vaulter 1.0.5 → 1.0.8

package/README.md

@@ -56,6 +56,8 @@ vaulter k8s:secret -e prd | kubectl apply -f -
 - [Why Vaulter?](#why-vaulter)
 - [Security](#security)
 - [Daily Use](#daily-use)
+- [Audit & Compliance](#audit--compliance)
+- [Secret Rotation](#secret-rotation)
 - [CI/CD](#cicd)
 - [Configuration](#configuration)
 - [Integrations](#integrations)
@@ -453,6 +455,22 @@ vaulter k8s:secret -e prd | kubectl apply -f -
 | `tf:vars` | Terraform .tfvars | `vaulter tf:vars -e prd` |
 | `scan` | Scan monorepo | `vaulter scan` |
 
+#### Audit Commands
+
+| Command | Description | Example |
+|:--------|:------------|:--------|
+| `audit list` | List audit entries | `vaulter audit list -e prd` |
+| `audit show` | Show entry details | `vaulter audit show <id>` |
+| `audit stats` | Show statistics | `vaulter audit stats -e prd` |
+| `audit cleanup` | Delete old entries | `vaulter audit cleanup --retention 30` |
+
+#### Rotation Commands
+
+| Command | Description | Example |
+|:--------|:------------|:--------|
+| `rotation list` | Show rotation status | `vaulter rotation list -e prd` |
+| `rotation run` | Run rotation check | `vaulter rotation run -e prd --clear` |
+
 ### Set Command Syntax
 
 ```bash
@@ -518,6 +536,401 @@ vaulter k8s:secret -e uat | kubectl apply -f -
 
 ---
 
+## Audit & Compliance
+
+Vaulter includes built-in audit logging to track every change to your secrets. Essential for compliance (SOC2, HIPAA, PCI-DSS) and debugging "who changed what, when".
+
+### Why Audit?
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                    Without Audit Logging                        │
+│                                                                 │
+│  Developer: "Who deleted the API_KEY in production?"            │
+│  Team: 🤷 "No idea, check git blame? It's not in the repo..."  │
+│                                                                 │
+└─────────────────────────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────────────────────────┐
+│                     With Vaulter Audit                          │
+│                                                                 │
+│  $ vaulter audit list -e prd --pattern "API_KEY"                │
+│                                                                 │
+│  TIMESTAMP            USER      OP      KEY      ENV   SRC      │
+│  2025-01-15 14:32:01  john      delete  API_KEY  prd   cli      │
+│  2025-01-10 09:15:22  jane      set     API_KEY  prd   sync     │
+│  2025-01-05 11:00:00  deploy    set     API_KEY  prd   ci       │
+│                                                                 │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+### Configuration
+
+```yaml
+# .vaulter/config.yaml
+audit:
+  enabled: true              # Enable audit logging (default: true)
+  retention_days: 90         # Auto-cleanup entries older than N days
+  mask_values: true          # Mask values in logs (show: sk-1234****5678)
+  include_values: false      # Include actual values (⚠️ security risk)
+```
+
+| Option | Default | Description |
+|:-------|:--------|:------------|
+| `enabled` | `true` | Enable/disable audit logging |
+| `retention_days` | `90` | Auto-cleanup old entries |
+| `mask_values` | `true` | Mask sensitive values in logs |
+| `include_values` | `false` | Store full values (⚠️ use with caution) |
+
+### Commands
+
+#### List Audit Entries
+
+```bash
+# List recent entries (default: 50)
+vaulter audit list -e prd
+
+# Filter by user
