api-key-guard 1.0.0

package/.env.example

@@ -0,0 +1,7 @@
+# Environment variables for api-key-guard
+
+# Gemini API Key for README generation
+# Get your API key from: https://makersuite.google.com/app/apikey
+GEMINI_API_KEY=your_gemini_api_key_here
+
+# Example: GEMINI_API_KEY=AIzaSyBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

package/README.md

@@ -0,0 +1,61 @@
+# API Key Guard
+
+A comprehensive CLI tool for detecting, preventing, and managing API key leaks in your codebase with AI-powered README generation.
+
+## Quick Start
+
+```bash
+# Install the package
+npm install -g api-key-guard
+
+# Scan for API key leaks
+api-key-guard scan
+
+# Setup git hooks
+api-key-guard setup-hooks
+
+# Generate AI-powered README (requires GEMINI_API_KEY)
+export GEMINI_API_KEY=your_gemini_api_key_here
+api-key-guard readme
+```
+
+## Features
+
+- 🔍 **API Key Detection**: Scan your codebase for potential API key leaks
+- 🔗 **Git Hooks Integration**: Automatically check for leaks before commits
+- 🤖 **AI-Powered README**: Generate professional README files using Google's Gemini API
+- ⚙️ **Configurable**: Customize scanning patterns and ignore rules
+- 🛡️ **Security First**: Built with security best practices in mind
+
+## CLI Commands
+
+### `api-key-guard scan`
+Scan files for potential API key leaks.
+
+Options:
+- `-p, --path <path>`: Path to scan (default: current directory)
+- `-v, --verbose`: Show detailed output
+
+### `api-key-guard setup-hooks`
+Setup git hooks for automatic API key detection before commits.
+
+### `api-key-guard readme`
+Generate an AI-powered README.md file using Gemini API.
+
+Options:
+- `-f, --force`: Overwrite existing README.md without confirmation
+- `-o, --output <file>`: Output file path (default: README.md)
+
+## Environment Variables
+
+- `GEMINI_API_KEY`: Required for README generation. Get your API key from [Google AI Studio](https://makersuite.google.com/app/apikey)
+
+## Installation
+
+```bash
+npm install api-key-guard
+```
+
+## License
+
+MIT

package/TESTING.md

@@ -0,0 +1,111 @@
+# Testing the API Key Guard CLI
+
+## Demo Instructions
+
+This guide helps you test the API Key Guard CLI tool with the AI-powered README generator.
+
+### Step 1: Install Dependencies
+```bash
+cd api-key-guard
+npm install
+```
+
+### Step 2: Test Basic Commands
+
+#### Test the help system:
+```bash
+node bin/cli.js --help
+node bin/cli.js readme --help
+node bin/cli.js scan --help
+```
+
+#### Test the scanner:
+```bash
+node bin/cli.js scan
+node bin/cli.js scan --verbose
+```
+
+### Step 3: Test API Key Detection
+Create a test file with fake API keys:
+```javascript
+// test-keys.js
+const config = {
+  api_key: "sk-1234567890abcdef1234567890abcdef12345678",
+  aws_key: "AKIA1234567890ABCDEF",
+  github_token: "ghp_abcdefghijklmnopqrstuvwxyz1234567890"
+};
+```
+
+Then scan:
+```bash
+node bin/cli.js scan --verbose
+```
+
+### Step 4: Test README Generator
+
+#### Without API key (should show error):
+```bash
+node bin/cli.js readme --output test-readme.md
+```
+
+#### With API key (requires real Gemini API key):
+1. Get API key from [Google AI Studio](https://makersuite.google.com/app/apikey)
+2. Set environment variable:
+   ```bash
+   # Windows PowerShell
+   $env:GEMINI_API_KEY = "your_actual_api_key"
+   
+   # Then run
+   node bin/cli.js readme --force --output ai-generated-readme.md
+   ```
+
+### Step 5: Test Git Hooks
+```bash
+# Initialize git (if not already done)
+git init
+
+# Install hooks
+node bin/cli.js setup-hooks
+
+# Test the hook by trying to commit a file with API keys
+echo 'const key = "AKIA1234567890ABCDEF";' > bad-file.js
+git add bad-file.js
+git commit -m "test commit" # Should be blocked
+```
+
+## Expected Outputs
+
+### Successful README Generation
+When you have a valid API key, you should see:
+```
+🤖 Generating README with AI...
+📝 Analyzing project structure...
+🚀 Generating README with Gemini AI...
+💾 Writing README.md...
+✅ Successfully generated README.md!
+```
+
+### API Key Detection
+When scanning files with API keys:
+```
+🔍 Scanning for API key leaks...
+🚨 Found X potential API key leak(s):
+  📄 filename.js:line_number
+     Pattern: detected_pattern
+⚠️  Please review these findings and secure any exposed API keys!
+```
+
+### Error Handling
+Without API key:
+```
+Error generating README: GEMINI_API_KEY environment variable is required. Please set your Gemini API key.
+```
+
+## Cleanup After Testing
+```bash
+# Remove test files
+rm test-keys.js bad-file.js ai-generated-readme.md
+
+# Remove git hooks if needed
+rm .git/hooks/pre-commit
+```

