@etalon/cli 1.0.2 → 1.0.4

package/README.md

@@ -12,22 +12,22 @@ npm install -g etalon
 
 ```bash
 # Scan a website
-optic scan https://example.com
+etalon scan https://example.com
 
 # JSON output
-optic scan https://example.com --format json
+etalon scan https://example.com --format json
 
 # SARIF for CI/CD (GitHub Code Scanning)
-optic scan https://example.com --format sarif
+etalon scan https://example.com --format sarif
 
 # Deep scan — scroll page, click consent dialogs
-optic scan https://example.com --deep
+etalon scan https://example.com --deep
 
 # Look up a single domain
-optic lookup google-analytics.com
+etalon lookup google-analytics.com
 
 # Registry stats
-optic info
+etalon info
 ```
 
 ## Options

package/dist/{chunk-Z6ZQZ5HI.js → chunk-YN7IXPMI.js}

@@ -11,7 +11,7 @@ var ETALON_VERSION = "1.0.0";
 var DEFAULT_OPTIONS = {
   deep: false,
   timeout: 3e4,
-  waitForNetworkIdle: true,
+  waitForNetworkIdle: false,
   userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36",
   viewport: { width: 1920, height: 1080 },
   vendorDbPath: ""

package/dist/{consent-checker-B6J7GESG.js → consent-checker-QRPTMQWN.js}

@@ -74,8 +74,8 @@ async function checkConsent(url, options = {}) {
         postRejectRequests.push(req);
       }
     });
-    await page.goto(url, { waitUntil: "networkidle", timeout });
-    await page.waitForTimeout(2e3);
+    await page.goto(url, { waitUntil: "domcontentloaded", timeout });
+    await page.waitForTimeout(3e3);
     const { bannerDetected, bannerType, rejectSelector } = await detectBanner(page);
     let rejectButtonFound = false;
     let rejectClicked = false;

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   scanSite
-} from "./chunk-Z6ZQZ5HI.js";
+} from "./chunk-YN7IXPMI.js";
 
 // src/index.ts
 import { Command } from "commander";
@@ -20,7 +20,18 @@ import {
   analyzeDataFlow,
   toMermaid,
   toTextSummary,
-  generatePolicy
+  generatePolicy,
+  AutoFixEngine,
+  applyContextScoring,
+  reportFalsePositive,
+  getFeedbackSummary,
+  isTelemetryEnabled,
+  enableTelemetry,
+  disableTelemetry,
+  recordAuditEvent,
+  analyzePatterns,
+  getLearningStats,
+  detectProjectContext
 } from "@etalon/core";
 