+vaulter audit list -e prd --user john
+
+# Filter by operation
+vaulter audit list -e prd --operation delete
+
+# Filter by key pattern (supports wildcards)
+vaulter audit list -e prd --pattern "DATABASE_*"
+
+# Filter by date range
+vaulter audit list -e prd --since "2025-01-01" --until "2025-01-15"
+
+# Filter by source
+vaulter audit list -e prd --source ci
+
+# Show all environments
+vaulter audit list --all-envs
+
+# JSON output for scripting
+vaulter audit list -e prd --json
+
+# Combine filters
+vaulter audit list -e prd --user deploy --operation set --limit 100
+```
+
+**Output:**
+```
+TIMESTAMP            USER          OP        KEY                       ENV   SRC
+2025-01-15 14:32:01  john          delete    API_KEY                   prd   cli
+2025-01-15 14:30:00  jane          set       DATABASE_URL              prd   cli
+2025-01-15 10:00:00  github-ci     push      *                         prd   ci
+2025-01-14 16:45:22  jane          sync      *                         prd   cli
+
+Showing 4 entries
+```
+
+#### Show Entry Details
+
+```bash
+# Get full details of a specific entry
+vaulter audit show <entry-id>
+```
+
+**Output:**
+```
+  ID:          abc123def456
+  Timestamp:   2025-01-15 14:32:01
+  User:        john
+  Operation:   delete
+  Key:         API_KEY
+  Project:     my-project
+  Environment: prd
+  Source:      cli
+  Previous:    sk-1234****5678
+  Metadata:    {"reason": "rotating key"}
+```
+
+#### Audit Statistics
+
+```bash
+# View summary statistics
+vaulter audit stats -e prd
+```
+
+**Output:**
+```
+Audit Statistics for my-project/prd
+════════════════════════════════════════
+Total entries: 1,247
+Date range:    2024-10-15 09:00:00 to 2025-01-15 14:32:01
+
+By Operation:
+  set          892
+  delete       124
+  sync         156
+  push         75
+
+By User:
+  jane                 456
+  john                 321
+  github-ci            470
+
+By Source:
+  cli        645
+  ci         470
+  sync       132
+```
+
+#### Cleanup Old Entries
+
+```bash
+# Cleanup entries older than retention_days (from config)
+vaulter audit cleanup
+
+# Override retention period
+vaulter audit cleanup --retention 30
+
+# Dry-run to see what would be deleted
+vaulter audit cleanup --retention 30 --dry-run
+```
+
+### Automatic Audit Logging
+
+Audit entries are created automatically for all write operations:
+
+| Operation | Logged Info |
+|:----------|:------------|
+| `set` | Key, previous value (masked), new value (masked) |
+| `delete` | Key, previous value (masked) |
+| `sync` | Keys added, updated, deleted |
+| `push` | Keys added, updated, deleted |
+| `deleteAll` | All deleted keys |
+
+### Sources
+
+The `source` field indicates where the operation originated:
+
+| Source | Description |
+|:-------|:------------|
+| `cli` | Manual CLI command |
+| `ci` | CI/CD pipeline |
+| `sync` | Bidirectional sync operation |
+| `api` | Programmatic API call |
+| `mcp` | MCP server (AI assistant) |
+
+### Compliance Tips
+
+```bash
+# Export audit log for compliance review
+vaulter audit list --all-envs --json > audit-report-$(date +%Y%m).json
+
+# Monitor production changes
+vaulter audit list -e prd --since "$(date -d 'yesterday' +%Y-%m-%d)"
+
+# Alert on deletions
+vaulter audit list -e prd --operation delete --json | jq '.entries | length'
+```
+
+---
+
+## Secret Rotation
+
+Regular secret rotation is a security best practice. Vaulter tracks rotation schedules and helps you identify secrets that need attention.
+
+### Why Rotate?
