@shipsafe/cli 0.1.0

package/dist/src/github/scanner.d.ts

@@ -0,0 +1,20 @@
+import type { ScanResult } from '../types.js';
+export interface PrScanOptions {
+    repoFullName: string;
+    prNumber: number;
+    headSha: string;
+    baseSha: string;
+    installationId: number;
+}
+/**
+ * Get changed files in a PR and scan them.
+ *
+ * 1. Fetches list of changed files via GitHub API
+ * 2. Downloads content of each changed file
+ * 3. Writes them to a temp directory
+ * 4. Runs pattern engine scan
+ * 5. Cleans up temp directory
+ * 6. Returns scan result
+ */
+export declare function scanPullRequest(options: PrScanOptions): Promise<ScanResult>;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/src/github/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../../src/github/scanner.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAI9C,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;CACxB;AASD;;;;;;;;;GASG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAkDjF"}

package/dist/src/github/scanner.js

@@ -0,0 +1,78 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { tmpdir } from 'node:os';
+import { getInstallationToken, githubApi } from './api.js';
+import { runPatternEngine } from '../engines/pattern/index.js';
+/**
+ * Get changed files in a PR and scan them.
+ *
+ * 1. Fetches list of changed files via GitHub API
+ * 2. Downloads content of each changed file
+ * 3. Writes them to a temp directory
+ * 4. Runs pattern engine scan
+ * 5. Cleans up temp directory
+ * 6. Returns scan result
+ */
+export async function scanPullRequest(options) {
+    const token = await getInstallationToken(options.installationId);
+    // 1. Fetch changed files
+    const files = await fetchChangedFiles(options.repoFullName, options.prNumber, token);
+    // Filter out deleted files — nothing to scan
+    const filesToScan = files.filter((f) => f.status !== 'removed');
+    if (filesToScan.length === 0) {
+        return {
+            status: 'pass',
+            score: 'A',
+            findings: [],
+            scan_duration_ms: 0,
+        };
+    }
+    // 2. Create temp directory
+    const tmpDir = await fs.mkdtemp(path.join(tmpdir(), 'shipsafe-pr-'));
+    try {
+        // 3. Download and write each file
+        const filePaths = [];
+        for (const file of filesToScan) {
+            const content = await fetchFileContent(options.repoFullName, file.filename, options.headSha, token);
+            const filePath = path.join(tmpDir, file.filename);
+            await fs.mkdir(path.dirname(filePath), { recursive: true });
+            await fs.writeFile(filePath, content, 'utf-8');
+            filePaths.push(file.filename);
+        }
+        // 4. Run pattern engine scan on the temp directory
+        const result = await runPatternEngine({
+            targetPath: tmpDir,
+            scope: 'all',
+            stagedFiles: filePaths,
+        });
+        return result;
+    }
+    finally {
+        // 5. Clean up temp directory
+        await fs.rm(tmpDir, { recursive: true, force: true });
+    }
+}
+/**
+ * Fetch the list of files changed in a PR.
+ */
+async function fetchChangedFiles(repoFullName, prNumber, token) {
+    const result = (await githubApi(`/repos/${repoFullName}/pulls/${prNumber}/files`, {
+        token,
+    }));
+    return result;
+}
+/**
+ * Fetch the raw content of a file at a specific commit SHA.
+ */
+async function fetchFileContent(repoFullName, filePath, sha, token) {
+    const result = (await githubApi(`/repos/${repoFullName}/contents/${filePath}?ref=${sha}`, {
+        token,
+    }));
+    if (result.content && result.encoding === 'base64') {
+        return Buffer.from(result.content, 'base64').toString('utf-8');
+    }
+    // Fallback: try raw download
+    const rawResult = (await githubApi(`https://raw.githubusercontent.com/${repoFullName}/${sha}/${filePath}`, { token }));
+    return rawResult;
+}
+//# sourceMappingURL=scanner.js.map

