cognium-ai 2.7.18 → 2.7.19

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cognium-ai",
-  "version": "2.7.18",
+  "version": "2.7.19",
   "description": "AI-powered static analysis CLI with LLM-enhanced vulnerability detection",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -41,8 +41,8 @@
     "LICENSE"
   ],
   "dependencies": {
-    "circle-ir": "^3.22.3",
-    "circle-ir-ai": "^2.7.17",
+    "circle-ir": "^3.23.3",
+    "circle-ir-ai": "2.7.19",
     "commander": "^14.0.3",
     "minimatch": "^10.2.5"
   },

package/dist/config.d.ts

@@ -1,80 +0,0 @@
-/**
- * cognium.config.json — project-level configuration
- *
- * Shared schema with cognium CLI (cognium/src/cli.ts).
- * Controls SAST pass options, pass disabling, trust pass filtering,
- * and finding suppressions.
- */
-import type { PassOptions } from 'circle-ir-ai';
-/**
- * Suppression entry to exclude specific findings.
- */
-export interface Suppression {
-    /** Pass name to suppress (e.g., 'naming-convention', 'unbounded-collection') */
-    pass: string;
-    /** File path (relative or absolute) — if omitted, applies to all files */
-    file?: string;
-    /** Specific line number — if omitted, applies to all lines in the file */
-    line?: number;
-    /** Reason for suppression (for documentation) */
-    reason?: string;
-}
-/**
- * cognium.config.json schema
- */
-export interface CogniumConfig {
-    /** Config version for future compatibility */
-    version?: string;
-    /** Glob patterns to include */
-    include?: string[];
-    /** Glob patterns to exclude */
-    exclude?: string[];
-    /** Pass-specific options (passed to circle-ir via analyze() 4th arg) */
-    passes?: {
-        [passName: string]: boolean | {
-            enabled?: boolean;
-            threshold?: number;
-            skipPatterns?: string[];
-            enforceIPrefix?: boolean;
-            [key: string]: unknown;
-        };
-    };
-    /** Trust-specific configuration */
-    trust?: {
-        /** Trust passes to skip (e.g., 'god-class', 'naming-convention') */
-        disabledPasses?: string[];
-    };
-    /** Findings to suppress */
-    suppressions?: Suppression[];
-    /** Minimum severity filter */
-    severity?: string;
-    /** Category filter */
-    categories?: string[];
-}
-/**
- * Load configuration from cognium.config.json or a custom path.
- */
-export declare function loadConfig(profilePath?: string): CogniumConfig | null;
-/**
- * Convert config passes to circle-ir PassOptions and disabledPasses.
- */
-export declare function convertConfigToPassOptions(config: CogniumConfig): {
-    passOptions: PassOptions;
-    disabledPasses: string[];
-};
-/**
- * Structural type for scan results — compatible with ScanResult in cli.ts.
- */
-export interface SuppressableResult {
-    file: string;
-    vulnerabilities: Array<{
-        type: string;
-        line?: number;
-        [key: string]: unknown;
-    }>;
-}
-/**
- * Apply suppressions to filter out findings.
- */
-export declare function applySuppressionsToResults<T extends SuppressableResult>(results: T[], suppressions: Suppression[], basePath: string): T[];
-//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAMhD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,gFAAgF;IAChF,IAAI,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,wEAAwE;IACxE,MAAM,CAAC,EAAE;QACP,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG;YAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;YACxB,cAAc,CAAC,EAAE,OAAO,CAAC;YACzB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;SACxB,CAAC;KACH,CAAC;IACF,mCAAmC;IACnC,KAAK,CAAC,EAAE;QACN,oEAAoE;QACpE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;IACF,2BAA2B;IAC3B,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAMD;;GAEG;AACH,wBAAgB,UAAU,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAcrE;AAMD;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,aAAa,GAAG;IACjE,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B,CAiDA;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,CAAC;CACjF;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,CAAC,SAAS,kBAAkB,EACrE,OAAO,EAAE,CAAC,EAAE,EACZ,YAAY,EAAE,WAAW,EAAE,EAC3B,QAAQ,EAAE,MAAM,GACf,CAAC,EAAE,CA4BL"}

