npm - @quantracode/vibecheck - Versions diffs - 0.0.1 → 0.0.2 - Mend

@quantracode/vibecheck 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/README.md +6 -6
package/dist/index.d.ts +0 -2
package/dist/index.js +7902 -8
package/package.json +13 -7
package/dist/__tests__/cli.test.d.ts +0 -2
package/dist/__tests__/cli.test.d.ts.map +0 -1
package/dist/__tests__/cli.test.js +0 -243
package/dist/__tests__/fixtures/safe-app/app/api/users/route.js +0 -36
package/dist/__tests__/fixtures/vulnerable-app/app/api/users/route.js +0 -28
package/dist/__tests__/fixtures/vulnerable-app/lib/config.d.ts +0 -4
package/dist/__tests__/fixtures/vulnerable-app/lib/config.d.ts.map +0 -1
package/dist/__tests__/fixtures/vulnerable-app/lib/config.js +0 -6
package/dist/__tests__/scanners/env-config.test.d.ts +0 -2
package/dist/__tests__/scanners/env-config.test.d.ts.map +0 -1
package/dist/__tests__/scanners/env-config.test.js +0 -142
package/dist/__tests__/scanners/nextjs-middleware.test.d.ts +0 -2
package/dist/__tests__/scanners/nextjs-middleware.test.d.ts.map +0 -1
package/dist/__tests__/scanners/nextjs-middleware.test.js +0 -193
package/dist/__tests__/scanners/scanner-packs.test.d.ts +0 -2
package/dist/__tests__/scanners/scanner-packs.test.d.ts.map +0 -1
package/dist/__tests__/scanners/scanner-packs.test.js +0 -126
package/dist/__tests__/scanners/unused-security-imports.test.d.ts +0 -2
package/dist/__tests__/scanners/unused-security-imports.test.d.ts.map +0 -1
package/dist/__tests__/scanners/unused-security-imports.test.js +0 -145
package/dist/commands/demo-artifact.d.ts +0 -7
package/dist/commands/demo-artifact.d.ts.map +0 -1
package/dist/commands/demo-artifact.js +0 -322
package/dist/commands/evaluate.d.ts +0 -30
package/dist/commands/evaluate.d.ts.map +0 -1
package/dist/commands/evaluate.js +0 -258
package/dist/commands/explain.d.ts +0 -12
package/dist/commands/explain.d.ts.map +0 -1
package/dist/commands/explain.js +0 -214
package/dist/commands/index.d.ts +0 -7
package/dist/commands/index.d.ts.map +0 -1
package/dist/commands/index.js +0 -6
package/dist/commands/intent.d.ts +0 -21
package/dist/commands/intent.d.ts.map +0 -1
package/dist/commands/intent.js +0 -192
package/dist/commands/scan.d.ts +0 -44
package/dist/commands/scan.d.ts.map +0 -1
package/dist/commands/scan.js +0 -497
package/dist/commands/waivers.d.ts +0 -30
package/dist/commands/waivers.d.ts.map +0 -1
package/dist/commands/waivers.js +0 -249
package/dist/index.d.ts.map +0 -1
package/dist/phase3/index.d.ts +0 -11
package/dist/phase3/index.d.ts.map +0 -1
package/dist/phase3/index.js +0 -12
package/dist/phase3/intent-miner.d.ts +0 -32
package/dist/phase3/intent-miner.d.ts.map +0 -1
package/dist/phase3/intent-miner.js +0 -323
package/dist/phase3/proof-trace-builder.d.ts +0 -42
package/dist/phase3/proof-trace-builder.d.ts.map +0 -1
package/dist/phase3/proof-trace-builder.js +0 -441
package/dist/phase3/scanners/auth-by-ui-server-gap.d.ts +0 -15
package/dist/phase3/scanners/auth-by-ui-server-gap.d.ts.map +0 -1
package/dist/phase3/scanners/auth-by-ui-server-gap.js +0 -237
package/dist/phase3/scanners/comment-claim-unproven.d.ts +0 -14
package/dist/phase3/scanners/comment-claim-unproven.d.ts.map +0 -1
package/dist/phase3/scanners/comment-claim-unproven.js +0 -161
package/dist/phase3/scanners/index.d.ts +0 -31
package/dist/phase3/scanners/index.d.ts.map +0 -1
package/dist/phase3/scanners/index.js +0 -40
package/dist/phase3/scanners/middleware-assumed-not-matching.d.ts +0 -14
package/dist/phase3/scanners/middleware-assumed-not-matching.d.ts.map +0 -1
package/dist/phase3/scanners/middleware-assumed-not-matching.js +0 -172
package/dist/phase3/scanners/validation-claimed-missing.d.ts +0 -15
package/dist/phase3/scanners/validation-claimed-missing.d.ts.map +0 -1
package/dist/phase3/scanners/validation-claimed-missing.js +0 -204
package/dist/scanners/abuse/compute-abuse.d.ts +0 -20
package/dist/scanners/abuse/compute-abuse.d.ts.map +0 -1
package/dist/scanners/abuse/compute-abuse.js +0 -509
package/dist/scanners/abuse/index.d.ts +0 -12
package/dist/scanners/abuse/index.d.ts.map +0 -1
package/dist/scanners/abuse/index.js +0 -15
package/dist/scanners/auth/index.d.ts +0 -5
package/dist/scanners/auth/index.d.ts.map +0 -1
package/dist/scanners/auth/index.js +0 -10
package/dist/scanners/auth/middleware-gap.d.ts +0 -22
