@oculum/scanner 1.0.12 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (961) hide show
  1. package/dist/detect/ai-code/agent-tools.d.ts +22 -0
  2. package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
  3. package/dist/detect/ai-code/agent-tools.js +1509 -0
  4. package/dist/detect/ai-code/agent-tools.js.map +1 -0
  5. package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
  6. package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
  7. package/dist/detect/ai-code/byok-patterns.js +313 -0
  8. package/dist/detect/ai-code/byok-patterns.js.map +1 -0
  9. package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
  10. package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
  11. package/dist/detect/ai-code/endpoint-protection.js +349 -0
  12. package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
  13. package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
  14. package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
  15. package/dist/detect/ai-code/execution-sinks.js +1158 -0
  16. package/dist/detect/ai-code/execution-sinks.js.map +1 -0
  17. package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
  18. package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
  19. package/dist/detect/ai-code/fingerprinting.js +665 -0
  20. package/dist/detect/ai-code/fingerprinting.js.map +1 -0
  21. package/dist/detect/ai-code/index.d.ts +12 -0
  22. package/dist/detect/ai-code/index.d.ts.map +1 -0
  23. package/dist/detect/ai-code/index.js +26 -0
  24. package/dist/detect/ai-code/index.js.map +1 -0
  25. package/dist/detect/ai-code/mcp-security.d.ts +20 -0
  26. package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
  27. package/dist/detect/ai-code/mcp-security.js +880 -0
  28. package/dist/detect/ai-code/mcp-security.js.map +1 -0
  29. package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
  30. package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
  31. package/dist/detect/ai-code/model-supply-chain.js +447 -0
  32. package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
  33. package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
  34. package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
  35. package/dist/detect/ai-code/package-hallucination.js +841 -0
  36. package/dist/detect/ai-code/package-hallucination.js.map +1 -0
  37. package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
  38. package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
  39. package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
  40. package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
  41. package/dist/detect/ai-code/rag-safety.d.ts +24 -0
  42. package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
  43. package/dist/detect/ai-code/rag-safety.js +913 -0
  44. package/dist/detect/ai-code/rag-safety.js.map +1 -0
  45. package/dist/detect/ai-code/schema-validation.d.ts +28 -0
  46. package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
  47. package/dist/detect/ai-code/schema-validation.js +378 -0
  48. package/dist/detect/ai-code/schema-validation.js.map +1 -0
  49. package/dist/detect/config/agent-skill-injection.d.ts +27 -0
  50. package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
  51. package/dist/detect/config/agent-skill-injection.js +472 -0
  52. package/dist/detect/config/agent-skill-injection.js.map +1 -0
  53. package/dist/detect/config/comments.d.ts +11 -0
  54. package/dist/detect/config/comments.d.ts.map +1 -0
  55. package/dist/detect/config/comments.js +206 -0
  56. package/dist/detect/config/comments.js.map +1 -0
  57. package/dist/detect/config/file-flags.d.ts +10 -0
  58. package/dist/detect/config/file-flags.d.ts.map +1 -0
  59. package/dist/detect/config/file-flags.js +124 -0
  60. package/dist/detect/config/file-flags.js.map +1 -0
  61. package/dist/detect/config/index.d.ts +7 -0
  62. package/dist/detect/config/index.d.ts.map +1 -0
  63. package/dist/detect/config/index.js +17 -0
  64. package/dist/detect/config/index.js.map +1 -0
  65. package/dist/detect/config/osv-check.d.ts +75 -0
  66. package/dist/detect/config/osv-check.d.ts.map +1 -0
  67. package/dist/detect/config/osv-check.js +309 -0
  68. package/dist/detect/config/osv-check.js.map +1 -0
  69. package/dist/detect/config/package-check.d.ts +63 -0
  70. package/dist/detect/config/package-check.d.ts.map +1 -0
  71. package/dist/detect/config/package-check.js +509 -0
  72. package/dist/detect/config/package-check.js.map +1 -0
  73. package/dist/detect/config/urls.d.ts +11 -0
  74. package/dist/detect/config/urls.d.ts.map +1 -0
  75. package/dist/detect/config/urls.js +450 -0
  76. package/dist/detect/config/urls.js.map +1 -0
  77. package/dist/detect/index.d.ts +37 -0
  78. package/dist/detect/index.d.ts.map +1 -0
  79. package/dist/detect/index.js +77 -0
  80. package/dist/detect/index.js.map +1 -0
  81. package/dist/detect/secrets/config-audit.d.ts +11 -0
  82. package/dist/detect/secrets/config-audit.d.ts.map +1 -0
  83. package/dist/detect/secrets/config-audit.js +315 -0
  84. package/dist/detect/secrets/config-audit.js.map +1 -0
  85. package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
  86. package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
  87. package/dist/detect/secrets/config-mcp-audit.js +243 -0
  88. package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
  89. package/dist/detect/secrets/entropy.d.ts +11 -0
  90. package/dist/detect/secrets/entropy.d.ts.map +1 -0
  91. package/dist/detect/secrets/entropy.js +751 -0
  92. package/dist/detect/secrets/entropy.js.map +1 -0
  93. package/dist/detect/secrets/index.d.ts +36 -0
  94. package/dist/detect/secrets/index.d.ts.map +1 -0
  95. package/dist/detect/secrets/index.js +174 -0
  96. package/dist/detect/secrets/index.js.map +1 -0
  97. package/dist/detect/secrets/patterns.d.ts +11 -0
  98. package/dist/detect/secrets/patterns.d.ts.map +1 -0
  99. package/dist/detect/secrets/patterns.js +518 -0
  100. package/dist/detect/secrets/patterns.js.map +1 -0
  101. package/dist/detect/secrets/weak-crypto.d.ts +10 -0
  102. package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
  103. package/dist/detect/secrets/weak-crypto.js +432 -0
  104. package/dist/detect/secrets/weak-crypto.js.map +1 -0
  105. package/dist/detect/structural/auth-patterns.d.ts +22 -0
  106. package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
  107. package/dist/detect/structural/auth-patterns.js +533 -0
  108. package/dist/detect/structural/auth-patterns.js.map +1 -0
  109. package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
  110. package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
  111. package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
  112. package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
  113. package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
  114. package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
  115. package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
  116. package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
  117. package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
  118. package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
  119. package/dist/detect/structural/dangerous-functions/index.js +1193 -0
  120. package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
  121. package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
  122. package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
  123. package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
  124. package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
  125. package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
  126. package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
  127. package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
  128. package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
  129. package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
  130. package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
  131. package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
  132. package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
  133. package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
  134. package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
  135. package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
  136. package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
  137. package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
  138. package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
  139. package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
  140. package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
  141. package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
  142. package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
  143. package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
  144. package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
  145. package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
  146. package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
  147. package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
  148. package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
  149. package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
  150. package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
  151. package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
  152. package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
  153. package/dist/detect/structural/data-exposure.d.ts +19 -0
  154. package/dist/detect/structural/data-exposure.d.ts.map +1 -0
  155. package/dist/detect/structural/data-exposure.js +262 -0
  156. package/dist/detect/structural/data-exposure.js.map +1 -0
  157. package/dist/detect/structural/framework-checks.d.ts +10 -0
  158. package/dist/detect/structural/framework-checks.d.ts.map +1 -0
  159. package/dist/detect/structural/framework-checks.js +389 -0
  160. package/dist/detect/structural/framework-checks.js.map +1 -0
  161. package/dist/detect/structural/index.d.ts +71 -0
  162. package/dist/detect/structural/index.d.ts.map +1 -0
  163. package/dist/detect/structural/index.js +510 -0
  164. package/dist/detect/structural/index.js.map +1 -0
  165. package/dist/detect/structural/log-injection.d.ts +18 -0
  166. package/dist/detect/structural/log-injection.d.ts.map +1 -0
  167. package/dist/detect/structural/log-injection.js +217 -0
  168. package/dist/detect/structural/log-injection.js.map +1 -0
  169. package/dist/detect/structural/logic-gates.d.ts +10 -0
  170. package/dist/detect/structural/logic-gates.d.ts.map +1 -0
  171. package/dist/detect/structural/logic-gates.js +227 -0
  172. package/dist/detect/structural/logic-gates.js.map +1 -0
  173. package/dist/detect/structural/risky-imports.d.ts +10 -0
  174. package/dist/detect/structural/risky-imports.d.ts.map +1 -0
  175. package/dist/detect/structural/risky-imports.js +168 -0
  176. package/dist/detect/structural/risky-imports.js.map +1 -0
  177. package/dist/detect/structural/security-headers.d.ts +18 -0
  178. package/dist/detect/structural/security-headers.d.ts.map +1 -0
  179. package/dist/detect/structural/security-headers.js +196 -0
  180. package/dist/detect/structural/security-headers.js.map +1 -0
  181. package/dist/detect/structural/ssrf-detection.d.ts +18 -0
  182. package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
  183. package/dist/detect/structural/ssrf-detection.js +263 -0
  184. package/dist/detect/structural/ssrf-detection.js.map +1 -0
  185. package/dist/detect/structural/variables.d.ts +11 -0
  186. package/dist/detect/structural/variables.d.ts.map +1 -0
  187. package/dist/detect/structural/variables.js +159 -0
  188. package/dist/detect/structural/variables.js.map +1 -0
  189. package/dist/detect/structural/xxe-detection.d.ts +18 -0
  190. package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
  191. package/dist/detect/structural/xxe-detection.js +245 -0
  192. package/dist/detect/structural/xxe-detection.js.map +1 -0
  193. package/dist/index.d.ts +17 -64
  194. package/dist/index.d.ts.map +1 -1
  195. package/dist/index.js +49 -1034
