@oculum/scanner 1.0.11 β†’ 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1178) hide show
  1. package/dist/ai-context/index.d.ts +6 -0
  2. package/dist/ai-context/index.d.ts.map +1 -0
  3. package/dist/ai-context/index.js +13 -0
  4. package/dist/ai-context/index.js.map +1 -0
  5. package/dist/ai-context/manager.d.ts +67 -0
  6. package/dist/ai-context/manager.d.ts.map +1 -0
  7. package/dist/ai-context/manager.js +104 -0
  8. package/dist/ai-context/manager.js.map +1 -0
  9. package/dist/category-filter.d.ts +125 -0
  10. package/dist/category-filter.d.ts.map +1 -0
  11. package/dist/category-filter.js +360 -0
  12. package/dist/category-filter.js.map +1 -0
  13. package/dist/detect/ai-code/agent-tools.d.ts +22 -0
  14. package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
  15. package/dist/detect/ai-code/agent-tools.js +1509 -0
  16. package/dist/detect/ai-code/agent-tools.js.map +1 -0
  17. package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
  18. package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
  19. package/dist/detect/ai-code/byok-patterns.js +313 -0
  20. package/dist/detect/ai-code/byok-patterns.js.map +1 -0
  21. package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
  22. package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
  23. package/dist/detect/ai-code/endpoint-protection.js +349 -0
  24. package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
  25. package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
  26. package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
  27. package/dist/detect/ai-code/execution-sinks.js +1158 -0
  28. package/dist/detect/ai-code/execution-sinks.js.map +1 -0
  29. package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
  30. package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
  31. package/dist/detect/ai-code/fingerprinting.js +665 -0
  32. package/dist/detect/ai-code/fingerprinting.js.map +1 -0
  33. package/dist/detect/ai-code/index.d.ts +12 -0
  34. package/dist/detect/ai-code/index.d.ts.map +1 -0
  35. package/dist/detect/ai-code/index.js +26 -0
  36. package/dist/detect/ai-code/index.js.map +1 -0
  37. package/dist/detect/ai-code/mcp-security.d.ts +20 -0
  38. package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
  39. package/dist/detect/ai-code/mcp-security.js +880 -0
  40. package/dist/detect/ai-code/mcp-security.js.map +1 -0
  41. package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
  42. package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
  43. package/dist/detect/ai-code/model-supply-chain.js +447 -0
  44. package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
  45. package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
  46. package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
  47. package/dist/detect/ai-code/package-hallucination.js +841 -0
  48. package/dist/detect/ai-code/package-hallucination.js.map +1 -0
  49. package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
  50. package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
  51. package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
  52. package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
  53. package/dist/detect/ai-code/rag-safety.d.ts +24 -0
  54. package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
  55. package/dist/detect/ai-code/rag-safety.js +913 -0
  56. package/dist/detect/ai-code/rag-safety.js.map +1 -0
  57. package/dist/detect/ai-code/schema-validation.d.ts +28 -0
  58. package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
  59. package/dist/detect/ai-code/schema-validation.js +378 -0
  60. package/dist/detect/ai-code/schema-validation.js.map +1 -0
  61. package/dist/detect/config/agent-skill-injection.d.ts +27 -0
  62. package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
  63. package/dist/detect/config/agent-skill-injection.js +472 -0
  64. package/dist/detect/config/agent-skill-injection.js.map +1 -0
  65. package/dist/detect/config/comments.d.ts +11 -0
  66. package/dist/detect/config/comments.d.ts.map +1 -0
  67. package/dist/detect/config/comments.js +206 -0
  68. package/dist/detect/config/comments.js.map +1 -0
  69. package/dist/detect/config/file-flags.d.ts +10 -0
  70. package/dist/detect/config/file-flags.d.ts.map +1 -0
  71. package/dist/detect/config/file-flags.js +124 -0
  72. package/dist/detect/config/file-flags.js.map +1 -0
  73. package/dist/detect/config/index.d.ts +7 -0
  74. package/dist/detect/config/index.d.ts.map +1 -0
  75. package/dist/detect/config/index.js +17 -0
  76. package/dist/detect/config/index.js.map +1 -0
  77. package/dist/detect/config/osv-check.d.ts +75 -0
  78. package/dist/detect/config/osv-check.d.ts.map +1 -0
  79. package/dist/detect/config/osv-check.js +309 -0
  80. package/dist/detect/config/osv-check.js.map +1 -0
  81. package/dist/detect/config/package-check.d.ts +63 -0
  82. package/dist/detect/config/package-check.d.ts.map +1 -0
  83. package/dist/detect/config/package-check.js +509 -0
  84. package/dist/detect/config/package-check.js.map +1 -0
  85. package/dist/detect/config/urls.d.ts +11 -0
  86. package/dist/detect/config/urls.d.ts.map +1 -0
  87. package/dist/detect/config/urls.js +450 -0
  88. package/dist/detect/config/urls.js.map +1 -0
  89. package/dist/detect/index.d.ts +37 -0
  90. package/dist/detect/index.d.ts.map +1 -0
  91. package/dist/detect/index.js +77 -0
  92. package/dist/detect/index.js.map +1 -0
  93. package/dist/detect/secrets/config-audit.d.ts +11 -0
  94. package/dist/detect/secrets/config-audit.d.ts.map +1 -0
  95. package/dist/detect/secrets/config-audit.js +315 -0
  96. package/dist/detect/secrets/config-audit.js.map +1 -0
  97. package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
  98. package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
  99. package/dist/detect/secrets/config-mcp-audit.js +243 -0
  100. package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
  101. package/dist/detect/secrets/entropy.d.ts +11 -0
  102. package/dist/detect/secrets/entropy.d.ts.map +1 -0
  103. package/dist/detect/secrets/entropy.js +751 -0
  104. package/dist/detect/secrets/entropy.js.map +1 -0
  105. package/dist/detect/secrets/index.d.ts +36 -0
  106. package/dist/detect/secrets/index.d.ts.map +1 -0
  107. package/dist/detect/secrets/index.js +174 -0
  108. package/dist/detect/secrets/index.js.map +1 -0
  109. package/dist/detect/secrets/patterns.d.ts +11 -0
  110. package/dist/detect/secrets/patterns.d.ts.map +1 -0
  111. package/dist/detect/secrets/patterns.js +518 -0
  112. package/dist/detect/secrets/patterns.js.map +1 -0
  113. package/dist/detect/secrets/weak-crypto.d.ts +10 -0
  114. package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
  115. package/dist/detect/secrets/weak-crypto.js +432 -0
  116. package/dist/detect/secrets/weak-crypto.js.map +1 -0
  117. package/dist/detect/structural/auth-patterns.d.ts +22 -0
  118. package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
  119. package/dist/detect/structural/auth-patterns.js +533 -0
  120. package/dist/detect/structural/auth-patterns.js.map +1 -0
  121. package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
  122. package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
  123. package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
  124. package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
  125. package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
  126. package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
  127. package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
  128. package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
  129. package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
  130. package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
  131. package/dist/detect/structural/dangerous-functions/index.js +1193 -0
  132. package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
  133. package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
  134. package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
  135. package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
  136. package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
  137. package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
  138. package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
  139. package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
  140. package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
  141. package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
  142. package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
  143. package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
  144. package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
  145. package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
  146. package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
  147. package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
  148. package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
  149. package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
  150. package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
  151. package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
  152. package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
  153. package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
  154. package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
  155. package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
  156. package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
  157. package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
  158. package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
  159. package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
  160. package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
  161. package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
  162. package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
  163. package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
  164. package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
  165. package/dist/detect/structural/data-exposure.d.ts +19 -0
  166. package/dist/detect/structural/data-exposure.d.ts.map +1 -0
  167. package/dist/detect/structural/data-exposure.js +262 -0
  168. package/dist/detect/structural/data-exposure.js.map +1 -0
  169. package/dist/detect/structural/framework-checks.d.ts +10 -0
  170. package/dist/detect/structural/framework-checks.d.ts.map +1 -0
  171. package/dist/detect/structural/framework-checks.js +389 -0
  172. package/dist/detect/structural/framework-checks.js.map +1 -0
  173. package/dist/detect/structural/index.d.ts +71 -0
  174. package/dist/detect/structural/index.d.ts.map +1 -0
  175. package/dist/detect/structural/index.js +510 -0
  176. package/dist/detect/structural/index.js.map +1 -0
  177. package/dist/detect/structural/log-injection.d.ts +18 -0
  178. package/dist/detect/structural/log-injection.d.ts.map +1 -0
