clawsec 0.0.1

package/dist/src/detectors/purchase/url-detector.js

@@ -0,0 +1,292 @@
+/**
+ * URL Pattern Detector
+ * Detects purchase-related URL paths and API endpoints
+ */
+/**
+ * Checkout and payment paths
+ */
+const CHECKOUT_PATHS = [
+    '/checkout',
+    '/checkout/',
+    '/checkout/*',
+    '/payment',
+    '/payment/',
+    '/payments',
+    '/payments/',
+    '/pay',
+    '/pay/',
+    '/cart/checkout',
+    '/cart/confirm',
+    '/cart/payment',
+    '/secure/checkout',
+    '/secure/payment',
+    '/gp/buy',
+    '/gp/checkout',
+];
+/**
+ * Purchase and order paths
+ */
+const PURCHASE_PATHS = [
+    '/buy',
+    '/buy/',
+    '/buy/*',
+    '/purchase',
+    '/purchase/',
+    '/order',
+    '/order/',
+    '/orders',
+    '/orders/',
+    '/orders/create',
+    '/orders/submit',
+    '/confirm-order',
+    '/place-order',
+    '/complete-purchase',
+];
+/**
+ * Subscription and billing paths
+ */
+const SUBSCRIPTION_PATHS = [
+    '/subscribe',
+    '/subscribe/',
+    '/subscription',
+    '/subscription/',
+    '/subscriptions',
+    '/billing',
+    '/billing/',
+    '/billing/payment',
+    '/billing/subscribe',
+    '/upgrade',
+    '/upgrade/',
+    '/premium',
+    '/pro',
+];
+/**
+ * API endpoints for orders and payments
+ */
+const API_ENDPOINTS = [
+    '/api/orders',
+    '/api/order',
+    '/api/checkout',
+    '/api/payment',
+    '/api/payments',
+    '/api/purchase',
+    '/api/subscribe',
+    '/api/subscription',
+    '/api/billing',
+    '/api/charge',
+    '/api/transaction',
+    '/api/transactions',
+    '/api/v1/orders',
+    '/api/v1/checkout',
+    '/api/v1/payment',
+    '/api/v1/payments',
+    '/api/v2/orders',
+    '/api/v2/checkout',
+    '/api/v2/payment',
+    '/api/v2/payments',
+    '/graphql', // Often used for mutations
+];
+/**
+ * URL path keywords (for partial matching)
+ */
+const URL_KEYWORDS = [
+    'checkout',
+    'payment',
+    'purchase',
+    'billing',
+    'subscribe',
+    'order',
+    'transaction',
+    'charge',
+];
+/**
+ * Convert glob pattern to regex for URL matching
+ */
+function pathPatternToRegex(pattern) {
+    // Normalize pattern - remove trailing slash for matching
+    const normalizedPattern = pattern.endsWith('/') && pattern.length > 1
+        ? pattern.slice(0, -1)
+        : pattern;
+    // Escape special regex characters except *
+    const regex = normalizedPattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+        .replace(/\*/g, '.*');
+    // Match the pattern at the start of the path (or exact match)
+    return new RegExp(`^${regex}(?:/.*)?$`, 'i');
+}
+/**
+ * Extract path from URL
+ */
+export function extractPath(url) {
+    // If input is already a path (starts with /), return it directly
+    if (url.startsWith('/')) {
+        // Extract just the path without query string
+        const pathMatch = url.match(/^(\/[^?#]*)/);
+        return pathMatch ? pathMatch[1].toLowerCase() : url.toLowerCase();
+    }
+    try {
+        let normalizedUrl = url;
+        if (!url.includes('://')) {
+            normalizedUrl = 'https://' + url;
+        }
+        const parsed = new URL(normalizedUrl);
+        return parsed.pathname.toLowerCase();
+    }
+    catch {
+        // If URL parsing fails, try to extract path directly
+        const pathMatch = url.match(/^(?:https?:\/\/[^/]+)?(\/.*)$/i);
+        if (pathMatch) {
+            return pathMatch[1].toLowerCase();
+        }
+        return null;
+    }
+}
+/**
+ * Check if path matches a pattern
+ */
+function matchesPathPattern(path, pattern) {
+    const regex = pathPatternToRegex(pattern);
+    return regex.test(path);
+}
+/**
+ * Check URL path against known payment paths
+ */
+export function matchUrlPath(url) {
+    const path = extractPath(url);
+    if (!path) {
+        return { matched: false, confidence: 0 };
+    }
+    // Normalize path for matching (remove trailing slash for comparison)
+    const normalizedPath = path.endsWith('/') && path.length > 1
+        ? path.slice(0, -1)
+        : path;
+    // Check checkout paths (highest priority)
+    for (const pattern of CHECKOUT_PATHS) {
+        if (matchesPathPattern(normalizedPath, pattern)) {
+            return {
+                matched: true,
+                url: url,
