@shakecodeslikecray/whiterose 1.0.12 → 2.0.0

package/dist/index.d.ts

@@ -647,6 +647,141 @@ declare const CodebaseUnderstanding: z.ZodObject<{
     };
 }>;
 type CodebaseUnderstanding = z.infer<typeof CodebaseUnderstanding>;
+declare const DomainType: z.ZodString;
+type DomainType = z.infer<typeof DomainType>;
+declare const RiskLevel: z.ZodEnum<["critical", "high", "medium"]>;
+type RiskLevel = z.infer<typeof RiskLevel>;
+declare const HotPath: z.ZodObject<{
+    file: z.ZodString;
+    reason: z.ZodString;
+    riskLevel: z.ZodEnum<["critical", "high", "medium"]>;
+}, "strip", z.ZodTypeAny, {
+    file: string;
+    reason: string;
+    riskLevel: "critical" | "high" | "medium";
+}, {
+    file: string;
+    reason: string;
+    riskLevel: "critical" | "high" | "medium";
+}>;
+type HotPath = z.infer<typeof HotPath>;
+declare const CustomPassConfig: z.ZodObject<{
+    id: z.ZodString;
+    phase: z.ZodEnum<["unit", "integration", "e2e"]>;
+    category: z.ZodString;
+    description: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    description: string;
+    category: string;
+    phase: "unit" | "integration" | "e2e";
+}, {
+    id: string;
+    description: string;
+    category: string;
+    phase: "unit" | "integration" | "e2e";
+}>;
+type CustomPassConfig = z.infer<typeof CustomPassConfig>;
+declare const SkipReason: z.ZodObject<{
+    passName: z.ZodString;
+    reason: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    passName: string;
+    reason: string;
+}, {
+    passName: string;
+    reason: string;
+}>;
+type SkipReason = z.infer<typeof SkipReason>;
+declare const RiskProfile: z.ZodObject<{
+    version: z.ZodString;
+    generatedAt: z.ZodString;
+    domains: z.ZodArray<z.ZodString, "many">;
+    sensitiveDataTypes: z.ZodArray<z.ZodString, "many">;
+    externalDependencies: z.ZodArray<z.ZodString, "many">;
+    hotPaths: z.ZodArray<z.ZodObject<{
+        file: z.ZodString;
+        reason: z.ZodString;
+        riskLevel: z.ZodEnum<["critical", "high", "medium"]>;
+    }, "strip", z.ZodTypeAny, {
+        file: string;
+        reason: string;
+        riskLevel: "critical" | "high" | "medium";
+    }, {
+        file: string;
+        reason: string;
+        riskLevel: "critical" | "high" | "medium";
+    }>, "many">;
+    customPasses: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        phase: z.ZodEnum<["unit", "integration", "e2e"]>;
+        category: z.ZodString;
+        description: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        description: string;
+        category: string;
+        phase: "unit" | "integration" | "e2e";
+    }, {
+        id: string;
+        description: string;
+        category: string;
+        phase: "unit" | "integration" | "e2e";
+    }>, "many">;
+    skippedPasses: z.ZodArray<z.ZodObject<{
+        passName: z.ZodString;
+        reason: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        passName: string;
+        reason: string;
+    }, {
+        passName: string;
+        reason: string;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    version: string;
+    generatedAt: string;
+    domains: string[];
+    sensitiveDataTypes: string[];
+    externalDependencies: string[];
+    hotPaths: {
+        file: string;
+        reason: string;
+        riskLevel: "critical" | "high" | "medium";
+    }[];
+    customPasses: {
+        id: string;
+        description: string;
+        category: string;
+        phase: "unit" | "integration" | "e2e";
+    }[];
+    skippedPasses: {
+        passName: string;
+        reason: string;
+    }[];
+}, {
+    version: string;
+    generatedAt: string;
+    domains: string[];
+    sensitiveDataTypes: string[];
+    externalDependencies: string[];
+    hotPaths: {
+        file: string;
+        reason: string;
+        riskLevel: "critical" | "high" | "medium";
+    }[];
+    customPasses: {
+        id: string;
+        description: string;
+        category: string;
+        phase: "unit" | "integration" | "e2e";
