npm - @oculum/scanner - Versions diffs - 1.0.10 → 1.0.12 - Mend

@oculum/scanner 1.0.10 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (520) hide show

package/dist/ai-context/index.d.ts +6 -0
package/dist/ai-context/index.d.ts.map +1 -0
package/dist/ai-context/index.js +13 -0
package/dist/ai-context/index.js.map +1 -0
package/dist/ai-context/manager.d.ts +67 -0
package/dist/ai-context/manager.d.ts.map +1 -0
package/dist/ai-context/manager.js +104 -0
package/dist/ai-context/manager.js.map +1 -0
package/dist/baseline/diff.d.ts +32 -0
package/dist/baseline/diff.d.ts.map +1 -0
package/dist/baseline/diff.js +119 -0
package/dist/baseline/diff.js.map +1 -0
package/dist/baseline/index.d.ts +9 -0
package/dist/baseline/index.d.ts.map +1 -0
package/dist/baseline/index.js +19 -0
package/dist/baseline/index.js.map +1 -0
package/dist/baseline/manager.d.ts +67 -0
package/dist/baseline/manager.d.ts.map +1 -0
package/dist/baseline/manager.js +180 -0
package/dist/baseline/manager.js.map +1 -0
package/dist/baseline/types.d.ts +91 -0
package/dist/baseline/types.d.ts.map +1 -0
package/dist/baseline/types.js +12 -0
package/dist/baseline/types.js.map +1 -0
package/dist/category-filter.d.ts +125 -0
package/dist/category-filter.d.ts.map +1 -0
package/dist/category-filter.js +360 -0
package/dist/category-filter.js.map +1 -0
package/dist/filtering/context-adjustments.d.ts +23 -0
package/dist/filtering/context-adjustments.d.ts.map +1 -0
package/dist/filtering/context-adjustments.js +100 -0
package/dist/filtering/context-adjustments.js.map +1 -0
package/dist/filtering/index.d.ts +3 -0
package/dist/filtering/index.d.ts.map +1 -0
package/dist/filtering/index.js +8 -0
package/dist/filtering/index.js.map +1 -0
package/dist/filtering/pipeline.d.ts +48 -0
package/dist/filtering/pipeline.d.ts.map +1 -0
package/dist/filtering/pipeline.js +76 -0
package/dist/filtering/pipeline.js.map +1 -0
package/dist/formatters/ai-context.d.ts +23 -0
package/dist/formatters/ai-context.d.ts.map +1 -0
package/dist/formatters/ai-context.js +238 -0
package/dist/formatters/ai-context.js.map +1 -0
package/dist/formatters/cli-terminal.d.ts +38 -0
package/dist/formatters/cli-terminal.d.ts.map +1 -1
package/dist/formatters/cli-terminal.js +365 -42
package/dist/formatters/cli-terminal.js.map +1 -1
package/dist/formatters/github-comment.d.ts +2 -2
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +77 -13
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/ide/claude-code.d.ts +17 -0
package/dist/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/formatters/ide/claude-code.js +94 -0
package/dist/formatters/ide/claude-code.js.map +1 -0
package/dist/formatters/ide/cursor.d.ts +13 -0
package/dist/formatters/ide/cursor.d.ts.map +1 -0
package/dist/formatters/ide/cursor.js +125 -0
package/dist/formatters/ide/cursor.js.map +1 -0
package/dist/formatters/ide/index.d.ts +62 -0
package/dist/formatters/ide/index.d.ts.map +1 -0
package/dist/formatters/ide/index.js +184 -0
package/dist/formatters/ide/index.js.map +1 -0
package/dist/formatters/ide/windsurf.d.ts +13 -0
package/dist/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/formatters/ide/windsurf.js +117 -0
package/dist/formatters/ide/windsurf.js.map +1 -0
package/dist/formatters/index.d.ts +3 -1
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +20 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +11 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +423 -56
package/dist/index.js.map +1 -1
package/dist/layer1/comments.d.ts +4 -1
package/dist/layer1/comments.d.ts.map +1 -1
package/dist/layer1/comments.js +1 -1
package/dist/layer1/comments.js.map +1 -1
package/dist/layer1/config-audit.d.ts +4 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +65 -14
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +23 -0
package/dist/layer1/config-mcp-audit.d.ts.map +1 -0
package/dist/layer1/config-mcp-audit.js +239 -0
package/dist/layer1/config-mcp-audit.js.map +1 -0
package/dist/layer1/entropy.d.ts +4 -1
package/dist/layer1/entropy.d.ts.map +1 -1
package/dist/layer1/entropy.js +212 -1
package/dist/layer1/entropy.js.map +1 -1
package/dist/layer1/file-flags.d.ts +4 -1
package/dist/layer1/file-flags.d.ts.map +1 -1
package/dist/layer1/file-flags.js +12 -5
package/dist/layer1/file-flags.js.map +1 -1
package/dist/layer1/index.d.ts +1 -0
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +22 -19
package/dist/layer1/index.js.map +1 -1
package/dist/layer1/patterns.d.ts +4 -1
package/dist/layer1/patterns.d.ts.map +1 -1
package/dist/layer1/patterns.js +34 -4
package/dist/layer1/patterns.js.map +1 -1
package/dist/layer1/urls.d.ts +4 -1
package/dist/layer1/urls.d.ts.map +1 -1
package/dist/layer1/urls.js +162 -14
package/dist/layer1/urls.js.map +1 -1
package/dist/layer1/weak-crypto.d.ts +4 -1
package/dist/layer1/weak-crypto.d.ts.map +1 -1
package/dist/layer1/weak-crypto.js +144 -7
package/dist/layer1/weak-crypto.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts +4 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +964 -2
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +18 -4
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts +4 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +688 -29
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts +4 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +28 -32
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +20 -0
package/dist/layer2/ai-mcp-security.d.ts.map +1 -0
package/dist/layer2/ai-mcp-security.js +877 -0
package/dist/layer2/ai-mcp-security.js.map +1 -0
package/dist/layer2/ai-package-hallucination.d.ts +22 -0
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -0
package/dist/layer2/ai-package-hallucination.js +828 -0
package/dist/layer2/ai-package-hallucination.js.map +1 -0
package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +817 -17
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts +4 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +454 -3
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/ai-schema-validation.d.ts +4 -1
package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
package/dist/layer2/ai-schema-validation.js +2 -2
package/dist/layer2/ai-schema-validation.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts +2 -0
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +209 -20
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts +4 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +5 -2
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +16 -0
package/dist/layer2/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/child-process.js +74 -0
package/dist/layer2/dangerous-functions/child-process.js.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.js +230 -0
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -0
package/dist/layer2/dangerous-functions/index.d.ts +16 -0
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/index.js +1152 -0
package/dist/layer2/dangerous-functions/index.js.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts +31 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.js +319 -0
package/dist/layer2/dangerous-functions/json-parse.js.map +1 -0
package/dist/layer2/dangerous-functions/math-random.d.ts +111 -0
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/math-random.js +684 -0
package/dist/layer2/dangerous-functions/math-random.js.map +1 -0
package/dist/layer2/dangerous-functions/patterns.d.ts +21 -0
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/patterns.js +163 -0
package/dist/layer2/dangerous-functions/patterns.js.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts +13 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.js +119 -0
