@lhi/tdd-audit 1.9.0 → 1.11.0

package/README.md

@@ -1,6 +1,6 @@
 # @lhi/tdd-audit
 
-> **v1.9.0** — Security skill installer for **Claude Code, Gemini CLI, Cursor, Codex, and OpenCode**. Patches vulnerabilities using a Red-Green-Refactor exploit-test protocol — prove the hole exists, apply the fix, prove it's closed.
+> **v1.10.0** — Security skill installer for **Claude Code, Gemini CLI, Cursor, Codex, and OpenCode**. Patches vulnerabilities using a Red-Green-Refactor exploit-test protocol — prove the hole exists, apply the fix, prove it's closed.
 
 ## Install
 
@@ -25,6 +25,9 @@ On first run the installer:
 | `--with-hooks` | Add a pre-commit hook that blocks commits on failing security tests |
 | `--skip-scan` | Skip the vulnerability scan on install |
 | `--scan` / `--scan-only` | Scan only — no install, no code changes |
+| `--json` | Output findings as JSON |
+| `--format sarif` | Output findings as SARIF 2.1.0 (GitHub code scanning) |
+| `--config <path>` | Load config from an explicit file path |
 
 ### Platform
 
@@ -41,6 +44,39 @@ On first run the installer:
 
 The agent detects your stack, presents a CRITICAL → LOW findings report, waits for confirmation, then works through each vulnerability one at a time using Red-Green-Refactor. Pass `--scan` for a report-only run with no code changes.
 
+## Config file
+
+Scaffold a starter config with a single command:
+
+```bash
+npx @lhi/tdd-audit init
+# or at a custom path:
+npx @lhi/tdd-audit init ~/configs/my-audit.json
+```
+
+`.tdd-audit.json` — all CLI flags settable here, loaded automatically from your project root:
+
+```json
+{
+  "provider":          "openai",
+  "model":             "gpt-4o",
+  "apiKeyEnv":         "OPENAI_API_KEY",
+  "baseUrl":           null,
+  "output":            "text",
+  "severityThreshold": "LOW",
+  "port":              3000,
+  "serverApiKey":      null,
+  "trustProxy":        false,
+  "ignore":            ["node_modules", "dist", "build", "coverage"]
+}
+```
+
+Point to a config anywhere with `--config`:
+
+```bash
+npx @lhi/tdd-audit serve --config ~/configs/prod-audit.json
+```
+
 ## REST API + AI remediation
 
 ```bash
@@ -52,12 +88,15 @@ curl -X POST http://localhost:3000/scan \
   -H "Authorization: Bearer YOUR_SECRET" \
   -d '{"path": "."}' | jq '.summary'
 
-# Auto-fix with any AI provider
-npx @lhi/tdd-audit --scan --fix critical \
-  --provider anthropic --api-key $ANTHROPIC_API_KEY --json
+# Use any OpenAI-compatible service (Groq, OpenRouter, Together AI, etc.)
+npx @lhi/tdd-audit serve \
+  --provider openai \
+  --base-url https://api.groq.com/openai/v1 \
+  --api-key $GROQ_API_KEY \
+  --model llama-3.3-70b-versatile
 ```
 
-Supported providers: `anthropic` · `openai` · `gemini` · `ollama` (local)
+Supported providers: `anthropic` · `openai` · `gemini` · `ollama` (local) · **any OpenAI-compatible endpoint via `--base-url`**
 
 ## Output formats
 
@@ -67,26 +106,24 @@ npx @lhi/tdd-audit --scan --format sarif  # GitHub code scanning (inline PR anno
 npx @lhi/tdd-audit --scan                 # human-readable text (default)
 ```
 
-## Config file
+## Testing
 
-`.tdd-audit.json` in your project root — all CLI flags can be set here:
+323 tests across unit, integration, and security suites:
 
-```json
-{
-  "port": 3000,
-  "output": "json",
-  "provider": "anthropic",
-  "apiKeyEnv": "ANTHROPIC_API_KEY",
-  "severityThreshold": "HIGH"
-}
+```bash
+npm test                  # full suite
+npm run test:unit         # unit tests with coverage
+npm run test:security     # security regression tests only
 ```
 
+Security tests cover prompt injection, path traversal, rate limiting, timing-safe auth, job store bounds, SARIF schema, and more. See [`__tests__/security/`](__tests__/security/) for all 17 regression tests.
+
 ## Documentation
 
 | | |
 |---|---|
-| [REST API](docs/rest-api.md) | Endpoints, auth, request/response schema, curl examples |
-| [AI Remediation](docs/ai-remediation.md) | Provider setup, CLI flags, Ollama local mode |
+| [REST API](docs/rest-api.md) | Endpoints, auth, rate limiting, trust-proxy, request/response schema |
+| [AI Remediation](docs/ai-remediation.md) | Provider setup, `--base-url` for compatible APIs, config file |
 | [Scanner](docs/scanner.md) | Architecture, detection logic, false-positive handling |
 | [Vulnerability Patterns](docs/vulnerability-patterns.md) | All 34 patterns — descriptions, grep signatures, fix pointers |
 | [TDD Protocol](docs/tdd-protocol.md) | Red-Green-Refactor in full, with framework templates for all 6 stacks |

package/docs/ai-remediation.md

@@ -4,22 +4,115 @@ Pass a provider and API key to have tdd-audit autonomously generate exploit test
 
