@zhuma4/cli 4.0.0-alpha.1

package/dist/engine/manifest_scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest_scanner.d.ts","sourceRoot":"","sources":["../../src/engine/manifest_scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAMH,8EAA8E;AAC9E,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,CAAC;IACrD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAyqBD;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,eAAe,EAAE,CA+BpE;AAID;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,eAAe,EAAE,GAC1B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWxB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,eAAe,EAAE,EAC3B,WAAW,EAAE,eAAe,CAAC,UAAU,CAAC,GACvC,eAAe,EAAE,CAKnB"}

package/dist/engine/manifest_scanner.js

@@ -0,0 +1,599 @@
+/**
+ * AndroidManifest.xml 安全扫描引擎 — ZhuMa V4
+ *
+ * 解析 jadx 解码后的 AndroidManifest.xml 并执行 12 项安全检测：
+ *   1. debuggable 标志    6. 导出 Service
+ *   2. allowBackup 标志   7. 低 targetSdkVersion
+ *   3. 导出组件无权限      8. cleartext 流量
+ *   4. 导出 ContentProvider 9. 缺失网络安全配置
+ *   5. 导出 BroadcastReceiver 10. 危险权限
+ *   11. 自定义权限保护级别  12. taskAffinity 劫持
+ *
+ * 设计原则: regex-first parsing → 优先可用性，而非 XML 解析优雅性
+ *   jadx 输出的 AndroidManifest.xml 格式可预测且有规律，
+ *   regex 提取属性比引入 DOM 解析器更稳定，特别是有命名空间歧义时。
+ */
+import { readFileSync, existsSync } from 'node:fs';
+// ─── Regex 辅助 ─────────────────────────────────────
+/** 提取 android:name="value" 形式的属性值 */
+function getAttr(xml, name) {
+    const re = new RegExp(`android:${name}\\s*=\\s*"([^"]*)"`, 'i');
+    const m = re.exec(xml);
+    return m ? (m[1] ?? null) : null;
+}
+/** 提取非命名空间前缀的属性，如 package="value" */
+function getRawAttr(xml, name) {
+    const re = new RegExp(`\\b${name}\\s*=\\s*"([^"]*)"`, 'i');
+    const m = re.exec(xml);
+    return m ? (m[1] ?? null) : null;
+}
+/** 提取 android:name="value" 的布尔值版本 */
+function getBoolAttr(xml, name) {
+    const v = getAttr(xml, name);
+    if (v === null)
+        return null;
+    return v === 'true';
+}
+/** 提取 android:name="value" 的整数版本 */
+function getIntAttr(xml, name) {
+    const v = getAttr(xml, name);
+    if (v === null)
+        return null;
+    const n = parseInt(v, 10);
+    return Number.isNaN(n) ? null : n;
+}
+/** 从完整 XML 中截取指定偏移周围的片段作为 evidence */
+function extractSnippet(xml, start, context) {
+    const begin = Math.max(0, start - context);
+    const end = Math.min(xml.length, start + context * 4);
+    let snippet = xml.slice(begin, end);
+    // 移除多余空白使片段更紧凑
+    snippet = snippet.replace(/\s+/g, ' ').trim();
+    if (snippet.length > 300) {
+        snippet = snippet.slice(0, 300) + ' ...';
+    }
+    return snippet;
+}
+// ─── 组件提取 ───────────────────────────────────────
+/**
+ * 从 application 块中提取所有组件标签块。
+ * 使用交替+反向引用 regex 匹配:
+ *   <activity ... > ... </activity>  或  <activity ... />
+ *   <service ... > ... </service>    或  <service  ... />
+ *   <receiver ... > ... </receiver>  或  <receiver ... />
+ *   <provider ... > ... </provider>  或  <provider ... />
+ */
+const COMPONENT_RE = /<(activity|service|receiver|provider)\b[\s\S]*?(?:\/>|<\/\1\s*>)/gi;
+function extractComponents(appBlock) {
+    const components = [];
+    let m;
+    COMPONENT_RE.lastIndex = 0;
+    while ((m = COMPONENT_RE.exec(appBlock)) !== null) {
+        const tagName = (m[1] ?? '').toLowerCase();
+        const fullTag = m[0];
+        const openTag = fullTag.match(/^<[^>]*>/)?.[0] ?? fullTag;
+        const name = getAttr(openTag, 'name') ?? '';
+        const exported = getBoolAttr(openTag, 'exported');
+        const permission = getAttr(openTag, 'permission');
+        const hasIntentFilter = /<intent-filter\b/i.test(fullTag);
+        const taskAffinity = getAttr(openTag, 'taskAffinity') ?? undefined;
+        const singleInstance = getAttr(openTag, 'launchMode') === 'singleInstance';
+        components.push({
+            type: tagName,
+            name,
+            exported,
+            permission,
+            hasIntentFilter,
+            taskAffinity,
+            singleInstance,
+            raw: fullTag.slice(0, 600),
+        });
+    }
+    return components;
+}
+// ─── uses-permission 提取 ────────────────────────────
+const USES_PERMISSION_RE = /<uses-permission\b[^>]*\/?\s*>/gi;
+function extractUsesPermissions(xml) {
+    const perms = [];
+    let m;
+    USES_PERMISSION_RE.lastIndex = 0;
+    while ((m = USES_PERMISSION_RE.exec(xml)) !== null) {
+        const name = getAttr(m[0], 'name');
+        if (name)
+            perms.push(name);
+    }
+    return perms;
+}
+// ─── 自定义 permission 提取 ──────────────────────────
+const PERMISSION_BLOCK_RE = /<permission\b[\s\S]*?\/?\s*>/gi;
+function extractCustomPermissions(xml) {
+    const result = [];
+    let m;
+    PERMISSION_BLOCK_RE.lastIndex = 0;
+    while ((m = PERMISSION_BLOCK_RE.exec(xml)) !== null) {
+        const name = getAttr(m[0], 'name');
+        const protectionLevel = getAttr(m[0], 'protectionLevel');
+        if (name && protectionLevel) {
+            result.push({ name, protectionLevel });
+        }
+    }
+    return result;
+}
+// ─── 主解析函数 ─────────────────────────────────────
+function parseManifest(xml, filePath) {
