chainwall 0.1.0

package/dist/mcp-server/tools/audit-status.js

@@ -0,0 +1,46 @@
+import { AuditStatusSchema } from '../schemas.js';
+export function auditStatusTool(server) {
+    server.tool('audit_status', 'Return installed AI tools, MCP servers, and configuration status', AuditStatusSchema, async () => {
+        // Dynamic imports to keep startup fast
+        const { detectInstalledTools } = await import('../../auditor/tool-detector.js');
+        const { detectMCPServers } = await import('../../auditor/mcp-detector.js');
+        const { detectAICLIs } = await import('../../auditor/cli-detector.js');
+        const { scanVSCodeExtensions } = await import('../../auditor/vscode-extension-scanner.js');
+        const tools = detectInstalledTools();
+        const { servers: mcpServers } = detectMCPServers();
+        const clis = detectAICLIs();
+        const extensions = scanVSCodeExtensions();
+        const parts = [];
+        parts.push(`AI Tools (${tools.length}):`);
+        for (const t of tools) {
+            parts.push(`  ${t.name} — ${t.accessLevel} access`);
+        }
+        if (mcpServers.length > 0) {
+            parts.push(`\nMCP Servers (${mcpServers.length}):`);
+            for (const s of mcpServers) {
+                const flags = [];
+                if (s.hasFilesystemAccess)
+                    flags.push('FS');
+                if (s.hasCommandExecution)
+                    flags.push('EXEC');
+                parts.push(`  ${s.name}${flags.length ? ` [${flags.join(', ')}]` : ''}`);
+            }
+        }
+        if (clis.length > 0) {
+            parts.push(`\nAI CLIs (${clis.length}):`);
+            for (const c of clis) {
+                parts.push(`  ${c.name} — ${c.path}`);
+            }
+        }
+        if (extensions && extensions.length > 0) {
+            parts.push(`\nVS Code Extensions (${extensions.length}):`);
+            for (const e of extensions) {
+                parts.push(`  ${e.name} (${e.id})`);
+            }
+        }
+        return {
+            content: [{ type: 'text', text: parts.join('\n') }],
+        };
+    });
+}
+//# sourceMappingURL=audit-status.js.map

package/dist/mcp-server/tools/audit-status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-status.js","sourceRoot":"","sources":["../../../src/mcp-server/tools/audit-status.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAElD,MAAM,UAAU,eAAe,CAAC,MAAiB;IAC/C,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,kEAAkE,EAAE,iBAAiB,EAAE,KAAK,IAAI,EAAE;QAC5H,uCAAuC;QACvC,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAChF,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;QAC3E,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;QACvE,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;QAE3F,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;QACrC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,gBAAgB,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;QAE1C,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,SAAS,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,kBAAkB,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;YACpD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,EAAE,CAAC;gBACjB,IAAI,CAAC,CAAC,mBAAmB;oBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5C,IAAI,CAAC,CAAC,mBAAmB;oBAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC;YAC1C,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAED,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,yBAAyB,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/mcp-server/tools/check-command.d.ts

@@ -0,0 +1,4 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { Engine } from '../types.js';
+export declare function checkCommandTool(server: McpServer, engine: Engine): void;
+//# sourceMappingURL=check-command.d.ts.map

package/dist/mcp-server/tools/check-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-command.d.ts","sourceRoot":"","sources":["../../../src/mcp-server/tools/check-command.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAiCxE"}

package/dist/mcp-server/tools/check-command.js

@@ -0,0 +1,30 @@
+import { CheckCommandSchema } from '../schemas.js';
+export function checkCommandTool(server, engine) {
+    server.tool('check_command', 'Check if a shell command is safe to execute', CheckCommandSchema, async ({ command }) => {
+        const findings = engine.scanFile('<command>', command);
+        if (findings.length === 0) {
+            return {
+                content: [{ type: 'text', text: `Command appears safe: ${command}` }],
+            };
+        }
+        const blocks = findings.filter((f) => f.action === 'block');
+        const warns = findings.filter((f) => f.action === 'warn');
+        const parts = [];
+        if (blocks.length > 0) {
+            parts.push(`BLOCKED — ${blocks.length} finding(s):`);
+            for (const f of blocks) {
+                parts.push(`  [${f.severity.toUpperCase()}] ${f.ruleName}: ${f.description}`);
+            }
+        }
+        if (warns.length > 0) {
+            parts.push(`WARNING — ${warns.length} finding(s):`);
+            for (const f of warns) {
+                parts.push(`  [${f.severity.toUpperCase()}] ${f.ruleName}: ${f.description}`);
+            }
+        }
+        return {
+            content: [{ type: 'text', text: parts.join('\n') }],
+        };
+    });
+}
+//# sourceMappingURL=check-command.js.map

