026-05-21.log \
+  --format json
+```
+
+Example result:
+
+```json
+{
+  "totalMatches": 2,
+  "matches": [
+    {
+      "indicator": "203.0.113.77",
+      "type": "ip",
+      "line": 3
+    },
+    {
+      "indicator": "evil-update.example",
+      "type": "domain",
+      "line": 1
+    }
+  ]
+}
+```
+
+That helps a SOC analyst quickly move from "this IOC exists in a feed" to "this IOC appears in these local files on these lines."
+
+### Example 3: Build A Local Advisory File From OSV
+
+When you want broader advisory coverage, import OSV records for dependencies found in your inventory:
+
+```bash
+relevant import osv \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --output examples/enterprise/security/osv-advisories.json
+```
+
+After that, later CVE/GHSA checks can use the local file without calling OSV again:
+
+```bash
+relevant cve GHSA-example-id \
+  --workspace examples/enterprise \
+  --inventory examples/enterprise/security/inventory.json \
+  --advisories examples/enterprise/security/osv-advisories.json
+```
+
+## Status
+
+This project is a **developer preview**. It is useful today for local experiments, demos, evidence collection, and early workflow design, but it is not a replacement for a vulnerability management platform, SIEM, SCA product, or incident response process.
+
+What is ready:
+
+- Deterministic local CVE relevance checks.
+- Local IOC matching across plain and gzip logs.
+- Service exposure inventory support.
+- Reachability evidence from source-code symbol search.
+- Explicit OSV advisory import.
+- JSON, JSONL, Markdown, SARIF, and terminal output.
+- Interactive command shell with profiles, history, completions, modules, and exports.
+- Cross-platform CI for Node 20 and 22 on Linux, macOS, and Windows.
+
+What is still evolving:
+
+- OSV multi-affected and multi-range normalization.
+- NVD and CISA KEV import.
+- Deeper SBOM support.
+- Docker image and Kubernetes exposure analysis.
+- Full YARA and Sigma engines.
+- More precise reachability analysis.
+
+## Design Goals
+
+- Local-first by default.
+- Evidence over opaque risk scores.
+- Small enough to inspect.
+- Useful in terminals, scripts, tickets, and CI jobs.
+- Honest about uncertainty and limitations.
+
 ## Quick Start
 
 Install from npm:
@@ -196,16 +196,16 @@ npm install
 npm run build
 node dist/cli.js cve CVE-2026-41001 --workspace examples/enterprise --inventory examples/enterprise/security/inventory.json --format markdown
 ```
-
-Example output:
-
-```txt
-CVE-2026-41001: relevant (critical)
-Multer multipart upload path traversal in file field handling: vulnerable package is reachable from an externally exposed service.
-```
-
-## Quick Command Examples
-
+
+Example output:
+
+```txt
+CVE-2026-41001: relevant (critical)
+Multer multipart upload path traversal in file field handling: vulnerable package is reachable from an externally exposed service.
+```
+
+## Quick Command Examples
+
 Check whether a CVE matters locally:
 
 ```bash
@@ -213,8 +213,8 @@ npx relsec cve CVE-2026-41001 \
   --workspace examples/enterprise \
   --inventory examples/enterprise/security/inventory.json \
   --format markdown
-```
-
+```
+
 Scan logs for indicators:
 
 ```bash
@@ -222,155 +222,155 @@ npx relsec ioc \
   --indicators examples/enterprise/security/cisa-aa26-141a.iocs \
   --logs examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log \
   --logs examples/enterprise/security/logs/zscaler-web-prod-2026-05-21.log \
-  --format json
-```
-
+  --format json
+```
+
 Open the interactive console:
 
 ```bash
 npx relsec
 ```
-
-## Commands
-
-```bash
-relevant cve <CVE-ID> --workspace . --inventory security/inventory.json --format json
-relevant ioc --indicators indicators.txt --logs auth.log --logs proxy.log --format json
-relevant import osv --workspace . --inventory security/inventory.json --output security/osv-advisories.json
-relevant advisories
-relevant version
-relevant
-```
-
-Output formats:
-
-- `text`
-- `json`
-- `jsonl`
-- `markdown`
-- `sarif`
-
-## Interactive Console
-
-Run `relevant` with no arguments to open a REPL-style command shell. It keeps session context, supports command history, profiles, named workspaces, path completion, and module-style workflows.
-
-```txt
-rel > set workspace examples/enterprise
-rel > set inventory examples/enterprise/security/inventory.json
-rel > scan CVE-2026-41001
-rel > evidence
-rel > actions
-rel > export markdown finding.md
-rel > set indicators examples/enterprise/security/cisa-aa26-141a.iocs
-rel > ioc examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log
-rel > exit
-```
-
-Module workflow:
-
-```txt
-rel > use cve
-rel(cve) > set cve CVE-2026-41001
-rel(cve) > show options
-rel(cve) > run
-rel(cve) > back
-rel > show modules
-```
-
-Available modules:
-
-- `cve`: dependency CVE relevance
-- `ioc`: IOC log matching
-- `exposure`: externally exposed services
-- `sbom`: dependency inventory
-- `secrets`: obvious local secret patterns
-- `cloudtrail`: CloudTrail triage heuristics
-- `auth`: identity/auth log triage heuristics
-- `yara`: simple YARA literal rules
-- `sigma`: simple Sigma keyword rules
-
-## Example Environment
-
-`examples/enterprise` is a dummy environment for testing and demos:
-
-- `checkout-api`: internet-facing Node service with vulnerable reachable `multer` upload usage.
