@shakecodeslikecray/whiterose 0.2.6 → 1.0.0

package/dist/index.d.ts

@@ -2,7 +2,9 @@ import { z } from 'zod';
 
 declare const BugSeverity: z.ZodEnum<["critical", "high", "medium", "low"]>;
 type BugSeverity = z.infer<typeof BugSeverity>;
-declare const BugCategory: z.ZodEnum<["logic-error", "security", "async-race-condition", "edge-case", "null-reference", "type-coercion", "resource-leak", "intent-violation"]>;
+declare const FindingKind: z.ZodEnum<["bug", "smell"]>;
+type FindingKind = z.infer<typeof FindingKind>;
+declare const BugCategory: z.ZodEnum<["injection", "auth-bypass", "secrets-exposure", "null-reference", "boundary-error", "resource-leak", "async-issue", "logic-error", "data-validation", "type-coercion", "concurrency", "intent-violation"]>;
 type BugCategory = z.infer<typeof BugCategory>;
 declare const ConfidenceLevel: z.ZodEnum<["high", "medium", "low"]>;
 type ConfidenceLevel = z.infer<typeof ConfidenceLevel>;
@@ -49,6 +51,8 @@ declare const CodePathStep: z.ZodObject<{
     explanation: string;
 }>;
 type CodePathStep = z.infer<typeof CodePathStep>;
+declare const BugStatus: z.ZodEnum<["open", "fixed", "false-positive", "wont-fix"]>;
+type BugStatus = z.infer<typeof BugStatus>;
 declare const Bug: z.ZodObject<{
     id: z.ZodString;
     title: z.ZodString;
@@ -56,8 +60,9 @@ declare const Bug: z.ZodObject<{
     file: z.ZodString;
     line: z.ZodNumber;
     endLine: z.ZodOptional<z.ZodNumber>;
+    kind: z.ZodDefault<z.ZodEnum<["bug", "smell"]>>;
     severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
-    category: z.ZodEnum<["logic-error", "security", "async-race-condition", "edge-case", "null-reference", "type-coercion", "resource-leak", "intent-violation"]>;
+    category: z.ZodEnum<["injection", "auth-bypass", "secrets-exposure", "null-reference", "boundary-error", "resource-leak", "async-issue", "logic-error", "data-validation", "type-coercion", "concurrency", "intent-violation"]>;
     confidence: z.ZodObject<{
         overall: z.ZodEnum<["high", "medium", "low"]>;
         codePathValidity: z.ZodNumber;
@@ -104,14 +109,20 @@ declare const Bug: z.ZodObject<{
     relatedContract: z.ZodOptional<z.ZodString>;
     staticAnalysisSignals: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     createdAt: z.ZodString;
+    status: z.ZodDefault<z.ZodEnum<["open", "fixed", "false-positive", "wont-fix"]>>;
+    fixedAt: z.ZodOptional<z.ZodString>;
+    fixCommit: z.ZodOptional<z.ZodString>;
+    passName: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
+    status: "open" | "fixed" | "false-positive" | "wont-fix";
     file: string;
     line: number;
     id: string;
     title: string;
     description: string;
+    kind: "bug" | "smell";
     severity: "critical" | "high" | "medium" | "low";
-    category: "logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation";
+    category: "injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation";
     confidence: {
         overall: "high" | "medium" | "low";
         codePathValidity: number;
@@ -133,6 +144,9 @@ declare const Bug: z.ZodObject<{
     suggestedFix?: string | undefined;
     relatedContract?: string | undefined;
     staticAnalysisSignals?: string[] | undefined;
+    fixedAt?: string | undefined;
+    fixCommit?: string | undefined;
+    passName?: string | undefined;
 }, {
     file: string;
     line: number;
@@ -140,7 +154,7 @@ declare const Bug: z.ZodObject<{
     title: string;
     description: string;
     severity: "critical" | "high" | "medium" | "low";
-    category: "logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation";
+    category: "injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation";
     confidence: {
         overall: "high" | "medium" | "low";
         codePathValidity: number;
@@ -158,10 +172,15 @@ declare const Bug: z.ZodObject<{
     }[];
     evidence: string[];
     createdAt: string;
+    status?: "open" | "fixed" | "false-positive" | "wont-fix" | undefined;
     endLine?: number | undefined;
+    kind?: "bug" | "smell" | undefined;
     suggestedFix?: string | undefined;
     relatedContract?: string | undefined;
     staticAnalysisSignals?: string[] | undefined;
+    fixedAt?: string | undefined;
+    fixCommit?: string | undefined;
+    passName?: string | undefined;
 }>;
 type Bug = z.infer<typeof Bug>;
 declare const ProviderType: z.ZodEnum<["claude-code", "aider", "codex", "opencode", "ollama", "gemini"]>;