package/dist/layer2/dangerous-functions/request-validation.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js +70 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.js +147 -0
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts +9 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.js +23 -0
package/dist/layer2/dangerous-functions/utils/index.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/layer2/data-exposure.d.ts +4 -1
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +14 -38
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts +4 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +5 -2
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +12 -1
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +110 -45
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/logic-gates.d.ts +4 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +58 -20
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +23 -0
package/dist/layer2/model-supply-chain.d.ts.map +1 -0
package/dist/layer2/model-supply-chain.js +444 -0
package/dist/layer2/model-supply-chain.js.map +1 -0
package/dist/layer2/risky-imports.d.ts +4 -1
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +6 -2
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/variables.d.ts +4 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +6 -2
package/dist/layer2/variables.js.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +24 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.js +199 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -0
package/dist/layer3/anthropic/clients.d.ts +44 -0
package/dist/layer3/anthropic/clients.d.ts.map +1 -0
package/dist/layer3/anthropic/clients.js +81 -0
package/dist/layer3/anthropic/clients.js.map +1 -0
package/dist/layer3/anthropic/index.d.ts +41 -0
package/dist/layer3/anthropic/index.d.ts.map +1 -0
package/dist/layer3/anthropic/index.js +141 -0
package/dist/layer3/anthropic/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +8 -0
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/index.js +14 -0
package/dist/layer3/anthropic/prompts/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +15 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js +169 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +12 -0
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/validation.js +421 -0
package/dist/layer3/anthropic/prompts/validation.js.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts +21 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.js +266 -0
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -0
package/dist/layer3/anthropic/providers/index.d.ts +8 -0
package/dist/layer3/anthropic/providers/index.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/index.js +15 -0
package/dist/layer3/anthropic/providers/index.js.map +1 -0
package/dist/layer3/anthropic/providers/openai.d.ts +18 -0
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/openai.js +340 -0
package/dist/layer3/anthropic/providers/openai.js.map +1 -0
package/dist/layer3/anthropic/request-builder.d.ts +20 -0
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -0
package/dist/layer3/anthropic/request-builder.js +134 -0
package/dist/layer3/anthropic/request-builder.js.map +1 -0
package/dist/layer3/anthropic/types.d.ts +88 -0
package/dist/layer3/anthropic/types.d.ts.map +1 -0
package/dist/layer3/anthropic/types.js +38 -0
package/dist/layer3/anthropic/types.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +9 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/index.js +24 -0
package/dist/layer3/anthropic/utils/index.js.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts +21 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.js +69 -0
package/dist/layer3/anthropic/utils/path-helpers.js.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts +40 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.js +285 -0
package/dist/layer3/anthropic/utils/response-parser.js.map +1 -0
package/dist/layer3/anthropic/utils/retry.d.ts +15 -0
package/dist/layer3/anthropic/utils/retry.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/retry.js +62 -0
package/dist/layer3/anthropic/utils/retry.js.map +1 -0
package/dist/layer3/index.d.ts +1 -0
package/dist/layer3/index.d.ts.map +1 -1
package/dist/layer3/index.js +16 -6
package/dist/layer3/index.js.map +1 -1
package/dist/layer3/osv-check.d.ts +75 -0
package/dist/layer3/osv-check.d.ts.map +1 -0
package/dist/layer3/osv-check.js +308 -0
package/dist/layer3/osv-check.js.map +1 -0
package/dist/modes/incremental.js +1 -1
package/dist/rules/framework-fixes.d.ts +48 -0
package/dist/rules/framework-fixes.d.ts.map +1 -0
package/dist/rules/framework-fixes.js +439 -0
package/dist/rules/framework-fixes.js.map +1 -0
package/dist/rules/index.d.ts +8 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +18 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/metadata.d.ts +43 -0
package/dist/rules/metadata.d.ts.map +1 -0
package/dist/rules/metadata.js +734 -0
package/dist/rules/metadata.js.map +1 -0
package/dist/suppression/config-loader.d.ts +74 -0
package/dist/suppression/config-loader.d.ts.map +1 -0
package/dist/suppression/config-loader.js +424 -0
package/dist/suppression/config-loader.js.map +1 -0
package/dist/suppression/hash.d.ts +48 -0
package/dist/suppression/hash.d.ts.map +1 -0
package/dist/suppression/hash.js +88 -0
package/dist/suppression/hash.js.map +1 -0
package/dist/suppression/index.d.ts +11 -0
package/dist/suppression/index.d.ts.map +1 -0
package/dist/suppression/index.js +39 -0
package/dist/suppression/index.js.map +1 -0
package/dist/suppression/inline-parser.d.ts +39 -0
package/dist/suppression/inline-parser.d.ts.map +1 -0
package/dist/suppression/inline-parser.js +218 -0
package/dist/suppression/inline-parser.js.map +1 -0
package/dist/suppression/manager.d.ts +94 -0
package/dist/suppression/manager.d.ts.map +1 -0
package/dist/suppression/manager.js +292 -0
package/dist/suppression/manager.js.map +1 -0
package/dist/suppression/types.d.ts +151 -0
package/dist/suppression/types.d.ts.map +1 -0
package/dist/suppression/types.js +28 -0
package/dist/suppression/types.js.map +1 -0
package/dist/tiers.d.ts +3 -3
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +34 -7
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +140 -9
package/dist/types.d.ts.map +1 -1
package/dist/types.js +34 -0
package/dist/types.js.map +1 -1
package/dist/utils/code-analysis.d.ts +39 -0
package/dist/utils/code-analysis.d.ts.map +1 -0
package/dist/utils/code-analysis.js +159 -0
package/dist/utils/code-analysis.js.map +1 -0
package/dist/utils/comment-analyzer.d.ts +38 -0
package/dist/utils/comment-analyzer.d.ts.map +1 -0
package/dist/utils/comment-analyzer.js +218 -0
package/dist/utils/comment-analyzer.js.map +1 -0
package/dist/utils/context-helpers.d.ts +112 -1
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +364 -11
package/dist/utils/context-helpers.js.map +1 -1
package/dist/utils/environment-context.d.ts +76 -0
package/dist/utils/environment-context.d.ts.map +1 -0
package/dist/utils/environment-context.js +271 -0
package/dist/utils/environment-context.js.map +1 -0
package/dist/utils/intent-detector.d.ts +66 -0
package/dist/utils/intent-detector.d.ts.map +1 -0
package/dist/utils/intent-detector.js +282 -0
package/dist/utils/intent-detector.js.map +1 -0
package/dist/utils/parsed-file.d.ts +51 -0
package/dist/utils/parsed-file.d.ts.map +1 -0
package/dist/utils/parsed-file.js +95 -0
package/dist/utils/parsed-file.js.map +1 -0
package/dist/utils/route-hierarchy.d.ts +50 -0
package/dist/utils/route-hierarchy.d.ts.map +1 -0
package/dist/utils/route-hierarchy.js +226 -0
