@cicore/cli 1.0.0

package/dist/lib/sast.js

@@ -0,0 +1,79 @@
+/**
+ * CiCore CLI — Semgrep SAST gate (M3.4 P-1b, K8 signed marketplace)
+ *
+ * Üçüncü-taraf addon PHP'si/JS'i çekirdekte çalışır → publish ÖNCESİ statik analiz
+ * KRİTİK kontrol. Bu lib `ci addon publish`'in pre-flight gate'idir (geliştirici
+ * tarafı, fail-closed): ERROR-severity bulgu VAR ya da semgrep YOK → publish ABORT
+ * (bilinçli `--skip-scan` ile audit'li bypass).
+ *
+ * NOT (otoriter katman): bu CLI gate'i CLI-run = teorik bypass-edilebilir. OTORİTER
+ * tarama (DB scan_status='passed' yazan) ayrı katmandır: publish-addon-job.php
+ * (agent, container-içi) — semgrep IMAGE'a eklenince (mehmet/infra) çalışır; o gün
+ * gelene dek scan_status server-otoritesiyle 'pending' kalır (P-1, fail-closed: P-2
+ * manifest 'passed' istediğinde pending sürüm gated-servable olmaz). KARAR-ENT/seam.
+ */
+import { spawn } from 'node:child_process';
+/**
+ * Pure: semgrep `--json` stdout'unu bulgulara + ERROR sayısına çevirir.
+ * Parse edilemeyen çıktı → boş (ran-but-unparseable; çağıran karar verir).
+ */
+export function parseSemgrepJson(raw) {
+    let doc;
+    try {
+        doc = JSON.parse(raw);
+    }
+    catch {
+        return { errorCount: 0, findings: [] };
+    }
+    const results = doc?.results;
+    const arr = Array.isArray(results) ? results : [];
+    const findings = arr.map((r) => {
+        const rec = (r ?? {});
+        const extra = (rec.extra ?? {});
+        const start = (rec.start ?? {});
+        return {
+            checkId: String(rec.check_id ?? '?'),
+            path: String(rec.path ?? '?'),
+            severity: String(extra.severity ?? 'INFO').toUpperCase(),
+            line: typeof start.line === 'number' ? start.line : undefined,
+        };
+    });
+    const errorCount = findings.filter((f) => f.severity === 'ERROR').length;
+    return { errorCount, findings };
+}
+/**
+ * Semgrep SAST taramasını bir yol üzerinde koşar. Binary yoksa (ENOENT) →
+ * `available:false` (çağıran fail-closed ABORT eder). Asla throw etmez.
+ */
+export function runSemgrepScan(targetPath, opts = {}) {
+    const config = opts.config ?? process.env.CICORE_SEMGREP_CONFIG ?? 'auto';
+    return new Promise((resolve) => {
+        let settled = false;
+        const done = (r) => {
+            if (!settled) {
+                settled = true;
+                resolve(r);
+            }
+        };
+        let proc;
+        try {
+            proc = spawn('semgrep', ['scan', '--json', '--quiet', '--config', config, targetPath], {
+                stdio: ['ignore', 'pipe', 'pipe'],
+            });
+        }
+        catch (e) {
+            done({ available: false, ran: false, errorCount: 0, findings: [], message: `semgrep spawn hata: ${String(e)}` });
+            return;
+        }
+        let stdout = '';
+        proc.on('error', (e) => {
+            done({ available: false, ran: false, errorCount: 0, findings: [], message: `semgrep yok/çalışmadı: ${e?.code ?? e?.message ?? 'error'}` });
+        });
+        proc.stdout?.on('data', (d) => { stdout += d.toString(); });
+        proc.on('close', (code) => {
+            const { errorCount, findings } = parseSemgrepJson(stdout);
+            done({ available: true, ran: true, errorCount, findings, message: `semgrep exit=${code} findings=${findings.length} errors=${errorCount}` });
+        });
+    });
+}
+//# sourceMappingURL=sast.js.map

