@fourteensystems/prodcheck 0.3.0

package/dist/engine/run.js

@@ -0,0 +1,105 @@
+import { DEFAULT_CONFIG, loadConfigIfExists } from "./config.js";
+import { buildNextIndex } from "../next/index.js";
+import { runAllRules } from "../rules/index.js";
+import { loadWaivers, applyWaivers } from "./waivers.js";
+import { computeScore, summarizeFindings } from "./score.js";
+import { PRODCHECK_VERSION, INDEX_VERSION, hashConfig } from "./version.js";
+export async function runScan(opts) {
+    const userConfig = loadConfigIfExists(opts.rootDir);
+    const config = {
+        ...DEFAULT_CONFIG,
+        ...userConfig,
+        ...opts.configOverrides,
+        scoring: {
+            ...DEFAULT_CONFIG.scoring,
+            ...userConfig?.scoring,
+            ...opts.configOverrides?.scoring,
+            penalties: {
+                ...DEFAULT_CONFIG.scoring.penalties,
+                ...userConfig?.scoring?.penalties,
+                ...opts.configOverrides?.scoring?.penalties,
+            },
+        },
+        hints: {
+            auth: {
+                functions: userConfig?.hints?.auth?.functions ?? DEFAULT_CONFIG.hints.auth.functions,
+                middlewareFiles: userConfig?.hints?.auth?.middlewareFiles ?? DEFAULT_CONFIG.hints.auth.middlewareFiles,
+                allowlistPaths: userConfig?.hints?.auth?.allowlistPaths ?? DEFAULT_CONFIG.hints.auth.allowlistPaths,
+            },
+            rateLimit: {
+                wrappers: userConfig?.hints?.rateLimit?.wrappers ?? DEFAULT_CONFIG.hints.rateLimit.wrappers,
+                allowlistPaths: userConfig?.hints?.rateLimit?.allowlistPaths ?? DEFAULT_CONFIG.hints.rateLimit.allowlistPaths,
+            },
+            tenancy: {
+                orgFieldNames: userConfig?.hints?.tenancy?.orgFieldNames ?? DEFAULT_CONFIG.hints.tenancy.orgFieldNames,
+            },
+        },
+        ci: {
+            ...DEFAULT_CONFIG.ci,
+            ...userConfig?.ci,
+            ...opts.configOverrides?.ci,
+        },
+        rules: opts.configOverrides?.rules ?? {
+            ...DEFAULT_CONFIG.rules,
+            ...userConfig?.rules,
+        },
+    };
+    // Merge additional excludes from CLI flags
+    if (opts.additionalExclude?.length) {
+        config.exclude = [...config.exclude, ...opts.additionalExclude];
+    }
+    const progress = opts.onProgress ?? (() => { });
+    // Build Next.js index
+    progress("Indexing routes and server actions");
+    const index = await buildNextIndex(opts.rootDir, config.exclude, opts.onProgress);
+    // Merge auto-detected hints with user config
+    const mergedHints = mergeHints(config.hints, index.hints);
+    // Run rules
+    progress("Running rules");
+    const rawFindings = runAllRules(index, { ...config, hints: mergedHints });
+    // Apply waivers
+    progress("Applying waivers");
+    const waivers = loadWaivers(opts.rootDir, config.waiversFile);
+    const { active, waived } = applyWaivers(rawFindings, waivers);
+    // Score
+    const score = computeScore(active, config.scoring);
+    const counts = summarizeFindings(active);
+    return {
+        version: 1,
+        prodcheckVersion: PRODCHECK_VERSION,
+        configHash: hashConfig(config),
+        indexVersion: INDEX_VERSION,
+        timestamp: new Date().toISOString(),
+        framework: index.framework,
+        detected: {
+            deps: index.deps,
+            trpc: index.trpc.detected,
+            middleware: index.middleware.authLikely || index.middleware.rateLimitLikely,
+        },
+        score,
+        findings: active,
+        waivedFindings: waived,
+        summary: {
+            total: active.length,
+            ...counts,
+            waived: waived.length,
+        },
+    };
+}
+function mergeHints(userHints, detectedHints) {
+    return {
+        auth: {
+            functions: [...new Set([...(userHints.auth?.functions ?? []), ...(detectedHints.auth?.functions ?? [])])],
+            middlewareFiles: [...new Set([...(userHints.auth?.middlewareFiles ?? []), ...(detectedHints.auth?.middlewareFiles ?? [])])],
+            allowlistPaths: [...new Set([...(userHints.auth?.allowlistPaths ?? []), ...(detectedHints.auth?.allowlistPaths ?? [])])],
+        },
+        rateLimit: {
+            wrappers: [...new Set([...(userHints.rateLimit?.wrappers ?? []), ...(detectedHints.rateLimit?.wrappers ?? [])])],
+            allowlistPaths: [...new Set([...(userHints.rateLimit?.allowlistPaths ?? []), ...(detectedHints.rateLimit?.allowlistPaths ?? [])])],
+        },
+        tenancy: {
+            orgFieldNames: [...new Set([...(userHints.tenancy?.orgFieldNames ?? []), ...(detectedHints.tenancy?.orgFieldNames ?? [])])],
+        },
+    };
+}
+//# sourceMappingURL=run.js.map