-- `ml-worker`: internal Python worker with a vulnerable package version but no vulnerable parser reachability.
-- Okta, Zscaler, and AWS CloudTrail-style logs.
-- CISA-style IOC list.
-- Service exposure inventory.
-
-No real customer data is included.
-
-## Privacy Model
-
-Normal scans are local-first:
-
-- CVE analysis reads local manifests, inventories, source files, SBOMs, and advisory files.
-- IOC analysis reads local logs directly.
-- Reports are written locally.
-- No telemetry is collected.
-- No cloud API is used during normal scans.
-
-The `import osv` command is the one intentional networked workflow. It sends discovered package names, ecosystems, and versions to the configured OSV API endpoint, then writes normalized advisory records to a local file for later offline use.
-
-## Limitations
-
-This is an alpha project with deliberate constraints:
-
-- CVE relevance depends on advisory quality, manifest coverage, inventory accuracy, and symbol search.
-- Reachability is currently evidence-oriented string matching, not full program analysis.
-- OSV import does not yet preserve every multi-affected or multi-range advisory shape.
-- YARA support handles literal string rules, not the full YARA language.
-- Sigma support handles simple keyword-style rules, not a full Sigma backend.
-- CloudTrail and auth modules are deterministic triage heuristics, not SIEM replacements.
-- Secret detection is heuristic and should not replace dedicated secret scanning.
-- Generated reports may contain sensitive local evidence.
-
-## Development
-
-```bash
-npm install
-npm run typecheck
-npm test
-npm run build
-```
-
-Full local release gate:
-
-```bash
-npm run release:check
-npm run pack:dry-run
-```
-
-CI runs typecheck, tests, build, and package dry-run on Node 20 and 22 across Linux, macOS, and Windows.
-
-## Contributing
-
-Contributions are welcome. Good first areas:
-
-- More fixture environments.
-- Additional advisory import formats.
-- Better SBOM parsing.
-- More report templates.
-- Safer scanner heuristics.
-- Documentation and examples.
-
-Please read [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request.
-
-## Roadmap
-
-- Preserve OSV multi-affected and multi-range records.
-- Add NVD and CISA KEV import.
-- Expand CycloneDX and SPDX support.
-- Add Docker image and Kubernetes manifest exposure analysis.
-- Add GitHub and Jira export templates.
-- Add optional local summarization through Ollama or LM Studio.
-- Improve reachability analysis while keeping the tool local-first.
-
-## Security
-
-See [SECURITY.md](SECURITY.md) for the security model, network behavior, sensitive data guidance, and vulnerability reporting notes.
-
-## License
-
-MIT. See [LICENSE](LICENSE).
+
+## Commands
+
+```bash
+relevant cve <CVE-ID> --workspace . --inventory security/inventory.json --format json
+relevant ioc --indicators indicators.txt --logs auth.log --logs proxy.log --format json
+relevant import osv --workspace . --inventory security/inventory.json --output security/osv-advisories.json
+relevant advisories
+relevant version
+relevant
+```
+
+Output formats:
+
+- `text`
+- `json`
+- `jsonl`
+- `markdown`
+- `sarif`
+
+## Interactive Console
+
+Run `relevant` with no arguments to open a REPL-style command shell. It keeps session context, supports command history, profiles, named workspaces, path completion, and module-style workflows.
+
+```txt
+rel > set workspace examples/enterprise
+rel > set inventory examples/enterprise/security/inventory.json
+rel > scan CVE-2026-41001
+rel > evidence
+rel > actions
+rel > export markdown finding.md
+rel > set indicators examples/enterprise/security/cisa-aa26-141a.iocs
+rel > ioc examples/enterprise/security/logs/okta-auth-prod-2026-05-21.log
+rel > exit
+```
+
+Module workflow:
+
+```txt
+rel > use cve
+rel(cve) > set cve CVE-2026-41001
+rel(cve) > show options
+rel(cve) > run
+rel(cve) > back
+rel > show modules
+```
+
+Available modules:
+
+- `cve`: dependency CVE relevance
+- `ioc`: IOC log matching
+- `exposure`: externally exposed services
+- `sbom`: dependency inventory
+- `secrets`: obvious local secret patterns
+- `cloudtrail`: CloudTrail triage heuristics
+- `auth`: identity/auth log triage heuristics
+- `yara`: simple YARA literal rules
+- `sigma`: simple Sigma keyword rules
+
+## Example Environment
+
+`examples/enterprise` is a dummy environment for testing and demos:
+
+- `checkout-api`: internet-facing Node service with vulnerable reachable `multer` upload usage.
+- `ml-worker`: internal Python worker with a vulnerable package version but no vulnerable parser reachability.
+- Okta, Zscaler, and AWS CloudTrail-style logs.
+- CISA-style IOC list.
+- Service exposure inventory.
+
+No real customer data is included.
