@nahisaho/musubix-security 1.8.0

package/dist/services/fix-generator.js

@@ -0,0 +1,346 @@
+/**
+ * @fileoverview Fix generator service - generates fix suggestions for vulnerabilities
+ * @module @nahisaho/musubix-security/services/fix-generator
+ * @trace REQ-SEC-FIX-001
+ */
+/**
+ * Generate fix ID
+ */
+let fixCounter = 0;
+function generateFixId() {
+    const date = new Date();
+    const dateStr = date.toISOString().slice(0, 10).replace(/-/g, '');
+    return `FIX-${dateStr}-${String(++fixCounter).padStart(3, '0')}`;
+}
+/**
+ * Reset fix counter (for testing)
+ */
+export function resetFixCounter() {
+    fixCounter = 0;
+}
+/**
+ * SQL Injection fix template
+ */
+const sqlInjectionFix = {
+    type: 'injection',
+    strategy: 'parameterized-query',
+    title: 'Use parameterized queries',
+    description: 'Replace string interpolation with parameterized queries to prevent SQL injection',
+    rationale: 'Parameterized queries separate SQL code from data, preventing attackers from modifying the query structure.',
+    imports: [],
+    transform: (vuln) => {
+        const snippet = vuln.codeSnippet || '';
+        // Pattern: `SELECT * FROM users WHERE id = ${userId}`
+        // Replace with: 'SELECT * FROM users WHERE id = ?', [userId]
+        const templateRegex = /`([^`]*)\$\{([^}]+)\}([^`]*)`/;
+        const match = snippet.match(templateRegex);
+        if (match) {
+            const [original, before, variable, after] = match;
+            const parameterized = `'${before}?${after}', [${variable}]`;
+            return [{
+                    location: vuln.location,
+                    originalCode: original,
+                    newCode: parameterized,
+                    description: 'Convert template literal to parameterized query',
+                }];
+        }
+        // Pattern: 'SELECT * FROM users WHERE id = ' + userId
+        const concatRegex = /'([^']+)'\s*\+\s*(\w+)/;
+        const concatMatch = snippet.match(concatRegex);
+        if (concatMatch) {
+            const [original, sql, variable] = concatMatch;
+            const parameterized = `'${sql}?', [${variable}]`;
+            return [{
+                    location: vuln.location,
+                    originalCode: original,
+                    newCode: parameterized,
+                    description: 'Convert string concatenation to parameterized query',
+                }];
+        }
+        return [];
+    },
+};
+/**
+ * Command injection fix template
+ */
+const commandInjectionFix = {
+    type: 'command-injection',
+    strategy: 'command-escape',
+    title: 'Use execFile with array arguments',
+    description: 'Replace exec() with execFile() and array arguments to prevent command injection',
+    rationale: 'execFile() with array arguments does not invoke a shell, preventing shell metacharacter injection.',
+    imports: [
+        {
+            module: 'node:child_process',
+            namedImports: ['execFile'],
+            insertLine: 0,
+        },
+    ],
+    transform: (vuln) => {
+        const snippet = vuln.codeSnippet || '';
+        // Pattern: exec(`command ${arg}`)
+        const execRegex = /exec\s*\(\s*`([^`]+)\$\{([^}]+)\}([^`]*)`\s*\)/;
+        const match = snippet.match(execRegex);
+        if (match) {
+            const [original, before, variable] = match;
+            // Extract command and args
+            const parts = before.trim().split(/\s+/);
+            const command = parts[0];
+            const fixedArgs = parts.slice(1).map(a => `'${a}'`);
+            fixedArgs.push(variable);
+            const replacement = `execFile('${command}', [${fixedArgs.join(', ')}])`;
+            return [{
+                    location: vuln.location,
+                    originalCode: original,
+                    newCode: replacement,
+                    description: 'Replace exec() with execFile() using array arguments',
+                }];
+        }
+        return [];
+    },
+};
+/**
+ * Path traversal fix template
+ */
+const pathTraversalFix = {
+    type: 'path-traversal',
+    strategy: 'path-validation',
+    title: 'Validate and sanitize file paths',
+    description: 'Add path validation to prevent directory traversal attacks',
+    rationale: 'Validating that the resolved path stays within the allowed directory prevents access to unauthorized files.',
+    imports: [
+        {
+            module: 'node:path',
+            namedImports: ['resolve', 'relative'],
+            insertLine: 0,
+        },
+    ],
