npm - 0xray - Versions diffs - 2.1.2 → 2.1.4 - Mend

0xray 2.1.2 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/.opencode/codex.codex +1 -1
package/.opencode/commands/dependency-audit.md +3 -3
package/.opencode/enforcer-config.json +2 -2
package/AGENTS.md +2 -1
package/README.md +12 -11
package/dist/AGENTS.md +2 -1
package/dist/CHANGELOG.md +38 -0
package/dist/README.md +12 -11
package/dist/agents/code-reviewer.js +1 -1
package/dist/analytics/routing-refiner.js +1 -1
package/dist/cli/index.js +11 -1
package/dist/cli/server.js +3 -3
package/dist/core/activity-logger.d.ts +2 -2
package/dist/core/activity-logger.js +4 -4
package/dist/core/boot-orchestrator.d.ts +1 -1
package/dist/core/boot-orchestrator.js +13 -28
package/dist/core/bridge.mjs +3 -3
package/dist/core/codex-formatter.js +2 -2
package/dist/core/codex-injector.d.ts +0 -1
package/dist/core/codex-injector.js +2 -3
package/dist/core/config-loader.d.ts +1 -1
package/dist/core/config-loader.js +1 -1
package/dist/core/config-paths.d.ts +0 -2
package/dist/core/config-paths.js +7 -8
package/dist/core/context-loader.d.ts +1 -1
package/dist/core/context-loader.js +1 -1
package/dist/core/errors.d.ts +3 -0
package/dist/core/errors.js +10 -0
package/dist/core/features-config.js +1 -1
package/dist/core/framework-logger.d.ts +3 -3
package/dist/core/framework-logger.js +17 -9
package/dist/core/index.d.ts +2 -2
package/dist/core/index.js +4 -2
package/dist/core/logging-config.d.ts +2 -1
package/dist/core/logging-config.js +7 -7
package/dist/enforcement/loaders/codex-loader.js +1 -1
package/dist/execution/opencode-cli-invoker.js +5 -5
package/dist/governance/governance-service.js +1 -1
package/dist/index.d.ts +3 -3
package/dist/index.js +3 -3
package/dist/inference/inference-cycle.d.ts +1 -1
package/dist/inference/inference-cycle.js +10 -10
package/dist/integrations/base/Integration.js +1 -1
package/dist/integrations/base/registry.js +19 -19
package/dist/integrations/grok/grok-cli.js +17 -17
package/dist/integrations/grok/hooks/pre-tool-use.js +1 -1
package/dist/integrations/hermes-agent/bridge.mjs +1 -1
package/dist/integrations/openclaw/api-server.d.ts +0 -1
package/dist/integrations/openclaw/api-server.js +7 -10
package/dist/integrations/openclaw/client.d.ts +0 -1
package/dist/integrations/openclaw/client.js +22 -24
package/dist/integrations/openclaw/hooks/xray-hooks.d.ts +0 -1
package/dist/integrations/openclaw/hooks/xray-hooks.js +17 -18
package/dist/integrations/plugins/plugin-registry.js +5 -5
package/dist/mcps/architect-tools.server.d.ts +2 -4
package/dist/mcps/architect-tools.server.js +112 -195
package/dist/mcps/auto-format.server.d.ts +2 -4
package/dist/mcps/auto-format.server.js +49 -95
package/dist/mcps/boot-orchestrator.server.d.ts +2 -4
package/dist/mcps/boot-orchestrator.server.js +73 -105
package/dist/mcps/config/server-config-registry.js +3 -3
package/dist/mcps/enforcer-tools.server.d.ts +2 -4
package/dist/mcps/enforcer-tools.server.js +202 -285
package/dist/mcps/estimation.server.d.ts +2 -4
package/dist/mcps/estimation.server.js +63 -107
package/dist/mcps/framework-compliance-audit.server.d.ts +2 -4
package/dist/mcps/framework-compliance-audit.server.js +53 -82
package/dist/mcps/framework-help.server.d.ts +2 -4
package/dist/mcps/framework-help.server.js +63 -101
package/dist/mcps/governance.server.js +2 -2
package/dist/mcps/knowledge-skills/api-design.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/api-design.server.js +35 -67
package/dist/mcps/knowledge-skills/architecture-patterns.server.d.ts +2 -10
package/dist/mcps/knowledge-skills/architecture-patterns.server.js +35 -74
package/dist/mcps/knowledge-skills/bug-triage-specialist.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/bug-triage-specialist.server.js +143 -162
package/dist/mcps/knowledge-skills/code-analyzer.server.d.ts +3 -4
package/dist/mcps/knowledge-skills/code-analyzer.server.js +20 -45
