npm - brakit - Versions diffs - 0.8.0 → 0.8.1 - Mend

brakit 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/runtime/index.js CHANGED Viewed

@@ -34,7 +34,7 @@ var init_routes = __esm({
 });
 // src/constants/limits.ts
-var MAX_REQUEST_ENTRIES, DEFAULT_MAX_BODY_CAPTURE, DEFAULT_API_LIMIT, MAX_TELEMETRY_ENTRIES, MAX_TAB_NAME_LENGTH;
+var MAX_REQUEST_ENTRIES, DEFAULT_MAX_BODY_CAPTURE, DEFAULT_API_LIMIT, MAX_TELEMETRY_ENTRIES, MAX_TAB_NAME_LENGTH, MAX_INGEST_BYTES, TERMINAL_TRUNCATE_LENGTH, SENSITIVE_MASK_MIN_LENGTH, SENSITIVE_MASK_VISIBLE_CHARS;
 var init_limits = __esm({
   "src/constants/limits.ts"() {
     "use strict";
@@ -43,11 +43,15 @@ var init_limits = __esm({
     DEFAULT_API_LIMIT = 500;
     MAX_TELEMETRY_ENTRIES = 1e3;
     MAX_TAB_NAME_LENGTH = 32;
+    MAX_INGEST_BYTES = 10 * 1024 * 1024;
+    TERMINAL_TRUNCATE_LENGTH = 80;
+    SENSITIVE_MASK_MIN_LENGTH = 8;
+    SENSITIVE_MASK_VISIBLE_CHARS = 4;
   }
 });
 // src/constants/thresholds.ts
-var FLOW_GAP_MS, SLOW_REQUEST_THRESHOLD_MS, MIN_POLLING_SEQUENCE, ENDPOINT_TRUNCATE_LENGTH, N1_QUERY_THRESHOLD, ERROR_RATE_THRESHOLD_PCT, SLOW_ENDPOINT_THRESHOLD_MS, MIN_REQUESTS_FOR_INSIGHT, HIGH_QUERY_COUNT_PER_REQ, CROSS_ENDPOINT_MIN_ENDPOINTS, CROSS_ENDPOINT_PCT, CROSS_ENDPOINT_MIN_OCCURRENCES, REDUNDANT_QUERY_MIN_COUNT, LARGE_RESPONSE_BYTES, HIGH_ROW_COUNT, OVERFETCH_MIN_REQUESTS, OVERFETCH_MIN_FIELDS, OVERFETCH_MIN_INTERNAL_IDS, OVERFETCH_NULL_RATIO, REGRESSION_PCT_THRESHOLD, REGRESSION_MIN_INCREASE_MS, REGRESSION_MIN_REQUESTS, QUERY_COUNT_REGRESSION_RATIO, OVERFETCH_MANY_FIELDS, OVERFETCH_UNWRAP_MIN_SIZE, MAX_DUPLICATE_INSIGHTS;
+var FLOW_GAP_MS, SLOW_REQUEST_THRESHOLD_MS, MIN_POLLING_SEQUENCE, ENDPOINT_TRUNCATE_LENGTH, N1_QUERY_THRESHOLD, ERROR_RATE_THRESHOLD_PCT, SLOW_ENDPOINT_THRESHOLD_MS, MIN_REQUESTS_FOR_INSIGHT, HIGH_QUERY_COUNT_PER_REQ, CROSS_ENDPOINT_MIN_ENDPOINTS, CROSS_ENDPOINT_PCT, CROSS_ENDPOINT_MIN_OCCURRENCES, REDUNDANT_QUERY_MIN_COUNT, LARGE_RESPONSE_BYTES, HIGH_ROW_COUNT, OVERFETCH_MIN_REQUESTS, OVERFETCH_MIN_FIELDS, OVERFETCH_MIN_INTERNAL_IDS, OVERFETCH_NULL_RATIO, REGRESSION_PCT_THRESHOLD, REGRESSION_MIN_INCREASE_MS, REGRESSION_MIN_REQUESTS, QUERY_COUNT_REGRESSION_RATIO, OVERFETCH_MANY_FIELDS, OVERFETCH_UNWRAP_MIN_SIZE, MAX_DUPLICATE_INSIGHTS, INSIGHT_WINDOW_PER_ENDPOINT, RESOLVE_AFTER_ABSENCES, RESOLVED_INSIGHT_TTL_MS;
 var init_thresholds = __esm({
   "src/constants/thresholds.ts"() {
     "use strict";
@@ -77,6 +81,9 @@ var init_thresholds = __esm({
     OVERFETCH_MANY_FIELDS = 12;
     OVERFETCH_UNWRAP_MIN_SIZE = 3;
     MAX_DUPLICATE_INSIGHTS = 3;
+    INSIGHT_WINDOW_PER_ENDPOINT = 2;
+    RESOLVE_AFTER_ABSENCES = 3;
+    RESOLVED_INSIGHT_TTL_MS = 18e5;
   }
 });
@@ -110,9 +117,18 @@ var init_metrics = __esm({
 });
 // src/constants/headers.ts
+var SENSITIVE_HEADER_NAMES;
 var init_headers = __esm({
   "src/constants/headers.ts"() {
     "use strict";
+    SENSITIVE_HEADER_NAMES = /* @__PURE__ */ new Set([
+      "authorization",
+      "cookie",
+      "set-cookie",
+      "proxy-authorization",
+      "x-api-key",
+      "x-auth-token"
+    ]);
   }
 });
@@ -1321,9 +1337,14 @@ var init_math = __esm({
 function getEndpointKey(method, path) {
   return `${method} ${path}`;
 }
+function extractEndpointFromDesc(desc) {
+  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+}
+var ENDPOINT_PREFIX_RE;
 var init_endpoint = __esm({
   "src/utils/endpoint.ts"() {
     "use strict";
+    ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
   }
 });
@@ -1666,7 +1687,7 @@ function maskSensitiveHeaders(headers) {
   for (const [key, value] of Object.entries(headers)) {
     if (SENSITIVE_HEADER_NAMES.has(key.toLowerCase())) {
       const s = String(value);
-      masked[key] = s.length <= 8 ? "****" : s.slice(0, 4) + "..." + s.slice(-4);
+      masked[key] = s.length <= SENSITIVE_MASK_MIN_LENGTH ? "****" : s.slice(0, SENSITIVE_MASK_VISIBLE_CHARS) + "..." + s.slice(-SENSITIVE_MASK_VISIBLE_CHARS);
     } else {
       masked[key] = value;
     }
@@ -1713,19 +1734,11 @@ function handleTelemetryGet(req, res, store) {
   const entries = requestId ? store.getByRequest(requestId) : [...store.getAll()];
   sendJson(req, res, 200, { total: entries.length, entries: entries.reverse() });
 }
-var SENSITIVE_HEADER_NAMES;
 var init_shared2 = __esm({
   "src/dashboard/api/shared.ts"() {
     "use strict";
     init_constants();
-    SENSITIVE_HEADER_NAMES = /* @__PURE__ */ new Set([
-      "authorization",
-      "cookie",
-      "set-cookie",
-      "proxy-authorization",
-      "x-api-key",
-      "x-auth-token"
-    ]);
+    init_limits();
   }
 });
@@ -1782,7 +1795,7 @@ function handleApiFlows(req, res) {
   }));
   sendJson(req, res, 200, { total: flows.length, flows });
 }
-function createClearHandler(metricsStore) {
+function createClearHandler(metricsStore, findingStore) {
   return (req, res) => {
     if (req.method !== "POST") {
       sendJson(req, res, 405, { error: "Method not allowed" });
@@ -1794,6 +1807,7 @@ function createClearHandler(metricsStore) {
     defaultErrorStore.clear();
     defaultQueryStore.clear();
     metricsStore.reset();
+    findingStore?.clear();
     sendJson(req, res, 200, { cleared: true });