+    transform: (vuln) => {
+        const snippet = vuln.codeSnippet || '';
+        // Pattern: readFile(userPath)
+        const fsRegex = /(readFile(?:Sync)?|writeFile(?:Sync)?)\s*\(\s*(\w+)/;
+        const match = snippet.match(fsRegex);
+        if (match) {
+            const [, , pathVar] = match;
+            const safePath = `(() => {
+  const baseDir = '/allowed/base/dir';
+  const resolved = resolve(baseDir, ${pathVar});
+  if (!resolved.startsWith(baseDir)) {
+    throw new Error('Path traversal detected');
+  }
+  return resolved;
+})()`;
+            return [{
+                    location: vuln.location,
+                    originalCode: pathVar,
+                    newCode: safePath,
+                    description: 'Add path validation to prevent directory traversal',
+                }];
+        }
+        return [];
+    },
+};
+/**
+ * XSS fix template
+ */
+const xssFix = {
+    type: 'xss',
+    strategy: 'html-escape',
+    title: 'Escape HTML output',
+    description: 'Add HTML escaping to prevent Cross-Site Scripting attacks',
+    rationale: 'HTML escaping converts special characters to their HTML entities, preventing script injection.',
+    imports: [],
+    transform: (vuln) => {
+        const snippet = vuln.codeSnippet || '';
+        // Pattern: res.send(`<div>${userInput}</div>`)
+        const sendRegex = /res\.send\s*\(\s*`([^`]*)\$\{([^}]+)\}([^`]*)`\s*\)/;
+        const match = snippet.match(sendRegex);
+        if (match) {
+            const [original, before, variable, after] = match;
+            const replacement = `res.send(\`${before}\${escapeHtml(${variable})}${after}\`)`;
+            return [{
+                    location: vuln.location,
+                    originalCode: original,
+                    newCode: replacement,
+                    description: 'Add HTML escaping to output',
+                }];
+        }
+        return [];
+    },
+};
+/**
+ * Eval fix template
+ */
+const evalFix = {
+    type: 'code-injection',
+    strategy: 'input-validation',
+    title: 'Remove eval() usage',
+    description: 'Replace eval() with safer alternatives',
+    rationale: 'eval() executes arbitrary code, which is inherently dangerous. Safer alternatives should be used.',
+    imports: [],
+    transform: (vuln) => {
+        const snippet = vuln.codeSnippet || '';
+        // Pattern: eval(jsonString)
+        if (snippet.includes('eval') && snippet.includes('JSON')) {
+            const evalRegex = /eval\s*\(\s*(\w+)\s*\)/;
+            const match = snippet.match(evalRegex);
+            if (match) {
+                const [original, variable] = match;
+                return [{
+                        location: vuln.location,
+                        originalCode: original,
+                        newCode: `JSON.parse(${variable})`,
+                        description: 'Replace eval() with JSON.parse() for JSON parsing',
+                    }];
+            }
+        }
+        return [];
+    },
+};
+/**
+ * Prototype pollution fix template
+ */
+const prototypePollutionFix = {
+    type: 'prototype-pollution',
+    strategy: 'input-validation',
+    title: 'Validate object keys',
+    description: 'Add validation to prevent prototype pollution via __proto__ or constructor',
+    rationale: 'Blocking dangerous property names prevents attackers from modifying Object.prototype.',
+    imports: [],
+    transform: (vuln) => {
+        const snippet = vuln.codeSnippet || '';
+        // Pattern: Object.assign(target, userInput)
+        const assignRegex = /Object\.assign\s*\(\s*(\w+)\s*,\s*(\w+)\s*\)/;
+        const match = snippet.match(assignRegex);
+        if (match) {
+            const [original, target, source] = match;
+            const safeMerge = `Object.assign(${target}, Object.fromEntries(
+  Object.entries(${source}).filter(([k]) => !['__proto__', 'constructor', 'prototype'].includes(k))
+))`;
+            return [{
+                    location: vuln.location,
+                    originalCode: original,
+                    newCode: safeMerge,
+                    description: 'Filter dangerous keys before Object.assign',
+                }];
+        }
+        return [];
+    },
+};
+/**
+ * All fix templates
+ */
+const FIX_TEMPLATES = [
+    sqlInjectionFix,
+    commandInjectionFix,
+    pathTraversalFix,
+    xssFix,
+    evalFix,
+    prototypePollutionFix,
+];
+/**
+ * Fix generator service
+ */
+export class FixGenerator {
+    templates;
+    constructor(_options = {}) {
