vaspera 2.9.0 → 2.10.0

package/CHANGELOG.md

@@ -1,5 +1,85 @@
 # Changelog
 
+## 2.10.0
+
+### Minor Changes
+
+- [#37](https://github.com/RCOLKITT/hardening-mcp/pull/37) [`f9b8a59`](https://github.com/RCOLKITT/hardening-mcp/commit/f9b8a59f7af6470f90a16c96aa9c6e5e845e2476) Thanks [@RCOLKITT](https://github.com/RCOLKITT)! - ## Property-Based Testing
+
+  - Added `fast-check` dependency for scanner robustness testing
+  - 52 new property tests for `extractPathParams`, `inferResourceType`, `analyzeFilePath`
+
+  ## Expanded Eval Fixtures
+
+  - 9 new fixtures across 5 categories (22 total, up from 13)
+  - command-injection (CWE-78), ssrf (CWE-918), xxe (CWE-611), insecure-deserialization (CWE-502), rls-bypass (CWE-639)
+
+  ## Constitution for Autofix Governance
+
+  - Risk tolerance levels: conservative | moderate | aggressive
+  - Pattern-specific approvals with conditions
+  - Directory restrictions (neverAutofix, requireReview)
+  - Safety constraints (dryRunDefault, maxFilesPerRun, runTestsAfterFix)
+  - 33 new tests for constitution validation
+
+## [2.10.0] - 2026-05-26
+
+### Added
+
+#### Property-Based Testing
+
+- Added `fast-check` dependency for property-based tests
+- New `src/__tests__/property-test-helpers.ts` with shared generators
+- PBT for `extractPathParams()` - tests all 4 framework styles (Express, Next.js, Flask, Spring)
+- PBT for `inferResourceType()` - tests singularization invariants
+- PBT for `analyzeFilePath()` - tests file classification rules
+- 52 new property tests ensuring scanner robustness
+
+#### Expanded Eval Fixtures
+
+- 9 new test fixtures across 5 vulnerability categories (22 total, up from 13)
+- `command-injection` (2 fixtures): CWE-78 - exec/spawn with user input
+- `ssrf` (2 fixtures): CWE-918 - fetch/axios with user-controlled URLs
+- `xxe` (1 fixture): CWE-611 - XML parser without entity restrictions
+- `insecure-deserialization` (2 fixtures): CWE-502 - eval/yaml.load vulnerabilities
+- `rls-bypass` (2 fixtures): CWE-639 - missing ownership filters, service role bypass
+
+#### Constitution for Autofix Governance
+
+- Added `yaml` dependency for constitution file parsing
+- New `src/autofix/constitution.schema.ts` with Zod validation
+- New `src/autofix/constitution.ts` loader with evaluation logic
+- Constitution integration with PR generator
+- 33 new tests for constitution validation and enforcement
+- Example constitution file in `examples/constitution.yaml`
+
+**Constitution Features:**
+
+- Risk tolerance levels: `conservative` | `moderate` | `aggressive`
+- Pattern-specific approvals with conditions (path, lines changed, severity)
+- Directory restrictions: `neverAutofix`, `requireReview`
+- Safety constraints: `dryRunDefault`, `maxFilesPerRun`, `runTestsAfterFix`
+- PR rules: required labels, commit prefix, max PRs per run
+
+### Changed
+
+- Test count increased from 2772 to 2942 (170 new tests)
+- MCP tools increased from 68 to 78
+
+---
+
+## 2.9.2
+
+### Patch Changes
+
+- [#30](https://github.com/RCOLKITT/hardening-mcp/pull/30) [`8110af7`](https://github.com/RCOLKITT/hardening-mcp/commit/8110af76da720332e43f296b7357987e7edec533) Thanks [@RCOLKITT](https://github.com/RCOLKITT)! - ## Telemetry Integration
+
+  - Wired up telemetry tracking to certification tools (`certification_scan`, `agent_cert_scan`, `certification_finalize`)
+  - Added scan registry for persistent analytics storage
+  - Telemetry is opt-in via `VASPERA_TELEMETRY_ENABLED` environment variable
+  - Privacy-respecting: repo URL, org name, and email require explicit opt-in
+  - Backend API endpoint for receiving telemetry events with rate limiting
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
@@ -12,6 +92,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 #### Optimization Plan Modules
 