  179. package/dist/detect/structural/log-injection.js +217 -0
  180. package/dist/detect/structural/log-injection.js.map +1 -0
  181. package/dist/detect/structural/logic-gates.d.ts +10 -0
  182. package/dist/detect/structural/logic-gates.d.ts.map +1 -0
  183. package/dist/detect/structural/logic-gates.js +227 -0
  184. package/dist/detect/structural/logic-gates.js.map +1 -0
  185. package/dist/detect/structural/risky-imports.d.ts +10 -0
  186. package/dist/detect/structural/risky-imports.d.ts.map +1 -0
  187. package/dist/detect/structural/risky-imports.js +168 -0
  188. package/dist/detect/structural/risky-imports.js.map +1 -0
  189. package/dist/detect/structural/security-headers.d.ts +18 -0
  190. package/dist/detect/structural/security-headers.d.ts.map +1 -0
  191. package/dist/detect/structural/security-headers.js +196 -0
  192. package/dist/detect/structural/security-headers.js.map +1 -0
  193. package/dist/detect/structural/ssrf-detection.d.ts +18 -0
  194. package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
  195. package/dist/detect/structural/ssrf-detection.js +263 -0
  196. package/dist/detect/structural/ssrf-detection.js.map +1 -0
  197. package/dist/detect/structural/variables.d.ts +11 -0
  198. package/dist/detect/structural/variables.d.ts.map +1 -0
  199. package/dist/detect/structural/variables.js +159 -0
  200. package/dist/detect/structural/variables.js.map +1 -0
  201. package/dist/detect/structural/xxe-detection.d.ts +18 -0
  202. package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
  203. package/dist/detect/structural/xxe-detection.js +245 -0
  204. package/dist/detect/structural/xxe-detection.js.map +1 -0
  205. package/dist/filtering/context-adjustments.d.ts +23 -0
  206. package/dist/filtering/context-adjustments.d.ts.map +1 -0
  207. package/dist/filtering/context-adjustments.js +100 -0
  208. package/dist/filtering/context-adjustments.js.map +1 -0
  209. package/dist/filtering/index.d.ts +3 -0
  210. package/dist/filtering/index.d.ts.map +1 -0
  211. package/dist/filtering/index.js +8 -0
  212. package/dist/filtering/index.js.map +1 -0
  213. package/dist/filtering/pipeline.d.ts +48 -0
  214. package/dist/filtering/pipeline.d.ts.map +1 -0
  215. package/dist/filtering/pipeline.js +76 -0
  216. package/dist/filtering/pipeline.js.map +1 -0
  217. package/dist/formatters/ai-context.d.ts +23 -0
  218. package/dist/formatters/ai-context.d.ts.map +1 -0
  219. package/dist/formatters/ai-context.js +238 -0
  220. package/dist/formatters/ai-context.js.map +1 -0
  221. package/dist/formatters/github-comment.d.ts +1 -1
  222. package/dist/formatters/github-comment.d.ts.map +1 -1
  223. package/dist/formatters/github-comment.js +2 -2
  224. package/dist/formatters/github-comment.js.map +1 -1
  225. package/dist/formatters/ide/claude-code.d.ts +17 -0
  226. package/dist/formatters/ide/claude-code.d.ts.map +1 -0
  227. package/dist/formatters/ide/claude-code.js +94 -0
  228. package/dist/formatters/ide/claude-code.js.map +1 -0
  229. package/dist/formatters/ide/cursor.d.ts +13 -0
  230. package/dist/formatters/ide/cursor.d.ts.map +1 -0
  231. package/dist/formatters/ide/cursor.js +125 -0
  232. package/dist/formatters/ide/cursor.js.map +1 -0
  233. package/dist/formatters/ide/index.d.ts +62 -0
  234. package/dist/formatters/ide/index.d.ts.map +1 -0
  235. package/dist/formatters/ide/index.js +184 -0
  236. package/dist/formatters/ide/index.js.map +1 -0
  237. package/dist/formatters/ide/windsurf.d.ts +13 -0
  238. package/dist/formatters/ide/windsurf.d.ts.map +1 -0
  239. package/dist/formatters/ide/windsurf.js +117 -0
  240. package/dist/formatters/ide/windsurf.js.map +1 -0
  241. package/dist/formatters/index.d.ts +2 -0
  242. package/dist/formatters/index.d.ts.map +1 -1
  243. package/dist/formatters/index.js +17 -1
  244. package/dist/formatters/index.js.map +1 -1
  245. package/dist/index.d.ts +17 -60
  246. package/dist/index.d.ts.map +1 -1
  247. package/dist/index.js +67 -824
  248. package/dist/index.js.map +1 -1
  249. package/dist/layer1/comments.d.ts +4 -1
  250. package/dist/layer1/comments.d.ts.map +1 -1
  251. package/dist/layer1/comments.js +1 -1
  252. package/dist/layer1/comments.js.map +1 -1
  253. package/dist/layer1/config-audit.d.ts +4 -1
  254. package/dist/layer1/config-audit.d.ts.map +1 -1
  255. package/dist/layer1/config-audit.js +45 -11
  256. package/dist/layer1/config-audit.js.map +1 -1
  257. package/dist/layer1/config-mcp-audit.d.ts +4 -1
  258. package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
  259. package/dist/layer1/config-mcp-audit.js +2 -2
  260. package/dist/layer1/config-mcp-audit.js.map +1 -1
  261. package/dist/layer1/entropy.d.ts +4 -1
  262. package/dist/layer1/entropy.d.ts.map +1 -1
  263. package/dist/layer1/entropy.js +212 -1
  264. package/dist/layer1/entropy.js.map +1 -1
  265. package/dist/layer1/file-flags.d.ts +4 -1
  266. package/dist/layer1/file-flags.d.ts.map +1 -1
  267. package/dist/layer1/file-flags.js +12 -5
  268. package/dist/layer1/file-flags.js.map +1 -1
  269. package/dist/layer1/index.d.ts.map +1 -1
  270. package/dist/layer1/index.js +14 -19
  271. package/dist/layer1/index.js.map +1 -1
  272. package/dist/layer1/patterns.d.ts +4 -1
  273. package/dist/layer1/patterns.d.ts.map +1 -1
  274. package/dist/layer1/patterns.js +34 -4
  275. package/dist/layer1/patterns.js.map +1 -1
  276. package/dist/layer1/urls.d.ts +4 -1
  277. package/dist/layer1/urls.d.ts.map +1 -1
  278. package/dist/layer1/urls.js +162 -14
  279. package/dist/layer1/urls.js.map +1 -1
  280. package/dist/layer1/weak-crypto.d.ts +4 -1
  281. package/dist/layer1/weak-crypto.d.ts.map +1 -1
  282. package/dist/layer1/weak-crypto.js +144 -7
  283. package/dist/layer1/weak-crypto.js.map +1 -1
  284. package/dist/layer2/ai-agent-tools.d.ts +4 -1
  285. package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
  286. package/dist/layer2/ai-agent-tools.js +661 -2
  287. package/dist/layer2/ai-agent-tools.js.map +1 -1
  288. package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
  289. package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
  290. package/dist/layer2/ai-endpoint-protection.js +1 -1
  291. package/dist/layer2/ai-endpoint-protection.js.map +1 -1
  292. package/dist/layer2/ai-execution-sinks.d.ts +4 -1
  293. package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
  294. package/dist/layer2/ai-execution-sinks.js +252 -43
  295. package/dist/layer2/ai-execution-sinks.js.map +1 -1
  296. package/dist/layer2/ai-fingerprinting.d.ts +4 -1
  297. package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
  298. package/dist/layer2/ai-fingerprinting.js +25 -32
  299. package/dist/layer2/ai-fingerprinting.js.map +1 -1
  300. package/dist/layer2/ai-mcp-security.d.ts +4 -1
  301. package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
  302. package/dist/layer2/ai-mcp-security.js +200 -2
  303. package/dist/layer2/ai-mcp-security.js.map +1 -1
  304. package/dist/layer2/ai-package-hallucination.d.ts +4 -1
  305. package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
  306. package/dist/layer2/ai-package-hallucination.js +136 -4
  307. package/dist/layer2/ai-package-hallucination.js.map +1 -1
  308. package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
  309. package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
  310. package/dist/layer2/ai-prompt-hygiene.js +342 -28
  311. package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
  312. package/dist/layer2/ai-rag-safety.d.ts +4 -1
  313. package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
  314. package/dist/layer2/ai-rag-safety.js +82 -2
  315. package/dist/layer2/ai-rag-safety.js.map +1 -1
  316. package/dist/layer2/ai-schema-validation.d.ts +4 -1
  317. package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
  318. package/dist/layer2/ai-schema-validation.js +2 -2
  319. package/dist/layer2/ai-schema-validation.js.map +1 -1
  320. package/dist/layer2/auth-antipatterns.d.ts +2 -0
  321. package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
  322. package/dist/layer2/auth-antipatterns.js +205 -20
  323. package/dist/layer2/auth-antipatterns.js.map +1 -1
  324. package/dist/layer2/byok-patterns.d.ts +4 -1
  325. package/dist/layer2/byok-patterns.d.ts.map +1 -1
  326. package/dist/layer2/byok-patterns.js +2 -2
  327. package/dist/layer2/byok-patterns.js.map +1 -1
  328. package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
  329. package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
  330. package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
  331. package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
  332. package/dist/layer2/dangerous-functions/index.d.ts +4 -1
  333. package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
  334. package/dist/layer2/dangerous-functions/index.js +551 -20
  335. package/dist/layer2/dangerous-functions/index.js.map +1 -1
  336. package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
  337. package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
  338. package/dist/layer2/dangerous-functions/math-random.js +241 -16
  339. package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
  340. package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
  341. package/dist/layer2/dangerous-functions/patterns.js +3 -1
  342. package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
  343. package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
  344. package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
  345. package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
  346. package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
  347. package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
  348. package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
  349. package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
  350. package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
  351. package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
  352. package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
  353. package/dist/layer2/data-exposure.d.ts +4 -1
  354. package/dist/layer2/data-exposure.d.ts.map +1 -1
  355. package/dist/layer2/data-exposure.js +11 -38
  356. package/dist/layer2/data-exposure.js.map +1 -1
  357. package/dist/layer2/framework-checks.d.ts +4 -1
  358. package/dist/layer2/framework-checks.d.ts.map +1 -1
  359. package/dist/layer2/framework-checks.js +3 -10
  360. package/dist/layer2/framework-checks.js.map +1 -1
  361. package/dist/layer2/index.d.ts +13 -1
  362. package/dist/layer2/index.d.ts.map +1 -1
  363. package/dist/layer2/index.js +107 -52
  364. package/dist/layer2/index.js.map +1 -1
  365. package/dist/layer2/log-injection.d.ts +18 -0
  366. package/dist/layer2/log-injection.d.ts.map +1 -0
  367. package/dist/layer2/log-injection.js +214 -0
  368. package/dist/layer2/log-injection.js.map +1 -0
  369. package/dist/layer2/logic-gates.d.ts +4 -1
  370. package/dist/layer2/logic-gates.d.ts.map +1 -1