+        this.templates = [...FIX_TEMPLATES];
+    }
+    /**
+     * Generate a fix for a vulnerability
+     */
+    generateFix(vuln) {
+        // Find matching template
+        const template = this.templates.find((t) => t.type === vuln.type);
+        if (!template) {
+            return null;
+        }
+        // Generate code edits
+        const edits = template.transform(vuln);
+        if (edits.length === 0) {
+            return null;
+        }
+        return {
+            id: generateFixId(),
+            vulnerabilityId: vuln.id,
+            strategy: template.strategy,
+            title: template.title,
+            description: template.description,
+            edits,
+            imports: template.imports,
+            confidence: vuln.confidence * 0.8, // Reduce confidence for fixes
+            breakingChange: false,
+            rationale: template.rationale,
+            generatedAt: new Date(),
+        };
+    }
+    /**
+     * Generate fixes for multiple vulnerabilities
+     */
+    generateFixes(vulnerabilities) {
+        const fixes = [];
+        for (const vuln of vulnerabilities) {
+            const fix = this.generateFix(vuln);
+            if (fix) {
+                fixes.push(fix);
+            }
+        }
+        return fixes;
+    }
+    /**
+     * Generate a fix for a taint path
+     */
+    generateTaintFix(path) {
+        // Map sink category to vulnerability type
+        const categoryToType = {
+            'sql-query': 'injection',
+            'command-exec': 'command-injection',
+            'file-read': 'path-traversal',
+            'file-write': 'path-traversal',
+            'html-output': 'xss',
+            'eval': 'code-injection',
+            'redirect': 'open-redirect',
+        };
+        const vulnType = categoryToType[path.sink.category];
+        if (!vulnType) {
+            return null;
+        }
+        // Create a pseudo-vulnerability for fix generation
+        const pseudoVuln = {
+            id: `TAINT-${path.id}`,
+            type: vulnType,
+            severity: path.sink.severity,
+            cwes: [],
+            location: path.sink.location,
+            description: `Taint path from ${path.source.category} to ${path.sink.category}`,
+            recommendation: `Add sanitization for ${path.sink.category}`,
+            confidence: path.confidence,
+            ruleId: 'TAINT',
+            detectedAt: new Date(),
+        };
+        const fix = this.generateFix(pseudoVuln);
+        if (fix) {
+            fix.taintPathId = path.id;
+        }
+        return fix;
+    }
+    /**
+     * Add a custom fix template
+     */
+    addTemplate(template) {
+        this.templates.push(template);
+    }
+    /**
+     * Get available strategies
+     */
+    getStrategies() {
+        return [...new Set(this.templates.map((t) => t.strategy))];
+    }
+}
+/**
+ * Create a fix generator
+ */
+export function createFixGenerator(options) {
+    return new FixGenerator(options);
+}
+//# sourceMappingURL=fix-generator.js.map

package/dist/services/fix-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-generator.js","sourceRoot":"","sources":["../../src/services/fix-generator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAaH;;GAEG;AACH,IAAI,UAAU,GAAG,CAAC,CAAC;AACnB,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IACxB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClE,OAAO,OAAO,OAAO,IAAI,MAAM,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,UAAU,GAAG,CAAC,CAAC;AACjB,CAAC;AAeD;;GAEG;AACH,MAAM,eAAe,GAAgB;IACnC,IAAI,EAAE,WAAW;IACjB,QAAQ,EAAE,qBAAqB;IAC/B,KAAK,EAAE,2BAA2B;IAClC,WAAW,EAAE,kFAAkF;IAC/F,SAAS,EAAE,6GAA6G;IACxH,OAAO,EAAE,EAAE;IACX,SAAS,EAAE,CAAC,IAAmB,EAAc,EAAE;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEvC,sDAAsD;QACtD,6DAA6D;QAC7D,MAAM,aAAa,GAAG,+BAA+B,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAE3C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;YAClD,MAAM,aAAa,GAAG,IAAI,MAAM,IAAI,KAAK,OAAO,QAAQ,GAAG,CAAC;YAE5D,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,QAAQ;oBACtB,OAAO,EAAE,aAAa;oBACtB,WAAW,EAAE,iDAAiD;iBAC/D,CAAC,CAAC;QACL,CAAC;QAED,sDAAsD;QACtD,MAAM,WAAW,GAAG,wBAAwB,CAAC;QAC7C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAE/C,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,QAAQ,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,WAAW,CAAC;YAC9C,MAAM,aAAa,GAAG,IAAI,GAAG,QAAQ,QAAQ,GAAG,CAAC;YAEjD,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,QAAQ;oBACtB,OAAO,EAAE,aAAa;oBACtB,WAAW,EAAE,qDAAqD;iBACnE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAgB;IACvC,IAAI,EAAE,mBAAmB;IACzB,QAAQ,EAAE,gBAAgB;IAC1B,KAAK,EAAE,mCAAmC;IAC1C,WAAW,EAAE,iFAAiF;IAC9F,SAAS,EAAE,oGAAoG;IAC/G,OAAO,EAAE;QACP;YACE,MAAM,EAAE,oBAAoB;YAC5B,YAAY,EAAE,CAAC,UAAU,CAAC;YAC1B,UAAU,EAAE,CAAC;SACd;KACF;IACD,SAAS,EAAE,CAAC,IAAmB,EAAc,EAAE;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEvC,kCAAkC;QAClC,MAAM,SAAS,GAAG,gDAAgD,CAAC;QACnE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;YAC3C,2BAA2B;YAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpD,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEzB,MAAM,WAAW,GAAG,aAAa,OAAO,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YAExE,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,QAAQ;oBACtB,OAAO,EAAE,WAAW;oBACpB,WAAW,EAAE,sDAAsD;iBACpE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAgB;IACpC,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,iBAAiB;IAC3B,KAAK,EAAE,kCAAkC;IACzC,WAAW,EAAE,4DAA4D;IACzE,SAAS,EAAE,6GAA6G;IACxH,OAAO,EAAE;QACP;YACE,MAAM,EAAE,WAAW;YACnB,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;YACrC,UAAU,EAAE,CAAC;SACd;KACF;IACD,SAAS,EAAE,CAAC,IAAmB,EAAc,EAAE;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEvC,8BAA8B;QAC9B,MAAM,OAAO,GAAG,qDAAqD,CAAC;QACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAErC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,EAAE,AAAD,EAAG,OAAO,CAAC,GAAG,KAAK,CAAC;YAC5B,MAAM,QAAQ,GAAG;;sCAEe,OAAO;;;;;KAKxC,CAAC;YAEA,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,OAAO;oBACrB,OAAO,EAAE,QAAQ;oBACjB,WAAW,EAAE,oDAAoD;iBAClE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,GAAgB;IAC1B,IAAI,EAAE,KAAK;IACX,QAAQ,EAAE,aAAa;IACvB,KAAK,EAAE,oBAAoB;IAC3B,WAAW,EAAE,2DAA2D;IACxE,SAAS,EAAE,gGAAgG;IAC3G,OAAO,EAAE,EAAE;IACX,SAAS,EAAE,CAAC,IAAmB,EAAc,EAAE;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEvC,+CAA+C;QAC/C,MAAM,SAAS,GAAG,qDAAqD,CAAC;QACxE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;YAElD,MAAM,WAAW,GAAG,cAAc,MAAM,iBAAiB,QAAQ,KAAK,KAAK,KAAK,CAAC;YAEjF,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,QAAQ;oBACtB,OAAO,EAAE,WAAW;oBACpB,WAAW,EAAE,6BAA6B;iBAC3C,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,GAAgB;IAC3B,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,kBAAkB;IAC5B,KAAK,EAAE,qBAAqB;IAC5B,WAAW,EAAE,wCAAwC;IACrD,SAAS,EAAE,mGAAmG;IAC9G,OAAO,EAAE,EAAE;IACX,SAAS,EAAE,CAAC,IAAmB,EAAc,EAAE;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEvC,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,GAAG,wBAAwB,CAAC;YAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAEvC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;gBACnC,OAAO,CAAC;wBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,YAAY,EAAE,QAAQ;wBACtB,OAAO,EAAE,cAAc,QAAQ,GAAG;wBAClC,WAAW,EAAE,mDAAmD;qBACjE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAgB;IACzC,IAAI,EAAE,qBAAqB;IAC3B,QAAQ,EAAE,kBAAkB;IAC5B,KAAK,EAAE,sBAAsB;IAC7B,WAAW,EAAE,4EAA4E;IACzF,SAAS,EAAE,uFAAuF;IAClG,OAAO,EAAE,EAAE;IACX,SAAS,EAAE,CAAC,IAAmB,EAAc,EAAE;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEvC,4CAA4C;QAC5C,MAAM,WAAW,GAAG,8CAA8C,CAAC;QACnE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAEzC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;YACzC,MAAM,SAAS,GAAG,iBAAiB,MAAM;mBAC5B,MAAM;GACtB,CAAC;YAEE,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,QAAQ;oBACtB,OAAO,EAAE,SAAS;oBAClB,WAAW,EAAE,4CAA4C;iBAC1D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAkB;IACnC,eAAe;IACf,mBAAmB;IACnB,gBAAgB;IAChB,MAAM;IACN,OAAO;IACP,qBAAqB;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,SAAS,CAAgB;IAEjC,YAAY,WAAiC,EAAE;QAC7C,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,IAAmB;QAC7B,yBAAyB;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,eAAe,EAAE,IAAI,CAAC,EAAE;YACxB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,KAAK;YACL,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,GAAG,EAAE,8BAA8B;YACjE,cAAc,EAAE,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,WAAW,EAAE,IAAI,IAAI,EAAE;SACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,eAAgC;QAC5C,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,GAAG,EAAE,CAAC;gBACR,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAe;QAC9B,0CAA0C;QAC1C,MAAM,cAAc,GAAsC;YACxD,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,mBAAmB;YACnC,WAAW,EAAE,gBAAgB;YAC7B,YAAY,EAAE,gBAAgB;YAC9B,aAAa,EAAE,KAAK;YACpB,MAAM,EAAE,gBAAgB;YACxB,UAAU,EAAE,eAAe;SAC5B,CAAC;QAEF,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAkB;YAChC,EAAE,EAAE,SAAS,