clawhatch 0.1.0

package/dist/notify.js

@@ -0,0 +1,217 @@
+/**
+ * Notification system for Clawhatch security scanner.
+ * Supports Discord, Slack, and generic webhook alerts.
+ */
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { join, dirname } from "node:path";
+const SEVERITY_ORDER = {
+    CRITICAL: 0,
+    HIGH: 1,
+    MEDIUM: 2,
+    LOW: 3,
+};
+/**
+ * Load clawhatch.json from the openclaw directory.
+ */
+export async function loadNotifyConfig(openclawDir) {
+    try {
+        const raw = await readFile(join(openclawDir, "clawhatch.json"), "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Save (merge) clawhatch.json in the openclaw directory.
+ */
+export async function saveNotifyConfig(openclawDir, config) {
+    const filePath = join(openclawDir, "clawhatch.json");
+    let existing = {};
+    try {
+        const raw = await readFile(filePath, "utf-8");
+        existing = JSON.parse(raw);
+    }
+    catch {
+        // File doesn't exist or is invalid — start fresh
+    }
+    const merged = {
+        ...existing,
+        ...config,
+        notify: {
+            ...existing.notify,
+            ...config.notify,
+        },
+    };
+    await mkdir(dirname(filePath), { recursive: true });
+    await writeFile(filePath, JSON.stringify(merged, null, 2) + "\n", "utf-8");
+}
+/**
+ * Build webhook alerts from scan results, filtered by severity threshold.
+ */
+export function buildAlerts(result, feed, threshold) {
+    const thresholdLevel = SEVERITY_ORDER[threshold.toUpperCase()] ?? 0;
+    const filtered = result.findings.filter((f) => (SEVERITY_ORDER[f.severity] ?? 3) <= thresholdLevel);
+    const alerts = filtered.map((f) => {
+        const alert = {
+            checkId: f.id,
+            severity: f.severity,
+            title: f.title,
+            description: f.description,
+        };
+        if (feed) {
+            const match = feed.topThreats.find((t) => t.id === f.id) ??
+                feed.newThreats.find((t) => t.id === f.id);
+            if (match) {
+                alert.communityFrequency = match.frequency;
+                alert.trending = match.trending;
+            }
+        }
+        return alert;
+    });
+    alerts.sort((a, b) => (SEVERITY_ORDER[a.severity] ?? 3) - (SEVERITY_ORDER[b.severity] ?? 3));
+    return alerts;
+}
+function isDiscord(url) {
+    return url.includes("discord.com/api/webhooks");
+}
+function isSlack(url) {
+    return url.includes("hooks.slack.com");
+}
+function severityEmoji(severity) {
+    switch (severity) {
+        case "CRITICAL":
+            return ":rotating_light:";
+        case "HIGH":
+            return ":warning:";
+        case "MEDIUM":
+            return ":large_yellow_circle:";
+        default:
+            return ":white_circle:";
+    }
+}
+function severityColor(severity) {
+    switch (severity) {
+        case "CRITICAL":
+            return 16711680; // red
+        case "HIGH":
+            return 16776960; // yellow
+        case "MEDIUM":
+            return 16744448; // orange
+        default:
+            return 8421504; // grey
+    }
+}
+function worstSeverity(alerts) {
+    if (alerts.length === 0)
+        return "LOW";
+    return alerts[0].severity; // already sorted CRITICAL first
+}
+function buildDiscordPayload(alerts, score) {
+    return {
+        embeds: [
+            {
+                title: "Clawhatch Security Alert",
+                description: `Score: ${score}/100`,
+                color: severityColor(worstSeverity(alerts)),
+                fields: alerts.map((a) => ({
+                    name: `${a.severity}: ${a.title}`,
+                    value: a.description,
+                    inline: false,
+                })),
+                footer: { text: "Clawhatch Community Threat Intelligence" },
+            },
+        ],
+    };
+}
+function buildSlackPayload(alerts, score) {
+    const blocks = [
+        {
+            type: "header",
+            text: { type: "plain_text", text: "Clawhatch Security Alert" },
+        },
+        {
+            type: "section",
+            text: { type: "mrkdwn", text: `*Score:* ${score}/100` },
+        },
+        ...alerts.map((a) => ({
+            type: "section",
+            text: {
+                type: "mrkdwn",
+                text: `${severityEmoji(a.severity)} *${a.severity}: ${a.title}*\n${a.description}`,
+            },
+        })),
+    ];
+    return { blocks };
+}
+function buildGenericPayload(alerts, score) {
+    return {
+        alerts,
+        score,
+        timestamp: new Date().toISOString(),
+    };
+}
+/**
+ * Send webhook alerts to a Discord, Slack, or generic endpoint.
+ * Returns true on 2xx, false otherwise. Never throws.
+ */
+export async function sendWebhookAlert(webhookUrl, alerts, score) {
+    let payload;
+    if (isDiscord(webhookUrl)) {
+        payload = buildDiscordPayload(alerts, score);
+    }
+    else if (isSlack(webhookUrl)) {
+        payload = buildSlackPayload(alerts, score);
+    }
+    else {
+        payload = buildGenericPayload(alerts, score);
+    }
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5000);
+        const res = await fetch(webhookUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+            signal: controller.signal,
+        });
+        clearTimeout(timeout);
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Send a test message to verify the webhook is working.
+ * Returns true on 2xx, false otherwise. Never throws.
+ */
+export async function sendTestAlert(webhookUrl) {
+    const message = "Clawhatch alert subscription confirmed. You will receive security alerts here.";
+    let payload;
+    if (isDiscord(webhookUrl)) {
+        payload = { content: message };
+    }
+    else if (isSlack(webhookUrl)) {
+        payload = { text: message };
+    }
+    else {
+        payload = { type: "test", message };
+    }
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5000);
+        const res = await fetch(webhookUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+            signal: controller.signal,
+        });
+        clearTimeout(timeout);
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=notify.js.map