package/dist/scanners/auth/middleware-gap.d.ts.map +0 -1
package/dist/scanners/auth/middleware-gap.js +0 -203
package/dist/scanners/auth/unprotected-api-route.d.ts +0 -12
package/dist/scanners/auth/unprotected-api-route.d.ts.map +0 -1
package/dist/scanners/auth/unprotected-api-route.js +0 -126
package/dist/scanners/config/index.d.ts +0 -5
package/dist/scanners/config/index.d.ts.map +0 -1
package/dist/scanners/config/index.js +0 -10
package/dist/scanners/config/insecure-defaults.d.ts +0 -12
package/dist/scanners/config/insecure-defaults.d.ts.map +0 -1
package/dist/scanners/config/insecure-defaults.js +0 -77
package/dist/scanners/config/undocumented-env.d.ts +0 -24
package/dist/scanners/config/undocumented-env.d.ts.map +0 -1
package/dist/scanners/config/undocumented-env.js +0 -159
package/dist/scanners/crypto/index.d.ts +0 -6
package/dist/scanners/crypto/index.d.ts.map +0 -1
package/dist/scanners/crypto/index.js +0 -11
package/dist/scanners/crypto/jwt-decode-unverified.d.ts +0 -14
package/dist/scanners/crypto/jwt-decode-unverified.d.ts.map +0 -1
package/dist/scanners/crypto/jwt-decode-unverified.js +0 -87
package/dist/scanners/crypto/math-random-tokens.d.ts +0 -13
package/dist/scanners/crypto/math-random-tokens.d.ts.map +0 -1
package/dist/scanners/crypto/math-random-tokens.js +0 -80
package/dist/scanners/crypto/weak-hashing.d.ts +0 -11
package/dist/scanners/crypto/weak-hashing.d.ts.map +0 -1
package/dist/scanners/crypto/weak-hashing.js +0 -95
package/dist/scanners/env-config.d.ts +0 -24
package/dist/scanners/env-config.d.ts.map +0 -1
package/dist/scanners/env-config.js +0 -164
package/dist/scanners/hallucinations/index.d.ts +0 -4
package/dist/scanners/hallucinations/index.d.ts.map +0 -1
package/dist/scanners/hallucinations/index.js +0 -8
package/dist/scanners/hallucinations/unused-security-imports.d.ts +0 -36
package/dist/scanners/hallucinations/unused-security-imports.d.ts.map +0 -1
package/dist/scanners/hallucinations/unused-security-imports.js +0 -309
package/dist/scanners/helpers/ast-helpers.d.ts +0 -6
package/dist/scanners/helpers/ast-helpers.d.ts.map +0 -1
package/dist/scanners/helpers/ast-helpers.js +0 -945
package/dist/scanners/helpers/context-builder.d.ts +0 -17
package/dist/scanners/helpers/context-builder.d.ts.map +0 -1
package/dist/scanners/helpers/context-builder.js +0 -148
package/dist/scanners/helpers/index.d.ts +0 -3
package/dist/scanners/helpers/index.d.ts.map +0 -1
package/dist/scanners/helpers/index.js +0 -2
package/dist/scanners/index.d.ts +0 -30
package/dist/scanners/index.d.ts.map +0 -1
package/dist/scanners/index.js +0 -102
package/dist/scanners/middleware/index.d.ts +0 -4
package/dist/scanners/middleware/index.d.ts.map +0 -1
package/dist/scanners/middleware/index.js +0 -7
package/dist/scanners/middleware/missing-rate-limit.d.ts +0 -13
package/dist/scanners/middleware/missing-rate-limit.d.ts.map +0 -1
package/dist/scanners/middleware/missing-rate-limit.js +0 -140
package/dist/scanners/network/cors-misconfiguration.d.ts +0 -14
package/dist/scanners/network/cors-misconfiguration.d.ts.map +0 -1
package/dist/scanners/network/cors-misconfiguration.js +0 -89
package/dist/scanners/network/index.d.ts +0 -7
package/dist/scanners/network/index.d.ts.map +0 -1
package/dist/scanners/network/index.js +0 -18
package/dist/scanners/network/missing-timeout.d.ts +0 -15
package/dist/scanners/network/missing-timeout.d.ts.map +0 -1
package/dist/scanners/network/missing-timeout.js +0 -93
package/dist/scanners/network/open-redirect.d.ts +0 -15
package/dist/scanners/network/open-redirect.d.ts.map +0 -1
package/dist/scanners/network/open-redirect.js +0 -88
package/dist/scanners/network/ssrf-prone-fetch.d.ts +0 -12
package/dist/scanners/network/ssrf-prone-fetch.d.ts.map +0 -1
package/dist/scanners/network/ssrf-prone-fetch.js +0 -90
package/dist/scanners/nextjs-middleware.d.ts +0 -26
package/dist/scanners/nextjs-middleware.d.ts.map +0 -1
package/dist/scanners/nextjs-middleware.js +0 -246
package/dist/scanners/privacy/debug-flags.d.ts +0 -13
package/dist/scanners/privacy/debug-flags.d.ts.map +0 -1
package/dist/scanners/privacy/debug-flags.js +0 -124
package/dist/scanners/privacy/index.d.ts +0 -6
package/dist/scanners/privacy/index.d.ts.map +0 -1
package/dist/scanners/privacy/index.js +0 -11
package/dist/scanners/privacy/over-broad-response.d.ts +0 -15
