npm - @oculum/scanner - Versions diffs - 1.0.12 → 1.0.13 - Mend

@oculum/scanner 1.0.12 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (961) hide show

package/dist/detect/ai-code/agent-tools.d.ts +22 -0
package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
package/dist/detect/ai-code/agent-tools.js +1509 -0
package/dist/detect/ai-code/agent-tools.js.map +1 -0
package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
package/dist/detect/ai-code/byok-patterns.js +313 -0
package/dist/detect/ai-code/byok-patterns.js.map +1 -0
package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
package/dist/detect/ai-code/endpoint-protection.js +349 -0
package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
package/dist/detect/ai-code/execution-sinks.js +1158 -0
package/dist/detect/ai-code/execution-sinks.js.map +1 -0
package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
package/dist/detect/ai-code/fingerprinting.js +665 -0
package/dist/detect/ai-code/fingerprinting.js.map +1 -0
package/dist/detect/ai-code/index.d.ts +12 -0
package/dist/detect/ai-code/index.d.ts.map +1 -0
package/dist/detect/ai-code/index.js +26 -0
package/dist/detect/ai-code/index.js.map +1 -0
package/dist/detect/ai-code/mcp-security.d.ts +20 -0
package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
package/dist/detect/ai-code/mcp-security.js +880 -0
package/dist/detect/ai-code/mcp-security.js.map +1 -0
package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
package/dist/detect/ai-code/model-supply-chain.js +447 -0
package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
package/dist/detect/ai-code/package-hallucination.js +841 -0
package/dist/detect/ai-code/package-hallucination.js.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
package/dist/detect/ai-code/rag-safety.d.ts +24 -0
package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
package/dist/detect/ai-code/rag-safety.js +913 -0
package/dist/detect/ai-code/rag-safety.js.map +1 -0
package/dist/detect/ai-code/schema-validation.d.ts +28 -0
package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
package/dist/detect/ai-code/schema-validation.js +378 -0
package/dist/detect/ai-code/schema-validation.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts +27 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
package/dist/detect/config/agent-skill-injection.js +472 -0
package/dist/detect/config/agent-skill-injection.js.map +1 -0
package/dist/detect/config/comments.d.ts +11 -0
package/dist/detect/config/comments.d.ts.map +1 -0
package/dist/detect/config/comments.js +206 -0
package/dist/detect/config/comments.js.map +1 -0
package/dist/detect/config/file-flags.d.ts +10 -0
package/dist/detect/config/file-flags.d.ts.map +1 -0
package/dist/detect/config/file-flags.js +124 -0
package/dist/detect/config/file-flags.js.map +1 -0
package/dist/detect/config/index.d.ts +7 -0
package/dist/detect/config/index.d.ts.map +1 -0
package/dist/detect/config/index.js +17 -0
package/dist/detect/config/index.js.map +1 -0
package/dist/detect/config/osv-check.d.ts +75 -0
package/dist/detect/config/osv-check.d.ts.map +1 -0
package/dist/detect/config/osv-check.js +309 -0
package/dist/detect/config/osv-check.js.map +1 -0
package/dist/detect/config/package-check.d.ts +63 -0
package/dist/detect/config/package-check.d.ts.map +1 -0
package/dist/detect/config/package-check.js +509 -0
package/dist/detect/config/package-check.js.map +1 -0
package/dist/detect/config/urls.d.ts +11 -0
package/dist/detect/config/urls.d.ts.map +1 -0
package/dist/detect/config/urls.js +450 -0
package/dist/detect/config/urls.js.map +1 -0
package/dist/detect/index.d.ts +37 -0
package/dist/detect/index.d.ts.map +1 -0
package/dist/detect/index.js +77 -0
package/dist/detect/index.js.map +1 -0
package/dist/detect/secrets/config-audit.d.ts +11 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-audit.js +315 -0
package/dist/detect/secrets/config-audit.js.map +1 -0
package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-mcp-audit.js +243 -0
package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
package/dist/detect/secrets/entropy.d.ts +11 -0
package/dist/detect/secrets/entropy.d.ts.map +1 -0
package/dist/detect/secrets/entropy.js +751 -0
package/dist/detect/secrets/entropy.js.map +1 -0
package/dist/detect/secrets/index.d.ts +36 -0
package/dist/detect/secrets/index.d.ts.map +1 -0
package/dist/detect/secrets/index.js +174 -0
package/dist/detect/secrets/index.js.map +1 -0
package/dist/detect/secrets/patterns.d.ts +11 -0
package/dist/detect/secrets/patterns.d.ts.map +1 -0
package/dist/detect/secrets/patterns.js +518 -0
package/dist/detect/secrets/patterns.js.map +1 -0
package/dist/detect/secrets/weak-crypto.d.ts +10 -0
package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
package/dist/detect/secrets/weak-crypto.js +432 -0
package/dist/detect/secrets/weak-crypto.js.map +1 -0
package/dist/detect/structural/auth-patterns.d.ts +22 -0
package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
package/dist/detect/structural/auth-patterns.js +533 -0
package/dist/detect/structural/auth-patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/index.js +1193 -0
package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/detect/structural/data-exposure.d.ts +19 -0
package/dist/detect/structural/data-exposure.d.ts.map +1 -0
package/dist/detect/structural/data-exposure.js +262 -0
package/dist/detect/structural/data-exposure.js.map +1 -0
package/dist/detect/structural/framework-checks.d.ts +10 -0
package/dist/detect/structural/framework-checks.d.ts.map +1 -0
package/dist/detect/structural/framework-checks.js +389 -0
package/dist/detect/structural/framework-checks.js.map +1 -0
package/dist/detect/structural/index.d.ts +71 -0
package/dist/detect/structural/index.d.ts.map +1 -0
package/dist/detect/structural/index.js +510 -0
package/dist/detect/structural/index.js.map +1 -0
package/dist/detect/structural/log-injection.d.ts +18 -0
package/dist/detect/structural/log-injection.d.ts.map +1 -0
package/dist/detect/structural/log-injection.js +217 -0
package/dist/detect/structural/log-injection.js.map +1 -0
package/dist/detect/structural/logic-gates.d.ts +10 -0
package/dist/detect/structural/logic-gates.d.ts.map +1 -0
package/dist/detect/structural/logic-gates.js +227 -0
package/dist/detect/structural/logic-gates.js.map +1 -0
package/dist/detect/structural/risky-imports.d.ts +10 -0
package/dist/detect/structural/risky-imports.d.ts.map +1 -0
package/dist/detect/structural/risky-imports.js +168 -0
package/dist/detect/structural/risky-imports.js.map +1 -0
package/dist/detect/structural/security-headers.d.ts +18 -0
package/dist/detect/structural/security-headers.d.ts.map +1 -0
package/dist/detect/structural/security-headers.js +196 -0
package/dist/detect/structural/security-headers.js.map +1 -0
package/dist/detect/structural/ssrf-detection.d.ts +18 -0
package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
package/dist/detect/structural/ssrf-detection.js +263 -0
package/dist/detect/structural/ssrf-detection.js.map +1 -0
package/dist/detect/structural/variables.d.ts +11 -0
package/dist/detect/structural/variables.d.ts.map +1 -0
package/dist/detect/structural/variables.js +159 -0
package/dist/detect/structural/variables.js.map +1 -0
package/dist/detect/structural/xxe-detection.d.ts +18 -0
package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
package/dist/detect/structural/xxe-detection.js +245 -0
package/dist/detect/structural/xxe-detection.js.map +1 -0
package/dist/index.d.ts +17 -64
package/dist/index.d.ts.map +1 -1
package/dist/index.js +49 -1034
package/dist/index.js.map +1 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +1 -8
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +4 -0
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +50 -1
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/log-injection.d.ts +18 -0
package/dist/layer2/log-injection.d.ts.map +1 -0
package/dist/layer2/log-injection.js +214 -0
package/dist/layer2/log-injection.js.map +1 -0
package/dist/layer2/security-headers.d.ts +18 -0
package/dist/layer2/security-headers.d.ts.map +1 -0
package/dist/layer2/security-headers.js +187 -0
package/dist/layer2/security-headers.js.map +1 -0
package/dist/layer2/ssrf-detection.d.ts +18 -0
package/dist/layer2/ssrf-detection.d.ts.map +1 -0
package/dist/layer2/ssrf-detection.js +252 -0
package/dist/layer2/ssrf-detection.js.map +1 -0
package/dist/layer2/xxe-detection.d.ts +18 -0
package/dist/layer2/xxe-detection.d.ts.map +1 -0
package/dist/layer2/xxe-detection.js +242 -0
package/dist/layer2/xxe-detection.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/index.js +3 -1
package/dist/layer3/anthropic/prompts/index.js.map +1 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/validation.js +14 -410
package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.js +6 -3
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/openai.js +6 -3
package/dist/layer3/anthropic/providers/openai.js.map +1 -1
package/dist/layer3/anthropic/request-builder.d.ts +11 -4
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
package/dist/layer3/anthropic/request-builder.js +32 -16
package/dist/layer3/anthropic/request-builder.js.map +1 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +2 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
