npm - @quantracode/vibecheck - Versions diffs - 0.0.1 - Mend

@quantracode/vibecheck 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/LICENSE +21 -0
package/README.md +839 -0
package/dist/__tests__/cli.test.d.ts +2 -0
package/dist/__tests__/cli.test.d.ts.map +1 -0
package/dist/__tests__/cli.test.js +243 -0
package/dist/__tests__/fixtures/safe-app/app/api/users/route.js +36 -0
package/dist/__tests__/fixtures/vulnerable-app/app/api/users/route.js +28 -0
package/dist/__tests__/fixtures/vulnerable-app/lib/config.d.ts +4 -0
package/dist/__tests__/fixtures/vulnerable-app/lib/config.d.ts.map +1 -0
package/dist/__tests__/fixtures/vulnerable-app/lib/config.js +6 -0
package/dist/__tests__/scanners/env-config.test.d.ts +2 -0
package/dist/__tests__/scanners/env-config.test.d.ts.map +1 -0
package/dist/__tests__/scanners/env-config.test.js +142 -0
package/dist/__tests__/scanners/nextjs-middleware.test.d.ts +2 -0
package/dist/__tests__/scanners/nextjs-middleware.test.d.ts.map +1 -0
package/dist/__tests__/scanners/nextjs-middleware.test.js +193 -0
package/dist/__tests__/scanners/scanner-packs.test.d.ts +2 -0
package/dist/__tests__/scanners/scanner-packs.test.d.ts.map +1 -0
package/dist/__tests__/scanners/scanner-packs.test.js +126 -0
package/dist/__tests__/scanners/unused-security-imports.test.d.ts +2 -0
package/dist/__tests__/scanners/unused-security-imports.test.d.ts.map +1 -0
package/dist/__tests__/scanners/unused-security-imports.test.js +145 -0
package/dist/commands/demo-artifact.d.ts +7 -0
package/dist/commands/demo-artifact.d.ts.map +1 -0
package/dist/commands/demo-artifact.js +322 -0
package/dist/commands/evaluate.d.ts +30 -0
package/dist/commands/evaluate.d.ts.map +1 -0
package/dist/commands/evaluate.js +258 -0
package/dist/commands/explain.d.ts +12 -0
package/dist/commands/explain.d.ts.map +1 -0
package/dist/commands/explain.js +214 -0
package/dist/commands/index.d.ts +7 -0
package/dist/commands/index.d.ts.map +1 -0
package/dist/commands/index.js +6 -0
package/dist/commands/intent.d.ts +21 -0
package/dist/commands/intent.d.ts.map +1 -0
package/dist/commands/intent.js +192 -0
package/dist/commands/scan.d.ts +44 -0
package/dist/commands/scan.d.ts.map +1 -0
package/dist/commands/scan.js +497 -0
package/dist/commands/waivers.d.ts +30 -0
package/dist/commands/waivers.d.ts.map +1 -0
package/dist/commands/waivers.js +249 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +17 -0
package/dist/phase3/index.d.ts +11 -0
package/dist/phase3/index.d.ts.map +1 -0
package/dist/phase3/index.js +12 -0
package/dist/phase3/intent-miner.d.ts +32 -0
package/dist/phase3/intent-miner.d.ts.map +1 -0
package/dist/phase3/intent-miner.js +323 -0
package/dist/phase3/proof-trace-builder.d.ts +42 -0
package/dist/phase3/proof-trace-builder.d.ts.map +1 -0
package/dist/phase3/proof-trace-builder.js +441 -0
package/dist/phase3/scanners/auth-by-ui-server-gap.d.ts +15 -0
package/dist/phase3/scanners/auth-by-ui-server-gap.d.ts.map +1 -0
package/dist/phase3/scanners/auth-by-ui-server-gap.js +237 -0
package/dist/phase3/scanners/comment-claim-unproven.d.ts +14 -0
package/dist/phase3/scanners/comment-claim-unproven.d.ts.map +1 -0
package/dist/phase3/scanners/comment-claim-unproven.js +161 -0
package/dist/phase3/scanners/index.d.ts +31 -0
package/dist/phase3/scanners/index.d.ts.map +1 -0
package/dist/phase3/scanners/index.js +40 -0
package/dist/phase3/scanners/middleware-assumed-not-matching.d.ts +14 -0
package/dist/phase3/scanners/middleware-assumed-not-matching.d.ts.map +1 -0
package/dist/phase3/scanners/middleware-assumed-not-matching.js +172 -0
package/dist/phase3/scanners/validation-claimed-missing.d.ts +15 -0
package/dist/phase3/scanners/validation-claimed-missing.d.ts.map +1 -0
package/dist/phase3/scanners/validation-claimed-missing.js +204 -0
package/dist/scanners/abuse/compute-abuse.d.ts +20 -0
package/dist/scanners/abuse/compute-abuse.d.ts.map +1 -0
package/dist/scanners/abuse/compute-abuse.js +509 -0