package/dist/utils/route-hierarchy.js.map +1 -0
package/dist/utils/schema-semantics.d.ts +45 -0
package/dist/utils/schema-semantics.d.ts.map +1 -0
package/dist/utils/schema-semantics.js +193 -0
package/dist/utils/schema-semantics.js.map +1 -0
package/package.json +4 -2
package/src/__tests__/benchmark/fixtures/layer1/mcp-config-audit.json +31 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1489 -82
package/src/__tests__/benchmark/fixtures/layer2/ai-mcp-security.ts +495 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-package-hallucination.ts +255 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-prompt-hygiene.ts +300 -1
package/src/__tests__/benchmark/fixtures/layer2/ai-rag-safety.ts +139 -0
package/src/__tests__/benchmark/fixtures/layer2/byok-patterns.ts +7 -0
package/src/__tests__/benchmark/fixtures/layer2/data-exposure.ts +63 -0
package/src/__tests__/benchmark/fixtures/layer2/excessive-agency.ts +221 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +30 -0
package/src/__tests__/benchmark/fixtures/layer2/model-supply-chain.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer2/phase1-enhancements.ts +157 -0
package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
package/src/__tests__/benchmark/run-depth-validation.ts +9 -9
package/src/__tests__/category-filter.test.ts +478 -0
package/src/__tests__/regression/known-false-positives.test.ts +490 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +762 -0
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +503 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +0 -9
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +321 -0
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +439 -0
package/src/__tests__/validation/run-validation.ts +7 -7
package/src/ai-context/__tests__/manager.test.ts +193 -0
package/src/ai-context/index.ts +15 -0
package/src/ai-context/manager.ts +145 -0
package/src/baseline/__tests__/diff.test.ts +261 -0
package/src/baseline/__tests__/manager.test.ts +225 -0
package/src/baseline/diff.ts +135 -0
package/src/baseline/index.ts +29 -0
package/src/baseline/manager.ts +230 -0
package/src/baseline/types.ts +97 -0
package/src/category-filter.ts +400 -0
package/src/filtering/__tests__/pipeline.test.ts +134 -0
package/src/filtering/context-adjustments.ts +111 -0
package/src/filtering/index.ts +10 -0
package/src/filtering/pipeline.ts +130 -0
package/src/formatters/__tests__/ai-context.test.ts +254 -0
package/src/formatters/ai-context.ts +302 -0
package/src/formatters/cli-terminal.ts +444 -41
package/src/formatters/github-comment.ts +82 -14
package/src/formatters/ide/__tests__/ide.test.ts +319 -0
package/src/formatters/ide/claude-code.ts +110 -0
package/src/formatters/ide/cursor.ts +147 -0
package/src/formatters/ide/index.ts +216 -0
package/src/formatters/ide/windsurf.ts +135 -0
package/src/formatters/index.ts +28 -0
package/src/index.ts +506 -45
package/src/layer1/comments.ts +3 -1
package/src/layer1/config-audit.ts +74 -14
package/src/layer1/config-mcp-audit.ts +278 -0
package/src/layer1/entropy.ts +234 -1
package/src/layer1/file-flags.ts +17 -6
package/src/layer1/index.ts +29 -23
package/src/layer1/patterns.ts +42 -4
package/src/layer1/urls.ts +188 -14
package/src/layer1/weak-crypto.ts +168 -16
package/src/layer2/ai-agent-tools.ts +1043 -2
package/src/layer2/ai-endpoint-protection.ts +19 -4
package/src/layer2/ai-execution-sinks.ts +755 -29
package/src/layer2/ai-fingerprinting.ts +33 -33
package/src/layer2/ai-mcp-security.ts +933 -0
package/src/layer2/ai-package-hallucination.ts +940 -0
package/src/layer2/ai-prompt-hygiene.ts +898 -17
package/src/layer2/ai-rag-safety.ts +467 -5
package/src/layer2/ai-schema-validation.ts +4 -2
package/src/layer2/auth-antipatterns.ts +235 -20
package/src/layer2/byok-patterns.ts +9 -3
package/src/layer2/dangerous-functions/child-process.ts +98 -0
package/src/layer2/dangerous-functions/dom-xss.ts +292 -0
package/src/layer2/dangerous-functions/index.ts +1533 -0
package/src/layer2/dangerous-functions/json-parse.ts +385 -0
package/src/layer2/dangerous-functions/math-random.ts +789 -0
package/src/layer2/dangerous-functions/patterns.ts +176 -0
package/src/layer2/dangerous-functions/request-validation.ts +145 -0
package/src/layer2/dangerous-functions/utils/control-flow.ts +35 -0
package/src/layer2/dangerous-functions/utils/helpers.ts +170 -0
package/src/layer2/dangerous-functions/utils/index.ts +25 -0
package/src/layer2/dangerous-functions/utils/schema-validation.ts +106 -0
package/src/layer2/data-exposure.ts +18 -39
package/src/layer2/framework-checks.ts +9 -2
package/src/layer2/index.ts +124 -43
package/src/layer2/logic-gates.ts +64 -22
package/src/layer2/model-supply-chain.ts +531 -0
package/src/layer2/risky-imports.ts +9 -2
package/src/layer2/variables.ts +9 -2
package/src/layer3/__tests__/osv-check.test.ts +384 -0
package/src/layer3/anthropic/auto-dismiss.ts +223 -0
package/src/layer3/anthropic/clients.ts +84 -0
package/src/layer3/anthropic/index.ts +170 -0
package/src/layer3/anthropic/prompts/index.ts +14 -0
package/src/layer3/anthropic/prompts/semantic-analysis.ts +173 -0
package/src/layer3/anthropic/prompts/validation.ts +419 -0
package/src/layer3/anthropic/providers/anthropic.ts +310 -0
package/src/layer3/anthropic/providers/index.ts +8 -0
package/src/layer3/anthropic/providers/openai.ts +384 -0
package/src/layer3/anthropic/request-builder.ts +150 -0
package/src/layer3/anthropic/types.ts +148 -0
package/src/layer3/anthropic/utils/index.ts +26 -0
package/src/layer3/anthropic/utils/path-helpers.ts +68 -0
package/src/layer3/anthropic/utils/response-parser.ts +322 -0
package/src/layer3/anthropic/utils/retry.ts +75 -0
package/src/layer3/index.ts +18 -5
package/src/layer3/osv-check.ts +420 -0
package/src/modes/incremental.ts +1 -1
package/src/rules/__tests__/framework-fixes.test.ts +689 -0
package/src/rules/__tests__/metadata.test.ts +218 -0
package/src/rules/framework-fixes.ts +470 -0
package/src/rules/index.ts +21 -0
package/src/rules/metadata.ts +831 -0
package/src/suppression/__tests__/config-loader.test.ts +382 -0
package/src/suppression/__tests__/hash.test.ts +166 -0
package/src/suppression/__tests__/inline-parser.test.ts +212 -0
package/src/suppression/__tests__/manager.test.ts +415 -0
package/src/suppression/config-loader.ts +462 -0
package/src/suppression/hash.ts +95 -0
package/src/suppression/index.ts +51 -0
package/src/suppression/inline-parser.ts +273 -0
package/src/suppression/manager.ts +379 -0
package/src/suppression/types.ts +174 -0
package/src/tiers.ts +45 -9
package/src/types.ts +212 -8
package/src/utils/__tests__/code-analysis.test.ts +165 -0
package/src/utils/__tests__/parsed-file.test.ts +124 -0
package/src/utils/code-analysis.ts +179 -0
package/src/utils/comment-analyzer.ts +249 -0
package/src/utils/context-helpers.ts +421 -11
package/src/utils/environment-context.ts +304 -0
package/src/utils/intent-detector.ts +318 -0
package/src/utils/parsed-file.ts +103 -0
package/src/utils/route-hierarchy.ts +250 -0
package/src/utils/schema-semantics.ts +233 -0
package/dist/layer2/dangerous-functions.d.ts +0 -7
package/dist/layer2/dangerous-functions.d.ts.map +0 -1
package/dist/layer2/dangerous-functions.js +0 -1701
package/dist/layer2/dangerous-functions.js.map +0 -1
package/dist/layer3/anthropic.d.ts +0 -87
package/dist/layer3/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic.js +0 -1948
package/dist/layer3/anthropic.js.map +0 -1
package/dist/layer3/openai.d.ts +0 -25
package/dist/layer3/openai.d.ts.map +0 -1
package/dist/layer3/openai.js +0 -238
package/dist/layer3/openai.js.map +0 -1
package/src/layer2/dangerous-functions.ts +0 -1940
package/src/layer3/anthropic.ts +0 -2257

