@oculum/scanner 1.0.14 → 1.0.15

package/dist/category-filter.js

@@ -1,360 +0,0 @@
-"use strict";
-/**
- * Category-Based Filtering
- *
- * Enables CI to fail only on specific vulnerability categories,
- * allowing gradual rollout (e.g., "only block prompt injection")
- * and fine-grained control over which findings are blocking.
- *
- * @example
- * // Fail only on AI-related and secret categories
- * --fail-on-categories ai-*,secrets-*
- *
- * @example
- * // Combined with severity
- * --fail-on high --fail-on-categories ai-*
- * // Only fail on high+ AI findings
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ALL_CATEGORIES = exports.CATEGORY_GROUPS = void 0;
-exports.normalizeCategory = normalizeCategory;
-exports.expandCategoryPattern = expandCategoryPattern;
-exports.matchesAnyCategory = matchesAnyCategory;
-exports.shouldFailOnCategories = shouldFailOnCategories;
-exports.getMatchingCategories = getMatchingCategories;
-exports.parseCategoryList = parseCategoryList;
-exports.validateCategories = validateCategories;
-exports.getAvailableCategoryGroups = getAvailableCategoryGroups;
-exports.getCategoryGroupCounts = getCategoryGroupCounts;
-const parsed_file_1 = require("./utils/parsed-file");
-/**
- * Category group definitions for wildcard expansion
- *
- * These groups allow users to specify broad categories like "ai-*"
- * which expand to all AI-related vulnerability categories.
- */
-exports.CATEGORY_GROUPS = {
-    'ai-*': [
-        'ai_pattern',
-        'ai_prompt_injection',
-        'ai_unsafe_execution',
-        'ai_overpermissive_tool',
-        'ai_rag_exfiltration',
-        'ai_endpoint_unprotected',
-        'ai_schema_mismatch',
-        'ai_package_hallucination',
-        'ai_rag_corpus_poisoning',
-        'ai_rag_pii_leakage',
-        'ai_mcp_tool_poisoning',
-        'ai_mcp_credential_issue',
-        'ai_mcp_confused_deputy',
-        'ai_mcp_description_injection',
-        'ai_mcp_server_shadowing',
-        'ai_mcp_config_secrets',
-        'ai_mcp_config_permissions',
-        'ai_rag_query_injection',
-        'ai_rag_embedding_poisoning',
-        'ai_rag_chunk_injection',
-        'ai_package_typosquat',
-        'ai_package_malicious',
-        'ai_unsafe_model_load',
-        'ai_unverified_model',
-        'ai_unsafe_finetuning',
-        'ai_excessive_agency',
-    ],
-    'secrets-*': [
-        'hardcoded_secret',
-        'high_entropy_string',
-        'sensitive_variable',
-    ],
-    'owasp-*': [
-        'sql_injection',
-        'xss',
-        'command_injection',
-        'missing_auth',
-        'security_bypass',
-        'insecure_config',
-        'cors_misconfiguration',
-        'data_exposure',
-        'weak_crypto',
-    ],
-};
-/**
- * All known valid category names for validation
- */
-exports.ALL_CATEGORIES = [
-    'hardcoded_secret',
-    'high_entropy_string',
-    'sensitive_variable',
-    'security_bypass',
-    'dangerous_function',
-    'sql_injection',
-    'xss',
-    'command_injection',
-    'insecure_config',
-    'missing_auth',
-    'suspicious_package',
-    'cors_misconfiguration',
-    'root_container',
-    'dangerous_file',
-    'ai_pattern',
-    'sensitive_url',
-    'weak_crypto',
-    'data_exposure',
-    'ai_prompt_injection',
-    'ai_unsafe_execution',
-    'ai_overpermissive_tool',
-    'ai_rag_exfiltration',
-    'ai_endpoint_unprotected',
-    'ai_schema_mismatch',
-    'ai_package_hallucination',
-    'ai_rag_corpus_poisoning',
-    'ai_rag_pii_leakage',
-    'ai_mcp_tool_poisoning',
-    'ai_mcp_credential_issue',
-    'ai_mcp_confused_deputy',
-    'ai_mcp_description_injection',
-    'ai_mcp_server_shadowing',