 ##### Corpus Expansion (P0)
+
 - 7 new payload categories bringing total from 220 to 430+ payloads
 - `multi-turn.json` - 30 payloads for context-building attacks across turns
 - `context-manipulation.json` - 30 payloads for conversation history attacks
@@ -23,18 +104,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Updated corpus sizes: quick=100, standard=400, thorough=800, exhaustive=1500
 
 ##### Usage Telemetry (P0)
+
 - `src/telemetry/usage.ts` - Event tracking with privacy controls
 - `src/telemetry/registry.ts` - Persistent scan registry for analytics
 - Opt-in telemetry for repo URL, org name, user email
 - Analytics methods for dashboard and case study candidates
 
 ##### Badge Service (P0)
+
 - `src/badge-service/index.ts` - HTTP handlers for badge serving
 - Badge verification endpoint with Sigstore bundle support
 - `generateBadgeEmbedCode()` for markdown/HTML embedding
 - CertificationStorage interface with memory implementation
 
 ##### Frontier Model Interface (P1)
+
 - `src/frontier/types.ts` - Interfaces for Mythos/GPT-5.5-Cyber integration
 - `src/frontier/orchestrator.ts` - Multi-model orchestration with consensus
 - `src/frontier/providers/stub.ts` - Test provider placeholder
@@ -42,6 +126,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - ExploitChain and ConsensusResult types
 
 ##### Data Flow Analysis (P1)
+
 - `src/analysis/data-flow.ts` - Source→sink tracking for JS/TS/Python
 - Pattern-based detection of user input sources (req.body, event.body, etc.)
 - Dangerous sink detection (SQL, command exec, eval, file write)
@@ -49,6 +134,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - LLM context formatting for focused analysis
 
 ##### Agent Chain Analysis (P2)
+
 - `src/scanners/agent/agent-chain-analysis.ts` - Multi-hop attack paths
 - Trust boundary modeling between agents and MCP servers
 - AgentGraph construction from MCP server configs
@@ -56,6 +142,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Mermaid diagram generation for visualization
 
 ### Changed
+
 - Extended PayloadCategory type with 7 new categories
 - Updated FuzzerOptions corpus type to include "exhaustive"
 - Increased test count from 2,332 to 2,484 across 104 test files
@@ -65,6 +152,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 #### Agent Batch Submit Tool
+
 - New `agent_batch_submit` tool for submitting findings from subagent JSON output
 - Solves MCP permission issues when certification agents run as subagents
 - Accepts array of findings and optional summary in one call
@@ -73,6 +161,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 #### CI/CD Improvements
+
 - Lazy Stripe initialization to allow builds without `STRIPE_SECRET_KEY`
 - Fixed TypeScript test timeout for CI environments
 - Synced package-lock.json for CI compatibility
@@ -82,6 +171,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 #### Plan Enforcement
+
 - New plan-limits system for free/pro/enterprise tiers
 - Certification monthly limits enforced at API level
 - Agent count limits based on subscription plan
@@ -90,19 +180,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 #### Plan Limits
 
-| Limit | Free | Pro | Enterprise |
-|-------|------|-----|------------|
-| Certifications/month | 3 | 50 | Unlimited |
-| Projects | 2 | 20 | Unlimited |
-| Agents | 3 | 7 | All |
-| Frameworks | SOC2 | SOC2, HIPAA, NIST | All |
-| Red team | ❌ | ❌ | ✓ |
+| Limit                | Free | Pro               | Enterprise |
+| -------------------- | ---- | ----------------- | ---------- |
+| Certifications/month | 3    | 50                | Unlimited  |
+| Projects             | 2    | 20                | Unlimited  |
+| Agents               | 3    | 7                 | All        |
+| Frameworks           | SOC2 | SOC2, HIPAA, NIST | All        |
+| Red team             | ❌   | ❌                | ✓          |
 
 ## [2.6.0] - 2026-04-26
 
 ### Added
 
 #### Test Coverage
+
 - 147 new tests across 5 test files
 - `agent-integrity.test.ts` - Consensus analysis and outlier detection
 - `agent-privacy.test.ts` - PII detection with Luhn validation
@@ -111,12 +202,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `flags.test.ts` - Feature flags and config loading
 
 #### Feature Flags System
+
 - New `.vaspera/config.yaml` configuration format
 - Per-agent weights and model selection
 - Per-scanner timeouts and custom rules
 - Feature toggles for multiModel, costTracking, autofix, etc.
 