   };
 }
@@ -1904,7 +1918,6 @@ function handleApiIngest(req, res) {
     sendJson(req, res, 405, { error: "Method not allowed" });
     return;
   }
-  const MAX_INGEST_BYTES = 10 * 1024 * 1024;
   const chunks = [];
   let totalSize = 0;
   req.on("data", (chunk) => {
@@ -1946,6 +1959,7 @@ var init_ingest = __esm({
   "src/dashboard/api/ingest.ts"() {
     "use strict";
     init_store();
+    init_limits();
     init_shared2();
   }
 });
@@ -2051,13 +2065,13 @@ var init_api = __esm({
 function createInsightsHandler(engine) {
   return (req, res) => {
     if (!requireGet(req, res)) return;
-    sendJson(req, res, 200, { insights: engine.getInsights() });
+    sendJson(req, res, 200, { insights: engine.getStatefulInsights() });
   };
 }
 function createSecurityHandler(engine) {
   return (req, res) => {
     if (!requireGet(req, res)) return;
-    sendJson(req, res, 200, { findings: engine.getFindings() });
+    sendJson(req, res, 200, { findings: engine.getStatefulFindings() });
   };
 }
 var init_insights = __esm({
@@ -2132,9 +2146,9 @@ data: ${data}
     const queryListener = (entry) => {
       writeEvent("query", JSON.stringify(entry));
     };
-    const analysisListener = engine ? (insights, findings) => {
-      writeEvent("insights", JSON.stringify(insights));
-      writeEvent("security", JSON.stringify(findings));
+    const analysisListener = engine ? ({ statefulInsights, statefulFindings }) => {
+      writeEvent("insights", JSON.stringify(statefulInsights));
+      writeEvent("security", JSON.stringify(statefulFindings));
     } : void 0;
     onRequest(requestListener);
     defaultFetchStore.onEntry(fetchListener);
@@ -2184,6 +2198,7 @@ function getBaseStyles() {
   --amber:#d97706;
   --red:#dc2626;
   --cyan:#0891b2;
+  --green-bg:rgba(22,163,74,0.08);--green-bg-subtle:rgba(22,163,74,0.05);--green-border:rgba(22,163,74,0.2);--green-border-subtle:rgba(22,163,74,0.15);
   --sidebar-width:232px;--header-height:52px;
   --radius:8px;--radius-sm:6px;
   --shadow-sm:0 1px 2px rgba(0,0,0,0.05);
@@ -2300,7 +2315,7 @@ function getFlowStyles() {
 .flow-label{font-weight:500;flex:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;color:var(--text)}
 .flow-req-count{font-family:var(--mono);font-size:12px;color:var(--text-muted);flex-shrink:0;text-align:right}
 .flow-badge-pill{font-size:11px;flex-shrink:0;font-family:var(--mono);font-weight:600;padding:2px 10px;border-radius:10px;text-align:center}
-.flow-badge-pill.badge-clean{background:rgba(22,163,74,0.07);color:var(--green)}
+.flow-badge-pill.badge-clean{background:var(--green-bg);color:var(--green)}
 .flow-badge-pill.badge-warn{background:rgba(217,119,6,0.07);color:var(--amber)}
 .flow-badge-pill.badge-error{background:rgba(220,38,38,0.07);color:var(--red)}
 .flow-duration{font-family:var(--mono);font-size:12px;color:var(--text-muted);flex-shrink:0;width:60px;text-align:right}
@@ -2320,7 +2335,7 @@ function getFlowStyles() {
 /* Method badges */
 .method-badge{display:inline-flex;align-items:center;justify-content:center;padding:3px 8px;border-radius:5px;font-size:10px;font-weight:700;font-family:var(--mono);letter-spacing:.3px;flex-shrink:0}
-.method-badge-GET{background:rgba(22,163,74,0.08);color:var(--green)}
+.method-badge-GET{background:var(--green-bg);color:var(--green)}
 .method-badge-POST{background:rgba(37,99,235,0.08);color:var(--blue)}
 .method-badge-PUT,.method-badge-PATCH{background:rgba(217,119,6,0.08);color:var(--amber)}
 .method-badge-DELETE{background:rgba(220,38,38,0.08);color:var(--red)}
@@ -2328,7 +2343,7 @@ function getFlowStyles() {
 /* Status pills */
 .status-pill{display:inline-flex;align-items:center;padding:1px 7px;border-radius:4px;font-size:11px;font-weight:600;font-family:var(--mono);flex-shrink:0}
-.status-pill-2xx{background:rgba(22,163,74,0.07);color:var(--green)}
+.status-pill-2xx{background:var(--green-bg);color:var(--green)}
 .status-pill-3xx{background:rgba(8,145,178,0.07);color:var(--cyan)}
 .status-pill-4xx{background:rgba(217,119,6,0.07);color:var(--amber)}
 .status-pill-5xx{background:rgba(220,38,38,0.07);color:var(--red)}
@@ -2595,6 +2610,7 @@ function getOverviewStyles() {
 .ov-card-icon.critical{background:rgba(220,38,38,.08);color:var(--red)}
 .ov-card-icon.warning{background:rgba(217,119,6,.08);color:var(--amber)}
 .ov-card-icon.info{background:rgba(37,99,235,.08);color:var(--blue)}
+.ov-card-icon.resolved{background:var(--green-bg);color:var(--green)}
 .ov-card-body{flex:1;min-width:0}
 .ov-card-title{font-size:13px;font-weight:600;color:var(--text);margin-bottom:2px}
 .ov-card-desc{font-size:12px;color:var(--text-dim);line-height:1.5}
@@ -2611,8 +2627,13 @@ function getOverviewStyles() {
 .ov-detail-item{font-size:12px;color:var(--text);font-family:var(--mono);padding:2px 0}
 /* All-clear banner */
-.ov-clear{display:flex;align-items:center;gap:12px;padding:16px 20px;background:rgba(22,163,74,.06);border:1px solid rgba(22,163,74,.2);border-radius:var(--radius);color:var(--green);font-size:13px;font-weight:500}
+.ov-clear{display:flex;align-items:center;gap:12px;padding:16px 20px;background:var(--green-bg-subtle);border:1px solid var(--green-border);border-radius:var(--radius);color:var(--green);font-size:13px;font-weight:500}
