npm - @oculum/scanner - Versions diffs - 1.0.14 → 1.0.15 - Mend

@oculum/scanner 1.0.14 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1323) hide show

package/dist/detect/ai-code/index.d.ts +6 -11
package/dist/detect/ai-code/index.d.ts.map +1 -1
package/dist/detect/ai-code/index.js +6 -24
package/dist/detect/ai-code/index.js.map +1 -1
package/dist/detect/ast-rules/agent-tools-ast.d.ts +14 -0
package/dist/detect/ast-rules/agent-tools-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/agent-tools-ast.js +809 -0
package/dist/detect/ast-rules/agent-tools-ast.js.map +1 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts +14 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.js +344 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.js.map +1 -0
package/dist/detect/ast-rules/auth-patterns-ast.d.ts +14 -0
package/dist/detect/ast-rules/auth-patterns-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/auth-patterns-ast.js +280 -0
package/dist/detect/ast-rules/auth-patterns-ast.js.map +1 -0
package/dist/detect/ast-rules/byok-ast.d.ts +13 -0
package/dist/detect/ast-rules/byok-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/byok-ast.js +180 -0
package/dist/detect/ast-rules/byok-ast.js.map +1 -0
package/dist/detect/ast-rules/child-process-ast.d.ts +13 -0
package/dist/detect/ast-rules/child-process-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/child-process-ast.js +252 -0
package/dist/detect/ast-rules/child-process-ast.js.map +1 -0
package/dist/detect/ast-rules/dangerous-eval-ast.d.ts +13 -0
package/dist/detect/ast-rules/dangerous-eval-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/dangerous-eval-ast.js +218 -0
package/dist/detect/ast-rules/dangerous-eval-ast.js.map +1 -0
package/dist/detect/ast-rules/data-exposure-ast.d.ts +13 -0
package/dist/detect/ast-rules/data-exposure-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/data-exposure-ast.js +158 -0
package/dist/detect/ast-rules/data-exposure-ast.js.map +1 -0
package/dist/detect/ast-rules/dom-xss-ast.d.ts +14 -0
package/dist/detect/ast-rules/dom-xss-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/dom-xss-ast.js +217 -0
package/dist/detect/ast-rules/dom-xss-ast.js.map +1 -0
package/dist/detect/ast-rules/endpoint-protection-ast.d.ts +13 -0
package/dist/detect/ast-rules/endpoint-protection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/endpoint-protection-ast.js +228 -0
package/dist/detect/ast-rules/endpoint-protection-ast.js.map +1 -0
package/dist/detect/ast-rules/entropy-ast.d.ts +17 -0
package/dist/detect/ast-rules/entropy-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/entropy-ast.js +265 -0
package/dist/detect/ast-rules/entropy-ast.js.map +1 -0
package/dist/detect/ast-rules/flask-debug-ast.d.ts +10 -0
package/dist/detect/ast-rules/flask-debug-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/flask-debug-ast.js +125 -0
package/dist/detect/ast-rules/flask-debug-ast.js.map +1 -0
package/dist/detect/ast-rules/framework-checks-ast.d.ts +13 -0
package/dist/detect/ast-rules/framework-checks-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/framework-checks-ast.js +185 -0
package/dist/detect/ast-rules/framework-checks-ast.js.map +1 -0
package/dist/detect/ast-rules/helpers/call-analysis.d.ts +62 -0
package/dist/detect/ast-rules/helpers/call-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/call-analysis.js +217 -0
package/dist/detect/ast-rules/helpers/call-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/context-detection.d.ts +33 -0
package/dist/detect/ast-rules/helpers/context-detection.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/context-detection.js +256 -0
package/dist/detect/ast-rules/helpers/context-detection.js.map +1 -0
package/dist/detect/ast-rules/helpers/control-flow.d.ts +40 -0
package/dist/detect/ast-rules/helpers/control-flow.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/control-flow.js +174 -0
package/dist/detect/ast-rules/helpers/control-flow.js.map +1 -0
package/dist/detect/ast-rules/helpers/import-analysis.d.ts +43 -0
package/dist/detect/ast-rules/helpers/import-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/import-analysis.js +149 -0
package/dist/detect/ast-rules/helpers/import-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/index.d.ts +16 -0
package/dist/detect/ast-rules/helpers/index.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/index.js +112 -0
package/dist/detect/ast-rules/helpers/index.js.map +1 -0
package/dist/detect/ast-rules/helpers/python-helpers.d.ts +215 -0
package/dist/detect/ast-rules/helpers/python-helpers.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/python-helpers.js +935 -0
package/dist/detect/ast-rules/helpers/python-helpers.js.map +1 -0
package/dist/detect/ast-rules/helpers/scope-analysis.d.ts +50 -0
package/dist/detect/ast-rules/helpers/scope-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/scope-analysis.js +194 -0
package/dist/detect/ast-rules/helpers/scope-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/string-analysis.d.ts +57 -0
package/dist/detect/ast-rules/helpers/string-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/string-analysis.js +184 -0
package/dist/detect/ast-rules/helpers/string-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/type-extraction.d.ts +44 -0
package/dist/detect/ast-rules/helpers/type-extraction.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/type-extraction.js +125 -0
package/dist/detect/ast-rules/helpers/type-extraction.js.map +1 -0
package/dist/detect/ast-rules/helpers/user-input.d.ts +35 -0
package/dist/detect/ast-rules/helpers/user-input.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/user-input.js +243 -0
package/dist/detect/ast-rules/helpers/user-input.js.map +1 -0
package/dist/detect/ast-rules/index.d.ts +112 -0
package/dist/detect/ast-rules/index.d.ts.map +1 -0
package/dist/detect/ast-rules/index.js +232 -0
package/dist/detect/ast-rules/index.js.map +1 -0
package/dist/detect/ast-rules/json-parse-ast.d.ts +13 -0
package/dist/detect/ast-rules/json-parse-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/json-parse-ast.js +143 -0
package/dist/detect/ast-rules/json-parse-ast.js.map +1 -0
package/dist/detect/ast-rules/log-injection-ast.d.ts +14 -0
package/dist/detect/ast-rules/log-injection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/log-injection-ast.js +235 -0
package/dist/detect/ast-rules/log-injection-ast.js.map +1 -0
package/dist/detect/ast-rules/logic-gates-ast.d.ts +14 -0
package/dist/detect/ast-rules/logic-gates-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/logic-gates-ast.js +312 -0
package/dist/detect/ast-rules/logic-gates-ast.js.map +1 -0
package/dist/detect/ast-rules/mcp-security-ast.d.ts +14 -0
package/dist/detect/ast-rules/mcp-security-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/mcp-security-ast.js +755 -0
package/dist/detect/ast-rules/mcp-security-ast.js.map +1 -0
package/dist/detect/ast-rules/model-supply-chain-ast.d.ts +13 -0
package/dist/detect/ast-rules/model-supply-chain-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/model-supply-chain-ast.js +188 -0
package/dist/detect/ast-rules/model-supply-chain-ast.js.map +1 -0
package/dist/detect/ast-rules/package-hallucination-ast.d.ts +13 -0
package/dist/detect/ast-rules/package-hallucination-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/package-hallucination-ast.js +607 -0
package/dist/detect/ast-rules/package-hallucination-ast.js.map +1 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts +15 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.js +332 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.js.map +1 -0
package/dist/detect/ast-rules/rag-safety-ast.d.ts +18 -0
package/dist/detect/ast-rules/rag-safety-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/rag-safety-ast.js +640 -0
package/dist/detect/ast-rules/rag-safety-ast.js.map +1 -0
package/dist/detect/ast-rules/request-validation-ast.d.ts +13 -0
package/dist/detect/ast-rules/request-validation-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/request-validation-ast.js +116 -0
package/dist/detect/ast-rules/request-validation-ast.js.map +1 -0
package/dist/detect/ast-rules/risky-imports-ast.d.ts +14 -0
package/dist/detect/ast-rules/risky-imports-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/risky-imports-ast.js +114 -0
package/dist/detect/ast-rules/risky-imports-ast.js.map +1 -0
package/dist/detect/ast-rules/schema-validation-ast.d.ts +14 -0
package/dist/detect/ast-rules/schema-validation-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/schema-validation-ast.js +233 -0
package/dist/detect/ast-rules/schema-validation-ast.js.map +1 -0
package/dist/detect/ast-rules/secret-patterns-ast.d.ts +17 -0
package/dist/detect/ast-rules/secret-patterns-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/secret-patterns-ast.js +199 -0
package/dist/detect/ast-rules/secret-patterns-ast.js.map +1 -0
package/dist/detect/ast-rules/security-headers-ast.d.ts +14 -0
package/dist/detect/ast-rules/security-headers-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/security-headers-ast.js +187 -0
package/dist/detect/ast-rules/security-headers-ast.js.map +1 -0
package/dist/detect/ast-rules/sql-injection-ast.d.ts +17 -0
package/dist/detect/ast-rules/sql-injection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/sql-injection-ast.js +497 -0
package/dist/detect/ast-rules/sql-injection-ast.js.map +1 -0
package/dist/detect/ast-rules/ssrf-ast.d.ts +14 -0
package/dist/detect/ast-rules/ssrf-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/ssrf-ast.js +573 -0
package/dist/detect/ast-rules/ssrf-ast.js.map +1 -0
package/dist/detect/ast-rules/taint-fix-templates.d.ts +18 -0
package/dist/detect/ast-rules/taint-fix-templates.d.ts.map +1 -0
package/dist/detect/ast-rules/taint-fix-templates.js +92 -0
package/dist/detect/ast-rules/taint-fix-templates.js.map +1 -0
package/dist/detect/ast-rules/taint-flow-ast.d.ts +24 -0