package/dist/scanners/privacy/over-broad-response.d.ts.map +0 -1
package/dist/scanners/privacy/over-broad-response.js +0 -109
package/dist/scanners/privacy/sensitive-logging.d.ts +0 -11
package/dist/scanners/privacy/sensitive-logging.d.ts.map +0 -1
package/dist/scanners/privacy/sensitive-logging.js +0 -78
package/dist/scanners/types.d.ts +0 -456
package/dist/scanners/types.d.ts.map +0 -1
package/dist/scanners/types.js +0 -16
package/dist/scanners/unused-security-imports.d.ts +0 -34
package/dist/scanners/unused-security-imports.d.ts.map +0 -1
package/dist/scanners/unused-security-imports.js +0 -206
package/dist/scanners/uploads/index.d.ts +0 -5
package/dist/scanners/uploads/index.d.ts.map +0 -1
package/dist/scanners/uploads/index.js +0 -9
package/dist/scanners/uploads/missing-constraints.d.ts +0 -15
package/dist/scanners/uploads/missing-constraints.d.ts.map +0 -1
package/dist/scanners/uploads/missing-constraints.js +0 -109
package/dist/scanners/uploads/public-path.d.ts +0 -11
package/dist/scanners/uploads/public-path.d.ts.map +0 -1
package/dist/scanners/uploads/public-path.js +0 -87
package/dist/scanners/validation/client-side-only.d.ts +0 -14
package/dist/scanners/validation/client-side-only.d.ts.map +0 -1
package/dist/scanners/validation/client-side-only.js +0 -140
package/dist/scanners/validation/ignored-validation.d.ts +0 -12
package/dist/scanners/validation/ignored-validation.d.ts.map +0 -1
package/dist/scanners/validation/ignored-validation.js +0 -119
package/dist/scanners/validation/index.d.ts +0 -5
package/dist/scanners/validation/index.d.ts.map +0 -1
package/dist/scanners/validation/index.js +0 -9
package/dist/utils/exclude-patterns.d.ts +0 -35
package/dist/utils/exclude-patterns.d.ts.map +0 -1
package/dist/utils/exclude-patterns.js +0 -78
package/dist/utils/file-utils.d.ts +0 -37
package/dist/utils/file-utils.d.ts.map +0 -1
package/dist/utils/file-utils.js +0 -77
package/dist/utils/fingerprint.d.ts +0 -25
package/dist/utils/fingerprint.d.ts.map +0 -1
package/dist/utils/fingerprint.js +0 -28
package/dist/utils/git-info.d.ts +0 -14
package/dist/utils/git-info.d.ts.map +0 -1
package/dist/utils/git-info.js +0 -55
package/dist/utils/index.d.ts +0 -4
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js +0 -3
package/dist/utils/progress.d.ts +0 -42
package/dist/utils/progress.d.ts.map +0 -1
package/dist/utils/progress.js +0 -165
package/dist/utils/sarif-formatter.d.ts +0 -92
package/dist/utils/sarif-formatter.d.ts.map +0 -1
package/dist/utils/sarif-formatter.js +0 -172

package/dist/commands/scan.js DELETED Viewed

@@ -1,497 +0,0 @@
-import path from "node:path";
-import { ARTIFACT_VERSION, computeSummary, validateArtifact, } from "@vibecheck/schema";
-import { writeFileSync, resolvePath, ensureDir, } from "../utils/file-utils.js";
-import { hashPath } from "../utils/fingerprint.js";
-import { getGitInfo, getRepoName } from "../utils/git-info.js";
-import { ALL_SCANNERS, ALL_SCANNER_PACKS, buildScanContext, severityMeetsThreshold, } from "../scanners/index.js";
-import { buildRouteMap, buildMiddlewareMap, buildAllProofTraces, calculateCoverage, mineAllIntentClaims, } from "../phase3/index.js";
-import { toSarif, sarifToJson } from "../utils/sarif-formatter.js";
-import { ScanProgress, Spinner } from "../utils/progress.js";
-const DEFAULT_OUTPUT_DIR = "vibecheck-artifacts";
-const DEFAULT_OUTPUT_FILE = "vibecheck-scan.json";
-/**
- * Normalize path for Windows compatibility
- */
-function normalizePath(p) {
-    // Use forward slashes for consistency, but respect platform separators for filesystem ops
-    return p.replace(/\\/g, "/");
-}
-/**
- * Get output file path with correct extension
- */
-function getOutputPath(basePath, format, targetDir) {
-    let outputPath = basePath;
-    // If path is relative, resolve against target directory
-    if (!path.isAbsolute(outputPath)) {
-        outputPath = resolvePath(targetDir, outputPath);
-    }
-    // Handle directory vs file path
-    const ext = path.extname(outputPath);
-    if (!ext) {
-        // It's a directory, add default filename
-        const filename = format === "sarif" ? "vibecheck-scan.sarif" : "vibecheck-scan.json";
-        outputPath = path.join(outputPath, filename);
-    }
-    else if (format === "sarif" && ext === ".json") {
-        // Replace .json with .sarif for sarif format
