npm - api-tests-coverage - Versions diffs - 1.0.0 - Mend

api-tests-coverage 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (288) hide show

package/README.md +703 -0
package/config.yaml.example +227 -0
package/dist/action/src/index.d.ts +2 -0
package/dist/action/src/index.d.ts.map +1 -0
package/dist/action/src/index.js +349 -0
package/dist/action/src/prComment.d.ts +34 -0
package/dist/action/src/prComment.d.ts.map +1 -0
package/dist/action/src/prComment.js +146 -0
package/dist/src/ast/astAnalysisOrchestrator.d.ts +36 -0
package/dist/src/ast/astAnalysisOrchestrator.d.ts.map +1 -0
package/dist/src/ast/astAnalysisOrchestrator.js +123 -0
package/dist/src/ast/astTypes.d.ts +105 -0
package/dist/src/ast/astTypes.d.ts.map +1 -0
package/dist/src/ast/astTypes.js +9 -0
package/dist/src/ast/languageAnalyzer.d.ts +46 -0
package/dist/src/ast/languageAnalyzer.d.ts.map +1 -0
package/dist/src/ast/languageAnalyzer.js +9 -0
package/dist/src/ast/languageCapabilities.d.ts +24 -0
package/dist/src/ast/languageCapabilities.d.ts.map +1 -0
package/dist/src/ast/languageCapabilities.js +92 -0
package/dist/src/ast/parseFile.d.ts +16 -0
package/dist/src/ast/parseFile.d.ts.map +1 -0
package/dist/src/ast/parseFile.js +65 -0
package/dist/src/ast/parserRegistry.d.ts +39 -0
package/dist/src/ast/parserRegistry.d.ts.map +1 -0
package/dist/src/ast/parserRegistry.js +66 -0
package/dist/src/buildSummary.d.ts +26 -0
package/dist/src/buildSummary.d.ts.map +1 -0
package/dist/src/buildSummary.js +193 -0
package/dist/src/businessCoverage.d.ts +68 -0
package/dist/src/businessCoverage.d.ts.map +1 -0
package/dist/src/businessCoverage.js +290 -0
package/dist/src/compatibilityCoverage.d.ts +83 -0
package/dist/src/compatibilityCoverage.d.ts.map +1 -0
package/dist/src/compatibilityCoverage.js +501 -0
package/dist/src/config/defaultConfig.d.ts +9 -0
package/dist/src/config/defaultConfig.d.ts.map +1 -0
package/dist/src/config/defaultConfig.js +97 -0
package/dist/src/config/index.d.ts +12 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/index.js +37 -0
package/dist/src/config/loadConfig.d.ts +29 -0
package/dist/src/config/loadConfig.d.ts.map +1 -0
package/dist/src/config/loadConfig.js +135 -0
package/dist/src/config/mergeConfig.d.ts +15 -0
package/dist/src/config/mergeConfig.d.ts.map +1 -0
package/dist/src/config/mergeConfig.js +57 -0
package/dist/src/config/schema.d.ts +15 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/config/schema.js +30 -0
package/dist/src/config/types.d.ts +175 -0
package/dist/src/config/types.d.ts.map +1 -0
package/dist/src/config/types.js +9 -0
package/dist/src/config/validateConfig.d.ts +22 -0
package/dist/src/config/validateConfig.d.ts.map +1 -0
package/dist/src/config/validateConfig.js +171 -0
package/dist/src/config.d.ts +168 -0
package/dist/src/config.d.ts.map +1 -0
package/dist/src/config.js +204 -0
package/dist/src/coverage/deep-analysis/callGraph.d.ts +67 -0
package/dist/src/coverage/deep-analysis/callGraph.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/callGraph.js +275 -0
package/dist/src/coverage/deep-analysis/deepEndpointResolver.d.ts +23 -0
package/dist/src/coverage/deep-analysis/deepEndpointResolver.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/deepEndpointResolver.js +394 -0
package/dist/src/coverage/deep-analysis/index.d.ts +17 -0
package/dist/src/coverage/deep-analysis/index.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/index.js +63 -0
package/dist/src/coverage/deep-analysis/resolveAssertions.d.ts +60 -0
package/dist/src/coverage/deep-analysis/resolveAssertions.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/resolveAssertions.js +121 -0
package/dist/src/coverage/deep-analysis/resolveConstants.d.ts +36 -0
package/dist/src/coverage/deep-analysis/resolveConstants.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/resolveConstants.js +92 -0
package/dist/src/coverage/deep-analysis/resolveEnums.d.ts +55 -0
package/dist/src/coverage/deep-analysis/resolveEnums.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/resolveEnums.js +152 -0
package/dist/src/coverage/deep-analysis/resolveMethodChains.d.ts +70 -0