package/dist/mcps/knowledge-skills/code-review.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/code-review.server.js +109 -143
package/dist/mcps/knowledge-skills/content-creator.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/content-creator.server.js +205 -226
package/dist/mcps/knowledge-skills/database-design.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/database-design.server.js +117 -151
package/dist/mcps/knowledge-skills/devops-deployment.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/devops-deployment.server.js +71 -160
package/dist/mcps/knowledge-skills/git-workflow.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/git-workflow.server.js +36 -68
package/dist/mcps/knowledge-skills/growth-strategist.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/growth-strategist.server.js +303 -324
package/dist/mcps/knowledge-skills/log-monitor.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/log-monitor.server.js +141 -160
package/dist/mcps/knowledge-skills/mobile-development.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/mobile-development.server.js +92 -209
package/dist/mcps/knowledge-skills/multimodal-looker.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/multimodal-looker.server.js +123 -159
package/dist/mcps/knowledge-skills/performance-optimization.server.d.ts +2 -5
package/dist/mcps/knowledge-skills/performance-optimization.server.js +155 -296
package/dist/mcps/knowledge-skills/project-analysis.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/project-analysis.server.js +75 -226
package/dist/mcps/knowledge-skills/refactoring-strategies.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/refactoring-strategies.server.js +63 -156
package/dist/mcps/knowledge-skills/security-audit.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/security-audit.server.js +102 -136
package/dist/mcps/knowledge-skills/seo-consultant.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/seo-consultant.server.js +80 -203
package/dist/mcps/knowledge-skills/session-management.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/session-management.server.js +50 -203
package/dist/mcps/knowledge-skills/skill-invocation.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/skill-invocation.server.js +168 -347
package/dist/mcps/knowledge-skills/strategist.server.d.ts +2 -11
package/dist/mcps/knowledge-skills/strategist.server.js +72 -122
package/dist/mcps/knowledge-skills/tech-writer.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/tech-writer.server.js +87 -300
package/dist/mcps/knowledge-skills/testing-best-practices.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/testing-best-practices.server.js +147 -182
package/dist/mcps/knowledge-skills/testing-strategy.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/testing-strategy.server.js +78 -153
package/dist/mcps/knowledge-skills/ui-ux-design.server.d.ts +2 -5
package/dist/mcps/knowledge-skills/ui-ux-design.server.js +90 -399
package/dist/mcps/lint.server.d.ts +2 -4
package/dist/mcps/lint.server.js +51 -92
package/dist/mcps/mcp-client.js +2 -2
package/dist/mcps/model-health-check.server.d.ts +2 -4
package/dist/mcps/model-health-check.server.js +32 -60
package/dist/mcps/performance-analysis.server.d.ts +2 -4
package/dist/mcps/performance-analysis.server.js +57 -88
package/dist/mcps/processor-pipeline.server.d.ts +2 -4
package/dist/mcps/processor-pipeline.server.js +69 -100
package/dist/mcps/registry.json +1 -1
package/dist/mcps/researcher.server.d.ts +3 -5
package/dist/mcps/researcher.server.js +81 -154
package/dist/mcps/security-scan.server.d.ts +2 -4
package/dist/mcps/security-scan.server.js +54 -96
package/dist/mcps/shared/knowledge-skill-base.d.ts +14 -0
package/dist/mcps/shared/knowledge-skill-base.js +45 -0
package/dist/{security → mcps/shared}/security-scanner.js +1 -1
package/dist/mcps/state-manager.server.d.ts +2 -4
package/dist/mcps/state-manager.server.js +115 -160
package/dist/orchestrator/orchestrator.d.ts +1 -1
