@nahisaho/musubix-security 1.8.0

package/dist/types/config.js

@@ -0,0 +1,89 @@
+/**
+ * @fileoverview Security configuration type definitions
+ * @module @nahisaho/musubix-security/types/config
+ * @trace REQ-SEC-CONFIG-001, REQ-SEC-CONFIG-002, REQ-SEC-REPORT-001
+ */
+/**
+ * Default security configuration
+ */
+export const DEFAULT_CONFIG = {
+    version: '1.0',
+    scan: {
+        severityFilter: ['critical', 'high', 'medium'],
+        rulesets: ['owasp-top-10', 'cwe-top-25'],
+        incremental: true,
+    },
+    taint: {
+        interprocedural: true,
+        trackAsync: true,
+        maxPathDepth: 10,
+    },
+    fix: {
+        useAI: false,
+        generateAlternatives: true,
+        maxAlternatives: 3,
+        preserveStyle: true,
+    },
+    secret: {
+        ignoreTestValues: true,
+        verify: false,
+    },
+    audit: {
+        includeDevDependencies: false,
+        minSeverity: 'medium',
+        suggestUpgrades: true,
+        checkBreaking: true,
+    },
+    report: {
+        format: 'json',
+        includeCodeSnippets: true,
+        includeFixes: true,
+        includeTaintPaths: true,
+        groupBy: 'severity',
+        includeSummary: true,
+    },
+    knowledgeGraph: {
+        mode: 'local',
+        autoLearn: true,
+        namespace: 'security',
+        maxCachedPatterns: 1000,
+    },
+    ai: {
+        enabled: false,
+    },
+    cache: {
+        strategy: 'file',
+        ttlSeconds: 3600,
+        maxSizeMB: 100,
+        cacheAST: true,
+        cachePatterns: true,
+    },
+    ci: {
+        failOnSeverity: 'high',
+        sarifOutput: true,
+    },
+    severityFilter: ['critical', 'high', 'medium'],
+    verbose: false,
+    debug: false,
+};
+/**
+ * Configuration file locations (in order of precedence)
+ */
+export const CONFIG_FILE_LOCATIONS = [
+    'musubix-security.config.ts',
+    'musubix-security.config.js',
+    'musubix-security.config.json',
+    '.musubix-security.yml',
+    '.musubix-security.yaml',
+    '.musubix-securityrc',
+    '.musubix-securityrc.json',
+];
+/**
+ * Environment variable prefix for configuration
+ */
+export const ENV_PREFIX = 'MUSUBIX_SECURITY_';
+/**
+ * Configuration schema version
+ */
+export const CONFIG_SCHEMA_VERSION = '1.0';
+//# sourceMappingURL=config.js.map

package/dist/types/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAkLH;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C,OAAO,EAAE,KAAK;IACd,IAAI,EAAE;QACJ,cAAc,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC;QAC9C,QAAQ,EAAE,CAAC,cAAc,EAAE,YAAY,CAAC;QACxC,WAAW,EAAE,IAAI;KAClB;IACD,KAAK,EAAE;QACL,eAAe,EAAE,IAAI;QACrB,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,EAAE;KACjB;IACD,GAAG,EAAE;QACH,KAAK,EAAE,KAAK;QACZ,oBAAoB,EAAE,IAAI;QAC1B,eAAe,EAAE,CAAC;QAClB,aAAa,EAAE,IAAI;KACpB;IACD,MAAM,EAAE;QACN,gBAAgB,EAAE,IAAI;QACtB,MAAM,EAAE,KAAK;KACd;IACD,KAAK,EAAE;QACL,sBAAsB,EAAE,KAAK;QAC7B,WAAW,EAAE,QAAQ;QACrB,eAAe,EAAE,IAAI;QACrB,aAAa,EAAE,IAAI;KACpB;IACD,MAAM,EAAE;QACN,MAAM,EAAE,MAAM;QACd,mBAAmB,EAAE,IAAI;QACzB,YAAY,EAAE,IAAI;QAClB,iBAAiB,EAAE,IAAI;QACvB,OAAO,EAAE,UAAU;QACnB,cAAc,EAAE,IAAI;KACrB;IACD,cAAc,EAAE;QACd,IAAI,EAAE,OAAO;QACb,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,UAAU;QACrB,iBAAiB,EAAE,IAAI;KACxB;IACD,EAAE,EAAE;QACF,OAAO,EAAE,KAAK;KACf;IACD,KAAK,EAAE;QACL,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,IAAI;QAChB,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACpB;IACD,EAAE,EAAE;QACF,cAAc,EAAE,MAAM;QACtB,WAAW,EAAE,IAAI;KAClB;IACD,cAAc,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC;IAC9C,OAAO,EAAE,KAAK;IACd,KAAK,EAAE,KAAK;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,4BAA4B;IAC5B,4BAA4B;IAC5B,8BAA8B;IAC9B,uBAAuB;IACvB,wBAAwB;IACxB,qBAAqB;IACrB,0BAA0B;CAC3B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,CAAC"}