+
+- **Limit exposure**: If a key is compromised, damage is time-limited
+- **Compliance**: Many standards require periodic rotation (PCI-DSS: 90 days)
+- **Access control**: Rotated keys invalidate old access
+- **Audit trail**: Clear history of when credentials changed
+
+### How It Works
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                    Rotation Workflow                            │
+│                                                                 │
+│  1. vaulter rotation list        → See what needs rotation      │
+│                                                                 │
+│  KEY            ENV   LAST ROTATED    ROTATE AFTER    STATUS    │
+│  DATABASE_URL   prd   45 days ago     90 days         ✓ OK      │
+│  API_KEY        prd   120 days ago    90 days         ⚠ OVERDUE │
+│  JWT_SECRET     prd   never           90 days         ⚠ OVERDUE │
+│                                                                 │
+│  2. Manually rotate the credential in the external service      │
+│                                                                 │
+│  3. vaulter set API_KEY="new-value" -e prd                      │
+│     → Automatically updates rotatedAt timestamp                 │
+│                                                                 │
+│  4. vaulter rotation run -e prd --clear                         │
+│     → Clears rotateAfter for updated keys (fresh start)         │
+│                                                                 │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+### Configuration
+
+```yaml
+# .vaulter/config.yaml
+encryption:
+  rotation:
+    enabled: true          # Enable rotation tracking
+    interval_days: 90      # Default rotation interval
+    patterns:              # Keys that should be rotated
+      - "*_KEY"
+      - "*_SECRET"
+      - "*_TOKEN"
+      - "*_PASSWORD"
+      - "DATABASE_URL"
+      - "REDIS_URL"
+```
+
+| Option | Default | Description |
+|:-------|:--------|:------------|
+| `enabled` | `true` | Enable rotation tracking |
+| `interval_days` | `90` | Default rotation period |
+| `patterns` | `["*_KEY", "*_SECRET", ...]` | Keys to track (glob patterns) |
+
+### Commands
+
+#### List Rotation Status
+
+```bash
+# Show rotation status for all secrets
+vaulter rotation list -e prd
+
+# Check all environments
+vaulter rotation list --all-envs
+
+# Filter overdue only
+vaulter rotation list -e prd --overdue
+
+# Custom interval check
+vaulter rotation list -e prd --days 30
+
+# JSON output
+vaulter rotation list -e prd --json
+```
+
+**Output:**
+```
+Rotation Status for my-project/prd (default: 90 days)
+
+KEY               LAST ROTATED         ROTATE AFTER         STATUS
+DATABASE_URL      2024-12-01           2025-03-01           ✓ OK (45 days)
+API_KEY           2024-09-15           2024-12-14           ⚠ OVERDUE (32 days)
+JWT_SECRET        never                —                    ⚠ NEVER ROTATED
+REDIS_URL         2024-11-20           2025-02-18           ✓ OK (34 days)
+
+Summary: 4 secrets, 2 overdue, 1 never rotated
+```
+
+#### Run Rotation Check
+
+```bash
+# Interactive rotation workflow
+vaulter rotation run -e prd
+
+# Clear rotation schedule for already-rotated keys
+vaulter rotation run -e prd --clear
+
+# Set new interval
+vaulter rotation run -e prd --interval 60
+
+# Dry-run
+vaulter rotation run -e prd --dry-run
+```
+
+**Interactive Output:**
+```
+Checking rotation status for my-project/prd...
+
+⚠ Found 2 secrets needing rotation:
+
+  API_KEY (overdue by 32 days)
+    Last rotated: 2024-09-15
+    Rotate after: 2024-12-14
+
+  JWT_SECRET (never rotated)
+    Set a rotation schedule? [Y/n]: y
+    Rotation interval (days) [90]: 90
+    ✓ Scheduled rotation for 2025-04-15
+
+To update a rotated secret:
+  vaulter set API_KEY="new-value" -e prd
+
+After rotating, clear the schedule:
+  vaulter rotation run -e prd --clear
+```
+
+#### Schedule Rotation
+
+When you set a new value, Vaulter automatically tracks when it was last changed:
+
+```bash
+# Set new value (automatically updates rotatedAt)
+vaulter set API_KEY="sk-new-rotated-key" -e prd
+
+# Verify rotation was tracked
+vaulter rotation list -e prd --pattern "API_KEY"
+```
+
+**Output:**
+```
+KEY       LAST ROTATED         ROTATE AFTER    STATUS
+API_KEY   just now             2025-04-15      ✓ OK (90 days)
+```
+
+### Rotation Metadata
+
+Each secret tracks rotation metadata:
+
+| Field | Description |
+|:------|:------------|
+| `rotatedAt` | ISO timestamp of last rotation |
+| `rotateAfter` | ISO timestamp when rotation is due |
+
+View with:
+```bash
+vaulter get API_KEY -e prd --json | jq '.metadata'
+```
+
+### CI/CD Integration
+
+```yaml
+# GitHub Actions - Weekly rotation check
+name: Secret Rotation Check
+on:
+  schedule:
+    - cron: '0 9 * * 1'  # Every Monday at 9am
+
+jobs:
+  check-rotation:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check for overdue secrets
+        env:
+          VAULTER_KEY: ${{ secrets.VAULTER_KEY }}
+        run: |
+          OVERDUE=$(npx vaulter rotation list -e prd --json | jq '.overdue')
+          if [ "$OVERDUE" -gt 0 ]; then
+            echo "::warning::$OVERDUE secrets are overdue for rotation!"