package/dist/engine/run.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.js","sourceRoot":"","sources":["../../src/engine/run.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAW5E,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAgB;IAC5C,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,MAAM,GAAoB;QAC9B,GAAG,cAAc;QACjB,GAAG,UAAU;QACb,GAAG,IAAI,CAAC,eAAe;QACvB,OAAO,EAAE;YACP,GAAG,cAAc,CAAC,OAAO;YACzB,GAAG,UAAU,EAAE,OAAO;YACtB,GAAG,IAAI,CAAC,eAAe,EAAE,OAAO;YAChC,SAAS,EAAE;gBACT,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS;gBACnC,GAAG,UAAU,EAAE,OAAO,EAAE,SAAS;gBACjC,GAAG,IAAI,CAAC,eAAe,EAAE,OAAO,EAAE,SAAS;aAC5C;SACF;QACD,KAAK,EAAE;YACL,IAAI,EAAE;gBACJ,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS;gBACpF,eAAe,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe;gBACtG,cAAc,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc;aACpG;YACD,SAAS,EAAE;gBACT,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,IAAI,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ;gBAC3F,cAAc,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,cAAc,IAAI,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,cAAc;aAC9G;YACD,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,aAAa,IAAI,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa;aACvG;SACF;QACD,EAAE,EAAE;YACF,GAAG,cAAc,CAAC,EAAE;YACpB,GAAG,UAAU,EAAE,EAAE;YACjB,GAAG,IAAI,CAAC,eAAe,EAAE,EAAE;SAC5B;QACD,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,KAAK,IAAI;YACpC,GAAG,cAAc,CAAC,KAAK;YACvB,GAAG,UAAU,EAAE,KAAK;SACrB;KACF,CAAC;IAEF,2CAA2C;IAC3C,IAAI,IAAI,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;QACnC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE/C,sBAAsB;IACtB,QAAQ,CAAC,oCAAoC,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAElF,6CAA6C;IAC7C,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAE1D,YAAY;IACZ,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC1B,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IAE1E,gBAAgB;IAChB,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAC7B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC9D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAE9D,QAAQ;IACR,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAEzC,OAAO;QACL,OAAO,EAAE,CAAC;QACV,gBAAgB,EAAE,iBAAiB;QACnC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC;QAC9B,YAAY,EAAE,aAAa;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE;YACR,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ;YACzB,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,UAAU,IAAI,KAAK,CAAC,UAAU,CAAC,eAAe;SAC5E;QACD,KAAK;QACL,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,MAAM;QACtB,OAAO,EAAE;YACP,KAAK,EAAE,MAAM,CAAC,MAAM;YACpB,GAAG,MAAM;YACT,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB;KACF,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CACjB,SAAmC,EACnC,aAAuC;IAEvC,OAAO;QACL,IAAI,EAAE;YACJ,SAAS,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACzG,eAAe,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,eAAe,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3H,cAAc,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,cAAc,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SACzH;QACD,SAAS,EAAE;YACT,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChH,cAAc,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,cAAc,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SACnI;QACD,OAAO,EAAE;YACP,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SAC5H;KACF,CAAC;AACJ,CAAC"}