package/USAGE.md

@@ -0,0 +1,126 @@
+# API Key Guard - Usage Guide
+
+## Quick Setup
+
+1. **Install the package:**
+   ```bash
+   npm install -g api-key-guard
+   ```
+
+2. **Get a Gemini API key:**
+   - Visit [Google AI Studio](https://makersuite.google.com/app/apikey)
+   - Create a new API key
+   - Copy the API key
+
+3. **Set up environment variable:**
+   ```bash
+   # Windows (PowerShell)
+   $env:GEMINI_API_KEY = "your_gemini_api_key_here"
+   
+   # Windows (Command Prompt)
+   set GEMINI_API_KEY=your_gemini_api_key_here
+   
+   # macOS/Linux
+   export GEMINI_API_KEY=your_gemini_api_key_here
+   ```
+
+## Using the AI-Powered README Generator
+
+### Basic Usage
+```bash
+# Generate README.md with AI
+api-key-guard readme
+```
+
+### With Options
+```bash
+# Force overwrite existing README.md
+api-key-guard readme --force
+
+# Output to a different file
+api-key-guard readme --output DOCUMENTATION.md
+
+# Combine options
+api-key-guard readme --force --output NEW_README.md
+```
+
+### What the AI Generates
+The README generator creates a comprehensive README.md that includes:
+
+- **Project title and description**
+- **Problem statement** explaining API key leak issues
+- **Features list** showcasing all capabilities
+- **Installation instructions** for npm
+- **CLI usage examples** for all commands
+- **Git hooks setup guide**
+- **Configuration options**
+- **Security best practices**
+- **Contributing guidelines**
+- **License information**
+
+## Other Commands
+
+### Scan for API Key Leaks
+```bash
+# Scan current directory
+api-key-guard scan
+
+# Scan specific path
+api-key-guard scan --path ./src
+
+# Verbose output
+api-key-guard scan --verbose
+```
+
+### Setup Git Hooks
+```bash
+# Install pre-commit hook
+api-key-guard setup-hooks
+```
+
+## Error Handling
+
+The tool provides clear error messages for common issues:
+
+- **Missing API key**: Clear instructions on how to set GEMINI_API_KEY
+- **Network issues**: Helpful network troubleshooting information
+- **Invalid API responses**: Detailed API error messages
+- **File permissions**: Clear permission error messages
+
+## Security Features
+
+- **No API key storage**: API keys are read from environment variables only
+- **Pattern-based detection**: Uses regex patterns to detect various API key formats
+- **Configurable ignore patterns**: Respects .gitignore-style patterns
+- **Git hook integration**: Prevents commits with detected API keys
+
+## Supported API Key Formats
+
+The scanner detects these common API key patterns:
+- Generic API keys (`api_key`, `secret_key`, `access_token`)
+- AWS Access Keys (`AKIA...`)
+- GitHub Personal Access Tokens (`ghp_...`)
+- Google API Keys (`AIza...`)
+- Bearer tokens
+- Custom patterns (configurable)
+
+## Configuration
+
+Create a `api-key-guard.config.json` file to customize:
+
+```json
+{
+  "ignorePatterns": [
+    "node_modules",
+    ".git", 
+    "dist",
+    "*.log"
+  ],
+  "customPatterns": [
+    {
+      "name": "Custom API Key",
+      "pattern": "custom_[0-9a-f]{32}"
+    }
+  ]
+}
+```