+                pattern: pattern,
+                matchType: 'path',
+                confidence: 0.9,
+            };
+        }
+    }
+    // Check purchase paths
+    for (const pattern of PURCHASE_PATHS) {
+        if (matchesPathPattern(normalizedPath, pattern)) {
+            return {
+                matched: true,
+                url: url,
+                pattern: pattern,
+                matchType: 'path',
+                confidence: 0.85,
+            };
+        }
+    }
+    // Check subscription paths
+    for (const pattern of SUBSCRIPTION_PATHS) {
+        if (matchesPathPattern(normalizedPath, pattern)) {
+            return {
+                matched: true,
+                url: url,
+                pattern: pattern,
+                matchType: 'path',
+                confidence: 0.85,
+            };
+        }
+    }
+    // Check API endpoints
+    for (const pattern of API_ENDPOINTS) {
+        if (matchesPathPattern(normalizedPath, pattern)) {
+            return {
+                matched: true,
+                url: url,
+                pattern: pattern,
+                matchType: 'api',
+                confidence: 0.8,
+            };
+        }
+    }
+    // Check for keywords in path (lower confidence)
+    for (const keyword of URL_KEYWORDS) {
+        if (normalizedPath.includes(keyword)) {
+            return {
+                matched: true,
+                url: url,
+                pattern: keyword,
+                matchType: 'path',
+                confidence: 0.6,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * URL pattern detector class
+ */
+export class UrlDetector {
+    severity;
+    constructor(severity = 'critical') {
+        this.severity = severity;
+    }
+    /**
+     * Extract URL from tool context
+     */
+    extractUrl(context) {
+        // Direct URL in context
+        if (context.url) {
+            return context.url;
+        }
+        // Check common tool input patterns
+        const input = context.toolInput;
+        if (typeof input.url === 'string') {
+            return input.url;
+        }
+        if (typeof input.href === 'string') {
+            return input.href;
+        }
+        if (typeof input.link === 'string') {
+            return input.link;
+        }
+        if (typeof input.target === 'string' && input.target.includes('/')) {
+            return input.target;
+        }
+        // Check for path-only inputs
+        if (typeof input.path === 'string') {
+            return input.path;
+        }
+        return null;
+    }
+    detect(context) {
+        const url = this.extractUrl(context);
+        if (!url) {
+            return null;
+        }
+        const result = matchUrlPath(url);
+        if (!result.matched) {
+            return null;
+        }
+        const matchTypeDescription = result.matchType === 'api'
+            ? 'API endpoint for payments/orders'
+            : 'checkout/payment URL path';
+        return {
+            detected: true,
+            category: 'purchase',
+            severity: this.severity,
+            confidence: result.confidence,
+            reason: `Detected ${matchTypeDescription}: ${result.pattern}`,
+            metadata: {
+                url: result.url,
+                matchedPattern: result.pattern,
+            },
+        };
+    }
+}
+/**
+ * Create a URL detector with the given configuration
+ */
+export function createUrlDetector(severity = 'critical') {
+    return new UrlDetector(severity);
+}
+//# sourceMappingURL=url-detector.js.map

package/dist/src/detectors/purchase/url-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-detector.js","sourceRoot":"","sources":["../../../../src/detectors/purchase/url-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,WAAW;IACX,YAAY;IACZ,aAAa;IACb,UAAU;IACV,WAAW;IACX,WAAW;IACX,YAAY;IACZ,MAAM;IACN,OAAO;IACP,gBAAgB;IAChB,eAAe;IACf,eAAe;IACf,kBAAkB;IAClB,iBAAiB;IACjB,SAAS;IACT,cAAc;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,OAAO;IACP,QAAQ;IACR,WAAW;IACX,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,SAAS;IACT,UAAU;IACV,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,oBAAoB;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,YAAY;IACZ,aAAa;IACb,