@quantracode/vibecheck 0.0.1

package/dist/__tests__/scanners/scanner-packs.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=scanner-packs.test.d.ts.map

package/dist/__tests__/scanners/scanner-packs.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner-packs.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/scanners/scanner-packs.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/scanner-packs.test.js

@@ -0,0 +1,126 @@
+import { describe, it, expect, beforeAll } from "vitest";
+import path from "node:path";
+import { buildScanContext } from "../../scanners/index.js";
+import { scanUnprotectedApiRoutes } from "../../scanners/auth/unprotected-api-route.js";
+import { parseMatcherConfig, matcherCoversApi } from "../../scanners/auth/middleware-gap.js";
+import { scanInsecureDefaults } from "../../scanners/config/insecure-defaults.js";
+import { findSecurityImports, checkIdentifierUsage, } from "../../scanners/hallucinations/unused-security-imports.js";
+const FIXTURES_DIR = path.resolve(__dirname, "../fixtures");
+const VULNERABLE_APP = path.join(FIXTURES_DIR, "vulnerable-app");
+const SAFE_APP = path.join(FIXTURES_DIR, "safe-app");
+describe("Scanner Packs", () => {
+    let vulnerableContext;
+    let safeContext;
+    beforeAll(async () => {
+        vulnerableContext = await buildScanContext(VULNERABLE_APP);
+        safeContext = await buildScanContext(SAFE_APP);
+    });
+    describe("Auth Pack", () => {
+        describe("VC-AUTH-001: Unprotected API Routes", () => {
+            it("should detect unprotected POST handler with database writes", async () => {
+                const findings = await scanUnprotectedApiRoutes(vulnerableContext);
+                const postFinding = findings.find((f) => f.ruleId === "VC-AUTH-001" && f.title.includes("POST"));
+                expect(postFinding).toBeDefined();
+                expect(postFinding?.severity).toBe("high");
+                expect(postFinding?.category).toBe("auth");
+            });
+            it("should detect unprotected DELETE handler as critical", async () => {
+                const findings = await scanUnprotectedApiRoutes(vulnerableContext);
+                const deleteFinding = findings.find((f) => f.ruleId === "VC-AUTH-001" && f.title.includes("DELETE"));
+                expect(deleteFinding).toBeDefined();
+                expect(deleteFinding?.severity).toBe("critical");
+            });
+            it("should not flag protected routes", async () => {
+                const findings = await scanUnprotectedApiRoutes(safeContext);
+                expect(findings).toHaveLength(0);
+            });
+        });
+        describe("Middleware Gap Detection", () => {
+            it("should parse single string matcher", () => {
+                const content = `export const config = { matcher: '/api/:path*' }`;
+                const matchers = parseMatcherConfig(content);
+                expect(matchers).toEqual(["/api/:path*"]);
+            });
+            it("should parse array matcher", () => {
+                const content = `export const config = { matcher: ['/api/:path*', '/admin/:path*'] }`;
+                const matchers = parseMatcherConfig(content);
+                expect(matchers).toEqual(["/api/:path*", "/admin/:path*"]);
+            });
+            it("should detect when matcher covers api", () => {
+                expect(matcherCoversApi(["/api/:path*"])).toBe(true);
+                expect(matcherCoversApi(["/api/users"])).toBe(true);
+                expect(matcherCoversApi(["/:path*"])).toBe(true);
+            });
+            it("should detect when matcher does not cover api", () => {
+                expect(matcherCoversApi(["/dashboard/:path*"])).toBe(false);
+                expect(matcherCoversApi(["/admin/:path*"])).toBe(false);
+            });
+        });
+    });
+    describe("Config Pack", () => {
+        describe("VC-CONFIG-002: Insecure Defaults", () => {
+            it("should detect insecure default for JWT_SECRET", async () => {
+                const findings = await scanInsecureDefaults(vulnerableContext);
+                const jwtFinding = findings.find((f) => f.ruleId === "VC-CONFIG-002" && f.title.includes("JWT_SECRET"));
+                expect(jwtFinding).toBeDefined();
+                expect(jwtFinding?.severity).toBe("critical");
+            });
+            it("should detect insecure default for SESSION_SECRET", async () => {
+                const findings = await scanInsecureDefaults(vulnerableContext);
+                const sessionFinding = findings.find((f) => f.ruleId === "VC-CONFIG-002" && f.title.includes("SESSION_SECRET"));
+                expect(sessionFinding).toBeDefined();
+                expect(sessionFinding?.severity).toBe("critical");
+            });
+        });
+    });
+    describe("Hallucinations Pack", () => {
+        describe("findSecurityImports", () => {
+            it("should find default imports", () => {
+                const content = `import helmet from "helmet";`;
+                const imports = findSecurityImports(content, ["helmet"]);
+                expect(imports).toHaveLength(1);
+                expect(imports[0].library).toBe("helmet");
+                expect(imports[0].importedNames).toEqual(["helmet"]);
+                expect(imports[0].isDefaultImport).toBe(true);
+            });
+            it("should find named imports", () => {
+                const content = `import { z, ZodError } from "zod";`;
+                const imports = findSecurityImports(content, ["zod"]);
+                expect(imports).toHaveLength(1);
+                expect(imports[0].library).toBe("zod");
+                expect(imports[0].importedNames).toContain("z");
+                expect(imports[0].importedNames).toContain("ZodError");
+            });
+            it("should find namespace imports", () => {
+                const content = `import * as yup from "yup";`;
+                const imports = findSecurityImports(content, ["yup"]);
+                expect(imports).toHaveLength(1);
+                expect(imports[0].library).toBe("yup");
+                expect(imports[0].isNamespaceImport).toBe(true);
+            });
+        });
+        describe("checkIdentifierUsage", () => {
+            it("should detect used identifiers", () => {
+                const content = `import helmet from "helmet";
+
+app.use(helmet());`;
+                const usage = checkIdentifierUsage(content, 1, ["helmet"], false);
+                expect(usage[0].used).toBe(true);
+            });
+            it("should detect unused identifiers", () => {
+                const content = `import helmet from "helmet";
+
+app.use(cors());`;
+                const usage = checkIdentifierUsage(content, 1, ["helmet"], false);
+                expect(usage[0].used).toBe(false);
+            });
+            it("should detect namespace usage", () => {
+                const content = `import * as yup from "yup";
+
+const schema = yup.object();`;
+                const usage = checkIdentifierUsage(content, 1, ["yup"], true);
+                expect(usage[0].used).toBe(true);
+            });
+        });
+    });
+});

