brakit 0.8.3 → 0.8.5

package/dist/api.js

@@ -1,12 +1,83 @@
 // src/store/finding-store.ts
+import { readFile as readFile2 } from "fs/promises";
 import { readFileSync as readFileSync2, existsSync as existsSync3 } from "fs";
 import { resolve as resolve2 } from "path";
 
+// src/utils/fs.ts
+import { access, readFile, writeFile } from "fs/promises";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { resolve } from "path";
+async function fileExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function ensureGitignore(dir, entry) {
+  try {
+    const gitignorePath = resolve(dir, "../.gitignore");
+    if (existsSync(gitignorePath)) {
+      const content = readFileSync(gitignorePath, "utf-8");
+      if (content.split("\n").some((l) => l.trim() === entry)) return;
+      writeFileSync(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
+    } else {
+      writeFileSync(gitignorePath, entry + "\n");
+    }
+  } catch {
+  }
+}
+async function ensureGitignoreAsync(dir, entry) {
+  try {
+    const gitignorePath = resolve(dir, "../.gitignore");
+    if (await fileExists(gitignorePath)) {
+      const content = await readFile(gitignorePath, "utf-8");
+      if (content.split("\n").some((l) => l.trim() === entry)) return;
+      await writeFile(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
+    } else {
+      await writeFile(gitignorePath, entry + "\n");
+    }
+  } catch {
+  }
+}
+
 // src/constants/routes.ts
 var DASHBOARD_PREFIX = "/__brakit";
+var DASHBOARD_API_REQUESTS = `${DASHBOARD_PREFIX}/api/requests`;
+var DASHBOARD_API_EVENTS = `${DASHBOARD_PREFIX}/api/events`;
+var DASHBOARD_API_FLOWS = `${DASHBOARD_PREFIX}/api/flows`;
+var DASHBOARD_API_CLEAR = `${DASHBOARD_PREFIX}/api/clear`;
+var DASHBOARD_API_LOGS = `${DASHBOARD_PREFIX}/api/logs`;
+var DASHBOARD_API_FETCHES = `${DASHBOARD_PREFIX}/api/fetches`;
+var DASHBOARD_API_ERRORS = `${DASHBOARD_PREFIX}/api/errors`;
+var DASHBOARD_API_QUERIES = `${DASHBOARD_PREFIX}/api/queries`;
+var DASHBOARD_API_INGEST = `${DASHBOARD_PREFIX}/api/ingest`;
+var DASHBOARD_API_METRICS = `${DASHBOARD_PREFIX}/api/metrics`;
+var DASHBOARD_API_ACTIVITY = `${DASHBOARD_PREFIX}/api/activity`;
+var DASHBOARD_API_METRICS_LIVE = `${DASHBOARD_PREFIX}/api/metrics/live`;
+var DASHBOARD_API_INSIGHTS = `${DASHBOARD_PREFIX}/api/insights`;
+var DASHBOARD_API_SECURITY = `${DASHBOARD_PREFIX}/api/security`;
+var DASHBOARD_API_TAB = `${DASHBOARD_PREFIX}/api/tab`;
+var DASHBOARD_API_FINDINGS = `${DASHBOARD_PREFIX}/api/findings`;
+var DASHBOARD_API_FINDINGS_REPORT = `${DASHBOARD_PREFIX}/api/findings/report`;
+var VALID_TABS_TUPLE = [
+  "overview",
+  "actions",
+  "requests",
+  "fetches",
+  "queries",
+  "errors",
+  "logs",
+  "performance",
+  "security"
+];
+var VALID_TABS = new Set(VALID_TABS_TUPLE);
 
 // src/constants/limits.ts
-var MAX_INGEST_BYTES = 10 * 1024 * 1024;
+var ANALYSIS_DEBOUNCE_MS = 300;
+var FINDING_ID_HASH_LENGTH = 16;
+var FINDINGS_DATA_VERSION = 1;
 
 // src/constants/thresholds.ts
 var FLOW_GAP_MS = 5e3;
@@ -44,15 +115,8 @@ var METRICS_DIR = ".brakit";
 var FINDINGS_FILE = ".brakit/findings.json";
 var FINDINGS_FLUSH_INTERVAL_MS = 1e4;
 