package/dist/types/dependency.d.ts

@@ -0,0 +1,266 @@
+/**
+ * @fileoverview Dependency audit type definitions
+ * @module @nahisaho/musubix-security/types/dependency
+ * @trace REQ-SEC-DEP-001, REQ-SEC-DEP-002, REQ-SEC-DEP-003
+ */
+import type { Severity } from './vulnerability.js';
+/**
+ * Dependency type
+ */
+export type DependencyType = 'production' | 'development' | 'optional' | 'peer';
+/**
+ * Vulnerability source database
+ */
+export type VulnerabilitySource = 'npm-audit' | 'github-advisories' | 'osv' | 'snyk' | 'nvd';
+/**
+ * Vulnerable dependency
+ * @trace REQ-SEC-DEP-001
+ */
+export interface VulnerableDependency {
+    /** Package name */
+    name: string;
+    /** Installed version */
+    installedVersion: string;
+    /** Dependency type */
+    type: DependencyType;
+    /** Whether this is a direct dependency */
+    isDirect: boolean;
+    /** Dependency path (for transitive deps) */
+    dependencyPath: string[];
+    /** Known vulnerabilities */
+    vulnerabilities: DependencyVulnerability[];
+    /** Highest severity among vulnerabilities */
+    highestSeverity: Severity;
+    /** Fix available */
+    fixAvailable: boolean;
+}
+/**
+ * Vulnerability in a dependency
+ */
+export interface DependencyVulnerability {
+    /** Vulnerability ID (CVE, GHSA, etc.) */
+    id: string;
+    /** CVE ID if available */
+    cve?: string;
+    /** GitHub Security Advisory ID */
+    ghsa?: string;
+    /** CWE identifiers */
+    cwes: string[];
+    /** Severity level */
+    severity: Severity;
+    /** CVSS score (0.0 - 10.0) */
+    cvssScore?: number;
+    /** CVSS vector string */
+    cvssVector?: string;
+    /** Title */
+    title: string;
+    /** Description */
+    description: string;
+    /** Affected version range */
+    affectedVersions: string;
+    /** Patched version (if available) */
+    patchedVersion?: string;
+    /** Vulnerability source */
+    source: VulnerabilitySource;
+    /** URL to advisory */
+    url?: string;
+    /** Publication date */
+    publishedAt?: Date;
+    /** Whether exploit is known */
+    exploitAvailable?: boolean;
+}
+/**
+ * Upgrade suggestion
+ * @trace REQ-SEC-DEP-002
+ */
+export interface UpgradeSuggestion {
+    /** Package name */
+    packageName: string;
+    /** Current version */
+    currentVersion: string;
+    /** Suggested version */
+    suggestedVersion: string;
+    /** Upgrade type */
+    upgradeType: 'patch' | 'minor' | 'major';
+    /** Whether this is a breaking change */
+    breaking: boolean;
+    /** Vulnerabilities fixed by this upgrade */
+    fixesVulnerabilities: string[];
+    /** Required peer dependency updates */
+    peerUpdates?: {
+        name: string;
+        version: string;
+    }[];
+    /** Changelog URL */
+    changelogUrl?: string;
+    /** Release notes summary */
+    releaseNotes?: string;
+    /** Confidence in upgrade safety */
+    confidence: number;
+}
+/**
+ * Audit result
+ * @trace REQ-SEC-DEP-001
+ */
+export interface AuditResult {
+    /** Vulnerable dependencies found */
+    vulnerableDependencies: VulnerableDependency[];
+    /** Upgrade suggestions */
+    upgradeSuggestions: UpgradeSuggestion[];
+    /** Total dependencies scanned */
+    totalDependencies: number;
+    /** Direct dependencies scanned */
+    directDependencies: number;
+    /** Transitive dependencies scanned */
+    transitiveDependencies: number;
+    /** Audit duration in milliseconds */
+    duration: number;
+    /** Audit timestamp */
+    timestamp: Date;
+    /** Package manager detected */
+    packageManager: 'npm' | 'yarn' | 'pnpm';
+    /** Lock file path */
+    lockFilePath?: string;
+    /** Summary */