+    // 提取 <manifest> 的 package 属性
+    const manifestTag = xml.match(/<manifest\b[^>]*>/)?.[0] ?? '';
+    const packageName = getRawAttr(manifestTag, 'package') ?? '';
+    // 提取 <application> 块 — 从 <application 到 </application>
+    const appMatch = xml.match(/<application\b[\s\S]*?(?:<\/application\s*>|$)/i);
+    const appBlock = appMatch?.[0] ?? '';
+    const appOpenTag = appBlock.match(/^<[^>]*>/)?.[0] ?? '';
+    const debuggable = getBoolAttr(appOpenTag, 'debuggable');
+    const allowBackup = getBoolAttr(appOpenTag, 'allowBackup');
+    const fullBackupContent = getAttr(appOpenTag, 'fullBackupContent');
+    const networkSecurityConfig = getAttr(appOpenTag, 'networkSecurityConfig');
+    const usesCleartextTraffic = getBoolAttr(appOpenTag, 'usesCleartextTraffic');
+    // uses-sdk
+    const sdkTag = xml.match(/<uses-sdk\b[^>]*\/?\s*>/i)?.[0] ?? '';
+    const minSdkVersion = getIntAttr(sdkTag, 'minSdkVersion');
+    const targetSdkVersion = getIntAttr(sdkTag, 'targetSdkVersion');
+    // 组件
+    const components = extractComponents(appBlock);
+    // 权限
+    const permissions = extractUsesPermissions(xml);
+    const customPermissions = extractCustomPermissions(xml);
+    return {
+        packageName,
+        debuggable,
+        allowBackup,
+        fullBackupContent,
+        networkSecurityConfig,
+        usesCleartextTraffic,
+        minSdkVersion,
+        targetSdkVersion,
+        components,
+        permissions,
+        customPermissions,
+    };
+}
+// ─── 安全检查 ────────────────────────────────────────
+/**
+ * 检查 1: debuggable=true → 攻击者可通过 adb 提权、注入代码
+ * CWE-489: Leftover Debug Code
+ */
+function checkDebuggable(m, xml, filePath) {
+    if (m.debuggable !== true)
+        return null;
+    const idx = xml.indexOf('android:debuggable="true"');
+    return {
+        id: 'zm-manifest-debuggable',
+        severity: 'HIGH',
+        title: '应用启用调试模式',
+        description: 'android:debuggable="true" 允许任意 USB 连接的攻击者通过 adb 运行任意代码、提取内存数据或注入恶意逻辑。生产版本必须关闭。',
+        cwe: 'CWE-489',
+        owasp_mobile: 'M8: Code Tampering',
+        masvs: 'MASVS-RESILIENCE-2',
+        location: { file: filePath, element: '<application>' },
+        evidence: extractSnippet(xml, idx > 0 ? idx : 0, 80),
+        remediation: '在 AndroidManifest.xml 中将 android:debuggable 设为 false 或移除该属性（Release 构建自动为 false）。',
+    };
+}
+/**
+ * 检查 2: allowBackup=true 且未设置 fullBackupContent → 攻击者可通过 adb backup 提取数据
+ * CWE-200: Exposure of Sensitive Information
+ */
+function checkAllowBackup(m, xml, filePath) {
+    if (m.allowBackup !== true)
+        return null;
+    if (m.fullBackupContent)
+        return null; // 显式配置了备份规则 → OK
+    const idx = xml.indexOf('android:allowBackup="true"');
+    return {
+        id: 'zm-manifest-allow-backup',
+        severity: 'WARNING',
+        title: '应用允许 ADB 完整备份',
+        description: 'android:allowBackup="true" 且未设置 android:fullBackupContent 时，攻击者可通过 adb backup 导出应用全部数据（SharedPreferences、数据库、内部存储文件）。',
+        cwe: 'CWE-200',
+        owasp_mobile: 'M2: Insecure Data Storage',
+        masvs: 'MASVS-STORAGE-1',
+        location: { file: filePath, element: '<application>' },
+        evidence: extractSnippet(xml, idx > 0 ? idx : 0, 80),
+        remediation: '设置 android:allowBackup="false" 禁止备份；如需云备份，使用 android:fullBackupContent="@xml/backup_rules" 排除敏感数据。',
+    };
+}
+/**
+ * 检查 3: 导出组件未设置 permission → 任意应用可启动
+ * CWE-926: Improper Export of Android Application Components
+ *
+ * Android 12 (API 31)+ 对声明 intent-filter 的组件强制要求显式 exported。
+ * 此处检测的是: exported 为 true 或 (有 intent-filter 且 targetSdk < 31) 且无 permission。
+ */
+function checkExportedWithoutPermission(m, xml, filePath) {
+    const findings = [];
+    const targetSdk = m.targetSdkVersion ?? 0;
+    for (const comp of m.components) {
+        // 判断是否实际导出
+        const isExported = comp.exported === true ||
+            (comp.exported === null && comp.hasIntentFilter && targetSdk < 31);
+        if (!isExported || comp.permission)
+            continue;
+        // ContentProvider 走单独的更高危检查 (checkExportedProvider)
+        if (comp.type === 'provider')
+            continue;
+        const element = `<${comp.type} android:name="${comp.name}">`;
+        const idx = xml.indexOf(comp.name);
+        findings.push({
+            id: 'zm-manifest-exported-without-permission',
+            severity: 'HIGH',
+            title: `导出组件缺少权限保护: ${comp.name}`,
+            description: `${comp.type} "${comp.name}" 被导出 (android:exported="true") 但未声明 android:permission，` +
+                '任意第三方应用均可启动/调用该组件，可能导致功能滥用或数据泄露。',
+            cwe: 'CWE-926',
+            owasp_mobile: 'M1: Improper Platform Usage',
+            masvs: 'MASVS-PLATFORM-1',
+            location: { file: filePath, element },
+            evidence: extractSnippet(xml, idx > 0 ? idx : 0, 120),
+            remediation: `为 ${comp.name} 添加 android:permission="signature-level-permission" 限制调用方；` +
+                '如组件仅内部使用，设置 android:exported="false"。',
+        });
+    }
+    return findings;
+}
+/**
+ * 检查 4: 导出 ContentProvider 无权限 → CRITICAL（数据泄漏到任意应用）