  371. package/dist/layer2/logic-gates.js +54 -20
  372. package/dist/layer2/logic-gates.js.map +1 -1
  373. package/dist/layer2/model-supply-chain.d.ts +4 -1
  374. package/dist/layer2/model-supply-chain.d.ts.map +1 -1
  375. package/dist/layer2/model-supply-chain.js +72 -4
  376. package/dist/layer2/model-supply-chain.js.map +1 -1
  377. package/dist/layer2/risky-imports.d.ts +4 -1
  378. package/dist/layer2/risky-imports.d.ts.map +1 -1
  379. package/dist/layer2/risky-imports.js +2 -2
  380. package/dist/layer2/risky-imports.js.map +1 -1
  381. package/dist/layer2/security-headers.d.ts +18 -0
  382. package/dist/layer2/security-headers.d.ts.map +1 -0
  383. package/dist/layer2/security-headers.js +187 -0
  384. package/dist/layer2/security-headers.js.map +1 -0
  385. package/dist/layer2/ssrf-detection.d.ts +18 -0
  386. package/dist/layer2/ssrf-detection.d.ts.map +1 -0
  387. package/dist/layer2/ssrf-detection.js +252 -0
  388. package/dist/layer2/ssrf-detection.js.map +1 -0
  389. package/dist/layer2/variables.d.ts +4 -1
  390. package/dist/layer2/variables.d.ts.map +1 -1
  391. package/dist/layer2/variables.js +2 -2
  392. package/dist/layer2/variables.js.map +1 -1
  393. package/dist/layer2/xxe-detection.d.ts +18 -0
  394. package/dist/layer2/xxe-detection.d.ts.map +1 -0
  395. package/dist/layer2/xxe-detection.js +242 -0
  396. package/dist/layer2/xxe-detection.js.map +1 -0
  397. package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
  398. package/dist/layer3/anthropic/auto-dismiss.js +11 -0
  399. package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
  400. package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
  401. package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
  402. package/dist/layer3/anthropic/prompts/index.js +3 -1
  403. package/dist/layer3/anthropic/prompts/index.js.map +1 -1
  404. package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
  405. package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
  406. package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
  407. package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
  408. package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
  409. package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
  410. package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
  411. package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
  412. package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
  413. package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
  414. package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
  415. package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
  416. package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
  417. package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
  418. package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
  419. package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
  420. package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
  421. package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
  422. package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
  423. package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
  424. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
  425. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
  426. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
  427. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
  428. package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
  429. package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
  430. package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
  431. package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
  432. package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
  433. package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
  434. package/dist/layer3/anthropic/prompts/validation.js +14 -410
  435. package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
  436. package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
  437. package/dist/layer3/anthropic/providers/anthropic.js +6 -3
  438. package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
  439. package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
  440. package/dist/layer3/anthropic/providers/openai.js +6 -3
  441. package/dist/layer3/anthropic/providers/openai.js.map +1 -1
  442. package/dist/layer3/anthropic/request-builder.d.ts +11 -4
  443. package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
  444. package/dist/layer3/anthropic/request-builder.js +32 -16
  445. package/dist/layer3/anthropic/request-builder.js.map +1 -1
  446. package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
  447. package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
  448. package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
  449. package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
  450. package/dist/layer3/anthropic/utils/index.d.ts +2 -0
  451. package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
  452. package/dist/layer3/anthropic/utils/index.js +4 -1
  453. package/dist/layer3/anthropic/utils/index.js.map +1 -1
  454. package/dist/model/auth-helper-detector.d.ts +56 -0
  455. package/dist/model/auth-helper-detector.d.ts.map +1 -0
  456. package/dist/model/auth-helper-detector.js +360 -0
  457. package/dist/model/auth-helper-detector.js.map +1 -0
  458. package/dist/model/cross-file-taint.d.ts +40 -0
  459. package/dist/model/cross-file-taint.d.ts.map +1 -0
  460. package/dist/model/cross-file-taint.js +290 -0
  461. package/dist/model/cross-file-taint.js.map +1 -0
  462. package/dist/model/framework-models/django.d.ts +9 -0
  463. package/dist/model/framework-models/django.d.ts.map +1 -0
  464. package/dist/model/framework-models/django.js +82 -0
  465. package/dist/model/framework-models/django.js.map +1 -0
  466. package/dist/model/framework-models/express.d.ts +9 -0
  467. package/dist/model/framework-models/express.d.ts.map +1 -0
  468. package/dist/model/framework-models/express.js +52 -0
  469. package/dist/model/framework-models/express.js.map +1 -0
  470. package/dist/model/framework-models/index.d.ts +20 -0
  471. package/dist/model/framework-models/index.d.ts.map +1 -0
  472. package/dist/model/framework-models/index.js +102 -0
  473. package/dist/model/framework-models/index.js.map +1 -0
  474. package/dist/model/framework-models/nextjs.d.ts +9 -0
  475. package/dist/model/framework-models/nextjs.d.ts.map +1 -0
  476. package/dist/model/framework-models/nextjs.js +71 -0
  477. package/dist/model/framework-models/nextjs.js.map +1 -0
  478. package/dist/model/framework-models/prisma.d.ts +10 -0
  479. package/dist/model/framework-models/prisma.d.ts.map +1 -0
  480. package/dist/model/framework-models/prisma.js +54 -0
  481. package/dist/model/framework-models/prisma.js.map +1 -0
  482. package/dist/model/framework-models/react.d.ts +9 -0
  483. package/dist/model/framework-models/react.d.ts.map +1 -0
  484. package/dist/model/framework-models/react.js +67 -0
  485. package/dist/model/framework-models/react.js.map +1 -0
  486. package/dist/model/framework-models/sequelize.d.ts +9 -0
  487. package/dist/model/framework-models/sequelize.d.ts.map +1 -0
  488. package/dist/model/framework-models/sequelize.js +62 -0
  489. package/dist/model/framework-models/sequelize.js.map +1 -0
  490. package/dist/model/framework-models/types.d.ts +43 -0
  491. package/dist/model/framework-models/types.d.ts.map +1 -0
  492. package/dist/model/framework-models/types.js +10 -0
  493. package/dist/model/framework-models/types.js.map +1 -0
  494. package/dist/model/function-classifier.d.ts +32 -0
  495. package/dist/model/function-classifier.d.ts.map +1 -0
  496. package/dist/model/function-classifier.js +143 -0
  497. package/dist/model/function-classifier.js.map +1 -0
  498. package/dist/model/import-resolver.d.ts +45 -0
  499. package/dist/model/import-resolver.d.ts.map +1 -0
  500. package/dist/model/import-resolver.js +410 -0
  501. package/dist/model/import-resolver.js.map +1 -0
  502. package/dist/model/imported-auth-detector.d.ts +38 -0
  503. package/dist/model/imported-auth-detector.d.ts.map +1 -0
  504. package/dist/model/imported-auth-detector.js +199 -0
  505. package/dist/model/imported-auth-detector.js.map +1 -0
  506. package/dist/model/index.d.ts +63 -0
  507. package/dist/model/index.d.ts.map +1 -0
  508. package/dist/model/index.js +272 -0
  509. package/dist/model/index.js.map +1 -0
  510. package/dist/model/middleware-detector.d.ts +55 -0
  511. package/dist/model/middleware-detector.d.ts.map +1 -0
  512. package/dist/model/middleware-detector.js +382 -0
  513. package/dist/model/middleware-detector.js.map +1 -0
  514. package/dist/model/module-graph.d.ts +46 -0
  515. package/dist/model/module-graph.d.ts.map +1 -0
  516. package/dist/model/module-graph.js +187 -0
  517. package/dist/model/module-graph.js.map +1 -0
  518. package/dist/model/oauth-flow-detector.d.ts +41 -0
  519. package/dist/model/oauth-flow-detector.d.ts.map +1 -0
  520. package/dist/model/oauth-flow-detector.js +202 -0
  521. package/dist/model/oauth-flow-detector.js.map +1 -0
  522. package/dist/model/project-context.d.ts +119 -0
  523. package/dist/model/project-context.d.ts.map +1 -0
  524. package/dist/model/project-context.js +534 -0
  525. package/dist/model/project-context.js.map +1 -0
  526. package/dist/model/route-auth-resolver.d.ts +27 -0
  527. package/dist/model/route-auth-resolver.d.ts.map +1 -0
  528. package/dist/model/route-auth-resolver.js +182 -0
  529. package/dist/model/route-auth-resolver.js.map +1 -0
  530. package/dist/model/route-discovery/express.d.ts +25 -0
  531. package/dist/model/route-discovery/express.d.ts.map +1 -0
  532. package/dist/model/route-discovery/express.js +225 -0
  533. package/dist/model/route-discovery/express.js.map +1 -0
  534. package/dist/model/route-discovery/index.d.ts +21 -0
  535. package/dist/model/route-discovery/index.d.ts.map +1 -0
  536. package/dist/model/route-discovery/index.js +67 -0
  537. package/dist/model/route-discovery/index.js.map +1 -0
  538. package/dist/model/route-discovery/nextjs.d.ts +16 -0
  539. package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
  540. package/dist/model/route-discovery/nextjs.js +179 -0
  541. package/dist/model/route-discovery/nextjs.js.map +1 -0
  542. package/dist/model/route-discovery/python.d.ts +16 -0
  543. package/dist/model/route-discovery/python.d.ts.map +1 -0
  544. package/dist/model/route-discovery/python.js +181 -0
  545. package/dist/model/route-discovery/python.js.map +1 -0
  546. package/dist/model/route-discovery/types.d.ts +36 -0
  547. package/dist/model/route-discovery/types.d.ts.map +1 -0
  548. package/dist/model/route-discovery/types.js +16 -0
  549. package/dist/model/route-discovery/types.js.map +1 -0
  550. package/dist/model/route-discovery/utils.d.ts +18 -0
  551. package/dist/model/route-discovery/utils.d.ts.map +1 -0