package/dist/lib/sast.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sast.js","sourceRoot":"","sources":["../../src/lib/sast.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAiB3C;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACzC,CAAC;IACD,MAAM,OAAO,GAAI,GAA6B,EAAE,OAAO,CAAC;IACxD,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAqB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAkB,EAAE;QAC/D,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAA4B,CAAC;QACjD,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAA4B,CAAC;QAC3D,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAA4B,CAAC;QAC3D,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC;YACpC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YAC7B,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE;YACxD,IAAI,EAAE,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;SAC9D,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IACzE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB,EAAE,OAA4B,EAAE;IAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,MAAM,CAAC;IAC1E,OAAO,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,EAAE;QAC5C,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,IAAI,GAAG,CAAC,CAAgB,EAAQ,EAAE;YACtC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,OAAO,CAAC,CAAC,CAAC,CAAC;YACb,CAAC;QACH,CAAC,CAAC;QACF,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE;gBACrF,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,uBAAuB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjH,OAAO;QACT,CAAC;QACD,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAwB,EAAE,EAAE;YAC5C,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,0BAA0B,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,OAAO,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;QAC7I,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAC1D,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,gBAAgB,IAAI,aAAa,QAAQ,CAAC,MAAM,WAAW,UAAU,EAAE,EAAE,CAAC,CAAC;QAC/I,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/lib/sast.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sast.test.d.ts.map

package/dist/lib/sast.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sast.test.d.ts","sourceRoot":"","sources":["../../src/lib/sast.test.ts"],"names":[],"mappings":""}

package/dist/lib/sast.test.js

@@ -0,0 +1,33 @@
+import { describe, it, expect } from 'vitest';
+import { parseSemgrepJson } from './sast.js';
+describe('sast / Semgrep gate (M3.4 P-1b)', () => {
+    it('boş/parse-edilemez çıktı → 0 finding (asla throw)', () => {
+        expect(parseSemgrepJson('')).toEqual({ errorCount: 0, findings: [] });
+        expect(parseSemgrepJson('not-json')).toEqual({ errorCount: 0, findings: [] });
+        expect(parseSemgrepJson('{}')).toEqual({ errorCount: 0, findings: [] });
+    });
+    it('results → findings + ERROR sayımı (gate kriteri)', () => {
+        const raw = JSON.stringify({
+            results: [
+                { check_id: 'php.lang.security.eval', path: 'Backend/X.php', start: { line: 12 }, extra: { severity: 'ERROR' } },
+                { check_id: 'js.audit.console', path: 'app/y.js', start: { line: 3 }, extra: { severity: 'WARNING' } },
+                { check_id: 'php.taint.sqli', path: 'Backend/Z.php', start: { line: 40 }, extra: { severity: 'ERROR' } },
+            ],
+        });
+        const { errorCount, findings } = parseSemgrepJson(raw);
+        expect(findings).toHaveLength(3);
+        expect(errorCount).toBe(2); // sadece ERROR-severity gate'i tetikler
+        expect(findings[0]).toMatchObject({ checkId: 'php.lang.security.eval', path: 'Backend/X.php', severity: 'ERROR', line: 12 });
+    });
+    it('temiz tarama (results boş) → errorCount 0 → gate GEÇER', () => {
+        expect(parseSemgrepJson(JSON.stringify({ results: [], errors: [] }))).toEqual({ errorCount: 0, findings: [] });
+    });
+    it('severity normalize (case-insensitive) + eksik alanlara güvenli default', () => {
+        const raw = JSON.stringify({ results: [{ check_id: 'x', extra: { severity: 'error' } }] });
+        const { errorCount, findings } = parseSemgrepJson(raw);
+        expect(errorCount).toBe(1);
+        expect(findings[0]).toMatchObject({ checkId: 'x', path: '?', severity: 'ERROR' });
+        expect(findings[0].line).toBeUndefined();
+    });
+});
+//# sourceMappingURL=sast.test.js.map

package/dist/lib/sast.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sast.test.js","sourceRoot":"","sources":["../../src/lib/sast.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACtE,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9E,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;YACzB,OAAO,EAAE;gBACP,EAAE,QAAQ,EAAE,wBAAwB,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;gBAChH,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE;gBACtG,EAAE,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;aACzG;SACF,CAAC,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,wCAAwC;QACpE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/H,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IACjH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3F,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/lib/shell.d.ts

