npm - @nodatachat/guard - Versions diffs - 3.0.0 → 3.1.0 - Mend

@nodatachat/guard 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -26,7 +26,8 @@ const reporter_1 = require("./reporter");
 const scheduler_1 = require("./fixers/scheduler");
 const vault_crypto_1 = require("./vault-crypto");
 const capsule_dir_1 = require("./capsule-dir");
-const VERSION = "3.0.0";
+const db_detect_1 = require("./db-detect");
+const VERSION = "3.1.0";
 async function main() {
     const args = process.argv.slice(2);
     // ── Subcommand routing ──
@@ -44,6 +45,12 @@ async function main() {
     if (subcommand === "attest") {
         return handleAttest(args.slice(1));
     }
+    if (subcommand === "detect") {
+        const dir = args.includes("--dir") ? (0, path_1.resolve)(args[args.indexOf("--dir") + 1]) : process.cwd();
+        const result = (0, db_detect_1.detectDatabases)(dir);
+        (0, db_detect_1.printDetectionResults)(result);
+        return;
+    }
     // Parse args
     let licenseKey;
     let dbUrl;
@@ -114,12 +121,21 @@ async function main() {
         licenseKey = process.env.NDC_LICENSE || process.env.NODATA_LICENSE_KEY || process.env.NODATA_API_KEY || process.env.NDC_API_KEY;
     if (!dbUrl)
         dbUrl = process.env.DATABASE_URL;
-    // ── Auto-detect from .env files ──
-    // Guard reads .env files to find DATABASE_URL and license keys.
+    // ── Auto-detect from .env files + project analysis ──
+    // Guard reads .env files AND analyzes the project to find databases.
     // ALL values stay local — never sent anywhere.
-    // If DB URL is found, Guard asks for explicit consent before connecting.
+    // If a DB is found, Guard asks for explicit consent before connecting.
     if (!dbUrl || !licenseKey) {
         const envResult = readEnvFiles(projectDir);
+        // Also run full database detection for richer results
+        if (!dbUrl) {
+            const detection = (0, db_detect_1.detectDatabases)(projectDir);
+            const scannableDb = detection.databases.find(d => d.scannable && d.raw_value);
+            if (scannableDb && !envResult.dbUrl) {
+                envResult.dbUrl = scannableDb.raw_value;
+                envResult.dbSource = `${scannableDb.source} (${scannableDb.engine}/${scannableDb.provider})`;
+            }
+        }
         if (!licenseKey && envResult.licenseKey) {
             licenseKey = envResult.licenseKey;
             if (!ciMode)
@@ -921,11 +937,13 @@ function printHelp() {
     npx nodata-guard status                                          # Show .capsule/ status (no scan)
     npx nodata-guard diff                                            # Compare last 2 scans
     npx nodata-guard attest --finding ID --status fixed --note "..."  # Manual attestation
+    npx nodata-guard detect                                          # Detect all databases in project
   Subcommands:
     status                 Show .capsule/ evidence (scores, proof, overrides) without scanning
     diff                   Compare the last 2 scans — score delta, issues resolved/new
     attest                 Manually attest a finding (saved to .capsule/overrides.json)
+    detect                 Detect all databases in your project (env, deps, config)
       --finding <id>       Finding ID (e.g., PII_UNENCRYPTED_email, ROUTE_NO_AUTH)
       --status <status>    fixed | accepted_risk | not_applicable | compensating_control
       --note <text>        Explanation of what was done

package/dist/db-detect.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+export type DbEngine = "postgresql" | "mysql" | "mongodb" | "redis" | "sqlite" | "sqlserver" | "cockroachdb" | "turso" | "dynamodb" | "firebase" | "fauna" | "xata" | "convex" | "d1" | "unknown";