package/dist/src/coverage/deep-analysis/resolveMethodChains.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/resolveMethodChains.js +152 -0
package/dist/src/coverage/deep-analysis/resolvePaths.d.ts +80 -0
package/dist/src/coverage/deep-analysis/resolvePaths.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/resolvePaths.js +216 -0
package/dist/src/coverage/deep-analysis/resolveRequestWrappers.d.ts +71 -0
package/dist/src/coverage/deep-analysis/resolveRequestWrappers.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/resolveRequestWrappers.js +226 -0
package/dist/src/coverage/deep-analysis/symbolTable.d.ts +58 -0
package/dist/src/coverage/deep-analysis/symbolTable.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/symbolTable.js +230 -0
package/dist/src/coverage/deep-analysis/types.d.ts +122 -0
package/dist/src/coverage/deep-analysis/types.d.ts.map +1 -0
package/dist/src/coverage/deep-analysis/types.js +21 -0
package/dist/src/discovery/fileClassifier.d.ts +50 -0
package/dist/src/discovery/fileClassifier.d.ts.map +1 -0
package/dist/src/discovery/fileClassifier.js +238 -0
package/dist/src/discovery/projectDiscovery.d.ts +66 -0
package/dist/src/discovery/projectDiscovery.d.ts.map +1 -0
package/dist/src/discovery/projectDiscovery.js +287 -0
package/dist/src/endpointCoverage.d.ts +70 -0
package/dist/src/endpointCoverage.d.ts.map +1 -0
package/dist/src/endpointCoverage.js +381 -0
package/dist/src/errorCoverage.d.ts +93 -0
package/dist/src/errorCoverage.d.ts.map +1 -0
package/dist/src/errorCoverage.js +698 -0
package/dist/src/index.d.ts +3 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +1441 -0
package/dist/src/inference/businessRuleInference.d.ts +63 -0
package/dist/src/inference/businessRuleInference.d.ts.map +1 -0
package/dist/src/inference/businessRuleInference.js +268 -0
package/dist/src/inference/integrationFlowInference.d.ts +56 -0
package/dist/src/inference/integrationFlowInference.d.ts.map +1 -0
package/dist/src/inference/integrationFlowInference.js +266 -0
package/dist/src/integrationCoverage.d.ts +72 -0
package/dist/src/integrationCoverage.d.ts.map +1 -0
package/dist/src/integrationCoverage.js +317 -0
package/dist/src/intelligence/index.d.ts +20 -0
package/dist/src/intelligence/index.d.ts.map +1 -0
package/dist/src/intelligence/index.js +105 -0
package/dist/src/intelligence/linkageEngine.d.ts +20 -0
package/dist/src/intelligence/linkageEngine.d.ts.map +1 -0
package/dist/src/intelligence/linkageEngine.js +522 -0
package/dist/src/intelligence/markdownReporter.d.ts +12 -0
package/dist/src/intelligence/markdownReporter.d.ts.map +1 -0
package/dist/src/intelligence/markdownReporter.js +265 -0
package/dist/src/intelligence/riskScoring.d.ts +53 -0
package/dist/src/intelligence/riskScoring.d.ts.map +1 -0
package/dist/src/intelligence/riskScoring.js +181 -0
package/dist/src/intelligence/types.d.ts +121 -0
package/dist/src/intelligence/types.d.ts.map +1 -0
package/dist/src/intelligence/types.js +8 -0
package/dist/src/languageDetection.d.ts +100 -0
package/dist/src/languageDetection.d.ts.map +1 -0
package/dist/src/languageDetection.js +349 -0
package/dist/src/languages/java/index.d.ts +16 -0
package/dist/src/languages/java/index.d.ts.map +1 -0
package/dist/src/languages/java/index.js +103 -0
package/dist/src/languages/java/parser.d.ts +7 -0
package/dist/src/languages/java/parser.d.ts.map +1 -0
package/dist/src/languages/java/parser.js +50 -0
package/dist/src/languages/java/semanticBuilder.d.ts +21 -0
package/dist/src/languages/java/semanticBuilder.d.ts.map +1 -0
package/dist/src/languages/java/semanticBuilder.js +358 -0
package/dist/src/languages/javascript/annotationExtractor.d.ts +20 -0
package/dist/src/languages/javascript/annotationExtractor.d.ts.map +1 -0
package/dist/src/languages/javascript/annotationExtractor.js +94 -0
package/dist/src/languages/javascript/assertionResolver.d.ts +18 -0
package/dist/src/languages/javascript/assertionResolver.d.ts.map +1 -0
package/dist/src/languages/javascript/assertionResolver.js +150 -0
package/dist/src/languages/javascript/callResolver.d.ts +23 -0
package/dist/src/languages/javascript/callResolver.d.ts.map +1 -0