 ---
 
-## CLI usage
+## Config file (recommended)
+
+Scaffold once, run anywhere:
+
+```bash
+npx @lhi/tdd-audit init
+```
+
+Edit `.tdd-audit.json`:
+
+```json
+{
+  "provider":   "openai",
+  "model":      "gpt-4o",
+  "apiKeyEnv":  "OPENAI_API_KEY"
+}
+```
+
+`apiKeyEnv` names the environment variable to read the key from — no key ever touches disk. Then just:
+
+```bash
+npx @lhi/tdd-audit serve
+```
+
+Point to a config at any path:
 
 ```bash
-# Scan and auto-fix all CRITICAL findings via Anthropic
-npx @lhi/tdd-audit --scan --fix critical \
+npx @lhi/tdd-audit serve --config ~/configs/my-audit.json
+```
+
+---
+
+## CLI flags
+
+```bash
+# Anthropic
+npx @lhi/tdd-audit serve \
   --provider anthropic \
   --api-key $ANTHROPIC_API_KEY
 
-# Fix everything, use a specific model
-npx @lhi/tdd-audit --scan --fix all \
+# OpenAI
+npx @lhi/tdd-audit serve \
   --provider openai \
-  --model gpt-4o \
   --api-key $OPENAI_API_KEY \
-  --json
+  --model gpt-4o-mini
+```
+
+---
+
+## OpenAI-compatible services
+
+Any service that exposes the OpenAI chat completions API works via `--base-url`.
+The API key is sent in the `Authorization: Bearer` header — never in the URL.
+
+```bash
+# Groq (fast inference)
+npx @lhi/tdd-audit serve \
+  --provider openai \
+  --base-url https://api.groq.com/openai/v1 \
+  --model llama-3.3-70b-versatile \
+  --api-key $GROQ_API_KEY
+
+# OpenRouter (access 200+ models)
+npx @lhi/tdd-audit serve \
+  --provider openai \
+  --base-url https://openrouter.ai/api/v1 \
+  --model meta-llama/llama-3.3-70b-instruct \
+  --api-key $OPENROUTER_API_KEY
+
+# Together AI
+npx @lhi/tdd-audit serve \
+  --provider openai \
+  --base-url https://api.together.xyz/v1 \
+  --model mistralai/Mixtral-8x7B-Instruct-v0.1 \
+  --api-key $TOGETHER_API_KEY
+
+# LM Studio / vLLM / llama.cpp (fully local)
+npx @lhi/tdd-audit serve \
+  --provider openai \
+  --base-url http://localhost:1234/v1 \
+  --model local-model
+  # no --api-key needed for local servers
+```
+
+In `.tdd-audit.json`:
+
+```json
+{
+  "provider":  "openai",
+  "baseUrl":   "https://api.groq.com/openai/v1",
+  "model":     "llama-3.3-70b-versatile",
+  "apiKeyEnv": "GROQ_API_KEY"
+}
 ```
 
+---
+
+## Supported providers
+
+| Provider | `--provider` | Default model | Key env var | Notes |
+|---|---|---|---|---|
+| Anthropic | `anthropic` | `claude-opus-4-6` | `ANTHROPIC_API_KEY` | |
+| OpenAI | `openai` | `gpt-4o` | `OPENAI_API_KEY` | Supports `--base-url` |
+| Google Gemini | `gemini` | `gemini-2.0-flash` | `GEMINI_API_KEY` | Key sent via `x-goog-api-key` header |
+| Ollama (local) | `ollama` | `llama3` | — | No key required |
+| Any OpenAI-compat | `openai` | — | varies | Set `--base-url` |
+
+---
+
 ## REST API usage
 
 ```bash
@@ -29,11 +122,18 @@ FINDINGS=$(curl -s -X POST http://localhost:3000/scan \
   -H "Content-Type: application/json" \
   -d '{"path": "."}' | jq '.findings')
 
-# 2. Submit remediation job
+# 2. Submit remediation job (using Groq via --base-url)
 JOB=$(curl -s -X POST http://localhost:3000/remediate \
   -H "Authorization: Bearer $SERVER_KEY" \
   -H "Content-Type: application/json" \
-  -d "{\"findings\": $FINDINGS, \"provider\": \"anthropic\", \"apiKey\": \"$ANTHROPIC_API_KEY\", \"severity\": \"HIGH\"}")
+  -d "{
+    \"findings\": $FINDINGS,
+    \"provider\": \"openai\",
+    \"apiKey\": \"$GROQ_API_KEY\",
+    \"baseUrl\": \"https://api.groq.com/openai/v1\",
+    \"model\": \"llama-3.3-70b-versatile\",
+    \"severity\": \"HIGH\"
+  }")
 
 JOB_ID=$(echo $JOB | jq -r '.jobId')
 
@@ -44,31 +144,6 @@ curl -s "http://localhost:3000/jobs/$JOB_ID" \
 
 ---
 
-## Supported providers
-
-| Provider | `--provider` | Default model | Key env var |
-|---|---|---|---|
-| Anthropic | `anthropic` | `claude-opus-4-6` | `ANTHROPIC_API_KEY` |
-| OpenAI | `openai` | `gpt-4o` | `OPENAI_API_KEY` |
-| Google Gemini | `gemini` | `gemini-2.0-flash` | `GEMINI_API_KEY` |
-| Ollama (local) | `ollama` | `llama3` | — |
-
----
-
-## Config file
-
-```json
-{
-  "provider": "anthropic",
-  "model": "claude-opus-4-6",
-  "apiKeyEnv": "ANTHROPIC_API_KEY"
-}
-```
-
-`apiKeyEnv` lets you name the environment variable to read the key from, so no key is ever written to disk.
-
----
-
 ## What the model returns
 
 For each finding the remediator sends a structured prompt and expects back:
@@ -94,12 +169,12 @@ The result is returned as-is from the API — review and apply patches manually
 ## Ollama (fully local / air-gapped)
 