package/dist/config.js

@@ -1,110 +0,0 @@
-/**
- * cognium.config.json — project-level configuration
- *
- * Shared schema with cognium CLI (cognium/src/cli.ts).
- * Controls SAST pass options, pass disabling, trust pass filtering,
- * and finding suppressions.
- */
-import { existsSync, readFileSync } from 'fs';
-import { relative } from 'path';
-// =============================================================================
-// Loader
-// =============================================================================
-/**
- * Load configuration from cognium.config.json or a custom path.
- */
-export function loadConfig(profilePath) {
-    const configPath = profilePath || 'cognium.config.json';
-    if (!existsSync(configPath)) {
-        return null;
-    }
-    try {
-        const content = readFileSync(configPath, 'utf-8');
-        return JSON.parse(content);
-    }
-    catch (err) {
-        console.error(`Warning: Failed to parse ${configPath}: ${err}`);
-        return null;
-    }
-}
-// =============================================================================
-// Converter
-// =============================================================================
-/**
- * Convert config passes to circle-ir PassOptions and disabledPasses.
- */
-export function convertConfigToPassOptions(config) {
-    const passOptions = {};
-    const disabledPasses = [];
-    if (!config.passes) {
-        return { passOptions, disabledPasses };
-    }
-    for (const [passName, passConfig] of Object.entries(config.passes)) {
-        // Boolean false = disabled
-        if (passConfig === false) {
-            disabledPasses.push(passName);
-            continue;
-        }
-        // Boolean true = enabled with defaults
-        if (passConfig === true) {
-            continue;
-        }
-        // Object config
-        if (typeof passConfig === 'object') {
-            if (passConfig.enabled === false) {
-                disabledPasses.push(passName);
-                continue;
-            }
-            // Map pass-specific options to circle-ir PassOptions
-            switch (passName) {
-                case 'dependency-fan-out':
-                    if (passConfig.threshold !== undefined) {
-                        passOptions.dependencyFanOut = { threshold: passConfig.threshold };
-                    }
-                    break;
-                case 'unbounded-collection':
-                    if (passConfig.skipPatterns !== undefined) {
-                        passOptions.unboundedCollection = { skipPatterns: passConfig.skipPatterns };
-                    }
-                    break;
-                case 'naming-convention':
-                    if (passConfig.enforceIPrefix !== undefined) {
-                        passOptions.namingConvention = { enforceIPrefix: passConfig.enforceIPrefix };
-                    }
-                    break;
-            }
-        }
-    }
-    return { passOptions, disabledPasses };
-}
-/**
- * Apply suppressions to filter out findings.
- */
-export function applySuppressionsToResults(results, suppressions, basePath) {
-    if (suppressions.length === 0)
-        return results;
-    return results.map(result => {
-        const relativeFile = relative(basePath, result.file) || result.file;
-        const filteredVulns = result.vulnerabilities.filter(vuln => {
-            for (const supp of suppressions) {
-                // Pass must match
-                if (supp.pass !== vuln.type)
-                    continue;
-                // If file specified, it must match
-                if (supp.file) {
-                    const suppFile = supp.file.replace(/^\.\//, ''); // normalize
-                    if (suppFile !== relativeFile && suppFile !== result.file)
-                        continue;
-                }
-                // If line specified, it must match
-                if (supp.line !== undefined && supp.line !== vuln.line)
-                    continue;
-                // All conditions matched — suppress this finding
-                return false;
-            }
-            return true;
-        });
-        return { ...result, vulnerabilities: filteredVulns };
-    });
-}
-//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAsDhC,gFAAgF;AAChF,SAAS;AACT,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,WAAoB;IAC7C,MAAM,UAAU,GAAG,WAAW,IAAI,qBAAqB,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAkB,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,4BAA4B,UAAU,KAAK,GAAG,EAAE,CAAC,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAAqB;IAI9D,MAAM,WAAW,GAAgB,EAAE,CAAC;IACpC,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,2BAA2B;QAC3B,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;YACzB,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,uCAAuC;QACvC,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,SAAS;QACX,CAAC;QAED,gBAAgB;QAChB,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,UAAU,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gBACjC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,qDAAqD;YACrD,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,oBAAoB;oBACvB,IAAI,UAAU,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;wBACvC,WAAW,CAAC,gBAAgB,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;oBACrE,CAAC;oBACD,MAAM;gBACR,KAAK,sBAAsB;oBACzB,IAAI,UAAU,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;wBAC1C,WAAW,CAAC,mBAAmB,GAAG,EAAE,YAAY,EAAE,UAAU,CAAC,YAAwB,EAAE,CAAC;oBAC1F,CAAC;oBACD,MAAM;gBACR,KAAK,mBAAmB;oBACtB,IAAI,UAAU,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;wBAC5C,WAAW,CAAC,gBAAgB,GAAG,EAAE,cAAc,EAAE,UAAU,CAAC,cAAyB,EAAE,CAAC;oBAC1F,CAAC;oBACD,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;AACzC,CAAC;AAcD;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAY,EACZ,YAA2B,EAC3B,QAAgB;IAEhB,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAE9C,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QAC1B,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC;QAEpE,MAAM,aAAa,GAAG,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YACzD,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,kBAAkB;gBAClB,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEtC,mCAAmC;gBACnC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY;oBAC7D,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,MAAM,CAAC,IAAI;wBAAE,SAAS;gBACtE,CAAC;gBAED,mCAAmC;gBACnC,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEjE,iDAAiD;gBACjD,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,MAAM,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/formatters.d.ts