@@ -231,7 +250,7 @@ declare const WhiteroseConfig: z.ZodObject<{
     include: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
     exclude: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
     priorities: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodEnum<["critical", "high", "medium", "low", "ignore"]>>>;
-    categories: z.ZodDefault<z.ZodArray<z.ZodEnum<["logic-error", "security", "async-race-condition", "edge-case", "null-reference", "type-coercion", "resource-leak", "intent-violation"]>, "many">>;
+    categories: z.ZodDefault<z.ZodArray<z.ZodEnum<["injection", "auth-bypass", "secrets-exposure", "null-reference", "boundary-error", "resource-leak", "async-issue", "logic-error", "data-validation", "type-coercion", "concurrency", "intent-violation"]>, "many">>;
     minConfidence: z.ZodDefault<z.ZodEnum<["high", "medium", "low"]>>;
     monorepo: z.ZodOptional<z.ZodObject<{
         detection: z.ZodEnum<["auto", "explicit"]>;
@@ -303,7 +322,7 @@ declare const WhiteroseConfig: z.ZodObject<{
     version: string;
     provider: "claude-code" | "aider" | "codex" | "opencode" | "ollama" | "gemini";
     priorities: Record<string, "critical" | "high" | "medium" | "low" | "ignore">;
-    categories: ("logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation")[];
+    categories: ("injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation")[];
     minConfidence: "high" | "medium" | "low";
     staticAnalysis: {
         typescript: boolean;
@@ -333,7 +352,7 @@ declare const WhiteroseConfig: z.ZodObject<{
     provider?: "claude-code" | "aider" | "codex" | "opencode" | "ollama" | "gemini" | undefined;
     providerFallback?: ("claude-code" | "aider" | "codex" | "opencode" | "ollama" | "gemini")[] | undefined;
     priorities?: Record<string, "critical" | "high" | "medium" | "low" | "ignore"> | undefined;
-    categories?: ("logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation")[] | undefined;
+    categories?: ("injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation")[] | undefined;
     minConfidence?: "high" | "medium" | "low" | undefined;
     monorepo?: {
         detection: "auto" | "explicit";
@@ -679,12 +698,6 @@ declare const CacheState: z.ZodObject<{
     lastIncrementalScan?: string | undefined;
 }>;
 type CacheState = z.infer<typeof CacheState>;
-interface AnalysisContext {
-    files: string[];
-    understanding: CodebaseUnderstanding;
-    config: WhiteroseConfig;
-    staticAnalysisResults: StaticAnalysisResult[];
-}
 interface StaticAnalysisResult {
     tool: 'typescript' | 'eslint';
     file: string;
@@ -693,14 +706,6 @@ interface StaticAnalysisResult {
     severity: 'error' | 'warning' | 'info';
     code?: string;
 }
-interface LLMProvider {
-    name: ProviderType;
-    detect(): Promise<boolean>;
-    isAvailable(): Promise<boolean>;
-    analyze(context: AnalysisContext): Promise<Bug[]>;
-    adversarialValidate(bug: Bug, context: AnalysisContext): Promise<AdversarialResult>;
-    generateUnderstanding(files: string[], existingDocsSummary?: string): Promise<CodebaseUnderstanding>;
-}
 interface AdversarialResult {
     survived: boolean;
     counterArguments: string[];
@@ -720,8 +725,9 @@ declare const ScanResult: z.ZodObject<{
         file: z.ZodString;
         line: z.ZodNumber;
         endLine: z.ZodOptional<z.ZodNumber>;
+        kind: z.ZodDefault<z.ZodEnum<["bug", "smell"]>>;
         severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
-        category: z.ZodEnum<["logic-error", "security", "async-race-condition", "edge-case", "null-reference", "type-coercion", "resource-leak", "intent-violation"]>;
+        category: z.ZodEnum<["injection", "auth-bypass", "secrets-exposure", "null-reference", "boundary-error", "resource-leak", "async-issue", "logic-error", "data-validation", "type-coercion", "concurrency", "intent-violation"]>;
         confidence: z.ZodObject<{
             overall: z.ZodEnum<["high", "medium", "low"]>;
             codePathValidity: z.ZodNumber;
@@ -768,14 +774,20 @@ declare const ScanResult: z.ZodObject<{
         relatedContract: z.ZodOptional<z.ZodString>;
         staticAnalysisSignals: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
         createdAt: z.ZodString;
+        status: z.ZodDefault<z.ZodEnum<["open", "fixed", "false-positive", "wont-fix"]>>;
+        fixedAt: z.ZodOptional<z.ZodString>;
+        fixCommit: z.ZodOptional<z.ZodString>;
