@oculum/cli 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Felix Westin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,425 @@
+# Oculum CLI
+
+AI-native security scanner for detecting vulnerabilities in AI-generated code, BYOK patterns, and modern web applications.
+
+[![npm version](https://img.shields.io/npm/v/@oculum/cli.svg)](https://www.npmjs.com/package/@oculum/cli)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Features
+
+- 🤖 **AI-Native Security**: Specialized detection for AI-era risks (BYOK patterns, agent tools, AI-generated code)
+- ⚡ **Multiple Scan Depths**: Choose between cheap (fast), validated (AI-verified), or deep (comprehensive) scans
+- 🎯 **Low False Positives**: AI validation reduces noise by ~70%
+- 📊 **Multiple Output Formats**: Terminal, JSON, SARIF, or Markdown
+- 🔄 **Incremental Scanning**: Scan only changed files for faster CI/CD
+- 🎨 **Interactive TUI**: Beautiful terminal UI for exploring findings
+- 🔐 **Secure Authentication**: Device flow authentication with GitHub
+
+## Installation
+
+```bash
+npm install -g @oculum/cli
+```
+
+Or use with npx (no installation required):
+
+```bash
+npx @oculum/cli scan .
+```
+
+## Quick Start
+
+### 1. Authenticate
+
+```bash
+oculum login
+```
+
+This will open a browser window for GitHub authentication. Follow the prompts to complete the login.
+
+### 2. Run Your First Scan
+
+```bash
+# Quick scan (fast, local-only)
+oculum scan .
+
+# Validated scan (AI-verified, recommended)
+oculum scan . --mode validated
+
+# Deep scan (comprehensive analysis)
+oculum scan . --mode deep
+```
+
+### 3. Explore Results Interactively
+
+```bash
+oculum ui
+```
+
+## Commands
+
+### `oculum scan [path]`
+
+Scan a directory or file for security vulnerabilities.
+
+**Options:**
+
+- `-d, --depth <mode>` - Scan depth: `cheap`, `validated`, or `deep` (default: `cheap`)
+- `-f, --format <format>` - Output format: `terminal`, `json`, `sarif`, or `markdown` (default: `terminal`)
+- `-o, --output <file>` - Write output to file instead of stdout
+- `--incremental` - Only scan files changed since last commit (git required)
+- `--config <path>` - Path to config file (default: `oculum.config.json`)
+
+**Examples:**
+
+```bash
+# Scan current directory with validated mode
+oculum scan . --mode validated
+
+# Scan specific file with JSON output
+oculum scan src/api/auth.ts --format json
+
+# Incremental scan for CI/CD
+oculum scan . --incremental --mode validated
+
+# Save results to file
+oculum scan . --output results.sarif --format sarif
+```
+
+### `oculum ui`
+
+Launch interactive terminal UI for scanning and exploring results.
+
+**Features:**
+- Visual file tree navigation
+- Real-time scan progress
+- Interactive findings explorer
+- Severity filtering
+- Code snippet preview
+
+### `oculum login`
+
+Authenticate with Oculum API using GitHub device flow.
+
+**Process:**
+1. CLI displays a URL and code
+2. Open URL in browser
+3. Enter code and authorize with GitHub
+4. CLI automatically completes authentication
+
+### `oculum status`
+
+Check authentication status and current tier.
+
+**Output:**
+- Logged in status
+- Email address
+- Current tier (free/pro)
+- API key status
+
+### `oculum logout`
+
+Remove stored credentials and log out.