package/dist/detect/ast-rules/taint-flow-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/taint-flow-ast.js +340 -0
package/dist/detect/ast-rules/taint-flow-ast.js.map +1 -0
package/dist/detect/ast-rules/variables-ast.d.ts +24 -0
package/dist/detect/ast-rules/variables-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/variables-ast.js +362 -0
package/dist/detect/ast-rules/variables-ast.js.map +1 -0
package/dist/detect/ast-rules/weak-crypto-ast.d.ts +15 -0
package/dist/detect/ast-rules/weak-crypto-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/weak-crypto-ast.js +406 -0
package/dist/detect/ast-rules/weak-crypto-ast.js.map +1 -0
package/dist/detect/ast-rules/xxe-ast.d.ts +13 -0
package/dist/detect/ast-rules/xxe-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/xxe-ast.js +157 -0
package/dist/detect/ast-rules/xxe-ast.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -1
package/dist/detect/config/agent-skill-injection.js +2 -24
package/dist/detect/config/agent-skill-injection.js.map +1 -1
package/dist/detect/config/index.d.ts +1 -0
package/dist/detect/config/index.d.ts.map +1 -1
package/dist/detect/config/index.js +3 -1
package/dist/detect/config/index.js.map +1 -1
package/dist/detect/config/osv-check.d.ts.map +1 -1
package/dist/detect/config/osv-check.js +6 -1
package/dist/detect/config/osv-check.js.map +1 -1
package/dist/detect/config/package-check.d.ts.map +1 -1
package/dist/detect/config/package-check.js +6 -1
package/dist/detect/config/package-check.js.map +1 -1
package/dist/detect/config/rules-file-backdoor.d.ts +36 -0
package/dist/detect/config/rules-file-backdoor.d.ts.map +1 -0
package/dist/detect/config/rules-file-backdoor.js +379 -0
package/dist/detect/config/rules-file-backdoor.js.map +1 -0
package/dist/detect/index.d.ts +43 -6
package/dist/detect/index.d.ts.map +1 -1
package/dist/detect/index.js +70 -7
package/dist/detect/index.js.map +1 -1
package/dist/detect/secrets/config-audit.d.ts.map +1 -1
package/dist/detect/secrets/config-audit.js +36 -3
package/dist/detect/secrets/config-audit.js.map +1 -1
package/dist/detect/secrets/entropy.d.ts.map +1 -1
package/dist/detect/secrets/entropy.js +180 -0
package/dist/detect/secrets/entropy.js.map +1 -1
package/dist/detect/secrets/index.d.ts +0 -2
package/dist/detect/secrets/index.d.ts.map +1 -1
package/dist/detect/secrets/index.js +7 -17
package/dist/detect/secrets/index.js.map +1 -1
package/dist/detect/structural/index.d.ts +15 -28
package/dist/detect/structural/index.d.ts.map +1 -1
package/dist/detect/structural/index.js +20 -497
package/dist/detect/structural/index.js.map +1 -1
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +9 -1
package/dist/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts.map +1 -1
package/dist/model/auth-helper-detector.js +2 -7
package/dist/model/auth-helper-detector.js.map +1 -1
package/dist/model/import-resolver.d.ts.map +1 -1
package/dist/model/import-resolver.js +94 -0
package/dist/model/import-resolver.js.map +1 -1
package/dist/model/imported-auth-detector.js +8 -8
package/dist/model/imported-auth-detector.js.map +1 -1
package/dist/model/index.d.ts +8 -0
package/dist/model/index.d.ts.map +1 -1
package/dist/model/index.js +198 -73
package/dist/model/index.js.map +1 -1
package/dist/model/module-graph.d.ts.map +1 -1
package/dist/model/module-graph.js +22 -9
package/dist/model/module-graph.js.map +1 -1
package/dist/model/project-context.d.ts +1 -1
package/dist/model/project-context.d.ts.map +1 -1
package/dist/model/project-context.js +34 -0
package/dist/model/project-context.js.map +1 -1
package/dist/model/route-auth-resolver.d.ts.map +1 -1
package/dist/model/route-auth-resolver.js +17 -2
package/dist/model/route-auth-resolver.js.map +1 -1
package/dist/model/route-discovery/index.js +1 -1
package/dist/model/route-discovery/index.js.map +1 -1
package/dist/model/route-discovery/nextjs.js +1 -1
package/dist/model/route-discovery/nextjs.js.map +1 -1
package/dist/model/route-discovery/python.d.ts +6 -3
package/dist/model/route-discovery/python.d.ts.map +1 -1
package/dist/model/route-discovery/python.js +132 -9
package/dist/model/route-discovery/python.js.map +1 -1
package/dist/model/route-discovery/types.d.ts +1 -1
package/dist/model/route-discovery/types.d.ts.map +1 -1
package/dist/model/route-discovery/utils.d.ts +8 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -1
package/dist/model/route-discovery/utils.js +70 -0
package/dist/model/route-discovery/utils.js.map +1 -1
package/dist/model/taint-types.d.ts +0 -4
package/dist/model/taint-types.d.ts.map +1 -1
package/dist/parse/ast.d.ts +58 -0
package/dist/parse/ast.d.ts.map +1 -0
package/dist/parse/ast.js +230 -0
package/dist/parse/ast.js.map +1 -0
package/dist/parse/call-graph.d.ts +41 -0
package/dist/parse/call-graph.d.ts.map +1 -0
package/dist/parse/call-graph.js +386 -0
package/dist/parse/call-graph.js.map +1 -0
package/dist/parse/file-classifier.d.ts +11 -0
package/dist/parse/file-classifier.d.ts.map +1 -1
package/dist/parse/file-classifier.js +63 -15
package/dist/parse/file-classifier.js.map +1 -1
package/dist/parse/node-index.d.ts +32 -0
package/dist/parse/node-index.d.ts.map +1 -0
package/dist/parse/node-index.js +103 -0
package/dist/parse/node-index.js.map +1 -0
package/dist/parse/type-extractor.d.ts +50 -0
package/dist/parse/type-extractor.d.ts.map +1 -0
package/dist/parse/type-extractor.js +243 -0
package/dist/parse/type-extractor.js.map +1 -0
package/dist/pipeline/config.d.ts +7 -1
package/dist/pipeline/config.d.ts.map +1 -1
package/dist/pipeline/config.js.map +1 -1
package/dist/pipeline/index.d.ts +3 -3
package/dist/pipeline/index.d.ts.map +1 -1
package/dist/pipeline/index.js +192 -64
package/dist/pipeline/index.js.map +1 -1
package/dist/pipeline/modes/incremental.d.ts.map +1 -1
package/dist/pipeline/modes/incremental.js +2 -7
package/dist/pipeline/modes/incremental.js.map +1 -1
package/dist/postprocess/dedup.d.ts +5 -2
package/dist/postprocess/dedup.d.ts.map +1 -1
package/dist/postprocess/dedup.js +47 -16
package/dist/postprocess/dedup.js.map +1 -1
package/dist/report/build-result.d.ts +9 -4
package/dist/report/build-result.d.ts.map +1 -1
package/dist/report/build-result.js +15 -4
package/dist/report/build-result.js.map +1 -1
package/dist/report/formatters/cli-terminal.d.ts +1 -1
package/dist/report/formatters/cli-terminal.d.ts.map +1 -1
package/dist/report/formatters/cli-terminal.js +434 -231
package/dist/report/formatters/cli-terminal.js.map +1 -1
package/dist/report/sanitize.d.ts +10 -0
package/dist/report/sanitize.d.ts.map +1 -0
package/dist/report/sanitize.js +19 -0
package/dist/report/sanitize.js.map +1 -0
package/dist/score/adjustments.d.ts +20 -2
package/dist/score/adjustments.d.ts.map +1 -1
package/dist/score/adjustments.js +108 -37
package/dist/score/adjustments.js.map +1 -1
package/dist/score/confidence.d.ts +6 -0
package/dist/score/confidence.d.ts.map +1 -1
package/dist/score/confidence.js +10 -4
package/dist/score/confidence.js.map +1 -1
package/dist/score/evidence.d.ts +25 -0
package/dist/score/evidence.d.ts.map +1 -0
package/dist/score/evidence.js +51 -0
package/dist/score/evidence.js.map +1 -0
package/dist/score/index.d.ts +3 -1
package/dist/score/index.d.ts.map +1 -1
package/dist/score/index.js +25 -50
package/dist/score/index.js.map +1 -1
package/dist/score/types.d.ts +5 -1
package/dist/score/types.d.ts.map +1 -1
package/dist/shared/category-filter.d.ts.map +1 -1
package/dist/shared/category-filter.js +12 -0
package/dist/shared/category-filter.js.map +1 -1
package/dist/shared/regex-utils.d.ts +3 -0
package/dist/shared/regex-utils.d.ts.map +1 -0
package/dist/shared/regex-utils.js +8 -0
package/dist/shared/regex-utils.js.map +1 -0
package/dist/shared/registry-clients.d.ts +7 -0
package/dist/shared/registry-clients.d.ts.map +1 -1
package/dist/shared/registry-clients.js +94 -17
package/dist/shared/registry-clients.js.map +1 -1
package/dist/shared/rules/metadata.d.ts.map +1 -1
package/dist/shared/rules/metadata.js +17 -0
package/dist/shared/rules/metadata.js.map +1 -1
package/dist/shared/types.d.ts +59 -15
package/dist/shared/types.d.ts.map +1 -1
package/dist/shared/types.js +38 -21
package/dist/shared/types.js.map +1 -1
package/dist/taint/async-flow.d.ts +44 -0
package/dist/taint/async-flow.d.ts.map +1 -0
package/dist/taint/async-flow.js +271 -0
package/dist/taint/async-flow.js.map +1 -0
package/dist/taint/cfg-builder.d.ts +35 -0
package/dist/taint/cfg-builder.d.ts.map +1 -0
package/dist/taint/cfg-builder.js +980 -0
package/dist/taint/cfg-builder.js.map +1 -0
package/dist/taint/cfg-types.d.ts +76 -0
package/dist/taint/cfg-types.d.ts.map +1 -0
package/dist/taint/cfg-types.js +13 -0
package/dist/taint/cfg-types.js.map +1 -0
package/dist/taint/constant-propagation.d.ts +34 -0
package/dist/taint/constant-propagation.d.ts.map +1 -0
package/dist/taint/constant-propagation.js +164 -0
package/dist/taint/constant-propagation.js.map +1 -0
package/dist/taint/cross-file-analyzer.d.ts +27 -0
package/dist/taint/cross-file-analyzer.d.ts.map +1 -0
package/dist/taint/cross-file-analyzer.js +99 -0
package/dist/taint/cross-file-analyzer.js.map +1 -0
package/dist/taint/cross-file-index.d.ts +59 -0
package/dist/taint/cross-file-index.d.ts.map +1 -0
package/dist/taint/cross-file-index.js +183 -0
package/dist/taint/cross-file-index.js.map +1 -0
package/dist/taint/def-use.d.ts +27 -0
package/dist/taint/def-use.d.ts.map +1 -0
package/dist/taint/def-use.js +519 -0
package/dist/taint/def-use.js.map +1 -0
package/dist/taint/file-analysis-cache.d.ts +47 -0
package/dist/taint/file-analysis-cache.d.ts.map +1 -0
package/dist/taint/file-analysis-cache.js +107 -0
package/dist/taint/file-analysis-cache.js.map +1 -0
package/dist/taint/framework-models.d.ts +77 -0
package/dist/taint/framework-models.d.ts.map +1 -0
package/dist/taint/framework-models.js +258 -0
package/dist/taint/framework-models.js.map +1 -0
package/dist/taint/helpers.d.ts +31 -0
package/dist/taint/helpers.d.ts.map +1 -0
package/dist/taint/helpers.js +130 -0
package/dist/taint/helpers.js.map +1 -0