 .ov-clear-icon{font-size:16px}
+/* Resolved section */
+.ov-resolved-title{margin-top:24px}
+.ov-card-resolved{opacity:.7;border-color:var(--green-border);cursor:default}
+.ov-card-resolved:hover{opacity:1;box-shadow:var(--shadow-sm)}
 `;
 }
 var init_overview = __esm({
@@ -2628,7 +2649,7 @@ function getSecurityStyles() {
 .sec-container{padding:24px 28px}
 /* All-clear */
-.sec-clear{display:flex;align-items:center;gap:16px;padding:20px 24px;background:rgba(22,163,74,.05);border:1px solid rgba(22,163,74,.15);border-radius:var(--radius);margin-bottom:24px}
+.sec-clear{display:flex;align-items:center;gap:16px;padding:20px 24px;background:var(--green-bg-subtle);border:1px solid var(--green-border-subtle);border-radius:var(--radius);margin-bottom:24px}
 .sec-clear-icon{font-size:24px;color:var(--green);flex-shrink:0}
 .sec-clear-title{font-size:15px;font-weight:600;color:var(--green);margin-bottom:2px}
 .sec-clear-sub{font-size:12px;color:var(--text-dim)}
@@ -2664,6 +2685,19 @@ function getSecurityStyles() {
 .sec-item-desc{color:var(--text-dim);line-height:1.5;flex:1;min-width:0}
 .sec-item-desc strong{color:var(--text);font-family:var(--mono);font-weight:600}
 .sec-item-count{font-size:10px;font-family:var(--mono);color:var(--text-muted);flex-shrink:0;margin-left:12px}
+/* Resolved badge in summary */
+.sec-resolved-badge{font-size:11px;font-weight:600;padding:3px 10px;border-radius:10px;background:var(--green-bg);color:var(--green);margin-left:12px}
+/* Resolved section */
+.sec-resolved-title{display:flex;align-items:center;gap:8px;font-size:13px;font-weight:600;color:var(--text-dim);margin:20px 0 8px 0}
+.sec-resolved-check{color:var(--green);font-size:14px}
+.sec-resolved-count{font-size:11px;font-family:var(--mono);color:var(--text-muted);background:var(--bg-muted);padding:1px 8px;border-radius:10px;border:1px solid var(--border)}
+.sec-group-resolved{opacity:.7;border-color:var(--green-border)}
+.sec-group-resolved:hover{opacity:1}
+.sec-item-resolved{color:var(--text-muted)}
+.sec-item-resolved .sec-item-desc{text-decoration:line-through;text-decoration-color:var(--text-muted)}
+.sec-resolved-item-icon{color:var(--green);font-size:12px;flex-shrink:0;margin-right:8px}
 `;
 }
 var init_security = __esm({
@@ -3589,6 +3623,23 @@ function createEndpointGroup() {
     queryShapeDurations: /* @__PURE__ */ new Map()
   };
 }
+function windowByEndpoint(requests) {
+  const byEndpoint = /* @__PURE__ */ new Map();
+  for (const r of requests) {
+    const ep = getEndpointKey(r.method, r.path);
+    let list = byEndpoint.get(ep);
+    if (!list) {
+      list = [];
+      byEndpoint.set(ep, list);
+    }
+    list.push(r);
+  }
+  const windowed = [];
+  for (const [, reqs] of byEndpoint) {
+    windowed.push(...reqs.slice(-INSIGHT_WINDOW_PER_ENDPOINT));
+  }
+  return windowed;
+}
 function prepareContext(ctx) {
   const nonStatic = ctx.requests.filter(
     (r) => !r.isStatic && (!r.path || !r.path.startsWith(DASHBOARD_PREFIX))
@@ -3596,8 +3647,9 @@ function prepareContext(ctx) {
   const queriesByReq = groupBy(ctx.queries, (q) => q.parentRequestId);
   const fetchesByReq = groupBy(ctx.fetches, (f) => f.parentRequestId);
   const reqById = new Map(nonStatic.map((r) => [r.id, r]));
+  const recent = windowByEndpoint(nonStatic);
   const endpointGroups = /* @__PURE__ */ new Map();
-  for (const r of nonStatic) {
+  for (const r of recent) {
     const ep = getEndpointKey(r.method, r.path);
     let g = endpointGroups.get(ep);
     if (!g) {
@@ -3642,6 +3694,7 @@ var init_prepare = __esm({
     init_collections();
     init_endpoint();
     init_constants();
+    init_thresholds();
     init_query_helpers();
   }
 });
@@ -4330,6 +4383,69 @@ var init_insights3 = __esm({
   }
 });
+// src/analysis/insight-tracker.ts
+function computeInsightKey(insight) {
+  const identifier = extractEndpointFromDesc(insight.desc) ?? insight.title;
+  return `${insight.type}:${identifier}`;
+}
+var InsightTracker;
+var init_insight_tracker = __esm({
+  "src/analysis/insight-tracker.ts"() {
+    "use strict";
+    init_endpoint();
+    init_thresholds();
+    InsightTracker = class {
+      tracked = /* @__PURE__ */ new Map();
+      reconcile(current) {
+        const currentKeys = /* @__PURE__ */ new Set();
+        const now = Date.now();
+        for (const insight of current) {
+          const key = computeInsightKey(insight);
+          currentKeys.add(key);
+          const existing = this.tracked.get(key);
+          if (existing) {
+            existing.insight = insight;
+            existing.lastSeenAt = now;
+            existing.consecutiveAbsences = 0;
+            if (existing.state === "resolved") {
+              existing.state = "open";
+              existing.resolvedAt = null;
+            }
+          } else {
+            this.tracked.set(key, {
+              key,
+              state: "open",
+              insight,
+              firstSeenAt: now,
+              lastSeenAt: now,
+              resolvedAt: null,
+              consecutiveAbsences: 0
+            });
+          }
+        }
+        for (const [key, stateful] of this.tracked) {