  196. package/dist/index.js.map +1 -1
  197. package/dist/layer2/framework-checks.d.ts.map +1 -1
  198. package/dist/layer2/framework-checks.js +1 -8
  199. package/dist/layer2/framework-checks.js.map +1 -1
  200. package/dist/layer2/index.d.ts +4 -0
  201. package/dist/layer2/index.d.ts.map +1 -1
  202. package/dist/layer2/index.js +50 -1
  203. package/dist/layer2/index.js.map +1 -1
  204. package/dist/layer2/log-injection.d.ts +18 -0
  205. package/dist/layer2/log-injection.d.ts.map +1 -0
  206. package/dist/layer2/log-injection.js +214 -0
  207. package/dist/layer2/log-injection.js.map +1 -0
  208. package/dist/layer2/security-headers.d.ts +18 -0
  209. package/dist/layer2/security-headers.d.ts.map +1 -0
  210. package/dist/layer2/security-headers.js +187 -0
  211. package/dist/layer2/security-headers.js.map +1 -0
  212. package/dist/layer2/ssrf-detection.d.ts +18 -0
  213. package/dist/layer2/ssrf-detection.d.ts.map +1 -0
  214. package/dist/layer2/ssrf-detection.js +252 -0
  215. package/dist/layer2/ssrf-detection.js.map +1 -0
  216. package/dist/layer2/xxe-detection.d.ts +18 -0
  217. package/dist/layer2/xxe-detection.d.ts.map +1 -0
  218. package/dist/layer2/xxe-detection.js +242 -0
  219. package/dist/layer2/xxe-detection.js.map +1 -0
  220. package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
  221. package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
  222. package/dist/layer3/anthropic/prompts/index.js +3 -1
  223. package/dist/layer3/anthropic/prompts/index.js.map +1 -1
  224. package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
  225. package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
  226. package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
  227. package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
  228. package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
  229. package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
  230. package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
  231. package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
  232. package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
  233. package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
  234. package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
  235. package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
  236. package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
  237. package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
  238. package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
  239. package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
  240. package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
  241. package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
  242. package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
  243. package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
  244. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
  245. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
  246. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
  247. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
  248. package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
  249. package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
  250. package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
  251. package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
  252. package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
  253. package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
  254. package/dist/layer3/anthropic/prompts/validation.js +14 -410
  255. package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
  256. package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
  257. package/dist/layer3/anthropic/providers/anthropic.js +6 -3
  258. package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
  259. package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
  260. package/dist/layer3/anthropic/providers/openai.js +6 -3
  261. package/dist/layer3/anthropic/providers/openai.js.map +1 -1
  262. package/dist/layer3/anthropic/request-builder.d.ts +11 -4
  263. package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
  264. package/dist/layer3/anthropic/request-builder.js +32 -16
  265. package/dist/layer3/anthropic/request-builder.js.map +1 -1
  266. package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
  267. package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
  268. package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
  269. package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
  270. package/dist/layer3/anthropic/utils/index.d.ts +2 -0
  271. package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
  272. package/dist/layer3/anthropic/utils/index.js +4 -1
  273. package/dist/layer3/anthropic/utils/index.js.map +1 -1
  274. package/dist/model/auth-helper-detector.d.ts +56 -0
  275. package/dist/model/auth-helper-detector.d.ts.map +1 -0
  276. package/dist/model/auth-helper-detector.js +360 -0
  277. package/dist/model/auth-helper-detector.js.map +1 -0
  278. package/dist/model/cross-file-taint.d.ts +40 -0
  279. package/dist/model/cross-file-taint.d.ts.map +1 -0
  280. package/dist/model/cross-file-taint.js +290 -0
  281. package/dist/model/cross-file-taint.js.map +1 -0
  282. package/dist/model/framework-models/django.d.ts +9 -0
  283. package/dist/model/framework-models/django.d.ts.map +1 -0
  284. package/dist/model/framework-models/django.js +82 -0
  285. package/dist/model/framework-models/django.js.map +1 -0
  286. package/dist/model/framework-models/express.d.ts +9 -0
  287. package/dist/model/framework-models/express.d.ts.map +1 -0
  288. package/dist/model/framework-models/express.js +52 -0
  289. package/dist/model/framework-models/express.js.map +1 -0
  290. package/dist/model/framework-models/index.d.ts +20 -0
  291. package/dist/model/framework-models/index.d.ts.map +1 -0
  292. package/dist/model/framework-models/index.js +102 -0
  293. package/dist/model/framework-models/index.js.map +1 -0
  294. package/dist/model/framework-models/nextjs.d.ts +9 -0
  295. package/dist/model/framework-models/nextjs.d.ts.map +1 -0
  296. package/dist/model/framework-models/nextjs.js +71 -0
  297. package/dist/model/framework-models/nextjs.js.map +1 -0
  298. package/dist/model/framework-models/prisma.d.ts +10 -0
  299. package/dist/model/framework-models/prisma.d.ts.map +1 -0
  300. package/dist/model/framework-models/prisma.js +54 -0
  301. package/dist/model/framework-models/prisma.js.map +1 -0
  302. package/dist/model/framework-models/react.d.ts +9 -0
  303. package/dist/model/framework-models/react.d.ts.map +1 -0
  304. package/dist/model/framework-models/react.js +67 -0
  305. package/dist/model/framework-models/react.js.map +1 -0
  306. package/dist/model/framework-models/sequelize.d.ts +9 -0
  307. package/dist/model/framework-models/sequelize.d.ts.map +1 -0
  308. package/dist/model/framework-models/sequelize.js +62 -0
  309. package/dist/model/framework-models/sequelize.js.map +1 -0
  310. package/dist/model/framework-models/types.d.ts +43 -0
  311. package/dist/model/framework-models/types.d.ts.map +1 -0
  312. package/dist/model/framework-models/types.js +10 -0
  313. package/dist/model/framework-models/types.js.map +1 -0
  314. package/dist/model/function-classifier.d.ts +32 -0
  315. package/dist/model/function-classifier.d.ts.map +1 -0
  316. package/dist/model/function-classifier.js +143 -0
  317. package/dist/model/function-classifier.js.map +1 -0
  318. package/dist/model/import-resolver.d.ts +45 -0
  319. package/dist/model/import-resolver.d.ts.map +1 -0
  320. package/dist/model/import-resolver.js +410 -0
  321. package/dist/model/import-resolver.js.map +1 -0
  322. package/dist/model/imported-auth-detector.d.ts +38 -0
  323. package/dist/model/imported-auth-detector.d.ts.map +1 -0
  324. package/dist/model/imported-auth-detector.js +199 -0
  325. package/dist/model/imported-auth-detector.js.map +1 -0
  326. package/dist/model/index.d.ts +63 -0
  327. package/dist/model/index.d.ts.map +1 -0
  328. package/dist/model/index.js +272 -0
  329. package/dist/model/index.js.map +1 -0
  330. package/dist/model/middleware-detector.d.ts +55 -0
  331. package/dist/model/middleware-detector.d.ts.map +1 -0
  332. package/dist/model/middleware-detector.js +382 -0
  333. package/dist/model/middleware-detector.js.map +1 -0
  334. package/dist/model/module-graph.d.ts +46 -0
  335. package/dist/model/module-graph.d.ts.map +1 -0
  336. package/dist/model/module-graph.js +187 -0
  337. package/dist/model/module-graph.js.map +1 -0
  338. package/dist/model/oauth-flow-detector.d.ts +41 -0
  339. package/dist/model/oauth-flow-detector.d.ts.map +1 -0
  340. package/dist/model/oauth-flow-detector.js +202 -0
  341. package/dist/model/oauth-flow-detector.js.map +1 -0
  342. package/dist/model/project-context.d.ts +119 -0
  343. package/dist/model/project-context.d.ts.map +1 -0
  344. package/dist/model/project-context.js +534 -0
  345. package/dist/model/project-context.js.map +1 -0
  346. package/dist/model/route-auth-resolver.d.ts +27 -0
  347. package/dist/model/route-auth-resolver.d.ts.map +1 -0
  348. package/dist/model/route-auth-resolver.js +182 -0
  349. package/dist/model/route-auth-resolver.js.map +1 -0
  350. package/dist/model/route-discovery/express.d.ts +25 -0
  351. package/dist/model/route-discovery/express.d.ts.map +1 -0
  352. package/dist/model/route-discovery/express.js +225 -0
  353. package/dist/model/route-discovery/express.js.map +1 -0
  354. package/dist/model/route-discovery/index.d.ts +21 -0
  355. package/dist/model/route-discovery/index.d.ts.map +1 -0
  356. package/dist/model/route-discovery/index.js +67 -0
  357. package/dist/model/route-discovery/index.js.map +1 -0
  358. package/dist/model/route-discovery/nextjs.d.ts +16 -0
  359. package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
  360. package/dist/model/route-discovery/nextjs.js +179 -0
  361. package/dist/model/route-discovery/nextjs.js.map +1 -0
  362. package/dist/model/route-discovery/python.d.ts +16 -0
  363. package/dist/model/route-discovery/python.d.ts.map +1 -0
  364. package/dist/model/route-discovery/python.js +181 -0
  365. package/dist/model/route-discovery/python.js.map +1 -0
  366. package/dist/model/route-discovery/types.d.ts +36 -0
  367. package/dist/model/route-discovery/types.d.ts.map +1 -0
  368. package/dist/model/route-discovery/types.js +16 -0
  369. package/dist/model/route-discovery/types.js.map +1 -0
  370. package/dist/model/route-discovery/utils.d.ts +18 -0
  371. package/dist/model/route-discovery/utils.d.ts.map +1 -0
  372. package/dist/model/route-discovery/utils.js +55 -0
  373. package/dist/model/route-discovery/utils.js.map +1 -0
  374. package/dist/model/route-hierarchy.d.ts +50 -0
  375. package/dist/model/route-hierarchy.d.ts.map +1 -0
  376. package/dist/model/route-hierarchy.js +226 -0
  377. package/dist/model/route-hierarchy.js.map +1 -0
  378. package/dist/model/sanitiser-detection.d.ts +27 -0
  379. package/dist/model/sanitiser-detection.d.ts.map +1 -0
  380. package/dist/model/sanitiser-detection.js +224 -0
  381. package/dist/model/sanitiser-detection.js.map +1 -0
  382. package/dist/model/sink-matcher.d.ts +17 -0
  383. package/dist/model/sink-matcher.d.ts.map +1 -0
  384. package/dist/model/sink-matcher.js +141 -0
  385. package/dist/model/sink-matcher.js.map +1 -0
  386. package/dist/model/sink-patterns.d.ts +19 -0
  387. package/dist/model/sink-patterns.d.ts.map +1 -0
  388. package/dist/model/sink-patterns.js +88 -0
  389. package/dist/model/sink-patterns.js.map +1 -0
  390. package/dist/model/source-discovery.d.ts +15 -0
  391. package/dist/model/source-discovery.d.ts.map +1 -0
  392. package/dist/model/source-discovery.js +170 -0
  393. package/dist/model/source-discovery.js.map +1 -0
  394. package/dist/model/taint-tracker.d.ts +21 -0
  395. package/dist/model/taint-tracker.d.ts.map +1 -0
  396. package/dist/model/taint-tracker.js +281 -0
  397. package/dist/model/taint-tracker.js.map +1 -0
  398. package/dist/model/taint-types.d.ts +74 -0
  399. package/dist/model/taint-types.d.ts.map +1 -0