 #### Plugin System
+
 - Scanner plugin architecture with manifest schema
 - Local plugins from `.vaspera/plugins/`
 - npm plugins from `vaspera-scanner-*` packages
@@ -127,6 +220,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 #### Mythos-Class Security Scanners
+
 - New `binary-analysis` scanner for native module security
   - Detects Node.js native addons, shared libraries, Rust FFI, Go CGO
   - Checks RELRO, NX, PIE, CANARY protections via checksec
@@ -144,6 +238,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Java: check-then-act and synchronized patterns
 
 #### Semantic AI Agents
+
 - New `zero-day-hunter` agent for novel vulnerability discovery
   - AI-powered semantic code analysis beyond pattern matching
   - Discovers logic flaws, auth bypasses, cryptographic weaknesses
@@ -160,17 +255,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Severity escalation calculation (medium + medium = critical)
 
 #### New MCP Tools
+
 - `certification_scan_binary` - Scan compiled code and native modules
 - `certification_analyze_chains` - Analyze findings for exploitable chains
 - `certification_semantic_analysis` - Run AI-powered semantic analysis
 
 #### Compliance Enhancements
+
 - Added MITRE ATT&CK technique mapping for AI/ML systems
 - New CWE mappings for memory safety vulnerabilities
 - New CWE mappings for race condition vulnerabilities
 - OWASP LLM Top 10 integration
 
 ### Changed
+
 - Updated scanner count from 9 to 13+ scanners
 - Updated agent count from 4 to 7+ agents
 - Updated frontend marketing pages with Mythos-class capabilities
@@ -181,6 +279,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 #### Cost Tracking
+
 - New `cost_track` tool to start tracking costs for a certification
 - New `cost_estimate` tool to estimate costs before running
 - New `cost_status` tool to get current cost status
@@ -191,6 +290,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Budget limits with automatic warnings and abort capability
 
 #### Multi-Model Consensus
+
 - New `multimodel_record` tool to record findings from model runs
 - New `multimodel_consensus` tool to calculate inter-model agreement
 - New `multimodel_disagreements` tool to identify model disagreements
@@ -203,6 +303,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Disagreement detection by type (existence, severity, location, description)
 
 #### Compliance Mapping
+
 - New `compliance_report` tool for single-framework reports
 - New `compliance_multi_report` tool for multi-framework reports
 - New `compliance_controls` tool to list framework controls
@@ -212,6 +313,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Finding-to-control mapping by category
 
 #### SBOM & Provenance
+
 - New `sbom_generate` tool for CycloneDX SBOM generation
 - New `sbom_provenance` tool for SLSA provenance attestation
 - New `sbom_sign` tool for Sigstore signing
@@ -220,6 +322,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Build attestation with SLSA Level 2 support
 
 #### Documentation
+
 - New `docs/` folder with feature documentation
 - Cost tracking guide (`docs/cost-tracking.md`)
 - Multi-model consensus guide (`docs/multi-model.md`)
@@ -228,11 +331,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Example workflows (`docs/examples/`)
 
 ### Changed
+
 - Updated MCP tool count from 36 to 52
 - Updated package description to highlight enterprise features
 - README now includes v2.0.0 features section
 
 ### Fixed
+
 - Finding type now uses `description` consistently (removed legacy `title`)
 - Multi-model consensus correctly handles partial model agreement
 - Cost calculation uses accurate per-model pricing
@@ -242,58 +347,68 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 #### Deterministic Scanners
+
 - Semgrep integration for OWASP Top 10
 - gitleaks integration for secrets detection
 - npm audit integration for CVE detection
 - TypeScript analysis for type safety
 