+          if (stateful.state === "open" && !currentKeys.has(stateful.key)) {
+            stateful.consecutiveAbsences++;
+            if (stateful.consecutiveAbsences >= RESOLVE_AFTER_ABSENCES) {
+              stateful.state = "resolved";
+              stateful.resolvedAt = now;
+            }
+          } else if (stateful.state === "resolved" && stateful.resolvedAt !== null && now - stateful.resolvedAt > RESOLVED_INSIGHT_TTL_MS) {
+            this.tracked.delete(key);
+          }
+        }
+        return [...this.tracked.values()];
+      }
+      getAll() {
+        return [...this.tracked.values()];
+      }
+      clear() {
+        this.tracked.clear();
+      }
+    };
+  }
+});
 // src/analysis/engine.ts
 var AnalysisEngine;
 var init_engine = __esm({
@@ -4341,6 +4457,7 @@ var init_engine = __esm({
     init_group();
     init_rules();
     init_insights3();
+    init_insight_tracker();
     AnalysisEngine = class {
       constructor(metricsStore, findingStore, debounceMs = 300) {
         this.metricsStore = metricsStore;
@@ -4353,8 +4470,10 @@ var init_engine = __esm({
         this.boundLogListener = () => this.scheduleRecompute();
       }
       scanner;
+      insightTracker = new InsightTracker();
       cachedInsights = [];
       cachedFindings = [];
+      cachedStatefulInsights = [];
       debounceTimer = null;
       listeners = [];
       boundRequestListener;
@@ -4390,6 +4509,12 @@ var init_engine = __esm({
       getFindings() {
         return this.cachedFindings;
       }
+      getStatefulFindings() {
+        return this.findingStore?.getAll() ?? [];
+      }
+      getStatefulInsights() {
+        return this.cachedStatefulInsights;
+      }
       scheduleRecompute() {
         if (this.debounceTimer) return;
         this.debounceTimer = setTimeout(() => {
@@ -4420,9 +4545,16 @@ var init_engine = __esm({
           previousMetrics: this.metricsStore.getAll(),
           securityFindings: this.cachedFindings
         });
+        this.cachedStatefulInsights = this.insightTracker.reconcile(this.cachedInsights);
+        const update = {
+          insights: this.cachedInsights,
+          findings: this.cachedFindings,
+          statefulFindings: this.getStatefulFindings(),
+          statefulInsights: this.cachedStatefulInsights
+        };
         for (const fn of this.listeners) {
           try {
-            fn(this.cachedInsights, this.cachedFindings);
+            fn(update);
           } catch {
           }
         }
@@ -4443,7 +4575,7 @@ var init_src = __esm({
     init_engine();
     init_insights3();
     init_insights2();
-    VERSION = "0.8.0";
+    VERSION = "0.8.1";
   }
 });
@@ -4621,7 +4753,7 @@ var init_thresholds2 = __esm({
 });
 // src/dashboard/client/constants/display.ts
-var QUERY_OP_COLORS, LOG_LEVEL_COLORS, GRAPH_COLORS, DOT_COLORS, HEALTH_GRADES, CHART_GRID_COLOR, CHART_LABEL_COLOR, CHART_FONT, CHART_FONT_SM, CHART_FONT_XS, CHART_PAD, TL_TYPE_COLORS, TL_TYPE_LABELS, SENSITIVE_HEADERS, HTTP_STATUS_MAP, NAV_LABELS, CURL_SKIP_HEADERS;
+var QUERY_OP_COLORS, LOG_LEVEL_COLORS, GRAPH_COLORS, DOT_COLORS, HEALTH_GRADES, CHART_GRID_COLOR, CHART_LABEL_COLOR, CHART_FONT, CHART_FONT_SM, CHART_FONT_XS, CHART_PAD, TL_TYPE_COLORS, TL_TYPE_LABELS, SENSITIVE_HEADERS, HTTP_STATUS_MAP, NAV_LABELS, CURL_SKIP_HEADERS, SEVERITY_MAP;
 var init_display = __esm({
   "src/dashboard/client/constants/display.ts"() {
     "use strict";
@@ -4649,6 +4781,7 @@ var init_display = __esm({
     HTTP_STATUS_MAP = `{400:'Bad Request',401:'Unauthorized',403:'Forbidden',404:'Not Found',405:'Method Not Allowed',408:'Timeout',409:'Conflict',422:'Unprocessable',429:'Too Many Requests',500:'Internal Server Error',502:'Bad Gateway',503:'Service Unavailable',504:'Gateway Timeout'}`;
     NAV_LABELS = `{ queries: 'Queries', requests: 'Requests', actions: 'Actions', errors: 'Errors', security: 'Security', fetches: 'Fetches', logs: 'Logs', performance: 'Performance' }`;
     CURL_SKIP_HEADERS = `['host', 'connection', 'accept-encoding']`;
+    SEVERITY_MAP = `{ critical: { icon: '\\u2717', cls: 'critical', sort: 0 }, warning: { icon: '\\u26A0', cls: 'warning', sort: 1 }, info: { icon: '\\u2139', cls: 'info', sort: 2 } }`;
   }
 });
@@ -6388,9 +6521,11 @@ function getOverviewRender() {
       '<div class="ov-stat"><span class="ov-stat-value">' + state.fetches.length + '</span><span class="ov-stat-label">Fetches</span></div>';
     container.appendChild(summary);
-    var insights = state.insights || [];
+    var all = state.insights || [];
+    var open = all.filter(function(si) { return si.state === 'open'; });
+    var resolved = all.filter(function(si) { return si.state === 'resolved'; });
-    if (insights.length === 0) {
+    if (open.length === 0 && resolved.length === 0) {
       var clear = document.createElement('div');
       clear.className = 'ov-clear';
       clear.innerHTML = '<span class="ov-clear-icon">\\u2713</span>All clear \u2014 no issues detected';
@@ -6398,67 +6533,104 @@ function getOverviewRender() {
       return;
     }
-    var title = document.createElement('div');
-    title.className = 'ov-section-title';
-    title.innerHTML = 'Issues Found <span class="ov-issue-count">' + insights.length + '</span>';
