shipcheck-cli 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tate Lyman
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,110 @@
+# shipcheck-cli
+
+Release-readiness and AI-app exposure scanner for JavaScript and TypeScript repositories.
+
+`shipcheck` inspects a repo before you publish, hand it to a client, or ask someone to review it. It catches the boring issues that make projects feel unfinished: missing CI, missing lockfiles, thin documentation, loose dependency versions, unsafe package scripts, and local environment-file hygiene problems.
+
+It also checks the failure points that show up in AI-built apps made with Lovable, Bolt, Replit, Cursor, v0, Base44, Supabase, Firebase, Stripe, and AI API integrations: exposed private keys, public frontend env vars that look private, unsigned Stripe webhooks, missing Firebase rules, undocumented Supabase RLS, debug API routes, and missing AI usage guardrails.
+
+## Install
+
+Run from GitHub without publishing to npm:
+
+```bash
+npx --yes github:TateLyman/shipcheck-cli .
+```
+
+Clone and build locally:
+
+```bash
+npm install
+npm run build
+```
+
+Run locally:
+
+```bash
+node dist/src/cli.js .
+```
+
+After publishing or linking:
+
+```bash
+shipcheck ../my-app --format markdown
+```
+
+## Usage
+
+```bash
+shipcheck [path] [--format text|markdown|json] [--fail-on info|low|medium|high] [--strict]
+```
+
+Examples:
+
+```bash
+shipcheck
+shipcheck ../client-app --format markdown
+shipcheck . --strict --fail-on medium
+```
+
+## What It Checks
+
+- `package.json` exists and has repeatable `test` and `build` scripts
+- dangerous package scripts such as broad `rm -rf`, `sudo`, `curl | bash`, and force pushes
+- loose dependency versions such as `latest`, `*`, direct URLs, and Git dependencies
+- dependency lockfile presence and package-manager consistency
+- README depth, license declaration, and `.gitignore` hygiene
+- GitHub Actions workflow presence
+- TypeScript files without `tsconfig.json`
+- `.env` risk and missing `.env.example` when environment variables are used
+- hardcoded private-looking secrets such as Stripe secret keys and AI provider API keys
+- public frontend env names that include `SECRET`, `SERVICE`, `PRIVATE`, `TOKEN`, or `WEBHOOK`
+- Stripe webhook handlers that do not visibly verify signatures
+- Firebase usage without checked-in `firestore.rules` or `storage.rules`
+- Supabase usage without visible RLS migrations, policy notes, or access-boundary proof
+- debug, seed, reset, mock, or test API routes that may ship to production
+- AI/API usage without obvious rate limits, quotas, throttling, or cost guardrails
+
+Shipcheck is a defensive static scanner, not a penetration test. It looks for review gaps and risky patterns in repos you own or are authorized to inspect.
+
+## Output
+
+Text output is designed for terminal use:
+
+```text
+Shipcheck report: /work/my-app
+Score: 78/100
+Status: pass
+Findings: 0 high, 2 medium, 1 low, 0 info
+```
+
+Markdown output is designed for client handoff:
+
+```bash
+shipcheck ../my-app --format markdown > shipcheck-report.md
+```
+
+JSON output is designed for automation:
+
+```bash
+shipcheck . --format json
+```
+
+## Exit Codes
+
+By default, `shipcheck` exits with code `1` only when a `high` finding is present.
+
+Use `--fail-on medium` for CI gates:
+
+```bash
+shipcheck . --strict --fail-on medium
+```
+
+## Development
+
+```bash
+npm install
+npm run check
+```
+
+The test suite uses Node's built-in test runner and temporary fixture repositories.

package/dist/src/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/cli.js

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+import { formatReport } from "./format.js";
+import { scanRepository, shouldFail } from "./index.js";
+const validFormats = new Set(["text", "markdown", "json"]);
+const validSeverities = new Set(["info", "low", "medium", "high"]);
+async function main() {
+    const args = parseArgs(process.argv.slice(2));
+    if (args.help) {
+        console.log(helpText());
+        return;
+    }
+    if (args.version) {
+        console.log("0.2.0");
+        return;
+    }
+    const report = await scanRepository({
+        root: args.root,
+        strict: args.strict,
+        failOn: args.failOn
+    });
+    console.log(formatReport(report, args.format));
+    if (shouldFail(report)) {
+        process.exitCode = 1;
+    }
+}
+function parseArgs(argv) {
+    const parsed = {
+        root: process.cwd(),
+        format: "text",
+        strict: false,
+        failOn: "high",
+        help: false,
+        version: false
+    };
+    for (let index = 0; index < argv.length; index += 1) {
+        const arg = argv[index];
+        if (!arg) {
+            continue;
+        }
+        if (arg === "--help" || arg === "-h") {
+            parsed.help = true;
+            continue;
+        }
+        if (arg === "--version" || arg === "-v") {
+            parsed.version = true;
+            continue;
+        }
+        if (arg === "--strict") {
+            parsed.strict = true;
+            continue;
+        }
+        if (arg === "--format") {
+            const value = argv[index + 1];
+            if (!value || !validFormats.has(value)) {
+                throw new Error("--format must be one of: text, markdown, json");
+            }
+            parsed.format = value;
+            index += 1;
+            continue;
+        }
+        if (arg === "--fail-on") {
+            const value = argv[index + 1];
+            if (!value || !validSeverities.has(value)) {
+                throw new Error("--fail-on must be one of: info, low, medium, high");
+            }
+            parsed.failOn = value;
+            index += 1;
+            continue;
+        }
+        if (arg.startsWith("--")) {
+            throw new Error(`Unknown option: ${arg}`);
+        }
+        parsed.root = arg;
+    }
+    return parsed;
+}
+function helpText() {
+    return [
+        "shipcheck - release-readiness and AI-app exposure scanner for JavaScript and TypeScript repos",
+        "",
+        "Usage:",
+        "  shipcheck [path] [--format text|markdown|json] [--fail-on info|low|medium|high] [--strict]",
+        "",
+        "Examples:",
+        "  shipcheck",
+        "  shipcheck ../my-app --format markdown",
+        "  shipcheck . --strict --fail-on medium",
+        "",
+        "Options:",
+        "  --format     Output format. Defaults to text.",
+        "  --fail-on    Exit non-zero when this severity or higher is found. Defaults to high.",
+        "  --strict     Treat missing lint scripts as a release-readiness issue.",
+        "  --help       Show this help message.",
+        "  --version    Show the CLI version."