package/dist/scanners/abuse/index.d.ts +12 -0
package/dist/scanners/abuse/index.d.ts.map +1 -0
package/dist/scanners/abuse/index.js +15 -0
package/dist/scanners/auth/index.d.ts +5 -0
package/dist/scanners/auth/index.d.ts.map +1 -0
package/dist/scanners/auth/index.js +10 -0
package/dist/scanners/auth/middleware-gap.d.ts +22 -0
package/dist/scanners/auth/middleware-gap.d.ts.map +1 -0
package/dist/scanners/auth/middleware-gap.js +203 -0
package/dist/scanners/auth/unprotected-api-route.d.ts +12 -0
package/dist/scanners/auth/unprotected-api-route.d.ts.map +1 -0
package/dist/scanners/auth/unprotected-api-route.js +126 -0
package/dist/scanners/config/index.d.ts +5 -0
package/dist/scanners/config/index.d.ts.map +1 -0
package/dist/scanners/config/index.js +10 -0
package/dist/scanners/config/insecure-defaults.d.ts +12 -0
package/dist/scanners/config/insecure-defaults.d.ts.map +1 -0
package/dist/scanners/config/insecure-defaults.js +77 -0
package/dist/scanners/config/undocumented-env.d.ts +24 -0
package/dist/scanners/config/undocumented-env.d.ts.map +1 -0
package/dist/scanners/config/undocumented-env.js +159 -0
package/dist/scanners/crypto/index.d.ts +6 -0
package/dist/scanners/crypto/index.d.ts.map +1 -0
package/dist/scanners/crypto/index.js +11 -0
package/dist/scanners/crypto/jwt-decode-unverified.d.ts +14 -0
package/dist/scanners/crypto/jwt-decode-unverified.d.ts.map +1 -0
package/dist/scanners/crypto/jwt-decode-unverified.js +87 -0
package/dist/scanners/crypto/math-random-tokens.d.ts +13 -0
package/dist/scanners/crypto/math-random-tokens.d.ts.map +1 -0
package/dist/scanners/crypto/math-random-tokens.js +80 -0
package/dist/scanners/crypto/weak-hashing.d.ts +11 -0
package/dist/scanners/crypto/weak-hashing.d.ts.map +1 -0
package/dist/scanners/crypto/weak-hashing.js +95 -0
package/dist/scanners/env-config.d.ts +24 -0
package/dist/scanners/env-config.d.ts.map +1 -0
package/dist/scanners/env-config.js +164 -0
package/dist/scanners/hallucinations/index.d.ts +4 -0
package/dist/scanners/hallucinations/index.d.ts.map +1 -0
package/dist/scanners/hallucinations/index.js +8 -0
package/dist/scanners/hallucinations/unused-security-imports.d.ts +36 -0
package/dist/scanners/hallucinations/unused-security-imports.d.ts.map +1 -0
package/dist/scanners/hallucinations/unused-security-imports.js +309 -0
package/dist/scanners/helpers/ast-helpers.d.ts +6 -0
package/dist/scanners/helpers/ast-helpers.d.ts.map +1 -0
package/dist/scanners/helpers/ast-helpers.js +945 -0
package/dist/scanners/helpers/context-builder.d.ts +17 -0
package/dist/scanners/helpers/context-builder.d.ts.map +1 -0
package/dist/scanners/helpers/context-builder.js +148 -0
package/dist/scanners/helpers/index.d.ts +3 -0
package/dist/scanners/helpers/index.d.ts.map +1 -0
package/dist/scanners/helpers/index.js +2 -0
package/dist/scanners/index.d.ts +30 -0
package/dist/scanners/index.d.ts.map +1 -0
package/dist/scanners/index.js +102 -0
package/dist/scanners/middleware/index.d.ts +4 -0
package/dist/scanners/middleware/index.d.ts.map +1 -0
package/dist/scanners/middleware/index.js +7 -0
package/dist/scanners/middleware/missing-rate-limit.d.ts +13 -0
package/dist/scanners/middleware/missing-rate-limit.d.ts.map +1 -0
package/dist/scanners/middleware/missing-rate-limit.js +140 -0
package/dist/scanners/network/cors-misconfiguration.d.ts +14 -0
package/dist/scanners/network/cors-misconfiguration.d.ts.map +1 -0
package/dist/scanners/network/cors-misconfiguration.js +89 -0
package/dist/scanners/network/index.d.ts +7 -0
package/dist/scanners/network/index.d.ts.map +1 -0
package/dist/scanners/network/index.js +18 -0
package/dist/scanners/network/missing-timeout.d.ts +15 -0
package/dist/scanners/network/missing-timeout.d.ts.map +1 -0
package/dist/scanners/network/missing-timeout.js +93 -0
package/dist/scanners/network/open-redirect.d.ts +15 -0
package/dist/scanners/network/open-redirect.d.ts.map +1 -0
package/dist/scanners/network/open-redirect.js +88 -0
package/dist/scanners/network/ssrf-prone-fetch.d.ts +12 -0