package/dist/ai-context/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * AI Context Module
+ * Exports for AI context management functionality
+ */
+export { AIContextManager, AI_CONTEXT_FILE, AI_CONTEXT_PATH, OCULUM_DIR, type AIContextManagerOptions, type SaveContextResult, type LoadContextResult, type ClearContextResult, } from './manager';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai-context/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ai-context/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,UAAU,EACV,KAAK,uBAAuB,EAC5B,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,WAAW,CAAA"}

package/dist/ai-context/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+"use strict";
+/**
+ * AI Context Module
+ * Exports for AI context management functionality
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OCULUM_DIR = exports.AI_CONTEXT_PATH = exports.AI_CONTEXT_FILE = exports.AIContextManager = void 0;
+var manager_1 = require("./manager");
+Object.defineProperty(exports, "AIContextManager", { enumerable: true, get: function () { return manager_1.AIContextManager; } });
+Object.defineProperty(exports, "AI_CONTEXT_FILE", { enumerable: true, get: function () { return manager_1.AI_CONTEXT_FILE; } });
+Object.defineProperty(exports, "AI_CONTEXT_PATH", { enumerable: true, get: function () { return manager_1.AI_CONTEXT_PATH; } });
+Object.defineProperty(exports, "OCULUM_DIR", { enumerable: true, get: function () { return manager_1.OCULUM_DIR; } });
+//# sourceMappingURL=index.js.map

package/dist/ai-context/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai-context/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,qCASkB;AARhB,2GAAA,gBAAgB,OAAA;AAChB,0GAAA,eAAe,OAAA;AACf,0GAAA,eAAe,OAAA;AACf,qGAAA,UAAU,OAAA"}