@@ -0,0 +1,61 @@
+/**
+ * CiCore CLI Shell Executor
+ *
+ * Handles local and remote command execution
+ */
+export interface ExecResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+    success: boolean;
+}
+/**
+ * Execute a local command
+ * @param command - Command to execute
+ * @param args - Command arguments
+ * @param options - Execution options
+ * @param options.cwd - Working directory
+ * @param options.silent - Suppress command logging
+ * @param options.stream - Stream output to console in real-time
+ */
+export declare function exec(command: string, args?: string[], options?: {
+    cwd?: string;
+    silent?: boolean;
+    stream?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Execute a command on the remote server via SSH
+ */
+export declare function ssh(command: string, options?: {
+    silent?: boolean;
+    host?: string;
+}): Promise<ExecResult>;
+/**
+ * Copy files to remote server via SCP
+ */
+export declare function scp(localPath: string, remotePath: string, options?: {
+    recursive?: boolean;
+    silent?: boolean;
+    host?: string;
+}): Promise<ExecResult>;
+/**
+ * Execute Docker command (local or remote based on env)
+ */
+export declare function docker(command: string, options?: {
+    silent?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Execute Docker Compose command
+ */
+export declare function dockerCompose(composeFile: string, command: string, options?: {
+    cwd?: string;
+    silent?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Execute command inside a Docker container
+ */
+export declare function dockerExec(container: string, command: string, options?: {
+    user?: string;
+    silent?: boolean;
+}): Promise<ExecResult>;
+//# sourceMappingURL=shell.d.ts.map

package/dist/lib/shell.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../../src/lib/shell.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;;;;;;;GAQG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,MAAM,EAAO,EACnB,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GACjE,OAAO,CAAC,UAAU,CAAC,CAoDrB;AAED;;GAEG;AACH,wBAAsB,GAAG,CACvB,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAO,GAChD,OAAO,CAAC,UAAU,CAAC,CAkCrB;AAED;;GAEG;AACH,wBAAsB,GAAG,CACvB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAO,GACrE,OAAO,CAAC,UAAU,CAAC,CAmCrB;AAED;;GAEG;AACH,wBAAsB,MAAM,CAC1B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GACjC,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GAC/C,OAAO,CAAC,UAAU,CAAC,CASrB;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC9B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GAChD,OAAO,CAAC,UAAU,CAAC,CAcrB"}