  552. package/dist/model/route-discovery/utils.js +55 -0
  553. package/dist/model/route-discovery/utils.js.map +1 -0
  554. package/dist/model/route-hierarchy.d.ts +50 -0
  555. package/dist/model/route-hierarchy.d.ts.map +1 -0
  556. package/dist/model/route-hierarchy.js +226 -0
  557. package/dist/model/route-hierarchy.js.map +1 -0
  558. package/dist/model/sanitiser-detection.d.ts +27 -0
  559. package/dist/model/sanitiser-detection.d.ts.map +1 -0
  560. package/dist/model/sanitiser-detection.js +224 -0
  561. package/dist/model/sanitiser-detection.js.map +1 -0
  562. package/dist/model/sink-matcher.d.ts +17 -0
  563. package/dist/model/sink-matcher.d.ts.map +1 -0
  564. package/dist/model/sink-matcher.js +141 -0
  565. package/dist/model/sink-matcher.js.map +1 -0
  566. package/dist/model/sink-patterns.d.ts +19 -0
  567. package/dist/model/sink-patterns.d.ts.map +1 -0
  568. package/dist/model/sink-patterns.js +88 -0
  569. package/dist/model/sink-patterns.js.map +1 -0
  570. package/dist/model/source-discovery.d.ts +15 -0
  571. package/dist/model/source-discovery.d.ts.map +1 -0
  572. package/dist/model/source-discovery.js +170 -0
  573. package/dist/model/source-discovery.js.map +1 -0
  574. package/dist/model/taint-tracker.d.ts +21 -0
  575. package/dist/model/taint-tracker.d.ts.map +1 -0
  576. package/dist/model/taint-tracker.js +281 -0
  577. package/dist/model/taint-tracker.js.map +1 -0
  578. package/dist/model/taint-types.d.ts +74 -0
  579. package/dist/model/taint-types.d.ts.map +1 -0
  580. package/dist/model/taint-types.js +9 -0
  581. package/dist/model/taint-types.js.map +1 -0
  582. package/dist/model/trpc-analyzer.d.ts +78 -0
  583. package/dist/model/trpc-analyzer.d.ts.map +1 -0
  584. package/dist/model/trpc-analyzer.js +297 -0
  585. package/dist/model/trpc-analyzer.js.map +1 -0
  586. package/dist/modes/incremental.js +1 -1
  587. package/dist/parse/file-classifier.d.ts +228 -0
  588. package/dist/parse/file-classifier.d.ts.map +1 -0
  589. package/dist/parse/file-classifier.js +933 -0
  590. package/dist/parse/file-classifier.js.map +1 -0
  591. package/dist/parse/path-exclusions.d.ts +55 -0
  592. package/dist/parse/path-exclusions.d.ts.map +1 -0
  593. package/dist/parse/path-exclusions.js +224 -0
  594. package/dist/parse/path-exclusions.js.map +1 -0
  595. package/dist/pipeline/config.d.ts +39 -0
  596. package/dist/pipeline/config.d.ts.map +1 -0
  597. package/dist/pipeline/config.js +46 -0
  598. package/dist/pipeline/config.js.map +1 -0
  599. package/dist/pipeline/index.d.ts +34 -0
  600. package/dist/pipeline/index.d.ts.map +1 -0
  601. package/dist/pipeline/index.js +377 -0
  602. package/dist/pipeline/index.js.map +1 -0
  603. package/dist/pipeline/modes/incremental.d.ts +66 -0
  604. package/dist/pipeline/modes/incremental.d.ts.map +1 -0
  605. package/dist/pipeline/modes/incremental.js +200 -0
  606. package/dist/pipeline/modes/incremental.js.map +1 -0
  607. package/dist/postprocess/aggregation.d.ts +14 -0
  608. package/dist/postprocess/aggregation.d.ts.map +1 -0
  609. package/dist/postprocess/aggregation.js +63 -0
  610. package/dist/postprocess/aggregation.js.map +1 -0
  611. package/dist/postprocess/contradictions.d.ts +18 -0
  612. package/dist/postprocess/contradictions.d.ts.map +1 -0
  613. package/dist/postprocess/contradictions.js +99 -0
  614. package/dist/postprocess/contradictions.js.map +1 -0
  615. package/dist/postprocess/dedup.d.ts +13 -0
  616. package/dist/postprocess/dedup.d.ts.map +1 -0
  617. package/dist/postprocess/dedup.js +58 -0
  618. package/dist/postprocess/dedup.js.map +1 -0
  619. package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
  620. package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
  621. package/dist/postprocess/filtering/context-adjustments.js +100 -0
  622. package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
  623. package/dist/postprocess/filtering/index.d.ts +3 -0
  624. package/dist/postprocess/filtering/index.d.ts.map +1 -0
  625. package/dist/postprocess/filtering/index.js +8 -0
  626. package/dist/postprocess/filtering/index.js.map +1 -0
  627. package/dist/postprocess/filtering/pipeline.d.ts +48 -0
  628. package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
  629. package/dist/postprocess/filtering/pipeline.js +76 -0
  630. package/dist/postprocess/filtering/pipeline.js.map +1 -0
  631. package/dist/postprocess/index.d.ts +41 -0
  632. package/dist/postprocess/index.d.ts.map +1 -0
  633. package/dist/postprocess/index.js +85 -0
  634. package/dist/postprocess/index.js.map +1 -0
  635. package/dist/postprocess/suppression/config-loader.d.ts +74 -0
  636. package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
  637. package/dist/postprocess/suppression/config-loader.js +424 -0
  638. package/dist/postprocess/suppression/config-loader.js.map +1 -0
  639. package/dist/postprocess/suppression/hash.d.ts +48 -0
  640. package/dist/postprocess/suppression/hash.d.ts.map +1 -0
  641. package/dist/postprocess/suppression/hash.js +88 -0
  642. package/dist/postprocess/suppression/hash.js.map +1 -0
  643. package/dist/postprocess/suppression/index.d.ts +11 -0
  644. package/dist/postprocess/suppression/index.d.ts.map +1 -0
  645. package/dist/postprocess/suppression/index.js +39 -0
  646. package/dist/postprocess/suppression/index.js.map +1 -0
  647. package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
  648. package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
  649. package/dist/postprocess/suppression/inline-parser.js +218 -0
  650. package/dist/postprocess/suppression/inline-parser.js.map +1 -0
  651. package/dist/postprocess/suppression/manager.d.ts +94 -0
  652. package/dist/postprocess/suppression/manager.d.ts.map +1 -0
  653. package/dist/postprocess/suppression/manager.js +292 -0
  654. package/dist/postprocess/suppression/manager.js.map +1 -0
  655. package/dist/postprocess/suppression/types.d.ts +151 -0
  656. package/dist/postprocess/suppression/types.d.ts.map +1 -0
  657. package/dist/postprocess/suppression/types.js +28 -0
  658. package/dist/postprocess/suppression/types.js.map +1 -0
  659. package/dist/postprocess/validation-cap.d.ts +17 -0
  660. package/dist/postprocess/validation-cap.d.ts.map +1 -0
  661. package/dist/postprocess/validation-cap.js +64 -0
  662. package/dist/postprocess/validation-cap.js.map +1 -0
  663. package/dist/report/build-result.d.ts +33 -0
  664. package/dist/report/build-result.d.ts.map +1 -0
  665. package/dist/report/build-result.js +59 -0
  666. package/dist/report/build-result.js.map +1 -0
  667. package/dist/report/enrichment.d.ts +19 -0
  668. package/dist/report/enrichment.d.ts.map +1 -0
  669. package/dist/report/enrichment.js +44 -0
  670. package/dist/report/enrichment.js.map +1 -0
  671. package/dist/report/formatters/ai-context.d.ts +23 -0
  672. package/dist/report/formatters/ai-context.d.ts.map +1 -0
  673. package/dist/report/formatters/ai-context.js +238 -0
  674. package/dist/report/formatters/ai-context.js.map +1 -0
  675. package/dist/report/formatters/cli-terminal.d.ts +65 -0
  676. package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
  677. package/dist/report/formatters/cli-terminal.js +735 -0
  678. package/dist/report/formatters/cli-terminal.js.map +1 -0
  679. package/dist/report/formatters/github-comment.d.ts +41 -0
  680. package/dist/report/formatters/github-comment.d.ts.map +1 -0
  681. package/dist/report/formatters/github-comment.js +370 -0
  682. package/dist/report/formatters/github-comment.js.map +1 -0
  683. package/dist/report/formatters/grouping.d.ts +52 -0
  684. package/dist/report/formatters/grouping.d.ts.map +1 -0
  685. package/dist/report/formatters/grouping.js +152 -0
  686. package/dist/report/formatters/grouping.js.map +1 -0
  687. package/dist/report/formatters/ide/claude-code.d.ts +17 -0
  688. package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
  689. package/dist/report/formatters/ide/claude-code.js +94 -0
  690. package/dist/report/formatters/ide/claude-code.js.map +1 -0
  691. package/dist/report/formatters/ide/cursor.d.ts +13 -0
  692. package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
  693. package/dist/report/formatters/ide/cursor.js +125 -0
  694. package/dist/report/formatters/ide/cursor.js.map +1 -0
  695. package/dist/report/formatters/ide/index.d.ts +62 -0
  696. package/dist/report/formatters/ide/index.d.ts.map +1 -0
  697. package/dist/report/formatters/ide/index.js +184 -0
  698. package/dist/report/formatters/ide/index.js.map +1 -0
  699. package/dist/report/formatters/ide/windsurf.d.ts +13 -0
  700. package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
  701. package/dist/report/formatters/ide/windsurf.js +117 -0
  702. package/dist/report/formatters/ide/windsurf.js.map +1 -0
  703. package/dist/report/formatters/index.d.ts +11 -0
  704. package/dist/report/formatters/index.d.ts.map +1 -0
  705. package/dist/report/formatters/index.js +54 -0
  706. package/dist/report/formatters/index.js.map +1 -0
  707. package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
  708. package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
  709. package/dist/report/formatters/vscode-diagnostic.js +151 -0
  710. package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
  711. package/dist/report/summary.d.ts +27 -0
  712. package/dist/report/summary.d.ts.map +1 -0
  713. package/dist/report/summary.js +57 -0
  714. package/dist/report/summary.js.map +1 -0
  715. package/dist/rules/metadata.d.ts.map +1 -1
  716. package/dist/rules/metadata.js +66 -0
  717. package/dist/rules/metadata.js.map +1 -1
  718. package/dist/score/adjustments.d.ts +22 -0
  719. package/dist/score/adjustments.d.ts.map +1 -0
  720. package/dist/score/adjustments.js +373 -0
  721. package/dist/score/adjustments.js.map +1 -0
  722. package/dist/score/auto-dismiss.d.ts +28 -0
  723. package/dist/score/auto-dismiss.d.ts.map +1 -0
  724. package/dist/score/auto-dismiss.js +200 -0
  725. package/dist/score/auto-dismiss.js.map +1 -0
  726. package/dist/score/confidence.d.ts +19 -0
  727. package/dist/score/confidence.d.ts.map +1 -0
  728. package/dist/score/confidence.js +52 -0
  729. package/dist/score/confidence.js.map +1 -0
  730. package/dist/score/index.d.ts +61 -0
  731. package/dist/score/index.d.ts.map +1 -0
  732. package/dist/score/index.js +250 -0
  733. package/dist/score/index.js.map +1 -0
  734. package/dist/score/types.d.ts +160 -0
  735. package/dist/score/types.d.ts.map +1 -0
  736. package/dist/score/types.js +14 -0
  737. package/dist/score/types.js.map +1 -0
  738. package/dist/shared/ai-context/index.d.ts +6 -0
  739. package/dist/shared/ai-context/index.d.ts.map +1 -0
  740. package/dist/shared/ai-context/index.js +13 -0
  741. package/dist/shared/ai-context/index.js.map +1 -0
  742. package/dist/shared/ai-context/manager.d.ts +67 -0
  743. package/dist/shared/ai-context/manager.d.ts.map +1 -0
  744. package/dist/shared/ai-context/manager.js +104 -0
  745. package/dist/shared/ai-context/manager.js.map +1 -0
