circle-ir-ai 1.1.0

package/dist/cli/formatters/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Output Formatters
+ */
+import type { CircleIR, ProjectAnalysis } from 'circle-ir';
+import type { TwoPhaseProjectAnalysis } from '../../project/index.js';
+import type { OutputFormat } from '../args.js';
+/**
+ * Format single-file analysis output based on requested format.
+ */
+export declare function formatOutput(result: CircleIR, format: OutputFormat, filePath: string): string;
+/**
+ * Format project analysis output based on requested format.
+ */
+export declare function formatProjectOutput(result: ProjectAnalysis | TwoPhaseProjectAnalysis, format: OutputFormat): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/formatters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cli/formatters/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAS/C;;GAEG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,QAAQ,EAChB,MAAM,EAAE,YAAY,EACpB,QAAQ,EAAE,MAAM,GACf,MAAM,CAWR;AAWD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,eAAe,GAAG,uBAAuB,EACjD,MAAM,EAAE,YAAY,GACnB,MAAM,CAgBR"}

package/dist/cli/formatters/index.js

@@ -0,0 +1,51 @@
+/**
+ * Output Formatters
+ */
+import { formatJson } from './json.js';
+import { formatSummary } from './summary.js';
+import { formatSarif } from './sarif.js';
+import { formatProjectJson } from './project-json.js';
+import { formatProjectSummary } from './project-summary.js';
+import { formatProjectSarif } from './project-sarif.js';
+import { formatTwoPhaseProjectSummary } from './two-phase-summary.js';
+/**
+ * Format single-file analysis output based on requested format.
+ */
+export function formatOutput(result, format, filePath) {
+    switch (format) {
+        case 'json':
+            return formatJson(result);
+        case 'summary':
+            return formatSummary(result, filePath);
+        case 'sarif':
+            return formatSarif(result, filePath);
+        default:
+            return formatSummary(result, filePath);
+    }
+}
+/**
+ * Check if result is a two-phase analysis result.
+ */
+function isTwoPhaseResult(result) {
+    return 'enrichedFiles' in result && 'crossFileFlows' in result;
+}
+/**
+ * Format project analysis output based on requested format.
+ */
+export function formatProjectOutput(result, format) {
+    // Use two-phase formatter if applicable
+    if (isTwoPhaseResult(result) && format === 'summary') {
+        return formatTwoPhaseProjectSummary(result);
+    }
+    switch (format) {
+        case 'json':
+            return formatProjectJson(result);
+        case 'summary':
+            return formatProjectSummary(result);
+        case 'sarif':
+            return formatProjectSarif(result);
+        default:
+            return formatProjectSummary(result);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/cli/formatters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/cli/formatters/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC;AAEtE;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAgB,EAChB,MAAoB,EACpB,QAAgB;IAEhB,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5B,KAAK,SAAS;YACZ,OAAO,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzC,KAAK,OAAO;YACV,OAAO,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvC;YACE,OAAO,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,MAAiD;IAEjD,OAAO,eAAe,IAAI,MAAM,IAAI,gBAAgB,IAAI,MAAM,CAAC;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAiD,EACjD,MAAoB;IAEpB,wCAAwC;IACxC,IAAI,gBAAgB,CAAC,MAAM,CAAC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACrD,OAAO,4BAA4B,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACnC,KAAK,SAAS;YACZ,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACtC,KAAK,OAAO;YACV,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACpC;YACE,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;AACH,CAAC"}

package/dist/cli/formatters/json.d.ts

@@ -0,0 +1,11 @@
+/**
+ * JSON Formatter
+ *
+ * Outputs the full Circle-IR JSON.
+ */
+import type { CircleIR } from 'circle-ir';
+/**
+ * Format result as JSON.
+ */
+export declare function formatJson(result: CircleIR): string;
+//# sourceMappingURL=json.d.ts.map

package/dist/cli/formatters/json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.d.ts","sourceRoot":"","sources":["../../../src/cli/formatters/json.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAE1C;;GAEG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,QAAQ,GAAG,MAAM,CAEnD"}

package/dist/cli/formatters/json.js

@@ -0,0 +1,12 @@
+/**
+ * JSON Formatter
+ *
+ * Outputs the full Circle-IR JSON.
+ */
+/**
+ * Format result as JSON.
+ */
+export function formatJson(result) {
+    return JSON.stringify(result, null, 2);
+}
+//# sourceMappingURL=json.js.map