+            npx vaulter rotation list -e prd
+            exit 1
+          fi
+          echo "✓ All secrets are within rotation policy"
+```
+
+### Compliance Matrix
+
+| Standard | Requirement | Vaulter Config |
+|:---------|:------------|:---------------|
+| PCI-DSS | 90 days | `interval_days: 90` |
+| SOC2 | Regular rotation | `interval_days: 90` |
+| HIPAA | Periodic | `interval_days: 180` |
+| Internal | Custom | `interval_days: N` |
+
+---
+
 ## CI/CD
 
 ### GitHub Actions (Quick Start)
@@ -829,6 +1242,20 @@ encryption:
   key_source:
     - env: VAULTER_KEY
     - file: .vaulter/.key
+  # Secret rotation settings
+  rotation:
+    enabled: true
+    interval_days: 90
+    patterns:
+      - "*_KEY"
+      - "*_SECRET"
+      - "*_TOKEN"
+
+# Audit logging
+audit:
+  enabled: true
+  retention_days: 90
+  mask_values: true
 
 environments:
   - dev
@@ -1032,7 +1459,9 @@ npx @anthropic-ai/mcp-inspector vaulter mcp
 }
 ```
 
-### Available Tools (19)
+### Available Tools (21)
+
+#### Core Operations
 
 | Tool | Description |
 |:-----|:------------|
@@ -1040,33 +1469,51 @@ npx @anthropic-ai/mcp-inspector vaulter mcp
 | `vaulter_set` | Set a variable |
 | `vaulter_delete` | Delete a variable |
 | `vaulter_list` | List variables |
-| `vaulter_export` | Export in various formats |
+| `vaulter_export` | Export in various formats (shell, env, json, yaml, tfvars, docker-args) |
 | `vaulter_sync` | Bidirectional sync |
 | `vaulter_pull` | Download from backend |
 | `vaulter_push` | Upload to backend |
+
+#### Discovery & Analysis
+
+| Tool | Description |
+|:-----|:------------|
 | `vaulter_compare` | Compare environments |
 | `vaulter_search` | Search by pattern |
 | `vaulter_scan` | Scan monorepo |
 | `vaulter_services` | List services |
+| `vaulter_init` | Initialize project |
+
+#### Integrations
+
+| Tool | Description |
+|:-----|:------------|
 | `vaulter_k8s_secret` | Generate K8s Secret |
 | `vaulter_k8s_configmap` | Generate K8s ConfigMap |
-| `vaulter_init` | Initialize project |
+| `vaulter_helm_values` | Generate Helm values.yaml |
+| `vaulter_tf_vars` | Generate Terraform .tfvars |
+
+#### Key Management
+
+| Tool | Description |
+|:-----|:------------|
 | `vaulter_key_generate` | Generate encryption key (symmetric or asymmetric) |
 | `vaulter_key_list` | List all keys (project + global) |
 | `vaulter_key_show` | Show key details |
 | `vaulter_key_export` | Export key to encrypted bundle |
-| `vaulter_key_import` | Import key from encrypted bundle |
-
-### Resources (7)
-
-- `vaulter://config` — Project configuration
-- `vaulter://services` — Monorepo services
-- `vaulter://keys` — List all encryption keys (project + global)
-- `vaulter://keys/<name>` — Specific key details
-- `vaulter://keys/global/<name>` — Global key details
-- `vaulter://project/env` — Environment variables
-- `vaulter://project/env/service` — Service-specific vars
-- `vaulter://compare/env1/env2` — Environment diff
+
+### Resources (8)
+
+| URI Pattern | Description |
+|:------------|:------------|
+| `vaulter://config` | Project configuration |
+| `vaulter://services` | Monorepo services |
+| `vaulter://keys` | List all encryption keys |
+| `vaulter://keys/<name>` | Specific key details |
+| `vaulter://keys/global/<name>` | Global key details |
+| `vaulter://project/env` | Environment variables |
+| `vaulter://project/env/service` | Service-specific vars |
+| `vaulter://compare/env1/env2` | Environment diff
 
 ### Prompts (5)
 

package/dist/cli/commands/audit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/audit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAc,MAAM,gBAAgB,CAAA;AAKrF,UAAU,YAAY;IACpB,IAAI,EAAE,OAAO,CAAA;IACb,MAAM,EAAE,aAAa,GAAG,IAAI,CAAA;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,WAAW,CAAA;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;CACpB;AAgDD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAyFvE;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAmDvE;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDxE;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAmC1E;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BnE"}
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/audit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAc,MAAM,gBAAgB,CAAA;AAKrF,UAAU,YAAY;IACpB,IAAI,EAAE,OAAO,CAAA;IACb,MAAM,EAAE,aAAa,GAAG,IAAI,CAAA;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,WAAW,CAAA;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;CACpB;AAgDD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAsEvE;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAmDvE;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDxE;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA4B1E;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BnE"}

package/dist/cli/commands/audit.js

@@ -58,42 +58,19 @@ export async function runAuditList(context) {
     }
     const logger = await createAuditLogger(context);
     try {
-        // Build query options from args
+        // Build query options from typed args
         const queryOptions = {
             project,
             environment: args['all-envs'] ? undefined : environment,
-            service
+            service,
+            user: args.user,
+            operation: args.operation,
+            key: args.pattern, // --pattern maps to key filter in query
+            source: args.source,
+            since: args.since ? new Date(args.since) : undefined,