  746. package/dist/shared/baseline/diff.d.ts +32 -0
  747. package/dist/shared/baseline/diff.d.ts.map +1 -0
  748. package/dist/shared/baseline/diff.js +119 -0
  749. package/dist/shared/baseline/diff.js.map +1 -0
  750. package/dist/shared/baseline/index.d.ts +9 -0
  751. package/dist/shared/baseline/index.d.ts.map +1 -0
  752. package/dist/shared/baseline/index.js +19 -0
  753. package/dist/shared/baseline/index.js.map +1 -0
  754. package/dist/shared/baseline/manager.d.ts +67 -0
  755. package/dist/shared/baseline/manager.d.ts.map +1 -0
  756. package/dist/shared/baseline/manager.js +180 -0
  757. package/dist/shared/baseline/manager.js.map +1 -0
  758. package/dist/shared/baseline/types.d.ts +91 -0
  759. package/dist/shared/baseline/types.d.ts.map +1 -0
  760. package/dist/shared/baseline/types.js +12 -0
  761. package/dist/shared/baseline/types.js.map +1 -0
  762. package/dist/shared/category-filter.d.ts +125 -0
  763. package/dist/shared/category-filter.d.ts.map +1 -0
  764. package/dist/shared/category-filter.js +360 -0
  765. package/dist/shared/category-filter.js.map +1 -0
  766. package/dist/shared/code-analysis.d.ts +39 -0
  767. package/dist/shared/code-analysis.d.ts.map +1 -0
  768. package/dist/shared/code-analysis.js +159 -0
  769. package/dist/shared/code-analysis.js.map +1 -0
  770. package/dist/shared/comment-analyzer.d.ts +38 -0
  771. package/dist/shared/comment-analyzer.d.ts.map +1 -0
  772. package/dist/shared/comment-analyzer.js +218 -0
  773. package/dist/shared/comment-analyzer.js.map +1 -0
  774. package/dist/shared/diff-detector.d.ts +53 -0
  775. package/dist/shared/diff-detector.d.ts.map +1 -0
  776. package/dist/shared/diff-detector.js +104 -0
  777. package/dist/shared/diff-detector.js.map +1 -0
  778. package/dist/shared/diff-parser.d.ts +80 -0
  779. package/dist/shared/diff-parser.d.ts.map +1 -0
  780. package/dist/shared/diff-parser.js +202 -0
  781. package/dist/shared/diff-parser.js.map +1 -0
  782. package/dist/shared/environment-context.d.ts +76 -0
  783. package/dist/shared/environment-context.d.ts.map +1 -0
  784. package/dist/shared/environment-context.js +271 -0
  785. package/dist/shared/environment-context.js.map +1 -0
  786. package/dist/shared/intent-detector.d.ts +66 -0
  787. package/dist/shared/intent-detector.d.ts.map +1 -0
  788. package/dist/shared/intent-detector.js +282 -0
  789. package/dist/shared/intent-detector.js.map +1 -0
  790. package/dist/shared/parsed-file.d.ts +51 -0
  791. package/dist/shared/parsed-file.d.ts.map +1 -0
  792. package/dist/shared/parsed-file.js +95 -0
  793. package/dist/shared/parsed-file.js.map +1 -0
  794. package/dist/shared/registry-clients.d.ts +93 -0
  795. package/dist/shared/registry-clients.d.ts.map +1 -0
  796. package/dist/shared/registry-clients.js +273 -0
  797. package/dist/shared/registry-clients.js.map +1 -0
  798. package/dist/shared/rules/framework-fixes.d.ts +48 -0
  799. package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
  800. package/dist/shared/rules/framework-fixes.js +439 -0
  801. package/dist/shared/rules/framework-fixes.js.map +1 -0
  802. package/dist/shared/rules/index.d.ts +8 -0
  803. package/dist/shared/rules/index.d.ts.map +1 -0
  804. package/dist/shared/rules/index.js +18 -0
  805. package/dist/shared/rules/index.js.map +1 -0
  806. package/dist/shared/rules/metadata.d.ts +43 -0
  807. package/dist/shared/rules/metadata.d.ts.map +1 -0
  808. package/dist/shared/rules/metadata.js +819 -0
  809. package/dist/shared/rules/metadata.js.map +1 -0
  810. package/dist/shared/schema-semantics.d.ts +45 -0
  811. package/dist/shared/schema-semantics.d.ts.map +1 -0
  812. package/dist/shared/schema-semantics.js +193 -0
  813. package/dist/shared/schema-semantics.js.map +1 -0
  814. package/dist/shared/types.d.ts +337 -0
  815. package/dist/shared/types.d.ts.map +1 -0
  816. package/dist/shared/types.js +126 -0
  817. package/dist/shared/types.js.map +1 -0
  818. package/dist/tiers.d.ts +4 -4
  819. package/dist/tiers.d.ts.map +1 -1
  820. package/dist/tiers.js +17 -7
  821. package/dist/tiers.js.map +1 -1
  822. package/dist/types.d.ts +79 -9
  823. package/dist/types.d.ts.map +1 -1
  824. package/dist/types.js +34 -0
  825. package/dist/types.js.map +1 -1
  826. package/dist/utils/code-analysis.d.ts +39 -0
  827. package/dist/utils/code-analysis.d.ts.map +1 -0
  828. package/dist/utils/code-analysis.js +159 -0
  829. package/dist/utils/code-analysis.js.map +1 -0
  830. package/dist/utils/comment-analyzer.d.ts +38 -0
  831. package/dist/utils/comment-analyzer.d.ts.map +1 -0
  832. package/dist/utils/comment-analyzer.js +218 -0
  833. package/dist/utils/comment-analyzer.js.map +1 -0
  834. package/dist/utils/context-helpers.d.ts +108 -1
  835. package/dist/utils/context-helpers.d.ts.map +1 -1
  836. package/dist/utils/context-helpers.js +351 -2
  837. package/dist/utils/context-helpers.js.map +1 -1
  838. package/dist/utils/environment-context.d.ts +76 -0
  839. package/dist/utils/environment-context.d.ts.map +1 -0
  840. package/dist/utils/environment-context.js +271 -0
  841. package/dist/utils/environment-context.js.map +1 -0
  842. package/dist/utils/intent-detector.d.ts +66 -0
  843. package/dist/utils/intent-detector.d.ts.map +1 -0
  844. package/dist/utils/intent-detector.js +282 -0
  845. package/dist/utils/intent-detector.js.map +1 -0
  846. package/dist/utils/parsed-file.d.ts +51 -0
  847. package/dist/utils/parsed-file.d.ts.map +1 -0
  848. package/dist/utils/parsed-file.js +95 -0
  849. package/dist/utils/parsed-file.js.map +1 -0
  850. package/dist/utils/route-hierarchy.d.ts +50 -0
  851. package/dist/utils/route-hierarchy.d.ts.map +1 -0
  852. package/dist/utils/route-hierarchy.js +226 -0
  853. package/dist/utils/route-hierarchy.js.map +1 -0
  854. package/dist/utils/schema-semantics.d.ts +45 -0
  855. package/dist/utils/schema-semantics.d.ts.map +1 -0
  856. package/dist/utils/schema-semantics.js +193 -0
  857. package/dist/utils/schema-semantics.js.map +1 -0
  858. package/dist/validate/clients.d.ts +44 -0
  859. package/dist/validate/clients.d.ts.map +1 -0
  860. package/dist/validate/clients.js +81 -0
  861. package/dist/validate/clients.js.map +1 -0
  862. package/dist/validate/index.d.ts +41 -0
  863. package/dist/validate/index.d.ts.map +1 -0
  864. package/dist/validate/index.js +141 -0
  865. package/dist/validate/index.js.map +1 -0
  866. package/dist/validate/prompts/index.d.ts +8 -0
  867. package/dist/validate/prompts/index.d.ts.map +1 -0
  868. package/dist/validate/prompts/index.js +16 -0
  869. package/dist/validate/prompts/index.js.map +1 -0
  870. package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
  871. package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
  872. package/dist/validate/prompts/modules/ai-patterns.js +156 -0
  873. package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
  874. package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
  875. package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
  876. package/dist/validate/prompts/modules/auth-access.js +25 -0
  877. package/dist/validate/prompts/modules/auth-access.js.map +1 -0
  878. package/dist/validate/prompts/modules/common.d.ts +11 -0
  879. package/dist/validate/prompts/modules/common.d.ts.map +1 -0
  880. package/dist/validate/prompts/modules/common.js +186 -0
  881. package/dist/validate/prompts/modules/common.js.map +1 -0
  882. package/dist/validate/prompts/modules/index.d.ts +54 -0
  883. package/dist/validate/prompts/modules/index.d.ts.map +1 -0
  884. package/dist/validate/prompts/modules/index.js +186 -0
  885. package/dist/validate/prompts/modules/index.js.map +1 -0
  886. package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
  887. package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
  888. package/dist/validate/prompts/modules/owasp-classic.js +84 -0
  889. package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
  890. package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
  891. package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
  892. package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
  893. package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
  894. package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
  895. package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
  896. package/dist/validate/prompts/modules/xss-prompt.js +22 -0
  897. package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
  898. package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
  899. package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
  900. package/dist/validate/prompts/semantic-analysis.js +169 -0
  901. package/dist/validate/prompts/semantic-analysis.js.map +1 -0
  902. package/dist/validate/prompts/validation.d.ts +18 -0
  903. package/dist/validate/prompts/validation.d.ts.map +1 -0
  904. package/dist/validate/prompts/validation.js +25 -0
  905. package/dist/validate/prompts/validation.js.map +1 -0
  906. package/dist/validate/providers/anthropic.d.ts +17 -0
  907. package/dist/validate/providers/anthropic.d.ts.map +1 -0
  908. package/dist/validate/providers/anthropic.js +260 -0
  909. package/dist/validate/providers/anthropic.js.map +1 -0
  910. package/dist/validate/providers/index.d.ts +8 -0
  911. package/dist/validate/providers/index.d.ts.map +1 -0
  912. package/dist/validate/providers/index.js +13 -0
  913. package/dist/validate/providers/index.js.map +1 -0
  914. package/dist/validate/providers/openai.d.ts +14 -0
  915. package/dist/validate/providers/openai.d.ts.map +1 -0
  916. package/dist/validate/providers/openai.js +336 -0
  917. package/dist/validate/providers/openai.js.map +1 -0
  918. package/dist/validate/request-builder.d.ts +61 -0
  919. package/dist/validate/request-builder.d.ts.map +1 -0
  920. package/dist/validate/request-builder.js +346 -0
  921. package/dist/validate/request-builder.js.map +1 -0
  922. package/dist/validate/types.d.ts +88 -0
  923. package/dist/validate/types.d.ts.map +1 -0
  924. package/dist/validate/types.js +38 -0
  925. package/dist/validate/types.js.map +1 -0
  926. package/dist/validate/utils/context-extractor.d.ts +55 -0
  927. package/dist/validate/utils/context-extractor.d.ts.map +1 -0
  928. package/dist/validate/utils/context-extractor.js +161 -0
  929. package/dist/validate/utils/context-extractor.js.map +1 -0
  930. package/dist/validate/utils/index.d.ts +11 -0
  931. package/dist/validate/utils/index.d.ts.map +1 -0
  932. package/dist/validate/utils/index.js +27 -0
  933. package/dist/validate/utils/index.js.map +1 -0
  934. package/dist/validate/utils/path-helpers.d.ts +21 -0
  935. package/dist/validate/utils/path-helpers.d.ts.map +1 -0
  936. package/dist/validate/utils/path-helpers.js +69 -0
  937. package/dist/validate/utils/path-helpers.js.map +1 -0
  938. package/dist/validate/utils/response-parser.d.ts +40 -0
  939. package/dist/validate/utils/response-parser.d.ts.map +1 -0
  940. package/dist/validate/utils/response-parser.js +286 -0