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,UAAU;IACV,WAAW;IACX,kBAAkB;IAClB,oBAAoB;IACpB,UAAU;IACV,WAAW;IACX,UAAU;IACV,MAAM;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,aAAa;IACb,YAAY;IACZ,eAAe;IACf,cAAc;IACd,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,mBAAmB;IACnB,cAAc;IACd,aAAa;IACb,kBAAkB;IAClB,mBAAmB;IACnB,gBAAgB;IAChB,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,UAAU,EAAE,2BAA2B;CACxC,CAAC;AAEF;;GAEG;AACH,MAAM,YAAY,GAAG;IACnB,UAAU;IACV,SAAS;IACT,UAAU;IACV,SAAS;IACT,WAAW;IACX,OAAO;IACP,aAAa;IACb,QAAQ;CACT,CAAC;AAEF;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,yDAAyD;IACzD,MAAM,iBAAiB,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QACnE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,OAAO,CAAC;IAEZ,2CAA2C;IAC3C,MAAM,KAAK,GAAG,iBAAiB;SAC5B,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;SACpC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAExB,8DAA8D;IAC9D,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,iEAAiE;IACjE,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,6CAA6C;QAC7C,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC;QACH,IAAI,aAAa,GAAG,GAAG,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,aAAa,GAAG,UAAU,GAAG,GAAG,CAAC;QACnC,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;QACrD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAC9D,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,IAAY,EAAE,OAAe;IACvD,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IAC3C,CAAC;IAED,qEAAqE;IACrE,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;QAC1D,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACnB,CAAC,CAAC,IAAI,CAAC;IAET,0CAA0C;IAC1C,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,MAAM;gBACjB,UAAU,EAAE,GAAG;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,MAAM;gBACjB,UAAU,EAAE,IAAI;aACjB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,MAAM;gBACjB,UAAU,EAAE,IAAI;aACjB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,KAAK;gBAChB,UAAU,EAAE,GAAG;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,IAAI,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,MAAM;gBACjB,UAAU,EAAE,GAAG;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,QAAQ,CAAW;IAE3B,YAAY,WAAqB,UAAU;QACzC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,OAAyB;QAC1C,wBAAwB;QACxB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC,GAAG,CAAC;QACrB,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC;QAEhC,IAAI,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC,GAAG,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACnE,OAAO,KAAK,CAAC,MAAM,CAAC;QACtB,CAAC;QAED,6BAA6B;QAC7B,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,OAAyB;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAEjC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,CAAC,SAAS,KAAK,KAAK;YACrD,CAAC,CAAC,kCAAkC;YACpC,CAAC,CAAC,2BAA2B,CAAC;QAEhC,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,YAAY,oBAAoB,KAAK,MAAM,CAAC,OAAO,EAAE;YAC7D,QAAQ,EAAE;gBACR,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,cAAc,EAAE,MAAM,CAAC,OAAO;aAC/B;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAqB,UAAU;IAC/D,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;AACnC,CAAC"}

package/dist/src/detectors/secrets/api-key-detector.d.ts

@@ -0,0 +1,30 @@
+/**
+ * API Key Detector
+ * Detects API keys from various providers
+ */
+import type { SecretsDetectionResult, SecretSubDetector, ApiKeyMatch } from './types.js';
+import type { Severity } from '../../config/index.js';
+/**
+ * Redact a value showing first and last few characters
+ */
+export declare function redactValue(value: string, showStart?: number, showEnd?: number): string;
+/**
+ * Match API keys in text
+ */
+export declare function matchApiKeys(text: string): ApiKeyMatch[];
+/**
+ * API Key Detector class
+ */
+export declare class ApiKeyDetector implements SecretSubDetector {
+    private severity;
+    constructor(severity: Severity);
+    /**
+     * Scan text for API keys
+     */
+    scan(text: string, location: string): SecretsDetectionResult[];
+}
+/**
+ * Create an API key detector
+ */
+export declare function createApiKeyDetector(severity: Severity): ApiKeyDetector;
+//# sourceMappingURL=api-key-detector.d.ts.map