package/dist/layer3/anthropic/utils/index.js +4 -1
package/dist/layer3/anthropic/utils/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts +56 -0
package/dist/model/auth-helper-detector.d.ts.map +1 -0
package/dist/model/auth-helper-detector.js +360 -0
package/dist/model/auth-helper-detector.js.map +1 -0
package/dist/model/cross-file-taint.d.ts +40 -0
package/dist/model/cross-file-taint.d.ts.map +1 -0
package/dist/model/cross-file-taint.js +290 -0
package/dist/model/cross-file-taint.js.map +1 -0
package/dist/model/framework-models/django.d.ts +9 -0
package/dist/model/framework-models/django.d.ts.map +1 -0
package/dist/model/framework-models/django.js +82 -0
package/dist/model/framework-models/django.js.map +1 -0
package/dist/model/framework-models/express.d.ts +9 -0
package/dist/model/framework-models/express.d.ts.map +1 -0
package/dist/model/framework-models/express.js +52 -0
package/dist/model/framework-models/express.js.map +1 -0
package/dist/model/framework-models/index.d.ts +20 -0
package/dist/model/framework-models/index.d.ts.map +1 -0
package/dist/model/framework-models/index.js +102 -0
package/dist/model/framework-models/index.js.map +1 -0
package/dist/model/framework-models/nextjs.d.ts +9 -0
package/dist/model/framework-models/nextjs.d.ts.map +1 -0
package/dist/model/framework-models/nextjs.js +71 -0
package/dist/model/framework-models/nextjs.js.map +1 -0
package/dist/model/framework-models/prisma.d.ts +10 -0
package/dist/model/framework-models/prisma.d.ts.map +1 -0
package/dist/model/framework-models/prisma.js +54 -0
package/dist/model/framework-models/prisma.js.map +1 -0
package/dist/model/framework-models/react.d.ts +9 -0
package/dist/model/framework-models/react.d.ts.map +1 -0
package/dist/model/framework-models/react.js +67 -0
package/dist/model/framework-models/react.js.map +1 -0
package/dist/model/framework-models/sequelize.d.ts +9 -0
package/dist/model/framework-models/sequelize.d.ts.map +1 -0
package/dist/model/framework-models/sequelize.js +62 -0
package/dist/model/framework-models/sequelize.js.map +1 -0
package/dist/model/framework-models/types.d.ts +43 -0
package/dist/model/framework-models/types.d.ts.map +1 -0
package/dist/model/framework-models/types.js +10 -0
package/dist/model/framework-models/types.js.map +1 -0
package/dist/model/function-classifier.d.ts +32 -0
package/dist/model/function-classifier.d.ts.map +1 -0
package/dist/model/function-classifier.js +143 -0
package/dist/model/function-classifier.js.map +1 -0
package/dist/model/import-resolver.d.ts +45 -0
package/dist/model/import-resolver.d.ts.map +1 -0
package/dist/model/import-resolver.js +410 -0
package/dist/model/import-resolver.js.map +1 -0
package/dist/model/imported-auth-detector.d.ts +38 -0
package/dist/model/imported-auth-detector.d.ts.map +1 -0
package/dist/model/imported-auth-detector.js +199 -0
package/dist/model/imported-auth-detector.js.map +1 -0
package/dist/model/index.d.ts +63 -0
package/dist/model/index.d.ts.map +1 -0
package/dist/model/index.js +272 -0
package/dist/model/index.js.map +1 -0
package/dist/model/middleware-detector.d.ts +55 -0
package/dist/model/middleware-detector.d.ts.map +1 -0
package/dist/model/middleware-detector.js +382 -0
package/dist/model/middleware-detector.js.map +1 -0
package/dist/model/module-graph.d.ts +46 -0
package/dist/model/module-graph.d.ts.map +1 -0
package/dist/model/module-graph.js +187 -0
package/dist/model/module-graph.js.map +1 -0
package/dist/model/oauth-flow-detector.d.ts +41 -0
package/dist/model/oauth-flow-detector.d.ts.map +1 -0
package/dist/model/oauth-flow-detector.js +202 -0
package/dist/model/oauth-flow-detector.js.map +1 -0
package/dist/model/project-context.d.ts +119 -0
package/dist/model/project-context.d.ts.map +1 -0
package/dist/model/project-context.js +534 -0
package/dist/model/project-context.js.map +1 -0
package/dist/model/route-auth-resolver.d.ts +27 -0
package/dist/model/route-auth-resolver.d.ts.map +1 -0
package/dist/model/route-auth-resolver.js +182 -0
package/dist/model/route-auth-resolver.js.map +1 -0
package/dist/model/route-discovery/express.d.ts +25 -0
package/dist/model/route-discovery/express.d.ts.map +1 -0
package/dist/model/route-discovery/express.js +225 -0
package/dist/model/route-discovery/express.js.map +1 -0
package/dist/model/route-discovery/index.d.ts +21 -0
package/dist/model/route-discovery/index.d.ts.map +1 -0
package/dist/model/route-discovery/index.js +67 -0
package/dist/model/route-discovery/index.js.map +1 -0
package/dist/model/route-discovery/nextjs.d.ts +16 -0
package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
package/dist/model/route-discovery/nextjs.js +179 -0
package/dist/model/route-discovery/nextjs.js.map +1 -0
package/dist/model/route-discovery/python.d.ts +16 -0
package/dist/model/route-discovery/python.d.ts.map +1 -0
package/dist/model/route-discovery/python.js +181 -0
package/dist/model/route-discovery/python.js.map +1 -0
package/dist/model/route-discovery/types.d.ts +36 -0
package/dist/model/route-discovery/types.d.ts.map +1 -0
package/dist/model/route-discovery/types.js +16 -0
package/dist/model/route-discovery/types.js.map +1 -0
package/dist/model/route-discovery/utils.d.ts +18 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -0
package/dist/model/route-discovery/utils.js +55 -0
package/dist/model/route-discovery/utils.js.map +1 -0
package/dist/model/route-hierarchy.d.ts +50 -0
package/dist/model/route-hierarchy.d.ts.map +1 -0
package/dist/model/route-hierarchy.js +226 -0
package/dist/model/route-hierarchy.js.map +1 -0
package/dist/model/sanitiser-detection.d.ts +27 -0
package/dist/model/sanitiser-detection.d.ts.map +1 -0
package/dist/model/sanitiser-detection.js +224 -0
package/dist/model/sanitiser-detection.js.map +1 -0
package/dist/model/sink-matcher.d.ts +17 -0
package/dist/model/sink-matcher.d.ts.map +1 -0
package/dist/model/sink-matcher.js +141 -0
package/dist/model/sink-matcher.js.map +1 -0
package/dist/model/sink-patterns.d.ts +19 -0
package/dist/model/sink-patterns.d.ts.map +1 -0
package/dist/model/sink-patterns.js +88 -0
package/dist/model/sink-patterns.js.map +1 -0
package/dist/model/source-discovery.d.ts +15 -0
package/dist/model/source-discovery.d.ts.map +1 -0
package/dist/model/source-discovery.js +170 -0
package/dist/model/source-discovery.js.map +1 -0
package/dist/model/taint-tracker.d.ts +21 -0
package/dist/model/taint-tracker.d.ts.map +1 -0
package/dist/model/taint-tracker.js +281 -0
package/dist/model/taint-tracker.js.map +1 -0
package/dist/model/taint-types.d.ts +74 -0
package/dist/model/taint-types.d.ts.map +1 -0
package/dist/model/taint-types.js +9 -0
package/dist/model/taint-types.js.map +1 -0
package/dist/model/trpc-analyzer.d.ts +78 -0
package/dist/model/trpc-analyzer.d.ts.map +1 -0
package/dist/model/trpc-analyzer.js +297 -0
package/dist/model/trpc-analyzer.js.map +1 -0
package/dist/parse/file-classifier.d.ts +228 -0
package/dist/parse/file-classifier.d.ts.map +1 -0
package/dist/parse/file-classifier.js +933 -0
package/dist/parse/file-classifier.js.map +1 -0
package/dist/parse/path-exclusions.d.ts +55 -0
package/dist/parse/path-exclusions.d.ts.map +1 -0
package/dist/parse/path-exclusions.js +224 -0
package/dist/parse/path-exclusions.js.map +1 -0
package/dist/pipeline/config.d.ts +39 -0
package/dist/pipeline/config.d.ts.map +1 -0
package/dist/pipeline/config.js +46 -0
package/dist/pipeline/config.js.map +1 -0
package/dist/pipeline/index.d.ts +34 -0
package/dist/pipeline/index.d.ts.map +1 -0
package/dist/pipeline/index.js +377 -0
package/dist/pipeline/index.js.map +1 -0
package/dist/pipeline/modes/incremental.d.ts +66 -0
package/dist/pipeline/modes/incremental.d.ts.map +1 -0
package/dist/pipeline/modes/incremental.js +200 -0
package/dist/pipeline/modes/incremental.js.map +1 -0
package/dist/postprocess/aggregation.d.ts +14 -0
package/dist/postprocess/aggregation.d.ts.map +1 -0
package/dist/postprocess/aggregation.js +63 -0
package/dist/postprocess/aggregation.js.map +1 -0
package/dist/postprocess/contradictions.d.ts +18 -0
package/dist/postprocess/contradictions.d.ts.map +1 -0
package/dist/postprocess/contradictions.js +99 -0
package/dist/postprocess/contradictions.js.map +1 -0
package/dist/postprocess/dedup.d.ts +13 -0
package/dist/postprocess/dedup.d.ts.map +1 -0
package/dist/postprocess/dedup.js +58 -0
package/dist/postprocess/dedup.js.map +1 -0
package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
package/dist/postprocess/filtering/context-adjustments.js +100 -0
package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
package/dist/postprocess/filtering/index.d.ts +3 -0
package/dist/postprocess/filtering/index.d.ts.map +1 -0
package/dist/postprocess/filtering/index.js +8 -0
package/dist/postprocess/filtering/index.js.map +1 -0
package/dist/postprocess/filtering/pipeline.d.ts +48 -0
package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
package/dist/postprocess/filtering/pipeline.js +76 -0
package/dist/postprocess/filtering/pipeline.js.map +1 -0
package/dist/postprocess/index.d.ts +41 -0
package/dist/postprocess/index.d.ts.map +1 -0
package/dist/postprocess/index.js +85 -0
package/dist/postprocess/index.js.map +1 -0
package/dist/postprocess/suppression/config-loader.d.ts +74 -0
package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
package/dist/postprocess/suppression/config-loader.js +424 -0
