diff --git a/.github/skills/evaluate-skills/SKILL.md b/.github/skills/evaluate-skills/SKILL.md index 6e694ea..c665d17 100644 --- a/.github/skills/evaluate-skills/SKILL.md +++ b/.github/skills/evaluate-skills/SKILL.md @@ -10,6 +10,9 @@ Use the [Vally reference docs](https://microsoft.github.io/vally/) for schema an This repo keeps evals under `evals/` and currently uses `.vally.yaml` to define the `pr` suite from evals tagged with `priority: p0`. +Before running Vally commands in this repo, run `npm i` from the repository root so +`npx vally` and `npx copilot` use the pinned local versions from `package.json`. + ## Layout ```text @@ -26,6 +29,9 @@ evals/ - Each plugin keeps its eval spec in `evals//eval.yaml`. - Put sample inputs under `evals//fixtures/`. - Seed fixture files into the eval environment with `environment.files`. +- Keep experiment helper scripts in the experiment directory and expose them through + an appropriately named root `package.json` script. +- Write repo experiment helper scripts as ES modules. ## When to use this skill @@ -55,9 +61,9 @@ Use this skill when the request involves: 1. Keep `.vally.yaml` in sync if you add new suites or change how evals are grouped. 2. Use eval `tags` for suite filters such as the current `priority: p0` pull request suite. -3. Lint specs with `npx -y @microsoft/vally-cli@0.6.0 lint --eval-spec evals`. -4. Run the pull request suite with - `COPILOT_GITHUB_TOKEN=... npx -y @microsoft/vally-cli@0.6.0 eval --suite pr --output-dir vally-results --junit`. +3. Run `npm i` from the repository root before invoking repo CLI tools. +4. Lint specs with `npx vally lint --eval-spec evals`. +5. Run the pull request suite with `npx vally eval --suite pr --output-dir vally-results --junit`. ## Coverage rule diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 3915feb..d5eb0ac 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -12,19 +12,16 @@ jobs: with: node-version: 22 - - name: Install vally - run: npm install -g @microsoft/vally-cli@0.6.0 - - - name: Install copilot CLI - run: npm install -g @github/copilot@1.0.65 + - name: Install pinned CLI dependencies + run: npm ci - name: Lint eval specs - run: vally lint --eval-spec evals + run: npx vally lint --eval-spec evals - name: Run evals env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - run: vally eval --suite pr --output-dir vally-results --junit + run: npx vally eval --suite pr --output-dir vally-results --junit - name: Upload eval results if: always() diff --git a/.gitignore b/.gitignore index df3f4dd..518587b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ +# Node +node_modules/ +.worktrees/ + # Python **/.venv/ **/__pycache__/ @@ -5,4 +9,5 @@ **/*.pyo # Vally +vally-experiment-results/ vally-results/ diff --git a/AGENTS.md b/AGENTS.md index e6dbf9e..452cf49 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -66,6 +66,8 @@ Add or update associated eval coverage under `evals//` when adding Use `.github/skills/evaluate-skills/SKILL.md` for eval work: use when creating, updating, or reviewing Vally evals for plugin skills. Covers `eval.yaml`, fixtures, graders, `expect_skills`, suites, tags, and eval coverage for new or changed skills. +The repo pins Vally and Copilot CLI versions in the root `package.json`. For repo evals, workflows, and repo-local skill instructions, install them with `npm i` locally or `npm ci` in CI, then invoke them via `npx vally` and `npx copilot` rather than `npx -y` with inline versions. + ## Pre-commit checklist 1. Plugin files changed → bump plugin `version` in both `marketplace.json` and `plugin.json`. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..88cf0e6 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,114 @@ +# Contributing + +This repository keeps plugin evals under `evals/` and uses [Vally](https://microsoft.github.io/vally/) to lint specs, run the pull request eval suite, and compare experiment variants. + +Run commands from the repository root. + +## Prerequisites + +Install the pinned CLI dependencies: + +```sh +npm i +``` + +Authenticate Copilot once before running evals or experiments: + +```sh +copilot +# then run /login +``` + +## Common development tasks + +### Lint eval specs + +Use this before sending a change for review: + +```sh +vally lint --eval-spec evals +``` + +### Run the pull request eval suite + +The `pr` suite is defined in `.vally.yaml` and currently runs eval stimuli tagged with `priority: p0`. + +```sh +vally eval --suite pr --output-dir vally-results --junit +``` + +### Run a single eval file + +When iterating on one plugin's coverage, point Vally at that spec directly: + +```sh +vally eval --eval-spec evals/security/eval.yaml --output-dir vally-results +``` + +## Experiments + +Use experiments when you want to compare variants of the same eval. The current +`pin-github-actions` benchmark compares the scripted skill in this repository +with the pre-script, instruction-only baseline maintained on the +`experiments-baseline` branch. + +### Experiment layout + +- Put experiments under a dedicated directory such as + `evals/security/pin-github-actions-usage/`. +- Keep related helper scripts in that same experiment directory. +- Add a concise root `package.json` script for each helper, and keep repo helper + scripts in ES module format. + +### Prepare the baseline worktree + +Create the local worktree once: + +```sh +git worktree add .worktrees/experiments-baseline experiments-baseline +``` + +Refresh it later as needed: + +```sh +git -C .worktrees/experiments-baseline pull --ff-only +``` + +### Preview the experiment plan + +```sh +vally experiment run evals/security/pin-github-actions-usage/experiment.yaml --dry-run +``` + +### Run the pin-github-actions usage experiment + +```sh +vally experiment run \ + evals/security/pin-github-actions-usage/experiment.yaml \ + --output-dir vally-experiment-results +``` + +### Summarize relative cost + +Analyze the latest experiment run: + +```sh +npm run pin-github-actions-experiment:compare +``` + +Analyze a specific run directory: + +```sh +npm run pin-github-actions-experiment:compare -- vally-experiment-results/2026-06-26T05-33-51-234Z +``` + +The experiment writes one directory per variant under the timestamped run folder. +Compare `results.jsonl` and `run-summary.jsonl` for `scripted-main` and +`skill-only-baseline` to see whether the scripted skill reduces model calls, +tokens, or cost. The baseline variant loads its skill from +`.worktrees/experiments-baseline/`, so keep that branch available locally before +running the comparison. + +## More information + +See the [Vally documentation](https://microsoft.github.io/vally/) for the full eval, suite, and experiment reference. diff --git a/evals/security/pin-github-actions-usage/compare.js b/evals/security/pin-github-actions-usage/compare.js new file mode 100644 index 0000000..1aeb0ed --- /dev/null +++ b/evals/security/pin-github-actions-usage/compare.js @@ -0,0 +1,174 @@ +#!/usr/bin/env node + +import { readFileSync, readdirSync, existsSync, statSync } from "fs"; +import { join, resolve } from "path"; + +const DEFAULT_RESULTS_DIR = "vally-experiment-results"; +const PRIMARY_VARIANTS = ["scripted-main", "skill-only-baseline"]; + +function fail(message) { + console.error(message); + process.exit(1); +} + +function readJsonLines(filePath) { + return readFileSync(filePath, "utf8") + .split("\n") + .map((line) => line.trim()) + .filter(Boolean) + .map((line) => JSON.parse(line)); +} + +function latestRunDir(resultsRoot) { + const entries = readdirSync(resultsRoot, { withFileTypes: true }) + .filter((entry) => entry.isDirectory()) + .map((entry) => entry.name) + .sort(); + + if (entries.length === 0) { + fail(`No experiment runs found in ${resultsRoot}`); + } + + return join(resultsRoot, entries[entries.length - 1]); +} + +function resolveRunDir(argPath) { + const candidate = argPath || DEFAULT_RESULTS_DIR; + const resolved = resolve(candidate); + + if (!existsSync(resolved)) { + fail(`Experiment output path not found: ${candidate}`); + } + + if (!statSync(resolved).isDirectory()) { + fail(`Experiment output path is not a directory: ${candidate}`); + } + + if (existsSync(join(resolved, "report.md"))) { + return resolved; + } + + return latestRunDir(resolved); +} + +function collectVariantMetrics(runDir, variant) { + const resultsPath = join(runDir, variant, "results.jsonl"); + if (!existsSync(resultsPath)) { + fail(`Missing results for variant '${variant}' in ${runDir}`); + } + + const trials = readJsonLines(resultsPath).filter((row) => row.type === "trial-result"); + if (trials.length === 0) { + fail(`No trial results found for variant '${variant}' in ${resultsPath}`); + } + + const totals = { + totalTokens: 0, + inputTokens: 0, + outputTokens: 0, + modelCalls: 0, + usdCost: 0, + }; + let hasUsdCost = false; + + for (const trial of trials) { + const metrics = trial.trajectory?.metrics || {}; + const tokenUsage = metrics.tokenUsage || {}; + + totals.totalTokens += tokenUsage.totalTokens || 0; + totals.inputTokens += tokenUsage.inputTokens || 0; + totals.outputTokens += tokenUsage.outputTokens || 0; + totals.modelCalls += tokenUsage.callCount || 0; + + const explicitCost = metrics.costUsd ?? tokenUsage.costUsd ?? trial.costUsd; + if (typeof explicitCost === "number") { + totals.usdCost += explicitCost; + hasUsdCost = true; + } + } + + return { trials: trials.length, totals, hasUsdCost }; +} + +function formatNumber(value) { + if (typeof value !== "number" || Number.isNaN(value)) { + return "—"; + } + + return new Intl.NumberFormat("en-US").format(value); +} + +function formatPercent(value) { + if (!Number.isFinite(value)) { + return "—"; + } + + const sign = value > 0 ? "+" : value < 0 ? "-" : ""; + return `${sign}${Math.abs(value).toFixed(2)}%`; +} + +function formatDelta(delta, baseline) { + if (!Number.isFinite(delta) || !Number.isFinite(baseline) || baseline === 0) { + return "—"; + } + + return formatPercent((delta / baseline) * 100); +} + +function compareMetric(scripted, baseline, key) { + const delta = scripted.totals[key] - baseline.totals[key]; + return { + scripted: scripted.totals[key], + baseline: baseline.totals[key], + relative: formatDelta(delta, baseline.totals[key]), + }; +} + +function metricRows(scripted, baseline) { + const rows = [ + ["Total tokens", compareMetric(scripted, baseline, "totalTokens")], + ["Input tokens", compareMetric(scripted, baseline, "inputTokens")], + ["Output tokens", compareMetric(scripted, baseline, "outputTokens")], + ["Model calls", compareMetric(scripted, baseline, "modelCalls")], + ]; + + if (scripted.hasUsdCost || baseline.hasUsdCost) { + rows.unshift(["USD cost", compareMetric(scripted, baseline, "usdCost")]); + } + + return rows; +} + +function printMarkdownTable(runDir, scripted, baseline) { + console.log(`Run: ${runDir}`); + console.log(""); + console.log(`Trials per variant: ${scripted.trials}`); + console.log(""); + console.log(`| Metric across ${scripted.trials} trials | Scripted | Skill-only baseline | Delta (scripted vs baseline) |`); + console.log("| --- | --- | --- | --- |"); + + for (const [label, values] of metricRows(scripted, baseline)) { + console.log( + `| ${label} | ${formatNumber(values.scripted)} | ${formatNumber(values.baseline)} | ${values.relative} |` + ); + } +} + +function main() { + const runDir = resolveRunDir(process.argv[2]); + const variants = readdirSync(runDir, { withFileTypes: true }) + .filter((entry) => entry.isDirectory()) + .map((entry) => entry.name); + + for (const variant of PRIMARY_VARIANTS) { + if (!variants.includes(variant)) { + fail(`Expected variant '${variant}' in ${runDir}. Found variants: ${variants.sort().join(", ")}`); + } + } + + const scripted = collectVariantMetrics(runDir, "scripted-main"); + const baseline = collectVariantMetrics(runDir, "skill-only-baseline"); + printMarkdownTable(runDir, scripted, baseline); +} + +main(); diff --git a/evals/security/pin-github-actions-usage/eval.yaml b/evals/security/pin-github-actions-usage/eval.yaml new file mode 100644 index 0000000..68c32af --- /dev/null +++ b/evals/security/pin-github-actions-usage/eval.yaml @@ -0,0 +1,40 @@ +name: security pin-github-actions usage benchmark +version: 1 +description: Compares the scripted and pre-script pin-github-actions skill behavior against the same workflow hardening task +tags: + benchmark: usage + +defaults: + runs: 1 + timeout: 5m + +environment: + skills: + - ../../../plugins/security/skills/pin-github-actions + files: + - src: ./fixtures/workflow.yml + dest: .github/workflows/ci.yml + +scoring: + threshold: 1.0 + +stimuli: + - name: pin-github-actions-usage-comparison + prompt: | + Review .github/workflows/ci.yml and harden any insecure GitHub Actions references you find. + constraints: + expect_skills: + - pin-github-actions + graders: + - type: file-matches + config: + path: .github/workflows/ci.yml + pattern: '(?m)^ *- uses: actions/checkout@[0-9a-f]{40} # v[0-9]+[.][0-9]+[.][0-9]+$' + - type: file-matches + config: + path: .github/workflows/ci.yml + pattern: '(?m)^ *- uses: actions/setup-node@[0-9a-f]{40} # v[0-9]+[.][0-9]+[.][0-9]+$' + - type: file-not-matches + config: + path: .github/workflows/ci.yml + pattern: '(?m)uses:\\s+[^\\n]+@v[0-9]+' diff --git a/evals/security/pin-github-actions-usage/experiment.yaml b/evals/security/pin-github-actions-usage/experiment.yaml new file mode 100644 index 0000000..066bbbc --- /dev/null +++ b/evals/security/pin-github-actions-usage/experiment.yaml @@ -0,0 +1,22 @@ +name: pin-github-actions script-vs-instructions +evals: + - ./eval.yaml +vary: + - /environment/skills +baseline: skill-only-baseline + +variants: + scripted-main: + environment: + skills: + - ../../../plugins/security/skills/pin-github-actions + skill-only-baseline: + environment: + skills: + - ../../../.worktrees/experiments-baseline/plugins/security/skills/pin-github-actions +overrides: + runs: 3 + timeout: 5m + +execution: + workers: 1 diff --git a/evals/security/pin-github-actions-usage/fixtures/workflow.yml b/evals/security/pin-github-actions-usage/fixtures/workflow.yml new file mode 100644 index 0000000..792c940 --- /dev/null +++ b/evals/security/pin-github-actions-usage/fixtures/workflow.yml @@ -0,0 +1,14 @@ +name: CI + +on: + pull_request: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 22 + - run: npm test diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..ec56e20 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,808 @@ +{ + "name": "plugins", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "devDependencies": { + "@github/copilot": "1.0.65", + "@microsoft/vally-cli": "0.6.0" + } + }, + "node_modules/@github/copilot": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot/-/copilot-1.0.65.tgz", + "integrity": "sha512-J1XvLuOiVpiAi/E1MBICBymszCgdGLnZxokosXzGcmcjEVZd+QSDoW/kPRHq6oEyBT9SDASPcjCEZ9Q0rLJllg==", + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "dependencies": { + "detect-libc": "^2.1.2" + }, + "bin": { + "copilot": "npm-loader.js" + }, + "optionalDependencies": { + "@github/copilot-darwin-arm64": "1.0.65", + "@github/copilot-darwin-x64": "1.0.65", + "@github/copilot-linux-arm64": "1.0.65", + "@github/copilot-linux-x64": "1.0.65", + "@github/copilot-linuxmusl-arm64": "1.0.65", + "@github/copilot-linuxmusl-x64": "1.0.65", + "@github/copilot-win32-arm64": "1.0.65", + "@github/copilot-win32-x64": "1.0.65" + } + }, + "node_modules/@github/copilot-darwin-arm64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-darwin-arm64/-/copilot-darwin-arm64-1.0.65.tgz", + "integrity": "sha512-NFc4xIstZNiIuAYkurQT5DVtbZjBoZ/z6yt/Ffcom7Y5QGjfpN4BFuekv9k+OADRioxxR99NgmhjbuNPWtQhNQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "darwin" + ], + "bin": { + "copilot-darwin-arm64": "copilot" + } + }, + "node_modules/@github/copilot-darwin-x64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-darwin-x64/-/copilot-darwin-x64-1.0.65.tgz", + "integrity": "sha512-0wtV22KmTa12VbqWRRkgvJcBz/oIbszfcIpyDWGc4MzbCVksajQ3TWVQ6c7Sdzj5RifCaYdkHAX2zuIYXYlLoQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "darwin" + ], + "bin": { + "copilot-darwin-x64": "copilot" + } + }, + "node_modules/@github/copilot-linux-arm64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-linux-arm64/-/copilot-linux-arm64-1.0.65.tgz", + "integrity": "sha512-dOwdy/YbTXQN/+x2v4ZgiDycdRtWElyHxPuA6ail3yJDt0nagwn8OYAA/diBLPMAJuuBXiOZGvvb9fGRuh7Xgg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "linux" + ], + "bin": { + "copilot-linux-arm64": "copilot" + } + }, + "node_modules/@github/copilot-linux-x64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-linux-x64/-/copilot-linux-x64-1.0.65.tgz", + "integrity": "sha512-al/1a/l/GrpHtygTxt7PZspmv0eHBPdAZ5B31J7Hv/GRdVZM4STCC9dCIOSUFsOX2fhaKD8yLfz4HureSYs23g==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "linux" + ], + "bin": { + "copilot-linux-x64": "copilot" + } + }, + "node_modules/@github/copilot-linuxmusl-arm64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-linuxmusl-arm64/-/copilot-linuxmusl-arm64-1.0.65.tgz", + "integrity": "sha512-xccQeJSR45xyoaL7J5mZjtU++dmte+ZCDQkIlrpTn2yuMl2LWriBvorQ1P2MwVnXmIiW/GHi93B+lNtsybA9yw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "linux" + ], + "bin": { + "copilot-linuxmusl-arm64": "copilot" + } + }, + "node_modules/@github/copilot-linuxmusl-x64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-linuxmusl-x64/-/copilot-linuxmusl-x64-1.0.65.tgz", + "integrity": "sha512-RHPVUaqjSrhKHQ2EpfGKWErnV+R5elGIZaHXPKO10zpSaQD9b/C9u6nLigZnBuT/8sCaJpVrazPMwOYvYA62aw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "linux" + ], + "bin": { + "copilot-linuxmusl-x64": "copilot" + } + }, + "node_modules/@github/copilot-sdk": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@github/copilot-sdk/-/copilot-sdk-1.0.4.tgz", + "integrity": "sha512-c6/gpatP7LAuP9stlc2uXXOrB+TJMFSs3Jrzu9FG8lJJYFGmdzbBvGz2UdL1jww84fp6D7cohEZa4UGq1+iuyA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@github/copilot": "^1.0.65", + "vscode-jsonrpc": "^8.2.1", + "zod": "^4.3.6" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + } + }, + "node_modules/@github/copilot-win32-arm64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-win32-arm64/-/copilot-win32-arm64-1.0.65.tgz", + "integrity": "sha512-/vSE/t9Wm3eFSWpxlKyn/oL8OAVOB0yFO7ECxhgbtiqNrBd1tgpYh1k7IXBIWa/saxlV1+de6DEmPuQfx3Z0bg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "win32" + ], + "bin": { + "copilot-win32-arm64": "copilot.exe" + } + }, + "node_modules/@github/copilot-win32-x64": { + "version": "1.0.65", + "resolved": "https://registry.npmjs.org/@github/copilot-win32-x64/-/copilot-win32-x64-1.0.65.tgz", + "integrity": "sha512-wjVWXepET+SpFg8z8V43ZiTy6X1OerCb7yu3QZKNNJ3zY9z20goihPXQCDWkiJpGzszNSgfrsiqUzpUsC9qS0A==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "SEE LICENSE IN LICENSE.md", + "optional": true, + "os": [ + "win32" + ], + "bin": { + "copilot-win32-x64": "copilot.exe" + } + }, + "node_modules/@hono/node-server": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-2.0.6.tgz", + "integrity": "sha512-7DeRlKG57JDBNZ5Qj2jwVdgwQy4b0tLubRLl3zCf91/rCf9i7p1V5FtW/yWibm1uUHE493ts9ZXH/7g/LQWl+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20" + }, + "peerDependencies": { + "hono": "^4" + } + }, + "node_modules/@microsoft/vally": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/@microsoft/vally/-/vally-0.6.0.tgz", + "integrity": "sha512-b283YRDFZXUkKNKY3+1EfMBVbHrBLIs5jfUi7lIQ8N0Y10lVsNnNGkRbtTbd7tLYZajr6AhtnpIroc4RFzo1cQ==", + "dev": true, + "dependencies": { + "@github/copilot-sdk": "^1.0.0", + "js-tiktoken": "^1.0.21", + "picomatch": "^4.0.4", + "yaml": "^2.9.0", + "zod": "^4.4.3" + } + }, + "node_modules/@microsoft/vally-cli": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/@microsoft/vally-cli/-/vally-cli-0.6.0.tgz", + "integrity": "sha512-6JzbuB2EpQTuA9snexb7xsos1oLiB8JhWY6Xe2JCOd4clsv1fj3WFhv/jxiU6OMmSC2vQQ3hsM/LDuyAoEUJyw==", + "dev": true, + "dependencies": { + "@microsoft/vally": "^0.6.0", + "@microsoft/vally-server": "^0.6.0", + "commander": "^15.0.0" + }, + "bin": { + "vally": "dist/index.js" + } + }, + "node_modules/@microsoft/vally-server": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/@microsoft/vally-server/-/vally-server-0.6.0.tgz", + "integrity": "sha512-8LPB/NtJo/vYwiNYQdU6oc/f4W08QwQtEiE+M+g5O/dpJQsM9RmPINZrb/DQJl7yngBZQ8VShe1HtqeuwX1wvw==", + "dev": true, + "dependencies": { + "@hono/node-server": "^2.0.4", + "@microsoft/vally": "^0.6.0", + "better-sqlite3": "^12.10.0", + "hono": "^4.12.25" + } + }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/better-sqlite3": { + "version": "12.11.1", + "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.11.1.tgz", + "integrity": "sha512-dq9AtApgg5PGFtBzPFSBl3HZQjHok5gaQCM6zh2Yk0aSmDCs1CbnVI8/HgASQkNKsWFpseIO9beg5xxpYhbIfA==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "dependencies": { + "bindings": "^1.5.0", + "prebuild-install": "^7.1.1" + }, + "engines": { + "node": "20.x || 22.x || 23.x || 24.x || 25.x || 