-        outputPath = outputPath.replace(/\.json$/, ".sarif");
-    }
-    else if (format === "json" && ext === ".sarif") {
-        // Replace .sarif with .json for json format
-        outputPath = outputPath.replace(/\.sarif$/, ".json");
-    }
-    return outputPath;
-}
-/**
- * Run all scanners with file-level progress tracking
- */
-async function runScannersWithProgress(baseContext, totalFiles) {
-    const allFindings = [];
-    const seenFingerprints = new Set();
-    // Initialize progress display with file count
-    const progress = new ScanProgress(ALL_SCANNER_PACKS.map((pack) => ({
-        id: pack.id,
-        name: pack.name,
-        scannerCount: pack.scanners.length,
-    })), totalFiles);
-    // Create file progress callback
-    const onFileProgress = (file, processed, total) => {
-        progress.onFileProgress(file, processed, total);
-    };
-    // Rebuild context with progress callback
-    const contextOptions = {
-        onFileProgress,
-    };
-    const context = await buildScanContext(baseContext.repoRoot, {
-        ...contextOptions,
-        excludePatterns: [],
-        includeTests: false,
-    });
-    // Copy over the file index from base context (already computed)
-    Object.assign(context, {
-        fileIndex: baseContext.fileIndex,
-        repoMeta: baseContext.repoMeta,
-        frameworkHints: baseContext.frameworkHints,
-        prismaSchemaInfo: baseContext.prismaSchemaInfo,
-    });
-    progress.start();
-    // Iterate through packs for progress tracking
-    for (let packIndex = 0; packIndex < ALL_SCANNER_PACKS.length; packIndex++) {
-        const pack = ALL_SCANNER_PACKS[packIndex];
-        progress.startPack(packIndex);
-        for (let scannerIndex = 0; scannerIndex < pack.scanners.length; scannerIndex++) {
-            const scanner = pack.scanners[scannerIndex];
-            progress.startScanner(packIndex, scannerIndex);
-            try {
-                const findings = await scanner(context);
-                let newFindingsCount = 0;
-                // Dedupe by fingerprint
-                for (const finding of findings) {
-                    if (!seenFingerprints.has(finding.fingerprint)) {
-                        seenFingerprints.add(finding.fingerprint);
-                        allFindings.push(finding);
-                        newFindingsCount++;
-                    }
-                }
-                progress.completeScanner(packIndex, newFindingsCount);
-            }
-            catch (error) {
-                // Log error but continue with other scanners
-                progress.completeScanner(packIndex, 0);
-            }
-        }
-        progress.completePack(packIndex);
-    }
-    progress.stop();
-    return allFindings;
-}
-/**
- * Create scan artifact from findings
- */
-function createArtifact(findings, targetDir, fileCount, repoName, metrics, phase3Data) {
-    const summary = computeSummary(findings);
-    const gitInfo = getGitInfo(targetDir);
-    const name = repoName ?? getRepoName(targetDir);
-    const artifact = {
-        artifactVersion: ARTIFACT_VERSION,
-        generatedAt: new Date().toISOString(),
-        tool: {
-            name: "vibecheck",
-            version: "0.0.1",
-        },
-        repo: {
-            name,
-            rootPathHash: hashPath(targetDir),
-            git: gitInfo,
-        },
-        summary,
-        findings,
-    };
-    if (metrics) {
-        artifact.metrics = {
-            filesScanned: metrics.filesScanned,
-            linesOfCode: 0, // Not implemented yet
-            scanDurationMs: metrics.scanDurationMs,
-            rulesExecuted: ALL_SCANNERS.length,
-        };
-    }
-    // Add Phase 3 data if provided
-    if (phase3Data) {
-        artifact.routeMap = phase3Data.routeMap;
-        artifact.middlewareMap = phase3Data.middlewareMap;
-        artifact.intentMap = phase3Data.intentMap;
-        artifact.proofTraces = phase3Data.proofTraces;
-        // Add coverage to metrics
-        if (artifact.metrics) {
-            artifact.metrics = {
-                ...artifact.metrics,
-                ...phase3Data.coverageMetrics,
-            };
-        }
-    }
-    return artifact;
-}
-/**
- * Format severity for console output with color
- */
-function formatSeverity(severity) {