+    }[];
+    skippedPasses: {
+        passName: string;
+        reason: string;
+    }[];
+}>;
+type RiskProfile = z.infer<typeof RiskProfile>;
 declare const FileHash: z.ZodObject<{
     path: z.ZodString;
     hash: z.ZodString;
@@ -1249,6 +1384,7 @@ interface ScanContext {
     understanding: CodebaseUnderstanding;
     staticResults: StaticFinding[];
     config?: WhiteroseConfig;
+    riskProfile?: RiskProfile;
 }
 interface ScanProgress {
     onPhaseStart?: (phase: string, passCount: number) => void;
@@ -1317,6 +1453,14 @@ declare class CoreScanner {
      * Build E2E pass jobs - these see static + unit + integration findings
      */
     private buildE2EPassJobs;
+    /**
+     * Build custom pass jobs from risk profile
+     */
+    private buildCustomPassJobs;
+    /**
+     * Boost confidence for custom pass findings (targeted = higher signal-to-noise)
+     */
+    private boostCustomPassConfidence;
     private buildQuickScanPrompt;
     private parseResponse;
     private parseBugData;
@@ -1636,4 +1780,4 @@ declare function analyzeSmells(cwd: string): Promise<CodeSmell[]>;
  */
 declare function getSmellsSummary(cwd: string): Promise<string>;
 
-export { type AdversarialResult, BehavioralContract, Bug, BugCategory, BugSeverity, BugStatus, CacheState, CodePathStep, CodebaseUnderstanding, ConfidenceLevel, ConfidenceScore, CoreScanner, FeatureIntent, FileHash, FindingKind, type GitStatus, MonorepoConfig, type MonorepoInfo, type Package, PackageConfig, PriorityLevel, type PromptExecutor, type PromptOptions, type PromptResult, ProviderType, ScanMeta, ScanResult, ScanSummary, SeverityBreakdown, type StaticAnalysisResult, WhiteroseConfig, analyzeContracts, analyzeCrossFile, analyzeSmells, applyFix, batchFix, buildDependencyGraph, commitFix, createFixBranch, dependsOn, detectMonorepo, detectProvider, findCircularDependencies, generateIntentDocument, getAvailableExecutors, getChangedFiles, getCommandEffectsSummary, getContractSummary, getCrossPackageDependencies, getCurrentBranch, getDependentFiles, getDiff, getExecutor, getFileAtHead, getGitStatus, getImportsOf, getPackageFiles, getPackageForFile, getSmellsSummary, getStagedDiff, groupFilesByPackage, hasUncommittedChanges, isGitRepo, isProviderAvailable, loadConfig, loadUnderstanding, mergeIntentWithUnderstanding, outputMarkdown, outputSarif, parseIntentDocument, popStash, resetFile, runStaticAnalysis, saveConfig, scanCodebase, stashChanges };
+export { type AdversarialResult, BehavioralContract, Bug, BugCategory, BugSeverity, BugStatus, CacheState, CodePathStep, CodebaseUnderstanding, ConfidenceLevel, ConfidenceScore, CoreScanner, CustomPassConfig, DomainType, FeatureIntent, FileHash, FindingKind, type GitStatus, HotPath, MonorepoConfig, type MonorepoInfo, type Package, PackageConfig, PriorityLevel, type PromptExecutor, type PromptOptions, type PromptResult, ProviderType, RiskLevel, RiskProfile, ScanMeta, ScanResult, ScanSummary, SeverityBreakdown, SkipReason, type StaticAnalysisResult, WhiteroseConfig, analyzeContracts, analyzeCrossFile, analyzeSmells, applyFix, batchFix, buildDependencyGraph, commitFix, createFixBranch, dependsOn, detectMonorepo, detectProvider, findCircularDependencies, generateIntentDocument, getAvailableExecutors, getChangedFiles, getCommandEffectsSummary, getContractSummary, getCrossPackageDependencies, getCurrentBranch, getDependentFiles, getDiff, getExecutor, getFileAtHead, getGitStatus, getImportsOf, getPackageFiles, getPackageForFile, getSmellsSummary, getStagedDiff, groupFilesByPackage, hasUncommittedChanges, isGitRepo, isProviderAvailable, loadConfig, loadUnderstanding, mergeIntentWithUnderstanding, outputMarkdown, outputSarif, parseIntentDocument, popStash, resetFile, runStaticAnalysis, saveConfig, scanCodebase, stashChanges };

package/dist/index.js

@@ -191,6 +191,33 @@ var CodebaseUnderstanding = z.object({
     packages: z.array(z.string()).optional()
   })
 });
+var DomainType = z.string();
+var RiskLevel = z.enum(["critical", "high", "medium"]);