-    'ai_mcp_config_secrets',
-    'ai_mcp_config_permissions',
-    'ai_rag_query_injection',
-    'ai_rag_embedding_poisoning',
-    'ai_rag_chunk_injection',
-    'ai_package_typosquat',
-    'ai_package_malicious',
-    'ai_unsafe_model_load',
-    'ai_unverified_model',
-    'ai_unsafe_finetuning',
-    'ai_excessive_agency',
-];
-/**
- * Normalize category name for comparison
- * - Converts to lowercase
- * - Converts hyphens to underscores
- * - Trims whitespace
- *
- * @example
- * normalizeCategory('SQL-Injection') // 'sql_injection'
- * normalizeCategory('high_entropy_string') // 'high_entropy_string'
- */
-function normalizeCategory(category) {
-    return category
-        .toLowerCase()
-        .trim()
-        .replace(/-/g, '_');
-}
-/**
- * Check if a string is a valid wildcard pattern
- * Valid wildcards end with '-*' or '_*'
- */
-function isWildcardPattern(pattern) {
-    return pattern.endsWith('-*') || pattern.endsWith('_*');
-}
-/**
- * Expand a wildcard pattern or single category to a list of categories
- *
- * @param pattern - Category name or wildcard (e.g., 'sql_injection', 'ai-*')
- * @returns Array of matching categories
- *
- * @example
- * expandCategoryPattern('ai-*') // Returns all ai_* categories
- * expandCategoryPattern('sql_injection') // Returns ['sql_injection']
- * expandCategoryPattern('unknown-*') // Returns []
- */
-function expandCategoryPattern(pattern) {
-    const normalized = normalizeCategory(pattern);
-    // Check for wildcard patterns
-    if (isWildcardPattern(normalized)) {
-        // Normalize the wildcard pattern (both ai-* and ai_* should work)
-        const normalizedWildcard = normalized.replace('_*', '-*');
-        // Look up in category groups
-        const expanded = exports.CATEGORY_GROUPS[normalizedWildcard];
-        if (expanded) {
-            return [...expanded];
-        }
-        // Unknown wildcard - return empty
-        return [];
-    }
-    // Single category - validate and return
-    // Handle both hyphenated and underscored versions
-    const normalizedCategory = normalized;
-    if (exports.ALL_CATEGORIES.includes(normalizedCategory)) {
-        return [normalizedCategory];
-    }
-    // Try hyphenated version converted to underscore
-    const underscored = normalized.replace(/-/g, '_');
-    if (exports.ALL_CATEGORIES.includes(underscored)) {
-        return [underscored];
-    }
-    return [];
-}
-/**
- * Check if a category matches any pattern in the filter list
- *
- * @param category - The vulnerability category to check
- * @param patterns - Array of category patterns (names or wildcards)
- * @returns true if the category matches any pattern
- *
- * @example
- * matchesAnyCategory('ai_prompt_injection', ['ai-*']) // true
- * matchesAnyCategory('sql_injection', ['ai-*']) // false
- * matchesAnyCategory('sql_injection', ['sql_injection', 'xss']) // true
- */
-function matchesAnyCategory(category, patterns) {
-    if (!patterns || patterns.length === 0) {
-        return false;
-    }
-    const normalizedCategory = normalizeCategory(category);
-    for (const pattern of patterns) {
-        const expanded = expandCategoryPattern(pattern);
-        // Check if category is in the expanded list
-        if (expanded.some(c => normalizeCategory(c) === normalizedCategory)) {
-            return true;
-        }
-    }
-    return false;
-}
-// severityRank imported from utils/parsed-file
-/**
- * Check if vulnerabilities should cause failure based on category filter
- *
- * When both category patterns and severity threshold are provided,
- * BOTH conditions must match for a finding to cause failure.