+
+## Scan Depth Modes
+
+### Cheap (Free)
+
+- **Speed**: Very fast (~5-10s for 100 files)
+- **Cost**: Free, runs locally
+- **Detection**: Pattern-based detection (Layer 1 + Layer 2)
+- **Use Case**: Quick checks, pre-commit hooks, local development
+
+### Validated (Pro)
+
+- **Speed**: Moderate (~30-60s for 100 files)
+- **Cost**: Paid, requires API key
+- **Detection**: Pattern + AI validation (reduces false positives by ~70%)
+- **Use Case**: PR checks, CI/CD pipelines, production code
+
+### Deep (Pro)
+
+- **Speed**: Slower (~2-5min for 100 files)
+- **Cost**: Higher cost, requires API key
+- **Detection**: Full semantic analysis with project context
+- **Use Case**: Security audits, critical code paths, compliance
+
+## Configuration File
+
+Create `oculum.config.json` in your project root:
+
+```json
+{
+  "depth": "validated",
+  "format": "terminal",
+  "ignore": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/*.test.ts"
+  ],
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.js"
+  ]
+}
+```
+
+**Options:**
+
+- `depth` - Default scan depth (`cheap`, `validated`, `deep`)
+- `format` - Default output format (`terminal`, `json`, `sarif`, `markdown`)
+- `ignore` - Glob patterns to exclude from scanning
+- `include` - Glob patterns to include in scanning (overrides ignore)
+
+## Output Formats
+
+### Terminal (Default)
+
+Human-readable output with colors and formatting:
+
+```
+════════════════════════════════════════════════════════════
+  OCULUM SECURITY SCAN RESULTS
+════════════════════════════════════════════════════════════
+
+🔴 2 critical issues found
+
+🔑 Secrets & Credentials (1 critical)
+────────────────────────────────────────────────────────────
+  🔴 CRITICAL Hardcoded API key detected
+     src/config.ts:12
+     API key appears to be hardcoded in source code.
+     💡 Move to environment variables: process.env.API_KEY
+```
+
+### JSON
+
+Machine-readable JSON for programmatic processing:
+
+```json
+{
+  "summary": {
+    "totalIssues": 2,
+    "critical": 2,
+    "high": 0,
+    "medium": 0,
+    "low": 0
+  },
+  "findings": [...]
+}
+```
+
+### SARIF
+
+GitHub Security tab compatible format:
+
+```bash
+oculum scan . --format sarif --output results.sarif
+```
+
+Upload to GitHub:
+```yaml
+- uses: github/codeql-action/upload-sarif@v2
+  with:
+    sarif_file: results.sarif
+```
+
+### Markdown
+
+Documentation-friendly format:
+
+```bash
+oculum scan . --format markdown --output SECURITY.md
+```
+
+## What Oculum Detects
+
+### AI-Era Risks
+
+- **BYOK Patterns**: Bring-your-own-key usage, storage, and logging
+- **Agent Tools**: Over-permissive tool definitions, unsafe tool execution
+- **AI-Generated Code**: Common patterns from AI coding assistants
+- **Prompt Injection**: User input in AI prompts without sanitization
+
+### Traditional Security
+
+- **Secrets**: Hardcoded API keys, tokens, credentials
+- **Injection**: SQL injection, command injection, XSS
+- **Authentication**: Missing auth checks, weak session handling
+- **Data Exposure**: Sensitive data in logs, error messages, responses
+- **Dangerous Functions**: `eval`, `exec`, unsafe deserialization
