codegate-ai 0.1.0

package/dist/layer2-static/detectors/rule-file.d.ts

@@ -0,0 +1,7 @@
+import type { Finding } from "../../types/finding.js";
+export interface RuleFileInput {
+    filePath: string;
+    textContent: string;
+    unicodeAnalysis?: boolean;
+}
+export declare function detectRuleFileIssues(input: RuleFileInput): Finding[];

package/dist/layer2-static/detectors/rule-file.js

@@ -0,0 +1,299 @@
+import { buildFindingEvidence } from "../evidence.js";
+const DIRECT_OVERRIDE_PHRASES = [
+    "ignore previous instructions",
+    "skip permissions",
+    "bypass permissions",
+];
+const NEGATION_PATTERN = /\b(?:must not|should not|do not|don't|never)\b/iu;
+const SENSITIVE_READ_PATTERN = /\b(?:read|cat)\s+(?:~\/\.ssh(?:\/[^\s]+)?|\.env\b|~\/\.[a-z0-9._-]+(?:\/[^\s]+)*)/iu;
+const OUTBOUND_TRANSFER_PATTERN = /\b(?:upload externally|send to (?:an |a )?(?:external )?(?:webhook|endpoint|server)|curl\b|wget\b|invoke-webrequest\b|post to\b|https?:\/\/|exfiltrat(?:e|ion|ing))\b/iu;
+const SUSPICIOUS_LONG_LINE_PATTERN = /\b(?:ignore previous instructions|skip permissions|bypass permissions|upload externally|curl\b|wget\b|https?:\/\/|bash\s+-lc|sh\s+-c|powershell\b|base64\b|~\/\.ssh|\.env\b)\b/iu;
+const REMOTE_SHELL_PATTERN = /\b(?:curl|wget)\b[^\n|]{0,240}\|\s*(?:bash|sh)\b|\b(?:invoke-webrequest|iwr)\b[^\n|]{0,240}\|\s*(?:iex|invoke-expression)\b/iu;
+const HTML_COMMENT_PATTERN = /<!--([\s\S]*?)-->/gu;
+const COMMENT_PAYLOAD_PATTERN = /\b(?:secret instructions|ignore previous instructions|curl\b|wget\b|invoke-webrequest\b|bash\b|powershell\b|session share\b|profile sync\b)\b/iu;
+const COOKIE_EXPORT_PATTERN = /\bcookies?\s+(?:export|import|get)\b/iu;
+const SESSION_SHARE_PATTERN = /\bsession\s+share\b|\blive url\b/iu;
+const PROFILE_SYNC_PATTERN = /\bprofile\s+sync\b|\breal chrome\b|\blogin sessions\b|\bsession tokens?\b|--profile\b/iu;
+const BOOTSTRAP_INSTALL_PATTERN = /\b(?:npm|pnpm|yarn|bun)\s+install\s+-g\b|\bbrew\s+install\b|\bpipx\s+install\b|\bgo\s+install\b|\b(?:npx|pnpx|uvx)\b[^\n`]{0,160}@latest\b/iu;
+const AGENT_CONTROL_POINT_PATTERN = /\.claude\/hooks\/|\.claude\/settings\.json|\.claude\/agents\/|\bclaude\.md\b|\bagents\.md\b|\bmcp configuration\b/iu;
+const RESTART_LOAD_PATTERN = /\brestart\b.*\b(?:load|take effect|activate|reload|work)\b|\bonly load after restart\b|\bafter restarting\b/iu;
+function makeFinding(filePath, field, ruleId, description, evidence, severity = "HIGH", narrative = {}) {
+    const location = { field };
+    if (typeof evidence?.line === "number") {
+        location.line = evidence.line;
+    }
+    if (typeof evidence?.column === "number") {
+        location.column = evidence.column;
+    }
+    return {
+        rule_id: ruleId,
+        finding_id: `RULE_INJECTION-${filePath}-${field}`,
+        severity,
+        category: "RULE_INJECTION",
+        layer: "L2",
+        file_path: filePath,
+        location,
+        description,
+        affected_tools: [
+            "claude-code",
+            "codex-cli",
+            "opencode",
+            "cursor",
+            "windsurf",
+            "github-copilot",
+        ],
+        cve: null,
+        owasp: ["ASI01"],
+        cwe: "CWE-116",
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: ["strip_unicode", "remove_block", "quarantine_file"],
+        evidence: evidence?.evidence ?? null,
+        observed: narrative.observed ?? null,
+        inference: narrative.inference ?? null,
+        not_verified: narrative.notVerified ?? null,
+        incident_id: narrative.incidentId ?? null,
+        incident_title: narrative.incidentTitle ?? null,
