@trynullsec/s1-zk 1.0.0

package/LIMITATIONS.md

@@ -0,0 +1,17 @@
+# Limitations
+
+Nullsec S1-ZK v1 is deterministic static analysis for ZK circuit auditing. It is intentionally precise about what it can and cannot claim.
+
+- Static analysis is approximate and may produce false positives.
+- The Circom parser is best-effort; unsupported syntax records parser warnings where possible.
+- The Halo2 frontend is best-effort Rust source scanning. It is not a full Rust AST, MIR, or Halo2 synthesis analyzer.
+- The Halo2 constraint graph is approximate. It links obvious gates, regions, advice assignments, selector enables, equality/copy edges, lookups, and instance bindings, but it does not execute synthesis code.
+- It is not full formal verification and does not prove circuit soundness.
+- It may miss semantic bugs that require protocol context, cross-circuit reasoning, or full compilation.
+- It does not generate witnesses or counterexamples yet.
+- It does not compile Circom circuits, inspect generated R1CS, or run Halo2 circuit synthesis yet.
+- Halo2 findings may miss behavior hidden behind macros, helper APIs, generics, cross-file abstractions, or dynamic region assignment patterns.
+- Macro-heavy Rust and project-specific Halo2 gadget APIs may require future parser support or rule tuning.
+- Range-check and booleanity detection recognize common patterns, not every custom gadget.
+- Component output inference is heuristic and based on parsed references.
+- AI-native modules prepare prompts for future reasoning but do not call external AI APIs.