-    const colors = {
-        critical: "\x1b[35m", // Magenta
-        high: "\x1b[31m", // Red
-        medium: "\x1b[33m", // Yellow
-        low: "\x1b[36m", // Cyan
-        info: "\x1b[90m", // Gray
-    };
-    const reset = "\x1b[0m";
-    return `${colors[severity]}${severity.toUpperCase()}${reset}`;
-}
-/**
- * Print scan summary to console
- */
-function printSummary(artifact, options) {
-    const { summary, findings } = artifact;
-    console.log("\n" + "=".repeat(60));
-    console.log("VibeCheck Scan Complete");
-    console.log("=".repeat(60));
-    console.log(`\nScanner packs: ${ALL_SCANNER_PACKS.map((p) => p.name).join(", ")}`);
-    console.log(`Total scanners: ${ALL_SCANNERS.length}`);
-    console.log(`Total findings: ${summary.totalFindings}`);
-    if (options.exclude.length > 0) {
-        console.log(`Custom excludes: ${options.exclude.length} pattern(s)`);
-    }
-    if (options.includeTests) {
-        console.log("Test files: included");
-    }
-    if (summary.totalFindings > 0) {
-        console.log("\nBy severity:");
-        if (summary.bySeverity.critical > 0) {
-            console.log(`  ${formatSeverity("critical")}: ${summary.bySeverity.critical}`);
-        }
-        if (summary.bySeverity.high > 0) {
-            console.log(`  ${formatSeverity("high")}: ${summary.bySeverity.high}`);
-        }
-        if (summary.bySeverity.medium > 0) {
-            console.log(`  ${formatSeverity("medium")}: ${summary.bySeverity.medium}`);
-        }
-        if (summary.bySeverity.low > 0) {
-            console.log(`  ${formatSeverity("low")}: ${summary.bySeverity.low}`);
-        }
-        if (summary.bySeverity.info > 0) {
-            console.log(`  ${formatSeverity("info")}: ${summary.bySeverity.info}`);
-        }
-        console.log("\nTop findings:");
-        const topFindings = findings
-            .sort((a, b) => {
-            const order = { critical: 4, high: 3, medium: 2, low: 1, info: 0 };
-            return order[b.severity] - order[a.severity];
-        })
-            .slice(0, 5);
-        for (const finding of topFindings) {
-            console.log(`  [${formatSeverity(finding.severity)}] ${finding.title}`);
-            if (finding.evidence[0]) {
-                console.log(`    ${normalizePath(finding.evidence[0].file)}:${finding.evidence[0].startLine}`);
-            }
-        }
-    }
-    console.log("");
-}
-/**
- * Check if any finding meets the fail threshold
- */
-function shouldFail(findings, threshold) {
-    if (threshold === "off") {
-        return false;
-    }
-    return findings.some((f) => severityMeetsThreshold(f.severity, threshold));
-}
-/**
- * Validate format option
- */
-function validateFormat(format) {
-    const validFormats = ["json", "sarif", "both"];
-    if (!validFormats.includes(format)) {
-        console.error(`\x1b[31mError: Invalid format "${format}". Valid options: ${validFormats.join(", ")}\x1b[0m`);
-        process.exit(1);
-    }
-    return format;
-}
-/**
- * Validate fail-on option
- */
-function validateFailOn(failOn) {
-    const validThresholds = ["off", "info", "low", "medium", "high", "critical"];
-    if (!validThresholds.includes(failOn)) {
-        console.error(`\x1b[31mError: Invalid fail-on value "${failOn}". Valid options: ${validThresholds.join(", ")}\x1b[0m`);
-        process.exit(1);
-    }
-    return failOn;
-}
-/**
- * Execute the scan command
- */
-export async function executeScan(targetDir, options) {
-    const absoluteTarget = resolvePath(targetDir);
-    // Validate options
-    const format = validateFormat(options.format);
-    const failOn = validateFailOn(options.failOn);
-    // Handle --changed flag
-    if (options.changed) {
-        console.warn("\x1b[33mWarning: --changed flag is not implemented yet\x1b[0m");
-    }
-    console.log(`\n\x1b[36m\x1b[1m  ╭${"─".repeat(88)}╮\x1b[0m`);
-    console.log(`\x1b[36m  │\x1b[0m  \x1b[1mVIBECHECK\x1b[0m ${" ".repeat(68)}\x1b[90mv0.0.1\x1b[0m  \x1b[36m│\x1b[0m`);
-    console.log(`\x1b[36m  │\x1b[0m  \x1b[90m${normalizePath(absoluteTarget).slice(0, 84).padEnd(84)}\x1b[0m  \x1b[36m│\x1b[0m`);
-    console.log(`\x1b[36m  ╰${"─".repeat(88)}╯\x1b[0m\n`);
-    const startTime = Date.now();
-    // Build scan context with file index and helpers