 // src/formatters/text.ts
@@ -778,14 +789,14 @@ var program = new Command();
 program.name("etalon").description("ETALON \u2014 Open-source privacy auditor. Scan websites for trackers and GDPR compliance.").version(VERSION).hook("preAction", () => {
   showBanner();
 });
-program.command("scan").description("Scan a website for third-party trackers").argument("<url>", "URL to scan").option("-f, --format <format>", "Output format: text, json, sarif", "text").option("-d, --deep", "Deep scan: scroll page, interact with consent dialogs", false).option("-t, --timeout <ms>", "Navigation timeout in milliseconds", "30000").option("--no-idle", "Do not wait for network idle").option("--config <path>", "Path to etalon.yaml config file").action(async (url, options) => {
+program.command("scan").description("Scan a website for third-party trackers").argument("<url>", "URL to scan").option("-f, --format <format>", "Output format: text, json, sarif", "text").option("-d, --deep", "Deep scan: scroll page, interact with consent dialogs", false).option("-t, --timeout <ms>", "Navigation timeout in milliseconds", "30000").option("--idle", "Wait for network idle (slower but more thorough)").option("--config <path>", "Path to etalon.yaml config file").action(async (url, options) => {
   const normalizedUrl = normalizeUrl(url);
   const format = options.format ?? "text";
   const config = loadConfig(options.config);
   const scanOptions = {
     deep: options.deep,
     timeout: parseInt(options.timeout, 10),
-    waitForNetworkIdle: options.idle !== false
+    waitForNetworkIdle: options.idle === true
   };
   if (config?.scan) {
     if (config.scan.timeout && !options.timeout) scanOptions.timeout = config.scan.timeout;
@@ -841,14 +852,26 @@ program.command("audit").description("Scan a codebase for GDPR compliance (track
       severity: options.severity,
       includeBlame
     });
+    const scoring = applyContextScoring(report.findings, dir);
+    report.findings = scoring.adjustedFindings;
+    if (scoring.adjustments.length > 0 && format === "text") {
+      spinner?.stop();
+      console.log(chalk4.bold(`
+\u{1F3AF} Context: ${scoring.projectContext.industry} / ${scoring.projectContext.region}`));
+      console.log(chalk4.dim(`   ${scoring.adjustments.length} finding(s) had severity adjusted based on context`));
+      for (const adj of scoring.adjustments.slice(0, 5)) {
+        console.log(`   ${chalk4.dim(adj.finding_rule)}: ${adj.original_severity} \u2192 ${chalk4.yellow(adj.adjusted_severity)} (${adj.reason})`);
+      }
+      if (scoring.adjustments.length > 5) {
+        console.log(chalk4.dim(`   ... and ${scoring.adjustments.length - 5} more`));
+      }
+    }
     spinner?.stop();
     if (autoFix) {
       const patches = generatePatches(report.findings, dir);
-      if (patches.length === 0) {
-        console.log(chalk4.yellow("\nNo auto-fixable issues found."));
-      } else {
+      if (patches.length > 0) {
         console.log(chalk4.bold(`
-\u{1F527} ${patches.length} auto-fixable issue(s):`));
+\u{1F527} ${patches.length} config fix(es):`));
         for (const p of patches) {
           console.log(`  ${chalk4.dim(p.file)}:${p.line} \u2014 ${p.description}`);
           console.log(`    ${chalk4.red("- " + p.oldContent.trim())}`);
@@ -856,9 +879,58 @@ program.command("audit").description("Scan a codebase for GDPR compliance (track
         }
         const applied = applyPatches(patches, dir);
         console.log(chalk4.green(`
-\u2713 Applied ${applied} fix(es).`));
+\u2713 Applied ${applied} config fix(es).`));
+      }
+      const engine = new AutoFixEngine();
+      const { readdirSync } = await import("fs");
+      const { join: joinPath } = await import("path");
+      const codeFiles = [];
+      const collectCodeFiles = (d) => {
+        try {
+          for (const entry of readdirSync(d, { withFileTypes: true })) {
+            const full = joinPath(d, entry.name);
+            if (entry.isDirectory()) {
+              if (!["node_modules", ".git", "dist", "build", ".next", "__pycache__", "target"].includes(entry.name)) {
+                collectCodeFiles(full);
+              }
+            } else if (/\.(tsx?|jsx?|vue|svelte|html)$/.test(entry.name)) {
+              codeFiles.push(full);
+            }
+          }
+        } catch {
+        }
+      };
+      collectCodeFiles(dir);
+      const suggestions = engine.scanFiles(codeFiles);
+      if (suggestions.length > 0) {
+        console.log(chalk4.bold(`
+\u{1F6E1}\uFE0F  ${suggestions.length} tracker consent fix(es) available:`));
+        for (const s of suggestions) {
+          console.log(`  ${chalk4.cyan(s.tracker_name)} in ${chalk4.dim(s.location.file)}:${s.location.line}`);
+          console.log(`    ${chalk4.dim(s.description)}`);
+        }
+        const hookPath = engine.generateConsentHook(dir);
+        console.log(chalk4.green(`
+\u2713 Generated consent hook: ${chalk4.cyan(hookPath)}`));
+        const result = engine.applyAllFixes(suggestions);
+        console.log(chalk4.green(`\u2713 Applied ${result.applied} tracker consent fix(es).`));
+        if (result.failed > 0) {
+          console.log(chalk4.yellow(`\u26A0 ${result.failed} fix(es) could not be applied.`));
+        }
+      }
+      if (patches.length === 0 && suggestions.length === 0) {
+        console.log(chalk4.yellow("\nNo auto-fixable issues found."));
       }
     }
+    recordAuditEvent({
+      total_findings: report.findings.length,
+      critical: report.summary.critical,
+      high: report.summary.high,
+      medium: report.summary.medium,
+      framework: scoring.projectContext.industry,
+      industry: scoring.projectContext.industry,
+      region: scoring.projectContext.region
+    });
     switch (format) {
       case "json":
         console.log(JSON.stringify(report, null, 2));
@@ -923,7 +995,7 @@ program.command("consent-check").description("Test if trackers fire before/after
   const format = options.format ?? "text";
   const spinner = format === "text" ? ora(`Checking consent on ${normalizedUrl}...`).start() : null;
   try {
-    const { checkConsent } = await import("./consent-checker-B6J7GESG.js");
