npm - @oculum/scanner - Versions diffs - 1.0.9 → 1.0.11 - Mend

@oculum/scanner 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (365) hide show

package/dist/baseline/diff.d.ts +32 -0
package/dist/baseline/diff.d.ts.map +1 -0
package/dist/baseline/diff.js +119 -0
package/dist/baseline/diff.js.map +1 -0
package/dist/baseline/index.d.ts +9 -0
package/dist/baseline/index.d.ts.map +1 -0
package/dist/baseline/index.js +19 -0
package/dist/baseline/index.js.map +1 -0
package/dist/baseline/manager.d.ts +67 -0
package/dist/baseline/manager.d.ts.map +1 -0
package/dist/baseline/manager.js +180 -0
package/dist/baseline/manager.js.map +1 -0
package/dist/baseline/types.d.ts +91 -0
package/dist/baseline/types.d.ts.map +1 -0
package/dist/baseline/types.js +12 -0
package/dist/baseline/types.js.map +1 -0
package/dist/formatters/cli-terminal.d.ts +38 -0
package/dist/formatters/cli-terminal.d.ts.map +1 -1
package/dist/formatters/cli-terminal.js +365 -42
package/dist/formatters/cli-terminal.js.map +1 -1
package/dist/formatters/github-comment.d.ts +1 -1
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +75 -11
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/index.d.ts +1 -1
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +4 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +7 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +155 -16
package/dist/index.js.map +1 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +20 -3
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +20 -0
package/dist/layer1/config-mcp-audit.d.ts.map +1 -0
package/dist/layer1/config-mcp-audit.js +239 -0
package/dist/layer1/config-mcp-audit.js.map +1 -0
package/dist/layer1/index.d.ts +1 -0
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +9 -1
package/dist/layer1/index.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +303 -0
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +17 -3
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +462 -12
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +3 -0
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +17 -0
package/dist/layer2/ai-mcp-security.d.ts.map +1 -0
package/dist/layer2/ai-mcp-security.js +679 -0
package/dist/layer2/ai-mcp-security.js.map +1 -0
package/dist/layer2/ai-package-hallucination.d.ts +19 -0
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -0
package/dist/layer2/ai-package-hallucination.js +696 -0
package/dist/layer2/ai-package-hallucination.js.map +1 -0
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +495 -9
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +372 -1
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +4 -0
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +3 -0
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +16 -0
package/dist/layer2/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/child-process.js +74 -0
package/dist/layer2/dangerous-functions/child-process.js.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts +29 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.js +179 -0
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -0
package/dist/layer2/dangerous-functions/index.d.ts +13 -0
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/index.js +621 -0
package/dist/layer2/dangerous-functions/index.js.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts +31 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.js +319 -0
package/dist/layer2/dangerous-functions/json-parse.js.map +1 -0
package/dist/layer2/dangerous-functions/math-random.d.ts +61 -0
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/math-random.js +459 -0
package/dist/layer2/dangerous-functions/math-random.js.map +1 -0
package/dist/layer2/dangerous-functions/patterns.d.ts +21 -0
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/patterns.js +161 -0
package/dist/layer2/dangerous-functions/patterns.js.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts +13 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.js +119 -0
package/dist/layer2/dangerous-functions/request-validation.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +23 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js +149 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.js +124 -0
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts +9 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.js +23 -0
package/dist/layer2/dangerous-functions/utils/index.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js +89 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +3 -0
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +3 -0
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +3 -0
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +61 -2
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +4 -0
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +20 -0
package/dist/layer2/model-supply-chain.d.ts.map +1 -0
package/dist/layer2/model-supply-chain.js +376 -0
package/dist/layer2/model-supply-chain.js.map +1 -0
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +4 -0
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +4 -0
package/dist/layer2/variables.js.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +24 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.js +188 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -0
package/dist/layer3/anthropic/clients.d.ts +44 -0
package/dist/layer3/anthropic/clients.d.ts.map +1 -0
package/dist/layer3/anthropic/clients.js +81 -0
package/dist/layer3/anthropic/clients.js.map +1 -0
package/dist/layer3/anthropic/index.d.ts +41 -0