+    ].join("\n");
+}
+main().catch((error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exitCode = 1;
+});
+//# sourceMappingURL=cli.js.map

package/dist/src/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,UAAU,EAAiB,MAAM,YAAY,CAAC;AAavE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAY,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;AACtE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAW,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAE7E,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QACxB,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;QAClC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAE/C,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,MAAM,GAAe;QACzB,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE;QACnB,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,KAAK;KACf,CAAC;IAEF,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAExB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;YACnB,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;YACtB,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACvB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC;YACrB,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAkB,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;YAED,MAAM,CAAC,MAAM,GAAG,KAAkB,CAAC;YACnC,KAAK,IAAI,CAAC,CAAC;YACX,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAiB,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,CAAC,MAAM,GAAG,KAAiB,CAAC;YAClC,KAAK,IAAI,CAAC,CAAC;YACX,SAAS;QACX,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC;IACpB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ;IACf,OAAO;QACL,+FAA+F;QAC/F,EAAE;QACF,QAAQ;QACR,8FAA8F;QAC9F,EAAE;QACF,WAAW;QACX,aAAa;QACb,yCAAyC;QACzC,yCAAyC;QACzC,EAAE;QACF,UAAU;QACV,iDAAiD;QACjD,uFAAuF;QACvF,yEAAyE;QACzE,wCAAwC;QACxC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}

package/dist/src/format.d.ts

@@ -0,0 +1,2 @@
+import type { ScanReport } from "./index.js";
+export declare function formatReport(report: ScanReport, format: "text" | "markdown" | "json"): string;

package/dist/src/format.js

@@ -0,0 +1,82 @@
+const severityLabel = {
+    high: "High",
+    medium: "Medium",
+    low: "Low",
+    info: "Info"
+};
+export function formatReport(report, format) {
+    if (format === "json") {
+        return JSON.stringify(report, null, 2);
+    }
+    if (format === "markdown") {
+        return formatMarkdown(report);
+    }
+    return formatText(report);
+}
+function formatText(report) {
+    const lines = [
+        `Shipcheck report: ${report.root}`,
+        `Score: ${report.score}/100`,
+        `Status: ${report.ok ? "pass" : `fail (threshold: ${report.failOn})`}`,
+        `Findings: ${summary(report)}`,
+        ""
+    ];
+    if (report.findings.length === 0) {
+        lines.push("No findings. This repo has the basics needed for a clean release.");
+        return lines.join("\n");
+    }
+    for (const finding of report.findings) {
+        lines.push(renderTextFinding(finding), "");
+    }
+    return lines.join("\n").trimEnd();
+}
+function formatMarkdown(report) {
+    const lines = [
+        "# Shipcheck Report",
+        "",
+        `- **Repository:** \`${report.root}\``,
+        `- **Score:** ${report.score}/100`,
+        `- **Status:** ${report.ok ? "Pass" : `Fail at \`${report.failOn}\` threshold`}`,
+        `- **Findings:** ${summary(report)}`,
+        ""
+    ];
+    if (report.findings.length === 0) {
+        lines.push("No findings. This repo has the basics needed for a clean release.");
+        return lines.join("\n");
+    }
+    lines.push("## Findings", "");
+    for (const finding of report.findings) {
+        const rendered = [
+            `### ${severityLabel[finding.severity]}: ${finding.title}`,
+            "",
+            `- **ID:** \`${finding.id}\``,
+            finding.file ? `- **File:** \`${finding.file}\`` : undefined,
+            `- **Problem:** ${finding.message}`,
+            `- **Fix:** ${finding.remediation}`,
+            ""
+        ].filter((line) => line !== undefined);
+        lines.push(...rendered);
+    }
+    return lines.join("\n").trimEnd();
+}
+function renderTextFinding(finding) {
+    const lines = [
+        `[${finding.severity.toUpperCase()}] ${finding.title}`,
+        `  id: ${finding.id}`
+    ];
+    if (finding.file) {
+        lines.push(`  file: ${finding.file}`);
+    }
+    lines.push(`  problem: ${finding.message}`);
+    lines.push(`  fix: ${finding.remediation}`);
+    return lines.join("\n");
+}
+function summary(report) {
+    return [
+        `${report.totals.high} high`,
+        `${report.totals.medium} medium`,
+        `${report.totals.low} low`,
+        `${report.totals.info} info`
+    ].join(", ");
+}
+//# sourceMappingURL=format.js.map

package/dist/src/format.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/format.ts"],"names":[],"mappings":"AAEA,MAAM,aAAa,GAA6B;IAC9C,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,MAAM,UAAU,YAAY,CAAC,MAAkB,EAAE,MAAoC;IACnF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;QAC1B,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,MAAkB;IACpC,MAAM,KAAK,GAAG;QACZ,qBAAqB,MAAM,CAAC,IAAI,EAAE;QAClC,UAAU,MAAM,CAAC,KAAK,MAAM;QAC5B,WAAW,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,MAAM,CAAC,MAAM,GAAG,EAAE;QACtE,aAAa,OAAO,CAAC,MAAM,CAAC,EAAE;QAC9B,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAChF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,cAAc,CAAC,MAAkB;IACxC,MAAM,KAAK,GAAG;QACZ,oBAAoB;QACpB,EAAE;QACF,uBAAuB,MAAM,CAAC,IAAI,IAAI;QACtC,gBAAgB,MAAM,CAAC,KAAK,MAAM;QAClC,iBAAiB,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,MAAM,cAAc,EAAE;QAChF,mBAAmB,OAAO,CAAC,MAAM,CAAC,EAAE;QACpC,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAChF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG;YACf,OAAO,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,KAAK,EAAE;YAC1D,EAAE;YACF,eAAe,OAAO,CAAC,EAAE,IAAI;YAC7B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,iBAAiB,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;YAC5D,kBAAkB,OAAO,CAAC,OAAO,EAAE;YACnC,cAAc,OAAO,CAAC,WAAW,EAAE;YACnC,EAAE;SACH,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;QAEvD,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAgB;IACzC,MAAM,KAAK,GAAG;QACZ,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,KAAK,EAAE;QACtD,SAAS,OAAO,CAAC,EAAE,EAAE;KACtB,CAAC;IAEF,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC5C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,OAAO,CAAC,MAAkB;IACjC,OAAO;QACL,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,OAAO;QAC5B,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,SAAS;QAChC,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM;QAC1B,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,OAAO;KAC7B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,24 @@
