@kevinrabun/judges 3.49.0 → 3.51.0

package/dist/commands/compliance-map.js

@@ -0,0 +1,375 @@
+/**
+ * Compliance map — map findings to multiple compliance frameworks
+ * (HIPAA, SOC2, PCI-DSS, ISO 27001, NIST 800-53).
+ *
+ * Produces a unified cross-walk matrix with gap analysis.
+ * All analysis local — no data leaves the machine.
+ */
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "fs";
+import { join } from "path";
+// ─── Frameworks ─────────────────────────────────────────────────────────────
+const FRAMEWORKS = [
+    {
+        id: "hipaa",
+        name: "HIPAA",
+        controls: [
+            {
+                id: "164.312(a)(1)",
+                title: "Access Control",
+                description: "Implement technical policies for electronic information systems access",
+            },
+            {
+                id: "164.312(a)(2)(iv)",
+                title: "Encryption and Decryption",
+                description: "Implement encryption mechanism for ePHI",
+            },
+            {
+                id: "164.312(c)(1)",
+                title: "Integrity",
+                description: "Implement policies to protect ePHI from improper alteration",
+            },
+            {
+                id: "164.312(d)",
+                title: "Authentication",
+                description: "Implement procedures to verify person or entity seeking access",
+            },
+            {
+                id: "164.312(e)(1)",
+                title: "Transmission Security",
+                description: "Implement technical security measures for electronic transmission",
+            },
+            {
+                id: "164.308(a)(1)(ii)(D)",
+                title: "Information System Activity Review",
+                description: "Implement procedures for regular review of records",
+            },
+        ],
+    },
+    {
+        id: "soc2",
+        name: "SOC 2",
+        controls: [
+            { id: "CC6.1", title: "Logical Access Security", description: "Logical access security over information assets" },
+            { id: "CC6.3", title: "Role-Based Access", description: "Role-based access and least privilege" },
+            { id: "CC6.6", title: "System Boundaries", description: "Security measures at system boundaries" },
+            { id: "CC6.7", title: "Data Transmission", description: "Restrict transmission of data to authorized parties" },
+            { id: "CC7.2", title: "System Monitoring", description: "Monitor system components for anomalies" },
+            { id: "CC8.1", title: "Change Management", description: "Changes to infrastructure and software are authorized" },
+        ],
+    },
+    {
+        id: "pci-dss",
+        name: "PCI-DSS v4.0",
+        controls: [
+            { id: "Req-2.2.1", title: "System Hardening", description: "Primary function configuration standards" },
+            { id: "Req-3.4", title: "PAN Protection", description: "Render PAN unreadable anywhere it's stored" },
+            { id: "Req-4.2.1", title: "Strong Cryptography", description: "Strong cryptography for PAN transmission" },
+            { id: "Req-6.2.4", title: "Secure Coding", description: "Software engineering techniques prevent attacks" },
+            {
+                id: "Req-6.3.1",
+                title: "Vulnerability Management",
+                description: "Security vulnerabilities identified and managed",
+            },
+            { id: "Req-8.3.1", title: "Authentication", description: "Strong authentication for user access" },
+            { id: "Req-10.2.1", title: "Audit Logs", description: "Logging mechanisms enabled" },
+        ],
+    },
+    {
+        id: "iso27001",
+        name: "ISO 27001:2022",
+        controls: [
+            { id: "A.5.15", title: "Access Control", description: "Rules for access control based on business requirements" },
+            {
+                id: "A.8.3",
+                title: "Information Access Restriction",
+                description: "Access to information restricted per access control policy",
+            },
+            {
+                id: "A.8.9",
+                title: "Configuration Management",
+                description: "Configurations including security configurations managed",
+            },