package/dist/taint/index.d.ts +28 -0
package/dist/taint/index.d.ts.map +1 -0
package/dist/taint/index.js +77 -0
package/dist/taint/index.js.map +1 -0
package/dist/taint/llm-registry.d.ts +47 -0
package/dist/taint/llm-registry.d.ts.map +1 -0
package/dist/taint/llm-registry.js +152 -0
package/dist/taint/llm-registry.js.map +1 -0
package/dist/taint/llm-risk-scoring.d.ts +54 -0
package/dist/taint/llm-risk-scoring.d.ts.map +1 -0
package/dist/taint/llm-risk-scoring.js +376 -0
package/dist/taint/llm-risk-scoring.js.map +1 -0
package/dist/taint/propagation-types.d.ts +104 -0
package/dist/taint/propagation-types.d.ts.map +1 -0
package/dist/taint/propagation-types.js +98 -0
package/dist/taint/propagation-types.js.map +1 -0
package/dist/taint/propagation.d.ts +111 -0
package/dist/taint/propagation.d.ts.map +1 -0
package/dist/taint/propagation.js +1576 -0
package/dist/taint/propagation.js.map +1 -0
package/dist/taint/sanitizer-registry.d.ts +26 -0
package/dist/taint/sanitizer-registry.d.ts.map +1 -0
package/dist/taint/sanitizer-registry.js +422 -0
package/dist/taint/sanitizer-registry.js.map +1 -0
package/dist/taint/sink-classifier.d.ts +27 -0
package/dist/taint/sink-classifier.d.ts.map +1 -0
package/dist/taint/sink-classifier.js +1166 -0
package/dist/taint/sink-classifier.js.map +1 -0
package/dist/taint/source-classifier.d.ts +29 -0
package/dist/taint/source-classifier.d.ts.map +1 -0
package/dist/taint/source-classifier.js +814 -0
package/dist/taint/source-classifier.js.map +1 -0
package/dist/taint/taint-analyzer.d.ts +33 -0
package/dist/taint/taint-analyzer.d.ts.map +1 -0
package/dist/taint/taint-analyzer.js +88 -0
package/dist/taint/taint-analyzer.js.map +1 -0
package/dist/taint/taint-summary.d.ts +37 -0
package/dist/taint/taint-summary.d.ts.map +1 -0
package/dist/taint/taint-summary.js +293 -0
package/dist/taint/taint-summary.js.map +1 -0
package/dist/taint/types.d.ts +47 -0
package/dist/taint/types.d.ts.map +1 -0
package/dist/taint/types.js +19 -0
package/dist/taint/types.js.map +1 -0
package/dist/validate/clients.d.ts +2 -1
package/dist/validate/clients.d.ts.map +1 -1
package/dist/validate/clients.js +3 -2
package/dist/validate/clients.js.map +1 -1
package/dist/validate/index.d.ts +5 -6
package/dist/validate/index.d.ts.map +1 -1
package/dist/validate/index.js +22 -21
package/dist/validate/index.js.map +1 -1
package/dist/validate/prompts/modules/ai-patterns.d.ts +1 -1
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -1
package/dist/validate/prompts/modules/ai-patterns.js +16 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -1
package/dist/validate/prompts/modules/common.d.ts +1 -1
package/dist/validate/prompts/modules/common.d.ts.map +1 -1
package/dist/validate/prompts/modules/common.js +12 -3
package/dist/validate/prompts/modules/common.js.map +1 -1
package/dist/validate/providers/anthropic.d.ts +4 -4
package/dist/validate/providers/anthropic.d.ts.map +1 -1
package/dist/validate/providers/anthropic.js +85 -58
package/dist/validate/providers/anthropic.js.map +1 -1
package/dist/validate/providers/openai.d.ts +4 -4
package/dist/validate/providers/openai.d.ts.map +1 -1
package/dist/validate/providers/openai.js +149 -99
package/dist/validate/providers/openai.js.map +1 -1
package/dist/validate/request-builder.d.ts +2 -8
package/dist/validate/request-builder.d.ts.map +1 -1
package/dist/validate/request-builder.js +4 -34
package/dist/validate/request-builder.js.map +1 -1
package/dist/validate/types.d.ts +9 -0
package/dist/validate/types.d.ts.map +1 -1
package/dist/validate/types.js.map +1 -1
package/dist/validate/utils/path-helpers.js +2 -2
package/dist/validate/utils/path-helpers.js.map +1 -1
package/dist/validate/utils/response-parser.d.ts +10 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -1
package/dist/validate/utils/response-parser.js +21 -2
package/dist/validate/utils/response-parser.js.map +1 -1
package/dist/validate/utils/retry.d.ts.map +1 -1
package/dist/validate/utils/retry.js +19 -4
package/dist/validate/utils/retry.js.map +1 -1
package/package.json +7 -4
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1 -1
package/src/__tests__/benchmark/planted-benchmark.test.ts +337 -0
package/src/__tests__/benchmark/utils/test-runner.ts +38 -4
package/src/__tests__/category-filter.test.ts +5 -1
package/src/__tests__/context-engine/route-discovery/python.test.ts +726 -0
package/src/__tests__/detect/ast-rules.test.ts +1043 -0
package/src/__tests__/detect/offline-mode.test.ts +147 -0
package/src/__tests__/detect/python-ast-rules.test.ts +569 -0
package/src/__tests__/detect/python-helpers.test.ts +536 -0
package/src/__tests__/detect/python-sast-rules.test.ts +453 -0
package/src/__tests__/detect/rules-file-backdoor-decoders.test.ts +151 -0
package/src/__tests__/detect/rules-file-backdoor.test.ts +284 -0
package/src/__tests__/detect/taint-fix-templates.test.ts +150 -0
package/src/__tests__/detect/taint-path-serialization.test.ts +170 -0
package/src/__tests__/parse/call-graph.test.ts +300 -0
package/src/__tests__/parse/python-parser.test.ts +274 -0
package/src/__tests__/regression/known-false-positives.test.ts +491 -9
package/src/__tests__/regression/rules-file-backdoor.test.ts +137 -0
package/src/__tests__/score/adjustments.test.ts +34 -16
package/src/__tests__/score/confidence.test.ts +84 -57
package/src/__tests__/score/evidence-scoring.test.ts +249 -0
package/src/__tests__/score/evidence.test.ts +144 -0
package/src/__tests__/score/scoring-integration.test.ts +56 -34
package/src/__tests__/score/taint-adjustments.test.ts +14 -228
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +65 -59
package/src/__tests__/snapshots/scan-depth.test.ts +39 -7
package/src/__tests__/taint/async-flow.test.ts +247 -0
package/src/__tests__/taint/cfg-builder.test.ts +835 -0
package/src/__tests__/taint/constant-propagation.test.ts +302 -0
package/src/__tests__/taint/cross-file-index.test.ts +683 -0
package/src/__tests__/taint/cross-file-integration.test.ts +275 -0
package/src/__tests__/taint/cross-file-propagation.test.ts +910 -0
package/src/__tests__/taint/def-use.test.ts +132 -0
package/src/__tests__/taint/field-sensitive-sinks.test.ts +179 -0
package/src/__tests__/taint/field-sensitivity.test.ts +342 -0
package/src/__tests__/taint/file-analysis-cache.test.ts +290 -0
package/src/__tests__/taint/framework-models.test.ts +227 -0
package/src/__tests__/taint/llm-flow-graph.test.ts +850 -0
package/src/__tests__/taint/llm-risk-scoring.test.ts +439 -0
package/src/__tests__/taint/performance-parity.test.ts +315 -0
package/src/__tests__/taint/propagation.test.ts +621 -0
package/src/__tests__/taint/python-cross-file.test.ts +494 -0
package/src/__tests__/taint/python-taint.test.ts +1344 -0
package/src/__tests__/taint/sanitizer-registry.test.ts +304 -0
package/src/__tests__/taint/sanitizer-regression.test.ts +111 -0
package/src/__tests__/taint/sink-classifier.test.ts +537 -0
package/src/__tests__/taint/source-classifier.test.ts +367 -0
package/src/__tests__/taint/taint-pipeline.test.ts +418 -0
package/src/__tests__/taint/taint-smoke.test.ts +400 -0
package/src/__tests__/taint/taint-summary.test.ts +472 -0
package/src/detect/ai-code/index.ts +6 -11
package/src/detect/ast-rules/agent-tools-ast.ts +861 -0
package/src/detect/ast-rules/ai-fingerprinting-ast.ts +451 -0
package/src/detect/ast-rules/auth-patterns-ast.ts +304 -0
package/src/detect/ast-rules/byok-ast.ts +195 -0
package/src/detect/ast-rules/child-process-ast.ts +276 -0
package/src/detect/ast-rules/dangerous-eval-ast.ts +227 -0
package/src/detect/ast-rules/data-exposure-ast.ts +162 -0
package/src/detect/ast-rules/dom-xss-ast.ts +260 -0
package/src/detect/ast-rules/endpoint-protection-ast.ts +231 -0
package/src/detect/ast-rules/entropy-ast.ts +268 -0
package/src/detect/ast-rules/flask-debug-ast.ts +148 -0
package/src/detect/ast-rules/framework-checks-ast.ts +200 -0
package/src/detect/ast-rules/helpers/call-analysis.ts +256 -0
package/src/detect/ast-rules/helpers/context-detection.ts +277 -0
package/src/detect/ast-rules/helpers/control-flow.ts +179 -0
package/src/detect/ast-rules/helpers/import-analysis.ts +185 -0
package/src/detect/ast-rules/helpers/index.ts +133 -0
package/src/detect/ast-rules/helpers/python-helpers.ts +1054 -0
package/src/detect/ast-rules/helpers/scope-analysis.ts +224 -0
package/src/detect/ast-rules/helpers/string-analysis.ts +215 -0
package/src/detect/ast-rules/helpers/type-extraction.ts +138 -0
package/src/detect/ast-rules/helpers/user-input.ts +256 -0
package/src/detect/ast-rules/index.ts +311 -0
package/src/detect/ast-rules/json-parse-ast.ts +162 -0
package/src/detect/ast-rules/log-injection-ast.ts +243 -0
package/src/detect/ast-rules/logic-gates-ast.ts +343 -0
package/src/detect/ast-rules/mcp-security-ast.ts +808 -0
package/src/detect/ast-rules/model-supply-chain-ast.ts +202 -0
package/src/detect/ast-rules/package-hallucination-ast.ts +664 -0
package/src/detect/ast-rules/prompt-hygiene-ast.ts +329 -0
package/src/detect/ast-rules/rag-safety-ast.ts +689 -0
package/src/detect/ast-rules/request-validation-ast.ts +122 -0
package/src/detect/ast-rules/risky-imports-ast.ts +133 -0
package/src/detect/ast-rules/schema-validation-ast.ts +244 -0
package/src/detect/ast-rules/secret-patterns-ast.ts +223 -0
package/src/detect/ast-rules/security-headers-ast.ts +206 -0
package/src/detect/ast-rules/sql-injection-ast.ts +614 -0
package/src/detect/ast-rules/ssrf-ast.ts +601 -0
package/src/detect/ast-rules/taint-fix-templates.ts +108 -0
package/src/detect/ast-rules/taint-flow-ast.ts +416 -0
package/src/detect/ast-rules/variables-ast.ts +446 -0
package/src/detect/ast-rules/weak-crypto-ast.ts +441 -0
package/src/detect/ast-rules/xxe-ast.ts +184 -0
package/src/detect/config/agent-skill-injection.ts +2 -24
package/src/detect/config/index.ts +1 -0
package/src/detect/config/osv-check.ts +6 -1
package/src/detect/config/package-check.ts +6 -1
package/src/detect/config/rules-file-backdoor.ts +438 -0
package/src/detect/index.ts +146 -52