package/dist/__tests__/scanners/unused-security-imports.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=unused-security-imports.test.d.ts.map

package/dist/__tests__/scanners/unused-security-imports.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unused-security-imports.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/scanners/unused-security-imports.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/unused-security-imports.test.js

@@ -0,0 +1,145 @@
+import { describe, it, expect } from "vitest";
+import { findSecurityImports, checkIdentifierUsage, scanUnusedSecurityImports, } from "../../scanners/unused-security-imports.js";
+import path from "node:path";
+import fs from "node:fs";
+import os from "node:os";
+describe("findSecurityImports", () => {
+    it("finds default imports", () => {
+        const content = `import zod from "zod";`;
+        const imports = findSecurityImports(content, ["zod"]);
+        expect(imports).toHaveLength(1);
+        expect(imports[0].library).toBe("zod");
+        expect(imports[0].importedNames).toContain("zod");
+        expect(imports[0].isDefaultImport).toBe(true);
+    });
+    it("finds named imports", () => {
+        const content = `import { z, ZodError } from "zod";`;
+        const imports = findSecurityImports(content, ["zod"]);
+        expect(imports).toHaveLength(1);
+        expect(imports[0].importedNames).toContain("z");
+        expect(imports[0].importedNames).toContain("ZodError");
+    });
+    it("finds namespace imports", () => {
+        const content = `import * as yup from "yup";`;
+        const imports = findSecurityImports(content, ["yup"]);
+        expect(imports).toHaveLength(1);
+        expect(imports[0].isNamespaceImport).toBe(true);
+        expect(imports[0].importedNames).toContain("yup");
+    });
+    it("finds helmet import", () => {
+        const content = `import helmet from "helmet";`;
+        const imports = findSecurityImports(content, ["helmet"]);
+        expect(imports).toHaveLength(1);
+        expect(imports[0].library).toBe("helmet");
+    });
+    it("returns correct line numbers", () => {
+        const content = `// line 1
+// line 2
+import { z } from "zod";
+`;
+        const imports = findSecurityImports(content, ["zod"]);
+        expect(imports[0].line).toBe(3);
+    });
+    it("ignores non-security imports", () => {
+        const content = `
+import express from "express";
+import { z } from "zod";
+`;
+        const imports = findSecurityImports(content, ["zod", "helmet"]);
+        expect(imports).toHaveLength(1);
+        expect(imports[0].library).toBe("zod");
+    });
+});
+describe("checkIdentifierUsage", () => {
+    it("detects used identifiers", () => {
+        const content = `
+import { z } from "zod";
+const schema = z.string();
+`;
+        const result = checkIdentifierUsage(content, 2, ["z"], false);
+        expect(result[0].used).toBe(true);
+    });
+    it("detects unused identifiers", () => {
+        const content = `
+import { z, ZodError } from "zod";
+const schema = z.string();
+`;
+        const result = checkIdentifierUsage(content, 2, ["z", "ZodError"], false);
+        expect(result.find((r) => r.identifier === "z")?.used).toBe(true);
+        expect(result.find((r) => r.identifier === "ZodError")?.used).toBe(false);
+    });
+    it("handles namespace imports", () => {
+        const content = `
+import * as yup from "yup";
+const schema = yup.string();
+`;
+        const result = checkIdentifierUsage(content, 2, ["yup"], true);
+        expect(result[0].used).toBe(true);
+    });
+    it("detects unused namespace imports", () => {
+        const content = `
+import * as yup from "yup";
+// not used
+`;
+        const result = checkIdentifierUsage(content, 2, ["yup"], true);
+        expect(result[0].used).toBe(false);
+    });
+});
+describe("scanUnusedSecurityImports", () => {
+    it("finds unused zod import", async () => {
+        const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "vibecheck-test-"));
+        fs.writeFileSync(path.join(tmpDir, "app.ts"), `import { z } from "zod";
+// import is never used below
+const x = 1;
+`);
+        try {
+            const context = {
+                targetDir: tmpDir,
+                sourceFiles: ["app.ts"],
+            };
+            const findings = await scanUnusedSecurityImports(context);
+            expect(findings).toHaveLength(1);
+            expect(findings[0].ruleId).toBe("VC-HALL-001");
+            expect(findings[0].category).toBe("validation");
+        }
+        finally {
+            fs.rmSync(tmpDir, { recursive: true });
+        }
+    });
+    it("does not flag used imports", async () => {
+        const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "vibecheck-test-"));
+        fs.writeFileSync(path.join(tmpDir, "app.ts"), `import { z } from "zod";
+const schema = z.string();
+`);
+        try {
+            const context = {
+                targetDir: tmpDir,
+                sourceFiles: ["app.ts"],
+            };
+            const findings = await scanUnusedSecurityImports(context);
+            expect(findings).toHaveLength(0);
+        }
+        finally {
+            fs.rmSync(tmpDir, { recursive: true });
+        }
+    });
+    it("finds unused helmet import", async () => {
+        const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "vibecheck-test-"));
+        fs.writeFileSync(path.join(tmpDir, "server.ts"), `import helmet from "helmet";
+// import is never used below
+const app = express();
+`);
+        try {
+            const context = {
+                targetDir: tmpDir,
+                sourceFiles: ["server.ts"],
+            };
+            const findings = await scanUnusedSecurityImports(context);
+            expect(findings).toHaveLength(1);
+            expect(findings[0].category).toBe("middleware");
+        }
+        finally {
+            fs.rmSync(tmpDir, { recursive: true });
+        }
+    });
+});

package/dist/commands/demo-artifact.d.ts

@@ -0,0 +1,7 @@
+import { Command } from "commander";
+export interface DemoArtifactOptions {
+    out?: string;
+}
+export declare function executeDemoArtifact(options: DemoArtifactOptions): void;
+export declare function registerDemoArtifactCommand(program: Command): void;
+//# sourceMappingURL=demo-artifact.d.ts.map