- *
- * @param vulnerabilities - List of vulnerabilities to check
- * @param categoryPatterns - Category patterns to filter on
- * @param severityThreshold - Optional severity threshold (both must match)
- * @returns true if any vulnerability matches and should cause failure
- *
- * @example
- * // Only fail on AI findings
- * shouldFailOnCategories(vulns, ['ai-*'])
- *
- * @example
- * // Only fail on HIGH+ AI findings
- * shouldFailOnCategories(vulns, ['ai-*'], 'high')
- */
-function shouldFailOnCategories(vulnerabilities, categoryPatterns, severityThreshold) {
-    if (!vulnerabilities || vulnerabilities.length === 0) {
-        return false;
-    }
-    if (!categoryPatterns || categoryPatterns.length === 0) {
-        return false;
-    }
-    const thresholdRank = severityThreshold ? (0, parsed_file_1.severityRank)(severityThreshold) : 0;
-    for (const vuln of vulnerabilities) {
-        // Check if category matches any pattern
-        if (!matchesAnyCategory(vuln.category, categoryPatterns)) {
-            continue;
-        }
-        // If no severity threshold specified, any matching category triggers failure
-        if (!severityThreshold) {
-            return true;
-        }
-        // Check if severity meets threshold
-        if ((0, parsed_file_1.severityRank)(vuln.severity) >= thresholdRank) {
-            return true;
-        }
-    }
-    return false;
-}
-/**
- * Get the categories that matched the filter from vulnerabilities
- * Useful for error messages showing which categories caused failure
- */
-function getMatchingCategories(vulnerabilities, categoryPatterns, severityThreshold) {
-    if (!vulnerabilities || vulnerabilities.length === 0) {
-        return [];
-    }
-    if (!categoryPatterns || categoryPatterns.length === 0) {
-        return [];
-    }
-    const thresholdRank = severityThreshold ? (0, parsed_file_1.severityRank)(severityThreshold) : 0;
-    const matched = new Set();
-    for (const vuln of vulnerabilities) {
-        // Check if category matches any pattern
-        if (!matchesAnyCategory(vuln.category, categoryPatterns)) {
-            continue;
-        }
-        // If no severity threshold, or severity meets threshold
-        if (!severityThreshold || (0, parsed_file_1.severityRank)(vuln.severity) >= thresholdRank) {
-            matched.add(vuln.category);
-        }
-    }
-    return Array.from(matched);
-}
-/**
- * Parse comma-separated category string into array
- *
- * @param input - Comma-separated category string
- * @returns Array of trimmed category patterns
- *
- * @example
- * parseCategoryList('ai-*, secrets-*') // ['ai-*', 'secrets-*']
- * parseCategoryList('sql_injection, xss') // ['sql_injection', 'xss']
- */
-function parseCategoryList(input) {
-    if (!input || typeof input !== 'string') {
-        return [];
-    }
-    return input
-        .split(',')
-        .map(s => s.trim())
-        .filter(s => s.length > 0);
-}
-/**
- * Validate category names, separating valid from invalid
- *
- * @param categories - Array of category patterns to validate
- * @returns Object with valid and invalid category arrays
- *
- * @example
- * validateCategories(['ai-*', 'sql_injection', 'fake_category'])
- * // { valid: ['ai-*', 'sql_injection'], invalid: ['fake_category'] }
- */
-function validateCategories(categories) {
-    const valid = [];
-    const invalid = [];
-    for (const category of categories) {
-        const normalized = normalizeCategory(category);
-        // Check if it's a valid wildcard
-        if (isWildcardPattern(normalized)) {
-            const normalizedWildcard = normalized.replace('_*', '-*');
-            if (exports.CATEGORY_GROUPS[normalizedWildcard]) {
