coverme-scanner 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +227 -0
- package/commands/scan.md +317 -0
- package/dist/cli/index.d.ts +3 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +39 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/cli/init.d.ts +6 -0
- package/dist/cli/init.d.ts.map +1 -0
- package/dist/cli/init.js +636 -0
- package/dist/cli/init.js.map +1 -0
- package/dist/cli/scan.d.ts +11 -0
- package/dist/cli/scan.d.ts.map +1 -0
- package/dist/cli/scan.js +498 -0
- package/dist/cli/scan.js.map +1 -0
- package/dist/report/generator.d.ts +48 -0
- package/dist/report/generator.d.ts.map +1 -0
- package/dist/report/generator.js +368 -0
- package/dist/report/generator.js.map +1 -0
- package/dist/report/index.d.ts +35 -0
- package/dist/report/index.d.ts.map +1 -0
- package/dist/report/index.js +463 -0
- package/dist/report/index.js.map +1 -0
- package/dist/templates/report.html +796 -0
- package/dist/types.d.ts +94 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +3 -0
- package/dist/types.js.map +1 -0
- package/package.json +48 -0
- package/src/cli/index.ts +43 -0
- package/src/cli/init.ts +611 -0
- package/src/cli/scan.ts +483 -0
- package/src/prompts/architecture-reviewer.md +171 -0
- package/src/prompts/consensus-builder.md +247 -0
- package/src/prompts/context-discovery.md +174 -0
- package/src/prompts/cross-validator.md +224 -0
- package/src/prompts/deep-dive-expert.md +224 -0
- package/src/prompts/dependency-auditor.md +190 -0
- package/src/prompts/performance-hunter.md +200 -0
- package/src/prompts/quality-analyzer.md +150 -0
- package/src/prompts/report-generator.md +285 -0
- package/src/prompts/security-scanner.md +180 -0
- package/src/report/generator.ts +382 -0
- package/src/report/index.ts +483 -0
- package/src/templates/report.html +796 -0
- package/src/types.ts +107 -0
- package/tsconfig.json +20 -0
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
|
|
2
|
+
export type Category = 'security' | 'quality' | 'architecture' | 'dependencies' | 'performance';
|
|
3
|
+
export interface Finding {
|
|
4
|
+
id: string;
|
|
5
|
+
title: string;
|
|
6
|
+
severity: Severity;
|
|
7
|
+
category: Category;
|
|
8
|
+
description: string;
|
|
9
|
+
file?: string;
|
|
10
|
+
line?: number;
|
|
11
|
+
code?: string;
|
|
12
|
+
recommendation: string;
|
|
13
|
+
evidence?: string[];
|
|
14
|
+
cwe?: string;
|
|
15
|
+
owasp?: string;
|
|
16
|
+
}
|
|
17
|
+
export interface AgentFinding extends Finding {
|
|
18
|
+
agentId: string;
|
|
19
|
+
agentName: string;
|
|
20
|
+
rawConfidence: number;
|
|
21
|
+
}
|
|
22
|
+
export interface ValidationResult {
|
|
23
|
+
findingId: string;
|
|
24
|
+
validatorId: string;
|
|
25
|
+
verdict: 'confirmed' | 'disputed' | 'false_positive' | 'needs_review';
|
|
26
|
+
reason: string;
|
|
27
|
+
additionalEvidence?: string;
|
|
28
|
+
missedIssues?: Finding[];
|
|
29
|
+
}
|
|
30
|
+
export interface ConsensusFinding extends Finding {
|
|
31
|
+
confidence: number;
|
|
32
|
+
confirmedBy: string[];
|
|
33
|
+
disputedBy: string[];
|
|
34
|
+
validationHistory: ValidationResult[];
|
|
35
|
+
finalVerdict: 'confirmed' | 'likely' | 'uncertain' | 'rejected';