package/dist/mcp-server/tools/check-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-command.js","sourceRoot":"","sources":["../../../src/mcp-server/tools/check-command.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,UAAU,gBAAgB,CAAC,MAAiB,EAAE,MAAc;IAChE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,6CAA6C,EAAE,kBAAkB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACpH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEvD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,yBAAyB,OAAO,EAAE,EAAE,CAAC;aAC/E,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAE1D,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,cAAc,CAAC,CAAC;YACrD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,MAAM,cAAc,CAAC,CAAC;YACpD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/mcp-server/tools/scan-content.d.ts

@@ -0,0 +1,4 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { Engine } from '../types.js';
+export declare function scanContentTool(server: McpServer, engine: Engine): void;
+//# sourceMappingURL=scan-content.d.ts.map

package/dist/mcp-server/tools/scan-content.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-content.d.ts","sourceRoot":"","sources":["../../../src/mcp-server/tools/scan-content.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAG1C,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAmBvE"}

package/dist/mcp-server/tools/scan-content.js

@@ -0,0 +1,18 @@
+import { ScanContentSchema } from '../schemas.js';
+import { redactMatch } from '../../scanner/redact.js';
+export function scanContentTool(server, engine) {
+    server.tool('scan_content', 'Scan arbitrary text for credentials, secrets, PII, and dangerous patterns', ScanContentSchema, async ({ content, filename }) => {
+        const virtualPath = filename || '<stdin>';
+        const findings = engine.scanFile(virtualPath, content);
+        if (findings.length === 0) {
+            return {
+                content: [{ type: 'text', text: 'No security findings detected.' }],
+            };
+        }
+        const summary = findings.map((f) => `[${f.severity.toUpperCase()}] ${f.ruleName} (line ${f.line})\n  ${f.description}\n  Match: ${redactMatch(f.matchedText, f.category)}`).join('\n\n');
+        return {
+            content: [{ type: 'text', text: `Found ${findings.length} finding(s):\n\n${summary}` }],
+        };
+    });
+}
+//# sourceMappingURL=scan-content.js.map

package/dist/mcp-server/tools/scan-content.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-content.js","sourceRoot":"","sources":["../../../src/mcp-server/tools/scan-content.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAElD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,UAAU,eAAe,CAAC,MAAiB,EAAE,MAAc;IAC/D,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,2EAA2E,EAAE,iBAAiB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC1J,MAAM,WAAW,GAAG,QAAQ,IAAI,SAAS,CAAC;QAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEvD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACjC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,QAAQ,UAAU,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,WAAW,cAAc,WAAW,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,CACvI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEf,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,SAAS,QAAQ,CAAC,MAAM,mBAAmB,OAAO,EAAE,EAAE,CAAC;SACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/mcp-server/tools/scan-file.d.ts

@@ -0,0 +1,4 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { Engine } from '../types.js';
+export declare function scanFileTool(server: McpServer, engine: Engine): void;
+//# sourceMappingURL=scan-file.d.ts.map

package/dist/mcp-server/tools/scan-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-file.d.ts","sourceRoot":"","sources":["../../../src/mcp-server/tools/scan-file.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAG1C,wBAAgB,YAAY,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CA+CpE"}