+ * CWE-926: Improper Export of Android Application Components
+ */
+function checkExportedProvider(m, xml, filePath) {
+    const findings = [];
+    const targetSdk = m.targetSdkVersion ?? 0;
+    for (const comp of m.components) {
+        if (comp.type !== 'provider')
+            continue;
+        const isExported = comp.exported === true ||
+            (comp.exported === null && targetSdk < 17); // API 17 起 provider 默认 exported=false
+        if (!isExported || comp.permission)
+            continue;
+        const element = `<provider android:name="${comp.name}">`;
+        const idx = xml.indexOf(comp.name);
+        findings.push({
+            id: 'zm-manifest-exported-provider',
+            severity: 'CRITICAL',
+            title: `ContentProvider 导出无权限: ${comp.name}`,
+            description: `ContentProvider "${comp.name}" 被导出且未声明 android:permission，` +
+                '任意应用均可通过 ContentResolver 访问该 Provider 的增删改查接口，直接导致大规模数据泄漏。',
+            cwe: 'CWE-926',
+            owasp_mobile: 'M1: Improper Platform Usage',
+            masvs: 'MASVS-PLATFORM-2',
+            location: { file: filePath, element },
+            evidence: extractSnippet(xml, idx > 0 ? idx : 0, 120),
+            remediation: `为 ${comp.name} 添加 android:permission="signature" 级别的权限保护；` +
+                '如仅内部使用，设置 android:exported="false"；' +
+                '考虑在 query/insert/update/delete 方法中增加调用者 UID 校验。',
+        });
+    }
+    return findings;
+}
+/**
+ * 检查 5: 导出 BroadcastReceiver 无权限 → MEDIUM（intent 拦截/伪造）
+ * CWE-925: Improper Broadcast Receiver Export
+ */
+function checkExportedReceiver(m, xml, filePath) {
+    const findings = [];
+    const targetSdk = m.targetSdkVersion ?? 0;
+    for (const comp of m.components) {
+        if (comp.type !== 'receiver')
+            continue;
+        const isExported = comp.exported === true ||
+            (comp.exported === null && comp.hasIntentFilter && targetSdk < 31);
+        if (!isExported || comp.permission)
+            continue;
+        const element = `<receiver android:name="${comp.name}">`;
+        const idx = xml.indexOf(comp.name);
+        findings.push({
+            id: 'zm-manifest-exported-receiver',
+            severity: 'MEDIUM',
+            title: `BroadcastReceiver 导出无权限: ${comp.name}`,
+            description: `BroadcastReceiver "${comp.name}" 被导出且未声明 android:permission，` +
+                '任意应用可发送伪造广播，可能触发敏感操作或绕过安全逻辑。',
+            cwe: 'CWE-925',
+            owasp_mobile: 'M1: Improper Platform Usage',
+            masvs: 'MASVS-PLATFORM-1',
+            location: { file: filePath, element },
+            evidence: extractSnippet(xml, idx > 0 ? idx : 0, 120),
+            remediation: `为 ${comp.name} 添加 android:permission="signature" 或设置 android:exported="false"。`,
+        });
+    }
+    return findings;
+}
+/**
+ * 检查 6: 导出 Service 无权限 → MEDIUM（后台利用）
+ * CWE-926: Improper Export of Android Application Components
+ */
+function checkExportedService(m, xml, filePath) {
+    const findings = [];
+    const targetSdk = m.targetSdkVersion ?? 0;
+    for (const comp of m.components) {
+        if (comp.type !== 'service')
+            continue;
+        const isExported = comp.exported === true ||
+            (comp.exported === null && comp.hasIntentFilter && targetSdk < 31);
+        if (!isExported || comp.permission)
+            continue;
+        const element = `<service android:name="${comp.name}">`;
+        const idx = xml.indexOf(comp.name);
+        findings.push({
+            id: 'zm-manifest-exported-service',
+            severity: 'MEDIUM',
+            title: `Service 导出无权限: ${comp.name}`,
+            description: `Service "${comp.name}" 被导出且未声明 android:permission，` +
+                '任意应用可绑定/启动该 Service，可能被利用进行后台资源消耗或功能滥用。',
+            cwe: 'CWE-926',
+            owasp_mobile: 'M1: Improper Platform Usage',
+            masvs: 'MASVS-PLATFORM-1',
+            location: { file: filePath, element },
+            evidence: extractSnippet(xml, idx > 0 ? idx : 0, 120),
+            remediation: `为 ${comp.name} 添加 android:permission 或设置 android:exported="false"。`,
+        });
+    }
+    return findings;
+}
+/**
+ * 检查 7: targetSdkVersion < 29 → HIGH
+ * 缺失 Android 10+ 安全加固默认值:
+ *   - scoped storage (分区存储)
+ *   - 默认阻止 cleartext HTTP 流量
+ *   - 后台 Activity 启动限制
+ *   - 不可重置的设备标识符限制
+ *
+ * CWE-1104: Use of Unmaintained Third Party Components (类比过时SDK)
+ */
+function checkLowTargetSdk(m, xml, filePath) {
+    const target = m.targetSdkVersion;
+    if (target === null || target >= 29)
+        return null;
+    const sdkTag = xml.match(/<uses-sdk\b[^>]*\/?\s*>/i)?.[0] ?? '';
+    const idx = xml.indexOf(sdkTag);
+    return {
+        id: 'zm-manifest-low-target-sdk',
+        severity: 'HIGH',
+        title: `targetSdkVersion=${target} 过低（<29）`,
+        description: `targetSdkVersion=${target} 低于 API 29 (Android 10)，缺失以下安全加固默认行为：` +
+            '分区存储 (scoped storage)、默认阻止 HTTP 明文流量、后台 Activity 启动限制、' +
+            '不可重置设备标识符保护。Google Play 要求新应用 targetSdk ≥ 34 (Android 14)。',
+        cwe: 'CWE-1104',
+        owasp_mobile: 'M7: Client Code Quality',