  400. package/dist/model/taint-types.js +9 -0
  401. package/dist/model/taint-types.js.map +1 -0
  402. package/dist/model/trpc-analyzer.d.ts +78 -0
  403. package/dist/model/trpc-analyzer.d.ts.map +1 -0
  404. package/dist/model/trpc-analyzer.js +297 -0
  405. package/dist/model/trpc-analyzer.js.map +1 -0
  406. package/dist/parse/file-classifier.d.ts +228 -0
  407. package/dist/parse/file-classifier.d.ts.map +1 -0
  408. package/dist/parse/file-classifier.js +933 -0
  409. package/dist/parse/file-classifier.js.map +1 -0
  410. package/dist/parse/path-exclusions.d.ts +55 -0
  411. package/dist/parse/path-exclusions.d.ts.map +1 -0
  412. package/dist/parse/path-exclusions.js +224 -0
  413. package/dist/parse/path-exclusions.js.map +1 -0
  414. package/dist/pipeline/config.d.ts +39 -0
  415. package/dist/pipeline/config.d.ts.map +1 -0
  416. package/dist/pipeline/config.js +46 -0
  417. package/dist/pipeline/config.js.map +1 -0
  418. package/dist/pipeline/index.d.ts +34 -0
  419. package/dist/pipeline/index.d.ts.map +1 -0
  420. package/dist/pipeline/index.js +377 -0
  421. package/dist/pipeline/index.js.map +1 -0
  422. package/dist/pipeline/modes/incremental.d.ts +66 -0
  423. package/dist/pipeline/modes/incremental.d.ts.map +1 -0
  424. package/dist/pipeline/modes/incremental.js +200 -0
  425. package/dist/pipeline/modes/incremental.js.map +1 -0
  426. package/dist/postprocess/aggregation.d.ts +14 -0
  427. package/dist/postprocess/aggregation.d.ts.map +1 -0
  428. package/dist/postprocess/aggregation.js +63 -0
  429. package/dist/postprocess/aggregation.js.map +1 -0
  430. package/dist/postprocess/contradictions.d.ts +18 -0
  431. package/dist/postprocess/contradictions.d.ts.map +1 -0
  432. package/dist/postprocess/contradictions.js +99 -0
  433. package/dist/postprocess/contradictions.js.map +1 -0
  434. package/dist/postprocess/dedup.d.ts +13 -0
  435. package/dist/postprocess/dedup.d.ts.map +1 -0
  436. package/dist/postprocess/dedup.js +58 -0
  437. package/dist/postprocess/dedup.js.map +1 -0
  438. package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
  439. package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
  440. package/dist/postprocess/filtering/context-adjustments.js +100 -0
  441. package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
  442. package/dist/postprocess/filtering/index.d.ts +3 -0
  443. package/dist/postprocess/filtering/index.d.ts.map +1 -0
  444. package/dist/postprocess/filtering/index.js +8 -0
  445. package/dist/postprocess/filtering/index.js.map +1 -0
  446. package/dist/postprocess/filtering/pipeline.d.ts +48 -0
  447. package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
  448. package/dist/postprocess/filtering/pipeline.js +76 -0
  449. package/dist/postprocess/filtering/pipeline.js.map +1 -0
  450. package/dist/postprocess/index.d.ts +41 -0
  451. package/dist/postprocess/index.d.ts.map +1 -0
  452. package/dist/postprocess/index.js +85 -0
  453. package/dist/postprocess/index.js.map +1 -0
  454. package/dist/postprocess/suppression/config-loader.d.ts +74 -0
  455. package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
  456. package/dist/postprocess/suppression/config-loader.js +424 -0
  457. package/dist/postprocess/suppression/config-loader.js.map +1 -0
  458. package/dist/postprocess/suppression/hash.d.ts +48 -0
  459. package/dist/postprocess/suppression/hash.d.ts.map +1 -0
  460. package/dist/postprocess/suppression/hash.js +88 -0
  461. package/dist/postprocess/suppression/hash.js.map +1 -0
  462. package/dist/postprocess/suppression/index.d.ts +11 -0
  463. package/dist/postprocess/suppression/index.d.ts.map +1 -0
  464. package/dist/postprocess/suppression/index.js +39 -0
  465. package/dist/postprocess/suppression/index.js.map +1 -0
  466. package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
  467. package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
  468. package/dist/postprocess/suppression/inline-parser.js +218 -0
  469. package/dist/postprocess/suppression/inline-parser.js.map +1 -0
  470. package/dist/postprocess/suppression/manager.d.ts +94 -0
  471. package/dist/postprocess/suppression/manager.d.ts.map +1 -0
  472. package/dist/postprocess/suppression/manager.js +292 -0
  473. package/dist/postprocess/suppression/manager.js.map +1 -0
  474. package/dist/postprocess/suppression/types.d.ts +151 -0
  475. package/dist/postprocess/suppression/types.d.ts.map +1 -0
  476. package/dist/postprocess/suppression/types.js +28 -0
  477. package/dist/postprocess/suppression/types.js.map +1 -0
  478. package/dist/postprocess/validation-cap.d.ts +17 -0
  479. package/dist/postprocess/validation-cap.d.ts.map +1 -0
  480. package/dist/postprocess/validation-cap.js +64 -0
  481. package/dist/postprocess/validation-cap.js.map +1 -0
  482. package/dist/report/build-result.d.ts +33 -0
  483. package/dist/report/build-result.d.ts.map +1 -0
  484. package/dist/report/build-result.js +59 -0
  485. package/dist/report/build-result.js.map +1 -0
  486. package/dist/report/enrichment.d.ts +19 -0
  487. package/dist/report/enrichment.d.ts.map +1 -0
  488. package/dist/report/enrichment.js +44 -0
  489. package/dist/report/enrichment.js.map +1 -0
  490. package/dist/report/formatters/ai-context.d.ts +23 -0
  491. package/dist/report/formatters/ai-context.d.ts.map +1 -0
  492. package/dist/report/formatters/ai-context.js +238 -0
  493. package/dist/report/formatters/ai-context.js.map +1 -0
  494. package/dist/report/formatters/cli-terminal.d.ts +65 -0
  495. package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
  496. package/dist/report/formatters/cli-terminal.js +735 -0
  497. package/dist/report/formatters/cli-terminal.js.map +1 -0
  498. package/dist/report/formatters/github-comment.d.ts +41 -0
  499. package/dist/report/formatters/github-comment.d.ts.map +1 -0
  500. package/dist/report/formatters/github-comment.js +370 -0
  501. package/dist/report/formatters/github-comment.js.map +1 -0
  502. package/dist/report/formatters/grouping.d.ts +52 -0
  503. package/dist/report/formatters/grouping.d.ts.map +1 -0
  504. package/dist/report/formatters/grouping.js +152 -0
  505. package/dist/report/formatters/grouping.js.map +1 -0
  506. package/dist/report/formatters/ide/claude-code.d.ts +17 -0
  507. package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
  508. package/dist/report/formatters/ide/claude-code.js +94 -0
  509. package/dist/report/formatters/ide/claude-code.js.map +1 -0
  510. package/dist/report/formatters/ide/cursor.d.ts +13 -0
  511. package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
  512. package/dist/report/formatters/ide/cursor.js +125 -0
  513. package/dist/report/formatters/ide/cursor.js.map +1 -0
  514. package/dist/report/formatters/ide/index.d.ts +62 -0
  515. package/dist/report/formatters/ide/index.d.ts.map +1 -0
  516. package/dist/report/formatters/ide/index.js +184 -0
  517. package/dist/report/formatters/ide/index.js.map +1 -0
  518. package/dist/report/formatters/ide/windsurf.d.ts +13 -0
  519. package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
  520. package/dist/report/formatters/ide/windsurf.js +117 -0
  521. package/dist/report/formatters/ide/windsurf.js.map +1 -0
  522. package/dist/report/formatters/index.d.ts +11 -0
  523. package/dist/report/formatters/index.d.ts.map +1 -0
  524. package/dist/report/formatters/index.js +54 -0
  525. package/dist/report/formatters/index.js.map +1 -0
  526. package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
  527. package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
  528. package/dist/report/formatters/vscode-diagnostic.js +151 -0
  529. package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
  530. package/dist/report/summary.d.ts +27 -0
  531. package/dist/report/summary.d.ts.map +1 -0
  532. package/dist/report/summary.js +57 -0
  533. package/dist/report/summary.js.map +1 -0
  534. package/dist/rules/metadata.d.ts.map +1 -1
  535. package/dist/rules/metadata.js +66 -0
  536. package/dist/rules/metadata.js.map +1 -1
  537. package/dist/score/adjustments.d.ts +22 -0
  538. package/dist/score/adjustments.d.ts.map +1 -0
  539. package/dist/score/adjustments.js +373 -0
  540. package/dist/score/adjustments.js.map +1 -0
  541. package/dist/score/auto-dismiss.d.ts +28 -0
  542. package/dist/score/auto-dismiss.d.ts.map +1 -0
  543. package/dist/score/auto-dismiss.js +200 -0
  544. package/dist/score/auto-dismiss.js.map +1 -0
  545. package/dist/score/confidence.d.ts +19 -0
  546. package/dist/score/confidence.d.ts.map +1 -0
  547. package/dist/score/confidence.js +52 -0
  548. package/dist/score/confidence.js.map +1 -0
  549. package/dist/score/index.d.ts +61 -0
  550. package/dist/score/index.d.ts.map +1 -0
  551. package/dist/score/index.js +250 -0
  552. package/dist/score/index.js.map +1 -0
  553. package/dist/score/types.d.ts +160 -0
  554. package/dist/score/types.d.ts.map +1 -0
  555. package/dist/score/types.js +14 -0
  556. package/dist/score/types.js.map +1 -0
  557. package/dist/shared/ai-context/index.d.ts +6 -0
  558. package/dist/shared/ai-context/index.d.ts.map +1 -0
  559. package/dist/shared/ai-context/index.js +13 -0
  560. package/dist/shared/ai-context/index.js.map +1 -0
  561. package/dist/shared/ai-context/manager.d.ts +67 -0
  562. package/dist/shared/ai-context/manager.d.ts.map +1 -0
  563. package/dist/shared/ai-context/manager.js +104 -0
  564. package/dist/shared/ai-context/manager.js.map +1 -0
  565. package/dist/shared/baseline/diff.d.ts +32 -0
  566. package/dist/shared/baseline/diff.d.ts.map +1 -0
  567. package/dist/shared/baseline/diff.js +119 -0
  568. package/dist/shared/baseline/diff.js.map +1 -0
  569. package/dist/shared/baseline/index.d.ts +9 -0
  570. package/dist/shared/baseline/index.d.ts.map +1 -0
  571. package/dist/shared/baseline/index.js +19 -0
  572. package/dist/shared/baseline/index.js.map +1 -0
  573. package/dist/shared/baseline/manager.d.ts +67 -0
  574. package/dist/shared/baseline/manager.d.ts.map +1 -0
  575. package/dist/shared/baseline/manager.js +180 -0
  576. package/dist/shared/baseline/manager.js.map +1 -0
  577. package/dist/shared/baseline/types.d.ts +91 -0
  578. package/dist/shared/baseline/types.d.ts.map +1 -0
  579. package/dist/shared/baseline/types.js +12 -0
  580. package/dist/shared/baseline/types.js.map +1 -0
  581. package/dist/shared/category-filter.d.ts +125 -0
  582. package/dist/shared/category-filter.d.ts.map +1 -0
  583. package/dist/shared/category-filter.js +360 -0
  584. package/dist/shared/category-filter.js.map +1 -0
  585. package/dist/shared/code-analysis.d.ts +39 -0
  586. package/dist/shared/code-analysis.d.ts.map +1 -0
  587. package/dist/shared/code-analysis.js +159 -0
  588. package/dist/shared/code-analysis.js.map +1 -0
  589. package/dist/shared/comment-analyzer.d.ts +38 -0
  590. package/dist/shared/comment-analyzer.d.ts.map +1 -0
  591. package/dist/shared/comment-analyzer.js +218 -0
  592. package/dist/shared/comment-analyzer.js.map +1 -0
  593. package/dist/shared/diff-detector.d.ts +53 -0
  594. package/dist/shared/diff-detector.d.ts.map +1 -0
  595. package/dist/shared/diff-detector.js +104 -0
  596. package/dist/shared/diff-detector.js.map +1 -0
  597. package/dist/shared/diff-parser.d.ts +80 -0
  598. package/dist/shared/diff-parser.d.ts.map +1 -0
  599. package/dist/shared/diff-parser.js +202 -0
  600. package/dist/shared/diff-parser.js.map +1 -0
  601. package/dist/shared/environment-context.d.ts +76 -0
  602. package/dist/shared/environment-context.d.ts.map +1 -0
  603. package/dist/shared/environment-context.js +271 -0
  604. package/dist/shared/environment-context.js.map +1 -0
  605. package/dist/shared/intent-detector.d.ts +66 -0
  606. package/dist/shared/intent-detector.d.ts.map +1 -0
  607. package/dist/shared/intent-detector.js +282 -0
  608. package/dist/shared/intent-detector.js.map +1 -0
  609. package/dist/shared/parsed-file.d.ts +51 -0
  610. package/dist/shared/parsed-file.d.ts.map +1 -0
  611. package/dist/shared/parsed-file.js +95 -0
  612. package/dist/shared/parsed-file.js.map +1 -0
  613. package/dist/shared/registry-clients.d.ts +93 -0