package/src/detect/secrets/config-audit.ts +37 -3
package/src/detect/secrets/entropy.ts +195 -0
package/src/detect/secrets/index.ts +7 -16
package/src/detect/structural/index.ts +23 -566
package/src/index.ts +7 -0
package/src/model/auth-helper-detector.ts +1 -7
package/src/model/import-resolver.ts +104 -0
package/src/model/imported-auth-detector.ts +1 -1
package/src/model/index.ts +240 -80
package/src/model/module-graph.ts +17 -5
package/src/model/project-context.ts +28 -1
package/src/model/route-auth-resolver.ts +18 -3
package/src/model/route-discovery/index.ts +1 -1
package/src/model/route-discovery/nextjs.ts +1 -1
package/src/model/route-discovery/python.ts +156 -9
package/src/model/route-discovery/types.ts +1 -1
package/src/model/route-discovery/utils.ts +73 -0
package/src/model/taint-types.ts +1 -6
package/src/parse/ast.ts +271 -0
package/src/parse/call-graph.ts +419 -0
package/src/parse/file-classifier.ts +69 -15
package/src/parse/node-index.ts +118 -0
package/src/parse/type-extractor.ts +293 -0
package/src/pipeline/config.ts +7 -0
package/src/pipeline/index.ts +464 -199
package/src/pipeline/modes/incremental.ts +1 -7
package/src/postprocess/dedup.ts +48 -17
package/src/report/build-result.ts +57 -29
package/src/report/formatters/cli-terminal.ts +731 -415
package/src/report/sanitize.ts +27 -0
package/src/score/adjustments.ts +113 -40
package/src/score/confidence.ts +10 -5
package/src/score/evidence.ts +55 -0
package/src/score/index.ts +27 -55
package/src/score/types.ts +4 -0
package/src/shared/category-filter.ts +12 -0
package/src/shared/regex-utils.ts +4 -0
package/src/shared/registry-clients.ts +106 -18
package/src/shared/rules/__tests__/metadata.test.ts +5 -1
package/src/shared/rules/metadata.ts +19 -0
package/src/shared/types.ts +372 -253
package/src/taint/async-flow.ts +301 -0
package/src/taint/cfg-builder.ts +1127 -0
package/src/taint/cfg-types.ts +110 -0
package/src/taint/constant-propagation.ts +170 -0
package/src/taint/cross-file-analyzer.ts +118 -0
package/src/taint/cross-file-index.ts +275 -0
package/src/taint/def-use.ts +556 -0
package/src/taint/file-analysis-cache.ts +145 -0
package/src/taint/framework-models.ts +313 -0
package/src/taint/helpers.ts +138 -0
package/src/taint/index.ts +71 -0
package/src/taint/llm-registry.ts +174 -0
package/src/taint/llm-risk-scoring.ts +412 -0
package/src/taint/propagation-types.ts +188 -0
package/src/taint/propagation.ts +1750 -0
package/src/taint/sanitizer-registry.ts +490 -0
package/src/taint/sink-classifier.ts +1402 -0
package/src/taint/source-classifier.ts +859 -0
package/src/taint/taint-analyzer.ts +112 -0
package/src/taint/taint-summary.ts +341 -0
package/src/taint/types.ts +86 -0
package/src/validate/clients.ts +3 -2
package/src/validate/index.ts +89 -53
package/src/validate/prompts/modules/ai-patterns.ts +16 -0
package/src/validate/prompts/modules/common.ts +12 -3
package/src/validate/providers/anthropic.ts +254 -148
package/src/validate/providers/openai.ts +363 -218
package/src/validate/request-builder.ts +2 -45
package/src/validate/types.ts +9 -0
package/src/validate/utils/path-helpers.ts +2 -2
package/src/validate/utils/response-parser.ts +32 -3
package/src/validate/utils/retry.ts +19 -4
package/dist/ai-context/index.d.ts +0 -6
package/dist/ai-context/index.d.ts.map +0 -1
package/dist/ai-context/index.js +0 -13
package/dist/ai-context/index.js.map +0 -1
package/dist/ai-context/manager.d.ts +0 -67
package/dist/ai-context/manager.d.ts.map +0 -1
package/dist/ai-context/manager.js +0 -104
package/dist/ai-context/manager.js.map +0 -1
package/dist/baseline/diff.d.ts +0 -32
package/dist/baseline/diff.d.ts.map +0 -1
package/dist/baseline/diff.js +0 -119
package/dist/baseline/diff.js.map +0 -1
package/dist/baseline/index.d.ts +0 -9
package/dist/baseline/index.d.ts.map +0 -1
package/dist/baseline/index.js +0 -19
package/dist/baseline/index.js.map +0 -1
package/dist/baseline/manager.d.ts +0 -67
package/dist/baseline/manager.d.ts.map +0 -1
package/dist/baseline/manager.js +0 -180
package/dist/baseline/manager.js.map +0 -1
package/dist/baseline/types.d.ts +0 -91
package/dist/baseline/types.d.ts.map +0 -1
package/dist/baseline/types.js +0 -12
package/dist/baseline/types.js.map +0 -1
package/dist/category-filter.d.ts +0 -125
package/dist/category-filter.d.ts.map +0 -1
package/dist/category-filter.js +0 -360
package/dist/category-filter.js.map +0 -1
package/dist/detect/ai-code/agent-tools.d.ts +0 -22
package/dist/detect/ai-code/agent-tools.d.ts.map +0 -1
package/dist/detect/ai-code/agent-tools.js +0 -1509
package/dist/detect/ai-code/agent-tools.js.map +0 -1
package/dist/detect/ai-code/byok-patterns.d.ts +0 -15
package/dist/detect/ai-code/byok-patterns.d.ts.map +0 -1
package/dist/detect/ai-code/byok-patterns.js +0 -313
package/dist/detect/ai-code/byok-patterns.js.map +0 -1
package/dist/detect/ai-code/endpoint-protection.d.ts +0 -38
package/dist/detect/ai-code/endpoint-protection.d.ts.map +0 -1
package/dist/detect/ai-code/endpoint-protection.js +0 -349
package/dist/detect/ai-code/endpoint-protection.js.map +0 -1
package/dist/detect/ai-code/execution-sinks.d.ts +0 -21
package/dist/detect/ai-code/execution-sinks.d.ts.map +0 -1
package/dist/detect/ai-code/execution-sinks.js +0 -1158
package/dist/detect/ai-code/execution-sinks.js.map +0 -1
package/dist/detect/ai-code/fingerprinting.d.ts +0 -10
package/dist/detect/ai-code/fingerprinting.d.ts.map +0 -1
package/dist/detect/ai-code/fingerprinting.js +0 -665
package/dist/detect/ai-code/fingerprinting.js.map +0 -1
package/dist/detect/ai-code/mcp-security.d.ts +0 -20
package/dist/detect/ai-code/mcp-security.d.ts.map +0 -1
package/dist/detect/ai-code/mcp-security.js +0 -880
package/dist/detect/ai-code/mcp-security.js.map +0 -1
package/dist/detect/ai-code/model-supply-chain.d.ts +0 -23
package/dist/detect/ai-code/model-supply-chain.d.ts.map +0 -1
package/dist/detect/ai-code/model-supply-chain.js +0 -447
package/dist/detect/ai-code/model-supply-chain.js.map +0 -1
package/dist/detect/ai-code/package-hallucination.d.ts +0 -22
package/dist/detect/ai-code/package-hallucination.d.ts.map +0 -1
package/dist/detect/ai-code/package-hallucination.js +0 -841
package/dist/detect/ai-code/package-hallucination.js.map +0 -1
package/dist/detect/ai-code/prompt-hygiene.d.ts +0 -22
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +0 -1
package/dist/detect/ai-code/prompt-hygiene.js +0 -1177
package/dist/detect/ai-code/prompt-hygiene.js.map +0 -1
package/dist/detect/ai-code/rag-safety.d.ts +0 -24
package/dist/detect/ai-code/rag-safety.d.ts.map +0 -1
package/dist/detect/ai-code/rag-safety.js +0 -913
package/dist/detect/ai-code/rag-safety.js.map +0 -1
package/dist/detect/ai-code/schema-validation.d.ts +0 -28
package/dist/detect/ai-code/schema-validation.d.ts.map +0 -1
package/dist/detect/ai-code/schema-validation.js +0 -378
package/dist/detect/ai-code/schema-validation.js.map +0 -1
package/dist/detect/secrets/patterns.d.ts +0 -11
package/dist/detect/secrets/patterns.d.ts.map +0 -1
package/dist/detect/secrets/patterns.js +0 -518
package/dist/detect/secrets/patterns.js.map +0 -1
package/dist/detect/secrets/weak-crypto.d.ts +0 -10
package/dist/detect/secrets/weak-crypto.d.ts.map +0 -1
package/dist/detect/secrets/weak-crypto.js +0 -432
package/dist/detect/secrets/weak-crypto.js.map +0 -1
package/dist/detect/structural/auth-patterns.d.ts +0 -22
package/dist/detect/structural/auth-patterns.d.ts.map +0 -1
package/dist/detect/structural/auth-patterns.js +0 -533
package/dist/detect/structural/auth-patterns.js.map +0 -1
package/dist/detect/structural/dangerous-functions/child-process.d.ts +0 -16
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/child-process.js +0 -74
package/dist/detect/structural/dangerous-functions/child-process.js.map +0 -1
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +0 -34
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/dom-xss.js +0 -230
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +0 -1
package/dist/detect/structural/dangerous-functions/index.d.ts +0 -16
package/dist/detect/structural/dangerous-functions/index.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/index.js +0 -1193
package/dist/detect/structural/dangerous-functions/index.js.map +0 -1
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +0 -31
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/json-parse.js +0 -326
package/dist/detect/structural/dangerous-functions/json-parse.js.map +0 -1
package/dist/detect/structural/dangerous-functions/math-random.d.ts +0 -111
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/math-random.js +0 -684
package/dist/detect/structural/dangerous-functions/math-random.js.map +0 -1
package/dist/detect/structural/dangerous-functions/patterns.d.ts +0 -21
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/patterns.js +0 -163
package/dist/detect/structural/dangerous-functions/patterns.js.map +0 -1
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +0 -13
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/request-validation.js +0 -126
package/dist/detect/structural/dangerous-functions/request-validation.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +0 -24
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +0 -70
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +0 -31
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/helpers.js +0 -147
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +0 -9
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/index.js +0 -23
package/dist/detect/structural/dangerous-functions/utils/index.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +0 -22
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +0 -102
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +0 -1
package/dist/detect/structural/data-exposure.d.ts +0 -19
package/dist/detect/structural/data-exposure.d.ts.map +0 -1
package/dist/detect/structural/data-exposure.js +0 -262
package/dist/detect/structural/data-exposure.js.map +0 -1
package/dist/detect/structural/framework-checks.d.ts +0 -10