package/dist/src/detectors/secrets/api-key-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-detector.d.ts","sourceRoot":"","sources":["../../../../src/detectors/secrets/api-key-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,sBAAsB,EACtB,iBAAiB,EACjB,WAAW,EAEZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AA0MtD;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAI,EAAE,OAAO,SAAI,GAAG,MAAM,CAM7E;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,CAgExD;AAED;;GAEG;AACH,qBAAa,cAAe,YAAW,iBAAiB;IACtD,OAAO,CAAC,QAAQ,CAAW;gBAEf,QAAQ,EAAE,QAAQ;IAI9B;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,sBAAsB,EAAE;CAiB/D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,GAAG,cAAc,CAEvE"}

package/dist/src/detectors/secrets/api-key-detector.js

@@ -0,0 +1,297 @@
+/**
+ * API Key Detector
+ * Detects API keys from various providers
+ */
+/**
+ * API key patterns for various providers
+ */
+const API_KEY_PATTERNS = [
+    // OpenAI - sk-... format (51+ chars)
+    {
+        provider: 'openai',
+        pattern: /\bsk-[A-Za-z0-9]{48,}\b/g,
+        minLength: 51,
+        confidence: 0.95,
+        description: 'OpenAI API key',
+    },
+    // Anthropic - sk-ant-... format
+    {
+        provider: 'anthropic',
+        pattern: /\bsk-ant-[A-Za-z0-9_-]{32,}\b/g,
+        confidence: 0.95,
+        description: 'Anthropic API key',
+    },
+    // AWS Access Key ID - AKIA... (20 chars)
+    {
+        provider: 'aws',
+        pattern: /\bAKIA[0-9A-Z]{16}\b/g,
+        minLength: 20,
+        maxLength: 20,
+        confidence: 0.95,
+        description: 'AWS Access Key ID',
+    },
+    // AWS Secret Access Key (40 chars base64-like)
+    {
+        provider: 'aws',
+        pattern: /\b[A-Za-z0-9/+=]{40}\b/g,
+        minLength: 40,
+        maxLength: 40,
+        confidence: 0.5, // Lower confidence without context
+        description: 'Potential AWS Secret Access Key',
+    },
+    // GitHub tokens - ghp_, gho_, ghs_, ghr_ prefixes
+    {
+        provider: 'github',
+        pattern: /\bghp_[A-Za-z0-9]{36,}\b/g,
+        confidence: 0.95,
+        description: 'GitHub Personal Access Token',
+    },
+    {
+        provider: 'github',
+        pattern: /\bgho_[A-Za-z0-9]{36,}\b/g,
+        confidence: 0.95,
+        description: 'GitHub OAuth Token',
+    },
+    {
+        provider: 'github',
+        pattern: /\bghs_[A-Za-z0-9]{36,}\b/g,
+        confidence: 0.95,
+        description: 'GitHub App Installation Token',
+    },
+    {
+        provider: 'github',
+        pattern: /\bghr_[A-Za-z0-9]{36,}\b/g,
+        confidence: 0.95,
+        description: 'GitHub Refresh Token',
+    },
+    // Stripe keys - sk_live_, sk_test_, pk_live_, pk_test_
+    {
+        provider: 'stripe',
+        pattern: /\bsk_live_[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.95,
+        description: 'Stripe Live Secret Key',
+    },
+    {
+        provider: 'stripe',
+        pattern: /\bsk_test_[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.90,
+        description: 'Stripe Test Secret Key',
+    },
+    {
+        provider: 'stripe',
+        pattern: /\bpk_live_[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.90,
+        description: 'Stripe Live Publishable Key',
+    },
+    {
+        provider: 'stripe',
+        pattern: /\bpk_test_[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.85,
+        description: 'Stripe Test Publishable Key',
+    },
+    // Slack tokens - xoxb-, xoxp-, xoxa-, xoxr-, xoxs-
+    {
+        provider: 'slack',
+        pattern: /\bxoxb-[0-9]{10,13}-[0-9]{10,13}-[A-Za-z0-9]{24}\b/g,
+        confidence: 0.95,
+        description: 'Slack Bot Token',
+    },
+    {
+        provider: 'slack',
+        pattern: /\bxoxp-[0-9]{10,13}-[0-9]{10,13}-[0-9]{10,13}-[A-Za-z0-9]{32}\b/g,
+        confidence: 0.95,
+        description: 'Slack User Token',
+    },
+    {
+        provider: 'slack',
+        pattern: /\bxoxa-[0-9]+-[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.95,
+        description: 'Slack App Token',
+    },
+    {
+        provider: 'slack',
+        pattern: /\bxoxr-[0-9]+-[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.95,
+        description: 'Slack Refresh Token',
+    },
+    {
+        provider: 'slack',
+        pattern: /\bxoxs-[0-9]+-[A-Za-z0-9]{24,}\b/g,