+    summary: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        total: number;
+        fixable: number;
+        breaking: number;
+    };
+}
+/**
+ * Audit options
+ */
+export interface AuditOptions {
+    /** Include development dependencies */
+    includeDevDependencies?: boolean;
+    /** Minimum severity to report */
+    minSeverity?: Severity;
+    /** Vulnerability sources to check */
+    sources?: VulnerabilitySource[];
+    /** Ignore specific vulnerabilities by ID */
+    ignoreVulnerabilities?: string[];
+    /** Ignore specific packages */
+    ignorePackages?: string[];
+    /** Maximum depth for transitive dependencies */
+    maxDepth?: number;
+    /** Generate upgrade suggestions */
+    suggestUpgrades?: boolean;
+    /** Check for breaking changes */
+    checkBreaking?: boolean;
+    /** Custom registry URL */
+    registryUrl?: string;
+}
+/**
+ * SBOM (Software Bill of Materials) entry
+ * @trace REQ-SEC-DEP-003
+ */
+export interface SBOMEntry {
+    /** Package name */
+    name: string;
+    /** Package version */
+    version: string;
+    /** Package description */
+    description?: string;
+    /** License identifier (SPDX) */
+    license?: string;
+    /** Package author */
+    author?: string;
+    /** Package homepage */
+    homepage?: string;
+    /** Package repository URL */
+    repository?: string;
+    /** Dependency type */
+    type: DependencyType;
+    /** Whether this is a direct dependency */
+    isDirect: boolean;
+    /** Integrity hash (SHA-512) */
+    integrity?: string;
+    /** PURL (Package URL) */
+    purl: string;
+    /** CPE (Common Platform Enumeration) if available */
+    cpe?: string;
+    /** Known vulnerabilities count */
+    vulnerabilityCount: number;
+    /** Highest vulnerability severity */
+    highestSeverity?: Severity;
+}
+/**
+ * SBOM document
+ * @trace REQ-SEC-DEP-003
+ */
+export interface SBOM {
+    /** SBOM format version */
+    formatVersion: string;
+    /** SBOM spec (CycloneDX, SPDX) */
+    spec: 'cyclonedx' | 'spdx';
+    /** Project name */
+    projectName: string;
+    /** Project version */
+    projectVersion: string;
+    /** Generation timestamp */
+    generatedAt: Date;
+    /** Generator tool info */
+    generator: {
+        name: string;
+        version: string;
+    };
+    /** All components */
+    components: SBOMEntry[];
+    /** Summary */
+    summary: {
+        totalComponents: number;
+        directDependencies: number;
+        transitiveDependencies: number;
+        uniqueLicenses: string[];
+        vulnerableComponents: number;
+    };
+}
+/**
+ * SBOM generation options
+ */
+export interface SBOMOptions {
+    /** Output format */
+    format: 'cyclonedx' | 'spdx';
+    /** Include development dependencies */
+    includeDevDependencies?: boolean;
+    /** Include vulnerability data */
+    includeVulnerabilities?: boolean;
+    /** Include license data */
+    includeLicenses?: boolean;
+    /** Output file path */
+    outputPath?: string;
+}
+/**
+ * License compliance check result
+ */
+export interface LicenseCheckResult {
+    /** Package name */
+    packageName: string;
+    /** Package version */
+    version: string;
+    /** Detected license */
+    license: string;
+    /** License category */
+    category: 'permissive' | 'copyleft' | 'proprietary' | 'unknown';
+    /** Whether license is approved */
+    approved: boolean;
+    /** Compliance issues */
+    issues: string[];
+}
+/**
+ * License policy
+ */
+export interface LicensePolicy {
+    /** Allowed licenses */
+    allowed: string[];
+    /** Denied licenses */
+    denied: string[];
+    /** Require explicit approval for */
+    requireApproval: string[];
+}
+//# sourceMappingURL=dependency.d.ts.map

