@vibecheckai/cli 2.5.1

package/dist/runtime/owner-mode.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Owner Mode Password Protection
+ * Provides secure password-based access control for owner mode
+ */
+export interface OwnerModeResult {
+    enabled: boolean;
+    verified: boolean;
+    reason?: string;
+}
+/**
+ * Get owner password hash from config
+ */
+export declare function getOwnerPasswordHash(): string | null;
+/**
+ * Save owner password hash to config
+ */
+export declare function saveOwnerPasswordHash(passwordHash: string): void;
+/**
+ * Hash password using SHA-256
+ */
+export declare function hashPassword(password: string): string;
+/**
+ * Verify password against hash
+ */
+export declare function verifyPassword(password: string, hash: string): boolean;
+/**
+ * Prompt for password securely (hide input)
+ * Cross-platform compatible
+ */
+export declare function promptPassword(message?: string): Promise<string | null>;
+/**
+ * Check if owner mode is enabled (requires password verification)
+ */
+export declare function isOwnerMode(requirePassword?: boolean): Promise<OwnerModeResult>;
+/**
+ * Synchronous check (for non-interactive contexts)
+ * Only checks environment variable, not password
+ */
+export declare function isOwnerModeSync(): boolean;
+/**
+ * Set owner password
+ */
+export declare function setOwnerPassword(): Promise<boolean>;
+/**
+ * Remove owner password (disable password protection)
+ */
+export declare function removeOwnerPassword(): boolean;
+//# sourceMappingURL=owner-mode.d.ts.map

package/dist/runtime/owner-mode.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"owner-mode.d.ts","sourceRoot":"","sources":["../../src/runtime/owner-mode.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAcD;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,IAAI,CAWpD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAiBhE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAErD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAGtE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,MAAiC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAmEjG;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,eAAe,GAAE,OAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CA6C3F;AAED;;;GAGG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAMzC;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,OAAO,CAAC,CA2BzD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAiB7C"}