+            { id: "A.8.12", title: "Data Leakage Prevention", description: "Measures applied to prevent data leakage" },
+            { id: "A.8.24", title: "Cryptography", description: "Rules for effective use of cryptography" },
+            { id: "A.8.25", title: "Secure Development", description: "Rules for secure development of software" },
+            { id: "A.8.28", title: "Secure Coding", description: "Secure coding principles applied to development" },
+        ],
+    },
+    {
+        id: "nist800-53",
+        name: "NIST 800-53 Rev 5",
+        controls: [
+            { id: "AC-3", title: "Access Enforcement", description: "Enforce approved authorizations for access" },
+            { id: "AC-6", title: "Least Privilege", description: "Employ principle of least privilege" },
+            { id: "AU-2", title: "Event Logging", description: "Identify events requiring logging" },
+            { id: "IA-5", title: "Authenticator Management", description: "Manage information system authenticators" },
+            { id: "SC-8", title: "Transmission Confidentiality", description: "Protect transmitted information" },
+            { id: "SC-13", title: "Cryptographic Protection", description: "Implement cryptographic mechanisms" },
+            { id: "SI-10", title: "Information Input Validation", description: "Check validity of information inputs" },
+            { id: "SA-11", title: "Developer Testing", description: "Require system developer to create test plan" },
+        ],
+    },
+];
+// ─── Rule-to-control mappings ───────────────────────────────────────────────
+const RULE_MAPPINGS = [
+    {
+        rulePattern: /sql[-_]?inject|inject|xss|command[-_]?inject|input[-_]?valid/i,
+        frameworks: {
+            hipaa: ["164.312(c)(1)"],
+            soc2: ["CC6.6"],
+            "pci-dss": ["Req-6.2.4"],
+            iso27001: ["A.8.28"],
+            "nist800-53": ["SI-10"],
+        },
+    },
+    {
+        rulePattern: /crypt|encrypt|hash|tls|ssl|cert/i,
+        frameworks: {
+            hipaa: ["164.312(a)(2)(iv)", "164.312(e)(1)"],
+            soc2: ["CC6.7"],
+            "pci-dss": ["Req-4.2.1"],
+            iso27001: ["A.8.24"],
+            "nist800-53": ["SC-8", "SC-13"],
+        },
+    },
+    {
+        rulePattern: /auth|login|session|token|credential|password/i,
+        frameworks: {
+            hipaa: ["164.312(d)"],
+            soc2: ["CC6.1"],
+            "pci-dss": ["Req-8.3.1"],
+            iso27001: ["A.5.15"],
+            "nist800-53": ["IA-5", "AC-3"],
+        },
+    },
+    {
+        rulePattern: /access[-_]?control|privilege|rbac|permission|author/i,
+        frameworks: {
+            hipaa: ["164.312(a)(1)"],
+            soc2: ["CC6.3"],
+            "pci-dss": ["Req-8.3.1"],
+            iso27001: ["A.8.3"],
+            "nist800-53": ["AC-3", "AC-6"],
+        },
+    },
+    {
+        rulePattern: /log|audit|monitor|trace/i,
+        frameworks: {
+            hipaa: ["164.308(a)(1)(ii)(D)"],
+            soc2: ["CC7.2"],
+            "pci-dss": ["Req-10.2.1"],
+            iso27001: ["A.8.9"],
+            "nist800-53": ["AU-2"],
+        },
+    },
+    {
+        rulePattern: /secret|leak|expos|sensitive|pii|pan|credit[-_]?card/i,
+        frameworks: {
+            hipaa: ["164.312(a)(2)(iv)"],
+            soc2: ["CC6.7"],
+            "pci-dss": ["Req-3.4"],
+            iso27001: ["A.8.12"],
+            "nist800-53": ["SC-13"],
+        },
+    },
+    {
+        rulePattern: /config|harden|secure[-_]?default|misconfigur/i,
+        frameworks: {
+            soc2: ["CC8.1"],
+            "pci-dss": ["Req-2.2.1"],
+            iso27001: ["A.8.9"],
+            "nist800-53": ["SA-11"],
+        },
+    },
+    {
+        rulePattern: /vuln|cve|dependency|outdated|package/i,
+        frameworks: {
+            "pci-dss": ["Req-6.3.1"],
+            iso27001: ["A.8.25"],
+            "nist800-53": ["SA-11"],
+        },
+    },
+];
+function loadFindings(inputPath) {
+    const content = readFileSync(inputPath, "utf-8");
+    const data = JSON.parse(content);
+    // SARIF format
+    if (data.$schema?.includes("sarif") || data.runs) {
+        const findings = [];
+        for (const run of data.runs || []) {
+            for (const result of run.results || []) {
+                const r = result;