package/dist/engine/sarif.d.ts

@@ -0,0 +1,3 @@
+import type { ScanResult } from "./types.js";
+export declare function formatSarif(result: ScanResult): string;
+//# sourceMappingURL=sarif.d.ts.map

package/dist/engine/sarif.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif.d.ts","sourceRoot":"","sources":["../../src/engine/sarif.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAW,MAAM,YAAY,CAAC;AAwCtD,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAiCtD"}

package/dist/engine/sarif.js

@@ -0,0 +1,58 @@
+import { PRODCHECK_VERSION } from "./version.js";
+const SEVERITY_TO_SARIF_LEVEL = {
+    critical: "error",
+    high: "warning",
+    med: "note",
+    low: "note",
+};
+export function formatSarif(result) {
+    const ruleMap = new Map();
+    for (const f of result.findings) {
+        if (!ruleMap.has(f.ruleId)) {
+            ruleMap.set(f.ruleId, {
+                id: f.ruleId,
+                shortDescription: { text: f.message },
+                defaultConfiguration: { level: SEVERITY_TO_SARIF_LEVEL[f.severity] ?? "note" },
+            });
+        }
+    }
+    const sarifResults = result.findings.map(findingToSarif);
+    const log = {
+        $schema: "https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json",
+        version: "2.1.0",
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "Prodcheck",
+                        version: PRODCHECK_VERSION,
+                        rules: [...ruleMap.values()],
+                    },
+                },
+                results: sarifResults,
+            },
+        ],
+    };
+    return JSON.stringify(log, null, 2);
+}
+function findingToSarif(f) {
+    return {
+        ruleId: f.ruleId,
+        level: SEVERITY_TO_SARIF_LEVEL[f.severity] ?? "note",
+        message: { text: f.message },
+        locations: [
+            {
+                physicalLocation: {
+                    artifactLocation: { uri: f.file },
+                    ...(f.line ? { region: { startLine: f.line, ...(f.column ? { startColumn: f.column } : {}) } } : {}),
+                },
+            },
+        ],
+        properties: {
+            confidence: f.confidence,
+            evidence: f.evidence,
+            remediation: f.remediation,
+        },
+    };
+}
+//# sourceMappingURL=sarif.js.map

package/dist/engine/sarif.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif.js","sourceRoot":"","sources":["../../src/engine/sarif.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAgCjD,MAAM,uBAAuB,GAA2B;IACtD,QAAQ,EAAE,OAAO;IACjB,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;CACZ,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,MAAkB;IAC5C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE7C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE;gBACpB,EAAE,EAAE,CAAC,CAAC,MAAM;gBACZ,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBACrC,oBAAoB,EAAE,EAAE,KAAK,EAAE,uBAAuB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE;aAC/E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAkB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAExE,MAAM,GAAG,GAAa;QACpB,OAAO,EAAE,sFAAsF;QAC/F,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,iBAAiB;wBAC1B,KAAK,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;qBAC7B;iBACF;gBACD,OAAO,EAAE,YAAY;aACtB;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,cAAc,CAAC,CAAU;IAChC,OAAO;QACL,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,KAAK,EAAE,uBAAuB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,MAAM;QACpD,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;QAC5B,SAAS,EAAE;YACT;gBACE,gBAAgB,EAAE;oBAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE;oBACjC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrG;aACF;SACF;QACD,UAAU,EAAE;YACV,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B;KACF,CAAC;AACJ,CAAC"}

package/dist/engine/sarif.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sarif.test.d.ts.map

package/dist/engine/sarif.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif.test.d.ts","sourceRoot":"","sources":["../../src/engine/sarif.test.ts"],"names":[],"mappings":""}