package/dist/lib/shell.js

@@ -0,0 +1,183 @@
+/**
+ * CiCore CLI Shell Executor
+ *
+ * Handles local and remote command execution
+ */
+import { execa } from 'execa';
+import { log } from './logger.js';
+import { getEnv, getSSHConnection, isDryRun } from './config.js';
+/**
+ * Execute a local command
+ * @param command - Command to execute
+ * @param args - Command arguments
+ * @param options - Execution options
+ * @param options.cwd - Working directory
+ * @param options.silent - Suppress command logging
+ * @param options.stream - Stream output to console in real-time
+ */
+export async function exec(command, args = [], options = {}) {
+    const { cwd, silent = false, stream = false } = options;
+    if (!silent && !stream) {
+        log.cmd(`${command} ${args.join(' ')}`);
+    }
+    if (isDryRun()) {
+        log.debug('[DRY RUN] Would execute:', command, args.join(' '));
+        return { stdout: '', stderr: '', exitCode: 0, success: true };
+    }
+    try {
+        if (stream) {
+            // Stream output to console in real-time
+            const result = await execa(command, args, {
+                cwd,
+                shell: true,
+                reject: false,
+                stdout: 'inherit',
+                stderr: 'inherit',
+            });
+            return {
+                stdout: '',
+                stderr: '',
+                exitCode: result.exitCode ?? 0,
+                success: result.exitCode === 0,
+            };
+        }
+        else {
+            const result = await execa(command, args, {
+                cwd,
+                shell: true,
+                reject: false,
+            });
+            return {
+                stdout: result.stdout,
+                stderr: result.stderr,
+                exitCode: result.exitCode ?? 0,
+                success: result.exitCode === 0,
+            };
+        }
+    }
+    catch (error) {
+        const execaError = error;
+        return {
+            stdout: String(execaError.stdout || ''),
+            stderr: String(execaError.stderr || execaError.message),
+            exitCode: execaError.exitCode ?? 1,
+            success: false,
+        };
+    }
+}
+/**
+ * Execute a command on the remote server via SSH
+ */
+export async function ssh(command, options = {}) {
+    const { silent = false, host } = options;
+    const sshConnection = host || getSSHConnection();
+    if (!silent) {
+        log.cmd(`ssh ${sshConnection} "${command}"`);
+    }
+    if (isDryRun()) {
+        log.debug('[DRY RUN] Would execute on server:', command);
+        return { stdout: '', stderr: '', exitCode: 0, success: true };
+    }
+    try {
+        const result = await execa('ssh', [sshConnection, command], {
+            shell: false,
+            reject: false,
+        });
+        return {
+            stdout: result.stdout,
+            stderr: result.stderr,
+            exitCode: result.exitCode ?? 0,
+            success: result.exitCode === 0,
+        };
+    }
+    catch (error) {
+        const execaError = error;
+        return {
+            stdout: String(execaError.stdout || ''),
+            stderr: String(execaError.stderr || execaError.message),
+            exitCode: execaError.exitCode ?? 1,
+            success: false,
+        };
+    }
+}
+/**
+ * Copy files to remote server via SCP
+ */
+export async function scp(localPath, remotePath, options = {}) {
+    const { recursive = false, silent = false, host } = options;
+    const sshConnection = host || getSSHConnection();
+    const args = recursive ? ['-r', localPath, `${sshConnection}:${remotePath}`] : [localPath, `${sshConnection}:${remotePath}`];
+    if (!silent) {
+        log.cmd(`scp ${args.join(' ')}`);
+    }
+    if (isDryRun()) {
+        log.debug('[DRY RUN] Would copy:', localPath, '→', remotePath);
+        return { stdout: '', stderr: '', exitCode: 0, success: true };
+    }
+    try {
+        const result = await execa('scp', args, {
+            shell: false,
+            reject: false,
+        });
+        return {
+            stdout: result.stdout,
+            stderr: result.stderr,
+            exitCode: result.exitCode ?? 0,
+            success: result.exitCode === 0,
+        };
+    }
+    catch (error) {
+        const execaError = error;
+        return {
+            stdout: String(execaError.stdout || ''),
+            stderr: String(execaError.stderr || execaError.message),
+            exitCode: execaError.exitCode ?? 1,
+            success: false,
+        };
+    }
+}
+/**
+ * Execute Docker command (local or remote based on env)
+ */
+export async function docker(command, options = {}) {
+    const env = getEnv();
+    if (env === 'dev') {
+        return exec('docker', [command], options);
+    }
+    else {
+        return ssh(`docker ${command}`, options);
+    }
+}
+/**
+ * Execute Docker Compose command
+ */
+export async function dockerCompose(composeFile, command, options = {}) {
+    const env = getEnv();
+    const fullCommand = `docker compose -f ${composeFile} ${command}`;
+    if (env === 'dev') {
+        return exec('docker', ['compose', '-f', composeFile, ...command.split(' ')], options);
+    }
+    else {
+        return ssh(fullCommand, options);
+    }
+}
+/**
+ * Execute command inside a Docker container
+ */
+export async function dockerExec(container, command, options = {}) {
+    const { user, silent = false } = options;
+    const env = getEnv();
+    const userFlag = user ? `-u ${user}` : '';
+    const fullCommand = `docker exec ${userFlag} ${container} sh -c '${command}'`;
+    if (env === 'dev') {
+        const args = ['exec'];
+        if (user)
+            args.push('-u', user);
+        args.push(container, 'sh', '-c', command);
+        return exec('docker', args, { silent });
+    }
+    else {
+        return ssh(fullCommand, { silent });
+    }
+}
+//# sourceMappingURL=shell.js.map