 #### GitHub Action
+
 - `action.yml` for CI/CD integration
 - Diff-mode scanning for PRs
 - PR comment formatting
 - SARIF upload to GitHub Code Scanning
 
 #### Evaluation Harness
+
 - Test fixtures for scanner accuracy
 - Precision, recall, F1 metrics
 - Stability testing across runs
 - Target thresholds for publication
 
 #### Custom Rules
+
 - `rules_load` for custom rule loading
 - `rules_templates` for built-in templates
 - `rules_generate_config` for config generation
 - `rules_check_file` for file checking
 
 ### Changed
+
 - Scanner findings now have confidence: 100
 - LLM agents reference scanner findings by ID
 
 ## [1.0.2] - 2023-12-15
 
 ### Added
+
 - Cross-verification system between agents
 - Consensus scoring with certification levels
 - SARIF export for GitHub integration
 
 ### Fixed
+
 - Evidence validation for LLM findings
 - Finding deduplication logic
 
 ## [1.0.1] - 2023-12-01
 
 ### Added
+
 - File hash-based caching
 - Agent finding submission tools
 - Basic certification workflow
 
 ### Fixed
+
 - Project discovery on macOS
 - Command installation paths
 
 ## [1.0.0] - 2023-11-15
 
 ### Added
+
 - Initial release
 - 6 certification agents (security, reliability, typesafety, performance, quality, redteam)
 - Hardening command installation

package/README.md

@@ -4,9 +4,66 @@ Enterprise-grade security certification for codebases **and AI agent systems** w
 
 ![npm version](https://img.shields.io/npm/v/vaspera)
 ![License](https://img.shields.io/badge/License-MIT-green)
-![Tools](https://img.shields.io/badge/MCP_Tools-68-purple)
+![Tools](https://img.shields.io/badge/MCP_Tools-78-purple)
 ![AI Frameworks](https://img.shields.io/badge/AI_Frameworks-5-blue)
 ![Scanners](https://img.shields.io/badge/Scanners-12-orange)
+![Tests](https://img.shields.io/badge/Tests-2942-brightgreen)
+
+---
+
+## What's New in v2.10.0
+
+### Property-Based Testing
+Robust scanner testing with fast-check property-based tests:
+
+| Function | Properties Tested |
+|----------|-------------------|
+| `extractPathParams()` | All 4 framework styles (Express `:id`, Next.js `[id]`, Flask `<id>`, Spring `{id}`) |
+| `inferResourceType()` | Singularization invariants (`-ies` → `-y`, `-ses` → `-s`) |
+| `analyzeFilePath()` | Test/vendor/generated file classification |
+
+### Expanded Eval Fixtures
+22 test fixtures across 11 vulnerability categories (up from 13):
+
+| Category | CWE | Fixtures |
+|----------|-----|----------|
+| `command-injection` | CWE-78 | 2 |
+| `ssrf` | CWE-918 | 2 |
+| `xxe` | CWE-611 | 1 |
+| `insecure-deserialization` | CWE-502 | 2 |
+| `rls-bypass` | CWE-639 | 2 |
+
+### Constitution for Autofix Governance
+Policy-based governance for autonomous autofix operations:
+
+```yaml
+# .vaspera/constitution.yaml
+version: "1.0"
+riskTolerance: "conservative"  # conservative | moderate | aggressive
+
+patterns:
+  - patternId: "qual-console-log"
+    autoApprove: true
+  - patternId: "sec-sql-injection"
+    autoApprove: false
+    requiredReviewer: "security-team"
+
+directories:
+  neverAutofix: ["node_modules", "vendor"]
+  requireReview: ["src/auth/", "src/crypto/"]
+
+safety:
+  dryRunDefault: true
+  maxFilesPerRun: 20
+  runTestsAfterFix: true
+  revertOnTestFailure: true
+```
+
+**Constitution Features:**
+- **Risk Tolerance** — Control which patterns auto-apply based on risk level
+- **Pattern Approvals** — Whitelist/blacklist specific fix patterns with conditions
+- **Path Restrictions** — Block autofix in sensitive directories (auth, crypto)
+- **Safety Constraints** — Enforce dry-run, test requirements, backup branches
 
