npm - @oculum/scanner - Versions diffs - 1.0.12 → 1.0.13 - Mend

@oculum/scanner 1.0.12 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (961) hide show

package/dist/detect/ai-code/agent-tools.d.ts +22 -0
package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
package/dist/detect/ai-code/agent-tools.js +1509 -0
package/dist/detect/ai-code/agent-tools.js.map +1 -0
package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
package/dist/detect/ai-code/byok-patterns.js +313 -0
package/dist/detect/ai-code/byok-patterns.js.map +1 -0
package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
package/dist/detect/ai-code/endpoint-protection.js +349 -0
package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
package/dist/detect/ai-code/execution-sinks.js +1158 -0
package/dist/detect/ai-code/execution-sinks.js.map +1 -0
package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
package/dist/detect/ai-code/fingerprinting.js +665 -0
package/dist/detect/ai-code/fingerprinting.js.map +1 -0
package/dist/detect/ai-code/index.d.ts +12 -0
package/dist/detect/ai-code/index.d.ts.map +1 -0
package/dist/detect/ai-code/index.js +26 -0
package/dist/detect/ai-code/index.js.map +1 -0
package/dist/detect/ai-code/mcp-security.d.ts +20 -0
package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
package/dist/detect/ai-code/mcp-security.js +880 -0
package/dist/detect/ai-code/mcp-security.js.map +1 -0
package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
package/dist/detect/ai-code/model-supply-chain.js +447 -0
package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
package/dist/detect/ai-code/package-hallucination.js +841 -0
package/dist/detect/ai-code/package-hallucination.js.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
package/dist/detect/ai-code/rag-safety.d.ts +24 -0
package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
package/dist/detect/ai-code/rag-safety.js +913 -0
package/dist/detect/ai-code/rag-safety.js.map +1 -0
package/dist/detect/ai-code/schema-validation.d.ts +28 -0
package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
package/dist/detect/ai-code/schema-validation.js +378 -0
package/dist/detect/ai-code/schema-validation.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts +27 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
package/dist/detect/config/agent-skill-injection.js +472 -0
package/dist/detect/config/agent-skill-injection.js.map +1 -0
package/dist/detect/config/comments.d.ts +11 -0
package/dist/detect/config/comments.d.ts.map +1 -0
package/dist/detect/config/comments.js +206 -0
package/dist/detect/config/comments.js.map +1 -0
package/dist/detect/config/file-flags.d.ts +10 -0
package/dist/detect/config/file-flags.d.ts.map +1 -0
package/dist/detect/config/file-flags.js +124 -0
package/dist/detect/config/file-flags.js.map +1 -0
package/dist/detect/config/index.d.ts +7 -0
package/dist/detect/config/index.d.ts.map +1 -0
package/dist/detect/config/index.js +17 -0
package/dist/detect/config/index.js.map +1 -0
package/dist/detect/config/osv-check.d.ts +75 -0
package/dist/detect/config/osv-check.d.ts.map +1 -0
package/dist/detect/config/osv-check.js +309 -0
package/dist/detect/config/osv-check.js.map +1 -0
package/dist/detect/config/package-check.d.ts +63 -0
package/dist/detect/config/package-check.d.ts.map +1 -0
package/dist/detect/config/package-check.js +509 -0
package/dist/detect/config/package-check.js.map +1 -0
package/dist/detect/config/urls.d.ts +11 -0
package/dist/detect/config/urls.d.ts.map +1 -0
package/dist/detect/config/urls.js +450 -0
package/dist/detect/config/urls.js.map +1 -0
package/dist/detect/index.d.ts +37 -0
package/dist/detect/index.d.ts.map +1 -0
package/dist/detect/index.js +77 -0
package/dist/detect/index.js.map +1 -0
package/dist/detect/secrets/config-audit.d.ts +11 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-audit.js +315 -0
package/dist/detect/secrets/config-audit.js.map +1 -0
package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-mcp-audit.js +243 -0
package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
package/dist/detect/secrets/entropy.d.ts +11 -0
package/dist/detect/secrets/entropy.d.ts.map +1 -0
package/dist/detect/secrets/entropy.js +751 -0
package/dist/detect/secrets/entropy.js.map +1 -0
package/dist/detect/secrets/index.d.ts +36 -0
package/dist/detect/secrets/index.d.ts.map +1 -0
package/dist/detect/secrets/index.js +174 -0
package/dist/detect/secrets/index.js.map +1 -0
package/dist/detect/secrets/patterns.d.ts +11 -0
package/dist/detect/secrets/patterns.d.ts.map +1 -0
package/dist/detect/secrets/patterns.js +518 -0
package/dist/detect/secrets/patterns.js.map +1 -0
package/dist/detect/secrets/weak-crypto.d.ts +10 -0
package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
package/dist/detect/secrets/weak-crypto.js +432 -0
package/dist/detect/secrets/weak-crypto.js.map +1 -0
package/dist/detect/structural/auth-patterns.d.ts +22 -0
package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
package/dist/detect/structural/auth-patterns.js +533 -0
package/dist/detect/structural/auth-patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/index.js +1193 -0
package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/detect/structural/data-exposure.d.ts +19 -0
package/dist/detect/structural/data-exposure.d.ts.map +1 -0
package/dist/detect/structural/data-exposure.js +262 -0
package/dist/detect/structural/data-exposure.js.map +1 -0
package/dist/detect/structural/framework-checks.d.ts +10 -0
package/dist/detect/structural/framework-checks.d.ts.map +1 -0
package/dist/detect/structural/framework-checks.js +389 -0
package/dist/detect/structural/framework-checks.js.map +1 -0
package/dist/detect/structural/index.d.ts +71 -0
package/dist/detect/structural/index.d.ts.map +1 -0
package/dist/detect/structural/index.js +510 -0
package/dist/detect/structural/index.js.map +1 -0
package/dist/detect/structural/log-injection.d.ts +18 -0
package/dist/detect/structural/log-injection.d.ts.map +1 -0
package/dist/detect/structural/log-injection.js +217 -0
package/dist/detect/structural/log-injection.js.map +1 -0
package/dist/detect/structural/logic-gates.d.ts +10 -0
package/dist/detect/structural/logic-gates.d.ts.map +1 -0
package/dist/detect/structural/logic-gates.js +227 -0
package/dist/detect/structural/logic-gates.js.map +1 -0
package/dist/detect/structural/risky-imports.d.ts +10 -0
package/dist/detect/structural/risky-imports.d.ts.map +1 -0
package/dist/detect/structural/risky-imports.js +168 -0
package/dist/detect/structural/risky-imports.js.map +1 -0
package/dist/detect/structural/security-headers.d.ts +18 -0
package/dist/detect/structural/security-headers.d.ts.map +1 -0
package/dist/detect/structural/security-headers.js +196 -0
package/dist/detect/structural/security-headers.js.map +1 -0
package/dist/detect/structural/ssrf-detection.d.ts +18 -0
package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
package/dist/detect/structural/ssrf-detection.js +263 -0
package/dist/detect/structural/ssrf-detection.js.map +1 -0
package/dist/detect/structural/variables.d.ts +11 -0
package/dist/detect/structural/variables.d.ts.map +1 -0
package/dist/detect/structural/variables.js +159 -0
package/dist/detect/structural/variables.js.map +1 -0
package/dist/detect/structural/xxe-detection.d.ts +18 -0
package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
package/dist/detect/structural/xxe-detection.js +245 -0
package/dist/detect/structural/xxe-detection.js.map +1 -0
package/dist/index.d.ts +17 -64
package/dist/index.d.ts.map +1 -1
package/dist/index.js +49 -1034
package/dist/index.js.map +1 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +1 -8
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +4 -0
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +50 -1
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/log-injection.d.ts +18 -0
package/dist/layer2/log-injection.d.ts.map +1 -0
package/dist/layer2/log-injection.js +214 -0
package/dist/layer2/log-injection.js.map +1 -0
package/dist/layer2/security-headers.d.ts +18 -0
package/dist/layer2/security-headers.d.ts.map +1 -0
package/dist/layer2/security-headers.js +187 -0
package/dist/layer2/security-headers.js.map +1 -0
package/dist/layer2/ssrf-detection.d.ts +18 -0
package/dist/layer2/ssrf-detection.d.ts.map +1 -0
package/dist/layer2/ssrf-detection.js +252 -0
package/dist/layer2/ssrf-detection.js.map +1 -0
package/dist/layer2/xxe-detection.d.ts +18 -0
package/dist/layer2/xxe-detection.d.ts.map +1 -0
package/dist/layer2/xxe-detection.js +242 -0
package/dist/layer2/xxe-detection.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/index.js +3 -1
package/dist/layer3/anthropic/prompts/index.js.map +1 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/validation.js +14 -410
package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.js +6 -3
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/openai.js +6 -3
package/dist/layer3/anthropic/providers/openai.js.map +1 -1
package/dist/layer3/anthropic/request-builder.d.ts +11 -4
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
package/dist/layer3/anthropic/request-builder.js +32 -16
package/dist/layer3/anthropic/request-builder.js.map +1 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +2 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