+
+## Privacy Model
+
+Normal scans are local-first:
+
+- CVE analysis reads local manifests, inventories, source files, SBOMs, and advisory files.
+- IOC analysis reads local logs directly.
+- Reports are written locally.
+- No telemetry is collected.
+- No cloud API is used during normal scans.
+
+The `import osv` command is the one intentional networked workflow. It sends discovered package names, ecosystems, and versions to the configured OSV API endpoint, then writes normalized advisory records to a local file for later offline use.
+
+## Limitations
+
+This is an alpha project with deliberate constraints:
+
+- CVE relevance depends on advisory quality, manifest coverage, inventory accuracy, and symbol search.
+- Reachability is currently evidence-oriented string matching, not full program analysis.
+- OSV import does not yet preserve every multi-affected or multi-range advisory shape.
+- YARA support handles literal string rules, not the full YARA language.
+- Sigma support handles simple keyword-style rules, not a full Sigma backend.
+- CloudTrail and auth modules are deterministic triage heuristics, not SIEM replacements.
+- Secret detection is heuristic and should not replace dedicated secret scanning.
+- Generated reports may contain sensitive local evidence.
+
+## Development
+
+```bash
+npm install
+npm run typecheck
+npm test
+npm run build
+```
+
+Full local release gate:
+
+```bash
+npm run release:check
+npm run pack:dry-run
+```
+
+CI runs typecheck, tests, build, and package dry-run on Node 20 and 22 across Linux, macOS, and Windows.
+
+## Contributing
+
+Contributions are welcome. Good first areas:
+
+- More fixture environments.
+- Additional advisory import formats.
+- Better SBOM parsing.
+- More report templates.
+- Safer scanner heuristics.
+- Documentation and examples.
+
+Please read [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request.
+
+## Roadmap
+
+- Preserve OSV multi-affected and multi-range records.
+- Add NVD and CISA KEV import.
+- Expand CycloneDX and SPDX support.
+- Add Docker image and Kubernetes manifest exposure analysis.
+- Add GitHub and Jira export templates.
+- Add optional local summarization through Ollama or LM Studio.
+- Improve reachability analysis while keeping the tool local-first.
+
+## Security
+
+See [SECURITY.md](SECURITY.md) for the security model, network behavior, sensitive data guidance, and vulnerability reporting notes.
+
+## License
+
+MIT. See [LICENSE](LICENSE).

package/SECURITY.md

@@ -1,36 +1,36 @@
-# Security and Privacy
-
-`relevant` is designed as a local-first security relevance CLI.
-
-## Local-First Behavior
-
-- CVE relevance analysis runs against local manifests, inventory files, source files, SBOMs, and logs.
-- IOC scans read local log files directly.
-- No telemetry is collected.
-- No project files, logs, indicators, or results are uploaded by default.
-
-## Network Access
-
-The current CLI does not make network requests during normal scans.
-
-The `import osv` command fetches public advisory data from OSV only when explicitly requested by the user. It sends discovered package names, ecosystems, and versions to the configured OSV API endpoint and writes the normalized advisory records to a local file for later offline scans.
-
-Future advisory import commands must document the target source and the identifiers being requested before they are enabled by default.
-
-## Sensitive Data
-
-The tool may process sensitive local logs, secrets, inventories, and source code. Treat generated reports as sensitive unless reviewed.
-
-The `secrets` module redacts obvious secret values in output, but it is heuristic and not a substitute for a dedicated secret-scanning product.
-
-## Detector Limitations
-
-- CVE relevance depends on available advisory data, manifest coverage, inventory accuracy, and simple symbol reachability.
-- YARA support currently handles literal string rules. It is not a full YARA engine.
-- Sigma support currently handles simple keyword-style rules. It is not a full Sigma backend.
-- CloudTrail and auth modules use deterministic heuristics for local triage.
-- False positives and false negatives are expected.
-
-## Reporting Vulnerabilities
-
-Before public release, use private issue reporting in the repository or contact the maintainer directly. Do not publish exploit details until a fix is available.
+# Security and Privacy
+
+`relevant` is designed as a local-first security relevance CLI.
+
+## Local-First Behavior
+
+- CVE relevance analysis runs against local manifests, inventory files, source files, SBOMs, and logs.
+- IOC scans read local log files directly.
+- No telemetry is collected.
+- No project files, logs, indicators, or results are uploaded by default.
+
+## Network Access
+
+The current CLI does not make network requests during normal scans.
+
+The `import osv` command fetches public advisory data from OSV only when explicitly requested by the user. It sends discovered package names, ecosystems, and versions to the configured OSV API endpoint and writes the normalized advisory records to a local file for later offline scans.
+
+Future advisory import commands must document the target source and the identifiers being requested before they are enabled by default.
+
+## Sensitive Data
+
+The tool may process sensitive local logs, secrets, inventories, and source code. Treat generated reports as sensitive unless reviewed.
+
+The `secrets` module redacts obvious secret values in output, but it is heuristic and not a substitute for a dedicated secret-scanning product.
+
+## Detector Limitations
+
+- CVE relevance depends on available advisory data, manifest coverage, inventory accuracy, and simple symbol reachability.
+- YARA support currently handles literal string rules. It is not a full YARA engine.
+- Sigma support currently handles simple keyword-style rules. It is not a full Sigma backend.