package/dist/commands/demo-artifact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"demo-artifact.d.ts","sourceRoot":"","sources":["../../src/commands/demo-artifact.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AASpC,MAAM,WAAW,mBAAmB;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AA4SD,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,mBAAmB,GAAG,IAAI,CA6BtE;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAQlE"}

package/dist/commands/demo-artifact.js

@@ -0,0 +1,322 @@
+import { writeFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { ARTIFACT_VERSION, computeSummary, } from "@vibecheck/schema";
+function generateDemoArtifact() {
+    const findings = [
+        {
+            id: "demo-finding-1",
+            ruleId: "VC-AUTH-001",
+            title: "Missing Authentication in API Route",
+            description: "The API route /api/users does not verify user authentication before returning sensitive data. An attacker could access user information without logging in.",
+            severity: "critical",
+            confidence: 0.95,
+            category: "auth",
+            evidence: [
+                {
+                    file: "pages/api/users.ts",
+                    startLine: 5,
+                    endLine: 12,
+                    snippet: `export default async function handler(req, res) {
+  // No authentication check!
+  const users = await db.query("SELECT * FROM users");
+  res.json(users);
+}`,
+                    label: "Unauthenticated API handler",
+                },
+            ],
+            remediation: {
+                recommendedFix: "Add authentication middleware to verify the user session before processing the request.",
+                patch: `import { getServerSession } from "next-auth";
+
+export default async function handler(req, res) {
+  const session = await getServerSession(req, res);
+  if (!session) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+  const users = await db.query("SELECT * FROM users");
+  res.json(users);
+}`,
+            },
+            links: {
+                owasp: "https://owasp.org/Top10/A01_2021-Broken_Access_Control/",
+                cwe: "https://cwe.mitre.org/data/definitions/306.html",
+            },
+            fingerprint: "demo-fp-001",
+        },
+        {
+            id: "demo-finding-2",
+            ruleId: "VC-INJECT-001",
+            title: "SQL Injection Vulnerability",
+            description: "User input is directly interpolated into SQL query without parameterization, allowing attackers to execute arbitrary SQL commands.",
+            severity: "critical",
+            confidence: 0.92,
+            category: "injection",
+            evidence: [
+                {
+                    file: "lib/database.ts",
+                    startLine: 23,
+                    endLine: 25,
+                    snippet: `async function getUser(id: string) {
+  return db.query(\`SELECT * FROM users WHERE id = '\${id}'\`);
+}`,
+                    label: "SQL string interpolation",
+                },
+            ],
+            proof: {
+                summary: "User input flows from API parameter to SQL query without sanitization",
+                nodes: [
+                    {
+                        kind: "route",
+                        label: "User ID received from request query parameter",
+                        file: "pages/api/user/[id].ts",
+                        line: 4,
+                    },
+                    {
+                        kind: "function",
+                        label: "ID passed to getUser() without validation",
+                        file: "pages/api/user/[id].ts",
+                        line: 8,
+                    },
+                    {
+                        kind: "sink",
+                        label: "ID interpolated directly into SQL query",
+                        file: "lib/database.ts",
+                        line: 24,
+                    },
+                ],
+            },
+            remediation: {
+                recommendedFix: "Use parameterized queries or prepared statements instead of string interpolation.",
+                patch: `async function getUser(id: string) {