+
+### Configuration Issues
+
+- **Docker**: Running as root, hardcoded secrets in Dockerfiles
+- **CORS**: Permissive origins, credential exposure
+- **Environment**: Committed `.env` files, hardcoded configs
+
+## CI/CD Integration
+
+### GitHub Actions
+
+```yaml
+name: Security Scan
+on: [pull_request]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      
+      - name: Install Oculum
+        run: npm install -g @oculum/cli
+      
+      - name: Authenticate
+        run: echo "${{ secrets.OCULUM_API_KEY }}" | oculum login --stdin
+      
+      - name: Scan
+        run: oculum scan . --mode validated --format sarif --output results.sarif
+      
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif
+```
+
+### GitLab CI
+
+```yaml
+security_scan:
+  stage: test
+  script:
+    - npm install -g @oculum/cli
+    - echo "$OCULUM_API_KEY" | oculum login --stdin
+    - oculum scan . --mode validated --format json --output results.json
+  artifacts:
+    reports:
+      codequality: results.json
+```
+
+## Troubleshooting
+
+### Authentication Issues
+
+**Problem**: `Login failed: APIError`
+
+**Solution**:
+1. Check your internet connection
+2. Verify API endpoint is accessible: `curl https://oculum-api.vercel.app/api/v1/auth/device`
+3. Try logging out and back in: `oculum logout && oculum login`
+
+### Scan Failures
+
+**Problem**: `Scan failed: quota exceeded`
+
+**Solution**:
+- Check your usage: `oculum status`
+- Upgrade to Pro tier for higher limits
+- Use `--mode cheap` for unlimited local scans
+
+**Problem**: Too many files being scanned
+
+**Solution**:
+- Add ignore patterns to `oculum.config.json`
+- Use `.gitignore` patterns (automatically respected)
+- Scan specific directories: `oculum scan src/`
+
+### Performance Issues
+
+**Problem**: Scans are slow
+
+**Solution**:
+- Use `--mode cheap` for faster local scans
+- Enable incremental scanning: `--incremental`
+- Reduce scope with ignore patterns
+- Scan only changed files in CI/CD
+
+## API Key Management
+
+### Getting an API Key
+
+1. Sign up at https://oculum-api.vercel.app
+2. Navigate to Dashboard → API Keys
+3. Click "Create New Key"
+4. Copy the key (shown only once)
+5. Use with CLI: `oculum login --api-key YOUR_KEY`
+
+### Storing API Keys Securely
+
+**Local Development:**
+```bash
+# Store in config (recommended)
+oculum login
+
+# Or use environment variable
+export OCULUM_API_KEY="your-key-here"
+```
+
+**CI/CD:**
+- Store as encrypted secret in your CI/CD platform
+- Never commit API keys to version control
+- Rotate keys regularly
+
+## Pricing
+
+### Free Tier
+- ✅ Unlimited cheap (local) scans
+- ✅ Basic CLI access
+- ✅ All output formats
+- ❌ No validated/deep scans
+
+### Pro Tier
+- ✅ Everything in Free
+- ✅ Validated scans (AI-verified)
+- ✅ Deep scans (semantic analysis)
+- ✅ API access
+- ✅ Priority support
+
+[View detailed pricing →](https://oculum-api.vercel.app/pricing)
+
+## Examples
+
+### Pre-commit Hook
+
+```bash
+#!/bin/bash
+# .git/hooks/pre-commit
+
+oculum scan . --mode cheap --format terminal
+if [ $? -ne 0 ]; then
+  echo "Security issues found. Commit blocked."