+            until: args.until ? new Date(args.until) : undefined,
+            limit: args.limit || 50
         };
-        // Additional filters from CLI args
-        const restArgs = args._ || [];
-        for (let i = 0; i < restArgs.length; i++) {
-            const arg = restArgs[i];
-            if (arg === '--user' && restArgs[i + 1]) {
-                queryOptions.user = restArgs[++i];
-            }
-            else if (arg === '--operation' && restArgs[i + 1]) {
-                queryOptions.operation = restArgs[++i];
-            }
-            else if (arg === '--key' && restArgs[i + 1]) {
-                queryOptions.key = restArgs[++i];
-            }
-            else if (arg === '--source' && restArgs[i + 1]) {
-                queryOptions.source = restArgs[++i];
-            }
-            else if (arg === '--since' && restArgs[i + 1]) {
-                queryOptions.since = new Date(restArgs[++i]);
-            }
-            else if (arg === '--until' && restArgs[i + 1]) {
-                queryOptions.until = new Date(restArgs[++i]);
-            }
-            else if (arg === '--limit' && restArgs[i + 1]) {
-                queryOptions.limit = parseInt(restArgs[++i], 10);
-            }
-        }
-        // Default limit
-        if (!queryOptions.limit) {
-            queryOptions.limit = 50;
-        }
         ui.verbose(`Querying audit log for ${project}/${service || '*'}/${environment}`, verbose);
         const entries = await ui.withSpinner('Fetching audit entries...', () => logger.query(queryOptions), { successText: 'Fetched' });
         if (jsonOutput) {
@@ -241,18 +218,12 @@ export async function runAuditStats(context) {
  */
 export async function runAuditCleanup(context) {
     const { args, config, verbose, jsonOutput } = context;
-    // Get retention days from args or config
-    const restArgs = args._ || [];
-    let retentionDays = config?.audit?.retention_days || 90;
-    for (let i = 0; i < restArgs.length; i++) {
-        if (restArgs[i] === '--retention' && restArgs[i + 1]) {
-            retentionDays = parseInt(restArgs[++i], 10);
-        }
-    }
+    // Get retention days from typed args or config
+    const retentionDays = args.retention || config?.audit?.retention_days || 90;
     const logger = await createAuditLogger(context);
     try {
         ui.verbose(`Cleaning up entries older than ${retentionDays} days`, verbose);
-        const deleted = await ui.withSpinner(`Cleaning up entries older than ${retentionDays} days...`, () => logger.cleanup(), { successText: 'Done' });
+        const deleted = await ui.withSpinner(`Cleaning up entries older than ${retentionDays} days...`, () => logger.cleanup(retentionDays), { successText: 'Done' });
         if (jsonOutput) {
             ui.output(JSON.stringify({
                 deleted,

package/dist/cli/commands/audit.js.map

@@ -1 +1 @@
-{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/cli/commands/audit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACtE,OAAO,KAAK,EAAE,MAAM,UAAU,CAAA;AAY9B;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,OAAqB;IACpD,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAA;IACvC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;IAC9C,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,IAAI,SAAS,CAAA;IAC/D,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAE5C,EAAE,CAAC,OAAO,CAAC,gCAAgC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;IAC9F,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;IAEzC,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAmB;IAC1C,MAAM,CAAC,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1D,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,KAAiB;IAC5C,OAAO;QACL,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC;QACtC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;QACjC,EAAE,EAAE,KAAK,CAAC,SAAS;QACnB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;QAC/B,GAAG,EAAE,KAAK,CAAC,WAAW;QACtB,GAAG,EAAE,KAAK,CAAC,MAAM;KAClB,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IAE5E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,EAAE,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAA;QACrD,EAAE,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,gCAAgC;QAChC,MAAM,YAAY,GAA4B;YAC5C,OAAO;YACP,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;YACvD,OAAO;SACR,CAAA;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAA;QAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;YACvB,IAAI,GAAG,KAAK,QAAQ,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxC,YAAY,CAAC,IAAI,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;YACnC,CAAC;iBAAM,IAAI,GAAG,KAAK,aAAa,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACpD,YAAY,CAAC,SAAS,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;YACxC,CAAC;iBAAM,IAAI,GAAG,KAAK,OAAO,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC9C,YAAY,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;YAClC,CAAC;iBAAM,IAAI,GAAG,KAAK,UAAU,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACjD,YAAY,CAAC,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;YACrC,CAAC;iBAAM,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChD,YAAY,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC9C,CAAC;iBAAM,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChD,YAAY,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC9C,CAAC;iBAAM,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChD,YAAY,CAAC,