+        confidence: 0.95,
+        description: 'Slack Session Token',
+    },
+    // Google API key - AIza... (39 total chars)
+    {
+        provider: 'google',
+        pattern: /\bAIza[A-Za-z0-9_-]{35,}\b/g,
+        confidence: 0.90,
+        description: 'Google API Key',
+    },
+    // Generic patterns (lower confidence)
+    {
+        provider: 'generic',
+        pattern: /\bapi[_-]?key[_-]?[=:]["']?([A-Za-z0-9_-]{20,})["']?/gi,
+        confidence: 0.70,
+        description: 'Generic API Key pattern',
+    },
+];
+/**
+ * Cloud credential patterns (environment variables)
+ */
+const CLOUD_CREDENTIAL_PATTERNS = [
+    {
+        provider: 'aws',
+        pattern: /AWS_SECRET_ACCESS_KEY\s*[=:]\s*["']?([A-Za-z0-9/+=]{40})["']?/g,
+        confidence: 0.95,
+        description: 'AWS Secret Access Key in env var',
+    },
+    {
+        provider: 'aws',
+        pattern: /AWS_ACCESS_KEY_ID\s*[=:]\s*["']?(AKIA[0-9A-Z]{16})["']?/g,
+        confidence: 0.95,
+        description: 'AWS Access Key ID in env var',
+    },
+    {
+        provider: 'google',
+        pattern: /GOOGLE_APPLICATION_CREDENTIALS\s*[=:]\s*["']?([^"'\s]+)["']?/g,
+        confidence: 0.85,
+        description: 'Google Application Credentials path',
+    },
+];
+/**
+ * Private key patterns
+ */
+const PRIVATE_KEY_PATTERNS = [
+    {
+        provider: 'generic',
+        pattern: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----/g,
+        confidence: 0.99,
+        description: 'Private key (RSA)',
+    },
+    {
+        provider: 'generic',
+        pattern: /-----BEGIN\s+EC\s+PRIVATE\s+KEY-----/g,
+        confidence: 0.99,
+        description: 'Private key (EC)',
+    },
+    {
+        provider: 'generic',
+        pattern: /-----BEGIN\s+OPENSSH\s+PRIVATE\s+KEY-----/g,
+        confidence: 0.99,
+        description: 'Private key (OpenSSH)',
+    },
+    {
+        provider: 'generic',
+        pattern: /-----BEGIN\s+PGP\s+PRIVATE\s+KEY\s+BLOCK-----/g,
+        confidence: 0.99,
+        description: 'Private key (PGP)',
+    },
+];
+/**
+ * Redact a value showing first and last few characters
+ */
+export function redactValue(value, showStart = 4, showEnd = 4) {
+    if (value.length <= showStart + showEnd + 3) {
+        // Too short to redact meaningfully
+        return value.slice(0, showStart) + '***';
+    }
+    return value.slice(0, showStart) + '***' + value.slice(-showEnd);
+}
+/**
+ * Match API keys in text
+ */
+export function matchApiKeys(text) {
+    const matches = [];
+    const seen = new Set();
+    // Check standard API key patterns
+    for (const pattern of API_KEY_PATTERNS) {
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        let match;
+        while ((match = regex.exec(text)) !== null) {
+            const value = match[1] || match[0];
+            // Skip if we've already seen this value
+            if (seen.has(value))
+                continue;
+            seen.add(value);
+            // Validate length if specified
+            if (pattern.minLength && value.length < pattern.minLength)
+                continue;
+            if (pattern.maxLength && value.length > pattern.maxLength)
+                continue;
+            matches.push({
+                matched: true,
+                provider: pattern.provider,
+                value,
+                redactedValue: redactValue(value),
+                confidence: pattern.confidence,
+            });
+        }
+    }
+    // Check cloud credential patterns
+    for (const pattern of CLOUD_CREDENTIAL_PATTERNS) {
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        let match;
+        while ((match = regex.exec(text)) !== null) {
+            const value = match[1] || match[0];
+            if (seen.has(value))
+                continue;
+            seen.add(value);
+            matches.push({
+                matched: true,
+                provider: pattern.provider,
+                value,
+                redactedValue: redactValue(value),
+                confidence: pattern.confidence,
+            });
+        }
+    }
+    // Check private key patterns
+    for (const pattern of PRIVATE_KEY_PATTERNS) {
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        if (regex.test(text)) {