 ```bash
-# Start Ollama with a code model
+# Pull a code model
 ollama pull codellama
 ollama serve
 
 # Run tdd-audit against it
-npx @lhi/tdd-audit --scan --fix high \
+npx @lhi/tdd-audit serve \
   --provider ollama \
   --model codellama
 ```

package/docs/rest-api.md

@@ -7,16 +7,25 @@
 ## Start the server
 
 ```bash
+# Minimal
 npx @lhi/tdd-audit serve --port 3000 --api-key YOUR_SECRET
+
+# With config file (recommended)
+npx @lhi/tdd-audit init                    # scaffold .tdd-audit.json
+npx @lhi/tdd-audit serve                   # reads config automatically
+
+# Point to a config anywhere
+npx @lhi/tdd-audit serve --config ~/configs/prod.json
 ```
 
-Or via config file (`.tdd-audit.json` in your project root):
+**`.tdd-audit.json` server options:**
 
 ```json
 {
-  "port": 3000,
+  "port":         3000,
   "serverApiKey": "YOUR_SECRET",
-  "output": "json"
+  "output":       "json",
+  "trustProxy":   false
 }
 ```
 
@@ -24,7 +33,9 @@ If `--api-key` / `serverApiKey` is omitted the server starts unauthenticated wit
 
 ---
 
-## Authentication
+## Security
+
+### Authentication
 
 All endpoints except `GET /health` require:
 
@@ -34,13 +45,38 @@ Authorization: Bearer YOUR_SECRET
 
 Missing or wrong key → `401 Unauthorized`.
 
+Tokens are compared using **HMAC + `crypto.timingSafeEqual`** to prevent timing-oracle attacks.
+
+### Rate limiting
+
+All endpoints are rate-limited to **60 requests / IP / minute** (default). Exceeding the limit returns `429 Too Many Requests`.
+
+By default the rate limiter keys on the **socket IP**, not `X-Forwarded-For`, to prevent header-spoofing bypasses. Enable proxy-forwarded IPs only if you are behind a trusted reverse proxy:
+
+```json
+{ "trustProxy": true }
+```
+
+### Path validation
+
+`POST /scan` validates that the requested path is inside the server's working directory (normalised with a trailing separator to prevent sibling-directory prefix bypasses). Paths outside cwd return `400`.
+
+### Security headers
+
+Every response includes:
+
+```
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+```
+
 ---
 
 ## Endpoints
 
 ### `GET /health`
 
-No auth required.
+No auth required. Returns server status and version.
 
 ```json
 { "status": "ok", "version": "1.9.0" }
@@ -55,38 +91,40 @@ Scan a local path and return structured findings.
 **Request**
 ```json
 {
-  "path": ".",
+  "path":   ".",
   "format": "json"
 }
 ```
 
 | Field | Type | Default | Description |
 |---|---|---|---|
-| `path` | string | cwd | Absolute or relative path to scan. Must be inside cwd. |
+| `path` | string | cwd | Absolute or relative path to scan. Must be inside server cwd. |
 | `format` | `"json"` \| `"sarif"` | `"json"` | Output format |
 
-**Response — JSON format**
+**Response — JSON**
 ```json
 {
-  "version": "1.9.0",
-  "summary": { "CRITICAL": 1, "HIGH": 3, "MEDIUM": 1, "LOW": 0 },
-  "findings": [ ... ],
+  "version":             "1.9.0",
+  "summary":             { "CRITICAL": 1, "HIGH": 3, "MEDIUM": 1, "LOW": 0 },
+  "findings":            [ ... ],
   "likelyFalsePositives": [ ... ],
-  "exempted": [],
-  "scannedAt": "2026-03-25T12:00:00.000Z",
-  "duration": 42
+  "exempted":            [],
+  "scannedAt":           "2026-03-25T12:00:00.000Z",
+  "duration":            42
 }
 ```
 
-**Response — SARIF format**
+**Response — SARIF**
 
 Returns a SARIF 2.1.0 object ready to upload to GitHub code scanning.
 
 **Errors**
+
 | Status | Reason |
 |---|---|
-| 400 | Missing path, path traversal attempt, or invalid JSON body |
+| 400 | Path traversal attempt, sibling-directory bypass, oversized body (> 512 KB), or invalid JSON |
 | 401 | Missing or invalid API key |
+| 429 | Rate limit exceeded |
 
 ---
 
@@ -94,13 +132,16 @@ Returns a SARIF 2.1.0 object ready to upload to GitHub code scanning.
 
 Queue an AI-powered remediation job. Returns immediately with a `jobId`; poll `/jobs/:id` for results.
 