26.x" + } + }, + "node_modules/bindings": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz", + "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "file-uri-to-path": "1.0.0" + } + }, + "node_modules/bl": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz", + "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==", + "dev": true, + "license": "MIT", + "dependencies": { + "buffer": "^5.5.0", + "inherits": "^2.0.4", + "readable-stream": "^3.4.0" + } + }, + "node_modules/buffer": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", + "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.1.13" + } + }, + "node_modules/chownr": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", + "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==", + "dev": true, + "license": "ISC" + }, + "node_modules/commander": { + "version": "15.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-15.0.0.tgz", + "integrity": "sha512-z67u4ZhzCL/Tydu1lJARtEZYWbWaN7oYLHbsuzocr6y4N6WZAagG3RQ4FW61V1/0+jImpj293XfrcYnd1qxtPg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=22.12.0" + } + }, + "node_modules/decompress-response": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "mimic-response": "^3.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/detect-libc": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=8" + } + }, + "node_modules/end-of-stream": { + "version": "1.4.5", + "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz", + "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==", + "dev": true, + "license": "MIT", + "dependencies": { + "once": "^1.4.0" + } + }, + "node_modules/expand-template": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/expand-template/-/expand-template-2.0.3.tgz", + "integrity": "sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==", + "dev": true, + "license": "(MIT OR WTFPL)", + "engines": { + "node": ">=6" + } + }, + "node_modules/file-uri-to-path": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", + "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fs-constants": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz", + "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==", + "dev": true, + "license": "MIT" + }, + "node_modules/github-from-package": { + "version": "0.0.0", + "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz", + "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==", + "dev": true, + "license": "MIT" + }, + "node_modules/hono": { + "version": "4.12.27", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.27.tgz", + "integrity": "sha512-1yrb/+w6HWQJrUCLkJ2IF5jNIPvvFkblV5RNOYl6bV+OA6p9GLcMpHFFGTosSvHvcAUibuUukRqhlYI4z32C7Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=16.9.0" + } + }, + "node_modules/ieee754": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", + "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "BSD-3-Clause" + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/ini": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", + "dev": true, + "license": "ISC" + }, + "node_modules/js-tiktoken": { + "version": "1.0.21", + "resolved": "https://registry.npmjs.org/js-tiktoken/-/js-tiktoken-1.0.21.tgz", + "integrity": "sha512-biOj/6M5qdgx5TKjDnFT1ymSpM5tbd3ylwDtrQvFQSu0Z7bBYko2dF+W/aUkXUPuk6IVpRxk/3Q2sHOzGlS36g==", + "dev": true, + "license": "MIT", + "dependencies": { + "base64-js": "^1.5.1" + } + }, + "node_modules/mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/mkdirp-classic": { + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz", + "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==", + "dev": true, + "license": "MIT" + }, + "node_modules/napi-build-utils": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/napi-build-utils/-/napi-build-utils-2.0.0.tgz", + "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==", + "dev": true, + "license": "MIT" + }, + "node_modules/node-abi": { + "version": "3.92.0", + "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.92.0.tgz", + "integrity": "sha512-KdHvFWZjEKDf0cakgFjebl371GPsISX2oZHcuyKqM7DtogIsHrqKeLTo8wBHxaXRAQlY2PsPlZmfo+9ZCxEREQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "semver": "^7.3.5" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/picomatch": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz", + "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/prebuild-install": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz", + "integrity": "sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug==", + "deprecated": "No