package/dist/scanners/network/ssrf-prone-fetch.d.ts.map +1 -0
package/dist/scanners/network/ssrf-prone-fetch.js +90 -0
package/dist/scanners/nextjs-middleware.d.ts +26 -0
package/dist/scanners/nextjs-middleware.d.ts.map +1 -0
package/dist/scanners/nextjs-middleware.js +246 -0
package/dist/scanners/privacy/debug-flags.d.ts +13 -0
package/dist/scanners/privacy/debug-flags.d.ts.map +1 -0
package/dist/scanners/privacy/debug-flags.js +124 -0
package/dist/scanners/privacy/index.d.ts +6 -0
package/dist/scanners/privacy/index.d.ts.map +1 -0
package/dist/scanners/privacy/index.js +11 -0
package/dist/scanners/privacy/over-broad-response.d.ts +15 -0
package/dist/scanners/privacy/over-broad-response.d.ts.map +1 -0
package/dist/scanners/privacy/over-broad-response.js +109 -0
package/dist/scanners/privacy/sensitive-logging.d.ts +11 -0
package/dist/scanners/privacy/sensitive-logging.d.ts.map +1 -0
package/dist/scanners/privacy/sensitive-logging.js +78 -0
package/dist/scanners/types.d.ts +456 -0
package/dist/scanners/types.d.ts.map +1 -0
package/dist/scanners/types.js +16 -0
package/dist/scanners/unused-security-imports.d.ts +34 -0
package/dist/scanners/unused-security-imports.d.ts.map +1 -0
package/dist/scanners/unused-security-imports.js +206 -0
package/dist/scanners/uploads/index.d.ts +5 -0
package/dist/scanners/uploads/index.d.ts.map +1 -0
package/dist/scanners/uploads/index.js +9 -0
package/dist/scanners/uploads/missing-constraints.d.ts +15 -0
package/dist/scanners/uploads/missing-constraints.d.ts.map +1 -0
package/dist/scanners/uploads/missing-constraints.js +109 -0
package/dist/scanners/uploads/public-path.d.ts +11 -0
package/dist/scanners/uploads/public-path.d.ts.map +1 -0
package/dist/scanners/uploads/public-path.js +87 -0
package/dist/scanners/validation/client-side-only.d.ts +14 -0
package/dist/scanners/validation/client-side-only.d.ts.map +1 -0
package/dist/scanners/validation/client-side-only.js +140 -0
package/dist/scanners/validation/ignored-validation.d.ts +12 -0
package/dist/scanners/validation/ignored-validation.d.ts.map +1 -0
package/dist/scanners/validation/ignored-validation.js +119 -0
package/dist/scanners/validation/index.d.ts +5 -0
package/dist/scanners/validation/index.d.ts.map +1 -0
package/dist/scanners/validation/index.js +9 -0
package/dist/utils/exclude-patterns.d.ts +35 -0
package/dist/utils/exclude-patterns.d.ts.map +1 -0
package/dist/utils/exclude-patterns.js +78 -0
package/dist/utils/file-utils.d.ts +37 -0
package/dist/utils/file-utils.d.ts.map +1 -0
package/dist/utils/file-utils.js +77 -0
package/dist/utils/fingerprint.d.ts +25 -0
package/dist/utils/fingerprint.d.ts.map +1 -0
package/dist/utils/fingerprint.js +28 -0
package/dist/utils/git-info.d.ts +14 -0
package/dist/utils/git-info.d.ts.map +1 -0
package/dist/utils/git-info.js +55 -0
package/dist/utils/index.d.ts +4 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +3 -0
package/dist/utils/progress.d.ts +42 -0
package/dist/utils/progress.d.ts.map +1 -0
package/dist/utils/progress.js +165 -0
package/dist/utils/sarif-formatter.d.ts +92 -0
package/dist/utils/sarif-formatter.d.ts.map +1 -0
package/dist/utils/sarif-formatter.js +172 -0
package/package.json +66 -0

package/dist/commands/evaluate.js ADDED Viewed

@@ -0,0 +1,258 @@
+import path from "node:path";
+import { readFileSync, fileExists, resolvePath, writeFileSync, ensureDir } from "../utils/file-utils.js";
+import { evaluate, PROFILE_NAMES, PROFILE_DESCRIPTIONS, WaiversFileSchema, PolicyConfigSchema, } from "@vibecheck/policy";
+import { validateArtifact } from "@vibecheck/schema";
+/**
+ * Load and validate scan artifact from file
+ */
+function loadArtifact(filepath) {
+    const absolutePath = resolvePath(filepath);
+    if (!fileExists(absolutePath)) {
+        throw new Error(`Artifact file not found: ${filepath}`);
+    }
+    const content = readFileSync(absolutePath);
+    if (!content) {
+        throw new Error(`Failed to read artifact file: ${filepath}`);