@@ -1,22 +0,0 @@
-/**
- * Output formatters for CLI results
- */
-interface Vulnerability {
-    type: string;
-    severity: string;
-    message: string;
-    line: number;
-    cwe?: string;
-    category?: string;
-    fix?: string;
-}
-interface ScanResult {
-    file: string;
-    vulnerabilities: Vulnerability[];
-    error?: string;
-}
-export declare function formatResults(results: ScanResult[], verbose?: boolean): string;
-export declare function formatJSON(results: ScanResult[]): string;
-export declare function formatSARIF(results: ScanResult[]): string;
-export {};
-//# sourceMappingURL=formatters.d.ts.map

package/dist/formatters.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"formatters.d.ts","sourceRoot":"","sources":["../src/formatters.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA+FD,wBAAgB,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,CA+C9E;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,CA6BxD;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,CA+DzD"}

package/dist/formatters.js

@@ -1,220 +0,0 @@
-/**
- * Output formatters for CLI results
- */
-import { colors } from './utils/colors.js';
-const VULNERABILITY_HELP = {
-    sql_injection: {
-        description: 'User input is used in SQL query without sanitization',
-        fix: 'Use PreparedStatement with parameterized queries instead of string concatenation',
-    },
-    nosql_injection: {
-        description: 'User input is used in NoSQL query without sanitization',
-        fix: 'Use parameterized queries or properly escape user input before using in queries',
-    },
-    command_injection: {
-        description: 'User input is used in system command without sanitization',
-        fix: 'Avoid Runtime.exec() with user input. Use ProcessBuilder with argument arrays instead',
-    },
-    path_traversal: {
-        description: 'User input is used in file path without validation',
-        fix: 'Validate file paths against allowlist, use canonical paths, and check for ".." sequences',
-    },
-    xss: {
-        description: 'User input is rendered in HTML without proper encoding',
-        fix: 'Use HTML encoding/escaping functions before rendering user input in web pages',
-    },
-    xxe: {
-        description: 'XML parser may process external entities from untrusted input',
-        fix: 'Disable external entity processing in XML parsers',
-    },
-    deserialization: {
-        description: 'Untrusted data is deserialized which can lead to remote code execution',
-        fix: 'Avoid deserializing untrusted data. Use safe formats like JSON instead of Java serialization',
-    },
-    ldap_injection: {
-        description: 'User input is used in LDAP query without sanitization',
-        fix: 'Escape LDAP special characters or use parameterized LDAP queries',
-    },
-    xpath_injection: {
-        description: 'User input is used in XPath query without sanitization',
-        fix: 'Use parameterized XPath queries or properly escape user input',
-    },
-    ssrf: {
-        description: 'Server-Side Request Forgery: user controls URL in server-side request',
-        fix: 'Validate URLs against allowlist of domains, block internal IPs',
-    },
-    open_redirect: {
-        description: 'User input controls redirect destination which can be abused for phishing',
-        fix: 'Validate redirect URLs against allowlist or use relative paths only',
-    },
-    code_injection: {
-        description: 'User input is evaluated as code (eval, script execution, etc.)',
-        fix: 'Never execute user input as code. Use safe alternatives like JSON parsing',
-    },
-    log_injection: {
-        description: 'User input in logs can inject fake log entries or exploit log viewers',
-        fix: 'Sanitize newlines and special characters from user input before logging',
-    },
-    weak_random: {
-        description: 'Cryptographically weak random number generator used for security purposes',
-        fix: 'Use SecureRandom instead of Random for security-sensitive operations',
-    },
-    weak_hash: {
-        description: 'Weak hashing algorithm (MD5, SHA1) used for security purposes',
-        fix: 'Use SHA-256 or stronger hashing algorithms',
-    },
-    weak_crypto: {
-        description: 'Weak cryptographic algorithm or configuration',
-        fix: 'Use strong encryption algorithms (AES-256) and secure configurations',
-    },
-    insecure_cookie: {
-        description: 'Cookie without Secure or HttpOnly flags exposes it to attacks',
-        fix: 'Set Secure and HttpOnly flags on sensitive cookies',
-    },
-    trust_boundary: {
-        description: 'Data crosses trust boundary without validation',
-        fix: 'Validate and sanitize data when crossing trust boundaries',
-    },
-    external_taint_escape: {
-        description: 'External input reaches a sensitive sink without proper validation',
-        fix: 'Validate, sanitize, or escape external input before use in sensitive operations',
-    },
-};
-const SEVERITY_COLORS = {
-    critical: colors.red,
-    high: colors.red,
-    medium: colors.yellow,
-    low: colors.cyan,
-};
-const SEVERITY_ICONS = {
-    critical: '!!!',