+        masvs: 'MASVS-ARCH-2',
+        location: { file: filePath, element: '<uses-sdk>' },
+        evidence: extractSnippet(xml, idx > 0 ? idx : 0, 120),
+        remediation: `将 targetSdkVersion 升级至 ≥34 (Android 14)。` +
+            '测试分区存储兼容性，移除对不可重置标识符（如 IMEI）的依赖，确保所有 HTTPS 证书有效。',
+    };
+}
+/**
+ * 检查 8: usesCleartextTraffic=true → HIGH
+ * Android 9+ 默认禁止 HTTP 明文流量；显式覆盖该行为会暴露中间人攻击面。
+ * CWE-319: Cleartext Transmission of Sensitive Information
+ */
+function checkCleartextAllowed(m, xml, filePath) {
+    if (m.usesCleartextTraffic !== true)
+        return null;
+    const idx = xml.indexOf('android:usesCleartextTraffic="true"');
+    return {
+        id: 'zm-manifest-cleartext-allowed',
+        severity: 'HIGH',
+        title: '应用显式启用明文 HTTP 流量',
+        description: 'android:usesCleartextTraffic="true" 允许应用使用 HTTP 明文协议，' +
+            '可能被中间人攻击截获凭证/令牌/敏感数据。Android 9+ (targetSdk 28+) 默认阻止 HTTP，' +
+            '该属性被显式覆盖以绕过保护。',
+        cwe: 'CWE-319',
+        owasp_mobile: 'M3: Insecure Communication',
+        masvs: 'MASVS-NETWORK-1',
+        location: { file: filePath, element: '<application>' },
+        evidence: extractSnippet(xml, idx > 0 ? idx : 0, 80),
+        remediation: '移除 android:usesCleartextTraffic="true"；所有网络通信使用 HTTPS。' +
+            '如有测试环境 HTTP 需求，使用 network_security_config.xml 限定特定域名而非全局放行。',
+    };
+}
+/**
+ * 检查 9: targetSdk ≥28 且未配置 networkSecurityConfig → MEDIUM
+ * 缺少证书固定/HTTPS 强制策略，依赖系统默认 CA 信任链。
+ * CWE-295: Improper Certificate Validation
+ */
+function checkNoNetworkConfig(m, xml, filePath) {
+    if (m.networkSecurityConfig)
+        return null;
+    const target = m.targetSdkVersion ?? 0;
+    if (target < 28)
+        return null;
+    const idx = xml.indexOf('<application');
+    return {
+        id: 'zm-manifest-no-network-config',
+        severity: 'MEDIUM',
+        title: '未配置网络安全策略 (networkSecurityConfig)',
+        description: `targetSdk=${target} 但未声明 android:networkSecurityConfig。` +
+            '缺失证书固定 (certificate pinning)、自定义信任锚点、域名级 cleartext 控制。' +
+            '应用完全依赖系统 CA 信任库，易受恶意 CA 证书攻击。',
+        cwe: 'CWE-295',
+        owasp_mobile: 'M3: Insecure Communication',
+        masvs: 'MASVS-NETWORK-4',
+        location: { file: filePath, element: '<application>' },
+        evidence: extractSnippet(xml, idx > 0 ? idx : 0, 150),
+        remediation: '创建 res/xml/network_security_config.xml 配置证书固定和域名白名单，' +
+            '在 AndroidManifest.xml 中添加 android:networkSecurityConfig="@xml/network_security_config"。',
+    };
+}
+/**
+ * 检查 10: 危险权限声明 → MEDIUM
+ * 声明 CAMERA / RECORD_AUDIO / READ_CONTACTS / ACCESS_FINE_LOCATION / READ_SMS / READ_CALL_LOG 等
+ * CWE-359: Exposure of Private Personal Information
+ */
+const DANGEROUS_PATTERNS = [
+    { pattern: /CAMERA/i, label: 'CAMERA' },
+    { pattern: /RECORD_AUDIO/i, label: 'RECORD_AUDIO' },
+    { pattern: /READ_CONTACTS/i, label: 'READ_CONTACTS' },
+    { pattern: /ACCESS_FINE_LOCATION/i, label: 'ACCESS_FINE_LOCATION' },
+    { pattern: /ACCESS_BACKGROUND_LOCATION/i, label: 'ACCESS_BACKGROUND_LOCATION' },
+    { pattern: /READ_SMS/i, label: 'READ_SMS' },
+    { pattern: /SEND_SMS/i, label: 'SEND_SMS' },
+    { pattern: /READ_CALL_LOG/i, label: 'READ_CALL_LOG' },
+    { pattern: /READ_EXTERNAL_STORAGE/i, label: 'READ_EXTERNAL_STORAGE' },
+    { pattern: /WRITE_EXTERNAL_STORAGE/i, label: 'WRITE_EXTERNAL_STORAGE' },
+    { pattern: /READ_PHONE_STATE/i, label: 'READ_PHONE_STATE' },
+    { pattern: /BODY_SENSORS/i, label: 'BODY_SENSORS' },
+    { pattern: /ACTIVITY_RECOGNITION/i, label: 'ACTIVITY_RECOGNITION' },
+];
+function checkDangerousPermissions(m, _xml, filePath) {
+    const findings = [];
+    for (const perm of m.permissions) {
+        for (const dp of DANGEROUS_PATTERNS) {
+            if (dp.pattern.test(perm)) {
+                findings.push({
+                    id: 'zm-manifest-dangerous-permissions',
+                    severity: 'MEDIUM',
+                    title: `声明危险权限: ${dp.label}`,
+                    description: `应用声明了 ${dp.label} 权限 (${perm})。` +
+                        '该权限涉及用户隐私数据，应从最小权限原则评估是否确实必要。' +
+                        'Android 10+ 对位置/存储权限有额外运行时限制。',
+                    cwe: 'CWE-359',
+                    owasp_mobile: 'M4: Insecure Authentication',
+                    masvs: 'MASVS-PLATFORM-3',
+                    location: { file: filePath, element: `<uses-permission android:name="${perm}">` },
+                    evidence: `<uses-permission android:name="${perm}"/>`,
+                    remediation: `确认 ${dp.label} 权限为业务必须；` +
+                        '优先使用更细粒度的替代 API（如 MediaStore 替代 READ_EXTERNAL_STORAGE）；' +
+                        '在运行时请求时提供清晰的权限说明 rationale。',
+                });
+                break; // 一个权限只匹配一个类别
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * 检查 11: 自定义 permission 使用 protectionLevel="normal" → WARNING
+ * "normal" 级别无法阻止恶意应用声明同一权限。
+ * 应使用 "signature" 级别确保仅同签名应用可访问。
+ * CWE-280: Improper Handling of Insufficient Permissions
+ */
+function checkMissingSignaturePermission(m, xml, filePath) {
+    const findings = [];