package/dist/types/dependency.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../src/types/dependency.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAEhF;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC3B,WAAW,GACX,mBAAmB,GACnB,KAAK,GACL,MAAM,GACN,KAAK,CAAC;AAEV;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB;IACtB,IAAI,EAAE,cAAc,CAAC;IACrB,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,4BAA4B;IAC5B,eAAe,EAAE,uBAAuB,EAAE,CAAC;IAC3C,6CAA6C;IAC7C,eAAe,EAAE,QAAQ,CAAC;IAC1B,oBAAoB;IACpB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,yCAAyC;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,8BAA8B;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,qCAAqC;IACrC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,2BAA2B;IAC3B,MAAM,EAAE,mBAAmB,CAAC;IAC5B,sBAAsB;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,+BAA+B;IAC/B,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB;IACnB,WAAW,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;IACzC,wCAAwC;IACxC,QAAQ,EAAE,OAAO,CAAC;IAClB,4CAA4C;IAC5C,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,uCAAuC;IACvC,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;KACjB,EAAE,CAAC;IACJ,oBAAoB;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,4BAA4B;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,oCAAoC;IACpC,sBAAsB,EAAE,oBAAoB,EAAE,CAAC;IAC/C,0BAA0B;IAC1B,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;IACxC,iCAAiC;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kCAAkC;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sCAAsC;IACtC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,+BAA+B;IAC/B,cAAc,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;IACxC,qBAAqB;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc;IACd,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,qCAAqC;IACrC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAChC,4CAA4C;IAC5C,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,iCAAiC;IACjC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,IAAI,EAAE,cAAc,CAAC;IACrB,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qCAAqC;IACrC,eAAe,CAAC,EAAE,QAAQ,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,WAAW,IAAI;IACnB,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,kCAAkC;IAClC,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC;IAC3B,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,2BAA2B;IAC3B,WAAW,EAAE,IAAI,CAAC;IAClB,0BAA0B;IAC1B,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,qBAAqB;IACrB,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,cAAc;IACd,OAAO,EAAE;QACP,eAAe,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,sBAAsB,EAAE,MAAM,CAAC;QAC/B,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,oBAAoB;IACpB,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;IAC7B,uCAAuC;IACvC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,iCAAiC;IACjC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,2BAA2B;IAC3B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,uBAAuB;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,QAAQ,EAAE,YAAY,GAAG,UAAU,GAAG,aAAa,GAAG,SAAS,CAAC;IAChE,kCAAkC;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,wBAAwB;IACxB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uBAAuB;IACvB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,sBAAsB;IACtB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,oCAAoC;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B"}

package/dist/types/dependency.js

@@ -0,0 +1,7 @@
+/**
+ * @fileoverview Dependency audit type definitions
+ * @module @nahisaho/musubix-security/types/dependency
+ * @trace REQ-SEC-DEP-001, REQ-SEC-DEP-002, REQ-SEC-DEP-003
+ */
+export {};
+//# sourceMappingURL=dependency.js.map

package/dist/types/dependency.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../src/types/dependency.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/types/fix.d.ts