+export type DbProvider = "supabase" | "neon" | "planetscale" | "upstash" | "railway" | "render" | "fly" | "vercel-postgres" | "aws-rds" | "azure" | "gcp-cloudsql" | "digitalocean" | "cockroach-cloud" | "turso-cloud" | "mongodb-atlas" | "firebase-google" | "fauna-cloud" | "xata-cloud" | "convex-cloud" | "cloudflare-d1" | "aiven" | "tembo" | "timescale" | "elephantsql" | "local" | "unknown";
+export interface DetectedDatabase {
+    engine: DbEngine;
+    provider: DbProvider;
+    source: string;
+    connection_key: string;
+    connection_value: string;
+    raw_value: string;
+    scannable: boolean;
+    scan_method: string;
+    confidence: number;
+    details: string;
+}
+export interface DetectionResult {
+    databases: DetectedDatabase[];
+    orm_detected: string | null;
+    framework_detected: string | null;
+    env_files_scanned: string[];
+    config_files_found: string[];
+    total_signals: number;
+}
+export declare function detectDatabases(projectDir: string): DetectionResult;
+export declare function printDetectionResults(result: DetectionResult): void;

package/dist/db-detect.js ADDED Viewed

@@ -0,0 +1,443 @@
+"use strict";
+// ═══════════════════════════════════════════════════════════
+// @nodatachat/guard — Universal Database Detector
+//
+// Scans a project to find ALL database connections:
+//   1. .env files — connection strings, URLs, keys
+//   2. package.json — ORM/driver dependencies
+//   3. Config files — prisma.schema, drizzle.config, knexfile, etc.
+//   4. Code patterns — import statements, connection code
+//
+// Supports: PostgreSQL, MySQL, MongoDB, Redis, SQLite,
+//           SQL Server, CockroachDB, Turso/LibSQL, DynamoDB,
+//           Supabase, Neon, PlanetScale, Upstash, Firebase,
+//           Fauna, Xata, Convex, D1 (Cloudflare)
+//
+// ALL detection is LOCAL. No data leaves the machine.
+// ═══════════════════════════════════════════════════════════
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectDatabases = detectDatabases;
+exports.printDetectionResults = printDetectionResults;
+const path_1 = require("path");
+const fs_1 = require("fs");
+const ENV_PATTERNS = [
+    // Supabase
+    { keys: ["NEXT_PUBLIC_SUPABASE_URL", "SUPABASE_URL", "VITE_SUPABASE_URL", "REACT_APP_SUPABASE_URL", "NUXT_PUBLIC_SUPABASE_URL"],
+        engine: "postgresql", provider: "supabase", urlPattern: /supabase\.co/ },
+    { keys: ["SUPABASE_DB_URL"], engine: "postgresql", provider: "supabase" },
+    // Neon
+    { keys: ["DATABASE_URL", "POSTGRES_URL", "NEON_DATABASE_URL"],
+        engine: "postgresql", provider: "neon", urlPattern: /neon\.tech/ },
+    // PlanetScale
+    { keys: ["DATABASE_URL"], engine: "mysql", provider: "planetscale", urlPattern: /planetscale|psdb\.cloud/ },
+    // Vercel Postgres
+    { keys: ["POSTGRES_URL", "POSTGRES_PRISMA_URL", "POSTGRES_URL_NON_POOLING"],
+        engine: "postgresql", provider: "vercel-postgres", urlPattern: /vercel-storage\.com/ },
+    // Railway
+    { keys: ["DATABASE_URL", "RAILWAY_DATABASE_URL"],
+        engine: "postgresql", provider: "railway", urlPattern: /railway\.app/ },
+    // Render
+    { keys: ["DATABASE_URL"], engine: "postgresql", provider: "render", urlPattern: /render\.com/ },
+    // Fly.io
+    { keys: ["DATABASE_URL"], engine: "postgresql", provider: "fly", urlPattern: /fly\.dev|flycast/ },
+    // Upstash
+    { keys: ["UPSTASH_REDIS_REST_URL", "KV_REST_API_URL"],
+        engine: "redis", provider: "upstash" },
+    // MongoDB Atlas
+    { keys: ["MONGODB_URI", "MONGO_URL", "MONGODB_URL", "DATABASE_URL"],
+        engine: "mongodb", provider: "mongodb-atlas", urlPattern: /mongodb\.net|mongodb\+srv/ },
+    // AWS RDS
+    { keys: ["DATABASE_URL", "RDS_HOSTNAME", "RDS_DB_NAME"],