package/dist/src/github/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../src/github/scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAiB/D;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAsB;IAC1D,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAEjE,yBAAyB;IACzB,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAErF,6CAA6C;IAC7C,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAEhE,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,gBAAgB,EAAE,CAAC;SACpB,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,kCAAkC;QAClC,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CACpC,OAAO,CAAC,YAAY,EACpB,IAAI,CAAC,QAAQ,EACb,OAAO,CAAC,OAAO,EACf,KAAK,CACN,CAAC;YAEF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5D,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;QAED,mDAAmD;QACnD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;YACpC,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,SAAS;SACvB,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,6BAA6B;QAC7B,MAAM,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAC9B,YAAoB,EACpB,QAAgB,EAChB,KAAa;IAEb,MAAM,MAAM,GAAG,CAAC,MAAM,SAAS,CAAC,UAAU,YAAY,UAAU,QAAQ,QAAQ,EAAE;QAChF,KAAK;KACN,CAAC,CAAa,CAAC;IAEhB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,YAAoB,EACpB,QAAgB,EAChB,GAAW,EACX,KAAa;IAEb,MAAM,MAAM,GAAG,CAAC,MAAM,SAAS,CAC7B,UAAU,YAAY,aAAa,QAAQ,QAAQ,GAAG,EAAE,EACxD;QACE,KAAK;KACN,CACF,CAA4C,CAAC;IAE9C,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACnD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACjE,CAAC;IAED,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,MAAM,SAAS,CAChC,qCAAqC,YAAY,IAAI,GAAG,IAAI,QAAQ,EAAE,EACtE,EAAE,KAAK,EAAE,CACV,CAAW,CAAC;IAEb,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/src/github/webhook.d.ts

@@ -0,0 +1,39 @@
+export interface WebhookEvent {
+    action: string;
+    pull_request: {
+        number: number;
+        head: {
+            sha: string;
+            ref: string;
+        };
+        base: {
+            sha: string;
+            ref: string;
+        };
+    };
+    repository: {
+        full_name: string;
+        clone_url: string;
+    };
+    installation: {
+        id: number;
+    };
+}
+/**
+ * Verify a GitHub webhook signature using HMAC-SHA256.
+ * Compares the computed signature against the provided one using timing-safe comparison.
+ */
+export declare function verifyWebhookSignature(payload: string, signature: string, secret: string): boolean;
+/**
+ * Process a GitHub webhook event.
+ *
+ * Flow:
+ * 1. Verify webhook signature
+ * 2. If action is 'opened' or 'synchronize':
+ *    a. Create a pending check run via GitHub Checks API
+ *    b. Scan the PR diff
+ *    c. Post check run result (pass/fail with findings summary)
+ * 3. Ignore other actions
+ */
+export declare function handleWebhook(event: WebhookEvent, signature: string, secret: string): Promise<void>;
+//# sourceMappingURL=webhook.d.ts.map

package/dist/src/github/webhook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook.d.ts","sourceRoot":"","sources":["../../../src/github/webhook.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,IAAI,EAAE;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;KACpC,CAAC;IACF,UAAU,EAAE;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,YAAY,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9B;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAaT;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,YAAY,EACnB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAqDf"}

package/dist/src/github/webhook.js

@@ -0,0 +1,80 @@
+import { createHmac, timingSafeEqual } from 'node:crypto';
+import { createCheckRun, completeCheckRun } from './checks.js';
+import { scanPullRequest } from './scanner.js';
+/**
+ * Verify a GitHub webhook signature using HMAC-SHA256.
+ * Compares the computed signature against the provided one using timing-safe comparison.
+ */
+export function verifyWebhookSignature(payload, signature, secret) {
+    const computed = 'sha256=' + createHmac('sha256', secret).update(payload).digest('hex');
+    // Both must have the same length for timingSafeEqual
+    if (computed.length !== signature.length) {
+        return false;
+    }
+    try {
+        return timingSafeEqual(Buffer.from(computed), Buffer.from(signature));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Process a GitHub webhook event.
+ *
+ * Flow:
+ * 1. Verify webhook signature
+ * 2. If action is 'opened' or 'synchronize':
+ *    a. Create a pending check run via GitHub Checks API
+ *    b. Scan the PR diff
+ *    c. Post check run result (pass/fail with findings summary)
+ * 3. Ignore other actions
+ */
+export async function handleWebhook(event, signature, secret) {
+    // 1. Verify signature
+    const payload = JSON.stringify(event);
+    if (!verifyWebhookSignature(payload, signature, secret)) {
+        throw new Error('Invalid webhook signature');
+    }
+    // 2. Only process PR opened and synchronize events
+    if (event.action !== 'opened' && event.action !== 'synchronize') {
+        return;
+    }
+    const { pull_request: pr, repository, installation } = event;
+    // 2a. Create a pending check run
+    const checkRunId = await createCheckRun({
+        repoFullName: repository.full_name,
+        headSha: pr.head.sha,
+        installationId: installation.id,
+    });
+    try {
+        // 2b. Scan the PR diff
+        const scanResult = await scanPullRequest({
+            repoFullName: repository.full_name,
+            prNumber: pr.number,
+            headSha: pr.head.sha,
+            baseSha: pr.base.sha,
+            installationId: installation.id,
+        });
+        // 2c. Determine conclusion and post result
+        const conclusion = scanResult.status === 'fail' ? 'failure' : 'success';
+        await completeCheckRun({
+            repoFullName: repository.full_name,
+            checkRunId,
+            installationId: installation.id,
+            conclusion,
+            findings: scanResult.findings,
+        });
+    }
+    catch (err) {
+        // If scanning fails, mark the check as neutral with an error message
+        await completeCheckRun({
+            repoFullName: repository.full_name,
+            checkRunId,
+            installationId: installation.id,
+            conclusion: 'neutral',
+            findings: [],
+        });
+        throw err;
+    }
+}
+//# sourceMappingURL=webhook.js.map