package/dist/orchestrator/orchestrator.js +1 -1
package/dist/orchestrator/universal-registry-bridge.js +1 -1
package/dist/plugin/xray-codex-injection.d.ts +1 -1
package/dist/plugin/xray-codex-injection.js +1 -1
package/dist/postprocessor/PostProcessor.d.ts +4 -44
package/dist/postprocessor/PostProcessor.js +39 -553
package/dist/postprocessor/analysis/CodeChangeAnalyzer.d.ts +11 -0
package/dist/postprocessor/analysis/CodeChangeAnalyzer.js +50 -0
package/dist/postprocessor/compliance/ArchitecturalComplianceChecker.d.ts +11 -0
package/dist/postprocessor/compliance/ArchitecturalComplianceChecker.js +356 -0
package/dist/postprocessor/config/ProcessorConfigLoader.d.ts +44 -0
package/dist/postprocessor/config/ProcessorConfigLoader.js +21 -0
package/dist/postprocessor/reporting/PostProcessorReporter.d.ts +19 -0
package/dist/postprocessor/reporting/PostProcessorReporter.js +96 -0
package/dist/postprocessor/triggers/GitHookTrigger.js +11 -11
package/dist/processors/implementations/refactoring-logging-processor-wrapper.d.ts +32 -0
package/dist/processors/implementations/refactoring-logging-processor-wrapper.js +95 -1
package/dist/processors/processor-manager.js +346 -314
package/dist/reporting/report-formatter.js +1 -1
package/dist/security/security-hardener.d.ts +69 -2
package/dist/security/security-hardener.js +129 -1
package/dist/skills/registry.json +1 -1
package/dist/state/index.d.ts +3 -5
package/dist/state/index.js +1 -7
package/dist/state/state-manager.d.ts +1 -1
package/dist/state/state-manager.js +2 -3
package/package.json +13 -10
package/scripts/node/universal-version-manager.js +11 -11
package/src/mcps/architect-tools.server.ts +112 -215
package/src/mcps/auto-format.server.ts +50 -110
package/src/mcps/boot-orchestrator.server.ts +75 -121
package/src/mcps/config/__tests__/server-config-registry.test.ts +21 -12
package/src/mcps/config/server-config-registry.ts +3 -3
package/src/mcps/enforcer-tools.server.ts +212 -310
package/src/mcps/estimation.server.ts +62 -122
package/src/mcps/framework-compliance-audit.server.ts +52 -97
package/src/mcps/framework-help.server.ts +64 -114
package/src/mcps/governance.server.ts +2 -2
package/src/mcps/knowledge-skills/api-design.server.ts +32 -77
package/src/mcps/knowledge-skills/architecture-patterns.server.ts +31 -87
package/src/mcps/knowledge-skills/bug-triage-specialist.server.ts +165 -193
package/src/mcps/knowledge-skills/code-analyzer.server.ts +20 -55
package/src/mcps/knowledge-skills/code-review.server.ts +114 -161
package/src/mcps/knowledge-skills/content-creator.server.ts +218 -255
package/src/mcps/knowledge-skills/database-design.server.ts +118 -165
package/src/mcps/knowledge-skills/devops-deployment.server.ts +67 -172
package/src/mcps/knowledge-skills/git-workflow.server.ts +32 -77
package/src/mcps/knowledge-skills/growth-strategist.server.ts +324 -361
package/src/mcps/knowledge-skills/log-monitor.server.ts +160 -187
package/src/mcps/knowledge-skills/mobile-development.server.ts +89 -223
package/src/mcps/knowledge-skills/multimodal-looker.server.ts +128 -175
package/src/mcps/knowledge-skills/performance-optimization.server.ts +156 -329
package/src/mcps/knowledge-skills/project-analysis.server.ts +72 -248
package/src/mcps/knowledge-skills/refactoring-strategies.server.ts +59 -171
package/src/mcps/knowledge-skills/security-audit.server.ts +104 -151
package/src/mcps/knowledge-skills/seo-consultant.server.ts +80 -220
package/src/mcps/knowledge-skills/session-management.server.ts +51 -232
package/src/mcps/knowledge-skills/skill-invocation.server.ts +165 -372
package/src/mcps/knowledge-skills/strategist.server.ts +72 -143
package/src/mcps/knowledge-skills/tech-writer.server.ts +85 -350
package/src/mcps/knowledge-skills/testing-best-practices.server.ts +146 -195
package/src/mcps/knowledge-skills/testing-strategy.server.ts +75 -161
package/src/mcps/knowledge-skills/ui-ux-design.server.ts +93 -487
package/src/mcps/lint.server.ts +53 -107
package/src/mcps/mcp-client.ts +2 -2