-// src/constants/severity.ts
-var SEVERITY_CRITICAL = "critical";
-var SEVERITY_WARNING = "warning";
-var SEVERITY_INFO = "info";
-var SEVERITY_ICON_MAP = {
-  [SEVERITY_CRITICAL]: { icon: "\u2717", cls: "critical" },
-  [SEVERITY_WARNING]: { icon: "\u26A0", cls: "warning" },
-  [SEVERITY_INFO]: { icon: "\u2139", cls: "info" }
-};
+// src/constants/network.ts
+var RECOVERY_WINDOW_MS = 5 * 60 * 1e3;
 
 // src/utils/atomic-writer.ts
 import {
@@ -63,38 +127,25 @@ import {
 } from "fs";
 import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
 
-// src/utils/fs.ts
-import { access } from "fs/promises";
-import { existsSync, readFileSync, writeFileSync } from "fs";
-import { resolve } from "path";
-async function fileExists(path) {
-  try {
-    await access(path);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function ensureGitignore(dir, entry) {
-  try {
-    const gitignorePath = resolve(dir, "../.gitignore");
-    if (existsSync(gitignorePath)) {
-      const content = readFileSync(gitignorePath, "utf-8");
-      if (content.split("\n").some((l) => l.trim() === entry)) return;
-      writeFileSync(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
-    } else {
-      writeFileSync(gitignorePath, entry + "\n");
-    }
-  } catch {
-  }
-}
-
 // src/utils/log.ts
 var PREFIX = "[brakit]";
 function brakitWarn(message) {
   process.stderr.write(`${PREFIX} ${message}
 `);
 }
+function brakitDebug(message) {
+  if (process.env.DEBUG_BRAKIT) {
+    process.stderr.write(`${PREFIX}:debug ${message}
+`);
+  }
+}
+
+// src/utils/type-guards.ts
+function getErrorMessage(err) {
+  if (err instanceof Error) return err.message;
+  if (typeof err === "string") return err;
+  return String(err);
+}
 
 // src/utils/atomic-writer.ts
 var AtomicWriter = class {
@@ -111,7 +162,7 @@ var AtomicWriter = class {
       writeFileSync2(this.tmpPath, content);
       renameSync(this.tmpPath, this.opts.filePath);
     } catch (err) {
-      brakitWarn(`failed to save ${this.opts.label}: ${err.message}`);
+      brakitWarn(`failed to save ${this.opts.label}: ${getErrorMessage(err)}`);
     }
   }
   async writeAsync(content) {
@@ -125,13 +176,14 @@ var AtomicWriter = class {
       await writeFile2(this.tmpPath, content);
       await rename(this.tmpPath, this.opts.filePath);
     } catch (err) {
-      brakitWarn(`failed to save ${this.opts.label}: ${err.message}`);
+      brakitWarn(`failed to save ${this.opts.label}: ${getErrorMessage(err)}`);
     } finally {
       this.writing = false;
       if (this.pendingContent !== null) {
         const next = this.pendingContent;
         this.pendingContent = null;
-        this.writeAsync(next);
+        this.writeAsync(next).catch(() => {
+        });
       }
     }
   }
@@ -144,10 +196,10 @@ var AtomicWriter = class {
     }
   }
   async ensureDirAsync() {
-    if (!existsSync2(this.opts.dir)) {
+    if (!await fileExists(this.opts.dir)) {
       await mkdir(this.opts.dir, { recursive: true });
       if (this.opts.gitignoreEntry) {
-        ensureGitignore(this.opts.dir, this.opts.gitignoreEntry);
+        await ensureGitignoreAsync(this.opts.dir, this.opts.gitignoreEntry);
       }
     }
   }
@@ -157,7 +209,11 @@ var AtomicWriter = class {
 import { createHash } from "crypto";
 function computeFindingId(finding) {
   const key = `${finding.rule}:${finding.endpoint}:${finding.desc}`;
-  return createHash("sha256").update(key).digest("hex").slice(0, 16);
+  return createHash("sha256").update(key).digest("hex").slice(0, FINDING_ID_HASH_LENGTH);
+}
+function computeInsightId(type, endpoint, desc) {
+  const key = `${type}:${endpoint}:${desc}`;
+  return createHash("sha256").update(key).digest("hex").slice(0, FINDING_ID_HASH_LENGTH);
 }
 