package/dist/detect/structural/framework-checks.d.ts.map +0 -1
package/dist/detect/structural/framework-checks.js +0 -389
package/dist/detect/structural/framework-checks.js.map +0 -1
package/dist/detect/structural/log-injection.d.ts +0 -18
package/dist/detect/structural/log-injection.d.ts.map +0 -1
package/dist/detect/structural/log-injection.js +0 -217
package/dist/detect/structural/log-injection.js.map +0 -1
package/dist/detect/structural/logic-gates.d.ts +0 -10
package/dist/detect/structural/logic-gates.d.ts.map +0 -1
package/dist/detect/structural/logic-gates.js +0 -227
package/dist/detect/structural/logic-gates.js.map +0 -1
package/dist/detect/structural/risky-imports.d.ts +0 -10
package/dist/detect/structural/risky-imports.d.ts.map +0 -1
package/dist/detect/structural/risky-imports.js +0 -168
package/dist/detect/structural/risky-imports.js.map +0 -1
package/dist/detect/structural/security-headers.d.ts +0 -18
package/dist/detect/structural/security-headers.d.ts.map +0 -1
package/dist/detect/structural/security-headers.js +0 -196
package/dist/detect/structural/security-headers.js.map +0 -1
package/dist/detect/structural/ssrf-detection.d.ts +0 -18
package/dist/detect/structural/ssrf-detection.d.ts.map +0 -1
package/dist/detect/structural/ssrf-detection.js +0 -263
package/dist/detect/structural/ssrf-detection.js.map +0 -1
package/dist/detect/structural/variables.d.ts +0 -11
package/dist/detect/structural/variables.d.ts.map +0 -1
package/dist/detect/structural/variables.js +0 -159
package/dist/detect/structural/variables.js.map +0 -1
package/dist/detect/structural/xxe-detection.d.ts +0 -18
package/dist/detect/structural/xxe-detection.d.ts.map +0 -1
package/dist/detect/structural/xxe-detection.js +0 -245
package/dist/detect/structural/xxe-detection.js.map +0 -1
package/dist/filtering/context-adjustments.d.ts +0 -23
package/dist/filtering/context-adjustments.d.ts.map +0 -1
package/dist/filtering/context-adjustments.js +0 -100
package/dist/filtering/context-adjustments.js.map +0 -1
package/dist/filtering/index.d.ts +0 -3
package/dist/filtering/index.d.ts.map +0 -1
package/dist/filtering/index.js +0 -8
package/dist/filtering/index.js.map +0 -1
package/dist/filtering/pipeline.d.ts +0 -48
package/dist/filtering/pipeline.d.ts.map +0 -1
package/dist/filtering/pipeline.js +0 -76
package/dist/filtering/pipeline.js.map +0 -1
package/dist/formatters/ai-context.d.ts +0 -23
package/dist/formatters/ai-context.d.ts.map +0 -1
package/dist/formatters/ai-context.js +0 -238
package/dist/formatters/ai-context.js.map +0 -1
package/dist/formatters/cli-terminal.d.ts +0 -65
package/dist/formatters/cli-terminal.d.ts.map +0 -1
package/dist/formatters/cli-terminal.js +0 -735
package/dist/formatters/cli-terminal.js.map +0 -1
package/dist/formatters/github-comment.d.ts +0 -41
package/dist/formatters/github-comment.d.ts.map +0 -1
package/dist/formatters/github-comment.js +0 -370
package/dist/formatters/github-comment.js.map +0 -1
package/dist/formatters/grouping.d.ts +0 -52
package/dist/formatters/grouping.d.ts.map +0 -1
package/dist/formatters/grouping.js +0 -152
package/dist/formatters/grouping.js.map +0 -1
package/dist/formatters/ide/claude-code.d.ts +0 -17
package/dist/formatters/ide/claude-code.d.ts.map +0 -1
package/dist/formatters/ide/claude-code.js +0 -94
package/dist/formatters/ide/claude-code.js.map +0 -1
package/dist/formatters/ide/cursor.d.ts +0 -13
package/dist/formatters/ide/cursor.d.ts.map +0 -1
package/dist/formatters/ide/cursor.js +0 -125
package/dist/formatters/ide/cursor.js.map +0 -1
package/dist/formatters/ide/index.d.ts +0 -62
package/dist/formatters/ide/index.d.ts.map +0 -1
package/dist/formatters/ide/index.js +0 -184
package/dist/formatters/ide/index.js.map +0 -1
package/dist/formatters/ide/windsurf.d.ts +0 -13
package/dist/formatters/ide/windsurf.d.ts.map +0 -1
package/dist/formatters/ide/windsurf.js +0 -117
package/dist/formatters/ide/windsurf.js.map +0 -1
package/dist/formatters/index.d.ts +0 -11
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -54
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/vscode-diagnostic.d.ts +0 -103
package/dist/formatters/vscode-diagnostic.d.ts.map +0 -1
package/dist/formatters/vscode-diagnostic.js +0 -151
package/dist/formatters/vscode-diagnostic.js.map +0 -1
package/dist/layer1/comments.d.ts +0 -11
package/dist/layer1/comments.d.ts.map +0 -1
package/dist/layer1/comments.js +0 -203
package/dist/layer1/comments.js.map +0 -1
package/dist/layer1/config-audit.d.ts +0 -11
package/dist/layer1/config-audit.d.ts.map +0 -1
package/dist/layer1/config-audit.js +0 -311
package/dist/layer1/config-audit.js.map +0 -1
package/dist/layer1/config-mcp-audit.d.ts +0 -23
package/dist/layer1/config-mcp-audit.d.ts.map +0 -1
package/dist/layer1/config-mcp-audit.js +0 -239
package/dist/layer1/config-mcp-audit.js.map +0 -1
package/dist/layer1/entropy.d.ts +0 -11
package/dist/layer1/entropy.d.ts.map +0 -1
package/dist/layer1/entropy.js +0 -741
package/dist/layer1/entropy.js.map +0 -1
package/dist/layer1/file-flags.d.ts +0 -10
package/dist/layer1/file-flags.d.ts.map +0 -1
package/dist/layer1/file-flags.js +0 -119
package/dist/layer1/file-flags.js.map +0 -1
package/dist/layer1/index.d.ts +0 -38
package/dist/layer1/index.d.ts.map +0 -1
package/dist/layer1/index.js +0 -170
package/dist/layer1/index.js.map +0 -1
package/dist/layer1/patterns.d.ts +0 -11
package/dist/layer1/patterns.d.ts.map +0 -1
package/dist/layer1/patterns.js +0 -512
package/dist/layer1/patterns.js.map +0 -1
package/dist/layer1/urls.d.ts +0 -11
package/dist/layer1/urls.d.ts.map +0 -1
package/dist/layer1/urls.js +0 -444
package/dist/layer1/urls.js.map +0 -1
package/dist/layer1/weak-crypto.d.ts +0 -10
package/dist/layer1/weak-crypto.d.ts.map +0 -1
package/dist/layer1/weak-crypto.js +0 -428
package/dist/layer1/weak-crypto.js.map +0 -1
package/dist/layer2/ai-agent-tools.d.ts +0 -22
package/dist/layer2/ai-agent-tools.d.ts.map +0 -1
package/dist/layer2/ai-agent-tools.js +0 -1490
package/dist/layer2/ai-agent-tools.js.map +0 -1
package/dist/layer2/ai-endpoint-protection.d.ts +0 -38
package/dist/layer2/ai-endpoint-protection.d.ts.map +0 -1
package/dist/layer2/ai-endpoint-protection.js +0 -346
package/dist/layer2/ai-endpoint-protection.js.map +0 -1
package/dist/layer2/ai-execution-sinks.d.ts +0 -21
package/dist/layer2/ai-execution-sinks.d.ts.map +0 -1
package/dist/layer2/ai-execution-sinks.js +0 -1155
package/dist/layer2/ai-execution-sinks.js.map +0 -1
package/dist/layer2/ai-fingerprinting.d.ts +0 -10
package/dist/layer2/ai-fingerprinting.d.ts.map +0 -1
package/dist/layer2/ai-fingerprinting.js +0 -650
package/dist/layer2/ai-fingerprinting.js.map +0 -1
package/dist/layer2/ai-mcp-security.d.ts +0 -20
package/dist/layer2/ai-mcp-security.d.ts.map +0 -1
package/dist/layer2/ai-mcp-security.js +0 -877
package/dist/layer2/ai-mcp-security.js.map +0 -1
package/dist/layer2/ai-package-hallucination.d.ts +0 -22
package/dist/layer2/ai-package-hallucination.d.ts.map +0 -1
package/dist/layer2/ai-package-hallucination.js +0 -828
package/dist/layer2/ai-package-hallucination.js.map +0 -1
package/dist/layer2/ai-prompt-hygiene.d.ts +0 -22
package/dist/layer2/ai-prompt-hygiene.d.ts.map +0 -1
package/dist/layer2/ai-prompt-hygiene.js +0 -1156
package/dist/layer2/ai-prompt-hygiene.js.map +0 -1
package/dist/layer2/ai-rag-safety.d.ts +0 -24
package/dist/layer2/ai-rag-safety.d.ts.map +0 -1
package/dist/layer2/ai-rag-safety.js +0 -910
package/dist/layer2/ai-rag-safety.js.map +0 -1
package/dist/layer2/ai-schema-validation.d.ts +0 -28
package/dist/layer2/ai-schema-validation.d.ts.map +0 -1
package/dist/layer2/ai-schema-validation.js +0 -375
package/dist/layer2/ai-schema-validation.js.map +0 -1
package/dist/layer2/auth-antipatterns.d.ts +0 -22
package/dist/layer2/auth-antipatterns.d.ts.map +0 -1
package/dist/layer2/auth-antipatterns.js +0 -522
package/dist/layer2/auth-antipatterns.js.map +0 -1
package/dist/layer2/byok-patterns.d.ts +0 -15
package/dist/layer2/byok-patterns.d.ts.map +0 -1
package/dist/layer2/byok-patterns.js +0 -302
package/dist/layer2/byok-patterns.js.map +0 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +0 -16
package/dist/layer2/dangerous-functions/child-process.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/child-process.js +0 -74
package/dist/layer2/dangerous-functions/child-process.js.map +0 -1
package/dist/layer2/dangerous-functions/dom-xss.d.ts +0 -34
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/dom-xss.js +0 -230
package/dist/layer2/dangerous-functions/dom-xss.js.map +0 -1
package/dist/layer2/dangerous-functions/index.d.ts +0 -16
package/dist/layer2/dangerous-functions/index.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/index.js +0 -1152
package/dist/layer2/dangerous-functions/index.js.map +0 -1
package/dist/layer2/dangerous-functions/json-parse.d.ts +0 -31
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/json-parse.js +0 -319
package/dist/layer2/dangerous-functions/json-parse.js.map +0 -1
package/dist/layer2/dangerous-functions/math-random.d.ts +0 -111
package/dist/layer2/dangerous-functions/math-random.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/math-random.js +0 -684
package/dist/layer2/dangerous-functions/math-random.js.map +0 -1
package/dist/layer2/dangerous-functions/patterns.d.ts +0 -21
package/dist/layer2/dangerous-functions/patterns.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/patterns.js +0 -163
package/dist/layer2/dangerous-functions/patterns.js.map +0 -1
package/dist/layer2/dangerous-functions/request-validation.d.ts +0 -13
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/request-validation.js +0 -119
package/dist/layer2/dangerous-functions/request-validation.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +0 -24
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/control-flow.js +0 -70
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +0 -31
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/helpers.js +0 -147