+  return db.query("SELECT * FROM users WHERE id = $1", [id]);
+}`,
+            },
+            links: {
+                owasp: "https://owasp.org/Top10/A03_2021-Injection/",
+                cwe: "https://cwe.mitre.org/data/definitions/89.html",
+            },
+            fingerprint: "demo-fp-002",
+        },
+        {
+            id: "demo-finding-3",
+            ruleId: "VC-XSS-001",
+            title: "Cross-Site Scripting (XSS) via dangerouslySetInnerHTML",
+            description: "User-generated content is rendered using dangerouslySetInnerHTML without sanitization, enabling XSS attacks.",
+            severity: "high",
+            confidence: 0.88,
+            category: "validation",
+            evidence: [
+                {
+                    file: "components/Comment.tsx",
+                    startLine: 15,
+                    endLine: 17,
+                    snippet: `function Comment({ content }: { content: string }) {
+  return <div dangerouslySetInnerHTML={{ __html: content }} />;
+}`,
+                    label: "Unsanitized HTML rendering",
+                },
+            ],
+            remediation: {
+                recommendedFix: "Sanitize HTML content using a library like DOMPurify before rendering.",
+                patch: `import DOMPurify from "dompurify";
+
+function Comment({ content }: { content: string }) {
+  const sanitized = DOMPurify.sanitize(content);
+  return <div dangerouslySetInnerHTML={{ __html: sanitized }} />;
+}`,
+            },
+            links: {
+                owasp: "https://owasp.org/Top10/A03_2021-Injection/",
+                cwe: "https://cwe.mitre.org/data/definitions/79.html",
+            },
+            fingerprint: "demo-fp-003",
+        },
+        {
+            id: "demo-finding-4",
+            ruleId: "VC-SECRETS-001",
+            title: "Hardcoded API Key in Source Code",
+            description: "An API key is hardcoded in the source file. This could be exposed in version control or client bundles.",
+            severity: "high",
+            confidence: 0.85,
+            category: "secrets",
+            evidence: [
+                {
+                    file: "lib/stripe.ts",
+                    startLine: 3,
+                    endLine: 3,
+                    snippet: `const STRIPE_KEY = "sk_live_abc123xyz789";`,
+                    label: "Hardcoded secret key",
+                },
+            ],
+            remediation: {
+                recommendedFix: "Move secrets to environment variables and never commit them to version control.",
+                patch: `const STRIPE_KEY = process.env.STRIPE_SECRET_KEY;
+
+if (!STRIPE_KEY) {
+  throw new Error("STRIPE_SECRET_KEY environment variable is required");
+}`,
+            },
+            fingerprint: "demo-fp-004",
+        },
+        {
+            id: "demo-finding-5",
+            ruleId: "VC-HALL-001",
+            title: "Unused Security Import: helmet",
+            description: "The helmet security middleware is imported but never used, suggesting incomplete security implementation.",
+            severity: "medium",
+            confidence: 0.94,
+            category: "middleware",
+            evidence: [
+                {
+                    file: "server.ts",
+                    startLine: 2,
+                    endLine: 2,
+                    snippet: `import helmet from "helmet";`,
+                    label: "Unused helmet import",
+                },
+            ],
+            claim: {
+                type: "OTHER",
+                source: "import",
+                scope: "module",
+                strength: "weak",
+                textEvidence: 'import helmet from "helmet"',
+                location: {
+                    file: "server.ts",
+                    startLine: 2,
+                    endLine: 2,
+                },
+            },
+            remediation: {
+                recommendedFix: "Apply the helmet middleware to add security headers, or remove the unused import.",
+                patch: `import helmet from "helmet";
+
+app.use(helmet());`,
+            },
+            fingerprint: "demo-fp-005",
+        },
+        {
+            id: "demo-finding-6",
+            ruleId: "VC-PRIVACY-001",