package/src/mcps/model-health-check.server.ts +34 -71
package/src/mcps/performance-analysis.server.ts +60 -104
package/src/mcps/processor-pipeline.server.ts +72 -110
package/src/mcps/registry.json +1 -1
package/src/mcps/researcher.server.ts +88 -177
package/src/mcps/security-scan.server.ts +55 -104
package/src/mcps/shared/knowledge-skill-base.ts +62 -0
package/src/mcps/shared/prompt-security-validator.ts +199 -0
package/src/mcps/shared/security-scanner.ts +599 -0
package/src/mcps/state-manager.server.ts +117 -175
package/src/opencode/codex.codex +1 -1
package/src/opencode/commands/dependency-audit.md +3 -3
package/src/opencode/enforcer-config.json +2 -2
package/src/skills/registry.json +1 -1
package/xray/codex.json +1 -1
package/xray/config.json +1 -1
package/xray/features.json +1 -1
package/xray/integrations.json +3 -3
package/dist/integrations/hermes-agent/__pycache__/__init__.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/conftest.cpython-313-pytest-9.0.2.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/schemas.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/test_plugin.cpython-313-pytest-9.0.2.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/test_plugin.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/tools.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/conftest.py +0 -14
package/dist/integrations/hermes-agent/test_plugin.py +0 -1103
package/dist/processors/implementations/refactoring-logging-processor.d.ts +0 -31
package/dist/processors/implementations/refactoring-logging-processor.js +0 -96
package/dist/processors/implementations/session-capture-processor.d.ts +0 -14
package/dist/processors/implementations/session-capture-processor.js +0 -37
package/dist/scripts/activate-kernel-pipeline.d.ts +0 -7
package/dist/scripts/activate-kernel-pipeline.js +0 -101
package/dist/security/index.d.ts +0 -13
package/dist/security/index.js +0 -13
package/dist/security/security-agent-coordinator.d.ts +0 -72
package/dist/security/security-agent-coordinator.js +0 -204
package/dist/security/security-auditor.d.ts +0 -56
package/dist/security/security-auditor.js +0 -584
package/dist/security/security-hardening-system.d.ts +0 -239
package/dist/security/security-hardening-system.js +0 -727
package/dist/security/security-orchestration-layer.d.ts +0 -119
package/dist/security/security-orchestration-layer.js +0 -496
/package/dist/{security → mcps/shared}/prompt-security-validator.d.ts +0 -0
/package/dist/{security → mcps/shared}/prompt-security-validator.js +0 -0
/package/dist/{security → mcps/shared}/security-scanner.d.ts +0 -0

package/src/mcps/shared/security-scanner.ts ADDED Viewed

@@ -0,0 +1,599 @@
+/**
+ * 0xRay Framework - Security Scanner
+ *
+ * Automated security vulnerability scanning and compliance validation
+ * Integrates with security tools and provides comprehensive security reports
+ */
+import { exec } from "child_process";
+import { promises as fs } from "fs";
+import { frameworkLogger } from "../../core/framework-logger.js";
+import { promisify } from "util";
+import {
+  promptSecurityValidator,
+  PromptSecurityValidator,
+} from "./prompt-security-validator.js";
+const execAsync = promisify(exec);
+export interface SecurityScanConfig {
+  enabled: boolean;
+  tools: {
+    npmAudit: boolean;
+    trivy: boolean;
+    eslintSecurity: boolean;
+    dependencyCheck: boolean;
+  };
+  severityThreshold: "low" | "moderate" | "high" | "critical";
+  reportPath: string;
+  failOnVulnerabilities: boolean;
+}
+export interface SecurityVulnerability {
+  id: string;
+  title: string;
+  description: string;
+  severity: "low" | "moderate" | "high" | "critical";
+  package?: string;
+  version?: string;
+  cve?: string;
+  url?: string;
+  recommendation: string;
+}
+export interface SecurityReport {
+  timestamp: string;
+  duration: number;
+  tools: {
+    npmAudit: SecurityVulnerability[];
+    trivy: SecurityVulnerability[];