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;YAC5B,IAAI,EAAE,EAAE;YACR,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;YAC5B,WAAW,EAAE,mBAAmB,IAAI,CAAC,MAAM,CAAC,QAAQ,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAC/E,cAAc,EAAE,wBAAwB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAC5D,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,OAAO;YACf,UAAU,EAAE,IAAI,IAAI,EAAE;SACvB,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC;QAC5B,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,QAAqB;QAC/B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC7D,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAA8B;IAC/D,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC"}

package/dist/services/fix-verifier.d.ts

@@ -0,0 +1,62 @@
+/**
+ * @fileoverview Fix verifier service - verifies fixes using formal methods
+ * @module @nahisaho/musubix-security/services/fix-verifier
+ * @trace REQ-SEC-FIX-002
+ */
+import type { Fix, VerificationResult } from '../types/index.js';
+/**
+ * Verification options
+ */
+export interface VerificationOptions {
+    /** Timeout in milliseconds */
+    timeout?: number;
+    /** Enable semantic preservation check */
+    checkSemantics?: boolean;
+    /** Enable regression check */
+    checkRegressions?: boolean;
+}
+/**
+ * Fix verifier service
+ *
+ * Uses formal verification to validate that:
+ * 1. The fix eliminates the vulnerability
+ * 2. The fix preserves program semantics
+ * 3. No new vulnerabilities are introduced
+ */
+export declare class FixVerifier {
+    private options;
+    constructor(options?: VerificationOptions);
+    /**
+     * Verify a single fix
+     */
+    verify(fix: Fix): Promise<VerificationResult>;
+    /**
+     * Verify multiple fixes
+     */
+    verifyBatch(fixes: Fix[]): Promise<VerificationResult[]>;
+    /**
+     * Check if a fix type can be formally verified
+     */
+    private isVerifiable;
+    /**
+     * Check if the fix eliminates the vulnerability
+     */
+    private checkVulnerabilityElimination;
+    /**
+     * Check if the fix preserves program semantics
+     */
+    private checkSemanticPreservation;
+    /**
+     * Check if the fix introduces any regressions
+     */
+    private checkNoRegressions;
+    /**
+     * Create a verification result
+     */
+    private createResult;
+}
+/**
+ * Create a fix verifier
+ */
+export declare function createFixVerifier(options?: VerificationOptions): FixVerifier;
+//# sourceMappingURL=fix-verifier.d.ts.map

package/dist/services/fix-verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-verifier.d.ts","sourceRoot":"","sources":["../../src/services/fix-verifier.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,GAAG,EACH,kBAAkB,EAEnB,MAAM,mBAAmB,CAAC;AAE3B;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8BAA8B;IAC9B,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;;;;;GAOG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAsB;gBAEzB,OAAO,GAAE,mBAAwB;IAQ7C;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA6DnD;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAW9D;;OAEG;IACH,OAAO,CAAC,YAAY;IAYpB;;OAEG;YACW,6BAA6B;IAuD3C;;OAEG;YACW,yBAAyB;IAsBvC;;OAEG;YACW,kBAAkB;IAiChC;;OAEG;IACH,OAAO,CAAC,YAAY;CA0BrB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,WAAW,CAE5E"}

package/dist/services/fix-verifier.js

@@ -0,0 +1,224 @@
+/**
+ * @fileoverview Fix verifier service - verifies fixes using formal methods
+ * @module @nahisaho/musubix-security/services/fix-verifier
+ * @trace REQ-SEC-FIX-002
+ */
+/**
+ * Fix verifier service
+ *
+ * Uses formal verification to validate that:
+ * 1. The fix eliminates the vulnerability
+ * 2. The fix preserves program semantics
+ * 3. No new vulnerabilities are introduced
+ */
+export class FixVerifier {
+    options;
+    constructor(options = {}) {
+        this.options = {
+            timeout: options.timeout ?? 30000, // 30 seconds
+            checkSemantics: options.checkSemantics ?? true,
+            checkRegressions: options.checkRegressions ?? true,
+        };
+    }
+    /**
+     * Verify a single fix
+     */
+    async verify(fix) {
+        const startTime = Date.now();
+        try {
+            // Check if fix can be verified
+            if (!this.isVerifiable(fix)) {
+                return this.createResult(fix.id, 'unsupported', {
+                    eliminatesVulnerability: false,
+                    preservesSemantics: false,
+                    noRegressions: false,
+                    method: 'static-analysis',