package/README.md

@@ -0,0 +1,149 @@
+# Nullsec S1-ZK
+
+AI-native auditing for zero-knowledge circuits. Find underconstraints before they mint infinite money.
+
+## What Nullsec S1-ZK Is
+
+Nullsec S1-ZK is a production-grade static analysis foundation for ZK circuit auditing. It scans Circom circuits and Rust-based Halo2 circuits for high-impact soundness risks such as unsafe witness hints, missing constraints, missing range checks, missing booleanity checks, unbound inputs, unsafe assertions, component output binding mistakes, unconstrained advice assignments, and unbound Halo2 instance values.
+
+It detects high-signal underconstraint patterns, but it does not prove full circuit soundness and does not replace expert cryptographic audits.
+
+## Why ZK Underconstraints Matter
+
+Most catastrophic ZK bugs are not ordinary application bugs. They are proof-system semantic failures where the circuit does not actually constrain what the protocol thinks it constrains. Nullsec S1-ZK is built around the question: what does this circuit claim to prove, and what does it actually constrain?
+
+## What v1 Detects
+
+v1 implements deterministic static analysis for Circom and best-effort static analysis for Halo2-style Rust circuits.
+
+Circom checks include:
+
+- Dangerous `<--` hint assignments.
+- Assigned but unconstrained signals.
+- Input signals that never bind into constraints.
+- Unconstrained outputs.
+- Missing booleanity checks.
+- Missing range checks and aliasing risks.
+- Unsafe `assert(...)` over signals.
+- Unsafe division and inverse patterns.
+- Unconstrained component outputs.
+- Unused signals and suspicious selectors.
+
+Halo2 checks include:
+
+- Advice assignments that do not appear connected to gates, equality constraints, instance constraints, or lookups.
+- Instance/public values queried without an obvious public binding.
+- Selector discipline risks.
+- Unsafe inverse or division patterns.
+- Suspicious partial elliptic-curve operation assignments.
+- Copy-constraint usage without obvious `enable_equality`.
+
+## Halo2 Constraint Graph
+
+The Halo2 frontend builds a best-effort constraint graph from Rust source. It links `create_gate` expressions, advice/fixed/instance queries, selector-gated polynomials, `assign_region` assignments, selector enables, `constrain_equal`, `copy_advice`, lookups, and `constrain_instance` public bindings.
+
+This graph lets Nullsec S1-ZK distinguish advice values that are connected through gates, equality edges, lookups, or public instance exposure from values that are merely assigned in a region. It improves high-signal findings for Orchard-style EC gadgets and other Halo2 circuits, but it is still static source analysis, not formal verification or complete Halo2 synthesis.
+
+## Installation
+
+```bash
+npm install
+npm run build
+npm link
+```
+
+## Usage
+
+```bash
+nullsec-zk scan ./examples
+nullsec-zk scan ./examples/halo2
+nullsec-zk scan ./examples --format json
+nullsec-zk scan ./examples --format sarif
+nullsec-zk scan ./examples --report markdown
+nullsec-zk scan ./examples --out report.json
+nullsec-zk scan ./examples --fail-on HIGH
+nullsec-zk rules
+nullsec-zk explain NS-ZK-001
+```
+
+## Example Terminal Output
+
+```text
+Nullsec S1-ZK
+AI-native auditing for zero-knowledge circuits
+
+Target: ./examples
+Frontend: Mixed
+Files scanned: 24
+Rules executed: 18
+Issues found: 33
+```
+
+## JSON Output
+
+JSON output includes the tool name, version, target, files scanned, rules executed, severity counts, issues, and parser warnings.
+
+```bash
+nullsec-zk scan ./examples --format json
+```
+
+## Markdown Reports
+
+```bash
+nullsec-zk scan ./examples --report markdown
+```
+
+By default this writes `nullsec-zk-report.md`. Use `--out` to choose another path.
+
+## SARIF / CI Usage
+
+```bash
+nullsec-zk scan ./circuits --format sarif --out nullsec-zk.sarif --fail-on HIGH
+```
+
+The SARIF renderer is structured for GitHub code scanning compatibility.
+
+## Rule List
+
+Run:
+
+```bash
+nullsec-zk rules
+```
+
+Detailed rule documentation is in `RULES.md`.
+
+## Configuration
+
+Create a config:
+
+```bash
+nullsec-zk init
+```
+
+Example:
+
+```json
+{
+  "rules": {
+    "NS-ZK-006": "off",
+    "NS-ZK-005": "high"
+  },
+  "ignore": ["node_modules", "circomlib"],
+  "failOn": "HIGH",
+  "format": "terminal",
+  "field": "BN254"
+}
+```
+
+## Limitations
+
+Static analysis is approximate. The Circom and Halo2 frontends are best-effort source analyzers, do not compile circuits, do not generate witnesses, and do not perform formal verification. See `LIMITATIONS.md`.
+
+## Roadmap
+
+Future work includes deeper Halo2 analysis, Noir, gnark, Plonky2, R1CS extraction, witness counterexample generation, spec-to-circuit comparison, LLM-assisted exploit reasoning, CI integrations, and hosted reporting. See `ROADMAP.md`.
+
+## Security Philosophy
+
+Nullsec S1-ZK treats ZK circuit bugs as proof semantics failures. It is designed to surface places where witness values, public claims, outputs, selectors, and integer domains are not bound by constraints in the way a protocol likely intends.

package/ROADMAP.md

@@ -0,0 +1,21 @@
+# Roadmap
+
+Nullsec S1-ZK is designed as a modular security product foundation.
+
+- Deeper Halo2 frontend with Rust AST support, macro-aware extraction, and synthesis tracing.
+- Rust AST parsing via `syn`.
+- Real Halo2 region and gadget semantic models.
+- Noir frontend.
+- gnark frontend.
+- Plonky2 frontend.
+- R1CS extraction and analysis.
+- Constraint graph visualization.
+- Witness counterexample generation.
+- Spec-to-circuit comparison.
+- LLM-assisted exploit reasoning.
+- GitHub app and code scanning workflows.
+- Hosted dashboard.
+- Audit report generation.
+- Benchmark suite of historical ZK bugs.
+- Project-specific rule packs.
+- CI policy management and severity baselines.