-    container.appendChild(title);
-    var cards = document.createElement('div');
-    cards.className = 'ov-cards';
+    if (open.length === 0 && resolved.length > 0) {
+      var allFixed = document.createElement('div');
+      allFixed.className = 'ov-clear';
+      allFixed.innerHTML = '<span class="ov-clear-icon">\\u2713</span>All issues resolved \u2014 ' + resolved.length + ' finding' + (resolved.length !== 1 ? 's were' : ' was') + ' detected and fixed';
+      container.appendChild(allFixed);
+    }
     var NAV_LABELS = ${NAV_LABELS};
+    var SEV = ${SEVERITY_MAP};
-    for (var i = 0; i < insights.length; i++) {
-      (function(insight) {
-        var card = document.createElement('div');
-        card.className = 'ov-card';
+    if (open.length > 0) {
+      var title = document.createElement('div');
+      title.className = 'ov-section-title';
+      title.innerHTML = 'Issues Found <span class="ov-issue-count">' + open.length + '</span>';
+      container.appendChild(title);
+      var cards = document.createElement('div');
+      cards.className = 'ov-cards';
+      for (var i = 0; i < open.length; i++) {
+        (function(si) {
+          var insight = si.insight;
+          var card = document.createElement('div');
+          card.className = 'ov-card';
+          var sevCfg = SEV[insight.severity];
+          var iconCls = sevCfg.cls;
+          var iconChar = sevCfg.icon;
+          var expandHtml = '';
+          if (insight.detail) expandHtml += insight.detail;
+          if (insight.hint) expandHtml += '<div class="ov-card-hint">' + escHtml(insight.hint) + '</div>';
+          expandHtml += '<span class="ov-card-link" data-nav="' + insight.nav + '">View in ' + (NAV_LABELS[insight.nav] || insight.nav) + ' \\u2192</span>';
+          card.innerHTML =
+            '<span class="ov-card-icon ' + iconCls + '">' + iconChar + '</span>' +
+            '<div class="ov-card-body">' +
+              '<div class="ov-card-title">' + escHtml(insight.title) + '</div>' +
+              '<div class="ov-card-desc">' + insight.desc + '</div>' +
+              '<div class="ov-card-expand">' + expandHtml + '</div>' +
+            '</div>' +
+            '<span class="ov-card-arrow">\\u2192</span>';
+          card.addEventListener('click', function(e) {
+            var target = e.target;
+            while (target && target !== card) {
+              if (target.classList && target.classList.contains('ov-card-link')) {
+                var navView = target.getAttribute('data-nav');
+                var sidebarItem = document.querySelector('.sidebar-item[data-view="' + navView + '"]');
+                if (sidebarItem) sidebarItem.click();
+                return;
+              }
+              target = target.parentElement;
+            }
+            var expand = card.querySelector('.ov-card-expand');
+            var arrow = card.querySelector('.ov-card-arrow');
+            if (card.classList.contains('expanded')) {
+              card.classList.remove('expanded');
+              expand.style.display = 'none';
+              arrow.textContent = '\\u2192';
+            } else {
+              card.classList.add('expanded');
+              expand.style.display = 'block';
+              arrow.textContent = '\\u2193';
+            }
+          });
-        var iconCls = insight.severity === 'critical' ? 'critical' : insight.severity === 'info' ? 'info' : 'warning';
-        var iconChar = insight.severity === 'critical' ? '\\u2717' : insight.severity === 'info' ? '\\u2139' : '\\u26A0';
+          cards.appendChild(card);
+        })(open[i]);
+      }
-        var expandHtml = '';
-        if (insight.detail) expandHtml += insight.detail;
-        if (insight.hint) expandHtml += '<div class="ov-card-hint">' + escHtml(insight.hint) + '</div>';
-        expandHtml += '<span class="ov-card-link" data-nav="' + insight.nav + '">View in ' + (NAV_LABELS[insight.nav] || insight.nav) + ' \\u2192</span>';
+      container.appendChild(cards);
+    }
-        card.innerHTML =
-          '<span class="ov-card-icon ' + iconCls + '">' + iconChar + '</span>' +
+    if (resolved.length > 0) {
+      var resolvedTitle = document.createElement('div');
+      resolvedTitle.className = 'ov-section-title ov-resolved-title';
+      resolvedTitle.innerHTML = '<span style="color:var(--green)">\\u2713</span> Resolved <span class="ov-issue-count">' + resolved.length + '</span>';
+      container.appendChild(resolvedTitle);
+      var resolvedCards = document.createElement('div');
+      resolvedCards.className = 'ov-cards';
+      for (var ri = 0; ri < resolved.length; ri++) {
+        var rInsight = resolved[ri].insight;
+        var rCard = document.createElement('div');
+        rCard.className = 'ov-card ov-card-resolved';
+        rCard.innerHTML =
+          '<span class="ov-card-icon resolved">\\u2713</span>' +
           '<div class="ov-card-body">' +
-            '<div class="ov-card-title">' + escHtml(insight.title) + '</div>' +
-            '<div class="ov-card-desc">' + insight.desc + '</div>' +
-            '<div class="ov-card-expand">' + expandHtml + '</div>' +