package/dist/mcp-server/tools/scan-file.js

@@ -0,0 +1,48 @@
+import { readFileSync, realpathSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { ScanFileSchema } from '../schemas.js';
+import { redactMatch } from '../../scanner/redact.js';
+export function scanFileTool(server, engine) {
+    server.tool('scan_file', 'Scan a file for credentials, secrets, PII, and dangerous patterns', ScanFileSchema, async ({ path }) => {
+        // Restrict to current working directory (resolve symlinks to prevent bypass)
+        let resolved;
+        let base;
+        try {
+            resolved = realpathSync(resolve(path));
+            base = realpathSync(process.cwd());
+        }
+        catch (err) {
+            return {
+                content: [{ type: 'text', text: `Error resolving path: ${err.message}` }],
+                isError: true,
+            };
+        }
+        if (!resolved.startsWith(base + '/') && resolved !== base) {
+            return {
+                content: [{ type: 'text', text: `Error: path must be within current directory` }],
+                isError: true,
+            };
+        }
+        let content;
+        try {
+            content = readFileSync(resolved, 'utf-8');
+        }
+        catch (err) {
+            return {
+                content: [{ type: 'text', text: `Error reading file: ${err.message}` }],
+                isError: true,
+            };
+        }
+        const findings = engine.scanFile(resolved, content);
+        if (findings.length === 0) {
+            return {
+                content: [{ type: 'text', text: `No security findings in ${resolved}` }],
+            };
+        }
+        const summary = findings.map((f) => `[${f.severity.toUpperCase()}] ${f.ruleName} — ${f.filePath}:${f.line}\n  ${f.description}\n  Match: ${redactMatch(f.matchedText, f.category)}`).join('\n\n');
+        return {
+            content: [{ type: 'text', text: `Found ${findings.length} finding(s):\n\n${summary}` }],
+        };
+    });
+}
+//# sourceMappingURL=scan-file.js.map

package/dist/mcp-server/tools/scan-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-file.js","sourceRoot":"","sources":["../../../src/mcp-server/tools/scan-file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,UAAU,YAAY,CAAC,MAAiB,EAAE,MAAc;IAC5D,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,mEAAmE,EAAE,cAAc,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QAC/H,6EAA6E;QAC7E,IAAI,QAAgB,CAAC;QACrB,IAAI,IAAY,CAAC;QACjB,IAAI,CAAC;YACH,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACvC,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,yBAA0B,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC7F,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,8CAA8C,EAAE,CAAC;gBAC1F,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,uBAAwB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC3F,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEpD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2BAA2B,QAAQ,EAAE,EAAE,CAAC;aAClF,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACjC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,WAAW,cAAc,WAAW,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,CAChJ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEf,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,SAAS,QAAQ,CAAC,MAAM,mBAAmB,OAAO,EAAE,EAAE,CAAC;SACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/mcp-server/types.d.ts

@@ -0,0 +1,15 @@
+export interface ScanFindingResult {
+    ruleId: string;
+    ruleName: string;
+    severity: string;
+    category: string;
+    description: string;
+    filePath: string;
+    line: number;
+    matchedText: string;
+    action: string;
+}
+export interface Engine {
+    scanFile(path: string, content: string): ScanFindingResult[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/mcp-server/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/mcp-server/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,MAAM;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAAC;CAC9D"}

package/dist/mcp-server/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/mcp-server/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/mcp-server/types.ts"],"names":[],"mappings":""}

package/dist/reporter/audit-report.d.ts

@@ -0,0 +1,4 @@
+import type { AuditResult } from '../auditor/types.js';
+export declare function printAuditReport(result: AuditResult): void;
+export declare function printJsonAuditReport(result: AuditResult): void;
+//# sourceMappingURL=audit-report.d.ts.map

package/dist/reporter/audit-report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-report.d.ts","sourceRoot":"","sources":["../../src/reporter/audit-report.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAe,WAAW,EAAgB,MAAM,qBAAqB,CAAC;AAoBlF,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CA0H1D;AAqED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CAE9D"}

