@etalon/cli 1.0.3 → 1.0.5

package/README.md

@@ -12,22 +12,22 @@ npm install -g etalon
 
 ```bash
 # Scan a website
-optic scan https://example.com
+etalon scan https://example.com
 
 # JSON output
-optic scan https://example.com --format json
+etalon scan https://example.com --format json
 
 # SARIF for CI/CD (GitHub Code Scanning)
-optic scan https://example.com --format sarif
+etalon scan https://example.com --format sarif
 
 # Deep scan — scroll page, click consent dialogs
-optic scan https://example.com --deep
+etalon scan https://example.com --deep
 
 # Look up a single domain
-optic lookup google-analytics.com
+etalon lookup google-analytics.com
 
 # Registry stats
-optic info
+etalon info
 ```
 
 ## Options

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/index.js

@@ -20,7 +20,18 @@ import {
   analyzeDataFlow,
   toMermaid,
   toTextSummary,
-  generatePolicy
+  generatePolicy,
+  AutoFixEngine,
+  applyContextScoring,
+  reportFalsePositive,
+  getFeedbackSummary,
+  isTelemetryEnabled,
+  enableTelemetry,
+  disableTelemetry,
+  recordAuditEvent,
+  analyzePatterns,
+  getLearningStats,
+  detectProjectContext
 } from "@etalon/core";
 