package/RULES.md

@@ -0,0 +1,229 @@
+# Nullsec S1-ZK Rules
+
+Each rule reports a deterministic static-analysis finding. Severity can be overridden in `.nullsec-zk.json`.
+
+## NS-ZK-001 Dangerous Hint Assignment
+
+Severity: CRITICAL when unconstrained, MEDIUM when later constrained.
+
+Detects Circom `<--` assignments. These compute witness values without creating constraints.
+
+Vulnerable: `x <-- a * b;`
+
+Safe: `x <== a * b;` or `x <-- a * b; x === a * b;`
+
+Limitations: The rule cannot fully prove the later constraint is semantically equivalent to the hint expression.
+
+## NS-ZK-002 Assigned But Unconstrained
+
+Severity: CRITICAL.
+
+Detects signals assigned with `<--` that never appear in constraints.
+
+Vulnerable: `commitment <-- hasher.out;`
+
+Safe: `commitment <== hasher.out;`
+
+Limitations: Best-effort parser support may miss constraints hidden in unsupported syntax.
+
+## NS-ZK-003 Unbound Input Signal
+
+Severity: HIGH.
+
+Detects `signal input` declarations that never appear in constraints.
+
+Vulnerable: `signal input root;` with no later relation to `root`.
+
+Safe: `root === computedRoot;`
+
+Limitations: v1 treats all input signals as important and does not infer protocol-level public/private intent beyond syntax.
+
+## NS-ZK-004 Unconstrained Output
+
+Severity: HIGH or CRITICAL.
+
+Detects outputs assigned unsafely or never referenced in constraints.
+
+Vulnerable: `signal output out; out <-- value;`
+
+Safe: `out <== value;`
+
+Limitations: It checks parsed constraint participation, not full semantic derivation.
+
+## NS-ZK-005 Missing Booleanity
+
+Severity: HIGH.
+
+Detects boolean-like names such as `isAdmin`, `enabled`, `selector`, `pathIndex`, or `flag` without booleanity constraints.
+
+Vulnerable: `out <== isAdmin * balance;`
+
+Safe: `isAdmin * (isAdmin - 1) === 0;`
+
+Limitations: Naming heuristics can produce false positives or miss domain-specific boolean names.
+
+## NS-ZK-006 Missing Range Check
+
+Severity: confidence-scored and context-aware.
+
+Primary targets: `amount`, `balance`, `fee`, `nonce`, `index`, `timestamp`, `quantity`, `count`, `size`, and `limb`.
+
+The rule distinguishes bounded integers from hash-like values such as `nullifierHash`, `commitment`, and Merkle `root` signals. Hash outputs, commitments, roots, and nullifier hashes are not automatically required to have range checks unless they are used as bounded integers in arithmetic or comparators.
+
+Confidence examples:
+
+- `amount` input without range check: HIGH confidence, HIGH severity
+- `balance` input without range check: HIGH confidence, HIGH severity
+- `nullifierHash` equality binding: not reported
+- `commitment` from Poseidon output: not reported
+- `remainingBalance` with range-checked operands: not reported
+
+Vulnerable: `remaining <== balance - amount;` flags `amount` and `balance` inputs.
+
+Safe: `component bits = Num2Bits(64); bits.in <== amount;`
+
+Limitations: Classification is heuristic. It recognizes common range gadgets and patterns, not every custom range proof or protocol-specific integer encoding.
+
+## NS-ZK-007 Unsafe Assertion
+
+Severity: HIGH.
+
+Detects `assert(...)` expressions involving signals.
+
+Vulnerable: `assert(secret === expected);`
+
+Safe: `secret === expected;`
+
+Limitations: Constant assertions and template parameter assertions may be legitimate; the rule focuses on signal references.
+
+## NS-ZK-008 Unsafe Division Or Inverse
+
+Severity: HIGH or MEDIUM.
+
+Detects division, inverse, `inv`, and `IsZero`-like patterns without clear nonzero guards.
+
+Vulnerable: `q <-- numerator / denominator;`
+
+Safe: `denominator * inverse === 1; q <== numerator * inverse;`
+
+Limitations: Custom safe inversion gadgets may require project-specific rule configuration.
+
+## NS-ZK-009 Unconstrained Component Output
+
+Severity: CRITICAL.
+
+Detects component outputs copied through `<--` and not constrained.
+
+Vulnerable: `commitment <-- h.out;`
+
+Safe: `commitment <== h.out;`
+
+Limitations: Component output names are inferred from references and common Circom conventions.
+
+## NS-ZK-010 Alias Or Overflow Risk
+
+Severity: MEDIUM or HIGH.
+