package/dist/reporter/audit-report.js

@@ -0,0 +1,186 @@
+import chalk from 'chalk';
+import { SEVERITY_COLOR } from './shared.js';
+const ACCESS_COLOR = {
+    full: chalk.red.bold,
+    workspace: chalk.yellow,
+    limited: chalk.green,
+};
+const ACCESS_LABEL = {
+    full: 'FULL ACCESS',
+    workspace: 'WORKSPACE ACCESS',
+    limited: 'LIMITED ACCESS',
+};
+const MAX_FINDINGS_PER_TOOL = 5;
+export function printAuditReport(result) {
+    const { tools, exposures, scanResult, totalExposed, durationMs } = result;
+    const line = chalk.dim('\u2500'.repeat(50));
+    console.log('');
+    console.log(chalk.bold('ChainWall Security Audit'));
+    console.log(line);
+    // Risk score at the top
+    const scoreColor = scanResult.riskScore <= 2 ? chalk.green : scanResult.riskScore <= 5 ? chalk.yellow : chalk.red;
+    console.log('');
+    console.log(`  Risk Score: ${scoreColor.bold(`${scanResult.riskScore}/10`)} (${scanResult.riskLabel})`);
+    console.log(chalk.dim(`  ${tools.length} AI tool(s) | ${totalExposed} exposed | ${scanResult.filesScanned} files | ${durationMs}ms`));
+    // [1] Installed AI Tools
+    console.log('');
+    console.log(chalk.bold('[1] Installed AI Tools'));
+    console.log(line);
+    if (tools.length === 0) {
+        console.log('');
+        console.log(chalk.green('  No AI coding tools detected.'));
+    }
+    else {
+        for (const tool of tools) {
+            console.log('');
+            const label = ACCESS_COLOR[tool.accessLevel](`${tool.name} \u2014 ${ACCESS_LABEL[tool.accessLevel]}`);
+            console.log(`  ${label}`);
+            console.log(chalk.dim(`  ${tool.description}`));
+            for (const p of tool.configPaths) {
+                console.log(chalk.dim(`  Config: ${p}`));
+            }
+        }
+    }
+    // [2] Exposure Map
+    console.log('');
+    console.log(chalk.bold('[2] Exposure Map'));
+    console.log(line);
+    const hasExposures = exposures.some((e) => e.exposedFindings.length > 0);
+    if (!hasExposures) {
+        console.log('');
+        console.log(chalk.green('  No findings reachable by any detected tool.'));
+    }
+    else {
+        for (const exposure of exposures) {
+            if (exposure.exposedFindings.length === 0)
+                continue;
+            console.log('');
+            printExposure(exposure);
+        }
+    }
+    // [3] MCP Servers
+    console.log('');
+    console.log(chalk.bold('[3] MCP Servers'));
+    console.log(line);
+    if (result.mcpServers && result.mcpServers.length > 0) {
+        printMCPServers(result.mcpServers);
+    }
+    else {
+        console.log(chalk.green('  None found.'));
+    }
+    // [4] AI CLI Tools
+    console.log('');
+    console.log(chalk.bold('[4] AI CLI Tools'));
+    console.log(line);
+    if (result.detectedCLIs && result.detectedCLIs.length > 0) {
+        printCLITools(result.detectedCLIs);
+    }
+    else {
+        console.log(chalk.green('  None found.'));
+    }
+    // [5] VS Code AI Extensions
+    console.log('');
+    console.log(chalk.bold('[5] VS Code AI Extensions'));
+    console.log(line);
+    if (result.vsCodeExtensions && result.vsCodeExtensions.length > 0) {
+        printVSCodeExtensions(result.vsCodeExtensions);
+    }
+    else {
+        console.log(chalk.green('  None found.'));
+    }
+    // [6] Environment variable exposures
+    console.log('');
+    console.log(chalk.bold('[6] Environment Variables'));
+    console.log(line);
+    if (result.envExposures && result.envExposures.length > 0) {
+        for (const env of result.envExposures) {
+            const color = SEVERITY_COLOR[env.severity];
+            console.log(`  ${color(`[${env.severity.toUpperCase().slice(0, 4)}]`)} ${chalk.bold(env.key)} ${chalk.dim(env.valueHint)} \u2014 ${chalk.dim(env.reason)}`);
+        }
+    }
+    else {
+        console.log(chalk.green('  None found.'));
+    }
+    // Recommended Actions
+    if (hasExposures) {
+        console.log('');
+        console.log(chalk.bold('Recommended Actions'));
+        console.log(line);
+        console.log('');
+        console.log('  1. Move secrets out of plaintext files \u2192 use env vars or a vault');
+        console.log('  2. Add sensitive files to .gitignore');
+        console.log('  3. Rotate any credentials that were committed to git');
+        console.log('  4. Review AI tool permissions \u2014 restrict filesystem access where possible');
+        console.log('');
+        console.log(chalk.dim('  Run "chainwall audit --remediate" for interactive fixes.'));
+    }
+    // Summary
+    console.log('');
+    console.log(line);
+    console.log(chalk.dim(`AI Tools: ${tools.length} detected | Exposed: ${totalExposed} finding(s) reachable`));
+    console.log(chalk.dim(`Files scanned: ${scanResult.filesScanned} | Time: ${durationMs}ms`));
+    console.log('');
+}
+function printExposure(exposure) {
+    const { tool, exposedFindings, counts } = exposure;
+    console.log(`  ${chalk.bold(tool.name)} can reach:`);
+    const parts = [];
+    for (const sev of ['critical', 'high', 'medium', 'low']) {
+        if (counts[sev] > 0) {
+            parts.push(SEVERITY_COLOR[sev](`${counts[sev]} ${sev}`));
+        }
+    }
+    console.log(`    ${parts.join(' | ')}`);
+    const shown = exposedFindings.slice(0, MAX_FINDINGS_PER_TOOL);
+    for (const f of shown) {
+        const loc = f.line > 0 ? `${f.filePath}:${f.line}` : f.filePath;
+        console.log(SEVERITY_COLOR[f.severity](`    - ${f.ruleName}`) + chalk.dim(`  ${loc}`));
+    }
+    const remaining = exposedFindings.length - shown.length;
+    if (remaining > 0) {
+        console.log(chalk.dim(`    ... and ${remaining} more`));
+    }
+}
+function printMCPServers(servers) {
+    for (const server of servers) {
+        const flags = [];
+        if (server.hasFilesystemAccess)
+            flags.push(chalk.red('FS'));
+        if (server.hasCommandExecution)
+            flags.push(chalk.red('EXEC'));
+        const flagStr = flags.length > 0 ? ` [${flags.join(', ')}]` : '';
+        const riskStr = server.riskScore !== undefined
+            ? (server.riskLabel === 'high' ? chalk.red(` Risk: ${server.riskScore}/100`) :
+                server.riskLabel === 'medium' ? chalk.yellow(` Risk: ${server.riskScore}/100`) :
+                    chalk.dim(` Risk: ${server.riskScore}/100`))
+            : '';
+        console.log('');
+        console.log(`  ${chalk.bold(server.name)}${flagStr}${riskStr}`);
+        console.log(chalk.dim(`  Source: ${server.sourceFile}`));
+        if (server.capabilities && server.capabilities.length > 0) {
+            console.log(chalk.dim(`  Capabilities: ${server.capabilities.join(', ')}`));
+        }
+        if (server.tools.length > 0) {
+            console.log(chalk.dim(`  Tools: ${server.tools.join(', ')}`));
+        }
+    }
+}
+function printCLITools(clis) {
+    for (const cli of clis) {
+        console.log('');
+        console.log(`  ${chalk.bold(cli.name)}`);
+        console.log(chalk.dim(`  Path: ${cli.path} (${cli.source})`));
+    }
+}
+function printVSCodeExtensions(extensions) {
+    for (const ext of extensions) {
+        const riskColor = ext.riskLevel === 'high' ? chalk.red :
+            ext.riskLevel === 'medium' ? chalk.yellow : chalk.green;
+        console.log(`  ${riskColor(`[${ext.riskLevel.toUpperCase()}]`)} ${chalk.yellow(ext.name)} ${chalk.dim(`(${ext.id})`)}`);
+        console.log(chalk.dim(`    ${ext.riskReason}`));
+    }
+}
+export function printJsonAuditReport(result) {
+    console.log(JSON.stringify(result, null, 2));
+}
+//# sourceMappingURL=audit-report.js.map