package/dist/runtime/owner-mode.js

@@ -0,0 +1,284 @@
+"use strict";
+/**
+ * Owner Mode Password Protection
+ * Provides secure password-based access control for owner mode
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOwnerPasswordHash = getOwnerPasswordHash;
+exports.saveOwnerPasswordHash = saveOwnerPasswordHash;
+exports.hashPassword = hashPassword;
+exports.verifyPassword = verifyPassword;
+exports.promptPassword = promptPassword;
+exports.isOwnerMode = isOwnerMode;
+exports.isOwnerModeSync = isOwnerModeSync;
+exports.setOwnerPassword = setOwnerPassword;
+exports.removeOwnerPassword = removeOwnerPassword;
+const readline = __importStar(require("readline"));
+const crypto = __importStar(require("crypto"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const creds_1 = require("./creds");
+function getConfigPath() {
+    const configDir = (0, creds_1.getConfigDir)();
+    return path.join(configDir, 'config.json');
+}
+function ensureConfigDir(configPath) {
+    const dir = path.dirname(configPath);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+}
+/**
+ * Get owner password hash from config
+ */
+function getOwnerPasswordHash() {
+    try {
+        const configPath = getConfigPath();
+        if (fs.existsSync(configPath)) {
+            const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+            return config.ownerPasswordHash || null;
+        }
+    }
+    catch (err) {
+        // ignore config errors
+    }
+    return null;
+}
+/**
+ * Save owner password hash to config
+ */
+function saveOwnerPasswordHash(passwordHash) {
+    const configPath = getConfigPath();
+    ensureConfigDir(configPath);
+    let config = {};
+    try {
+        if (fs.existsSync(configPath)) {
+            config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+        }
+    }
+    catch (err) {
+        // ignore, start fresh
+    }
+    config.ownerPasswordHash = passwordHash;
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2), {
+        mode: 0o600,
+    });
+}
+/**
+ * Hash password using SHA-256
+ */
+function hashPassword(password) {
+    return crypto.createHash('sha256').update(password).digest('hex');
+}
+/**
+ * Verify password against hash
+ */
+function verifyPassword(password, hash) {
+    if (!password || !hash)
+        return false;
+    return hashPassword(password) === hash;
+}
+/**
+ * Prompt for password securely (hide input)
+ * Cross-platform compatible
+ */
+function promptPassword(message = 'Enter owner password: ') {
+    return new Promise((resolve) => {
+        // For Windows compatibility, use a simpler approach
+        if (process.platform === 'win32') {
+            // On Windows, use readline (password may be visible)
+            const rl = readline.createInterface({
+                input: process.stdin,
+                output: process.stdout,
+            });
+            rl.question(message, (password) => {
+                rl.close();
+                resolve(password || null);
+            });
+        }
+        else {
+            // Unix-like systems: use raw mode
+            const rl = readline.createInterface({
+                input: process.stdin,
+                output: process.stdout,
+            });
+            process.stdout.write(message);
+            process.stdin.setRawMode(true);
+            process.stdin.resume();
+            process.stdin.setEncoding('utf8');
+            let password = '';
+            const onData = (char) => {
+                const charStr = char.toString();
+                switch (charStr) {
+                    case '\n':
+                    case '\r':
+                    case '\u0004': // Ctrl+D
+                        process.stdin.setRawMode(false);
+                        process.stdin.pause();
+                        process.stdin.removeListener('data', onData);
+                        rl.close();
+                        process.stdout.write('\n');
+                        resolve(password);
+                        break;
+                    case '\u0003': // Ctrl+C
+                        process.stdin.setRawMode(false);
+                        process.stdin.pause();
+                        process.stdin.removeListener('data', onData);
+                        rl.close();
+                        process.stdout.write('\n');
+                        resolve(null);
+                        break;
+                    case '\u007f': // Backspace
+                        if (password.length > 0) {
+                            password = password.slice(0, -1);
+                            process.stdout.write('\b \b');
+                        }
+                        break;
+                    default:
+                        if (charStr >= ' ') {
+                            // Printable characters only
+                            password += charStr;
+                            process.stdout.write('*');
+                        }
+                        break;
+                }
+            };
+            process.stdin.on('data', onData);
+        }
+    });
+}
+/**
+ * Check if owner mode is enabled (requires password verification)
+ */
+async function isOwnerMode(requirePassword = true) {
+    // Check environment variable first (for CI/CD - can bypass password)
+    const envOwnerMode = !!(process.env.GUARDRAIL_OWNER_MODE === 'true' ||
+        process.env.GUARDRAIL_OWNER_MODE === '1' ||
+        process.env.GUARDRAIL_ADMIN === 'true');
+    if (envOwnerMode) {
+        // If password is set, require verification even with env var
+        const passwordHash = getOwnerPasswordHash();
+        if (passwordHash && requirePassword) {
+            // Password is set, require verification
+            const password = await promptPassword('Owner password: ');
+            if (!password) {
+                return { enabled: false, verified: false, reason: 'Password entry cancelled' };
+            }
+            if (!verifyPassword(password, passwordHash)) {
+                return { enabled: false, verified: false, reason: 'Invalid password' };
+            }
+            return { enabled: true, verified: true };
+        }
+        // No password set or password verification disabled
+        return { enabled: true, verified: !passwordHash };
+    }
+    // No environment variable - check if password is set
+    const passwordHash = getOwnerPasswordHash();
+    if (!passwordHash) {
+        return { enabled: false, verified: false, reason: 'Owner password not set' };
+    }
+    // Password is set, require verification
+    if (requirePassword) {
+        const password = await promptPassword('Owner password: ');
+        if (!password) {
+            return { enabled: false, verified: false, reason: 'Password entry cancelled' };
+        }
+        if (!verifyPassword(password, passwordHash)) {
+            return { enabled: false, verified: false, reason: 'Invalid password' };
+        }
+        return { enabled: true, verified: true };
+    }
+    return { enabled: false, verified: false, reason: 'Password verification required' };
+}
+/**
+ * Synchronous check (for non-interactive contexts)
+ * Only checks environment variable, not password
+ */
+function isOwnerModeSync() {
+    return !!(process.env.GUARDRAIL_OWNER_MODE === 'true' ||
+        process.env.GUARDRAIL_OWNER_MODE === '1' ||
+        process.env.GUARDRAIL_ADMIN === 'true');
+}
+/**
+ * Set owner password
+ */
+async function setOwnerPassword() {
+    const password1 = await promptPassword('Enter new owner password: ');
+    if (!password1) {
+        console.error('Password entry cancelled.');
+        return false;
+    }
+    const password2 = await promptPassword('Confirm owner password: ');
+    if (!password2) {
+        console.error('Password confirmation cancelled.');
+        return false;
+    }
+    if (password1 !== password2) {
+        console.error('Passwords do not match.');
+        return false;
+    }
+    if (password1.length < 8) {
+        console.error('Password must be at least 8 characters long.');
+        return false;
+    }
+    const hash = hashPassword(password1);
+    saveOwnerPasswordHash(hash);
+    console.log('✓ Owner password set successfully.');
+    return true;
+}
+/**
+ * Remove owner password (disable password protection)
+ */
+function removeOwnerPassword() {
+    try {
+        const configPath = getConfigPath();
+        if (fs.existsSync(configPath)) {
+            const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+            delete config.ownerPasswordHash;
+            fs.writeFileSync(configPath, JSON.stringify(config, null, 2), {
+                mode: 0o600,
+            });
+            console.log('✓ Owner password removed. Environment variable only.');
+            return true;
+        }
+    }
+    catch (err) {
+        console.error('Failed to remove owner password:', err.message);
+        return false;
+    }
+    return false;
+}
+//# sourceMappingURL=owner-mode.js.map