+        passName: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
+        status: "open" | "fixed" | "false-positive" | "wont-fix";
         file: string;
         line: number;
         id: string;
         title: string;
         description: string;
+        kind: "bug" | "smell";
         severity: "critical" | "high" | "medium" | "low";
-        category: "logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation";
+        category: "injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation";
         confidence: {
             overall: "high" | "medium" | "low";
             codePathValidity: number;
@@ -797,6 +809,9 @@ declare const ScanResult: z.ZodObject<{
         suggestedFix?: string | undefined;
         relatedContract?: string | undefined;
         staticAnalysisSignals?: string[] | undefined;
+        fixedAt?: string | undefined;
+        fixCommit?: string | undefined;
+        passName?: string | undefined;
     }, {
         file: string;
         line: number;
@@ -804,7 +819,7 @@ declare const ScanResult: z.ZodObject<{
         title: string;
         description: string;
         severity: "critical" | "high" | "medium" | "low";
-        category: "logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation";
+        category: "injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation";
         confidence: {
             overall: "high" | "medium" | "low";
             codePathValidity: number;
@@ -822,10 +837,15 @@ declare const ScanResult: z.ZodObject<{
         }[];
         evidence: string[];
         createdAt: string;
+        status?: "open" | "fixed" | "false-positive" | "wont-fix" | undefined;
         endLine?: number | undefined;
+        kind?: "bug" | "smell" | undefined;
         suggestedFix?: string | undefined;
         relatedContract?: string | undefined;
         staticAnalysisSignals?: string[] | undefined;
+        fixedAt?: string | undefined;
+        fixCommit?: string | undefined;
+        passName?: string | undefined;
     }>, "many">;
     summary: z.ZodObject<{
         critical: z.ZodNumber;
@@ -833,18 +853,24 @@ declare const ScanResult: z.ZodObject<{
         medium: z.ZodNumber;
         low: z.ZodNumber;
         total: z.ZodNumber;
+        bugs: z.ZodNumber;
+        smells: z.ZodNumber;
     }, "strip", z.ZodTypeAny, {
         critical: number;
         high: number;
         medium: number;
         low: number;
+        bugs: number;
         total: number;
+        smells: number;
     }, {
         critical: number;
         high: number;
         medium: number;
         low: number;
+        bugs: number;
         total: number;
+        smells: number;
     }>;
 }, "strip", z.ZodTypeAny, {
     id: string;
@@ -853,20 +879,24 @@ declare const ScanResult: z.ZodObject<{
         high: number;
         medium: number;
         low: number;
+        bugs: number;
         total: number;
+        smells: number;
     };
     duration: number;
     timestamp: string;
     scanType: "full" | "incremental";
     filesScanned: number;
     bugs: {
+        status: "open" | "fixed" | "false-positive" | "wont-fix";
         file: string;
         line: number;
         id: string;
         title: string;
         description: string;
+        kind: "bug" | "smell";
         severity: "critical" | "high" | "medium" | "low";
-        category: "logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation";
+        category: "injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation";
         confidence: {
             overall: "high" | "medium" | "low";
             codePathValidity: number;
@@ -888,6 +918,9 @@ declare const ScanResult: z.ZodObject<{
         suggestedFix?: string | undefined;
         relatedContract?: string | undefined;
         staticAnalysisSignals?: string[] | undefined;
+        fixedAt?: string | undefined;
+        fixCommit?: string | undefined;
+        passName?: string | undefined;
     }[];
     filesChanged?: number | undefined;
 }, {
@@ -897,7 +930,9 @@ declare const ScanResult: z.ZodObject<{
         high: number;
         medium: number;
         low: number;
+        bugs: number;
         total: number;
+        smells: number;
     };
     duration: number;
     timestamp: string;
@@ -910,7 +945,7 @@ declare const ScanResult: z.ZodObject<{
         title: string;
         description: string;
         severity: "critical" | "high" | "medium" | "low";