package/dist/src/github/webhook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook.js","sourceRoot":"","sources":["../../../src/github/webhook.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAgB/C;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,SAAiB,EACjB,MAAc;IAEd,MAAM,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAExF,qDAAqD;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAmB,EACnB,SAAiB,EACjB,MAAc;IAEd,sBAAsB;IACtB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,CAAC,sBAAsB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,mDAAmD;IACnD,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QAChE,OAAO;IACT,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,EAAE,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,KAAK,CAAC;IAE7D,iCAAiC;IACjC,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC;QACtC,YAAY,EAAE,UAAU,CAAC,SAAS;QAClC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG;QACpB,cAAc,EAAE,YAAY,CAAC,EAAE;KAChC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,uBAAuB;QACvB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC;YACvC,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,QAAQ,EAAE,EAAE,CAAC,MAAM;YACnB,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG;YACpB,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG;YACpB,cAAc,EAAE,YAAY,CAAC,EAAE;SAChC,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAExE,MAAM,gBAAgB,CAAC;YACrB,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,UAAU;YACV,cAAc,EAAE,YAAY,CAAC,EAAE;YAC/B,UAAU;YACV,QAAQ,EAAE,UAAU,CAAC,QAAQ;SAC9B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,qEAAqE;QACrE,MAAM,gBAAgB,CAAC;YACrB,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,UAAU;YACV,cAAc,EAAE,YAAY,CAAC,EAAE;YAC/B,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;QAEH,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/src/hooks/installer.d.ts

@@ -0,0 +1,4 @@
+export declare function installHooks(projectDir?: string): Promise<void>;
+export declare function uninstallHooks(projectDir?: string): Promise<void>;
+export declare function checkHooksInstalled(projectDir?: string): Promise<boolean>;
+//# sourceMappingURL=installer.d.ts.map

package/dist/src/hooks/installer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"installer.d.ts","sourceRoot":"","sources":["../../../src/hooks/installer.ts"],"names":[],"mappings":"AAuEA,wBAAsB,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BrE;AAED,wBAAsB,cAAc,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsCvE;AAED,wBAAsB,mBAAmB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAiB/E"}