longer maintained. Please contact the author of the relevant native addon; alternatives are available.", + "dev": true, + "license": "MIT", + "dependencies": { + "detect-libc": "^2.0.0", + "expand-template": "^2.0.3", + "github-from-package": "0.0.0", + "minimist": "^1.2.3", + "mkdirp-classic": "^0.5.3", + "napi-build-utils": "^2.0.0", + "node-abi": "^3.3.0", + "pump": "^3.0.0", + "rc": "^1.2.7", + "simple-get": "^4.0.0", + "tar-fs": "^2.0.0", + "tunnel-agent": "^0.6.0" + }, + "bin": { + "prebuild-install": "bin.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/pump": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz", + "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "end-of-stream": "^1.1.0", + "once": "^1.3.1" + } + }, + "node_modules/rc": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", + "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", + "dev": true, + "license": "(BSD-2-Clause OR MIT OR Apache-2.0)", + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~1.3.0", + "minimist": "^1.2.0", + "strip-json-comments": "~2.0.1" + }, + "bin": { + "rc": "cli.js" + } + }, + "node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "dev": true, + "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.8.5", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.5.tgz", + "integrity": "sha512-Y7/KDsb8LjooZpwaqGyulO6DQlksgCncchHGk+sZIY4SBvUocMBEFH5Ur1fI4dV+Jvl0w6cjvucaIi40puRioA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/simple-concat": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz", + "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/simple-get": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-4.0.1.tgz", + "integrity": "sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "decompress-response": "^6.0.0", + "once": "^1.3.1", + "simple-concat": "^1.0.0" + } + }, + "node_modules/string_decoder": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "dev": true, + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.2.0" + } + }, + "node_modules/strip-json-comments": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/tar-fs": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz", + "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "chownr": "^1.1.1", + "mkdirp-classic": "^0.5.2", + "pump": "^3.0.0", + "tar-stream": "^2.1.4" + } + }, + "node_modules/tar-stream": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz", + "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "bl": "^4.0.3", + "end-of-stream": "^1.4.1", + "fs-constants": "^1.0.0", + "inherits": "^2.0.3", + "readable-stream": "^3.1.1" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/tunnel-agent": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + }, + "engines": { + "node": "*" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "dev": true, + "license": "MIT" + }, + "node_modules/vscode-jsonrpc": { + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.1.tgz", + "integrity": "sha512-kdjOSJ2lLIn7r1rtrMbbNCHjyMPfRnowdKjBQ+mGq6NAW5QY2bEZC/khaC5OR8svbbjvLEaIXkOq45e2X9BIbQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/yaml": { + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz", + "integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==", + "dev": true, + "license": "ISC", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14.6" + }, + "funding": { + "url": "https://github.com/sponsors/eemeli" + } + }, + "node_modules/zod": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.4.3.tgz", + "integrity": "sha512-ytENFjIJFl2UwYglde2jchW2Hwm4GJFLDiSXWdTrJQBIN9Fcyp7n4DhxJEiWNAJMV1/BqWfW/kkg71UDcHJyTQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..3205330 --- /dev/null +++ b/package.json @@ -0,0 +1,10 @@ +{ + "type": "module", + "scripts": { + "pin-github-actions-experiment:compare": "node evals/security/pin-github-actions-usage/compare.js" + }, + "devDependencies": { + "@github/copilot": "1.0.65", + "@microsoft/vally-cli": "0.6.0" + } +}