+- CloudTrail and auth modules use deterministic heuristics for local triage.
+- False positives and false negatives are expected.
+
+## Reporting Vulnerabilities
+
+Before public release, use private issue reporting in the repository or contact the maintainer directly. Do not publish exploit details until a fix is available.

package/dist/theme.js

@@ -14,17 +14,14 @@ export const colors = {
 export function renderBanner(input) {
     const width = 76;
     return [
-        `${colors.red}${colors.bold}          __                     __${colors.reset}`,
-        `${colors.red}${colors.bold}   _____ / /__ _   __ ___ _ ____ / /_${colors.reset}`,
-        `${colors.red}${colors.bold}  / ___// //_/| | / // _ \`// __// __/${colors.reset}`,
-        `${colors.red}${colors.bold} / /   / ,<   | |/ //  __// /  / /_${colors.reset}`,
-        `${colors.red}${colors.bold}/_/   /_/|_|  |___/ \\___//_/   \\__/${colors.reset}`,
-        `${colors.muted}        relevant console · local-first security relevance${colors.reset}`,
-        `${colors.muted}${'─'.repeat(width)}${colors.reset}`,
-        `${colors.muted}workspace ${colors.reset}${colors.text}${input.workspace}${colors.reset}`,
-        `${colors.muted}inventory ${colors.reset}${colors.text}${input.inventory ?? 'not set'}${colors.reset}`,
-        `${colors.muted}${'─'.repeat(width)}${colors.reset}`,
-        `${colors.muted}type ${colors.yellow}help${colors.muted} for commands, ${colors.yellow}exit${colors.muted} to quit${colors.reset}`,
+        `${colors.bold}${colors.text}relsec / relevant${colors.reset}`,
+        `${colors.muted}local-first security relevance${colors.reset}`,
+        divider(width),
+        labeledRow('Workspace', input.workspace),
+        labeledRow('Inventory', input.inventory ?? 'not set'),
+        labeledRow('Mode', 'interactive console'),
+        divider(width),
+        `${colors.muted}Use ${colors.yellow}help${colors.muted} for commands, ${colors.yellow}show options${colors.muted} for context, ${colors.yellow}exit${colors.muted} to quit.${colors.reset}`,
         ''
     ].join('\n');
 }
@@ -32,29 +29,34 @@ export function renderResultCard(result) {
     const badge = verdictBadge(result.verdict);
     const risk = riskBadge(result.risk);
     return [
-        `${colors.bold}${colors.text}${result.subject}${colors.reset}  ${badge} ${risk}`,
-        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
-        wrap(result.summary, 76),
+        `${colors.bold}${colors.text}${result.subject}${colors.reset}`,
+        `${colors.muted}Verdict${colors.reset} ${badge}  ${colors.muted}Risk${colors.reset} ${risk}`,
+        divider(76),
+        section('Summary'),
+        indent(wrap(result.summary, 72)),
         '',
-        `${colors.blue}${colors.bold}Affected${colors.reset}`,
-        ...(result.affectedComponents.length > 0
-            ? result.affectedComponents.map((component) => `  ${colors.muted}•${colors.reset} ${component}`)
-            : [`  ${colors.muted}• none${colors.reset}`]),
+        section('Affected Components'),
+        ...bulletList(result.affectedComponents, 'none'),
         '',
-        `${colors.blue}${colors.bold}Evidence${colors.reset}`,
-        ...result.evidence.map((item) => `  ${colors.muted}•${colors.reset} ${item}`),
+        section('Evidence'),
+        ...bulletList(result.evidence, 'none'),
         '',
-        `${colors.blue}${colors.bold}Actions${colors.reset}`,
-        ...result.recommendedActions.map((item) => `  ${colors.muted}•${colors.reset} ${item}`)
+        section('Recommended Actions'),
+        ...bulletList(result.recommendedActions, 'none')
     ].join('\n');
 }
 export function renderIocSummary(result) {
+    const rows = result.matches.map((match) => [
+        match.indicator,
+        match.type,
+        `${match.file}:${match.line}`,
+        match.text
+    ]);
     return [
-        `${colors.bold}${colors.text}IOC matches${colors.reset}  ${riskBadge(result.totalMatches > 0 ? 'high' : 'low')} ${result.totalMatches}`,
-        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
-        ...(result.matches.length > 0
-            ? result.matches.map((match) => `  ${colors.muted}•${colors.reset} ${colors.yellow}${match.indicator}${colors.reset} ${colors.muted}${match.type}${colors.reset} ${match.file}:${match.line}`)
-            : [`  ${colors.muted}• no indicators matched${colors.reset}`])
+        `${colors.bold}${colors.text}IOC scan summary${colors.reset}`,
+        `${colors.muted}IOC matches${colors.reset} ${riskBadge(result.totalMatches > 0 ? 'high' : 'low')} ${colors.text}${result.totalMatches}${colors.reset}`,
+        divider(76),
+        ...(rows.length > 0 ? iocTable(rows) : [`  ${colors.muted}No indicators matched.${colors.reset}`])
     ].join('\n');
 }
 export function renderStatus(input) {
@@ -69,24 +71,33 @@ export function renderStatus(input) {
 export function renderHelp() {
     return [
         `${colors.bold}${colors.text}Interactive commands${colors.reset}`,
-        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
-        table([
+        divider(76),
+        commandSection('Context', [
             ['set workspace <path>', 'set repo/environment root'],
             ['set inventory <path>', 'set service exposure inventory'],