package/dist/cli/formatters/json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.js","sourceRoot":"","sources":["../../../src/cli/formatters/json.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,MAAgB;IACzC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/cli/formatters/project-json.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Project JSON Formatter
+ *
+ * Outputs the full project analysis as JSON.
+ */
+import type { ProjectAnalysis } from 'circle-ir';
+/**
+ * Format project result as JSON.
+ */
+export declare function formatProjectJson(result: ProjectAnalysis): string;
+//# sourceMappingURL=project-json.d.ts.map

package/dist/cli/formatters/project-json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-json.d.ts","sourceRoot":"","sources":["../../../src/cli/formatters/project-json.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAEjD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAEjE"}

package/dist/cli/formatters/project-json.js

@@ -0,0 +1,12 @@
+/**
+ * Project JSON Formatter
+ *
+ * Outputs the full project analysis as JSON.
+ */
+/**
+ * Format project result as JSON.
+ */
+export function formatProjectJson(result) {
+    return JSON.stringify(result, null, 2);
+}
+//# sourceMappingURL=project-json.js.map

package/dist/cli/formatters/project-json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-json.js","sourceRoot":"","sources":["../../../src/cli/formatters/project-json.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAuB;IACvD,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/cli/formatters/project-sarif.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Project SARIF Formatter
+ *
+ * Outputs project analysis results in SARIF format.
+ */
+import type { ProjectAnalysis } from 'circle-ir';
+/**
+ * Format project result as SARIF.
+ */
+export declare function formatProjectSarif(result: ProjectAnalysis): string;
+//# sourceMappingURL=project-sarif.d.ts.map

package/dist/cli/formatters/project-sarif.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-sarif.d.ts","sourceRoot":"","sources":["../../../src/cli/formatters/project-sarif.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAW,MAAM,WAAW,CAAC;AAa1D;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAqBlE"}

package/dist/cli/formatters/project-sarif.js

@@ -0,0 +1,127 @@
+/**
+ * Project SARIF Formatter
+ *
+ * Outputs project analysis results in SARIF format.
+ */
+import { getRuleInfo, getSarifLevel, SARIF_SCHEMA, SARIF_VERSION, TOOL_INFO, } from './sarif-shared.js';
+/**
+ * Format project result as SARIF.
+ */
+export function formatProjectSarif(result) {
+    const rules = buildRules(result.findings);
+    const results = buildResults(result);
+    const sarif = {
+        $schema: SARIF_SCHEMA,
+        version: SARIF_VERSION,
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        ...TOOL_INFO,
+                        rules,
+                    },
+                },
+                results,
+            },
+        ],
+    };
+    return JSON.stringify(sarif, null, 2);
+}
+/**
+ * Build SARIF rules from findings.
+ */
+function buildRules(findings) {
+    const ruleMap = new Map();
+    for (const finding of findings) {
+        if (!ruleMap.has(finding.cwe)) {
+            ruleMap.set(finding.cwe, buildRule(finding));
+        }
+    }
+    return Array.from(ruleMap.values());
+}
+/**
+ * Build a SARIF rule from a finding.
+ */
+function buildRule(finding) {
+    const ruleInfo = getRuleInfo(finding.type, finding.cwe);
+    return {
+        id: finding.cwe,
+        name: ruleInfo.name,
+        shortDescription: { text: ruleInfo.shortDescription },
+        fullDescription: { text: ruleInfo.fullDescription },
+        help: { text: finding.remediation },
+        properties: {
+            tags: ['security', finding.type],
+            security_severity: ruleInfo.severity,
+        },
+    };
+}
+/**
+ * Build SARIF results from project analysis.
+ */
+function buildResults(result) {
+    const sarifResults = [];
+    for (const finding of result.findings) {
+        const sarifResult = {
+            ruleId: finding.cwe,
+            level: getSarifLevel(finding.severity),
+            message: {
+                text: finding.explanation,
+            },
+            locations: [
+                {
+                    physicalLocation: {
+                        artifactLocation: {
+                            uri: finding.sink.file,
+                        },
+                        region: {
+                            startLine: finding.sink.line,
+                        },
+                    },
+                },
+            ],
+        };
+        // Add code flow if we have path information
+        if (finding.path && finding.path.length > 0) {
+            sarifResult.codeFlows = [
+                {
+                    threadFlows: [
+                        {
+                            locations: [
+                                // Source
+                                {
+                                    location: buildLocation(finding.source.file, finding.source.line),
+                                    state: { kind: 'source' },
+                                },
+                                // Intermediate hops
+                                ...finding.path.map(hop => ({
+                                    location: buildLocation(hop.file, hop.line),
+                                    state: { kind: 'passthrough' },
+                                })),
+                                // Sink
+                                {
+                                    location: buildLocation(finding.sink.file, finding.sink.line),
+                                    state: { kind: 'sink' },
+                                },
+                            ],
+                        },
+                    ],
+                },
+            ];
+        }
+        sarifResults.push(sarifResult);
+    }
+    return sarifResults;
+}
+/**
+ * Build a SARIF location.
+ */
+function buildLocation(uri, line) {
+    return {
+        physicalLocation: {
+            artifactLocation: { uri },
+            region: { startLine: line },
+        },
+    };
+}
+//# sourceMappingURL=project-sarif.js.map