-    const contextSpinner = new Spinner("Indexing source files");
-    contextSpinner.start();
-    // First build context without progress callback to get file count
-    const contextOptions = {
-        excludePatterns: options.exclude,
-        includeTests: options.includeTests,
-    };
-    const initialContext = await buildScanContext(absoluteTarget, contextOptions);
-    const totalFiles = initialContext.fileIndex.allSourceFiles.length;
-    contextSpinner.succeed(`Indexed ${totalFiles} source files`);
-    console.log(`\x1b[90m   ├─ API routes: ${initialContext.fileIndex.apiRouteFiles.length}\x1b[0m`);
-    console.log(`\x1b[90m   ├─ Config files: ${initialContext.fileIndex.configFiles.length}\x1b[0m`);
-    console.log(`\x1b[90m   └─ Framework: ${initialContext.repoMeta.framework}\x1b[0m`);
-    // Run scanners with progress tracking
-    const findings = await runScannersWithProgress(initialContext, totalFiles);
-    const endTime = Date.now();
-    const scanDurationMs = endTime - startTime;
-    // Build Phase 3 data - enabled by default
-    let phase3Data;
-    const shouldEmitPhase3 = options.emitRouteMap || options.emitIntents || options.emitTraces;
-    if (shouldEmitPhase3) {
-        const intentSpinner = new Spinner("Building route map and proof traces");
-        intentSpinner.start();
-        const routeMapRaw = buildRouteMap(initialContext);
-        const middlewareMapRaw = buildMiddlewareMap(initialContext);
-        const intentMapRaw = mineAllIntentClaims(initialContext, routeMapRaw);
-        const proofTracesRaw = buildAllProofTraces(initialContext, routeMapRaw);
-        const coverageRaw = calculateCoverage(routeMapRaw, proofTracesRaw, middlewareMapRaw);
-        // Convert to schema format
-        const proofTracesRecord = {};
-        for (const [key, value] of proofTracesRaw) {
-            proofTracesRecord[key] = {
-                summary: value.authProven
-                    ? "Auth proven"
-                    : value.middlewareCovered
-                        ? "Protected by middleware"
-                        : "No protection proven",
-                nodes: value.steps.map((step) => ({
-                    kind: "handler",
-                    label: step.label,
-                    file: step.file,
-                    line: step.line,
-                })),
-            };
-        }
-        // Build middleware coverage
-        const allMatchers = middlewareMapRaw.flatMap((m) => m.matchers);
-        const middlewareCoverage = routeMapRaw.map((route) => {
-            const isRouteCovered = allMatchers.some((matcher) => {
-                const pattern = matcher.replace(/\*/g, ".*").replace(/\/:path\*/g, "/.*");
-                try {
-                    return new RegExp(`^${pattern}`).test(route.path);
-                }
-                catch {
-                    return route.path.startsWith(matcher.replace(/\/:path\*$/, ""));
-                }
-            });
-            return {
-                routeId: route.routeId,
-                covered: isRouteCovered,
-            };
-        });
-        // Calculate coverage stats
-        const stateChangingMethods = ["POST", "PUT", "PATCH", "DELETE"];
-        const stateChangingRoutes = routeMapRaw.filter((r) => stateChangingMethods.includes(r.method));
-        const protectedRoutes = stateChangingRoutes.filter((r) => {
-            const trace = proofTracesRaw.get(r.routeId);
-            return trace?.authProven || trace?.middlewareCovered;
-        });
-        const validatedRoutes = routeMapRaw
-            .filter((r) => ["POST", "PUT", "PATCH"].includes(r.method))
-            .filter((r) => proofTracesRaw.get(r.routeId)?.validationProven);
-        const coveredApiRoutes = middlewareCoverage.filter((c) => c.covered);
-        // Build phase3Data with optional fields based on flags
-        phase3Data = {
-            routeMap: options.emitRouteMap ? { routes: routeMapRaw } : { routes: [] },
-            middlewareMap: options.emitRouteMap ? {
-                middlewareFile: middlewareMapRaw[0]?.file,
-                matcher: allMatchers,
-                coverage: middlewareCoverage,
-            } : { matcher: [], coverage: [] },
-            intentMap: options.emitIntents ? { intents: intentMapRaw } : { intents: [] },