+    }
+    const data = JSON.parse(content);
+    // Validate the artifact
+    return validateArtifact(data);
+}
+/**
+ * Load and validate waivers file
+ */
+function loadWaivers(filepath) {
+    const absolutePath = resolvePath(filepath);
+    if (!fileExists(absolutePath)) {
+        throw new Error(`Waivers file not found: ${filepath}`);
+    }
+    const content = readFileSync(absolutePath);
+    if (!content) {
+        throw new Error(`Failed to read waivers file: ${filepath}`);
+    }
+    const data = JSON.parse(content);
+    const result = WaiversFileSchema.safeParse(data);
+    if (!result.success) {
+        throw new Error(`Invalid waivers file: ${result.error.message}`);
+    }
+    return result.data.waivers;
+}
+/**
+ * Load and validate policy config file
+ */
+function loadConfig(filepath) {
+    const absolutePath = resolvePath(filepath);
+    if (!fileExists(absolutePath)) {
+        throw new Error(`Config file not found: ${filepath}`);
+    }
+    const content = readFileSync(absolutePath);
+    if (!content) {
+        throw new Error(`Failed to read config file: ${filepath}`);
+    }
+    const data = JSON.parse(content);
+    const result = PolicyConfigSchema.safeParse(data);
+    if (!result.success) {
+        throw new Error(`Invalid config file: ${result.error.message}`);
+    }
+    return result.data;
+}
+/**
+ * Format severity for console output with color
+ */
+function formatSeverity(severity) {
+    const colors = {
+        critical: "\x1b[35m", // Magenta
+        high: "\x1b[31m", // Red
+        medium: "\x1b[33m", // Yellow
+        low: "\x1b[36m", // Cyan
+        info: "\x1b[90m", // Gray
+    };
+    const reset = "\x1b[0m";
+    return `${colors[severity]}${severity.toUpperCase()}${reset}`;
+}
+/**
+ * Format status for console output with color
+ */
+function formatStatus(status) {
+    const colors = {
+        pass: "\x1b[32m", // Green
+        warn: "\x1b[33m", // Yellow
+        fail: "\x1b[31m", // Red
+    };
+    const reset = "\x1b[0m";
+    return `${colors[status]}${status.toUpperCase()}${reset}`;
+}
+/**
+ * Print evaluation summary to console
+ */
+function printSummary(report) {
+    console.log("\n" + "=".repeat(60));
+    console.log("VibeCheck Policy Evaluation");
+    console.log("=".repeat(60));
+    console.log(`\nProfile: ${report.profileName ?? "custom"}`);
+    console.log(`Status: ${formatStatus(report.status)}`);
+    console.log(`Exit Code: ${report.exitCode}`);
+    console.log("\nSummary:");
+    console.log(`  Total active findings: ${report.summary.total}`);
+    console.log(`  Waived findings: ${report.summary.waived}`);
+    console.log(`  Ignored by override: ${report.summary.ignored}`);
+    if (report.summary.total > 0) {
+        console.log("\nBy severity:");
+        if (report.summary.bySeverity.critical > 0) {
+            console.log(`  ${formatSeverity("critical")}: ${report.summary.bySeverity.critical}`);
+        }
+        if (report.summary.bySeverity.high > 0) {
+            console.log(`  ${formatSeverity("high")}: ${report.summary.bySeverity.high}`);
+        }
+        if (report.summary.bySeverity.medium > 0) {
+            console.log(`  ${formatSeverity("medium")}: ${report.summary.bySeverity.medium}`);
+        }
+        if (report.summary.bySeverity.low > 0) {
+            console.log(`  ${formatSeverity("low")}: ${report.summary.bySeverity.low}`);
+        }
+        if (report.summary.bySeverity.info > 0) {
+            console.log(`  ${formatSeverity("info")}: ${report.summary.bySeverity.info}`);
+        }
+    }
+    // Show thresholds
+    console.log("\nThresholds:");
+    console.log(`  Fail on severity >= ${report.thresholds.failOnSeverity} (confidence >= ${report.thresholds.minConfidenceForFail})`);
+    console.log(`  Warn on severity >= ${report.thresholds.warnOnSeverity} (confidence >= ${report.thresholds.minConfidenceForWarn})`);
+    if (report.thresholds.maxFindings > 0) {