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YAClD,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,YAAY,CAAC,KAAK,GAAG,EAAE,CAAA;QACzB,CAAC;QAED,EAAE,CAAC,OAAO,CAAC,0BAA0B,OAAO,IAAI,OAAO,IAAI,GAAG,IAAI,WAAW,EAAE,EAAE,OAAO,CAAC,CAAA;QAEzF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,WAAW,CAClC,2BAA2B,EAC3B,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,YAAmB,CAAC,EACvC,EAAE,WAAW,EAAE,SAAS,EAAE,CAC3B,CAAA;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,OAAO;gBACP,OAAO;gBACP,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;gBACnD,KAAK,EAAE,OAAO,CAAC,MAAM;gBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACzB,GAAG,CAAC;oBACJ,SAAS,EAAE,CAAC,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;iBACjF,CAAC,CAAC;aACJ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QACd,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,EAAE,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAA;gBAChC,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;YAClD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAC1B;gBACE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE;gBACpC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;gBAC/B,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;gBAC3B,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;gBAC7B,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;gBAC7B,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;aAC9B,EACD,SAAS,CACV,CAAA;YAED,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAChB,EAAE,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,UAAU,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAA;IAC7B,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA,CAAC,kBAAkB;IAEzC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,EAAE,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAElC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,EAAE,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAA;YACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,GAAG,KAAK;gBACR,SAAS,EAAE,KAAK,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS;aAC7F,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QACd,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;YACrC,EAAE,CAAC,GAAG,CAAC,iBAAiB,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC3D,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;YACrC,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;YAC1C,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,GAAG,EAAE,CAAC,CAAA;YACpC,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;YACxC,EAAE,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;YAC7C,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;YAC1C,CAAC;YACD,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;YACvC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxB,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,aAAa,EAAE,CAAC,CAAA;YAChD,CAAC;YACD,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACnB,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC3C,CAAC;YACD,IAAI,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7D,EAAE,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;YAC3D,CAAC;YACD,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACZ,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAqB;IACvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IAE7D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,EAAE,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAA;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,WAAW,CAChC,2BAA2B,EAC3B,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,CAAC,EACxC,EAAE,WAAW,EAAE,MAAM,EAAE,CACxB,CAAA;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,OAAO;gBACP,WAAW;gBACX,OAAO;gBACP,GAAG,KAAK;gBACR,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,WAAW,EAAE;gBAC7C,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,WAAW,EAAE;aAC9C,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QACd,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,GAAG,CAAC,0BAA0B,OAAO,IAAI,WAAW,EAAE,CAAC,CAAA;YAC1D,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;YACtB,EAAE,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,YAAY,EAAE,CAAC,CAAA;YAE9C,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC3C,EAAE,CAAC,GAAG,CAAC,kBAAkB,eAAe,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,eAAe,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACzG,CAAC;YAED,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;YACzB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC5D,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;YACvC,CAAC;YAED,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;YACpB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzD,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;YACzC,CAAC;YAED,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;YACtB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,EAAE,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;YACxC,CAAC;YACD,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACZ,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAqB;IACzD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IAErD,yCAAyC;IACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAA;IAC7B,IAAI,aAAa,GAAG,MAAM,EAAE,KAAK,EAAE,cAAc,IAAI,EAAE,CAAA;IAEvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,aAAa,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrD,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,EAAE,CAAC,OAAO,CAAC,