package/dist/reporter/audit-report.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-report.js","sourceRoot":"","sources":["../../src/reporter/audit-report.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAM1B,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,YAAY,GAA+C;IAC/D,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI;IACpB,SAAS,EAAE,KAAK,CAAC,MAAM;IACvB,OAAO,EAAE,KAAK,CAAC,KAAK;CACrB,CAAC;AAEF,MAAM,YAAY,GAAgC;IAChD,IAAI,EAAE,aAAa;IACnB,SAAS,EAAE,kBAAkB;IAC7B,OAAO,EAAE,gBAAgB;CAC1B,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,MAAM,UAAU,gBAAgB,CAAC,MAAmB;IAClD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;IAC1E,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAElB,wBAAwB;IACxB,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;IAClH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,SAAS,KAAK,CAAC,KAAK,UAAU,CAAC,SAAS,GAAG,CAAC,CAAC;IACxG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,iBAAiB,YAAY,cAAc,UAAU,CAAC,YAAY,YAAY,UAAU,IAAI,CAAC,CAAC,CAAC;IAEtI,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAElB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAC7D,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,WAAW,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YACtG,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YAChD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAElB,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;IAC5E,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,mBAAmB;IACnB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,4BAA4B;IAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,qBAAqB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,qCAAqC;IACrC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9J,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,sBAAsB;IACtB,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,kFAAkF,CAAC,CAAC;QAChG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC,CAAC;IACvF,CAAC;IAED,UAAU;IACV,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,aAAa,KAAK,CAAC,MAAM,wBAAwB,YAAY,uBAAuB,CACrF,CACF,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,kBAAkB,UAAU,CAAC,YAAY,YAAY,UAAU,IAAI,CACpE,CACF,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB;IAC3C,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAErD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAe,EAAE,CAAC;QACtE,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAExC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC;IAC9D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IACxD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,SAAS,OAAO,CAAC,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,OAAoB;IAC3C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,MAAM,CAAC,mBAAmB;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,CAAC,mBAAmB;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAEjE,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,KAAK,SAAS;YAC5C,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC;gBAC3E,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,MAAM,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC;oBAChF,KAAK,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,SAAS,MAAM,CAAC,CAAC;YAC/C,CAAC,CAAC,EAAE,CAAC;QAEP,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,GAAG,OAAO,EAAE,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAmB;IACxC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,UAA6B;IAC1D,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACtC,GAAG,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QACxH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAmB;IACtD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/C,CAAC"}