package/dist/notify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notify.js","sourceRoot":"","sources":["../src/notify.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAS1C,MAAM,cAAc,GAA2B;IAC7C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,EAAE,OAAO,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,WAAmB,EACnB,MAAuB;IAEvB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACrD,IAAI,QAAQ,GAAoB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,MAAM,MAAM,GAAoB;QAC9B,GAAG,QAAQ;QACX,GAAG,MAAM;QACT,MAAM,EAAE;YACN,GAAG,QAAQ,CAAC,MAAM;YAClB,GAAG,MAAM,CAAC,MAAM;SACjB;KACF,CAAC;IAEF,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,MAAkB,EAClB,IAAuB,EACvB,SAAiB;IAEjB,MAAM,cAAc,GAAG,cAAc,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;IAEpE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,cAAc,CAC3D,CAAC;IAEF,MAAM,MAAM,GAAmB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,KAAK,GAAiB;YAC1B,OAAO,EAAE,CAAC,CAAC,EAAE;YACb,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC;QAEF,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,KAAK,GACT,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,CAAC,kBAAkB,GAAG,KAAK,CAAC,SAAS,CAAC;gBAC3C,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;YAClC,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CACT,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CACxE,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,kBAAkB,CAAC;QAC5B,KAAK,MAAM;YACT,OAAO,WAAW,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,uBAAuB,CAAC;QACjC;YACE,OAAO,gBAAgB,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC,CAAC,MAAM;QACzB,KAAK,MAAM;YACT,OAAO,QAAQ,CAAC,CAAC,SAAS;QAC5B,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC,CAAC,SAAS;QAC5B;YACE,OAAO,OAAO,CAAC,CAAC,OAAO;IAC3B,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAsB;IAC3C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,gCAAgC;AAC7D,CAAC;AAED,SAAS,mBAAmB,CAC1B,MAAsB,EACtB,KAAa;IAEb,OAAO;QACL,MAAM,EAAE;YACN;gBACE,KAAK,EAAE,0BAA0B;gBACjC,WAAW,EAAE,UAAU,KAAK,MAAM;gBAClC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzB,IAAI,EAAE,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,EAAE;oBACjC,KAAK,EAAE,CAAC,CAAC,WAAW;oBACpB,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC;gBACH,MAAM,EAAE,EAAE,IAAI,EAAE,yCAAyC,EAAE;aAC5D;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAsB,EACtB,KAAa;IAEb,MAAM,MAAM,GAA8B;QACxC;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,0BAA0B,EAAE;SAC/D;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,MAAM,EAAE;SACxD;QACD,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpB,IAAI,EAAE,SAAS;YACf,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,WAAW,EAAE;aACnF;SACF,CAAC,CAAC;KACJ,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,CAAC;AACpB,CAAC;AAED,SAAS,mBAAmB,CAC1B,MAAsB,EACtB,KAAa;IAEb,OAAO;QACL,MAAM;QACN,KAAK;QACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAkB,EAClB,MAAsB,EACtB,KAAa;IAEb,IAAI,OAAgC,CAAC;IAErC,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1B,OAAO,GAAG,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,GAAG,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAE3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,UAAkB;IACpD,MAAM,OAAO,GACX,gFAAgF,CAAC;IAEnF,IAAI,OAAgC,CAAC;IAErC,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1B,OAAO,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IACjC,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACtC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAE3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/parsers/config.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Parser for openclaw.json (JSON5 format).
+ */
+import type { OpenClawConfig } from "../types.js";
+/**
+ * Check for exotic JSON5 values that could be unexpected.
+ * JSON5 allows Infinity, -Infinity, NaN, and hexadecimal literals.
+ * These are usually unintentional and may cause issues.
+ */
+export declare function checkExoticValues(raw: string): string[];
+export declare function parseConfig(configPath: string): Promise<OpenClawConfig | null>;
+/**
+ * Read raw config text (for regex-based secret scanning).
+ */
+export declare function readConfigRaw(configPath: string): Promise<string | null>;
+//# sourceMappingURL=config.d.ts.map