package/dist/src/languages/javascript/callResolver.js +236 -0
package/dist/src/languages/javascript/httpInteractionExtractor.d.ts +23 -0
package/dist/src/languages/javascript/httpInteractionExtractor.d.ts.map +1 -0
package/dist/src/languages/javascript/httpInteractionExtractor.js +205 -0
package/dist/src/languages/javascript/index.d.ts +20 -0
package/dist/src/languages/javascript/index.d.ts.map +1 -0
package/dist/src/languages/javascript/index.js +136 -0
package/dist/src/languages/javascript/parser.d.ts +14 -0
package/dist/src/languages/javascript/parser.d.ts.map +1 -0
package/dist/src/languages/javascript/parser.js +38 -0
package/dist/src/languages/javascript/symbolResolver.d.ts +31 -0
package/dist/src/languages/javascript/symbolResolver.d.ts.map +1 -0
package/dist/src/languages/javascript/symbolResolver.js +183 -0
package/dist/src/languages/kotlin/index.d.ts +16 -0
package/dist/src/languages/kotlin/index.d.ts.map +1 -0
package/dist/src/languages/kotlin/index.js +151 -0
package/dist/src/languages/kotlin/parser.d.ts +11 -0
package/dist/src/languages/kotlin/parser.d.ts.map +1 -0
package/dist/src/languages/kotlin/parser.js +74 -0
package/dist/src/languages/python/index.d.ts +15 -0
package/dist/src/languages/python/index.d.ts.map +1 -0
package/dist/src/languages/python/index.js +293 -0
package/dist/src/languages/ruby/index.d.ts +15 -0
package/dist/src/languages/ruby/index.d.ts.map +1 -0
package/dist/src/languages/ruby/index.js +274 -0
package/dist/src/languages/shared/treeSitterUtils.d.ts +43 -0
package/dist/src/languages/shared/treeSitterUtils.d.ts.map +1 -0
package/dist/src/languages/shared/treeSitterUtils.js +100 -0
package/dist/src/languages/typescript/index.d.ts +14 -0
package/dist/src/languages/typescript/index.d.ts.map +1 -0
package/dist/src/languages/typescript/index.js +25 -0
package/dist/src/lib/index.d.ts +228 -0
package/dist/src/lib/index.d.ts.map +1 -0
package/dist/src/lib/index.js +486 -0
package/dist/src/mcp/client/index.d.ts +37 -0
package/dist/src/mcp/client/index.d.ts.map +1 -0
package/dist/src/mcp/client/index.js +235 -0
package/dist/src/mcp/config.d.ts +50 -0
package/dist/src/mcp/config.d.ts.map +1 -0
package/dist/src/mcp/config.js +125 -0
package/dist/src/mcp/events.d.ts +24 -0
package/dist/src/mcp/events.d.ts.map +1 -0
package/dist/src/mcp/events.js +48 -0
package/dist/src/mcp/fallback/index.d.ts +50 -0
package/dist/src/mcp/fallback/index.d.ts.map +1 -0
package/dist/src/mcp/fallback/index.js +216 -0
package/dist/src/mcp/index.d.ts +67 -0
package/dist/src/mcp/index.d.ts.map +1 -0
package/dist/src/mcp/index.js +212 -0
package/dist/src/mcp/normalizer.d.ts +21 -0
package/dist/src/mcp/normalizer.d.ts.map +1 -0
package/dist/src/mcp/normalizer.js +99 -0
package/dist/src/mcp/prompts/index.d.ts +86 -0
package/dist/src/mcp/prompts/index.d.ts.map +1 -0
package/dist/src/mcp/prompts/index.js +304 -0
package/dist/src/mcp/templates/index.d.ts +35 -0
package/dist/src/mcp/templates/index.d.ts.map +1 -0
package/dist/src/mcp/templates/index.js +143 -0
package/dist/src/mcp/testing/mock-server/index.d.ts +47 -0
package/dist/src/mcp/testing/mock-server/index.d.ts.map +1 -0
package/dist/src/mcp/testing/mock-server/index.js +157 -0
package/dist/src/mcp/types.d.ts +127 -0
package/dist/src/mcp/types.d.ts.map +1 -0
package/dist/src/mcp/types.js +8 -0
package/dist/src/observability.d.ts +138 -0
package/dist/src/observability.d.ts.map +1 -0
package/dist/src/observability.js +519 -0
package/dist/src/parameterCoverage.d.ts +75 -0
package/dist/src/parameterCoverage.d.ts.map +1 -0
package/dist/src/parameterCoverage.js +629 -0
package/dist/src/perfResilienceCoverage.d.ts +155 -0
package/dist/src/perfResilienceCoverage.d.ts.map +1 -0
package/dist/src/perfResilienceCoverage.js +670 -0
package/dist/src/pluginLoader.d.ts +51 -0
package/dist/src/pluginLoader.d.ts.map +1 -0
package/dist/src/pluginLoader.js +72 -0
package/dist/src/publishing.d.ts +63 -0
package/dist/src/publishing.d.ts.map +1 -0
package/dist/src/publishing.js +379 -0
package/dist/src/qualityGate.d.ts +58 -0
package/dist/src/qualityGate.d.ts.map +1 -0
package/dist/src/qualityGate.js +118 -0