package/dist/lib/shell.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell.js","sourceRoot":"","sources":["../../src/lib/shell.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,EAAc,MAAM,OAAO,CAAC;AAC1C,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAa,MAAM,aAAa,CAAC;AAS5E;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,OAAe,EACf,OAAiB,EAAE,EACnB,UAAgE,EAAE;IAElE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,KAAK,EAAE,MAAM,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAExD,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,QAAQ,EAAE,EAAE,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,0BAA0B,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,CAAC;QACH,IAAI,MAAM,EAAE,CAAC;YACX,wCAAwC;YACxC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;gBACxC,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;gBAC9B,OAAO,EAAE,MAAM,CAAC,QAAQ,KAAK,CAAC;aAC/B,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;gBACxC,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;gBAC9B,OAAO,EAAE,MAAM,CAAC,QAAQ,KAAK,CAAC;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,KAAmB,CAAC;QACvC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,CAAC;YACvC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,OAAO,CAAC;YACvD,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,CAAC;YAClC,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,OAAe,EACf,UAA+C,EAAE;IAEjD,MAAM,EAAE,MAAM,GAAG,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,aAAa,GAAG,IAAI,IAAI,gBAAgB,EAAE,CAAC;IAEjD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,GAAG,CAAC,OAAO,aAAa,KAAK,OAAO,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,QAAQ,EAAE,EAAE,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,oCAAoC,EAAE,OAAO,CAAC,CAAC;QACzD,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE;YAC1D,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;YAC9B,OAAO,EAAE,MAAM,CAAC,QAAQ,KAAK,CAAC;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,KAAmB,CAAC;QACvC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,CAAC;YACvC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,OAAO,CAAC;YACvD,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,CAAC;YAClC,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,SAAiB,EACjB,UAAkB,EAClB,UAAoE,EAAE;IAEtE,MAAM,EAAE,SAAS,GAAG,KAAK,EAAE,MAAM,GAAG,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAC5D,MAAM,aAAa,GAAG,IAAI,IAAI,gBAAgB,EAAE,CAAC;IACjD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,aAAa,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,GAAG,aAAa,IAAI,UAAU,EAAE,CAAC,CAAC;IAE7H,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,QAAQ,EAAE,EAAE,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QAC/D,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE;YACtC,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;YAC9B,OAAO,EAAE,MAAM,CAAC,QAAQ,KAAK,CAAC;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,KAAmB,CAAC;QACvC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,CAAC;YACvC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,OAAO,CAAC;YACvD,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,CAAC;YAClC,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,OAAe,EACf,UAAgC,EAAE;IAElC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IAErB,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,UAAU,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,WAAmB,EACnB,OAAe,EACf,UAA8C,EAAE;IAEhD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IACrB,MAAM,WAAW,GAAG,qBAAqB,WAAW,IAAI,OAAO,EAAE,CAAC;IAElE,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACxF,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,SAAiB,EACjB,OAAe,EACf,UAA+C,EAAE;IAEjD,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1C,MAAM,WAAW,GAAG,eAAe,QAAQ,IAAI,SAAS,WAAW,OAAO,GAAG,CAAC;IAE9E,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QACtB,IAAI,IAAI;YAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC;AACH,CAAC"}