+    eslintSecurity: SecurityVulnerability[];
+    dependencyCheck: SecurityVulnerability[];
+  };
+  summary: {
+    totalVulnerabilities: number;
+    bySeverity: Record<string, number>;
+    byTool: Record<string, number>;
+  };
+  recommendations: string[];
+  compliant: boolean;
+}
+export class SecurityScanner {
+  private config: SecurityScanConfig;
+  constructor(config: Partial<SecurityScanConfig> = {}) {
+    this.config = {
+      enabled: true,
+      tools: {
+        npmAudit: true,
+        trivy: false, // Requires separate installation
+        eslintSecurity: true,
+        dependencyCheck: false, // Requires separate installation
+        ...config.tools,
+      },
+      severityThreshold: "moderate",
+      reportPath: "./security-report.json",
+      failOnVulnerabilities: true,
+      ...config,
+    };
+  }
+  /**
+   * Run comprehensive security scan
+   */
+  async runSecurityScan(): Promise<SecurityReport> {
+    const jobId = `security-scan-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
+    const startTime = Date.now();
+    if (!this.config.enabled) {
+      return this.createEmptyReport();
+    }
+    frameworkLogger.log("security-scanner", "scan-start", "info", {
+      jobId,
+      tools: this.config.tools,
+      severityThreshold: this.config.severityThreshold,
+    });
+    const results = await Promise.allSettled([
+      this.config.tools.npmAudit ? this.runNpmAudit() : Promise.resolve([]),
+      this.config.tools.trivy ? this.runTrivyScan() : Promise.resolve([]),
+      this.config.tools.eslintSecurity
+        ? this.runEslintSecurity()
+        : Promise.resolve([]),
+      this.config.tools.dependencyCheck
+        ? this.runDependencyCheck()
+        : Promise.resolve([]),
+    ]);
+    const tools = {
+      npmAudit: results[0].status === "fulfilled" ? results[0].value : [],
+      trivy: results[1].status === "fulfilled" ? results[1].value : [],
+      eslintSecurity: results[2].status === "fulfilled" ? results[2].value : [],
+      dependencyCheck:
+        results[3].status === "fulfilled" ? results[3].value : [],
+    };
+    const duration = Date.now() - startTime;
+    const report = this.generateReport(tools, duration);
+    // Save report
+    await this.saveReport(report, jobId);
+    // Log results
+    await this.logResults(report);
+    return report;
+  }
+  /**
+   * Run npm audit
+   */
+  private async runNpmAudit(): Promise<SecurityVulnerability[]> {
+    try {
+      const { stdout } = await execAsync("npm audit --json");
+      const auditResult = JSON.parse(stdout);
+      const vulnerabilities: SecurityVulnerability[] = [];
+      if (auditResult.vulnerabilities) {
+        for (const [packageName, vuln] of Object.entries(
+          auditResult.vulnerabilities,
+        ) as any) {
+          vulnerabilities.push({
+            id: vuln.name || packageName,
+            title: vuln.title || "Security vulnerability",
+            description: vuln.overview || "No description available",
+            severity: this.mapNpmSeverity(vuln.severity),
+            package: packageName,
+            version: vuln.version,
+            cve: vuln.cwe,
+            url: vuln.url,
+            recommendation: vuln.recommendation || "Update to a secure version",
+          });
+        }
+      }
+      return vulnerabilities;
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      frameworkLogger.log("security-scanner", "npm-audit-failed", "warning", { message: "⚠️ npm audit failed", error: errorMessage });
+      return [];
+    }
+  }
+  /**
+   * Run Trivy security scan
+   */
+  private async runTrivyScan(): Promise<SecurityVulnerability[]> {
+    try {
+      const { stdout } = await execAsync("trivy fs --format json .");
+      const trivyResult = JSON.parse(stdout);
+      const vulnerabilities: SecurityVulnerability[] = [];
+      if (trivyResult.Results) {
+        for (const result of trivyResult.Results) {