package/dist/layer3/anthropic/utils/index.js +4 -1
package/dist/layer3/anthropic/utils/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts +56 -0
package/dist/model/auth-helper-detector.d.ts.map +1 -0
package/dist/model/auth-helper-detector.js +360 -0
package/dist/model/auth-helper-detector.js.map +1 -0
package/dist/model/cross-file-taint.d.ts +40 -0
package/dist/model/cross-file-taint.d.ts.map +1 -0
package/dist/model/cross-file-taint.js +290 -0
package/dist/model/cross-file-taint.js.map +1 -0
package/dist/model/framework-models/django.d.ts +9 -0
package/dist/model/framework-models/django.d.ts.map +1 -0
package/dist/model/framework-models/django.js +82 -0
package/dist/model/framework-models/django.js.map +1 -0
package/dist/model/framework-models/express.d.ts +9 -0
package/dist/model/framework-models/express.d.ts.map +1 -0
package/dist/model/framework-models/express.js +52 -0
package/dist/model/framework-models/express.js.map +1 -0
package/dist/model/framework-models/index.d.ts +20 -0
package/dist/model/framework-models/index.d.ts.map +1 -0
package/dist/model/framework-models/index.js +102 -0
package/dist/model/framework-models/index.js.map +1 -0
package/dist/model/framework-models/nextjs.d.ts +9 -0
package/dist/model/framework-models/nextjs.d.ts.map +1 -0
package/dist/model/framework-models/nextjs.js +71 -0
package/dist/model/framework-models/nextjs.js.map +1 -0
package/dist/model/framework-models/prisma.d.ts +10 -0
package/dist/model/framework-models/prisma.d.ts.map +1 -0
package/dist/model/framework-models/prisma.js +54 -0
package/dist/model/framework-models/prisma.js.map +1 -0
package/dist/model/framework-models/react.d.ts +9 -0
package/dist/model/framework-models/react.d.ts.map +1 -0
package/dist/model/framework-models/react.js +67 -0
package/dist/model/framework-models/react.js.map +1 -0
package/dist/model/framework-models/sequelize.d.ts +9 -0
package/dist/model/framework-models/sequelize.d.ts.map +1 -0
package/dist/model/framework-models/sequelize.js +62 -0
package/dist/model/framework-models/sequelize.js.map +1 -0
package/dist/model/framework-models/types.d.ts +43 -0
package/dist/model/framework-models/types.d.ts.map +1 -0
package/dist/model/framework-models/types.js +10 -0
package/dist/model/framework-models/types.js.map +1 -0
package/dist/model/function-classifier.d.ts +32 -0
package/dist/model/function-classifier.d.ts.map +1 -0
package/dist/model/function-classifier.js +143 -0
package/dist/model/function-classifier.js.map +1 -0
package/dist/model/import-resolver.d.ts +45 -0
package/dist/model/import-resolver.d.ts.map +1 -0
package/dist/model/import-resolver.js +410 -0
package/dist/model/import-resolver.js.map +1 -0
package/dist/model/imported-auth-detector.d.ts +38 -0
package/dist/model/imported-auth-detector.d.ts.map +1 -0
package/dist/model/imported-auth-detector.js +199 -0
package/dist/model/imported-auth-detector.js.map +1 -0
package/dist/model/index.d.ts +63 -0
package/dist/model/index.d.ts.map +1 -0
package/dist/model/index.js +272 -0
package/dist/model/index.js.map +1 -0
package/dist/model/middleware-detector.d.ts +55 -0
package/dist/model/middleware-detector.d.ts.map +1 -0
package/dist/model/middleware-detector.js +382 -0
package/dist/model/middleware-detector.js.map +1 -0
package/dist/model/module-graph.d.ts +46 -0
package/dist/model/module-graph.d.ts.map +1 -0
package/dist/model/module-graph.js +187 -0
package/dist/model/module-graph.js.map +1 -0
package/dist/model/oauth-flow-detector.d.ts +41 -0
package/dist/model/oauth-flow-detector.d.ts.map +1 -0
package/dist/model/oauth-flow-detector.js +202 -0
package/dist/model/oauth-flow-detector.js.map +1 -0
package/dist/model/project-context.d.ts +119 -0
package/dist/model/project-context.d.ts.map +1 -0
package/dist/model/project-context.js +534 -0
package/dist/model/project-context.js.map +1 -0
package/dist/model/route-auth-resolver.d.ts +27 -0
package/dist/model/route-auth-resolver.d.ts.map +1 -0
package/dist/model/route-auth-resolver.js +182 -0
package/dist/model/route-auth-resolver.js.map +1 -0
package/dist/model/route-discovery/express.d.ts +25 -0
package/dist/model/route-discovery/express.d.ts.map +1 -0
package/dist/model/route-discovery/express.js +225 -0
package/dist/model/route-discovery/express.js.map +1 -0
package/dist/model/route-discovery/index.d.ts +21 -0
package/dist/model/route-discovery/index.d.ts.map +1 -0
package/dist/model/route-discovery/index.js +67 -0
package/dist/model/route-discovery/index.js.map +1 -0
package/dist/model/route-discovery/nextjs.d.ts +16 -0
package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
package/dist/model/route-discovery/nextjs.js +179 -0
package/dist/model/route-discovery/nextjs.js.map +1 -0
package/dist/model/route-discovery/python.d.ts +16 -0
package/dist/model/route-discovery/python.d.ts.map +1 -0
package/dist/model/route-discovery/python.js +181 -0
package/dist/model/route-discovery/python.js.map +1 -0
package/dist/model/route-discovery/types.d.ts +36 -0
package/dist/model/route-discovery/types.d.ts.map +1 -0
package/dist/model/route-discovery/types.js +16 -0
package/dist/model/route-discovery/types.js.map +1 -0
package/dist/model/route-discovery/utils.d.ts +18 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -0
package/dist/model/route-discovery/utils.js +55 -0
package/dist/model/route-discovery/utils.js.map +1 -0
package/dist/model/route-hierarchy.d.ts +50 -0
package/dist/model/route-hierarchy.d.ts.map +1 -0
package/dist/model/route-hierarchy.js +226 -0
package/dist/model/route-hierarchy.js.map +1 -0
package/dist/model/sanitiser-detection.d.ts +27 -0
package/dist/model/sanitiser-detection.d.ts.map +1 -0
package/dist/model/sanitiser-detection.js +224 -0
package/dist/model/sanitiser-detection.js.map +1 -0
package/dist/model/sink-matcher.d.ts +17 -0
package/dist/model/sink-matcher.d.ts.map +1 -0
package/dist/model/sink-matcher.js +141 -0
package/dist/model/sink-matcher.js.map +1 -0
package/dist/model/sink-patterns.d.ts +19 -0
package/dist/model/sink-patterns.d.ts.map +1 -0
package/dist/model/sink-patterns.js +88 -0
package/dist/model/sink-patterns.js.map +1 -0
package/dist/model/source-discovery.d.ts +15 -0
package/dist/model/source-discovery.d.ts.map +1 -0
package/dist/model/source-discovery.js +170 -0
package/dist/model/source-discovery.js.map +1 -0
package/dist/model/taint-tracker.d.ts +21 -0
package/dist/model/taint-tracker.d.ts.map +1 -0
package/dist/model/taint-tracker.js +281 -0
package/dist/model/taint-tracker.js.map +1 -0
package/dist/model/taint-types.d.ts +74 -0
package/dist/model/taint-types.d.ts.map +1 -0
package/dist/model/taint-types.js +9 -0
package/dist/model/taint-types.js.map +1 -0
package/dist/model/trpc-analyzer.d.ts +78 -0
package/dist/model/trpc-analyzer.d.ts.map +1 -0
package/dist/model/trpc-analyzer.js +297 -0
package/dist/model/trpc-analyzer.js.map +1 -0
package/dist/parse/file-classifier.d.ts +228 -0
package/dist/parse/file-classifier.d.ts.map +1 -0
package/dist/parse/file-classifier.js +933 -0
package/dist/parse/file-classifier.js.map +1 -0
package/dist/parse/path-exclusions.d.ts +55 -0
package/dist/parse/path-exclusions.d.ts.map +1 -0
package/dist/parse/path-exclusions.js +224 -0
package/dist/parse/path-exclusions.js.map +1 -0
package/dist/pipeline/config.d.ts +39 -0
package/dist/pipeline/config.d.ts.map +1 -0
package/dist/pipeline/config.js +46 -0
package/dist/pipeline/config.js.map +1 -0
package/dist/pipeline/index.d.ts +34 -0
package/dist/pipeline/index.d.ts.map +1 -0
package/dist/pipeline/index.js +377 -0
package/dist/pipeline/index.js.map +1 -0
package/dist/pipeline/modes/incremental.d.ts +66 -0
package/dist/pipeline/modes/incremental.d.ts.map +1 -0
package/dist/pipeline/modes/incremental.js +200 -0
package/dist/pipeline/modes/incremental.js.map +1 -0
package/dist/postprocess/aggregation.d.ts +14 -0
package/dist/postprocess/aggregation.d.ts.map +1 -0
package/dist/postprocess/aggregation.js +63 -0
package/dist/postprocess/aggregation.js.map +1 -0
package/dist/postprocess/contradictions.d.ts +18 -0
package/dist/postprocess/contradictions.d.ts.map +1 -0
package/dist/postprocess/contradictions.js +99 -0
package/dist/postprocess/contradictions.js.map +1 -0
package/dist/postprocess/dedup.d.ts +13 -0
package/dist/postprocess/dedup.d.ts.map +1 -0
package/dist/postprocess/dedup.js +58 -0
package/dist/postprocess/dedup.js.map +1 -0
package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
package/dist/postprocess/filtering/context-adjustments.js +100 -0
package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
package/dist/postprocess/filtering/index.d.ts +3 -0
package/dist/postprocess/filtering/index.d.ts.map +1 -0
package/dist/postprocess/filtering/index.js +8 -0
package/dist/postprocess/filtering/index.js.map +1 -0
package/dist/postprocess/filtering/pipeline.d.ts +48 -0
package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
package/dist/postprocess/filtering/pipeline.js +76 -0
package/dist/postprocess/filtering/pipeline.js.map +1 -0
package/dist/postprocess/index.d.ts +41 -0
package/dist/postprocess/index.d.ts.map +1 -0
package/dist/postprocess/index.js +85 -0
package/dist/postprocess/index.js.map +1 -0
package/dist/postprocess/suppression/config-loader.d.ts +74 -0
package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
package/dist/postprocess/suppression/config-loader.js +424 -0