package/dist/src/reporting.d.ts +41 -0
package/dist/src/reporting.d.ts.map +1 -0
package/dist/src/reporting.js +278 -0
package/dist/src/screenshots.d.ts +71 -0
package/dist/src/screenshots.d.ts.map +1 -0
package/dist/src/screenshots.js +141 -0
package/dist/src/security/gate/index.d.ts +11 -0
package/dist/src/security/gate/index.d.ts.map +1 -0
package/dist/src/security/gate/index.js +65 -0
package/dist/src/security/index.d.ts +30 -0
package/dist/src/security/index.d.ts.map +1 -0
package/dist/src/security/index.js +342 -0
package/dist/src/security/normalizers/semgrep.d.ts +10 -0
package/dist/src/security/normalizers/semgrep.d.ts.map +1 -0
package/dist/src/security/normalizers/semgrep.js +104 -0
package/dist/src/security/normalizers/trivy.d.ts +10 -0
package/dist/src/security/normalizers/trivy.d.ts.map +1 -0
package/dist/src/security/normalizers/trivy.js +78 -0
package/dist/src/security/normalizers/zap.d.ts +10 -0
package/dist/src/security/normalizers/zap.d.ts.map +1 -0
package/dist/src/security/normalizers/zap.js +104 -0
package/dist/src/security/scanners/semgrep.d.ts +6 -0
package/dist/src/security/scanners/semgrep.d.ts.map +1 -0
package/dist/src/security/scanners/semgrep.js +125 -0
package/dist/src/security/scanners/trivy.d.ts +6 -0
package/dist/src/security/scanners/trivy.d.ts.map +1 -0
package/dist/src/security/scanners/trivy.js +115 -0
package/dist/src/security/scanners/zap.d.ts +6 -0
package/dist/src/security/scanners/zap.d.ts.map +1 -0
package/dist/src/security/scanners/zap.js +135 -0
package/dist/src/security/types.d.ts +146 -0
package/dist/src/security/types.d.ts.map +1 -0
package/dist/src/security/types.js +6 -0
package/dist/src/securityCoverage.d.ts +116 -0
package/dist/src/securityCoverage.d.ts.map +1 -0
package/dist/src/securityCoverage.js +725 -0
package/dist/src/summary/buildSummary.d.ts +28 -0
package/dist/src/summary/buildSummary.d.ts.map +1 -0
package/dist/src/summary/buildSummary.js +257 -0
package/dist/src/summary/evaluateMetrics.d.ts +31 -0
package/dist/src/summary/evaluateMetrics.d.ts.map +1 -0
package/dist/src/summary/evaluateMetrics.js +118 -0
package/dist/src/summary/index.d.ts +10 -0
package/dist/src/summary/index.d.ts.map +1 -0
package/dist/src/summary/index.js +22 -0
package/dist/src/summary/markdownRenderer.d.ts +139 -0
package/dist/src/summary/markdownRenderer.d.ts.map +1 -0
package/dist/src/summary/markdownRenderer.js +459 -0
package/dist/src/summary/prSummary.d.ts +24 -0
package/dist/src/summary/prSummary.d.ts.map +1 -0
package/dist/src/summary/prSummary.js +233 -0
package/dist/src/summary/summaryTypes.d.ts +35 -0
package/dist/src/summary/summaryTypes.d.ts.map +1 -0
package/dist/src/summary/summaryTypes.js +27 -0
package/package.json +84 -0

package/dist/src/mcp/client/index.js ADDED Viewed

@@ -0,0 +1,235 @@
+"use strict";
+/**
+ * MCP integration – client.
+ *
+ * Manages transport connections, sends prompts, and returns raw MCP responses.
+ * Supports stdio (child-process) and HTTP transports.
+ *
+ * Security:
+ *  - Server URLs validated against allowlist before connection.
+ *  - Transports validated against allowlist.
+ *  - Payload size validated before sending.
+ *  - Secrets redacted from all outgoing payloads.
+ *  - Hard timeout enforced per request.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpClient = void 0;
+const http = __importStar(require("http"));
+const https = __importStar(require("https"));
+const childProcess = __importStar(require("child_process"));
+const url_1 = require("url");
+const config_1 = require("../config");
+// ─── MCP Client ───────────────────────────────────────────────────────────────
+class McpClient {
+    /**
+     * @param globalConfig  MCP configuration block
+     * @param spawnFn       Optional spawn override (useful in unit tests to avoid
+     *                      spawning real child processes)
+     */
+    constructor(globalConfig, spawnFn) {
+        this.globalConfig = globalConfig;
+        this.spawnFn = spawnFn !== null && spawnFn !== void 0 ? spawnFn : childProcess.spawn;
+    }
+    /**
+     * Send a prompt to the named MCP server and return the raw response.
