@kairosinternational/watchman 0.1.1 → 0.2.0

package/dist/engine.d.ts

@@ -1,9 +1,14 @@
 import type { WatchmanConfig, Scanner, WatchmanReport } from './types/index.js';
+import type { TelemetryReporter } from './telemetry.js';
+export interface ScanOptions {
+    telemetry?: TelemetryReporter;
+    sessionId?: string;
+}
 export declare class WatchmanEngine {
     private scanners;
     private config;
     constructor(config: WatchmanConfig);
     register(scanner: Scanner): void;
-    scan(): Promise<WatchmanReport>;
+    scan(options?: ScanOptions): Promise<WatchmanReport>;
 }
 //# sourceMappingURL=engine.d.ts.map

package/dist/engine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,cAAc,EAEd,OAAO,EAIP,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAkD1B,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,cAAc;IAIlC,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1B,IAAI,IAAI,OAAO,CAAC,cAAc,CAAC;CAsDtC"}
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,cAAc,EAEd,OAAO,EAIP,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAExD,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAkDD,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,cAAc;IAIlC,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1B,IAAI,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC;CA0E3D"}

package/dist/engine.js

@@ -49,10 +49,13 @@ class WatchmanEngine {
     register(scanner) {
         this.scanners.set(scanner.id, scanner);
     }
-    async scan() {
+    async scan(options) {
         const start = performance.now();
         const files = await collectFiles(this.config.projectRoot, this.config.exclude ?? []);
         const results = [];
+        const telemetry = options?.telemetry;
+        const sessionId = options?.sessionId;
+        const canReport = telemetry && sessionId;
         for (const [id, scanner] of this.scanners) {
             const scannerConfig = this.config.scanners[id];
             if (!scannerConfig?.enabled)
@@ -73,6 +76,19 @@ class WatchmanEngine {
                 },
             };
             await scanner.scan(ctx);
+            // Fire-and-forget telemetry for each finding
+            if (canReport) {
+                for (const f of findings) {
+                    telemetry.reportFinding({
+                        scanner: f.scanner,
+                        rule: f.rule,
+                        severity: f.severity,
+                        target: f.location?.file,
+                        message: f.message,
+                        evidence: f.evidence,
+                    }, sessionId);
+                }
+            }
             results.push({
                 scanner: id,
                 findings,