package/dist/ai-context/manager.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * AI Context Manager
+ * Handles loading, saving, and clearing AI context files
+ */
+/** AI context file name */
+export declare const AI_CONTEXT_FILE = "ai-context.md";
+/** Directory for oculum files */
+export declare const OCULUM_DIR = ".oculum";
+/** Full path to AI context file (relative to project root) */
+export declare const AI_CONTEXT_PATH = ".oculum/ai-context.md";
+export interface AIContextManagerOptions {
+    /** Project root path */
+    projectPath: string;
+}
+export interface SaveContextResult {
+    /** Whether the save was successful */
+    success: boolean;
+    /** Path where context was saved */
+    path: string;
+    /** Error message (if failed) */
+    error?: string;
+}
+export interface LoadContextResult {
+    /** Whether a context file was found */
+    found: boolean;
+    /** The context content (if found) */
+    content?: string;
+    /** Error message (if failed to load) */
+    error?: string;
+}
+export interface ClearContextResult {
+    /** Whether the clear was successful */
+    success: boolean;
+    /** Whether a context file existed before clearing */
+    existed: boolean;
+    /** Error message (if failed) */
+    error?: string;
+}
+/**
+ * Manages AI context files for IDE consumption
+ */
+export declare class AIContextManager {
+    private projectPath;
+    private contextPath;
+    constructor(options: AIContextManagerOptions | string);
+    /**
+     * Get the full path to the AI context file
+     */
+    getContextPath(): string;
+    /**
+     * Save AI context to .oculum/ai-context.md
+     */
+    saveContext(content: string): SaveContextResult;
+    /**
+     * Load AI context from .oculum/ai-context.md
+     */
+    loadContext(): LoadContextResult;
+    /**
+     * Clear (delete) the AI context file
+     */
+    clearContext(): ClearContextResult;
+    /**
+     * Check if an AI context file exists
+     */
+    hasContext(): boolean;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/ai-context/manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/ai-context/manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,2BAA2B;AAC3B,eAAO,MAAM,eAAe,kBAAkB,CAAA;AAE9C,iCAAiC;AACjC,eAAO,MAAM,UAAU,YAAY,CAAA;AAEnC,8DAA8D;AAC9D,eAAO,MAAM,eAAe,0BAAqC,CAAA;AAEjE,MAAM,WAAW,uBAAuB;IACtC,wBAAwB;IACxB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAA;IAChB,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAA;IACZ,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,iBAAiB;IAChC,uCAAuC;IACvC,KAAK,EAAE,OAAO,CAAA;IACd,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAA;IAChB,qDAAqD;IACrD,OAAO,EAAE,OAAO,CAAA;IAChB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,WAAW,CAAQ;IAC3B,OAAO,CAAC,WAAW,CAAQ;gBAEf,OAAO,EAAE,uBAAuB,GAAG,MAAM;IAUrD;;OAEG;IACH,cAAc,IAAI,MAAM;IAIxB;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB;IAqB/C;;OAEG;IACH,WAAW,IAAI,iBAAiB;IAgBhC;;OAEG;IACH,YAAY,IAAI,kBAAkB;IAmBlC;;OAEG;IACH,UAAU,IAAI,OAAO;CAGtB"}

package/dist/ai-context/manager.js ADDED Viewed

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * AI Context Manager
+ * Handles loading, saving, and clearing AI context files
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AIContextManager = exports.AI_CONTEXT_PATH = exports.OCULUM_DIR = exports.AI_CONTEXT_FILE = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+/** AI context file name */
+exports.AI_CONTEXT_FILE = 'ai-context.md';
+/** Directory for oculum files */
+exports.OCULUM_DIR = '.oculum';
+/** Full path to AI context file (relative to project root) */
+exports.AI_CONTEXT_PATH = `${exports.OCULUM_DIR}/${exports.AI_CONTEXT_FILE}`;
+/**
+ * Manages AI context files for IDE consumption
+ */
+class AIContextManager {
+    constructor(options) {
+        // Support both old string arg and new options object
+        if (typeof options === 'string') {
+            this.projectPath = options;
+        }
+        else {
+            this.projectPath = options.projectPath;
+        }
+        this.contextPath = (0, path_1.join)(this.projectPath, exports.OCULUM_DIR, exports.AI_CONTEXT_FILE);
+    }
+    /**
+     * Get the full path to the AI context file
+     */
+    getContextPath() {
+        return this.contextPath;
+    }
+    /**
+     * Save AI context to .oculum/ai-context.md
+     */
+    saveContext(content) {
+        try {
+            // Ensure .oculum directory exists
+            const oculumDir = (0, path_1.join)(this.projectPath, exports.OCULUM_DIR);
+            if (!(0, fs_1.existsSync)(oculumDir)) {
+                (0, fs_1.mkdirSync)(oculumDir, { recursive: true });
+            }
+            // Write content to file
+            (0, fs_1.writeFileSync)(this.contextPath, content);
+            return { success: true, path: this.contextPath };
+        }
+        catch (err) {
+            return {
+                success: false,
+                path: this.contextPath,
+                error: `Failed to save AI context: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            };
+        }
+    }
+    /**
+     * Load AI context from .oculum/ai-context.md
+     */
+    loadContext() {
+        if (!(0, fs_1.existsSync)(this.contextPath)) {
+            return { found: false };
+        }
+        try {
+            const content = (0, fs_1.readFileSync)(this.contextPath, 'utf-8');
+            return { found: true, content };
+        }
+        catch (err) {
+            return {
+                found: false,
+                error: `Failed to read AI context: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            };
+        }
+    }
+    /**
+     * Clear (delete) the AI context file
+     */
+    clearContext() {
+        const existed = (0, fs_1.existsSync)(this.contextPath);
+        if (!existed) {
+            return { success: true, existed: false };
+        }
+        try {
+            (0, fs_1.unlinkSync)(this.contextPath);
+            return { success: true, existed: true };
+        }
+        catch (err) {
+            return {
+                success: false,
+                existed: true,
+                error: `Failed to clear AI context: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            };
+        }
+    }
+    /**
+     * Check if an AI context file exists
+     */
+    hasContext() {
+        return (0, fs_1.existsSync)(this.contextPath);
+    }
+}
+exports.AIContextManager = AIContextManager;
+//# sourceMappingURL=manager.js.map

package/dist/ai-context/manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/ai-context/manager.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,2BAAmF;AACnF,+BAA2B;AAE3B,2BAA2B;AACd,QAAA,eAAe,GAAG,eAAe,CAAA;AAE9C,iCAAiC;AACpB,QAAA,UAAU,GAAG,SAAS,CAAA;AAEnC,8DAA8D;AACjD,QAAA,eAAe,GAAG,GAAG,kBAAU,IAAI,uBAAe,EAAE,CAAA;AAkCjE;;GAEG;AACH,MAAa,gBAAgB;IAI3B,YAAY,OAAyC;QACnD,qDAAqD;QACrD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAA;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;QACxC,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,IAAA,WAAI,EAAC,IAAI,CAAC,WAAW,EAAE,kBAAU,EAAE,uBAAe,CAAC,CAAA;IACxE,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAe;QACzB,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,SAAS,GAAG,IAAA,WAAI,EAAC,IAAI,CAAC,WAAW,EAAE,kBAAU,CAAC,CAAA;YACpD,IAAI,CAAC,IAAA,eAAU,EAAC,SAAS,CAAC,EAAE,CAAC;gBAC3B,IAAA,cAAS,EAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;YAC3C,CAAC;YAED,wBAAwB;YACxB,IAAA,kBAAa,EAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;YAExC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,CAAA;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,IAAI,CAAC,WAAW;gBACtB,KAAK,EAAE,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;aAC5F,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,IAAI,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;QACzB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;YACvD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAA;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;aAC5F,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY;QACV,MAAM,OAAO,GAAG,IAAA,eAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;QAC1C,CAAC;QAED,IAAI,CAAC;YACH,IAAA,eAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAA;YAC5B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;aAC7F,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAA,eAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACrC,CAAC;CACF;AA5FD,4CA4FC"}