package/dist/postprocess/suppression/config-loader.js.map +1 -0
package/dist/postprocess/suppression/hash.d.ts +48 -0
package/dist/postprocess/suppression/hash.d.ts.map +1 -0
package/dist/postprocess/suppression/hash.js +88 -0
package/dist/postprocess/suppression/hash.js.map +1 -0
package/dist/postprocess/suppression/index.d.ts +11 -0
package/dist/postprocess/suppression/index.d.ts.map +1 -0
package/dist/postprocess/suppression/index.js +39 -0
package/dist/postprocess/suppression/index.js.map +1 -0
package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
package/dist/postprocess/suppression/inline-parser.js +218 -0
package/dist/postprocess/suppression/inline-parser.js.map +1 -0
package/dist/postprocess/suppression/manager.d.ts +94 -0
package/dist/postprocess/suppression/manager.d.ts.map +1 -0
package/dist/postprocess/suppression/manager.js +292 -0
package/dist/postprocess/suppression/manager.js.map +1 -0
package/dist/postprocess/suppression/types.d.ts +151 -0
package/dist/postprocess/suppression/types.d.ts.map +1 -0
package/dist/postprocess/suppression/types.js +28 -0
package/dist/postprocess/suppression/types.js.map +1 -0
package/dist/postprocess/validation-cap.d.ts +17 -0
package/dist/postprocess/validation-cap.d.ts.map +1 -0
package/dist/postprocess/validation-cap.js +64 -0
package/dist/postprocess/validation-cap.js.map +1 -0
package/dist/report/build-result.d.ts +33 -0
package/dist/report/build-result.d.ts.map +1 -0
package/dist/report/build-result.js +59 -0
package/dist/report/build-result.js.map +1 -0
package/dist/report/enrichment.d.ts +19 -0
package/dist/report/enrichment.d.ts.map +1 -0
package/dist/report/enrichment.js +44 -0
package/dist/report/enrichment.js.map +1 -0
package/dist/report/formatters/ai-context.d.ts +23 -0
package/dist/report/formatters/ai-context.d.ts.map +1 -0
package/dist/report/formatters/ai-context.js +238 -0
package/dist/report/formatters/ai-context.js.map +1 -0
package/dist/report/formatters/cli-terminal.d.ts +65 -0
package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
package/dist/report/formatters/cli-terminal.js +735 -0
package/dist/report/formatters/cli-terminal.js.map +1 -0
package/dist/report/formatters/github-comment.d.ts +41 -0
package/dist/report/formatters/github-comment.d.ts.map +1 -0
package/dist/report/formatters/github-comment.js +370 -0
package/dist/report/formatters/github-comment.js.map +1 -0
package/dist/report/formatters/grouping.d.ts +52 -0
package/dist/report/formatters/grouping.d.ts.map +1 -0
package/dist/report/formatters/grouping.js +152 -0
package/dist/report/formatters/grouping.js.map +1 -0
package/dist/report/formatters/ide/claude-code.d.ts +17 -0
package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/report/formatters/ide/claude-code.js +94 -0
package/dist/report/formatters/ide/claude-code.js.map +1 -0
package/dist/report/formatters/ide/cursor.d.ts +13 -0
package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
package/dist/report/formatters/ide/cursor.js +125 -0
package/dist/report/formatters/ide/cursor.js.map +1 -0
package/dist/report/formatters/ide/index.d.ts +62 -0
package/dist/report/formatters/ide/index.d.ts.map +1 -0
package/dist/report/formatters/ide/index.js +184 -0
package/dist/report/formatters/ide/index.js.map +1 -0
package/dist/report/formatters/ide/windsurf.d.ts +13 -0
package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/report/formatters/ide/windsurf.js +117 -0
package/dist/report/formatters/ide/windsurf.js.map +1 -0
package/dist/report/formatters/index.d.ts +11 -0
package/dist/report/formatters/index.d.ts.map +1 -0
package/dist/report/formatters/index.js +54 -0
package/dist/report/formatters/index.js.map +1 -0
package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/report/formatters/vscode-diagnostic.js +151 -0
package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
package/dist/report/summary.d.ts +27 -0
package/dist/report/summary.d.ts.map +1 -0
package/dist/report/summary.js +57 -0
package/dist/report/summary.js.map +1 -0
package/dist/rules/metadata.d.ts.map +1 -1
package/dist/rules/metadata.js +66 -0
package/dist/rules/metadata.js.map +1 -1
package/dist/score/adjustments.d.ts +22 -0
package/dist/score/adjustments.d.ts.map +1 -0
package/dist/score/adjustments.js +373 -0
package/dist/score/adjustments.js.map +1 -0
package/dist/score/auto-dismiss.d.ts +28 -0
package/dist/score/auto-dismiss.d.ts.map +1 -0
package/dist/score/auto-dismiss.js +200 -0
package/dist/score/auto-dismiss.js.map +1 -0
package/dist/score/confidence.d.ts +19 -0
package/dist/score/confidence.d.ts.map +1 -0
package/dist/score/confidence.js +52 -0
package/dist/score/confidence.js.map +1 -0
package/dist/score/index.d.ts +61 -0
package/dist/score/index.d.ts.map +1 -0
package/dist/score/index.js +250 -0
package/dist/score/index.js.map +1 -0
package/dist/score/types.d.ts +160 -0
package/dist/score/types.d.ts.map +1 -0
package/dist/score/types.js +14 -0
package/dist/score/types.js.map +1 -0
package/dist/shared/ai-context/index.d.ts +6 -0
package/dist/shared/ai-context/index.d.ts.map +1 -0
package/dist/shared/ai-context/index.js +13 -0
package/dist/shared/ai-context/index.js.map +1 -0
package/dist/shared/ai-context/manager.d.ts +67 -0
package/dist/shared/ai-context/manager.d.ts.map +1 -0
package/dist/shared/ai-context/manager.js +104 -0
package/dist/shared/ai-context/manager.js.map +1 -0
package/dist/shared/baseline/diff.d.ts +32 -0
package/dist/shared/baseline/diff.d.ts.map +1 -0
package/dist/shared/baseline/diff.js +119 -0
package/dist/shared/baseline/diff.js.map +1 -0
package/dist/shared/baseline/index.d.ts +9 -0
package/dist/shared/baseline/index.d.ts.map +1 -0
package/dist/shared/baseline/index.js +19 -0
package/dist/shared/baseline/index.js.map +1 -0
package/dist/shared/baseline/manager.d.ts +67 -0
package/dist/shared/baseline/manager.d.ts.map +1 -0
package/dist/shared/baseline/manager.js +180 -0
package/dist/shared/baseline/manager.js.map +1 -0
package/dist/shared/baseline/types.d.ts +91 -0
package/dist/shared/baseline/types.d.ts.map +1 -0
package/dist/shared/baseline/types.js +12 -0
package/dist/shared/baseline/types.js.map +1 -0
package/dist/shared/category-filter.d.ts +125 -0
package/dist/shared/category-filter.d.ts.map +1 -0
package/dist/shared/category-filter.js +360 -0
package/dist/shared/category-filter.js.map +1 -0
package/dist/shared/code-analysis.d.ts +39 -0
package/dist/shared/code-analysis.d.ts.map +1 -0
package/dist/shared/code-analysis.js +159 -0
package/dist/shared/code-analysis.js.map +1 -0
package/dist/shared/comment-analyzer.d.ts +38 -0
package/dist/shared/comment-analyzer.d.ts.map +1 -0
package/dist/shared/comment-analyzer.js +218 -0
package/dist/shared/comment-analyzer.js.map +1 -0
package/dist/shared/diff-detector.d.ts +53 -0
package/dist/shared/diff-detector.d.ts.map +1 -0
package/dist/shared/diff-detector.js +104 -0
package/dist/shared/diff-detector.js.map +1 -0
package/dist/shared/diff-parser.d.ts +80 -0
package/dist/shared/diff-parser.d.ts.map +1 -0
package/dist/shared/diff-parser.js +202 -0
package/dist/shared/diff-parser.js.map +1 -0
package/dist/shared/environment-context.d.ts +76 -0
package/dist/shared/environment-context.d.ts.map +1 -0
package/dist/shared/environment-context.js +271 -0
package/dist/shared/environment-context.js.map +1 -0
package/dist/shared/intent-detector.d.ts +66 -0
package/dist/shared/intent-detector.d.ts.map +1 -0
package/dist/shared/intent-detector.js +282 -0
package/dist/shared/intent-detector.js.map +1 -0
package/dist/shared/parsed-file.d.ts +51 -0
package/dist/shared/parsed-file.d.ts.map +1 -0
package/dist/shared/parsed-file.js +95 -0
package/dist/shared/parsed-file.js.map +1 -0
package/dist/shared/registry-clients.d.ts +93 -0
package/dist/shared/registry-clients.d.ts.map +1 -0
package/dist/shared/registry-clients.js +273 -0
package/dist/shared/registry-clients.js.map +1 -0
package/dist/shared/rules/framework-fixes.d.ts +48 -0
package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
package/dist/shared/rules/framework-fixes.js +439 -0
package/dist/shared/rules/framework-fixes.js.map +1 -0
package/dist/shared/rules/index.d.ts +8 -0
package/dist/shared/rules/index.d.ts.map +1 -0
package/dist/shared/rules/index.js +18 -0
package/dist/shared/rules/index.js.map +1 -0
package/dist/shared/rules/metadata.d.ts +43 -0
package/dist/shared/rules/metadata.d.ts.map +1 -0
package/dist/shared/rules/metadata.js +819 -0
package/dist/shared/rules/metadata.js.map +1 -0
package/dist/shared/schema-semantics.d.ts +45 -0
package/dist/shared/schema-semantics.d.ts.map +1 -0
package/dist/shared/schema-semantics.js +193 -0
package/dist/shared/schema-semantics.js.map +1 -0
package/dist/shared/types.d.ts +337 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +126 -0
package/dist/shared/types.js.map +1 -0
package/dist/tiers.d.ts +2 -2
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +10 -0
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/validate/clients.d.ts +44 -0
package/dist/validate/clients.d.ts.map +1 -0
package/dist/validate/clients.js +81 -0
package/dist/validate/clients.js.map +1 -0
package/dist/validate/index.d.ts +41 -0
package/dist/validate/index.d.ts.map +1 -0
package/dist/validate/index.js +141 -0
package/dist/validate/index.js.map +1 -0
package/dist/validate/prompts/index.d.ts +8 -0