package/dist/parsers/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/parsers/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAmBvD;AAED,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAchC;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAMxB"}

package/dist/parsers/config.js

@@ -0,0 +1,54 @@
+/**
+ * Parser for openclaw.json (JSON5 format).
+ */
+import { readFile } from "node:fs/promises";
+import JSON5 from "json5";
+/**
+ * Check for exotic JSON5 values that could be unexpected.
+ * JSON5 allows Infinity, -Infinity, NaN, and hexadecimal literals.
+ * These are usually unintentional and may cause issues.
+ */
+export function checkExoticValues(raw) {
+    const warnings = [];
+    // Check for Infinity, -Infinity, NaN (as unquoted values)
+    if (/:\s*Infinity\b/.test(raw)) {
+        warnings.push("Config contains 'Infinity' value — this may be unintentional");
+    }
+    if (/:\s*-Infinity\b/.test(raw)) {
+        warnings.push("Config contains '-Infinity' value — this may be unintentional");
+    }
+    if (/:\s*NaN\b/.test(raw)) {
+        warnings.push("Config contains 'NaN' value — this may be unintentional");
+    }
+    // Check for hexadecimal literals (0x...)
+    if (/:\s*0x[0-9a-fA-F]+/.test(raw)) {
+        warnings.push("Config contains hexadecimal literal — consider using decimal notation for clarity");
+    }
+    return warnings;
+}
+export async function parseConfig(configPath) {
+    try {
+        const raw = await readFile(configPath, "utf-8");
+        // FIX: Check for exotic JSON5 values and log warnings
+        const warnings = checkExoticValues(raw);
+        for (const warning of warnings) {
+            console.error(`  Warning: ${warning}`);
+        }
+        return JSON5.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Read raw config text (for regex-based secret scanning).
+ */
+export async function readConfigRaw(configPath) {
+    try {
+        return await readFile(configPath, "utf-8");
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/parsers/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/parsers/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,0DAA0D;IAC1D,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;IAC3E,CAAC;IACD,yCAAyC;IACzC,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC;IACrG,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEhD,sDAAsD;QACtD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;QACxC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC;QAED,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAkB;IAElB,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/parsers/env.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Parser for .env files.
+ */
+import type { EnvVars } from "../types.js";
+export declare function parseEnv(envPath: string): Promise<EnvVars | null>;
+//# sourceMappingURL=env.d.ts.map

package/dist/parsers/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/parsers/env.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,wBAAsB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAkCvE"}