package/dist/baseline/diff.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Baseline Diff Computation
+ * Computes the difference between current findings and a baseline
+ */
+import type { Vulnerability } from '../types';
+import type { BaselineData, DiffResult } from './types';
+/**
+ * Compute the diff between current scan findings and a baseline
+ *
+ * Uses finding hashes for comparison, which are computed from:
+ * - Normalized file path
+ * - Normalized line content
+ * - Category
+ *
+ * This means findings are considered the same even if:
+ * - Line numbers changed (code moved)
+ * - Minor whitespace changes occurred
+ *
+ * @param currentFindings - Vulnerabilities from the current scan
+ * @param baseline - The baseline to compare against
+ * @returns DiffResult with new, fixed, and existing findings
+ */
+export declare function computeDiff(currentFindings: Vulnerability[], baseline: BaselineData): DiffResult;
+/**
+ * Check if a diff has any new blocking issues (critical or high severity)
+ */
+export declare function hasNewBlockingIssues(diff: DiffResult): boolean;
+/**
+ * Format a summary string for the diff
+ */
+export declare function formatDiffSummary(diff: DiffResult): string;
+//# sourceMappingURL=diff.d.ts.map

package/dist/baseline/diff.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"diff.d.ts","sourceRoot":"","sources":["../../src/baseline/diff.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyC,MAAM,UAAU,CAAA;AACpF,OAAO,KAAK,EAAE,YAAY,EAAmB,UAAU,EAAE,MAAM,SAAS,CAAA;AAkCxE;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,WAAW,CACzB,eAAe,EAAE,aAAa,EAAE,EAChC,QAAQ,EAAE,YAAY,GACrB,UAAU,CAiDZ;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAE9D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAc1D"}

package/dist/baseline/diff.js ADDED Viewed

@@ -0,0 +1,119 @@
+"use strict";
+/**
+ * Baseline Diff Computation
+ * Computes the difference between current findings and a baseline
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeDiff = computeDiff;
+exports.hasNewBlockingIssues = hasNewBlockingIssues;
+exports.formatDiffSummary = formatDiffSummary;
+const hash_1 = require("../suppression/hash");
+/**
+ * Compute severity counts from baseline findings
+ */
+function computeBaselineSeverityCounts(findings) {
+    const counts = { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+    for (const finding of findings) {
+        const severity = finding.severity;
+        if (severity in counts) {
+            counts[severity]++;
+        }
+    }
+    return counts;
+}
+/**
+ * Compute severity counts from vulnerabilities
+ */
+function computeVulnerabilitySeverityCounts(vulnerabilities) {
+    const counts = { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+    for (const vuln of vulnerabilities) {
+        if (vuln.severity in counts) {
+            counts[vuln.severity]++;
+        }
+    }
+    return counts;
+}
+/**
+ * Compute the diff between current scan findings and a baseline
+ *
+ * Uses finding hashes for comparison, which are computed from:
+ * - Normalized file path
+ * - Normalized line content
+ * - Category
+ *
+ * This means findings are considered the same even if:
+ * - Line numbers changed (code moved)
+ * - Minor whitespace changes occurred
+ *
+ * @param currentFindings - Vulnerabilities from the current scan
+ * @param baseline - The baseline to compare against
+ * @returns DiffResult with new, fixed, and existing findings
+ */
+function computeDiff(currentFindings, baseline) {
+    // Build hash set from baseline for O(1) lookup
+    const baselineHashes = new Set(baseline.findings.map(f => f.hash));
+    // Build hash map from current findings
+    const currentHashMap = new Map();
+    for (const finding of currentFindings) {
+        const hash = (0, hash_1.computeFindingHash)(finding);
+        currentHashMap.set(hash, finding);
+    }
+    // Compute new findings (in current, not in baseline)
+    const newFindings = [];
+    for (const finding of currentFindings) {
+        const hash = (0, hash_1.computeFindingHash)(finding);
+        if (!baselineHashes.has(hash)) {
+            newFindings.push(finding);
+        }
+    }
+    // Compute fixed findings (in baseline, not in current)
+    const fixedFindings = [];
+    for (const baselineFinding of baseline.findings) {
+        if (!currentHashMap.has(baselineFinding.hash)) {
+            fixedFindings.push(baselineFinding);
+        }
+    }
+    // Compute existing findings (in both)
+    const existingFindings = [];
+    for (const finding of currentFindings) {
+        const hash = (0, hash_1.computeFindingHash)(finding);
+        if (baselineHashes.has(hash)) {
+            existingFindings.push(finding);
+        }
+    }
+    return {
+        new: newFindings,
+        fixed: fixedFindings,
+        existing: existingFindings,
+        stats: {
+            newCount: newFindings.length,
+            fixedCount: fixedFindings.length,
+            existingCount: existingFindings.length,
+            newBySeverity: computeVulnerabilitySeverityCounts(newFindings),
+            fixedBySeverity: computeBaselineSeverityCounts(fixedFindings),
+        },
+    };
+}
+/**
+ * Check if a diff has any new blocking issues (critical or high severity)
+ */
+function hasNewBlockingIssues(diff) {
+    return diff.stats.newBySeverity.critical > 0 || diff.stats.newBySeverity.high > 0;
+}
+/**
+ * Format a summary string for the diff
+ */
+function formatDiffSummary(diff) {
+    const parts = [];
+    if (diff.stats.newCount > 0) {
+        parts.push(`${diff.stats.newCount} new`);
+    }
+    if (diff.stats.fixedCount > 0) {
+        parts.push(`${diff.stats.fixedCount} fixed`);
+    }
+    if (diff.stats.existingCount > 0) {
+        parts.push(`${diff.stats.existingCount} existing`);
+    }
+    return parts.join(', ');
+}
+//# sourceMappingURL=diff.js.map