  941. package/dist/validate/utils/response-parser.js.map +1 -0
  942. package/dist/validate/utils/retry.d.ts +15 -0
  943. package/dist/validate/utils/retry.d.ts.map +1 -0
  944. package/dist/validate/utils/retry.js +62 -0
  945. package/dist/validate/utils/retry.js.map +1 -0
  946. package/package.json +8 -7
  947. package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
  948. package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
  949. package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
  950. package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
  951. package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
  952. package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
  953. package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
  954. package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
  955. package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
  956. package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
  957. package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
  958. package/src/__tests__/benchmark/types.ts +1 -1
  959. package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
  960. package/src/__tests__/category-filter.test.ts +478 -0
  961. package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
  962. package/src/__tests__/context-engine/framework-models.test.ts +457 -0
  963. package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
  964. package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
  965. package/src/__tests__/context-engine/integration.test.ts +320 -0
  966. package/src/__tests__/context-engine/module-graph.test.ts +159 -0
  967. package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
  968. package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
  969. package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
  970. package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
  971. package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
  972. package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
  973. package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
  974. package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
  975. package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
  976. package/src/__tests__/regression/known-false-positives.test.ts +801 -3
  977. package/src/__tests__/score/adjustments.test.ts +385 -0
  978. package/src/__tests__/score/confidence.test.ts +283 -0
  979. package/src/__tests__/score/framework-scoring.test.ts +275 -0
  980. package/src/__tests__/score/route-scoring.test.ts +156 -0
  981. package/src/__tests__/score/scoring-integration.test.ts +165 -0
  982. package/src/__tests__/score/taint-adjustments.test.ts +244 -0
  983. package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
  984. package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
  985. package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
  986. package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
  987. package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
  988. package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
  989. package/src/__tests__/validate/route-annotations.test.ts +138 -0
  990. package/src/__tests__/validation/analyze-results.ts +1 -1
  991. package/src/__tests__/validation/extract-for-triage.ts +1 -1
  992. package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
  993. package/src/__tests__/validation/run-validation.ts +7 -7
  994. package/src/{layer2/ai-agent-tools.ts β†’ detect/ai-code/agent-tools.ts} +729 -4
  995. package/src/{layer2 β†’ detect/ai-code}/byok-patterns.ts +20 -6
  996. package/src/{layer2/ai-endpoint-protection.ts β†’ detect/ai-code/endpoint-protection.ts} +10 -4
  997. package/src/{layer2/ai-execution-sinks.ts β†’ detect/ai-code/execution-sinks.ts} +272 -46
  998. package/src/{layer2/ai-fingerprinting.ts β†’ detect/ai-code/fingerprinting.ts} +46 -34
  999. package/src/detect/ai-code/index.ts +11 -0
  1000. package/src/{layer2/ai-mcp-security.ts β†’ detect/ai-code/mcp-security.ts} +212 -5
  1001. package/src/{layer2 β†’ detect/ai-code}/model-supply-chain.ts +85 -6
  1002. package/src/{layer2/ai-package-hallucination.ts β†’ detect/ai-code/package-hallucination.ts} +170 -6
  1003. package/src/{layer2/ai-prompt-hygiene.ts β†’ detect/ai-code/prompt-hygiene.ts} +393 -28
  1004. package/src/{layer2/ai-rag-safety.ts β†’ detect/ai-code/rag-safety.ts} +91 -4
  1005. package/src/{layer2/ai-schema-validation.ts β†’ detect/ai-code/schema-validation.ts} +10 -4
  1006. package/src/detect/config/agent-skill-injection.ts +551 -0
  1007. package/src/{layer1 β†’ detect/config}/comments.ts +8 -2
  1008. package/src/{layer1 β†’ detect/config}/file-flags.ts +23 -6
  1009. package/src/detect/config/index.ts +6 -0
  1010. package/src/{layer3 β†’ detect/config}/osv-check.ts +3 -2
  1011. package/src/{layer3 β†’ detect/config}/package-check.ts +3 -2
  1012. package/src/{layer1 β†’ detect/config}/urls.ts +196 -15
  1013. package/src/detect/index.ts +131 -0
  1014. package/src/{layer1 β†’ detect/secrets}/config-audit.ts +56 -12
  1015. package/src/{layer1 β†’ detect/secrets}/config-mcp-audit.ts +11 -4
  1016. package/src/{layer1 β†’ detect/secrets}/entropy.ts +256 -11
  1017. package/src/{layer1 β†’ detect/secrets}/index.ts +43 -46
  1018. package/src/{layer1 β†’ detect/secrets}/patterns.ts +51 -6
  1019. package/src/{layer1 β†’ detect/secrets}/weak-crypto.ts +174 -17
  1020. package/src/{layer2/auth-antipatterns.ts β†’ detect/structural/auth-patterns.ts} +249 -27
  1021. package/src/{layer2 β†’ detect/structural}/dangerous-functions/dom-xss.ts +94 -22
  1022. package/src/{layer2 β†’ detect/structural}/dangerous-functions/index.ts +672 -65
  1023. package/src/{layer2 β†’ detect/structural}/dangerous-functions/json-parse.ts +10 -2
  1024. package/src/{layer2 β†’ detect/structural}/dangerous-functions/math-random.ts +269 -17
  1025. package/src/{layer2 β†’ detect/structural}/dangerous-functions/patterns.ts +4 -2
  1026. package/src/{layer2 β†’ detect/structural}/dangerous-functions/request-validation.ts +10 -2
  1027. package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
  1028. package/src/{layer2 β†’ detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
  1029. package/src/{layer2 β†’ detect/structural}/data-exposure.ts +23 -40
  1030. package/src/{layer2 β†’ detect/structural}/framework-checks.ts +13 -12
  1031. package/src/{layer2 β†’ detect/structural}/index.ts +144 -122
  1032. package/src/detect/structural/log-injection.ts +254 -0
  1033. package/src/{layer2 β†’ detect/structural}/logic-gates.ts +69 -24
  1034. package/src/{layer2 β†’ detect/structural}/risky-imports.ts +10 -4
  1035. package/src/detect/structural/security-headers.ts +231 -0
  1036. package/src/detect/structural/ssrf-detection.ts +300 -0
  1037. package/src/{layer2 β†’ detect/structural}/variables.ts +10 -4
  1038. package/src/detect/structural/xxe-detection.ts +295 -0
  1039. package/src/index.ts +64 -1038
  1040. package/src/{utils β†’ model}/auth-helper-detector.ts +1 -1
  1041. package/src/model/cross-file-taint.ts +374 -0
  1042. package/src/model/framework-models/django.ts +82 -0
  1043. package/src/model/framework-models/express.ts +54 -0
  1044. package/src/model/framework-models/index.ts +116 -0
  1045. package/src/model/framework-models/nextjs.ts +69 -0
  1046. package/src/model/framework-models/prisma.ts +57 -0
  1047. package/src/model/framework-models/react.ts +63 -0
  1048. package/src/model/framework-models/sequelize.ts +63 -0
  1049. package/src/model/framework-models/types.ts +46 -0
  1050. package/src/model/function-classifier.ts +184 -0
  1051. package/src/model/import-resolver.ts +453 -0
  1052. package/src/{utils β†’ model}/imported-auth-detector.ts +21 -85
  1053. package/src/model/index.ts +353 -0
  1054. package/src/{utils β†’ model}/middleware-detector.ts +156 -17
  1055. package/src/model/module-graph.ts +254 -0
  1056. package/src/{utils β†’ model}/oauth-flow-detector.ts +1 -1
  1057. package/src/{utils/project-context-builder.ts β†’ model/project-context.ts} +1 -1
  1058. package/src/model/route-auth-resolver.ts +216 -0
  1059. package/src/model/route-discovery/express.ts +251 -0
  1060. package/src/model/route-discovery/index.ts +83 -0
  1061. package/src/model/route-discovery/nextjs.ts +216 -0
  1062. package/src/model/route-discovery/python.ts +214 -0
  1063. package/src/model/route-discovery/types.ts +48 -0
  1064. package/src/model/route-discovery/utils.ts +54 -0
  1065. package/src/model/route-hierarchy.ts +250 -0
  1066. package/src/model/sanitiser-detection.ts +268 -0
  1067. package/src/model/sink-matcher.ts +178 -0
  1068. package/src/model/sink-patterns.ts +109 -0
  1069. package/src/model/source-discovery.ts +209 -0
  1070. package/src/model/taint-tracker.ts +333 -0
  1071. package/src/model/taint-types.ts +149 -0
  1072. package/src/{utils β†’ model}/trpc-analyzer.ts +1 -1
  1073. package/src/{utils/context-helpers.ts β†’ parse/file-classifier.ts} +462 -2
  1074. package/src/{utils β†’ parse}/path-exclusions.ts +1 -1
  1075. package/src/pipeline/config.ts +81 -0
  1076. package/src/pipeline/index.ts +437 -0
  1077. package/src/{modes β†’ pipeline/modes}/incremental.ts +6 -6
  1078. package/src/postprocess/aggregation.ts +74 -0
  1079. package/src/postprocess/contradictions.ts +128 -0
  1080. package/src/postprocess/dedup.ts +62 -0
  1081. package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
  1082. package/src/postprocess/filtering/context-adjustments.ts +111 -0
  1083. package/src/postprocess/filtering/index.ts +10 -0
  1084. package/src/postprocess/filtering/pipeline.ts +130 -0
  1085. package/src/postprocess/index.ts +118 -0
  1086. package/src/{suppression β†’ postprocess/suppression}/config-loader.ts +1 -1
  1087. package/src/{suppression β†’ postprocess/suppression}/hash.ts +1 -1
  1088. package/src/{suppression β†’ postprocess/suppression}/inline-parser.ts +1 -1
  1089. package/src/{suppression β†’ postprocess/suppression}/manager.ts +1 -1
  1090. package/src/{suppression β†’ postprocess/suppression}/types.ts +2 -2
  1091. package/src/postprocess/validation-cap.ts +66 -0
  1092. package/src/report/build-result.ts +94 -0
  1093. package/src/report/enrichment.ts +52 -0
  1094. package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
  1095. package/src/report/formatters/ai-context.ts +302 -0
  1096. package/src/{formatters β†’ report/formatters}/cli-terminal.ts +11 -11
  1097. package/src/{formatters β†’ report/formatters}/github-comment.ts +4 -4
  1098. package/src/{formatters β†’ report/formatters}/grouping.ts +8 -8
  1099. package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
  1100. package/src/report/formatters/ide/claude-code.ts +110 -0
  1101. package/src/report/formatters/ide/cursor.ts +147 -0
  1102. package/src/report/formatters/ide/index.ts +216 -0
  1103. package/src/report/formatters/ide/windsurf.ts +135 -0
  1104. package/src/{formatters β†’ report/formatters}/index.ts +24 -0