package/dist/postprocess/suppression/config-loader.js.map +1 -0
package/dist/postprocess/suppression/hash.d.ts +48 -0
package/dist/postprocess/suppression/hash.d.ts.map +1 -0
package/dist/postprocess/suppression/hash.js +88 -0
package/dist/postprocess/suppression/hash.js.map +1 -0
package/dist/postprocess/suppression/index.d.ts +11 -0
package/dist/postprocess/suppression/index.d.ts.map +1 -0
package/dist/postprocess/suppression/index.js +39 -0
package/dist/postprocess/suppression/index.js.map +1 -0
package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
package/dist/postprocess/suppression/inline-parser.js +218 -0
package/dist/postprocess/suppression/inline-parser.js.map +1 -0
package/dist/postprocess/suppression/manager.d.ts +94 -0
package/dist/postprocess/suppression/manager.d.ts.map +1 -0
package/dist/postprocess/suppression/manager.js +292 -0
package/dist/postprocess/suppression/manager.js.map +1 -0
package/dist/postprocess/suppression/types.d.ts +151 -0
package/dist/postprocess/suppression/types.d.ts.map +1 -0
package/dist/postprocess/suppression/types.js +28 -0
package/dist/postprocess/suppression/types.js.map +1 -0
package/dist/postprocess/validation-cap.d.ts +17 -0
package/dist/postprocess/validation-cap.d.ts.map +1 -0
package/dist/postprocess/validation-cap.js +64 -0
package/dist/postprocess/validation-cap.js.map +1 -0
package/dist/report/build-result.d.ts +33 -0
package/dist/report/build-result.d.ts.map +1 -0
package/dist/report/build-result.js +59 -0
package/dist/report/build-result.js.map +1 -0
package/dist/report/enrichment.d.ts +19 -0
package/dist/report/enrichment.d.ts.map +1 -0
package/dist/report/enrichment.js +44 -0
package/dist/report/enrichment.js.map +1 -0
package/dist/report/formatters/ai-context.d.ts +23 -0
package/dist/report/formatters/ai-context.d.ts.map +1 -0
package/dist/report/formatters/ai-context.js +238 -0
package/dist/report/formatters/ai-context.js.map +1 -0
package/dist/report/formatters/cli-terminal.d.ts +65 -0
package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
package/dist/report/formatters/cli-terminal.js +735 -0
package/dist/report/formatters/cli-terminal.js.map +1 -0
package/dist/report/formatters/github-comment.d.ts +41 -0
package/dist/report/formatters/github-comment.d.ts.map +1 -0
package/dist/report/formatters/github-comment.js +370 -0
package/dist/report/formatters/github-comment.js.map +1 -0
package/dist/report/formatters/grouping.d.ts +52 -0
package/dist/report/formatters/grouping.d.ts.map +1 -0
package/dist/report/formatters/grouping.js +152 -0
package/dist/report/formatters/grouping.js.map +1 -0
package/dist/report/formatters/ide/claude-code.d.ts +17 -0
package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/report/formatters/ide/claude-code.js +94 -0
package/dist/report/formatters/ide/claude-code.js.map +1 -0
package/dist/report/formatters/ide/cursor.d.ts +13 -0
package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
package/dist/report/formatters/ide/cursor.js +125 -0
package/dist/report/formatters/ide/cursor.js.map +1 -0
package/dist/report/formatters/ide/index.d.ts +62 -0
package/dist/report/formatters/ide/index.d.ts.map +1 -0
package/dist/report/formatters/ide/index.js +184 -0
package/dist/report/formatters/ide/index.js.map +1 -0
package/dist/report/formatters/ide/windsurf.d.ts +13 -0
package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/report/formatters/ide/windsurf.js +117 -0
package/dist/report/formatters/ide/windsurf.js.map +1 -0
package/dist/report/formatters/index.d.ts +11 -0
package/dist/report/formatters/index.d.ts.map +1 -0
package/dist/report/formatters/index.js +54 -0
package/dist/report/formatters/index.js.map +1 -0
package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/report/formatters/vscode-diagnostic.js +151 -0
package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
package/dist/report/summary.d.ts +27 -0
package/dist/report/summary.d.ts.map +1 -0
package/dist/report/summary.js +57 -0
package/dist/report/summary.js.map +1 -0
package/dist/rules/metadata.d.ts.map +1 -1
package/dist/rules/metadata.js +66 -0
package/dist/rules/metadata.js.map +1 -1
package/dist/score/adjustments.d.ts +22 -0
package/dist/score/adjustments.d.ts.map +1 -0
package/dist/score/adjustments.js +373 -0
package/dist/score/adjustments.js.map +1 -0
package/dist/score/auto-dismiss.d.ts +28 -0
package/dist/score/auto-dismiss.d.ts.map +1 -0
package/dist/score/auto-dismiss.js +200 -0
package/dist/score/auto-dismiss.js.map +1 -0
package/dist/score/confidence.d.ts +19 -0
package/dist/score/confidence.d.ts.map +1 -0
package/dist/score/confidence.js +52 -0
package/dist/score/confidence.js.map +1 -0
package/dist/score/index.d.ts +61 -0
package/dist/score/index.d.ts.map +1 -0
package/dist/score/index.js +250 -0
package/dist/score/index.js.map +1 -0
package/dist/score/types.d.ts +160 -0
package/dist/score/types.d.ts.map +1 -0
package/dist/score/types.js +14 -0
package/dist/score/types.js.map +1 -0
package/dist/shared/ai-context/index.d.ts +6 -0
package/dist/shared/ai-context/index.d.ts.map +1 -0
package/dist/shared/ai-context/index.js +13 -0
package/dist/shared/ai-context/index.js.map +1 -0
package/dist/shared/ai-context/manager.d.ts +67 -0
package/dist/shared/ai-context/manager.d.ts.map +1 -0
package/dist/shared/ai-context/manager.js +104 -0
package/dist/shared/ai-context/manager.js.map +1 -0
package/dist/shared/baseline/diff.d.ts +32 -0
package/dist/shared/baseline/diff.d.ts.map +1 -0
package/dist/shared/baseline/diff.js +119 -0
package/dist/shared/baseline/diff.js.map +1 -0
package/dist/shared/baseline/index.d.ts +9 -0
package/dist/shared/baseline/index.d.ts.map +1 -0
package/dist/shared/baseline/index.js +19 -0
package/dist/shared/baseline/index.js.map +1 -0
package/dist/shared/baseline/manager.d.ts +67 -0
package/dist/shared/baseline/manager.d.ts.map +1 -0
package/dist/shared/baseline/manager.js +180 -0
package/dist/shared/baseline/manager.js.map +1 -0
package/dist/shared/baseline/types.d.ts +91 -0
package/dist/shared/baseline/types.d.ts.map +1 -0
package/dist/shared/baseline/types.js +12 -0
package/dist/shared/baseline/types.js.map +1 -0
package/dist/shared/category-filter.d.ts +125 -0
package/dist/shared/category-filter.d.ts.map +1 -0
package/dist/shared/category-filter.js +360 -0
package/dist/shared/category-filter.js.map +1 -0
package/dist/shared/code-analysis.d.ts +39 -0
package/dist/shared/code-analysis.d.ts.map +1 -0
package/dist/shared/code-analysis.js +159 -0
package/dist/shared/code-analysis.js.map +1 -0
package/dist/shared/comment-analyzer.d.ts +38 -0
package/dist/shared/comment-analyzer.d.ts.map +1 -0
package/dist/shared/comment-analyzer.js +218 -0
package/dist/shared/comment-analyzer.js.map +1 -0
package/dist/shared/diff-detector.d.ts +53 -0
package/dist/shared/diff-detector.d.ts.map +1 -0
package/dist/shared/diff-detector.js +104 -0
package/dist/shared/diff-detector.js.map +1 -0
package/dist/shared/diff-parser.d.ts +80 -0
package/dist/shared/diff-parser.d.ts.map +1 -0
package/dist/shared/diff-parser.js +202 -0
package/dist/shared/diff-parser.js.map +1 -0
package/dist/shared/environment-context.d.ts +76 -0
package/dist/shared/environment-context.d.ts.map +1 -0
package/dist/shared/environment-context.js +271 -0
package/dist/shared/environment-context.js.map +1 -0
package/dist/shared/intent-detector.d.ts +66 -0
package/dist/shared/intent-detector.d.ts.map +1 -0
package/dist/shared/intent-detector.js +282 -0
package/dist/shared/intent-detector.js.map +1 -0
package/dist/shared/parsed-file.d.ts +51 -0
package/dist/shared/parsed-file.d.ts.map +1 -0
package/dist/shared/parsed-file.js +95 -0
package/dist/shared/parsed-file.js.map +1 -0
package/dist/shared/registry-clients.d.ts +93 -0
package/dist/shared/registry-clients.d.ts.map +1 -0
package/dist/shared/registry-clients.js +273 -0
package/dist/shared/registry-clients.js.map +1 -0
package/dist/shared/rules/framework-fixes.d.ts +48 -0
package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
package/dist/shared/rules/framework-fixes.js +439 -0
package/dist/shared/rules/framework-fixes.js.map +1 -0
package/dist/shared/rules/index.d.ts +8 -0
package/dist/shared/rules/index.d.ts.map +1 -0
package/dist/shared/rules/index.js +18 -0
package/dist/shared/rules/index.js.map +1 -0
package/dist/shared/rules/metadata.d.ts +43 -0
package/dist/shared/rules/metadata.d.ts.map +1 -0
package/dist/shared/rules/metadata.js +819 -0
package/dist/shared/rules/metadata.js.map +1 -0
package/dist/shared/schema-semantics.d.ts +45 -0
package/dist/shared/schema-semantics.d.ts.map +1 -0
package/dist/shared/schema-semantics.js +193 -0
package/dist/shared/schema-semantics.js.map +1 -0
package/dist/shared/types.d.ts +337 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +126 -0
package/dist/shared/types.js.map +1 -0
package/dist/tiers.d.ts +2 -2
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +10 -0
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/validate/clients.d.ts +44 -0
package/dist/validate/clients.d.ts.map +1 -0
package/dist/validate/clients.js +81 -0
package/dist/validate/clients.js.map +1 -0
package/dist/validate/index.d.ts +41 -0
package/dist/validate/index.d.ts.map +1 -0
package/dist/validate/index.js +141 -0
package/dist/validate/index.js.map +1 -0
package/dist/validate/prompts/index.d.ts +8 -0