 // src/formatters/text.ts
@@ -105,13 +116,13 @@ function formatVendorEntry(dv, compact = false) {
   const lines = [];
   const riskColor = vendor.risk_score >= 6 ? chalk.red : vendor.risk_score >= 3 ? chalk.yellow : chalk.green;
   lines.push(
-    `${riskColor(vendor.domains[0].padEnd(35))} ${chalk.bold(vendor.name)}`
+    `${riskColor((vendor.domains?.[0] ?? "unknown").padEnd(35))} ${chalk.bold(vendor.name)}`
   );
   lines.push(`\u251C\u2500 ${chalk.dim("Category:")}   ${vendor.category}`);
   if (!compact) {
     const gdprStatus = vendor.gdpr_compliant ? chalk.green("Compliant") + (vendor.dpa_url ? chalk.dim(" (with DPA)") : "") : chalk.red("Non-compliant");
     lines.push(`\u251C\u2500 ${chalk.dim("GDPR:")}       ${gdprStatus}`);
-    if (vendor.data_collected.length > 0) {
+    if (vendor.data_collected && vendor.data_collected.length > 0) {
       lines.push(`\u251C\u2500 ${chalk.dim("Data:")}       ${vendor.data_collected.join(", ")}`);
     }
     if (vendor.dpa_url) {
@@ -841,14 +852,26 @@ program.command("audit").description("Scan a codebase for GDPR compliance (track
       severity: options.severity,
       includeBlame
     });
+    const scoring = applyContextScoring(report.findings, dir);
+    report.findings = scoring.adjustedFindings;
+    if (scoring.adjustments.length > 0 && format === "text") {
+      spinner?.stop();
+      console.log(chalk4.bold(`
+\u{1F3AF} Context: ${scoring.projectContext.industry} / ${scoring.projectContext.region}`));
+      console.log(chalk4.dim(`   ${scoring.adjustments.length} finding(s) had severity adjusted based on context`));
+      for (const adj of scoring.adjustments.slice(0, 5)) {
+        console.log(`   ${chalk4.dim(adj.finding_rule)}: ${adj.original_severity} \u2192 ${chalk4.yellow(adj.adjusted_severity)} (${adj.reason})`);
+      }
+      if (scoring.adjustments.length > 5) {
+        console.log(chalk4.dim(`   ... and ${scoring.adjustments.length - 5} more`));
+      }
+    }
     spinner?.stop();
     if (autoFix) {
       const patches = generatePatches(report.findings, dir);
-      if (patches.length === 0) {
-        console.log(chalk4.yellow("\nNo auto-fixable issues found."));
-      } else {
+      if (patches.length > 0) {
         console.log(chalk4.bold(`
-\u{1F527} ${patches.length} auto-fixable issue(s):`));
+\u{1F527} ${patches.length} config fix(es):`));
         for (const p of patches) {
           console.log(`  ${chalk4.dim(p.file)}:${p.line} \u2014 ${p.description}`);
           console.log(`    ${chalk4.red("- " + p.oldContent.trim())}`);
@@ -856,9 +879,58 @@ program.command("audit").description("Scan a codebase for GDPR compliance (track
         }
         const applied = applyPatches(patches, dir);
         console.log(chalk4.green(`
-\u2713 Applied ${applied} fix(es).`));
+\u2713 Applied ${applied} config fix(es).`));
+      }
+      const engine = new AutoFixEngine();
+      const { readdirSync } = await import("fs");
+      const { join: joinPath } = await import("path");
+      const codeFiles = [];
+      const collectCodeFiles = (d) => {
+        try {
+          for (const entry of readdirSync(d, { withFileTypes: true })) {
+            const full = joinPath(d, entry.name);
+            if (entry.isDirectory()) {
+              if (!["node_modules", ".git", "dist", "build", ".next", "__pycache__", "target"].includes(entry.name)) {
+                collectCodeFiles(full);
+              }
+            } else if (/\.(tsx?|jsx?|vue|svelte|html)$/.test(entry.name)) {
+              codeFiles.push(full);
+            }
+          }
+        } catch {
+        }
+      };
+      collectCodeFiles(dir);
+      const suggestions = engine.scanFiles(codeFiles);
+      if (suggestions.length > 0) {
+        console.log(chalk4.bold(`
+\u{1F6E1}\uFE0F  ${suggestions.length} tracker consent fix(es) available:`));
+        for (const s of suggestions) {
+          console.log(`  ${chalk4.cyan(s.tracker_name)} in ${chalk4.dim(s.location.file)}:${s.location.line}`);
+          console.log(`    ${chalk4.dim(s.description)}`);
+        }
+        const hookPath = engine.generateConsentHook(dir);
+        console.log(chalk4.green(`
+\u2713 Generated consent hook: ${chalk4.cyan(hookPath)}`));
+        const result = engine.applyAllFixes(suggestions);
+        console.log(chalk4.green(`\u2713 Applied ${result.applied} tracker consent fix(es).`));
+        if (result.failed > 0) {
+          console.log(chalk4.yellow(`\u26A0 ${result.failed} fix(es) could not be applied.`));
+        }
+      }
+      if (patches.length === 0 && suggestions.length === 0) {
+        console.log(chalk4.yellow("\nNo auto-fixable issues found."));
       }
     }
+    recordAuditEvent({
+      total_findings: report.findings.length,
+      critical: report.summary.critical,
+      high: report.summary.high,
+      medium: report.summary.medium,
+      framework: scoring.projectContext.industry,
+      industry: scoring.projectContext.industry,
+      region: scoring.projectContext.region
+    });
     switch (format) {
       case "json":
         console.log(JSON.stringify(report, null, 2));
@@ -977,7 +1049,7 @@ program.command("policy-check").description("Cross-reference privacy policy text
   const format = options.format ?? "text";
   const spinner = format === "text" ? ora(`Analyzing privacy policy for ${normalizedUrl}...`).start() : null;
   try {
-    const { checkPolicy } = await import("./policy-checker-SQTI766W.js");
+    const { checkPolicy } = await import("./policy-checker-ONMTI7X2.js");
     const result = await checkPolicy(normalizedUrl, {
       timeout: parseInt(options.timeout ?? "30000", 10),
       policyUrl: options.policyUrl
@@ -1149,23 +1221,22 @@ Error: ${error.message}`);
 program.command("data-flow").description("Map PII data flows through your codebase").argument("[dir]", "Directory to analyze", "./").option("-f, --format <format>", "Output format: text, mermaid, json", "text").action(async (dir, options) => {
   const spinner = ora("Analyzing data flows...").start();
   try {
-    let walk2 = function(d) {
+    const { readdirSync } = await import("fs");
+    const { join: join3, relative } = await import("path");
+    const files = [];
+    const walk = (d) => {
       for (const entry of readdirSync(d, { withFileTypes: true })) {
         const full = join3(d, entry.name);
         if (entry.isDirectory()) {
           if (!["node_modules", ".git", "dist", "build", ".next", "__pycache__"].includes(entry.name)) {
-            walk2(full);
+            walk(full);
           }
         } else {
           files.push(relative(dir, full));
         }
       }
     };
-    var walk = walk2;
-    const { readdirSync, statSync } = await import("fs");
-    const { join: join3, relative } = await import("path");
-    const files = [];
-    walk2(dir);
+    walk(dir);
     const flow = analyzeDataFlow(files, dir);
     spinner.stop();
     switch (options.format) {
@@ -1187,4 +1258,84 @@ Error: ${error.message}`);
     process.exit(2);
   }
 });
+program.command("report-fp").description("Report a false positive finding").requiredOption("--domain <domain>", "Domain that was incorrectly flagged").requiredOption("--rule <rule>", "Rule that triggered the false positive").option("--file <file>", "File where the false positive was found").option("--reason <reason>", "Why this is a false positive", "Not a tracker").action((options) => {
+  const report = reportFalsePositive({
+    domain: options.domain,
+    rule: options.rule,
+    file: options.file,
+    reason: options.reason ?? "Not a tracker",
+    suggested_action: "whitelist_domain"
+  });
+  console.log(chalk4.green(`\u2713 False positive reported: ${chalk4.bold(report.id)}`));
+  console.log(chalk4.dim(`  Domain: ${report.domain}`));
+  console.log(chalk4.dim(`  Rule:   ${report.rule}`));
+  console.log(chalk4.dim(`  Reason: ${report.reason}`));
+  console.log("");
+  console.log(chalk4.dim("Reports help ETALON learn and reduce false positives over time."));
+});
+program.command("telemetry").description("Manage anonymous usage telemetry").argument("<action>", "enable, disable, or status").action((action) => {
+  switch (action) {
+    case "enable":
+      enableTelemetry();
+      console.log(chalk4.green("\u2713 Telemetry enabled."));
+      console.log(chalk4.dim("  Anonymous usage data helps improve ETALON for everyone."));
+      console.log(chalk4.dim("  No PII is ever collected. Set DO_NOT_TRACK=1 to override."));
+      break;
+    case "disable":
+      disableTelemetry();
+      console.log(chalk4.yellow("\u2713 Telemetry disabled."));
+      break;
+    case "status":
+      console.log(`Telemetry: ${isTelemetryEnabled() ? chalk4.green("enabled") : chalk4.yellow("disabled")}`);
+      break;
+    default:
+      console.error(chalk4.red(`Unknown action: ${action}. Use enable, disable, or status.`));
+      process.exit(1);
+  }
+});
+program.command("intelligence").description("Show intelligence engine status and learned patterns").argument("[dir]", "Project directory for context detection", "./").action((dir) => {
+  console.log(chalk4.bold("ETALON Intelligence Engine"));
+  console.log(chalk4.dim("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550"));
+  console.log("");
+  const ctx = detectProjectContext(dir);
+  console.log(chalk4.bold("\u{1F3AF} Project Context"));
+  console.log(`  Industry:         ${chalk4.cyan(ctx.industry)}`);
+  console.log(`  Region:           ${chalk4.cyan(ctx.region)}`);
+  console.log(`  Data Sensitivity:  ${chalk4.cyan(ctx.data_sensitivity)}`);
+  if (ctx.detected_signals.length > 0) {
+    console.log(chalk4.dim("  Signals:"));
+    for (const s of ctx.detected_signals) {
+      console.log(chalk4.dim(`    \u2022 ${s}`));
+    }
+  }
+  console.log("");
+  const stats = getLearningStats();
+  console.log(chalk4.bold("\u{1F9E0} Learning Engine"));
+  console.log(`  Patterns learned:   ${chalk4.cyan(String(stats.patterns_learned))}`);
+  console.log(`  Feedback processed: ${chalk4.cyan(String(stats.feedback_processed))}`);
+  console.log(`  Impact:             ${chalk4.cyan(stats.accuracy_improvement)}`);
+  console.log("");
+  const feedback = getFeedbackSummary();
+  if (feedback.total_reports > 0) {
+    console.log(chalk4.bold("\u{1F4CA} False Positive Reports"));
+    console.log(`  Total reports:   ${feedback.total_reports}`);
+    if (feedback.suggested_whitelists.length > 0) {
+      console.log(chalk4.dim("  Suggested whitelists (3+ reports):"));
+      for (const d of feedback.suggested_whitelists) {
+        console.log(chalk4.dim(`    \u2022 ${d}`));
+      }
+    }
+    console.log("");
+  }
+  const learned = analyzePatterns();
+  if (learned.length > 0) {
+    console.log(chalk4.bold("\u{1F4DD} Learned Patterns"));
+    for (const p of learned) {
+      console.log(`  ${chalk4.cyan(p.domain)} \u2014 ${p.suggested_action} (confidence: ${(p.confidence * 100).toFixed(0)}%)`);
+    }
+    console.log("");
+  }
+  console.log(chalk4.dim("Telemetry: ") + (isTelemetryEnabled() ? chalk4.green("enabled") : chalk4.yellow("disabled")));
+  console.log("");
+});
 program.parse();