-    high: '!!',
-    medium: '!',
-    low: 'i',
-};
-export function formatResults(results, verbose) {
-    const lines = [];
-    for (const result of results) {
-        if (result.error) {
-            lines.push(colors.red(`[ERROR] ${result.file}: ${result.error}`));
-            continue;
-        }
-        if (result.vulnerabilities.length === 0) {
-            if (verbose) {
-                lines.push(colors.green(`[OK] ${result.file}`));
-            }
-            continue;
-        }
-        lines.push(colors.bold(result.file));
-        for (const vuln of result.vulnerabilities) {
-            const colorFn = SEVERITY_COLORS[vuln.severity] || ((text) => text);
-            const icon = SEVERITY_ICONS[vuln.severity] || '?';
-            const cweTag = vuln.cwe ? ` [${vuln.cwe}]` : '';
-            const catTag = vuln.category && vuln.category !== 'security' ? ` (${vuln.category})` : '';
-            const severityUpper = vuln.severity.charAt(0).toUpperCase() + vuln.severity.slice(1);
-            lines.push(`  ${colorFn(`[${icon}]`)} ${colorFn(vuln.type)} (${severityUpper})${cweTag}${catTag}`);
-            lines.push(`      Line ${vuln.line}: ${vuln.message}`);
-            // Use finding-specific fix from circle-ir, fall back to hardcoded help
-            if (vuln.fix) {
-                lines.push(colors.cyan(`      -> Fix: ${vuln.fix}`));
-            }
-            else {
-                const help = VULNERABILITY_HELP[vuln.type];
-                if (help) {
-                    lines.push(`      ${help.description}`);
-                    lines.push(colors.cyan(`      -> Fix: ${help.fix}`));
-                }
-            }
-        }
-        lines.push('');
-    }
-    return lines.join('\n');
-}
-export function formatJSON(results) {
-    const allVulns = results.flatMap(r => r.vulnerabilities);
-    const securityCount = allVulns.filter(v => !v.category || v.category === 'security').length;
-    const byCategory = {};
-    for (const v of allVulns) {
-        const cat = v.category || 'security';
-        byCategory[cat] = (byCategory[cat] || 0) + 1;
-    }
-    const output = {
-        version: '1.0.0',
-        timestamp: new Date().toISOString(),
-        results: results.map((r) => ({
-            file: r.file,
-            vulnerabilities: r.vulnerabilities,
-            error: r.error,
-        })),
-        summary: {
-            filesScanned: results.length,
-            filesWithFindings: results.filter((r) => r.vulnerabilities.length > 0).length,
-            totalFindings: allVulns.length,
-            securityFindings: securityCount,
-            qualityFindings: allVulns.length - securityCount,
-            byCategory,
-            errors: results.filter((r) => r.error).length,
-        },
-    };
-    return JSON.stringify(output, null, 2);
-}
-export function formatSARIF(results) {
-    const ruleSet = new Map();
-    const sarifResults = [];
-    for (const result of results) {
-        for (const vuln of result.vulnerabilities) {
-            if (!ruleSet.has(vuln.type)) {
-                ruleSet.set(vuln.type, {
-                    id: vuln.type.replace(/\s+/g, '-').toLowerCase(),
-                    name: vuln.type,
-                    shortDescription: { text: vuln.type },
-                    defaultConfiguration: {
-                        level: vuln.severity === 'critical' || vuln.severity === 'high' ? 'error' : 'warning',
-                    },
-                    properties: {
-                        'security-severity': vuln.severity === 'critical' ? '9.0' :
-                            vuln.severity === 'high' ? '7.0' :
-                                vuln.severity === 'medium' ? '5.0' : '3.0',
-                    },
-                });
-            }
-            sarifResults.push({
-                ruleId: vuln.type.replace(/\s+/g, '-').toLowerCase(),
-                level: vuln.severity === 'critical' || vuln.severity === 'high' ? 'error' : 'warning',
-                message: { text: vuln.message },
-                locations: [
-                    {
-                        physicalLocation: {
-                            artifactLocation: { uri: result.file },
-                            region: { startLine: vuln.line },
-                        },
-                    },
-                ],
-                properties: {
-                    cwe: vuln.cwe,
-                    severity: vuln.severity,
-                    category: vuln.category || 'security',
-                },
-            });
-        }
-    }
-    const sarif = {
-        $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
-        version: '2.1.0',
-        runs: [
-            {
-                tool: {
-                    driver: {
-                        name: 'cognium-ai',
-                        version: '1.0.0',
-                        informationUri: 'https://cognium.dev',
-                        rules: Array.from(ruleSet.values()),
-                    },
-                },
-                results: sarifResults,
-            },
-        ],
-    };
-    return JSON.stringify(sarif, null, 2);
-}
-//# sourceMappingURL=formatters.js.map