package/dist/validate/prompts/index.d.ts.map +1 -0
package/dist/validate/prompts/index.js +16 -0
package/dist/validate/prompts/index.js.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.js +156 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/validate/prompts/modules/auth-access.js +25 -0
package/dist/validate/prompts/modules/auth-access.js.map +1 -0
package/dist/validate/prompts/modules/common.d.ts +11 -0
package/dist/validate/prompts/modules/common.d.ts.map +1 -0
package/dist/validate/prompts/modules/common.js +186 -0
package/dist/validate/prompts/modules/common.js.map +1 -0
package/dist/validate/prompts/modules/index.d.ts +54 -0
package/dist/validate/prompts/modules/index.d.ts.map +1 -0
package/dist/validate/prompts/modules/index.js +186 -0
package/dist/validate/prompts/modules/index.js.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.js +84 -0
package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.js +22 -0
package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/validate/prompts/semantic-analysis.js +169 -0
package/dist/validate/prompts/semantic-analysis.js.map +1 -0
package/dist/validate/prompts/validation.d.ts +18 -0
package/dist/validate/prompts/validation.d.ts.map +1 -0
package/dist/validate/prompts/validation.js +25 -0
package/dist/validate/prompts/validation.js.map +1 -0
package/dist/validate/providers/anthropic.d.ts +17 -0
package/dist/validate/providers/anthropic.d.ts.map +1 -0
package/dist/validate/providers/anthropic.js +260 -0
package/dist/validate/providers/anthropic.js.map +1 -0
package/dist/validate/providers/index.d.ts +8 -0
package/dist/validate/providers/index.d.ts.map +1 -0
package/dist/validate/providers/index.js +13 -0
package/dist/validate/providers/index.js.map +1 -0
package/dist/validate/providers/openai.d.ts +14 -0
package/dist/validate/providers/openai.d.ts.map +1 -0
package/dist/validate/providers/openai.js +336 -0
package/dist/validate/providers/openai.js.map +1 -0
package/dist/validate/request-builder.d.ts +61 -0
package/dist/validate/request-builder.d.ts.map +1 -0
package/dist/validate/request-builder.js +346 -0
package/dist/validate/request-builder.js.map +1 -0
package/dist/validate/types.d.ts +88 -0
package/dist/validate/types.d.ts.map +1 -0
package/dist/validate/types.js +38 -0
package/dist/validate/types.js.map +1 -0
package/dist/validate/utils/context-extractor.d.ts +55 -0
package/dist/validate/utils/context-extractor.d.ts.map +1 -0
package/dist/validate/utils/context-extractor.js +161 -0
package/dist/validate/utils/context-extractor.js.map +1 -0
package/dist/validate/utils/index.d.ts +11 -0
package/dist/validate/utils/index.d.ts.map +1 -0
package/dist/validate/utils/index.js +27 -0
package/dist/validate/utils/index.js.map +1 -0
package/dist/validate/utils/path-helpers.d.ts +21 -0
package/dist/validate/utils/path-helpers.d.ts.map +1 -0
package/dist/validate/utils/path-helpers.js +69 -0
package/dist/validate/utils/path-helpers.js.map +1 -0
package/dist/validate/utils/response-parser.d.ts +40 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -0
package/dist/validate/utils/response-parser.js +286 -0
package/dist/validate/utils/response-parser.js.map +1 -0
package/dist/validate/utils/retry.d.ts +15 -0
package/dist/validate/utils/retry.d.ts.map +1 -0
package/dist/validate/utils/retry.js +62 -0
package/dist/validate/utils/retry.js.map +1 -0
package/package.json +8 -7
package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +15 -0
package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
package/src/__tests__/benchmark/run-depth-validation.ts +3 -3
package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
package/src/__tests__/benchmark/types.ts +1 -1
package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
package/src/__tests__/category-filter.test.ts +2 -2
package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
package/src/__tests__/context-engine/framework-models.test.ts +457 -0
package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
package/src/__tests__/context-engine/integration.test.ts +320 -0
package/src/__tests__/context-engine/module-graph.test.ts +159 -0
package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
package/src/__tests__/regression/known-false-positives.test.ts +312 -4
package/src/__tests__/score/adjustments.test.ts +385 -0
package/src/__tests__/score/confidence.test.ts +283 -0
package/src/__tests__/score/framework-scoring.test.ts +275 -0
package/src/__tests__/score/route-scoring.test.ts +156 -0
package/src/__tests__/score/scoring-integration.test.ts +165 -0
package/src/__tests__/score/taint-adjustments.test.ts +244 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +37 -49
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -3
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +2 -2
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
package/src/__tests__/validate/route-annotations.test.ts +138 -0
package/src/__tests__/validation/analyze-results.ts +1 -1
package/src/__tests__/validation/extract-for-triage.ts +1 -1
package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +23 -3
package/src/{layer2 → detect/ai-code}/byok-patterns.ts +17 -5
package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +8 -4
package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +8 -4
package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +20 -4
package/src/detect/ai-code/index.ts +11 -0
package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +7 -3
package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +7 -3
package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +18 -3
package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +25 -3
package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +7 -3
package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +7 -3
package/src/detect/config/agent-skill-injection.ts +551 -0
package/src/{layer1 → detect/config}/comments.ts +6 -2
package/src/{layer1 → detect/config}/file-flags.ts +9 -3
package/src/detect/config/index.ts +6 -0
package/src/{layer3 → detect/config}/osv-check.ts +3 -2
package/src/{layer3 → detect/config}/package-check.ts +3 -2
package/src/{layer1 → detect/config}/urls.ts +12 -5
package/src/detect/index.ts +131 -0
package/src/{layer1 → detect/secrets}/config-audit.ts +7 -2
package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +8 -3
package/src/{layer1 → detect/secrets}/entropy.ts +23 -11
package/src/{layer1 → detect/secrets}/index.ts +31 -30
package/src/{layer1 → detect/secrets}/patterns.ts +10 -3
package/src/{layer1 → detect/secrets}/weak-crypto.ts +7 -2
package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +23 -11
package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +1 -1
package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +47 -24
package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +2 -2
package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +1 -1
package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/utils/control-flow.ts +2 -2
package/src/{layer2 → detect/structural}/data-exposure.ts +11 -3
package/src/{layer2 → detect/structural}/framework-checks.ts +10 -11
package/src/{layer2 → detect/structural}/index.ts +80 -77
package/src/detect/structural/log-injection.ts +254 -0
package/src/{layer2 → detect/structural}/logic-gates.ts +13 -5
package/src/{layer2 → detect/structural}/risky-imports.ts +7 -3
package/src/detect/structural/security-headers.ts +231 -0
package/src/detect/structural/ssrf-detection.ts +300 -0
package/src/{layer2 → detect/structural}/variables.ts +7 -3
package/src/detect/structural/xxe-detection.ts +295 -0
package/src/index.ts +39 -1291
package/src/{utils → model}/auth-helper-detector.ts +1 -1
package/src/model/cross-file-taint.ts +374 -0
package/src/model/framework-models/django.ts +82 -0
package/src/model/framework-models/express.ts +54 -0
package/src/model/framework-models/index.ts +116 -0
package/src/model/framework-models/nextjs.ts +69 -0
package/src/model/framework-models/prisma.ts +57 -0
package/src/model/framework-models/react.ts +63 -0
package/src/model/framework-models/sequelize.ts +63 -0
package/src/model/framework-models/types.ts +46 -0
package/src/model/function-classifier.ts +184 -0
package/src/model/import-resolver.ts +453 -0
package/src/{utils → model}/imported-auth-detector.ts +21 -85
package/src/model/index.ts +353 -0
package/src/{utils → model}/middleware-detector.ts +156 -17
package/src/model/module-graph.ts +254 -0
package/src/{utils → model}/oauth-flow-detector.ts +1 -1
package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
package/src/model/route-auth-resolver.ts +216 -0
package/src/model/route-discovery/express.ts +251 -0
package/src/model/route-discovery/index.ts +83 -0
package/src/model/route-discovery/nextjs.ts +216 -0
package/src/model/route-discovery/python.ts +214 -0
package/src/model/route-discovery/types.ts +48 -0
package/src/model/route-discovery/utils.ts +54 -0
package/src/model/sanitiser-detection.ts +268 -0
package/src/model/sink-matcher.ts +178 -0
package/src/model/sink-patterns.ts +109 -0
package/src/model/source-discovery.ts +209 -0
package/src/model/taint-tracker.ts +333 -0
package/src/model/taint-types.ts +149 -0
package/src/{utils → model}/trpc-analyzer.ts +1 -1
package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +54 -0
package/src/{utils → parse}/path-exclusions.ts +1 -1