+Detects wide bit decompositions near BN254 field size and unbounded limb arrays.
+
+Vulnerable: `component bits = Num2Bits(254);` without `AliasCheck`.
+
+Safe: Use field-safe bit widths and add `AliasCheck` for large decompositions.
+
+Limitations: Reports confidence MEDIUM or LOW where intent is ambiguous.
+
+## NS-ZK-011 Unused Signal
+
+Severity: LOW.
+
+Detects declared signals that are never assigned and never constrained.
+
+Vulnerable: `signal unused;`
+
+Safe: Remove dead signals or add the intended constraints.
+
+Limitations: Some generated templates may intentionally declare unused compatibility signals.
+
+## NS-ZK-012 Suspicious Selector
+
+Severity: HIGH.
+
+Detects selector-like signals used in conditional arithmetic without booleanity checks.
+
+Vulnerable: `out <== selector * a + (1 - selector) * b;`
+
+Safe: `selector * (selector - 1) === 0;`
+
+Limitations: Selector naming and multiplexer detection are heuristic.
+
+## NS-H2-001 Assigned Advice Not Constrained
+
+Severity: HIGH or CRITICAL depending context.
+
+Detects Halo2 `assign_advice` calls that do not appear connected through the Halo2 constraint graph to parsed `create_gate` expressions, equality edges, copy constraints, `constrain_instance`, or lookups.
+
+Vulnerable: assigning an advice cell in a region without referencing it in a gate or equality/public binding.
+
+Safe: reference the assigned cell in a gate, lookup, copy constraint, or instance exposure as intended.
+
+Limitations: This is graph-aware Rust source scanning, not full Halo2 synthesis tracing.
+
+## NS-H2-002 Instance Value Not Bound
+
+Severity: HIGH.
+
+Detects `query_instance` usage that is not connected through a gate expression or public instance binding.
+
+Vulnerable: querying or intending to use a public instance value without connecting an assigned cell to the public statement.
+
+Safe: use `layouter.constrain_instance(cell.cell(), config.instance, row)`.
+
+Limitations: Cross-file helper abstractions may require suppression or future interprocedural analysis.
+
+## NS-H2-003 Selector Discipline Risk
+
+Severity: MEDIUM or HIGH.
+
+Detects selectors queried in gates, especially selector multipliers, without clear `.enable(...)` usage in parsed regions.
+
+Vulnerable: `meta.query_selector(q_gate)` appears in a gate, but no region enables `q_gate`.
+
+Safe: enable the selector on every row where the gate must apply.
+
+Limitations: Complex selector abstractions may not be recognized.
+
+## NS-H2-004 Unsafe Inverse Or Division
+
+Severity: HIGH.
+
+Detects `.invert()`, `.inverse()`, or division-like code without an obvious nearby zero check, nonzero guard, safe gadget, or inverse relation. Apparent safe patterns are downgraded for review instead of treated as fully proven safe.
+
+Vulnerable: `let inv = denominator.invert().unwrap();`
+
+Safe: guard zero explicitly and constrain the inverse relation in a gate.
+
+Limitations: The guard detector is local and heuristic.
+
+## NS-H2-005 Partial Elliptic-Curve Operation Risk
+
+Severity: HIGH, confidence MEDIUM unless obvious.
+
+Detects EC-related assignments involving names like `curve`, `point`, `scalar`, `base`, `fixed_base`, `variable_base`, `ecc`, or `mul` that are not connected to gate expressions, equality edges, copy constraints, lookups, or public instance bindings.
+
+Vulnerable: assigning EC point coordinates from a scalar multiplication without constraining the group law.
+
+Safe: bind every EC intermediate through complete gate constraints, lookups, or equality constraints.
+
+Limitations: This rule is intentionally conservative for Orchard-class research and may require project-specific tuning.
+
+## NS-H2-006 Missing Enable Equality
+
+Severity: MEDIUM.
+
+Detects `constrain_equal` usage where the graph cannot connect the copy constraint to a parsed column with obvious `meta.enable_equality(...)`.
+
+Vulnerable: calling `constrain_equal` on cells from columns not configured for equality.
+
+Safe: call `meta.enable_equality` for advice or instance columns participating in copy constraints.
+
+Limitations: The rule depends on local column extraction and may miss wrapper APIs.