+          if (result.Vulnerabilities) {
+            for (const vuln of result.Vulnerabilities) {
+              vulnerabilities.push({
+                id: vuln.VulnerabilityID,
+                title: vuln.Title,
+                description: vuln.Description,
+                severity: this.mapTrivySeverity(vuln.Severity),
+                package: vuln.PkgName,
+                version: vuln.InstalledVersion,
+                cve: vuln.VulnerabilityID,
+                url: vuln.PrimaryURL,
+                recommendation: vuln.FixedVersion
+                  ? `Update to ${vuln.FixedVersion}`
+                  : "Review and mitigate",
+              });
+            }
+          }
+        }
+      }
+      return vulnerabilities;
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      frameworkLogger.log("security-scanner", "trivy-scan-failed", "warning", { message: "⚠️ Trivy scan failed", error: errorMessage });
+      return [];
+    }
+  }
+  /**
+   * Run ESLint security rules
+   */
+  private async runEslintSecurity(): Promise<SecurityVulnerability[]> {
+    try {
+      const { stdout } = await execAsync("npx eslint --format json src/");
+      const eslintResults = JSON.parse(stdout);
+      const vulnerabilities: SecurityVulnerability[] = [];
+      for (const result of eslintResults) {
+        for (const message of result.messages) {
+          if (
+            message.ruleId &&
+            (message.ruleId.includes("security") ||
+              message.ruleId.includes("xss") ||
+              message.ruleId.includes("injection"))
+          ) {
+            vulnerabilities.push({
+              id: message.ruleId,
+              title: message.message,
+              description: `Security issue in ${result.filePath}:${message.line}:${message.column}`,
+              severity: "moderate",
+              recommendation:
+                "Fix the security vulnerability according to ESLint recommendations",
+            });
+          }
+        }
+      }
+      return vulnerabilities;
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      frameworkLogger.log("security-scanner", "eslint-scan-failed", "warning", { message: "⚠️ ESLint security scan failed", error: errorMessage });
+      return [];
+    }
+  }
+  /**
+   * Run OWASP Dependency Check
+   */
+  private async runDependencyCheck(): Promise<SecurityVulnerability[]> {
+    try {
+      const { stdout } = await execAsync(
+        "dependency-check --format JSON --out . --scan .",
+      );
+      const dcResult = JSON.parse(stdout);
+      const vulnerabilities: SecurityVulnerability[] = [];
+      if (dcResult.dependencies) {
+        for (const dep of dcResult.dependencies) {
+          if (dep.vulnerabilities) {
+            for (const vuln of dep.vulnerabilities) {
+              vulnerabilities.push({
+                id: vuln.name,
+                title: vuln.description,
+                description: vuln.description,
+                severity: this.mapDependencyCheckSeverity(vuln.severity),
+                package: dep.fileName,
+                cve: vuln.name,
+                url: vuln.references?.[0]?.url,
+                recommendation: "Update dependency or apply security patches",
+              });
+            }
+          }
+        }
+      }
+      return vulnerabilities;
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      frameworkLogger.log("security-scanner", "dependency-check-failed", "warning", { message: "⚠️ Dependency check failed", error: errorMessage });
+      return [];
+    }
+  }
+  /**
+   * Generate comprehensive security report
+   */
+  private generateReport(
+    tools: SecurityReport["tools"],
+    duration: number,
+  ): SecurityReport {
+    const allVulnerabilities = [
+      ...tools.npmAudit,
+      ...tools.trivy,
+      ...tools.eslintSecurity,
+      ...tools.dependencyCheck,
+    ];
+    const bySeverity = allVulnerabilities.reduce(
+      (acc, vuln) => {