+                    duration: Date.now() - startTime,
+                    error: 'Fix type not supported for formal verification',
+                });
+            }
+            // Run verification checks
+            const eliminatesVuln = await this.checkVulnerabilityElimination(fix);
+            const preservesSemantics = this.options.checkSemantics
+                ? await this.checkSemanticPreservation(fix)
+                : true;
+            const noRegressions = this.options.checkRegressions
+                ? await this.checkNoRegressions(fix)
+                : true;
+            // Determine overall status
+            let status = 'verified';
+            if (!eliminatesVuln || !preservesSemantics || !noRegressions) {
+                status = 'failed';
+            }
+            return this.createResult(fix.id, status, {
+                eliminatesVulnerability: eliminatesVuln,
+                preservesSemantics,
+                noRegressions,
+                method: 'static-analysis',
+                duration: Date.now() - startTime,
+            });
+        }
+        catch (error) {
+            if (error.message?.includes('timeout')) {
+                return this.createResult(fix.id, 'timeout', {
+                    eliminatesVulnerability: false,
+                    preservesSemantics: false,
+                    noRegressions: false,
+                    method: 'static-analysis',
+                    duration: Date.now() - startTime,
+                    error: 'Verification timed out',
+                });
+            }
+            return this.createResult(fix.id, 'failed', {
+                eliminatesVulnerability: false,
+                preservesSemantics: false,
+                noRegressions: false,
+                method: 'static-analysis',
+                duration: Date.now() - startTime,
+                error: error.message,
+            });
+        }
+    }
+    /**
+     * Verify multiple fixes
+     */
+    async verifyBatch(fixes) {
+        const results = [];
+        for (const fix of fixes) {
+            const result = await this.verify(fix);
+            results.push(result);
+        }
+        return results;
+    }
+    /**
+     * Check if a fix type can be formally verified
+     */
+    isVerifiable(fix) {
+        // Currently support verification for these strategies
+        const verifiableStrategies = [
+            'parameterized-query',
+            'html-escape',
+            'path-validation',
+            'input-validation',
+        ];
+        return verifiableStrategies.includes(fix.strategy);
+    }
+    /**
+     * Check if the fix eliminates the vulnerability
+     */
+    async checkVulnerabilityElimination(fix) {
+        // Analyze the fix edits to determine if they address the vulnerability
+        switch (fix.strategy) {
+            case 'parameterized-query':
+                // Check if the fix uses parameterization
+                return fix.edits.some((edit) => {
+                    const newCode = edit.newCode;
+                    // Look for parameterized query patterns
+                    return (newCode.includes('?') && newCode.includes('[') || // ? placeholder with array
+                        newCode.includes('$1') || newCode.includes(':param') || // named params
+                        newCode.includes('.prepare('));
+                });
+            case 'html-escape':
+                // Check if output is escaped
+                return fix.edits.some((edit) => {
+                    const newCode = edit.newCode;
+                    return (newCode.includes('escapeHtml') ||
+                        newCode.includes('encode') ||
+                        newCode.includes('sanitize'));
+                });
+            case 'path-validation':
+                // Check if path is validated
+                return fix.edits.some((edit) => {
+                    const newCode = edit.newCode;
+                    return (newCode.includes('startsWith') ||
+                        newCode.includes('resolve') ||
+                        newCode.includes('normalize'));
+                });
+            case 'input-validation':
+                // Check if input is validated
+                return fix.edits.some((edit) => {
+                    const newCode = edit.newCode;
+                    return (newCode.includes('validate') ||
+                        newCode.includes('filter') ||
+                        newCode.includes('sanitize') ||