package/src/pipeline/config.ts +81 -0
package/src/pipeline/index.ts +437 -0
package/src/{modes → pipeline/modes}/incremental.ts +5 -5
package/src/postprocess/aggregation.ts +74 -0
package/src/postprocess/contradictions.ts +128 -0
package/src/postprocess/dedup.ts +62 -0
package/src/{filtering → postprocess/filtering}/__tests__/pipeline.test.ts +1 -1
package/src/{filtering → postprocess/filtering}/context-adjustments.ts +2 -2
package/src/{filtering → postprocess/filtering}/pipeline.ts +2 -2
package/src/postprocess/index.ts +118 -0
package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
package/src/{suppression → postprocess/suppression}/types.ts +2 -2
package/src/postprocess/validation-cap.ts +66 -0
package/src/report/build-result.ts +94 -0
package/src/report/enrichment.ts +52 -0
package/src/{formatters → report/formatters}/ai-context.ts +1 -1
package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
package/src/{formatters → report/formatters}/github-comment.ts +1 -1
package/src/{formatters → report/formatters}/grouping.ts +8 -8
package/src/{formatters → report/formatters}/ide/claude-code.ts +1 -1
package/src/{formatters → report/formatters}/ide/cursor.ts +1 -1
package/src/{formatters → report/formatters}/ide/windsurf.ts +1 -1
package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
package/src/report/summary.ts +70 -0
package/src/score/adjustments.ts +387 -0
package/src/{layer3/anthropic → score}/auto-dismiss.ts +15 -14
package/src/score/confidence.ts +66 -0
package/src/score/index.ts +316 -0
package/src/score/types.ts +187 -0
package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
package/src/{baseline → shared/baseline}/diff.ts +1 -1
package/src/{baseline → shared/baseline}/manager.ts +1 -1
package/src/{category-filter.ts → shared/category-filter.ts} +1 -1
package/src/{utils → shared}/code-analysis.ts +1 -1
package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
package/src/{rules → shared/rules}/metadata.ts +94 -0
package/src/{types.ts → shared/types.ts} +22 -5
package/src/tiers.ts +18 -1
package/src/validate/__tests__/context-extractor.test.ts +191 -0
package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
package/src/validate/__tests__/request-builder.test.ts +347 -0
package/src/{layer3/anthropic → validate}/index.ts +8 -7
package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
package/src/validate/prompts/modules/ai-patterns.ts +153 -0
package/src/validate/prompts/modules/auth-access.ts +22 -0
package/src/validate/prompts/modules/common.ts +183 -0
package/src/validate/prompts/modules/index.ts +204 -0
package/src/validate/prompts/modules/owasp-classic.ts +81 -0
package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
package/src/validate/prompts/modules/xss-prompt.ts +19 -0
package/src/validate/prompts/validation.ts +20 -0
package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
package/src/validate/providers/index.ts +8 -0
package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
package/src/validate/request-builder.ts +448 -0
package/src/{layer3/anthropic → validate}/types.ts +1 -1
package/src/validate/utils/context-extractor.ts +220 -0
package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
package/src/layer3/anthropic/prompts/validation.ts +0 -419
package/src/layer3/anthropic/providers/index.ts +0 -8
package/src/layer3/anthropic/request-builder.ts +0 -150
package/src/layer3/index.ts +0 -168
/package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
/package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +0 -0
/package/src/{utils → model}/route-hierarchy.ts +0 -0
/package/src/{filtering → postprocess/filtering}/index.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/index.ts +0 -0
/package/src/{formatters → report/formatters}/__tests__/ai-context.test.ts +0 -0
/package/src/{formatters → report/formatters}/ide/__tests__/ide.test.ts +0 -0
/package/src/{formatters → report/formatters}/ide/index.ts +0 -0
/package/src/{formatters → report/formatters}/index.ts +0 -0
/package/src/{utils → shared}/__tests__/code-analysis.test.ts +0 -0
/package/src/{utils → shared}/__tests__/parsed-file.test.ts +0 -0
/package/src/{ai-context → shared/ai-context}/__tests__/manager.test.ts +0 -0
/package/src/{ai-context → shared/ai-context}/index.ts +0 -0
/package/src/{ai-context → shared/ai-context}/manager.ts +0 -0
/package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +0 -0
/package/src/{baseline → shared/baseline}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/types.ts +0 -0
/package/src/{utils → shared}/comment-analyzer.ts +0 -0
/package/src/{utils → shared}/diff-detector.ts +0 -0
/package/src/{utils → shared}/diff-parser.ts +0 -0
/package/src/{utils → shared}/environment-context.ts +0 -0
/package/src/{utils → shared}/intent-detector.ts +0 -0
/package/src/{utils → shared}/parsed-file.ts +0 -0
/package/src/{utils → shared}/registry-clients.ts +0 -0
/package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
/package/src/{rules → shared/rules}/index.ts +0 -0
/package/src/{utils → shared}/schema-semantics.ts +0 -0
/package/src/{layer3/anthropic → validate}/clients.ts +0 -0
/package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0

package/dist/detect/config/comments.js ADDED Viewed

@@ -0,0 +1,206 @@
+"use strict";
+/**
+ * Layer 1: Comment Scanning for AI Patterns
+ * Detects suspicious patterns in code comments that may indicate
+ * prompt injection attempts or AI-generated security bypasses
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectAICommentPatterns = detectAICommentPatterns;
+const BASE_CONFIDENCE = 0.15;
+// Patterns that indicate potential prompt injection or AI manipulation
+const AI_COMMENT_PATTERNS = [
+    // Prompt injection attempts
+    {
+        pattern: /ignore\s+(previous|all|above)\s+instructions?/i,
+        name: 'Prompt Injection Attempt',
+        severity: 'high',
+        description: 'Comment contains prompt injection language that could manipulate AI assistants',
+    },
+    {
+        pattern: /disregard\s+(security|safety|previous|all)/i,
+        name: 'Security Disregard Instruction',
+        severity: 'high',
+        description: 'Comment instructs to disregard security measures',
+    },
+    {
+        pattern: /you\s+are\s+now\s+in\s+(developer|debug|admin)\s+mode/i,
+        name: 'Mode Override Attempt',
+        severity: 'high',
+        description: 'Comment attempts to override AI mode or permissions',
+    },
+    {
+        pattern: /override\s+(security|safety)\s+protocols?/i,
+        name: 'Security Override Instruction',
+        severity: 'high',
+        description: 'Comment instructs to override security protocols',
+    },
+    {
+        pattern: /system:\s*ignore/i,
+        name: 'System Prompt Injection',
+        severity: 'critical',
+        description: 'Comment contains system-level prompt injection',
+    },
+    // Developer instructions to skip security
+    {
+        pattern: /skip\s+(security|validation|sanitization|auth)/i,
+        name: 'Security Skip Instruction',
+        severity: 'medium',
+        description: 'Comment instructs to skip security measures',
+    },
+    {
+        pattern: /don['']?t\s+(validate|sanitize|check|verify)/i,
+        name: 'Validation Skip Instruction',
+        severity: 'medium',
+        description: 'Comment instructs to skip validation',
+    },
+    {
+        pattern: /disable\s+(auth|authentication|authorization|csrf|xss)/i,
+        name: 'Security Disable Instruction',
+        severity: 'high',
+        description: 'Comment instructs to disable security features',
+    },
+    // Security-related TODOs - downgraded as these are often addressed or intentional
+    {
+        pattern: /TODO[:\s].*fix.*security/i,
+        name: 'Security TODO',
+        severity: 'low', // Downgraded from medium
+        description: 'Unresolved security-related TODO comment',
+    },
+    {
+        pattern: /FIXME[:\s].*vulnerab/i,
+        name: 'Vulnerability FIXME',
+        severity: 'medium', // Downgraded from high
+        description: 'Unresolved vulnerability-related FIXME comment',
+    },
+    {
+        pattern: /HACK[:\s].*bypass/i,
+        name: 'Security Bypass HACK',
+        severity: 'medium', // Downgraded from high
+        description: 'Hack comment indicating security bypass',
+    },
+    {
+        pattern: /TODO[:\s].*add\s+(auth|authentication|authorization)/i,
+        name: 'Missing Auth TODO',
+        severity: 'low', // Downgraded from high - often outdated or in test code
+        description: 'TODO indicates authentication may need implementation',
+    },
+    {
+        pattern: /TODO[:\s].*implement\s+(validation|sanitization)/i,
+        name: 'Missing Validation TODO',
+        severity: 'low', // Downgraded from medium
+        description: 'TODO indicates validation may need implementation',
+    },
+    // AI-generated placeholder patterns - downgraded to info (usually harmless)
+    {
+        pattern: /TODO[:\s].*add\s+proper\s+error\s+handling/i,
+        name: 'AI Placeholder: Error Handling',
+        severity: 'info', // Downgraded from low
+        description: 'AI-typical placeholder comment for error handling',
+    },
+    {
+        pattern: /TODO[:\s].*implement\s+proper/i,
+        name: 'AI Placeholder: Implementation',