+        engine: "postgresql", provider: "aws-rds", urlPattern: /rds\.amazonaws\.com/ },
+    // Azure
+    { keys: ["DATABASE_URL", "AZURE_SQL_CONNECTION_STRING"],
+        engine: "sqlserver", provider: "azure", urlPattern: /database\.windows\.net|azure/ },
+    // GCP Cloud SQL
+    { keys: ["DATABASE_URL", "CLOUD_SQL_CONNECTION_NAME"],
+        engine: "postgresql", provider: "gcp-cloudsql", urlPattern: /cloudsql|google/ },
+    // CockroachDB
+    { keys: ["DATABASE_URL"], engine: "cockroachdb", provider: "cockroach-cloud", urlPattern: /cockroachlabs\.cloud/ },
+    // Turso
+    { keys: ["TURSO_DATABASE_URL", "TURSO_AUTH_TOKEN"],
+        engine: "turso", provider: "turso-cloud", urlPattern: /turso\.io|libsql/ },
+    // Firebase
+    { keys: ["FIREBASE_DATABASE_URL", "NEXT_PUBLIC_FIREBASE_DATABASE_URL"],
+        engine: "firebase", provider: "firebase-google", urlPattern: /firebaseio\.com/ },
+    // Fauna
+    { keys: ["FAUNA_SECRET", "FAUNADB_SECRET"],
+        engine: "fauna", provider: "fauna-cloud" },
+    // Xata
+    { keys: ["XATA_API_KEY", "XATA_DATABASE_URL"],
+        engine: "xata", provider: "xata-cloud" },
+    // Convex
+    { keys: ["CONVEX_DEPLOYMENT", "NEXT_PUBLIC_CONVEX_URL"],
+        engine: "convex", provider: "convex-cloud" },
+    // Aiven
+    { keys: ["DATABASE_URL"], engine: "postgresql", provider: "aiven", urlPattern: /aivencloud\.com/ },
+    // Tembo
+    { keys: ["DATABASE_URL"], engine: "postgresql", provider: "tembo", urlPattern: /tembo\.io/ },
+    // Timescale
+    { keys: ["DATABASE_URL"], engine: "postgresql", provider: "timescale", urlPattern: /timescaledb\.io|tsdb\.cloud/ },
+    // DigitalOcean
+    { keys: ["DATABASE_URL"], engine: "postgresql", provider: "digitalocean", urlPattern: /db\.ondigitalocean\.com/ },
+    // Generic PostgreSQL
+    { keys: ["DATABASE_URL", "DIRECT_URL", "POSTGRES_URL", "PG_CONNECTION_STRING", "DB_URL", "POSTGRES_PRISMA_URL"],
+        engine: "postgresql", provider: "unknown", urlPattern: /^postgres(ql)?:\/\// },
+    // Generic MySQL
+    { keys: ["DATABASE_URL", "MYSQL_URL", "DB_URL"],
+        engine: "mysql", provider: "unknown", urlPattern: /^mysql:\/\// },
+    // Generic Redis
+    { keys: ["REDIS_URL", "REDIS_TLS_URL"],
+        engine: "redis", provider: "unknown", urlPattern: /^redis(s)?:\/\// },
+    // Generic SQLite
+    { keys: ["DATABASE_URL"], engine: "sqlite", provider: "local", urlPattern: /^file:|\.sqlite|\.db$/ },
+    // Generic SQL Server
+    { keys: ["DATABASE_URL", "MSSQL_CONNECTION_STRING"],
+        engine: "sqlserver", provider: "unknown", urlPattern: /^mssql:\/\/|Server=/ },
+];
+const DEP_SIGNALS = [
+    // ORMs (high confidence — they define the DB)
+    { packages: ["@prisma/client", "prisma"], engine: "postgresql", orm: "prisma", confidence: 90 },
+    { packages: ["drizzle-orm"], engine: "postgresql", orm: "drizzle", confidence: 85 },
+    { packages: ["typeorm"], engine: "postgresql", orm: "typeorm", confidence: 80 },
+    { packages: ["knex"], engine: "postgresql", orm: "knex", confidence: 75 },
+    { packages: ["sequelize"], engine: "postgresql", orm: "sequelize", confidence: 75 },
+    { packages: ["mongoose", "mongodb"], engine: "mongodb", orm: "mongoose", confidence: 90 },
+    { packages: ["@libsql/client", "better-sqlite3"], engine: "sqlite", orm: undefined, confidence: 85 },
+    // Direct drivers
+    { packages: ["pg", "@neondatabase/serverless"], engine: "postgresql", confidence: 95 },
+    { packages: ["mysql2", "mysql"], engine: "mysql", confidence: 95 },
+    { packages: ["redis", "ioredis", "@upstash/redis"], engine: "redis", confidence: 90 },
+    { packages: ["tedious", "mssql"], engine: "sqlserver", confidence: 90 },