+                findings.push({
+                    ruleId: r.ruleId || "unknown",
+                    title: r.message?.text || r.ruleId || "Unknown",
+                    severity: r.level === "error" ? "high" : r.level === "warning" ? "medium" : "low",
+                });
+            }
+        }
+        return findings;
+    }
+    // Judges tribunal output
+    if (data.findings) {
+        return data.findings.map((f) => ({
+            ruleId: f.ruleId || "unknown",
+            title: f.title || f.ruleId || "Unknown",
+            severity: f.severity || "medium",
+        }));
+    }
+    // Array of findings
+    if (Array.isArray(data)) {
+        return data.map((f) => ({
+            ruleId: f.ruleId || "unknown",
+            title: f.title || "Unknown",
+            severity: f.severity || "medium",
+        }));
+    }
+    return [];
+}
+function mapToFrameworks(findings) {
+    return findings.map((f) => {
+        const frameworks = {};
+        const combined = `${f.ruleId} ${f.title}`;
+        for (const mapping of RULE_MAPPINGS) {
+            if (mapping.rulePattern.test(combined)) {
+                for (const [fwId, controls] of Object.entries(mapping.frameworks)) {
+                    if (!frameworks[fwId])
+                        frameworks[fwId] = [];
+                    for (const c of controls) {
+                        if (!frameworks[fwId].includes(c))
+                            frameworks[fwId].push(c);
+                    }
+                }
+            }
+        }
+        return { ruleId: f.ruleId, title: f.title, severity: f.severity, frameworks };
+    });
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runComplianceMap(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges compliance-map — Map findings to compliance frameworks
+
+Usage:
+  judges compliance-map <findings.json>
+  judges compliance-map report.sarif.json --frameworks hipaa,pci-dss
+  judges compliance-map findings.json --format json --output compliance.json
+
+Options:
+  --frameworks <list>   Filter frameworks (comma-separated: hipaa,soc2,pci-dss,iso27001,nist800-53)
+  --list-frameworks     List all supported frameworks and controls
+  --gap-analysis        Show which controls have no matching findings
+  --format json         JSON output
+  --output <file>       Write report to file
+  --help, -h            Show this help
+
+Supported Frameworks: ${FRAMEWORKS.map((f) => f.id).join(", ")}
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const outputFile = argv.find((_a, i) => argv[i - 1] === "--output");
+    if (argv.includes("--list-frameworks")) {
+        if (format === "json") {
+            console.log(JSON.stringify(FRAMEWORKS, null, 2));
+        }
+        else {
+            for (const fw of FRAMEWORKS) {
+                console.log(`\n  ${fw.name} (${fw.id})`);
+                console.log("  ──────────────────────────");
+                for (const c of fw.controls) {
+                    console.log(`    ${c.id.padEnd(20)} ${c.title}`);
+                }
+            }
+            console.log("");
+        }
+        return;
+    }
+    const inputFile = argv.find((a) => !a.startsWith("--") && !argv[argv.indexOf(a) - 1]?.startsWith("--"));
+    if (!inputFile || !existsSync(inputFile)) {
+        console.error("  Please provide a valid findings file (JSON or SARIF)");
+        return;
+    }
+    const fwFilter = argv.find((_a, i) => argv[i - 1] === "--frameworks");
+    const showGaps = argv.includes("--gap-analysis");
+    let findings;
+    try {
+        findings = loadFindings(inputFile);
+    }
+    catch (err) {
+        console.error(`  Failed to parse findings: ${err instanceof Error ? err.message : String(err)}`);
+        return;
+    }
+    const mapped = mapToFrameworks(findings);
+    let activeFrameworks = FRAMEWORKS;
+    if (fwFilter) {
+        const allowed = fwFilter.split(",");
+        activeFrameworks = FRAMEWORKS.filter((f) => allowed.includes(f.id));
+    }
+    // Build coverage matrix
+    const coverage = {};
+    for (const fw of activeFrameworks)
+        coverage[fw.id] = new Set();
+    for (const m of mapped) {
+        for (const [fwId, controls] of Object.entries(m.frameworks)) {
+            if (!coverage[fwId])
+                continue;
+            for (const c of controls)