package/dist/layer3/anthropic/index.d.ts.map +1 -0
package/dist/layer3/anthropic/index.js +141 -0
package/dist/layer3/anthropic/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +8 -0
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/index.js +14 -0
package/dist/layer3/anthropic/prompts/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +15 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js +169 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +12 -0
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/validation.js +421 -0
package/dist/layer3/anthropic/prompts/validation.js.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts +21 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.js +266 -0
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -0
package/dist/layer3/anthropic/providers/index.d.ts +8 -0
package/dist/layer3/anthropic/providers/index.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/index.js +15 -0
package/dist/layer3/anthropic/providers/index.js.map +1 -0
package/dist/layer3/anthropic/providers/openai.d.ts +18 -0
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/openai.js +340 -0
package/dist/layer3/anthropic/providers/openai.js.map +1 -0
package/dist/layer3/anthropic/request-builder.d.ts +20 -0
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -0
package/dist/layer3/anthropic/request-builder.js +134 -0
package/dist/layer3/anthropic/request-builder.js.map +1 -0
package/dist/layer3/anthropic/types.d.ts +88 -0
package/dist/layer3/anthropic/types.d.ts.map +1 -0
package/dist/layer3/anthropic/types.js +38 -0
package/dist/layer3/anthropic/types.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +9 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/index.js +24 -0
package/dist/layer3/anthropic/utils/index.js.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts +21 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.js +69 -0
package/dist/layer3/anthropic/utils/path-helpers.js.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts +40 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.js +285 -0
package/dist/layer3/anthropic/utils/response-parser.js.map +1 -0
package/dist/layer3/anthropic/utils/retry.d.ts +15 -0
package/dist/layer3/anthropic/utils/retry.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/retry.js +62 -0
package/dist/layer3/anthropic/utils/retry.js.map +1 -0
package/dist/layer3/index.d.ts +1 -0
package/dist/layer3/index.d.ts.map +1 -1
package/dist/layer3/index.js +16 -6
package/dist/layer3/index.js.map +1 -1
package/dist/layer3/osv-check.d.ts +75 -0
package/dist/layer3/osv-check.d.ts.map +1 -0
package/dist/layer3/osv-check.js +308 -0
package/dist/layer3/osv-check.js.map +1 -0
package/dist/rules/framework-fixes.d.ts +48 -0
package/dist/rules/framework-fixes.d.ts.map +1 -0
package/dist/rules/framework-fixes.js +439 -0
package/dist/rules/framework-fixes.js.map +1 -0
package/dist/rules/index.d.ts +8 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +18 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/metadata.d.ts +43 -0
package/dist/rules/metadata.d.ts.map +1 -0
package/dist/rules/metadata.js +734 -0
package/dist/rules/metadata.js.map +1 -0
package/dist/suppression/config-loader.d.ts +74 -0
package/dist/suppression/config-loader.d.ts.map +1 -0
package/dist/suppression/config-loader.js +424 -0
package/dist/suppression/config-loader.js.map +1 -0
package/dist/suppression/hash.d.ts +48 -0
package/dist/suppression/hash.d.ts.map +1 -0
package/dist/suppression/hash.js +88 -0
package/dist/suppression/hash.js.map +1 -0
package/dist/suppression/index.d.ts +11 -0
package/dist/suppression/index.d.ts.map +1 -0
package/dist/suppression/index.js +39 -0
package/dist/suppression/index.js.map +1 -0
package/dist/suppression/inline-parser.d.ts +39 -0
package/dist/suppression/inline-parser.d.ts.map +1 -0
package/dist/suppression/inline-parser.js +218 -0
package/dist/suppression/inline-parser.js.map +1 -0
package/dist/suppression/manager.d.ts +94 -0
package/dist/suppression/manager.d.ts.map +1 -0
package/dist/suppression/manager.js +292 -0
package/dist/suppression/manager.js.map +1 -0
package/dist/suppression/types.d.ts +151 -0
package/dist/suppression/types.d.ts.map +1 -0
package/dist/suppression/types.js +28 -0
package/dist/suppression/types.js.map +1 -0
package/dist/tiers.d.ts +1 -1
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +27 -0
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +62 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/utils/context-helpers.d.ts +4 -0
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +13 -9
package/dist/utils/context-helpers.js.map +1 -1
package/package.json +4 -2
package/src/__tests__/benchmark/fixtures/layer1/mcp-config-audit.json +31 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1489 -82
package/src/__tests__/benchmark/fixtures/layer2/ai-mcp-security.ts +495 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-package-hallucination.ts +255 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-prompt-hygiene.ts +300 -1
package/src/__tests__/benchmark/fixtures/layer2/ai-rag-safety.ts +139 -0
package/src/__tests__/benchmark/fixtures/layer2/byok-patterns.ts +7 -0
package/src/__tests__/benchmark/fixtures/layer2/data-exposure.ts +63 -0
package/src/__tests__/benchmark/fixtures/layer2/excessive-agency.ts +221 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +18 -0
package/src/__tests__/benchmark/fixtures/layer2/model-supply-chain.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer2/phase1-enhancements.ts +157 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +758 -0