+    // Managed DB SDKs
+    { packages: ["@supabase/supabase-js"], engine: "postgresql", confidence: 85 },
+    { packages: ["@planetscale/database"], engine: "mysql", confidence: 90 },
+    { packages: ["@vercel/postgres"], engine: "postgresql", confidence: 90 },
+    { packages: ["@neondatabase/serverless"], engine: "postgresql", confidence: 90 },
+    { packages: ["@libsql/client"], engine: "turso", confidence: 90 },
+    { packages: ["firebase", "firebase-admin"], engine: "firebase", confidence: 80 },
+    { packages: ["faunadb", "fauna"], engine: "fauna", confidence: 90 },
+    { packages: ["@xata.io/client"], engine: "xata", confidence: 90 },
+    { packages: ["convex"], engine: "convex", confidence: 85 },
+    { packages: ["@aws-sdk/client-dynamodb"], engine: "dynamodb", confidence: 90 },
+];
+const CONFIG_SIGNALS = [
+    {
+        files: ["prisma/schema.prisma", "schema.prisma"],
+        engine: "postgresql", orm: "prisma",
+        parseProvider: (content) => {
+            if (content.includes("supabase"))
+                return "supabase";
+            if (content.includes("neon.tech"))
+                return "neon";
+            if (content.includes("planetscale"))
+                return "planetscale";
+            if (content.includes("cockroach"))
+                return "cockroach-cloud";
+            if (/provider\s*=\s*"mysql"/i.test(content))
+                return "unknown"; // engine override
+            if (/provider\s*=\s*"sqlite"/i.test(content))
+                return "local";
+            return "unknown";
+        },
+    },
+    {
+        files: ["drizzle.config.ts", "drizzle.config.js", "drizzle.config.mjs"],
+        engine: "postgresql", orm: "drizzle",
+    },
+    {
+        files: ["knexfile.js", "knexfile.ts"],
+        engine: "postgresql", orm: "knex",
+    },
+    {
+        files: ["ormconfig.json", "ormconfig.ts", "ormconfig.js"],
+        engine: "postgresql", orm: "typeorm",
+    },
+    {
+        files: [".sequelizerc", "config/database.js", "config/database.json"],
+        engine: "postgresql", orm: "sequelize",
+    },
+    {
+        files: ["firebase.json", ".firebaserc"],
+        engine: "firebase",
+    },
+    {
+        files: ["convex/_generated", "convex/schema.ts"],
+        engine: "convex",
+    },
+    {
+        files: ["wrangler.toml"], // D1
+        engine: "d1",
+        parseProvider: (content) => content.includes("d1_databases") ? "cloudflare-d1" : null,
+    },
+];
+// ── Engine scan capabilities ──
+const SCAN_SUPPORT = {
+    postgresql: { scannable: true, method: "direct_sql" },
+    mysql: { scannable: true, method: "direct_sql" },
+    cockroachdb: { scannable: true, method: "direct_sql" },
+    sqlserver: { scannable: false, method: "not_yet_supported" },
+    mongodb: { scannable: false, method: "not_yet_supported" },
+    redis: { scannable: false, method: "not_applicable" },
+    sqlite: { scannable: false, method: "not_yet_supported" },
+    turso: { scannable: false, method: "not_yet_supported" },
+    dynamodb: { scannable: false, method: "not_applicable" },
+    firebase: { scannable: false, method: "not_applicable" },
+    fauna: { scannable: false, method: "not_applicable" },
+    xata: { scannable: false, method: "not_yet_supported" },
+    convex: { scannable: false, method: "not_applicable" },
+    d1: { scannable: false, method: "not_yet_supported" },
+    unknown: { scannable: false, method: "unknown" },
+};
+// ── Mask connection string ──
+function maskValue(val) {
+    if (val.includes("://")) {
+        try {
+            const u = new URL(val);
+            return `${u.protocol}//${u.username ? u.username.slice(0, 4) + "***" : "***"}@${u.hostname}:${u.port || "???"}${u.pathname}`;