+                coverage[fwId].add(c);
+        }
+    }
+    const report = {
+        findings: mapped,
+        coverage: Object.fromEntries(activeFrameworks.map((fw) => [
+            fw.id,
+            {
+                name: fw.name,
+                totalControls: fw.controls.length,
+                coveredControls: coverage[fw.id].size,
+                coveragePercent: fw.controls.length > 0 ? Math.round((coverage[fw.id].size / fw.controls.length) * 100) : 0,
+                covered: [...coverage[fw.id]],
+                gaps: fw.controls.filter((c) => !coverage[fw.id].has(c.id)).map((c) => c.id),
+            },
+        ])),
+        totalFindings: findings.length,
+        mappedFindings: mapped.filter((m) => Object.keys(m.frameworks).length > 0).length,
+        timestamp: new Date().toISOString(),
+    };
+    if (outputFile) {
+        const dir = join(".", ".judges-compliance");
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        writeFileSync(join(dir, outputFile), JSON.stringify(report, null, 2));
+        console.log(`  Report saved to .judges-compliance/${outputFile}`);
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(report, null, 2));
+    }
+    else {
+        console.log(`\n  Compliance Mapping — ${findings.length} findings`);
+        console.log(`  Mapped: ${report.mappedFindings} | Unmapped: ${findings.length - report.mappedFindings}\n  ──────────────────────────`);
+        for (const fw of activeFrameworks) {
+            const cov = report.coverage[fw.id];
+            const bar = "█".repeat(Math.round(cov.coveragePercent / 5)) + "░".repeat(20 - Math.round(cov.coveragePercent / 5));
+            console.log(`\n    ${fw.name.padEnd(20)} ${bar} ${cov.coveragePercent}% (${cov.coveredControls}/${cov.totalControls})`);
+            if (showGaps && cov.gaps.length > 0) {
+                console.log(`      Gaps: ${cov.gaps.join(", ")}`);
+            }
+        }
+        // Cross-walk table
+        console.log("\n    Cross-Walk Matrix:");
+        console.log("    " + "Finding".padEnd(40) + activeFrameworks.map((f) => f.id.padEnd(12)).join(""));
+        console.log("    " + "─".repeat(40 + activeFrameworks.length * 12));
+        for (const m of mapped.slice(0, 20)) {
+            const cols = activeFrameworks
+                .map((f) => (m.frameworks[f.id]?.length ? `✓ (${m.frameworks[f.id].length})`.padEnd(12) : "—".padEnd(12)))
+                .join("");
+            console.log("    " + m.ruleId.substring(0, 38).padEnd(40) + cols);
+        }
+        if (mapped.length > 20)
+            console.log(`    ... and ${mapped.length - 20} more findings`);
+        console.log("");
+    }
+}
+//# sourceMappingURL=compliance-map.js.map

package/dist/commands/compliance-map.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-map.js","sourceRoot":"","sources":["../../src/commands/compliance-map.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AA4B5B,+EAA+E;AAE/E,MAAM,UAAU,GAAmB;IACjC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE;YACR;gBACE,EAAE,EAAE,eAAe;gBACnB,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,wEAAwE;aACtF;YACD;gBACE,EAAE,EAAE,mBAAmB;gBACvB,KAAK,EAAE,2BAA2B;gBAClC,WAAW,EAAE,yCAAyC;aACvD;YACD;gBACE,EAAE,EAAE,eAAe;gBACnB,KAAK,EAAE,WAAW;gBAClB,WAAW,EAAE,6DAA6D;aAC3E;YACD;gBACE,EAAE,EAAE,YAAY;gBAChB,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,gEAAgE;aAC9E;YACD;gBACE,EAAE,EAAE,eAAe;gBACnB,KAAK,EAAE,uBAAuB;gBAC9B,WAAW,EAAE,mEAAmE;aACjF;YACD;gBACE,EAAE,EAAE,sBAAsB;gBAC1B,KAAK,EAAE,oCAAoC;gBAC3C,WAAW,EAAE,oDAAoD;aAClE;SACF;KACF;IACD;QACE,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE;YACR,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,yBAAyB,EAAE,WAAW,EAAE,iDAAiD,EAAE;YACjH,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,uCAAuC,EAAE;YACjG,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,wCAAwC,EAAE;YAClG,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,qDAAqD,EAAE;YAC/G,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,yCAAyC,EAAE;YACnG,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,uDAAuD,EAAE;SAClH;KACF;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE;YACR,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,0CAA0C,EAAE;YACvG,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,4CAA4C,EAAE;YACrG,