-          '</div>' +
-          '<span class="ov-card-arrow">\\u2192</span>';
-        card.addEventListener('click', function(e) {
-          var target = e.target;
-          while (target && target !== card) {
-            if (target.classList && target.classList.contains('ov-card-link')) {
-              var navView = target.getAttribute('data-nav');
-              var sidebarItem = document.querySelector('.sidebar-item[data-view="' + navView + '"]');
-              if (sidebarItem) sidebarItem.click();
-              return;
-            }
-            target = target.parentElement;
-          }
-          var expand = card.querySelector('.ov-card-expand');
-          var arrow = card.querySelector('.ov-card-arrow');
-          if (card.classList.contains('expanded')) {
-            card.classList.remove('expanded');
-            expand.style.display = 'none';
-            arrow.textContent = '\\u2192';
-          } else {
-            card.classList.add('expanded');
-            expand.style.display = 'block';
-            arrow.textContent = '\\u2193';
-          }
-        });
+            '<div class="ov-card-title" style="text-decoration:line-through;color:var(--text-muted)">' + escHtml(rInsight.title) + '</div>' +
+            '<div class="ov-card-desc">' + rInsight.desc + '</div>' +
+          '</div>';
+        resolvedCards.appendChild(rCard);
+      }
-        cards.appendChild(card);
-      })(insights[i]);
+      container.appendChild(resolvedCards);
     }
-    container.appendChild(cards);
   }
   `;
 }
@@ -6488,10 +6660,13 @@ function getSecurityView() {
     var container = document.getElementById('security-content');
     if (!container) return;
     container.innerHTML = '';
+    var SEV = ${SEVERITY_MAP};
-    var findings = state.findings || [];
+    var all = state.findings || [];
+    var open = all.filter(function(f) { return f.state === 'open' || f.state === 'fixing'; });
+    var resolved = all.filter(function(f) { return f.state === 'resolved'; });
-    if (findings.length === 0) {
+    if (open.length === 0 && resolved.length === 0) {
       var hasData = state.requests.length > 0 || state.logs.length > 0 || state.queries.length > 0;
       if (!hasData) {
         container.innerHTML = '<div class="empty" style="height:400px"><span class="empty-title">Waiting for requests...</span><span class="empty-sub">Start using your app to see security findings here</span></div>';
@@ -6502,17 +6677,20 @@ function getSecurityView() {
     }
     var critCount = 0, warnCount = 0, infoCount = 0;
-    for (var ci = 0; ci < findings.length; ci++) {
-      if (findings[ci].severity === 'critical') critCount++;
-      else if (findings[ci].severity === 'info') infoCount++;
+    for (var ci = 0; ci < open.length; ci++) {
+      var sev = open[ci].finding.severity;
+      if (sev === 'critical') critCount++;
+      else if (sev === 'info') infoCount++;
       else warnCount++;
     }
     var summaryEl = document.createElement('div');
     summaryEl.className = 'sec-summary';
     summaryEl.innerHTML =
       '<div class="sec-summary-left">' +
-        '<span class="sec-summary-count">' + findings.length + '</span>' +
-        '<span class="sec-summary-label">issue' + (findings.length !== 1 ? 's' : '') + ' found</span>' +
+        '<span class="sec-summary-count">' + open.length + '</span>' +
+        '<span class="sec-summary-label">open issue' + (open.length !== 1 ? 's' : '') + '</span>' +
+        (resolved.length > 0 ? '<span class="sec-resolved-badge">' + resolved.length + ' resolved</span>' : '') +
       '</div>' +
       '<div class="sec-summary-right">' +
         (critCount > 0 ? '<span class="sec-badge critical">' + critCount + ' critical</span>' : '') +
@@ -6521,60 +6699,93 @@ function getSecurityView() {
       '</div>';
     container.appendChild(summaryEl);
-    var groups = {};
-    var groupOrder = [];
-    for (var gi = 0; gi < findings.length; gi++) {
-      var f = findings[gi];
-      if (!groups[f.rule]) {
-        groups[f.rule] = { rule: f.rule, title: f.title, severity: f.severity, hint: f.hint, items: [] };
-        groupOrder.push(f.rule);
-      }
-      groups[f.rule].items.push(f);
+    if (open.length === 0 && resolved.length > 0) {
+      var allFixed = document.createElement('div');
+      allFixed.className = 'sec-clear';
+      allFixed.innerHTML = '<span class="sec-clear-icon">\\u2713</span><div class="sec-clear-text"><div class="sec-clear-title">All issues resolved</div><div class="sec-clear-sub">' + resolved.length + ' finding' + (resolved.length !== 1 ? 's were' : ' was') + ' detected and fixed</div></div>';
+      container.appendChild(allFixed);
     }
-    groupOrder.sort(function(a, b) {
-      var sa = groups[a].severity === 'critical' ? 0 : groups[a].severity === 'warning' ? 1 : 2;
-      var sb = groups[b].severity === 'critical' ? 0 : groups[b].severity === 'warning' ? 1 : 2;
-      if (sa !== sb) return sa - sb;
-      return groups[b].items.length - groups[a].items.length;
-    });
+    if (open.length > 0) {
+      var groups = {};
+      var groupOrder = [];
+      for (var gi = 0; gi < open.length; gi++) {
+        var f = open[gi].finding;