+export type Severity = "info" | "low" | "medium" | "high";
+export type Finding = {
+    id: string;
+    title: string;
+    severity: Severity;
+    message: string;
+    remediation: string;
+    file?: string;
+};
+export type ScanOptions = {
+    root: string;
+    strict?: boolean;
+    failOn?: Severity;
+};
+export type ScanReport = {
+    root: string;
+    score: number;
+    ok: boolean;
+    failOn: Severity;
+    totals: Record<Severity, number>;
+    findings: Finding[];
+};
+export declare function scanRepository(options: ScanOptions): Promise<ScanReport>;
+export declare function shouldFail(report: ScanReport): boolean;

package/dist/src/index.js

@@ -0,0 +1,590 @@
+import { readdir, readFile, stat } from "node:fs/promises";
+import path from "node:path";
+const severityRank = {
+    info: 0,
+    low: 1,
+    medium: 2,
+    high: 3
+};
+const scorePenalty = {
+    info: 0,
+    low: 4,
+    medium: 10,
+    high: 22
+};
+export async function scanRepository(options) {
+    const root = path.resolve(options.root);
+    const failOn = options.failOn ?? "high";
+    const strict = options.strict ?? false;
+    const findings = [];
+    const pkg = await readPackageJson(root);
+    if (!pkg) {
+        findings.push({
+            id: "missing-package-json",
+            title: "No package.json found",
+            severity: "high",
+            message: "Shipcheck is optimized for JavaScript and TypeScript repositories and could not find package.json.",
+            remediation: "Run shipcheck from a JS/TS project root or add package.json before release.",
+            file: "package.json"
+        });
+    }
+    await checkReadme(root, findings);
+    await checkLicense(root, pkg, findings);
+    await checkGitignore(root, findings);
+    await checkCi(root, findings);
+    await checkTypeScript(root, findings);
+    await checkEnvHygiene(root, findings);
+    await checkAiAppExposure(root, pkg, findings);
+    if (pkg) {
+        checkScripts(pkg, findings, strict);
+        checkDependencies(pkg, findings);
+        await checkPackageManager(root, pkg, findings);
+    }
+    const totals = countTotals(findings);
+    const rawScore = findings.reduce((score, finding) => score - scorePenalty[finding.severity], 100);
+    const score = Math.max(0, rawScore);
+    const ok = !findings.some((finding) => severityRank[finding.severity] >= severityRank[failOn]);
+    return {
+        root,
+        score,
+        ok,
+        failOn,
+        totals,
+        findings: sortFindings(findings)
+    };
+}
+export function shouldFail(report) {
+    return !report.ok;
+}
+async function readPackageJson(root) {
+    const packagePath = path.join(root, "package.json");
+    const body = await readText(packagePath);
+    if (!body) {
+        return null;
+    }
+    try {
+        return JSON.parse(body);
+    }
+    catch {
+        return null;
+    }
+}
+async function checkReadme(root, findings) {
+    const readmePath = path.join(root, "README.md");
+    const readme = await readText(readmePath);
+    if (!readme) {
+        findings.push({
+            id: "missing-readme",
+            title: "README.md is missing",
+            severity: "medium",
+            message: "A release-ready repo should explain what it does, how to install it, and how to verify it.",
+            remediation: "Add README.md with install, usage, examples, and test commands.",
+            file: "README.md"
+        });
+        return;
+    }
+    if (readme.trim().length < 350) {
+        findings.push({
+            id: "thin-readme",
+            title: "README.md is too thin",
+            severity: "low",
+            message: "The README exists, but it is short enough that users may still need to inspect the code.",
+            remediation: "Add usage examples, expected output, design notes, and local verification commands.",
+            file: "README.md"
+        });
+    }
+}
+async function checkLicense(root, pkg, findings) {
+    const hasLicenseFile = await exists(path.join(root, "LICENSE")) || await exists(path.join(root, "LICENSE.md"));
+    if (!hasLicenseFile && !pkg?.license) {
+        findings.push({
+            id: "missing-license",
+            title: "License is not declared",
+            severity: "low",
+            message: "Users and companies may avoid using code when reuse rights are unclear.",
+            remediation: "Add a LICENSE file or set the license field in package.json.",
+            file: "LICENSE"
+        });
+    }
+}
+async function checkGitignore(root, findings) {
+    const gitignore = await readText(path.join(root, ".gitignore"));
+    if (!gitignore) {
+        findings.push({
+            id: "missing-gitignore",
+            title: ".gitignore is missing",
+            severity: "medium",
+            message: "Without a .gitignore, generated files and local secrets are easier to commit by accident.",
+            remediation: "Add .gitignore entries for node_modules, dist, coverage, logs, and local env files.",
+            file: ".gitignore"
+        });
+        return;
+    }
+    const requiredEntries = ["node_modules", ".env"];
+    const missing = requiredEntries.filter((entry) => !gitignore.includes(entry));
+    if (missing.length > 0) {
+        findings.push({
+            id: "incomplete-gitignore",
+            title: ".gitignore misses common local files",
+            severity: "medium",
+            message: `Missing entries: ${missing.join(", ")}.`,
+            remediation: "Add ignores for dependency directories and local environment files.",
+            file: ".gitignore"
+        });
+    }
+}
+async function checkCi(root, findings) {
+    const workflowDir = path.join(root, ".github", "workflows");
+    if (!await exists(workflowDir)) {
+        findings.push({
+            id: "missing-ci",
+            title: "No GitHub Actions workflow found",
+            severity: "medium",
+            message: "The repo does not advertise an automated verification path for pull requests.",
+            remediation: "Add a CI workflow that runs install, lint, build, and tests.",