+  exit 1
+fi
+```
+
+### Watch Mode (Development)
+
+```bash
+# Scan on file changes
+oculum watch src/ --mode cheap
+```
+
+### Scan Specific File Types
+
+```bash
+# Only TypeScript files
+oculum scan . --include "**/*.ts" --include "**/*.tsx"
+
+# Exclude tests
+oculum scan . --ignore "**/*.test.ts" --ignore "**/*.spec.ts"
+```
+
+## Support
+
+- 📧 Email: felix.lwestin@gmail.com
+- 🐛 Issues: [GitHub Issues](https://github.com/flexipie/oculum/issues)
+- 📚 Docs: [Documentation](https://oculum-api.vercel.app/docs)
+
+## License
+
+MIT © Felix Westin
+
+---
+
+**Made with ❤️ for developers building with AI**

package/dist/commands/auth.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Auth Commands
+ * Handle login, logout, and status
+ */
+import { Command } from 'commander';
+/**
+ * Auth command group
+ */
+export declare const authCommand: Command;
+export declare const loginCommand: Command;
+//# sourceMappingURL=auth.d.ts.map

package/dist/commands/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/commands/auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAiJnC;;GAEG;AACH,eAAO,MAAM,WAAW,SACe,CAAA;AA+BvC,eAAO,MAAM,YAAY,SAGT,CAAA"}

package/dist/commands/auth.js

@@ -0,0 +1,156 @@
+"use strict";
+/**
+ * Auth Commands
+ * Handle login, logout, and status
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginCommand = exports.authCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const config_js_1 = require("../utils/config.js");
+const api_js_1 = require("../utils/api.js");
+/**
+ * Login command
+ */
+async function login(options) {
+    const spinner = (0, ora_1.default)();
+    // If API key provided directly, verify and store it
+    if (options.apiKey) {
+        spinner.start('Verifying API key...');
+        const result = await (0, api_js_1.verifyApiKey)(options.apiKey);
+        if (!result.valid) {
+            spinner.fail('Invalid API key');
+            process.exit(1);
+        }
+        (0, config_js_1.setAuthCredentials)(options.apiKey, result.email, result.tier);
+        spinner.succeed('Logged in successfully!');
+        console.log(chalk_1.default.dim(`  Email: ${result.email}`));
+        console.log(chalk_1.default.dim(`  Tier: ${result.tier}`));
+        return;
+    }
+    // Otherwise, use device flow
+    try {
+        spinner.start('Initiating login...');
+        const { authUrl, deviceCode } = await (0, api_js_1.initiateLogin)();
+        spinner.stop();
+        console.log('\nTo complete login:');
+        console.log(chalk_1.default.cyan(`\n  1. Open this URL in your browser:\n     ${authUrl}`));
+        console.log(chalk_1.default.dim(`\n  2. Enter the code: ${chalk_1.default.bold(deviceCode)}`));
+        console.log(chalk_1.default.dim('\n  Waiting for authorization...'));
+        // Poll for completion
+        spinner.start('Waiting for browser authorization...');
+        const maxAttempts = 60; // 5 minutes with 5s interval
+        for (let i = 0; i < maxAttempts; i++) {
+            await new Promise(resolve => setTimeout(resolve, 5000));
+            const result = await (0, api_js_1.pollForLogin)(deviceCode);
+            if (result.complete) {
+                (0, config_js_1.setAuthCredentials)(result.apiKey, result.email, result.tier);
+                spinner.succeed('Logged in successfully!');
+                console.log(chalk_1.default.dim(`  Email: ${result.email}`));
+                console.log(chalk_1.default.dim(`  Tier: ${result.tier}`));
+                return;
+            }
+        }
+        spinner.fail('Login timed out. Please try again.');
+        process.exit(1);
+    }
+    catch (err) {
+        spinner.fail(`Login failed: ${err}`);
+        process.exit(1);
+    }
+}
+/**
+ * Logout command
+ */
+function logout() {
+    if (!(0, config_js_1.isAuthenticated)()) {
+        console.log(chalk_1.default.yellow('Not logged in.'));
+        return;
+    }
+    (0, config_js_1.clearAuth)();
+    console.log(chalk_1.default.green('Logged out successfully.'));
+}
+/**
+ * Status command
+ */
+async function status() {
+    const config = (0, config_js_1.getConfig)();
+    console.log('\n' + chalk_1.default.bold('Oculum CLI Status'));
+    console.log(chalk_1.default.dim('─'.repeat(40)));
+    if (!(0, config_js_1.isAuthenticated)()) {
+        console.log(chalk_1.default.yellow('\nNot logged in.'));