package/dist/parsers/env.js

@@ -0,0 +1,35 @@
+/**
+ * Parser for .env files.
+ */
+import { readFile } from "node:fs/promises";
+export async function parseEnv(envPath) {
+    try {
+        const raw = await readFile(envPath, "utf-8");
+        const vars = {};
+        for (const line of raw.split("\n")) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#"))
+                continue;
+            const eqIndex = trimmed.indexOf("=");
+            if (eqIndex === -1)
+                continue;
+            // FIX: Strip leading "export " prefix common in .env files (e.g., "export KEY=value")
+            let key = trimmed.slice(0, eqIndex).trim();
+            if (key.startsWith("export ")) {
+                key = key.slice(7).trim();
+            }
+            let value = trimmed.slice(eqIndex + 1).trim();
+            // Strip surrounding quotes
+            if ((value.startsWith('"') && value.endsWith('"')) ||
+                (value.startsWith("'") && value.endsWith("'"))) {
+                value = value.slice(1, -1);
+            }
+            vars[key] = value;
+        }
+        return vars;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=env.js.map

package/dist/parsers/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/parsers/env.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAe;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAY,EAAE,CAAC;QAEzB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAElD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,OAAO,KAAK,CAAC,CAAC;gBAAE,SAAS;YAE7B,sFAAsF;YACtF,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,CAAC;YACD,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE9C,2BAA2B;YAC3B,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;gBACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7B,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/parsers/jsonl.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Parser for JSONL session log files.
+ * Caps reading at 1MB or 1000 lines to prevent scanner hanging on large files.
+ */
+import type { SessionEntry } from "../types.js";
+export interface JsonlParseResult {
+    entries: SessionEntry[];
+    truncated: boolean;
+    totalSizeBytes: number;
+}
+export declare function parseJsonl(filePath: string, deep?: boolean): Promise<JsonlParseResult>;
+//# sourceMappingURL=jsonl.d.ts.map

package/dist/parsers/jsonl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jsonl.d.ts","sourceRoot":"","sources":["../../src/parsers/jsonl.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAOhD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,SAAS,EAAE,OAAO,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAChB,IAAI,GAAE,OAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAoD3B"}

package/dist/parsers/jsonl.js

@@ -0,0 +1,61 @@
+/**
+ * Parser for JSONL session log files.
+ * Caps reading at 1MB or 1000 lines to prevent scanner hanging on large files.
+ */
+import { readFile, stat } from "node:fs/promises";
+const MAX_BYTES = 1_048_576; // 1MB
+const MAX_LINES = 1000;
+// FIX: Hard cap for deep mode to prevent OOM on enormous session logs
+const DEEP_MAX_BYTES = 50 * 1_048_576; // 50MB
+export async function parseJsonl(filePath, deep = false) {
+    const fileStat = await stat(filePath);
+    const totalSizeBytes = fileStat.size;
+    // FIX: Even in deep mode, cap at 50MB to prevent OOM
+    const byteLimit = deep ? DEEP_MAX_BYTES : MAX_BYTES;
+    let raw;
+    if (totalSizeBytes > byteLimit) {
+        // Read only the first 1MB
+        // FIX: Don't set encoding on stream — read as Buffer for accurate byte counting,
+        // then convert to string at the end. With encoding: "utf-8", chunk.length gives
+        // character count not byte count, which could over-read for multi-byte content.
+        const { createReadStream } = await import("node:fs");
+        raw = await new Promise((resolve, reject) => {
+            const chunks = [];
+            let bytesRead = 0;
+            const stream = createReadStream(filePath, {
+                highWaterMark: 64 * 1024,
+            });
+            stream.on("data", (chunk) => {
+                const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+                bytesRead += buf.length;
+                chunks.push(buf);
+                if (bytesRead >= byteLimit) {
+                    stream.destroy();
+                }
+            });
+            stream.on("close", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+            stream.on("error", reject);
+        });
+    }
+    else {
+        raw = await readFile(filePath, "utf-8");
+    }
+    const lines = raw.split("\n");
+    const maxLines = deep ? lines.length : MAX_LINES;
+    const entries = [];
+    // FIX: Also flag truncation in deep mode if we hit the 50MB cap
+    const truncated = totalSizeBytes > byteLimit || (!deep && lines.length > MAX_LINES);
+    for (let i = 0; i < Math.min(lines.length, maxLines); i++) {
+        const line = lines[i].trim();
+        if (!line)
+            continue;
+        try {
+            entries.push(JSON.parse(line));
+        }
+        catch {
+            // Skip malformed lines
+        }
+    }
+    return { entries, truncated, totalSizeBytes };
+}
+//# sourceMappingURL=jsonl.js.map