package/dist/engine.js.map

@@ -1 +1 @@
-{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":";;;AAAA,+CAAiD;AACjD,yCAA2C;AAC3C,6CAAyC;AAYzC,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,SAAS,eAAe,CAAC,CAAW,EAAE,SAAmB;IACvD,OAAO,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,QAAmB;IACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,QAAQ,CAAC,MAAM,CAAW,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAC1C,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EACnE,MAAM,CACP,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,GAAW,EACX,OAAiB;IAEjB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,UAAU,IAAI,CAAC,OAAe;QACjC,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAO,EAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAA,oBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAEpC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;gBACjF,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAa,cAAc;IACjB,QAAQ,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,CAAiB;IAE/B,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,OAAgB;QACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,MAAM,YAAY,CAC9B,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAC1B,CAAC;QACF,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,aAAa,EAAE,OAAO;gBAAE,SAAS;YAEtC,MAAM,QAAQ,GAAc,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YAEpC,MAAM,GAAG,GAAgB;gBACvB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,EAAE;gBACb,aAAa;gBACb,KAAK;gBACL,UAAU,EAAE,CAAC,OAAO,EAAE,EAAE;oBACtB,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG,OAAO;wBACV,EAAE,EAAE,IAAA,wBAAU,GAAE;wBAChB,OAAO,EAAE,EAAE;qBACZ,CAAC,CAAC;gBACL,CAAC;aACF,CAAC;YAEF,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAExB,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,EAAE;gBACX,QAAQ;gBACR,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;gBACvC,YAAY,EAAE,KAAK,CAAC,MAAM;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEnE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,OAAO;YACP,aAAa,EAAE,WAAW,CAAC,MAAM;YACjC,WAAW,EAAE,MAAM;YACnB,MAAM;YACN,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;SACpC,CAAC;IACJ,CAAC;CACF;AAlED,wCAkEC"}
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":";;;AAAA,+CAAiD;AACjD,yCAA2C;AAC3C,6CAAyC;AAkBzC,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,SAAS,eAAe,CAAC,CAAW,EAAE,SAAmB;IACvD,OAAO,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,QAAmB;IACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,QAAQ,CAAC,MAAM,CAAW,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAC1C,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EACnE,MAAM,CACP,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,GAAW,EACX,OAAiB;IAEjB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,UAAU,IAAI,CAAC,OAAe;QACjC,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAO,EAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAA,oBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAEpC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;gBACjF,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAa,cAAc;IACjB,QAAQ,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,CAAiB;IAE/B,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,OAAgB;QACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAqB;QAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,MAAM,YAAY,CAC9B,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAC1B,CAAC;QACF,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,MAAM,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QAEzC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,aAAa,EAAE,OAAO;gBAAE,SAAS;YAEtC,MAAM,QAAQ,GAAc,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YAEpC,MAAM,GAAG,GAAgB;gBACvB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,EAAE;gBACb,aAAa;gBACb,KAAK;gBACL,UAAU,EAAE,CAAC,OAAO,EAAE,EAAE;oBACtB,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG,OAAO;wBACV,EAAE,EAAE,IAAA,wBAAU,GAAE;wBAChB,OAAO,EAAE,EAAE;qBACZ,CAAC,CAAC;gBACL,CAAC;aACF,CAAC;YAEF,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAExB,6CAA6C;YAC7C,IAAI,SAAS,EAAE,CAAC;gBACd,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,SAAS,CAAC,aAAa,CACrB;wBACE,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI;wBACxB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB,EACD,SAAS,CACV,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,EAAE;gBACX,QAAQ;gBACR,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;gBACvC,YAAY,EAAE,KAAK,CAAC,MAAM;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEnE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,OAAO;YACP,aAAa,EAAE,WAAW,CAAC,MAAM;YACjC,WAAW,EAAE,MAAM;YACnB,MAAM;YACN,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;SACpC,CAAC;IACJ,CAAC;CACF;AAtFD,wCAsFC"}

package/dist/index.d.ts

@@ -1,4 +1,7 @@
 export { WatchmanEngine } from './engine.js';
+export type { ScanOptions } from './engine.js';
+export { createTelemetryReporter } from './telemetry.js';
+export type { TelemetryConfig, TelemetryFinding, TelemetryReporter, StartSessionOptions, } from './telemetry.js';
 export type { Severity, ScannerId, RuleConfig, ScannerConfig, WatchmanConfig, SourceLocation, Finding, ScanResult, WatchmanReport, ScanContext, Rule, Scanner, } from './types/index.js';
 export { DEFAULT_CONFIG } from './types/index.js';
 export { aiToolIntegrityScanner } from './scanners/ai-tool-integrity/index.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,YAAY,EACV,QAAQ,EACR,SAAS,EACT,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,OAAO,EACP,UAAU,EACV,cAAc,EACd,WAAW,EACX,IAAI,EACJ,OAAO,GACR,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,+DAA+D,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,+DAA+D,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,2DAA2D,CAAC;AAC9F,YAAY,EAAE,eAAe,EAAE,MAAM,2DAA2D,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,QAAQ,EACR,SAAS,EACT,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,OAAO,EACP,UAAU,EACV,cAAc,EACd,WAAW,EACX,IAAI,EACJ,OAAO,GACR,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,+DAA+D,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,+DAA+D,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,2DAA2D,CAAC;AAC9F,YAAY,EAAE,eAAe,EAAE,MAAM,2DAA2D,CAAC"}

package/dist/index.js

@@ -1,8 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SECRET_SIGNATURES = exports.INJECTION_SIGNATURES = exports.runtimeMonitorScanner = exports.dependencyIntegrityScanner = exports.secretsExposureScanner = exports.aiToolIntegrityScanner = exports.DEFAULT_CONFIG = exports.WatchmanEngine = void 0;
+exports.SECRET_SIGNATURES = exports.INJECTION_SIGNATURES = exports.runtimeMonitorScanner = exports.dependencyIntegrityScanner = exports.secretsExposureScanner = exports.aiToolIntegrityScanner = exports.DEFAULT_CONFIG = exports.createTelemetryReporter = exports.WatchmanEngine = void 0;
 var engine_js_1 = require("./engine.js");
 Object.defineProperty(exports, "WatchmanEngine", { enumerable: true, get: function () { return engine_js_1.WatchmanEngine; } });
+var telemetry_js_1 = require("./telemetry.js");
+Object.defineProperty(exports, "createTelemetryReporter", { enumerable: true, get: function () { return telemetry_js_1.createTelemetryReporter; } });
 var index_js_1 = require("./types/index.js");
 Object.defineProperty(exports, "DEFAULT_CONFIG", { enumerable: true, get: function () { return index_js_1.DEFAULT_CONFIG; } });
 var index_js_2 = require("./scanners/ai-tool-integrity/index.js");