+        incident_primary: narrative.incidentPrimary ?? null,
+        suppressed: false,
+    };
+}
+function buildLineEvidence(line, lineNumber, column) {
+    return {
+        evidence: `line ${lineNumber}\n${lineNumber} | ${line}`,
+        line: lineNumber,
+        column,
+    };
+}
+function buildMultilineEvidence(lines, lineNumbers) {
+    const uniqueLines = Array.from(new Set(lineNumbers)).sort((left, right) => left - right);
+    const snippets = uniqueLines.map((lineNumber) => `${lineNumber} | ${lines[lineNumber - 1] ?? ""}`);
+    return {
+        evidence: `lines ${uniqueLines.join(", ")}\n${snippets.join("\n")}`,
+        line: uniqueLines[0] ?? 1,
+        column: 1,
+    };
+}
+function hasNearbyNegation(line, matchIndex) {
+    const prefix = line.slice(Math.max(0, matchIndex - 24), matchIndex);
+    return NEGATION_PATTERN.test(prefix);
+}
+function detectSuspiciousInstruction(lines) {
+    for (let index = 0; index < lines.length; index += 1) {
+        const line = lines[index] ?? "";
+        const lower = line.toLowerCase();
+        for (const phrase of DIRECT_OVERRIDE_PHRASES) {
+            const matchIndex = lower.indexOf(phrase);
+            if (matchIndex < 0 || hasNearbyNegation(lower, matchIndex)) {
+                continue;
+            }
+            return {
+                phrase,
+                evidence: buildLineEvidence(line, index + 1, matchIndex + 1),
+            };
+        }
+        const sensitiveReadMatch = line.match(SENSITIVE_READ_PATTERN);
+        const outboundMatch = line.match(OUTBOUND_TRANSFER_PATTERN);
+        if (!sensitiveReadMatch || !outboundMatch) {
+            continue;
+        }
+        const outboundIndex = outboundMatch.index ?? line.length;
+        if (hasNearbyNegation(lower, outboundIndex)) {
+            continue;
+        }
+        const phrase = outboundMatch[0].toLowerCase();
+        return {
+            phrase,
+            evidence: buildLineEvidence(line, index + 1, outboundIndex + 1),
+        };
+    }
+    return null;
+}
+function detectRemoteShell(lines) {
+    for (let index = 0; index < lines.length; index += 1) {
+        const line = lines[index] ?? "";
+        const match = line.match(REMOTE_SHELL_PATTERN);
+        if (!match) {
+            continue;
+        }
+        const matchIndex = match.index ?? 0;
+        if (hasNearbyNegation(line.toLowerCase(), matchIndex)) {
+            continue;
+        }
+        return buildLineEvidence(line, index + 1, matchIndex + 1);
+    }
+    return null;
+}
+function shellLabelFromEvidence(evidence) {
+    const raw = evidence?.evidence?.toLowerCase() ?? "";
+    if (raw.includes("| bash")) {
+        return "bash";
+    }
+    if (raw.includes("| sh")) {
+        return "sh";
+    }
+    if (raw.includes("| iex") || raw.includes("| invoke-expression")) {
+        return "PowerShell";
+    }
+    return "a shell";
+}
+function detectHiddenCommentPayload(input, lines) {
+    HTML_COMMENT_PATTERN.lastIndex = 0;
+    let match = HTML_COMMENT_PATTERN.exec(input.textContent);
+    while (match) {
+        const commentBody = match[1] ?? "";
+        if (!COMMENT_PAYLOAD_PATTERN.test(commentBody)) {
+            match = HTML_COMMENT_PATTERN.exec(input.textContent);
+            continue;
+        }
+        const startLine = input.textContent.slice(0, match.index ?? 0).split(/\r?\n/u).length;
+        const endLine = startLine + match[0].split(/\r?\n/u).length - 1;
+        const lineNumbers = Array.from({ length: endLine - startLine + 1 }, (_, index) => startLine + index);
+        return buildMultilineEvidence(lines, lineNumbers);
+    }
+    return null;
+}