             ['set indicators <path>', 'set IOC list'],
             ['set format <text|json|markdown>', 'change output mode'],
             ['set logdir <dir> / set logglob <glob>', 'discover log files for hunts'],
             ['set target <path> / set rule <path>', 'set target/rule for scanner modules'],
+            ['show options/modules/advisories', 'inspect console state']
+        ]),
+        '',
+        commandSection('Scanning', [
             ['use <module>', 'select cve/ioc/exposure/sbom/secrets/cloudtrail/auth/yara/sigma'],
-            ['show options/modules/advisories', 'inspect console state'],
             ['run', 'execute selected module'],
             ['back', 'clear selected module'],
             ['cve <CVE-ID>', 'scan using current workspace/inventory'],
             ['scan <CVE-ID>', 'alias for cve'],
             ['ioc <log> [more logs]', 'scan logs using current indicators'],
-            ['explain / evidence / actions', 'inspect last CVE result'],
+            ['explain / evidence / actions', 'inspect last CVE result']
+        ]),
+        '',
+        commandSection('Output', [
             ['export markdown <file>', 'write last result as Markdown'],
-            ['export json <file>', 'write last result as JSON'],
+            ['export json <file>', 'write last result as JSON']
+        ]),
+        '',
+        commandSection('Session', [
             ['config save | config show', 'persist or inspect defaults'],
             ['profile save/use/list', 'save and restore console profiles'],
             ['workspace add/use/list', 'manage named workspaces'],
@@ -157,6 +168,40 @@ function table(rows) {
         .map(([key, value]) => `  ${colors.muted}${key.padEnd(keyWidth)}${colors.reset}  ${colors.text}${value}${colors.reset}`)
         .join('\n');
 }
+function divider(width) {
+    return `${colors.muted}${'─'.repeat(width)}${colors.reset}`;
+}
+function labeledRow(label, value) {
+    return `  ${colors.muted}${label.padEnd(10)}${colors.reset} ${colors.text}${value}${colors.reset}`;
+}
+function section(title) {
+    return `${colors.blue}${colors.bold}${title}${colors.reset}`;
+}
+function commandSection(title, rows) {
+    return [section(title), table(rows)].join('\n');
+}
+function bulletList(items, empty) {
+    const values = items.length > 0 ? items : [empty];
+    return values.map((item) => `  ${colors.muted}•${colors.reset} ${item}`);
+}
+function indent(value) {
+    return value
+        .split('\n')
+        .map((line) => `  ${line}`)
+        .join('\n');
+}
+function iocTable(rows) {
+    const indicatorWidth = Math.min(28, Math.max('Indicator'.length, ...rows.map(([indicator]) => indicator.length)));
+    const typeWidth = Math.min(10, Math.max('Type'.length, ...rows.map(([, type]) => type.length)));
+    const locationWidth = Math.min(28, Math.max('Location'.length, ...rows.map(([, , location]) => location.length)));
+    const header = `  ${colors.muted}${'Indicator'.padEnd(indicatorWidth)}  ${'Type'.padEnd(typeWidth)}  ${'Location'.padEnd(locationWidth)}${colors.reset}`;
+    const line = `  ${colors.muted}${'-'.repeat(indicatorWidth)}  ${'-'.repeat(typeWidth)}  ${'-'.repeat(locationWidth)}${colors.reset}`;
+    const body = rows.flatMap(([indicator, type, location, text]) => [
+        `  ${colors.yellow}${truncate(indicator, indicatorWidth).padEnd(indicatorWidth)}${colors.reset}  ${colors.text}${truncate(type, typeWidth).padEnd(typeWidth)}${colors.reset}  ${colors.text}${truncate(location, locationWidth).padEnd(locationWidth)}${colors.reset}`,
+        `  ${colors.muted}${indent(wrap(text, 70)).trimStart()}${colors.reset}`
+    ]);
+    return [header, line, ...body];
+}
 function optionTable(rows) {
     const nameWidth = Math.max('Name'.length, ...rows.map(([name]) => name.length));
     const valueWidth = Math.min(36, Math.max('Current Setting'.length, ...rows.map(([, value]) => stripAnsi(value).length)));

package/dist/theme.js.map

@@ -1 +1 @@
-{"version":3,"file":"theme.js","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,KAAK,EAAE,SAAS;IAChB,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,SAAS;IACd,KAAK,EAAE,wBAAwB;IAC/B,MAAM,EAAE,wBAAwB;IAChC,GAAG,EAAE,wBAAwB;IAC7B,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,wBAAwB;IAC/B,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,wBAAwB;CAChC,CAAC;AAEF,MAAM,UAAU,YAAY,CAAC,KAAgD;IAC3E,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,OAAO;QACL,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,sCAAsC,MAAM,CAAC,KAAK,EAAE;QAC/E,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,wCAAwC,MAAM,CAAC,KAAK,EAAE;QACjF,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,yCAAyC,MAAM,CAAC,KAAK,EAAE;QAClF,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,sCAAsC,MAAM,CAAC,KAAK,EAAE;QAC/E,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,wCAAwC,MAAM,CAAC,KAAK,EAAE;QACjF,GAAG,MAAM,CAAC,KAAK,4DAA4D,MAAM,CAAC,KAAK,EAAE;QACzF,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACpD,GAAG,MAAM,CAAC,KAAK,aAAa,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE;QACzF,GAAG,MAAM,CAAC,KAAK,aAAa,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,SAAS,IAAI,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE;QACtG,