|
|
36
|
+
}
|
|
37
|
+
export interface ScanResult {
|
|
38
|
+
projectName: string;
|
|
39
|
+
scanDate: string;
|
|
40
|
+
branch?: string;
|
|
41
|
+
commit?: string;
|
|
42
|
+
filesScanned: number;
|
|
43
|
+
findings: ConsensusFinding[];
|
|
44
|
+
summary: {
|
|
45
|
+
critical: number;
|
|
46
|
+
high: number;
|
|
47
|
+
medium: number;
|
|
48
|
+
low: number;
|
|
49
|
+
info: number;
|
|
50
|
+
total: number;
|
|
51
|
+
avgConfidence: number;
|
|
52
|
+
};
|
|
53
|
+
positiveObservations: string[];
|
|
54
|
+
scanDuration: number;
|
|
55
|
+
agentsUsed: string[];
|
|
56
|
+
}
|
|
57
|
+
export interface ScanOptions {
|
|
58
|
+
path: string;
|
|
59
|
+
output?: 'json' | 'pdf' | 'md' | 'html';
|
|
60
|
+
outputPath?: string;
|
|
61
|
+
categories?: Category[];
|
|
62
|
+
minSeverity?: Severity;
|
|
63
|
+
verbose?: boolean;
|
|
64
|
+
parallel?: number;
|
|
65
|
+
}
|
|
66
|
+
export interface AgentConfig {
|
|
67
|
+
id: string;
|
|
68
|
+
name: string;
|
|
69
|
+
description: string;
|
|
70
|
+
category: Category;
|
|
71
|
+
promptFile: string;
|
|
72
|
+
timeout?: number;
|
|
73
|
+
}
|
|
74
|
+
export interface OrchestratorConfig {
|
|
75
|
+
phases: {
|
|
76
|
+
discovery: {
|
|
77
|
+
agents: AgentConfig[];
|
|
78
|
+
parallel: boolean;
|
|
79
|
+
};
|
|
80
|
+
validation: {
|
|
81
|
+
rounds: number;
|
|
82
|
+
validators: number;
|
|
83
|
+
};
|
|
84
|
+
deepDive: {
|
|
85
|
+
enabled: boolean;
|
|
86
|
+
threshold: number;
|
|
87
|
+
};
|
|
88
|
+
consensus: {
|
|
89
|
+
minConfidence: number;
|
|
90
|
+
requireMultipleConfirmations: boolean;
|
|
91
|
+
};
|
|
92
|
+
};
|
|
93
|
+
}
|
|
94
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,MAAM,QAAQ,GAChB,UAAU,GACV,SAAS,GACT,cAAc,GACd,cAAc,GACd,aAAa,CAAC;AAElB,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAa,SAAQ,OAAO;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,WAAW,GAAG,UAAU,GAAG,gBAAgB,GAAG,cAAc,CAAC;IACtE,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAiB,SAAQ,OAAO;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,iBAAiB,EAAE,gBAAgB,EAAE,CAAC;IACtC,YAAY,EAAE,WAAW,GAAG,QAAQ,GAAG,WAAW,GAAG,UAAU,CAAC;CACjE;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,IAAI,GAAG,MAAM,CAAC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,QAAQ,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE;QACN,SAAS,EAAE;YACT,MAAM,EAAE,WAAW,EAAE,CAAC;YACtB,QAAQ,EAAE,OAAO,CAAC;SACnB,CAAC;QACF,UAAU,EAAE;YACV,MAAM,EAAE,MAAM,CAAC;YACf,UAAU,EAAE,MAAM,CAAC;SACpB,CAAC;QACF,QAAQ,EAAE;YACR,OAAO,EAAE,OAAO,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;QACF,SAAS,EAAE;YACT,aAAa,EAAE,MAAM,CAAC;YACtB,4BAA4B,EAAE,OAAO,CAAC;SACvC,CAAC;KACH,CAAC;CACH"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
|
package/package.json
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "coverme-scanner",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "AI-powered code scanner with multi-agent verification for Claude Code. One command scans everything.",
|
|
5
|
+
"main": "dist/index.js",
|
|
6
|
+
"bin": {
|
|
7
|
+
"coverme": "./dist/cli/index.js",
|
|
8
|
+
"vibecode-tracker": "./dist/cli/index.js"
|
|
9
|
+
},
|