+The server stores up to **1 000 jobs** in memory (TTL: 1 hour). Oldest jobs are evicted when the cap is reached.
+
 **Request**
 ```json
 {
   "findings": [ ... ],
-  "provider": "anthropic",
-  "apiKey": "sk-ant-...",
-  "model": "claude-opus-4-6",
+  "provider": "openai",
+  "apiKey":   "sk-...",
+  "model":    "gpt-4o",
+  "baseUrl":  "https://api.groq.com/openai/v1",
   "severity": "HIGH"
 }
 ```
@@ -111,6 +152,7 @@ Queue an AI-powered remediation job. Returns immediately with a `jobId`; poll `/
 | `provider` | yes | `anthropic` \| `openai` \| `gemini` \| `ollama` |
 | `apiKey` | yes | Provider API key |
 | `model` | no | Defaults per provider (see [AI Remediation](ai-remediation.md)) |
+| `baseUrl` | no | Override base URL for any OpenAI-compatible service |
 | `severity` | no | Minimum severity to fix. Default: `LOW` (fix all) |
 
 **Response**
@@ -124,7 +166,7 @@ Queue an AI-powered remediation job. Returns immediately with a `jobId`; poll `/
 
 Poll for remediation job status.
 
-**Response — pending**
+**Response — pending / running**
 ```json
 { "id": "job_1_...", "status": "pending", "createdAt": "..." }
 ```
@@ -132,17 +174,17 @@ Poll for remediation job status.
 **Response — done**
 ```json
 {
-  "id": "job_1_...",
-  "status": "done",
-  "createdAt": "...",
-  "startedAt": "...",
+  "id":          "job_1_...",
+  "status":      "done",
+  "createdAt":   "...",
+  "startedAt":   "...",
   "completedAt": "...",
   "results": [
     {
-      "finding": { ... },
-      "status": "remediated",
-      "exploitTest": { "filename": "__tests__/security/xss.test.js", "content": "..." },
-      "patch": { "filename": "src/app.js", "diff": "..." },
+      "finding":        { ... },
+      "status":         "remediated",
+      "exploitTest":    { "filename": "__tests__/security/xss.test.js", "content": "..." },
+      "patch":          { "filename": "src/app.js", "diff": "..." },
       "refactorChecks": ["npm test", "npm run test:security"]
     }
   ]
@@ -151,7 +193,9 @@ Poll for remediation job status.
 
 ---
 
-## Example: scan from curl
+## Examples
+
+### curl
 
 ```bash
 # Start server
@@ -163,23 +207,21 @@ curl -s -X POST http://localhost:3000/scan \
   -H "Content-Type: application/json" \
   -d '{"path": "."}' | jq '.summary'
 
-# Get SARIF for GitHub upload
+# SARIF output for GitHub upload
 curl -s -X POST http://localhost:3000/scan \
   -H "Authorization: Bearer mysecret" \
   -H "Content-Type: application/json" \
   -d '{"path": ".", "format": "sarif"}' > results.sarif
 ```
 
----
-
-## Example: scan from Node.js
+### Node.js
 
 ```javascript
 const res = await fetch('http://localhost:3000/scan', {
-  method: 'POST',
+  method:  'POST',
   headers: {
     'Authorization': 'Bearer mysecret',
-    'Content-Type': 'application/json',
+    'Content-Type':  'application/json',
   },
   body: JSON.stringify({ path: '/path/to/project' }),
 });

package/index.js

@@ -12,6 +12,7 @@ const {
   printFindings,
 } = require('./lib/scanner');
 const { toJson, toSarif, toText } = require('./lib/reporter');
+const { writeInitConfig } = require('./lib/config');
 
 const args = process.argv.slice(2);
 const isLocal   = args.includes('--local');
@@ -44,6 +45,24 @@ const framework = detectFramework(projectDir);
 const testBaseDir = detectTestBaseDir(projectDir, framework);
 const targetTestDir = path.join(projectDir, testBaseDir, 'security');
 
+// ─── Init mode early exit ────────────────────────────────────────────────────
+
+if (args[0] === 'init') {
+  const destArg    = args[1] && !args[1].startsWith('-') ? args[1] : undefined;
+  const force      = args.includes('--force');
+  const providerIdx = args.indexOf('--provider');
+  const provider   = providerIdx !== -1 ? args[providerIdx + 1] : 'openai';
+  try {
+    const written = writeInitConfig(destArg, force, provider);
+    console.log(`✅ Created ${path.relative(process.cwd(), written)}`);
+    console.log('   Edit it, then run: node index.js serve   or   node index.js --scan');
+  } catch (e) {
+    console.error(`❌ ${e.message}`);
+    process.exit(1);
+  }
+  process.exit(0);
+}
+
 // ─── Serve mode early exit ────────────────────────────────────────────────────
 
 if (isServe) {

package/lib/config.js

@@ -6,42 +6,87 @@ const path = require('path');
 const CONFIG_FILE = '.tdd-audit.json';
 