+     *
+     * @param serverName  Key in config.servers (e.g. "coverageSummary")
+     * @param request     Prompt request to send
+     */
+    async send(serverName, request) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j;
+        const serverCfg = (0, config_1.resolveServerConfig)(this.globalConfig, serverName);
+        const transport = (_a = serverCfg.transport) !== null && _a !== void 0 ? _a : 'stdio';
+        // Security: validate transport and server URL
+        (0, config_1.validateTransport)(this.globalConfig, transport);
+        if (transport === 'http' && serverCfg.url) {
+            (0, config_1.validateServerUrl)(this.globalConfig, serverCfg.url);
+        }
+        // Security: redact secrets from context before serialising
+        const sanitisedRequest = {
+            ...request,
+            context: (0, config_1.redactSecrets)(request.context),
+        };
+        const payload = JSON.stringify(sanitisedRequest);
+        (0, config_1.validatePayloadSize)(this.globalConfig, payload);
+        const maxRetries = (_c = (_b = this.globalConfig.retryPolicy) === null || _b === void 0 ? void 0 : _b.maxRetries) !== null && _c !== void 0 ? _c : config_1.MCP_DEFAULT_MAX_RETRIES;
+        const retryDelayMs = (_e = (_d = this.globalConfig.retryPolicy) === null || _d === void 0 ? void 0 : _d.retryDelayMs) !== null && _e !== void 0 ? _e : config_1.MCP_DEFAULT_RETRY_DELAY_MS;
+        const timeoutMs = (_f = serverCfg.timeoutMs) !== null && _f !== void 0 ? _f : config_1.MCP_DEFAULT_TIMEOUT_MS;
+        let lastError;
+        for (let attempt = 0; attempt <= maxRetries; attempt++) {
+            if (attempt > 0) {
+                await sleep(retryDelayMs);
+            }
+            try {
+                if (transport === 'http') {
+                    return await this.sendHttp(serverCfg.url, payload, timeoutMs);
+                }
+                else {
+                    return await this.sendStdio((_g = serverCfg.command) !== null && _g !== void 0 ? _g : 'node', (_h = serverCfg.args) !== null && _h !== void 0 ? _h : [], payload, timeoutMs);
+                }
+            }
+            catch (err) {
+                lastError = err instanceof Error ? err : new Error(String(err));
+            }
+        }
+        return { ok: false, error: (_j = lastError === null || lastError === void 0 ? void 0 : lastError.message) !== null && _j !== void 0 ? _j : 'Unknown MCP error' };
+    }
+    // ─── HTTP transport ─────────────────────────────────────────────────────────
+    sendHttp(url, payload, timeoutMs) {
+        return new Promise((resolve) => {
+            var _a;
+            const start = Date.now();
+            let resolved = false;
+            const timer = setTimeout(() => {
+                if (!resolved) {
+                    resolved = true;
+                    resolve({ ok: false, error: 'MCP HTTP request timed out', latencyMs: timeoutMs });
+                }
+            }, timeoutMs);
+            try {
+                const parsedUrl = new url_1.URL(url);
+                const isHttps = parsedUrl.protocol === 'https:';
+                const lib = isHttps ? https : http;
+                const options = {
+                    hostname: parsedUrl.hostname,
+                    port: parsedUrl.port || (isHttps ? 443 : 80),
+                    path: parsedUrl.pathname + ((_a = parsedUrl.search) !== null && _a !== void 0 ? _a : ''),
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Content-Length': Buffer.byteLength(payload),
+                    },
+                    timeout: timeoutMs,
+                };
+                const req = lib.request(options, (res) => {
+                    const chunks = [];
+                    res.on('data', (chunk) => chunks.push(chunk));
+                    res.on('end', () => {
+                        var _a, _b;
+                        clearTimeout(timer);
+                        if (!resolved) {
+                            resolved = true;
+                            const body = Buffer.concat(chunks).toString('utf-8');
+                            const latencyMs = Date.now() - start;
+                            if (((_a = res.statusCode) !== null && _a !== void 0 ? _a : 0) >= 200 && ((_b = res.statusCode) !== null && _b !== void 0 ? _b : 0) < 300) {
+                                resolve({ ok: true, content: body, latencyMs });
+                            }
+                            else {
+                                resolve({
+                                    ok: false,
+                                    error: `HTTP ${res.statusCode}: ${body.slice(0, 200)}`,
+                                    latencyMs,
+                                });
+                            }
+                        }
+                    });
+                });
+                req.on('error', (err) => {
+                    clearTimeout(timer);
+                    if (!resolved) {
+                        resolved = true;
+                        resolve({ ok: false, error: err.message, latencyMs: Date.now() - start });
+                    }
+                });
+                req.write(payload);
+                req.end();
+            }
+            catch (err) {
+                clearTimeout(timer);
+                if (!resolved) {
+                    resolved = true;
+                    resolve({
+                        ok: false,
+                        error: err instanceof Error ? err.message : String(err),
+                        latencyMs: Date.now() - start,
+                    });
+                }
+            }
+        });
+    }
+    // ─── stdio transport ────────────────────────────────────────────────────────
+    sendStdio(command, args, payload, timeoutMs) {
+        return new Promise((resolve) => {
+            const start = Date.now();
+            let resolved = false;
+            const timer = setTimeout(() => {
+                if (!resolved) {
+                    resolved = true;
+                    child.kill();
+                    resolve({ ok: false, error: 'MCP stdio process timed out', latencyMs: timeoutMs });
+                }
+            }, timeoutMs);
+            const child = this.spawnFn(command, args, { stdio: ['pipe', 'pipe', 'pipe'] });
+            const chunks = [];
+            const errChunks = [];
+            child.stdout.on('data', (chunk) => chunks.push(chunk));
+            child.stderr.on('data', (chunk) => errChunks.push(chunk));
+            child.on('close', (code) => {
+                clearTimeout(timer);
+                if (!resolved) {
+                    resolved = true;
+                    const latencyMs = Date.now() - start;
+                    if (code === 0) {
+                        const content = Buffer.concat(chunks).toString('utf-8');
+                        resolve({ ok: true, content, latencyMs });
+                    }
+                    else {
+                        const stderr = Buffer.concat(errChunks).toString('utf-8');
+                        resolve({
+                            ok: false,
+                            error: `MCP stdio process exited with code ${code}: ${stderr.slice(0, 200)}`,
+                            latencyMs,
+                        });
+                    }
+                }
+            });
+            child.on('error', (err) => {
+                clearTimeout(timer);
+                if (!resolved) {
+                    resolved = true;
+                    resolve({ ok: false, error: err.message, latencyMs: Date.now() - start });
+                }
+            });
+            child.stdin.write(payload + '\n');
+            child.stdin.end();
+        });
+    }
+}
+exports.McpClient = McpClient;
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/dist/src/mcp/config.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * MCP integration – configuration loader and validator.