package/dist/parsers/jsonl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jsonl.js","sourceRoot":"","sources":["../../src/parsers/jsonl.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAGlD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,MAAM;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC;AACvB,sEAAsE;AACtE,MAAM,cAAc,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,OAAO;AAQ9C,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,OAAgB,KAAK;IAErB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC;IAErC,qDAAqD;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpD,IAAI,GAAW,CAAC;IAChB,IAAI,cAAc,GAAG,SAAS,EAAE,CAAC;QAC/B,0BAA0B;QAC1B,iFAAiF;QACjF,gFAAgF;QAChF,gFAAgF;QAChF,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;QACrD,GAAG,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE;gBACxC,aAAa,EAAE,EAAE,GAAG,IAAI;aACzB,CAAC,CAAC;YACH,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;gBAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAChE,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC;gBACxB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjB,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;oBAC3B,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,CAAC;YACH,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAC3E,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACjD,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,gEAAgE;IAChE,MAAM,SAAS,GAAG,cAAc,GAAG,SAAS,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IAEpF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC;AAChD,CAAC"}

package/dist/parsers/markdown.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Scanner for markdown files (SOUL.md, AGENTS.md, TOOLS.md, etc.)
+ * Looks for secrets, API keys, and sensitive patterns.
+ */
+export interface MarkdownScanResult {
+    filePath: string;
+    content: string;
+    secretMatches: SecretMatch[];
+}
+export interface SecretMatch {
+    pattern: string;
+    line: number;
+    /** Masked preview — never the full secret */
+    preview: string;
+}
+export declare function scanMarkdown(filePath: string): Promise<MarkdownScanResult>;
+//# sourceMappingURL=markdown.d.ts.map

package/dist/parsers/markdown.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"markdown.d.ts","sourceRoot":"","sources":["../../src/parsers/markdown.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,WAAW,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;CACjB;AA8BD,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,CAAC,CA6B7B"}