  1105. package/src/{formatters β†’ report/formatters}/vscode-diagnostic.ts +1 -1
  1106. package/src/report/summary.ts +70 -0
  1107. package/src/score/adjustments.ts +387 -0
  1108. package/src/{layer3/anthropic β†’ score}/auto-dismiss.ts +26 -14
  1109. package/src/score/confidence.ts +66 -0
  1110. package/src/score/index.ts +316 -0
  1111. package/src/score/types.ts +187 -0
  1112. package/src/shared/__tests__/code-analysis.test.ts +165 -0
  1113. package/src/shared/__tests__/parsed-file.test.ts +124 -0
  1114. package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
  1115. package/src/shared/ai-context/index.ts +15 -0
  1116. package/src/shared/ai-context/manager.ts +145 -0
  1117. package/src/{baseline β†’ shared/baseline}/__tests__/diff.test.ts +2 -2
  1118. package/src/{baseline β†’ shared/baseline}/__tests__/manager.test.ts +2 -2
  1119. package/src/{baseline β†’ shared/baseline}/diff.ts +1 -1
  1120. package/src/{baseline β†’ shared/baseline}/manager.ts +1 -1
  1121. package/src/shared/category-filter.ts +400 -0
  1122. package/src/{layer2/dangerous-functions/utils/control-flow.ts β†’ shared/code-analysis.ts} +56 -39
  1123. package/src/shared/comment-analyzer.ts +249 -0
  1124. package/src/shared/environment-context.ts +304 -0
  1125. package/src/shared/intent-detector.ts +318 -0
  1126. package/src/shared/parsed-file.ts +103 -0
  1127. package/src/{rules β†’ shared/rules}/__tests__/metadata.test.ts +7 -0
  1128. package/src/{rules β†’ shared/rules}/framework-fixes.ts +1 -1
  1129. package/src/{rules β†’ shared/rules}/metadata.ts +94 -0
  1130. package/src/shared/schema-semantics.ts +233 -0
  1131. package/src/{types.ts β†’ shared/types.ts} +142 -11
  1132. package/src/tiers.ts +27 -10
  1133. package/src/validate/__tests__/context-extractor.test.ts +191 -0
  1134. package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
  1135. package/src/validate/__tests__/request-builder.test.ts +347 -0
  1136. package/src/{layer3/anthropic β†’ validate}/index.ts +8 -7
  1137. package/src/{layer3/anthropic β†’ validate}/prompts/index.ts +2 -0
  1138. package/src/validate/prompts/modules/ai-patterns.ts +153 -0
  1139. package/src/validate/prompts/modules/auth-access.ts +22 -0
  1140. package/src/validate/prompts/modules/common.ts +183 -0
  1141. package/src/validate/prompts/modules/index.ts +204 -0
  1142. package/src/validate/prompts/modules/owasp-classic.ts +81 -0
  1143. package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
  1144. package/src/validate/prompts/modules/xss-prompt.ts +19 -0
  1145. package/src/validate/prompts/validation.ts +20 -0
  1146. package/src/{layer3/anthropic β†’ validate}/providers/anthropic.ts +28 -27
  1147. package/src/validate/providers/index.ts +8 -0
  1148. package/src/{layer3/anthropic β†’ validate}/providers/openai.ts +30 -25
  1149. package/src/validate/request-builder.ts +448 -0
  1150. package/src/{layer3/anthropic β†’ validate}/types.ts +1 -1
  1151. package/src/validate/utils/context-extractor.ts +220 -0
  1152. package/src/{layer3/anthropic β†’ validate}/utils/index.ts +10 -0
  1153. package/src/{layer3/anthropic β†’ validate}/utils/response-parser.ts +2 -1
  1154. package/src/layer3/anthropic/prompts/validation.ts +0 -419
  1155. package/src/layer3/anthropic/providers/index.ts +0 -8
  1156. package/src/layer3/anthropic/request-builder.ts +0 -150
  1157. package/src/layer3/index.ts +0 -168
  1158. /package/src/{layer3 β†’ detect/config}/__tests__/osv-check.test.ts +0 -0
  1159. /package/src/{layer2 β†’ detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
  1160. /package/src/{layer2 β†’ detect/structural}/dangerous-functions/child-process.ts +0 -0
  1161. /package/src/{layer2 β†’ detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
  1162. /package/src/{layer2 β†’ detect/structural}/dangerous-functions/utils/index.ts +0 -0
  1163. /package/src/{suppression β†’ postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
  1164. /package/src/{suppression β†’ postprocess/suppression}/__tests__/hash.test.ts +0 -0
  1165. /package/src/{suppression β†’ postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
  1166. /package/src/{suppression β†’ postprocess/suppression}/__tests__/manager.test.ts +0 -0
  1167. /package/src/{suppression β†’ postprocess/suppression}/index.ts +0 -0
  1168. /package/src/{baseline β†’ shared/baseline}/index.ts +0 -0
  1169. /package/src/{baseline β†’ shared/baseline}/types.ts +0 -0
  1170. /package/src/{utils β†’ shared}/diff-detector.ts +0 -0
  1171. /package/src/{utils β†’ shared}/diff-parser.ts +0 -0
  1172. /package/src/{utils β†’ shared}/registry-clients.ts +0 -0
  1173. /package/src/{rules β†’ shared/rules}/__tests__/framework-fixes.test.ts +0 -0
  1174. /package/src/{rules β†’ shared/rules}/index.ts +0 -0
  1175. /package/src/{layer3/anthropic β†’ validate}/clients.ts +0 -0
  1176. /package/src/{layer3/anthropic β†’ validate}/prompts/semantic-analysis.ts +0 -0
  1177. /package/src/{layer3/anthropic β†’ validate}/utils/path-helpers.ts +0 -0
  1178. /package/src/{layer3/anthropic β†’ validate}/utils/retry.ts +0 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts ADDED
@@ -0,0 +1,210 @@
1
+ /**
2
+ * SSRF Detection Test Fixtures
3
+ * Tests for detecting Server-Side Request Forgery patterns
4
+ */
5
+
6
+ import type { TestGroup } from '../../types'
7
+
8
+ export const ssrfDetectionTests: TestGroup = {
9
+ name: 'SSRF Detection',
10
+ tier: 'A',
11
+ layer: 2,
12
+ description: 'Detection of SSRF patterns where user input flows to server-side HTTP requests',
13
+
14
+ truePositives: [
15
+ {
16
+ name: 'SSRF - True Positives',
17
+ expectFindings: true,
18
+ expectedCategories: ['ssrf'],
19
+ description: 'SSRF patterns that MUST be detected',
20
+ file: {
21
+ path: 'src/api/proxy.ts',
22
+ content: `
23
+ import express from 'express'
24
+ import axios from 'axios'
25
+
26
+ const app = express()
27
+
28
+ // Direct taint: fetch(req.body.url)
29
+ app.post('/api/fetch-url', async (req, res) => {
30
+ const response = await fetch(req.body.url)
31
+ const data = await response.json()
32
+ res.json(data)
33
+ })
34
+
35
+ // Direct taint: axios.get(req.query.endpoint)
36
+ app.get('/api/proxy', async (req, res) => {
37
+ const response = await axios.get(req.query.endpoint)
38
+ res.json(response.data)
39
+ })
40
+
41
+ // Open redirect: res.redirect(req.query.next)
42
+ app.get('/auth/callback', (req, res) => {
43
+ res.redirect(req.query.next)
44
+ })
45
+ `,
46
+ language: 'typescript',
47
+ size: 500,
48
+ },
49
+ },
50
+ {
51
+ name: 'SSRF - Variable Mediated',
52
+ expectFindings: true,
53
+ expectedCategories: ['ssrf'],
54
+ description: 'Variable-mediated SSRF that should be detected',
55
+ file: {
56
+ path: 'src/api/webhook.ts',
57
+ content: `
58
+ import express from 'express'
59
+
60
+ const app = express()
61
+
62
+ // Variable-mediated taint
63
+ app.post('/api/webhook/test', async (req, res) => {
64
+ const webhookUrl = req.body.url
65
+ const payload = { event: 'test' }
66
+
67
+ // Tainted variable used in fetch
68
+ const response = await fetch(webhookUrl, {
69
+ method: 'POST',
70
+ body: JSON.stringify(payload),
71
+ })
72
+
73
+ res.json({ status: response.status })
74
+ })
75
+ `,
76
+ language: 'typescript',
77
+ size: 400,
78
+ },
79
+ },
80
+ {
81
+ name: 'SSRF - Template Literal',
82
+ expectFindings: true,
83
+ expectedCategories: ['ssrf'],
84
+ description: 'Template literal with user input in HTTP request URL',
85
+ file: {
86
+ path: 'src/api/service.ts',
87
+ content: `
88
+ import express from 'express'
89
+
90
+ const app = express()
91
+
92
+ // Template literal with user input
93
+ app.get('/api/resource', async (req, res) => {
94
+ const response = await fetch(\`\${req.query.baseUrl}/api/resource\`)
95
+ const data = await response.json()
96
+ res.json(data)
97
+ })
98
+ `,
99
+ language: 'typescript',
100
+ size: 250,
101
+ },
102
+ },
103
+ ],
104
+
105
+ falseNegatives: [
106
+ {
107
+ name: 'SSRF - Env Var URL (safe)',
108
+ expectFindings: false,
109
+ description: 'Fetching from environment variable URL should not be flagged',
110
+ file: {
111
+ path: 'src/api/internal.ts',
112
+ content: `
113
+ import express from 'express'
114
+
115
+ const API_URL = process.env.API_URL
116
+
117
+ const app = express()
118
+
119
+ app.get('/api/data', async (req, res) => {
120
+ // URL from env var, not user input
121
+ const response = await fetch(API_URL + '/data')
122
+ res.json(await response.json())
123
+ })
124
+ `,
125
+ language: 'typescript',
126
+ size: 200,
127
+ },
128
+ },
129
+ {
130
+ name: 'SSRF - Client-Side Fetch (safe)',
131
+ expectFindings: false,
132
+ description: 'Client-side fetch with user input is not SSRF (browser-only)',
133
+ file: {
134
+ path: 'src/components/SearchForm.tsx',
135
+ content: `
136
+ 'use client'
137
+
138
+ import { useState } from 'react'
139
+
140
+ export function SearchForm() {
141
+ const [query, setQuery] = useState('')
142
+
143
+ const handleSearch = async () => {
144
+ // Client-side fetch - not SSRF
145
+ const response = await fetch(\`/api/search?q=\${query}\`)
146
+ const data = await response.json()
147
+ console.log(data)
148
+ }
149
+
150
+ return <input value={query} onChange={(e) => setQuery(e.target.value)} />
151
+ }
152
+ `,
153
+ language: 'typescript',
154
+ size: 300,
155
+ },
156
+ },
157
+ {
158
+ name: 'SSRF - Hardcoded URL (safe)',
159
+ expectFindings: false,
160
+ description: 'Fetching from hardcoded URL is safe',
161
+ file: {
162
+ path: 'src/services/api.ts',
163
+ content: `
164
+ const HARDCODED_URL = 'https://api.example.com/v1'
165
+
166
+ export async function getData() {
167
+ const response = await fetch(HARDCODED_URL + '/data')
168
+ return response.json()
169
+ }
170
+
171
+ export async function getConfig() {
172
+ return fetch('https://config.example.com/settings').then(r => r.json())
173
+ }
174
+ `,
175
+ language: 'typescript',
176
+ size: 200,
177
+ },
178
+ },
179
+ {
180
+ name: 'SSRF - Allowlist Validation (safe)',
181
+ expectFindings: false,
182
+ description: 'Fetch with allowlist validation should not be flagged',
183
+ file: {
184
+ path: 'src/api/validated-proxy.ts',
185
+ content: `
186
+ import express from 'express'
187
+
188
+ const allowedDomains = ['api.example.com', 'cdn.example.com']
189
+
190
+ const app = express()
191
+
192
+ app.post('/api/fetch', async (req, res) => {
193
+ const url = req.body.url
194
+ const parsed = new URL(url)
195
+
196
+ // Allowlist validation
197
+ if (!allowedDomains.includes(parsed.hostname)) {
198
+ return res.status(403).json({ error: 'Domain not allowed' })
199
+ }
200
+
201
+ const response = await fetch(url)
202
+ res.json(await response.json())
203
+ })
204
+ `,
205
+ language: 'typescript',
206
+ size: 350,
207
+ },
208
+ },
209
+ ],
210
+ }
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts ADDED
@@ -0,0 +1,195 @@
1
+ /**
2
+ * XXE Detection Test Fixtures
3
+ * Tests for detecting XML External Entity injection vulnerabilities