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +503 -0
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +321 -0
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +439 -0
package/src/baseline/__tests__/diff.test.ts +261 -0
package/src/baseline/__tests__/manager.test.ts +225 -0
package/src/baseline/diff.ts +135 -0
package/src/baseline/index.ts +29 -0
package/src/baseline/manager.ts +230 -0
package/src/baseline/types.ts +97 -0
package/src/formatters/cli-terminal.ts +444 -41
package/src/formatters/github-comment.ts +79 -11
package/src/formatters/index.ts +4 -0
package/src/index.ts +197 -14
package/src/layer1/config-audit.ts +24 -3
package/src/layer1/config-mcp-audit.ts +276 -0
package/src/layer1/index.ts +16 -6
package/src/layer2/ai-agent-tools.ts +336 -0
package/src/layer2/ai-endpoint-protection.ts +16 -3
package/src/layer2/ai-execution-sinks.ts +516 -12
package/src/layer2/ai-fingerprinting.ts +5 -1
package/src/layer2/ai-mcp-security.ts +730 -0
package/src/layer2/ai-package-hallucination.ts +791 -0
package/src/layer2/ai-prompt-hygiene.ts +547 -9
package/src/layer2/ai-rag-safety.ts +382 -3
package/src/layer2/auth-antipatterns.ts +5 -0
package/src/layer2/byok-patterns.ts +5 -1
package/src/layer2/dangerous-functions/child-process.ts +98 -0
package/src/layer2/dangerous-functions/dom-xss.ts +220 -0
package/src/layer2/dangerous-functions/index.ts +949 -0
package/src/layer2/dangerous-functions/json-parse.ts +385 -0
package/src/layer2/dangerous-functions/math-random.ts +537 -0
package/src/layer2/dangerous-functions/patterns.ts +174 -0
package/src/layer2/dangerous-functions/request-validation.ts +145 -0
package/src/layer2/dangerous-functions/utils/control-flow.ts +162 -0
package/src/layer2/dangerous-functions/utils/helpers.ts +170 -0
package/src/layer2/dangerous-functions/utils/index.ts +25 -0
package/src/layer2/dangerous-functions/utils/schema-validation.ts +91 -0
package/src/layer2/data-exposure.ts +5 -1
package/src/layer2/framework-checks.ts +5 -0
package/src/layer2/index.ts +63 -1
package/src/layer2/logic-gates.ts +5 -0
package/src/layer2/model-supply-chain.ts +456 -0
package/src/layer2/risky-imports.ts +5 -0
package/src/layer2/variables.ts +5 -0
package/src/layer3/__tests__/osv-check.test.ts +384 -0
package/src/layer3/anthropic/auto-dismiss.ts +212 -0
package/src/layer3/anthropic/clients.ts +84 -0
package/src/layer3/anthropic/index.ts +170 -0
package/src/layer3/anthropic/prompts/index.ts +14 -0
package/src/layer3/anthropic/prompts/semantic-analysis.ts +173 -0
package/src/layer3/anthropic/prompts/validation.ts +419 -0
package/src/layer3/anthropic/providers/anthropic.ts +310 -0
package/src/layer3/anthropic/providers/index.ts +8 -0
package/src/layer3/anthropic/providers/openai.ts +384 -0
package/src/layer3/anthropic/request-builder.ts +150 -0
package/src/layer3/anthropic/types.ts +148 -0
package/src/layer3/anthropic/utils/index.ts +26 -0
package/src/layer3/anthropic/utils/path-helpers.ts +68 -0
package/src/layer3/anthropic/utils/response-parser.ts +322 -0
package/src/layer3/anthropic/utils/retry.ts +75 -0
package/src/layer3/index.ts +18 -5
package/src/layer3/osv-check.ts +420 -0
package/src/rules/__tests__/framework-fixes.test.ts +689 -0
package/src/rules/__tests__/metadata.test.ts +218 -0
package/src/rules/framework-fixes.ts +470 -0
package/src/rules/index.ts +21 -0
package/src/rules/metadata.ts +831 -0
package/src/suppression/__tests__/config-loader.test.ts +382 -0
package/src/suppression/__tests__/hash.test.ts +166 -0
package/src/suppression/__tests__/inline-parser.test.ts +212 -0
package/src/suppression/__tests__/manager.test.ts +415 -0
package/src/suppression/config-loader.ts +462 -0
package/src/suppression/hash.ts +95 -0
package/src/suppression/index.ts +51 -0
package/src/suppression/inline-parser.ts +273 -0
package/src/suppression/manager.ts +379 -0
package/src/suppression/types.ts +174 -0
package/src/tiers.ts +36 -0
package/src/types.ts +90 -0
package/src/utils/context-helpers.ts +13 -9
package/dist/layer2/dangerous-functions.d.ts +0 -7
package/dist/layer2/dangerous-functions.d.ts.map +0 -1
package/dist/layer2/dangerous-functions.js +0 -1701
package/dist/layer2/dangerous-functions.js.map +0 -1
package/dist/layer3/anthropic.d.ts +0 -87
package/dist/layer3/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic.js +0 -1948
package/dist/layer3/anthropic.js.map +0 -1
package/dist/layer3/openai.d.ts +0 -25
package/dist/layer3/openai.d.ts.map +0 -1
package/dist/layer3/openai.js +0 -238
package/dist/layer3/openai.js.map +0 -1
package/src/layer2/dangerous-functions.ts +0 -1940
package/src/layer3/anthropic.ts +0 -2257

package/dist/rules/framework-fixes.js ADDED Viewed

@@ -0,0 +1,439 @@
+"use strict";
+/**
+ * Framework-Aware Fix Suggestions Registry (PRO-83)
+ *
+ * Provides framework-specific fix suggestions that transform generic advice
+ * into actionable guidance based on the user's detected tech stack.
+ *
+ * When a Next.js + Prisma project has a SQL injection finding, this registry
+ * provides Prisma-specific fixes instead of generic SQL advice.
+ *
+ * Falls back gracefully to generic fixes (from metadata.ts) when no match.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FRAMEWORK_FIX_REGISTRY = void 0;
+exports.getFrameworkFix = getFrameworkFix;
+// ============================================================================
+// Framework Fix Registry
+// ============================================================================
+/**
+ * Registry mapping vulnerability categories to framework-specific fixes.