package/dist/validate/prompts/index.d.ts.map +1 -0
package/dist/validate/prompts/index.js +16 -0
package/dist/validate/prompts/index.js.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.js +156 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/validate/prompts/modules/auth-access.js +25 -0
package/dist/validate/prompts/modules/auth-access.js.map +1 -0
package/dist/validate/prompts/modules/common.d.ts +11 -0
package/dist/validate/prompts/modules/common.d.ts.map +1 -0
package/dist/validate/prompts/modules/common.js +186 -0
package/dist/validate/prompts/modules/common.js.map +1 -0
package/dist/validate/prompts/modules/index.d.ts +54 -0
package/dist/validate/prompts/modules/index.d.ts.map +1 -0
package/dist/validate/prompts/modules/index.js +186 -0
package/dist/validate/prompts/modules/index.js.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.js +84 -0
package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.js +22 -0
package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/validate/prompts/semantic-analysis.js +169 -0
package/dist/validate/prompts/semantic-analysis.js.map +1 -0
package/dist/validate/prompts/validation.d.ts +18 -0
package/dist/validate/prompts/validation.d.ts.map +1 -0
package/dist/validate/prompts/validation.js +25 -0
package/dist/validate/prompts/validation.js.map +1 -0
package/dist/validate/providers/anthropic.d.ts +17 -0
package/dist/validate/providers/anthropic.d.ts.map +1 -0
package/dist/validate/providers/anthropic.js +260 -0
package/dist/validate/providers/anthropic.js.map +1 -0
package/dist/validate/providers/index.d.ts +8 -0
package/dist/validate/providers/index.d.ts.map +1 -0
package/dist/validate/providers/index.js +13 -0
package/dist/validate/providers/index.js.map +1 -0
package/dist/validate/providers/openai.d.ts +14 -0
package/dist/validate/providers/openai.d.ts.map +1 -0
package/dist/validate/providers/openai.js +336 -0
package/dist/validate/providers/openai.js.map +1 -0
package/dist/validate/request-builder.d.ts +61 -0
package/dist/validate/request-builder.d.ts.map +1 -0
package/dist/validate/request-builder.js +346 -0
package/dist/validate/request-builder.js.map +1 -0
package/dist/validate/types.d.ts +88 -0
package/dist/validate/types.d.ts.map +1 -0
package/dist/validate/types.js +38 -0
package/dist/validate/types.js.map +1 -0
package/dist/validate/utils/context-extractor.d.ts +55 -0
package/dist/validate/utils/context-extractor.d.ts.map +1 -0
package/dist/validate/utils/context-extractor.js +161 -0
package/dist/validate/utils/context-extractor.js.map +1 -0
package/dist/validate/utils/index.d.ts +11 -0
package/dist/validate/utils/index.d.ts.map +1 -0
package/dist/validate/utils/index.js +27 -0
package/dist/validate/utils/index.js.map +1 -0
package/dist/validate/utils/path-helpers.d.ts +21 -0
package/dist/validate/utils/path-helpers.d.ts.map +1 -0
package/dist/validate/utils/path-helpers.js +69 -0
package/dist/validate/utils/path-helpers.js.map +1 -0
package/dist/validate/utils/response-parser.d.ts +40 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -0
package/dist/validate/utils/response-parser.js +286 -0
package/dist/validate/utils/response-parser.js.map +1 -0
package/dist/validate/utils/retry.d.ts +15 -0
package/dist/validate/utils/retry.d.ts.map +1 -0
package/dist/validate/utils/retry.js +62 -0
package/dist/validate/utils/retry.js.map +1 -0
package/package.json +8 -7
package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +15 -0
package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
package/src/__tests__/benchmark/run-depth-validation.ts +3 -3
package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
package/src/__tests__/benchmark/types.ts +1 -1
package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
package/src/__tests__/category-filter.test.ts +2 -2
package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
package/src/__tests__/context-engine/framework-models.test.ts +457 -0
package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
package/src/__tests__/context-engine/integration.test.ts +320 -0
package/src/__tests__/context-engine/module-graph.test.ts +159 -0
package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
package/src/__tests__/regression/known-false-positives.test.ts +312 -4
package/src/__tests__/score/adjustments.test.ts +385 -0
package/src/__tests__/score/confidence.test.ts +283 -0
package/src/__tests__/score/framework-scoring.test.ts +275 -0
package/src/__tests__/score/route-scoring.test.ts +156 -0
package/src/__tests__/score/scoring-integration.test.ts +165 -0
package/src/__tests__/score/taint-adjustments.test.ts +244 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +37 -49
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -3
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +2 -2
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
package/src/__tests__/validate/route-annotations.test.ts +138 -0
package/src/__tests__/validation/analyze-results.ts +1 -1
package/src/__tests__/validation/extract-for-triage.ts +1 -1
package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +23 -3
package/src/{layer2 → detect/ai-code}/byok-patterns.ts +17 -5
package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +8 -4
package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +8 -4
package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +20 -4
package/src/detect/ai-code/index.ts +11 -0
package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +7 -3
package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +7 -3
package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +18 -3
package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +25 -3
package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +7 -3
package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +7 -3
package/src/detect/config/agent-skill-injection.ts +551 -0
package/src/{layer1 → detect/config}/comments.ts +6 -2
package/src/{layer1 → detect/config}/file-flags.ts +9 -3
package/src/detect/config/index.ts +6 -0
package/src/{layer3 → detect/config}/osv-check.ts +3 -2
package/src/{layer3 → detect/config}/package-check.ts +3 -2
package/src/{layer1 → detect/config}/urls.ts +12 -5
package/src/detect/index.ts +131 -0
package/src/{layer1 → detect/secrets}/config-audit.ts +7 -2
package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +8 -3
package/src/{layer1 → detect/secrets}/entropy.ts +23 -11
package/src/{layer1 → detect/secrets}/index.ts +31 -30
package/src/{layer1 → detect/secrets}/patterns.ts +10 -3
package/src/{layer1 → detect/secrets}/weak-crypto.ts +7 -2
package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +23 -11
package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +1 -1
package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +47 -24
package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +2 -2
package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +1 -1
package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/utils/control-flow.ts +2 -2
package/src/{layer2 → detect/structural}/data-exposure.ts +11 -3
package/src/{layer2 → detect/structural}/framework-checks.ts +10 -11
package/src/{layer2 → detect/structural}/index.ts +80 -77
package/src/detect/structural/log-injection.ts +254 -0
package/src/{layer2 → detect/structural}/logic-gates.ts +13 -5
package/src/{layer2 → detect/structural}/risky-imports.ts +7 -3
package/src/detect/structural/security-headers.ts +231 -0
package/src/detect/structural/ssrf-detection.ts +300 -0
package/src/{layer2 → detect/structural}/variables.ts +7 -3
package/src/detect/structural/xxe-detection.ts +295 -0
package/src/index.ts +39 -1291
package/src/{utils → model}/auth-helper-detector.ts +1 -1
package/src/model/cross-file-taint.ts +374 -0
package/src/model/framework-models/django.ts +82 -0
package/src/model/framework-models/express.ts +54 -0
package/src/model/framework-models/index.ts +116 -0
package/src/model/framework-models/nextjs.ts +69 -0
package/src/model/framework-models/prisma.ts +57 -0
package/src/model/framework-models/react.ts +63 -0
package/src/model/framework-models/sequelize.ts +63 -0
package/src/model/framework-models/types.ts +46 -0
package/src/model/function-classifier.ts +184 -0
package/src/model/import-resolver.ts +453 -0
package/src/{utils → model}/imported-auth-detector.ts +21 -85
package/src/model/index.ts +353 -0
package/src/{utils → model}/middleware-detector.ts +156 -17
package/src/model/module-graph.ts +254 -0
package/src/{utils → model}/oauth-flow-detector.ts +1 -1
package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
package/src/model/route-auth-resolver.ts +216 -0
package/src/model/route-discovery/express.ts +251 -0
package/src/model/route-discovery/index.ts +83 -0
package/src/model/route-discovery/nextjs.ts +216 -0
package/src/model/route-discovery/python.ts +214 -0
package/src/model/route-discovery/types.ts +48 -0
package/src/model/route-discovery/utils.ts +54 -0
package/src/model/sanitiser-detection.ts +268 -0
package/src/model/sink-matcher.ts +178 -0
package/src/model/sink-patterns.ts +109 -0
package/src/model/source-discovery.ts +209 -0
package/src/model/taint-tracker.ts +333 -0
package/src/model/taint-types.ts +149 -0
package/src/{utils → model}/trpc-analyzer.ts +1 -1
package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +54 -0
package/src/{utils → parse}/path-exclusions.ts +1 -1