+var HotPath = z.object({
+  file: z.string(),
+  reason: z.string(),
+  riskLevel: RiskLevel
+});
+var CustomPassConfig = z.object({
+  id: z.string(),
+  phase: z.enum(["unit", "integration", "e2e"]),
+  category: z.string(),
+  description: z.string()
+});
+var SkipReason = z.object({
+  passName: z.string(),
+  reason: z.string()
+});
+var RiskProfile = z.object({
+  version: z.string(),
+  generatedAt: z.string().datetime(),
+  domains: z.array(DomainType),
+  sensitiveDataTypes: z.array(z.string()),
+  externalDependencies: z.array(z.string()),
+  hotPaths: z.array(HotPath),
+  customPasses: z.array(CustomPassConfig),
+  skippedPasses: z.array(SkipReason)
+});
 var FileHash = z.object({
   path: z.string(),
   hash: z.string(),
@@ -1675,6 +1702,67 @@ IMPORTANT:
 - If unsure, report it with confidence="low"
 - Aim for thoroughness - finding 10 potential issues is better than finding 0 confirmed bugs`;
 }
+function buildCustomPassPrompt(customPass, ctx) {
+  const { projectType, framework, language, totalFiles } = ctx;
+  const staticSection = ctx.staticFindings?.length ? `
+## STATIC ANALYSIS SIGNALS
+${ctx.staticFindings.slice(0, 15).map((f) => `- ${f.tool}: ${f.file}:${f.line} - ${f.message}`).join("\n")}
+` : "";
+  return `You are a security specialist performing a TARGETED analysis: ${customPass.id.toUpperCase()}.
+
+## YOUR SINGLE MISSION
+${customPass.description}
+
+## PROJECT CONTEXT
+- Type: ${projectType}
+- Framework: ${framework || "Unknown"}
+- Language: ${language}
+- Size: ${totalFiles} files
+${staticSection}
+## METHODOLOGY
+
+1. Search the codebase for patterns relevant to: ${customPass.category}
+2. Read files that match and analyze for the specific issues described above
+3. Trace data flow to confirm the issue is real
+4. Report all confirmed and suspected issues
+
+## REPORTING FORMAT
+
+When you find an issue:
+
+<json>
+{
+  "type": "bug",
+  "data": {
+    "file": "src/path/to/file.ts",
+    "line": 42,
+    "endLine": 45,
+    "title": "Short description of the issue",
+    "description": "Explanation of why this is problematic and potential impact.",
+    "kind": "bug|smell",
+    "category": "${customPass.category}",
+    "severity": "critical|high|medium|low",
+    "confidence": "high|medium|low",
+    "evidence": [
+      "Evidence point 1",
+      "Evidence point 2"
+    ],
+    "suggestedFix": "Optional: how to fix it"
+  }
+}
+</json>
+
+Progress updates:
+###SCANNING:path/to/file.ts
+
+When done:
+###COMPLETE
+
+## BEGIN
+
+Search for ${customPass.id} patterns. Read files that match. Report issues as you find them.
+This is a TARGETED pass - focus exclusively on: ${customPass.description}`;
+}
 
 // src/providers/prompts/constants.ts
 var PROJECT_TYPES_PROMPT = `PROJECT TYPE OPTIONS (pick the best fit):
@@ -2640,38 +2728,68 @@ var CoreScanner = class {
     const startTime = Date.now();
     this.passErrors = [];
     const pipeline = getFullAnalysisPipeline();
-    const unitPasses = pipeline[0].passes;
-    const integrationPasses = pipeline[1].passes;
-    const e2ePasses = pipeline[2].passes;
-    const totalPasses = unitPasses.length + integrationPasses.length + e2ePasses.length;
+    let unitPasses = pipeline[0].passes;
+    let integrationPasses = pipeline[1].passes;
+    let e2ePasses = pipeline[2].passes;
+    const rp = context.riskProfile;
+    const skippedNames = new Set(rp?.skippedPasses.map((s) => s.passName) || []);
+    const customUnitPasses = rp?.customPasses.filter((p) => p.phase === "unit") || [];
+    const customIntegrationPasses = rp?.customPasses.filter((p) => p.phase === "integration") || [];
+    const customE2EPasses = rp?.customPasses.filter((p) => p.phase === "e2e") || [];
+    if (skippedNames.size > 0) {
+      unitPasses = unitPasses.filter((p) => !skippedNames.has(p));
+      integrationPasses = integrationPasses.filter((p) => !skippedNames.has(p));
+      e2ePasses = e2ePasses.filter((p) => !skippedNames.has(p));
+    }
+    const totalStandard = unitPasses.length + integrationPasses.length + e2ePasses.length;