package/dist/formatters.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"formatters.js","sourceRoot":"","sources":["../src/formatters.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAkB3C,MAAM,kBAAkB,GAAyD;IAC/E,aAAa,EAAE;QACb,WAAW,EAAE,sDAAsD;QACnE,GAAG,EAAE,kFAAkF;KACxF;IACD,eAAe,EAAE;QACf,WAAW,EAAE,wDAAwD;QACrE,GAAG,EAAE,iFAAiF;KACvF;IACD,iBAAiB,EAAE;QACjB,WAAW,EAAE,2DAA2D;QACxE,GAAG,EAAE,uFAAuF;KAC7F;IACD,cAAc,EAAE;QACd,WAAW,EAAE,oDAAoD;QACjE,GAAG,EAAE,0FAA0F;KAChG;IACD,GAAG,EAAE;QACH,WAAW,EAAE,wDAAwD;QACrE,GAAG,EAAE,+EAA+E;KACrF;IACD,GAAG,EAAE;QACH,WAAW,EAAE,+DAA+D;QAC5E,GAAG,EAAE,mDAAmD;KACzD;IACD,eAAe,EAAE;QACf,WAAW,EAAE,wEAAwE;QACrF,GAAG,EAAE,8FAA8F;KACpG;IACD,cAAc,EAAE;QACd,WAAW,EAAE,uDAAuD;QACpE,GAAG,EAAE,kEAAkE;KACxE;IACD,eAAe,EAAE;QACf,WAAW,EAAE,wDAAwD;QACrE,GAAG,EAAE,+DAA+D;KACrE;IACD,IAAI,EAAE;QACJ,WAAW,EAAE,uEAAuE;QACpF,GAAG,EAAE,gEAAgE;KACtE;IACD,aAAa,EAAE;QACb,WAAW,EAAE,2EAA2E;QACxF,GAAG,EAAE,qEAAqE;KAC3E;IACD,cAAc,EAAE;QACd,WAAW,EAAE,gEAAgE;QAC7E,GAAG,EAAE,2EAA2E;KACjF;IACD,aAAa,EAAE;QACb,WAAW,EAAE,uEAAuE;QACpF,GAAG,EAAE,yEAAyE;KAC/E;IACD,WAAW,EAAE;QACX,WAAW,EAAE,2EAA2E;QACxF,GAAG,EAAE,sEAAsE;KAC5E;IACD,SAAS,EAAE;QACT,WAAW,EAAE,+DAA+D;QAC5E,GAAG,EAAE,4CAA4C;KAClD;IACD,WAAW,EAAE;QACX,WAAW,EAAE,+CAA+C;QAC5D,GAAG,EAAE,sEAAsE;KAC5E;IACD,eAAe,EAAE;QACf,WAAW,EAAE,+DAA+D;QAC5E,GAAG,EAAE,oDAAoD;KAC1D;IACD,cAAc,EAAE;QACd,WAAW,EAAE,gDAAgD;QAC7D,GAAG,EAAE,2DAA2D;KACjE;IACD,qBAAqB,EAAE;QACrB,WAAW,EAAE,mEAAmE;QAChF,GAAG,EAAE,iFAAiF;KACvF;CACF,CAAC;AAEF,MAAM,eAAe,GAA6C;IAChE,QAAQ,EAAE,MAAM,CAAC,GAAG;IACpB,IAAI,EAAE,MAAM,CAAC,GAAG;IAChB,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC,IAAI;CACjB,CAAC;AAEF,MAAM,cAAc,GAA2B;IAC7C,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,IAAI;IACV,MAAM,EAAE,GAAG;IACX,GAAG,EAAE,GAAG;CACT,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,OAAqB,EAAE,OAAiB;IACpE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAClE,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YAClD,CAAC;YACD,SAAS;QACX,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;YAC3E,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC;YAClD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1F,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAErF,KAAK,CAAC,IAAI,CACR,KAAK,OAAO,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,aAAa,IAAI,MAAM,GAAG,MAAM,EAAE,CACvF,CAAC;YAEF,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAEvD,uEAAuE;YACvE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3C,IAAI,IAAI,EAAE,CAAC;oBACT,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;oBACxC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAqB;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC5F,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,UAAU,CAAC;QACrC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;QACH,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM;YAC7E,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,gBAAgB,EAAE,aAAa;YAC/B,eAAe,EAAE,QAAQ,CAAC,MAAM,GAAG,aAAa;YAChD,UAAU;YACV,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM;SAC9C;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAqB;IAC/C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmC,CAAC;IAC3D,MAAM,YAAY,GAA8B,EAAE,CAAC;IAEnD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;oBACrB,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE;oBAChD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,gBAAgB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;oBACrC,oBAAoB,EAAE;wBACpB,KAAK,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;qBACtF;oBACD,UAAU,EAAE;wBACV,mBAAmB,EACjB,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;4BACtC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gCAClC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;qBAC7C;iBACF,CAAC,CAAC;YACL,CAAC;YAED,YAAY,CAAC,IAAI,CAAC;gBAChB,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE;gBACpD,KAAK,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;gBACrF,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;gBAC/B,SAAS,EAAE;oBACT;wBACE,gBAAgB,EAAE;4BAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,EAAE;4BACtC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE;yBACjC;qBACF;iBACF;gBACD,UAAU,EAAE;oBACV,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,UAAU;iBACtC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,OAAO,EAAE,gGAAgG;QACzG,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,YAAY;wBAClB,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,qBAAqB;wBACrC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;qBACpC;iBACF;gBACD,OAAO,EAAE,YAAY;aACtB;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC"}