+        console.log(`  Max findings: ${report.thresholds.maxFindings}`);
+    }
+    // Show regression if present
+    if (report.regression) {
+        console.log("\nRegression:");
+        console.log(`  New findings: ${report.regression.newFindings.length}`);
+        console.log(`  Resolved findings: ${report.regression.resolvedFindings.length}`);
+        console.log(`  Severity regressions: ${report.regression.severityRegressions.length}`);
+        console.log(`  Net change: ${report.regression.netChange > 0 ? "+" : ""}${report.regression.netChange}`);
+    }
+    // Show reasons
+    if (report.reasons.length > 0) {
+        console.log("\nReasons:");
+        for (const reason of report.reasons) {
+            const statusIcon = reason.status === "fail" ? "\x1b[31m✗\x1b[0m"
+                : reason.status === "warn" ? "\x1b[33m!\x1b[0m"
+                    : "\x1b[32m✓\x1b[0m";
+            console.log(`  ${statusIcon} ${reason.message}`);
+        }
+    }
+    // Show waived findings if any
+    if (report.waivedFindings.length > 0) {
+        console.log("\nWaived findings:");
+        for (const wf of report.waivedFindings.slice(0, 5)) {
+            const expiredNote = wf.expired ? " (EXPIRED)" : "";
+            console.log(`  - [${wf.finding.ruleId}] ${wf.finding.title}${expiredNote}`);
+            console.log(`    Reason: ${wf.waiver.reason}`);
+        }
+        if (report.waivedFindings.length > 5) {
+            console.log(`  ... and ${report.waivedFindings.length - 5} more`);
+        }
+    }
+    console.log("");
+}
+/**
+ * Execute the evaluate command
+ */
+export async function executeEvaluate(options) {
+    // Load artifact
+    const artifact = loadArtifact(options.artifact);
+    // Load baseline if provided
+    let baseline;
+    if (options.baseline) {
+        baseline = loadArtifact(options.baseline);
+    }
+    // Load config if provided, otherwise use profile
+    let config;
+    if (options.config) {
+        config = loadConfig(options.config);
+    }
+    // Load waivers if provided
+    let waivers = [];
+    if (options.waivers) {
+        waivers = loadWaivers(options.waivers);
+    }
+    // Run evaluation
+    const report = evaluate({
+        artifact,
+        baseline,
+        config,
+        profile: config ? undefined : options.profile,
+        waivers,
+        artifactPath: options.artifact,
+    });
+    // Output report
+    if (options.out) {
+        const outPath = resolvePath(options.out);
+        ensureDir(path.dirname(outPath));
+        writeFileSync(outPath, JSON.stringify(report, null, 2));
+        if (!options.quiet) {
+            console.log(`Policy report written to: ${outPath}`);
+        }
+    }
+    // Print summary unless quiet mode
+    if (!options.quiet) {
+        printSummary(report);
+    }
+    else {
+        // In quiet mode, just output JSON
+        if (!options.out) {
+            console.log(JSON.stringify(report, null, 2));
+        }
+    }
+    return report.exitCode;
+}
+/**
+ * Register evaluate command with commander
+ */
+export function registerEvaluateCommand(program) {
+    program
+        .command("evaluate")
+        .description("Evaluate a scan artifact against a policy")
+        .requiredOption("-a, --artifact <path>", "Path to scan artifact (JSON)")
+        .option("-b, --baseline <path>", "Path to baseline artifact for regression detection")
+        .option("-p, --profile <name>", `Policy profile (${PROFILE_NAMES.join(", ")})`, "startup")
+        .option("-c, --config <path>", "Path to policy config file (overrides profile)")
+        .option("-w, --waivers <path>", "Path to waivers file")
+        .option("-o, --out <path>", "Output report to file")
+        .option("-q, --quiet", "JSON output only (no console summary)")
+        .addHelpText("after", `
+Profiles:
+${PROFILE_NAMES.map((name) => `  ${name}: ${PROFILE_DESCRIPTIONS[name]}`).join("\n")}