package/dist/baseline/diff.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"diff.js","sourceRoot":"","sources":["../../src/baseline/diff.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAqDH,kCAoDC;AAKD,oDAEC;AAKD,8CAcC;AA/HD,8CAAwD;AAExD;;GAEG;AACH,SAAS,6BAA6B,CAAC,QAA2B;IAChE,MAAM,MAAM,GAAmB,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;IAEnF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAiC,CAAA;QAC1D,IAAI,QAAQ,IAAI,MAAM,EAAE,CAAC;YACvB,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAA;QACpB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,kCAAkC,CAAC,eAAgC;IAC1E,MAAM,MAAM,GAAmB,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;IAEnF,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,IAAI,CAAC,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,WAAW,CACzB,eAAgC,EAChC,QAAsB;IAEtB,+CAA+C;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IAElE,uCAAuC;IACvC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAyB,CAAA;IACvD,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,OAAO,CAAC,CAAA;QACxC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,qDAAqD;IACrD,MAAM,WAAW,GAAoB,EAAE,CAAA;IACvC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,OAAO,CAAC,CAAA;QACxC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,uDAAuD;IACvD,MAAM,aAAa,GAAsB,EAAE,CAAA;IAC3C,KAAK,MAAM,eAAe,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,gBAAgB,GAAoB,EAAE,CAAA;IAC5C,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,OAAO,CAAC,CAAA;QACxC,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO;QACL,GAAG,EAAE,WAAW;QAChB,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE;YACL,QAAQ,EAAE,WAAW,CAAC,MAAM;YAC5B,UAAU,EAAE,aAAa,CAAC,MAAM;YAChC,aAAa,EAAE,gBAAgB,CAAC,MAAM;YACtC,aAAa,EAAE,kCAAkC,CAAC,WAAW,CAAC;YAC9D,eAAe,EAAE,6BAA6B,CAAC,aAAa,CAAC;SAC9D;KACF,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,IAAgB;IACnD,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,CAAA;AACnF,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,IAAgB;IAChD,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,MAAM,CAAC,CAAA;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,QAAQ,CAAC,CAAA;IAC9C,CAAC;IACD,IAAI,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,WAAW,CAAC,CAAA;IACpD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC"}

package/dist/baseline/index.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Baseline Module
+ * Provides baseline/diff mode functionality for tracking security improvements
+ */
+export type { BaselineFinding, BaselineData, DiffResult, BaselineDiff, } from './types';
+export { BASELINE_FILE_PATH, OCULUM_DIR } from './types';
+export { BaselineManager, type BaselineManagerOptions, type LoadBaselineResult, type SaveBaselineResult, type ClearBaselineResult, } from './manager';
+export { computeDiff, hasNewBlockingIssues, formatDiffSummary, } from './diff';
+//# sourceMappingURL=index.d.ts.map

package/dist/baseline/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/baseline/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,YAAY,EACV,eAAe,EACf,YAAY,EACZ,UAAU,EACV,YAAY,GACb,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAGxD,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC3B,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,WAAW,CAAA;AAGlB,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,QAAQ,CAAA"}

package/dist/baseline/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+/**
+ * Baseline Module
+ * Provides baseline/diff mode functionality for tracking security improvements
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatDiffSummary = exports.hasNewBlockingIssues = exports.computeDiff = exports.BaselineManager = exports.OCULUM_DIR = exports.BASELINE_FILE_PATH = void 0;
+var types_1 = require("./types");
+Object.defineProperty(exports, "BASELINE_FILE_PATH", { enumerable: true, get: function () { return types_1.BASELINE_FILE_PATH; } });
+Object.defineProperty(exports, "OCULUM_DIR", { enumerable: true, get: function () { return types_1.OCULUM_DIR; } });
+// Manager
+var manager_1 = require("./manager");
+Object.defineProperty(exports, "BaselineManager", { enumerable: true, get: function () { return manager_1.BaselineManager; } });
+// Diff computation
+var diff_1 = require("./diff");
+Object.defineProperty(exports, "computeDiff", { enumerable: true, get: function () { return diff_1.computeDiff; } });
+Object.defineProperty(exports, "hasNewBlockingIssues", { enumerable: true, get: function () { return diff_1.hasNewBlockingIssues; } });
+Object.defineProperty(exports, "formatDiffSummary", { enumerable: true, get: function () { return diff_1.formatDiffSummary; } });
+//# sourceMappingURL=index.js.map

package/dist/baseline/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/baseline/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AASH,iCAAwD;AAA/C,2GAAA,kBAAkB,OAAA;AAAE,mGAAA,UAAU,OAAA;AAEvC,UAAU;AACV,qCAMkB;AALhB,0GAAA,eAAe,OAAA;AAOjB,mBAAmB;AACnB,+BAIe;AAHb,mGAAA,WAAW,OAAA;AACX,4GAAA,oBAAoB,OAAA;AACpB,yGAAA,iBAAiB,OAAA"}

package/dist/baseline/manager.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * Baseline Manager
+ * Handles loading, saving, and clearing baseline files
+ */
+import type { ScanResult, ScanDepth } from '../types';
+import type { BaselineData } from './types';
+export interface BaselineManagerOptions {
+    /** Project root path */
+    projectPath: string;
+}
+export interface LoadBaselineResult {
+    /** Whether a baseline was found */
+    found: boolean;
+    /** The baseline data (if found) */
+    baseline?: BaselineData;
+    /** Error message (if failed to load) */
+    error?: string;
+}
+export interface SaveBaselineResult {
+    /** Whether the save was successful */
+    success: boolean;
+    /** Path where baseline was saved */
+    path: string;
+    /** Error message (if failed) */
+    error?: string;
+}
+export interface ClearBaselineResult {
+    /** Whether the clear was successful */
+    success: boolean;
+    /** Whether a baseline existed before clearing */
+    existed: boolean;
+    /** Error message (if failed) */
+    error?: string;
+}
+/**
+ * Manages baseline files for diff mode
+ */
+export declare class BaselineManager {
+    private projectPath;
+    private baselinePath;
+    constructor(options: BaselineManagerOptions | string);
+    /**
+     * Get the full path to the baseline file
+     */
+    getBaselinePath(): string;
+    /**
+     * Load baseline from .oculum/baseline.json
+     */
+    loadBaseline(): LoadBaselineResult;
+    /**
+     * Save current scan result as baseline
+     */
+    saveBaseline(scanResult: ScanResult, options?: {
+        commit?: string;
+        branch?: string;
+        scanDepth?: ScanDepth;
+    }): SaveBaselineResult;
+    /**
+     * Clear (delete) the baseline file
+     */
+    clearBaseline(): ClearBaselineResult;
+    /**
+     * Check if a baseline exists
+     */
+    hasBaseline(): boolean;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/baseline/manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/baseline/manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAiB,MAAM,UAAU,CAAA;AACpE,OAAO,KAAK,EAAE,YAAY,EAAmB,MAAM,SAAS,CAAA;AAI5D,MAAM,WAAW,sBAAsB;IACrC,wBAAwB;IACxB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,mCAAmC;IACnC,KAAK,EAAE,OAAO,CAAA;IACd,mCAAmC;IACnC,QAAQ,CAAC,EAAE,YAAY,CAAA;IACvB,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAA;IAChB,oCAAoC;IACpC,IAAI,EAAE,MAAM,CAAA;IACZ,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAA;IAChB,iDAAiD;IACjD,OAAO,EAAE,OAAO,CAAA;IAChB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AA8CD;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAQ;IAC3B,OAAO,CAAC,YAAY,CAAQ;gBAEhB,OAAO,EAAE,sBAAsB,GAAG,MAAM;IAUpD;;OAEG;IACH,eAAe,IAAI,MAAM;IAIzB;;OAEG;IACH,YAAY,IAAI,kBAAkB;IAiClC;;OAEG;IACH,YAAY,CACV,UAAU,EAAE,UAAU,EACtB,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,SAAS,CAAA;KAAE,GACpE,kBAAkB;IA8CrB;;OAEG;IACH,aAAa,IAAI,mBAAmB;IAmBpC;;OAEG;IACH,WAAW,IAAI,OAAO;CAGvB"}