-        category: "logic-error" | "security" | "async-race-condition" | "edge-case" | "null-reference" | "type-coercion" | "resource-leak" | "intent-violation";
+        category: "injection" | "auth-bypass" | "secrets-exposure" | "null-reference" | "boundary-error" | "resource-leak" | "async-issue" | "logic-error" | "data-validation" | "type-coercion" | "concurrency" | "intent-violation";
         confidence: {
             overall: "high" | "medium" | "low";
             codePathValidity: number;
@@ -928,10 +963,15 @@ declare const ScanResult: z.ZodObject<{
         }[];
         evidence: string[];
         createdAt: string;
+        status?: "open" | "fixed" | "false-positive" | "wont-fix" | undefined;
         endLine?: number | undefined;
+        kind?: "bug" | "smell" | undefined;
         suggestedFix?: string | undefined;
         relatedContract?: string | undefined;
         staticAnalysisSignals?: string[] | undefined;
+        fixedAt?: string | undefined;
+        fixCommit?: string | undefined;
+        passName?: string | undefined;
     }[];
     filesChanged?: number | undefined;
 }>;
@@ -942,83 +982,148 @@ declare function loadUnderstanding(cwd: string): Promise<CodebaseUnderstanding |
 declare function saveConfig(cwd: string, config: WhiteroseConfig): Promise<void>;
 
 declare function scanCodebase(cwd: string, config?: WhiteroseConfig): Promise<string[]>;
-declare function getChangedFiles(cwd: string, config: WhiteroseConfig): Promise<{
+declare function getChangedFiles(cwd: string, config: WhiteroseConfig, options?: {
+    writeCache?: boolean;
+}): Promise<{
     files: string[];
     hashes: FileHash[];
+    state: CacheState;
 }>;
 declare function getDependentFiles(changedFiles: string[], cwd: string, allFiles?: string[]): Promise<string[]>;
 
-type ProgressCallback = (message: string) => void;
-type BugFoundCallback = (bug: Bug) => void;
-declare class ClaudeCodeProvider implements LLMProvider {
-    name: ProviderType;
-    private progressCallback?;
-    private bugFoundCallback?;
-    private currentProcess?;
-    private unsafeMode;
-    detect(): Promise<boolean>;
+/**
+ * Core Scanner - LSP-Compliant Architecture
+ *
+ * Scanning logic lives HERE, not in providers.
+ * Providers are just "dumb prompt executors".
+ *
+ * This ensures all providers get the same 19-pass scanning,
+ * batching, deduplication, and merging logic.
+ */
+
+interface PromptOptions {
+    cwd: string;
+    timeout?: number;
+}
+interface PromptResult {
+    output: string;
+    error?: string;
+}
+/**
+ * Minimal interface that ALL providers must implement.
+ * No scanning logic - just execute prompts and return results.
+ */
+interface PromptExecutor {
+    name: string;
     isAvailable(): Promise<boolean>;
+    runPrompt(prompt: string, options: PromptOptions): Promise<PromptResult>;
+}
+interface ScannerConfig {
+    batchSize: number;
+    batchDelayMs: number;
+    passTimeoutMs: number;
+}
+interface StaticFinding {
+    tool: string;
+    file: string;
+    line: number;
+    message: string;
+    severity: string;
+}
+interface ScanContext {
+    files: string[];
+    understanding: CodebaseUnderstanding;
+    staticResults: StaticFinding[];
+    config?: WhiteroseConfig;
+}
+interface ScanProgress {
+    onPhaseStart?: (phase: string, passCount: number) => void;
+    onPassStart?: (passName: string) => void;
+    onPassComplete?: (passName: string, bugCount: number) => void;
+    onPassError?: (passName: string, error: string) => void;
+    onBugFound?: (bug: Bug) => void;
+    onProgress?: (message: string) => void;
+}
+declare class CoreScanner {
+    private executor;
+    private config;
+    private progress;
+    constructor(executor: PromptExecutor, config?: Partial<ScannerConfig>, progress?: ScanProgress);
+    /**
+     * Run a thorough 19-pass scan with findings flowing through pipeline:
+     *
+     * Static Analysis → Unit Passes → Integration Passes → E2E Passes
+     *                        ↓              ↓                  ↓
+     *                   unitFindings → integrationFindings → e2eFindings
+     *                        └──────────────┴─────────────────┘
+     *                                       ↓
+     *                              Combined + Deduped
+     */
+    scan(context: ScanContext): Promise<Bug[]>;
     /**
-     * Enable unsafe mode (--dangerously-skip-permissions).