kCAAkC,aAAa,OAAO,EAAE,OAAO,CAAC,CAAA;QAE3E,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,WAAW,CAClC,kCAAkC,aAAa,UAAU,EACzD,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EACtB,EAAE,WAAW,EAAE,MAAM,EAAE,CACxB,CAAA;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,OAAO;gBACP,aAAa;aACd,CAAC,CAAC,CAAA;QACL,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,GAAG,CAAC,WAAW,OAAO,oBAAoB,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAqB;IAClD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAA;IAE9C,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,IAAI;YACP,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;YAC3B,MAAK;QAEP,KAAK,MAAM;YACT,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;YAC3B,MAAK;QAEP,KAAK,OAAO;YACV,MAAM,aAAa,CAAC,OAAO,CAAC,CAAA;YAC5B,MAAK;QAEP,KAAK,SAAS;YACZ,MAAM,eAAe,CAAC,OAAO,CAAC,CAAA;YAC9B,MAAK;QAEP;YACE,EAAE,CAAC,KAAK,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAA;YACnD,EAAE,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAA;YAClC,EAAE,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;YACvC,EAAE,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAA;YAC7C,EAAE,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;YAC1C,EAAE,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;YACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACnB,CAAC;AACH,CAAC"}
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/cli/commands/audit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACtE,OAAO,KAAK,EAAE,MAAM,UAAU,CAAA;AAY9B;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,OAAqB;IACpD,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAA;IACvC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;IAC9C,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,IAAI,SAAS,CAAA;IAC/D,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAE5C,EAAE,CAAC,OAAO,CAAC,gCAAgC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;IAC9F,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;IAEzC,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAmB;IAC1C,MAAM,CAAC,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1D,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,KAAiB;IAC5C,OAAO;QACL,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC;QACtC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;QACjC,EAAE,EAAE,KAAK,CAAC,SAAS;QACnB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;QAC/B,GAAG,EAAE,KAAK,CAAC,WAAW;QACtB,GAAG,EAAE,KAAK,CAAC,MAAM;KAClB,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IAE5E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,EAAE,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAA;QACrD,EAAE,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAA;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,sCAAsC;QACtC,MAAM,YAAY,GAA4B;YAC5C,OAAO;YACP,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;YACvD,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,GAAG,EAAE,IAAI,CAAC,OAAO,EAAG,wCAAwC;YAC5D,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;YACpD,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;YACpD,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;SACxB,CAAA;QAED,EAAE,CAAC,OAAO,CAAC,0BAA0B,OAAO,IAAI,OAAO,IAAI,GAAG,IAAI,WAAW,EAAE,EAAE,OAAO,CAAC,CAAA;QAEzF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,WAAW,CAClC,2BAA2B,EAC3B,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,YAAmB,CAAC,EACvC,EAAE,WAAW,EAAE,SAAS,EAAE,CAC3B,CAAA;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,OAAO;gBACP,OAAO;gBACP,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;gBACnD,KAAK,EAAE,OAAO,CAAC,MAAM;gBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACzB,GAAG,CAAC;oBACJ,SAAS,EAAE,CAAC,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;iBACjF,CAAC,CAAC;aACJ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QACd,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,EAAE,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAA;gBAChC,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;YAClD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAC1B;gBACE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE;gBACpC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;gBAC/B,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;gBAC3B,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;gBAC7B,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;gBAC7B,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;aAC9B,EACD,SAAS,CACV,CAAA;YAED,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAChB,EAAE,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,UAAU,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAA;IAC7B,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA,CAAC,kBAAkB;IAEzC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,EAAE,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAElC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,EAAE,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAA;YACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,GAAG,KAAK;gBACR,SAAS,EAAE,KAAK,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS;aAC7F,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QACd,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;YACrC,EAAE,CAAC,GAAG,CAAC,iBAAiB,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC3D,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;YACrC,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;YAC1C,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