+            file: ".github/workflows"
+        });
+        return;
+    }
+    const workflows = await listFiles(workflowDir, 1);
+    const yamlWorkflows = workflows.filter((file) => file.endsWith(".yml") || file.endsWith(".yaml"));
+    if (yamlWorkflows.length === 0) {
+        findings.push({
+            id: "empty-ci",
+            title: "Workflow directory has no YAML workflow",
+            severity: "medium",
+            message: "The workflow folder exists, but GitHub Actions will not run without a YAML file.",
+            remediation: "Add a workflow file such as .github/workflows/ci.yml.",
+            file: ".github/workflows"
+        });
+    }
+}
+async function checkTypeScript(root, findings) {
+    const files = await listFiles(root, 4);
+    const hasTypeScript = files.some((file) => file.endsWith(".ts") || file.endsWith(".tsx"));
+    if (hasTypeScript && !await exists(path.join(root, "tsconfig.json"))) {
+        findings.push({
+            id: "missing-tsconfig",
+            title: "TypeScript files exist without tsconfig.json",
+            severity: "medium",
+            message: "TypeScript projects need an explicit compiler contract to make local and CI checks consistent.",
+            remediation: "Add tsconfig.json with strict compiler options and include it in CI.",
+            file: "tsconfig.json"
+        });
+    }
+}
+async function checkEnvHygiene(root, findings) {
+    const envPath = path.join(root, ".env");
+    const examplePath = path.join(root, ".env.example");
+    const hasEnv = await exists(envPath);
+    const hasExample = await exists(examplePath);
+    if (hasEnv) {
+        findings.push({
+            id: "local-env-present",
+            title: ".env exists in the project root",
+            severity: "medium",
+            message: "A local .env file can accidentally leak secrets if it is committed or copied into an artifact.",
+            remediation: "Keep .env ignored and commit a redacted .env.example instead.",
+            file: ".env"
+        });
+    }
+    const sourceFiles = await listFiles(root, 4);
+    const likelyUsesEnv = sourceFiles.some((file) => file.endsWith(".js") || file.endsWith(".ts"))
+        && await repoTextMatches(sourceFiles, /process\.env(?:\.[A-Z_][A-Z0-9_]*|\[['"][A-Z_][A-Z0-9_]*['"]\])/);
+    if (likelyUsesEnv && !hasExample) {
+        findings.push({
+            id: "missing-env-example",
+            title: "Environment variables are used without .env.example",
+            severity: "low",
+            message: "New contributors cannot tell which environment variables are required.",
+            remediation: "Add .env.example with placeholder values and document each variable.",
+            file: ".env.example"
+        });
+    }
+}
+async function checkAiAppExposure(root, pkg, findings) {
+    const files = (await listFiles(root, 5)).filter(isProductionRelevantFile);
+    await checkHardcodedSecrets(root, files, findings);
+    await checkStripeWebhookVerification(root, pkg, files, findings);
+    await checkFirebaseRules(root, pkg, files, findings);
+    await checkSupabaseRls(root, pkg, files, findings);
+    await checkDebugRoutes(root, files, findings);
+    await checkAiUsageGuardrails(root, pkg, files, findings);
+}
+async function checkHardcodedSecrets(root, files, findings) {
+    const secretPatterns = [
+        { pattern: /\bsk_live_[A-Za-z0-9]{12,}\b/, label: "Stripe live secret key" },
+        { pattern: /\bsk_test_[A-Za-z0-9]{12,}\b/, label: "Stripe test secret key" },
+        { pattern: /\brk_live_[A-Za-z0-9]{12,}\b/, label: "Stripe restricted key" },
+        { pattern: /\b(?:OPENAI|ANTHROPIC|GROQ|XAI|GEMINI|GOOGLE)_API_KEY\s*[:=]\s*["'][^"'\s]{20,}["']/i, label: "AI provider API key" },
+        { pattern: /\bSUPABASE_SERVICE_ROLE(?:_KEY)?\s*[:=]\s*["'][^"'\s]{20,}["']/i, label: "Supabase service-role key" }
+    ];
+    for (const file of files.filter(isSourceOrConfigFile)) {
+        const text = await readText(file);
+        if (!text) {
+            continue;
+        }
+        const secretMatch = secretPatterns.find(({ pattern }) => pattern.test(text));
+        if (secretMatch) {
+            findings.push({
+                id: "hardcoded-private-secret",
+                title: "Private secret appears in repo text",
+                severity: "high",
+                message: `Detected a likely ${secretMatch.label} in a source or config file.`,
+                remediation: "Rotate the key, move it to server-only environment variables, and make sure it is not reachable from browser bundles.",
+                file: relativeTo(root, file)
+            });
+            return;
+        }
+        const publicPrivateEnv = /\b(?:NEXT_PUBLIC|VITE|PUBLIC)_[A-Z0-9_]*(?:SECRET|SERVICE|PRIVATE|TOKEN|WEBHOOK)[A-Z0-9_]*\b/;
+        if (publicPrivateEnv.test(text)) {
+            findings.push({
+                id: "public-private-env-name",
+                title: "Private-looking env var is exposed to browser code",
+                severity: "high",
+                message: "The repo references a public frontend env var name that includes secret, service, private, token, or webhook.",
+                remediation: "Rename private values without a public prefix and read them only from server routes or server actions.",
+                file: relativeTo(root, file)
+            });
+            return;
+        }
+        const serviceRoleReference = /process\.env\.(?:SUPABASE_SERVICE_ROLE|SUPABASE_SERVICE_ROLE_KEY)\b|["']service_role["']\s*[:=]|serviceRoleKey\s*[:=]/.test(text);
+        if (/\bsupabase\b/i.test(text) && serviceRoleReference) {
+            findings.push({
+                id: "supabase-service-role-reference",
+                title: "Supabase service role appears in application code",
+                severity: "high",
+                message: "Service-role credentials bypass row-level security and should not appear in frontend or shared application code.",
+                remediation: "Keep service-role usage inside tightly scoped server-only admin code, rotate any exposed key, and verify no client bundle contains it.",
+                file: relativeTo(root, file)
+            });
+            return;
+        }
+    }
+}
+async function checkStripeWebhookVerification(root, pkg, files, findings) {
+    const usesStripe = hasDependency(pkg, "stripe") || await repoTextMatches(files, /\bstripe\b/i);
+    if (!usesStripe) {