+ *
+ * Structure: category -> framework -> fix
+ *
+ * Priority categories (Tier 1):
+ * - sql_injection: Fixes vary dramatically by ORM
+ * - missing_auth: Framework-specific middleware patterns
+ * - xss: React/Vue/vanilla have different approaches
+ * - hardcoded_secret: Framework-specific env handling
+ * - cors_misconfiguration: Very framework-specific
+ */
+exports.FRAMEWORK_FIX_REGISTRY = {
+    // ==========================================================================
+    // SQL Injection - Fixes vary dramatically by ORM
+    // ==========================================================================
+    sql_injection: {
+        prisma: {
+            fixSteps: [
+                'Use Prisma query methods: prisma.user.findUnique({ where: { id } })',
+                'For raw SQL, use Prisma.$queryRaw with template literals (auto-parameterized)',
+                'Never concatenate user input into query strings',
+                'Validate input with Zod before passing to queries',
+            ],
+            codeExample: `// Safe: Prisma parameterized query
+const user = await prisma.user.findUnique({
+  where: { email: userInput }
+})
+// Safe: Raw query with parameters
+await prisma.$queryRaw\`SELECT * FROM users WHERE id = \${userId}\``,
+        },
+        drizzle: {
+            fixSteps: [
+                'Use Drizzle query builder with eq(), and(), or() operators',
+                'For raw SQL, use sql`` template literal (auto-parameterized)',
+                'Never concatenate user input into query strings',
+                'Validate input with Zod before passing to queries',
+            ],
+            codeExample: `// Safe: Drizzle query builder
+const users = await db.select().from(usersTable)
+  .where(eq(usersTable.email, userInput))
+// Safe: Raw query with parameters
+await db.execute(sql\`SELECT * FROM users WHERE id = \${userId}\`)`,
+        },
+        supabase: {
+            fixSteps: [
+                'Use Supabase client methods: supabase.from("users").select().eq("id", userId)',
+                'Rely on Row Level Security (RLS) for access control',
+                'For complex queries, use stored procedures with parameters',
+                'Never use .rpc() with string concatenation for query building',
+            ],
+            codeExample: `// Safe: Supabase client with RLS
+const { data } = await supabase
+  .from('users')
+  .select('*')
+  .eq('email', userInput)
+  .single()`,
+        },
+        mongoose: {
+            fixSteps: [
+                'Use Mongoose query methods with conditions object: User.find({ email: userInput })',
+                'Avoid $where with user input - it allows JavaScript execution',
+                'Validate ObjectIds before querying: mongoose.Types.ObjectId.isValid(id)',
+                'Use schema validation to ensure expected data types',
+            ],
+            codeExample: `// Safe: Mongoose query with conditions
+const user = await User.findOne({ email: userInput })
+// Validate ObjectId before use
+if (!mongoose.Types.ObjectId.isValid(id)) {
+  throw new Error('Invalid ID')
+}`,
+        },
+        knex: {
+            fixSteps: [
+                'Use Knex query builder: knex("users").where({ email: userInput })',
+                'For raw SQL, use knex.raw() with parameter binding: knex.raw("SELECT * FROM users WHERE id = ?", [userId])',
+                'Never use string concatenation in queries',
+                'Validate input types before passing to queries',
+            ],
+            codeExample: `// Safe: Knex query builder
+const user = await knex('users')
+  .where({ email: userInput })
+  .first()
+// Safe: Raw query with parameters
+await knex.raw('SELECT * FROM users WHERE id = ?', [userId])`,
+        },
+    },
+    // ==========================================================================
+    // Missing Authentication - Framework-specific middleware patterns
+    // ==========================================================================
+    missing_auth: {
+        nextjs: {
+            fixSteps: [
+                'Add auth check in middleware.ts with matcher config for protected routes',
+                'Call auth() or getServerSession() at the start of route handlers',
+                'Return 401/redirect for unauthenticated requests',
+                'Use throwing auth helpers (getCurrentUserId) that guarantee authenticated context',
+            ],
+            codeExample: `// middleware.ts
+export { auth as middleware } from '@/auth'
+export const config = { matcher: ['/dashboard/:path*', '/api/:path*'] }
+// In route handler
+import { auth } from '@/auth'
+export async function GET() {
+  const session = await auth()
+  if (!session) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+  // ... authenticated code
+}`,
+        },
+        express: {
+            fixSteps: [
+                'Use authentication middleware (passport, express-session, or custom)',
+                'Apply middleware to routes: app.use("/api", authMiddleware)',
+                'Verify JWT tokens or session cookies in middleware',