+function detectSessionTransfer(lines) {
+    const matchedLines = [];
+    const categories = new Set();
+    for (let index = 0; index < lines.length; index += 1) {
+        const line = lines[index] ?? "";
+        const lower = line.toLowerCase();
+        if (NEGATION_PATTERN.test(lower)) {
+            continue;
+        }
+        let matched = false;
+        if (COOKIE_EXPORT_PATTERN.test(line)) {
+            categories.add("cookies");
+            matched = true;
+        }
+        if (SESSION_SHARE_PATTERN.test(line)) {
+            categories.add("session_share");
+            matched = true;
+        }
+        if (PROFILE_SYNC_PATTERN.test(line)) {
+            categories.add("profile");
+            matched = true;
+        }
+        if (matched) {
+            matchedLines.push(index + 1);
+        }
+    }
+    if (categories.size < 2 || matchedLines.length < 2) {
+        return null;
+    }
+    return buildMultilineEvidence(lines, matchedLines.slice(0, 4));
+}
+function detectBootstrapControlPoints(lines) {
+    const installLines = [];
+    const controlPointLines = [];
+    const restartLines = [];
+    for (let index = 0; index < lines.length; index += 1) {
+        const line = lines[index] ?? "";
+        const lineNumber = index + 1;
+        if (BOOTSTRAP_INSTALL_PATTERN.test(line)) {
+            installLines.push(lineNumber);
+        }
+        if (AGENT_CONTROL_POINT_PATTERN.test(line)) {
+            controlPointLines.push(lineNumber);
+        }
+        if (RESTART_LOAD_PATTERN.test(line)) {
+            restartLines.push(lineNumber);
+        }
+    }
+    if (installLines.length === 0 || controlPointLines.length === 0 || restartLines.length === 0) {
+        return null;
+    }
+    return buildMultilineEvidence(lines, [
+        ...installLines.slice(0, 2),
+        ...controlPointLines.slice(0, 2),
+        restartLines[0],
+    ]);
+}
+export function detectRuleFileIssues(input) {
+    const findings = [];
+    const hiddenUnicodeRegex = /(?:\u200B|\u200C|\u200D|\u2060|\uFEFF|[\u202A-\u202E])/u;
+    const hiddenRemoteShellIncident = {
+        incidentId: "hidden-remote-shell-payload",
+        incidentTitle: "Hidden remote shell payload in skill file",
+    };
+    const hiddenMatch = input.unicodeAnalysis === false ? null : input.textContent.match(hiddenUnicodeRegex);
+    if (hiddenMatch?.[0]) {
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            searchTerms: [hiddenMatch[0]],
+            fallbackValue: "hidden Unicode character detected",
+        });
+        findings.push(makeFinding(input.filePath, "hidden_unicode", "rule-file-hidden-unicode", "Rule file contains hidden Unicode characters", evidence));
+    }
+    const lines = input.textContent.split(/\r?\n/u);
+    const hiddenCommentPayload = detectHiddenCommentPayload(input, lines);
+    if (hiddenCommentPayload) {
+        findings.push(makeFinding(input.filePath, "hidden_comment_payload", "rule-file-hidden-comment-payload", "Rule file contains a hidden comment payload with executable or override instructions", hiddenCommentPayload, "CRITICAL", {
+            ...hiddenRemoteShellIncident,
+            incidentPrimary: true,
+            observed: [
+                "A hidden HTML comment block contains agent-directed instructions.",
+                "The hidden block includes a secret instruction directive aimed at the agent.",
+            ],
+            inference: "The skill conceals instructions from the human reader while attempting to steer agent behavior.",
+            notVerified: [
+                "CodeGate did not execute any instruction from the hidden block.",