 // src/store/finding-store.ts
@@ -172,7 +228,6 @@ var FindingStore = class {
       gitignoreEntry: METRICS_DIR,
       label: "findings"
     });
-    this.load();
   }
   findings = /* @__PURE__ */ new Map();
   flushTimer = null;
@@ -180,6 +235,8 @@ var FindingStore = class {
   writer;
   findingsPath;
   start() {
+    this.loadAsync().catch(() => {
+    });
     this.flushTimer = setInterval(
       () => this.flush(),
       FINDINGS_FLUSH_INTERVAL_MS
@@ -216,7 +273,9 @@ var FindingStore = class {
       firstSeenAt: now,
       lastSeenAt: now,
       resolvedAt: null,
-      occurrences: 1
+      occurrences: 1,
+      aiStatus: null,
+      aiNotes: null
     };
     this.findings.set(id, stateful);
     this.dirty = true;
@@ -232,6 +291,17 @@ var FindingStore = class {
     this.dirty = true;
     return true;
   }
+  reportFix(findingId, status, notes) {
+    const finding = this.findings.get(findingId);
+    if (!finding) return false;
+    finding.aiStatus = status;
+    finding.aiNotes = notes;
+    if (status === "fixed") {
+      finding.state = "fixing";
+    }
+    this.dirty = true;
+    return true;
+  }
   /**
    * Reconcile passive findings against the current analysis results.
    *
@@ -244,7 +314,7 @@ var FindingStore = class {
   reconcilePassive(currentFindings) {
     const currentIds = new Set(currentFindings.map(computeFindingId));
     for (const [id, stateful] of this.findings) {
-      if (stateful.source === "passive" && stateful.state === "open" && !currentIds.has(id)) {
+      if (stateful.source === "passive" && (stateful.state === "open" || stateful.state === "fixing") && !currentIds.has(id)) {
         stateful.state = "resolved";
         stateful.resolvedAt = Date.now();
         this.dirty = true;
@@ -264,18 +334,35 @@ var FindingStore = class {
     this.findings.clear();
     this.dirty = true;
   }
-  load() {
+  async loadAsync() {
+    try {
+      if (await fileExists(this.findingsPath)) {
+        const raw = await readFile2(this.findingsPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (parsed?.version === FINDINGS_DATA_VERSION && Array.isArray(parsed.findings)) {
+          for (const f of parsed.findings) {
+            this.findings.set(f.findingId, f);
+          }
+        }
+      }
+    } catch (err) {
+      brakitDebug(`FindingStore: could not load findings file, starting fresh: ${err}`);
+    }
+  }
+  /** Sync load for tests only — not used in production paths. */
+  loadSync() {
     try {
       if (existsSync3(this.findingsPath)) {
         const raw = readFileSync2(this.findingsPath, "utf-8");
         const parsed = JSON.parse(raw);
-        if (parsed?.version === 1 && Array.isArray(parsed.findings)) {
+        if (parsed?.version === FINDINGS_DATA_VERSION && Array.isArray(parsed.findings)) {
           for (const f of parsed.findings) {
             this.findings.set(f.findingId, f);
           }
         }
       }
-    } catch {
+    } catch (err) {
+      brakitDebug(`FindingStore: could not load findings file, starting fresh: ${err}`);
     }
   }
   flush() {
@@ -290,7 +377,7 @@ var FindingStore = class {
   }
   serialize() {
     const data = {
-      version: 1,
+      version: FINDINGS_DATA_VERSION,
       findings: [...this.findings.values()]
     };
     return JSON.stringify(data);
@@ -298,8 +385,9 @@ var FindingStore = class {
 };
 