+Examples:
+  $ vibecheck evaluate -a ./vibecheck-scan.json
+  $ vibecheck evaluate -a ./scan.json -p strict
+  $ vibecheck evaluate -a ./scan.json -b ./baseline.json
+  $ vibecheck evaluate -a ./scan.json -w ./waivers.json
+  $ vibecheck evaluate -a ./scan.json -c ./policy.json
+  $ vibecheck evaluate -a ./scan.json -o ./report.json -q
+`)
+        .action(async (cmdOptions) => {
+        // Validate profile
+        const profileStr = cmdOptions.profile;
+        if (!PROFILE_NAMES.includes(profileStr)) {
+            console.error(`\x1b[31mError: Invalid profile "${profileStr}". Valid options: ${PROFILE_NAMES.join(", ")}\x1b[0m`);
+            process.exit(1);
+        }
+        const options = {
+            artifact: cmdOptions.artifact,
+            baseline: cmdOptions.baseline,
+            profile: profileStr,
+            config: cmdOptions.config,
+            waivers: cmdOptions.waivers,
+            out: cmdOptions.out,
+            quiet: Boolean(cmdOptions.quiet),
+        };
+        try {
+            const exitCode = await executeEvaluate(options);
+            process.exit(exitCode);
+        }
+        catch (error) {
+            console.error(`\x1b[31mError: ${error instanceof Error ? error.message : String(error)}\x1b[0m`);
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/explain.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { Command } from "commander";
+/**
+ * Execute the explain command
+ */
+export declare function executeExplain(artifactPath: string, options: {
+    limit: number;
+}): Promise<number>;
+/**
+ * Register explain command with commander
+ */
+export declare function registerExplainCommand(program: Command): void;
+//# sourceMappingURL=explain.d.ts.map

package/dist/commands/explain.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"explain.d.ts","sourceRoot":"","sources":["../../src/commands/explain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0MzC;;GAEG;AACH,wBAAsB,cAAc,CAClC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GACzB,OAAO,CAAC,MAAM,CAAC,CAkCjB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAU7D"}

package/dist/commands/explain.js ADDED Viewed

@@ -0,0 +1,214 @@
+import { validateArtifact, } from "@vibecheck/schema";
+import { readFileSync, resolvePath } from "../utils/file-utils.js";
+/**
+ * Format severity for console output with color
+ */
+function formatSeverity(severity) {
+    const colors = {
+        critical: "\x1b[35m", // Magenta
+        high: "\x1b[31m", // Red
+        medium: "\x1b[33m", // Yellow
+        low: "\x1b[36m", // Cyan
+        info: "\x1b[90m", // Gray
+    };
+    const reset = "\x1b[0m";
+    return `${colors[severity]}${severity.toUpperCase().padEnd(8)}${reset}`;
+}
+/**
+ * Format category for display
+ */
+function formatCategory(category) {
+    return `\x1b[34m${category}\x1b[0m`;
+}
+/**
+ * Print a horizontal divider
+ */
+function divider(char = "-", length = 70) {
+    return char.repeat(length);
+}
+/**
+ * Print artifact summary
+ */
+function printSummary(artifact) {
+    const { summary, tool, repo, generatedAt, metrics } = artifact;
+    console.log("\n" + divider("="));
+    console.log("VIBECHECK SCAN REPORT");
+    console.log(divider("="));
+    console.log(`\nTool:       ${tool.name} v${tool.version}`);
+    if (repo) {
+        console.log(`Repository: ${repo.name}`);
+        if (repo.git?.branch) {
+            console.log(`Branch:     ${repo.git.branch}`);
+        }
+        if (repo.git?.commit) {
+            console.log(`Commit:     ${repo.git.commit.slice(0, 8)}`);
+        }
+    }
+    console.log(`Generated:  ${new Date(generatedAt).toLocaleString()}`);
+    if (metrics) {
+        console.log(`\nScan Metrics:`);
+        console.log(`  Files scanned: ${metrics.filesScanned}`);
+        console.log(`  Duration:      ${metrics.scanDurationMs.toFixed(0)}ms`);
+        console.log(`  Rules run:     ${metrics.rulesExecuted}`);
+    }