+    const totalCustom = customUnitPasses.length + customIntegrationPasses.length + customE2EPasses.length;
+    const totalPasses = totalStandard + totalCustom;
     this.report(`
 \u2550\u2550\u2550\u2550 CORE SCANNER (PIPELINE MODE) \u2550\u2550\u2550\u2550`);
     this.report(`  Provider: ${this.executor.name}`);
-    this.report(`  Passes: ${totalPasses} (${unitPasses.length} unit \u2192 ${integrationPasses.length} integration \u2192 ${e2ePasses.length} E2E)`);
+    this.report(`  Passes: ${totalPasses} (${unitPasses.length + customUnitPasses.length} unit \u2192 ${integrationPasses.length + customIntegrationPasses.length} integration \u2192 ${e2ePasses.length + customE2EPasses.length} E2E)`);
+    if (totalCustom > 0) {
+      this.report(`  Risk profile: ${totalCustom} custom passes, ${skippedNames.size} skipped`);
+    }
     this.report(`  Findings flow: Unit \u2192 Integration \u2192 E2E`);
     let globalBugIndex = 0;
     this.report(`
 \u2550\u2550\u2550\u2550 PHASE 1: UNIT ANALYSIS \u2550\u2550\u2550\u2550`);
     this.report(`  Looking for: injection, null refs, auth bypass, etc.`);
+    const customUnitJobs = this.buildCustomPassJobs(context, customUnitPasses);
+    const customUnitFindings = await this.runPassBatch(customUnitJobs, cwd, context.files, globalBugIndex);
+    this.boostCustomPassConfidence(customUnitFindings);
+    globalBugIndex += customUnitFindings.length;
     const unitJobs = this.buildUnitPassJobs(context, unitPasses);
-    const unitFindings = await this.runPassBatch(unitJobs, cwd, context.files, globalBugIndex);
-    globalBugIndex += unitFindings.length;
+    const standardUnitFindings = await this.runPassBatch(unitJobs, cwd, context.files, globalBugIndex);
+    globalBugIndex += standardUnitFindings.length;
+    const unitFindings = [...customUnitFindings, ...standardUnitFindings];
     this.report(`  Phase 1 complete: ${unitFindings.length} findings`);
     this.report(`
 \u2550\u2550\u2550\u2550 PHASE 2: INTEGRATION ANALYSIS \u2550\u2550\u2550\u2550`);
     this.report(`  Building on ${unitFindings.length} unit findings`);
     this.report(`  Looking for: auth flows, data flows, trust boundaries`);
+    const customIntJobs = this.buildCustomPassJobs(context, customIntegrationPasses);
+    const customIntFindings = await this.runPassBatch(customIntJobs, cwd, context.files, globalBugIndex);
+    this.boostCustomPassConfidence(customIntFindings);
+    globalBugIndex += customIntFindings.length;
     const integrationJobs = this.buildIntegrationPassJobs(context, integrationPasses, unitFindings);
-    const integrationFindings = await this.runPassBatch(integrationJobs, cwd, context.files, globalBugIndex);
-    globalBugIndex += integrationFindings.length;
+    const standardIntFindings = await this.runPassBatch(integrationJobs, cwd, context.files, globalBugIndex);
+    globalBugIndex += standardIntFindings.length;
+    const integrationFindings = [...customIntFindings, ...standardIntFindings];
     this.report(`  Phase 2 complete: ${integrationFindings.length} findings`);
     this.report(`
 \u2550\u2550\u2550\u2550 PHASE 3: E2E ANALYSIS \u2550\u2550\u2550\u2550`);
     this.report(`  Building on ${unitFindings.length} unit + ${integrationFindings.length} integration findings`);
     this.report(`  Looking for: attack chains, privilege escalation, session bugs`);
+    const customE2EJobs = this.buildCustomPassJobs(context, customE2EPasses);
+    const customE2EFindings = await this.runPassBatch(customE2EJobs, cwd, context.files, globalBugIndex);
+    this.boostCustomPassConfidence(customE2EFindings);
+    globalBugIndex += customE2EFindings.length;
     const allPreviousFindings = [...unitFindings, ...integrationFindings];
     const e2eJobs = this.buildE2EPassJobs(context, e2ePasses, allPreviousFindings);
-    const e2eFindings = await this.runPassBatch(e2eJobs, cwd, context.files, globalBugIndex);
+    const standardE2EFindings = await this.runPassBatch(e2eJobs, cwd, context.files, globalBugIndex);