4
+ */
5
+
6
+ import type { TestGroup } from '../../types'
7
+
8
+ export const xxeDetectionTests: TestGroup = {
9
+ name: 'XXE Detection',
10
+ tier: 'A',
11
+ layer: 2,
12
+ description: 'Detection of XML parsers used without external entity protection',
13
+
14
+ truePositives: [
15
+ {
16
+ name: 'XXE - Python ElementTree (unprotected)',
17
+ expectFindings: true,
18
+ expectedCategories: ['xxe'],
19
+ description: 'Python xml.etree without defusedxml must be detected',
20
+ file: {
21
+ path: 'src/parser.py',
22
+ content: `
23
+ import xml.etree.ElementTree as ET
24
+
25
+ def parse_user_xml(xml_data):
26
+ # Vulnerable: no defusedxml imported
27
+ tree = ET.parse(xml_data)
28
+ root = tree.getroot()
29
+ return root.find('name').text
30
+ `,
31
+ language: 'python',
32
+ size: 200,
33
+ },
34
+ },
35
+ {
36
+ name: 'XXE - Java DocumentBuilderFactory (unprotected)',
37
+ expectFindings: true,
38
+ expectedCategories: ['xxe'],
39
+ description: 'Java DocumentBuilderFactory without setFeature must be detected',
40
+ file: {
41
+ path: 'src/XmlService.java',
42
+ content: `
43
+ import javax.xml.parsers.DocumentBuilderFactory;
44
+ import javax.xml.parsers.DocumentBuilder;
45
+ import org.w3c.dom.Document;
46
+
47
+ public class XmlService {
48
+ public Document parseXml(String xml) throws Exception {
49
+ // Vulnerable: no feature disabling
50
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
51
+ DocumentBuilder builder = factory.newDocumentBuilder();
52
+ return builder.parse(new InputSource(new StringReader(xml)));
53
+ }
54
+ }
55
+ `,
56
+ language: 'java',
57
+ size: 300,
58
+ },
59
+ },
60
+ {
61
+ name: 'XXE - Node.js xml2js (unprotected)',
62
+ expectFindings: true,
63
+ expectedCategories: ['xxe'],
64
+ description: 'Node.js xml2js without safe options must be detected',
65
+ file: {
66
+ path: 'src/xml-handler.ts',
67
+ content: `
68
+ import xml2js from 'xml2js'
69
+
70
+ export function parseXmlPayload(xmlData: string) {
71
+ // xml2js without explicit safe configuration
72
+ xml2js.parseString(xmlData, (err, result) => {
73
+ if (err) throw err
74
+ return result
75
+ })
76
+ }
77
+ `,
78
+ language: 'typescript',
79
+ size: 200,
80
+ },
81
+ },
82
+ {
83
+ name: 'XXE - PHP simplexml (unprotected)',
84
+ expectFindings: true,
85
+ expectedCategories: ['xxe'],
86
+ description: 'PHP simplexml_load_string without entity disable must be detected',
87
+ file: {
88
+ path: 'src/parser.php',
89
+ content: `
90
+ <?php
91
+
92
+ function parseUserXml($xmlString) {
93
+ // Vulnerable: no entity loader disabled
94
+ $xml = simplexml_load_string($xmlString);
95
+ return $xml->name;
96
+ }
97
+ `,
98
+ language: 'php',
99
+ size: 150,
100
+ },
101
+ },
102
+ ],
103
+
104
+ falseNegatives: [
105
+ {
106
+ name: 'XXE - Python with defusedxml (safe)',
107
+ expectFindings: false,
108
+ description: 'Python file using defusedxml is safe',
109
+ file: {
110
+ path: 'src/safe_parser.py',
111
+ content: `
112
+ import defusedxml.ElementTree as ET
113
+
114
+ def parse_user_xml(xml_data):
115
+ # Safe: using defusedxml
116
+ tree = ET.parse(xml_data)
117
+ root = tree.getroot()
118
+ return root.find('name').text
119
+ `,
120
+ language: 'python',
121
+ size: 200,
122
+ },
123
+ },
124
+ {
125
+ name: 'XXE - Java with DTD Disabled (safe)',
126
+ expectFindings: false,
127
+ description: 'Java DocumentBuilderFactory with disallow-doctype-decl is safe',
128
+ file: {
129
+ path: 'src/SafeXmlService.java',
130
+ content: `
131
+ import javax.xml.parsers.DocumentBuilderFactory;
132
+ import javax.xml.parsers.DocumentBuilder;
133
+
134
+ public class SafeXmlService {
135
+ public Document parseXml(String xml) throws Exception {
136
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
137
+ // Safe: DTD disabled
138
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
139
+ DocumentBuilder builder = factory.newDocumentBuilder();
140
+ return builder.parse(new InputSource(new StringReader(xml)));
141
+ }
142
+ }
143
+ `,
144
+ language: 'java',
145
+ size: 300,
146
+ },
147
+ },
148
+ {
149
+ name: 'XXE - Python with defusedxml import (safe)',
150
+ expectFindings: false,
151
+ description: 'Python file importing defusedxml even if using ET alias',
152
+ file: {
153
+ path: 'src/xml_utils.py',
154
+ content: `
155
+ from defusedxml.ElementTree import parse, fromstring
156
+
157
+ def load_config(path):
158
+ tree = parse(path)
159
+ return tree.getroot()
160
+
161
+ def parse_string(xml_str):
162
+ return fromstring(xml_str)
163
+ `,
164
+ language: 'python',
165
+ size: 200,
166
+ },
167
+ },
168
+ {
169
+ name: 'XXE - Browser DOMParser in TSX (safe)',
170
+ expectFindings: false,
171
+ description: 'Browser DOMParser in client-side TSX is inherently safe',
172
+ file: {
173
+ path: 'src/components/XmlViewer.tsx',
174
+ content: `
175
+ 'use client'
176
+
177
+ export function XmlViewer({ xml }: { xml: string }) {
178
+ const parser = new DOMParser()
179
+ const doc = parser.parseFromString(xml, 'text/xml')
180
+ return <pre>{doc.documentElement.textContent}</pre>
181
+ }
182
+ `,
183
+ language: 'typescript',
184
+ size: 200,
185
+ },
186
+ allowedInfoFindings: [
187
+ {
188
+ category: 'xxe',
189
+ maxCount: 1,
190
+ reason: 'DOMParser in TSX may produce info-level finding',
191
+ },
192
+ ],
193
+ },
194
+ ],
195
+ }
package/src/__tests__/benchmark/run-depth-validation.ts CHANGED
@@ -1,12 +1,12 @@
1
1
  /**
2
2
  * Scan Depth Profile Validation
3
- * Validates that cheap/validated/deep modes work correctly
3
+ * Validates that local/verified/deep modes work correctly
4
4
  */
5
5
 
6
- import { runLayer1Scan } from '../../layer1'
7
- import { runLayer2Scan } from '../../layer2'
6
+ import { runLayer1Scan } from '../../detect/secrets'
7
+ import { runLayer2Scan } from '../../detect/structural'
8
8
  import { getTierForCategory, isTierVisibleAtDepth, formatTierStats, computeTierStats } from '../../tiers'
9
- import type { ScanFile, ScanDepth, Vulnerability } from '../../types'
9
+ import type { ScanFile, ScanDepth, Vulnerability } from '../../shared/types'
10
10
 
11
11
  // Test fixture with various vulnerability types
12
12
  const testFile: ScanFile = {
@@ -87,7 +87,7 @@ async function runValidation() {
87
87
  console.log(`\nπŸ“ˆ ${formatTierStats(tierStats)}`)
88
88
 
89
89
  // Test each depth mode
90
- const depths: ScanDepth[] = ['cheap', 'validated', 'deep']
90
+ const depths: ScanDepth[] = ['local', 'verified', 'deep']
91
91
 
92
92
  console.log('\n' + '-'.repeat(70))
93
93
  console.log('DEPTH MODE BEHAVIOR')
@@ -121,12 +121,12 @@ async function runValidation() {
121
121
 
122
122
  // Show expected behavior
123
123
  switch (depth) {
124
- case 'cheap':
124
+ case 'local':
125
125
  console.log(` β†’ AI validation: SKIPPED`)
126
126
  console.log(` β†’ Layer 3: SKIPPED`)
127
127
  console.log(` β†’ Target time: <5s for typical PRs`)
128
128
  break
129
- case 'validated':
129
+ case 'verified':
130
130
  console.log(` β†’ AI validation: ENABLED`)
131
131
  console.log(` β†’ Layer 3: SKIPPED`)
132
132
  console.log(` β†’ Target time: <15s with <10 AI calls`)
@@ -150,7 +150,7 @@ async function runValidation() {
150
150
  path: `src/api/test-route-${i}.ts`,
151
151
  }))
152
152
 
153
- console.log('\n⏱️ Testing with 10 files (cheap mode, no AI)...')
153
+ console.log('\n⏱️ Testing with 10 files (local mode, no AI)...')
154
154
  const start10 = Date.now()
155
155
  await runLayer1Scan(files10)
156
156
  await runLayer2Scan(files10)
@@ -164,7 +164,7 @@ async function runValidation() {
164
164
  path: `src/api/test-route-${i}.ts`,
165
165
  }))
166
166
 
167
- console.log('\n⏱️ Testing with 50 files (cheap mode, no AI)...')
167
+ console.log('\n⏱️ Testing with 50 files (local mode, no AI)...')
168
168
  const start50 = Date.now()
169
169
  await runLayer1Scan(files50)
170
170
  await runLayer2Scan(files50)
@@ -193,9 +193,9 @@ async function runValidation() {
193
193
  console.log('β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”')
194
194
  console.log('β”‚ Workflow β”‚ Default Depthβ”‚ Rationale β”‚')
195
195
  console.log('β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€')
196
- console.log('β”‚ GitHub PR β”‚ cheap β”‚ Fast feedback, high-signal findingsβ”‚')
197
- console.log('β”‚ VS Code β”‚ validated β”‚ Interactive, balance depth + speed β”‚')
198
- console.log('β”‚ CLI (default) β”‚ cheap β”‚ Fast local scans β”‚')
196
+ console.log('β”‚ GitHub PR β”‚ local β”‚ Fast feedback, high-signal findingsβ”‚')
197
+ console.log('β”‚ VS Code β”‚ verified β”‚ Interactive, balance depth + speed β”‚')
198
+ console.log('β”‚ CLI (default) β”‚ local β”‚ Fast local scans β”‚')
199
199
  console.log('β”‚ CLI --deep β”‚ deep β”‚ Thorough analysis when requested β”‚')
200
200
  console.log('β”‚ Onboarding β”‚ deep β”‚ Full picture on first scan β”‚')
201
201
  console.log('β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜')
package/src/__tests__/benchmark/run-real-world-test.ts CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  import * as fs from 'fs'
7
7
  import * as path from 'path'
8
- import { runLayer1Scan } from '../../layer1'
9
- import { runLayer2Scan } from '../../layer2'
8
+ import { runLayer1Scan } from '../../detect/secrets'
9
+ import { runLayer2Scan } from '../../detect/structural'
10
10
  import { formatTierStats, computeTierStats } from '../../tiers'
11
- import { formatTerminalOutput } from '../../formatters/cli-terminal'
12
- import type { ScanFile, Vulnerability, ScanResult } from '../../types'
11
+ import { formatTerminalOutput } from '../../report/formatters/cli-terminal'
12
+ import type { ScanFile, Vulnerability, ScanResult } from '../../shared/types'
13
13
 
14
14
  /**
15
15
  * Test result for a directory scan
package/src/__tests__/benchmark/types.ts CHANGED
@@ -2,7 +2,7 @@
2
2
  * Shared types for the security benchmark test suite
3
3
  */
4
4
 
5
- import type { ScanFile, Vulnerability, VulnerabilityCategory, VulnerabilitySeverity } from '../../types'
5
+ import type { ScanFile, Vulnerability, VulnerabilityCategory, VulnerabilitySeverity } from '../../shared/types'
6
6
 
7
7
  /**
8
8
  * A test fixture containing a file to scan and expected results
package/src/__tests__/benchmark/utils/test-runner.ts CHANGED
@@ -2,8 +2,8 @@
2
2
  * Test runner utilities for the security benchmark suite
3
3
  */
4
4
 
5
- import { runLayer1Scan } from '../../../layer1'
6
- import { runLayer2Scan } from '../../../layer2'
5
+ import { runLayer1Scan } from '../../../detect/secrets'
6
+ import { runLayer2Scan } from '../../../detect/structural'
7
7
  import { computeTierStats, formatTierStats, getTierForCategory } from '../../../tiers'
8
8
  import type {
9
9
  TestFixture,
@@ -14,7 +14,7 @@ import type {
14
14
  DetectorMetrics,
15
15
  SeverityMetrics
16
16
  } from '../types'
17
- import type { Vulnerability, VulnerabilityCategory } from '../../../types'
17
+ import type { Vulnerability, VulnerabilityCategory } from '../../../shared/types'
18
18
 
19
19
  /**
20
20
  * Run a single test fixture