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAA6C;AAApC,2GAAA,cAAc,OAAA;AAgBvB,6CAAkD;AAAzC,0GAAA,cAAc,OAAA;AAEvB,kEAA+E;AAAtE,kHAAA,sBAAsB,OAAA;AAC/B,iEAA8E;AAArE,kHAAA,sBAAsB,OAAA;AAC/B,qEAAsF;AAA7E,sHAAA,0BAA0B,OAAA;AACnC,gEAA4E;AAAnE,iHAAA,qBAAqB,OAAA;AAE9B,4DAA4D;AAC5D,yGAAqG;AAA5F,+HAAA,oBAAoB,OAAA;AAE7B,kGAA8F;AAArF,yHAAA,iBAAiB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAA6C;AAApC,2GAAA,cAAc,OAAA;AAEvB,+CAAyD;AAAhD,uHAAA,uBAAuB,OAAA;AAsBhC,6CAAkD;AAAzC,0GAAA,cAAc,OAAA;AAEvB,kEAA+E;AAAtE,kHAAA,sBAAsB,OAAA;AAC/B,iEAA8E;AAArE,kHAAA,sBAAsB,OAAA;AAC/B,qEAAsF;AAA7E,sHAAA,0BAA0B,OAAA;AACnC,gEAA4E;AAAnE,iHAAA,qBAAqB,OAAA;AAE9B,4DAA4D;AAC5D,yGAAqG;AAA5F,+HAAA,oBAAoB,OAAA;AAE7B,kGAA8F;AAArF,yHAAA,iBAAiB,OAAA"}

package/dist/patterns.d.ts

@@ -0,0 +1,6 @@
+export { INJECTION_SIGNATURES } from './scanners/ai-tool-integrity/patterns/injection-signatures.js';
+export type { InjectionSignature } from './scanners/ai-tool-integrity/patterns/injection-signatures.js';
+export { SECRET_SIGNATURES } from './scanners/secrets-exposure/patterns/secret-signatures.js';
+export type { SecretSignature } from './scanners/secrets-exposure/patterns/secret-signatures.js';
+export type { Severity, ScannerId, Finding, ScanResult, WatchmanReport, } from './types/index.js';
+//# sourceMappingURL=patterns.d.ts.map

package/dist/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../src/patterns.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+DAA+D,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,+DAA+D,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,2DAA2D,CAAC;AAC9F,YAAY,EAAE,eAAe,EAAE,MAAM,2DAA2D,CAAC;AAEjG,YAAY,EACV,QAAQ,EACR,SAAS,EACT,OAAO,EACP,UAAU,EACV,cAAc,GACf,MAAM,kBAAkB,CAAC"}

package/dist/patterns.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECRET_SIGNATURES = exports.INJECTION_SIGNATURES = void 0;
+// Edge-safe exports: pattern arrays + types only, no Node.js APIs
+var injection_signatures_js_1 = require("./scanners/ai-tool-integrity/patterns/injection-signatures.js");
+Object.defineProperty(exports, "INJECTION_SIGNATURES", { enumerable: true, get: function () { return injection_signatures_js_1.INJECTION_SIGNATURES; } });
+var secret_signatures_js_1 = require("./scanners/secrets-exposure/patterns/secret-signatures.js");
+Object.defineProperty(exports, "SECRET_SIGNATURES", { enumerable: true, get: function () { return secret_signatures_js_1.SECRET_SIGNATURES; } });
+//# sourceMappingURL=patterns.js.map