package/dist/src/hooks/installer.js

@@ -0,0 +1,146 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { HOOK_MARKER } from '../constants.js';
+const PRE_COMMIT_HOOK = `#!/bin/sh
+${HOOK_MARKER}
+# ShipSafe pre-commit hook — scans staged files before commit
+
+SHIPSAFE=\$(command -v shipsafe 2>/dev/null)
+if [ -z "\$SHIPSAFE" ]; then
+  SHIPSAFE="npx shipsafe"
+fi
+
+echo "ShipSafe: Scanning staged files..."
+\$SHIPSAFE scan --scope staged
+
+EXIT_CODE=\$?
+if [ \$EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "ShipSafe: Critical/high security issues found. Fix before committing."
+  echo "To bypass (not recommended): git commit --no-verify"
+  exit 1
+fi
+
+exit 0
+`;
+const PRE_PUSH_HOOK = `#!/bin/sh
+${HOOK_MARKER}
+# ShipSafe pre-push hook — runs full scan before push
+
+SHIPSAFE=\$(command -v shipsafe 2>/dev/null)
+if [ -z "\$SHIPSAFE" ]; then
+  SHIPSAFE="npx shipsafe"
+fi
+
+echo "ShipSafe: Running full scan before push..."
+\$SHIPSAFE scan --scope all
+
+EXIT_CODE=\$?
+if [ \$EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "ShipSafe: Critical/high security issues found. Fix before pushing."
+  echo "To bypass (not recommended): git push --no-verify"
+  exit 1
+fi
+
+exit 0
+`;
+const HOOKS = [
+    { name: 'pre-commit', content: PRE_COMMIT_HOOK },
+    { name: 'pre-push', content: PRE_PUSH_HOOK },
+];
+async function getHooksDir(projectDir) {
+    const gitDir = path.join(projectDir, '.git');
+    try {
+        const stat = await fs.stat(gitDir);
+        if (!stat.isDirectory()) {
+            throw new Error('Not a git repository');
+        }
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            throw new Error('Not a git repository');
+        }
+        throw err;
+    }
+    return path.join(gitDir, 'hooks');
+}
+export async function installHooks(projectDir) {
+    const dir = projectDir ?? process.cwd();
+    const hooksDir = await getHooksDir(dir);
+    await fs.mkdir(hooksDir, { recursive: true });
+    for (const hook of HOOKS) {
+        const hookPath = path.join(hooksDir, hook.name);
+        const backupPath = path.join(hooksDir, `${hook.name}.pre-shipsafe`);
+        // Check if hook file already exists
+        let existingContent = null;
+        try {
+            existingContent = await fs.readFile(hookPath, 'utf-8');
+        }
+        catch {
+            // File doesn't exist, that's fine
+        }
+        if (existingContent !== null && !existingContent.includes(HOOK_MARKER)) {
+            // Existing non-ShipSafe hook — back it up
+            await fs.writeFile(backupPath, existingContent);
+        }
+        // Write the ShipSafe hook
+        await fs.writeFile(hookPath, hook.content, { mode: 0o755 });
+    }
+}
+export async function uninstallHooks(projectDir) {
+    const dir = projectDir ?? process.cwd();
+    let hooksDir;
+    try {
+        hooksDir = await getHooksDir(dir);
+    }
+    catch {
+        // Not a git repo or no .git dir — nothing to uninstall
+        return;
+    }
+    for (const hook of HOOKS) {
+        const hookPath = path.join(hooksDir, hook.name);
+        const backupPath = path.join(hooksDir, `${hook.name}.pre-shipsafe`);
+        // Check if current hook is a ShipSafe hook
+        let content = null;
+        try {
+            content = await fs.readFile(hookPath, 'utf-8');
+        }
+        catch {
+            // Hook doesn't exist, skip
+            continue;
+        }
+        if (content !== null && content.includes(HOOK_MARKER)) {
+            // Remove the ShipSafe hook
+            await fs.unlink(hookPath);
+            // Restore backup if it exists
+            try {
+                const backup = await fs.readFile(backupPath, 'utf-8');
+                await fs.writeFile(hookPath, backup, { mode: 0o755 });
+                await fs.unlink(backupPath);
+            }
+            catch {
+                // No backup to restore, that's fine
+            }
+        }
+    }
+}
+export async function checkHooksInstalled(projectDir) {
+    const dir = projectDir ?? process.cwd();
+    let hooksDir;
+    try {
+        hooksDir = await getHooksDir(dir);
+    }
+    catch {
+        return false;
+    }
+    const preCommitPath = path.join(hooksDir, 'pre-commit');
+    try {
+        const content = await fs.readFile(preCommitPath, 'utf-8');
+        return content.includes(HOOK_MARKER);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=installer.js.map