+                "CodeGate did not fetch or inspect any referenced remote content.",
+            ],
+        }));
+    }
+    const suspiciousInstruction = detectSuspiciousInstruction(lines);
+    if (suspiciousInstruction) {
+        findings.push(makeFinding(input.filePath, "suspicious_instruction", "rule-file-suspicious-instruction", `Rule file contains suspicious instruction pattern: ${suspiciousInstruction.phrase}`, suspiciousInstruction.evidence));
+    }
+    const remoteShell = detectRemoteShell(lines);
+    if (remoteShell) {
+        const remoteShellNarrative = {
+            observed: [
+                "The file instructs the agent to download remote content with curl.",
+                `The downloaded content is piped directly into ${shellLabelFromEvidence(remoteShell)}.`,
+            ],
+            inference: "Following this instruction would execute remote code supplied by the referenced URL.",
+            notVerified: [
+                "CodeGate did not fetch the referenced URL.",
+                "CodeGate did not execute the piped shell command.",
+            ],
+            ...(hiddenCommentPayload ? hiddenRemoteShellIncident : {}),
+        };
+        findings.push(makeFinding(input.filePath, "remote_shell", "rule-file-remote-shell", "Rule file instructs fetching remote content and piping it into a shell", remoteShell, "CRITICAL", remoteShellNarrative));
+    }
+    const sessionTransfer = detectSessionTransfer(lines);
+    if (sessionTransfer) {
+        findings.push(makeFinding(input.filePath, "session_transfer", "rule-file-session-transfer", "Rule file describes transferring authenticated browser cookies, profiles, or shared sessions", sessionTransfer, "HIGH"));
+    }
+    const bootstrapControlPoints = detectBootstrapControlPoints(lines);
+    if (bootstrapControlPoints) {
+        findings.push(makeFinding(input.filePath, "bootstrap_control_points", "rule-file-bootstrap-control-points", "Rule file bootstraps persistent agent hooks or settings and requires restart to activate them", bootstrapControlPoints, "HIGH", {
+            incidentId: "bootstrap-control-points",
+            incidentTitle: "Persistent agent bootstrap via hooks and settings",
+            incidentPrimary: true,
+            observed: [
+                "The file instructs installing or bootstrapping tooling with global or latest-version commands.",
+                "The bootstrap flow writes persistent agent control points such as hooks, settings, or agent instructions.",
+                "The file states that a restart is required for the new control points to take effect.",
+            ],
+            inference: "Following this skill would create persistent agent behavior changes that survive the current task and expand future execution control.",
+            notVerified: [
+                "CodeGate did not run the bootstrap or installer commands.",
+                "CodeGate did not modify any local hooks, settings, or agent instruction files.",
+            ],
+        }));
+    }
+    const longLineIndex = lines.findIndex((line) => line.length > 300 && SUSPICIOUS_LONG_LINE_PATTERN.test(line) && !NEGATION_PATTERN.test(line));
+    if (longLineIndex >= 0) {
+        const lineNumber = longLineIndex + 1;
+        const evidence = {
+            evidence: `line ${lineNumber}\n${lineNumber} | ${lines[longLineIndex]}`,
+            line: lineNumber,
+            column: 1,
+        };
+        findings.push(makeFinding(input.filePath, "long_line", "rule-file-long-line", "Rule file contains unusually long lines that may hide payloads", evidence));
+    }
+    return findings;
+}