+    console.log(`\n${divider()}`);
+    console.log("SUMMARY");
+    console.log(divider());
+    console.log(`\nTotal Findings: ${summary.totalFindings}`);
+    if (summary.totalFindings > 0) {
+        console.log("\nBy Severity:");
+        const severities = ["critical", "high", "medium", "low", "info"];
+        for (const sev of severities) {
+            const count = summary.bySeverity[sev];
+            if (count > 0) {
+                const bar = "\u2588".repeat(Math.min(count * 2, 40));
+                console.log(`  ${formatSeverity(sev)} ${count.toString().padStart(3)} ${bar}`);
+            }
+        }
+        console.log("\nBy Category:");
+        const categories = Object.entries(summary.byCategory)
+            .filter(([, count]) => count > 0)
+            .sort(([, a], [, b]) => b - a);
+        for (const [cat, count] of categories) {
+            console.log(`  ${formatCategory(cat.padEnd(12))} ${count}`);
+        }
+    }
+}
+/**
+ * Sort findings by severity (highest first)
+ */
+function sortBySeverity(findings) {
+    const order = {
+        critical: 4,
+        high: 3,
+        medium: 2,
+        low: 1,
+        info: 0,
+    };
+    return [...findings].sort((a, b) => order[b.severity] - order[a.severity]);
+}
+/**
+ * Print detailed finding information
+ */
+function printFinding(finding, index) {
+    console.log(`\n${divider()}`);
+    console.log(`FINDING #${index + 1}: ${finding.title}`);
+    console.log(divider());
+    console.log(`\nSeverity:   ${formatSeverity(finding.severity)}`);
+    console.log(`Category:   ${formatCategory(finding.category)}`);
+    console.log(`Rule:       ${finding.ruleId}`);
+    console.log(`Confidence: ${(finding.confidence * 100).toFixed(0)}%`);
+    console.log(`ID:         ${finding.id}`);
+    console.log(`\nDescription:`);
+    console.log(`  ${finding.description}`);
+    console.log(`\nEvidence:`);
+    for (const ev of finding.evidence) {
+        console.log(`  - ${ev.file}:${ev.startLine}-${ev.endLine}`);
+        console.log(`    ${ev.label}`);
+        if (ev.snippet) {
+            console.log(`    \x1b[90m${ev.snippet}\x1b[0m`);
+        }
+    }
+    if (finding.claim) {
+        console.log(`\nClaim:`);
+        console.log(`  Type:     ${finding.claim.type}`);
+        console.log(`  Source:   ${finding.claim.source}`);
+        console.log(`  Strength: ${finding.claim.strength}`);
+        console.log(`  Evidence: "${finding.claim.textEvidence}"`);
+    }
+    if (finding.proof) {
+        console.log(`\nProof Trace:`);
+        console.log(`  ${finding.proof.summary}`);
+        for (const node of finding.proof.nodes) {
+            const loc = node.file ? ` (${node.file}:${node.line})` : "";
+            console.log(`    [${node.kind}] ${node.label}${loc}`);
+        }
+    }
+    console.log(`\nRemediation:`);
+    console.log(`  ${finding.remediation.recommendedFix}`);
+    if (finding.remediation.patch) {
+        console.log(`\n  Suggested patch:`);
+        console.log(`  \x1b[90m${finding.remediation.patch}\x1b[0m`);
+    }
+    if (finding.links) {
+        console.log(`\nReferences:`);
+        if (finding.links.owasp) {
+            console.log(`  OWASP: ${finding.links.owasp}`);
+        }
+        if (finding.links.cwe) {
+            console.log(`  CWE:   ${finding.links.cwe}`);
+        }
+    }
+}
+/**
+ * Print top findings with details
+ */
+function printTopFindings(artifact, limit) {
+    const { findings } = artifact;
+    if (findings.length === 0) {
+        console.log("\n\x1b[32mNo findings to display.\x1b[0m");
+        return;
+    }
+    const sorted = sortBySeverity(findings);
+    const top = sorted.slice(0, limit);
+    console.log(`\n${divider("=")}`);
+    console.log(`TOP ${top.length} FINDINGS`);
+    console.log(divider("="));
+    for (let i = 0; i < top.length; i++) {
+        printFinding(top[i], i);
+    }
+    if (findings.length > limit) {
+        console.log(`\n${divider()}`);