@@ -0,0 +1,213 @@
+/**
+ * @fileoverview Fix suggestion and verification type definitions
+ * @module @nahisaho/musubix-security/types/fix
+ * @trace REQ-SEC-FIX-001, REQ-SEC-FIX-002, REQ-SEC-FIX-003
+ */
+import type { SourceLocation, Severity } from './vulnerability.js';
+/**
+ * Fix strategy type
+ * @trace REQ-SEC-FIX-001
+ */
+export type FixStrategy = 'parameterized-query' | 'html-escape' | 'command-escape' | 'path-validation' | 'url-validation' | 'input-validation' | 'authentication' | 'authorization' | 'encryption' | 'sanitization' | 'configuration' | 'dependency-update';
+/**
+ * Code edit to apply
+ * @trace DES-SEC-FIX-001
+ */
+export interface CodeEdit {
+    /** Source code location to edit */
+    location: SourceLocation;
+    /** Original code to replace */
+    originalCode: string;
+    /** New code to insert */
+    newCode: string;
+    /** Description of the change */
+    description: string;
+}
+/**
+ * Import statement to add
+ */
+export interface ImportEdit {
+    /** Module to import from */
+    module: string;
+    /** Named imports */
+    namedImports?: string[];
+    /** Default import name */
+    defaultImport?: string;
+    /** Namespace import name */
+    namespaceImport?: string;
+    /** Insert at line (0 for top of file) */
+    insertLine: number;
+}
+/**
+ * Fix suggestion for a vulnerability
+ * @trace REQ-SEC-FIX-001
+ */
+export interface Fix {
+    /** Unique fix ID (e.g., "FIX-2026-001") */
+    id: string;
+    /** Reference to the vulnerability being fixed */
+    vulnerabilityId: string;
+    /** Reference to the taint path if applicable */
+    taintPathId?: string;
+    /** Fix strategy used */
+    strategy: FixStrategy;
+    /** Human-readable title */
+    title: string;
+    /** Detailed description of the fix */
+    description: string;
+    /** Code edits to apply */
+    edits: CodeEdit[];
+    /** Import statements to add */
+    imports: ImportEdit[];
+    /** Confidence in fix correctness (0.0 - 1.0) */
+    confidence: number;
+    /** Whether this fix may change behavior */
+    breakingChange: boolean;
+    /** Required new dependencies */
+    newDependencies?: {
+        name: string;
+        version: string;
+        dev?: boolean;
+    }[];
+    /** Explanation of why this fix works */
+    rationale: string;
+    /** Alternative fix approaches */
+    alternatives?: string[];
+    /** Generated timestamp */
+    generatedAt: Date;
+    /** LLM model used if AI-generated */
+    generatedBy?: string;
+}
+/**
+ * Fix generation options
+ */
+export interface FixGenerationOptions {
+    /** Preferred fix strategies */
+    preferredStrategies?: FixStrategy[];
+    /** Use AI-assisted fix generation */
+    useAI?: boolean;
+    /** AI model to use */
+    aiModel?: string;
+    /** Generate multiple alternatives */
+    generateAlternatives?: boolean;
+    /** Maximum alternatives per vulnerability */
+    maxAlternatives?: number;
+    /** Preserve code style */
+    preserveStyle?: boolean;
+    /** Target language/framework */
+    targetFramework?: string;
+}
+/**
+ * Verification status
+ * @trace REQ-SEC-FIX-002
+ */
+export type VerificationStatus = 'verified' | 'unverified' | 'failed' | 'timeout' | 'unsupported';
+/**
+ * Formal verification result
+ * @trace REQ-SEC-FIX-002
+ */
+export interface VerificationResult {
+    /** Fix ID being verified */
+    fixId: string;
+    /** Verification status */
+    status: VerificationStatus;
+    /** Whether the fix eliminates the vulnerability */
+    eliminatesVulnerability: boolean;
+    /** Whether the fix preserves program semantics */
+    preservesSemantics: boolean;
+    /** Whether any regressions were detected */
+    noRegressions: boolean;
+    /** Verification method used */
+    method: 'z3-smt' | 'hoare-logic' | 'type-checking' | 'static-analysis';
+    /** Detailed verification output */
+    details?: string;
+    /** Verification duration in milliseconds */
+    duration: number;
+    /** Verification timestamp */
+    timestamp: Date;
+    /** Error message if verification failed */
+    error?: string;
+}
+/**
+ * Fix application status
+ * @trace REQ-SEC-FIX-003
+ */
+export type ApplyStatus = 'success' | 'partial' | 'failed' | 'conflict' | 'rejected';
+/**
+ * Result of applying a fix
+ * @trace REQ-SEC-FIX-003
+ */
+export interface ApplyResult {
+    /** Fix ID that was applied */
+    fixId: string;
+    /** Application status */
+    status: ApplyStatus;
+    /** Files modified */
+    modifiedFiles: string[];
+    /** Edits that were applied */
+    appliedEdits: CodeEdit[];
+    /** Edits that failed to apply */
+    failedEdits?: {
+        edit: CodeEdit;
+        reason: string;
+    }[];
+    /** Backup file paths */
+    backupPaths?: string[];
+    /** Whether backup was created */
+    backupCreated: boolean;
+    /** Error message if failed */
+    error?: string;
+    /** Application timestamp */
+    timestamp: Date;
+}
+/**
+ * Fix batch for multiple vulnerabilities
+ */
+export interface FixBatch {
+    /** Batch ID */
+    id: string;
+    /** Fixes in this batch */
+    fixes: Fix[];
+    /** Combined verification result */
+    verification?: VerificationResult;
+    /** Whether batch can be applied atomically */
+    atomic: boolean;
+    /** Files affected by this batch */
+    affectedFiles: string[];
+    /** Estimated impact level */
+    impactLevel: Severity;
+    /** Creation timestamp */
+    createdAt: Date;
+}
+/**
+ * Fix template for common patterns
+ */
+export interface FixTemplate {
+    /** Template ID */
+    id: string;
+    /** Template name */
+    name: string;
+    /** Vulnerability type this template addresses */
+    vulnerabilityType: string;
+    /** Fix strategy */
+    strategy: FixStrategy;
+    /** Template code with placeholders */
+    template: string;
+    /** Placeholder definitions */
+    placeholders: {
+        name: string;
+        description: string;
+        required: boolean;
+        defaultValue?: string;
+    }[];
+    /** Required imports */
+    imports: ImportEdit[];
+    /** When to use this template */
+    applicableWhen: string;
+    /** Example usage */
+    example?: {
+        before: string;
+        after: string;
+    };
+}
+//# sourceMappingURL=fix.d.ts.map