+        acc[vuln.severity] = (acc[vuln.severity] || 0) + 1;
+        return acc;
+      },
+      {} as Record<string, number>,
+    );
+    const byTool = {
+      npmAudit: tools.npmAudit.length,
+      trivy: tools.trivy.length,
+      eslintSecurity: tools.eslintSecurity.length,
+      dependencyCheck: tools.dependencyCheck.length,
+    };
+    const highSeverityCount =
+      (bySeverity.high || 0) + (bySeverity.critical || 0);
+    const shouldFail =
+      this.config.failOnVulnerabilities &&
+      highSeverityCount > 0 &&
+      this.config.severityThreshold !== "low";
+    const recommendations = this.generateRecommendations(allVulnerabilities);
+    return {
+      timestamp: new Date().toISOString(),
+      duration,
+      tools,
+      summary: {
+        totalVulnerabilities: allVulnerabilities.length,
+        bySeverity,
+        byTool,
+      },
+      recommendations,
+      compliant: !shouldFail,
+    };
+  }
+  /**
+   * Generate security recommendations
+   */
+  private generateRecommendations(
+    vulnerabilities: SecurityVulnerability[],
+  ): string[] {
+    const recommendations: string[] = [];
+    if (vulnerabilities.some((v) => v.severity === "critical")) {
+      recommendations.push(
+        "🚨 Critical security vulnerabilities found - immediate action required",
+      );
+    }
+    if (vulnerabilities.some((v) => v.severity === "high")) {
+      recommendations.push(
+        "⚠️ High-severity vulnerabilities detected - prioritize fixes",
+      );
+    }
+    if (vulnerabilities.filter((v) => v.package).length > 0) {
+      recommendations.push(
+        "📦 Update vulnerable dependencies to latest secure versions",
+      );
+    }
+    if (vulnerabilities.filter((v) => v.id.includes("eslint")).length > 0) {
+      recommendations.push("🔧 Fix code security issues identified by ESLint");
+    }
+    recommendations.push(
+      "🔍 Run regular security scans and keep dependencies updated",
+    );
+    recommendations.push(
+      "📋 Review security policies and implement security headers",
+    );
+    return recommendations;
+  }
+  /**
+   * Save report to file
+   */
+  private async saveReport(
+    report: SecurityReport,
+    jobId: string,
+  ): Promise<void> {
+    try {
+      await fs.writeFile(
+        this.config.reportPath,
+        JSON.stringify(report, null, 2),
+      );
+      frameworkLogger.log("security-scanner", "report-saved", "success", {
+        jobId,
+        reportPath: this.config.reportPath,
+      });
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      frameworkLogger.log("security-scanner", "save-report-failed", "warning", { message: "⚠️ Failed to save security report", error: errorMessage });
+    }
+  }
+  /**
+   * Log security scan results
+   */
+  private async logResults(report: SecurityReport): Promise<void> {
+    await frameworkLogger.log(
+      "security-scanner",
+      "-n-security-scan-complete-report-duration-ms-",
+      "info",
+      { message: `\n🔒 Security Scan Complete (${report.duration}ms)` },
+    );
+    await frameworkLogger.log(
+      "security-scanner",
+      "-total-vulnerabilities-report-summary-totalvulnera",
+      "info",
+      {
+        message: `📊 Total vulnerabilities: ${report.summary.totalVulnerabilities}`,
+      },
+    );
+    await frameworkLogger.log("security-scanner", "-n-by-severity-", "info", {
+      message: "\n📈 By Severity:",
+    });
+    for (const [severity, count] of Object.entries(report.summary.bySeverity)) {
+      await frameworkLogger.log(
+        "security-scanner",
+        "-severity-count-",
+        "info",
+        { message: `  ${severity}: ${count}` },
+      );
+    }
+    await frameworkLogger.log("security-scanner", "-n-by-tool-", "info", {
+      message: "\n🛠️ By Tool:",
+    });
+    for (const [tool, count] of Object.entries(report.summary.byTool)) {
+      await frameworkLogger.log("security-scanner", "-tool-count-", "info", {