+    for (const cp of m.customPermissions) {
+        if (cp.protectionLevel === 'dangerous' || cp.protectionLevel.includes('signature')) {
+            continue; // dangerous 也需用户交互确认，signature 是预期
+        }
+        if (cp.protectionLevel === 'normal') {
+            const idx = xml.indexOf(cp.name);
+            findings.push({
+                id: 'zm-manifest-missing-signature-permission',
+                severity: 'WARNING',
+                title: `自定义权限保护级别过低: ${cp.name}`,
+                description: `自定义权限 "${cp.name}" 使用 protectionLevel="normal"，` +
+                    '任意应用声明该权限即可自动获得授权，无法防止恶意应用访问受保护的组件。',
+                cwe: 'CWE-280',
+                owasp_mobile: 'M1: Improper Platform Usage',
+                masvs: 'MASVS-PLATFORM-1',
+                location: { file: filePath, element: `<permission android:name="${cp.name}">` },
+                evidence: extractSnippet(xml, idx > 0 ? idx : 0, 130),
+                remediation: `将 protectionLevel 改为 "signature" 或 "signatureOrSystem"。`,
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * 检查 12: Activity 设置 taskAffinity 但未设 singleInstance → MEDIUM
+ * StrandHogg 攻击面: 恶意应用可注册相同 taskAffinity 劫持任务栈。
+ * CWE-940: Improper Verification of Source of a Communication Channel
+ */
+function checkTaskHijacking(m, xml, filePath) {
+    const findings = [];
+    for (const comp of m.components) {
+        if (comp.type !== 'activity')
+            continue;
+        if (!comp.taskAffinity)
+            continue;
+        // singleInstance 特有的独立任务栈可缓解 StrandHogg
+        if (comp.singleInstance)
+            continue;
+        const element = `<activity android:name="${comp.name}">`;
+        const idx = xml.indexOf(comp.name);
+        findings.push({
+            id: 'zm-manifest-task-hijacking',
+            severity: 'MEDIUM',
+            title: `Activity 存在 taskAffinity 劫持风险: ${comp.name}`,
+            description: `Activity "${comp.name}" 设置了 android:taskAffinity="${comp.taskAffinity}" 但未设置 ` +
+                'android:launchMode="singleInstance"。恶意应用可注册相同 taskAffinity 并注入伪造 Activity，' +
+                '实现 StrandHogg 式任务劫持攻击（钓鱼界面覆盖、凭据窃取）。',
+            cwe: 'CWE-940',
+            owasp_mobile: 'M1: Improper Platform Usage',
+            masvs: 'MASVS-PLATFORM-1',
+            location: { file: filePath, element },
+            evidence: extractSnippet(xml, idx > 0 ? idx : 0, 130),
+            remediation: `设置 android:launchMode="singleInstance" 或移除自定义 taskAffinity；` +
+                '在 onCreate() 中检测 isTaskRoot() 并防御性 finish()；' +
+                '设置 android:exported="false" 如 Activity 不需被外部启动。',
+        });
+    }
+    return findings;
+}
+// ─── 入口函数 ────────────────────────────────────────
+/**
+ * 扫描 jadx 输出的 AndroidManifest.xml
+ *
+ * @param manifestPath - jadx 解码后的 AndroidManifest.xml 路径
+ * @returns ManifestFinding[] — 安全发现列表
+ * @throws 文件不存在或解析失败时抛出 Error
+ */
+export function scanManifest(manifestPath) {
+    if (!existsSync(manifestPath)) {
+        throw new Error(`AndroidManifest.xml 不存在: ${manifestPath}`);
+    }
+    const xml = readFileSync(manifestPath, 'utf-8');
+    if (xml.trim().length === 0) {
+        throw new Error(`AndroidManifest.xml 为空: ${manifestPath}`);
+    }
+    const manifest = parseManifest(xml, manifestPath);
+    const findings = [
+        checkDebuggable(manifest, xml, manifestPath),
+        checkAllowBackup(manifest, xml, manifestPath),
+        checkLowTargetSdk(manifest, xml, manifestPath),
+        checkCleartextAllowed(manifest, xml, manifestPath),
+        checkNoNetworkConfig(manifest, xml, manifestPath),
+        // 组件级检查（每个返回数组）
+        ...checkExportedWithoutPermission(manifest, xml, manifestPath),
+        ...checkExportedProvider(manifest, xml, manifestPath),
+        ...checkExportedReceiver(manifest, xml, manifestPath),
+        ...checkExportedService(manifest, xml, manifestPath),
+        ...checkDangerousPermissions(manifest, xml, manifestPath),
+        ...checkMissingSignaturePermission(manifest, xml, manifestPath),
+        ...checkTaskHijacking(manifest, xml, manifestPath),
+    ].filter((f) => f !== null);
+    return findings;
+}
+// ─── 便捷工具 ────────────────────────────────────────
+/**
+ * 按严重程度统计发现数量
+ */
+export function countBySeverity(findings) {
+    const counts = {
+        CRITICAL: 0,
+        HIGH: 0,
+        WARNING: 0,
+        MEDIUM: 0,
+    };
+    for (const f of findings) {
+        counts[f.severity] = (counts[f.severity] ?? 0) + 1;
+    }
+    return counts;
+}
+/**
+ * 按严重程度过滤发现
+ */
+export function filterBySeverity(findings, minSeverity) {
+    const levels = ['MEDIUM', 'WARNING', 'HIGH', 'CRITICAL'];
+    const minIdx = levels.indexOf(minSeverity);
+    if (minIdx < 0)
+        return findings;
+    return findings.filter((f) => levels.indexOf(f.severity) >= minIdx);
+}
+//# sourceMappingURL=manifest_scanner.js.map