-     * WARNING: This bypasses Claude's permission prompts and should only be used
-     * when you trust the codebase being analyzed.
+     * Run a batch of passes in parallel (within a phase)
+     */
+    private runPassBatch;
+    /**
+     * Run a quick single-pass scan
+     */
+    quickScan(context: ScanContext): Promise<Bug[]>;
+    /**
+     * Generate codebase understanding (for init/refresh commands)
+     * Uses the LLM to analyze project structure and extract features
      */
-    setUnsafeMode(enabled: boolean): void;
-    isUnsafeMode(): boolean;
-    setProgressCallback(callback: ProgressCallback): void;
-    setBugFoundCallback(callback: BugFoundCallback): void;
-    private reportProgress;
-    private reportBug;
-    cancel(): void;
-    analyze(context: AnalysisContext): Promise<Bug[]>;
-    adversarialValidate(bug: Bug, _context: AnalysisContext): Promise<AdversarialResult>;
     generateUnderstanding(files: string[], existingDocsSummary?: string): Promise<CodebaseUnderstanding>;
-    private buildAgenticAnalysisPrompt;
-    private buildAgenticUnderstandingPrompt;
-    private buildAdversarialPrompt;
-    private runAgenticClaude;
-    private processAgentOutput;
-    private streamBuffer;
-    private fullResponseBuffer;
-    private processTextContent;
-    private tryExtractUnderstandingJson;
-    private tryExtractBugsJson;
-    private runSimpleClaude;
-    private parseBugData;
-    private parseAdversarialResponse;
-    private parseUnderstandingResponse;
-    private extractJson;
-    private findBalancedJson;
-}
-
-declare class AiderProvider implements LLMProvider {
-    name: ProviderType;
-    detect(): Promise<boolean>;
-    isAvailable(): Promise<boolean>;
-    analyze(context: AnalysisContext): Promise<Bug[]>;
-    adversarialValidate(bug: Bug, _context: AnalysisContext): Promise<AdversarialResult>;
-    generateUnderstanding(files: string[], _existingDocsSummary?: string): Promise<CodebaseUnderstanding>;
-    private readFilesWithLimit;
-    private prioritizeFiles;
-    private buildAnalysisPrompt;
-    private buildAdversarialPrompt;
-    private buildUnderstandingPrompt;
-    private runAider;
-    private parseAnalysisResponse;
-    private parseAdversarialResponse;
+    /**
+     * Parse understanding response from LLM
+     */
     private parseUnderstandingResponse;
-    private extractJson;
+    private parseFeaturePriority;
+    /**
+     * Build unit pass jobs - these only see static analysis results
+     */
+    private buildUnitPassJobs;
+    /**
+     * Build integration pass jobs - these see static + unit findings
+     */
+    private buildIntegrationPassJobs;
+    /**
+     * Build E2E pass jobs - these see static + unit + integration findings
+     */
+    private buildE2EPassJobs;
+    private buildQuickScanPrompt;
+    private parseResponse;
+    private parseBugData;
+    private deduplicateBugs;
+    private mergeSimilarBugs;
+    private report;
+    private delay;
     private parseSeverity;
     private parseCategory;
     private parseConfidence;
+    private confidenceToNum;
+    private severityToNum;
 }
 
-declare function getProvider(name: ProviderType): Promise<LLMProvider>;
+/**
+ * Provider Executors - Simple prompt execution implementations
+ *
+ * All executors implement the PromptExecutor interface.
+ * No scanning logic - just run prompts and return results.