package/dist/engine/sarif.test.js

@@ -0,0 +1,152 @@
+import { describe, it, expect } from "vitest";
+import { formatSarif } from "./sarif.js";
+import { PRODCHECK_VERSION } from "./version.js";
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: "AUTH-BOUNDARY-MISSING",
+        severity: "critical",
+        confidence: "high",
+        message: "No auth check found",
+        file: "app/api/users/route.ts",
+        line: 13,
+        evidence: ["no auth() call"],
+        confidenceRationale: "No auth function detected",
+        remediation: ["Add auth() check"],
+        tags: ["auth"],
+        ...overrides,
+    };
+}
+function makeScanResult(findings) {
+    return {
+        version: 1,
+        prodcheckVersion: PRODCHECK_VERSION,
+        configHash: "abc123",
+        indexVersion: 1,
+        timestamp: "2025-01-01T00:00:00.000Z",
+        framework: "next-app-router",
+        detected: {
+            deps: {
+                hasNextAuth: false, hasClerk: true, hasSupabase: false, hasKinde: false,
+                hasWorkOS: false, hasBetterAuth: false, hasLucia: false, hasAuth0: false,
+                hasIronSession: false, hasFirebaseAuth: false, hasUpstashRatelimit: false,
+                hasArcjet: false, hasUnkey: false, hasPrisma: true, hasDrizzle: false, hasTrpc: false,
+            },
+            trpc: false,
+            middleware: true,
+        },
+        score: 75,
+        findings,
+        waivedFindings: [],
+        summary: {
+            total: findings.length,
+            critical: findings.filter((f) => f.severity === "critical").length,
+            high: findings.filter((f) => f.severity === "high").length,
+            med: findings.filter((f) => f.severity === "med").length,
+            low: findings.filter((f) => f.severity === "low").length,
+            waived: 0,
+        },
+    };
+}
+describe("formatSarif", () => {
+    it("produces valid SARIF 2.1.0 structure", () => {
+        const result = makeScanResult([makeFinding()]);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.$schema).toContain("sarif-schema-2.1.0");
+        expect(sarif.version).toBe("2.1.0");
+        expect(sarif.runs).toHaveLength(1);
+    });
+    it("includes tool driver info", () => {
+        const result = makeScanResult([makeFinding()]);
+        const sarif = JSON.parse(formatSarif(result));
+        const driver = sarif.runs[0].tool.driver;
+        expect(driver.name).toBe("Prodcheck");
+        expect(driver.version).toBe(PRODCHECK_VERSION);
+    });
+    it("maps findings to results", () => {
+        const findings = [
+            makeFinding({ ruleId: "AUTH-BOUNDARY-MISSING", file: "app/api/users/route.ts", line: 13 }),
+            makeFinding({ ruleId: "RATE-LIMIT-MISSING", severity: "high", file: "app/api/posts/route.ts", line: 5 }),
+        ];
+        const result = makeScanResult(findings);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].results).toHaveLength(2);
+        expect(sarif.runs[0].results[0].ruleId).toBe("AUTH-BOUNDARY-MISSING");
+        expect(sarif.runs[0].results[1].ruleId).toBe("RATE-LIMIT-MISSING");
+    });
+    it("deduplicates rules in driver", () => {
+        const findings = [
+            makeFinding({ ruleId: "AUTH-BOUNDARY-MISSING", file: "a.ts" }),
+            makeFinding({ ruleId: "AUTH-BOUNDARY-MISSING", file: "b.ts" }),
+            makeFinding({ ruleId: "RATE-LIMIT-MISSING", severity: "high", file: "c.ts" }),
+        ];
+        const result = makeScanResult(findings);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].tool.driver.rules).toHaveLength(2);
+    });
+    it("maps critical severity to error level", () => {
+        const result = makeScanResult([makeFinding({ severity: "critical" })]);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].results[0].level).toBe("error");
+        expect(sarif.runs[0].tool.driver.rules[0].defaultConfiguration.level).toBe("error");
+    });
+    it("maps high severity to warning level", () => {
+        const result = makeScanResult([makeFinding({ severity: "high" })]);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].results[0].level).toBe("warning");
+    });
+    it("maps med severity to note level", () => {
+        const result = makeScanResult([makeFinding({ severity: "med" })]);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].results[0].level).toBe("note");
+    });
+    it("maps low severity to note level", () => {
+        const result = makeScanResult([makeFinding({ severity: "low" })]);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].results[0].level).toBe("note");
+    });
+    it("includes physical location with line", () => {
+        const result = makeScanResult([makeFinding({ file: "app/api/test/route.ts", line: 42 })]);
+        const sarif = JSON.parse(formatSarif(result));
+        const loc = sarif.runs[0].results[0].locations[0].physicalLocation;
+        expect(loc.artifactLocation.uri).toBe("app/api/test/route.ts");
+        expect(loc.region.startLine).toBe(42);
+    });
+    it("includes column when present", () => {
+        const result = makeScanResult([makeFinding({ file: "a.ts", line: 10, column: 5 })]);
+        const sarif = JSON.parse(formatSarif(result));
+        const loc = sarif.runs[0].results[0].locations[0].physicalLocation;
+        expect(loc.region.startColumn).toBe(5);
+    });
+    it("omits region when no line", () => {
+        const result = makeScanResult([makeFinding({ file: "a.ts", line: undefined })]);
+        const sarif = JSON.parse(formatSarif(result));
+        const loc = sarif.runs[0].results[0].locations[0].physicalLocation;
+        expect(loc.region).toBeUndefined();
+    });
+    it("includes properties with confidence and evidence", () => {
+        const result = makeScanResult([makeFinding({ confidence: "high", evidence: ["no auth()"], remediation: ["add auth()"] })]);
+        const sarif = JSON.parse(formatSarif(result));
+        const props = sarif.runs[0].results[0].properties;
+        expect(props.confidence).toBe("high");
+        expect(props.evidence).toEqual(["no auth()"]);
+        expect(props.remediation).toEqual(["add auth()"]);
+    });
+    it("handles empty findings", () => {
+        const result = makeScanResult([]);
+        const sarif = JSON.parse(formatSarif(result));
+        expect(sarif.runs[0].results).toEqual([]);
+        expect(sarif.runs[0].tool.driver.rules).toEqual([]);
+    });
+    it("returns valid JSON string", () => {
+        const result = makeScanResult([makeFinding()]);
+        const output = formatSarif(result);
+        expect(() => JSON.parse(output)).not.toThrow();
+    });
+    it("formats with indentation", () => {
+        const result = makeScanResult([makeFinding()]);
+        const output = formatSarif(result);
+        expect(output).toContain("\n");
+        expect(output).toContain("  ");
+    });
+});
+//# sourceMappingURL=sarif.test.js.map