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACpD,GAAG,MAAM,CAAC,KAAK,QAAQ,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,kBAAkB,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,WAAW,MAAM,CAAC,KAAK,EAAE;QAClI,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAuB;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,KAAK,KAAK,IAAI,IAAI,EAAE;QAChF,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;QACxB,EAAE;QACF,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE;QACrD,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC;YACtC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC;YAChG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,KAAK,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/C,EAAE;QACF,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE;QACrD,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7E,EAAE;QACF,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE;QACpD,GAAG,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;KACxF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,cAAc,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE;QACvI,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAC3B,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YAC9L,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,KAAK,0BAA0B,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;KACjE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAM5B;IACC,OAAO,KAAK,CAAC;QACX,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;QAC9B,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QAC3C,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;QAC7C,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;QACxB,CAAC,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,OAAO,IAAI,MAAM,CAAC;KAC9C,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,uBAAuB,MAAM,CAAC,KAAK,EAAE;QACjE,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,KAAK,CAAC;YACJ,CAAC,sBAAsB,EAAE,2BAA2B,CAAC;YACrD,CAAC,sBAAsB,EAAE,gCAAgC,CAAC;YAC1D,CAAC,uBAAuB,EAAE,cAAc,CAAC;YACzC,CAAC,iCAAiC,EAAE,oBAAoB,CAAC;YACzD,CAAC,uCAAuC,EAAE,8BAA8B,CAAC;YACzE,CAAC,qCAAqC,EAAE,qCAAqC,CAAC;YAC9E,CAAC,cAAc,EAAE,iEAAiE,CAAC;YACnF,CAAC,iCAAiC,EAAE,uBAAuB,CAAC;YAC5D,CAAC,KAAK,EAAE,yBAAyB,CAAC;YAClC,CAAC,MAAM,EAAE,uBAAuB,CAAC;YACjC,CAAC,cAAc,EAAE,wCAAwC,CAAC;YAC1D,CAAC,eAAe,EAAE,eAAe,CAAC;YAClC,CAAC,uBAAuB,EAAE,oCAAoC,CAAC;YAC/D,CAAC,8BAA8B,EAAE,yBAAyB,CAAC;YAC3D,CAAC,wBAAwB,EAAE,+BAA+B,CAAC;YAC3D,CAAC,oBAAoB,EAAE,2BAA2B,CAAC;YACnD,CAAC,2BAA2B,EAAE,6BAA6B,CAAC;YAC5D,CAAC,uBAAuB,EAAE,mCAAmC,CAAC;YAC9D,CAAC,wBAAwB,EAAE,yBAAyB,CAAC;YACrD,CAAC,8BAA8B,EAAE,8BAA8B,CAAC;YAChE,CAAC,aAAa,EAAE,2BAA2B,CAAC;YAC5C,CAAC,YAAY,EAAE,mBAAmB,CAAC;YACnC,CAAC,MAAM,EAAE,MAAM,CAAC;SACjB,CAAC;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAQ7B;IACC,MAAM,IAAI,GAAoC;QAC5C,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC;QACvD,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,eAAe,CAAC;KAC1C,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,EAAE,4BAA4B,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,IAAI,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;IAC9F,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,iBAAiB,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE;QACpI,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,WAAW,CAAC,IAAI,CAAC;KAClB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,GAAW,EAAE,KAAa;IAClD,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,GAAG,GAAG,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;AACxH,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,OAAO,EAAE,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,OAAO,GAAG,MAAM,CAAC,GAAG,QAAQ,MAAM,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,MAAe;IACpC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/C,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACnC,IAAI,OAAO,KAAK,UAAU;QAAE,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE,CAAC;IACxF,IAAI,OAAO,KAAK,cAAc;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,eAAe,MAAM,CAAC,KAAK,EAAE,CAAC;IAClG,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACrH,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACpF,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IAC7E,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,KAAK,CAAC,IAA6B;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,OAAO,IAAI;SACR,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;SACvH,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,IAAqC;IACxD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACzH,MAAM,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,iBAAiB,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,MAAM,CAAC,KAAK,EAAE,CAAC;IACnI,MAAM,OAAO,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACzH,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,EAAE,CACnD,KAAK,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,GAAG,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,CAC3L,CAAC;IACF,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAW;IAC1C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AACpD,CAAC;AAED,SAAS,IAAI,CAAC,KAAa,EAAE,KAAa;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,GAAG,OAAO,IAAI,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"theme.js","