package/src/pipeline/config.ts +81 -0
package/src/pipeline/index.ts +437 -0
package/src/{modes → pipeline/modes}/incremental.ts +5 -5
package/src/postprocess/aggregation.ts +74 -0
package/src/postprocess/contradictions.ts +128 -0
package/src/postprocess/dedup.ts +62 -0
package/src/{filtering → postprocess/filtering}/__tests__/pipeline.test.ts +1 -1
package/src/{filtering → postprocess/filtering}/context-adjustments.ts +2 -2
package/src/{filtering → postprocess/filtering}/pipeline.ts +2 -2
package/src/postprocess/index.ts +118 -0
package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
package/src/{suppression → postprocess/suppression}/types.ts +2 -2
package/src/postprocess/validation-cap.ts +66 -0
package/src/report/build-result.ts +94 -0
package/src/report/enrichment.ts +52 -0
package/src/{formatters → report/formatters}/ai-context.ts +1 -1
package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
package/src/{formatters → report/formatters}/github-comment.ts +1 -1
package/src/{formatters → report/formatters}/grouping.ts +8 -8
package/src/{formatters → report/formatters}/ide/claude-code.ts +1 -1
package/src/{formatters → report/formatters}/ide/cursor.ts +1 -1
package/src/{formatters → report/formatters}/ide/windsurf.ts +1 -1
package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
package/src/report/summary.ts +70 -0
package/src/score/adjustments.ts +387 -0
package/src/{layer3/anthropic → score}/auto-dismiss.ts +15 -14
package/src/score/confidence.ts +66 -0
package/src/score/index.ts +316 -0
package/src/score/types.ts +187 -0
package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
package/src/{baseline → shared/baseline}/diff.ts +1 -1
package/src/{baseline → shared/baseline}/manager.ts +1 -1
package/src/{category-filter.ts → shared/category-filter.ts} +1 -1
package/src/{utils → shared}/code-analysis.ts +1 -1
package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
package/src/{rules → shared/rules}/metadata.ts +94 -0
package/src/{types.ts → shared/types.ts} +22 -5
package/src/tiers.ts +18 -1
package/src/validate/__tests__/context-extractor.test.ts +191 -0
package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
package/src/validate/__tests__/request-builder.test.ts +347 -0
package/src/{layer3/anthropic → validate}/index.ts +8 -7
package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
package/src/validate/prompts/modules/ai-patterns.ts +153 -0
package/src/validate/prompts/modules/auth-access.ts +22 -0
package/src/validate/prompts/modules/common.ts +183 -0
package/src/validate/prompts/modules/index.ts +204 -0
package/src/validate/prompts/modules/owasp-classic.ts +81 -0
package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
package/src/validate/prompts/modules/xss-prompt.ts +19 -0
package/src/validate/prompts/validation.ts +20 -0
package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
package/src/validate/providers/index.ts +8 -0
package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
package/src/validate/request-builder.ts +448 -0
package/src/{layer3/anthropic → validate}/types.ts +1 -1
package/src/validate/utils/context-extractor.ts +220 -0
package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
package/src/layer3/anthropic/prompts/validation.ts +0 -419
package/src/layer3/anthropic/providers/index.ts +0 -8
package/src/layer3/anthropic/request-builder.ts +0 -150
package/src/layer3/index.ts +0 -168
/package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
/package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +0 -0
/package/src/{utils → model}/route-hierarchy.ts +0 -0
/package/src/{filtering → postprocess/filtering}/index.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/index.ts +0 -0
/package/src/{formatters → report/formatters}/__tests__/ai-context.test.ts +0 -0
/package/src/{formatters → report/formatters}/ide/__tests__/ide.test.ts +0 -0
/package/src/{formatters → report/formatters}/ide/index.ts +0 -0
/package/src/{formatters → report/formatters}/index.ts +0 -0
/package/src/{utils → shared}/__tests__/code-analysis.test.ts +0 -0
/package/src/{utils → shared}/__tests__/parsed-file.test.ts +0 -0
/package/src/{ai-context → shared/ai-context}/__tests__/manager.test.ts +0 -0
/package/src/{ai-context → shared/ai-context}/index.ts +0 -0
/package/src/{ai-context → shared/ai-context}/manager.ts +0 -0
/package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +0 -0
/package/src/{baseline → shared/baseline}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/types.ts +0 -0
/package/src/{utils → shared}/comment-analyzer.ts +0 -0
/package/src/{utils → shared}/diff-detector.ts +0 -0
/package/src/{utils → shared}/diff-parser.ts +0 -0
/package/src/{utils → shared}/environment-context.ts +0 -0
/package/src/{utils → shared}/intent-detector.ts +0 -0
/package/src/{utils → shared}/parsed-file.ts +0 -0
/package/src/{utils → shared}/registry-clients.ts +0 -0
/package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
/package/src/{rules → shared/rules}/index.ts +0 -0
/package/src/{utils → shared}/schema-semantics.ts +0 -0
/package/src/{layer3/anthropic → validate}/clients.ts +0 -0
/package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0

package/dist/report/formatters/cli-terminal.js ADDED Viewed

@@ -0,0 +1,735 @@
+"use strict";
+/**
+ * CLI Terminal Formatter
+ * Formats scan results with ANSI colors for terminal output
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatTerminalOutput = formatTerminalOutput;
+exports.formatCompactSummary = formatCompactSummary;
+exports.getNumberedFindings = getNumberedFindings;
+exports.formatFindingDetail = formatFindingDetail;
+exports.formatSimpleList = formatSimpleList;
+exports.formatJSON = formatJSON;
+exports.formatSARIF = formatSARIF;
+const grouping_1 = require("./grouping");
+const hash_1 = require("../../postprocess/suppression/hash");
+/**
+ * ANSI color codes
+ */
+const colors = {
+    reset: '\x1b[0m',
+    bold: '\x1b[1m',
+    dim: '\x1b[2m',
+    underline: '\x1b[4m',
+    // Foreground colors
+    red: '\x1b[31m',
+    green: '\x1b[32m',
+    yellow: '\x1b[33m',
+    blue: '\x1b[34m',
+    magenta: '\x1b[35m',
+    cyan: '\x1b[36m',
+    white: '\x1b[37m',
+    gray: '\x1b[90m',
+    // Background colors
+    bgRed: '\x1b[41m',
+    bgYellow: '\x1b[43m',
+    bgBlue: '\x1b[44m',
+};
+/**
+ * Severity colors and symbols
+ */
+const SEVERITY_STYLE = {
+    critical: { color: colors.bgRed + colors.white, symbol: '●', label: 'CRITICAL' },
+    high: { color: colors.red, symbol: '●', label: 'HIGH' },
+    medium: { color: colors.yellow, symbol: '●', label: 'MEDIUM' },
+    low: { color: colors.blue, symbol: '○', label: 'LOW' },
+    info: { color: colors.gray, symbol: '○', label: 'INFO' },
+};
+/**
+ * Format colored text
+ */
+function c(color, text) {
+    return `${color}${text}${colors.reset}`;
+}
+/**
+ * Format severity badge
+ */
+function severityBadge(severity) {
+    const style = SEVERITY_STYLE[severity];
+    return c(style.color, `${style.symbol} ${style.label}`);
+}
+/**
+ * Format a single finding for terminal
+ * Default: Actionable output with impact, code, and fix steps
+ * Compact: Severity + title + location only
+ * Verbose: All of the above plus references and validation notes
+ */
+function formatFinding(finding, options = {}) {
+    const { indent = '  ', compact = false, verbose = false } = options;
+    const badge = severityBadge(finding.severity);
+    const location = c(colors.cyan, `${finding.filePath}:${finding.lineNumber}`);
+    const hash = (0, hash_1.computeFindingHash)(finding);
+    // Compact mode: just severity, title, and location
+    if (compact) {
+        return `${indent}${badge} ${c(colors.bold, finding.title)}  ${location}\n`;
+    }
+    // Default actionable output
+    let output = `${indent}${badge} ${c(colors.bold, finding.title)}\n`;
+    output += `${indent}   ${location}\n`;
+    output += '\n';
+    // Impact (why this matters) - shown by default
+    if (finding.impact) {
+        output += `${indent}   ${c(colors.yellow + colors.bold, 'Impact:')} ${finding.impact}\n`;
+        output += '\n';
+    }
+    // Code snippet
+    if (finding.lineContent && finding.lineContent.trim()) {
+        output += `${indent}   ${c(colors.dim, 'Code:')} ${c(colors.white, finding.lineContent.trim().substring(0, 80))}${finding.lineContent.trim().length > 80 ? '...' : ''}\n`;
+        output += '\n';
+    }
+    // Fix steps - shown by default (numbered list)
+    if (finding.fixSteps && finding.fixSteps.length > 0) {
+        output += `${indent}   ${c(colors.green + colors.bold, 'Fix:')}\n`;
+        finding.fixSteps.forEach((step, i) => {
+            output += `${indent}   ${c(colors.green, `${i + 1}. ${step}`)}\n`;
+        });
+        output += '\n';
+    }
+    else if (finding.suggestedFix) {
+        // Fallback to legacy suggestedFix field
+        output += `${indent}   ${c(colors.green, finding.suggestedFix)}\n`;
+        output += '\n';
+    }
+    // Verbose mode: show additional details
+    if (verbose) {
+        // Description
+        output += `${indent}   ${c(colors.dim, finding.description)}\n`;
+        // References (OWASP/CWE links)
+        if (finding.references && finding.references.length > 0) {
+            output += `${indent}   ${c(colors.blue, 'References:')}\n`;