package/dist/src/hooks/installer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"installer.js","sourceRoot":"","sources":["../../../src/hooks/installer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,MAAM,eAAe,GAAG;EACtB,WAAW;;;;;;;;;;;;;;;;;;;;CAoBZ,CAAC;AAEF,MAAM,aAAa,GAAG;EACpB,WAAW;;;;;;;;;;;;;;;;;;;;CAoBZ,CAAC;AAEF,MAAM,KAAK,GAA6C;IACtD,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,eAAe,EAAE;IAChD,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE;CAC7C,CAAC;AAEF,KAAK,UAAU,WAAW,CAAC,UAAkB;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAmB;IACpD,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;IAExC,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,IAAI,eAAe,CAAC,CAAC;QAEpE,oCAAoC;QACpC,IAAI,eAAe,GAAkB,IAAI,CAAC;QAC1C,IAAI,CAAC;YACH,eAAe,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QAED,IAAI,eAAe,KAAK,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACvE,0CAA0C;YAC1C,MAAM,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QAClD,CAAC;QAED,0BAA0B;QAC1B,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,UAAmB;IACtD,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAExC,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;QACvD,OAAO;IACT,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,IAAI,eAAe,CAAC,CAAC;QAEpE,2CAA2C;QAC3C,IAAI,OAAO,GAAkB,IAAI,CAAC;QAClC,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;YAC3B,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACtD,2BAA2B;YAC3B,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAE1B,8BAA8B;YAC9B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBACtD,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBACtD,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,oCAAoC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAmB;IAC3D,MAAM,GAAG,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAExC,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/src/mcp/server.d.ts

@@ -0,0 +1,2 @@
+export declare function startMcpServer(): Promise<void>;
+//# sourceMappingURL=server.d.ts.map

package/dist/src/mcp/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/mcp/server.ts"],"names":[],"mappings":"AAWA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CA8HpD"}

package/dist/src/mcp/server.js

@@ -0,0 +1,96 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+import { handleScan } from './tools/scan.js';
+import { handleStatus } from './tools/status.js';
+import { handleGraphQuery } from './tools/graph-query.js';
+import { handleProductionErrors } from './tools/production-errors.js';
+import { handleFix } from './tools/fix.js';
+import { handleVerifyResolution } from './tools/verify-resolution.js';
+import { handleCheckPackage } from './tools/check-package.js';
+export async function startMcpServer() {
+    const server = new McpServer({
+        name: 'shipsafe',
+        version: '0.1.0',
+    });
+    // Register shipsafe_scan tool
+    server.tool('shipsafe_scan', 'Run security scan on the current project. Checks for vulnerabilities, hardcoded secrets, and dependency CVEs.', {
+        scope: z.string().optional().describe('Scan scope: staged (default), all, or file:<path>'),
+        fix: z.boolean().optional().describe('Attempt auto-fix (default: false)'),
+    }, async (params) => {
+        const result = await handleScan(params);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    // Register shipsafe_status tool
+    server.tool('shipsafe_status', 'Get current project security status, hook state, and scanner availability.', async () => {
+        const result = await handleStatus();
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    // Register shipsafe_graph_query tool
+    server.tool('shipsafe_graph_query', 'Query the project knowledge graph for callers, callees, attack paths, blast radius, or missing auth chains.', {
+        query_type: z.enum(['callers', 'callees', 'data_flow', 'attack_paths', 'blast_radius', 'auth_chain'])
+            .describe('Type of graph query to run'),
+        target: z.string().optional()
+            .describe('Target function name (required for callers, callees, data_flow, blast_radius)'),
+        depth: z.number().optional()
+            .describe('Max traversal depth (default: 3 for callers/callees, 5 for data_flow)'),
+    }, async (params) => {
+        const result = await handleGraphQuery({
+            query_type: params.query_type,
+            target: params.target,
+            depth: params.depth,
+        });
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    // Register shipsafe_production_errors tool
+    server.tool('shipsafe_production_errors', 'Fetch queued production errors for this project. Returns errors with stack traces, root causes, and suggested fixes.', {
+        severity: z.enum(['all', 'critical', 'high', 'medium', 'low']).optional()
+            .describe('Filter by severity (default: all)'),
+        status: z.enum(['open', 'resolved', 'all']).optional()
+            .describe('Filter by status (default: open)'),
+    }, async (params) => {
+        const result = await handleProductionErrors({
+            severity: params.severity,
+            status: params.status,
+        });
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    // Register shipsafe_fix tool
+    server.tool('shipsafe_fix', 'Apply a fix for a scan finding. For hardcoded secrets, moves them to .env automatically. For other findings, returns the suggestion.', {
+        finding_id: z.string().describe('The ID of the finding to fix (from shipsafe_scan results)'),
+        strategy: z.enum(['suggested', 'custom']).optional()
+            .describe('Fix strategy: suggested (default) or custom'),
+    }, async (params) => {
+        const result = await handleFix({
+            finding_id: params.finding_id,
+            strategy: params.strategy,
+        });
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    // Register shipsafe_verify_resolution tool
+    server.tool('shipsafe_verify_resolution', 'Check if a production error has been resolved or is still recurring.', {
+        error_id: z.string().describe('The ID of the production error to check'),
+    }, async (params) => {
+        const result = await handleVerifyResolution({
+            error_id: params.error_id,
+        });
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    // Register shipsafe_check_package tool
+    server.tool('shipsafe_check_package', 'Vet an npm package before installing. Checks for typosquatting, maintenance status, license compatibility, and known vulnerabilities.', {
+        name: z.string().describe('Package name to check'),
+        version: z.string().optional().describe('Specific version to check (default: latest)'),
+        registry: z.enum(['npm', 'pip', 'cargo']).optional()
+            .describe('Package registry (default: npm, only npm currently supported)'),
+    }, async (params) => {
+        const result = await handleCheckPackage({
+            name: params.name,
+            version: params.version,
+            registry: params.registry,
+        });
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+//# sourceMappingURL=server.js.map