package/dist/layer2-static/detectors/symlink.d.ts

@@ -0,0 +1,9 @@
+import type { Finding } from "../../types/finding.js";
+export interface SymlinkEscapeEntry {
+    path: string;
+    target: string;
+}
+export interface SymlinkInput {
+    symlinkEscapes: SymlinkEscapeEntry[];
+}
+export declare function detectSymlinkEscapes(input: SymlinkInput): Finding[];

package/dist/layer2-static/detectors/symlink.js

@@ -0,0 +1,45 @@
+function makeFinding(path, target, severity) {
+    return {
+        rule_id: "symlink-escape",
+        finding_id: `SYMLINK_ESCAPE-${path}`,
+        severity,
+        category: "SYMLINK_ESCAPE",
+        layer: "L2",
+        file_path: path,
+        location: { field: "symlink_target" },
+        description: `Symlink resolves outside project root: ${target}`,
+        affected_tools: [
+            "claude-code",
+            "codex-cli",
+            "opencode",
+            "cursor",
+            "windsurf",
+            "github-copilot",
+        ],
+        cve: null,
+        owasp: ["ASI06"],
+        cwe: "CWE-59",
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: ["remove_symlink", "quarantine_file"],
+        suppressed: false,
+    };
+}
+export function detectSymlinkEscapes(input) {
+    const sensitiveIndicators = [
+        "/.ssh/",
+        "/.aws/",
+        "/.kube/",
+        "/.docker/",
+        "/.npmrc",
+        "/.git-credentials",
+        "/etc/passwd",
+        "/etc/shadow",
+    ];
+    return input.symlinkEscapes.map((entry) => {
+        const severity = sensitiveIndicators.some((token) => entry.target.includes(token))
+            ? "HIGH"
+            : "MEDIUM";
+        return makeFinding(entry.path, entry.target, severity);
+    });
+}

package/dist/layer2-static/engine.d.ts

@@ -0,0 +1,28 @@
+import { type GitHookEntry } from "./detectors/git-hooks.js";
+import { type SymlinkEscapeEntry } from "./detectors/symlink.js";
+import type { Finding } from "../types/finding.js";
+import type { DiscoveryFormat } from "../types/discovery.js";
+export interface StaticFileInput {
+    filePath: string;
+    format: DiscoveryFormat;
+    parsed: unknown;
+    textContent: string;
+}
+export interface StaticEngineConfig {
+    knownSafeMcpServers: string[];
+    knownSafeFormatters: string[];
+    knownSafeLspServers: string[];
+    knownSafeHooks: string[];
+    blockedCommands: string[];
+    trustedApiDomains: string[];
+    unicodeAnalysis: boolean;
+    checkIdeSettings: boolean;
+}
+export interface StaticEngineInput {
+    projectRoot: string;
+    files: StaticFileInput[];
+    symlinkEscapes: SymlinkEscapeEntry[];
+    hooks: GitHookEntry[];
+    config: StaticEngineConfig;
+}
+export declare function runStaticEngine(input: StaticEngineInput): Finding[];