+        severity: 'info', // Downgraded from low
+        description: 'AI-typical placeholder comment for implementation',
+    },
+    {
+        pattern: /add\s+your\s+(code|logic|implementation)\s+here/i,
+        name: 'AI Placeholder: Code Here',
+        severity: 'info', // Downgraded from low
+        description: 'AI-typical placeholder comment',
+    },
+    // Temporary security bypasses
+    {
+        pattern: /temporary\s+(bypass|workaround|fix).*security/i,
+        name: 'Temporary Security Bypass',
+        severity: 'medium', // Downgraded from high
+        description: 'Comment indicates temporary security bypass that may have become permanent',
+    },
+    {
+        pattern: /remove\s+(before|in)\s+production/i,
+        name: 'Pre-Production Code',
+        severity: 'low', // Downgraded from medium
+        description: 'Comment indicates code should be removed before production',
+    },
+];
+// Extract comments from code
+function extractComments(content) {
+    const comments = [];
+    const lines = content.split('\n');
+    let inBlockComment = false;
+    let blockCommentStart = 0;
+    let blockCommentText = '';
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        // Handle block comments
+        if (inBlockComment) {
+            if (trimmed.includes('*/')) {
+                inBlockComment = false;
+                blockCommentText += ' ' + trimmed.replace(/\*\/.*$/, '');
+                comments.push({
+                    text: blockCommentText,
+                    line: blockCommentStart + 1,
+                    lineContent: lines[blockCommentStart].trim(),
+                });
+                blockCommentText = '';
+            }
+            else {
+                blockCommentText += ' ' + trimmed.replace(/^\*\s*/, '');
+            }
+            continue;
+        }
+        // Start of block comment
+        if (trimmed.includes('/*')) {
+            if (trimmed.includes('*/')) {
+                // Single-line block comment
+                const text = trimmed.replace(/\/\*|\*\//g, '');
+                comments.push({ text, line: i + 1, lineContent: trimmed });
+            }
+            else {
+                inBlockComment = true;
+                blockCommentStart = i;
+                blockCommentText = trimmed.replace(/\/\*/, '');
+            }
+            continue;
+        }
+        // Single-line comments
+        const singleLineMatch = trimmed.match(/\/\/(.*)$|#(.*)$/);
+        if (singleLineMatch) {
+            const text = singleLineMatch[1] || singleLineMatch[2] || '';
+            comments.push({ text, line: i + 1, lineContent: trimmed });
+        }
+    }
+    return comments;
+}
+function detectAICommentPatterns(content, filePath, options) {
+    const vulnerabilities = [];
+    const comments = extractComments(content);
+    for (const comment of comments) {
+        for (const { pattern, name, severity, description } of AI_COMMENT_PATTERNS) {
+            if (pattern.test(comment.text)) {
+                // Most comment-based findings require AI validation to confirm relevance
+                const requiresAIValidation = severity !== 'critical';
+                vulnerabilities.push({
+                    id: `ai-comment-${filePath}-${comment.line}`,
+                    filePath,
+                    lineNumber: comment.line,
+                    lineContent: comment.lineContent,
+                    severity,
+                    category: 'ai_pattern',
+                    title: name,
+                    description,
+                    suggestedFix: 'Review and address this comment. If it indicates a security issue, fix it. If it\'s a prompt injection attempt, remove it.',
+                    confidence: severity === 'critical' || severity === 'high' ? 'high' : 'low', // Lower default confidence
+                    baseConfidence: BASE_CONFIDENCE,
+                    layer: 1,
+                    source: 'config',
+                    requiresAIValidation,
+                });
+                break; // Only report one pattern per comment
+            }
+        }
+    }
+    return vulnerabilities;
+}
+//# sourceMappingURL=comments.js.map

package/dist/detect/config/comments.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"comments.js","sourceRoot":"","sources":["../../../src/detect/config/comments.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAuLH,0DAoCC;AAtND,MAAM,eAAe,GAAG,IAAI,CAAA;AAE5B,uEAAuE;AACvE,MAAM,mBAAmB,GAAG;IAC1B,4BAA4B;IAC5B;QACE,OAAO,EAAE,gDAAgD;QACzD,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,gFAAgF;KAC9F;IACD;QACE,OAAO,EAAE,6CAA6C;QACtD,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,kDAAkD;KAChE;IACD;QACE,OAAO,EAAE,wDAAwD;QACjE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,qDAAqD;KACnE;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,kDAAkD;KAChE;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,UAAmB;QAC7B,WAAW,EAAE,gDAAgD;KAC9D;IAED,0CAA0C;IAC1C;QACE,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,QAAiB;QAC3B,WAAW,EAAE,6CAA6C;KAC3D;IACD;QACE,OAAO,EAAE,+CAA+C;QACxD,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAiB;QAC3B,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,yDAAyD;QAClE,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,gDAAgD;KAC9D;IAED,kFAAkF;IAClF;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,KAAc,EAAG,yBAAyB;QACpD,WAAW,EAAE,0CAA0C;KACxD;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,QAAiB,EAAG,uBAAuB;QACrD,WAAW,EAAE,gDAAgD;KAC9D;IACD;QACE,OAAO,EAAE,oBAAoB;QAC7B,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAiB,EAAG,uBAAuB;QACrD,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,uDAAuD;QAChE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,KAAc,EAAG,wDAAwD;QACnF,WAAW,EAAE,uDAAuD;KACrE;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,KAAc,EAAG,yBAAyB;QACpD,WAAW,EAAE,mDAAmD;KACjE;IAED,4EAA4E;IAC5E;QACE,OAAO,EAAE,6CAA6C;QACtD,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,MAAe,EAAG,sBAAsB;QAClD,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,gCAAgC;QACzC,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,MAAe,EAAG,sBAAsB;QAClD,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,kDAAkD;QAC3D,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAe,EAAG,sBAAsB;QAClD,WAAW,EAAE,gCAAgC;KAC9C;IAED,8BAA8B;IAC9B;QACE,OAAO,EAAE,gDAAgD;QACzD,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,QAAiB,EAAG,uBAAuB;QACrD,WAAW,EAAE,4EAA4E;KAC1F;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,KAAc,EAAG,yBAAyB;QACpD,WAAW,EAAE,4DAA4D;KAC1E;CACF,CAAA;AAED,6BAA6B;AAC7B,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,QAAQ,GAA+D,EAAE,CAAA;IAC/E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,IAAI,cAAc,GAAG,KAAK,CAAA;IAC1B,IAAI,iBAAiB,GAAG,CAAC,CAAA;IACzB,IAAI,gBAAgB,GAAG,EAAE,CAAA;IAEzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAE3B,wBAAwB;QACxB,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,cAAc,GAAG,KAAK,CAAA;gBACtB,gBAAgB,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;gBACxD,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,IAAI,EAAE,iBAAiB,GAAG,CAAC;oBAC3B,WAAW,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE;iBAC7C,CAAC,CAAA;gBACF,gBAAgB,GAAG,EAAE,CAAA;YACvB,CAAC;iBAAM,CAAC;gBACN,gBAAgB,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACzD,CAAC;YACD,SAAQ;QACV,CAAC;QAED,yBAAyB;QACzB,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,4BAA4B;gBAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAA;gBAC9C,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAA;YAC5D,CAAC;iBAAM,CAAC;gBACN,cAAc,GAAG,IAAI,CAAA;gBACrB,iBAAiB,GAAG,CAAC,CAAA;gBACrB,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;YAChD,CAAC;YACD,SAAQ;QACV,CAAC;QAED,uBAAuB;QACvB,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;QACzD,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YAC3D,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAA;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAgB,uBAAuB,CACrC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAC3E,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,yEAAyE;gBACzE,MAAM,oBAAoB,GAAG,QAAQ,KAAK,UAAU,CAAA;gBAEpD,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,cAAc,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE;oBAC5C,QAAQ;oBACR,UAAU,EAAE,OAAO,CAAC,IAAI;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ;oBACR,QAAQ,EAAE,YAAY;oBACtB,KAAK,EAAE,IAAI;oBACX,WAAW;oBACX,YAAY,EAAE,4HAA4H;oBAC1I,UAAU,EAAE,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAG,2BAA2B;oBACzG,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,QAAiB;oBACvB,oBAAoB;iBACrB,CAAC,CAAA;gBACF,MAAK,CAAC,sCAAsC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/detect/config/file-flags.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Layer 1: File Extension Red Flags
+ * Detects dangerous files that should not be in a repository
+ */
+import type { Vulnerability } from '../../shared/types';
+import type { ParsedFile } from '../../shared/parsed-file';
+export declare function detectDangerousFiles(content: string, filePath: string, options?: {
+    parsed?: ParsedFile;
+}): Vulnerability[];
+//# sourceMappingURL=file-flags.d.ts.map