package/dist/utils/args.d.ts

@@ -1,12 +0,0 @@
-/**
- * Lightweight argument parser
- */
-export interface ParsedArgs {
-    command?: string;
-    args: string[];
-    options: Record<string, string | boolean>;
-}
-export declare function parseArgs(argv: string[]): ParsedArgs;
-export declare function showHelp(): void;
-export declare function showVersion(version: string): void;
-//# sourceMappingURL=args.d.ts.map

package/dist/utils/args.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"args.d.ts","sourceRoot":"","sources":["../../src/utils/args.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,UAAU;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC;CAC3C;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAyCpD;AAED,wBAAgB,QAAQ,IAAI,IAAI,CA6H/B;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAGjD"}

package/dist/utils/args.js

@@ -1,179 +0,0 @@
-/**
- * Lightweight argument parser
- */
-export function parseArgs(argv) {
-    const args = [];
-    const options = {};
-    let command;
-    for (let i = 0; i < argv.length; i++) {
-        const arg = argv[i];
-        if (arg.startsWith('--')) {
-            const key = arg.slice(2);
-            if (key.includes('=')) {
-                const [k, v] = key.split('=', 2);
-                options[k] = v;
-            }
-            else {
-                const nextArg = argv[i + 1];
-                if (nextArg && !nextArg.startsWith('-')) {
-                    options[key] = nextArg;
-                    i++;
-                }
-                else {
-                    options[key] = true;
-                }
-            }
-        }
-        else if (arg.startsWith('-') && arg.length === 2) {
-            const key = arg.slice(1);
-            const nextArg = argv[i + 1];
-            if (nextArg && !nextArg.startsWith('-')) {
-                options[key] = nextArg;
-                i++;
-            }
-            else {
-                options[key] = true;
-            }
-        }
-        else {
-            if (!command) {
-                command = arg;
-            }
-            else {
-                args.push(arg);
-            }
-        }
-    }
-    return { command, args, options };
-}
-export function showHelp() {
-    console.log(`
-cognium-ai - AI-powered static analysis with LLM-enhanced vulnerability detection
-
-USAGE:
-  cognium-ai <command> [options]
-
-COMMANDS:
-  scan <path>         Scan for security vulnerabilities (LLM-enhanced by default)
-  dead-code <path>    Detect dead/unreachable code
-  secrets <path>      Scan for secrets and credentials
-  health <path>       Calculate codebase health score
-  metrics <path>      Compute software metrics (CK suite, Halstead, composites)
-  skill <path>        Analyze AI skill bundle security
-  trust <path>        Run trust score analysis (27 security/supply-chain passes)
-  compare <A> <B>     Compare trust scores between two paths
-  quality <path>      Calculate quality score (5 quality passes)
-  understand <path>   Semantic understanding (functions, roles, side effects)
-  spec-diff <path>    Spec-gap analysis (code vs spec alignment)
-  cluster <path>      Component clustering and architecture analysis
-  generate-spec <file> Generate Specifica specification from code
-  init                Initialize a configuration file
-  version             Display version information
-
-SCAN OPTIONS:
-  -l, --language <lang>      Force language (bash|java|javascript|typescript|python|rust)
-  -f, --format <format>      Output format (text|json|sarif) [default: text]
-  --threads <n>              Parallel analysis threads [default: 4]
-  --severity <level>         Minimum severity to report (low|medium|high|critical)
-  --exclude-tests            Exclude test files and directories
-  --exclude-cwe <cwes>       Exclude specific CWEs (comma-separated)
-  -o, --output <file>        Write results to file
-  -q, --quiet                Suppress progress output
-  -v, --verbose              Show detailed output
-  --no-llm                   Static SAST only (no LLM enrichment)
-  --llm-discovery            Enable LLM discovery mode (deeper analysis)
-
-DEAD-CODE / SECRETS / HEALTH OPTIONS:
-  -f, --format <format>      Output format (text|json) [default: text]
-  -o, --output <file>        Write results to file
-  -q, --quiet                Suppress progress output
-
-SKILL OPTIONS:
-  -o, --output <file>        Write results to file
-
-TRUST OPTIONS:
-  -f, --format <format>      Output format (text|json|sarif|badge) [default: text]
-  -o, --output <file>        Write results to file
-  -q, --quiet                Suppress progress output
-  --disable-pass <names>     Disable specific trust passes (comma-separated)
-
-METRICS OPTIONS:
-  -f, --format <format>      Output format (text|json) [default: text]
-  -o, --output <file>        Write results to file
-  -q, --quiet                Suppress progress output
-
-UNDERSTAND / SPEC-DIFF / CLUSTER OPTIONS:
-  -f, --format <format>      Output format (text|json) [default: text]