 ---
 

package/dist/__tests__/autofix/branch-manager.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=branch-manager.test.d.ts.map

package/dist/__tests__/autofix/branch-manager.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"branch-manager.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/autofix/branch-manager.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/autofix/branch-manager.test.js

@@ -0,0 +1,60 @@
+import { describe, it, expect } from "vitest";
+import { parseGitHubRemote, generateBranchName, } from "../../autofix/branch-manager.js";
+describe("branch-manager", () => {
+    describe("parseGitHubRemote", () => {
+        it("parses SSH format URLs", () => {
+            const result = parseGitHubRemote("git@github.com:owner/repo.git");
+            expect(result).toEqual({ owner: "owner", repo: "repo" });
+        });
+        it("parses SSH format URLs without .git suffix", () => {
+            const result = parseGitHubRemote("git@github.com:owner/repo");
+            expect(result).toEqual({ owner: "owner", repo: "repo" });
+        });
+        it("parses HTTPS format URLs", () => {
+            const result = parseGitHubRemote("https://github.com/owner/repo.git");
+            expect(result).toEqual({ owner: "owner", repo: "repo" });
+        });
+        it("parses HTTPS format URLs without .git suffix", () => {
+            const result = parseGitHubRemote("https://github.com/owner/repo");
+            expect(result).toEqual({ owner: "owner", repo: "repo" });
+        });
+        it("returns undefined for non-GitHub URLs", () => {
+            expect(parseGitHubRemote("https://gitlab.com/owner/repo.git")).toBeUndefined();
+            expect(parseGitHubRemote("git@gitlab.com:owner/repo.git")).toBeUndefined();
+        });
+        it("handles repos with dashes and underscores", () => {
+            const result = parseGitHubRemote("git@github.com:my-org/my_repo-name.git");
+            expect(result).toEqual({ owner: "my-org", repo: "my_repo-name" });
+        });
+    });
+    describe("generateBranchName", () => {
+        it("generates branch name with prefix and identifier", () => {
+            const result = generateBranchName("vaspera/autofix", "critical");
+            expect(result).toMatch(/^vaspera\/autofix\/critical-[a-z0-9]+$/);
+        });
+        it("sanitizes special characters", () => {
+            const result = generateBranchName("fix", "SQL Injection!!!");
+            // Special characters become dashes, includes timestamp suffix
+            expect(result).toMatch(/^fix\/sql-injection/);
+            expect(result).toContain("sql-injection");
+        });
+        it("truncates long identifiers", () => {
+            const longId = "a".repeat(50);
+            const result = generateBranchName("fix", longId);
+            // Identifier should be truncated to 30 chars + timestamp
+            const parts = result.split("/");
+            const afterPrefix = parts[1];
+            const identifierPart = afterPrefix.split("-").slice(0, -1).join("-");
+            expect(identifierPart.length).toBeLessThanOrEqual(30);
+        });
+        it("converts to lowercase", () => {
+            const result = generateBranchName("FIX", "XSS-Attack");
+            expect(result).toMatch(/^FIX\/xss-attack-[a-z0-9]+$/);
+        });
+        it("removes consecutive dashes", () => {
+            const result = generateBranchName("fix", "foo---bar");
+            expect(result).toMatch(/^fix\/foo-bar-[a-z0-9]+$/);
+        });
+    });
+});
+//# sourceMappingURL=branch-manager.test.js.map

package/dist/__tests__/autofix/branch-manager.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"branch-manager.test.js","sourceRoot":"","sources":["../../../src/__tests__/autofix/branch-manager.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAkB,MAAM,QAAQ,CAAC;AAC9D,OAAO,EACL,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,iCAAiC,CAAC;AAEzC,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,+BAA+B,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,2BAA2B,CAAC,CAAC;YAC9D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,MAAM,GAAG,iBAAiB,CAAC,mCAAmC,CAAC,CAAC;YACtE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,iBAAiB,CAAC,+BAA+B,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,iBAAiB,CAAC,mCAAmC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;YAC/E,MAAM,CAAC,iBAAiB,CAAC,+BAA+B,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QAC7E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,MAAM,GAAG,iBAAiB,CAAC,wCAAwC,CAAC,CAAC;YAC3E,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,MAAM,GAAG,kBAAkB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;YAC7D,8DAA8D;YAC9D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACjD,yDAAyD;YACzD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACrE,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/autofix/commit-generator.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=commit-generator.test.d.ts.map

package/dist/__tests__/autofix/commit-generator.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"commit-generator.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/autofix/commit-generator.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/autofix/commit-generator.test.js