+            finding.references.forEach(ref => {
+                output += `${indent}   ${c(colors.blue, `  • ${ref}`)}\n`;
+            });
+        }
+        // Validation notes (if AI validated)
+        if (finding.validationNotes) {
+            output += `${indent}   ${c(colors.dim, `[AI] ${finding.validationNotes}`)}\n`;
+        }
+        // AI enhanced indicator
+        if (finding.aiEnhanced) {
+            output += `${indent}   ${c(colors.magenta, '[AI] Enhanced fix suggestion')}\n`;
+        }
+    }
+    // Suppress command - always shown
+    output += `${indent}   ${c(colors.dim, `Suppress: oculum ignore ${hash} --file "${finding.filePath}:${finding.lineNumber}" --reason "..."`)}\n`;
+    return output;
+}
+/**
+ * Format a group of findings
+ */
+function formatGroup(group, options = {}) {
+    const { maxFindings = 10, compact = false, verbose = false } = options;
+    const { theme, themeName, findings, severityCounts } = group;
+    const config = grouping_1.THEME_CONFIG[theme];
+    // Count summary
+    const counts = [];
+    if (severityCounts.critical > 0)
+        counts.push(c(colors.red, `${severityCounts.critical} critical`));
+    if (severityCounts.high > 0)
+        counts.push(c(colors.red, `${severityCounts.high} high`));
+    if (severityCounts.medium > 0)
+        counts.push(c(colors.yellow, `${severityCounts.medium} medium`));
+    if (severityCounts.low > 0)
+        counts.push(c(colors.blue, `${severityCounts.low} low`));
+    if (severityCounts.info > 0)
+        counts.push(c(colors.gray, `${severityCounts.info} info`));
+    let output = `\n${c(colors.bold, `${config.icon} ${themeName}`)} (${counts.join(', ')})\n`;
+    output += c(colors.dim, '─'.repeat(60)) + '\n';
+    // Show findings
+    const shown = findings.slice(0, maxFindings);
+    for (const finding of shown) {
+        output += formatFinding(finding, { compact, verbose }) + '\n';
+    }
+    // Truncation notice
+    if (findings.length > maxFindings) {
+        output += c(colors.dim, `  ... and ${findings.length - maxFindings} more\n`);
+    }
+    return output;
+}
+/**
+ * Format baseline diff summary
+ */
+function formatDiffSummary(baselineDiff) {
+    let output = '';
+    output += c(colors.bold, 'Baseline Comparison') + '\n';
+    output += c(colors.dim, '─'.repeat(40)) + '\n';
+    output += `  + ${c(colors.yellow, `${baselineDiff.newCount} new`)} findings\n`;
+    output += `  - ${c(colors.green, `${baselineDiff.fixedCount} fixed`)} since baseline\n`;
+    output += `  = ${c(colors.dim, `${baselineDiff.existingCount} existing`)} (in baseline)\n`;
+    output += '\n';
+    // Format baseline date
+    const baselineDate = new Date(baselineDiff.baselineCreatedAt);
+    const dateStr = baselineDate.toLocaleDateString('en-US', {
+        year: 'numeric',
+        month: 'short',
+        day: 'numeric',
+    });
+    const commitStr = baselineDiff.baselineCommit ? ` (${baselineDiff.baselineCommit})` : '';
+    output += c(colors.dim, `Baseline from ${dateStr}${commitStr}`) + '\n\n';
+    return output;
+}
+/**
+ * Format full scan result for terminal
+ */
+function formatTerminalOutput(result, options = {}) {
+    const { maxFindingsPerGroup = 10, showAllFindings = false, compact = false, verbose = false, } = options;
+    const { vulnerabilities, severityCounts, hasBlockingIssues, filesScanned, scanDuration, baselineDiff } = result;
+    let output = '\n';
+    // Header
+    output += c(colors.bold, '═'.repeat(60)) + '\n';
+    output += c(colors.bold, '  OCULUM SECURITY SCAN RESULTS') + '\n';
+    output += c(colors.bold, '═'.repeat(60)) + '\n\n';
+    // Baseline diff summary (if present)
+    if (baselineDiff) {
+        output += formatDiffSummary(baselineDiff);
+    }
+    // Status
+    if (hasBlockingIssues) {
+        const blocking = severityCounts.critical + severityCounts.high;
+        output += c(colors.bgRed + colors.white + colors.bold, ` ! ${blocking} BLOCKING ISSUES FOUND `) + '\n\n';
+    }
+    else if (vulnerabilities.length > 0) {
+        output += c(colors.yellow, `${vulnerabilities.length} issues found (no blocking issues)`) + '\n\n';
+    }
+    else {
+        output += c(colors.green, 'No security issues found!') + '\n\n';
+        output += c(colors.dim, `Scanned ${filesScanned} files in ${(scanDuration / 1000).toFixed(1)}s`) + '\n';
+        return output;
+    }
+    // Summary counts
+    output += c(colors.bold, 'Summary:') + '\n';
+    if (severityCounts.critical > 0)
+        output += `  ${severityBadge('critical')}  ${severityCounts.critical}\n`;
+    if (severityCounts.high > 0)
+        output += `  ${severityBadge('high')}      ${severityCounts.high}\n`;
+    if (severityCounts.medium > 0)
+        output += `  ${severityBadge('medium')}    ${severityCounts.medium}\n`;
+    if (severityCounts.low > 0)
+        output += `  ${severityBadge('low')}       ${severityCounts.low}\n`;
+    if (severityCounts.info > 0)
+        output += `  ${severityBadge('info')}      ${severityCounts.info}\n`;
+    output += '\n';
+    // Blocking issues first
+    const blockingIssues = (0, grouping_1.getBlockingIssues)(vulnerabilities);
+    if (blockingIssues.length > 0) {
+        output += c(colors.bgRed + colors.white + colors.bold, ' BLOCKING ISSUES ') + '\n';
+        output += c(colors.red, 'These must be fixed before merging:') + '\n\n';
+        for (const finding of blockingIssues.slice(0, 10)) {
+            output += formatFinding(finding, { compact, verbose });
+            output += '\n';
+        }
+        if (blockingIssues.length > 10) {
+            output += c(colors.dim, `  ... and ${blockingIssues.length - 10} more blocking issues\n`);
+        }
+        output += '\n';
+    }
+    // Grouped findings
+    const grouped = (0, grouping_1.groupByTheme)(vulnerabilities);
+    output += c(colors.bold, '─'.repeat(60)) + '\n';
+    output += c(colors.bold, 'ALL FINDINGS BY CATEGORY') + '\n';
+    for (const group of grouped) {
+        // Skip if only showing non-blocking and all are blocking
+        if (!showAllFindings) {
+            const nonBlocking = group.findings.filter(f => f.severity !== 'critical' && f.severity !== 'high');
+            if (nonBlocking.length === 0 && blockingIssues.length > 0)
+                continue;
+        }
+        output += formatGroup(group, { maxFindings: maxFindingsPerGroup, compact, verbose });
+    }
+    // Suppressed findings section (if any)
+    if (result.suppressedVulnerabilities && result.suppressedVulnerabilities.length > 0) {
+        output += '\n' + c(colors.dim, '─'.repeat(60)) + '\n';
+        output += c(colors.dim + colors.bold, 'SUPPRESSED FINDINGS') + '\n';
+        output += c(colors.dim, `${result.suppressedVulnerabilities.length} findings suppressed`) + '\n\n';
+        for (const suppressed of result.suppressedVulnerabilities.slice(0, 5)) {
+            const typeLabel = suppressed.suppressionType === 'inline' ? 'inline'
+                : suppressed.suppressionType === 'config-finding' ? 'config'
+                    : 'rule';
+            output += c(colors.dim, `  ${suppressed.hash.slice(0, 8)} ${suppressed.filePath}:${suppressed.lineNumber}`) + '\n';
+            output += c(colors.dim, `    ${suppressed.title}`) + '\n';
+            output += c(colors.dim, `    [${typeLabel}] ${suppressed.suppressionReason}`) + '\n';
+            if (suppressed.expires) {
+                output += c(colors.dim, `    Expires: ${suppressed.expires}`) + '\n';
+            }
+            output += '\n';
+        }
+        if (result.suppressedVulnerabilities.length > 5) {
+            output += c(colors.dim, `  ... and ${result.suppressedVulnerabilities.length - 5} more suppressed\n`);
+        }
+    }
+    // Suppression stats (if any)
+    if (result.suppressionStats && (result.suppressionStats.inlineSuppressed > 0 ||
+        result.suppressionStats.configFindingSuppressed > 0 ||
+        result.suppressionStats.configRuleSuppressed > 0)) {
+        const stats = result.suppressionStats;
+        const parts = [];
+        if (stats.inlineSuppressed > 0)
+            parts.push(`${stats.inlineSuppressed} inline`);
+        if (stats.configFindingSuppressed > 0)
+            parts.push(`${stats.configFindingSuppressed} config`);
+        if (stats.configRuleSuppressed > 0)
+            parts.push(`${stats.configRuleSuppressed} rule`);
+        if (stats.expired > 0)
+            parts.push(`${stats.expired} expired`);
+        if (!result.suppressedVulnerabilities) {
+            output += '\n' + c(colors.dim, `Suppressed: ${parts.join(', ')}`) + '\n';
+        }
+    }
+    // Footer
+    output += '\n' + c(colors.dim, '─'.repeat(60)) + '\n';
+    output += c(colors.dim, `Scanned ${filesScanned} files in ${(scanDuration / 1000).toFixed(1)}s`) + '\n';
+    return output;
+}
+/**
+ * Format compact summary grouped by severity
+ * Output format:
+ *   HIGH (2)
+ *      1. SQL injection in src/api/users.ts:42
+ *      2. Missing auth in src/api/admin.ts:15
+ */
+function formatCompactSummary(vulnerabilities, options = {}) {
+    const { showNumbers = true, maxPerSeverity = 5, showHint = true, noColor = false, } = options;
+    if (vulnerabilities.length === 0) {
+        return noColor
+            ? 'No security issues found.'