+        }
+        catch { /* fallback */ }
+    }
+    if (val.length > 20)
+        return val.slice(0, 8) + "..." + val.slice(-4);
+    return val.slice(0, 4) + "***";
+}
+// ── Main detection ──
+function detectDatabases(projectDir) {
+    const databases = [];
+    const envFilesScanned = [];
+    const configFilesFound = [];
+    let ormDetected = null;
+    let frameworkDetected = null;
+    const seen = new Set(); // dedup by connection_key + engine
+    // ── Phase 1: Scan .env files ──
+    const envFiles = [
+        ".env", ".env.local", ".env.development", ".env.development.local",
+        ".env.production", ".env.production.local", ".env.staging",
+    ];
+    const envVars = new Map();
+    for (const envFile of envFiles) {
+        const filePath = (0, path_1.resolve)(projectDir, envFile);
+        if (!(0, fs_1.existsSync)(filePath))
+            continue;
+        envFilesScanned.push(envFile);
+        try {
+            const content = (0, fs_1.readFileSync)(filePath, "utf-8");
+            for (const line of content.split("\n")) {
+                const trimmed = line.trim();
+                if (!trimmed || trimmed.startsWith("#"))
+                    continue;
+                const eqIdx = trimmed.indexOf("=");
+                if (eqIdx < 1)
+                    continue;
+                const key = trimmed.slice(0, eqIdx).trim();
+                let val = trimmed.slice(eqIdx + 1).trim();
+                if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+                    val = val.slice(1, -1);
+                }
+                if (val)
+                    envVars.set(key, { val, source: envFile });
+            }
+        }
+        catch { /* skip */ }
+    }
+    // Match env vars to patterns
+    for (const pattern of ENV_PATTERNS) {
+        for (const key of pattern.keys) {
+            const entry = envVars.get(key);
+            if (!entry)
+                continue;
+            // Check URL pattern if specified
+            if (pattern.urlPattern && !pattern.urlPattern.test(entry.val))
+                continue;
+            const dedup = `${key}:${pattern.engine}:${pattern.provider}`;
+            if (seen.has(dedup))
+                continue;
+            seen.add(dedup);
+            const support = SCAN_SUPPORT[pattern.engine];
+            databases.push({
+                engine: pattern.engine,
+                provider: pattern.provider,
+                source: entry.source,
+                connection_key: key,
+                connection_value: maskValue(entry.val),
+                raw_value: entry.val,
+                scannable: support.scannable,
+                scan_method: support.method,
+                confidence: 95,
+                details: `Found ${key} in ${entry.source} → ${pattern.engine} (${pattern.provider})`,
+            });
+        }
+    }
+    // ── Phase 2: Scan package.json ──
+    const pkgPath = (0, path_1.resolve)(projectDir, "package.json");
+    if ((0, fs_1.existsSync)(pkgPath)) {
+        try {
+            const pkg = JSON.parse((0, fs_1.readFileSync)(pkgPath, "utf-8"));
+            const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+            // Framework detection
+            if (allDeps.next)
+                frameworkDetected = "nextjs";
+            else if (allDeps.nuxt)
+                frameworkDetected = "nuxt";
+            else if (allDeps.express)
+                frameworkDetected = "express";
+            else if (allDeps.fastify)
+                frameworkDetected = "fastify";
+            else if (allDeps["@sveltejs/kit"])
+                frameworkDetected = "sveltekit";
+            else if (allDeps["@angular/core"])