+    const e2eFindings = [...customE2EFindings, ...standardE2EFindings];
     this.report(`  Phase 3 complete: ${e2eFindings.length} findings`);
     this.report(`
 \u2550\u2550\u2550\u2550 POST-PROCESSING \u2550\u2550\u2550\u2550`);
@@ -2977,6 +3095,37 @@ var CoreScanner = class {
     }
     return jobs;
   }
+  /**
+   * Build custom pass jobs from risk profile
+   */
+  buildCustomPassJobs(context, customPasses) {
+    const jobs = [];
+    const { understanding, staticResults } = context;
+    for (const customPass of customPasses) {
+      jobs.push({
+        name: customPass.id,
+        prompt: buildCustomPassPrompt(customPass, {
+          pass: { name: customPass.id, category: customPass.category, description: customPass.description},
+          projectType: understanding.summary.type,
+          framework: understanding.summary.framework || "",
+          language: understanding.summary.language,
+          totalFiles: understanding.structure.totalFiles,
+          staticFindings: staticResults
+        })
+      });
+    }
+    return jobs;
+  }
+  /**
+   * Boost confidence for custom pass findings (targeted = higher signal-to-noise)
+   */
+  boostCustomPassConfidence(bugs) {
+    for (const bug of bugs) {
+      if (bug.confidence.overall === "medium") {
+        bug.confidence.overall = "high";
+      }
+    }
+  }
   buildQuickScanPrompt(context) {
     const { understanding, staticResults, files } = context;
     const staticSignals = staticResults.length > 0 ? `
@@ -5556,6 +5705,6 @@ async function getSmellsSummary(cwd) {
   return lines.join("\n");
 }
 
-export { BehavioralContract, Bug, BugCategory, BugSeverity, BugStatus, CacheState, CodePathStep, CodebaseUnderstanding, ConfidenceLevel, ConfidenceScore, CoreScanner, FeatureIntent, FileHash, FindingKind, MonorepoConfig, PackageConfig, PriorityLevel, ProviderType, ScanMeta, ScanResult, ScanSummary, SeverityBreakdown, WhiteroseConfig, analyzeContracts, analyzeCrossFile, analyzeSmells, applyFix, batchFix, buildDependencyGraph, commitFix, createFixBranch, dependsOn, detectMonorepo, detectProvider, findCircularDependencies, generateIntentDocument, getAvailableExecutors, getChangedFiles, getCommandEffectsSummary, getContractSummary, getCrossPackageDependencies, getCurrentBranch, getDependentFiles2 as getDependentFiles, getDiff, getExecutor, getFileAtHead, getGitStatus, getImportsOf, getPackageFiles, getPackageForFile, getSmellsSummary, getStagedDiff, groupFilesByPackage, hasUncommittedChanges, isGitRepo, isProviderAvailable, loadConfig, loadUnderstanding, mergeIntentWithUnderstanding, outputMarkdown, outputSarif, parseIntentDocument, popStash, resetFile, runStaticAnalysis, saveConfig, scanCodebase, stashChanges };
+export { BehavioralContract, Bug, BugCategory, BugSeverity, BugStatus, CacheState, CodePathStep, CodebaseUnderstanding, ConfidenceLevel, ConfidenceScore, CoreScanner, CustomPassConfig, DomainType, FeatureIntent, FileHash, FindingKind, HotPath, MonorepoConfig, PackageConfig, PriorityLevel, ProviderType, RiskLevel, RiskProfile, ScanMeta, ScanResult, ScanSummary, SeverityBreakdown, SkipReason, WhiteroseConfig, analyzeContracts, analyzeCrossFile, analyzeSmells, applyFix, batchFix, buildDependencyGraph, commitFix, createFixBranch, dependsOn, detectMonorepo, detectProvider, findCircularDependencies, generateIntentDocument, getAvailableExecutors, getChangedFiles, getCommandEffectsSummary, getContractSummary, getCrossPackageDependencies, getCurrentBranch, getDependentFiles2 as getDependentFiles, getDiff, getExecutor, getFileAtHead, getGitStatus, getImportsOf, getPackageFiles, getPackageForFile, getSmellsSummary, getStagedDiff, groupFilesByPackage, hasUncommittedChanges, isGitRepo, isProviderAvailable, loadConfig, loadUnderstanding, mergeIntentWithUnderstanding, outputMarkdown, outputSarif, parseIntentDocument, popStash, resetFile, runStaticAnalysis, saveConfig, scanCodebase, stashChanges };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map