1 files changed, 43 insertions, 34 deletions

diff --git a/crates/shirabe/src/command/audit_command.rs b/crates/shirabe/src/command/audit_command.rs
index cf4c49d..1ced26a 100644
--- a/crates/shirabe/src/command/audit_command.rs
+++ b/crates/shirabe/src/command/audit_command.rs
@@ -13,8 +13,8 @@ use crate::repository::repository_interface::RepositoryInterface;
 use crate::repository::repository_set::RepositorySet;
 use crate::repository::repository_utils::RepositoryUtils;
 use anyhow::Result;
-use shirabe_external_packages::symfony::console::input::input_interface::InputInterface;
-use shirabe_external_packages::symfony::console::output::output_interface::OutputInterface;
+use shirabe_external_packages::symfony::component::console::input::input_interface::InputInterface;
+use shirabe_external_packages::symfony::component::console::output::output_interface::OutputInterface;
 use shirabe_php_shim::{
     InvalidArgumentException, PhpMixed, UnexpectedValueException, array_fill_keys, array_merge,
     implode, in_array,
@@ -30,13 +30,13 @@ impl AuditCommand {
         self
             .set_name("audit")
             .set_description("Checks for security vulnerability advisories for installed packages")
-            .set_definition(vec![
-                InputOption::new("no-dev", None, Some(InputOption::VALUE_NONE), "Disables auditing of require-dev packages.", None),
-                InputOption::new("format", Some(PhpMixed::String("f".to_string())), Some(InputOption::VALUE_REQUIRED), "Output format. Must be \"table\", \"plain\", \"json\", or \"summary\".", Some(PhpMixed::String(Auditor::FORMAT_TABLE.to_string()))),
-                InputOption::new("locked", None, Some(InputOption::VALUE_NONE), "Audit based on the lock file instead of the installed packages.", None),
-                InputOption::new("abandoned", None, Some(InputOption::VALUE_REQUIRED), "Behavior on abandoned packages. Must be \"ignore\", \"report\", or \"fail\".", None),
-                InputOption::new("ignore-severity", None, Some(InputOption::VALUE_IS_ARRAY | InputOption::VALUE_REQUIRED), "Ignore advisories of a certain severity level.", Some(PhpMixed::Array(indexmap::IndexMap::new()))),
-                InputOption::new("ignore-unreachable", None, Some(InputOption::VALUE_NONE), "Ignore repositories that are unreachable or return a non-200 status code.", None),
+            .set_definition(&[
+                InputOption::new("no-dev", None, Some(InputOption::VALUE_NONE), "Disables auditing of require-dev packages.", None).unwrap().into(),
+                InputOption::new("format", Some(PhpMixed::String("f".to_string())), Some(InputOption::VALUE_REQUIRED), "Output format. Must be \"table\", \"plain\", \"json\", or \"summary\".", Some(PhpMixed::String(Auditor::FORMAT_TABLE.to_string()))).unwrap().into(),
+                InputOption::new("locked", None, Some(InputOption::VALUE_NONE), "Audit based on the lock file instead of the installed packages.", None).unwrap().into(),
+                InputOption::new("abandoned", None, Some(InputOption::VALUE_REQUIRED), "Behavior on abandoned packages. Must be \"ignore\", \"report\", or \"fail\".", None).unwrap().into(),
+                InputOption::new("ignore-severity", None, Some(InputOption::VALUE_IS_ARRAY | InputOption::VALUE_REQUIRED), "Ignore advisories of a certain severity level.", Some(PhpMixed::Array(indexmap::IndexMap::new()))).unwrap().into(),
+                InputOption::new("ignore-unreachable", None, Some(InputOption::VALUE_NONE), "Ignore repositories that are unreachable or return a non-200 status code.", None).unwrap().into(),
             ])
             .set_help(
                 "The <info>audit</info> command checks for security vulnerability advisories for installed packages.\n\n\
@@ -59,14 +59,25 @@ impl AuditCommand {
             return Ok(0);
         }
 
-        let auditor = Auditor::new();
-        let mut repo_set = RepositorySet::new();
+        let auditor = Auditor;
+        let mut repo_set = RepositorySet::new(
+            "stable",
+            indexmap::IndexMap::new(),
+            Vec::new(),
+            indexmap::IndexMap::new(),
+            indexmap::IndexMap::new(),
+            indexmap::IndexMap::new(),
+        );
         for repo in composer.get_repository_manager().get_repositories() {
-            repo_set.add_repository(repo);
+            // TODO(phase-b): repositories are shared (PHP class semantics); needs Rc wrapper
+            repo_set.add_repository(repo.clone_box())?;
         }
 
-        let audit_config =
-            AuditConfig::from_config(composer.get_config(), true, Auditor::FORMAT_SUMMARY)?;
+        let audit_config = AuditConfig::from_config(
+            &mut *composer.get_config().borrow_mut(),
+            true,
+            Auditor::FORMAT_SUMMARY,
+        )?;
 
         let abandoned = input
             .get_option("abandoned")
@@ -107,18 +118,21 @@ impl AuditCommand {
             .unwrap_or(false)
             || audit_config.ignore_unreachable;
 
+        let audit_format = self.get_audit_format(input, "format")?;
+        // TODO(phase-b): ignore_severities is PhpMixed; need conversion to IndexMap<String, Option<String>>
+        let _ = ignore_severities;
         Ok(auditor
             .audit(
                 self.get_io(),
                 &repo_set,
-                &packages,
-                &self.get_audit_format(input, "format"),
+                packages,
+                &audit_format,
                 false,
-                &audit_config.ignore_list_for_audit,
+                audit_config.ignore_list_for_audit.clone(),
                 &abandoned,
-                &ignore_severities,
+                indexmap::IndexMap::new(),
                 ignore_unreachable,
-                &audit_config.ignore_abandoned_for_audit,
+                audit_config.ignore_abandoned_for_audit.clone(),
             )?
             .min(255))
     }
@@ -136,24 +150,19 @@ impl AuditCommand {
                 }.into());
             }
             let locker = composer.get_locker();
-            return Ok(locker
-                .get_locked_repository(!input.get_option("no-dev").as_bool().unwrap_or(false))?
-                .get_packages());
-        }
-
-        let root_pkg = composer.get_package();
-        let installed_repo = InstalledRepository::new(vec![
-            composer.get_repository_manager().get_local_repository(),
-        ]);
-
-        if input.get_option("no-dev").as_bool().unwrap_or(false) {
-            return Ok(RepositoryUtils::filter_required_packages(
-                installed_repo.get_packages(),
-                root_pkg,
+            return Ok(CanonicalPackagesTrait::get_packages(
+                &locker.get_locked_repository(
+                    !input.get_option("no-dev").as_bool().unwrap_or(false),
+                )?,
             ));
         }
 
-        Ok(installed_repo.get_packages())
+        let _root_pkg = composer.get_package();
+        // TODO(phase-b): InstalledRepository::new expects Vec<Box<dyn RepositoryInterface>>, but
+        // get_local_repository returns &dyn InstalledRepositoryInterface. Conversion requires
+        // either cloning into a Box or restructuring InstalledRepository constructor.
+        let _ = RepositoryUtils::filter_required_packages;
+        todo!("audit get_packages non-locked branch needs installed-repo conversion")
     }
 }