+        console.log(chalk_1.default.dim('\nRun `oculum login` to authenticate.'));
+        console.log(chalk_1.default.dim('Free tier allows cheap (local) scans only.'));
+        console.log(chalk_1.default.dim('Paid tiers unlock AI-powered validated and deep scans.\n'));
+        return;
+    }
+    // Verify the stored key is still valid
+    const spinner = (0, ora_1.default)('Verifying credentials...').start();
+    const result = await (0, api_js_1.verifyApiKey)(config.apiKey);
+    if (!result.valid) {
+        spinner.fail('Stored credentials are invalid or expired.');
+        console.log(chalk_1.default.dim('Run `oculum login` to re-authenticate.'));
+        return;
+    }
+    spinner.succeed('Authenticated');
+    console.log(chalk_1.default.dim(`  Email: ${result.email || config.email}`));
+    console.log(chalk_1.default.dim(`  Tier: ${result.tier || config.tier}`));
+    // Show tier capabilities
+    console.log('\n' + chalk_1.default.bold('Available Scan Depths:'));
+    const tier = result.tier || config.tier || 'free';
+    console.log(chalk_1.default.green('  cheap    - Fast pattern matching (always available)'));
+    if (tier === 'pro' || tier === 'enterprise') {
+        console.log(chalk_1.default.green('  validated - AI-powered validation'));
+        console.log(chalk_1.default.green('  deep      - Full AI semantic analysis'));
+    }
+    else {
+        console.log(chalk_1.default.dim('  validated - AI-powered validation (requires Pro)'));
+        console.log(chalk_1.default.dim('  deep      - Full AI semantic analysis (requires Pro)'));
+    }
+    console.log('');
+}
+/**
+ * Upgrade command (opens billing portal)
+ */
+function upgrade() {
+    console.log(chalk_1.default.cyan('\nTo upgrade your subscription, visit:'));
+    console.log(chalk_1.default.bold('  https://oculum.dev/billing\n'));
+}
+/**
+ * Auth command group
+ */
+exports.authCommand = new commander_1.Command('auth')
+    .description('Manage authentication');
+// Login subcommand
+exports.authCommand
+    .command('login')
+    .description('Log in to Oculum')
+    .option('-k, --api-key <key>', 'API key (skip browser auth)')
+    .action(login);
+// Logout subcommand
+exports.authCommand
+    .command('logout')
+    .description('Log out from Oculum')
+    .action(logout);
+// Status subcommand
+exports.authCommand
+    .command('status')
+    .description('Show current authentication status')
+    .action(status);
+// Upgrade subcommand
+exports.authCommand
+    .command('upgrade')
+    .description('Upgrade your subscription')
+    .action(upgrade);
+// Default: show status
+exports.authCommand.action(status);
+// Also export standalone login command for convenience
+exports.loginCommand = new commander_1.Command('login')
+    .description('Log in to Oculum')
+    .option('-k, --api-key <key>', 'API key (skip browser auth)')
+    .action(login);
+//# sourceMappingURL=auth.js.map

package/dist/commands/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/commands/auth.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAEH,yCAAmC;AACnC,kDAAyB;AACzB,8CAAqB;AACrB,kDAK2B;AAC3B,4CAIwB;AAExB;;GAEG;AACH,KAAK,UAAU,KAAK,CAAC,OAA4B;IAC/C,MAAM,OAAO,GAAG,IAAA,aAAG,GAAE,CAAA;IAErB,oDAAoD;IACpD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAA;QACrC,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAY,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAEjD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,IAAA,8BAAkB,EAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;QAC7D,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QAClD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACpC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,sBAAa,GAAE,CAAA;QAErD,OAAO,CAAC,IAAI,EAAE,CAAA;QACd,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAA;QACnC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,+CAA+C,OAAO,EAAE,CAAC,CAAC,CAAA;QACjF,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,0BAA0B,eAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;QAC1E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC,CAAA;QAE1D,sBAAsB;QACtB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAA;QAErD,MAAM,WAAW,GAAG,EAAE,CAAA,CAAC,6BAA6B;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;YAEvD,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAY,EAAC,UAAU,CAAC,CAAA;YAC7C,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