+ *
+ * Handles loading the `mcp` block from the project config file, applying
+ * defaults, validating allowed transports and server URLs, and providing a
+ * single function to resolve the effective configuration for a named server.
+ */
+import type { McpConfig, McpServerConfig, McpTransport } from './types';
+export declare const MCP_DEFAULT_TIMEOUT_MS = 30000;
+export declare const MCP_DEFAULT_MAX_PAYLOAD_BYTES = 1048576;
+export declare const MCP_DEFAULT_MAX_RETRIES = 2;
+export declare const MCP_DEFAULT_RETRY_DELAY_MS = 500;
+export declare const MCP_DEFAULT_TRANSPORT: McpTransport;
+export declare const MCP_ALLOWED_TRANSPORTS: McpTransport[];
+/** Sensitive key patterns that must never appear in MCP prompts */
+export declare const REDACTED_KEYS: string[];
+/**
+ * Merge per-server overrides with global defaults.
+ */
+export declare function resolveServerConfig(global: McpConfig, serverName: string): McpServerConfig & {
+    timeoutMs: number;
+};
+/**
+ * Return true if MCP is globally enabled AND the named server is enabled.
+ */
+export declare function isMcpEnabledFor(config: McpConfig, serverName: string): boolean;
+/**
+ * Validate that the transport is in the allowlist (if configured).
+ * Throws when the transport is not permitted.
+ */
+export declare function validateTransport(config: McpConfig, transport: McpTransport): void;
+/**
+ * Validate that an HTTP server URL is in the allowlist (if configured).
+ * Throws when the URL does not match any allowed prefix.
+ */
+export declare function validateServerUrl(config: McpConfig, url: string): void;
+/**
+ * Validate that a payload string does not exceed the configured size limit.
+ * Throws when the limit is exceeded.
+ */
+export declare function validatePayloadSize(config: McpConfig, payload: string): void;
+/**
+ * Recursively redact sensitive values from a plain object.
+ * Keys matching any of the REDACTED_KEYS patterns (case-insensitive) have
+ * their values replaced with "[REDACTED]".
+ *
+ * Returns a deep-cloned sanitised copy; never mutates the original.
+ */
+export declare function redactSecrets(obj: unknown): unknown;
+//# sourceMappingURL=config.d.ts.map

package/dist/src/mcp/config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/mcp/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,eAAe,EACf,YAAY,EACb,MAAM,SAAS,CAAC;AAIjB,eAAO,MAAM,sBAAsB,QAAS,CAAC;AAC7C,eAAO,MAAM,6BAA6B,UAAY,CAAC;AACvD,eAAO,MAAM,uBAAuB,IAAI,CAAC;AACzC,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAC9C,eAAO,MAAM,qBAAqB,EAAE,YAAsB,CAAC;AAE3D,eAAO,MAAM,sBAAsB,EAAE,YAAY,EAAsB,CAAC;AAExE,mEAAmE;AACnE,eAAO,MAAM,aAAa,UAczB,CAAC;AAIF;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,SAAS,EACjB,UAAU,EAAE,MAAM,GACjB,eAAe,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,CAOzC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAK9E;AAID;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,GAAG,IAAI,CAQlF;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAStE;AAID;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAQ5E;AAID;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAYnD"}

package/dist/src/mcp/config.js ADDED Viewed

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * MCP integration – configuration loader and validator.
+ *
+ * Handles loading the `mcp` block from the project config file, applying
+ * defaults, validating allowed transports and server URLs, and providing a
+ * single function to resolve the effective configuration for a named server.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REDACTED_KEYS = exports.MCP_ALLOWED_TRANSPORTS = exports.MCP_DEFAULT_TRANSPORT = exports.MCP_DEFAULT_RETRY_DELAY_MS = exports.MCP_DEFAULT_MAX_RETRIES = exports.MCP_DEFAULT_MAX_PAYLOAD_BYTES = exports.MCP_DEFAULT_TIMEOUT_MS = void 0;
+exports.resolveServerConfig = resolveServerConfig;
+exports.isMcpEnabledFor = isMcpEnabledFor;
+exports.validateTransport = validateTransport;
+exports.validateServerUrl = validateServerUrl;
+exports.validatePayloadSize = validatePayloadSize;
+exports.redactSecrets = redactSecrets;
+// ─── Defaults ─────────────────────────────────────────────────────────────────
+exports.MCP_DEFAULT_TIMEOUT_MS = 30000;
+exports.MCP_DEFAULT_MAX_PAYLOAD_BYTES = 1048576; // 1 MB
+exports.MCP_DEFAULT_MAX_RETRIES = 2;
+exports.MCP_DEFAULT_RETRY_DELAY_MS = 500;
+exports.MCP_DEFAULT_TRANSPORT = 'stdio';
+exports.MCP_ALLOWED_TRANSPORTS = ['stdio', 'http'];
+/** Sensitive key patterns that must never appear in MCP prompts */
+exports.REDACTED_KEYS = [
+    'token',
+    'password',
+    'secret',
+    'apikey',
+    'api_key',
+    'connectionstring',
+    'connection_string',
+    'authorization',
+    'bearer',
+    'private_key',
+    'privatekey',
+    'access_key',
+    'accesskey',
+];
+// ─── Effective config resolution ──────────────────────────────────────────────
+/**
+ * Merge per-server overrides with global defaults.