package/dist/src/mcp/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,8BAA8B;IAC9B,MAAM,CAAC,IAAI,CACT,eAAe,EACf,+GAA+G,EAC/G;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mDAAmD,CAAC;QAC1F,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;KAC1E,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;QACxC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,gCAAgC;IAChC,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,4EAA4E,EAC5E,KAAK,IAAI,EAAE;QACT,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QACpC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,qCAAqC;IACrC,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,6GAA6G,EAC7G;QACE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;aAClG,QAAQ,CAAC,4BAA4B,CAAC;QACzC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;aAC1B,QAAQ,CAAC,+EAA+E,CAAC;QAC5F,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;aACzB,QAAQ,CAAC,uEAAuE,CAAC;KACrF,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;YACpC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CACT,4BAA4B,EAC5B,sHAAsH,EACtH;QACE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;aACtE,QAAQ,CAAC,mCAAmC,CAAC;QAChD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;aACnD,QAAQ,CAAC,kCAAkC,CAAC;KAChD,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC;YAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,6BAA6B;IAC7B,MAAM,CAAC,IAAI,CACT,cAAc,EACd,sIAAsI,EACtI;QACE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2DAA2D,CAAC;QAC5F,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE;aACjD,QAAQ,CAAC,6CAA6C,CAAC;KAC3D,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CACT,4BAA4B,EAC5B,sEAAsE,EACtE;QACE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;KACzE,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC;YAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,uCAAuC;IACvC,MAAM,CAAC,IAAI,CACT,wBAAwB,EACxB,uIAAuI,EACvI;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAClD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QACtF,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;aACjD,QAAQ,CAAC,+DAA+D,CAAC;KAC7E,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;YACtC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC,CACF,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC"}

package/dist/src/mcp/tools/check-package.d.ts

@@ -0,0 +1,30 @@
+export interface CheckPackageParams {
+    name: string;
+    version?: string;
+    registry?: 'npm' | 'pip' | 'cargo';
+}
+export interface CheckPackageResult {
+    name: string;
+    version: string;
+    safe: boolean;
+    cves: string[];
+    license: string;
+    license_compatible: boolean;
+    maintained: boolean;
+    last_publish: string;
+    typosquat_warning: boolean;
+    recommendation: string;
+}
+/**
+ * Compute Levenshtein edit distance between two strings.
+ */
+export declare function editDistance(a: string, b: string): number;
+/**
+ * Check if a package name looks like a typosquat of a popular package.
+ */
+export declare function checkTyposquat(name: string): {
+    isTyposquat: boolean;
+    similarTo?: string;
+};
+export declare function handleCheckPackage(params: CheckPackageParams): Promise<CheckPackageResult>;
+//# sourceMappingURL=check-package.d.ts.map

package/dist/src/mcp/tools/check-package.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-package.d.ts","sourceRoot":"","sources":["../../../../src/mcp/tools/check-package.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;CACxB;AAoCD;;GAEG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAuBzD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,OAAO,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAYzF;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,kBAAkB,CAAC,CAoJ7B"}