package/bin/cli.js

@@ -0,0 +1,62 @@
+#!/usr/bin/env node
+
+const { Command } = require('commander');
+const chalk = require('chalk');
+const { generateReadme } = require('../src/readmeGenerator');
+const { scanForApiKeys } = require('../src/scanner');
+const { setupGitHooks } = require('../src/gitHooks');
+
+const program = new Command();
+
+program
+  .name('api-key-guard')
+  .description('CLI tool to detect API key leaks and manage security')
+  .version('1.0.0');
+
+// Scan command
+program
+  .command('scan')
+  .description('Scan files for potential API key leaks')
+  .option('-p, --path <path>', 'Path to scan', '.')
+  .option('-v, --verbose', 'Show detailed output')
+  .action(async (options) => {
+    try {
+      console.log(chalk.blue('🔍 Scanning for API key leaks...'));
+      await scanForApiKeys(options.path, options.verbose);
+    } catch (error) {
+      console.error(chalk.red('Error during scan:', error.message));
+      process.exit(1);
+    }
+  });
+
+// Setup git hooks command
+program
+  .command('setup-hooks')
+  .description('Setup git hooks for automatic API key detection')
+  .action(async () => {
+    try {
+      console.log(chalk.blue('⚙️ Setting up git hooks...'));
+      await setupGitHooks();
+    } catch (error) {
+      console.error(chalk.red('Error setting up hooks:', error.message));
+      process.exit(1);
+    }
+  });
+
+// README generator command
+program
+  .command('readme')
+  .description('Generate an AI-powered README.md file using Gemini API')
+  .option('-f, --force', 'Overwrite existing README.md without confirmation')
+  .option('-o, --output <file>', 'Output file path', 'README.md')
+  .action(async (options) => {
+    try {
+      console.log(chalk.blue('🤖 Generating README with AI...'));
+      await generateReadme(options);
+    } catch (error) {
+      console.error(chalk.red('Error generating README:', error.message));
+      process.exit(1);
+    }
+  });
+
+program.parse();