+ */
+function resolveServerConfig(global, serverName) {
+    var _a, _b, _c, _d, _e, _f;
+    const server = (_b = (_a = global.servers) === null || _a === void 0 ? void 0 : _a[serverName]) !== null && _b !== void 0 ? _b : {};
+    return {
+        ...server,
+        transport: (_d = (_c = server.transport) !== null && _c !== void 0 ? _c : global.defaultTransport) !== null && _d !== void 0 ? _d : exports.MCP_DEFAULT_TRANSPORT,
+        timeoutMs: (_f = (_e = server.timeoutMs) !== null && _e !== void 0 ? _e : global.timeoutMs) !== null && _f !== void 0 ? _f : exports.MCP_DEFAULT_TIMEOUT_MS,
+    };
+}
+/**
+ * Return true if MCP is globally enabled AND the named server is enabled.
+ */
+function isMcpEnabledFor(config, serverName) {
+    var _a;
+    if (!config.enabled)
+        return false;
+    const server = (_a = config.servers) === null || _a === void 0 ? void 0 : _a[serverName];
+    // If the server key is omitted entirely it defaults to disabled.
+    return (server === null || server === void 0 ? void 0 : server.enabled) === true;
+}
+// ─── Transport validation ─────────────────────────────────────────────────────
+/**
+ * Validate that the transport is in the allowlist (if configured).
+ * Throws when the transport is not permitted.
+ */
+function validateTransport(config, transport) {
+    const allowlist = config.transportAllowlist;
+    if (!allowlist || allowlist.length === 0)
+        return;
+    if (!allowlist.includes(transport)) {
+        throw new Error(`MCP transport "${transport}" is not in the configured allowlist [${allowlist.join(', ')}]`);
+    }
+}
+/**
+ * Validate that an HTTP server URL is in the allowlist (if configured).
+ * Throws when the URL does not match any allowed prefix.
+ */
+function validateServerUrl(config, url) {
+    const allowlist = config.serverAllowlist;
+    if (!allowlist || allowlist.length === 0)
+        return;
+    const permitted = allowlist.some((prefix) => url.startsWith(prefix));
+    if (!permitted) {
+        throw new Error(`MCP server URL "${url}" is not in the configured server allowlist`);
+    }
+}
+// ─── Payload size validation ──────────────────────────────────────────────────
+/**
+ * Validate that a payload string does not exceed the configured size limit.
+ * Throws when the limit is exceeded.
+ */
+function validatePayloadSize(config, payload) {
+    var _a;
+    const limitBytes = (_a = config.maxPayloadBytes) !== null && _a !== void 0 ? _a : exports.MCP_DEFAULT_MAX_PAYLOAD_BYTES;
+    const sizeBytes = Buffer.byteLength(payload, 'utf-8');
+    if (sizeBytes > limitBytes) {
+        throw new Error(`MCP prompt payload size ${sizeBytes} B exceeds the configured limit of ${limitBytes} B`);
+    }
+}
+// ─── Secret redaction ─────────────────────────────────────────────────────────
+/**
+ * Recursively redact sensitive values from a plain object.
+ * Keys matching any of the REDACTED_KEYS patterns (case-insensitive) have
+ * their values replaced with "[REDACTED]".
+ *
+ * Returns a deep-cloned sanitised copy; never mutates the original.
+ */
+function redactSecrets(obj) {
+    if (obj === null || obj === undefined)
+        return obj;
+    if (typeof obj !== 'object')
+        return obj;
+    if (Array.isArray(obj))
+        return obj.map(redactSecrets);
+    const out = {};
+    for (const [key, val] of Object.entries(obj)) {
+        const lowerKey = key.toLowerCase().replace(/[^a-z0-9]/g, '');
+        const isSensitive = exports.REDACTED_KEYS.some((k) => lowerKey.includes(k.replace(/[^a-z0-9]/g, '')));
+        out[key] = isSensitive ? '[REDACTED]' : redactSecrets(val);
+    }
+    return out;
+}

package/dist/src/mcp/events.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * MCP integration – real-time scan event adapter.
+ *
+ * Provides a lightweight event bus that emits AnalysisEvent objects during a
+ * scan run.  When MCP real-time mode is enabled the events are buffered and
+ * forwarded to the configured MCP server; when disabled they are buffered for
+ * inclusion in the final report prompt only.