package/dist/runtime/owner-mode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"owner-mode.js","sourceRoot":"","sources":["../../src/runtime/owner-mode.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BH,oDAWC;AAKD,sDAiBC;AAKD,oCAEC;AAKD,wCAGC;AAMD,wCAmEC;AAKD,kCA6CC;AAMD,0CAMC;AAKD,4CA2BC;AAKD,kDAiBC;AAzQD,mDAAqC;AACrC,+CAAiC;AACjC,uCAAyB;AACzB,2CAA6B;AAE7B,mCAAuC;AAQvC,SAAS,aAAa;IACpB,MAAM,SAAS,GAAG,IAAA,oBAAY,GAAE,CAAC;IACjC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB;IAClC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QACnC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;YAC/D,OAAO,MAAM,CAAC,iBAAiB,IAAI,IAAI,CAAC;QAC1C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,uBAAuB;IACzB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,YAAoB;IACxD,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,eAAe,CAAC,UAAU,CAAC,CAAC;IAE5B,IAAI,MAAM,GAAQ,EAAE,CAAC;IACrB,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,sBAAsB;IACxB,CAAC;IAED,MAAM,CAAC,iBAAiB,GAAG,YAAY,CAAC;IACxC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QAC5D,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,QAAgB,EAAE,IAAY;IAC3D,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACrC,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,UAAkB,wBAAwB;IACvE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,oDAAoD;QACpD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,qDAAqD;YACrD,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;gBAClC,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YAEH,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,EAAE;gBAChC,EAAE,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,kCAAkC;YAClC,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;gBAClC,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YAEH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAElC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;gBAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAChC,QAAQ,OAAO,EAAE,CAAC;oBAChB,KAAK,IAAI,CAAC;oBACV,KAAK,IAAI,CAAC;oBACV,KAAK,QAAQ,EAAE,SAAS;wBACtB,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;wBAChC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;wBACtB,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;wBAC7C,EAAE,CAAC,KAAK,EAAE,CAAC;wBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBAC3B,OAAO,CAAC,QAAQ,CAAC,CAAC;wBAClB,MAAM;oBACR,KAAK,QAAQ,EAAE,SAAS;wBACtB,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;wBAChC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;wBACtB,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;wBAC7C,EAAE,CAAC,KAAK,EAAE,CAAC;wBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC;wBACd,MAAM;oBACR,KAAK,QAAQ,EAAE,YAAY;wBACzB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACxB,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;4BACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;wBAChC,CAAC;wBACD,MAAM;oBACR;wBACE,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;4BACnB,4BAA4B;4BAC5B,QAAQ,IAAI,OAAO,CAAC;4BACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBAC5B,CAAC;wBACD,MAAM;gBACV,CAAC;YACH,CAAC,CAAC;YAEF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAAC,kBAA2B,IAAI;IAC/D,qEAAqE;IACrE,MAAM,YAAY,GAAG,CAAC,CAAC,CACrB,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;QAC3C,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,GAAG;QACxC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,CACvC,CAAC;IAEF,IAAI,YAAY,EAAE,CAAC;QACjB,6DAA6D;QAC7D,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAC5C,IAAI,YAAY,IAAI,eAAe,EAAE,CAAC;YACpC,wCAAwC;YACxC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,kBAAkB,CAAC,CAAC;YAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;YACjF,CAAC;YACD,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;gBAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;YACzE,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;QACD,oDAAoD;QACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,YAAY,EAAE,CAAC;IACpD,CAAC;IAED,qDAAqD;IACrD,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;IAC/E,CAAC;IAED,wCAAwC;IACxC,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QACjF,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACzE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;AACvF,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe;IAC7B,OAAO,CAAC,CAAC,CACP,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;QAC3C,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,GAAG;QACxC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,CACvC,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,gBAAgB;IACpC,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,4BAA4B,CAAC,CAAC;IACrE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,0BAA0B,CAAC,CAAC;IACnE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACrC,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB;IACjC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QACnC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;YAC/D,OAAO,MAAM,CAAC,iBAAiB,CAAC;YAChC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;gBAC5D,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/runtime/semver.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Lightweight Semver Utilities
+ * Proper version comparison for vulnerability checking
+ * (Avoids incorrect lexicographic comparison like "10.0.0" < "2.0.0")
+ */
+export interface SemverParts {
+    major: number;
+    minor: number;
+    patch: number;
+    prerelease?: string;
+}
+/**
+ * Parse a semver string into components
+ * Handles formats: 1.2.3, 1.2.3-beta.1, ^1.2.3, ~1.2.3
+ */
+export declare function parseSemver(version: string): SemverParts | null;
+/**
+ * Compare two semver versions
+ * Returns: -1 if a < b, 0 if a == b, 1 if a > b
+ */
+export declare function compareSemver(a: string, b: string): number;
+/**
+ * Check if version is less than target
+ * Enterprise-grade: "10.0.0" is NOT less than "2.0.0"
+ */
+export declare function isVersionLessThan(version: string, target: string): boolean;
+/**
+ * Check if version satisfies a range expression
+ * Supports: <1.2.3, <=1.2.3, >1.2.3, >=1.2.3, 1.2.3 (exact)
+ */
+export declare function satisfiesRange(version: string, range: string): boolean;
+/**
+ * Check if version is affected by vulnerability
+ * affectedVersions format: "<4.17.21" or ">=1.0.0 <2.0.0"
+ */
+export declare function isAffected(version: string, affectedVersions: string): boolean;
+//# sourceMappingURL=semver.d.ts.map