+        return;
+    }
+    for (const file of files.filter(isSourceOrConfigFile)) {
+        const relative = relativeTo(root, file);
+        const text = await readText(file);
+        if (!text) {
+            continue;
+        }
+        const looksLikeWebhook = /webhook/i.test(relative) || /checkout\.session|invoice\.|customer\.subscription|payment_intent/i.test(text);
+        const verifiesSignature = /webhooks\.constructEvent|constructEvent\(/.test(text);
+        if (looksLikeWebhook && /\bstripe\b/i.test(text) && !verifiesSignature) {
+            findings.push({
+                id: "unsigned-stripe-webhook",
+                title: "Stripe webhook handler may skip signature verification",
+                severity: "high",
+                message: "A Stripe webhook-like file handles Stripe events without an obvious constructEvent signature check.",
+                remediation: "Verify the raw request body with stripe.webhooks.constructEvent before granting paid access, credits, roles, or orders.",
+                file: relative
+            });
+            return;
+        }
+    }
+}
+async function checkFirebaseRules(root, pkg, files, findings) {
+    const usesFirebase = hasDependency(pkg, "firebase") || hasDependency(pkg, "@firebase/app")
+        || await repoTextMatches(files, /\b(?:getFirestore|initializeApp)\(|firebaseConfig\s*=/);
+    if (!usesFirebase) {
+        return;
+    }
+    const hasFirestoreRules = await exists(path.join(root, "firestore.rules"));
+    const hasStorageRules = await exists(path.join(root, "storage.rules"));
+    if (!hasFirestoreRules && !hasStorageRules) {
+        findings.push({
+            id: "missing-firebase-rules",
+            title: "Firebase app has no checked-in security rules",
+            severity: "medium",
+            message: "Firebase projects need explicit Firestore or Storage rules to make user-data boundaries reviewable.",
+            remediation: "Commit firestore.rules or storage.rules and test denied reads/writes with at least two separate users.",
+            file: "firestore.rules"
+        });
+    }
+}
+async function checkSupabaseRls(root, pkg, files, findings) {
+    const usesSupabase = hasDependency(pkg, "@supabase/supabase-js")
+        || await repoTextMatches(files, /\bcreateClient\([^)]*supabase|process\.env\.(?:NEXT_PUBLIC_)?SUPABASE_URL|supabaseUrl\s*=/i);
+    if (!usesSupabase) {
+        return;
+    }
+    const hasSupabaseFolder = await exists(path.join(root, "supabase"));
+    const hasRlsNotes = await repoTextMatches(files, /\b(row level security|rls|auth\.uid\(\)|policy)\b/i);
+    if (!hasSupabaseFolder && !hasRlsNotes) {
+        findings.push({
+            id: "undocumented-supabase-rls",
+            title: "Supabase usage has no visible RLS proof",
+            severity: "medium",
+            message: "The repo uses Supabase, but the scan did not find migrations, policies, or documentation showing row-level security was tested.",
+            remediation: "Add Supabase migrations or a short launch note showing RLS policies and two-user access-boundary tests.",
+            file: "supabase"
+        });
+    }
+}
+async function checkDebugRoutes(root, files, findings) {
+    const riskyRoute = files.find((file) => {
+        const relative = relativeTo(root, file).replace(/\\/g, "/");
+        return /(?:^|\/)(?:app|pages|src\/app|src\/pages)\/api\/(?:debug|test|dev|seed|mock|reset)(?:\/|\.|-)/i.test(relative);
+    });
+    if (riskyRoute) {
+        findings.push({
+            id: "debug-api-route",
+            title: "Debug or seed API route may ship to production",
+            severity: "medium",
+            message: "Debug, test, seed, reset, and mock API routes are common AI-app leftovers that can expose data or mutate production state.",
+            remediation: "Remove the route, gate it behind server-side admin checks, or make it impossible to deploy in production.",
+            file: relativeTo(root, riskyRoute)
+        });
+    }
+}
+async function checkAiUsageGuardrails(root, pkg, files, findings) {
+    const usesAiProvider = hasAnyDependency(pkg, ["openai", "@anthropic-ai/sdk", "ai", "@google/generative-ai"])
+        || await repoTextMatches(files, /\b(?:from\s+["']openai["']|require\(["']openai["']\)|new\s+OpenAI\(|generateText\(|streamText\(|chat\.completions)\b/i);
+    if (!usesAiProvider) {
+        return;
+    }
+    const hasCostGuardrail = await repoTextMatches(files, /\b(rateLimit|rate-limit|quota|usageLimit|usage_limit|throttle|limiter|upstash\/ratelimit)\b/i);
+    if (!hasCostGuardrail) {
+        findings.push({
+            id: "missing-ai-usage-guardrail",
+            title: "AI/API usage has no obvious quota or rate limit",
+            severity: "low",
+            message: "Apps that call paid AI APIs need usage guardrails so one user or bot cannot run up costs.",
+            remediation: "Add per-user quotas, route-level rate limits, abuse logging, or a billing-aware usage cap around expensive AI actions.",
+            file: "package.json"
+        });
+    }
+}
+function checkScripts(pkg, findings, strict) {
+    const scripts = pkg.scripts ?? {};
+    const missingRequired = ["test", "build"].filter((script) => !scripts[script]);
+    const missingStrict = strict ? ["lint"].filter((script) => !scripts[script]) : [];
+    const missing = [...missingRequired, ...missingStrict];
+    if (missing.length > 0) {
+        findings.push({
+            id: "missing-package-scripts",
+            title: "Expected package scripts are missing",
+            severity: strict ? "medium" : "low",
+            message: `Missing scripts: ${missing.join(", ")}.`,
+            remediation: "Add repeatable npm scripts so maintainers and CI run the same checks.",
+            file: "package.json"
+        });
+    }
+    const dangerousPatterns = [
+        [/\brm\s+-rf\s+(?:\/[^\s]*|\*|~[^\s]*|\.\.[^\s]*)(?:\s|$)/i, "recursive forced deletion outside a clearly scoped build folder"],
+        [/\bsudo\b/i, "privileged command execution"],
+        [/\bcurl\b.+\|\s*(?:sh|bash)\b/i, "curl piped directly into a shell"],
+        [/\bwget\b.+\|\s*(?:sh|bash)\b/i, "wget piped directly into a shell"],
+        [/\bgit\s+push\b.+\s--force(?:-with-lease)?\b/i, "force push in a package script"]
+    ];
+    for (const [name, command] of Object.entries(scripts)) {
+        const match = dangerousPatterns.find(([pattern]) => pattern.test(command));