package/dist/cli/formatters/project-sarif.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-sarif.js","sourceRoot":"","sources":["../../../src/cli/formatters/project-sarif.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAKL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,aAAa,EACb,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAuB;IACxD,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAErC,MAAM,KAAK,GAAa;QACtB,OAAO,EAAE,YAAY;QACrB,OAAO,EAAE,aAAa;QACtB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,GAAG,SAAS;wBACZ,KAAK;qBACN;iBACF;gBACD,OAAO;aACR;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,QAAmB;IACrC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,OAAgB;IACjC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAExD,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,GAAG;QACf,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,gBAAgB,EAAE;QACrD,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,eAAe,EAAE;QACnD,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE;YACV,IAAI,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC;YAChC,iBAAiB,EAAE,QAAQ,CAAC,QAAQ;SACrC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAuB;IAC3C,MAAM,YAAY,GAAkB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,WAAW,GAAgB;YAC/B,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;YACtC,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO,CAAC,WAAW;aAC1B;YACD,SAAS,EAAE;gBACT;oBACE,gBAAgB,EAAE;wBAChB,gBAAgB,EAAE;4BAChB,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;yBACvB;wBACD,MAAM,EAAE;4BACN,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;yBAC7B;qBACF;iBACF;aACF;SACF,CAAC;QAEF,4CAA4C;QAC5C,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,WAAW,CAAC,SAAS,GAAG;gBACtB;oBACE,WAAW,EAAE;wBACX;4BACE,SAAS,EAAE;gCACT,SAAS;gCACT;oCACE,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC;oCACjE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iCAC1B;gCACD,oBAAoB;gCACpB,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oCAC1B,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC;oCAC3C,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;iCAC/B,CAAC,CAAC;gCACH,OAAO;gCACP;oCACE,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;oCAC7D,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;iCACxB;6BACF;yBACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAED,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW,EAAE,IAAY;IAC9C,OAAO;QACL,gBAAgB,EAAE;YAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE;YACzB,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;SAC5B;KACF,CAAC;AACJ,CAAC"}

package/dist/cli/formatters/project-summary.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Project Summary Formatter
+ *
+ * Outputs a human-readable summary of project-level analysis.
+ */
+import type { ProjectAnalysis } from 'circle-ir';
+/**
+ * Format project analysis as human-readable summary.
+ */
+export declare function formatProjectSummary(result: ProjectAnalysis): string;
+//# sourceMappingURL=project-summary.d.ts.map

package/dist/cli/formatters/project-summary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-summary.d.ts","sourceRoot":"","sources":["../../../src/cli/formatters/project-summary.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAsB,MAAM,WAAW,CAAC;AAErE;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAwKpE"}