+                'Return 401 status for unauthenticated requests',
+            ],
+            codeExample: `// authMiddleware.js
+const authMiddleware = (req, res, next) => {
+  const token = req.headers.authorization?.split(' ')[1]
+  if (!token) {
+    return res.status(401).json({ error: 'Unauthorized' })
+  }
+  try {
+    req.user = jwt.verify(token, process.env.JWT_SECRET)
+    next()
+  } catch {
+    return res.status(401).json({ error: 'Invalid token' })
+  }
+}
+// Apply to routes
+app.use('/api', authMiddleware)`,
+        },
+        fastify: {
+            fixSteps: [
+                'Use @fastify/auth or @fastify/jwt for authentication',
+                'Register auth plugin and apply to routes with onRequest hook',
+                'Decorate request with user info after authentication',
+                'Return 401 status for unauthenticated requests',
+            ],
+            codeExample: `// Register JWT plugin
+await fastify.register(fastifyJwt, { secret: process.env.JWT_SECRET })
+// Auth decorator
+fastify.decorate('authenticate', async (request, reply) => {
+  try {
+    await request.jwtVerify()
+  } catch (err) {
+    reply.code(401).send({ error: 'Unauthorized' })
+  }
+})
+// Protected route
+fastify.get('/api/data', { onRequest: [fastify.authenticate] }, handler)`,
+        },
+        nestjs: {
+            fixSteps: [
+                'Use @nestjs/passport with Guards for authentication',
+                'Apply AuthGuard to controllers or routes with @UseGuards()',
+                'Implement custom guards for role-based access control',
+                'Use @Public() decorator for intentionally public endpoints',
+            ],
+            codeExample: `// auth.guard.ts
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {}
+// controller.ts
+@Controller('api')
+@UseGuards(JwtAuthGuard)
+export class ApiController {
+  @Get('data')
+  getData(@Request() req) {
+    return this.service.getData(req.user.id)
+  }
+}`,
+        },
+    },
+    // ==========================================================================
+    // XSS - React/Vue/vanilla have different approaches
+    // ==========================================================================
+    xss: {
+        react: {
+            fixSteps: [
+                'Use JSX expressions {variable} - React auto-escapes by default',
+                'Avoid dangerouslySetInnerHTML unless absolutely necessary',
+                'If you must use dangerouslySetInnerHTML, sanitize with DOMPurify first',
+                'Validate and sanitize user input on the server side as well',
+            ],
+            codeExample: `// Safe: JSX auto-escapes
+function Comment({ text }) {
+  return <div>{text}</div> // Safe - auto-escaped
+}
+// If HTML is required, sanitize first
+import DOMPurify from 'dompurify'
+function RichContent({ html }) {
+  const clean = DOMPurify.sanitize(html)
+  return <div dangerouslySetInnerHTML={{ __html: clean }} />
+}`,
+        },
+        vue: {
+            fixSteps: [
+                'Use v-text or {{ }} interpolation - Vue auto-escapes by default',
+                'Avoid v-html with user-controlled content',
+                'If you must use v-html, sanitize with DOMPurify first',
+                'Use Content Security Policy headers as additional protection',
+            ],
+            codeExample: `<!-- Safe: Vue interpolation auto-escapes -->
+<template>
+  <div>{{ userContent }}</div>
+</template>
+<!-- If HTML is required, sanitize first -->
+<script setup>
+import DOMPurify from 'dompurify'
+const sanitizedHtml = computed(() => DOMPurify.sanitize(props.html))
+</script>
+<template>
+  <div v-html="sanitizedHtml"></div>
+</template>`,
+        },
+    },
+    // ==========================================================================
+    // Hardcoded Secrets - Framework-specific env handling
+    // ==========================================================================
+    hardcoded_secret: {
+        nextjs: {
+            fixSteps: [
+                'Store secrets in .env.local (gitignored by default)',
+                'Access via process.env.SECRET_NAME in server components/API routes',
+                'Only use NEXT_PUBLIC_ prefix for intentionally client-exposed values',
+                'Use Vercel Environment Variables for production deployments',
+            ],
+            codeExample: `// .env.local
+DATABASE_URL=postgres://...
+API_SECRET=your-secret-here
+// Server-side code (API route, server component)
+const secret = process.env.API_SECRET
+// Client-safe public values only
+// NEXT_PUBLIC_ANALYTICS_ID=xxx`,
+        },
+        express: {
+            fixSteps: [
+                'Use dotenv package to load from .env files',
+                'Add .env to .gitignore immediately',
+                'Access secrets via process.env.SECRET_NAME',
+                'Use different .env files per environment (.env.production)',
+            ],
+            codeExample: `// At app entry point
+import 'dotenv/config'
+// .env (gitignored)
+DATABASE_URL=postgres://...