package/dist/parsers/markdown.js

@@ -0,0 +1,57 @@
+/**
+ * Scanner for markdown files (SOUL.md, AGENTS.md, TOOLS.md, etc.)
+ * Looks for secrets, API keys, and sensitive patterns.
+ */
+import { readFile } from "node:fs/promises";
+/**
+ * Regex patterns for common API keys and secrets.
+ * Each pattern has a name and a regex that matches likely secret values.
+ */
+const SECRET_PATTERNS = [
+    // Generic API key patterns
+    { name: "Generic API Key", regex: /(?:api[_-]?key|apikey)\s*[:=]\s*["']?([a-zA-Z0-9_\-]{20,})["']?/gi },
+    { name: "Generic Secret", regex: /(?:secret|password|passwd|token)\s*[:=]\s*["']?([a-zA-Z0-9_\-]{16,})["']?/gi },
+    // Specific provider patterns
+    { name: "OpenAI Key", regex: /sk-[a-zA-Z0-9]{32,}/g },
+    { name: "Anthropic Key", regex: /sk-ant-[a-zA-Z0-9\-]{32,}/g },
+    { name: "Google AI Key", regex: /AIza[a-zA-Z0-9_\-]{35}/g },
+    { name: "Gemini Key", regex: /(?:gemini|google)[_-]?(?:api[_-]?)?key\s*[:=]\s*["']?([a-zA-Z0-9_\-]{20,})["']?/gi },
+    { name: "AWS Access Key", regex: /AKIA[A-Z0-9]{16}/g },
+    { name: "AWS Secret Key", regex: /(?:aws[_-]?secret|aws[_-]?secret[_-]?access[_-]?key)\s*[:=]\s*["']?([a-zA-Z0-9/+=]{40})["']?/gi },
+    { name: "Stripe Key", regex: /(?:sk|pk)_(?:live|test)_[a-zA-Z0-9]{20,}/g },
+    { name: "GitHub Token", regex: /(?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,}/g },
+    { name: "Slack Token", regex: /xox[bpras]-[a-zA-Z0-9\-]{10,}/g },
+    { name: "Discord Token", regex: /[MN][a-zA-Z0-9]{23,}\.[a-zA-Z0-9_-]{6}\.[a-zA-Z0-9_-]{27,}/g },
+    { name: "Telegram Bot Token", regex: /\d{8,10}:[a-zA-Z0-9_-]{35}/g },
+    { name: "Private Key Block", regex: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/g },
+    { name: "Bearer Token", regex: /(?:bearer|authorization)\s*[:=]\s*["']?bearer\s+([a-zA-Z0-9_\-.]{20,})["']?/gi },
+    // High-entropy hex strings (potential keys)
+    { name: "Hex Secret (64 chars)", regex: /(?:key|secret|token|hash)\s*[:=]\s*["']?([0-9a-f]{64})["']?/gi },
+];
+export async function scanMarkdown(filePath) {
+    const content = await readFile(filePath, "utf-8");
+    const lines = content.split("\n");
+    const secretMatches = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const { name, regex } of SECRET_PATTERNS) {
+            // Reset regex lastIndex for global patterns
+            regex.lastIndex = 0;
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                const fullMatch = match[0];
+                // Mask the match — show first 8 chars + "..."
+                const preview = fullMatch.length > 12
+                    ? fullMatch.slice(0, 8) + "..." + fullMatch.slice(-4)
+                    : fullMatch.slice(0, 4) + "****";
+                secretMatches.push({
+                    pattern: name,
+                    line: i + 1,
+                    preview,
+                });
+            }
+        }
+    }
+    return { filePath, content, secretMatches };
+}
+//# sourceMappingURL=markdown.js.map

package/dist/parsers/markdown.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"markdown.js","sourceRoot":"","sources":["../../src/parsers/markdown.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAe5C;;;GAGG;AACH,MAAM,eAAe,GAA2C;IAC9D,2BAA2B;IAC3B,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,mEAAmE,EAAE;IACvG,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,6EAA6E,EAAE;IAEhH,6BAA6B;IAC7B,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,sBAAsB,EAAE;IACrD,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,4BAA4B,EAAE;IAC9D,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,yBAAyB,EAAE;IAC3D,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,mFAAmF,EAAE;IAClH,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,mBAAmB,EAAE;IACtD,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,gGAAgG,EAAE;IACnI,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,2CAA2C,EAAE;IAC1E,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,2CAA2C,EAAE;IAC5E,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,gCAAgC,EAAE;IAChE,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,6DAA6D,EAAE;IAC/F,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,6BAA6B,EAAE;IACpE,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,gDAAgD,EAAE;IACtF,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,+EAA+E,EAAE;IAEhH,4CAA4C;IAC5C,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,+DAA+D,EAAE;CAC1G,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB;IAEhB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,aAAa,GAAkB,EAAE,CAAC;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,KAAK,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,eAAe,EAAE,CAAC;YAC9C,4CAA4C;YAC5C,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YACpB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,8CAA8C;gBAC9C,MAAM,OAAO,GACX,SAAS,CAAC,MAAM,GAAG,EAAE;oBACnB,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACrD,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC;gBAErC,aAAa,CAAC,IAAI,CAAC;oBACjB,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC;AAC9C,CAAC"}

package/dist/reporter-html.d.ts

@@ -0,0 +1,9 @@
+/**
+ * HTML report generator.
+ *
+ * Produces a self-contained HTML file with inline CSS.
+ * No external dependencies — single file, works offline.
+ */
+import { type ScanResult } from "./types.js";
+export declare function generateHtmlReport(result: ScanResult): string;
+//# sourceMappingURL=reporter-html.d.ts.map

package/dist/reporter-html.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reporter-html.d.ts","sourceRoot":"","sources":["../src/reporter-html.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAA0B,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAoErE,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CA0gB7D"}