+            title: "Sensitive Data in Console Logs",
+            description: "User passwords are being logged to the console, which could expose credentials in log files or monitoring systems.",
+            severity: "medium",
+            confidence: 0.91,
+            category: "privacy",
+            evidence: [
+                {
+                    file: "lib/auth.ts",
+                    startLine: 45,
+                    endLine: 45,
+                    snippet: `console.log("Login attempt:", { email, password });`,
+                    label: "Password logged to console",
+                },
+            ],
+            remediation: {
+                recommendedFix: "Remove sensitive data from log statements. Only log non-sensitive identifiers.",
+                patch: `console.log("Login attempt:", { email, timestamp: Date.now() });`,
+            },
+            fingerprint: "demo-fp-006",
+        },
+        {
+            id: "demo-finding-7",
+            ruleId: "VC-CONFIG-001",
+            title: "Insecure Cookie Configuration",
+            description: "Session cookies are configured without the Secure and HttpOnly flags, making them vulnerable to interception and XSS attacks.",
+            severity: "low",
+            confidence: 0.82,
+            category: "config",
+            evidence: [
+                {
+                    file: "lib/session.ts",
+                    startLine: 8,
+                    endLine: 12,
+                    snippet: `const sessionConfig = {
+  name: "session",
+  secret: process.env.SESSION_SECRET,
+  // Missing: secure, httpOnly, sameSite
+};`,
+                    label: "Insecure session config",
+                },
+            ],
+            remediation: {
+                recommendedFix: "Add secure cookie options to protect against common attacks.",
+                patch: `const sessionConfig = {
+  name: "session",
+  secret: process.env.SESSION_SECRET,
+  cookie: {
+    secure: process.env.NODE_ENV === "production",
+    httpOnly: true,
+    sameSite: "strict",
+    maxAge: 60 * 60 * 24 * 7, // 1 week
+  },
+};`,
+            },
+            fingerprint: "demo-fp-007",
+        },
+    ];
+    const artifact = {
+        artifactVersion: ARTIFACT_VERSION,
+        generatedAt: new Date().toISOString(),
+        tool: {
+            name: "vibecheck",
+            version: "0.0.1",
+        },
+        repo: {
+            name: "demo-project",
+            rootPathHash: "demo-hash-12345",
+            git: {
+                branch: "main",
+                commit: "abc1234",
+                isDirty: false,
+            },
+        },
+        summary: computeSummary(findings),
+        findings,
+        metrics: {
+            filesScanned: 42,
+            linesOfCode: 3847,
+            scanDurationMs: 1250,
+            rulesExecuted: 12,
+        },
+    };
+    return artifact;
+}
+export function executeDemoArtifact(options) {
+    const artifact = generateDemoArtifact();
+    const json = JSON.stringify(artifact, null, 2);
+    if (options.out) {
+        const outPath = resolve(process.cwd(), options.out);
+        writeFileSync(outPath, json, "utf-8");
+        console.log(`Demo artifact written to: ${outPath}`);
+    }
+    else {
+        console.log(json);
+    }
+    console.log(`
+============================================================
+Demo Artifact Generated
+============================================================
+
+Findings: ${artifact.summary.totalFindings}
+  - Critical: ${artifact.summary.bySeverity.critical}
+  - High: ${artifact.summary.bySeverity.high}
+  - Medium: ${artifact.summary.bySeverity.medium}
+  - Low: ${artifact.summary.bySeverity.low}
+  - Info: ${artifact.summary.bySeverity.info}
+
+Use this artifact to test the VibeCheck UI:
+  1. Run: pnpm dev:web
+  2. Open: http://localhost:3000
+  3. Import the generated JSON file
+`);
+}
+export function registerDemoArtifactCommand(program) {
+    program
+        .command("demo-artifact")
+        .description("Generate a demo artifact for testing the UI")
+        .option("-o, --out <path>", "Output file path (prints to stdout if not specified)")
+        .action((options) => {
+        executeDemoArtifact(options);
+    });
+}