-                valid.push(category);
-            }
-            else {
-                invalid.push(category);
-            }
-            continue;
-        }
-        // Check if it's a valid category name
-        const expanded = expandCategoryPattern(category);
-        if (expanded.length > 0) {
-            valid.push(category);
-        }
-        else {
-            invalid.push(category);
-        }
-    }
-    return { valid, invalid };
-}
-/**
- * Get a human-readable list of available category groups
- * Useful for help text and error messages
- */
-function getAvailableCategoryGroups() {
-    return Object.keys(exports.CATEGORY_GROUPS);
-}
-/**
- * Get the count of categories in each group
- * Useful for documentation and help text
- */
-function getCategoryGroupCounts() {
-    const counts = {};
-    for (const [group, categories] of Object.entries(exports.CATEGORY_GROUPS)) {
-        counts[group] = categories.length;
-    }
-    return counts;
-}
-//# sourceMappingURL=category-filter.js.map

package/dist/category-filter.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"category-filter.js","sourceRoot":"","sources":["../src/category-filter.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAqHH,8CAKC;AAqBD,sDAgCC;AAcD,gDAoBC;AAuBD,wDAiCC;AAMD,sDA6BC;AAYD,8CASC;AAYD,gDA+BC;AAMD,gEAEC;AAMD,wDAMC;AA7XD,qDAAkD;AAElD;;;;;GAKG;AACU,QAAA,eAAe,GAA4C;IACtE,MAAM,EAAE;QACN,YAAY;QACZ,qBAAqB;QACrB,qBAAqB;QACrB,wBAAwB;QACxB,qBAAqB;QACrB,yBAAyB;QACzB,oBAAoB;QACpB,0BAA0B;QAC1B,yBAAyB;QACzB,oBAAoB;QACpB,uBAAuB;QACvB,yBAAyB;QACzB,wBAAwB;QACxB,8BAA8B;QAC9B,yBAAyB;QACzB,uBAAuB;QACvB,2BAA2B;QAC3B,wBAAwB;QACxB,4BAA4B;QAC5B,wBAAwB;QACxB,sBAAsB;QACtB,sBAAsB;QACtB,sBAAsB;QACtB,qBAAqB;QACrB,sBAAsB;QACtB,qBAAqB;KACtB;IACD,WAAW,EAAE;QACX,kBAAkB;QAClB,qBAAqB;QACrB,oBAAoB;KACrB;IACD,SAAS,EAAE;QACT,eAAe;QACf,KAAK;QACL,mBAAmB;QACnB,cAAc;QACd,iBAAiB;QACjB,iBAAiB;QACjB,uBAAuB;QACvB,eAAe;QACf,aAAa;KACd;CACF,CAAA;AAED;;GAEG;AACU,QAAA,cAAc,GAA4B;IACrD,kBAAkB;IAClB,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,oBAAoB;IACpB,eAAe;IACf,KAAK;IACL,mBAAmB;IACnB,iBAAiB;IACjB,cAAc;IACd,oBAAoB;IACpB,uBAAuB;IACvB,gBAAgB;IAChB,gBAAgB;IAChB,YAAY;IACZ,eAAe;IACf,aAAa;IACb,eAAe;IACf,qBAAqB;IACrB,qBAAqB;IACrB,wBAAwB;IACxB,qBAAqB;IACrB,yBAAyB;IACzB,oBAAoB;IACpB,0BAA0B;IAC1B,yBAAyB;IACzB,oBAAoB;IACpB,uBAAuB;IACvB,yBAAyB;IACzB,wBAAwB;IACxB,8BAA8B;IAC9B,yBAAyB;IACzB,uBAAuB;IACvB,2BAA2B;IAC3B,wBAAwB;IACxB,4BAA4B;IAC5B,wBAAwB;IACxB,sBAAsB;IACtB,sBAAsB;IACtB,sBAAsB;IACtB,qBAAqB;IACrB,sBAAsB;IACtB,qBAAqB;CACtB,CAAA;AAED;;;;;;;;;GASG;AACH,SAAgB,iBAAiB,CAAC,QAAgB;IAChD,OAAO,QAAQ;SACZ,WAAW,EAAE;SACb,IAAI,EAAE;SACN,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;AACvB,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AACzD,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,qBAAqB,CAAC,OAAe;IACnD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAE7C,8BAA8B;IAC9B,IAAI,iBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,kEAAkE;QAClE,MAAM,kBAAkB,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAEzD,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,uBAAe,CAAC,kBAAkB,CAAC,CAAA;QACpD,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAA;QACtB,CAAC;QAED,kCAAkC;QAClC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,wCAAwC;IACxC,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,UAAmC,CAAA;IAC9D,IAAI,sBAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAChD,OAAO,CAAC,kBAAkB,CAAC,CAAA;IAC7B,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAA0B,CAAA;IAC1E,IAAI,sBAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,WAAW,CAAC,CAAA;IACtB,CAAC;IAED,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,kBAAkB,CAChC,QAA+B,EAC/B,QAAkB;IAElB,