package/benchmarks/historical/orchard-inspired/partial-ec-mul-halo2.rs

@@ -0,0 +1,53 @@
+use halo2_proofs::plonk::{Advice, Column, ConstraintSystem, Selector};
+
+struct EcMulConfig {
+    base_x: Column<Advice>,
+    base_y: Column<Advice>,
+    scalar: Column<Advice>,
+    acc_x: Column<Advice>,
+    acc_y: Column<Advice>,
+    out_x: Column<Advice>,
+    out_y: Column<Advice>,
+    q_ec_mul: Selector,
+}
+
+fn configure(meta: &mut ConstraintSystem<Fp>) -> EcMulConfig {
+    let base_x = meta.advice_column();
+    let base_y = meta.advice_column();
+    let scalar = meta.advice_column();
+    let acc_x = meta.advice_column();
+    let acc_y = meta.advice_column();
+    let out_x = meta.advice_column();
+    let out_y = meta.advice_column();
+    let q_ec_mul = meta.selector();
+
+    meta.create_gate("synthetic orchard ec mul relation", |meta| {
+        let s = meta.query_selector(q_ec_mul);
+        let bx = meta.query_advice(base_x, Rotation::cur());
+        let scalar = meta.query_advice(scalar, Rotation::cur());
+        let ax = meta.query_advice(acc_x, Rotation::cur());
+        let ay = meta.query_advice(acc_y, Rotation::cur());
+        let ox = meta.query_advice(out_x, Rotation::cur());
+        let oy = meta.query_advice(out_y, Rotation::cur());
+        vec![
+            s.clone() * (ax + bx * scalar - ox),
+            s * (ay + scalar - oy),
+        ]
+    });
+
+    EcMulConfig { base_x, base_y, scalar, acc_x, acc_y, out_x, out_y, q_ec_mul }
+}
+
+fn synthesize(config: EcMulConfig, mut layouter: impl Layouter<Fp>) {
+    layouter.assign_region(|| "orchard inspired partial ec mul", |mut region| {
+        config.q_ec_mul.enable(&mut region, 0)?;
+        region.assign_advice(|| "base x", config.base_x, 0, || Value::known(base_point.x))?;
+        region.assign_advice(|| "base y", config.base_y, 0, || Value::known(base_point.y))?;
+        region.assign_advice(|| "scalar", config.scalar, 0, || Value::known(scalar))?;
+        region.assign_advice(|| "accumulator x", config.acc_x, 0, || Value::known(acc.x))?;
+        region.assign_advice(|| "accumulator y", config.acc_y, 0, || Value::known(acc.y))?;
+        region.assign_advice(|| "output point x", config.out_x, 0, || Value::known(output.x))?;
+        region.assign_advice(|| "output point y", config.out_y, 0, || Value::known(output.y))?;
+        Ok(())
+    });
+}