+        message: `  ${tool}: ${count}`,
+      });
+    }
+    if (report.recommendations.length > 0) {
+      await frameworkLogger.log(
+        "security-scanner",
+        "-n-recommendations-",
+        "info",
+        { message: "\n💡 Recommendations:" },
+      );
+      for (const rec of report.recommendations) {
+        await frameworkLogger.log("security-scanner", "-rec-", "info", {
+          message: `  • ${rec}`,
+        });
+      }
+    }
+    if (report.compliant) {
+      // Security scan result - kept as console.log for user visibility
+    } else {
+      // Security scan failure - kept as console.log for user visibility
+    }
+  }
+  /**
+   * Map npm audit severity levels
+   */
+  private mapNpmSeverity(severity: string): SecurityVulnerability["severity"] {
+    switch (severity) {
+      case "critical":
+        return "critical";
+      case "high":
+        return "high";
+      case "moderate":
+        return "moderate";
+      case "low":
+        return "low";
+      default:
+        return "moderate";
+    }
+  }
+  /**
+   * Map Trivy severity levels
+   */
+  private mapTrivySeverity(
+    severity: string,
+  ): SecurityVulnerability["severity"] {
+    switch (severity.toUpperCase()) {
+      case "CRITICAL":
+        return "critical";
+      case "HIGH":
+        return "high";
+      case "MEDIUM":
+        return "moderate";
+      case "LOW":
+        return "low";
+      default:
+        return "moderate";
+    }
+  }
+  /**
+   * Map Dependency Check severity levels
+   */
+  private mapDependencyCheckSeverity(
+    severity: string,
+  ): SecurityVulnerability["severity"] {
+    switch (severity.toUpperCase()) {
+      case "CRITICAL":
+        return "critical";
+      case "HIGH":
+        return "high";
+      case "MEDIUM":
+        return "moderate";
+      case "LOW":
+        return "low";
+      default:
+        return "moderate";
+    }
+  }
+  /**
+   * Validate AI prompt security
+   */
+  async validatePrompt(prompt: string): Promise<{
+    isSafe: boolean;
+    violations: string[];
+    riskLevel: string;
+  }> {
+    const result = promptSecurityValidator.validatePrompt(prompt);
+    if (!result.isSafe) {
+      frameworkLogger.log("security-scanner", "prompt-violation", "warning", {
+        message: `🚨 Prompt security violation detected (risk: ${result.riskLevel})`,
+        violations: result.violations,
+      });
+    }
+    return {
+      isSafe: result.isSafe,
+      violations: result.violations,
+      riskLevel: result.riskLevel,
+    };
+  }
+  /**
+   * Validate AI response security
+   */
+  async validateResponse(response: string): Promise<{
+    isSafe: boolean;
+    violations: string[];
+    riskLevel: string;
+  }> {
+    const result = promptSecurityValidator.validateResponse(response);
+    if (!result.isSafe) {
+      frameworkLogger.log("security-scanner", "response-violation", "warning", {
+        message: `🚨 Response security violation detected (risk: ${result.riskLevel})`,
+        violations: result.violations,
+      });
+    }
+    return {
+      isSafe: result.isSafe,
+      violations: result.violations,
+      riskLevel: result.riskLevel,
+    };
+  }
+  /**
+   * Create empty report when scanning is disabled
+   */
+  private createEmptyReport(): SecurityReport {
+    return {
+      timestamp: new Date().toISOString(),
+      duration: 0,
+      tools: {
+        npmAudit: [],
+        trivy: [],
+        eslintSecurity: [],
+        dependencyCheck: [],
+      },
+      summary: {
+        totalVulnerabilities: 0,
+        bySeverity: {},
+        byTool: {
+          npmAudit: 0,
+          trivy: 0,
+          eslintSecurity: 0,
+          dependencyCheck: 0,
+        },
+      },
+      recommendations: ["Security scanning is disabled"],
+      compliant: true,
+    };
+  }
+}
+// Export singleton instance
+export const securityScanner = new SecurityScanner();