package/dist/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../src/patterns.ts"],"names":[],"mappings":";;;AAAA,kEAAkE;AAClE,yGAAqG;AAA5F,+HAAA,oBAAoB,OAAA;AAE7B,kGAA8F;AAArF,yHAAA,iBAAiB,OAAA"}

package/dist/telemetry.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Telemetry reporter — fire-and-forget finding/session reporting.
+ *
+ * Edge Runtime compatible: uses only global fetch + AbortSignal.
+ * A failed telemetry call never delays or breaks the host app request.
+ */
+import type { Severity } from './types/config.types.js';
+export interface TelemetryConfig {
+    /** Watchman API base URL, e.g. "https://watchman.guide" */
+    endpoint: string;
+    /** Tenant API key (raw, not hashed) */
+    apiKey: string;
+}
+/** Shape accepted by reportFinding — adapters map their finding type to this. */
+export interface TelemetryFinding {
+    scanner: string;
+    rule: string;
+    severity: Severity;
+    target?: string;
+    label?: string;
+    message: string;
+    evidence?: string;
+}
+export interface StartSessionOptions {
+    commitSha?: string;
+    branch?: string;
+    environment?: string;
+}
+export interface TelemetryReporter {
+    /** Report a single finding to the Watchman API. Fire-and-forget. */
+    reportFinding: (finding: TelemetryFinding, sessionId: string) => void;
+    /** Open a scan session. Returns the session ID (or null on failure). */
+    startSession: (projectSlug: string, options?: StartSessionOptions) => Promise<string | null>;
+    /** Close a scan session. Fire-and-forget. */
+    endSession: (sessionId: string) => void;
+}
+export declare function createTelemetryReporter(config: TelemetryConfig): TelemetryReporter;
+//# sourceMappingURL=telemetry.d.ts.map

package/dist/telemetry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAIxD,MAAM,WAAW,eAAe;IAC9B,2DAA2D;IAC3D,QAAQ,EAAE,MAAM,CAAC;IACjB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,iFAAiF;AACjF,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,oEAAoE;IACpE,aAAa,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IACtE,wEAAwE;IACxE,YAAY,EAAE,CACZ,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,mBAAmB,KAC1B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5B,6CAA6C;IAC7C,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAQD,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,eAAe,GACtB,iBAAiB,CAoEnB"}

package/dist/telemetry.js

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * Telemetry reporter — fire-and-forget finding/session reporting.
+ *
+ * Edge Runtime compatible: uses only global fetch + AbortSignal.
+ * A failed telemetry call never delays or breaks the host app request.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTelemetryReporter = createTelemetryReporter;
+// ── Constants ───────────────────────────────────────────────────────
+const TIMEOUT_MS = 5_000;
+// ── Factory ─────────────────────────────────────────────────────────
+function createTelemetryReporter(config) {
+    const { endpoint, apiKey } = config;
+    // Normalise base URL (strip trailing slash)
+    const base = endpoint.replace(/\/+$/, '');
+    /** POST helper — swallows all errors. */
+    async function post(path, body) {
+        try {
+            const res = await fetch(`${base}${path}`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${apiKey}`,
+                },
+                body: JSON.stringify(body),
+                signal: AbortSignal.timeout(TIMEOUT_MS),
+            });
+            if (!res.ok)
+                return null;
+            return (await res.json());
+        }
+        catch {
+            // Network failure, timeout, JSON parse error — all swallowed.
+            return null;
+        }
+    }
+    // ── Public API ──────────────────────────────────────────────────
+    function reportFinding(finding, sessionId) {
+        // Fire-and-forget — caller does not await.
+        void post('/api/findings', {
+            session_id: sessionId,
+            scanner: finding.scanner,
+            rule: finding.rule,
+            severity: finding.severity,
+            target: finding.target ?? null,
+            label: finding.label ?? null,
+            details: {
+                message: finding.message,
+                evidence: finding.evidence ?? null,
+            },
+        });
+    }
+    async function startSession(projectSlug, options) {
+        const result = await post('/api/sessions/start', {
+            project_slug: projectSlug,
+            commit_sha: options?.commitSha ?? null,
+            branch: options?.branch ?? null,
+            environment: options?.environment ?? null,
+        });
+        return result?.id ?? null;
+    }
+    function endSession(sessionId) {
+        void post('/api/sessions/end', {
+            session_id: sessionId,
+        });
+    }
+    return { reportFinding, startSession, endSession };
+}
+//# sourceMappingURL=telemetry.js.map