package/dist/engine/manifest_scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest_scanner.js","sourceRoot":"","sources":["../../src/engine/manifest_scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AA2CnD,qDAAqD;AAErD,qCAAqC;AACrC,SAAS,OAAO,CAAC,GAAW,EAAE,IAAY;IACxC,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,WAAW,IAAI,oBAAoB,EAAE,GAAG,CAAC,CAAC;IAChE,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvB,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACnC,CAAC;AAED,qCAAqC;AACrC,SAAS,UAAU,CAAC,GAAW,EAAE,IAAY;IAC3C,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,MAAM,IAAI,oBAAoB,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvB,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACnC,CAAC;AAED,qCAAqC;AACrC,SAAS,WAAW,CAAC,GAAW,EAAE,IAAY;IAC5C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,KAAK,MAAM,CAAC;AACtB,CAAC;AAED,oCAAoC;AACpC,SAAS,UAAU,CAAC,GAAW,EAAE,IAAY;IAC3C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC5B,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,sCAAsC;AACtC,SAAS,cAAc,CAAC,GAAW,EAAE,KAAa,EAAE,OAAe;IACjE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACtD,IAAI,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpC,eAAe;IACf,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9C,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACzB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,mDAAmD;AAEnD;;;;;;;GAOG;AACH,MAAM,YAAY,GAAG,oEAAoE,CAAC;AAE1F,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,UAAU,GAAoB,EAAE,CAAC;IACvC,IAAI,CAAyB,CAAC;IAE9B,YAAY,CAAC,SAAS,GAAG,CAAC,CAAC;IAC3B,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAA2B,CAAC;QACpE,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC;QAE1D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClD,MAAM,eAAe,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,IAAI,SAAS,CAAC;QACnE,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,KAAK,gBAAgB,CAAC;QAE3E,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,OAAO;YACb,IAAI;YACJ,QAAQ;YACR,UAAU;YACV,eAAe;YACf,YAAY;YACZ,cAAc;YACd,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,sDAAsD;AAEtD,MAAM,kBAAkB,GAAG,kCAAkC,CAAC;AAE9D,SAAS,sBAAsB,CAAC,GAAW;IACzC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAyB,CAAC;IAC9B,kBAAkB,CAAC,SAAS,GAAG,CAAC,CAAC;IACjC,OAAO,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACnC,IAAI,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,mDAAmD;AAEnD,MAAM,mBAAmB,GAAG,gCAAgC,CAAC;AAE7D,SAAS,wBAAwB,CAAC,GAAW;IAC3C,MAAM,MAAM,GAAwC,EAAE,CAAC;IACvD,IAAI,CAAyB,CAAC;IAC9B,mBAAmB,CAAC,SAAS,GAAG,CAAC,CAAC;IAClC,OAAO,CAAC,CAAC,GAAG,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,eAAe,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC;QACzD,IAAI,IAAI,IAAI,eAAe,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,kDAAkD;AAElD,SAAS,aAAa,CAAC,GAAW,EAAE,QAAgB;IAClD,6BAA6B;IAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,WAAW,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IAE7D,uDAAuD;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAC9E,MAAM,QAAQ,GAAG,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAEzD,MAAM,UAAU,GAAG,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IACnE,MAAM,qBAAqB,GAAG,OAAO,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC;IAC3E,MAAM,oBAAoB,GAAG,WAAW,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC;IAE7E,WAAW;IACX,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,UAAU,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IAEhE,KAAK;IACL,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAE/C,KAAK;IACL,MAAM,WAAW,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAExD,OAAO;QACL,WAAW;QACX,UAAU;QACV,WAAW;QACX,iBAAiB;QACjB,qBAAqB;QACrB,oBAAoB;QACpB,aAAa;QACb,gBAAgB;QAChB,UAAU;QACV,WAAW;QACX,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,oDAAoD;AAEpD;;;GAGG;AACH,SAAS,eAAe,CACtB,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACrD,OAAO;QACL,EAAE,EAAE,wBAAwB;QAC5B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EACT,gFAAgF;QAClF,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,oBAAoB;QAClC,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE;QACtD,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACpD,WAAW,EACT,mFAAmF;KACtF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CACvB,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,IAAI,CAAC,CAAC,WAAW,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,CAAC,iBAAiB;QAAE,OAAO,IAAI,CAAC,CAAC,iBAAiB;IACvD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACtD,OAAO;QACL,EAAE,EAAE,0BAA0B;QAC9B,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,uHAAuH;QACzH,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,2BAA2B;QACzC,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE;QACtD,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACpD,WAAW,EACT,oGAAoG;KACvG,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,8BAA8B,CACrC,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAChC,WAAW;QACX,MAAM,UAAU,GACd,IAAI,CAAC,QAAQ,KAAK,IAAI;YACtB,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,eAAe,IAAI,SAAS,GAAG,EAAE,CAAC,CAAC;QAErE,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU;YAAE,SAAS;QAE7C,oDAAoD;QACpD,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QAEvC,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,kBAAkB,IAAI,CAAC,IAAI,IAAI,CAAC;QAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,yCAAyC;YAC7C,