+                frameworkDetected = "angular";
+            for (const signal of DEP_SIGNALS) {
+                const found = signal.packages.find(p => allDeps[p]);
+                if (!found)
+                    continue;
+                if (signal.orm && !ormDetected)
+                    ormDetected = signal.orm;
+                const dedup = `dep:${found}:${signal.engine}`;
+                if (seen.has(dedup))
+                    continue;
+                seen.add(dedup);
+                const support = SCAN_SUPPORT[signal.engine];
+                databases.push({
+                    engine: signal.engine,
+                    provider: "unknown",
+                    source: "package.json",
+                    connection_key: found,
+                    connection_value: allDeps[found],
+                    raw_value: "",
+                    scannable: support.scannable,
+                    scan_method: support.method,
+                    confidence: signal.confidence,
+                    details: `Dependency "${found}" detected → ${signal.engine}${signal.orm ? ` (ORM: ${signal.orm})` : ""}`,
+                });
+            }
+        }
+        catch { /* skip */ }
+    }
+    // Also check apps/*/package.json for monorepos
+    for (const subDir of ["apps/web", "apps/api", "apps/server", "packages/db", "packages/database"]) {
+        const subPkg = (0, path_1.resolve)(projectDir, subDir, "package.json");
+        if (!(0, fs_1.existsSync)(subPkg))
+            continue;
+        try {
+            const pkg = JSON.parse((0, fs_1.readFileSync)(subPkg, "utf-8"));
+            const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+            for (const signal of DEP_SIGNALS) {
+                const found = signal.packages.find(p => allDeps[p]);
+                if (!found)
+                    continue;
+                const dedup = `dep:${subDir}:${found}:${signal.engine}`;
+                if (seen.has(dedup))
+                    continue;
+                seen.add(dedup);
+                if (signal.orm && !ormDetected)
+                    ormDetected = signal.orm;
+                const support = SCAN_SUPPORT[signal.engine];
+                databases.push({
+                    engine: signal.engine, provider: "unknown",
+                    source: `${subDir}/package.json`,
+                    connection_key: found, connection_value: allDeps[found], raw_value: "",
+                    scannable: support.scannable, scan_method: support.method,
+                    confidence: signal.confidence,
+                    details: `Dependency "${found}" in ${subDir} → ${signal.engine}`,
+                });
+            }
+        }
+        catch { /* skip */ }
+    }
+    // ── Phase 3: Scan config files ──
+    for (const signal of CONFIG_SIGNALS) {
+        for (const file of signal.files) {
+            const filePath = (0, path_1.resolve)(projectDir, file);
+            if (!(0, fs_1.existsSync)(filePath))
+                continue;
+            configFilesFound.push(file);
+            const dedup = `config:${file}:${signal.engine}`;
+            if (seen.has(dedup))
+                continue;
+            seen.add(dedup);
+            let provider = "unknown";
+            try {
+                const content = (0, fs_1.readFileSync)(filePath, "utf-8");
+                if (signal.parseProvider) {
+                    provider = signal.parseProvider(content) || "unknown";
+                }
+            }
+            catch { /* skip */ }
+            if (signal.orm && !ormDetected)
+                ormDetected = signal.orm;
+            const support = SCAN_SUPPORT[signal.engine];
+            databases.push({
+                engine: signal.engine, provider,