 const DEFAULTS = {
-  port:             3000,
-  output:           'text',     // 'text' | 'json' | 'sarif'
-  severityThreshold:'LOW',      // minimum severity to include in output
-  ignore:           [],         // path prefixes to skip
-  provider:         null,       // 'anthropic' | 'openai' | 'gemini' | 'ollama'
-  model:            null,
-  apiKey:           null,
-  apiKeyEnv:        null,       // env var name to read the key from
-  serverApiKey:     null,       // key required on REST API calls
+  port:              3000,
+  output:            'text',    // 'text' | 'json' | 'sarif'
+  severityThreshold: 'LOW',     // minimum severity to include in output
+  ignore:            [],        // path prefixes to skip
+  provider:          null,      // 'anthropic' | 'openai' | 'gemini' | 'ollama'
+  model:             null,
+  apiKey:            null,
+  baseUrl:           null,      // override base URL for OpenAI-compatible providers
+  apiKeyEnv:         null,      // env var name to read the key from
+  serverApiKey:      null,      // key required on REST API calls
+  trustProxy:        false,     // trust X-Forwarded-For for rate limiting
+};
+
+// Provider-specific defaults for `tdd-audit init --provider <name>`
+const PROVIDER_TEMPLATES = {
+  openai: {
+    provider:  'openai',
+    model:     'gpt-4o',
+    apiKeyEnv: 'OPENAI_API_KEY',
+    baseUrl:   null,
+  },
+  anthropic: {
+    provider:  'anthropic',
+    model:     'claude-opus-4-6',
+    apiKeyEnv: 'ANTHROPIC_API_KEY',
+    baseUrl:   null,
+  },
+  gemini: {
+    provider:  'gemini',
+    model:     'gemini-2.0-flash',
+    apiKeyEnv: 'GEMINI_API_KEY',
+    baseUrl:   null,
+  },
+  ollama: {
+    provider:  'ollama',
+    model:     'llama3',
+    apiKeyEnv: null,
+    baseUrl:   'http://localhost:11434',
+  },
+};
+
+// Template written by `tdd-audit init`
+const INIT_TEMPLATE = {
+  output:            'text',
+  severityThreshold: 'LOW',
+  port:              3000,
+  serverApiKey:      null,
+  ignore:            ['node_modules', 'dist', 'build', 'coverage'],
 };
 
 /**
- * Load .tdd-audit.json from cwd (or a given dir), merge with DEFAULTS.
- * CLI flags (passed as an object) win over file config.
+ * Load config from an explicit file path or from .tdd-audit.json in cwd.
+ * CLI flags win over file config; file config wins over DEFAULTS.
  *
  * @param {string} [cwd=process.cwd()]
- * @param {object} [cliOverrides={}]
+ * @param {object} [cliOverrides={}]  - may include { configPath: '/abs/path/to/file.json' }
  * @returns {object}
  */
 function loadConfig(cwd = process.cwd(), cliOverrides = {}) {
   let fileConfig = {};
-  const filePath = path.join(cwd, CONFIG_FILE);
+
+  // Explicit --config path wins over the cwd convention
+  const filePath = cliOverrides.configPath
+    ? path.resolve(cliOverrides.configPath)
+    : path.join(cwd, CONFIG_FILE);
+
   if (fs.existsSync(filePath)) {
     try {
       const raw = fs.readFileSync(filePath, 'utf8');
       fileConfig = JSON.parse(raw);
     } catch (err) {
-      process.stderr.write(`⚠️  Could not parse ${CONFIG_FILE}: ${err.message}\n`);
+      process.stderr.write(`⚠️  Could not parse ${filePath}: ${err.message}\n`);
     }
   }
 
   const merged = { ...DEFAULTS, ...fileConfig };
 
-  // CLI overrides — only set keys that were explicitly provided
+  // Apply CLI overrides (skip internal keys like configPath)
+  const INTERNAL = new Set(['configPath']);
   for (const [key, val] of Object.entries(cliOverrides)) {
-    if (val !== undefined && val !== null) merged[key] = val;
+    if (!INTERNAL.has(key) && val !== undefined && val !== null) merged[key] = val;
   }
 
   // Resolve apiKey from env var if apiKeyEnv is set and apiKey isn't already
@@ -63,14 +108,41 @@ function parseCliOverrides(args) {
     return i !== -1 ? args[i + 1] : undefined;
   };
   const overrides = {};
-  const port      = get('--port');      if (port)     overrides.port = Number(port);
-  const provider  = get('--provider'); if (provider) overrides.provider = provider;
-  const model     = get('--model');    if (model)    overrides.model = model;
-  const apiKey    = get('--api-key');  if (apiKey)   overrides.apiKey = apiKey;
-  const format    = get('--format');   if (format)   overrides.output = format;
-  const srvKey    = get('--api-key');  if (srvKey)   overrides.serverApiKey = srvKey;
+  const configPath = get('--config');    if (configPath) overrides.configPath = configPath;
+  const port       = get('--port');      if (port)       overrides.port = Number(port);
+  const provider   = get('--provider'); if (provider)   overrides.provider = provider;
+  const model      = get('--model');    if (model)      overrides.model = model;
+  const apiKey     = get('--api-key');  if (apiKey)     overrides.apiKey = apiKey;
+  const baseUrl    = get('--base-url'); if (baseUrl)    overrides.baseUrl = baseUrl;
+  const format     = get('--format');   if (format)     overrides.output = format;
+  const srvKey     = get('--api-key');  if (srvKey)     overrides.serverApiKey = srvKey;
   if (args.includes('--json')) overrides.output = 'json';
   return overrides;
 }
 