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,0CAA0C,EAAE;YAC1G,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,iDAAiD,EAAE;YAC3G;gBACE,EAAE,EAAE,WAAW;gBACf,KAAK,EAAE,0BAA0B;gBACjC,WAAW,EAAE,iDAAiD;aAC/D;YACD,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,uCAAuC,EAAE;YAClG,EAAE,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,4BAA4B,EAAE;SACrF;KACF;IACD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE;YACR,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,yDAAyD,EAAE;YACjH;gBACE,EAAE,EAAE,OAAO;gBACX,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,4DAA4D;aAC1E;YACD;gBACE,EAAE,EAAE,OAAO;gBACX,KAAK,EAAE,0BAA0B;gBACjC,WAAW,EAAE,0DAA0D;aACxE;YACD,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,yBAAyB,EAAE,WAAW,EAAE,0CAA0C,EAAE;YAC3G,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,yCAAyC,EAAE;YAC/F,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE;YACtG,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,iDAAiD,EAAE;SACzG;KACF;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE;YACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,oBAAoB,EAAE,WAAW,EAAE,4CAA4C,EAAE;YACtG,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,qCAAqC,EAAE;YAC5F,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,mCAAmC,EAAE;YACxF,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,0BAA0B,EAAE,WAAW,EAAE,0CAA0C,EAAE;YAC1G,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,8BAA8B,EAAE,WAAW,EAAE,iCAAiC,EAAE;YACrG,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,0BAA0B,EAAE,WAAW,EAAE,oCAAoC,EAAE;YACrG,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,8BAA8B,EAAE,WAAW,EAAE,sCAAsC,EAAE;YAC3G,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,8CAA8C,EAAE;SACzG;KACF;CACF,CAAC;AAEF,+EAA+E;AAE/E,MAAM,aAAa,GAAkB;IACnC;QACE,WAAW,EAAE,+DAA+D;QAC5E,UAAU,EAAE;YACV,KAAK,EAAE,CAAC,eAAe,CAAC;YACxB,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,WAAW,CAAC;YACxB,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,YAAY,EAAE,CAAC,OAAO,CAAC;SACxB;KACF;IACD;QACE,WAAW,EAAE,kCAAkC;QAC/C,UAAU,EAAE;YACV,KAAK,EAAE,CAAC,mBAAmB,EAAE,eAAe,CAAC;YAC7C,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,WAAW,CAAC;YACxB,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,YAAY,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;SAChC;KACF;IACD;QACE,WAAW,EAAE,+CAA+C;QAC5D,UAAU,EAAE;YACV,KAAK,EAAE,CAAC,YAAY,CAAC;YACrB,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,WAAW,CAAC;YACxB,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;SAC/B;KACF;IACD;QACE,WAAW,EAAE,sDAAsD;QACnE,UAAU,EAAE;YACV,KAAK,EAAE,CAAC,eAAe,CAAC;YACxB,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,WAAW,CAAC;YACxB,QAAQ,EAAE,CAAC,OAAO,CAAC;YACnB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;SAC/B;KACF;IACD;QACE,WAAW,EAAE,0BAA0B;QACvC,UAAU,EAAE;YACV,KAAK,EAAE,CAAC,sBAAsB,CAAC;YAC/B,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,YAAY,CAAC;YACzB,QAAQ,EAAE,CAAC,OAAO,CAAC;YACnB,YAAY,EAAE,CAAC,MAAM,CAAC;SACvB;KACF;IACD;QACE,WAAW,EAAE,sDAAsD;QACnE,UAAU,EAAE;YACV,KAAK,EAAE,CAAC,mBAAmB,CAAC;YAC5B,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,SAAS,CAAC;YACtB,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,YAAY,EAAE,CAAC,OAAO,CAAC;SACxB;KACF;IACD;QACE,WAAW,EAAE,+CAA+C;QAC5D,UAAU,EAAE;YACV,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,SAAS,EAAE,CAAC,WAAW,CAAC;YACxB,QAAQ,EAAE,CAAC,OAAO,CAAC;YACnB,YAAY,EAAE,CAAC,OAAO,CAAC;SACxB;KACF;IACD;QACE,WAAW,EAAE,uCAAuC;QACpD,UAAU,EAAE;YACV,SAAS,EAAE,CAAC,WAAW,CAAC;YACxB,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,YAAY,EAAE,CAAC,OAAO,CAAC;SACxB;KACF;CACF,CAAC;AAUF,SAAS,YAAY,CAAC,SAAiB;IACrC,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEjC,eAAe;IACf,IAAI,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,QAAQ,GAA+D,EAAE,CAAC;QAChF,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;YAClC,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;gBACvC,MAAM,CAAC,GAAG,MAAsB,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,SAAS;oBAC7B,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,CAAC,MAAM,IAAI,SAAS;oBAC/C,QAAQ,EAAE,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;iBAClF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAyD,EAAE,EAAE,CAAC,CAAC;YACvF,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,SAAS;YAC7B,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,IAAI