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAA;IAEtD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAA;QAE/C,4CAA4C;QAC5C,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,+CAA+C;AAE/C;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,sBAAsB,CACpC,eAAgC,EAChC,gBAA0B,EAC1B,iBAAyC;IAEzC,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,aAAa,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAA,0BAAY,EAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAE7E,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,wCAAwC;QACxC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAAE,CAAC;YACzD,SAAQ;QACV,CAAC;QAED,6EAA6E;QAC7E,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAA,0BAAY,EAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC;YACjD,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CACnC,eAAgC,EAChC,gBAA0B,EAC1B,iBAAyC;IAEzC,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,aAAa,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAA,0BAAY,EAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAC7E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAyB,CAAA;IAEhD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,wCAAwC;QACxC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAAE,CAAC;YACzD,SAAQ;QACV,CAAC;QAED,wDAAwD;QACxD,IAAI,CAAC,iBAAiB,IAAI,IAAA,0BAAY,EAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC;YACvE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AAC5B,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAAC,UAAoB;IAIrD,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,MAAM,OAAO,GAAa,EAAE,CAAA;IAE5B,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAA;QAE9C,iCAAiC;QACjC,IAAI,iBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,kBAAkB,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YACzD,IAAI,uBAAe,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACxC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACtB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACxB,CAAC;YACD,SAAQ;QACV,CAAC;QAED,sCAAsC;QACtC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAA;QAChD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;AAC3B,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,uBAAe,CAAC,CAAA;AACrC,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB;IACpC,MAAM,MAAM,GAA2B,EAAE,CAAA;IACzC,KAAK,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAe,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,CAAC,MAAM,CAAA;IACnC,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/detect/ai-code/agent-tools.d.ts

@@ -1,22 +0,0 @@
-/**
- * Layer 2: AI Agent Tool Permission Detection
- * Detects overly permissive agent tools and missing authorization checks
- *
- * Covers B4: Agent/tool orchestration logic
- *
- * Issues detected:
- * - Tools with unrestricted file system access
- * - Tools with unrestricted network access
- * - Tools with shell/code execution capability
- * - Tools without user/tenant context verification
- * - Database tools without proper scoping
- */
-import type { Vulnerability } from '../../shared/types';
-import type { ParsedFile } from '../../shared/parsed-file';
-/**
- * Main detection function for AI agent tool permission issues
- */
-export declare function detectAIAgentTools(content: string, filePath: string, options?: {
-    parsed?: ParsedFile;
-}): Vulnerability[];
-//# sourceMappingURL=agent-tools.d.ts.map

package/dist/detect/ai-code/agent-tools.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"agent-tools.d.ts","sourceRoot":"","sources":["../../../src/detect/ai-code/agent-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,oBAAoB,CAAA;AAC9E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAw8B1D;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CA+pBjB"}