package/dist/engine/sarif.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif.test.js","sourceRoot":"","sources":["../../src/engine/sarif.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAGjD,SAAS,WAAW,CAAC,YAA8B,EAAE;IACnD,OAAO;QACL,MAAM,EAAE,uBAAuB;QAC/B,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,qBAAqB;QAC9B,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,EAAE;QACR,QAAQ,EAAE,CAAC,gBAAgB,CAAC;QAC5B,mBAAmB,EAAE,2BAA2B;QAChD,WAAW,EAAE,CAAC,kBAAkB,CAAC;QACjC,IAAI,EAAE,CAAC,MAAM,CAAC;QACd,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,QAAmB;IACzC,OAAO;QACL,OAAO,EAAE,CAAC;QACV,gBAAgB,EAAE,iBAAiB;QACnC,UAAU,EAAE,QAAQ;QACpB,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,0BAA0B;QACrC,SAAS,EAAE,iBAAiB;QAC5B,QAAQ,EAAE;YACR,IAAI,EAAE;gBACJ,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK;gBACvE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK;gBACxE,cAAc,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;gBACzE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;aACtF;YACD,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,IAAI;SACjB;QACD,KAAK,EAAE,EAAE;QACT,QAAQ;QACR,cAAc,EAAE,EAAE;QAClB,OAAO,EAAE;YACP,KAAK,EAAE,QAAQ,CAAC,MAAM;YACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAClE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC1D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;YACxD,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;YACxD,MAAM,EAAE,CAAC;SACV;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,QAAQ,GAAG;YACf,WAAW,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YAC1F,WAAW,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;SACzG,CAAC;QACF,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACtE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,QAAQ,GAAG;YACf,WAAW,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YAC9D,WAAW,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YAC9D,WAAW,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;SAC9E,CAAC;QACF,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1F,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;QACnE,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC/D,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;QACnE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAChF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;QACnE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3H,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAClD,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/engine/score.d.ts