package/dist/layer2/dangerous-functions/utils/helpers.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/index.d.ts +0 -9
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/index.js +0 -23
package/dist/layer2/dangerous-functions/utils/index.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +0 -22
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js +0 -102
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +0 -1
package/dist/layer2/data-exposure.d.ts +0 -19
package/dist/layer2/data-exposure.d.ts.map +0 -1
package/dist/layer2/data-exposure.js +0 -255
package/dist/layer2/data-exposure.js.map +0 -1
package/dist/layer2/framework-checks.d.ts +0 -10
package/dist/layer2/framework-checks.d.ts.map +0 -1
package/dist/layer2/framework-checks.js +0 -384
package/dist/layer2/framework-checks.js.map +0 -1
package/dist/layer2/index.d.ts +0 -74
package/dist/layer2/index.d.ts.map +0 -1
package/dist/layer2/index.js +0 -544
package/dist/layer2/index.js.map +0 -1
package/dist/layer2/log-injection.d.ts +0 -18
package/dist/layer2/log-injection.d.ts.map +0 -1
package/dist/layer2/log-injection.js +0 -214
package/dist/layer2/log-injection.js.map +0 -1
package/dist/layer2/logic-gates.d.ts +0 -10
package/dist/layer2/logic-gates.d.ts.map +0 -1
package/dist/layer2/logic-gates.js +0 -220
package/dist/layer2/logic-gates.js.map +0 -1
package/dist/layer2/model-supply-chain.d.ts +0 -23
package/dist/layer2/model-supply-chain.d.ts.map +0 -1
package/dist/layer2/model-supply-chain.js +0 -444
package/dist/layer2/model-supply-chain.js.map +0 -1
package/dist/layer2/risky-imports.d.ts +0 -10
package/dist/layer2/risky-imports.d.ts.map +0 -1
package/dist/layer2/risky-imports.js +0 -165
package/dist/layer2/risky-imports.js.map +0 -1
package/dist/layer2/security-headers.d.ts +0 -18
package/dist/layer2/security-headers.d.ts.map +0 -1
package/dist/layer2/security-headers.js +0 -187
package/dist/layer2/security-headers.js.map +0 -1
package/dist/layer2/ssrf-detection.d.ts +0 -18
package/dist/layer2/ssrf-detection.d.ts.map +0 -1
package/dist/layer2/ssrf-detection.js +0 -252
package/dist/layer2/ssrf-detection.js.map +0 -1
package/dist/layer2/variables.d.ts +0 -11
package/dist/layer2/variables.d.ts.map +0 -1
package/dist/layer2/variables.js +0 -156
package/dist/layer2/variables.js.map +0 -1
package/dist/layer2/xxe-detection.d.ts +0 -18
package/dist/layer2/xxe-detection.d.ts.map +0 -1
package/dist/layer2/xxe-detection.js +0 -242
package/dist/layer2/xxe-detection.js.map +0 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +0 -24
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +0 -1
package/dist/layer3/anthropic/auto-dismiss.js +0 -199
package/dist/layer3/anthropic/auto-dismiss.js.map +0 -1
package/dist/layer3/anthropic/clients.d.ts +0 -44
package/dist/layer3/anthropic/clients.d.ts.map +0 -1
package/dist/layer3/anthropic/clients.js +0 -81
package/dist/layer3/anthropic/clients.js.map +0 -1
package/dist/layer3/anthropic/index.d.ts +0 -41
package/dist/layer3/anthropic/index.d.ts.map +0 -1
package/dist/layer3/anthropic/index.js +0 -141
package/dist/layer3/anthropic/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/index.d.ts +0 -8
package/dist/layer3/anthropic/prompts/index.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/index.js +0 -16
package/dist/layer3/anthropic/prompts/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +0 -19
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +0 -156
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +0 -9
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/auth-access.js +0 -25
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/common.d.ts +0 -11
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/common.js +0 -152
package/dist/layer3/anthropic/prompts/modules/common.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/index.d.ts +0 -54
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/index.js +0 -185
package/dist/layer3/anthropic/prompts/modules/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +0 -84
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +0 -68
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +0 -22
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +0 -1
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +0 -15
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/semantic-analysis.js +0 -169
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +0 -1
package/dist/layer3/anthropic/prompts/validation.d.ts +0 -18
package/dist/layer3/anthropic/prompts/validation.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/validation.js +0 -25
package/dist/layer3/anthropic/prompts/validation.js.map +0 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts +0 -21
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/anthropic.js +0 -269
package/dist/layer3/anthropic/providers/anthropic.js.map +0 -1
package/dist/layer3/anthropic/providers/index.d.ts +0 -8
package/dist/layer3/anthropic/providers/index.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/index.js +0 -15
package/dist/layer3/anthropic/providers/index.js.map +0 -1
package/dist/layer3/anthropic/providers/openai.d.ts +0 -18
package/dist/layer3/anthropic/providers/openai.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/openai.js +0 -343
package/dist/layer3/anthropic/providers/openai.js.map +0 -1
package/dist/layer3/anthropic/request-builder.d.ts +0 -27
package/dist/layer3/anthropic/request-builder.d.ts.map +0 -1
package/dist/layer3/anthropic/request-builder.js +0 -150
package/dist/layer3/anthropic/request-builder.js.map +0 -1
package/dist/layer3/anthropic/types.d.ts +0 -88
package/dist/layer3/anthropic/types.d.ts.map +0 -1
package/dist/layer3/anthropic/types.js +0 -38
package/dist/layer3/anthropic/types.js.map +0 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +0 -55
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/context-extractor.js +0 -161
package/dist/layer3/anthropic/utils/context-extractor.js.map +0 -1
package/dist/layer3/anthropic/utils/index.d.ts +0 -11
package/dist/layer3/anthropic/utils/index.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/index.js +0 -27
package/dist/layer3/anthropic/utils/index.js.map +0 -1
package/dist/layer3/anthropic/utils/path-helpers.d.ts +0 -21
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/path-helpers.js +0 -69
package/dist/layer3/anthropic/utils/path-helpers.js.map +0 -1
package/dist/layer3/anthropic/utils/response-parser.d.ts +0 -40
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/response-parser.js +0 -285
package/dist/layer3/anthropic/utils/response-parser.js.map +0 -1
package/dist/layer3/anthropic/utils/retry.d.ts +0 -15
package/dist/layer3/anthropic/utils/retry.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/retry.js +0 -62
package/dist/layer3/anthropic/utils/retry.js.map +0 -1
package/dist/layer3/index.d.ts +0 -27
package/dist/layer3/index.d.ts.map +0 -1
package/dist/layer3/index.js +0 -150
package/dist/layer3/index.js.map +0 -1
package/dist/layer3/osv-check.d.ts +0 -75
package/dist/layer3/osv-check.d.ts.map +0 -1
package/dist/layer3/osv-check.js +0 -308
package/dist/layer3/osv-check.js.map +0 -1
package/dist/layer3/package-check.d.ts +0 -63
package/dist/layer3/package-check.d.ts.map +0 -1
package/dist/layer3/package-check.js +0 -508
package/dist/layer3/package-check.js.map +0 -1
package/dist/model/cross-file-taint.d.ts +0 -40
package/dist/model/cross-file-taint.d.ts.map +0 -1
package/dist/model/cross-file-taint.js +0 -290
package/dist/model/cross-file-taint.js.map +0 -1
package/dist/model/function-classifier.d.ts +0 -32
package/dist/model/function-classifier.d.ts.map +0 -1
package/dist/model/function-classifier.js +0 -143
package/dist/model/function-classifier.js.map +0 -1
package/dist/model/sanitiser-detection.d.ts +0 -27
package/dist/model/sanitiser-detection.d.ts.map +0 -1
package/dist/model/sanitiser-detection.js +0 -224
package/dist/model/sanitiser-detection.js.map +0 -1
package/dist/model/sink-matcher.d.ts +0 -17
package/dist/model/sink-matcher.d.ts.map +0 -1
package/dist/model/sink-matcher.js +0 -141
package/dist/model/sink-matcher.js.map +0 -1
package/dist/model/sink-patterns.d.ts +0 -19
package/dist/model/sink-patterns.d.ts.map +0 -1
package/dist/model/sink-patterns.js +0 -88
package/dist/model/sink-patterns.js.map +0 -1
package/dist/model/source-discovery.d.ts +0 -15
package/dist/model/source-discovery.d.ts.map +0 -1
package/dist/model/source-discovery.js +0 -170
package/dist/model/source-discovery.js.map +0 -1
package/dist/model/taint-tracker.d.ts +0 -21
package/dist/model/taint-tracker.d.ts.map +0 -1
package/dist/model/taint-tracker.js +0 -281
package/dist/model/taint-tracker.js.map +0 -1
package/dist/modes/incremental.d.ts +0 -66
package/dist/modes/incremental.d.ts.map +0 -1
package/dist/modes/incremental.js +0 -200
package/dist/modes/incremental.js.map +0 -1
package/dist/rules/framework-fixes.d.ts +0 -48
package/dist/rules/framework-fixes.d.ts.map +0 -1
package/dist/rules/framework-fixes.js +0 -439
package/dist/rules/framework-fixes.js.map +0 -1
package/dist/rules/index.d.ts +0 -8
package/dist/rules/index.d.ts.map +0 -1
package/dist/rules/index.js +0 -18
package/dist/rules/index.js.map +0 -1
package/dist/rules/metadata.d.ts +0 -43
package/dist/rules/metadata.d.ts.map +0 -1
package/dist/rules/metadata.js +0 -800
package/dist/rules/metadata.js.map +0 -1
package/dist/score/auto-dismiss.d.ts +0 -28
package/dist/score/auto-dismiss.d.ts.map +0 -1
package/dist/score/auto-dismiss.js +0 -200
package/dist/score/auto-dismiss.js.map +0 -1
package/dist/suppression/config-loader.d.ts +0 -74
package/dist/suppression/config-loader.d.ts.map +0 -1
package/dist/suppression/config-loader.js +0 -424
package/dist/suppression/config-loader.js.map +0 -1
package/dist/suppression/hash.d.ts +0 -48
package/dist/suppression/hash.d.ts.map +0 -1
package/dist/suppression/hash.js +0 -88
package/dist/suppression/hash.js.map +0 -1
package/dist/suppression/index.d.ts +0 -11
package/dist/suppression/index.d.ts.map +0 -1