+ */
+
+/**
+ * Get a prompt executor by provider name
+ */
+declare function getExecutor(name: ProviderType): PromptExecutor;
+/**
+ * Get all available executors
+ */
+declare function getAvailableExecutors(): Promise<PromptExecutor[]>;
 
 declare function detectProvider(): Promise<ProviderType[]>;
 declare function isProviderAvailable(name: ProviderType): Promise<boolean>;
 
-declare function runStaticAnalysis(cwd: string, files: string[], config: WhiteroseConfig): Promise<StaticAnalysisResult[]>;
+declare function runStaticAnalysis(cwd: string, files: string[], config?: WhiteroseConfig): Promise<StaticAnalysisResult[]>;
 
 interface SarifResult {
     $schema: string;
@@ -1050,6 +1155,7 @@ interface SarifRule {
     };
     properties: {
         category: string;
+        kind?: string;
     };
 }
 interface SarifResultItem {
@@ -1061,6 +1167,7 @@ interface SarifResultItem {
     };
     locations: SarifLocation[];
     codeFlows?: SarifCodeFlow[];
+    properties?: Record<string, any>;
 }
 interface SarifLocation {
     physicalLocation: {
@@ -1112,7 +1219,21 @@ interface FixResult {
     diff?: string;
     error?: string;
     branchName?: string;
+    commitHash?: string;
+    falsePositive?: boolean;
+    falsePositiveReason?: string;
 }
+/**
+ * Apply a fix to a bug using an agentic approach.
+ *
+ * Instead of generating a fix and applying it ourselves, we give the bug
+ * details to the LLM provider and let it explore the code and fix it directly.
+ * This produces much better fixes because the LLM can:
+ * - Read related files for context
+ * - Understand the codebase architecture
+ * - Make multi-file changes if needed
+ * - Verify the fix makes sense
+ */
 declare function applyFix(bug: Bug, config: WhiteroseConfig, options: FixOptions): Promise<FixResult>;
 declare function batchFix(bugs: Bug[], config: WhiteroseConfig, options: FixOptions): Promise<Map<string, FixResult>>;
 
@@ -1191,4 +1312,100 @@ declare function groupFilesByPackage(files: string[], packages: Package[]): Map<
  */
 declare function getCrossPackageDependencies(packages: Package[]): Promise<Map<string, string[]>>;
 
-export { type AdversarialResult, AiderProvider, type AnalysisContext, BehavioralContract, Bug, BugCategory, BugSeverity, CacheState, ClaudeCodeProvider, CodePathStep, CodebaseUnderstanding, ConfidenceLevel, ConfidenceScore, FeatureIntent, FileHash, type GitStatus, type LLMProvider, MonorepoConfig, type MonorepoInfo, type Package, PackageConfig, PriorityLevel, ProviderType, ScanResult, type StaticAnalysisResult, WhiteroseConfig, applyFix, batchFix, buildDependencyGraph, commitFix, createFixBranch, dependsOn, detectMonorepo, detectProvider, findCircularDependencies, generateIntentDocument, getChangedFiles, getCrossPackageDependencies, getCurrentBranch, getDependentFiles, getDiff, getFileAtHead, getGitStatus, getImportsOf, getPackageFiles, getPackageForFile, getProvider, getStagedDiff, groupFilesByPackage, hasUncommittedChanges, isGitRepo, isProviderAvailable, loadConfig, loadUnderstanding, mergeIntentWithUnderstanding, outputMarkdown, outputSarif, parseIntentDocument, popStash, resetFile, runStaticAnalysis, saveConfig, scanCodebase, stashChanges };
+/**
+ * Cross-File Analyzer
+ *
+ * Detects bugs that span multiple files/commands:
+ * - Incomplete features (scan writes to A,B,C but clear only clears A)
+ * - State mismatches (command X expects state that command Y doesn't set)
+ * - Orphaned operations (writes without corresponding cleanup)
+ *
+ * This catches bugs that single-file analysis misses.
+ */
+
+/**
+ * Run cross-file analysis and return bugs
+ */
+declare function analyzeCrossFile(cwd: string): Promise<Bug[]>;
+/**
+ * Get summary of command effects for debugging
+ */
+declare function getCommandEffectsSummary(cwd: string): Promise<string>;
+
+/**
+ * Contract Analyzer
+ *
+ * Detects bugs related to:
+ * - Missing error recovery (write without rollback on failure)
+ * - Missing validation (parse without verify)
+ * - Missing post-conditions (fix without verify it works)
+ * - Transaction atomicity violations (multi-step operations that can fail partially)
+ *
+ * This extends the cross-file analyzer to catch behavioral bugs.