 // src/detect/project.ts
-import { readFile as readFile2 } from "fs/promises";
-import { join } from "path";
+import { readFile as readFile3, readdir } from "fs/promises";
+import { existsSync as existsSync4 } from "fs";
+import { join, relative } from "path";
 var FRAMEWORKS = [
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
@@ -309,22 +397,14 @@ var FRAMEWORKS = [
 ];
 async function detectProject(rootDir) {
   const pkgPath = join(rootDir, "package.json");
-  const raw = await readFile2(pkgPath, "utf-8");
+  const raw = await readFile3(pkgPath, "utf-8");
   const pkg = JSON.parse(raw);
   const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
-  let framework = "unknown";
-  let devCommand = "";
-  let devBin = "";
-  let defaultPort = 3e3;
-  for (const f of FRAMEWORKS) {
-    if (allDeps[f.dep]) {
-      framework = f.name;
-      devCommand = f.devCmd;
-      devBin = join(rootDir, "node_modules", ".bin", f.bin);
-      defaultPort = f.defaultPort;
-      break;
-    }
-  }
+  const framework = detectFrameworkFromDeps(allDeps);
+  const matched = FRAMEWORKS.find((f) => f.name === framework);
+  const devCommand = matched?.devCmd ?? "";
+  const devBin = matched ? join(rootDir, "node_modules", ".bin", matched.bin) : "";
+  const defaultPort = matched?.defaultPort ?? 3e3;
   const packageManager = await detectPackageManager(rootDir);
   return { framework, devCommand, devBin, defaultPort, packageManager };
 }
@@ -336,6 +416,12 @@ async function detectPackageManager(rootDir) {
   if (await fileExists(join(rootDir, "package-lock.json"))) return "npm";
   return "unknown";
 }
+function detectFrameworkFromDeps(allDeps) {
+  for (const f of FRAMEWORKS) {
+    if (allDeps[f.dep]) return f.name;
+  }
+  return "unknown";
+}
 
 // src/instrument/adapter-registry.ts
 var AdapterRegistry = class {
@@ -373,11 +459,11 @@ var AdapterRegistry = class {
 var SECRET_KEYS = /^(password|passwd|secret|api_key|apiKey|api_secret|apiSecret|private_key|privateKey|client_secret|clientSecret)$/;
 var TOKEN_PARAMS = /^(token|api_key|apiKey|secret|password|access_token|session_id|sessionId)$/;
 var SAFE_PARAMS = /^(_rsc|__clerk_handshake|__clerk_db_jwt|callback|code|state|nonce|redirect_uri|utm_|fbclid|gclid)$/;
-var STACK_TRACE_RE = /at\s+.+\(.+:\d+:\d+\)|at\s+Module\._compile|at\s+Object\.<anonymous>|at\s+processTicksAndRejections/;
+var STACK_TRACE_RE = /at\s+.+\(.+:\d+:\d+\)|at\s+Module\._compile|at\s+Object\.<anonymous>|at\s+processTicksAndRejections|Traceback \(most recent call last\)|File ".+", line \d+/;
 var DB_CONN_RE = /(postgres|mysql|mongodb|redis):\/\//;
 var SQL_FRAGMENT_RE = /\b(SELECT\s+[\w.*]+\s+FROM|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)\b/i;
-var SECRET_VAL_RE = /(api_key|apiKey|secret|token)\s*[:=]\s*["']?[A-Za-z0-9_\-\.+\/]{8,}/;
-var LOG_SECRET_RE = /(password|secret|token|api_key|apiKey)\s*[:=]\s*["']?[A-Za-z0-9_\-\.+\/]{8,}/i;
+var SECRET_VAL_RE = /(api_key|apiKey|secret|token)\s*[:=]\s*["']?[A-Za-z0-9_\-.+/]{8,}/;
+var LOG_SECRET_RE = /(password|secret|token|api_key|apiKey)\s*[:=]\s*["']?[A-Za-z0-9_\-.+/]{8,}/i;
 var MASKED_RE = /^\*+$|\[REDACTED\]|\[FILTERED\]|CHANGE_ME|^x{3,}$/i;
 var EMAIL_RE = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/;
 var INTERNAL_ID_KEYS = /^(id|_id|userId|user_id|createdBy|updatedBy|organizationId|org_id|tenantId|tenant_id)$/;
@@ -389,9 +475,9 @@ var RULE_HINTS = {
   "token-in-url": "Pass tokens in the Authorization header, not URL query parameters.",
   "stack-trace-leak": "Use a custom error handler that returns generic messages in production.",
   "error-info-leak": "Sanitize error responses. Return generic messages instead of internal details.",
+  "insecure-cookie": "Set HttpOnly and SameSite flags on all cookies.",
   "sensitive-logs": "Redact PII before logging. Never log passwords or tokens.",
   "cors-credentials": "Cannot use credentials:true with origin:*. Specify explicit origins.",
-  "insecure-cookie": "Set HttpOnly and SameSite flags on all cookies.",
   "response-pii-leak": "API responses should return minimal data. Don't echo back full user records \u2014 select only the fields the client needs."
 };
 