package/dist/suppression/index.js +0 -39
package/dist/suppression/index.js.map +0 -1
package/dist/suppression/inline-parser.d.ts +0 -39
package/dist/suppression/inline-parser.d.ts.map +0 -1
package/dist/suppression/inline-parser.js +0 -218
package/dist/suppression/inline-parser.js.map +0 -1
package/dist/suppression/manager.d.ts +0 -94
package/dist/suppression/manager.d.ts.map +0 -1
package/dist/suppression/manager.js +0 -292
package/dist/suppression/manager.js.map +0 -1
package/dist/suppression/types.d.ts +0 -151
package/dist/suppression/types.d.ts.map +0 -1
package/dist/suppression/types.js +0 -28
package/dist/suppression/types.js.map +0 -1
package/dist/types.d.ts +0 -331
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -124
package/dist/types.js.map +0 -1
package/dist/utils/auth-helper-detector.d.ts +0 -56
package/dist/utils/auth-helper-detector.d.ts.map +0 -1
package/dist/utils/auth-helper-detector.js +0 -360
package/dist/utils/auth-helper-detector.js.map +0 -1
package/dist/utils/code-analysis.d.ts +0 -39
package/dist/utils/code-analysis.d.ts.map +0 -1
package/dist/utils/code-analysis.js +0 -159
package/dist/utils/code-analysis.js.map +0 -1
package/dist/utils/comment-analyzer.d.ts +0 -38
package/dist/utils/comment-analyzer.d.ts.map +0 -1
package/dist/utils/comment-analyzer.js +0 -218
package/dist/utils/comment-analyzer.js.map +0 -1
package/dist/utils/context-helpers.d.ts +0 -219
package/dist/utils/context-helpers.d.ts.map +0 -1
package/dist/utils/context-helpers.js +0 -886
package/dist/utils/context-helpers.js.map +0 -1
package/dist/utils/diff-detector.d.ts +0 -53
package/dist/utils/diff-detector.d.ts.map +0 -1
package/dist/utils/diff-detector.js +0 -104
package/dist/utils/diff-detector.js.map +0 -1
package/dist/utils/diff-parser.d.ts +0 -80
package/dist/utils/diff-parser.d.ts.map +0 -1
package/dist/utils/diff-parser.js +0 -202
package/dist/utils/diff-parser.js.map +0 -1
package/dist/utils/environment-context.d.ts +0 -76
package/dist/utils/environment-context.d.ts.map +0 -1
package/dist/utils/environment-context.js +0 -271
package/dist/utils/environment-context.js.map +0 -1
package/dist/utils/imported-auth-detector.d.ts +0 -37
package/dist/utils/imported-auth-detector.d.ts.map +0 -1
package/dist/utils/imported-auth-detector.js +0 -251
package/dist/utils/imported-auth-detector.js.map +0 -1
package/dist/utils/intent-detector.d.ts +0 -66
package/dist/utils/intent-detector.d.ts.map +0 -1
package/dist/utils/intent-detector.js +0 -282
package/dist/utils/intent-detector.js.map +0 -1
package/dist/utils/middleware-detector.d.ts +0 -55
package/dist/utils/middleware-detector.d.ts.map +0 -1
package/dist/utils/middleware-detector.js +0 -260
package/dist/utils/middleware-detector.js.map +0 -1
package/dist/utils/oauth-flow-detector.d.ts +0 -41
package/dist/utils/oauth-flow-detector.d.ts.map +0 -1
package/dist/utils/oauth-flow-detector.js +0 -202
package/dist/utils/oauth-flow-detector.js.map +0 -1
package/dist/utils/parsed-file.d.ts +0 -51
package/dist/utils/parsed-file.d.ts.map +0 -1
package/dist/utils/parsed-file.js +0 -95
package/dist/utils/parsed-file.js.map +0 -1
package/dist/utils/path-exclusions.d.ts +0 -55
package/dist/utils/path-exclusions.d.ts.map +0 -1
package/dist/utils/path-exclusions.js +0 -224
package/dist/utils/path-exclusions.js.map +0 -1
package/dist/utils/project-context-builder.d.ts +0 -119
package/dist/utils/project-context-builder.d.ts.map +0 -1
package/dist/utils/project-context-builder.js +0 -534
package/dist/utils/project-context-builder.js.map +0 -1
package/dist/utils/registry-clients.d.ts +0 -93
package/dist/utils/registry-clients.d.ts.map +0 -1
package/dist/utils/registry-clients.js +0 -273
package/dist/utils/registry-clients.js.map +0 -1
package/dist/utils/route-hierarchy.d.ts +0 -50
package/dist/utils/route-hierarchy.d.ts.map +0 -1
package/dist/utils/route-hierarchy.js +0 -226
package/dist/utils/route-hierarchy.js.map +0 -1
package/dist/utils/schema-semantics.d.ts +0 -45
package/dist/utils/schema-semantics.d.ts.map +0 -1
package/dist/utils/schema-semantics.js +0 -193
package/dist/utils/schema-semantics.js.map +0 -1
package/dist/utils/trpc-analyzer.d.ts +0 -78
package/dist/utils/trpc-analyzer.d.ts.map +0 -1
package/dist/utils/trpc-analyzer.js +0 -297
package/dist/utils/trpc-analyzer.js.map +0 -1
package/src/__tests__/context-engine/cross-file-taint.test.ts +0 -284
package/src/__tests__/context-engine/function-classifier.test.ts +0 -146
package/src/__tests__/context-engine/integration.test.ts +0 -320
package/src/__tests__/context-engine/sanitiser-detection.test.ts +0 -187
package/src/__tests__/context-engine/sink-matcher.test.ts +0 -251
package/src/__tests__/context-engine/source-discovery.test.ts +0 -186
package/src/__tests__/context-engine/taint-tracker.test.ts +0 -182
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +0 -750
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +0 -555
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +0 -321
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +0 -439
package/src/detect/ai-code/agent-tools.ts +0 -1662
package/src/detect/ai-code/byok-patterns.ts +0 -354
package/src/detect/ai-code/endpoint-protection.ts +0 -406
package/src/detect/ai-code/execution-sinks.ts +0 -1310
package/src/detect/ai-code/fingerprinting.ts +0 -774
package/src/detect/ai-code/mcp-security.ts +0 -937
package/src/detect/ai-code/model-supply-chain.ts +0 -535
package/src/detect/ai-code/package-hallucination.ts +0 -955
package/src/detect/ai-code/prompt-hygiene.ts +0 -1314
package/src/detect/ai-code/rag-safety.ts +0 -977
package/src/detect/ai-code/schema-validation.ts +0 -427
package/src/detect/secrets/patterns.ts +0 -561
package/src/detect/secrets/weak-crypto.ts +0 -485
package/src/detect/structural/__tests__/math-random-enhanced.test.ts +0 -405
package/src/detect/structural/auth-patterns.ts +0 -621
package/src/detect/structural/dangerous-functions/child-process.ts +0 -98
package/src/detect/structural/dangerous-functions/dom-xss.ts +0 -292
package/src/detect/structural/dangerous-functions/index.ts +0 -1556
package/src/detect/structural/dangerous-functions/json-parse.ts +0 -393
package/src/detect/structural/dangerous-functions/math-random.ts +0 -789
package/src/detect/structural/dangerous-functions/patterns.ts +0 -176
package/src/detect/structural/dangerous-functions/request-validation.ts +0 -153
package/src/detect/structural/dangerous-functions/utils/control-flow.ts +0 -35
package/src/detect/structural/dangerous-functions/utils/helpers.ts +0 -170
package/src/detect/structural/dangerous-functions/utils/index.ts +0 -25
package/src/detect/structural/dangerous-functions/utils/schema-validation.ts +0 -106
package/src/detect/structural/data-exposure.ts +0 -302
package/src/detect/structural/framework-checks.ts +0 -439
package/src/detect/structural/log-injection.ts +0 -254
package/src/detect/structural/logic-gates.ts +0 -256
package/src/detect/structural/risky-imports.ts +0 -197
package/src/detect/structural/security-headers.ts +0 -231
package/src/detect/structural/ssrf-detection.ts +0 -300
package/src/detect/structural/variables.ts +0 -177
package/src/detect/structural/xxe-detection.ts +0 -295
package/src/model/cross-file-taint.ts +0 -374
package/src/model/function-classifier.ts +0 -184
package/src/model/sanitiser-detection.ts +0 -268
package/src/model/sink-matcher.ts +0 -178
package/src/model/sink-patterns.ts +0 -109
package/src/model/source-discovery.ts +0 -209
package/src/model/taint-tracker.ts +0 -333
package/src/score/auto-dismiss.ts +0 -224

package/src/detect/config/package-check.ts CHANGED Viewed

@@ -17,6 +17,7 @@ import {
   fetchPyPIMetadata,
   extractNpmDependencies,
   extractPythonRequirements,
+  extractPyprojectDependencies,
   calculatePackageAgeDays,
   rateLimitDelay,
   getPackageFileType,
@@ -525,7 +526,11 @@ export async function checkPackages(
   if (fileType === 'npm' && filePath.endsWith('package.json')) {
     dependencies = extractNpmDependencies(content)
   } else if (fileType === 'python') {
-    dependencies = extractPythonRequirements(content)
+    if (filePath.endsWith('pyproject.toml')) {
+      dependencies = extractPyprojectDependencies(content)
+    } else {
+      dependencies = extractPythonRequirements(content)
+    }
   }
   if (dependencies.length === 0) {

package/src/detect/config/rules-file-backdoor.ts ADDED Viewed

@@ -0,0 +1,438 @@
+/**
+ * Layer 1: Rules File Backdoor Detection
+ *
+ * Detects the "Rules File Backdoor" attack (Pillar Security, March 2025)
+ * targeting AI coding assistant config files (.cursorrules, CLAUDE.md,
+ * .github/copilot-instructions.md, etc.) via:
+ *
+ * A) Invisible Unicode characters (zero-width, bidi overrides, tag blocks)
+ * B) Stealth behavior manipulation instructions
+ * C) File inventory (info-level) for security surface awareness
+ *
+ * @see https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor
+ */
+import type { Vulnerability, VulnerabilitySeverity } from '../../shared/types'
+import type { ParsedFile } from '../../shared/parsed-file'
+import {
+  isAIRulesFile,
+  isTestOrMockFile,
+  isScannerOrFixtureFile,
+} from '../../parse/file-classifier'
+// ============================================================================
+// Unicode Character Classes
+// ============================================================================
+/** Zero-width characters — U+200B through U+200F, U+2060, U+2063, U+FEFF */
+const ZERO_WIDTH_RE = /[\u200B-\u200F\u2060\u2063\uFEFF]/g
+/** Bidirectional override characters — U+202A-U+202E, U+2066-U+2069, U+061C */
+const BIDI_RE = /[\u202A-\u202E\u2066-\u2069\u061C]/g
+/** Other invisible characters — U+00AD (soft hyphen), U+180E, U+034F */
+const OTHER_INVISIBLE_RE = /[\u00AD\u180E\u034F]/g
+/**
+ * Unicode Tag Block characters — U+E0001 through U+E007F
+ * These encode full ASCII and can hide entire payloads invisibly.
+ * Note: These are astral plane characters and require surrogate pair matching in JS.