,IAAA,8BAAkB,EAAC,MAAM,CAAC,MAAO,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;gBAC7D,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;gBAC1C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;gBAClD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;gBAChD,OAAM;YACR,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAA;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAA;QACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,MAAM;IACb,IAAI,CAAC,IAAA,2BAAe,GAAE,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;QAC3C,OAAM;IACR,CAAC;IAED,IAAA,qBAAS,GAAE,CAAA;IACX,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,MAAM;IACnB,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAA;IAE1B,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,eAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAA;IACnD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAEtC,IAAI,CAAC,IAAA,2BAAe,GAAE,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAA;QAC7C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAA;QAC/D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC,CAAA;QACpE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC,CAAA;QAClF,OAAM;IACR,CAAC;IAED,uCAAuC;IACvC,MAAM,OAAO,GAAG,IAAA,aAAG,EAAC,0BAA0B,CAAC,CAAC,KAAK,EAAE,CAAA;IACvD,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAY,EAAC,MAAM,CAAC,MAAO,CAAC,CAAA;IAEjD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAA;QAC1D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC,CAAA;QAChE,OAAM;IACR,CAAC;IAED,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAEhC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IAClE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;IAE/D,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,eAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAA;IAExD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAA;IAEjD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC,CAAA;IAEjF,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC,CAAA;QAC/D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC,CAAA;IACrE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC,CAAA;QAC5E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC,CAAA;IAClF,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,OAAO;IACd,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED;;GAEG;AACU,QAAA,WAAW,GAAG,IAAI,mBAAO,CAAC,MAAM,CAAC;KAC3C,WAAW,CAAC,uBAAuB,CAAC,CAAA;AAEvC,mBAAmB;AACnB,mBAAW;KACR,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,kBAAkB,CAAC;KAC/B,MAAM,CAAC,qBAAqB,EAAE,6BAA6B,CAAC;KAC5D,MAAM,CAAC,KAAK,CAAC,CAAA;AAEhB,oBAAoB;AACpB,mBAAW;KACR,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,qBAAqB,CAAC;KAClC,MAAM,CAAC,MAAM,CAAC,CAAA;AAEjB,oBAAoB;AACpB,mBAAW;KACR,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,MAAM,CAAC,MAAM,CAAC,CAAA;AAEjB,qBAAqB;AACrB,mBAAW;KACR,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,2BAA2B,CAAC;KACxC,MAAM,CAAC,OAAO,CAAC,CAAA;AAElB,uBAAuB;AACvB,mBAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;AAE1B,uDAAuD;AAC1C,QAAA,YAAY,GAAG,IAAI,mBAAO,CAAC,OAAO,CAAC;KAC7C,WAAW,CAAC,kBAAkB,CAAC;KAC/B,MAAM,CAAC,qBAAqB,EAAE,6BAA6B,CAAC;KAC5D,MAAM,CAAC,KAAK,CAAC,CAAA"}

package/dist/commands/scan.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Scan Command
+ * Main scanning functionality for the CLI
+ */
+import { Command } from 'commander';
+export interface ScanOptions {
+    depth: 'cheap' | 'validated' | 'deep';
+    format: 'terminal' | 'json' | 'sarif' | 'markdown';
+    failOn: 'critical' | 'high' | 'medium' | 'low' | 'none';
+    color?: boolean;
+    incremental?: boolean;
+    diff?: string;
+    output?: string;
+}
+/**
+ * Main scan function
+ */
+export declare function runScan(targetPath: string, options: ScanOptions): Promise<void>;
+/**
+ * Scan command definition
+ */
+export declare const scanCommand: Command;
+//# sourceMappingURL=scan.d.ts.map

package/dist/commands/scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAwBnC,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,OAAO,GAAG,WAAW,GAAG,MAAM,CAAA;IACrC,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,CAAA;IAClD,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;IACvD,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAuND;;GAEG;AACH,wBAAsB,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA0GrF;AAED;;GAEG;AACH,eAAO,MAAM,WAAW,SAUN,CAAA"}