@@ -761,48 +847,47 @@ function hasInternalIds(obj) {
   }
   return false;
 }
-function detectPII(method, reqBody, resBody) {
-  const target = unwrapResponse(resBody);
-  if (WRITE_METHODS.has(method) && reqBody && typeof reqBody === "object") {
-    const reqEmails = findEmails(reqBody);
-    if (reqEmails.length > 0) {
-      const resEmails = findEmails(target);
-      const echoed = reqEmails.filter((e) => resEmails.includes(e));
-      if (echoed.length > 0) {
-        const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
-        if (hasInternalIds(inspectObj) || topLevelFieldCount(inspectObj) >= FULL_RECORD_MIN_FIELDS) {
-          return { reason: "echo", emailCount: echoed.length };
-        }
-      }
-    }
+function detectEchoPII(method, reqBody, target) {
+  if (!WRITE_METHODS.has(method) || !reqBody || typeof reqBody !== "object") return null;
+  const reqEmails = findEmails(reqBody);
+  if (reqEmails.length === 0) return null;
+  const resEmails = findEmails(target);
+  const echoed = reqEmails.filter((e) => resEmails.includes(e));
+  if (echoed.length === 0) return null;
+  const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
+  if (hasInternalIds(inspectObj) || topLevelFieldCount(inspectObj) >= FULL_RECORD_MIN_FIELDS) {
+    return { reason: "echo", emailCount: echoed.length };
   }
-  if (target && typeof target === "object" && !Array.isArray(target)) {
-    const fields = topLevelFieldCount(target);
-    if (fields >= FULL_RECORD_MIN_FIELDS && hasInternalIds(target)) {
-      const emails = findEmails(target);
-      if (emails.length > 0) {
-        return { reason: "full-record", emailCount: emails.length };
-      }
+  return null;
+}
+function detectFullRecordPII(target) {
+  if (!target || typeof target !== "object" || Array.isArray(target)) return null;
+  const fields = topLevelFieldCount(target);
+  if (fields < FULL_RECORD_MIN_FIELDS || !hasInternalIds(target)) return null;
+  const emails = findEmails(target);
+  if (emails.length === 0) return null;
+  return { reason: "full-record", emailCount: emails.length };
+}
+function detectListPII(target) {
+  if (!Array.isArray(target) || target.length < LIST_PII_MIN_ITEMS) return null;
+  let itemsWithEmail = 0;
+  for (let i = 0; i < Math.min(target.length, 10); i++) {
+    const item = target[i];
+    if (item && typeof item === "object" && findEmails(item).length > 0) {
+      itemsWithEmail++;
     }
   }
-  if (Array.isArray(target) && target.length >= LIST_PII_MIN_ITEMS) {
-    let itemsWithEmail = 0;
-    for (let i = 0; i < Math.min(target.length, 10); i++) {
-      const item = target[i];
-      if (item && typeof item === "object") {
-        const emails = findEmails(item);
-        if (emails.length > 0) itemsWithEmail++;
-      }
-    }
-    if (itemsWithEmail >= LIST_PII_MIN_ITEMS) {
-      const first = target[0];
-      if (hasInternalIds(first) || topLevelFieldCount(first) >= FULL_RECORD_MIN_FIELDS) {
-        return { reason: "list-pii", emailCount: itemsWithEmail };
-      }
-    }
+  if (itemsWithEmail < LIST_PII_MIN_ITEMS) return null;
+  const first = target[0];
+  if (hasInternalIds(first) || topLevelFieldCount(first) >= FULL_RECORD_MIN_FIELDS) {
+    return { reason: "list-pii", emailCount: itemsWithEmail };
   }
   return null;
 }
+function detectPII(method, reqBody, resBody) {
+  const target = unwrapResponse(resBody);
+  return detectEchoPII(method, reqBody, target) ?? detectFullRecordPII(target) ?? detectListPII(target);
+}
 var REASON_LABELS = {