  614. package/dist/shared/registry-clients.d.ts.map +1 -0
  615. package/dist/shared/registry-clients.js +273 -0
  616. package/dist/shared/registry-clients.js.map +1 -0
  617. package/dist/shared/rules/framework-fixes.d.ts +48 -0
  618. package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
  619. package/dist/shared/rules/framework-fixes.js +439 -0
  620. package/dist/shared/rules/framework-fixes.js.map +1 -0
  621. package/dist/shared/rules/index.d.ts +8 -0
  622. package/dist/shared/rules/index.d.ts.map +1 -0
  623. package/dist/shared/rules/index.js +18 -0
  624. package/dist/shared/rules/index.js.map +1 -0
  625. package/dist/shared/rules/metadata.d.ts +43 -0
  626. package/dist/shared/rules/metadata.d.ts.map +1 -0
  627. package/dist/shared/rules/metadata.js +819 -0
  628. package/dist/shared/rules/metadata.js.map +1 -0
  629. package/dist/shared/schema-semantics.d.ts +45 -0
  630. package/dist/shared/schema-semantics.d.ts.map +1 -0
  631. package/dist/shared/schema-semantics.js +193 -0
  632. package/dist/shared/schema-semantics.js.map +1 -0
  633. package/dist/shared/types.d.ts +337 -0
  634. package/dist/shared/types.d.ts.map +1 -0
  635. package/dist/shared/types.js +126 -0
  636. package/dist/shared/types.js.map +1 -0
  637. package/dist/tiers.d.ts +2 -2
  638. package/dist/tiers.d.ts.map +1 -1
  639. package/dist/tiers.js +10 -0
  640. package/dist/tiers.js.map +1 -1
  641. package/dist/types.d.ts +1 -1
  642. package/dist/types.d.ts.map +1 -1
  643. package/dist/types.js.map +1 -1
  644. package/dist/validate/clients.d.ts +44 -0
  645. package/dist/validate/clients.d.ts.map +1 -0
  646. package/dist/validate/clients.js +81 -0
  647. package/dist/validate/clients.js.map +1 -0
  648. package/dist/validate/index.d.ts +41 -0
  649. package/dist/validate/index.d.ts.map +1 -0
  650. package/dist/validate/index.js +141 -0
  651. package/dist/validate/index.js.map +1 -0
  652. package/dist/validate/prompts/index.d.ts +8 -0
  653. package/dist/validate/prompts/index.d.ts.map +1 -0
  654. package/dist/validate/prompts/index.js +16 -0
  655. package/dist/validate/prompts/index.js.map +1 -0
  656. package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
  657. package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
  658. package/dist/validate/prompts/modules/ai-patterns.js +156 -0
  659. package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
  660. package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
  661. package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
  662. package/dist/validate/prompts/modules/auth-access.js +25 -0
  663. package/dist/validate/prompts/modules/auth-access.js.map +1 -0
  664. package/dist/validate/prompts/modules/common.d.ts +11 -0
  665. package/dist/validate/prompts/modules/common.d.ts.map +1 -0
  666. package/dist/validate/prompts/modules/common.js +186 -0
  667. package/dist/validate/prompts/modules/common.js.map +1 -0
  668. package/dist/validate/prompts/modules/index.d.ts +54 -0
  669. package/dist/validate/prompts/modules/index.d.ts.map +1 -0
  670. package/dist/validate/prompts/modules/index.js +186 -0
  671. package/dist/validate/prompts/modules/index.js.map +1 -0
  672. package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
  673. package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
  674. package/dist/validate/prompts/modules/owasp-classic.js +84 -0
  675. package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
  676. package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
  677. package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
  678. package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
  679. package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
  680. package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
  681. package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
  682. package/dist/validate/prompts/modules/xss-prompt.js +22 -0
  683. package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
  684. package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
  685. package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
  686. package/dist/validate/prompts/semantic-analysis.js +169 -0
  687. package/dist/validate/prompts/semantic-analysis.js.map +1 -0
  688. package/dist/validate/prompts/validation.d.ts +18 -0
  689. package/dist/validate/prompts/validation.d.ts.map +1 -0
  690. package/dist/validate/prompts/validation.js +25 -0
  691. package/dist/validate/prompts/validation.js.map +1 -0
  692. package/dist/validate/providers/anthropic.d.ts +17 -0
  693. package/dist/validate/providers/anthropic.d.ts.map +1 -0
  694. package/dist/validate/providers/anthropic.js +260 -0
  695. package/dist/validate/providers/anthropic.js.map +1 -0
  696. package/dist/validate/providers/index.d.ts +8 -0
  697. package/dist/validate/providers/index.d.ts.map +1 -0
  698. package/dist/validate/providers/index.js +13 -0
  699. package/dist/validate/providers/index.js.map +1 -0
  700. package/dist/validate/providers/openai.d.ts +14 -0
  701. package/dist/validate/providers/openai.d.ts.map +1 -0
  702. package/dist/validate/providers/openai.js +336 -0
  703. package/dist/validate/providers/openai.js.map +1 -0
  704. package/dist/validate/request-builder.d.ts +61 -0
  705. package/dist/validate/request-builder.d.ts.map +1 -0
  706. package/dist/validate/request-builder.js +346 -0
  707. package/dist/validate/request-builder.js.map +1 -0
  708. package/dist/validate/types.d.ts +88 -0
  709. package/dist/validate/types.d.ts.map +1 -0
  710. package/dist/validate/types.js +38 -0
  711. package/dist/validate/types.js.map +1 -0
  712. package/dist/validate/utils/context-extractor.d.ts +55 -0
  713. package/dist/validate/utils/context-extractor.d.ts.map +1 -0
  714. package/dist/validate/utils/context-extractor.js +161 -0
  715. package/dist/validate/utils/context-extractor.js.map +1 -0
  716. package/dist/validate/utils/index.d.ts +11 -0
  717. package/dist/validate/utils/index.d.ts.map +1 -0
  718. package/dist/validate/utils/index.js +27 -0
  719. package/dist/validate/utils/index.js.map +1 -0
  720. package/dist/validate/utils/path-helpers.d.ts +21 -0
  721. package/dist/validate/utils/path-helpers.d.ts.map +1 -0
  722. package/dist/validate/utils/path-helpers.js +69 -0
  723. package/dist/validate/utils/path-helpers.js.map +1 -0
  724. package/dist/validate/utils/response-parser.d.ts +40 -0
  725. package/dist/validate/utils/response-parser.d.ts.map +1 -0
  726. package/dist/validate/utils/response-parser.js +286 -0
  727. package/dist/validate/utils/response-parser.js.map +1 -0
  728. package/dist/validate/utils/retry.d.ts +15 -0
  729. package/dist/validate/utils/retry.d.ts.map +1 -0
  730. package/dist/validate/utils/retry.js +62 -0
  731. package/dist/validate/utils/retry.js.map +1 -0
  732. package/package.json +8 -7
  733. package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
  734. package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
  735. package/src/__tests__/benchmark/fixtures/layer2/index.ts +15 -0
  736. package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
  737. package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
  738. package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
  739. package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
  740. package/src/__tests__/benchmark/run-depth-validation.ts +3 -3
  741. package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
  742. package/src/__tests__/benchmark/types.ts +1 -1
  743. package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
  744. package/src/__tests__/category-filter.test.ts +2 -2
  745. package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
  746. package/src/__tests__/context-engine/framework-models.test.ts +457 -0
  747. package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
  748. package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
  749. package/src/__tests__/context-engine/integration.test.ts +320 -0
  750. package/src/__tests__/context-engine/module-graph.test.ts +159 -0
  751. package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
  752. package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
  753. package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
  754. package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
  755. package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
  756. package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
  757. package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
  758. package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
  759. package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
  760. package/src/__tests__/regression/known-false-positives.test.ts +312 -4
  761. package/src/__tests__/score/adjustments.test.ts +385 -0
  762. package/src/__tests__/score/confidence.test.ts +283 -0
  763. package/src/__tests__/score/framework-scoring.test.ts +275 -0
  764. package/src/__tests__/score/route-scoring.test.ts +156 -0
  765. package/src/__tests__/score/scoring-integration.test.ts +165 -0
  766. package/src/__tests__/score/taint-adjustments.test.ts +244 -0
  767. package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +37 -49
  768. package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
  769. package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -3
  770. package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +2 -2
  771. package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
  772. package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
  773. package/src/__tests__/validate/route-annotations.test.ts +138 -0
  774. package/src/__tests__/validation/analyze-results.ts +1 -1
  775. package/src/__tests__/validation/extract-for-triage.ts +1 -1
  776. package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
  777. package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +23 -3
  778. package/src/{layer2 → detect/ai-code}/byok-patterns.ts +17 -5
  779. package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +8 -4
  780. package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +8 -4
  781. package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +20 -4
  782. package/src/detect/ai-code/index.ts +11 -0
  783. package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +7 -3
  784. package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +7 -3
  785. package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +18 -3
  786. package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +25 -3
  787. package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +7 -3
  788. package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +7 -3
  789. package/src/detect/config/agent-skill-injection.ts +551 -0
  790. package/src/{layer1 → detect/config}/comments.ts +6 -2
  791. package/src/{layer1 → detect/config}/file-flags.ts +9 -3
  792. package/src/detect/config/index.ts +6 -0
  793. package/src/{layer3 → detect/config}/osv-check.ts +3 -2
  794. package/src/{layer3 → detect/config}/package-check.ts +3 -2
  795. package/src/{layer1 → detect/config}/urls.ts +12 -5
  796. package/src/detect/index.ts +131 -0
  797. package/src/{layer1 → detect/secrets}/config-audit.ts +7 -2
  798. package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +8 -3
  799. package/src/{layer1 → detect/secrets}/entropy.ts +23 -11
  800. package/src/{layer1 → detect/secrets}/index.ts +31 -30
  801. package/src/{layer1 → detect/secrets}/patterns.ts +10 -3
  802. package/src/{layer1 → detect/secrets}/weak-crypto.ts +7 -2
  803. package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +23 -11
  804. package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +1 -1
  805. package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +47 -24
  806. package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
  807. package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +2 -2
  808. package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +1 -1
  809. package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
  810. package/src/{layer2 → detect/structural}/dangerous-functions/utils/control-flow.ts +2 -2