package/config/patterns.json

@@ -0,0 +1,49 @@
+{
+  "apiKeyPatterns": [
+    {
+      "name": "Generic API Key",
+      "pattern": "(?i)api[_-]?key[\\s]*[=:][\\s]*['\"]?([a-z0-9]{20,})",
+      "description": "Generic API key pattern"
+    },
+    {
+      "name": "Generic Secret Key",
+      "pattern": "(?i)secret[_-]?key[\\s]*[=:][\\s]*['\"]?([a-z0-9]{20,})",
+      "description": "Generic secret key pattern"
+    },
+    {
+      "name": "Access Token",
+      "pattern": "(?i)access[_-]?token[\\s]*[=:][\\s]*['\"]?([a-z0-9]{20,})",
+      "description": "Generic access token pattern"
+    },
+    {
+      "name": "AWS Access Key ID",
+      "pattern": "AKIA[0-9A-Z]{16}",
+      "description": "AWS Access Key ID"
+    },
+    {
+      "name": "GitHub Token",
+      "pattern": "ghp_[0-9a-zA-Z]{36}",
+      "description": "GitHub personal access token"
+    },
+    {
+      "name": "Google API Key",
+      "pattern": "AIza[0-9A-Za-z\\-_]{35}",
+      "description": "Google API key"
+    }
+  ],
+  "ignorePatterns": [
+    "node_modules",
+    ".git",
+    "dist",
+    "build",
+    "*.log",
+    "*.min.js",
+    "package-lock.json",
+    ".env.example"
+  ],
+  "fileExtensions": [
+    ".js", ".ts", ".jsx", ".tsx", ".json", ".md", ".txt", ".yml", ".yaml",
+    ".xml", ".html", ".css", ".scss", ".sass", ".less", ".env", ".config",
+    ".py", ".java", ".php", ".rb", ".go", ".rs", ".cpp", ".c", ".h"
+  ]
+}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "api-key-guard",
+  "version": "1.0.0",
+  "description": "A comprehensive tool to detect, prevent, and manage API key leaks in your codebase with AI-powered README generation",
+  "main": "src/index.js",
+  "bin": {
+    "api-key-guard": "./bin/cli.js"
+  },
+  "scripts": {
+    "start": "node bin/cli.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "api-key",
+    "security",
+    "git-hooks",
+    "leak-detection",
+    "cli",
+    "readme-generator"
+  ],
+  "author": "your-name",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^11.0.0",
+    "chalk": "^4.1.2",
+    "axios": "^1.6.0"
+  },
+  "engines": {
+    "node": ">=14.0.0"
+  }
+}

package/src/gitHooks.js

@@ -0,0 +1,61 @@
+const fs = require('fs').promises;
+const path = require('path');
+const chalk = require('chalk');
+
+/**
+ * Setup git hooks for automatic API key detection
+ */
+async function setupGitHooks() {
+  const gitHooksDir = path.join(process.cwd(), '.git', 'hooks');
+  const preCommitHook = path.join(gitHooksDir, 'pre-commit');
+  
+  try {
+    // Check if .git directory exists
+    await fs.access(path.join(process.cwd(), '.git'));
+  } catch (error) {
+    throw new Error('No git repository found. Please initialize git first.');
+  }
+  
+  // Ensure hooks directory exists
+  try {
+    await fs.mkdir(gitHooksDir, { recursive: true });
+  } catch (error) {
+    // Directory already exists
+  }
+  
+  const hookContent = `#!/bin/sh
+# api-key-guard pre-commit hook
+# This hook scans staged files for potential API key leaks
+
+echo "🔍 Scanning staged files for API key leaks..."
+
+# Run api-key-guard scan
+npx api-key-guard scan --path .
+
+# Check exit code
+if [ $? -ne 0 ]; then
+    echo "🚨 API key leaks detected! Commit aborted."
+    echo "Please review the findings and remove any exposed API keys before committing."
+    exit 1
+fi
+
+echo "✅ No API key leaks detected. Proceeding with commit."
+exit 0
+`;
+  
+  await fs.writeFile(preCommitHook, hookContent, 'utf8');
+  
+  // Make the hook executable (Unix-like systems)
+  try {
+    await fs.chmod(preCommitHook, '755');
+  } catch (error) {
+    // Chmod might not work on Windows, but that's okay
+  }
+  
+  console.log(chalk.green('✅ Git pre-commit hook installed successfully!'));
+  console.log(chalk.blue('🔗 The hook will automatically scan for API key leaks before each commit.'));
+}
+
+module.exports = {
+  setupGitHooks
+};

package/src/index.js

@@ -0,0 +1,9 @@
+const { scanForApiKeys } = require('./scanner');
+const { setupGitHooks } = require('./gitHooks');
+const { generateReadme } = require('./readmeGenerator');
+
+module.exports = {
+  scanForApiKeys,
+  setupGitHooks,
+  generateReadme
+};