+        if (!groups[f.rule]) {
+          groups[f.rule] = { rule: f.rule, title: f.title, severity: f.severity, hint: f.hint, items: [] };
+          groupOrder.push(f.rule);
+        }
+        groups[f.rule].items.push(f);
+      }
-    for (var oi = 0; oi < groupOrder.length; oi++) {
-      var group = groups[groupOrder[oi]];
-      var section = document.createElement('div');
-      section.className = 'sec-group';
+      groupOrder.sort(function(a, b) {
+        var sa = SEV[groups[a].severity].sort;
+        var sb = SEV[groups[b].severity].sort;
+        if (sa !== sb) return sa - sb;
+        return groups[b].items.length - groups[a].items.length;
+      });
-      var iconCls = group.severity === 'critical' ? 'critical' : group.severity === 'info' ? 'info' : 'warning';
-      var iconChar = group.severity === 'critical' ? '\\u2717' : group.severity === 'info' ? '\\u2139' : '\\u26A0';
+      for (var oi = 0; oi < groupOrder.length; oi++) {
+        var group = groups[groupOrder[oi]];
+        var section = document.createElement('div');
+        section.className = 'sec-group';
+        var sevCfg = SEV[group.severity];
+        var iconCls = sevCfg.cls;
+        var iconChar = sevCfg.icon;
+        var header = document.createElement('div');
+        header.className = 'sec-group-header';
+        header.innerHTML =
+          '<span class="sec-group-icon ' + iconCls + '">' + iconChar + '</span>' +
+          '<span class="sec-group-title">' + escHtml(group.title) + '</span>' +
+          '<span class="sec-group-count">' + group.items.length + '</span>';
+        section.appendChild(header);
+        if (group.hint) {
+          var hintEl = document.createElement('div');
+          hintEl.className = 'sec-hint';
+          hintEl.textContent = group.hint;
+          section.appendChild(hintEl);
+        }
-      var header = document.createElement('div');
-      header.className = 'sec-group-header';
-      header.innerHTML =
-        '<span class="sec-group-icon ' + iconCls + '">' + iconChar + '</span>' +
-        '<span class="sec-group-title">' + escHtml(group.title) + '</span>' +
-        '<span class="sec-group-count">' + group.items.length + '</span>';
-      section.appendChild(header);
-      if (group.hint) {
-        var hintEl = document.createElement('div');
-        hintEl.className = 'sec-hint';
-        hintEl.textContent = group.hint;
-        section.appendChild(hintEl);
-      }
-      var list = document.createElement('div');
-      list.className = 'sec-items';
-      for (var ii = 0; ii < group.items.length; ii++) {
-        var item = group.items[ii];
-        var row = document.createElement('div');
-        row.className = 'sec-item';
-        row.innerHTML =
-          '<div class="sec-item-desc">' + item.desc + '</div>' +
-          (item.count > 1 ? '<span class="sec-item-count">' + item.count + 'x</span>' : '');
-        list.appendChild(row);
+        var list = document.createElement('div');
+        list.className = 'sec-items';
+        for (var ii = 0; ii < group.items.length; ii++) {
+          var item = group.items[ii];
+          var row = document.createElement('div');
+          row.className = 'sec-item';
+          row.innerHTML =
+            '<div class="sec-item-desc">' + item.desc + '</div>' +
+            (item.count > 1 ? '<span class="sec-item-count">' + item.count + 'x</span>' : '');
+          list.appendChild(row);
+        }
+        section.appendChild(list);
+        container.appendChild(section);
       }
-      section.appendChild(list);
-      container.appendChild(section);
+    }
+    if (resolved.length > 0) {
+      var resolvedTitle = document.createElement('div');
+      resolvedTitle.className = 'sec-resolved-title';
+      resolvedTitle.innerHTML = '<span class="sec-resolved-check">\\u2713</span> Resolved <span class="sec-resolved-count">' + resolved.length + '</span>';
+      container.appendChild(resolvedTitle);
+      var resolvedGroup = document.createElement('div');
+      resolvedGroup.className = 'sec-group sec-group-resolved';
+      var resolvedItems = document.createElement('div');
+      resolvedItems.className = 'sec-items';
+      for (var ri = 0; ri < resolved.length; ri++) {
+        var rf = resolved[ri].finding;
+        var rRow = document.createElement('div');
+        rRow.className = 'sec-item sec-item-resolved';
+        rRow.innerHTML =
+          '<span class="sec-resolved-item-icon">\\u2713</span>' +
+          '<div class="sec-item-desc">' + escHtml(rf.title) + ' \\u2014 ' + escHtml(rf.endpoint) + '</div>';
+        resolvedItems.appendChild(rRow);
+      }
+      resolvedGroup.appendChild(resolvedItems);
+      container.appendChild(resolvedGroup);
     }
   }
   `;
@@ -6582,6 +6793,7 @@ function getSecurityView() {
 var init_security3 = __esm({
   "src/dashboard/client/views/security.ts"() {
     "use strict";
+    init_display();
   }
 });
@@ -6762,7 +6974,7 @@ function getApp() {
     if (queryCount) queryCount.textContent = state.queries.length;
     var secCount = document.getElementById('sidebar-count-security');
     if (secCount) {
-      var numFindings = (state.findings || []).length;