-            proofTraces: options.emitTraces ? proofTracesRecord : {},
-            coverageMetrics: {
-                authCoverage: {
-                    totalStateChanging: stateChangingRoutes.length,
-                    protectedCount: protectedRoutes.length,
-                    unprotectedCount: stateChangingRoutes.length - protectedRoutes.length,
-                },
-                validationCoverage: {
-                    totalStateChanging: routeMapRaw.filter((r) => ["POST", "PUT", "PATCH"].includes(r.method)).length,
-                    validatedCount: validatedRoutes.length,
-                },
-                middlewareCoverage: {
-                    totalApiRoutes: routeMapRaw.length,
-                    coveredApiRoutes: coveredApiRoutes.length,
-                },
-            },
-        };
-        const parts = [];
-        if (options.emitRouteMap)
-            parts.push(`${routeMapRaw.length} routes`);
-        if (options.emitIntents)
-            parts.push(`${intentMapRaw.length} intents`);
-        if (options.emitTraces)
-            parts.push(`${Object.keys(proofTracesRecord).length} traces`);
-        intentSpinner.succeed(`Built Phase 3 data (${parts.join(", ")})`);
-        console.log(`\x1b[90m   └─ Auth coverage: ${Math.round(coverageRaw.authCoverage * 100)}%\x1b[0m`);
-    }
-    // Create artifact
-    const artifact = createArtifact(findings, absoluteTarget, initialContext.fileIndex.allSourceFiles.length, options.repoName, {
-        filesScanned: initialContext.fileIndex.allSourceFiles.length,
-        scanDurationMs,
-    }, phase3Data);
-    // Validate artifact before writing
-    try {
-        validateArtifact(artifact);
-    }
-    catch (error) {
-        console.error("\x1b[31mError: Generated artifact failed validation\x1b[0m");
-        console.error(error);
-        return 1;
-    }
-    // Write output file(s)
-    const outputFiles = [];
-    if (format === "json" || format === "both") {
-        const jsonPath = getOutputPath(options.out, "json", absoluteTarget);
-        ensureDir(path.dirname(jsonPath));
-        writeFileSync(jsonPath, JSON.stringify(artifact, null, 2));
-        outputFiles.push(jsonPath);
-    }
-    if (format === "sarif" || format === "both") {
-        const sarifPath = getOutputPath(options.out, "sarif", absoluteTarget);
-        ensureDir(path.dirname(sarifPath));
-        const sarifLog = toSarif(artifact);
-        writeFileSync(sarifPath, sarifToJson(sarifLog));
-        outputFiles.push(sarifPath);
-    }
-    if (outputFiles.length > 0) {
-        console.log("\nArtifact(s) written to:");
-        for (const f of outputFiles) {
-            console.log(`  ${normalizePath(f)}`);
-        }
-    }
-    // Print summary
-    printSummary(artifact, options);
-    // Check fail threshold
-    if (shouldFail(findings, failOn)) {
-        console.log(`\x1b[31mFailing: Found findings with severity >= ${failOn}\x1b[0m`);
-        return 1;
-    }
-    return 0;
-}
-/**
- * Collect multiple --exclude values into an array
- */
-function collectExcludes(value, previous) {
-    return previous.concat([value]);
-}
-/**
- * Register scan command with commander
- */
-export function registerScanCommand(program) {
-    program
-        .command("scan [target]")
-        .description("Scan a directory for security issues")
-        .option("-t, --target <path>", "Target directory to scan (alternative to positional argument)")
-        .option("-o, --out <path>", "Output file or directory path", path.join(DEFAULT_OUTPUT_DIR, DEFAULT_OUTPUT_FILE))
-        .option("-f, --format <format>", "Output format: json, sarif, or both", "json")
-        .option("--repo-name <name>", "Override repository name")
-        .option("--fail-on <threshold>", "Exit with non-zero if findings >= threshold (off, info, low, medium, high, critical)", "high")
-        .option("-e, --exclude <glob>", "Glob pattern to exclude (repeatable)", collectExcludes, [])
-        .option("--include-tests", "Include test files in scan (excluded by default)")
-        .option("--changed", "Only scan changed files (not implemented)")
-        .option("--emit-route-map", "Include route map in output (default: true)")
-        .option("--no-emit-route-map", "Exclude route map from output")
-        .option("--emit-intents", "Include intent claims in output (default: true)")