package/dist/runtime/semver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semver.d.ts","sourceRoot":"","sources":["../../src/runtime/semver.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAyB/D;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CA4B1D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAE1E;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAkBtE;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAM7E"}

package/dist/runtime/semver.js

@@ -0,0 +1,110 @@
+"use strict";
+/**
+ * Lightweight Semver Utilities
+ * Proper version comparison for vulnerability checking
+ * (Avoids incorrect lexicographic comparison like "10.0.0" < "2.0.0")
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseSemver = parseSemver;
+exports.compareSemver = compareSemver;
+exports.isVersionLessThan = isVersionLessThan;
+exports.satisfiesRange = satisfiesRange;
+exports.isAffected = isAffected;
+/**
+ * Parse a semver string into components
+ * Handles formats: 1.2.3, 1.2.3-beta.1, ^1.2.3, ~1.2.3
+ */
+function parseSemver(version) {
+    // Strip range prefixes
+    const cleaned = version.replace(/^[\^~>=<]+/, '').trim();
+    // Match semver pattern
+    const match = cleaned.match(/^(\d+)\.(\d+)\.(\d+)(?:-(.+))?$/);
+    if (!match) {
+        // Try partial versions (1.2, 1)
+        const partial = cleaned.match(/^(\d+)(?:\.(\d+))?$/);
+        if (partial) {
+            return {
+                major: parseInt(partial[1], 10),
+                minor: partial[2] ? parseInt(partial[2], 10) : 0,
+                patch: 0,
+            };
+        }
+        return null;
+    }
+    return {
+        major: parseInt(match[1], 10),
+        minor: parseInt(match[2], 10),
+        patch: parseInt(match[3], 10),
+        prerelease: match[4],
+    };
+}
+/**
+ * Compare two semver versions
+ * Returns: -1 if a < b, 0 if a == b, 1 if a > b
+ */
+function compareSemver(a, b) {
+    const parsedA = parseSemver(a);
+    const parsedB = parseSemver(b);
+    if (!parsedA || !parsedB) {
+        // Fallback to string comparison if parsing fails
+        return a.localeCompare(b, undefined, { numeric: true, sensitivity: 'base' });
+    }
+    // Compare major.minor.patch
+    if (parsedA.major !== parsedB.major) {
+        return parsedA.major < parsedB.major ? -1 : 1;
+    }
+    if (parsedA.minor !== parsedB.minor) {
+        return parsedA.minor < parsedB.minor ? -1 : 1;
+    }
+    if (parsedA.patch !== parsedB.patch) {
+        return parsedA.patch < parsedB.patch ? -1 : 1;
+    }
+    // Handle prerelease (1.0.0-alpha < 1.0.0)
+    if (parsedA.prerelease && !parsedB.prerelease)
+        return -1;
+    if (!parsedA.prerelease && parsedB.prerelease)
+        return 1;
+    if (parsedA.prerelease && parsedB.prerelease) {
+        return parsedA.prerelease.localeCompare(parsedB.prerelease);
+    }
+    return 0;
+}
+/**
+ * Check if version is less than target
+ * Enterprise-grade: "10.0.0" is NOT less than "2.0.0"
+ */
+function isVersionLessThan(version, target) {
+    return compareSemver(version, target) < 0;
+}
+/**
+ * Check if version satisfies a range expression
+ * Supports: <1.2.3, <=1.2.3, >1.2.3, >=1.2.3, 1.2.3 (exact)
+ */
+function satisfiesRange(version, range) {
+    const trimmed = range.trim();
+    if (trimmed.startsWith('<=')) {
+        return compareSemver(version, trimmed.slice(2)) <= 0;
+    }
+    if (trimmed.startsWith('<')) {
+        return compareSemver(version, trimmed.slice(1)) < 0;
+    }
+    if (trimmed.startsWith('>=')) {
+        return compareSemver(version, trimmed.slice(2)) >= 0;
+    }
+    if (trimmed.startsWith('>')) {
+        return compareSemver(version, trimmed.slice(1)) > 0;
+    }
+    // Exact match
+    return compareSemver(version, trimmed) === 0;
+}
+/**
+ * Check if version is affected by vulnerability
+ * affectedVersions format: "<4.17.21" or ">=1.0.0 <2.0.0"
+ */
+function isAffected(version, affectedVersions) {
+    // Split on spaces for compound ranges
+    const parts = affectedVersions.split(/\s+/).filter(Boolean);
+    // All conditions must be satisfied
+    return parts.every(part => satisfiesRange(version, part));
+}
+//# sourceMappingURL=semver.js.map