+    const { checkConsent } = await import("./consent-checker-QRPTMQWN.js");
     const result = await checkConsent(normalizedUrl, {
       timeout: parseInt(options.timeout ?? "15000", 10)
     });
@@ -977,7 +1049,7 @@ program.command("policy-check").description("Cross-reference privacy policy text
   const format = options.format ?? "text";
   const spinner = format === "text" ? ora(`Analyzing privacy policy for ${normalizedUrl}...`).start() : null;
   try {
-    const { checkPolicy } = await import("./policy-checker-J2WPHGU3.js");
+    const { checkPolicy } = await import("./policy-checker-ONMTI7X2.js");
     const result = await checkPolicy(normalizedUrl, {
       timeout: parseInt(options.timeout ?? "30000", 10),
       policyUrl: options.policyUrl
@@ -1149,23 +1221,22 @@ Error: ${error.message}`);
 program.command("data-flow").description("Map PII data flows through your codebase").argument("[dir]", "Directory to analyze", "./").option("-f, --format <format>", "Output format: text, mermaid, json", "text").action(async (dir, options) => {
   const spinner = ora("Analyzing data flows...").start();
   try {
-    let walk2 = function(d) {
+    const { readdirSync } = await import("fs");
+    const { join: join3, relative } = await import("path");
+    const files = [];
+    const walk = (d) => {
       for (const entry of readdirSync(d, { withFileTypes: true })) {
         const full = join3(d, entry.name);
         if (entry.isDirectory()) {
           if (!["node_modules", ".git", "dist", "build", ".next", "__pycache__"].includes(entry.name)) {
-            walk2(full);
+            walk(full);
           }
         } else {
           files.push(relative(dir, full));
         }
       }
     };
-    var walk = walk2;
-    const { readdirSync, statSync } = await import("fs");
-    const { join: join3, relative } = await import("path");
-    const files = [];
-    walk2(dir);
+    walk(dir);
     const flow = analyzeDataFlow(files, dir);
     spinner.stop();
     switch (options.format) {
@@ -1187,4 +1258,84 @@ Error: ${error.message}`);
     process.exit(2);
   }
 });
+program.command("report-fp").description("Report a false positive finding").requiredOption("--domain <domain>", "Domain that was incorrectly flagged").requiredOption("--rule <rule>", "Rule that triggered the false positive").option("--file <file>", "File where the false positive was found").option("--reason <reason>", "Why this is a false positive", "Not a tracker").action((options) => {
+  const report = reportFalsePositive({
+    domain: options.domain,
+    rule: options.rule,
+    file: options.file,
+    reason: options.reason ?? "Not a tracker",
+    suggested_action: "whitelist_domain"
+  });
+  console.log(chalk4.green(`\u2713 False positive reported: ${chalk4.bold(report.id)}`));
+  console.log(chalk4.dim(`  Domain: ${report.domain}`));
+  console.log(chalk4.dim(`  Rule:   ${report.rule}`));
+  console.log(chalk4.dim(`  Reason: ${report.reason}`));
+  console.log("");
+  console.log(chalk4.dim("Reports help ETALON learn and reduce false positives over time."));
+});
+program.command("telemetry").description("Manage anonymous usage telemetry").argument("<action>", "enable, disable, or status").action((action) => {
+  switch (action) {
+    case "enable":
+      enableTelemetry();
+      console.log(chalk4.green("\u2713 Telemetry enabled."));
+      console.log(chalk4.dim("  Anonymous usage data helps improve ETALON for everyone."));
+      console.log(chalk4.dim("  No PII is ever collected. Set DO_NOT_TRACK=1 to override."));
+      break;
+    case "disable":
+      disableTelemetry();
+      console.log(chalk4.yellow("\u2713 Telemetry disabled."));
+      break;
+    case "status":
+      console.log(`Telemetry: ${isTelemetryEnabled() ? chalk4.green("enabled") : chalk4.yellow("disabled")}`);
+      break;
+    default:
+      console.error(chalk4.red(`Unknown action: ${action}. Use enable, disable, or status.`));
+      process.exit(1);
+  }
+});
+program.command("intelligence").description("Show intelligence engine status and learned patterns").argument("[dir]", "Project directory for context detection", "./").action((dir) => {
+  console.log(chalk4.bold("ETALON Intelligence Engine"));
+  console.log(chalk4.dim("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550"));
+  console.log("");
+  const ctx = detectProjectContext(dir);
+  console.log(chalk4.bold("\u{1F3AF} Project Context"));
+  console.log(`  Industry:         ${chalk4.cyan(ctx.industry)}`);
+  console.log(`  Region:           ${chalk4.cyan(ctx.region)}`);
+  console.log(`  Data Sensitivity:  ${chalk4.cyan(ctx.data_sensitivity)}`);
+  if (ctx.detected_signals.length > 0) {
+    console.log(chalk4.dim("  Signals:"));
+    for (const s of ctx.detected_signals) {
+      console.log(chalk4.dim(`    \u2022 ${s}`));
+    }
+  }
+  console.log("");
+  const stats = getLearningStats();
+  console.log(chalk4.bold("\u{1F9E0} Learning Engine"));
+  console.log(`  Patterns learned:   ${chalk4.cyan(String(stats.patterns_learned))}`);
+  console.log(`  Feedback processed: ${chalk4.cyan(String(stats.feedback_processed))}`);
+  console.log(`  Impact:             ${chalk4.cyan(stats.accuracy_improvement)}`);
+  console.log("");
+  const feedback = getFeedbackSummary();
+  if (feedback.total_reports > 0) {
+    console.log(chalk4.bold("\u{1F4CA} False Positive Reports"));
+    console.log(`  Total reports:   ${feedback.total_reports}`);
+    if (feedback.suggested_whitelists.length > 0) {
+      console.log(chalk4.dim("  Suggested whitelists (3+ reports):"));
+      for (const d of feedback.suggested_whitelists) {
+        console.log(chalk4.dim(`    \u2022 ${d}`));
+      }
+    }
+    console.log("");
+  }
+  const learned = analyzePatterns();
+  if (learned.length > 0) {
+    console.log(chalk4.bold("\u{1F4DD} Learned Patterns"));
+    for (const p of learned) {
+      console.log(`  ${chalk4.cyan(p.domain)} \u2014 ${p.suggested_action} (confidence: ${(p.confidence * 100).toFixed(0)}%)`);
+    }
+    console.log("");
+  }
+  console.log(chalk4.dim("Telemetry: ") + (isTelemetryEnabled() ? chalk4.green("enabled") : chalk4.yellow("disabled")));
+  console.log("");
+});
 program.parse();