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,eAAe,IAAI,CAAC,IAAI,EAAE;YACjC,WAAW,EACT,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,0DAA0D;gBACpF,kCAAkC;YACpC,GAAG,EAAE,SAAS;YACd,YAAY,EAAE,6BAA6B;YAC3C,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE;YACrC,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;YACrD,WAAW,EACT,KAAK,IAAI,CAAC,IAAI,4DAA4D;gBAC1E,uCAAuC;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAC5B,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QAEvC,MAAM,UAAU,GACd,IAAI,CAAC,QAAQ,KAAK,IAAI;YACtB,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC,sCAAsC;QAEpF,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU;YAAE,SAAS;QAE7C,MAAM,OAAO,GAAG,2BAA2B,IAAI,CAAC,IAAI,IAAI,CAAC;QACzD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,+BAA+B;YACnC,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,0BAA0B,IAAI,CAAC,IAAI,EAAE;YAC5C,WAAW,EACT,oBAAoB,IAAI,CAAC,IAAI,+BAA+B;gBAC5D,4DAA4D;YAC9D,GAAG,EAAE,SAAS;YACd,YAAY,EAAE,6BAA6B;YAC3C,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE;YACrC,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;YACrD,WAAW,EACT,KAAK,IAAI,CAAC,IAAI,6CAA6C;gBAC3D,qCAAqC;gBACrC,iDAAiD;SACpD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAC5B,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QAEvC,MAAM,UAAU,GACd,IAAI,CAAC,QAAQ,KAAK,IAAI;YACtB,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,eAAe,IAAI,SAAS,GAAG,EAAE,CAAC,CAAC;QAErE,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU;YAAE,SAAS;QAE7C,MAAM,OAAO,GAAG,2BAA2B,IAAI,CAAC,IAAI,IAAI,CAAC;QACzD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,+BAA+B;YACnC,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,4BAA4B,IAAI,CAAC,IAAI,EAAE;YAC9C,WAAW,EACT,sBAAsB,IAAI,CAAC,IAAI,+BAA+B;gBAC9D,8BAA8B;YAChC,GAAG,EAAE,SAAS;YACd,YAAY,EAAE,6BAA6B;YAC3C,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE;YACrC,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;YACrD,WAAW,EACT,KAAK,IAAI,CAAC,IAAI,kEAAkE;SACnF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;YAAE,SAAS;QAEtC,MAAM,UAAU,GACd,IAAI,CAAC,QAAQ,KAAK,IAAI;YACtB,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,eAAe,IAAI,SAAS,GAAG,EAAE,CAAC,CAAC;QAErE,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU;YAAE,SAAS;QAE7C,MAAM,OAAO,GAAG,0BAA0B,IAAI,CAAC,IAAI,IAAI,CAAC;QACxD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,8BAA8B;YAClC,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kBAAkB,IAAI,CAAC,IAAI,EAAE;YACpC,WAAW,EACT,YAAY,IAAI,CAAC,IAAI,+BAA+B;gBACpD,yCAAyC;YAC3C,GAAG,EAAE,SAAS;YACd,YAAY,EAAE,6BAA6B;YAC3C,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE;YACrC,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;YACrD,WAAW,EACT,KAAK,IAAI,CAAC,IAAI,sDAAsD;SACvE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CACxB,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,MAAM,GAAG,CAAC,CAAC,gBAAgB,CAAC;IAClC,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC,OAAO;QACL,EAAE,EAAE,4BAA4B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB,MAAM,UAAU;QAC3C,WAAW,EACT,oBAAoB,MAAM,uCAAuC;YACjE,wDAAwD;YACxD,4DAA4D;QAC9D,GAAG,EAAE,UAAU;QACf,YAAY,EAAE,yBAAyB;QACvC,KAAK,EAAE,cAAc;QACrB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE;QACnD,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;QACrD,WAAW,EACT,0CAA0C;YAC1C,kDAAkD;KACrD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAC5B,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,IAAI,CAAC,CAAC,oBAAoB,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/D,OAAO;QACL,EAAE,EAAE,+BAA+B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,uDAAuD;YACvD,4DAA4D;YAC5D,gBAAgB;QAClB,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,4BAA4B;QAC1C,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE;QACtD,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACpD,WAAW,EACT,wDAAwD;YACxD,6DAA6D;KAChE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAC3B,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,IAAI,CAAC,CAAC,qBAAqB;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,MAAM,GAAG,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAExC,OAAO;QACL,EAAE,EAAE,+BAA+B;QACnC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EACT,aAAa,MAAM,sCAAsC;YACzD,wDAAwD;YACxD,+BAA+B;QACjC,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,4BAA4B;QAC1C,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE;QACtD,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;QACrD,WAAW,EACT,sDAAsD;YACtD,yFAAyF;KAC5F,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,kBAAkB,GAA8C;IACpE,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE;IACvC,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE;IACnD,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,eAAe,EAAE;IACrD,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,sBAAsB,EAAE;IACnE,EAAE,OAAO,EAAE,6BAA6B,EAAE,KAAK,EAAE,4BAA4B,EAAE;IAC/E,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,UAAU,EAAE;IAC3C,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,UAAU,EAAE;IAC3C,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,eAAe,EAAE;IACrD,EAAE,OAAO,EAAE,wBAAwB,EAAE,KAAK,EAAE,uBAAuB,EAAE;IACrE,EAAE,