package/src/readmeGenerator.js

@@ -0,0 +1,221 @@
+const axios = require('axios');
+const fs = require('fs').promises;
+const path = require('path');
+const chalk = require('chalk');
+const readline = require('readline');
+
+/**
+ * Generate README.md using Google's Gemini API
+ */
+async function generateReadme(options = {}) {
+  // Check for API key
+  const apiKey = process.env.GEMINI_API_KEY;
+  if (!apiKey) {
+    throw new Error('GEMINI_API_KEY environment variable is required. Please set your Gemini API key.');
+  }
+
+  const outputFile = options.output || 'README.md';
+  const force = options.force || false;
+
+  // Check if README.md already exists
+  if (!force) {
+    try {
+      await fs.access(outputFile);
+      const shouldOverwrite = await promptConfirmation(
+        `${outputFile} already exists. Do you want to overwrite it? (y/N): `
+      );
+      if (!shouldOverwrite) {
+        console.log(chalk.yellow('Operation cancelled.'));
+        return;
+      }
+    } catch (error) {
+      // File doesn't exist, proceed
+    }
+  }
+
+  console.log(chalk.blue('📝 Analyzing project structure...'));
+  const projectContext = await analyzeProject();
+  
+  console.log(chalk.blue('🚀 Generating README with Gemini AI...'));
+  const readmeContent = await generateWithGemini(apiKey, projectContext);
+  
+  console.log(chalk.blue('💾 Writing README.md...'));
+  await fs.writeFile(outputFile, readmeContent, 'utf8');
+  
+  console.log(chalk.green(`✅ Successfully generated ${outputFile}!`));
+}
+
+/**
+ * Analyze the current project to gather context
+ */
+async function analyzeProject() {
+  const context = {
+    projectName: 'api-key-guard',
+    hasPackageJson: false,
+    hasSrcDirectory: false,
+    hasGitDirectory: false,
+    dependencies: [],
+    scripts: {}
+  };
+
+  try {
+    // Check for package.json
+    const packageJsonPath = path.join(process.cwd(), 'package.json');
+    const packageJson = JSON.parse(await fs.readFile(packageJsonPath, 'utf8'));
+    context.hasPackageJson = true;
+    context.projectName = packageJson.name || context.projectName;
+    context.dependencies = Object.keys(packageJson.dependencies || {});
+    context.scripts = packageJson.scripts || {};
+  } catch (error) {
+    // No package.json found
+  }
+
+  try {
+    // Check for src directory
+    await fs.access(path.join(process.cwd(), 'src'));
+    context.hasSrcDirectory = true;
+  } catch (error) {
+    // No src directory
+  }
+
+  try {
+    // Check for git directory
+    await fs.access(path.join(process.cwd(), '.git'));
+    context.hasGitDirectory = true;
+  } catch (error) {
+    // No git directory
+  }
+
+  return context;
+}
+
+/**
+ * Generate README content using Gemini API
+ */
+async function generateWithGemini(apiKey, projectContext) {
+  const prompt = createGeminiPrompt(projectContext);
+  
+  try {
+    const response = await axios.post(
+      `https://generativelanguage.googleapis.com/v1beta/models/gemini-pro:generateContent?key=${apiKey}`,
+      {
+        contents: [{
+          parts: [{
+            text: prompt
+          }]
+        }],
+        generationConfig: {
+          temperature: 0.7,
+          topK: 40,
+          topP: 0.95,
+          maxOutputTokens: 2048,
+        },
+        safetySettings: [
+          {
+            category: "HARM_CATEGORY_HARASSMENT",
+            threshold: "BLOCK_MEDIUM_AND_ABOVE"
+          },
+          {
+            category: "HARM_CATEGORY_HATE_SPEECH", 