-module.exports = { loadConfig, parseCliOverrides, DEFAULTS, CONFIG_FILE };
+/**
+ * Write a starter .tdd-audit.json to destPath (default: cwd/.tdd-audit.json).
+ * Returns the path written, or throws if the file already exists and force is false.
+ *
+ * @param {string}  [destPath]
+ * @param {boolean} [force=false]
+ * @param {string}  [provider='openai']
+ * @returns {string}
+ */
+function writeInitConfig(destPath, force = false, provider = 'openai') {
+  const providerDefaults = PROVIDER_TEMPLATES[provider];
+  if (!providerDefaults) {
+    throw new Error(
+      `Unknown provider "${provider}". Valid options: ${Object.keys(PROVIDER_TEMPLATES).join(', ')}`
+    );
+  }
+  const target = destPath || path.join(process.cwd(), CONFIG_FILE);
+  if (fs.existsSync(target) && !force) {
+    throw new Error(`${target} already exists. Pass --force to overwrite.`);
+  }
+  const template = { ...providerDefaults, ...INIT_TEMPLATE };
+  fs.writeFileSync(target, JSON.stringify(template, null, 2) + '\n', 'utf8');
+  return target;
+}
+
+module.exports = { loadConfig, parseCliOverrides, writeInitConfig, DEFAULTS, INIT_TEMPLATE, PROVIDER_TEMPLATES, CONFIG_FILE };

package/lib/remediator.js

@@ -18,7 +18,8 @@ const PROVIDERS = {
     extract: (data) => data?.content?.[0]?.text || '',
   },
   openai: {
-    url:     'https://api.openai.com/v1/chat/completions',
+    url:          'https://api.openai.com/v1/chat/completions',
+    openaiCompat: true,  // supports --base-url override for compatible APIs
     headers: (apiKey) => ({
       'Content-Type':  'application/json',
       'Authorization': `Bearer ${apiKey}`,
@@ -30,8 +31,8 @@ const PROVIDERS = {
     extract: (data) => data?.choices?.[0]?.message?.content || '',
   },
   gemini: {
-    url:     (apiKey) => `https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=${apiKey}`,
-    headers: () => ({ 'Content-Type': 'application/json' }),
+    url:     'https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent',
+    headers: (apiKey) => ({ 'Content-Type': 'application/json', 'x-goog-api-key': apiKey }),
     body: (model, prompt) => ({
       contents: [{ parts: [{ text: prompt }] }],
     }),
@@ -51,15 +52,49 @@ const PROVIDERS = {
 
 // ─── Prompt builder ───────────────────────────────────────────────────────────
 
+const MAX_SNIPPET_CHARS = 500;
+
+/**
+ * Sanitize a raw code snippet before embedding it in an AI prompt.
+ * Strips null bytes, limits length, and trims whitespace so that
+ * injected newlines cannot introduce new top-level instruction lines.
+ */
+function sanitizeSnippet(raw) {
+  if (typeof raw !== 'string') return '';
+  return raw
+    .replace(/\x00/g, '')          // strip null bytes
+    .replace(/[\r\n]+/g, ' ')      // collapse newlines → prevent line injection
+    .slice(0, MAX_SNIPPET_CHARS)
+    .trim();
+}
+
+/**
+ * Sanitize a scalar finding field (name, file, line, severity) before
+ * embedding it in an AI prompt. Strips null bytes and collapses newlines
+ * so that attacker-controlled metadata cannot inject top-level instructions.
+ */
+function sanitizeField(raw) {
+  const s = typeof raw === 'string' ? raw : String(raw ?? '');
+  return s
+    .replace(/\x00/g, '')
+    .replace(/[\r\n]+/g, ' ')
+    .trim();
+}
+
 function buildRemediationPrompt(finding) {
+  const snippet  = sanitizeSnippet(finding.snippet);
+  const name     = sanitizeField(finding.name);
+  const severity = sanitizeField(finding.severity);
+  const file     = sanitizeField(finding.file);
+  const line     = sanitizeField(finding.line);
   return `You are a security engineer applying the Red-Green-Refactor TDD remediation protocol.
 
 VULNERABILITY FINDING:
-- Type: ${finding.name}
-- Severity: ${finding.severity}
-- File: ${finding.file}
-- Line: ${finding.line}
-- Code snippet: ${finding.snippet}
+- Type: ${name}
+- Severity: ${severity}
+- File: ${file}
+- Line: ${line}
+- Code snippet: <snippet>${snippet}</snippet>
 
 TASK:
 1. Write a Jest/supertest exploit test (Red phase) that proves this vulnerability exists.
@@ -84,18 +119,47 @@ Respond with valid JSON in exactly this shape:
 
 // ─── HTTP call ────────────────────────────────────────────────────────────────
 
-async function callProvider(provider, apiKey, model, prompt) {
+/**
+ * @param {string}  provider  - 'anthropic' | 'openai' | 'gemini' | 'ollama'
+ * @param {string}  apiKey
+ * @param {string}  model
+ * @param {string}  prompt
+ * @param {string}  [baseUrl] - override base URL for OpenAI-compatible providers
+ *                              e.g. 'https://api.groq.com/openai/v1'
+ *                                   'https://openrouter.ai/api/v1'
+ *                                   'https://api.together.xyz/v1'
+ */
+async function callProvider(provider, apiKey, model, prompt, baseUrl) {
   const p = PROVIDERS[provider];
   if (!p) throw new Error(`Unknown provider "${provider}". Supported: ${Object.keys(PROVIDERS).join(', ')}`);
 