package/dist/{policy-checker-SQTI766W.js → policy-checker-ONMTI7X2.js}

@@ -46,7 +46,7 @@ async function findPolicyPage(page, siteUrl) {
       const testUrl = `${baseUrl.origin}${path}`;
       const response = await page.goto(testUrl, { waitUntil: "domcontentloaded", timeout: 1e4 });
       if (response && response.status() >= 200 && response.status() < 400) {
-        const bodyText = await page.evaluate(() => globalThis.document.body?.innerText?.trim() ?? "");
+        const bodyText = await page.evaluate(() => document.body?.innerText?.trim() ?? "");
         if (bodyText.length > 200) {
           return testUrl;
         }
@@ -85,10 +85,9 @@ async function extractPolicyText(page, policyUrl) {
   await page.goto(policyUrl, { waitUntil: "domcontentloaded", timeout: 2e4 });
   await page.waitForTimeout(1e3);
   const text = await page.evaluate(() => {
-    const doc = globalThis.document;
-    const elementsToRemove = doc.querySelectorAll("script, style, nav, header, footer, iframe");
+    const elementsToRemove = document.querySelectorAll("script, style, nav, header, footer, iframe");
     elementsToRemove.forEach((el) => el.remove());
-    return doc.body?.innerText ?? "";
+    return document.body?.innerText ?? "";
   });
   return text.replace(/\s+/g, " ").trim();
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@etalon/cli",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "ETALON — Privacy audit tool for websites. Scan any site for trackers and GDPR compliance.",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -23,7 +23,7 @@
     "ora": "^8.0.0",
     "playwright": "^1.42.0",
     "yaml": "^2.3.0",
-    "@etalon/core": "^1.0.1"
+    "@etalon/core": "^1.0.2"
   },
   "keywords": [
     "privacy",
@@ -40,4 +40,4 @@
     "type": "git",
     "url": "https://github.com/NMA-vc/etalon"
   }
-}
+}