+            matches.push({
+                matched: true,
+                provider: pattern.provider,
+                value: pattern.description,
+                redactedValue: '[PRIVATE KEY]',
+                confidence: pattern.confidence,
+            });
+        }
+    }
+    return matches;
+}
+/**
+ * API Key Detector class
+ */
+export class ApiKeyDetector {
+    severity;
+    constructor(severity) {
+        this.severity = severity;
+    }
+    /**
+     * Scan text for API keys
+     */
+    scan(text, location) {
+        const matches = matchApiKeys(text);
+        return matches.map((match) => ({
+            detected: true,
+            category: 'secrets',
+            severity: this.severity,
+            confidence: match.confidence,
+            reason: `Detected ${match.provider} API key/credential`,
+            metadata: {
+                type: 'api-key',
+                provider: match.provider,
+                redactedValue: match.redactedValue,
+                location,
+            },
+        }));
+    }
+}
+/**
+ * Create an API key detector
+ */
+export function createApiKeyDetector(severity) {
+    return new ApiKeyDetector(severity);
+}
+//# sourceMappingURL=api-key-detector.js.map

package/dist/src/detectors/secrets/api-key-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-detector.js","sourceRoot":"","sources":["../../../../src/detectors/secrets/api-key-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAsBH;;GAEG;AACH,MAAM,gBAAgB,GAAoB;IACxC,qCAAqC;IACrC;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,0BAA0B;QACnC,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,gBAAgB;KAC9B;IACD,gCAAgC;IAChC;QACE,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,gCAAgC;QACzC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,mBAAmB;KACjC;IACD,yCAAyC;IACzC;QACE,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,mBAAmB;KACjC;IACD,+CAA+C;IAC/C;QACE,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,yBAAyB;QAClC,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,GAAG,EAAE,mCAAmC;QACpD,WAAW,EAAE,iCAAiC;KAC/C;IACD,kDAAkD;IAClD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2BAA2B;QACpC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2BAA2B;QACpC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2BAA2B;QACpC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2BAA2B;QACpC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,sBAAsB;KACpC;IACD,uDAAuD;IACvD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+BAA+B;QACxC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+BAA+B;QACxC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+BAA+B;QACxC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+BAA+B;QACxC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,6BAA6B;KAC3C;IACD,mDAAmD;IACnD;QACE,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,qDAAqD;QAC9D,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,iBAAiB;KAC/B;IACD;QACE,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,kEAAkE;QAC3E,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,kBAAkB;KAChC;IACD;QACE,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,mCAAmC;QAC5C,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,iBAAiB;KAC/B;IACD;QACE,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,mCAAmC;QAC5C,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,mCAAmC;QAC5C,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,qBAAqB;KACnC;IACD,4CAA4C;IAC5C;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,6BAA6B;QACtC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,gBAAgB;KAC9B;IACD,sCAAsC;IACtC;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,wDAAwD;QACjE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,yBAAyB;KACvC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,yBAAyB,GAAoB;IACjD;QACE,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,gEAAgE;QACzE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,kCAAkC;KAChD;IACD;QACE,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,0DAA0D;QACnE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+DAA+D;QACxE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,qCAAqC;KACnD;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAoB;IAC5C;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