-  const url     = typeof p.url === 'function' ? p.url(apiKey) : p.url;
+  let url = typeof p.url === 'function' ? p.url(apiKey) : p.url;
+  if (baseUrl && p.openaiCompat) {
+    // Validate baseUrl to prevent SSRF: must be HTTPS or a localhost origin.
+    let parsed;
+    try { parsed = new URL(baseUrl); } catch {
+      throw new Error(`Invalid baseUrl "${baseUrl}" — must be a valid URL`);
+    }
+    const isLocalhost = ['localhost', '127.0.0.1', '::1'].includes(parsed.hostname);
+    if (parsed.protocol !== 'https:' && !isLocalhost) {
+      throw new Error(
+        `baseUrl must use HTTPS for non-localhost hosts (got "${parsed.protocol}//${parsed.hostname}"). ` +
+        'Plain HTTP is only allowed for localhost.'
+      );
+    }
+    // Any OpenAI-compatible service: strip trailing slash and append path
+    url = baseUrl.replace(/\/+$/, '') + '/chat/completions';
+  }
   const headers = p.headers(apiKey);
   const body    = JSON.stringify(p.body(model, prompt));
 
   const res = await fetch(url, { method: 'POST', headers, body });
   if (!res.ok) {
-    const text = await res.text().catch(() => '');
-    throw new Error(`Provider ${provider} returned ${res.status}: ${text.slice(0, 200)}`);
+    const raw  = await res.text().catch(() => '');
+    // Redact the apiKey from provider error bodies before surfacing the message —
+    // some providers echo the submitted key in 401/403 responses.
+    const safe = apiKey ? raw.split(apiKey).join('[REDACTED]') : raw;
+    throw new Error(`Provider ${provider} returned ${res.status}: ${safe.slice(0, 200)}`);
   }
   const data = await res.json();
   return p.extract(data);
@@ -120,10 +184,11 @@ function parseResponse(text) {
  * @param {string} opts.provider  - 'anthropic' | 'openai' | 'gemini' | 'ollama'
  * @param {string} opts.apiKey
  * @param {string} [opts.model]
+ * @param {string} [opts.baseUrl]  - override base URL for OpenAI-compatible providers
  * @param {string} [opts.severity] - minimum severity to fix ('CRITICAL','HIGH','MEDIUM','LOW')
  * @returns {Promise<Array>} - results per finding
  */
-async function remediate({ findings, provider, apiKey, model, severity = 'LOW' }) {
+async function remediate({ findings, provider, apiKey, model, baseUrl, severity = 'LOW' }) {
   const ORDER = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
   const threshold = ORDER[severity.toUpperCase()] ?? 3;
 
@@ -135,7 +200,7 @@ async function remediate({ findings, provider, apiKey, model, severity = 'LOW' }
   for (const finding of targets) {
     try {
       const prompt   = buildRemediationPrompt(finding);
-      const raw      = await callProvider(provider, apiKey, model, prompt);
+      const raw      = await callProvider(provider, apiKey, model, prompt, baseUrl);
       const parsed   = parseResponse(raw);
       results.push({ finding, status: 'remediated', ...parsed });
     } catch (err) {

package/lib/server.js

@@ -1,7 +1,8 @@
 'use strict';
 
-const http  = require('http');
-const path  = require('path');
+const crypto = require('crypto');
+const http   = require('http');
+const path   = require('path');
 const { quickScan, scanPromptFiles } = require('./scanner');
 const { toJson, toSarif, toText }    = require('./reporter');
 const { loadConfig, parseCliOverrides } = require('./config');
@@ -9,10 +10,25 @@ const { version } = require('../package.json');
 
 // ─── Job store (in-memory) ────────────────────────────────────────────────────
 
-const jobs = new Map();
-let jobSeq = 0;
+const jobs    = new Map();
+let   jobSeq  = 0;
+
+const MAX_JOBS    = 1_000;
+const JOB_TTL_MS  = 60 * 60 * 1_000; // 1 hour
+
+function evictJobs() {
+  const cutoff = Date.now() - JOB_TTL_MS;
+  for (const [id, job] of jobs) {
+    if (new Date(job.createdAt).getTime() < cutoff) jobs.delete(id);
+  }
+  // Hard cap: drop oldest entries until within limit
+  while (jobs.size >= MAX_JOBS) {
+    jobs.delete(jobs.keys().next().value);
+  }
+}
 
 function createJob() {
+  evictJobs();
   const id = `job_${++jobSeq}_${Date.now()}`;
   jobs.set(id, { id, status: 'pending', createdAt: new Date().toISOString() });
   return id;
@@ -23,15 +39,37 @@ function updateJob(id, patch) {
   if (job) jobs.set(id, { ...job, ...patch });
 }
 
+// ─── Rate limiter (in-memory, per-IP sliding window) ─────────────────────────
+
+const RATE_LIMIT_MAX    = 60;           // requests per window
+const RATE_LIMIT_WINDOW = 60 * 1_000;  // 1 minute in ms
+
+const rateLimiter = {
+  _counts: new Map(),
+  check(ip) {
+    const now   = Date.now();
+    const entry = this._counts.get(ip) || { count: 0, windowStart: now };
+    if (now - entry.windowStart >= RATE_LIMIT_WINDOW) {
+      entry.count = 0;
+      entry.windowStart = now;
+    }
+    entry.count += 1;
+    this._counts.set(ip, entry);
+    return entry.count <= RATE_LIMIT_MAX;
+  },
+  reset() { this._counts.clear(); },
+};
+
 // ─── Helpers ──────────────────────────────────────────────────────────────────
 
 function json(res, status, body) {
   const payload = JSON.stringify(body);
   res.writeHead(status, {
-    'Content-Type':  'application/json',
-    'Content-Length': Buffer.byteLength(payload),
-    'X-Content-Type-Options': 'nosniff',
-    'X-Frame-Options': 'DENY',
+    'Content-Type':            'application/json',
+    'Content-Length':           Buffer.byteLength(payload),
+    'X-Content-Type-Options':  'nosniff',
+    'X-Frame-Options':         'DENY',
+    'Content-Security-Policy': "default-src 'none'",
   });
   res.end(payload);
 }
@@ -51,15 +89,21 @@ function readBody(req) {
   });
 }
 