+ */
+
+/**
+ * Run contract analysis and return bugs
+ */
+declare function analyzeContracts(cwd: string): Promise<Bug[]>;
+/**
+ * Get summary of contract violations for debugging
+ */
+declare function getContractSummary(cwd: string): Promise<string>;
+
+/**
+ * Code Smells Analyzer
+ *
+ * Detects patterns that indicate poor code quality and are PROBABLE CAUSES for future bugs.
+ * These are NOT bugs themselves, but maintainability issues that increase bug risk.
+ *
+ * Categories based on Martin Fowler's Refactoring catalog + TypeScript-specific patterns:
+ *
+ * 1. BLOATERS - Code that grows too large
+ *    - Long Method, Large Class, Long Parameter List, Data Clumps
+ *
+ * 2. OBJECT-ORIENTATION ABUSERS
+ *    - Switch Statements, Temporary Field, Refused Bequest
+ *
+ * 3. CHANGE PREVENTERS - Make changes ripple through codebase
+ *    - Divergent Change, Shotgun Surgery, Parallel Inheritance
+ *
+ * 4. DISPENSABLES - Unnecessary elements
+ *    - Dead Code, Duplicate Code, Speculative Generality, Comments as Deodorant
+ *
+ * 5. COUPLERS - Excessive interdependence
+ *    - Feature Envy, Message Chains, Middle Man
+ *
+ * 6. TYPESCRIPT-SPECIFIC
+ *    - Excessive 'any', 'as' assertions, Missing error handling
+ *
+ * 7. MAGIC VALUES
+ *    - Hardcoded constants, Magic numbers/strings
+ *
+ * Sources:
+ * - https://refactoring.guru/refactoring/smells
+ * - https://ducin.dev/typescript-anti-patterns
+ * - https://www.mdpi.com/2078-2489/9/11/273
+ */
+interface CodeSmell {
+    type: SmellCategory;
+    name: string;
+    title: string;
+    description: string;
+    file: string;
+    line: number;
+    evidence: string[];
+    impact: 'high' | 'medium' | 'low';
+    refactoring: string;
+}
+type SmellCategory = 'bloater' | 'oo-abuser' | 'change-preventer' | 'dispensable' | 'coupler' | 'typescript-smell' | 'magic-value';
+/**
+ * Run code smells analysis and return findings
+ */
+declare function analyzeSmells(cwd: string): Promise<CodeSmell[]>;
+/**
+ * Get summary of code smells for reporting
+ */
+declare function getSmellsSummary(cwd: string): Promise<string>;
+
+export { type AdversarialResult, BehavioralContract, Bug, BugCategory, BugSeverity, BugStatus, CacheState, CodePathStep, CodebaseUnderstanding, ConfidenceLevel, ConfidenceScore, CoreScanner, FeatureIntent, FileHash, FindingKind, type GitStatus, MonorepoConfig, type MonorepoInfo, type Package, PackageConfig, PriorityLevel, type PromptExecutor, type PromptOptions, type PromptResult, ProviderType, ScanResult, type StaticAnalysisResult, WhiteroseConfig, analyzeContracts, analyzeCrossFile, analyzeSmells, applyFix, batchFix, buildDependencyGraph, commitFix, createFixBranch, dependsOn, detectMonorepo, detectProvider, findCircularDependencies, generateIntentDocument, getAvailableExecutors, getChangedFiles, getCommandEffectsSummary, getContractSummary, getCrossPackageDependencies, getCurrentBranch, getDependentFiles, getDiff, getExecutor, getFileAtHead, getGitStatus, getImportsOf, getPackageFiles, getPackageForFile, getSmellsSummary, getStagedDiff, groupFilesByPackage, hasUncommittedChanges, isGitRepo, isProviderAvailable, loadConfig, loadUnderstanding, mergeIntentWithUnderstanding, outputMarkdown, outputSarif, parseIntentDocument, popStash, resetFile, runStaticAnalysis, saveConfig, scanCodebase, stashChanges };