package/dist/baseline/manager.js ADDED Viewed

@@ -0,0 +1,180 @@
+"use strict";
+/**
+ * Baseline Manager
+ * Handles loading, saving, and clearing baseline files
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaselineManager = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const child_process_1 = require("child_process");
+const types_1 = require("./types");
+const hash_1 = require("../suppression/hash");
+/**
+ * Get current git commit SHA (short form)
+ */
+function getGitCommit(projectPath) {
+    try {
+        const result = (0, child_process_1.execFileSync)('git', ['rev-parse', '--short', 'HEAD'], {
+            cwd: projectPath,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        return result.toString().trim();
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Get current git branch name
+ */
+function getGitBranch(projectPath) {
+    try {
+        const result = (0, child_process_1.execFileSync)('git', ['rev-parse', '--abbrev-ref', 'HEAD'], {
+            cwd: projectPath,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        return result.toString().trim();
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Convert a Vulnerability to a BaselineFinding
+ */
+function toBaselineFinding(vuln) {
+    return {
+        hash: (0, hash_1.computeFindingHash)(vuln),
+        filePath: vuln.filePath,
+        lineNumber: vuln.lineNumber,
+        category: vuln.category,
+        severity: vuln.severity,
+        title: vuln.title,
+    };
+}
+/**
+ * Manages baseline files for diff mode
+ */
+class BaselineManager {
+    constructor(options) {
+        // Support both old string arg and new options object
+        if (typeof options === 'string') {
+            this.projectPath = options;
+        }
+        else {
+            this.projectPath = options.projectPath;
+        }
+        this.baselinePath = (0, path_1.join)(this.projectPath, types_1.BASELINE_FILE_PATH);
+    }
+    /**
+     * Get the full path to the baseline file
+     */
+    getBaselinePath() {
+        return this.baselinePath;
+    }
+    /**
+     * Load baseline from .oculum/baseline.json
+     */
+    loadBaseline() {
+        if (!(0, fs_1.existsSync)(this.baselinePath)) {
+            return { found: false };
+        }
+        try {
+            const content = (0, fs_1.readFileSync)(this.baselinePath, 'utf-8');
+            const baseline = JSON.parse(content);
+            // Basic validation
+            if (baseline.version !== 1) {
+                return {
+                    found: false,
+                    error: `Unsupported baseline version: ${baseline.version}. Expected version 1.`,
+                };
+            }
+            if (!Array.isArray(baseline.findings)) {
+                return {
+                    found: false,
+                    error: 'Invalid baseline: missing findings array',
+                };
+            }
+            return { found: true, baseline };
+        }
+        catch (err) {
+            return {
+                found: false,
+                error: `Failed to parse baseline: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            };
+        }
+    }
+    /**
+     * Save current scan result as baseline
+     */
+    saveBaseline(scanResult, options) {
+        try {
+            // Ensure .oculum directory exists
+            const oculumDir = (0, path_1.join)(this.projectPath, types_1.OCULUM_DIR);
+            if (!(0, fs_1.existsSync)(oculumDir)) {
+                (0, fs_1.mkdirSync)(oculumDir, { recursive: true });
+            }
+            // Get git info if not provided
+            const commit = options?.commit ?? getGitCommit(this.projectPath);
+            const branch = options?.branch ?? getGitBranch(this.projectPath);
+            // Convert vulnerabilities to baseline findings
+            const findings = scanResult.vulnerabilities.map(toBaselineFinding);
+            // Build baseline data
+            const baseline = {
+                version: 1,
+                createdAt: new Date().toISOString(),
+                commit,
+                branch,
+                scanDepth: options?.scanDepth,
+                findings,
+                stats: {
+                    total: findings.length,
+                    critical: scanResult.severityCounts.critical,
+                    high: scanResult.severityCounts.high,
+                    medium: scanResult.severityCounts.medium,
+                    low: scanResult.severityCounts.low,
+                    info: scanResult.severityCounts.info,
+                },
+            };
+            // Write to file
+            (0, fs_1.writeFileSync)(this.baselinePath, JSON.stringify(baseline, null, 2));
+            return { success: true, path: this.baselinePath };
+        }
+        catch (err) {
+            return {
+                success: false,
+                path: this.baselinePath,
+                error: `Failed to save baseline: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            };
+        }
+    }
+    /**
+     * Clear (delete) the baseline file
+     */
+    clearBaseline() {
+        const existed = (0, fs_1.existsSync)(this.baselinePath);
+        if (!existed) {
+            return { success: true, existed: false };
+        }
+        try {
+            (0, fs_1.unlinkSync)(this.baselinePath);
+            return { success: true, existed: true };
+        }
+        catch (err) {
+            return {
+                success: false,
+                existed: true,
+                error: `Failed to clear baseline: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            };
+        }
+    }
+    /**
+     * Check if a baseline exists
+     */
+    hasBaseline() {
+        return (0, fs_1.existsSync)(this.baselinePath);
+    }
+}
+exports.BaselineManager = BaselineManager;
+//# sourceMappingURL=manager.js.map