@@ -0,0 +1,13 @@
+import type { Finding, ScoringConfig, ScanResult } from "./types.js";
+import type { Severity, Confidence } from "../next/types.js";
+export declare function computeScore(findings: Finding[], config?: ScoringConfig): number;
+export declare function summarizeFindings(findings: Finding[]): Record<Severity, number>;
+export declare function parseConfidence(input: string): Confidence;
+export declare function parseSeverity(input: string): Severity;
+export declare function parseIntOrThrow(input: string, name: string): number;
+export declare function confidenceLevel(c: Confidence): number;
+export declare function severityLevel(s: Severity): number;
+export type ScoreStatus = "PASS" | "WARN" | "FAIL";
+export declare function scoreStatus(score: number): ScoreStatus;
+export declare function buildDetectedList(result: ScanResult): string[];
+//# sourceMappingURL=score.d.ts.map

package/dist/engine/score.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.d.ts","sourceRoot":"","sources":["../../src/engine/score.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAa7D,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,OAAO,EAAE,EACnB,MAAM,GAAE,aAA+B,GACtC,MAAM,CAwBR;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAM/E;AAKD,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAGzD;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAGrD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAInE;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,UAAU,GAAG,MAAM,CAOrD;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,QAAQ,GAAG,MAAM,CAQjD;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAEnD,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAEtD;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,CAqB9D"}

package/dist/engine/score.js

@@ -0,0 +1,116 @@
+const DEFAULT_CONFIDENCE_WEIGHTS = {
+    high: 1.0,
+    med: 0.25,
+    low: 0.1,
+};
+const DEFAULT_SCORING = {
+    start: 100,
+    penalties: { critical: 15, high: 6, med: 3, low: 1 },
+};
+export function computeScore(findings, config = DEFAULT_SCORING) {
+    let score = config.start;
+    const maxPerRule = config.maxPenaltyPerRule ?? config.start * 0.35;
+    const weights = config.confidenceWeights ?? DEFAULT_CONFIDENCE_WEIGHTS;
+    // Group findings by ruleId
+    const byRule = new Map();
+    for (const f of findings) {
+        const list = byRule.get(f.ruleId) ?? [];
+        list.push(f);
+        byRule.set(f.ruleId, list);
+    }
+    for (const [, ruleFindings] of byRule) {
+        let ruleDeduction = 0;
+        for (const f of ruleFindings) {
+            const basePenalty = config.penalties[f.severity] ?? 0;
+            const weight = weights[f.confidence] ?? 1.0;
+            ruleDeduction += basePenalty * weight;
+        }
+        score -= Math.min(ruleDeduction, maxPerRule);
+    }
+    return Math.max(0, Math.round(score));
+}
+export function summarizeFindings(findings) {
+    const counts = { critical: 0, high: 0, med: 0, low: 0 };
+    for (const f of findings) {
+        counts[f.severity]++;
+    }
+    return counts;
+}
+const VALID_CONFIDENCES = new Set(["high", "med", "low"]);
+const VALID_SEVERITIES = new Set(["critical", "high", "med", "low"]);
+export function parseConfidence(input) {
+    if (VALID_CONFIDENCES.has(input))
+        return input;
+    throw new Error(`Invalid confidence level: "${input}". Valid values: high, med, low`);
+}
+export function parseSeverity(input) {
+    if (VALID_SEVERITIES.has(input))
+        return input;
+    throw new Error(`Invalid severity level: "${input}". Valid values: critical, high, med, low`);
+}
+export function parseIntOrThrow(input, name) {
+    const n = parseInt(input, 10);
+    if (isNaN(n))
+        throw new Error(`Invalid ${name}: "${input}" is not a number`);
+    return n;
+}
+export function confidenceLevel(c) {
+    switch (c) {
+        case "high": return 3;
+        case "med": return 2;
+        case "low": return 1;
+        default: return 1;
+    }
+}
+export function severityLevel(s) {
+    switch (s) {
+        case "critical": return 4;
+        case "high": return 3;
+        case "med": return 2;
+        case "low": return 1;
+        default: return 1;
+    }
+}
+export function scoreStatus(score) {
+    return score >= 80 ? "PASS" : score >= 50 ? "WARN" : "FAIL";
+}
+export function buildDetectedList(result) {
+    const detected = ["next-app-router"];
+    const d = result.detected.deps;
+    if (d.hasNextAuth)
+        detected.push("next-auth");
+    if (d.hasClerk)
+        detected.push("clerk");
+    if (d.hasSupabase)
+        detected.push("supabase");
+    if (d.hasKinde)
+        detected.push("kinde");
+    if (d.hasWorkOS)
+        detected.push("workos");
+    if (d.hasBetterAuth)
+        detected.push("better-auth");
+    if (d.hasLucia)
+        detected.push("lucia");
+    if (d.hasAuth0)
+        detected.push("auth0");
+    if (d.hasIronSession)
+        detected.push("iron-session");
+    if (d.hasFirebaseAuth)
+        detected.push("firebase-auth");
+    if (d.hasPrisma)
+        detected.push("prisma");
+    if (d.hasDrizzle)
+        detected.push("drizzle");
+    if (d.hasTrpc)
+        detected.push("trpc");
+    if (d.hasUpstashRatelimit)
+        detected.push("upstash");
+    if (d.hasArcjet)
+        detected.push("arcjet");
+    if (d.hasUnkey)
+        detected.push("unkey");
+    if (result.detected.middleware)
+        detected.push("middleware");
+    return detected;
+}
+//# sourceMappingURL=score.js.map