+            threshold: "BLOCK_MEDIUM_AND_ABOVE"
+          },
+          {
+            category: "HARM_CATEGORY_SEXUALLY_EXPLICIT",
+            threshold: "BLOCK_MEDIUM_AND_ABOVE"
+          },
+          {
+            category: "HARM_CATEGORY_DANGEROUS_CONTENT",
+            threshold: "BLOCK_MEDIUM_AND_ABOVE"
+          }
+        ]
+      },
+      {
+        headers: {
+          'Content-Type': 'application/json'
+        }
+      }
+    );
+
+    if (response.data.candidates && response.data.candidates[0].content.parts[0].text) {
+      return response.data.candidates[0].content.parts[0].text;
+    } else {
+      throw new Error('Invalid response from Gemini API');
+    }
+  } catch (error) {
+    if (error.response) {
+      throw new Error(`Gemini API error: ${error.response.status} - ${error.response.data?.error?.message || 'Unknown error'}`);
+    } else if (error.request) {
+      throw new Error('Network error: Unable to reach Gemini API');
+    } else {
+      throw new Error(`Error generating content: ${error.message}`);
+    }
+  }
+}
+
+/**
+ * Create a detailed prompt for Gemini to generate README
+ */
+function createGeminiPrompt(context) {
+  return `Generate a professional README.md file for the "${context.projectName}" Node.js package. This is a comprehensive CLI tool for detecting, preventing, and managing API key leaks in codebases.
+
+Context about the project:
+- Project name: ${context.projectName}
+- Has package.json: ${context.hasPackageJson}
+- Has src directory: ${context.hasSrcDirectory}
+- Has git repository: ${context.hasGitDirectory}
+- Dependencies: ${context.dependencies.join(', ')}
+
+Please generate a comprehensive README.md with the following sections:
+
+1. **Project Title & Description**: Clear, concise description of what api-key-guard does
+2. **Problem Statement**: Explain the critical issue of API key leaks in code repositories
+3. **Features List**: Comprehensive list of features including:
+   - API key detection and scanning
+   - Git hooks integration
+   - CLI commands
+   - AI-powered README generation
+   - Multiple file format support
+   - Configurable ignore patterns
+4. **Installation**: Step-by-step installation instructions using npm
+5. **CLI Usage Examples**: Detailed examples of all CLI commands:
+   - \`api-key-guard scan\` with various options
+   - \`api-key-guard setup-hooks\` for git integration
+   - \`api-key-guard readme\` for README generation
+6. **Git Hooks Usage**: How to set up and use pre-commit hooks
+7. **Configuration**: Details about configuration files and ignore patterns
+8. **Security Best Practices**: Important security notes and recommendations
+9. **Future Roadmap**: Planned features and improvements
+10. **Contributing**: Guidelines for contributors
+11. **License**: MIT license information
+
+Requirements:
+- Use clear, developer-friendly language
+- Include practical code examples
+- Use proper markdown formatting with badges, code blocks, and tables
+- Make it visually appealing with emojis and good structure
+- Include security warnings and best practices
+- Keep it professional but engaging
+
+Generate ONLY the README.md content in markdown format, no additional text or explanations.`;
+}
+
+/**
+ * Prompt user for confirmation
+ */
+function promptConfirmation(question) {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes');
+    });
+  });
+}
+
+module.exports = {
+  generateReadme
+};