+        console.log(`\x1b[90m... and ${findings.length - limit} more findings\x1b[0m`);
+    }
+    console.log("");
+}
+/**
+ * Execute the explain command
+ */
+export async function executeExplain(artifactPath, options) {
+    const absolutePath = resolvePath(artifactPath);
+    // Read artifact file
+    const content = readFileSync(absolutePath);
+    if (!content) {
+        console.error(`\x1b[31mError: Could not read file: ${absolutePath}\x1b[0m`);
+        return 1;
+    }
+    // Parse JSON
+    let json;
+    try {
+        json = JSON.parse(content);
+    }
+    catch {
+        console.error(`\x1b[31mError: Invalid JSON in file: ${absolutePath}\x1b[0m`);
+        return 1;
+    }
+    // Validate artifact
+    let artifact;
+    try {
+        artifact = validateArtifact(json);
+    }
+    catch (error) {
+        console.error(`\x1b[31mError: Invalid artifact format\x1b[0m`);
+        console.error(error);
+        return 1;
+    }
+    // Print report
+    printSummary(artifact);
+    printTopFindings(artifact, options.limit);
+    return 0;
+}
+/**
+ * Register explain command with commander
+ */
+export function registerExplainCommand(program) {
+    program
+        .command("explain <artifactPath>")
+        .description("Display a human-readable summary of a scan artifact")
+        .option("-l, --limit <number>", "Maximum findings to display", "5")
+        .action(async (artifactPath, options) => {
+        const limit = parseInt(options.limit, 10) || 5;
+        const exitCode = await executeExplain(artifactPath, { limit });
+        process.exit(exitCode);
+    });
+}

package/dist/commands/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export { registerScanCommand, executeScan, type ScanOptions } from "./scan.js";
+export { registerExplainCommand, executeExplain } from "./explain.js";
+export { registerDemoArtifactCommand, executeDemoArtifact } from "./demo-artifact.js";
+export { registerIntentCommand, executeIntent, type IntentOptions } from "./intent.js";
+export { registerEvaluateCommand, executeEvaluate, type EvaluateOptions } from "./evaluate.js";
+export { registerWaiversCommand } from "./waivers.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACtE,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AACvF,OAAO,EAAE,uBAAuB,EAAE,eAAe,EAAE,KAAK,eAAe,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC"}

package/dist/commands/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+export { registerScanCommand, executeScan } from "./scan.js";
+export { registerExplainCommand, executeExplain } from "./explain.js";
+export { registerDemoArtifactCommand, executeDemoArtifact } from "./demo-artifact.js";
+export { registerIntentCommand, executeIntent } from "./intent.js";
+export { registerEvaluateCommand, executeEvaluate } from "./evaluate.js";
+export { registerWaiversCommand } from "./waivers.js";

package/dist/commands/intent.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * Intent Command
+ *
+ * Generates a security intent map baseline for the codebase.
+ * Useful for tracking drift over time.
+ */
+import type { Command } from "commander";
+export interface IntentOptions {
+    out: string;
+    format: string;
+    repoName?: string;
+}
+/**
+ * Execute the intent command
+ */
+export declare function executeIntent(targetDir: string, options: IntentOptions): Promise<number>;
+/**
+ * Register intent command with commander
+ */
+export declare function registerIntentCommand(program: Command): void;
+//# sourceMappingURL=intent.d.ts.map

package/dist/commands/intent.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"intent.d.ts","sourceRoot":"","sources":["../../src/commands/intent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAqBzC,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAuCD;;GAEG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,MAAM,CAAC,CA8DjB;AA+ID;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAgB5D"}