package/dist/telemetry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAgDH,0DAsEC;AA5ED,uEAAuE;AAEvE,MAAM,UAAU,GAAG,KAAK,CAAC;AAEzB,uEAAuE;AAEvE,SAAgB,uBAAuB,CACrC,MAAuB;IAEvB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAEpC,4CAA4C;IAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAE1C,yCAAyC;IACzC,KAAK,UAAU,IAAI,CACjB,IAAY,EACZ,IAA6B;QAE7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,GAAG,IAAI,EAAE,EAAE;gBACxC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;iBAClC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC;aACxC,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACzB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,mEAAmE;IAEnE,SAAS,aAAa,CAAC,OAAyB,EAAE,SAAiB;QACjE,2CAA2C;QAC3C,KAAK,IAAI,CAAC,eAAe,EAAE;YACzB,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;YAC9B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;YAC5B,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,YAAY,CACzB,WAAmB,EACnB,OAA6B;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAiB,qBAAqB,EAAE;YAC/D,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI;YACtC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI;YAC/B,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;SAC1C,CAAC,CAAC;QACH,OAAO,MAAM,EAAE,EAAE,IAAI,IAAI,CAAC;IAC5B,CAAC;IAED,SAAS,UAAU,CAAC,SAAiB;QACnC,KAAK,IAAI,CAAC,mBAAmB,EAAE;YAC7B,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACrD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kairosinternational/watchman",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Developer security engine — silent threat detection",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -9,6 +9,16 @@
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
       "default": "./dist/index.js"
+    },
+    "./patterns": {
+      "types": "./dist/patterns.d.ts",
+      "import": "./dist/patterns.js",
+      "default": "./dist/patterns.js"
+    },
+    "./telemetry": {
+      "types": "./dist/telemetry.d.ts",
+      "import": "./dist/telemetry.js",
+      "default": "./dist/telemetry.js"
     }
   },
   "scripts": {

package/src/engine.ts

@@ -11,6 +11,12 @@ import type {
   WatchmanReport,
   Severity,
 } from './types/index.js';
+import type { TelemetryReporter } from './telemetry.js';
+
+export interface ScanOptions {
+  telemetry?: TelemetryReporter;
+  sessionId?: string;
+}
 
 const SEVERITY_ORDER: Record<Severity, number> = {
   critical: 4,
@@ -72,13 +78,16 @@ export class WatchmanEngine {
     this.scanners.set(scanner.id, scanner);
   }
 
-  async scan(): Promise<WatchmanReport> {
+  async scan(options?: ScanOptions): Promise<WatchmanReport> {
     const start = performance.now();
     const files = await collectFiles(
       this.config.projectRoot,
       this.config.exclude ?? [],
     );
     const results: ScanResult[] = [];
+    const telemetry = options?.telemetry;
+    const sessionId = options?.sessionId;
+    const canReport = telemetry && sessionId;
 
     for (const [id, scanner] of this.scanners) {
       const scannerConfig = this.config.scanners[id];
@@ -103,6 +112,23 @@ export class WatchmanEngine {
 
       await scanner.scan(ctx);
 
+      // Fire-and-forget telemetry for each finding
+      if (canReport) {
+        for (const f of findings) {
+          telemetry.reportFinding(
+            {
+              scanner: f.scanner,
+              rule: f.rule,
+              severity: f.severity,
+              target: f.location?.file,
+              message: f.message,
+              evidence: f.evidence,
+            },
+            sessionId,
+          );
+        }
+      }
+
       results.push({
         scanner: id,
         findings,

package/src/index.ts

@@ -1,4 +1,12 @@
 export { WatchmanEngine } from './engine.js';
+export type { ScanOptions } from './engine.js';
+export { createTelemetryReporter } from './telemetry.js';
+export type {
+  TelemetryConfig,
+  TelemetryFinding,
+  TelemetryReporter,
+  StartSessionOptions,
+} from './telemetry.js';
 