  811. package/src/{layer2 → detect/structural}/data-exposure.ts +11 -3
  812. package/src/{layer2 → detect/structural}/framework-checks.ts +10 -11
  813. package/src/{layer2 → detect/structural}/index.ts +80 -77
  814. package/src/detect/structural/log-injection.ts +254 -0
  815. package/src/{layer2 → detect/structural}/logic-gates.ts +13 -5
  816. package/src/{layer2 → detect/structural}/risky-imports.ts +7 -3
  817. package/src/detect/structural/security-headers.ts +231 -0
  818. package/src/detect/structural/ssrf-detection.ts +300 -0
  819. package/src/{layer2 → detect/structural}/variables.ts +7 -3
  820. package/src/detect/structural/xxe-detection.ts +295 -0
  821. package/src/index.ts +39 -1291
  822. package/src/{utils → model}/auth-helper-detector.ts +1 -1
  823. package/src/model/cross-file-taint.ts +374 -0
  824. package/src/model/framework-models/django.ts +82 -0
  825. package/src/model/framework-models/express.ts +54 -0
  826. package/src/model/framework-models/index.ts +116 -0
  827. package/src/model/framework-models/nextjs.ts +69 -0
  828. package/src/model/framework-models/prisma.ts +57 -0
  829. package/src/model/framework-models/react.ts +63 -0
  830. package/src/model/framework-models/sequelize.ts +63 -0
  831. package/src/model/framework-models/types.ts +46 -0
  832. package/src/model/function-classifier.ts +184 -0
  833. package/src/model/import-resolver.ts +453 -0
  834. package/src/{utils → model}/imported-auth-detector.ts +21 -85
  835. package/src/model/index.ts +353 -0
  836. package/src/{utils → model}/middleware-detector.ts +156 -17
  837. package/src/model/module-graph.ts +254 -0
  838. package/src/{utils → model}/oauth-flow-detector.ts +1 -1
  839. package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
  840. package/src/model/route-auth-resolver.ts +216 -0
  841. package/src/model/route-discovery/express.ts +251 -0
  842. package/src/model/route-discovery/index.ts +83 -0
  843. package/src/model/route-discovery/nextjs.ts +216 -0
  844. package/src/model/route-discovery/python.ts +214 -0
  845. package/src/model/route-discovery/types.ts +48 -0
  846. package/src/model/route-discovery/utils.ts +54 -0
  847. package/src/model/sanitiser-detection.ts +268 -0
  848. package/src/model/sink-matcher.ts +178 -0
  849. package/src/model/sink-patterns.ts +109 -0
  850. package/src/model/source-discovery.ts +209 -0
  851. package/src/model/taint-tracker.ts +333 -0
  852. package/src/model/taint-types.ts +149 -0
  853. package/src/{utils → model}/trpc-analyzer.ts +1 -1
  854. package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +54 -0
  855. package/src/{utils → parse}/path-exclusions.ts +1 -1
  856. package/src/pipeline/config.ts +81 -0
  857. package/src/pipeline/index.ts +437 -0
  858. package/src/{modes → pipeline/modes}/incremental.ts +5 -5
  859. package/src/postprocess/aggregation.ts +74 -0
  860. package/src/postprocess/contradictions.ts +128 -0
  861. package/src/postprocess/dedup.ts +62 -0
  862. package/src/{filtering → postprocess/filtering}/__tests__/pipeline.test.ts +1 -1
  863. package/src/{filtering → postprocess/filtering}/context-adjustments.ts +2 -2
  864. package/src/{filtering → postprocess/filtering}/pipeline.ts +2 -2
  865. package/src/postprocess/index.ts +118 -0
  866. package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
  867. package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
  868. package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
  869. package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
  870. package/src/{suppression → postprocess/suppression}/types.ts +2 -2
  871. package/src/postprocess/validation-cap.ts +66 -0
  872. package/src/report/build-result.ts +94 -0
  873. package/src/report/enrichment.ts +52 -0
  874. package/src/{formatters → report/formatters}/ai-context.ts +1 -1
  875. package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
  876. package/src/{formatters → report/formatters}/github-comment.ts +1 -1
  877. package/src/{formatters → report/formatters}/grouping.ts +8 -8
  878. package/src/{formatters → report/formatters}/ide/claude-code.ts +1 -1
  879. package/src/{formatters → report/formatters}/ide/cursor.ts +1 -1
  880. package/src/{formatters → report/formatters}/ide/windsurf.ts +1 -1
  881. package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
  882. package/src/report/summary.ts +70 -0
  883. package/src/score/adjustments.ts +387 -0
  884. package/src/{layer3/anthropic → score}/auto-dismiss.ts +15 -14
  885. package/src/score/confidence.ts +66 -0
  886. package/src/score/index.ts +316 -0
  887. package/src/score/types.ts +187 -0
  888. package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
  889. package/src/{baseline → shared/baseline}/diff.ts +1 -1
  890. package/src/{baseline → shared/baseline}/manager.ts +1 -1
  891. package/src/{category-filter.ts → shared/category-filter.ts} +1 -1
  892. package/src/{utils → shared}/code-analysis.ts +1 -1
  893. package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
  894. package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
  895. package/src/{rules → shared/rules}/metadata.ts +94 -0
  896. package/src/{types.ts → shared/types.ts} +22 -5
  897. package/src/tiers.ts +18 -1
  898. package/src/validate/__tests__/context-extractor.test.ts +191 -0
  899. package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
  900. package/src/validate/__tests__/request-builder.test.ts +347 -0
  901. package/src/{layer3/anthropic → validate}/index.ts +8 -7
  902. package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
  903. package/src/validate/prompts/modules/ai-patterns.ts +153 -0
  904. package/src/validate/prompts/modules/auth-access.ts +22 -0
  905. package/src/validate/prompts/modules/common.ts +183 -0
  906. package/src/validate/prompts/modules/index.ts +204 -0
  907. package/src/validate/prompts/modules/owasp-classic.ts +81 -0
  908. package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
  909. package/src/validate/prompts/modules/xss-prompt.ts +19 -0
  910. package/src/validate/prompts/validation.ts +20 -0
  911. package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
  912. package/src/validate/providers/index.ts +8 -0
  913. package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
  914. package/src/validate/request-builder.ts +448 -0
  915. package/src/{layer3/anthropic → validate}/types.ts +1 -1
  916. package/src/validate/utils/context-extractor.ts +220 -0
  917. package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
  918. package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
  919. package/src/layer3/anthropic/prompts/validation.ts +0 -419
  920. package/src/layer3/anthropic/providers/index.ts +0 -8
  921. package/src/layer3/anthropic/request-builder.ts +0 -150
  922. package/src/layer3/index.ts +0 -168
  923. /package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
  924. /package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
  925. /package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
  926. /package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
  927. /package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
  928. /package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +0 -0
  929. /package/src/{utils → model}/route-hierarchy.ts +0 -0
  930. /package/src/{filtering → postprocess/filtering}/index.ts +0 -0
  931. /package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
  932. /package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
  933. /package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
  934. /package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
  935. /package/src/{suppression → postprocess/suppression}/index.ts +0 -0
  936. /package/src/{formatters → report/formatters}/__tests__/ai-context.test.ts +0 -0
  937. /package/src/{formatters → report/formatters}/ide/__tests__/ide.test.ts +0 -0
  938. /package/src/{formatters → report/formatters}/ide/index.ts +0 -0
  939. /package/src/{formatters → report/formatters}/index.ts +0 -0
  940. /package/src/{utils → shared}/__tests__/code-analysis.test.ts +0 -0
  941. /package/src/{utils → shared}/__tests__/parsed-file.test.ts +0 -0
  942. /package/src/{ai-context → shared/ai-context}/__tests__/manager.test.ts +0 -0
  943. /package/src/{ai-context → shared/ai-context}/index.ts +0 -0
  944. /package/src/{ai-context → shared/ai-context}/manager.ts +0 -0
  945. /package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +0 -0
  946. /package/src/{baseline → shared/baseline}/index.ts +0 -0
  947. /package/src/{baseline → shared/baseline}/types.ts +0 -0
  948. /package/src/{utils → shared}/comment-analyzer.ts +0 -0
  949. /package/src/{utils → shared}/diff-detector.ts +0 -0
  950. /package/src/{utils → shared}/diff-parser.ts +0 -0
  951. /package/src/{utils → shared}/environment-context.ts +0 -0
  952. /package/src/{utils → shared}/intent-detector.ts +0 -0
  953. /package/src/{utils → shared}/parsed-file.ts +0 -0
  954. /package/src/{utils → shared}/registry-clients.ts +0 -0
  955. /package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
  956. /package/src/{rules → shared/rules}/index.ts +0 -0
  957. /package/src/{utils → shared}/schema-semantics.ts +0 -0
  958. /package/src/{layer3/anthropic → validate}/clients.ts +0 -0
  959. /package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
  960. /package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
  961. /package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0
package/src/postprocess/dedup.ts ADDED
@@ -0,0 +1,62 @@
1
+ /**
2
+ * Deduplication — Remove duplicate vulnerabilities.
3
+ *
4
+ * Handles standard dedup (same file, line, category) and cross-layer URL dedup
5
+ * (e.g., Layer 1 sensitive_url + Layer 2 ai_pattern on same line).
6
+ */
7
+
8
+ import type { Vulnerability } from '../shared/types'
9
+ import { severityRank, confidenceRank } from '../shared/parsed-file'
10
+
11
+ /**
12
+ * Remove duplicate vulnerabilities (same file, line, category)
13
+ * Also handles cross-layer URL duplicates (sensitive_url + ai_pattern)
14
+ */
15
+ export function deduplicateVulnerabilities(vulnerabilities: Vulnerability[]): Vulnerability[] {
16
+ const seen = new Map<string, Vulnerability>()
17
+ const urlDedupMap = new Map<string, Vulnerability>()
18
+
19
+ for (const vuln of vulnerabilities) {
20
+ // Special handling for URL duplicates across layers
21
+ // (e.g., Layer 1 detects as sensitive_url, Layer 2 detects as ai_pattern on same line)
22
+ // Route based on category, not lineContent regex — a sensitive_url finding is a URL
23
+ // finding regardless of what scheme appears in the line content.
24
+ if (vuln.category === 'sensitive_url' || vuln.category === 'ai_pattern') {
25
+
26
+ // Create compound key that ignores category differences for URLs
27
+ const urlKey = `${vuln.filePath}:${vuln.lineNumber}:url_finding`
28
+ const existing = urlDedupMap.get(urlKey)
29
+
30
+ if (!existing) {
31
+ urlDedupMap.set(urlKey, vuln)
32
+ } else {
33
+ // Keep Layer 1 (more specific) over Layer 2 AI pattern
34
+ // Or keep higher severity
35
+ if (vuln.layer < existing.layer ||
36
+ severityRank(vuln.severity) > severityRank(existing.severity)) {
37
+ urlDedupMap.set(urlKey, vuln)
38
+ }
39
+ }
40
+ continue
41
+ }
42
+
43
+ // Standard deduplication for non-URL findings
44
+ const key = `${vuln.filePath}:${vuln.lineNumber}:${vuln.category}`
45
+ const existing = seen.get(key)
46
+
47
+ // Keep the higher severity or higher confidence finding
48
+ if (!existing) {
49
+ seen.set(key, vuln)
50
+ } else if (severityRank(vuln.severity) > severityRank(existing.severity)) {
51
+ seen.set(key, vuln)
52
+ } else if (
53
+ severityRank(vuln.severity) === severityRank(existing.severity) &&
54
+ confidenceRank(vuln.confidence) > confidenceRank(existing.confidence)
55
+ ) {
56
+ seen.set(key, vuln)
57
+ }
58
+ }
59
+
60
+ // Combine URL and non-URL findings
61
+ return [...Array.from(seen.values()), ...Array.from(urlDedupMap.values())]
62
+ }
package/src/{filtering → postprocess/filtering}/__tests__/pipeline.test.ts RENAMED
@@ -128,7 +128,7 @@ describe('FilterPipeline', () => {
128
128
  const stats = pipeline.getSummaryStats()
129
129
 