package/dist/types/fix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix.d.ts","sourceRoot":"","sources":["../../src/types/fix.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAEnE;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,qBAAqB,GACrB,aAAa,GACb,gBAAgB,GAChB,iBAAiB,GACjB,gBAAgB,GAChB,kBAAkB,GAClB,gBAAgB,GAChB,eAAe,GACf,YAAY,GACZ,cAAc,GACd,eAAe,GACf,mBAAmB,CAAC;AAExB;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,mCAAmC;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,+BAA+B;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4BAA4B;IAC5B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yCAAyC;IACzC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,GAAG;IAClB,2CAA2C;IAC3C,EAAE,EAAE,MAAM,CAAC;IACX,iDAAiD;IACjD,eAAe,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wBAAwB;IACxB,QAAQ,EAAE,WAAW,CAAC;IACtB,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,+BAA+B;IAC/B,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,cAAc,EAAE,OAAO,CAAC;IACxB,gCAAgC;IAChC,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,OAAO,CAAC;KACf,EAAE,CAAC;IACJ,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,IAAI,CAAC;IAClB,qCAAqC;IACrC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,+BAA+B;IAC/B,mBAAmB,CAAC,EAAE,WAAW,EAAE,CAAC;IACpC,qCAAqC;IACrC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,sBAAsB;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,0BAA0B;IAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gCAAgC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAC1B,UAAU,GACV,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,MAAM,EAAE,kBAAkB,CAAC;IAC3B,mDAAmD;IACnD,uBAAuB,EAAE,OAAO,CAAC;IACjC,kDAAkD;IAClD,kBAAkB,EAAE,OAAO,CAAC;IAC5B,4CAA4C;IAC5C,aAAa,EAAE,OAAO,CAAC;IACvB,+BAA+B;IAC/B,MAAM,EAAE,QAAQ,GAAG,aAAa,GAAG,eAAe,GAAG,iBAAiB,CAAC;IACvE,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,SAAS,EAAE,IAAI,CAAC;IAChB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,SAAS,GACT,SAAS,GACT,QAAQ,GACR,UAAU,GACV,UAAU,CAAC;AAEf;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,8BAA8B;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,MAAM,EAAE,WAAW,CAAC;IACpB,qBAAqB;IACrB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,8BAA8B;IAC9B,YAAY,EAAE,QAAQ,EAAE,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,QAAQ,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;KAChB,EAAE,CAAC;IACJ,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,iCAAiC;IACjC,aAAa,EAAE,OAAO,CAAC;IACvB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4BAA4B;IAC5B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,eAAe;IACf,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,KAAK,EAAE,GAAG,EAAE,CAAC;IACb,mCAAmC;IACnC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,8CAA8C;IAC9C,MAAM,EAAE,OAAO,CAAC;IAChB,mCAAmC;IACnC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,6BAA6B;IAC7B,WAAW,EAAE,QAAQ,CAAC;IACtB,yBAAyB;IACzB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB;IACnB,QAAQ,EAAE,WAAW,CAAC;IACtB,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,YAAY,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,EAAE,CAAC;IACJ,uBAAuB;IACvB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,gCAAgC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB;IACpB,OAAO,CAAC,EAAE;QACR,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH"}