+ */
+import type { AnalysisEvent, AnalysisEventType } from './types';
+export declare class AnalysisEventStream {
+    private readonly _events;
+    private readonly _handlers;
+    /** Emit an event onto the stream */
+    emit(type: AnalysisEventType, payload?: Record<string, unknown>): void;
+    /** Subscribe to all events emitted on this stream */
+    subscribe(handler: (event: AnalysisEvent) => void): void;
+    /** Return a snapshot of all events emitted so far */
+    getEvents(): ReadonlyArray<AnalysisEvent>;
+    /** Clear buffered events (useful between scan phases) */
+    clear(): void;
+}
+/** Create a pre-wired event stream that does nothing (no-op) when MCP is off */
+export declare function createNoOpStream(): AnalysisEventStream;
+//# sourceMappingURL=events.d.ts.map

package/dist/src/mcp/events.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../../src/mcp/events.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAIhE,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAuB;IAC/C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA6C;IAEvE,oCAAoC;IACpC,IAAI,CAAC,IAAI,EAAE,iBAAiB,EAAE,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAQ1E,qDAAqD;IACrD,SAAS,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,GAAG,IAAI;IAIxD,qDAAqD;IACrD,SAAS,IAAI,aAAa,CAAC,aAAa,CAAC;IAIzC,yDAAyD;IACzD,KAAK,IAAI,IAAI;CAGd;AAID,gFAAgF;AAChF,wBAAgB,gBAAgB,IAAI,mBAAmB,CAEtD"}

package/dist/src/mcp/events.js ADDED Viewed

@@ -0,0 +1,48 @@
+"use strict";
+/**
+ * MCP integration – real-time scan event adapter.
+ *
+ * Provides a lightweight event bus that emits AnalysisEvent objects during a
+ * scan run.  When MCP real-time mode is enabled the events are buffered and
+ * forwarded to the configured MCP server; when disabled they are buffered for
+ * inclusion in the final report prompt only.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AnalysisEventStream = void 0;
+exports.createNoOpStream = createNoOpStream;
+// ─── Event emitter ────────────────────────────────────────────────────────────
+class AnalysisEventStream {
+    constructor() {
+        this._events = [];
+        this._handlers = [];
+    }
+    /** Emit an event onto the stream */
+    emit(type, payload = {}) {
+        const event = { type, timestamp: Date.now(), payload };
+        this._events.push(event);
+        for (const handler of this._handlers) {
+            try {
+                handler(event);
+            }
+            catch { /* never let handlers crash the scan */ }
+        }
+    }
+    /** Subscribe to all events emitted on this stream */
+    subscribe(handler) {
+        this._handlers.push(handler);
+    }
+    /** Return a snapshot of all events emitted so far */
+    getEvents() {
+        return [...this._events];
+    }
+    /** Clear buffered events (useful between scan phases) */
+    clear() {
+        this._events.length = 0;
+    }
+}
+exports.AnalysisEventStream = AnalysisEventStream;
+// ─── Convenience helpers ──────────────────────────────────────────────────────
+/** Create a pre-wired event stream that does nothing (no-op) when MCP is off */
+function createNoOpStream() {
+    return new AnalysisEventStream();
+}

package/dist/src/mcp/fallback/index.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * MCP integration – fallback AI interpreter.
+ *
+ * When MCP is disabled or unavailable this module generates a deterministic,
+ * rule-based NormalizedAiAnalysis so that pipelines never break.
+ *
+ * Outputs are fully deterministic given the same inputs, making them suitable
+ * for snapshot testing.
+ */
+import type { NormalizedAiAnalysis } from '../types';
+import type { CoverageResult } from '../../reporting';
+import type { SecurityScanSummary } from '../../security/types';
+export interface FallbackCoverageInput {
+    results: CoverageResult[];
+    thresholds?: Record<string, number | undefined>;
+    gatePassed?: boolean;
+    failedCategories?: string[];
+}
+/**
+ * Generate a deterministic AI-style coverage summary without MCP.
+ */
+export declare function generateFallbackCoverageAnalysis(input: FallbackCoverageInput): NormalizedAiAnalysis;
+export interface FallbackSecurityInput {
+    scanSummary: SecurityScanSummary;
+}
+/**
+ * Generate a deterministic AI-style security analysis without MCP.
+ */
+export declare function generateFallbackSecurityAnalysis(input: FallbackSecurityInput): NormalizedAiAnalysis;
+export interface FallbackIntelligenceInput {
+    totalFindings: number;
+    totalRecommendations: number;
+    maxRiskScore: number;
+    avgRiskScore: number;
+    criticalUncoveredItems: number;
+    unprotectedSecurityFindings: number;
+    recommendationsByPriority: Record<string, number>;
+    topRiskAreas?: string[];
+    languages?: string[];
+    frameworks?: string[];
+}
+/**
+ * Generate a deterministic AI-style intelligence analysis without MCP.
+ */
+export declare function generateFallbackIntelligenceAnalysis(input: FallbackIntelligenceInput): NormalizedAiAnalysis;
+/**
+ * Generate a minimal deterministic AI analysis for any coverage category.
+ */
+export declare function generateFallbackAnalysis(category: string, coveragePercent: number, threshold?: number): NormalizedAiAnalysis;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/mcp/fallback/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/mcp/fallback/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAIhE,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAChD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAC9C,KAAK,EAAE,qBAAqB,GAC3B,oBAAoB,CAmDtB;AAID,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,mBAAmB,CAAC;CAClC;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAC9C,KAAK,EAAE,qBAAqB,GAC3B,oBAAoB,CA4DtB;AAID,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,2BAA2B,EAAE,MAAM,CAAC;IACpC,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,wBAAgB,oCAAoC,CAClD,KAAK,EAAE,yBAAyB,GAC/B,oBAAoB,CAkEtB;AAID;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,SAAS,CAAC,EAAE,MAAM,GACjB,oBAAoB,CAiBtB"}