,6CAA6C;QACtD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,uCAAuC;QAChD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,kBAAkB;KAChC;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,4CAA4C;QACrD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,gDAAgD;QACzD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,mBAAmB;KACjC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,SAAS,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC;IACnE,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC;QAC5C,mCAAmC;QACnC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IAC3C,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,kCAAkC;IAClC,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxE,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YAEnC,wCAAwC;YACxC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEhB,+BAA+B;YAC/B,IAAI,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,SAAS;gBAAE,SAAS;YACpE,IAAI,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,SAAS;gBAAE,SAAS;YAEpE,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK;gBACL,aAAa,EAAE,WAAW,CAAC,KAAK,CAAC;gBACjC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxE,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YAEnC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEhB,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK;gBACL,aAAa,EAAE,WAAW,CAAC,KAAK,CAAC;gBACjC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxE,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,WAAW;gBAC1B,aAAa,EAAE,eAAe;gBAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,QAAQ,CAAW;IAE3B,YAAY,QAAkB;QAC5B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,IAAY,EAAE,QAAgB;QACjC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAEnC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC7B,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,SAAkB;YAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,MAAM,EAAE,YAAY,KAAK,CAAC,QAAQ,qBAAqB;YACvD,QAAQ,EAAE;gBACR,IAAI,EAAE,SAAkB;gBACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,aAAa,EAAE,KAAK,CAAC,aAAa;gBAClC,QAAQ;aACT;SACF,CAAC,CAAC,CAAC;IACN,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAkB;IACrD,OAAO,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC"}

package/dist/src/detectors/secrets/index.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Secrets Detector
+ * Main detector that combines API key, token, credential, and PII detection
+ */
+import type { SecretsDetectionContext, SecretsDetectionResult, SecretsDetector as ISecretsDetector, SecretsDetectorConfig } from './types.js';
+import type { SecretsRule } from '../../config/index.js';
+export * from './types.js';
+export { ApiKeyDetector, createApiKeyDetector, matchApiKeys, redactValue } from './api-key-detector.js';
+export { TokenDetector, createTokenDetector, matchTokens, matchJwt, matchBearerToken, matchSessionToken, matchRefreshToken, matchAccessToken, isValidJwtStructure, } from './token-detector.js';
+export { PiiDetector, createPiiDetector, matchPii, matchSsn, matchCreditCard, matchEmail, luhnCheck, isValidSsn, redactPii, } from './pii-detector.js';
+/**
+ * Main secrets detector implementation
+ */
+export declare class SecretsDetectorImpl implements ISecretsDetector {
+    private config;
+    private apiKeyDetector;
+    private tokenDetector;
+    private piiDetector;
+    constructor(config: SecretsDetectorConfig);
+    detect(context: SecretsDetectionContext): Promise<SecretsDetectionResult>;
+    /**
+     * Get all individual detection results (for detailed reporting)
+     */
+    detectAll(context: SecretsDetectionContext): Promise<SecretsDetectionResult[]>;
+    /**
+     * Get the configured action for detected secrets
+     */
+    getAction(): "block" | "confirm" | "agent-confirm" | "warn" | "log";
+    /**
+     * Check if the detector is enabled
+     */
+    isEnabled(): boolean;
+}
+/**
+ * Create a secrets detector from SecretsRule configuration
+ */
+export declare function createSecretsDetector(rule: SecretsRule): SecretsDetectorImpl;
+/**
+ * Create a secrets detector with default configuration
+ */
+export declare function createDefaultSecretsDetector(): SecretsDetectorImpl;
+export default SecretsDetectorImpl;
+//# sourceMappingURL=index.d.ts.map