+JWT_SECRET=your-secret-here
+// Access in code
+const jwtSecret = process.env.JWT_SECRET
+if (!jwtSecret) throw new Error('JWT_SECRET required')`,
+        },
+    },
+    // ==========================================================================
+    // CORS Misconfiguration - Very framework-specific
+    // ==========================================================================
+    cors_misconfiguration: {
+        nextjs: {
+            fixSteps: [
+                'Configure CORS in next.config.js headers or middleware',
+                'Specify exact allowed origins instead of wildcard "*"',
+                'Use environment variables for origin configuration',
+                'Consider using middleware for dynamic origin validation',
+            ],
+            codeExample: `// next.config.js
+module.exports = {
+  async headers() {
+    return [{
+      source: '/api/:path*',
+      headers: [
+        { key: 'Access-Control-Allow-Origin', value: process.env.ALLOWED_ORIGIN },
+        { key: 'Access-Control-Allow-Methods', value: 'GET,POST,PUT,DELETE' },
+        { key: 'Access-Control-Allow-Headers', value: 'Content-Type,Authorization' },
+      ],
+    }]
+  },
+}
+// Or in middleware.ts for dynamic validation
+const allowedOrigins = ['https://app.example.com', 'https://admin.example.com']`,
+        },
+        express: {
+            fixSteps: [
+                'Use the cors package with specific origin configuration',
+                'Replace origin: "*" with an allowlist of origins',
+                'Use a function for dynamic origin validation',
+                'Disable credentials for cross-origin requests unless necessary',
+            ],
+            codeExample: `import cors from 'cors'
+const allowedOrigins = ['https://app.example.com', 'https://admin.example.com']
+app.use(cors({
+  origin: (origin, callback) => {
+    if (!origin || allowedOrigins.includes(origin)) {
+      callback(null, true)
+    } else {
+      callback(new Error('Not allowed by CORS'))
+    }
+  },
+  credentials: true, // Only if you need cookies/auth headers
+}))`,
+        },
+        fastify: {
+            fixSteps: [
+                'Use @fastify/cors with specific origin configuration',
+                'Specify allowed origins instead of true/wildcard',
+                'Use a function for dynamic origin validation',
+                'Configure allowed methods and headers explicitly',
+            ],
+            codeExample: `import cors from '@fastify/cors'
+const allowedOrigins = ['https://app.example.com']
+await fastify.register(cors, {
+  origin: (origin, cb) => {
+    if (!origin || allowedOrigins.includes(origin)) {
+      cb(null, true)
+    } else {
+      cb(new Error('Not allowed'), false)
+    }
+  },
+  credentials: true,
+})`,
+        },
+    },
+    // ==========================================================================
+    // Dangerous Function (eval, innerHTML) - Context-specific
+    // ==========================================================================
+    dangerous_function: {
+        react: {
+            fixSteps: [
+                'Replace innerHTML with React JSX (auto-escapes content)',
+                'Use textContent or innerText for plain text updates',
+                'If dynamic HTML is required, use DOMPurify before dangerouslySetInnerHTML',
+                'Consider using a markdown renderer (react-markdown) for rich content',
+            ],
+            codeExample: `// Instead of innerHTML
+const element = document.getElementById('content')
+element.innerHTML = userInput // Dangerous!
+// Use React JSX
+function SafeContent({ content }) {
+  return <div>{content}</div> // Safe - auto-escaped
+}`,
+        },
+        vue: {
+            fixSteps: [
+                'Use Vue template interpolation {{ }} instead of v-html',
+                'If HTML rendering is required, sanitize with DOMPurify first',
+                'Consider component-based approaches for dynamic content',
+                'Validate and sanitize on the server before sending to client',
+            ],
+        },
+    },
+};
+// ============================================================================
+// Lookup Function
+// ============================================================================
+/**
+ * Get framework-specific fix for a vulnerability category.
+ *
+ * Priority order for ORM-related categories (sql_injection):
+ * 1. ORM (prisma, drizzle, supabase, mongoose, knex)
+ * 2. Backend framework (nextjs, express, fastify, nestjs)
+ *
+ * Priority order for other categories:
+ * 1. Frontend framework for XSS (react, vue)
+ * 2. Backend framework for auth/cors/secrets
+ *
+ * @returns FrameworkFix if a match is found, undefined otherwise (falls back to generic)
+ */
+function getFrameworkFix(category, frameworks, dataAccess) {
+    const categoryFixes = exports.FRAMEWORK_FIX_REGISTRY[category];
+    if (!categoryFixes) {
+        return undefined;
+    }
+    // For SQL injection, prioritize ORM-specific fixes
+    if (category === 'sql_injection' && dataAccess?.orm) {