package/dist/detect/config/file-flags.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"file-flags.d.ts","sourceRoot":"","sources":["../../../src/detect/config/file-flags.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,oBAAoB,CAAA;AAC9E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAwD1D,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CA6EjB"}

package/dist/detect/config/file-flags.js ADDED Viewed

@@ -0,0 +1,124 @@
+"use strict";
+/**
+ * Layer 1: File Extension Red Flags
+ * Detects dangerous files that should not be in a repository
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectDangerousFiles = detectDangerousFiles;
+const file_classifier_1 = require("../../parse/file-classifier");
+const BASE_CONFIDENCE = 0.60;
+// Dangerous file extensions and names that should not be committed
+const DANGEROUS_FILE_PATTERNS = [
+    // Private keys
+    { pattern: /\.pem$/i, name: 'PEM Private Key', severity: 'critical' },
+    { pattern: /\.key$/i, name: 'Private Key File', severity: 'critical' },
+    { pattern: /\.p12$/i, name: 'PKCS#12 Certificate', severity: 'critical' },
+    { pattern: /\.pfx$/i, name: 'PFX Certificate', severity: 'critical' },
+    { pattern: /\.p8$/i, name: 'PKCS#8 Private Key', severity: 'critical' },
+    // SSH keys
+    { pattern: /id_rsa$/i, name: 'RSA SSH Private Key', severity: 'critical' },
+    { pattern: /id_dsa$/i, name: 'DSA SSH Private Key', severity: 'critical' },
+    { pattern: /id_ecdsa$/i, name: 'ECDSA SSH Private Key', severity: 'critical' },
+    { pattern: /id_ed25519$/i, name: 'Ed25519 SSH Private Key', severity: 'critical' },
+    // Environment files (should be gitignored)
+    { pattern: /^\.env$/i, name: 'Environment File', severity: 'critical' },
+    { pattern: /^\.env\.local$/i, name: 'Local Environment File', severity: 'critical' },
+    { pattern: /^\.env\.production$/i, name: 'Production Environment File', severity: 'critical' },
+    { pattern: /^\.env\.development$/i, name: 'Development Environment File', severity: 'high' },
+    { pattern: /^\.env\.staging$/i, name: 'Staging Environment File', severity: 'high' },
+    // Credential files
+    { pattern: /\.pgpass$/i, name: 'PostgreSQL Password File', severity: 'critical' },
+    { pattern: /\.npmrc$/i, name: 'NPM Configuration (may contain tokens)', severity: 'high' },
+    { pattern: /\.pypirc$/i, name: 'PyPI Configuration (may contain tokens)', severity: 'high' },
+    { pattern: /\.netrc$/i, name: 'Netrc File (contains credentials)', severity: 'critical' },
+    { pattern: /\.htpasswd$/i, name: 'Apache Password File', severity: 'critical' },
+    // Database files
+    { pattern: /\.sqlite$/i, name: 'SQLite Database', severity: 'medium' },
+    { pattern: /\.sqlite3$/i, name: 'SQLite Database', severity: 'medium' },
+    { pattern: /\.db$/i, name: 'Database File', severity: 'medium' },
+    // Backup files that may contain secrets
+    { pattern: /\.bak$/i, name: 'Backup File', severity: 'low' },
+    { pattern: /\.backup$/i, name: 'Backup File', severity: 'low' },
+    { pattern: /\.old$/i, name: 'Old File Backup', severity: 'low' },
+    // Keystore files
+    { pattern: /\.jks$/i, name: 'Java Keystore', severity: 'high' },
+    { pattern: /\.keystore$/i, name: 'Keystore File', severity: 'high' },
+];
+// Files that are okay in certain contexts but should be reviewed
+const CONTEXT_SENSITIVE_PATTERNS = [
+    { pattern: /\.env\.example$/i, name: 'Environment Example File', checkContent: true },
+    { pattern: /\.env\.sample$/i, name: 'Environment Sample File', checkContent: true },
+    { pattern: /\.env\.template$/i, name: 'Environment Template File', checkContent: true },
+];
+function detectDangerousFiles(content, filePath, options) {
+    const vulnerabilities = [];
+    const fileName = filePath.split('/').pop() || '';
+    // Check for dangerous file patterns
+    const inToolingDir = (0, file_classifier_1.isToolingDirectory)(filePath);
+    for (const { pattern, name, severity } of DANGEROUS_FILE_PATTERNS) {
+        if (pattern.test(fileName) || pattern.test(filePath)) {
+            // Downgrade severity to 'info' for files in tooling directories
+            // These are typically build scripts, CLI tools, etc. where certain file patterns are expected
+            const effectiveSeverity = inToolingDir ? 'info' : severity;
+            vulnerabilities.push({
+                id: `file-flag-${filePath}`,
+                filePath,
+                lineNumber: 1,
+                lineContent: `File: ${fileName}`,
+                severity: effectiveSeverity,
+                category: 'dangerous_file',
+                title: `Dangerous file detected: ${name}`,
+                description: inToolingDir
+                    ? `This file type (${name}) is in a tooling/scripts directory and may be expected there. Review to ensure no actual secrets are committed.`
+                    : `This file type (${name}) should not be committed to version control as it may contain sensitive information.`,
+                suggestedFix: 'Add this file to .gitignore and remove it from the repository. If it contains secrets, rotate them immediately.',
+                confidence: inToolingDir ? 'medium' : 'high',
+                baseConfidence: BASE_CONFIDENCE,
+                layer: 1,
+                source: 'config',
+            });
+        }
+    }
+    // Check context-sensitive files for actual secrets
+    for (const { pattern, name, checkContent } of CONTEXT_SENSITIVE_PATTERNS) {
+        if ((pattern.test(fileName) || pattern.test(filePath)) && checkContent) {
+            // Check if the example/sample file contains what looks like real values
+            const suspiciousPatterns = [
+                /[a-zA-Z0-9_]+=sk-[a-zA-Z0-9]{20,}/, // API keys
+                /[a-zA-Z0-9_]+=ghp_[a-zA-Z0-9]{36,}/, // GitHub tokens
+                /[a-zA-Z0-9_]+=eyJ[a-zA-Z0-9_-]+\./, // JWT tokens
+                /password\s*=\s*[^\s$]{8,}/i, // Passwords (not env vars)
+            ];
+            const lines = options?.parsed?.lines ?? content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                // Skip lines that reference environment variables
+                if (line.includes('${') || line.includes('$env:') || line.includes('process.env')) {
+                    continue;
+                }
+                for (const suspicious of suspiciousPatterns) {
+                    if (suspicious.test(line)) {
+                        vulnerabilities.push({
+                            id: `file-flag-content-${filePath}-${i + 1}`,
+                            filePath,
+                            lineNumber: i + 1,
+                            lineContent: line.trim(),
+                            severity: 'high',
+                            category: 'dangerous_file',
+                            title: `${name} may contain real secrets`,
+                            description: 'This example/sample file appears to contain real secret values instead of placeholders.',
+                            suggestedFix: 'Replace real values with placeholders like YOUR_API_KEY_HERE or use environment variable references.',
+                            confidence: 'medium',
+                            baseConfidence: BASE_CONFIDENCE,
+                            layer: 1,
+                            source: 'config',
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    return vulnerabilities;
+}
+//# sourceMappingURL=file-flags.js.map

package/dist/detect/config/file-flags.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"file-flags.js","sourceRoot":"","sources":["../../../src/detect/config/file-flags.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AA2DH,oDAiFC;AAxID,iEAAgE;AAEhE,MAAM,eAAe,GAAG,IAAI,CAAA;AAE5B,mEAAmE;AACnE,MAAM,uBAAuB,GAAG;IAC9B,eAAe;IACf,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC9E,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC/E,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAClF,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC9E,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAEhF,WAAW;IACX,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACnF,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACnF,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACvF,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAE3F,2CAA2C;IAC3C,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAChF,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC7F,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACvG,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,MAAe,EAAE;IACrG,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,MAAe,EAAE;IAE7F,mBAAmB;IACnB,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC1F,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAe,EAAE;IACnG,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,yCAAyC,EAAE,QAAQ,EAAE,MAAe,EAAE;IACrG,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,mCAAmC,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAClG,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAExF,iBAAiB;IACjB,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAC/E,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAChF,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAEzE,wCAAwC;IACxC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAc,EAAE;IACrE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAc,EAAE;IACxE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAc,EAAE;IAEzE,iBAAiB;IACjB,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAe,EAAE;IACxE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAe,EAAE;CAC9E,CAAA;AAED,iEAAiE;AACjE,MAAM,0BAA0B,GAAG;IACjC,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,0BAA0B,EAAE,YAAY,EAAE,IAAI,EAAE;IACrF,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,yBAAyB,EAAE,YAAY,EAAE,IAAI,EAAE;IACnF,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,2BAA2B,EAAE,YAAY,EAAE,IAAI,EAAE;CACxF,CAAA;AAED,SAAgB,oBAAoB,CAClC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAC3C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAA;IAEhD,oCAAoC;IACpC,MAAM,YAAY,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAEjD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,uBAAuB,EAAE,CAAC;QAClE,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,gEAAgE;YAChE,8FAA8F;YAC9F,MAAM,iBAAiB,GAA0B,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAA;YAEjF,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,aAAa,QAAQ,EAAE;gBAC3B,QAAQ;gBACR,UAAU,EAAE,CAAC;gBACb,WAAW,EAAE,SAAS,QAAQ,EAAE;gBAChC,QAAQ,EAAE,iBAAiB;gBAC3B,QAAQ,EAAE,gBAAgB;gBAC1B,KAAK,EAAE,4BAA4B,IAAI,EAAE;gBACzC,WAAW,EAAE,YAAY;oBACvB,CAAC,CAAC,mBAAmB,IAAI,kHAAkH;oBAC3I,CAAC,CAAC,mBAAmB,IAAI,uFAAuF;gBAClH,YAAY,EAAE,iHAAiH;gBAC/H,UAAU,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM;gBAC5C,cAAc,EAAE,eAAe;gBAC/B,KAAK,EAAE,CAAC;gBACR,MAAM,EAAE,QAAiB;aAC1B,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,mDAAmD;IACnD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,0BAA0B,EAAE,CAAC;QACzE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,YAAY,EAAE,CAAC;YACvE,wEAAwE;YACxE,MAAM,kBAAkB,GAAG;gBACzB,mCAAmC,EAAG,WAAW;gBACjD,oCAAoC,EAAE,gBAAgB;gBACtD,mCAAmC,EAAG,aAAa;gBACnD,4BAA4B,EAAW,2BAA2B;aACnE,CAAA;YAED,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;gBACrB,kDAAkD;gBAClD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBAClF,SAAQ;gBACV,CAAC;gBAED,KAAK,MAAM,UAAU,IAAI,kBAAkB,EAAE,CAAC;oBAC5C,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC1B,eAAe,CAAC,IAAI,CAAC;4BACnB,EAAE,EAAE,qBAAqB,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;4BAC5C,QAAQ;4BACR,UAAU,EAAE,CAAC,GAAG,CAAC;4BACjB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,QAAQ,EAAE,MAAM;4BAChB,QAAQ,EAAE,gBAAgB;4BAC1B,KAAK,EAAE,GAAG,IAAI,2BAA2B;4BACzC,WAAW,EAAE,yFAAyF;4BACtG,YAAY,EAAE,sGAAsG;4BACpH,UAAU,EAAE,QAAQ;4BACpB,cAAc,EAAE,eAAe;4BAC/B,KAAK,EAAE,CAAC;4BACd,MAAM,EAAE,QAAiB;yBACpB,CAAC,CAAA;wBACF,MAAK;oBACP,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/detect/config/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export { detectSensitiveURLs, aggregateLocalhostFindings } from './urls';
+export { detectDangerousFiles } from './file-flags';
+export { detectAICommentPatterns } from './comments';
+export { checkPackageAdvisories } from './osv-check';
+export { checkPackages } from './package-check';
+export { detectAgentSkillInjection } from './agent-skill-injection';
+//# sourceMappingURL=index.d.ts.map

package/dist/detect/config/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/detect/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAA;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAA"}

package/dist/detect/config/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectAgentSkillInjection = exports.checkPackages = exports.checkPackageAdvisories = exports.detectAICommentPatterns = exports.detectDangerousFiles = exports.aggregateLocalhostFindings = exports.detectSensitiveURLs = void 0;
+var urls_1 = require("./urls");
+Object.defineProperty(exports, "detectSensitiveURLs", { enumerable: true, get: function () { return urls_1.detectSensitiveURLs; } });
+Object.defineProperty(exports, "aggregateLocalhostFindings", { enumerable: true, get: function () { return urls_1.aggregateLocalhostFindings; } });
+var file_flags_1 = require("./file-flags");
+Object.defineProperty(exports, "detectDangerousFiles", { enumerable: true, get: function () { return file_flags_1.detectDangerousFiles; } });
+var comments_1 = require("./comments");
+Object.defineProperty(exports, "detectAICommentPatterns", { enumerable: true, get: function () { return comments_1.detectAICommentPatterns; } });
+var osv_check_1 = require("./osv-check");
+Object.defineProperty(exports, "checkPackageAdvisories", { enumerable: true, get: function () { return osv_check_1.checkPackageAdvisories; } });
+var package_check_1 = require("./package-check");
+Object.defineProperty(exports, "checkPackages", { enumerable: true, get: function () { return package_check_1.checkPackages; } });
+var agent_skill_injection_1 = require("./agent-skill-injection");
+Object.defineProperty(exports, "detectAgentSkillInjection", { enumerable: true, get: function () { return agent_skill_injection_1.detectAgentSkillInjection; } });
+//# sourceMappingURL=index.js.map

package/dist/detect/config/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/detect/config/index.ts"],"names":[],"mappings":";;;AAAA,+BAAwE;AAA/D,2GAAA,mBAAmB,OAAA;AAAE,kHAAA,0BAA0B,OAAA;AACxD,2CAAmD;AAA1C,kHAAA,oBAAoB,OAAA;AAC7B,uCAAoD;AAA3C,mHAAA,uBAAuB,OAAA;AAChC,yCAAoD;AAA3C,mHAAA,sBAAsB,OAAA;AAC/B,iDAA+C;AAAtC,8GAAA,aAAa,OAAA;AACtB,iEAAmE;AAA1D,kIAAA,yBAAyB,OAAA"}

package/dist/detect/config/osv-check.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Layer 3: OSV/Security Advisory Integration
+ * Checks packages against OSV.dev for known vulnerabilities
+ *
+ * Features:
+ * - Queries OSV.dev API for known malicious/vulnerable packages
+ * - Caches advisories for efficiency
+ * - Supports npm and PyPI ecosystems
+ */
+import type { Vulnerability, VulnerabilitySeverity } from '../../shared/types';
+interface OSVVulnerability {
+    id: string;
+    summary?: string;
+    details?: string;
+    severity?: Array<{
+        type: string;
+        score: string;
+    }>;
+    references?: Array<{
+        type: string;
+        url: string;
+    }>;
+    affected?: Array<{
+        package: {
+            name: string;
+            ecosystem: string;
+        };
+        ranges?: Array<{
+            type: string;
+            events: Array<{
+                introduced?: string;
+                fixed?: string;
+            }>;
+        }>;
+    }>;
+    database_specific?: {
+        malicious?: boolean;
+        severity?: string;
+    };
+}
+interface CachedAdvisory {
+    timestamp: number;
+    advisories: OSVVulnerability[];
+}
+declare const advisoryCache: Map<string, CachedAdvisory>;
+/**
+ * Get cache key for a package
+ */
+declare function getCacheKey(name: string, ecosystem: string): string;
+/**
+ * Query OSV.dev for vulnerabilities affecting a single package
+ */
+declare function queryOSV(packageName: string, ecosystem: 'npm' | 'PyPI', version?: string): Promise<OSVVulnerability[]>;
+/**
+ * Query OSV.dev for multiple packages in batch
+ */
+declare function queryOSVBatch(packages: Array<{
+    name: string;
+    ecosystem: 'npm' | 'PyPI';
+    version?: string;
+}>): Promise<Map<string, OSVVulnerability[]>>;
+/**
+ * Determine severity from OSV vulnerability
+ */
+declare function mapOSVSeverity(vuln: OSVVulnerability): VulnerabilitySeverity;
+/**
+ * Check if vulnerability is for a malicious package
+ */
+declare function isMaliciousPackage(vuln: OSVVulnerability): boolean;
+/**
+ * Check packages in a file for known vulnerabilities via OSV.dev
+ */
+export declare function checkPackageAdvisories(content: string, filePath: string): Promise<Vulnerability[]>;
+export { queryOSV, queryOSVBatch, mapOSVSeverity, isMaliciousPackage, getCacheKey, advisoryCache, };
+//# sourceMappingURL=osv-check.d.ts.map

package/dist/detect/config/osv-check.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"osv-check.d.ts","sourceRoot":"","sources":["../../../src/detect/config/osv-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAA;AAmC9E,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;KACd,CAAC,CAAA;IACF,UAAU,CAAC,EAAE,KAAK,CAAC;QACjB,IAAI,EAAE,MAAM,CAAA;QACZ,GAAG,EAAE,MAAM,CAAA;KACZ,CAAC,CAAA;IACF,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAA;YACZ,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAA;YACZ,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAA;SACvD,CAAC,CAAA;KACH,CAAC,CAAA;IACF,iBAAiB,CAAC,EAAE;QAClB,SAAS,CAAC,EAAE,OAAO,CAAA;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAUD,UAAU,cAAc;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,gBAAgB,EAAE,CAAA;CAC/B;AAMD,QAAA,MAAM,aAAa,6BAAoC,CAAA;AAEvD;;GAEG;AACH,iBAAS,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAE5D;AAoCD;;GAEG;AACH,iBAAe,QAAQ,CACrB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,KAAK,GAAG,MAAM,EACzB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,EAAE,CAAC,CA4C7B;AAED;;GAEG;AACH,iBAAe,aAAa,CAC1B,QAAQ,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,KAAK,GAAG,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,GAC7E,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAgE1C;AAMD;;GAEG;AACH,iBAAS,cAAc,CAAC,IAAI,EAAE,gBAAgB,GAAG,qBAAqB,CA2BrE;AAED;;GAEG;AACH,iBAAS,kBAAkB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAI3D;AAMD;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,EAAE,CAAC,CAkG1B;AAGD,OAAO,EACL,QAAQ,EACR,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,WAAW,EACX,aAAa,GACd,CAAA"}