package/dist/cli/formatters/project-summary.js

@@ -0,0 +1,202 @@
+/**
+ * Project Summary Formatter
+ *
+ * Outputs a human-readable summary of project-level analysis.
+ */
+/**
+ * Format project analysis as human-readable summary.
+ */
+export function formatProjectSummary(result) {
+    const lines = [];
+    // Header
+    lines.push('');
+    lines.push('═'.repeat(70));
+    lines.push('  Circle-IR Project Analysis Report');
+    lines.push('═'.repeat(70));
+    lines.push('');
+    // Project info
+    lines.push(`Project: ${result.meta.name}`);
+    lines.push(`Root: ${result.meta.root}`);
+    lines.push(`Language: ${result.meta.language}`);
+    if (result.meta.framework) {
+        lines.push(`Framework: ${result.meta.framework}${result.meta.framework_version ? ` ${result.meta.framework_version}` : ''}`);
+    }
+    lines.push(`Total Files: ${result.meta.total_files}`);
+    lines.push(`Total Lines: ${result.meta.total_loc}`);
+    lines.push(`Analyzed: ${result.meta.analyzed_at}`);
+    lines.push('');
+    // Type hierarchy summary
+    lines.push('─'.repeat(70));
+    lines.push('Type Hierarchy');
+    lines.push('─'.repeat(70));
+    const classCount = Object.keys(result.type_hierarchy.classes).length;
+    const interfaceCount = Object.keys(result.type_hierarchy.interfaces).length;
+    lines.push(`  Classes: ${classCount}`);
+    lines.push(`  Interfaces: ${interfaceCount}`);
+    // Show inheritance if any
+    const classesWithParent = Object.values(result.type_hierarchy.classes).filter(c => c.extends);
+    if (classesWithParent.length > 0) {
+        lines.push(`  Classes with inheritance: ${classesWithParent.length}`);
+    }
+    const classesWithInterfaces = Object.values(result.type_hierarchy.classes).filter(c => c.implements.length > 0);
+    if (classesWithInterfaces.length > 0) {
+        lines.push(`  Classes implementing interfaces: ${classesWithInterfaces.length}`);
+    }
+    lines.push('');
+    // Cross-file calls
+    lines.push('─'.repeat(70));
+    lines.push('Cross-File Dependencies');
+    lines.push('─'.repeat(70));
+    if (result.cross_file_calls.length === 0) {
+        lines.push('  No cross-file calls detected');
+    }
+    else {
+        lines.push(`  Total cross-file calls: ${result.cross_file_calls.length}`);
+        // Group by caller file
+        const byCallerFile = groupBy(result.cross_file_calls, c => c.from.file);
+        const topCallers = Object.entries(byCallerFile)
+            .sort((a, b) => b[1].length - a[1].length)
+            .slice(0, 5);
+        if (topCallers.length > 0) {
+            lines.push('  Top files making external calls:');
+            for (const [file, calls] of topCallers) {
+                lines.push(`    - ${file}: ${calls.length} call(s)`);
+            }
+        }
+    }
+    lines.push('');
+    // Taint analysis summary
+    lines.push('─'.repeat(70));
+    lines.push('Taint Analysis');
+    lines.push('─'.repeat(70));
+    // Count sources and sinks across files
+    let totalSources = 0;
+    let totalSinks = 0;
+    for (const file of result.files) {
+        totalSources += file.analysis.taint.sources.length;
+        totalSinks += file.analysis.taint.sinks.length;
+    }
+    lines.push(`  Total sources: ${totalSources}`);
+    lines.push(`  Total sinks: ${totalSinks}`);
+    lines.push(`  Cross-file taint paths: ${result.taint_paths.length}`);
+    lines.push('');
+    // Taint paths detail
+    if (result.taint_paths.length > 0) {
+        lines.push('─'.repeat(70));
+        lines.push('Cross-File Taint Paths');
+        lines.push('─'.repeat(70));
+        for (const path of result.taint_paths.slice(0, 10)) {
+            lines.push(formatTaintPath(path));
+        }
+        if (result.taint_paths.length > 10) {
+            lines.push(`  ... and ${result.taint_paths.length - 10} more path(s)`);
+        }
+        lines.push('');
+    }
+    // Findings
+    lines.push('─'.repeat(70));
+    lines.push('Security Findings');
+    lines.push('─'.repeat(70));
+    if (result.findings.length === 0) {
+        lines.push('  No security findings');
+    }
+    else {
+        // Group by severity
+        const bySeverity = groupBy(result.findings, f => f.severity);
+        const critical = bySeverity['critical'] || [];
+        const high = bySeverity['high'] || [];
+        const medium = bySeverity['medium'] || [];
+        const low = bySeverity['low'] || [];
+        lines.push(`  Critical: ${critical.length}`);
+        lines.push(`  High: ${high.length}`);
+        lines.push(`  Medium: ${medium.length}`);
+        lines.push(`  Low: ${low.length}`);
+        lines.push('');
+        // Show findings
+        for (const finding of result.findings.slice(0, 15)) {
+            lines.push(formatFinding(finding));
+        }
+        if (result.findings.length > 15) {
+            lines.push(`  ... and ${result.findings.length - 15} more finding(s)`);
+        }
+    }
+    lines.push('');
+    // Per-file summary
+    lines.push('─'.repeat(70));
+    lines.push('Per-File Summary');
+    lines.push('─'.repeat(70));
+    // Sort files by number of sinks (most vulnerable first)
+    const filesBySinks = [...result.files].sort((a, b) => b.analysis.taint.sinks.length - a.analysis.taint.sinks.length);
+    for (const file of filesBySinks.slice(0, 10)) {
+        const sources = file.analysis.taint.sources.length;
+        const sinks = file.analysis.taint.sinks.length;
+        if (sources > 0 || sinks > 0) {
+            lines.push(`  ${file.file}: ${sources} source(s), ${sinks} sink(s)`);
+        }
+    }
+    if (filesBySinks.length > 10) {
+        const remaining = filesBySinks.slice(10).filter(f => f.analysis.taint.sources.length > 0 || f.analysis.taint.sinks.length > 0);
+        if (remaining.length > 0) {
+            lines.push(`  ... and ${remaining.length} more file(s) with findings`);
+        }
+    }
+    lines.push('');
+    // Summary
+    lines.push('═'.repeat(70));
+    lines.push(`Summary: ${result.meta.total_files} files, ${result.findings.length} findings, ${result.taint_paths.length} taint paths`);
+    lines.push('═'.repeat(70));
+    lines.push('');
+    return lines.join('\n');
+}
+/**
+ * Format a single taint path.
+ */
+function formatTaintPath(path) {
+    const sanitized = path.sanitizers_in_path.length > 0 ? ' [SANITIZED]' : '';
+    const confidence = Math.round(path.confidence * 100);
+    return `  [${path.sink.cwe}] ${path.source.file}:${path.source.line} → ${path.sink.file}:${path.sink.line}${sanitized} (${confidence}% confidence)
+    Source: ${path.source.type} - ${path.source.code || 'N/A'}
+    Sink: ${path.sink.type} - ${path.sink.code || 'N/A'}`;
+}
+/**
+ * Format a single finding.
+ */
+function formatFinding(finding) {
+    const severity = formatSeverity(finding.severity);
+    const exploitable = finding.exploitable ? ' [EXPLOITABLE]' : '';
+    return `  ${severity} [${finding.cwe}] ${finding.type}${exploitable}
+    Source: ${finding.source.file}:${finding.source.line}
+    Sink: ${finding.sink.file}:${finding.sink.line}
+    ${finding.explanation}`;
+}
+/**
+ * Format severity with indicator.
+ */
+function formatSeverity(severity) {
+    switch (severity) {
+        case 'critical':
+            return '[!!!!]';
+        case 'high':
+            return '[!!! ]';
+        case 'medium':
+            return '[!!  ]';
+        case 'low':
+            return '[!   ]';
+        default:
+            return '[    ]';
+    }
+}
+/**
+ * Group array by key function.
+ */
+function groupBy(array, keyFn) {
+    return array.reduce((result, item) => {
+        const key = keyFn(item);
+        if (!result[key]) {
+            result[key] = [];
+        }
+        result[key].push(item);
+        return result;
+    }, {});
+}
+//# sourceMappingURL=project-summary.js.map