,GAAG,EAAE,CAAC,CAAA;YACpC,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;YACxC,EAAE,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;YAC7C,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;YAC1C,CAAC;YACD,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;YACvC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxB,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,aAAa,EAAE,CAAC,CAAA;YAChD,CAAC;YACD,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACnB,EAAE,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC3C,CAAC;YACD,IAAI,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7D,EAAE,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;YAC3D,CAAC;YACD,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACZ,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAqB;IACvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IAE7D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,EAAE,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAA;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,WAAW,CAChC,2BAA2B,EAC3B,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,CAAC,EACxC,EAAE,WAAW,EAAE,MAAM,EAAE,CACxB,CAAA;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,OAAO;gBACP,WAAW;gBACX,OAAO;gBACP,GAAG,KAAK;gBACR,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,WAAW,EAAE;gBAC7C,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,WAAW,EAAE;aAC9C,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QACd,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,GAAG,CAAC,0BAA0B,OAAO,IAAI,WAAW,EAAE,CAAC,CAAA;YAC1D,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;YACtB,EAAE,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,YAAY,EAAE,CAAC,CAAA;YAE9C,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC3C,EAAE,CAAC,GAAG,CAAC,kBAAkB,eAAe,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,eAAe,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACzG,CAAC;YAED,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;YACzB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC5D,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;YACvC,CAAC;YAED,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;YACpB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzD,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;YACzC,CAAC;YAED,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;YACtB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,EAAE,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;YACxC,CAAC;YACD,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACZ,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAqB;IACzD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAA;IAErD,+CAA+C;IAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,KAAK,EAAE,cAAc,IAAI,EAAE,CAAA;IAE3E,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE/C,IAAI,CAAC;QACH,EAAE,CAAC,OAAO,CAAC,kCAAkC,aAAa,OAAO,EAAE,OAAO,CAAC,CAAA;QAE3E,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,WAAW,CAClC,kCAAkC,aAAa,UAAU,EACzD,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EACnC,EAAE,WAAW,EAAE,MAAM,EAAE,CACxB,CAAA;QAED,IAAI,UAAU,EAAE,CAAC;YACf,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACvB,OAAO;gBACP,aAAa;aACd,CAAC,CAAC,CAAA;QACL,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,GAAG,CAAC,WAAW,OAAO,oBAAoB,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAqB;IAClD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAA;IAE9C,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,IAAI;YACP,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;YAC3B,MAAK;QAEP,KAAK,MAAM;YACT,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;YAC3B,MAAK;QAEP,KAAK,OAAO;YACV,MAAM,aAAa,CAAC,OAAO,CAAC,CAAA;YAC5B,MAAK;QAEP,KAAK,SAAS;YACZ,MAAM,eAAe,CAAC,OAAO,CAAC,CAAA;YAC9B,MAAK;QAEP;YACE,EAAE,CAAC,KAAK,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAA;YACnD,EAAE,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAA;YAClC,EAAE,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;YACvC,EAAE,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAA;YAC7C,EAAE,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;YAC1C,EAAE,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;YACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACnB,CAAC;AACH,CAAC"}

package/dist/cli/commands/key.js

@@ -740,7 +740,6 @@ async function runKeyRotate(context) {
     const isAsymmetric = config?.encryption?.mode === 'asymmetric';
     const algorithm = config?.encryption?.asymmetric?.algorithm || 'rsa-4096';
     const timestamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
-    let newKeyPath;
     let oldKeyBackupPath;
     if (isAsymmetric) {
         // Asymmetric key rotation
@@ -750,7 +749,6 @@ async function runKeyRotate(context) {
             process.exit(1);
         }
         oldKeyBackupPath = path.join(keysDir, `${keyName}-backup-${timestamp}`);
-        newKeyPath = privateKeyPath;
         if (!dryRun) {
             // Backup old keys
             fs.mkdirSync(oldKeyBackupPath, { recursive: true });
@@ -770,7 +768,6 @@ async function runKeyRotate(context) {
         // Symmetric key rotation - use the key file path directly
         const keyFilePath = resolveKeyPath(keyName, project, false);
         oldKeyBackupPath = path.join(keysDir, `${keyName}-backup-${timestamp}.key`);
-        newKeyPath = keyFilePath;
         if (!dryRun) {
             // Backup old key if exists
             if (fs.existsSync(keyFilePath)) {