package/dist/layer2-static/engine.js

@@ -0,0 +1,83 @@
+import { detectCommandExecution } from "./detectors/command-exec.js";
+import { detectConsentBypass } from "./detectors/consent-bypass.js";
+import { detectEnvOverrides } from "./detectors/env-override.js";
+import { detectGitHookIssues } from "./detectors/git-hooks.js";
+import { detectIdeSettingsIssues } from "./detectors/ide-settings.js";
+import { detectPluginManifestIssues } from "./detectors/plugin-manifest.js";
+import { detectRuleFileIssues } from "./detectors/rule-file.js";
+import { detectSymlinkEscapes } from "./detectors/symlink.js";
+function dedupeFindings(findings) {
+    const deduped = new Map();
+    for (const finding of findings) {
+        const key = `${finding.category}:${finding.rule_id}:${finding.description}`;
+        const existing = deduped.get(key);
+        if (!existing) {
+            deduped.set(key, {
+                ...finding,
+                affected_locations: [{ file_path: finding.file_path, location: finding.location }],
+            });
+            continue;
+        }
+        const nextLocation = { file_path: finding.file_path, location: finding.location };
+        const locations = existing.affected_locations ?? [];
+        const alreadyIncluded = locations.some((location) => location.file_path === nextLocation.file_path &&
+            location.location?.field === nextLocation.location?.field &&
+            location.location?.line === nextLocation.location?.line);
+        if (!alreadyIncluded) {
+            locations.push(nextLocation);
+        }
+        existing.affected_locations = locations;
+    }
+    return Array.from(deduped.values());
+}
+export function runStaticEngine(input) {
+    const findings = [];
+    for (const file of input.files) {
+        findings.push(...detectEnvOverrides({
+            filePath: file.filePath,
+            parsed: file.parsed,
+            textContent: file.textContent,
+            trustedApiDomains: input.config.trustedApiDomains,
+        }));
+        findings.push(...detectConsentBypass({
+            filePath: file.filePath,
+            parsed: file.parsed,
+            textContent: file.textContent,
+            trustedApiDomains: input.config.trustedApiDomains,
+        }));
+        findings.push(...detectCommandExecution({
+            filePath: file.filePath,
+            parsed: file.parsed,
+            textContent: file.textContent,
+            knownSafeMcpServers: input.config.knownSafeMcpServers,
+            knownSafeFormatters: input.config.knownSafeFormatters,
+            knownSafeLspServers: input.config.knownSafeLspServers,
+            blockedCommands: input.config.blockedCommands,
+        }));
+        if (input.config.checkIdeSettings) {
+            findings.push(...detectIdeSettingsIssues({
+                filePath: file.filePath,
+                parsed: file.parsed,
+                textContent: file.textContent,
+                projectRoot: input.projectRoot,
+            }));
+        }
+        findings.push(...detectPluginManifestIssues({
+            filePath: file.filePath,
+            parsed: file.parsed,
+            textContent: file.textContent,
+            trustedApiDomains: input.config.trustedApiDomains,
+            blockedCommands: input.config.blockedCommands,
+        }));
+        if (file.format === "text" || file.format === "markdown") {
+            findings.push(...detectRuleFileIssues({
+                filePath: file.filePath,
+                textContent: file.textContent,
+                unicodeAnalysis: input.config.unicodeAnalysis,
+            }));
+        }
+    }
+    findings.push(...detectSymlinkEscapes({ symlinkEscapes: input.symlinkEscapes }));
+    findings.push(...detectGitHookIssues({ hooks: input.hooks, knownSafeHooks: input.config.knownSafeHooks }));
+    return dedupeFindings(findings);
+}

package/dist/layer2-static/evidence.d.ts

@@ -0,0 +1,12 @@
+export interface FindingEvidence {
+    evidence: string;
+    line?: number;
+    column?: number;
+}
+export interface BuildFindingEvidenceInput {
+    textContent: string;
+    jsonPaths?: string[];
+    searchTerms?: string[];
+    fallbackValue?: string;
+}
+export declare function buildFindingEvidence(input: BuildFindingEvidenceInput): FindingEvidence | null;