-  -o, --output <file>        Write results to file
-  -q, --quiet                Suppress progress output
-  --spec <dir>               Spec directory for spec-diff [default: <path>/.specifica/]
-  --llm                      Enable LLM-enhanced clustering (cluster command)
-
-GENERATE-SPEC OPTIONS:
-  --spec-model <model>       LLM model for spec generation
-  --spec-overwrite           Overwrite existing spec files
-  -f, --format <format>      Output format (text|json) [default: text]
-  -o, --output <file>        Write results to file
-
-CONFIG OPTIONS:
-  --config <path>            Path to cognium.config.json [default: cognium.config.json]
-  --disable-pass <names>     Disable specific passes (comma-separated)
-
-LLM OPTIONS:
-  --llm-base-url <url>     LLM API base URL (any OpenAI-compatible endpoint)
-  --llm-api-key <key>      LLM API key (overrides LLM_API_KEY env var)
-  --llm-model <model>      LLM model name (overrides LLM_ENRICHMENT_MODEL env var)
-  --no-llm                 Static SAST only (no LLM enrichment)
-  --llm-discovery          Enable LLM discovery mode (deeper analysis)
-
-  CLI flags override environment variables. Supported providers:
-    OpenAI:        --llm-base-url https://api.openai.com/v1 --llm-model gpt-4o
-    GitHub Models: --llm-base-url https://models.github.ai/inference --llm-model openai/gpt-5
-    Azure OpenAI:  --llm-base-url https://YOUR.openai.azure.com/... --llm-model gpt-4o
-    Ollama:        --llm-base-url http://localhost:11434/v1 --llm-model llama3
-
-  Environment variables (used as defaults when flags are not set):
-    LLM_API_KEY              API key for LLM provider
-    LLM_BASE_URL             LLM API base URL [default: http://localhost:4000/v1]
-    LLM_ENRICHMENT_MODEL     Model to use [default: cognium/gpt-oss-120b]
-
-EXAMPLES:
-  cognium-ai scan src/                          # LLM-enhanced scan
-  cognium-ai scan src/ --no-llm                 # Static-only scan
-  cognium-ai scan app.java -f json -o out.json  # JSON output to file
-  cognium-ai scan . --severity high             # High+ severity only
-  cognium-ai dead-code src/                     # Find dead code
-  cognium-ai secrets .                          # Find secrets
-  cognium-ai health src/                        # Health score
-  cognium-ai skill ./my-mcp-server              # Analyze AI skill
-  cognium-ai trust .                            # Trust score report
-  cognium-ai trust . -f json -o trust.json      # Trust score as JSON
-  cognium-ai trust . -f badge -o badge.svg      # Trust badge SVG
-  cognium-ai compare ./src ./other-src           # Compare trust scores
-  cognium-ai quality src/                        # Quality score report
-  cognium-ai quality src/ -f badge -o q.svg      # Quality badge SVG
-  cognium-ai metrics src/                        # Software metrics (CK, Halstead)
-  cognium-ai metrics src/ -f json -o metrics.json
-  cognium-ai understand src/                       # Semantic understanding report
-  cognium-ai understand src/ -f json -o understand.json
-  cognium-ai spec-diff src/                        # Spec-gap analysis (needs .specifica/)
-  cognium-ai spec-diff src/ --spec ./specs         # Custom spec directory
-  cognium-ai cluster src/                          # Component clustering (static)
-  cognium-ai cluster src/ --llm                    # LLM-enhanced clustering
-  cognium-ai generate-spec App.java              # Generate spec from code
-  cognium-ai generate-spec App.java --spec-model gpt-4o
-
-  # Use OpenAI directly
-  cognium-ai scan src/ --llm-base-url https://api.openai.com/v1 --llm-api-key sk-... --llm-model gpt-4o
-
-  # Use GitHub Models (free in CI)
-  cognium-ai scan src/ --llm-base-url https://models.github.ai/inference --llm-api-key "$GITHUB_TOKEN" --llm-model openai/gpt-5
-
-For more information, visit: https://cognium.dev
-`);
-}
-export function showVersion(version) {
-    console.log(`cognium-ai v${version}`);
-    console.log(`Powered by Cognium Labs (circle-ir + circle-ir-ai)`);
-}
-//# sourceMappingURL=args.js.map

package/dist/utils/args.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"args.js","sourceRoot":"","sources":["../../src/utils/args.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,OAAO,GAAqC,EAAE,CAAC;IACrD,IAAI,OAA2B,CAAC;IAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEpB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBACjC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC5B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxC,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;oBACvB,CAAC,EAAE,CAAC;gBACN,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnD,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;gBACvB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,GAAG,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,QAAQ;IACtB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2Hb,CAAC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,EAAE,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;AACpE,CAAC"}