+                source: file, connection_key: file, connection_value: "", raw_value: "",
+                scannable: support.scannable, scan_method: support.method,
+                confidence: 80,
+                details: `Config file "${file}" detected → ${signal.engine}${signal.orm ? ` (ORM: ${signal.orm})` : ""}`,
+            });
+        }
+    }
+    // ── Deduplicate: prefer env vars over deps, higher confidence wins ──
+    const unique = new Map();
+    for (const db of databases) {
+        const key = `${db.engine}:${db.provider !== "unknown" ? db.provider : db.connection_key}`;
+        const existing = unique.get(key);
+        if (!existing || db.confidence > existing.confidence || (db.raw_value && !existing.raw_value)) {
+            unique.set(key, db);
+        }
+    }
+    return {
+        databases: [...unique.values()].sort((a, b) => b.confidence - a.confidence),
+        orm_detected: ormDetected,
+        framework_detected: frameworkDetected,
+        env_files_scanned: envFilesScanned,
+        config_files_found: configFilesFound,
+        total_signals: databases.length,
+    };
+}
+// ── Pretty print detection results ──
+function printDetectionResults(result) {
+    console.log("");
+    console.log("  ╔══════════════════════════════════════════╗");
+    console.log("  ║  \x1b[33mDatabase Detection Results\x1b[0m              ║");
+    console.log("  ╚══════════════════════════════════════════╝");
+    console.log("");
+    if (result.framework_detected) {
+        console.log(`  Framework:  \x1b[36m${result.framework_detected}\x1b[0m`);
+    }
+    if (result.orm_detected) {
+        console.log(`  ORM:        \x1b[36m${result.orm_detected}\x1b[0m`);
+    }
+    console.log(`  Scanned:    ${result.env_files_scanned.length} env files, ${result.config_files_found.length} config files`);
+    console.log(`  Signals:    ${result.total_signals} total`);
+    console.log("");
+    if (result.databases.length === 0) {
+        console.log("  \x1b[33mNo databases detected.\x1b[0m");
+        console.log("  Add DATABASE_URL to .env.local or install a database driver.\n");
+        return;
+    }
+    console.log(`  Found \x1b[1m${result.databases.length}\x1b[0m database(s):\n`);
+    for (let i = 0; i < result.databases.length; i++) {
+        const db = result.databases[i];
+        const num = `  ${i + 1}.`;
+        const engineColor = db.scannable ? "\x1b[32m" : "\x1b[33m";
+        const scanLabel = db.scannable ? "\x1b[32m✓ scannable\x1b[0m" : `\x1b[33m○ ${db.scan_method}\x1b[0m`;
+        console.log(`${num} ${engineColor}${db.engine.toUpperCase()}\x1b[0m — ${db.provider} ${scanLabel}`);
+        console.log(`     Source:     ${db.source}`);
+        if (db.connection_value) {
+            console.log(`     Connection: ${db.connection_value}`);
+        }
+        console.log(`     Confidence: ${db.confidence}%`);
+        console.log(`     ${db.details}`);
+        console.log("");
+    }
+    const scannable = result.databases.filter(d => d.scannable);
+    if (scannable.length > 0) {
+        console.log(`  \x1b[32m${scannable.length} database(s) can be scanned for encryption.\x1b[0m`);
+    }
+    const notScannable = result.databases.filter(d => !d.scannable);
+    if (notScannable.length > 0) {
+        console.log(`  \x1b[33m${notScannable.length} database(s) not yet supported for scanning.\x1b[0m`);
+    }
+    console.log("");
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nodatachat/guard",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "NoData Guard — continuous security scanner. Runs locally, reports only metadata. Your data never leaves your machine.",
   "main": "./dist/cli.js",
   "types": "./dist/cli.d.ts",