package/dist/reporter/json-report.d.ts

@@ -0,0 +1,3 @@
+import type { ScanResult } from '../rules/types.js';
+export declare function printJsonReport(result: ScanResult): void;
+//# sourceMappingURL=json-report.d.ts.map

package/dist/reporter/json-report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json-report.d.ts","sourceRoot":"","sources":["../../src/reporter/json-report.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,wBAAgB,eAAe,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAExD"}

package/dist/reporter/json-report.js

@@ -0,0 +1,4 @@
+export function printJsonReport(result) {
+    console.log(JSON.stringify(result, null, 2));
+}
+//# sourceMappingURL=json-report.js.map

package/dist/reporter/json-report.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json-report.js","sourceRoot":"","sources":["../../src/reporter/json-report.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,eAAe,CAAC,MAAkB;IAChD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/C,CAAC"}

package/dist/reporter/remediation-text.d.ts

@@ -0,0 +1,3 @@
+import type { Category } from '../rules/types.js';
+export declare const REMEDIATION_TEXT: Partial<Record<Category, string>>;
+//# sourceMappingURL=remediation-text.d.ts.map

package/dist/reporter/remediation-text.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remediation-text.d.ts","sourceRoot":"","sources":["../../src/reporter/remediation-text.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAElD,eAAO,MAAM,gBAAgB,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAU9D,CAAC"}

package/dist/reporter/remediation-text.js

@@ -0,0 +1,12 @@
+export const REMEDIATION_TEXT = {
+    credential: 'Rotate exposed API keys and move to environment variables',
+    private_key: 'Move private keys to a secrets manager or SSH agent',
+    pii: 'Remove PII from source code — use tokenization or redaction',
+    dangerous_command: 'Replace with safe alternatives and add confirmation guards',
+    supply_chain: 'Pin dependency versions and verify package integrity',
+    injection: 'Review flagged content for embedded prompt injection',
+    prompt_injection: 'Review flagged content for embedded prompt injection — remove or sanitize AI instruction overrides',
+    crypto: 'Move seed phrases and private keys to hardware wallets or encrypted vaults',
+    permission: 'Restrict file permissions (chmod 600 for keys, 700 for key directories)',
+};
+//# sourceMappingURL=remediation-text.js.map