@@ -0,0 +1,147 @@
+import { describe, it, expect } from "vitest";
+import { generateCommitMessage, generateCommitBody, generatePRTitle, generatePRBody, groupFixesBySeverity, groupFixesByFile, groupFixesByPattern, } from "../../autofix/commit-generator.js";
+describe("commit-generator", () => {
+    const mockFixResults = [
+        {
+            findingId: "sec-001",
+            file: "src/auth.ts",
+            applied: true,
+            diff: { before: "old", after: "new", lineNumber: 10 },
+        },
+        {
+            findingId: "sec-002",
+            file: "src/api.ts",
+            applied: true,
+            diff: { before: "old2", after: "new2", lineNumber: 25 },
+        },
+        {
+            findingId: "perf-001",
+            file: "src/auth.ts",
+            applied: true,
+            diff: { before: "old3", after: "new3", lineNumber: 50 },
+        },
+    ];
+    describe("generateCommitMessage", () => {
+        it("generates message for single fix", () => {
+            const result = generateCommitMessage([mockFixResults[0]], "high");
+            expect(result).toContain("fix");
+            expect(result).toContain("sec-001");
+        });
+        it("generates message for multiple fixes", () => {
+            const result = generateCommitMessage(mockFixResults, "high");
+            expect(result).toContain("3 automated fixes");
+        });
+        it("includes severity when requested", () => {
+            const result = generateCommitMessage(mockFixResults, "critical", { includeSeverity: true });
+            expect(result).toContain("[critical]");
+        });
+        it("omits severity when requested", () => {
+            const result = generateCommitMessage(mockFixResults, "critical", { includeSeverity: false });
+            expect(result).not.toContain("[critical]");
+        });
+        it("returns fallback for empty fixes", () => {
+            const result = generateCommitMessage([], undefined);
+            expect(result).toContain("no changes applied");
+        });
+        it("truncates long messages", () => {
+            const result = generateCommitMessage(mockFixResults, "critical", { maxLength: 50 });
+            expect(result.length).toBeLessThanOrEqual(50);
+        });
+    });
+    describe("generateCommitBody", () => {
+        it("includes file grouping", () => {
+            const result = generateCommitBody(mockFixResults, "high");
+            expect(result).toContain("src/auth.ts");
+            expect(result).toContain("src/api.ts");
+        });
+        it("includes severity", () => {
+            const result = generateCommitBody(mockFixResults, "critical");
+            expect(result).toContain("CRITICAL");
+        });
+        it("returns empty for no fixes", () => {
+            const result = generateCommitBody([], undefined);
+            expect(result).toBe("");
+        });
+        it("includes Vaspera attribution", () => {
+            const result = generateCommitBody(mockFixResults, "high");
+            expect(result).toContain("Vaspera Hardening");
+        });
+    });
+    describe("generatePRTitle", () => {
+        it("generates title with severity", () => {
+            const result = generatePRTitle(mockFixResults, "high");
+            expect(result).toContain("high");
+            expect(result).toContain("3");
+        });
+        it("handles singular fix correctly", () => {
+            const result = generatePRTitle([mockFixResults[0]], "critical");
+            expect(result).toContain("1 critical-severity autofix");
+            expect(result).not.toContain("autofixes");
+        });
+        it("uses template when provided", () => {
+            const result = generatePRTitle(mockFixResults, "high", "Security: {{count}} fixes for {{severity}} issues");
+            expect(result).toBe("Security: 3 fixes for high issues");
+        });
+    });
+    describe("generatePRBody", () => {
+        it("includes summary section", () => {
+            const result = generatePRBody(mockFixResults, "high");
+            expect(result).toContain("## Summary");
+            expect(result).toContain("automated security fixes");
+        });
+        it("includes review checklist", () => {
+            const result = generatePRBody(mockFixResults, "high");
+            expect(result).toContain("## Review Checklist");
+            expect(result).toContain("semantically correct");
+        });
+        it("includes certification ID when provided", () => {
+            const result = generatePRBody(mockFixResults, "high", { certificationId: "cert-123" });
+            expect(result).toContain("cert-123");
+        });
+        it("includes before/after when requested", () => {
+            const result = generatePRBody(mockFixResults, "high", { includeBeforeAfter: true });
+            expect(result).toContain("Before:");
+            expect(result).toContain("After:");
+        });
+    });
+    describe("groupFixesBySeverity", () => {
+        it("groups fixes by their severity", () => {
+            const severities = new Map([
+                ["sec-001", "high"],
+                ["sec-002", "high"],
+                ["perf-001", "medium"],
+            ]);
+            const result = groupFixesBySeverity(mockFixResults, severities);
+            expect(result.get("high")).toHaveLength(2);
+            expect(result.get("medium")).toHaveLength(1);
+        });
+        it("defaults to medium for unknown findings", () => {
+            const severities = new Map();
+            const result = groupFixesBySeverity(mockFixResults, severities);
+            expect(result.get("medium")).toHaveLength(3);
+        });
+    });
+    describe("groupFixesByFile", () => {
+        it("groups fixes by file path", () => {
+            const result = groupFixesByFile(mockFixResults);
+            expect(result.get("src/auth.ts")).toHaveLength(2);
+            expect(result.get("src/api.ts")).toHaveLength(1);
+        });
+    });
+    describe("groupFixesByPattern", () => {
+        it("groups fixes by pattern ID", () => {
+            const result = groupFixesByPattern(mockFixResults);
+            expect(result.has("sec")).toBeTruthy();
+            expect(result.has("perf")).toBeTruthy();
+        });
+        it("extracts pattern from finding ID", () => {
+            const fixes = [
+                { findingId: "sec-hardcoded-secret-001", file: "a.ts", applied: true },
+                { findingId: "sec-hardcoded-secret-002", file: "b.ts", applied: true },
+            ];
+            const result = groupFixesByPattern(fixes);
+            expect(result.get("sec-hardcoded-secret")).toHaveLength(2);
+        });
+    });
+});
+//# sourceMappingURL=commit-generator.test.js.map