OAAO,EAAE,yBAAyB,EAAE,KAAK,EAAE,wBAAwB,EAAE;IACvE,EAAE,OAAO,EAAE,mBAAmB,EAAE,KAAK,EAAE,kBAAkB,EAAE;IAC3D,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE;IACnD,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,sBAAsB,EAAE;CACpE,CAAC;AAEF,SAAS,yBAAyB,CAChC,CAAiB,EACjB,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACjC,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACpC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,mCAAmC;oBACvC,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,WAAW,EAAE,CAAC,KAAK,EAAE;oBAC5B,WAAW,EACT,SAAS,EAAE,CAAC,KAAK,QAAQ,IAAI,IAAI;wBACjC,+BAA+B;wBAC/B,+BAA+B;oBACjC,GAAG,EAAE,SAAS;oBACd,YAAY,EAAE,6BAA6B;oBAC3C,KAAK,EAAE,kBAAkB;oBACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,kCAAkC,IAAI,IAAI,EAAE;oBACjF,QAAQ,EAAE,kCAAkC,IAAI,KAAK;oBACrD,WAAW,EACT,MAAM,EAAE,CAAC,KAAK,WAAW;wBACzB,yDAAyD;wBACzD,6BAA6B;iBAChC,CAAC,CAAC;gBACH,MAAM,CAAC,cAAc;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,iBAAiB,EAAE,CAAC;QACrC,IAAI,EAAE,CAAC,eAAe,KAAK,WAAW,IAAI,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnF,SAAS,CAAC,mCAAmC;QAC/C,CAAC;QACD,IAAI,EAAE,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,0CAA0C;gBAC9C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,gBAAgB,EAAE,CAAC,IAAI,EAAE;gBAChC,WAAW,EACT,UAAU,EAAE,CAAC,IAAI,gCAAgC;oBACjD,qCAAqC;gBACvC,GAAG,EAAE,SAAS;gBACd,YAAY,EAAE,6BAA6B;gBAC3C,KAAK,EAAE,kBAAkB;gBACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC,IAAI,IAAI,EAAE;gBAC/E,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;gBACrD,WAAW,EACT,yDAAyD;aAC5D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,CAAiB,EACjB,GAAW,EACX,QAAgB;IAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QACvC,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,SAAS;QAEjC,wCAAwC;QACxC,IAAI,IAAI,CAAC,cAAc;YAAE,SAAS;QAElC,MAAM,OAAO,GAAG,2BAA2B,IAAI,CAAC,IAAI,IAAI,CAAC;QACzD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEnC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,4BAA4B;YAChC,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kCAAkC,IAAI,CAAC,IAAI,EAAE;YACpD,WAAW,EACT,aAAa,IAAI,CAAC,IAAI,+BAA+B,IAAI,CAAC,YAAY,SAAS;gBAC/E,4EAA4E;gBAC5E,qCAAqC;YACvC,GAAG,EAAE,SAAS;YACd,YAAY,EAAE,6BAA6B;YAC3C,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE;YACrC,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;YACrD,WAAW,EACT,6DAA6D;gBAC7D,8CAA8C;gBAC9C,iDAAiD;SACpD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,oDAAoD;AAEpD;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,YAAoB;IAC/C,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEhD,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,2BAA2B,YAAY,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAElD,MAAM,QAAQ,GAAsB;QAClC,eAAe,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAC5C,gBAAgB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAC7C,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAC9C,qBAAqB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAClD,oBAAoB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAEjD,gBAAgB;QAChB,GAAG,8BAA8B,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAC9D,GAAG,qBAAqB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QACrD,GAAG,qBAAqB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QACrD,GAAG,oBAAoB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QACpD,GAAG,yBAAyB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QACzD,GAAG,+BAA+B,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;QAC/D,GAAG,kBAAkB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC;KACnD,CAAC,MAAM,CAAC,CAAC,CAAC,EAAwB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,oDAAoD;AAEpD;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,QAA2B;IAE3B,MAAM,MAAM,GAA2B;QACrC,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,CAAC;KACV,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAA2B,EAC3B,WAAwC;IAExC,MAAM,MAAM,GAAkC,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IACxF,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3C,IAAI,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAChC,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,CAAC;AACtE,CAAC"}

package/dist/engine/project.d.ts

@@ -0,0 +1,22 @@
+/**
+ * 项目初始化引擎 — V4.1 Sprint 1
+ * 自动检测语言/框架/构建工具，生成 .zhuma.yaml
+ *
+ * 对标 snyk init / murphysec init 一键式体验
+ */
+import type { ProjectDetection } from '@zhuma4/sdk';
+interface InitOptions {
+    dir?: string;
+    language?: string;
+    auto?: boolean;
+}
+/**
+ * 全维度检测项目
+ */
+export declare function detectProject(dir: string): Promise<ProjectDetection>;
+/**
+ * 初始化项目 — 主入口
+ */
+export declare function initProject(options: InitOptions): Promise<void>;
+export {};
+//# sourceMappingURL=project.d.ts.map

package/dist/engine/project.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.d.ts","sourceRoot":"","sources":["../../src/engine/project.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAuB,gBAAgB,EAAiB,MAAM,aAAa,CAAC;AAExF,UAAU,WAAW;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAqGD;;GAEG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAyC1E;AAyCD;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAqErE"}