+                        newCode.includes('__proto__') // blocking prototype pollution
+                    );
+                });
+            default:
+                return true; // Assume true for unknown strategies
+        }
+    }
+    /**
+     * Check if the fix preserves program semantics
+     */
+    async checkSemanticPreservation(fix) {
+        // Simple heuristic checks for semantic preservation
+        for (const edit of fix.edits) {
+            // Check that the fix doesn't completely remove functionality
+            if (edit.newCode.trim() === '' && edit.originalCode.trim() !== '') {
+                return false;
+            }
+            // Check that the fix maintains similar structure
+            const origFunctionCalls = (edit.originalCode.match(/\w+\s*\(/g) || []).length;
+            const newFunctionCalls = (edit.newCode.match(/\w+\s*\(/g) || []).length;
+            // Allow for minor differences (e.g., wrapping in escapeHtml())
+            if (Math.abs(origFunctionCalls - newFunctionCalls) > 3) {
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Check if the fix introduces any regressions
+     */
+    async checkNoRegressions(fix) {
+        // Check for common patterns that might introduce issues
+        for (const edit of fix.edits) {
+            const newCode = edit.newCode;
+            // Check for potential runtime errors
+            if (newCode.includes('throw new Error') && !edit.originalCode.includes('throw')) {
+                // This is intentional for path validation, etc.
+                // Only flag if it looks unintentional
+            }
+            // Check for potential performance issues
+            const origLoops = (edit.originalCode.match(/\b(for|while|map|filter|reduce)\b/g) || []).length;
+            const newLoops = (newCode.match(/\b(for|while|map|filter|reduce)\b/g) || []).length;
+            if (newLoops > origLoops + 2) {
+                // Significant increase in loops might indicate performance regression
+                return false;
+            }
+            // Check that we're not introducing new dangerous patterns
+            const dangerousPatterns = ['eval(', 'new Function(', '__proto__', 'innerHTML'];
+            for (const pattern of dangerousPatterns) {
+                if (newCode.includes(pattern) && !edit.originalCode.includes(pattern)) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+    /**
+     * Create a verification result
+     */
+    createResult(fixId, status, data) {
+        return {
+            fixId,
+            status,
+            eliminatesVulnerability: data.eliminatesVulnerability,
+            preservesSemantics: data.preservesSemantics,
+            noRegressions: data.noRegressions,
+            method: data.method,
+            details: data.details,
+            duration: data.duration,
+            timestamp: new Date(),
+            error: data.error,
+        };
+    }
+}
+/**
+ * Create a fix verifier
+ */
+export function createFixVerifier(options) {
+    return new FixVerifier(options);
+}
+//# sourceMappingURL=fix-verifier.js.map

package/dist/services/fix-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-verifier.js","sourceRoot":"","sources":["../../src/services/fix-verifier.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAoBH;;;;;;;GAOG;AACH,MAAM,OAAO,WAAW;IACd,OAAO,CAAsB;IAErC,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,OAAO,GAAG;YACb,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK,EAAE,aAAa;YAChD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,IAAI;YAC9C,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,IAAI;SACnD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAQ;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,+BAA+B;YAC/B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE;oBAC9C,uBAAuB,EAAE,KAAK;oBAC9B,kBAAkB,EAAE,KAAK;oBACzB,aAAa,EAAE,KAAK;oBACpB,MAAM,EAAE,iBAAiB;oBACzB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAChC,KAAK,EAAE,gDAAgD;iBACxD,CAAC,CAAC;YACL,CAAC;YAED,0BAA0B;YAC1B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;YACrE,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc;gBACpD,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC;gBAC3C,CAAC,CAAC,IAAI,CAAC;YACT,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB;gBACjD,CAAC,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC;gBACpC,CAAC,CAAC,IAAI,CAAC;YAET,2BAA2B;YAC3B,IAAI,MAAM,GAAuB,UAAU,CAAC;YAC5C,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC7D,MAAM,GAAG,QAAQ,CAAC;YACpB,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE;gBACvC,uBAAuB,EAAE,cAAc;gBACvC,kBAAkB;gBAClB,aAAa;gBACb,MAAM,EAAE,iBAAiB;gBACzB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE;oBAC1C,uBAAuB,EAAE,KAAK;oBAC9B,kBAAkB,EAAE,KAAK;oBACzB,aAAa,EAAE,KAAK;oBACpB,MAAM,EAAE,iBAAiB;oBACzB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAChC,KAAK,EAAE,wBAAwB;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE;gBACzC,uBAAuB,EAAE,KAAK;gBAC9B,kBAAkB,EAAE,KAAK;gBACzB,aAAa,EAAE,KAAK;gBACpB,MAAM,EAAE,iBAAiB;gBACzB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,KAAK,EAAE,KAAK,CAAC,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAY;QAC5B,MAAM,OAAO,GAAyB,EAAE,CAAC;QAEzC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,GAAQ;QAC3B,sDAAsD;QACtD,MAAM,oBAAoB,GAAG;YAC3B,qBAAqB;YACrB,aAAa;YACb,iBAAiB;YACjB,kBAAkB;SACnB,CAAC;QAEF,OAAO,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,6BAA6B,CAAC,GAAQ;QAClD,uEAAuE;QAEvE,QAAQ,GAAG,CAAC,QAAQ,EAAE,CAAC;YACrB,KAAK,qBAAqB;gBACxB,yCAAyC;gBACzC,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;oBAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBAC7B,wCAAwC;oBACxC,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,2BAA2B;wBAC7E,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,eAAe;wBACvE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC9B,CAAC;gBACJ,CAAC,CAAC,CAAC;YAEL,KAAK,aAAa;gBAChB,6BAA6B;gBAC7B,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;oBAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBAC7B,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;wBAC9B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC7B,CAAC;gBACJ,CAAC,CAAC,CAAC;YAEL,KAAK,iBAAiB;gBACpB,6BAA6B;gBAC7B,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;oBAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBAC7B,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;wBAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;wBAC3B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC9B,CAAC;gBACJ,CAAC,CAAC,CAAC;YAEL,KAAK,kBAAkB;gBACrB,8BAA8B;gBAC9B,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;oBAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBAC7B,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;wBAC5B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;wBAC5B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,+BAA+B;qBAC9D,CAAC;gBACJ,CAAC,CAAC,CAAC;YAEL;gBACE,OAAO,IAAI,CAAC,CAAC,qCAAqC;QACtD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,yBAAyB,CAAC,GAAQ;QAC9C,oDAAoD;QAEpD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YAC7B,6DAA6D;YAC7D,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,iDAAiD;YACjD,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC9E,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAExE,+DAA+D;YAC/D,IAAI,IAAI,CAAC,GAAG,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAC,GAAQ;QACvC,wDAAwD;QAExD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;YAE7B,qCAAqC;YACrC,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChF,gDAAgD;gBAChD,sCAAsC;YACxC,CAAC;YAED,yCAAyC;YACzC,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,oCAAoC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC/F,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAEpF,IAAI,QAAQ,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;gBAC7B,sEAAsE;gBACtE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,0DAA0D;YAC1D,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;YAC/E,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,YAAY,CAClB,KAAa,EACb,MAA0B,EAC1B,IAQC;QAED,OAAO;YACL,KAAK;YACL,MAAM;YACN,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;YAC3C,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAA6B;IAC7D,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC"}

package/dist/services/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * @fileoverview Services module entry point
+ * @module @nahisaho/musubix-security/services
+ */
+export { FixGenerator, createFixGenerator, } from './fix-generator.js';
+export { FixVerifier, createFixVerifier, type VerificationOptions, } from './fix-verifier.js';
+export { ReportGenerator, createReportGenerator, type ReportFormat, type CombinedResults, type ReportMetadata, } from './report-generator.js';
+export { SecurityService, createSecurityService, scanForVulnerabilities, runSecurityScan, type ScanOptions, type CompleteScanResult, } from './security-service.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EACL,YAAY,EACZ,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,sBAAsB,EACtB,eAAe,EACf,KAAK,WAAW,EAChB,KAAK,kBAAkB,GACxB,MAAM,uBAAuB,CAAC"}