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,KAAK,EAAE,SAAS;IAChB,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,SAAS;IACd,KAAK,EAAE,wBAAwB;IAC/B,MAAM,EAAE,wBAAwB;IAChC,GAAG,EAAE,wBAAwB;IAC7B,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,wBAAwB;IAC/B,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,wBAAwB;CAChC,CAAC;AAEF,MAAM,UAAU,YAAY,CAAC,KAAgD;IAC3E,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,oBAAoB,MAAM,CAAC,KAAK,EAAE;QAC9D,GAAG,MAAM,CAAC,KAAK,iCAAiC,MAAM,CAAC,KAAK,EAAE;QAC9D,OAAO,CAAC,KAAK,CAAC;QACd,UAAU,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;QACxC,UAAU,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QACrD,UAAU,CAAC,MAAM,EAAE,qBAAqB,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC;QACd,GAAG,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,kBAAkB,MAAM,CAAC,MAAM,eAAe,MAAM,CAAC,KAAK,iBAAiB,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,YAAY,MAAM,CAAC,KAAK,EAAE;QAC3L,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAuB;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE;QAC9D,GAAG,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,KAAK,IAAI,KAAK,KAAK,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE;QAC5F,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,SAAS,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAChC,EAAE;QACF,OAAO,CAAC,qBAAqB,CAAC;QAC9B,GAAG,UAAU,CAAC,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC;QAChD,EAAE;QACF,OAAO,CAAC,UAAU,CAAC;QACnB,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC;QACtC,EAAE;QACF,OAAO,CAAC,qBAAqB,CAAC;QAC9B,GAAG,UAAU,CAAC,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC;KACjD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;QACzC,KAAK,CAAC,SAAS;QACf,KAAK,CAAC,IAAI;QACV,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE;QAC7B,KAAK,CAAC,IAAI;KACgC,CAAC,CAAC;IAC9C,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,mBAAmB,MAAM,CAAC,KAAK,EAAE;QAC7D,GAAG,MAAM,CAAC,KAAK,cAAc,MAAM,CAAC,KAAK,IAAI,SAAS,CAAC,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,KAAK,EAAE;QACtJ,OAAO,CAAC,EAAE,CAAC;QACX,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,KAAK,yBAAyB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;KACnG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAM5B;IACC,OAAO,KAAK,CAAC;QACX,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;QAC9B,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QAC3C,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;QAC7C,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;QACxB,CAAC,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,OAAO,IAAI,MAAM,CAAC;KAC9C,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,uBAAuB,MAAM,CAAC,KAAK,EAAE;QACjE,OAAO,CAAC,EAAE,CAAC;QACX,cAAc,CAAC,SAAS,EAAE;YACxB,CAAC,sBAAsB,EAAE,2BAA2B,CAAC;YACrD,CAAC,sBAAsB,EAAE,gCAAgC,CAAC;YAC1D,CAAC,uBAAuB,EAAE,cAAc,CAAC;YACzC,CAAC,iCAAiC,EAAE,oBAAoB,CAAC;YACzD,CAAC,uCAAuC,EAAE,8BAA8B,CAAC;YACzE,CAAC,qCAAqC,EAAE,qCAAqC,CAAC;YAC9E,CAAC,iCAAiC,EAAE,uBAAuB,CAAC;SAC7D,CAAC;QACF,EAAE;QACF,cAAc,CAAC,UAAU,EAAE;YACzB,CAAC,cAAc,EAAE,iEAAiE,CAAC;YACnF,CAAC,KAAK,EAAE,yBAAyB,CAAC;YAClC,CAAC,MAAM,EAAE,uBAAuB,CAAC;YACjC,CAAC,cAAc,EAAE,wCAAwC,CAAC;YAC1D,CAAC,eAAe,EAAE,eAAe,CAAC;YAClC,CAAC,uBAAuB,EAAE,oCAAoC,CAAC;YAC/D,CAAC,8BAA8B,EAAE,yBAAyB,CAAC;SAC5D,CAAC;QACF,EAAE;QACF,cAAc,CAAC,QAAQ,EAAE;YACvB,CAAC,wBAAwB,EAAE,+BAA+B,CAAC;YAC3D,CAAC,oBAAoB,EAAE,2BAA2B,CAAC;SACpD,CAAC;QACF,EAAE;QACF,cAAc,CAAC,SAAS,EAAE;YACxB,CAAC,2BAA2B,EAAE,6BAA6B,CAAC;YAC5D,CAAC,uBAAuB,EAAE,mCAAmC,CAAC;YAC9D,CAAC,wBAAwB,EAAE,yBAAyB,CAAC;YACrD,CAAC,8BAA8B,EAAE,8BAA8B,CAAC;YAChE,CAAC,aAAa,EAAE,2BAA2B,CAAC;YAC5C,CAAC,YAAY,EAAE,mBAAmB,CAAC;YACnC,CAAC,MAAM,EAAE,MAAM,CAAC;SACjB,CAAC;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAQ7B;IACC,MAAM,IAAI,GAAoC;QAC5C,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC;QACvD,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,eAAe,CAAC;KAC1C,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,EAAE,4BAA4B,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,IAAI,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;IAC9F,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,iBAAiB,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE;QACpI,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,WAAW,CAAC,IAAI,CAAC;KAClB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,GAAW,EAAE,KAAa;IAClD,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,GAAG,GAAG,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;AACxH,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,OAAO,EAAE,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,OAAO,GAAG,MAAM,CAAC,GAAG,QAAQ,MAAM,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,MAAe;IACpC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/C,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACnC,IAAI,OAAO,KAAK,UAAU;QAAE,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE,CAAC;IACxF,IAAI,OAAO,KAAK,cAAc;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,eAAe,MAAM,CAAC,KAAK,EAAE,CAAC;IAClG,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACrH,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACpF,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IAC7E,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,KAAK,CAAC,IAA6B;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