+      var numFindings = (state.findings || []).filter(function(f) { return f.state !== 'resolved'; }).length;
       secCount.textContent = numFindings;
       secCount.style.display = numFindings > 0 ? '' : 'none';
     }
@@ -6931,7 +7143,7 @@ function createDashboardHandler(deps) {
     [DASHBOARD_API_REQUESTS]: handleApiRequests,
     [DASHBOARD_API_EVENTS]: createSSEHandler(deps.analysisEngine),
     [DASHBOARD_API_FLOWS]: handleApiFlows,
-    [DASHBOARD_API_CLEAR]: createClearHandler(deps.metricsStore),
+    [DASHBOARD_API_CLEAR]: createClearHandler(deps.metricsStore, deps.findingStore),
     [DASHBOARD_API_LOGS]: handleApiLogs,
     [DASHBOARD_API_FETCHES]: handleApiFetches,
     [DASHBOARD_API_ERRORS]: handleApiErrors,
@@ -7003,22 +7215,32 @@ var init_router = __esm({
   }
 });
+// src/constants/severity.ts
+var SEVERITY_ICON;
+var init_severity = __esm({
+  "src/constants/severity.ts"() {
+    "use strict";
+    SEVERITY_ICON = {
+      critical: "\u2717",
+      warning: "\u26A0",
+      info: "\u2139"
+    };
+  }
+});
 // src/output/terminal.ts
 import pc from "picocolors";
 function print(line) {
   process.stdout.write(line + "\n");
 }
 function severityIcon(severity) {
-  if (severity === "critical") return pc.red("\u2717");
-  if (severity === "warning") return pc.yellow("\u26A0");
-  return pc.dim("\u25CB");
+  return SEVERITY_COLOR[severity](SEVERITY_ICON[severity]);
 }
 function colorTitle(severity, text) {
-  if (severity === "critical") return pc.red(pc.bold(text));
-  if (severity === "warning") return pc.yellow(pc.bold(text));
-  return pc.dim(text);
+  const color = SEVERITY_COLOR[severity];
+  return severity === "info" ? color(text) : color(pc.bold(text));
 }
-function truncate(s, max = 80) {
+function truncate(s, max = TERMINAL_TRUNCATE_LENGTH) {
   return s.length <= max ? s : s.slice(0, max - 1) + "\u2026";
 }
 function formatConsoleLine(insight, suffix) {
@@ -7034,38 +7256,66 @@ function formatConsoleLine(insight, suffix) {
 }
 function createConsoleInsightListener(proxyPort, metricsStore) {
   const printedKeys = /* @__PURE__ */ new Set();
+  const resolvedKeys = /* @__PURE__ */ new Set();
   const dashUrl = `localhost:${proxyPort}${DASHBOARD_PREFIX}`;
-  return (insights) => {
-    const lines = [];
-    for (const insight of insights) {
-      if (insight.severity === "info") continue;
-      const endpoint = insight.desc.match(/^(\S+\s+\S+)/)?.[1] ?? insight.desc;
-      const key = `${insight.type}:${endpoint}`;
-      if (printedKeys.has(key)) continue;
-      printedKeys.add(key);
+  return ({ statefulInsights }) => {
+    const newLines = [];
+    const resolvedLines = [];
+    for (const si of statefulInsights) {
+      if (si.state === "resolved") {
+        if (resolvedKeys.has(si.key)) continue;
+        resolvedKeys.add(si.key);
+        printedKeys.delete(si.key);
+        const title = pc.green(pc.bold(`\u2713 ${si.insight.title}`));
+        const desc = pc.dim(truncate(si.insight.desc));
+        resolvedLines.push(`  ${title} \u2014 ${desc} ${pc.green("resolved")}`);
+        continue;
+      }
+      resolvedKeys.delete(si.key);
+      if (si.insight.severity === "info") continue;
+      if (printedKeys.has(si.key)) continue;
+      printedKeys.add(si.key);
       let suffix;
-      if (insight.type === "slow") {
-        const ep = metricsStore.getEndpoint(endpoint);
-        if (ep && ep.sessions.length > 1) {
-          const prev = ep.sessions[ep.sessions.length - 2];
-          suffix = ` (\u2191 from ${prev.p95DurationMs < 1e3 ? prev.p95DurationMs + "ms" : (prev.p95DurationMs / 1e3).toFixed(1) + "s"})`;
+      if (si.insight.type === "slow") {
+        const endpoint = extractEndpointFromDesc(si.insight.desc);
+        if (endpoint) {
+          const ep = metricsStore.getEndpoint(endpoint);
+          if (ep && ep.sessions.length > 1) {
+            const prev = ep.sessions[ep.sessions.length - 2];
+            suffix = ` (\u2191 from ${prev.p95DurationMs < 1e3 ? prev.p95DurationMs + "ms" : (prev.p95DurationMs / 1e3).toFixed(1) + "s"})`;
+          }
         }
       }
-      lines.push(formatConsoleLine(insight, suffix));
+      newLines.push(formatConsoleLine(si.insight, suffix));
     }
-    if (lines.length > 0) {
+    if (newLines.length > 0) {
       print("");
-      for (const line of lines) print(line);
+      for (const line of newLines) print(line);
       print("");
       print(`  ${pc.magenta(pc.bold("brakit"))} ${pc.dim("\u2192")} ${pc.dim("Dashboard:")} ${pc.underline(`http://${dashUrl}`)}  ${pc.dim("or ask your AI:")} ${pc.bold('"Fix brakit findings"')}`);
     }
+    if (resolvedLines.length > 0) {
+      print("");
+      for (const line of resolvedLines) print(line);
+      print("");
+      print(`  ${pc.magenta(pc.bold("brakit"))} ${pc.dim("\u2192")} ${pc.green("Issues fixed!")}`);
+    }
   };
 }
+var SEVERITY_COLOR;
 var init_terminal = __esm({
   "src/output/terminal.ts"() {
     "use strict";
     init_src();
     init_constants();
+    init_limits();
+    init_severity();
+    init_endpoint();
+    SEVERITY_COLOR = {
+      critical: pc.red,
+      warning: pc.yellow,
+      info: pc.dim
+    };
   }
 });