package/dist/runtime/semver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"semver.js","sourceRoot":"","sources":["../../src/runtime/semver.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAaH,kCAyBC;AAMD,sCA4BC;AAMD,8CAEC;AAMD,wCAkBC;AAMD,gCAMC;AA3GD;;;GAGG;AACH,SAAgB,WAAW,CAAC,OAAe;IACzC,uBAAuB;IACvB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAEzD,uBAAuB;IACvB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,gCAAgC;QAChC,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACrD,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC/B,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChD,KAAK,EAAE,CAAC;aACT,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;KACrB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,CAAS,EAAE,CAAS;IAChD,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAE/B,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,iDAAiD;QACjD,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,UAAU;QAAE,OAAO,CAAC,CAAC,CAAC;IACzD,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU;QAAE,OAAO,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QAC7C,OAAO,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,OAAe,EAAE,MAAc;IAC/D,OAAO,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,KAAa;IAC3D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAE7B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,cAAc;IACd,OAAO,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,OAAe,EAAE,gBAAwB;IAClE,sCAAsC;IACtC,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5D,mCAAmC;IACnC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;AAC5D,CAAC"}

package/dist/scan/dead-ui-detector.d.ts

@@ -0,0 +1,48 @@
+/**
+ * No Dead UI Static Gate
+ *
+ * Fast pre-test gate that blocks obvious deadness:
+ * - href="#"
+ * - noop onClick={() => {}}
+ * - "coming soon" UI in prod surfaces
+ * - disabled buttons without reason text
+ * - raw fetch("/api/...") in components
+ */
+export interface DeadUIFinding {
+    id: string;
+    type: 'dead_link' | 'noop_handler' | 'coming_soon' | 'disabled_no_reason' | 'raw_fetch';
+    file: string;
+    line: number;
+    column?: number;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    issue: string;
+    suggestion: string;
+}
+export interface DeadUIScanResult {
+    findings: DeadUIFinding[];
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+}
+export declare class DeadUIDetector {
+    private findings;
+    private findingCounter;
+    /**
+     * Scan for dead UI issues
+     */
+    scan(projectPath: string, options?: {
+        exclude?: string[];
+        includeTests?: boolean;
+    }): Promise<DeadUIScanResult>;
+    private scanDirectory;
+    private scanFile;
+    private checkPatterns;
+    private hasReasonText;
+    private addFinding;
+    private getSuggestion;
+}
+//# sourceMappingURL=dead-ui-detector.d.ts.map

package/dist/scan/dead-ui-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dead-ui-detector.d.ts","sourceRoot":"","sources":["../../src/scan/dead-ui-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,WAAW,GAAG,cAAc,GAAG,aAAa,GAAG,oBAAoB,GAAG,WAAW,CAAC;IACxF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAyCD,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAuB;IACvC,OAAO,CAAC,cAAc,CAAK;IAE3B;;OAEG;IACG,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,GAAE;QACvC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,YAAY,CAAC,EAAE,OAAO,CAAC;KACnB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YAyBpB,aAAa;YAyBb,QAAQ;IAyEtB,OAAO,CAAC,aAAa;IAyBrB,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,aAAa;CAUtB"}