,OAAO,IAAI;SACR,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;SACvH,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,OAAO,CAAC,KAAa;IAC5B,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,KAAa;IAC9C,OAAO,KAAK,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;AACrG,CAAC;AAED,SAAS,OAAO,CAAC,KAAa;IAC5B,OAAO,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,IAA6B;IAClE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,KAAa;IAChD,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAClD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK;SACT,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;SAC1B,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,IAA6C;IAC7D,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAClH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAChG,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,AAAD,EAAG,QAAQ,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAClH,MAAM,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACzJ,MAAM,IAAI,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACrI,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,IAAI,GAAG,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACtQ,KAAK,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE;KACxE,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,WAAW,CAAC,IAAqC;IACxD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACzH,MAAM,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,iBAAiB,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,MAAM,CAAC,KAAK,EAAE,CAAC;IACnI,MAAM,OAAO,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACzH,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,EAAE,CACnD,KAAK,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,GAAG,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,CAC3L,CAAC;IACF,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAW;IAC1C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AACpD,CAAC;AAED,SAAS,IAAI,CAAC,KAAa,EAAE,KAAa;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,GAAG,OAAO,IAAI,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/version-info.d.ts

@@ -1 +1 @@
-export declare const VERSION = "0.1.0";
+export declare const VERSION = "0.1.1";

package/dist/version-info.js

@@ -1,2 +1,2 @@
-export const VERSION = '0.1.0';
+export const VERSION = '0.1.1';
 //# sourceMappingURL=version-info.js.map

package/package.json

@@ -1,64 +1,65 @@
-{
-  "name": "relsec",
-  "version": "0.1.0",
-  "description": "Local-first security relevance CLI for CVEs, advisories, IOCs, repos, and enterprise evidence.",
-  "license": "MIT",
-  "author": "MistanKh",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/MistanKh/relsec.git"
-  },
-  "bugs": {
-    "url": "https://github.com/MistanKh/relsec/issues"
-  },
-  "homepage": "https://github.com/MistanKh/relsec#readme",
-  "type": "module",
-  "bin": {
-    "relevant": "dist/cli.js",
-    "relsec": "dist/cli.js"
-  },
-  "exports": {
-    ".": {
-      "types": "./dist/cli.d.ts",
-      "import": "./dist/cli.js"
-    }
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "SECURITY.md",
-    "LICENSE",
-    "docs"
-  ],
-  "scripts": {
-    "test": "vitest run",
-    "typecheck": "tsc -p tsconfig.json --noEmit",
-    "build": "tsc -p tsconfig.build.json",
-    "dev": "tsx src/cli.ts",
-    "release:check": "npm run typecheck && npm test && npm run build",
-    "pack:dry-run": "npm pack --dry-run",
-    "prepack": "npm run release:check"
-  },
-  "keywords": [
-    "security",
-    "cve",
-    "ioc",
-    "sbom",
-    "soc",
-    "appsec",
-    "cli"
-  ],
-  "engines": {
-    "node": ">=20"
-  },
-  "devDependencies": {
-    "@types/node": "^22.15.29",
-    "@types/semver": "^7.7.1",
-    "tsx": "^4.19.4",
-    "typescript": "^5.8.3",
-    "vitest": "^3.2.4"
-  },
-  "dependencies": {
-    "semver": "^7.8.1"
-  }
-}
+{
+  "name": "relsec",
+  "version": "0.1.1",
+  "description": "Local-first security relevance CLI for CVEs, advisories, IOCs, repos, and enterprise evidence.",
+  "license": "MIT",
+  "author": "MistanKh",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/MistanKh/relsec.git"
+  },
+  "bugs": {
+    "url": "https://github.com/MistanKh/relsec/issues"
+  },
+  "homepage": "https://github.com/MistanKh/relsec#readme",
+  "type": "module",
+  "bin": {
+    "relevant": "dist/cli.js",
+    "relsec": "dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/cli.d.ts",
+      "import": "./dist/cli.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "SECURITY.md",
+    "LICENSE",
+    "docs"
+  ],
+  "scripts": {
+    "test": "vitest run",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsx src/cli.ts",
+    "release:check": "npm run typecheck && npm test && npm run build",
+    "pack:dry-run": "npm pack --dry-run",
+    "prepack": "npm run release:check",
+    "version": "node scripts/sync-version.mjs"
+  },
+  "keywords": [
+    "security",
+    "cve",
+    "ioc",
+    "sbom",
+    "soc",
+    "appsec",
+    "cli"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "devDependencies": {
+    "@types/node": "^22.15.29",
+    "@types/semver": "^7.7.1",
+    "tsx": "^4.19.4",
+    "typescript": "^5.8.3",
+    "vitest": "^3.2.4"
+  },
+  "dependencies": {
+    "semver": "^7.8.1"
+  }
+}