package/dist/__tests__/autofix/commit-generator.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commit-generator.test.js","sourceRoot":"","sources":["../../../src/__tests__/autofix/commit-generator.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAI3C,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,MAAM,cAAc,GAAgB;QAClC;YACE,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE;SACtD;QACD;YACE,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;SACxD;QACD;YACE,SAAS,EAAE,UAAU;YACrB,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;SACxD;KACF,CAAC;IAEF,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,MAAM,GAAG,qBAAqB,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,MAAM,GAAG,qBAAqB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,MAAM,GAAG,qBAAqB,CAAC,cAAc,EAAE,UAAU,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5F,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,MAAM,GAAG,qBAAqB,CAAC,cAAc,EAAE,UAAU,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7F,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,MAAM,GAAG,qBAAqB,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YACpD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,qBAAqB,CAAC,cAAc,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;YACpF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,MAAM,GAAG,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACxC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,MAAM,GAAG,kBAAkB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAC9D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,MAAM,GAAG,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,MAAM,GAAG,eAAe,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YAChE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,eAAe,CAAC,cAAc,EAAE,MAAM,EAAE,mDAAmD,CAAC,CAAC;YAC5G,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC,CAAC;YACvF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;YACpF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAmB;gBAC3C,CAAC,SAAS,EAAE,MAAM,CAAC;gBACnB,CAAC,SAAS,EAAE,MAAM,CAAC;gBACnB,CAAC,UAAU,EAAE,QAAQ,CAAC;aACvB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,oBAAoB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAEhE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB,CAAC;YAC/C,MAAM,MAAM,GAAG,oBAAoB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAEhE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;YAEhD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,MAAM,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC;YAEnD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,KAAK,GAAgB;gBACzB,EAAE,SAAS,EAAE,0BAA0B,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;gBACtE,EAAE,SAAS,EAAE,0BAA0B,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;aACvE,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAE1C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}