+        const ormFix = categoryFixes[dataAccess.orm];
+        if (ormFix) {
+            return ormFix;
+        }
+    }
+    // For XSS and dangerous_function, prioritize frontend framework
+    if ((category === 'xss' || category === 'dangerous_function') && frameworks.frontend) {
+        const frontendFix = categoryFixes[frameworks.frontend];
+        if (frontendFix) {
+            return frontendFix;
+        }
+    }
+    // For other categories, try backend framework
+    if (frameworks.primary) {
+        const backendFix = categoryFixes[frameworks.primary];
+        if (backendFix) {
+            return backendFix;
+        }
+    }
+    // No framework-specific fix found
+    return undefined;
+}
+//# sourceMappingURL=framework-fixes.js.map

package/dist/rules/framework-fixes.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"framework-fixes.js","sourceRoot":"","sources":["../../src/rules/framework-fixes.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAuaH,0CAoCC;AAtbD,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACU,QAAA,sBAAsB,GAAwF;IACzH,6EAA6E;IAC7E,iDAAiD;IACjD,6EAA6E;IAC7E,aAAa,EAAE;QACb,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,qEAAqE;gBACrE,+EAA+E;gBAC/E,iDAAiD;gBACjD,mDAAmD;aACpD;YACD,WAAW,EAAE;;;;;;oEAMiD;SAC/D;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,4DAA4D;gBAC5D,8DAA8D;gBAC9D,iDAAiD;gBACjD,mDAAmD;aACpD;YACD,WAAW,EAAE;;;;;mEAKgD;SAC9D;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE;gBACR,+EAA+E;gBAC/E,qDAAqD;gBACrD,4DAA4D;gBAC5D,+DAA+D;aAChE;YACD,WAAW,EAAE;;;;;YAKP;SACP;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE;gBACR,oFAAoF;gBACpF,+DAA+D;gBAC/D,yEAAyE;gBACzE,qDAAqD;aACtD;YACD,WAAW,EAAE;;;;;;EAMjB;SACG;QACD,IAAI,EAAE;YACJ,QAAQ,EAAE;gBACR,mEAAmE;gBACnE,4GAA4G;gBAC5G,2CAA2C;gBAC3C,gDAAgD;aACjD;YACD,WAAW,EAAE;;;;;;6DAM0C;SACxD;KACF;IAED,6EAA6E;IAC7E,kEAAkE;IAClE,6EAA6E;IAC7E,YAAY,EAAE;QACZ,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,0EAA0E;gBAC1E,kEAAkE;gBAClE,kDAAkD;gBAClD,mFAAmF;aACpF;YACD,WAAW,EAAE;;;;;;;;;;;;;EAajB;SACG;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,sEAAsE;gBACtE,6DAA6D;gBAC7D,oDAAoD;gBACpD,gDAAgD;aACjD;YACD,WAAW,EAAE;;;;;;;;;;;;;;;gCAea;SAC3B;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,sDAAsD;gBACtD,8DAA8D;gBAC9D,sDAAsD;gBACtD,gDAAgD;aACjD;YACD,WAAW,EAAE;;;;;;;;;;;;;yEAasD;SACpE;QACD,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,qDAAqD;gBACrD,4DAA4D;gBAC5D,uDAAuD;gBACvD,4DAA4D;aAC7D;YACD,WAAW,EAAE;;;;;;;;;;;;EAYjB;SACG;KACF;IAED,6EAA6E;IAC7E,oDAAoD;IACpD,6EAA6E;IAC7E,GAAG,EAAE;QACH,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,gEAAgE;gBAChE,2DAA2D;gBAC3D,wEAAwE;gBACxE,6DAA6D;aAC9D;YACD,WAAW,EAAE;;;;;;;;;;;EAWjB;SACG;QACD,GAAG,EAAE;YACH,QAAQ,EAAE;gBACR,iEAAiE;gBACjE,2CAA2C;gBAC3C,uDAAuD;gBACvD,8DAA8D;aAC/D;YACD,WAAW,EAAE;;;;;;;;;;;;;YAaP;SACP;KACF;IAED,6EAA6E;IAC7E,sDAAsD;IACtD,6EAA6E;IAC7E,gBAAgB,EAAE;QAChB,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,qDAAqD;gBACrD,oEAAoE;gBACpE,sEAAsE;gBACtE,6DAA6D;aAC9D;YACD,WAAW,EAAE;;;;;;;;gCAQa;SAC3B;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,4CAA4C;gBAC5C,oCAAoC;gBACpC,4CAA4C;gBAC5C,4DAA4D;aAC7D;YACD,WAAW,EAAE;;;;;;;;;uDASoC;SAClD;KACF;IAED,6EAA6E;IAC7E,kDAAkD;IAClD,6EAA6E;IAC7E,qBAAqB,EAAE;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,wDAAwD;gBACxD,uDAAuD;gBACvD,oDAAoD;gBACpD,yDAAyD;aAC1D;YACD,WAAW,EAAE;;;;;;;;;;;;;;;gFAe6D;SAC3E;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,yDAAyD;gBACzD,kDAAkD;gBAClD,8CAA8C;gBAC9C,gEAAgE;aACjE;YACD,WAAW,EAAE;;;;;;;;;;;;;IAaf;SACC;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,sDAAsD;gBACtD,kDAAkD;gBAClD,8CAA8C;gBAC9C,kDAAkD;aACnD;YACD,WAAW,EAAE;;;;;;;;;;;;;GAahB;SACE;KACF;IAED,6EAA6E;IAC7E,0DAA0D;IAC1D,6EAA6E;IAC7E,kBAAkB,EAAE;QAClB,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,yDAAyD;gBACzD,qDAAqD;gBACrD,2EAA2E;gBAC3E,sEAAsE;aACvE;YACD,WAAW,EAAE;;;;;;;EAOjB;SACG;QACD,GAAG,EAAE;YACH,QAAQ,EAAE;gBACR,wDAAwD;gBACxD,8DAA8D;gBAC9D,yDAAyD;gBACzD,8DAA8D;aAC/D;SACF;KACF;CACF,CAAA;AAED,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,SAAgB,eAAe,CAC7B,QAA+B,EAC/B,UAA4B,EAC5B,UAA8B;IAE9B,MAAM,aAAa,GAAG,8BAAsB,CAAC,QAAQ,CAAC,CAAA;IACtD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,mDAAmD;IACnD,IAAI,QAAQ,KAAK,eAAe,IAAI,UAAU,EAAE,GAAG,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,GAAmB,CAAC,CAAA;QAC5D,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAA;QACf,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,IAAI,CAAC,QAAQ,KAAK,KAAK,IAAI,QAAQ,KAAK,oBAAoB,CAAC,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QACrF,MAAM,WAAW,GAAG,aAAa,CAAC,UAAU,CAAC,QAAwB,CAAC,CAAA;QACtE,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,WAAW,CAAA;QACpB,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,OAAuB,CAAC,CAAA;QACpE,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,UAAU,CAAA;QACnB,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,OAAO,SAAS,CAAA;AAClB,CAAC"}

package/dist/rules/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Rules Module
+ *
+ * Provides access to rule metadata for actionable finding output.