 export type {
   Severity,

package/src/patterns.ts

@@ -0,0 +1,13 @@
+// Edge-safe exports: pattern arrays + types only, no Node.js APIs
+export { INJECTION_SIGNATURES } from './scanners/ai-tool-integrity/patterns/injection-signatures.js';
+export type { InjectionSignature } from './scanners/ai-tool-integrity/patterns/injection-signatures.js';
+export { SECRET_SIGNATURES } from './scanners/secrets-exposure/patterns/secret-signatures.js';
+export type { SecretSignature } from './scanners/secrets-exposure/patterns/secret-signatures.js';
+
+export type {
+  Severity,
+  ScannerId,
+  Finding,
+  ScanResult,
+  WatchmanReport,
+} from './types/index.js';

package/src/telemetry.ts

@@ -0,0 +1,124 @@
+/**
+ * Telemetry reporter — fire-and-forget finding/session reporting.
+ *
+ * Edge Runtime compatible: uses only global fetch + AbortSignal.
+ * A failed telemetry call never delays or breaks the host app request.
+ */
+
+import type { Severity } from './types/config.types.js';
+
+// ── Types ───────────────────────────────────────────────────────────
+
+export interface TelemetryConfig {
+  /** Watchman API base URL, e.g. "https://watchman.guide" */
+  endpoint: string;
+  /** Tenant API key (raw, not hashed) */
+  apiKey: string;
+}
+
+/** Shape accepted by reportFinding — adapters map their finding type to this. */
+export interface TelemetryFinding {
+  scanner: string;
+  rule: string;
+  severity: Severity;
+  target?: string;
+  label?: string;
+  message: string;
+  evidence?: string;
+}
+
+export interface StartSessionOptions {
+  commitSha?: string;
+  branch?: string;
+  environment?: string;
+}
+
+export interface TelemetryReporter {
+  /** Report a single finding to the Watchman API. Fire-and-forget. */
+  reportFinding: (finding: TelemetryFinding, sessionId: string) => void;
+  /** Open a scan session. Returns the session ID (or null on failure). */
+  startSession: (
+    projectSlug: string,
+    options?: StartSessionOptions,
+  ) => Promise<string | null>;
+  /** Close a scan session. Fire-and-forget. */
+  endSession: (sessionId: string) => void;
+}
+
+// ── Constants ───────────────────────────────────────────────────────
+
+const TIMEOUT_MS = 5_000;
+
+// ── Factory ─────────────────────────────────────────────────────────
+
+export function createTelemetryReporter(
+  config: TelemetryConfig,
+): TelemetryReporter {
+  const { endpoint, apiKey } = config;
+
+  // Normalise base URL (strip trailing slash)
+  const base = endpoint.replace(/\/+$/, '');
+
+  /** POST helper — swallows all errors. */
+  async function post<T = unknown>(
+    path: string,
+    body: Record<string, unknown>,
+  ): Promise<T | null> {
+    try {
+      const res = await fetch(`${base}${path}`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Authorization: `Bearer ${apiKey}`,
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(TIMEOUT_MS),
+      });
+
+      if (!res.ok) return null;
+      return (await res.json()) as T;
+    } catch {
+      // Network failure, timeout, JSON parse error — all swallowed.
+      return null;
+    }
+  }
+
+  // ── Public API ──────────────────────────────────────────────────
+
+  function reportFinding(finding: TelemetryFinding, sessionId: string): void {
+    // Fire-and-forget — caller does not await.
+    void post('/api/findings', {
+      session_id: sessionId,
+      scanner: finding.scanner,
+      rule: finding.rule,
+      severity: finding.severity,
+      target: finding.target ?? null,
+      label: finding.label ?? null,
+      details: {
+        message: finding.message,
+        evidence: finding.evidence ?? null,
+      },
+    });
+  }
+
+  async function startSession(
+    projectSlug: string,
+    options?: StartSessionOptions,
+  ): Promise<string | null> {
+    const result = await post<{ id: string }>('/api/sessions/start', {
+      project_slug: projectSlug,
+      commit_sha: options?.commitSha ?? null,
+      branch: options?.branch ?? null,
+      environment: options?.environment ?? null,
+    });
+    return result?.id ?? null;
+  }
+
+  function endSession(sessionId: string): void {
+    void post('/api/sessions/end', {
+      session_id: sessionId,
+    });
+  }
+
+  return { reportFinding, startSession, endSession };
+}