+        if (match) {
+            findings.push({
+                id: "dangerous-package-script",
+                title: `Package script "${name}" contains a dangerous command`,
+                severity: "high",
+                message: `Detected ${match[1]} in: ${command}`,
+                remediation: "Replace broad destructive commands with scoped cleanup scripts and require manual confirmation for risky operations.",
+                file: "package.json"
+            });
+        }
+    }
+}
+function checkDependencies(pkg, findings) {
+    const groups = {
+        dependencies: pkg.dependencies ?? {},
+        devDependencies: pkg.devDependencies ?? {},
+        peerDependencies: pkg.peerDependencies ?? {}
+    };
+    for (const [groupName, deps] of Object.entries(groups)) {
+        for (const [name, version] of Object.entries(deps)) {
+            const normalized = version.trim().toLowerCase();
+            const loose = normalized === "*" || normalized === "latest" || normalized.startsWith("http://")
+                || normalized.startsWith("https://") || normalized.startsWith("git+");
+            if (loose) {
+                findings.push({
+                    id: "loose-dependency-version",
+                    title: `Loose dependency version for ${name}`,
+                    severity: "medium",
+                    message: `${groupName}.${name} uses "${version}", which can change without review.`,
+                    remediation: "Use a semver range or exact version and rely on dependency update tooling for upgrades.",
+                    file: "package.json"
+                });
+            }
+        }
+    }
+}
+async function checkPackageManager(root, pkg, findings) {
+    const lockfiles = [
+        ["npm", "package-lock.json"],
+        ["pnpm", "pnpm-lock.yaml"],
+        ["yarn", "yarn.lock"],
+        ["bun", "bun.lockb"]
+    ];
+    const present = [];
+    for (const [manager, lockfile] of lockfiles) {
+        if (await exists(path.join(root, lockfile))) {
+            present.push({ manager, lockfile });
+        }
+    }
+    if (present.length === 0) {
+        findings.push({
+            id: "missing-lockfile",
+            title: "No dependency lockfile found",
+            severity: "medium",
+            message: "Installs may resolve different dependency trees across machines and CI.",
+            remediation: "Commit the lockfile generated by the package manager used by the project.",
+            file: "package-lock.json"
+        });
+        return;
+    }
+    if (present.length > 1) {
+        const firstLockfile = present[0]?.lockfile ?? "package-lock.json";
+        findings.push({
+            id: "multiple-lockfiles",
+            title: "Multiple package manager lockfiles found",
+            severity: "medium",
+            message: `Found: ${present.map((item) => item.lockfile).join(", ")}.`,
+            remediation: "Keep one lockfile and remove stale lockfiles from other package managers.",
+            file: firstLockfile
+        });
+    }
+    if (pkg.packageManager) {
+        const declaredManager = pkg.packageManager.split("@")[0];
+        const lockfileManagers = new Set(present.map((item) => item.manager));
+        if (declaredManager && !lockfileManagers.has(declaredManager)) {
+            findings.push({
+                id: "package-manager-mismatch",
+                title: "packageManager does not match lockfile",
+                severity: "medium",
+                message: `package.json declares ${pkg.packageManager}, but found ${present.map((item) => item.lockfile).join(", ")}.`,
+                remediation: "Update packageManager or regenerate the lockfile with the declared tool.",
+                file: "package.json"
+            });
+        }
+    }
+}
+async function repoTextMatches(files, pattern) {
+    for (const file of files) {
+        if (file.includes("node_modules") || file.includes(`${path.sep}dist${path.sep}`)) {
+            continue;
+        }
+        const text = await readText(file);
+        if (text && pattern.test(text)) {
+            return true;
+        }
+    }
+    return false;
+}
+async function readText(filePath) {
+    try {
+        return await readFile(filePath, "utf8");
+    }
+    catch {
+        return null;
+    }
+}
+async function exists(filePath) {
+    try {
+        await stat(filePath);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function listFiles(root, maxDepth) {
+    const output = [];
+    async function walk(current, depth) {
+        if (depth > maxDepth) {
+            return;
+        }
+        let entries;
+        try {
+            entries = await readdir(current, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.name === "node_modules" || entry.name === ".git" || entry.name === "dist") {
+                continue;
+            }
+            const fullPath = path.join(current, entry.name);
+            if (entry.isDirectory()) {
+                await walk(fullPath, depth + 1);
+            }
+            else if (entry.isFile()) {
+                output.push(fullPath);
+            }
+        }
+    }
+    await walk(root, 0);
+    return output;
+}
+function hasDependency(pkg, name) {
+    if (!pkg) {
+        return false;
+    }
+    return Boolean(pkg.dependencies?.[name] || pkg.devDependencies?.[name] || pkg.peerDependencies?.[name]);
+}
+function hasAnyDependency(pkg, names) {
+    return names.some((name) => hasDependency(pkg, name));
+}
+function isSourceOrConfigFile(file) {
+    const basename = path.basename(file).toLowerCase();
+    if (basename.endsWith("-lock.json") || basename.endsWith(".lock") || basename === "license") {
+        return false;
+    }
+    const extension = path.extname(file).toLowerCase();
+    return [
+        ".js",
+        ".jsx",
+        ".ts",
+        ".tsx",
+        ".mjs",
+        ".cjs",
+        ".json",
+        ".env",
+        ".local",
+        ".toml",
+        ".yaml",
+        ".yml"
+    ].includes(extension) || basename.startsWith(".env");
+}
+function isProductionRelevantFile(file) {
+    const normalized = file.replace(/\\/g, "/").toLowerCase();
+    const basename = path.basename(normalized);
+    return !normalized.includes("/test/")
+        && !normalized.includes("/tests/")
+        && !normalized.includes("/__tests__/")
+        && !normalized.includes("/fixtures/")
+        && !normalized.includes("/fixture/")
+        && !basename.includes(".test.")