package/dist/types/fix.js

@@ -0,0 +1,7 @@
+/**
+ * @fileoverview Fix suggestion and verification type definitions
+ * @module @nahisaho/musubix-security/types/fix
+ * @trace REQ-SEC-FIX-001, REQ-SEC-FIX-002, REQ-SEC-FIX-003
+ */
+export {};
+//# sourceMappingURL=fix.js.map

package/dist/types/fix.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix.js","sourceRoot":"","sources":["../../src/types/fix.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/types/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * @fileoverview Type definitions entry point
+ * @module @nahisaho/musubix-security/types
+ */
+export type { OWASPCategory, VulnerabilityType, Severity, SourceLocation, Vulnerability, ScanOptions, ScanResult, SecurityRule, } from './vulnerability.js';
+export type { TaintSourceCategory, TaintSource, TaintSinkCategory, TaintSink, TaintFlowStep, TaintPath, TaintResult, TaintAnalysisOptions, SanitizerDefinition, } from './taint.js';
+export { BUILTIN_SANITIZERS } from './taint.js';
+export type { FixStrategy, CodeEdit, ImportEdit, Fix, FixGenerationOptions, VerificationStatus, VerificationResult, ApplyStatus, ApplyResult, FixBatch, FixTemplate, } from './fix.js';
+export type { SecretType, SecretContext, Secret, SecretPattern, SecretScanOptions, SecretScanResult, SecretVerification, } from './secret.js';
+export { BUILTIN_SECRET_PATTERNS } from './secret.js';
+export type { DependencyType, VulnerabilitySource, VulnerableDependency, DependencyVulnerability, UpgradeSuggestion, AuditResult, AuditOptions, SBOMEntry, SBOM, SBOMOptions, LicenseCheckResult, LicensePolicy, } from './dependency.js';
+export type { ReportFormat, KnowledgeGraphMode, CacheStrategy, ReportConfig, KnowledgeGraphConfig, AIConfig, CacheConfig, CIConfig, SecurityConfig, } from './config.js';
+export { DEFAULT_CONFIG, CONFIG_FILE_LOCATIONS, ENV_PREFIX, CONFIG_SCHEMA_VERSION, } from './config.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,YAAY,EACV,aAAa,EACb,iBAAiB,EACjB,QAAQ,EACR,cAAc,EACd,aAAa,EACb,WAAW,EACX,UAAU,EACV,YAAY,GACb,MAAM,oBAAoB,CAAC;AAG5B,YAAY,EACV,mBAAmB,EACnB,WAAW,EACX,iBAAiB,EACjB,SAAS,EACT,aAAa,EACb,SAAS,EACT,WAAW,EACX,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAGhD,YAAY,EACV,WAAW,EACX,QAAQ,EACR,UAAU,EACV,GAAG,EACH,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,QAAQ,EACR,WAAW,GACZ,MAAM,UAAU,CAAC;AAGlB,YAAY,EACV,UAAU,EACV,aAAa,EACb,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAGtD,YAAY,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,EACvB,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,SAAS,EACT,IAAI,EACJ,WAAW,EACX,kBAAkB,EAClB,aAAa,GACd,MAAM,iBAAiB,CAAC;AAGzB,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,YAAY,EACZ,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,qBAAqB,GACtB,MAAM,aAAa,CAAC"}

package/dist/types/index.js

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Type definitions entry point
+ * @module @nahisaho/musubix-security/types
+ */
+export { BUILTIN_SANITIZERS } from './taint.js';
+export { BUILTIN_SECRET_PATTERNS } from './secret.js';
+export { DEFAULT_CONFIG, CONFIG_FILE_LOCATIONS, ENV_PREFIX, CONFIG_SCHEMA_VERSION, } from './config.js';
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA2BH,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AA4BhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AA+BtD,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,qBAAqB,GACtB,MAAM,aAAa,CAAC"}