package/dist/layer2-static/evidence.js

@@ -0,0 +1,128 @@
+import { findNodeAtLocation, parseTree } from "jsonc-parser";
+function toLineStarts(textContent) {
+    const starts = [0];
+    for (let index = 0; index < textContent.length; index += 1) {
+        if (textContent.charCodeAt(index) === 10) {
+            starts.push(index + 1);
+        }
+    }
+    return starts;
+}
+function offsetToLineAndColumn(lineStarts, offset) {
+    if (lineStarts.length === 0) {
+        return { line: 1, column: 1 };
+    }
+    let low = 0;
+    let high = lineStarts.length - 1;
+    let lineIndex = 0;
+    while (low <= high) {
+        const mid = Math.floor((low + high) / 2);
+        if (lineStarts[mid] <= offset) {
+            lineIndex = mid;
+            low = mid + 1;
+        }
+        else {
+            high = mid - 1;
+        }
+    }
+    return {
+        line: lineIndex + 1,
+        column: offset - lineStarts[lineIndex] + 1,
+    };
+}
+function formatLineBlock(textContent, startLine, endLine, startColumn) {
+    const lines = textContent.split(/\r?\n/u);
+    const snippetLines = lines.slice(startLine - 1, endLine);
+    const numberedLines = snippetLines.map((line, index) => `${startLine + index} | ${line}`);
+    const header = startLine === endLine ? `line ${startLine}` : `lines ${startLine}-${endLine}`;
+    return {
+        evidence: [header, ...numberedLines].join("\n"),
+        line: startLine,
+        column: startColumn,
+    };
+}
+function splitJsonPath(path) {
+    return path
+        .split(".")
+        .map((segment) => segment.trim())
+        .filter((segment) => segment.length > 0)
+        .map((segment) => {
+        if (/^[0-9]+$/u.test(segment)) {
+            return Number(segment);
+        }
+        return segment;
+    });
+}
+function normalizeSnippetNode(node) {
+    if (node.parent?.type === "property") {
+        return node.parent;
+    }
+    return node;
+}
+function extractEvidenceFromJsonPath(textContent, path) {
+    if (path.length === 0) {
+        return null;
+    }
+    const root = parseTree(textContent);
+    if (!root) {
+        return null;
+    }
+    const node = findNodeAtLocation(root, splitJsonPath(path));
+    if (!node) {
+        return null;
+    }
+    const snippetNode = normalizeSnippetNode(node);
+    const startOffset = snippetNode.offset;
+    const endOffset = snippetNode.offset + snippetNode.length;
+    const lineStarts = toLineStarts(textContent);
+    const start = offsetToLineAndColumn(lineStarts, startOffset);
+    const end = offsetToLineAndColumn(lineStarts, Math.max(startOffset, endOffset - 1));
+    return formatLineBlock(textContent, start.line, end.line, start.column);
+}
+function extractEvidenceFromSearchTerm(textContent, term) {
+    if (term.length === 0) {
+        return null;
+    }
+    const offset = textContent.indexOf(term);
+    if (offset < 0) {
+        return null;
+    }
+    const lineStarts = toLineStarts(textContent);
+    const position = offsetToLineAndColumn(lineStarts, offset);
+    return formatLineBlock(textContent, position.line, position.line, position.column);
+}
+function uniqueValues(values) {
+    const seen = new Set();
+    const unique = [];
+    for (const value of values) {
+        const normalized = value.trim();
+        if (normalized.length === 0 || seen.has(normalized)) {
+            continue;
+        }
+        seen.add(normalized);
+        unique.push(normalized);
+    }
+    return unique;
+}
+export function buildFindingEvidence(input) {
+    if (input.textContent.length > 0) {
+        const jsonPaths = uniqueValues(input.jsonPaths ?? []);
+        for (const path of jsonPaths) {
+            const extracted = extractEvidenceFromJsonPath(input.textContent, path);
+            if (extracted) {
+                return extracted;
+            }
+        }
+        const searchTerms = uniqueValues(input.searchTerms ?? []);
+        for (const term of searchTerms) {
+            const extracted = extractEvidenceFromSearchTerm(input.textContent, term);
+            if (extracted) {
+                return extracted;
+            }
+        }
+    }
+    if (input.fallbackValue && input.fallbackValue.length > 0) {
+        return { evidence: input.fallbackValue };
+    }
+    return null;
+}

package/dist/layer2-static/rule-engine.d.ts

@@ -0,0 +1,24 @@
+export type RuleQueryType = "json_path" | "toml_path" | "env_key" | "text_pattern";
+export type RuleCondition = "equals_true" | "equals_false" | "exists" | "not_empty" | "matches_regex" | "not_in_allowlist" | "regex_match" | "contains" | "line_length_exceeds";
+export interface DetectionRule {
+    id: string;
+    severity: string;
+    category: string;
+    description: string;
+    tool: string;
+    file_pattern: string;
+    query_type: RuleQueryType;
+    query: string;
+    condition: RuleCondition;
+    cve?: string;
+    owasp: string[];
+    cwe: string;
+}
+export interface RuleEvaluationInput {
+    filePath: string;
+    format: string;
+    parsed: unknown;
+    textContent: string;
+}
+export declare function evaluateRule(rule: DetectionRule, input: RuleEvaluationInput): boolean;
+export declare function loadRulePacks(baseDir?: string): DetectionRule[];