package/src/scanner.js

@@ -0,0 +1,143 @@
+const fs = require('fs').promises;
+const path = require('path');
+const chalk = require('chalk');
+
+/**
+ * Scan directory for potential API key leaks
+ */
+async function scanForApiKeys(scanPath = '.', verbose = false) {
+  const apiKeyPatterns = [
+    /api[_-]?key[\s]*[=:][\s]*['"]?([a-z0-9]{20,})/gi,
+    /secret[_-]?key[\s]*[=:][\s]*['"]?([a-z0-9]{20,})/gi,
+    /access[_-]?token[\s]*[=:][\s]*['"]?([a-z0-9]{20,})/gi,
+    /auth[_-]?token[\s]*[=:][\s]*['"]?([a-z0-9]{20,})/gi,
+    /bearer[\s]*[=:][\s]*['"]?([a-z0-9]{20,})/gi,
+    // AWS patterns
+    /AKIA[0-9A-Z]{16}/g,
+    // GitHub tokens
+    /ghp_[0-9a-zA-Z]{36}/g,
+    // Google API keys
+    /AIza[0-9A-Za-z\-_]{35}/g,
+  ];
+
+  const ignorePatterns = [
+    'node_modules',
+    '.git',
+    'dist',
+    'build',
+    '*.log',
+    '*.min.js',
+    'package-lock.json'
+  ];
+
+  let findings = [];
+  
+  try {
+    const files = await getFilesRecursively(scanPath, ignorePatterns);
+    
+    for (const file of files) {
+      const content = await fs.readFile(file, 'utf8');
+      
+      for (const pattern of apiKeyPatterns) {
+        let match;
+        while ((match = pattern.exec(content)) !== null) {
+          const lineNumber = content.substring(0, match.index).split('\n').length;
+          findings.push({
+            file: path.relative(process.cwd(), file),
+            line: lineNumber,
+            pattern: match[0],
+            type: 'potential-api-key'
+          });
+        }
+      }
+    }
+    
+    if (findings.length > 0) {
+      console.log(chalk.red(`🚨 Found ${findings.length} potential API key leak(s):`));
+      findings.forEach(finding => {
+        console.log(chalk.yellow(`  📄 ${finding.file}:${finding.line}`));
+        if (verbose) {
+          console.log(chalk.gray(`     Pattern: ${finding.pattern}`));
+        }
+      });
+      console.log(chalk.red('\n⚠️  Please review these findings and secure any exposed API keys!'));
+    } else {
+      console.log(chalk.green('✅ No potential API key leaks detected!'));
+    }
+    
+    return findings;
+  } catch (error) {
+    throw new Error(`Scan failed: ${error.message}`);
+  }
+}
+
+/**
+ * Get all files recursively, respecting ignore patterns
+ */
+async function getFilesRecursively(dir, ignorePatterns = []) {
+  let files = [];
+  
+  try {
+    const entries = await fs.readdir(dir, { withFileTypes: true });
+    
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name);
+      
+      // Check if should be ignored
+      if (shouldIgnore(entry.name, fullPath, ignorePatterns)) {
+        continue;
+      }
+      
+      if (entry.isDirectory()) {
+        files = files.concat(await getFilesRecursively(fullPath, ignorePatterns));
+      } else {
+        // Only scan text files
+        if (isTextFile(entry.name)) {
+          files.push(fullPath);
+        }
+      }
+    }
+  } catch (error) {
+    // Skip directories we can't read
+  }
+  
+  return files;
+}
+
+/**
+ * Check if file/directory should be ignored
+ */
+function shouldIgnore(name, fullPath, ignorePatterns) {
+  for (const pattern of ignorePatterns) {
+    if (pattern.includes('*')) {
+      // Simple glob pattern matching
+      const regex = new RegExp(pattern.replace(/\*/g, '.*'));
+      if (regex.test(name)) {
+        return true;
+      }
+    } else {
+      if (name === pattern || fullPath.includes(pattern)) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
+/**
+ * Check if file is likely a text file based on extension
+ */
+function isTextFile(filename) {
+  const textExtensions = [
+    '.js', '.ts', '.jsx', '.tsx', '.json', '.md', '.txt', '.yml', '.yaml',
+    '.xml', '.html', '.css', '.scss', '.sass', '.less', '.env', '.config',
+    '.py', '.java', '.php', '.rb', '.go', '.rs', '.cpp', '.c', '.h'
+  ];
+  
+  const ext = path.extname(filename).toLowerCase();
+  return textExtensions.includes(ext) || !ext; // Include files without extensions
+}
+
+module.exports = {
+  scanForApiKeys
+};