package/dist/lib/ssh-config.d.ts

@@ -0,0 +1,37 @@
+/**
+ * CiCore CLI - SSH Config Parser
+ *
+ * Reads SSH config file to get host information
+ */
+export interface SSHHost {
+    name: string;
+    hostname: string;
+    user: string;
+    port: number;
+    identityFile?: string;
+}
+/**
+ * Parse SSH config file and return hosts
+ */
+export declare function parseSSHConfig(): Promise<Map<string, SSHHost>>;
+/**
+ * Get a specific SSH host by name
+ */
+export declare function getSSHHost(name: string): Promise<SSHHost | null>;
+/**
+ * List all SSH hosts
+ */
+export declare function listSSHHosts(): Promise<SSHHost[]>;
+/**
+ * Build SSH connection string
+ */
+export declare function buildSSHString(host: SSHHost): string;
+/**
+ * Build SSH command with identity file
+ */
+export declare function buildSSHCommand(host: SSHHost, command: string): string[];
+/**
+ * Build SCP command with identity file
+ */
+export declare function buildSCPCommand(host: SSHHost, source: string, dest: string, recursive?: boolean): string[];
+//# sourceMappingURL=ssh-config.d.ts.map

package/dist/lib/ssh-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-config.d.ts","sourceRoot":"","sources":["../../src/lib/ssh-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA6DpE;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAGtE;AAED;;GAEG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAGvD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAMpD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAexE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,GAAE,OAAe,GAAG,MAAM,EAAE,CAmBjH"}

package/dist/lib/ssh-config.js

@@ -0,0 +1,122 @@
+/**
+ * CiCore CLI - SSH Config Parser
+ *
+ * Reads SSH config file to get host information
+ */
+import fs from 'fs-extra';
+import path from 'path';
+import os from 'os';
+/**
+ * Parse SSH config file and return hosts
+ */
+export async function parseSSHConfig() {
+    const configPath = path.join(os.homedir(), '.ssh', 'config');
+    const hosts = new Map();
+    if (!await fs.pathExists(configPath)) {
+        return hosts;
+    }
+    const content = await fs.readFile(configPath, 'utf-8');
+    const lines = content.split('\n');
+    let currentHost = null;
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#')) {
+            continue;
+        }
+        const [key, ...valueParts] = trimmed.split(/\s+/);
+        const value = valueParts.join(' ');
+        if (key.toLowerCase() === 'host') {
+            // Save previous host
+            if (currentHost) {
+                hosts.set(currentHost.name, currentHost);
+            }
+            // Start new host
+            currentHost = {
+                name: value,
+                hostname: '',
+                user: 'root',
+                port: 22,
+            };
+        }
+        else if (currentHost) {
+            switch (key.toLowerCase()) {
+                case 'hostname':
+                    currentHost.hostname = value;
+                    break;
+                case 'user':
+                    currentHost.user = value;
+                    break;
+                case 'port':
+                    currentHost.port = parseInt(value) || 22;
+                    break;
+                case 'identityfile':
+                    // Expand ~ to home directory
+                    currentHost.identityFile = value.replace(/^~/, os.homedir());
+                    break;
+            }
+        }
+    }
+    // Save last host
+    if (currentHost) {
+        hosts.set(currentHost.name, currentHost);
+    }
+    return hosts;
+}
+/**
+ * Get a specific SSH host by name
+ */
+export async function getSSHHost(name) {
+    const hosts = await parseSSHConfig();
+    return hosts.get(name) || null;
+}
+/**
+ * List all SSH hosts
+ */
+export async function listSSHHosts() {
+    const hosts = await parseSSHConfig();
+    return Array.from(hosts.values());
+}
+/**
+ * Build SSH connection string
+ */
+export function buildSSHString(host) {
+    let cmd = `${host.user}@${host.hostname}`;
+    if (host.port !== 22) {
+        cmd = `-p ${host.port} ${cmd}`;
+    }
+    return cmd;
+}
+/**
+ * Build SSH command with identity file
+ */
+export function buildSSHCommand(host, command) {
+    const args = [];
+    if (host.identityFile) {
+        args.push('-i', host.identityFile);
+    }
+    if (host.port !== 22) {
+        args.push('-p', host.port.toString());
+    }
+    args.push(`${host.user}@${host.hostname}`);
+    args.push(command);
+    return args;
+}
+/**
+ * Build SCP command with identity file
+ */
+export function buildSCPCommand(host, source, dest, recursive = false) {
+    const args = [];
+    if (host.identityFile) {
+        args.push('-i', host.identityFile);
+    }
+    if (host.port !== 22) {
+        args.push('-P', host.port.toString());
+    }
+    if (recursive) {
+        args.push('-r');
+    }
+    args.push(source);
+    args.push(`${host.user}@${host.hostname}:${dest}`);
+    return args;
+}
+//# sourceMappingURL=ssh-config.js.map