package/dist/cli/formatters/project-summary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-summary.js","sourceRoot":"","sources":["../../../src/cli/formatters/project-summary.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAuB;IAC1D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,eAAe;IACf,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAChD,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/H,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,yBAAyB;IACzB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC;IAC5E,KAAK,CAAC,IAAI,CAAC,cAAc,UAAU,EAAE,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,iBAAiB,cAAc,EAAE,CAAC,CAAC;IAE9C,0BAA0B;IAC1B,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9F,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,+BAA+B,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChH,IAAI,qBAAqB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,sCAAsC,qBAAqB,CAAC,MAAM,EAAE,CAAC,CAAC;IACnF,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,mBAAmB;IACnB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;QAE1E,uBAAuB;QACvB,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxE,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;aACzC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAEf,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACjD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,UAAU,EAAE,CAAC;gBACvC,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,KAAK,CAAC,MAAM,UAAU,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,yBAAyB;IACzB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,uCAAuC;IACvC,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,YAAY,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QACnD,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,oBAAoB,YAAY,EAAE,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,kBAAkB,UAAU,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,qBAAqB;IACrB,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAE3B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,eAAe,CAAC,CAAC;QACzE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,WAAW;IACX,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,oBAAoB;QACpB,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE7D,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAEpC,KAAK,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,gBAAgB;QAChB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,kBAAkB,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,mBAAmB;IACnB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,wDAAwD;IACxD,MAAM,YAAY,GAAG,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACzC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CACxE,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;QAC/C,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,eAAe,KAAK,UAAU,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAC7C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAC9E,CAAC;QACF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,aAAa,SAAS,CAAC,MAAM,6BAA6B,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,CAAC,WAAW,WAAW,MAAM,CAAC,QAAQ,CAAC,MAAM,cAAc,MAAM,CAAC,WAAW,CAAC,MAAM,cAAc,CAAC,CAAC;IACtI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAe;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3E,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;IAErD,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,SAAS,KAAK,UAAU;cACxH,IAAI,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,KAAK;YACjD,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,KAAK,EAAE,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,OAAgB;IACrC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhE,OAAO,KAAK,QAAQ,KAAK,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,IAAI,GAAG,WAAW;cACvD,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI;YAC5C,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI;MAC5C,OAAO,CAAC,WAAW,EAAE,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,QAAQ,CAAC;QAClB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,QAAQ,CAAC;IACpB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAI,KAAU,EAAE,KAA0B;IACxD,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;QACnC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACjB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QACnB,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,OAAO,MAAM,CAAC;IAChB,CAAC,EAAE,EAAyB,CAAC,CAAC;AAChC,CAAC"}