,SAAS;YACvC,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,QAAQ;SACjC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,oBAAoB;IACpB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAyD,EAAE,EAAE,CAAC,CAAC;YAC9E,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,SAAS;YAC7B,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,SAAS;YAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,QAAQ;SACjC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,QAAoE;IAC3F,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACxB,MAAM,UAAU,GAA6B,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QAC1C,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvC,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;wBAAE,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;oBAC7C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;wBACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;4BAAE,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAC9D,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC;IAChF,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;wBAgBQ,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;CAC7D,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC;IAEpF,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACvC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;oBAC5B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAChH,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACxE,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAEjD,IAAI,QAAoE,CAAC;IACzE,IAAI,CAAC;QACH,QAAQ,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjG,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAEzC,IAAI,gBAAgB,GAAG,UAAU,CAAC;IAClC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,gBAAgB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,wBAAwB;IACxB,MAAM,QAAQ,GAAgC,EAAE,CAAC;IACjD,KAAK,MAAM,EAAE,IAAI,gBAAgB;QAAE,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;IAC/D,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,SAAS;YAC9B,KAAK,MAAM,CAAC,IAAI,QAAQ;gBAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM,CAAC,WAAW,CAC1B,gBAAgB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC;YAC3B,EAAE,CAAC,EAAE;YACL;gBACE,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,aAAa,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM;gBACjC,eAAe,EAAE,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI;gBACrC,eAAe,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3G,OAAO,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC7B,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC7E;SACF,CAAC,CACH;QACD,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM;QACjF,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,wCAAwC,UAAU,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,4BAA4B,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CACT,aAAa,MAAM,CAAC,cAAc,gBAAgB,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,cAAc,gCAAgC,CAC1H,CAAC;QAEF,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YACnC,MAAM,GAAG,GACP,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,CAAC;YACzG,OAAO,CAAC,GAAG,CACT,SAAS,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,GAAG,IAAI,GAAG,CAAC,eAAe,MAAM,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,aAAa,GAAG,CAC3G,CAAC;YAEF,IAAI,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACnG,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,gBAAgB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,gBAAgB;iBAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;iBACzG,IAAI,CAAC,EAAE,CAAC,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,MAAM,GAAG,EAAE,gBAAgB,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/exec-report.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Exec report — executive security dashboard.
+ * Generates non-technical HTML report with risk posture summary,
+ * recurring issue trends, severity distribution, and remediation guidance.
+ *
+ * All data local.
+ */
+export declare function runExecReport(argv: string[]): void;
+//# sourceMappingURL=exec-report.d.ts.map

package/dist/commands/exec-report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec-report.d.ts","sourceRoot":"","sources":["../../src/commands/exec-report.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyPH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAuElD"}