+ */
+export { RULE_REGISTRY, getRuleMetadata, getAllCategories, hasMetadata, type RuleMetadata, } from './metadata';
+export { FRAMEWORK_FIX_REGISTRY, getFrameworkFix, type FrameworkKey, type FrameworkFix, } from './framework-fixes';
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,aAAa,EACb,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,KAAK,YAAY,GAClB,MAAM,YAAY,CAAA;AAGnB,OAAO,EACL,sBAAsB,EACtB,eAAe,EACf,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,mBAAmB,CAAA"}

package/dist/rules/index.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * Rules Module
+ *
+ * Provides access to rule metadata for actionable finding output.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getFrameworkFix = exports.FRAMEWORK_FIX_REGISTRY = exports.hasMetadata = exports.getAllCategories = exports.getRuleMetadata = exports.RULE_REGISTRY = void 0;
+var metadata_1 = require("./metadata");
+Object.defineProperty(exports, "RULE_REGISTRY", { enumerable: true, get: function () { return metadata_1.RULE_REGISTRY; } });
+Object.defineProperty(exports, "getRuleMetadata", { enumerable: true, get: function () { return metadata_1.getRuleMetadata; } });
+Object.defineProperty(exports, "getAllCategories", { enumerable: true, get: function () { return metadata_1.getAllCategories; } });
+Object.defineProperty(exports, "hasMetadata", { enumerable: true, get: function () { return metadata_1.hasMetadata; } });
+// Framework-aware fix suggestions (PRO-83)
+var framework_fixes_1 = require("./framework-fixes");
+Object.defineProperty(exports, "FRAMEWORK_FIX_REGISTRY", { enumerable: true, get: function () { return framework_fixes_1.FRAMEWORK_FIX_REGISTRY; } });
+Object.defineProperty(exports, "getFrameworkFix", { enumerable: true, get: function () { return framework_fixes_1.getFrameworkFix; } });
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,uCAMmB;AALjB,yGAAA,aAAa,OAAA;AACb,2GAAA,eAAe,OAAA;AACf,4GAAA,gBAAgB,OAAA;AAChB,uGAAA,WAAW,OAAA;AAIb,2CAA2C;AAC3C,qDAK0B;AAJxB,yHAAA,sBAAsB,OAAA;AACtB,kHAAA,eAAe,OAAA"}

package/dist/rules/metadata.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Rule Metadata Registry
+ *
+ * Provides comprehensive metadata for all vulnerability categories including:
+ * - whyItMatters: Business impact explanation
+ * - fixSteps: Step-by-step remediation guidance
+ * - evidence: What triggers this finding
+ * - references: OWASP/CWE documentation links
+ *
+ * This metadata enables actionable output for every finding,
+ * regardless of whether AI validation is used.
+ */
+import type { VulnerabilityCategory } from '../types';
+export interface RuleMetadata {
+    /** Human-readable rule name */
+    name: string;
+    /** 1-2 sentence explanation of why this matters (business impact) */
+    whyItMatters: string;
+    /** Step-by-step fix instructions */
+    fixSteps: string[];
+    /** What triggers this finding */
+    evidence: string;
+    /** OWASP/CWE reference links */
+    references: string[];
+}
+/**
+ * Comprehensive metadata registry for all vulnerability categories
+ */
+export declare const RULE_REGISTRY: Record<VulnerabilityCategory, RuleMetadata>;
+/**
+ * Get metadata for a vulnerability category
+ * Returns undefined if category is not in registry (shouldn't happen for valid categories)
+ */
+export declare function getRuleMetadata(category: VulnerabilityCategory): RuleMetadata | undefined;
+/**
+ * Get all available rule categories
+ */
+export declare function getAllCategories(): VulnerabilityCategory[];
+/**
+ * Check if a category has metadata
+ */
+export declare function hasMetadata(category: VulnerabilityCategory): boolean;
+//# sourceMappingURL=metadata.d.ts.map

package/dist/rules/metadata.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../src/rules/metadata.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AAErD,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,qEAAqE;IACrE,YAAY,EAAE,MAAM,CAAA;IACpB,oCAAoC;IACpC,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,gCAAgC;IAChC,UAAU,EAAE,MAAM,EAAE,CAAA;CACrB;AAED;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,qBAAqB,EAAE,YAAY,CAywBrE,CAAA;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,qBAAqB,GAAG,YAAY,GAAG,SAAS,CAEzF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,qBAAqB,EAAE,CAE1D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,qBAAqB,GAAG,OAAO,CAEpE"}