|
10
|
+
"scripts": {
|
|
11
|
+
"build": "tsc && cp -r src/templates dist/",
|
|
12
|
+
"dev": "ts-node src/cli/index.ts",
|
|
13
|
+
"test": "vitest",
|
|
14
|
+
"prepublishOnly": "npm run build"
|
|
15
|
+
},
|
|
16
|
+
"keywords": [
|
|
17
|
+
"claude-code",
|
|
18
|
+
"code-scanner",
|
|
19
|
+
"security",
|
|
20
|
+
"code-quality",
|
|
21
|
+
"ai",
|
|
22
|
+
"multi-agent"
|
|
23
|
+
],
|
|
24
|
+
"author": "",
|
|
25
|
+
"license": "MIT",
|
|
26
|
+
"repository": {
|
|
27
|
+
"type": "git",
|
|
28
|
+
"url": "https://github.com/vibecode/vibecode-tracker"
|
|
29
|
+
},
|
|
30
|
+
"engines": {
|
|
31
|
+
"node": ">=18.0.0"
|
|
32
|
+
},
|
|
33
|
+
"dependencies": {
|
|
34
|
+
"chalk": "^5.3.0",
|
|
35
|
+
"commander": "^12.1.0",
|
|
36
|
+
"ora": "^8.0.1",
|
|
37
|
+
"puppeteer": "^22.0.0",
|
|
38
|
+
"handlebars": "^4.7.8",
|
|
39
|
+
"glob": "^10.3.10",
|
|
40
|
+
"yaml": "^2.3.4"
|
|
41
|
+
},
|
|
42
|
+
"devDependencies": {
|
|
43
|
+
"@types/node": "^20.11.0",
|
|
44
|
+
"typescript": "^5.3.3",
|
|
45
|
+
"vitest": "^1.2.0",
|
|
46
|
+
"ts-node": "^10.9.2"
|
|
47
|
+
}
|
|
48
|
+
}
|
package/src/cli/index.ts
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
|
|
3
|
+
import { Command } from 'commander';
|
|
4
|
+
import { init } from './init.js';
|
|
5
|
+
import { scan } from './scan.js';
|
|
6
|
+
import { generateReport } from '../report/index.js';
|
|
7
|
+
|
|
8
|
+
const program = new Command();
|
|
9
|
+
|
|
10
|
+
program
|
|
11
|
+
.name('vibecode')
|
|
12
|
+
.description('AI-powered code scanner with multi-agent verification for Claude Code')
|
|
13
|
+
.version('1.0.0');
|
|
14
|
+
|
|
15
|
+
program
|
|
16
|
+
.command('init')
|
|
17
|
+
.description('Install vibecode slash commands into .claude/commands/')
|
|
18
|
+
.option('-g, --global', 'Install globally to ~/.claude/commands/')
|
|
19
|
+
.action(init);
|
|
20
|
+
|
|
21
|
+
program
|
|
22
|
+
.command('scan')
|
|
23
|
+
.description('Scan codebase with multi-agent AI verification')
|
|
24
|
+
.argument('[path]', 'Path to scan', '.')
|
|
25
|
+
.option('-o, --output <format>', 'Output format: json, pdf, md, html', 'pdf')
|
|
26
|
+
.option('-O, --output-path <path>', 'Output file path')
|
|
27
|
+
.option('-c, --categories <cats>', 'Categories to scan: security,quality,arch,deps,perf', 'all')
|
|
28
|
+
.option('-s, --severity <level>', 'Minimum severity: critical,high,medium,low,info', 'low')
|
|
29
|
+
.option('-v, --verbose', 'Verbose output')
|
|
30
|
+
.option('-p, --parallel <num>', 'Number of parallel agents', '5')
|
|
31
|
+
.action(scan);
|
|
32
|
+
|
|
33
|
+
program
|
|
34
|
+
.command('report')
|
|
35
|
+
.description('Generate PDF/HTML report from scan JSON')
|
|
36
|
+
.argument('<json-file>', 'Path to scan results JSON file')
|
|
37
|
+
.option('-o, --output <path>', 'Output file path')
|
|
38
|
+
.option('-f, --format <format>', 'Output format: pdf, html', 'pdf')
|
|
39
|
+
.action(async (jsonFile: string, options: { output?: string; format?: 'pdf' | 'html' }) => {
|
|
40
|
+
await generateReport(jsonFile, options.output, options.format || 'pdf');
|
|
41
|
+
});
|
|
42
|
+
|
|
43
|
+
program.parse();
|