package/dist/commands/evaluate.d.ts

@@ -0,0 +1,30 @@
+import type { Command } from "commander";
+import { type ProfileName } from "@vibecheck/policy";
+/**
+ * Evaluate command options
+ */
+export interface EvaluateOptions {
+    /** Path to scan artifact (JSON) */
+    artifact: string;
+    /** Optional baseline artifact for regression detection */
+    baseline?: string;
+    /** Policy profile name */
+    profile: ProfileName;
+    /** Path to policy config file (JSON) */
+    config?: string;
+    /** Path to waivers file (JSON) */
+    waivers?: string;
+    /** Output report to file */
+    out?: string;
+    /** JSON output only (no console summary) */
+    quiet: boolean;
+}
+/**
+ * Execute the evaluate command
+ */
+export declare function executeEvaluate(options: EvaluateOptions): Promise<number>;
+/**
+ * Register evaluate command with commander
+ */
+export declare function registerEvaluateCommand(program: Command): void;
+//# sourceMappingURL=evaluate.d.ts.map

package/dist/commands/evaluate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/commands/evaluate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,EAKL,KAAK,WAAW,EAOjB,MAAM,mBAAmB,CAAC;AAG3B;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,OAAO,EAAE,WAAW,CAAC;IACrB,wCAAwC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,KAAK,EAAE,OAAO,CAAC;CAChB;AAkLD;;GAEG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAqD/E;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA0E9D"}