+// Fixed HMAC key for normalising token lengths before constant-time comparison.
+// Does not need to be secret — purpose is timing-safety, not confidentiality.
+const _authHmacKey = crypto.randomBytes(32);
+
 /**
  * Authenticate incoming requests.
- * If serverApiKey is set, require `Authorization: Bearer <key>`.
+ * Uses HMAC + timingSafeEqual to prevent timing-oracle attacks.
  */
 function authenticate(req, cfg) {
   if (!cfg.serverApiKey) return true; // no key configured — open
   const header = req.headers['authorization'] || '';
   const token  = header.startsWith('Bearer ') ? header.slice(7) : '';
-  return token === cfg.serverApiKey;
+  const expected = crypto.createHmac('sha256', _authHmacKey).update(cfg.serverApiKey).digest();
+  const actual   = crypto.createHmac('sha256', _authHmacKey).update(token).digest();
+  return crypto.timingSafeEqual(expected, actual);
 }
 
 /**
@@ -69,7 +113,11 @@ function authenticate(req, cfg) {
 function safeScanPath(rawPath) {
   const cwd      = process.cwd();
   const resolved = path.resolve(cwd, rawPath || cwd);
-  if (!resolved.startsWith(cwd)) throw new Error('Path outside working directory');
+  // Append sep so "/app" cannot match "/app-evil" via startsWith
+  const cwdNorm  = cwd.endsWith(path.sep) ? cwd : cwd + path.sep;
+  if (resolved !== cwd && !resolved.startsWith(cwdNorm)) {
+    throw new Error('Path outside working directory');
+  }
   return resolved;
 }
 
@@ -78,6 +126,16 @@ function safeScanPath(rawPath) {
 async function handleRequest(req, res, cfg) {
   const { method, url } = req;
 
+  // ── Rate limiting ──────────────────────────────────────────────────────────
+  // Only trust X-Forwarded-For when cfg.trustProxy is explicitly enabled.
+  // Default is false to prevent header-spoofing rate-limit bypasses.
+  const ip = cfg.trustProxy
+    ? (req.headers['x-forwarded-for'] || req.socket?.remoteAddress || '').split(',')[0].trim()
+    : (req.socket?.remoteAddress || 'unknown');
+  if (!rateLimiter.check(ip)) {
+    return json(res, 429, { error: 'Too Many Requests' });
+  }
+
   // ── GET /health ────────────────────────────────────────────────────────────
   if (method === 'GET' && url === '/health') {
     return json(res, 200, { status: 'ok', version });
@@ -116,7 +174,7 @@ async function handleRequest(req, res, cfg) {
     try { body = await readBody(req); }
     catch (e) { return json(res, 400, { error: e.message }); }
 
-    const { findings, provider, apiKey, model } = body;
+    const { findings, provider, apiKey, model, baseUrl } = body;
     if (!findings || !provider || !apiKey) {
       return json(res, 400, { error: 'findings, provider, and apiKey are required' });
     }
@@ -128,7 +186,11 @@ async function handleRequest(req, res, cfg) {
       try {
         updateJob(jobId, { status: 'running', startedAt: new Date().toISOString() });
         const { remediate } = require('./remediator');
-        const results = await remediate({ findings, provider, apiKey, model: model || cfg.model });
+        const results = await remediate({
+          findings, provider, apiKey,
+          model:   model   || cfg.model,
+          baseUrl: baseUrl || cfg.baseUrl,
+        });
         updateJob(jobId, { status: 'done', completedAt: new Date().toISOString(), results });
       } catch (err) {
         updateJob(jobId, { status: 'error', error: err.message });
@@ -178,4 +240,9 @@ function start(args = []) {
   return server; // returned for testing
 }
 
-module.exports = { start, jobs, createJob, updateJob, safeScanPath };
+module.exports = {
+  start, handleRequest, authenticate,
+  jobs, createJob, updateJob,
+  safeScanPath, MAX_JOBS, JOB_TTL_MS,
+  rateLimiter, RATE_LIMIT_MAX,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lhi/tdd-audit",
-  "version": "1.9.0",
+  "version": "1.11.0",
   "description": "Security skill installer for Claude Code, Gemini CLI, Cursor, Codex, and OpenCode. Patches vulnerabilities using a Red-Green-Refactor exploit-test protocol.",
   "main": "index.js",
   "bin": {
@@ -21,6 +21,7 @@
     "test": "jest --forceExit",
     "test:unit": "jest --testPathPatterns=__tests__/unit --forceExit --coverage",
     "test:security": "jest --testPathPatterns=__tests__/security --forceExit",
+    "test:e2e": "jest --testPathPatterns=__tests__/e2e --forceExit",
     "test:smoke": "node index.js --local --skip-scan && echo 'Smoke test passed'"
   },
   "keywords": [