-        .option("--no-emit-intents", "Exclude intent claims from output")
-        .option("--emit-traces", "Include proof traces in output (default: true)")
-        .option("--no-emit-traces", "Exclude proof traces from output")
-        .addHelpText("after", `
-Quickstart (no install):
-  $ npx vibecheck scan --fail-on off --out vibecheck-scan.json
-  $ pnpm dlx vibecheck scan --fail-on off --out vibecheck-scan.json
-Examples:
-  $ vibecheck scan                              Scan current directory
-  $ vibecheck scan ./my-app                     Scan specific directory
-  $ vibecheck scan --target ./my-app            Same as above (explicit target)
-  $ vibecheck scan --target ../myapp --out scan.json   Scan another folder
-  $ vibecheck scan --format sarif               Output in SARIF format
-  $ vibecheck scan --format both                Output both JSON and SARIF
-  $ vibecheck scan -o ./reports                 Custom output directory
-  $ vibecheck scan --fail-on medium             Fail on medium or higher
-  $ vibecheck scan --fail-on off                Never fail based on findings
-  $ vibecheck scan -e "**/legacy/**"            Exclude legacy directory
-  $ vibecheck scan -e "**/*.old.ts" -e "**/v1/**"  Multiple excludes
-  $ vibecheck scan --include-tests              Include test files
-  $ vibecheck scan --no-emit-intents            Skip intent mining
-  $ vibecheck scan --no-emit-traces             Skip proof trace building
-Windows-safe output paths:
-  $ vibecheck scan --out vibecheck-scan.json    Relative path (recommended)
-  $ vibecheck scan --out ./reports/scan.json    Subdirectory path
-Default excludes:
-  node_modules, dist, .git, build, .next, coverage, .turbo, .cache,
-  __tests__, *.test.*, *.spec.*, test/, tests/, fixtures/, __mocks__,
-  cypress/, e2e/, *.stories.*
-`)
-        .action(async (positionalTarget, cmdOptions) => {
-        // Prefer --target over positional, fall back to cwd
-        const targetDir = cmdOptions.target
-            ?? positionalTarget
-            ?? process.cwd();
-        const options = {
-            out: cmdOptions.out,
-            format: cmdOptions.format,
-            repoName: cmdOptions.repoName,
-            failOn: cmdOptions.failOn,
-            changed: Boolean(cmdOptions.changed),
-            emitRouteMap: cmdOptions.emitRouteMap !== false, // default true
-            emitIntents: cmdOptions.emitIntents !== false, // default true
-            emitTraces: cmdOptions.emitTraces !== false, // default true
-            exclude: cmdOptions.exclude,
-            includeTests: Boolean(cmdOptions.includeTests),
-        };
-        const exitCode = await executeScan(targetDir, options);
-        process.exit(exitCode);
-    });
-}

package/dist/commands/waivers.d.ts DELETED Viewed

@@ -1,30 +0,0 @@
-import type { Command } from "commander";
-/**
- * Initialize a new waivers file
- */
-export declare function executeWaiversInit(filepath: string, force: boolean): number;
-/**
- * Add a waiver to the file
- */
-export declare function executeWaiversAdd(filepath: string, options: {
-    fingerprint?: string;
-    ruleId?: string;
-    pathPattern?: string;
-    reason: string;
-    createdBy: string;
-    expiresAt?: string;
-    ticketRef?: string;
-}): number;
-/**
- * List waivers in the file
- */
-export declare function executeWaiversList(filepath: string, verbose: boolean): number;
-/**
- * Remove a waiver from the file
- */
-export declare function executeWaiversRemove(filepath: string, waiverId: string): number;
-/**
- * Register waivers command with subcommands
- */
-export declare function registerWaiversCommand(program: Command): void;
-//# sourceMappingURL=waivers.d.ts.map

package/dist/commands/waivers.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"waivers.d.ts","sourceRoot":"","sources":["../../src/commands/waivers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAqDzC;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,MAAM,CAc3E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE;IACP,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,MAAM,CAsER;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,CA0C7E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAe/E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAkF7D"}