package/dist/cli/formatters/sarif-shared.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Shared SARIF types and utilities
+ *
+ * Common interfaces and functions used by both sarif.ts and project-sarif.ts formatters.
+ */
+export interface SarifLog {
+    $schema: string;
+    version: string;
+    runs: SarifRun[];
+}
+export interface SarifRun {
+    tool: {
+        driver: {
+            name: string;
+            version: string;
+            informationUri: string;
+            rules: SarifRule[];
+        };
+    };
+    results: SarifResult[];
+}
+export interface SarifRule {
+    id: string;
+    name: string;
+    shortDescription: {
+        text: string;
+    };
+    fullDescription: {
+        text: string;
+    };
+    help: {
+        text: string;
+    };
+    properties: {
+        tags: string[];
+        security_severity: string;
+    };
+}
+export interface SarifResult {
+    ruleId: string;
+    level: 'error' | 'warning' | 'note';
+    message: {
+        text: string;
+    };
+    locations: SarifLocation[];
+    codeFlows?: SarifCodeFlow[];
+}
+export interface SarifLocation {
+    physicalLocation: {
+        artifactLocation: {
+            uri: string;
+        };
+        region: {
+            startLine: number;
+        };
+    };
+}
+export interface SarifCodeFlow {
+    threadFlows: SarifThreadFlow[];
+}
+export interface SarifThreadFlow {
+    locations: SarifThreadFlowLocation[];
+}
+export interface SarifThreadFlowLocation {
+    location: SarifLocation;
+    state?: Record<string, string>;
+}
+export interface RuleInfo {
+    name: string;
+    shortDescription: string;
+    fullDescription: string;
+    remediation: string;
+    severity: string;
+    severityLevel: string;
+}
+/**
+ * Get rule information for a vulnerability type.
+ * Delegates to the central rules module for consistent definitions.
+ */
+export declare function getRuleInfo(type: string, _cwe: string): RuleInfo;
+/**
+ * Convert severity level to SARIF level.
+ */
+export declare function getSarifLevel(severity: string): 'error' | 'warning' | 'note';
+/**
+ * SARIF schema URL.
+ */
+export declare const SARIF_SCHEMA = "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json";
+/**
+ * SARIF version.
+ */
+export declare const SARIF_VERSION = "2.1.0";
+/**
+ * Tool information.
+ */
+export declare const TOOL_INFO: {
+    name: string;
+    version: string;
+    informationUri: string;
+};
+//# sourceMappingURL=sarif-shared.d.ts.map

package/dist/cli/formatters/sarif-shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-shared.d.ts","sourceRoot":"","sources":["../../../src/cli/formatters/sarif-shared.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,QAAQ,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE;QACJ,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,SAAS,EAAE,CAAC;SACpB,CAAC;KACH,CAAC;IACF,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACnC,eAAe,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAClC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,UAAU,EAAE;QACV,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACpC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,SAAS,EAAE,aAAa,EAAE,CAAC;IAC3B,SAAS,CAAC,EAAE,aAAa,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,gBAAgB,EAAE;QAChB,gBAAgB,EAAE;YAChB,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;QACF,MAAM,EAAE;YACN,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,eAAe,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,uBAAuB,EAAE,CAAC;CACtC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAMD,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,QAAQ,CAUhE;AAMD;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAY5E;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,mGAAmG,CAAC;AAE7H;;GAEG;AACH,eAAO,MAAM,aAAa,UAAU,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,SAAS;;;;CAIrB,CAAC"}