130
130
  expect(stats.auto_dismiss.dismissed).toBe(0)
131
- expect(stats.tier_filter.kept).toBe(0)
131
+ expect(stats.confidence_scoring.kept).toBe(0)
132
132
  })
133
133
  })
134
134
  })
package/src/{filtering → postprocess/filtering}/context-adjustments.ts RENAMED
@@ -9,8 +9,8 @@
9
9
  * all context-based severity downgrades in one place.
10
10
  */
11
11
 
12
- import type { Vulnerability } from '../types'
13
- import type { FileContext } from '../utils/context-helpers'
12
+ import type { Vulnerability } from '../../shared/types'
13
+ import type { FileContext } from '../../parse/file-classifier'
14
14
 
15
15
  /** Categories that are expected and not risky in tooling directories */
16
16
  const TOOLING_DOWNGRADABLE_CATEGORIES = [
package/src/{filtering → postprocess/filtering}/pipeline.ts RENAMED
@@ -13,7 +13,7 @@ export type FilterStage =
13
13
  | 'localhost_aggregation'
14
14
  | 'noisy_aggregation'
15
15
  | 'auto_dismiss'
16
- | 'tier_filter'
16
+ | 'confidence_scoring'
17
17
  | 'ai_validation'
18
18
  | 'global_context'
19
19
  | 'contradiction_resolution'
@@ -99,7 +99,7 @@ export class FilterPipeline {
99
99
  'localhost_aggregation',
100
100
  'noisy_aggregation',
101
101
  'auto_dismiss',
102
- 'tier_filter',
102
+ 'confidence_scoring',
103
103
  'ai_validation',
104
104
  'global_context',
105
105
  'contradiction_resolution',
package/src/postprocess/index.ts ADDED
@@ -0,0 +1,118 @@
1
+ /**
2
+ * Postprocessing Pipeline — Runs the full postprocessing chain on findings.
3
+ *
4
+ * Dedup → context adjustments → contradiction resolution → suppression.
5
+ * Records audit decisions for each sub-step via FilterPipeline.
6
+ */
7
+
8
+ import type { Vulnerability, ScanFile } from '../shared/types'
9
+ import type { MiddlewareAuthConfig } from '../model/middleware-detector'
10
+ import type { FilterPipeline } from './filtering/pipeline'
11
+ import type { SuppressionResult } from './suppression/types'
12
+ import { deduplicateVulnerabilities } from './dedup'
13
+ import { applyContextAdjustments } from './filtering/context-adjustments'
14
+ import { resolveContradictions } from './contradictions'
15
+ import { SuppressionManager } from './suppression'
16
+
17
+ export interface PostprocessInput {
18
+ /** Raw findings to postprocess */
19
+ findings: Vulnerability[]
20
+ /** Source files (for inline suppression parsing) */
21
+ files: ScanFile[]
22
+ /** Middleware config for contradiction resolution */
23
+ middlewareConfig?: MiddlewareAuthConfig
24
+ /** Project path for suppression config loading */
25
+ projectPath?: string
26
+ /** FilterPipeline for audit recording */
27
+ filterPipeline: FilterPipeline
28
+ /** Whether to show suppressed findings */
29
+ showSuppressed?: boolean
30
+ }
31
+
32
+ export interface PostprocessResult {
33
+ /** Findings after all postprocessing */
34
+ findings: Vulnerability[]
35
+ /** Suppression result (for stats and suppressed findings) */
36
+ suppressionResult: SuppressionResult
37
+ }
38
+
39
+ const fid = (v: Pick<Vulnerability, 'filePath' | 'lineNumber' | 'category'>) =>
40
+ `${v.filePath}:${v.lineNumber}:${v.category}`
41
+
42
+ /**
43
+ * Run the full postprocessing chain on findings.
44
+ *
45
+ * Pipeline: dedup → context adjustments → contradiction resolution → suppression
46
+ */
47
+ export function postprocessFindings(input: PostprocessInput): PostprocessResult {
48
+ const {
49
+ findings,
50
+ files,
51
+ middlewareConfig,
52
+ projectPath,
53
+ filterPipeline,
54
+ } = input
55
+
56
+ // 1. Deduplicate vulnerabilities
57
+ const uniqueVulnerabilities = deduplicateVulnerabilities(findings)
58
+ if (filterPipeline.isEnabled) {
59
+ const uniqueIds = new Set(uniqueVulnerabilities.map(fid))
60
+ for (const v of findings) {
61
+ if (!uniqueIds.has(fid(v))) {
62
+ filterPipeline.record(fid(v), { stage: 'deduplication', action: 'deduplicated', reason: 'Duplicate finding removed' })
63
+ }
64
+ }
65
+ }
66
+
67
+ // 2. Apply file context-based severity adjustments (Phase 2b)
68
+ const contextAdjustedVulnerabilities = applyContextAdjustments(uniqueVulnerabilities)
69
+ if (filterPipeline.isEnabled) {
70
+ for (let i = 0; i < uniqueVulnerabilities.length; i++) {
71
+ const before = uniqueVulnerabilities[i]
72
+ const after = contextAdjustedVulnerabilities[i]
73
+ if (before.severity !== after.severity) {
74
+ filterPipeline.record(fid(after), { stage: 'global_context', action: 'downgraded', reason: after.validationNotes || 'Context-based severity downgrade', originalSeverity: before.severity, newSeverity: after.severity })
75
+ }
76
+ }
77
+ }
78
+
79
+ // 3. Resolve contradictions
80
+ const resolvedVulnerabilities = resolveContradictions(contextAdjustedVulnerabilities, middlewareConfig)
81
+ if (filterPipeline.isEnabled) {
82
+ const resolvedIds = new Set(resolvedVulnerabilities.map(fid))
83
+ for (const v of contextAdjustedVulnerabilities) {
84
+ if (!resolvedIds.has(fid(v))) {
85
+ filterPipeline.record(fid(v), { stage: 'contradiction_resolution', action: 'dismissed', reason: 'Removed by contradiction resolution' })
86
+ }
87
+ }
88
+ for (let i = 0; i < contextAdjustedVulnerabilities.length; i++) {
89
+ const before = contextAdjustedVulnerabilities[i]
90
+ const after = resolvedVulnerabilities.find(v => fid(v) === fid(before))
91
+ if (after && before.severity !== after.severity) {
92
+ filterPipeline.record(fid(after), { stage: 'contradiction_resolution', action: 'downgraded', reason: 'Downgraded by contradiction resolution', originalSeverity: before.severity, newSeverity: after.severity })
93
+ }
94
+ }
95
+ }
96
+
97
+ // 4. Apply suppressions (inline comments + config file)
98
+ const resolvedProjectPath = projectPath || process.cwd()
99
+ const suppressionManager = new SuppressionManager({ projectPath: resolvedProjectPath })
100
+ const suppressionResult = suppressionManager.applySuppressions(resolvedVulnerabilities, files)
101
+
102
+ if (filterPipeline.isEnabled) {
103
+ for (const s of suppressionResult.suppressed) {
104
+ filterPipeline.record(fid(s.vulnerability), { stage: 'user_suppression', action: 'suppressed', reason: s.suppression.reason || `Suppressed by ${s.suppression.type}` })
105
+ }
106
+ }
107
+
108
+ return {
109
+ findings: suppressionResult.findings,
110
+ suppressionResult,
111
+ }
112
+ }
113
+
114
+ // Re-export sub-modules for direct access
115
+ export { deduplicateVulnerabilities } from './dedup'
116
+ export { aggregateNoisyFindings } from './aggregation'
117
+ export { resolveContradictions } from './contradictions'
118
+ export { capValidationCandidatesPerFile, MAX_VALIDATION_CANDIDATES_PER_FILE } from './validation-cap'
package/src/{suppression → postprocess/suppression}/config-loader.ts RENAMED
@@ -15,7 +15,7 @@ import {
15
15
  SUPPRESSION_CONFIG_FILES,
16
16
  DEFAULT_SUPPRESSION_CONFIG,
17
17
  } from './types'
18
- import type { VulnerabilityCategory } from '../types'
18
+ import type { VulnerabilityCategory } from '../../shared/types'
19
19
 