package/benchmarks/historical/orchard-inspired/safe-ec-mul-halo2.rs

@@ -0,0 +1,69 @@
+use halo2_proofs::plonk::{Advice, Column, ConstraintSystem, Selector};
+
+struct EcMulConfig {
+    base_x: Column<Advice>,
+    base_y: Column<Advice>,
+    scalar: Column<Advice>,
+    acc_x: Column<Advice>,
+    acc_y: Column<Advice>,
+    out_x: Column<Advice>,
+    out_y: Column<Advice>,
+    q_ec_mul: Selector,
+}
+
+fn configure(meta: &mut ConstraintSystem<Fp>) -> EcMulConfig {
+    let base_x = meta.advice_column();
+    let base_y = meta.advice_column();
+    let scalar = meta.advice_column();
+    let acc_x = meta.advice_column();
+    let acc_y = meta.advice_column();
+    let out_x = meta.advice_column();
+    let out_y = meta.advice_column();
+    let q_ec_mul = meta.selector();
+    meta.enable_equality(base_x);
+    meta.enable_equality(base_y);
+    meta.enable_equality(scalar);
+    meta.enable_equality(acc_x);
+    meta.enable_equality(acc_y);
+    meta.enable_equality(out_x);
+    meta.enable_equality(out_y);
+
+    meta.create_gate("complete synthetic orchard ec mul relation", |meta| {
+        let s = meta.query_selector(q_ec_mul);
+        let bx = meta.query_advice(base_x, Rotation::cur());
+        let by = meta.query_advice(base_y, Rotation::cur());
+        let scalar = meta.query_advice(scalar, Rotation::cur());
+        let ax = meta.query_advice(acc_x, Rotation::cur());
+        let ay = meta.query_advice(acc_y, Rotation::cur());
+        let ox = meta.query_advice(out_x, Rotation::cur());
+        let oy = meta.query_advice(out_y, Rotation::cur());
+        vec![
+            s.clone() * (ax + bx * scalar - ox),
+            s.clone() * (ay + by * scalar - oy),
+            s * (by * by - bx * bx * bx),
+        ]
+    });
+
+    EcMulConfig { base_x, base_y, scalar, acc_x, acc_y, out_x, out_y, q_ec_mul }
+}
+
+fn synthesize(config: EcMulConfig, mut layouter: impl Layouter<Fp>) {
+    layouter.assign_region(|| "orchard inspired complete ec mul", |mut region| {
+        config.q_ec_mul.enable(&mut region, 0)?;
+        let base_x_cell = region.assign_advice(|| "base x", config.base_x, 0, || Value::known(base_point.x))?;
+        let base_y_cell = region.assign_advice(|| "base y", config.base_y, 0, || Value::known(base_point.y))?;
+        let scalar_cell = region.assign_advice(|| "scalar", config.scalar, 0, || Value::known(scalar))?;
+        let acc_x_cell = region.assign_advice(|| "accumulator x", config.acc_x, 0, || Value::known(acc.x))?;
+        let acc_y_cell = region.assign_advice(|| "accumulator y", config.acc_y, 0, || Value::known(acc.y))?;
+        let out_x_cell = region.assign_advice(|| "output point x", config.out_x, 0, || Value::known(output.x))?;
+        let out_y_cell = region.assign_advice(|| "output point y", config.out_y, 0, || Value::known(output.y))?;
+        region.constrain_equal(base_x_cell.cell(), base_x_cell.cell())?;
+        region.constrain_equal(base_y_cell.cell(), base_y_cell.cell())?;
+        region.constrain_equal(scalar_cell.cell(), scalar_cell.cell())?;
+        region.constrain_equal(acc_x_cell.cell(), acc_x_cell.cell())?;
+        region.constrain_equal(acc_y_cell.cell(), acc_y_cell.cell())?;
+        region.constrain_equal(out_x_cell.cell(), out_x_cell.cell())?;
+        region.constrain_equal(out_y_cell.cell(), out_y_cell.cell())?;
+        Ok(())
+    });
+}

package/dist/ai/prompt-builder.d.ts

@@ -0,0 +1,2 @@
+import type { Issue } from "../types.js";
+export declare function buildReasoningPrompt(issue: Issue, surroundingCode: string, circuitIntent?: string): string;

package/dist/ai/prompt-builder.js

@@ -0,0 +1,33 @@
+export function buildReasoningPrompt(issue, surroundingCode, circuitIntent = "Unknown from static analysis") {
+    return `You are reviewing a zero-knowledge circuit issue reported by Nullsec S1-ZK.
+
+Circuit intent:
+${circuitIntent}
+
+Issue:
+- Rule: ${issue.ruleId}
+- Title: ${issue.title}
+- Severity: ${issue.severity}
+- Confidence: ${issue.confidence}
+- File: ${issue.file}:${issue.line}
+- Signal: ${issue.signalName ?? "unknown"}
+
+Finding:
+${issue.explanation}
+
+Impact:
+${issue.impact}
+
+Surrounding code:
+\`\`\`circom
+${surroundingCode}
+\`\`\`
+
+Reasoning tasks:
+1. Summarize what the circuit appears to claim to prove.
+2. Explain the constraint failure without overstating formal guarantees.
+3. Assess exploitability and assumptions.
+4. Propose a concrete patch.
+5. Draft audit-report language suitable for a security review.`;
+}
+//# sourceMappingURL=prompt-builder.js.map