package/dist/{policy-checker-J2WPHGU3.js → policy-checker-ONMTI7X2.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   scanSite
-} from "./chunk-Z6ZQZ5HI.js";
+} from "./chunk-YN7IXPMI.js";
 
 // src/policy-checker.ts
 import { chromium } from "playwright";
@@ -46,7 +46,7 @@ async function findPolicyPage(page, siteUrl) {
       const testUrl = `${baseUrl.origin}${path}`;
       const response = await page.goto(testUrl, { waitUntil: "domcontentloaded", timeout: 1e4 });
       if (response && response.status() >= 200 && response.status() < 400) {
-        const bodyText = await page.evaluate(() => globalThis.document.body?.innerText?.trim() ?? "");
+        const bodyText = await page.evaluate(() => document.body?.innerText?.trim() ?? "");
         if (bodyText.length > 200) {
           return testUrl;
         }
@@ -82,13 +82,12 @@ async function findPolicyPage(page, siteUrl) {
   return null;
 }
 async function extractPolicyText(page, policyUrl) {
-  await page.goto(policyUrl, { waitUntil: "networkidle", timeout: 2e4 });
+  await page.goto(policyUrl, { waitUntil: "domcontentloaded", timeout: 2e4 });
   await page.waitForTimeout(1e3);
   const text = await page.evaluate(() => {
-    const doc = globalThis.document;
-    const elementsToRemove = doc.querySelectorAll("script, style, nav, header, footer, iframe");
+    const elementsToRemove = document.querySelectorAll("script, style, nav, header, footer, iframe");
     elementsToRemove.forEach((el) => el.remove());
-    return doc.body?.innerText ?? "";
+    return document.body?.innerText ?? "";
   });
   return text.replace(/\s+/g, " ").trim();
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@etalon/cli",
-  "version": "1.0.2",
-  "description": "ETALON \u2014 Privacy audit tool for websites. Scan any site for trackers and GDPR compliance.",
+  "version": "1.0.4",
+  "description": "ETALON — Privacy audit tool for websites. Scan any site for trackers and GDPR compliance.",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "type": "module",
@@ -23,7 +23,7 @@
     "ora": "^8.0.0",
     "playwright": "^1.42.0",
     "yaml": "^2.3.0",
-    "@etalon/core": "^1.0.1"
+    "@etalon/core": "^1.0.2"
   },
   "keywords": [
     "privacy",