+            : c(colors.green, 'No security issues found.');
+    }
+    // Group by severity
+    const bySeverity = {
+        critical: [],
+        high: [],
+        medium: [],
+        low: [],
+        info: [],
+    };
+    for (const v of vulnerabilities) {
+        bySeverity[v.severity].push(v);
+    }
+    // Build output
+    let output = '';
+    let globalIndex = 1;
+    const severityOrder = ['critical', 'high', 'medium', 'low', 'info'];
+    const severityColors = {
+        critical: colors.bgRed + colors.white,
+        high: colors.red,
+        medium: colors.yellow,
+        low: colors.blue,
+        info: colors.gray,
+    };
+    for (const severity of severityOrder) {
+        const findings = bySeverity[severity];
+        if (findings.length === 0)
+            continue;
+        // Severity header
+        const label = severity.toUpperCase();
+        const header = noColor
+            ? `${label} (${findings.length})`
+            : c(severityColors[severity] + colors.bold, `${label} (${findings.length})`);
+        output += `\n  ${header}\n`;
+        // Show findings
+        const shown = findings.slice(0, maxPerSeverity);
+        for (const finding of shown) {
+            const num = showNumbers ? `${globalIndex}. ` : '';
+            const location = noColor
+                ? `${finding.filePath}:${finding.lineNumber}`
+                : c(colors.cyan, `${finding.filePath}:${finding.lineNumber}`);
+            output += noColor
+                ? `     ${num}${finding.title} in ${location}\n`
+                : `     ${c(colors.dim, num)}${finding.title} ${c(colors.dim, 'in')} ${location}\n`;
+            globalIndex++;
+        }
+        // Show truncation notice
+        if (findings.length > maxPerSeverity) {
+            const more = findings.length - maxPerSeverity;
+            const truncated = noColor
+                ? `     ... and ${more} more\n`
+                : c(colors.dim, `     ... and ${more} more\n`);
+            output += truncated;
+            globalIndex += more; // Increment for hidden findings
+        }
+    }
+    // Hint at bottom
+    if (showHint && vulnerabilities.length > 0) {
+        output += '\n';
+        output += noColor
+            ? "Run 'oculum show 1' for details · 'oculum fix' for suggestions\n"
+            : c(colors.dim, "Run 'oculum show 1' for details · 'oculum fix' for suggestions\n");
+    }
+    return output;
+}
+/**
+ * Format a numbered finding list for the show command
+ * Returns findings with their numbers for reference
+ */
+function getNumberedFindings(vulnerabilities) {
+    return vulnerabilities.map((finding, index) => ({
+        number: index + 1,
+        finding,
+    }));
+}
+/**
+ * Format a single finding detail view for the show command
+ */
+function formatFindingDetail(finding, number, options = {}) {
+    const { verbose = false, noColor = false } = options;
+    let output = '';
+    // Header
+    const badge = noColor
+        ? `[${finding.severity.toUpperCase()}]`
+        : severityBadge(finding.severity);
+    const title = noColor ? finding.title : c(colors.bold, finding.title);
+    output += `\n#${number} ${badge} ${title}\n`;
+    // Location
+    const location = noColor
+        ? finding.filePath + ':' + finding.lineNumber
+        : c(colors.cyan, `${finding.filePath}:${finding.lineNumber}`);
+    output += `   ${location}\n`;
+    output += '\n';
+    // Impact
+    if (finding.impact) {
+        const impactLabel = noColor ? 'Impact:' : c(colors.yellow + colors.bold, 'Impact:');
+        output += `   ${impactLabel} ${finding.impact}\n`;
+        output += '\n';
+    }
+    // Code snippet
+    if (finding.lineContent && finding.lineContent.trim()) {
+        const codeLabel = noColor ? 'Code:' : c(colors.dim, 'Code:');
+        const code = finding.lineContent.trim().substring(0, 100);
+        const codeText = noColor ? code : c(colors.white, code);
+        output += `   ${codeLabel} ${codeText}${finding.lineContent.trim().length > 100 ? '...' : ''}\n`;
+        output += '\n';
+    }
+    // Description
+    output += noColor
+        ? `   ${finding.description}\n`
+        : `   ${c(colors.dim, finding.description)}\n`;
+    output += '\n';
+    // Fix steps
+    if (finding.fixSteps && finding.fixSteps.length > 0) {
+        const fixLabel = noColor ? 'How to fix:' : c(colors.green + colors.bold, 'How to fix:');
+        output += `   ${fixLabel}\n`;
+        finding.fixSteps.forEach((step, i) => {
+            const stepText = noColor ? `${i + 1}. ${step}` : c(colors.green, `${i + 1}. ${step}`);
+            output += `   ${stepText}\n`;
+        });
+        output += '\n';
+    }
+    else if (finding.suggestedFix) {
+        const fixLabel = noColor ? 'Suggested fix:' : c(colors.green + colors.bold, 'Suggested fix:');
+        output += `   ${fixLabel} ${finding.suggestedFix}\n`;
+        output += '\n';
+    }
+    // Verbose mode: additional details
+    if (verbose) {
+        // References
+        if (finding.references && finding.references.length > 0) {
+            const refLabel = noColor ? 'References:' : c(colors.blue, 'References:');
+            output += `   ${refLabel}\n`;
+            finding.references.forEach(ref => {
+                output += noColor
+                    ? `   - ${ref}\n`
+                    : `   ${c(colors.blue, `- ${ref}`)}\n`;
+            });
+            output += '\n';
+        }
+        // Validation notes
+        if (finding.validationNotes) {
+            const notesLabel = noColor ? '[AI]' : c(colors.magenta, '[AI]');
+            output += `   ${notesLabel} ${finding.validationNotes}\n`;
+            output += '\n';
+        }
+        // Category and confidence
+        output += noColor
+            ? `   Category: ${finding.category} · Confidence: ${finding.confidence || 'medium'} · Layer: ${finding.layer}\n`
+            : c(colors.dim, `   Category: ${finding.category} · Confidence: ${finding.confidence || 'medium'} · Layer: ${finding.layer}\n`);
+    }
+    return output;
+}
+/**
+ * Format as simple list (no grouping, no colors)
+ */
+function formatSimpleList(vulnerabilities) {
+    let output = '';
+    for (const finding of vulnerabilities) {
+        const severity = finding.severity.toUpperCase().padEnd(8);
+        output += `[${severity}] ${finding.filePath}:${finding.lineNumber} - ${finding.title}\n`;
+    }
+    return output;
+}
+/**
+ * Format as JSON (for piping to other tools)
+ */
+function formatJSON(result, pretty = false) {
+    if (pretty) {
+        return JSON.stringify(result, null, 2);
+    }
+    return JSON.stringify(result);
+}
+/**
+ * Rule metadata for SARIF output
+ */
+const RULE_METADATA = {
+    hardcoded_secret: {
+        name: 'Hardcoded Secret',
+        description: 'Sensitive credentials or API keys hardcoded in source code. These can be extracted from version control history or compiled binaries.',
+        helpUri: 'https://oculum.dev/docs/rules/hardcoded-secrets',
+        tags: ['security', 'secrets', 'credentials'],
+    },
+    high_entropy_string: {
+        name: 'High Entropy String',
+        description: 'A high-entropy string that may be a secret or API key. Review to ensure it is not sensitive data.',
+        helpUri: 'https://oculum.dev/docs/rules/high-entropy',
+        tags: ['security', 'secrets'],
+    },
+    ai_prompt_injection: {
+        name: 'AI Prompt Injection',
+        description: 'User input is included in AI prompts without proper sanitization, potentially allowing prompt injection attacks.',
+        helpUri: 'https://oculum.dev/docs/rules/prompt-injection',
+        tags: ['security', 'ai', 'injection'],
+    },
+    ai_unsafe_execution: {
+        name: 'AI Unsafe Execution',
+        description: 'AI-generated content is used in code execution, SQL queries, or other dangerous sinks without validation.',
+        helpUri: 'https://oculum.dev/docs/rules/unsafe-execution',
+        tags: ['security', 'ai', 'injection'],
+    },
+    ai_overpermissive_tool: {
+        name: 'AI Overpermissive Tool',
+        description: 'AI agent tool has excessive permissions without proper restrictions or sandboxing.',
+        helpUri: 'https://oculum.dev/docs/rules/overpermissive-tools',
+        tags: ['security', 'ai', 'authorization'],
+    },
+    ai_rag_exfiltration: {
+        name: 'AI RAG Data Exfiltration',