package/dist/ai/prompt-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-builder.js","sourceRoot":"","sources":["../../src/ai/prompt-builder.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,oBAAoB,CAAC,KAAY,EAAE,eAAuB,EAAE,aAAa,GAAG,8BAA8B;IACxH,OAAO;;;EAGP,aAAa;;;UAGL,KAAK,CAAC,MAAM;WACX,KAAK,CAAC,KAAK;cACR,KAAK,CAAC,QAAQ;gBACZ,KAAK,CAAC,UAAU;UACtB,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI;YACtB,KAAK,CAAC,UAAU,IAAI,SAAS;;;EAGvC,KAAK,CAAC,WAAW;;;EAGjB,KAAK,CAAC,MAAM;;;;EAIZ,eAAe;;;;;;;;+DAQ8C,CAAC;AAChE,CAAC"}

package/dist/ai/reasoning-interface.d.ts

@@ -0,0 +1,15 @@
+import type { Issue } from "../types.js";
+export interface ReasoningRequest {
+    issue: Issue;
+    surroundingCode: string;
+    circuitIntent?: string;
+}
+export interface ReasoningResponse {
+    exploitabilityAssessment: string;
+    patchGuidance: string;
+    auditLanguage: string;
+}
+export interface ReasoningProvider {
+    name: string;
+    reason(request: ReasoningRequest): Promise<ReasoningResponse>;
+}

package/dist/ai/reasoning-interface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=reasoning-interface.js.map

package/dist/ai/reasoning-interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reasoning-interface.js","sourceRoot":"","sources":["../../src/ai/reasoning-interface.ts"],"names":[],"mappings":""}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,71 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import chalk from "chalk";
+import { existsSync } from "node:fs";
+import { scanTarget } from "./scanner.js";
+import { writeDefaultConfig } from "./config.js";
+import { allRules } from "./rules/index.js";
+import { normalizeSeverity } from "./core/severity.js";
+const program = new Command();
+program
+    .name("nullsec-zk")
+    .description("Nullsec S1-ZK: AI-native auditing for zero-knowledge circuits.")
+    .version("1.0.0");
+program
+    .command("scan")
+    .argument("<target>", "Circom file or directory to scan")
+    .option("--format <format>", "terminal, json, markdown, or sarif")
+    .option("--report <format>", "write a report in the requested format")
+    .option("--out <path>", "write report output to a path")
+    .option("--fail-on <severity>", "CRITICAL, HIGH, MEDIUM, LOW, or INFO")
+    .option("--config <path>", "config file path")
+    .action(async (target, options) => {
+    try {
+        const run = await scanTarget(target, {
+            format: options.format,
+            report: options.report,
+            out: options.out,
+            failOn: options.failOn ? normalizeSeverity(options.failOn, "CRITICAL") : undefined,
+            configPath: options.config
+        });
+        if (!options.out && !options.report)
+            process.stdout.write(run.output);
+        process.exitCode = run.exitCode;
+    }
+    catch (error) {
+        console.error(chalk.red("Nullsec S1-ZK scan failed"));
+        console.error(error.message);
+        process.exitCode = 2;
+    }
+});
+program.command("rules").description("List supported Nullsec S1-ZK rules").action(() => {
+    for (const rule of allRules) {
+        console.log(`${rule.id}  ${rule.defaultSeverity.padEnd(8)}  ${rule.title}`);
+    }
+});
+program.command("explain").argument("<issue-id>", "Rule ID or issue ID").description("Explain a supported rule").action((issueId) => {
+    const ruleId = issueId.match(/NS-(?:ZK|H2)-\d{3}/)?.[0] ?? issueId;
+    const rule = allRules.find((candidate) => candidate.id === ruleId);
+    if (!rule) {
+        console.error(`No rule found for ${issueId}`);
+        process.exitCode = 2;
+        return;
+    }
+    console.log(`${rule.id}: ${rule.title}
+
+Default severity: ${rule.defaultSeverity}
+Tags: ${rule.tags.join(", ")}
+
+${rule.description}`);
+});
+program.command("init").description("Create a .nullsec-zk.json config file").action(() => {
+    if (existsSync(".nullsec-zk.json")) {
+        console.error(".nullsec-zk.json already exists");
+        process.exitCode = 2;
+        return;
+    }
+    const path = writeDefaultConfig();
+    console.log(`Created ${path}`);
+});
+program.parseAsync(process.argv);
+//# sourceMappingURL=cli.js.map