+ */
+const TAG_BLOCK_RE = /[\uDB40][\uDC01-\uDC7F]/g
+// Alternative using code point regex for environments supporting it:
+const TAG_BLOCK_CODEPOINT_RE = /[\u{E0001}-\u{E007F}]/gu
+// ============================================================================
+// Payload Decoders (exported for unit testing)
+// ============================================================================
+/**
+ * Decode zero-width binary encoding: U+200B=0, U+200C=1, 8-bit groups → ASCII
+ */
+export function decodeZeroWidthBinary(content: string): string {
+  // Extract only U+200B and U+200C characters
+  const bits = content.replace(/[^\u200B\u200C]/g, '')
+  if (bits.length < 8) return ''
+  const chars: string[] = []
+  for (let i = 0; i + 7 < bits.length; i += 8) {
+    let byte = 0
+    for (let b = 0; b < 8; b++) {
+      if (bits[i + b] === '\u200C') {
+        byte |= 1 << (7 - b)
+      }
+    }
+    if (byte >= 32 && byte <= 126) {
+      chars.push(String.fromCharCode(byte))
+    }
+  }
+  return chars.join('')
+}
+/**
+ * Decode Unicode Tag Block encoding: U+E00XX → ASCII character XX
+ */
+export function decodeTagBlock(content: string): string {
+  const chars: string[] = []
+  for (const ch of content) {
+    const cp = ch.codePointAt(0)
+    if (cp !== undefined && cp >= 0xE0001 && cp <= 0xE007F) {
+      const ascii = cp - 0xE0000
+      if (ascii >= 32 && ascii <= 126) {
+        chars.push(String.fromCharCode(ascii))
+      }
+    }
+  }
+  return chars.join('')
+}
+// ============================================================================
+// Stealth Instruction Patterns
+// ============================================================================
+interface StealthPattern {
+  pattern: RegExp
+  title: string
+  description: string
+  severity: VulnerabilitySeverity
+  group: 'security_weakening' | 'self_concealment' | 'forced_inclusion' | 'credential_insertion' | 'auth_bypass'
+}
+const STEALTH_PATTERNS: StealthPattern[] = [
+  // Security weakening
+  {
+    pattern: /\b(?:never|don['']?t|do\s+not|always\s+skip)\s+(?:sanitize|validate|escape|filter)\b/i,
+    title: 'Stealth instruction: security weakening',
+    description: 'AI rules file instructs the assistant to skip input sanitization or validation.',
+    severity: 'high',
+    group: 'security_weakening',
+  },
+  {
+    pattern: /\b(?:disable|turn\s+off|remove|skip)\s+(?:CORS|CSP|CSRF|HSTS|XSS\s+protect|security\s+head)/i,
+    title: 'Stealth instruction: disable security controls',
+    description: 'AI rules file instructs the assistant to disable security controls (CORS, CSP, CSRF, etc.).',
+    severity: 'high',
+    group: 'security_weakening',
+  },
+  {
+    pattern: /\balways\s+use\s+eval\b/i,
+    title: 'Stealth instruction: force eval usage',
+    description: 'AI rules file instructs the assistant to always use eval(), enabling code injection.',
+    severity: 'high',
+    group: 'security_weakening',
+  },
+  // Self-concealment
+  {
+    pattern: /\b(?:do\s+not|don['']?t|never)\s+(?:mention|reveal|disclose|show|display)\s+(?:these|this|the)\s+(?:instruction|rule|directive|config)/i,
+    title: 'Stealth instruction: self-concealment',
+    description: 'AI rules file contains instructions to hide its own directives from the user.',
+    severity: 'critical',
+    group: 'self_concealment',
+  },
+  {
+    pattern: /\bkeep\s+(?:this|these)\s+(?:secret|hidden|private|confidential)\b/i,
+    title: 'Stealth instruction: secrecy directive',
+    description: 'AI rules file instructs the assistant to keep instructions secret from the user.',
+    severity: 'critical',
+    group: 'self_concealment',
+  },
+  // Forced inclusion
+  {
+    pattern: /\b(?:always|must)\s+(?:include|install|add|use)\s+(?:the\s+)?(?:package|dependency|module|library)\s+/i,
+    title: 'Stealth instruction: forced package inclusion',
+    description: 'AI rules file forces the assistant to always include specific packages, potentially introducing supply chain risks.',
+    severity: 'high',
+    group: 'forced_inclusion',
+  },
+  // Credential insertion
+  {
+    pattern: /\b(?:use|set|always\s+use)\s+(?:this|the\s+following)\s+(?:API\s+key|token|secret|password|credential)\b/i,
+    title: 'Stealth instruction: credential insertion',
+    description: 'AI rules file attempts to inject specific credentials into generated code.',
+    severity: 'critical',
+    group: 'credential_insertion',
+  },
+  // Auth bypass
+  {
+    pattern: /\b(?:never|don['']?t|do\s+not|always\s+skip)\s+(?:check|verify|require)\s+(?:auth\w*|token|permission|credential|session|user)/i,
+    title: 'Stealth instruction: authentication bypass',
+    description: 'AI rules file instructs the assistant to skip authentication or authorization checks.',
+    severity: 'high',
+    group: 'auth_bypass',
+  },
+]
+// Educational context detection (reused from agent-skill-injection.ts pattern)
+const EDUCATIONAL_PATTERNS = [
+  /example\s+of/i,
+  /vulnerability/i,
+  /never\s+do\s+this/i,
+  /malicious\s+example/i,
+  /don['']t\s+do/i,
+  /avoid\s+this/i,
+  /anti[- ]?pattern/i,
+  /insecure\s+example/i,
+]
+function isEducationalContext(line: string): boolean {
+  return EDUCATIONAL_PATTERNS.some(p => p.test(line))
+}
+// ============================================================================
+// Sub-detector A: Invisible Unicode Scanner
+// ============================================================================
+function detectInvisibleUnicode(content: string, filePath: string): Vulnerability[] {
+  const findings: Vulnerability[] = []
+  const lines = content.split('\n')
+  // Track character classes found
+  let zeroWidthCount = 0
+  let bidiCount = 0
+  let tagBlockCount = 0
+  let otherInvisibleCount = 0
+  const zeroWidthLines: number[] = []
+  const bidiLines: number[] = []
+  const tagBlockLines: number[] = []
+  const otherLines: number[] = []
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]
+    const lineNum = i + 1
+    // Zero-width characters
+    const zwMatches = line.match(ZERO_WIDTH_RE)
+    if (zwMatches) {
+      // Skip BOM at start of file (byte 0)
+      if (lineNum === 1) {
+        const nonBomMatches = zwMatches.filter((ch, idx) => {
+          // Only skip FEFF if it's at the very start of the line (byte 0)
+          if (ch === '\uFEFF' && line.indexOf(ch) === 0 && idx === 0) return false
+          return true
+        })
+        if (nonBomMatches.length > 0) {
+          zeroWidthCount += nonBomMatches.length
+          zeroWidthLines.push(lineNum)
+        }
+      } else {
+        zeroWidthCount += zwMatches.length
+        zeroWidthLines.push(lineNum)
+      }
+    }
+    // Bidi override characters
+    const bidiMatches = line.match(BIDI_RE)
+    if (bidiMatches) {
+      bidiCount += bidiMatches.length
+      bidiLines.push(lineNum)
+    }
+    // Tag block characters
+    const tagMatches = line.match(TAG_BLOCK_CODEPOINT_RE)
+    if (tagMatches) {
+      tagBlockCount += tagMatches.length
+      tagBlockLines.push(lineNum)
+    }
+    // Other invisible characters
+    const otherMatches = line.match(OTHER_INVISIBLE_RE)
+    if (otherMatches) {
+      otherInvisibleCount += otherMatches.length
+      otherLines.push(lineNum)
+    }
+  }
+  // Emit findings per character class
+  // Tag Block — always critical (full ASCII encoding capability)
+  if (tagBlockCount > 0) {
+    const decoded = decodeTagBlock(content)
+    const decodedSnippet = decoded.length > 200 ? decoded.slice(0, 200) + '...' : decoded
+    const line = tagBlockLines[0]
+    findings.push({
+      id: `rfb-tag-${filePath}:${line}`,
+      filePath,
+      lineNumber: line,
+      lineContent: lines[line - 1]?.slice(0, 200) || '',
+      severity: 'critical',
+      category: 'ai_rules_file_backdoor',
+      title: 'Unicode Tag Block characters detected in AI rules file',
+      description: `Found ${tagBlockCount} Unicode Tag Block characters (U+E0001-E007F) that encode hidden ASCII text invisible to human reviewers.${decoded ? ` Decoded payload: "${decodedSnippet}"` : ''}`,
+      confidence: 'high',
+      layer: 1,
+      source: 'config',
+      requiresAIValidation: false,
+    })
+  }
+  // Bidi overrides — always high
+  if (bidiCount > 0) {
+    const line = bidiLines[0]
+    findings.push({
+      id: `rfb-bidi-${filePath}:${line}`,
+      filePath,
+      lineNumber: line,
+      lineContent: lines[line - 1]?.slice(0, 200) || '',
+      severity: 'high',
+      category: 'ai_rules_file_backdoor',
+      title: 'Bidirectional override characters in AI rules file',
+      description: `Found ${bidiCount} bidirectional text override characters (U+202A-202E, U+2066-2069) that can visually reorder text to hide malicious instructions from human reviewers.`,
+      confidence: 'high',
+      layer: 1,
+      source: 'config',
+      requiresAIValidation: false,
+    })
+  }
+  // Zero-width characters — severity by concentration
+  if (zeroWidthCount > 0) {
+    let severity: VulnerabilitySeverity
+    if (zeroWidthCount >= 16) {
+      severity = 'critical'
+    } else if (zeroWidthCount >= 8) {
+      severity = 'high'
+    } else {
+      severity = 'medium'
+    }
+    const decoded = decodeZeroWidthBinary(content)
+    const decodedSnippet = decoded.length > 200 ? decoded.slice(0, 200) + '...' : decoded
+    const line = zeroWidthLines[0]
+    findings.push({
+      id: `rfb-zw-${filePath}:${line}`,
+      filePath,
+      lineNumber: line,
+      lineContent: lines[line - 1]?.slice(0, 200) || '',
+      severity,
+      category: 'ai_rules_file_backdoor',
+      title: 'Zero-width Unicode characters in AI rules file',
+      description: `Found ${zeroWidthCount} zero-width characters (U+200B-200F, U+2060, U+FEFF) that are invisible to human reviewers but interpreted by AI models.${decoded ? ` Decoded payload: "${decodedSnippet}"` : ''}`,
+      confidence: 'high',
+      layer: 1,
+      source: 'config',
+      requiresAIValidation: false,
+    })
+  }
+  // Other invisible — medium
+  if (otherInvisibleCount > 0) {
+    const line = otherLines[0]
+    findings.push({
+      id: `rfb-inv-${filePath}:${line}`,
+      filePath,
+      lineNumber: line,
+      lineContent: lines[line - 1]?.slice(0, 200) || '',
+      severity: 'medium',
+      category: 'ai_rules_file_backdoor',
+      title: 'Invisible Unicode characters in AI rules file',
+      description: `Found ${otherInvisibleCount} invisible characters (soft hyphen U+00AD, U+180E, U+034F) that may hide content from human reviewers.`,
+      confidence: 'medium',
+      layer: 1,
+      source: 'config',
+      requiresAIValidation: false,
+    })
+  }
+  return findings
+}
+// ============================================================================
+// Sub-detector B: Stealth Instruction Scanner
+// ============================================================================
+function detectStealthInstructions(content: string, filePath: string): Vulnerability[] {
+  const findings: Vulnerability[] = []
+  const lines = content.split('\n')
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]
+    const lineNum = i + 1
+    // Skip educational context
+    if (isEducationalContext(line)) continue
+    for (const def of STEALTH_PATTERNS) {
+      if (def.pattern.test(line)) {
+        findings.push({
+          id: `rfb-stealth-${def.group}-${filePath}:${lineNum}`,
+          filePath,
+          lineNumber: lineNum,
+          lineContent: line.trim().slice(0, 200),
+          severity: def.severity,
+          category: 'ai_rules_file_backdoor',
+          title: def.title,
+          description: def.description,
+          confidence: 'high',
+          layer: 1,
+          source: 'config',
+          requiresAIValidation: false,
+        })
+        break // One finding per line max (avoid duplicates from overlapping patterns)
+      }
+    }
+  }
+  return findings
+}
+// ============================================================================
+// Sub-detector C: File Inventory
+// ============================================================================
+function createInventoryFinding(filePath: string): Vulnerability {
+  return {
+    id: `rfb-inventory-${filePath}`,
+    filePath,
+    lineNumber: 0,
+    lineContent: '',
+    severity: 'info',
+    category: 'ai_rules_file_backdoor',
+    title: 'AI rules file detected',
+    description: `AI coding assistant configuration file detected. These files define AI assistant behavior and are potential targets for the "Rules File Backdoor" attack.`,
+    confidence: 'high',
+    layer: 1,
+    source: 'config',
+    requiresAIValidation: false,
+  }
+}
+// ============================================================================
+// Main Entry Point
+// ============================================================================
+export interface RulesFileBackdoorOptions {
+  parsed?: ParsedFile
+}
+/**
+ * Detect Rules File Backdoor attacks in AI config files.
+ *
+ * Scans for:
+ * - Invisible Unicode characters (zero-width, bidi, tag blocks)
+ * - Stealth behavior manipulation instructions
+ * - File inventory (info-level awareness)
+ */
+export function detectRulesFileBackdoor(
+  content: string,
+  filePath: string,
+  options?: RulesFileBackdoorOptions,
+): Vulnerability[] {
+  // Gate: only scan AI rules files
+  if (!isAIRulesFile(filePath)) return []
+  // Skip test/fixture files
+  if (isTestOrMockFile(filePath) || isScannerOrFixtureFile(filePath)) return []
+  const findings: Vulnerability[] = []
+  // Sub-detector A: Invisible Unicode
+  findings.push(...detectInvisibleUnicode(content, filePath))
+  // Sub-detector B: Stealth Instructions
+  findings.push(...detectStealthInstructions(content, filePath))
+  // Sub-detector C: File Inventory (always emit info for every AI rules file)
+  findings.push(createInventoryFinding(filePath))
+  return findings
+}