+        description: 'RAG (Retrieval Augmented Generation) queries may expose data across tenant boundaries or leak sensitive context.',
+        helpUri: 'https://oculum.dev/docs/rules/rag-exfiltration',
+        tags: ['security', 'ai', 'data-exposure'],
+    },
+    ai_endpoint_unprotected: {
+        name: 'AI Endpoint Unprotected',
+        description: 'AI endpoint lacks authentication or rate limiting, potentially allowing abuse or cost attacks.',
+        helpUri: 'https://oculum.dev/docs/rules/unprotected-endpoints',
+        tags: ['security', 'ai', 'authentication'],
+    },
+    ai_schema_mismatch: {
+        name: 'AI Schema Validation Missing',
+        description: 'AI-generated output is used without schema validation, potentially allowing malformed or malicious data.',
+        helpUri: 'https://oculum.dev/docs/rules/schema-validation',
+        tags: ['security', 'ai', 'validation'],
+    },
+    sql_injection: {
+        name: 'SQL Injection',
+        description: 'User input is concatenated into SQL queries without parameterization, allowing SQL injection attacks.',
+        helpUri: 'https://oculum.dev/docs/rules/sql-injection',
+        tags: ['security', 'injection', 'database'],
+    },
+    xss: {
+        name: 'Cross-Site Scripting (XSS)',
+        description: 'User input is rendered in HTML without proper escaping, allowing script injection.',
+        helpUri: 'https://oculum.dev/docs/rules/xss',
+        tags: ['security', 'injection', 'web'],
+    },
+    command_injection: {
+        name: 'Command Injection',
+        description: 'User input is passed to shell commands without sanitization, allowing arbitrary command execution.',
+        helpUri: 'https://oculum.dev/docs/rules/command-injection',
+        tags: ['security', 'injection', 'shell'],
+    },
+    missing_auth: {
+        name: 'Missing Authentication',
+        description: 'Sensitive endpoint or route lacks authentication checks.',
+        helpUri: 'https://oculum.dev/docs/rules/missing-auth',
+        tags: ['security', 'authentication'],
+    },
+    data_exposure: {
+        name: 'Data Exposure',
+        description: 'Sensitive data may be exposed through logging, error messages, or API responses.',
+        helpUri: 'https://oculum.dev/docs/rules/data-exposure',
+        tags: ['security', 'data-exposure'],
+    },
+    insecure_config: {
+        name: 'Insecure Configuration',
+        description: 'Security-relevant configuration is set to an insecure value.',
+        helpUri: 'https://oculum.dev/docs/rules/insecure-config',
+        tags: ['security', 'configuration'],
+    },
+    dangerous_function: {
+        name: 'Dangerous Function',
+        description: 'Use of a function known to be dangerous or deprecated for security reasons.',
+        helpUri: 'https://oculum.dev/docs/rules/dangerous-functions',
+        tags: ['security', 'code-quality'],
+    },
+};
+/**
+ * Format as SARIF (Static Analysis Results Interchange Format)
+ * For integration with GitHub Code Scanning
+ */
+function formatSARIF(result) {
+    // Build results from active vulnerabilities
+    const activeResults = result.vulnerabilities.map((v, index) => ({
+        ruleId: v.category,
+        ruleIndex: getRuleIndex(result.vulnerabilities, v.category),
+        level: mapSeverityToSARIF(v.severity),
+        message: {
+            text: v.description,
+        },
+        locations: [{
+                physicalLocation: {
+                    artifactLocation: {
+                        uri: v.filePath,
+                        uriBaseId: '%SRCROOT%',
+                    },
+                    region: {
+                        startLine: v.lineNumber,
+                        startColumn: 1,
+                        snippet: v.lineContent ? { text: v.lineContent } : undefined,
+                    },
+                },
+            }],
+        fingerprints: {
+            'oculum/v1': `${v.category}:${v.filePath}:${v.lineNumber}`,
+        },
+        fixes: v.suggestedFix ? [{
+                description: {
+                    text: v.suggestedFix,
+                },
+            }] : undefined,
+        properties: {
+            confidence: v.confidence,
+            layer: v.layer,
+        },
+    }));
+    // Build results from suppressed vulnerabilities (with SARIF suppression state)
+    const suppressedResults = (result.suppressedVulnerabilities || []).map((s) => ({
+        ruleId: s.category,
+        ruleIndex: 0, // Will be resolved by GitHub
+        level: mapSeverityToSARIF(s.severity),
+        message: {
+            text: s.title,
+        },
+        locations: [{
+                physicalLocation: {
+                    artifactLocation: {
+                        uri: s.filePath,
+                        uriBaseId: '%SRCROOT%',
+                    },
+                    region: {
+                        startLine: s.lineNumber,
+                        startColumn: 1,
+                    },
+                },
+            }],
+        fingerprints: {
+            'oculum/v1': `${s.category}:${s.filePath}:${s.lineNumber}`,
+            'oculum/hash': s.hash,
+        },
+        suppressions: [{
+                kind: s.suppressionType === 'inline' ? 'inSource' : 'external',
+                justification: s.suppressionReason,
+                state: 'accepted',
+            }],
+        properties: {
+            suppressionType: s.suppressionType,
+            expires: s.expires,
+        },
+    }));
+    return {
+        $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+        version: '2.1.0',
+        runs: [{
+                tool: {
+                    driver: {
+                        name: 'Oculum',
+                        version: '1.0.0',
+                        informationUri: 'https://oculum.dev',
+                        organization: 'Oculum Security',
+                        rules: getUniqueRules(result.vulnerabilities),
+                    },
+                },
+                results: [...activeResults, ...suppressedResults],
+                columnKind: 'utf16CodeUnits',
+            }],
+    };
+}
+function mapSeverityToSARIF(severity) {
+    switch (severity) {
+        case 'critical':
+        case 'high':
+            return 'error';
+        case 'medium':
+            return 'warning';
+        default:
+            return 'note';
+    }
+}
+function getRuleIndex(vulnerabilities, category) {
+    const seen = new Set();
+    let index = 0;
+    for (const v of vulnerabilities) {
+        if (!seen.has(v.category)) {
+            if (v.category === category)
+                return index;
+            seen.add(v.category);
+            index++;
+        }
+    }
+    return 0;
+}
+function getUniqueRules(vulnerabilities) {
+    const seen = new Set();
+    const rules = [];
+    for (const v of vulnerabilities) {
+        if (seen.has(v.category))
+            continue;
+        seen.add(v.category);
+        const metadata = RULE_METADATA[v.category];
+        const ruleName = metadata?.name || v.category.replace(/_/g, ' ').replace(/\b\w/g, c => c.toUpperCase());
+        rules.push({
+            id: v.category,
+            name: ruleName,
+            shortDescription: { text: ruleName },
+            fullDescription: {
+                text: metadata?.description || v.description,
+            },
+            helpUri: metadata?.helpUri || `https://oculum.dev/docs/rules/${v.category.replace(/_/g, '-')}`,
+            help: {
+                text: metadata?.description || v.description,
+                markdown: `# ${ruleName}\n\n${metadata?.description || v.description}\n\n[Learn more](${metadata?.helpUri || 'https://oculum.dev/docs'})`,
+            },
+            defaultConfiguration: {
+                level: mapSeverityToSARIF(v.severity),
+            },
+            properties: {
+                tags: metadata?.tags || ['security'],
+                precision: v.confidence === 'high' ? 'high' : v.confidence === 'medium' ? 'medium' : 'low',
+                'security-severity': mapSeverityToScore(v.severity),
+            },
+        });
+    }
+    return rules;
+}
+function mapSeverityToScore(severity) {
+    switch (severity) {
+        case 'critical':
+            return '9.0';
+        case 'high':
+            return '7.0';
+        case 'medium':
+            return '5.0';
+        case 'low':
+            return '3.0';
+        default:
+            return '1.0';
+    }
+}
+//# sourceMappingURL=cli-terminal.js.map