package/dist/engine/score.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.js","sourceRoot":"","sources":["../../src/engine/score.ts"],"names":[],"mappings":"AAGA,MAAM,0BAA0B,GAA+B;IAC7D,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,GAAG;CACT,CAAC;AAEF,MAAM,eAAe,GAAkB;IACrC,KAAK,EAAE,GAAG;IACV,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;CACrD,CAAC;AAEF,MAAM,UAAU,YAAY,CAC1B,QAAmB,EACnB,SAAwB,eAAe;IAEvC,IAAI,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACzB,MAAM,UAAU,GAAG,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC;IACnE,MAAM,OAAO,GAAG,MAAM,CAAC,iBAAiB,IAAI,0BAA0B,CAAC;IAEvE,2BAA2B;IAC3B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,KAAK,MAAM,CAAC,EAAE,YAAY,CAAC,IAAI,MAAM,EAAE,CAAC;QACtC,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;YAC5C,aAAa,IAAI,WAAW,GAAG,MAAM,CAAC;QACxC,CAAC;QACD,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,QAAmB;IACnD,MAAM,MAAM,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAClF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAS,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAS,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAE7E,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAmB,CAAC;IAC7D,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,iCAAiC,CAAC,CAAC;AACxF,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAiB,CAAC;IAC1D,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,2CAA2C,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,IAAY;IACzD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,MAAM,KAAK,mBAAmB,CAAC,CAAC;IAC7E,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,CAAa;IAC3C,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC;QACtB,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;QACrB,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,CAAW;IACvC,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1B,KAAK,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC;QACtB,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;QACrB,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAID,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAkB;IAClD,MAAM,QAAQ,GAAa,CAAC,iBAAiB,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC/B,IAAI,CAAC,CAAC,WAAW;QAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC9C,IAAI,CAAC,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,WAAW;QAAE,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,CAAC,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,SAAS;QAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,CAAC,aAAa;QAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,cAAc;QAAE,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC,CAAC,eAAe;QAAE,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACtD,IAAI,CAAC,CAAC,SAAS;QAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,CAAC,UAAU;QAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3C,IAAI,CAAC,CAAC,OAAO;QAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,CAAC,mBAAmB;QAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,CAAC,SAAS;QAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU;QAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5D,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/engine/score.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=score.test.d.ts.map

package/dist/engine/score.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.test.d.ts","sourceRoot":"","sources":["../../src/engine/score.test.ts"],"names":[],"mappings":""}