   echo: "echoes back PII from the request body",
   "full-record": "returns a full record with email and internal IDs",
@@ -1930,8 +2015,12 @@ function computeInsightKey(insight) {
   const identifier = extractEndpointFromDesc(insight.desc) ?? insight.title;
   return `${insight.type}:${identifier}`;
 }
+function enrichedIdFromInsight(insight) {
+  return computeInsightId(insight.type, insight.nav ?? "global", insight.desc);
+}
 var InsightTracker = class {
   tracked = /* @__PURE__ */ new Map();
+  enrichedIndex = /* @__PURE__ */ new Map();
   reconcile(current) {
     const currentKeys = /* @__PURE__ */ new Set();
     const now = Date.now();
@@ -1939,6 +2028,7 @@ var InsightTracker = class {
       const key = computeInsightKey(insight);
       currentKeys.add(key);
       const existing = this.tracked.get(key);
+      this.enrichedIndex.set(enrichedIdFromInsight(insight), key);
       if (existing) {
         existing.insight = insight;
         existing.lastSeenAt = now;
@@ -1955,34 +2045,50 @@ var InsightTracker = class {
           firstSeenAt: now,
           lastSeenAt: now,
           resolvedAt: null,
-          consecutiveAbsences: 0
+          consecutiveAbsences: 0,
+          aiStatus: null,
+          aiNotes: null
         });
       }
     }
-    for (const [key, stateful] of this.tracked) {
-      if (stateful.state === "open" && !currentKeys.has(stateful.key)) {
+    for (const [, stateful] of this.tracked) {
+      if ((stateful.state === "open" || stateful.state === "fixing") && !currentKeys.has(stateful.key)) {
         stateful.consecutiveAbsences++;
         if (stateful.consecutiveAbsences >= RESOLVE_AFTER_ABSENCES) {
           stateful.state = "resolved";
           stateful.resolvedAt = now;
         }
       } else if (stateful.state === "resolved" && stateful.resolvedAt !== null && now - stateful.resolvedAt > RESOLVED_INSIGHT_TTL_MS) {
-        this.tracked.delete(key);
+        this.tracked.delete(stateful.key);
+        this.enrichedIndex.delete(enrichedIdFromInsight(stateful.insight));
       }
     }
     return [...this.tracked.values()];
   }
+  reportFix(enrichedId, status, notes) {
+    const key = this.enrichedIndex.get(enrichedId);
+    if (!key) return false;
+    const stateful = this.tracked.get(key);
+    if (!stateful) return false;
+    stateful.aiStatus = status;
+    stateful.aiNotes = notes;
+    if (status === "fixed") {
+      stateful.state = "fixing";
+    }
+    return true;
+  }
   getAll() {
     return [...this.tracked.values()];
   }
   clear() {
     this.tracked.clear();
+    this.enrichedIndex.clear();
   }
 };
 
 // src/analysis/engine.ts
 var AnalysisEngine = class {
-  constructor(registry, debounceMs = 300) {
+  constructor(registry, debounceMs = ANALYSIS_DEBOUNCE_MS) {
     this.registry = registry;
     this.debounceMs = debounceMs;
     this.scanner = createDefaultScanner();
@@ -2018,7 +2124,10 @@ var AnalysisEngine = class {
     return this.registry.has("finding-store") ? this.registry.get("finding-store").getAll() : [];
   }
   getStatefulInsights() {
-    return this.cachedStatefulInsights;
+    return this.insightTracker.getAll();
+  }
+  reportInsightFix(enrichedId, status, notes) {
+    return this.insightTracker.reportFix(enrichedId, status, notes);
   }
   scheduleRecompute() {
     if (this.debounceTimer) return;
@@ -2063,7 +2172,7 @@ var AnalysisEngine = class {
 };
 
 // src/index.ts
-var VERSION = "0.8.3";
+var VERSION = "0.8.5";
 export {
   AdapterRegistry,
   AnalysisEngine,