package/dist/lib/ssh-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-config.js","sourceRoot":"","sources":["../../src/lib/ssh-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,UAAU,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AAUpB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;IAEzC,IAAI,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,IAAI,WAAW,GAAmB,IAAI,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,MAAM,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;YACjC,qBAAqB;YACrB,IAAI,WAAW,EAAE,CAAC;gBAChB,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC3C,CAAC;YAED,iBAAiB;YACjB,WAAW,GAAG;gBACZ,IAAI,EAAE,KAAK;gBACX,QAAQ,EAAE,EAAE;gBACZ,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,EAAE;aACT,CAAC;QACJ,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACvB,QAAQ,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC1B,KAAK,UAAU;oBACb,WAAW,CAAC,QAAQ,GAAG,KAAK,CAAC;oBAC7B,MAAM;gBACR,KAAK,MAAM;oBACT,WAAW,CAAC,IAAI,GAAG,KAAK,CAAC;oBACzB,MAAM;gBACR,KAAK,MAAM;oBACT,WAAW,CAAC,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;oBACzC,MAAM;gBACR,KAAK,cAAc;oBACjB,6BAA6B;oBAC7B,WAAW,CAAC,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;oBAC7D,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,IAAI,WAAW,EAAE,CAAC;QAChB,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAY;IAC3C,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;IACrC,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;IACrC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAa;IAC1C,IAAI,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;QACrB,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;IACjC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa,EAAE,OAAe;IAC5D,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa,EAAE,MAAc,EAAE,IAAY,EAAE,YAAqB,KAAK;IACrG,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC,CAAC;IAEnD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/tenant-scope.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Tenant-scope static analysis — T-C trust-boundary deploy gate (task-230).
+ *
+ * Addon Backend PHP'si paylaşımlı cicore_php-FPM içinde çalışır. Yanlış yazılmış
+ * bir addon DatabaseService'i doğrudan çağırarak TenantContext'i bypass edip başka
+ * tenant'ın verisine erişebilir.
+ *
+ * Tarama iki katmanda çalışır:
+ *   1. Orijinal satır bazlı — kesin satır numarası üretir.
+ *   2. Whitespace-normalize (tek satır) — multi-line split kaçağını kapatır.
+ *
+ * Ayrıca PHP class alias (`use ... as Alias`) tespiti yapılır; her alias için
+ * forbidden pattern'lar dinamik olarak üretilir.
+ *
+ * Sınır: statik regex (AST değil). Obfuscated runtime bypass → FAZ-2 sandbox (Hünkar).
+ */
+export interface TenantScopeViolation {
+    readonly file: string;
+    readonly line: number;
+    readonly rule: string;
+    readonly detail: string;
+}
+export interface TenantScopeResult {
+    readonly violations: TenantScopeViolation[];
+    readonly tenantContextUsed: boolean;
+    readonly hasBackendFiles: boolean;
+    readonly ok: boolean;
+}
+export interface FileInput {
+    readonly path: string;
+    readonly content: string;
+}
+/**
+ * Analyzes a list of Backend PHP files for tenant-scope violations.
+ * Pure function (no filesystem I/O) — testable without disk.
+ */
+export declare function analyzeTenantScope(files: FileInput[]): TenantScopeResult;
+//# sourceMappingURL=tenant-scope.d.ts.map

package/dist/lib/tenant-scope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant-scope.d.ts","sourceRoot":"","sources":["../../src/lib/tenant-scope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,UAAU,EAAE,oBAAoB,EAAE,CAAA;IAC3C,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAA;IACnC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAA;IACjC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAA;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACzB;AAqDD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,iBAAiB,CAoGxE"}