+        && !basename.includes(".spec.");
+}
+function relativeTo(root, file) {
+    return path.relative(root, file) || path.basename(file);
+}
+function countTotals(findings) {
+    return findings.reduce((totals, finding) => {
+        totals[finding.severity] += 1;
+        return totals;
+    }, { info: 0, low: 0, medium: 0, high: 0 });
+}
+function sortFindings(findings) {
+    return [...findings].sort((a, b) => {
+        const severityDelta = severityRank[b.severity] - severityRank[a.severity];
+        if (severityDelta !== 0) {
+            return severityDelta;
+        }
+        return a.id.localeCompare(b.id);
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,IAAI,MAAM,WAAW,CAAC;AAsC7B,MAAM,YAAY,GAA6B;IAC7C,IAAI,EAAE,CAAC;IACP,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,MAAM,YAAY,GAA6B;IAC7C,IAAI,EAAE,CAAC;IACP,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,EAAE;IACV,IAAI,EAAE,EAAE;CACT,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAoB;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IACvC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,uBAAuB;YAC9B,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,oGAAoG;YAC7G,WAAW,EAAE,6EAA6E;YAC1F,IAAI,EAAE,cAAc;SACrB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAClC,MAAM,YAAY,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxC,MAAM,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,MAAM,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9B,MAAM,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACtC,MAAM,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACtC,MAAM,kBAAkB,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAE9C,IAAI,GAAG,EAAE,CAAC;QACR,YAAY,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpC,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACjC,MAAM,mBAAmB,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC;IAClG,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACpC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;IAE/F,OAAO;QACL,IAAI;QACJ,KAAK;QACL,EAAE;QACF,MAAM;QACN,MAAM;QACN,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAkB;IAC3C,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,QAAmB;IAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,gBAAgB;YACpB,KAAK,EAAE,sBAAsB;YAC7B,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,4FAA4F;YACrG,WAAW,EAAE,iEAAiE;YAC9E,IAAI,EAAE,WAAW;SAClB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,aAAa;YACjB,KAAK,EAAE,uBAAuB;YAC9B,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,0FAA0F;YACnG,WAAW,EAAE,qFAAqF;YAClG,IAAI,EAAE,WAAW;SAClB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,GAAuB,EAAE,QAAmB;IACpF,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;IAC/G,IAAI,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC;QACrC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,iBAAiB;YACrB,KAAK,EAAE,yBAAyB;YAChC,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,yEAAyE;YAClF,WAAW,EAAE,8DAA8D;YAC3E,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,QAAmB;IAC7D,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;IAChE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,mBAAmB;YACvB,KAAK,EAAE,uBAAuB;YAC9B,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,2FAA2F;YACpG,WAAW,EAAE,qFAAqF;YAClG,IAAI,EAAE,YAAY;SACnB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,sCAAsC;YAC7C,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAClD,WAAW,EAAE,qEAAqE;YAClF,IAAI,EAAE,YAAY;SACnB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAAY,EAAE,QAAmB;IACtD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAC5D,IAAI,CAAC,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,YAAY;YAChB,KAAK,EAAE,kCAAkC;YACzC,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,+EAA+E;YACxF,WAAW,EAAE,8DAA8D;YAC3E,IAAI,EAAE,mBAAmB;SAC1B,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAClG,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,UAAU;YACd,KAAK,EAAE,yCAAyC;YAChD,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,kFAAkF;YAC3F,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE,mBAAmB;SAC1B,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY,EAAE,QAAmB;IAC9D,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACvC,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,IAAI,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,EAAE,CAAC;QACrE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,8CAA8C;YACrD,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,gGAAgG;YACzG,WAAW,EAAE,sEAAsE;YACnF,IAAI,EAAE,eAAe;SACtB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY,EAAE,QAAmB;IAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAE7C,IAAI,MAAM,EAAE,CAAC;QACX,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,mBAAmB;YACvB,KAAK,EAAE,iCAAiC;YACxC,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,gGAAgG;YACzG,WAAW,EAAE,+DAA+D;YAC5E,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;WACzF,MAAM,eAAe,CAAC,WAAW,EAAE,iEAAiE,CAAC,CAAC;IAE3G,IAAI,aAAa,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,qBAAqB;YACzB,KAAK,EAAE,qDAAqD;YAC5D,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wEAAwE;YACjF,WAAW,EAAE,sEAAsE;YACnF,IAAI,EAAE,cAAc;SACrB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,IAAY,EAAE,GAAuB,EAAE,QAAmB;IAC1F,MAAM,KAAK,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;IAE1E,MAAM,qBAAqB,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IACnD,MAAM,8BAA8B,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IACjE,MAAM,kBAAkB,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IACrD,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IACnD,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,sBAAsB,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,IAAY,EAAE,KAAe,EAAE,QAAmB;IACrF,MAAM,cAAc,GAA8C;QAChE,EAAE,OAAO,EAAE,8BAA8B,EAAE,KAAK,EAAE,wBAAwB,EAAE;QAC5E,EAAE,OAAO,EAAE,8BAA8B,EAAE,KAAK,EAAE,wBAAwB,EAAE;QAC5E,EAAE,OAAO,EAAE,8BAA8B,EAAE,KAAK,EAAE,uBAAuB,EAAE;QAC3E,EAAE,OAAO,EAAE,sFAAsF,EAAE,KAAK,EAAE,qBAAqB,EAAE;QACjI,EAAE,OAAO,EAAE,iEAAiE,EAAE,KAAK,EAAE,2BAA2B,EAAE;KACnH,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7E,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,qCAAqC;gBAC5C,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,qBAAqB,WAAW,CAAC,KAAK,8BAA8B;gBAC7E,WAAW,EAAE,uHAAuH;gBACpI,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC;aAC7B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,gBAAgB,GAAG,8FAA8F,CAAC;QACxH,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,yBAAyB;gBAC7B,KAAK,EAAE,oDAAoD;gBAC3D,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,+GAA+G;gBACxH,WAAW,EAAE,wGAAwG;gBACrH,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC;aAC7B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,oBAAoB,GAAG,uHAAuH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChK,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,oBAAoB,EAAE,CAAC;YACvD,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,iCAAiC;gBACrC,KAAK,EAAE,mDAAmD;gBAC1D,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,kHAAkH;gBAC3H,WAAW,EAAE,wIAAwI;gBACrJ,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC;aAC7B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,8BAA8B,CAC3C,IAAY,EACZ,GAAuB,EACvB,KAAe,EACf,QAAmB;IAEnB,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,MAAM,eAAe,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QAED,MAAM,gBAAgB,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtI,MAAM,iBAAiB,GAAG,2CAA2C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjF,IAAI,gBAAgB,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,yBAAyB;gBAC7B,KAAK,EAAE,wDAAwD;gBAC/D,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,qGAAqG;gBAC9G,WAAW,EAAE,yHAAyH;gBACtI,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,IAAY,EAAE,GAAuB,EAAE,KAAe,EAAE,QAAmB;IAC3G,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,aAAa,CAAC,GAAG,EAAE,eAAe,CAAC;WACrF,MAAM,eAAe,CAAC,KAAK,EAAE,uDAAuD,CAAC,CAAC;IAE3F,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IAED,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAC3E,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,iBAAiB,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,wBAAwB;YAC5B,KAAK,EAAE,+CAA+C;YACtD,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,qGAAqG;YAC9G,WAAW,EAAE,wGAAwG;YACrH,IAAI,EAAE,iBAAiB;SACxB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,IAAY,EAAE,GAAuB,EAAE,KAAe,EAAE,QAAmB;IACzG,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,EAAE,uBAAuB,CAAC;WAC3D,MAAM,eAAe,CAAC,KAAK,EAAE,4FAA4F,CAAC,CAAC;IAChI,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IAED,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,oDAAoD,CAAC,CAAC;IACvG,IAAI,CAAC,iBAAiB,IAAI,CAAC,WAAW,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,2BAA2B;YAC/B,KAAK,EAAE,yCAAyC;YAChD,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,iIAAiI;YAC1I,WAAW,EAAE,yGAAyG;YACtH,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,IAAY,EAAE,KAAe,EAAE,QAAmB;IAChF,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5D,OAAO,gGAAgG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzH,CAAC,CAAC,CAAC;IAEH,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,iBAAiB;YACrB,KAAK,EAAE,gDAAgD;YACvD,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,4HAA4H;YACrI,WAAW,EAAE,2GAA2G;YACxH,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC;SACnC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,IAAY,EAAE,GAAuB,EAAE,KAAe,EAAE,QAAmB;IAC/G,MAAM,cAAc,GAAG,gBAAgB,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,mBAAmB,EAAE,IAAI,EAAE,uBAAuB,CAAC,CAAC;WACvG,MAAM,eAAe,CAAC,KAAK,EAAE,uHAAuH,CAAC,CAAC;IAE3J,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;IACT,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,8FAA8F,CAAC,CAAC;IACtJ,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,4BAA4B;YAChC,KAAK,EAAE,iDAAiD;YACxD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2FAA2F;YACpG,WAAW,EAAE,wHAAwH;YACrI,IAAI,EAAE,cAAc;SACrB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAAgB,EAAE,QAAmB,EAAE,MAAe;IAC1E,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAClC,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/E,MAAM,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAClF,MAAM,OAAO,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,aAAa,CAAC,CAAC;IAEvD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,yBAAyB;YAC7B,KAAK,EAAE,sCAAsC;YAC7C,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;YACnC,OAAO,EAAE,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAClD,WAAW,EAAE,uEAAuE;YACpF,IAAI,EAAE,cAAc;SACrB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,iBAAiB,GAA4B;QACjD,CAAC,0DAA0D,EAAE,iEAAiE,CAAC;QAC/H,CAAC,WAAW,EAAE,8BAA8B,CAAC;QAC7C,CAAC,+BAA+B,EAAE,kCAAkC,CAAC;QACrE,CAAC,+BAA+B,EAAE,kCAAkC,CAAC;QACrE,CAAC,8CAA8C,EAAE,gCAAgC,CAAC;KACnF,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3E,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,mBAAmB,IAAI,gCAAgC;gBAC9D,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,YAAY,KAAK,CAAC,CAAC,CAAC,QAAQ,OAAO,EAAE;gBAC9C,WAAW,EAAE,sHAAsH;gBACnI,IAAI,EAAE,cAAc;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAgB,EAAE,QAAmB;IAC9D,MAAM,MAAM,GAAG;QACb,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,EAAE;QACpC,eAAe,EAAE,GAAG,CAAC,eAAe,IAAI,EAAE;QAC1C,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,IAAI,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;mBAC1F,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAExE,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,0BAA0B;oBAC9B,KAAK,EAAE,gCAAgC,IAAI,EAAE;oBAC7C,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,GAAG,SAAS,IAAI,IAAI,UAAU,OAAO,qCAAqC;oBACnF,WAAW,EAAE,yFAAyF;oBACtG,IAAI,EAAE,cAAc;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,IAAY,EAAE,GAAgB,EAAE,QAAmB;IACpF,MAAM,SAAS,GAAG;QAChB,CAAC,KAAK,EAAE,mBAAmB,CAAC;QAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC;QAC1B,CAAC,MAAM,EAAE,WAAW,CAAC;QACrB,CAAC,KAAK,EAAE,WAAW,CAAC;KACZ,CAAC;IAEX,MAAM,OAAO,GAAG,EAAE,CAAC;IACnB,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC;QAC5C,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,8BAA8B;YACrC,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,yEAAyE;YAClF,WAAW,EAAE,2EAA2E;YACxF,IAAI,EAAE,mBAAmB;SAC1B,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,mBAAmB,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,oBAAoB;YACxB,KAAK,EAAE,0CAA0C;YACjD,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,UAAU,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YACrE,WAAW,EAAE,2EAA2E;YACxF,IAAI,EAAE,aAAa;SACpB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;QACvB,MAAM,eAAe,GAAG,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACtE,IAAI,eAAe,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAkD,CAAC,EAAE,CAAC;YACjG,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,wCAAwC;gBAC/C,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,yBAAyB,GAAG,CAAC,cAAc,eAAe,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;gBACrH,WAAW,EAAE,0EAA0E;gBACvF,IAAI,EAAE,cAAc;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,KAAe,EAAE,OAAe;IAC7D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YACjF,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,QAAgB;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,IAAY,EAAE,QAAgB;IACrD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,UAAU,IAAI,CAAC,OAAe,EAAE,KAAa;QAChD,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpF,SAAS;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAClC,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAuB,EAAE,IAAY;IAC1D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1G,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAuB,EAAE,KAAe;IAChE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC5F,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACnD,OAAO;QACL,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,QAAQ;QACR,OAAO;QACP,OAAO;QACP,MAAM;KACP,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC3C,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;WAChC,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;WAC/B,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC;WACnC,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC;WAClC,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;WACjC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;WAC5B,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,IAAY;IAC5C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,WAAW,CAAC,QAAmB;IACtC,OAAO,QAAQ,CAAC,MAAM,CACpB,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE;QAClB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC,EACD,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CACxC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,QAAmB;IACvC,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,aAAa,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC1E,IAAI,aAAa,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,OAAO,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "shipcheck-cli",
+  "version": "0.2.0",
+  "description": "Release-readiness and AI-app exposure scanner for JavaScript and TypeScript repositories.",
+  "type": "module",
+  "bin": {
+    "shipcheck": "dist/src/cli.js"
+  },
+  "files": [
+    "dist/src",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "lint": "tsc -p tsconfig.json --noEmit",
+    "test": "npm run build && node --test \"dist/test/**/*.test.js\"",
+    "check": "npm run lint && npm test",
+    "prepare": "npm run build"
+  },
+  "keywords": [
+    "cli",
+    "release",
+    "audit",
+    "ai-app",
+    "vibe-coding",
+    "security",
+    "supabase",
+    "stripe",
+    "typescript",
+    "javascript"
+  ],
+  "author": "Tate Lyman",
+  "license": "MIT",
+  "devDependencies": {
+    "@types/node": "^22.15.3",
+    "typescript": "^5.8.3"
+  },
+  "engines": {
+    "node": ">=20"
+  }
+}