package/dist/reporter/remediation-text.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remediation-text.js","sourceRoot":"","sources":["../../src/reporter/remediation-text.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAsC;IACjE,UAAU,EAAE,2DAA2D;IACvE,WAAW,EAAE,qDAAqD;IAClE,GAAG,EAAE,6DAA6D;IAClE,iBAAiB,EAAE,4DAA4D;IAC/E,YAAY,EAAE,sDAAsD;IACpE,SAAS,EAAE,sDAAsD;IACjE,gBAAgB,EAAE,oGAAoG;IACtH,MAAM,EAAE,4EAA4E;IACpF,UAAU,EAAE,yEAAyE;CACtF,CAAC"}

package/dist/reporter/risk-scorer.d.ts

@@ -0,0 +1,8 @@
+import type { ScanFinding } from '../rules/types.js';
+export interface RiskScoreResult {
+    score: number;
+    label: string;
+    rawPoints: number;
+}
+export declare function calculateRiskScore(findings: ScanFinding[]): RiskScoreResult;
+//# sourceMappingURL=risk-scorer.d.ts.map

package/dist/reporter/risk-scorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-scorer.d.ts","sourceRoot":"","sources":["../../src/reporter/risk-scorer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAarD,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,eAAe,CAoB3E"}

package/dist/reporter/risk-scorer.js

@@ -0,0 +1,40 @@
+const SEVERITY_POINTS = {
+    critical: 3,
+    high: 2,
+    medium: 1,
+    low: 0.5,
+};
+const CRYPTO_MULTIPLIER = 2;
+const PERMISSION_MULTIPLIER = 1.5;
+const MAX_RAW_SCORE = 30; // normalization ceiling
+export function calculateRiskScore(findings) {
+    if (findings.length === 0) {
+        return { score: 0, label: 'CLEAN', rawPoints: 0 };
+    }
+    let rawPoints = 0;
+    for (const f of findings) {
+        let points = SEVERITY_POINTS[f.severity] ?? 0;
+        if (f.category === 'crypto') {
+            points *= CRYPTO_MULTIPLIER;
+        }
+        else if (f.category === 'permission') {
+            points *= PERMISSION_MULTIPLIER;
+        }
+        rawPoints += points;
+    }
+    // Normalize to 0-10 scale
+    const score = Math.min(10, Math.round((rawPoints / MAX_RAW_SCORE) * 10 * 10) / 10);
+    return { score, label: getLabel(score), rawPoints };
+}
+function getLabel(score) {
+    if (score === 0)
+        return 'CLEAN';
+    if (score <= 2)
+        return 'LOW';
+    if (score <= 5)
+        return 'MODERATE';
+    if (score <= 8)
+        return 'HIGH';
+    return 'CRITICAL';
+}
+//# sourceMappingURL=risk-scorer.js.map

package/dist/reporter/risk-scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-scorer.js","sourceRoot":"","sources":["../../src/reporter/risk-scorer.ts"],"names":[],"mappings":"AAEA,MAAM,eAAe,GAA2B;IAC9C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,GAAG;CACT,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,wBAAwB;AAQlD,MAAM,UAAU,kBAAkB,CAAC,QAAuB;IACxD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;IACpD,CAAC;IAED,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CAAC;QAC9B,CAAC;aAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YACvC,MAAM,IAAI,qBAAqB,CAAC;QAClC,CAAC;QACD,SAAS,IAAI,MAAM,CAAC;IACtB,CAAC;IAED,0BAA0B;IAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;IAEnF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAChC,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IAClC,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9B,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/reporter/sarif-report.d.ts

@@ -0,0 +1,3 @@
+import type { ScanResult } from '../rules/types.js';
+export declare function generateSarifReport(result: ScanResult): object;
+//# sourceMappingURL=sarif-report.d.ts.map

package/dist/reporter/sarif-report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-report.d.ts","sourceRoot":"","sources":["../../src/reporter/sarif-report.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAY,MAAM,mBAAmB,CAAC;AAU9D,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAyE9D"}