20
20
  /**
21
21
  * Result of loading suppression config
package/src/{suppression → postprocess/suppression}/hash.ts RENAMED
@@ -4,7 +4,7 @@
4
4
  */
5
5
 
6
6
  import { createHash } from 'crypto'
7
- import type { Vulnerability } from '../types'
7
+ import type { Vulnerability } from '../../shared/types'
8
8
 
9
9
  /**
10
10
  * Normalize a file path for hashing
package/src/{suppression → postprocess/suppression}/inline-parser.ts RENAMED
@@ -4,7 +4,7 @@
4
4
  */
5
5
 
6
6
  import type { InlineSuppression } from './types'
7
- import type { VulnerabilityCategory } from '../types'
7
+ import type { VulnerabilityCategory } from '../../shared/types'
8
8
 
9
9
  /**
10
10
  * Valid suppression comment patterns:
package/src/{suppression → postprocess/suppression}/manager.ts RENAMED
@@ -4,7 +4,7 @@
4
4
  */
5
5
 
6
6
  import { minimatch } from 'minimatch'
7
- import type { Vulnerability, ScanFile } from '../types'
7
+ import type { Vulnerability, ScanFile } from '../../shared/types'
8
8
  import type {
9
9
  SuppressionConfig,
10
10
  SuppressionMatch,
package/src/{suppression → postprocess/suppression}/types.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Defines types for the finding suppression/ignore system
4
4
  */
5
5
 
6
- import type { VulnerabilityCategory, VulnerabilitySeverity } from '../types'
6
+ import type { VulnerabilityCategory, VulnerabilitySeverity } from '../../shared/types'
7
7
 
8
8
  /**
9
9
  * Suppression configuration file structure
@@ -131,7 +131,7 @@ export interface SuppressedVulnerability {
131
131
  */
132
132
  export interface SuppressionResult {
133
133
  /** Findings that passed through (not suppressed) */
134
- findings: import('../types').Vulnerability[]
134
+ findings: import('../../shared/types').Vulnerability[]
135
135
  /** Findings that were suppressed */
136
136
  suppressed: SuppressedVulnerability[]
137
137
  /** Count of expired suppressions (findings reappear) */
package/src/postprocess/validation-cap.ts ADDED
@@ -0,0 +1,66 @@
1
+ /**
2
+ * Validation Cap — Per-file cap on AI validation candidates for cost control.
3
+ *
4
+ * Prioritizes findings by confidence score, severity, and category importance.
5
+ */
6
+
7
+ import type { Vulnerability } from '../shared/types'
8
+ import type { ScoredFinding } from '../score'
9
+ import { severityRank } from '../shared/parsed-file'
10
+
11
+ /** Maximum candidates per file to send to AI validation (cost control) */
12
+ export const MAX_VALIDATION_CANDIDATES_PER_FILE = 10
13
+
14
+ /**
15
+ * Cap validation candidates per file to control AI costs
16
+ * Prioritizes by:
17
+ * 1. Confidence score (higher score = more likely a real finding)
18
+ * 2. Severity (critical > high > medium > low > info)
19
+ * 3. Category importance (secrets/URLs/auth before cosmetic patterns)
20
+ */
21
+ export function capValidationCandidatesPerFile(
22
+ vulnerabilities: Vulnerability[],
23
+ maxPerFile: number = MAX_VALIDATION_CANDIDATES_PER_FILE
24
+ ): Vulnerability[] {
25
+ // Group by file
26
+ const byFile = new Map<string, Vulnerability[]>()
27
+ for (const vuln of vulnerabilities) {
28
+ const existing = byFile.get(vuln.filePath) || []
29
+ existing.push(vuln)
30
+ byFile.set(vuln.filePath, existing)
31
+ }
32
+
33
+ const result: Vulnerability[] = []
34
+
35
+ for (const [, fileVulns] of byFile) {
36
+ // Sort by priority: confidence score descending, then severity, then category
37
+ const sorted = [...fileVulns].sort((a, b) => {
38
+ // Confidence score comparison (higher = higher priority for validation)
39
+ const aScore = (a as ScoredFinding).confidence_score?.score ?? (a.baseConfidence ?? 0.35)
40
+ const bScore = (b as ScoredFinding).confidence_score?.score ?? (b.baseConfidence ?? 0.35)
41
+ const scoreDiff = bScore - aScore
42
+ if (Math.abs(scoreDiff) > 0.01) return scoreDiff
43
+
44
+ // Severity comparison (higher severity = higher priority)
45
+ const severityDiff = severityRank(b.severity) - severityRank(a.severity)
46
+ if (severityDiff !== 0) return severityDiff
47
+
48
+ // Category importance (secrets/URLs/auth before AI patterns)
49
+ const categoryPriority = (v: Vulnerability): number => {
50
+ if (v.category === 'hardcoded_secret') return 10
51
+ if (v.category === 'high_entropy_string') return 9
52
+ if (v.category === 'sensitive_url') return 8
53
+ if (v.category === 'missing_auth') return 7
54
+ if (v.category === 'ai_pattern') return 3
55
+ return 5
56
+ }
57
+ return categoryPriority(b) - categoryPriority(a)
58
+ })
59
+
60
+ // Take top N per file
61
+ const capped = sorted.slice(0, maxPerFile)
62
+ result.push(...capped)
63
+ }
64
+
65
+ return result
66
+ }
package/src/report/build-result.ts ADDED
@@ -0,0 +1,94 @@
1
+ /**
2
+ * Report Builder — Composes the final ScanResult from processed findings.
3
+ *
4
+ * Encapsulates sorting, counting, suppressed-summary building, and result
5
+ * object construction.
6
+ */
7
+
8
+ import type {
9
+ ScanResult,
10
+ Vulnerability,
11
+ SuppressedVulnerabilitySummary,
12
+ } from '../shared/types'
13
+ import type { ValidationStats } from '../validate'
14
+ import type { SuppressionResult } from '../postprocess/suppression/types'
15
+ import type { FilterPipeline } from '../postprocess/filtering/pipeline'
16
+ import { sortBySeverity, computeSeverityCounts, computeCategoryCounts } from './summary'
17
+
18
+ export interface BuildScanResultInput {
19
+ repoInfo: { name: string; url: string; branch: string }
20
+ files: { length: number }
21
+ findings: Vulnerability[]
22
+ suppressionResult: SuppressionResult
23
+ startTime: number
24
+ validationStats?: ValidationStats
25
+ showSuppressed?: boolean
26
+ filterPipeline?: FilterPipeline
27
+ cancelled?: boolean
28
+ cancelReason?: string
29
+ }
30
+
31
+ /**
32
+ * Build the final ScanResult from postprocessed findings.
33
+ */
34
+ export function buildScanResult(input: BuildScanResultInput): ScanResult {
35
+ const {
36
+ repoInfo,
37
+ files,
38
+ findings,
39
+ suppressionResult,
40
+ startTime,
41
+ validationStats,
42
+ showSuppressed,
43
+ filterPipeline,
44
+ cancelled,
45
+ cancelReason,
46
+ } = input
47
+
48
+ // Use the filtered findings (after suppression)
49
+ const afterSuppression = suppressionResult.findings
50
+
51
+ // Sort by severity
52
+ const sortedVulnerabilities = sortBySeverity(afterSuppression)
53
+
54
+ // Compute issue-mix counts (based on unsuppressed findings)
55
+ const severityCounts = computeSeverityCounts(sortedVulnerabilities)
56
+ const categoryCounts = computeCategoryCounts(sortedVulnerabilities)
57
+ const hasBlockingIssues = severityCounts.critical > 0 || severityCounts.high > 0
58
+
59
+ // Build suppressed vulnerabilities summary (for --show-suppressed)
60
+ const suppressedVulnerabilities: SuppressedVulnerabilitySummary[] | undefined = showSuppressed
61
+ ? suppressionResult.suppressed.map(s => ({
62
+ hash: s.suppression.hash,
63
+ filePath: s.vulnerability.filePath,
64
+ lineNumber: s.vulnerability.lineNumber,
65
+ category: s.vulnerability.category,
66
+ severity: s.vulnerability.severity,
67
+ title: s.vulnerability.title,
68
+ suppressionType: s.suppression.type,
69
+ suppressionReason: s.suppression.reason,
70
+ expires: s.suppression.expires,
71
+ }))
72
+ : undefined
73
+
74
+ return {
75
+ repoName: repoInfo.name,
76
+ repoUrl: repoInfo.url,
77
+ branch: repoInfo.branch,
78
+ filesScanned: files.length,
79
+ filesSkipped: 0, // TODO: track skipped files
80
+ vulnerabilities: sortedVulnerabilities,
81
+ severityCounts,
82
+ categoryCounts,
83
+ hasBlockingIssues: cancelled ? false : hasBlockingIssues,
84
+ scanDuration: Date.now() - startTime,
85
+ timestamp: new Date().toISOString(),
86
+ validationStats,
87
+ suppressionStats: suppressionResult.suppressed.length > 0 || suppressionResult.expiredSuppressions > 0
88
+ ? suppressionResult.stats
89
+ : undefined,
90
+ suppressedVulnerabilities,
91
+ filterAuditTrail: filterPipeline?.isEnabled ? filterPipeline.getAuditTrail() : undefined,
92
+ ...(cancelled ? { cancelled: true, cancelReason } : {}),
93
+ }
94
+ }
package/src/report/enrichment.ts ADDED
@@ -0,0 +1,52 @@
1
+ /**
2
+ * Report Enrichment — Adds rule registry metadata and framework-specific fixes to findings.
3
+ *
4
+ * Extracted from the orchestrator. Runs after detection + aggregation, before scoring.
5
+ */
6
+
7
+ import type { Vulnerability } from '../shared/types'
8
+ import type { ProjectContext } from '../model/project-context'
9
+ import { getRuleMetadata } from '../shared/rules'
10
+ import { getFrameworkFix } from '../shared/rules/framework-fixes'
11
+
12
+ /**
13
+ * Enrich findings with metadata from the rule registry (PRO-82)
14
+ * Sets default impact, evidence, fixSteps, and references from registry
15
+ *
16
+ * PRO-83: When projectContext is provided, uses framework-aware fix suggestions
17
+ * that are tailored to the user's detected tech stack (e.g., Prisma-specific
18
+ * SQL injection fixes instead of generic advice).
19
+ *
20
+ * These can be overridden later by AI-generated content
21
+ */
22
+ export function enrichWithMetadata(
23
+ findings: Vulnerability[],
24
+ projectContext?: ProjectContext
25
+ ): Vulnerability[] {
26
+ return findings.map(f => {
27
+ const metadata = getRuleMetadata(f.category)
28
+ if (!metadata) return f
29
+
30
+ // PRO-83: Check for framework-specific fix suggestions
31
+ let fixSteps = metadata.fixSteps
32
+ if (projectContext) {
33
+ const frameworkFix = getFrameworkFix(
34
+ f.category,
35
+ projectContext.frameworks,
36
+ projectContext.dataAccess
37
+ )
38
+ if (frameworkFix) {
39
+ fixSteps = frameworkFix.fixSteps
40
+ }
41
+ }
42
+
43
+ return {
44
+ ...f,
45
+ // Set defaults from registry (AI can override later)
46
+ impact: f.impact || metadata.whyItMatters,
47
+ evidence: f.evidence || metadata.evidence,
48
+ fixSteps: f.fixSteps || fixSteps,
49
+ references: f.references || metadata.references,
50
+ }
51
+ })
52
+ }
package/src/{formatters → report/formatters}/ai-context.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Generates structured markdown for AI coding assistants to consume and fix security findings
4
4
  */
5
5
 
6
- import type { ScanResult, Vulnerability, VulnerabilitySeverity } from '../types'
6
+ import type { ScanResult, Vulnerability, VulnerabilitySeverity } from '../../shared/types'
7
7
  import { sortBySeverity } from './grouping'
8
8
 
9
9
  /**
package/src/{formatters → report/formatters}/cli-terminal.ts RENAMED
@@ -3,9 +3,9 @@
3
3
  * Formats scan results with ANSI colors for terminal output
4
4
  */
5
5
 
6
- import type { ScanResult, Vulnerability, VulnerabilitySeverity } from '../types'
6
+ import type { ScanResult, Vulnerability, VulnerabilitySeverity } from '../../shared/types'
7
7
  import { groupByTheme, getBlockingIssues, GroupedFindings, THEME_CONFIG } from './grouping'
8
- import { computeFindingHash } from '../suppression/hash'
8
+ import { computeFindingHash } from '../../postprocess/suppression/hash'
9
9
 
10
10
  /**
11
11
  * ANSI color codes
@@ -110,7 +110,7 @@ function formatFinding(finding: Vulnerability, options: FormatFindingOptions = {
110
110
  output += '\n'
111
111
  } else if (finding.suggestedFix) {
112
112
  // Fallback to legacy suggestedFix field
113
- output += `${indent} ${c(colors.green, '💡 ' + finding.suggestedFix)}\n`
113
+ output += `${indent} ${c(colors.green, finding.suggestedFix)}\n`
114
114
  output += '\n'
115
115
  }
116
116
 
@@ -134,7 +134,7 @@ function formatFinding(finding: Vulnerability, options: FormatFindingOptions = {
134
134
 
135
135
  // AI enhanced indicator
136
136
  if (finding.aiEnhanced) {
137
- output += `${indent} ${c(colors.magenta, 'AI-enhanced fix suggestion')}\n`
137
+ output += `${indent} ${c(colors.magenta, '[AI] Enhanced fix suggestion')}\n`
138
138
  }
139
139
  }
140
140
 
@@ -189,9 +189,9 @@ function formatDiffSummary(baselineDiff: NonNullable<ScanResult['baselineDiff']>
189
189
 
190
190
  output += c(colors.bold, 'Baseline Comparison') + '\n'
191
191
  output += c(colors.dim, '─'.repeat(40)) + '\n'
192
- output += ` 🆕 ${c(colors.yellow, `${baselineDiff.newCount} new`)} findings\n`
193
- output += ` ${c(colors.green, `${baselineDiff.fixedCount} fixed`)} since baseline\n`
194
- output += ` 📋 ${c(colors.dim, `${baselineDiff.existingCount} existing`)} (in baseline)\n`
192
+ output += ` + ${c(colors.yellow, `${baselineDiff.newCount} new`)} findings\n`
193
+ output += ` - ${c(colors.green, `${baselineDiff.fixedCount} fixed`)} since baseline\n`
194
+ output += ` = ${c(colors.dim, `${baselineDiff.existingCount} existing`)} (in baseline)\n`
195
195
  output += '\n'
196
196
 
197
197
  // Format baseline date
@@ -241,11 +241,11 @@ export function formatTerminalOutput(result: ScanResult, options: {
241
241
  // Status
242
242
  if (hasBlockingIssues) {
243
243
  const blocking = severityCounts.critical + severityCounts.high
244
- output += c(colors.bgRed + colors.white + colors.bold, ` 🚨 ${blocking} BLOCKING ISSUES FOUND `) + '\n\n'
244
+ output += c(colors.bgRed + colors.white + colors.bold, ` ! ${blocking} BLOCKING ISSUES FOUND `) + '\n\n'
245
245
  } else if (vulnerabilities.length > 0) {
246
- output += c(colors.yellow, `⚠️ ${vulnerabilities.length} issues found (no blocking issues)`) + '\n\n'
246
+ output += c(colors.yellow, `${vulnerabilities.length} issues found (no blocking issues)`) + '\n\n'
247
247
  } else {
248
- output += c(colors.green, 'No security issues found!') + '\n\n'
248
+ output += c(colors.green, 'No security issues found!') + '\n\n'
249
249
  output += c(colors.dim, `Scanned ${filesScanned} files in ${(scanDuration / 1000).toFixed(1)}s`) + '\n'
250
250
  return output
251
251
  }
@@ -376,7 +376,7 @@ export function formatCompactSummary(
376
376
  if (vulnerabilities.length === 0) {
377
377
  return noColor
378
378
  ? 'No security issues found.'
379
- : c(colors.green, 'No security issues found.')
379
+ : c(colors.green, 'No security issues found.')
380
380
  }
381
381
 
382
382
  // Group by severity
package/src/{formatters → report/formatters}/github-comment.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Formats scan results as markdown for GitHub PR comments
4
4
  */
5
5
 
6
- import type { ScanResult, Vulnerability, VulnerabilitySeverity, VulnerabilityCategory } from '../types'
6
+ import type { ScanResult, Vulnerability, VulnerabilitySeverity, VulnerabilityCategory } from '../../shared/types'
7
7
  import { groupByTheme, limitPerGroup, getBlockingIssues, GroupedFindings } from './grouping'
8
8
 
9
9
  /**
package/src/{formatters → report/formatters}/grouping.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Groups and sorts vulnerabilities for workflow-friendly output
4
4
  */
5
5
 
6
- import type { Vulnerability, VulnerabilitySeverity, VulnerabilityCategory } from '../types'
6
+ import type { Vulnerability, VulnerabilitySeverity, VulnerabilityCategory } from '../../shared/types'
7
7
 
8
8
  /**
9
9
  * Risk themes for grouping findings
@@ -63,13 +63,13 @@ export function getRiskTheme(category: VulnerabilityCategory): RiskTheme {
63
63
  * Theme display names and icons
64
64
  */
65
65
  export const THEME_CONFIG: Record<RiskTheme, { name: string; icon: string; priority: number }> = {
66
- secrets: { name: 'Secrets & Credentials', icon: '🔑', priority: 1 },
67
- injection: { name: 'Injection Vulnerabilities', icon: '💉', priority: 2 },
68
- auth: { name: 'Authentication Issues', icon: '🔒', priority: 3 },
69
- ai: { name: 'AI Security', icon: '🤖', priority: 4 },
70
- config: { name: 'Configuration Issues', icon: '⚙️', priority: 5 },
71
- data: { name: 'Data Exposure', icon: '📊', priority: 6 },
72
- other: { name: 'Other Issues', icon: '⚠️', priority: 7 },
66
+ secrets: { name: 'Secrets & Credentials', icon: '*', priority: 1 },
67
+ injection: { name: 'Injection Vulnerabilities', icon: '*', priority: 2 },
68
+ auth: { name: 'Authentication Issues', icon: '*', priority: 3 },
69
+ ai: { name: 'AI Security', icon: '*', priority: 4 },
70
+ config: { name: 'Configuration Issues', icon: '*', priority: 5 },
71
+ data: { name: 'Data Exposure', icon: '*', priority: 6 },
72
+ other: { name: 'Other Issues', icon: '*', priority: 7 },
73
73
  }
74
74
 
75
75
  /**
package/src/{formatters → report/formatters}/ide/claude-code.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Generates CLAUDE.md section format
4
4
  */
5
5
 
6
- import type { ScanResult, Vulnerability, VulnerabilityCategory } from '../../types'
6
+ import type { ScanResult, Vulnerability, VulnerabilityCategory } from '../../../shared/types'
7
7
  import { sortBySeverity } from '../grouping'
8
8
 
9
9
  /** Start marker for Oculum section in CLAUDE.md */
package/src/{formatters → report/formatters}/ide/cursor.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Generates .cursor/rules/security.mdc format
4
4
  */
5
5
 
6
- import type { ScanResult, Vulnerability } from '../../types'
6
+ import type { ScanResult, Vulnerability } from '../../../shared/types'
7
7
  import { sortBySeverity } from '../grouping'
8
8
 
9
9
  /**
package/src/{formatters → report/formatters}/ide/windsurf.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Generates .windsurfrules format
4
4
  */
5
5
 
6
- import type { ScanResult, Vulnerability, VulnerabilityCategory } from '../../types'
6
+ import type { ScanResult, Vulnerability, VulnerabilityCategory } from '../../../shared/types'
7
7
  import { sortBySeverity } from '../grouping'
8
8
 
9
9
  /**
package/src/{formatters → report/formatters}/vscode-diagnostic.ts RENAMED
@@ -3,7 +3,7 @@
3
3
  * Formats scan results as LSP diagnostic format for VS Code integration
4
4
  */
5
5
 
6
- import type { Vulnerability, VulnerabilitySeverity } from '../types'
6
+ import type { Vulnerability, VulnerabilitySeverity } from '../../shared/types'
7
7
 
8
8
  /**
9
9
  * LSP Diagnostic Severity