coverme-scanner 1.7.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/prompts/coverme-command.md +104 -10
  2. package/package.json +1 -1
package/dist/prompts/coverme-command.md CHANGED
@@ -181,8 +181,43 @@ Return ONLY: "done" or "skipped"
181
181
 
182
182
  ### Agent 20: EXEC - Executive Summary
183
183
  ```
184
- After scanning, generate executive summary with top risks and positives.
185
- Write to .coverme/agents/EXEC.json
184
+ Generate a comprehensive executive summary:
185
+
186
+ 1. Analyze the project:
187
+ - Read package.json for stack info
188
+ - Run `ls -d */ | grep -v node_modules` for key components
189
+ - Determine architecture type (Monolith/Microservices/Serverless)
190
+
191
+ 2. Calculate risk level:
192
+ - CRITICAL: Any critical findings
193
+ - HIGH: No critical but has high findings
194
+ - MEDIUM: Only medium/low findings
195
+ - LOW: Few or no findings
196
+
197
+ 3. Write professional summary:
198
+ - headline: "X Critical + Y High findings - brief assessment"
199
+ - overview: 2-3 sentences for leadership (architecture + posture + main risks)
200
+ - topRisks: Top 3-5 specific risks with technical detail
201
+ - topPriorities: Top 3-5 things to fix with finding IDs
202
+
203
+ Write to .coverme/agents/EXEC.json:
204
+ {
205
+ "projectOverview": {
206
+ "name": "...",
207
+ "type": "Web Application|API|CLI|Library",
208
+ "stack": ["Node.js", "TypeScript", ...],
209
+ "purpose": "What this project does",
210
+ "architecture": "Monolith|Microservices|Serverless",
211
+ "keyComponents": ["backend/", "frontend/", ...]
212
+ },
213
+ "executiveSummary": {
214
+ "headline": "...",
215
+ "riskLevel": "CRITICAL|HIGH|MEDIUM|LOW",
216
+ "overview": "...",
217
+ "topRisks": ["...", "...", "..."],
218
+ "topPriorities": ["...", "...", "..."]
219
+ }
220
+ }
186
221
  Return ONLY: "done"
187
222
  ```
188
223
 
@@ -220,19 +255,78 @@ ls -la .coverme/agents/
220
255
 
221
256
  Use the Read tool to read each `.coverme/agents/*.json` file.
222
257
 
223
- Merge all findings into `.coverme/scan.json`:
258
+ **ALSO**: Analyze the project structure to gather:
259
+ - Run `ls -d */ 2>/dev/null | grep -v node_modules | grep -v dist | grep -v .git` to get key components
260
+ - Read `package.json` to get the tech stack
261
+ - Count the actual scan duration
262
+
263
+ Merge all findings into `.coverme/scan.json` with this **COMPLETE** structure:
224
264
  ```json
225
265
  {
226
- "projectName": "...",
227
- "scanDate": "...",
228
- "filesScanned": N,
229
- "linesOfCode": N,
230
- "findings": [...all from agent files...],
231
- "positiveObservations": [...from POSITIVE.json...],
232
- "summary": {"critical":N,"high":N,"medium":N,"low":N}
266
+ "projectName": "project-name",
267
+ "scanDate": "2026-02-18T12:00:00Z",
268
+ "filesScanned": 1234,
269
+ "linesOfCode": 56789,
270
+ "scanDuration": "5m 30s",
271
+ "agentsUsed": ["SEC", "AUTH", "API", "INFRA", "DATA", "AI", "PERF", "BIZ", "QUAL", "TEST", "REDIS", "RESIL", "PII", "DEAD", "DB", "ARCH", "DESIGN", "CTX", "ENC", "EXEC", "DUP", "POSITIVE"],
272
+
273
+ "projectOverview": {
274
+ "name": "project-name",
275
+ "type": "Web Application",
276
+ "stack": ["Node.js", "TypeScript", "React", "PostgreSQL"],
277
+ "purpose": "Brief 1-2 sentence description of what this project does",
278
+ "architecture": "Monolith | Microservices | Serverless",
279
+ "keyComponents": ["backend/", "frontend/", "services/", "chart/"]
280
+ },
281
+
282
+ "executiveSummary": {
283
+ "headline": "X Critical + Y High findings require attention",
284
+ "riskLevel": "CRITICAL | HIGH | MEDIUM | LOW",
285
+ "overview": "A 2-3 sentence executive summary of the security posture. Example: 'This is a Node.js/React application with strong authentication patterns. The main risks are hardcoded secrets in Helm values and missing test coverage. No critical vulnerabilities in application code.'",
286
+ "topRisks": [
287
+ "Risk 1 with specific technical detail",
288
+ "Risk 2 with specific technical detail",
289
+ "Risk 3 with specific technical detail"
290
+ ],
291
+ "topPriorities": [
292
+ "Priority 1: What to fix first (FINDING-ID)",
293
+ "Priority 2: What to fix second (FINDING-ID)",
294
+ "Priority 3: What to fix third (FINDING-ID)"
295
+ ]
296
+ },
297
+
298
+ "findings": [
299
+ {
300
+ "id": "SEC-001",
301
+ "title": "Descriptive title of the issue",
302
+ "severity": "critical|high|medium|low",
303
+ "category": "security|infrastructure|quality|performance",
304
+ "file": "path/to/file.ts",
305
+ "line": 123,
306
+ "description": "Detailed description of the vulnerability",
307
+ "recommendation": "Specific actionable fix",
308
+ "confidence": 0.95
309
+ }
310
+ ],
311
+
312
+ "positiveObservations": [
313
+ "Good pattern 1 with specific evidence (e.g., 'Rate limiting on /api/chat endpoints')",
314
+ "Good pattern 2 with specific evidence",
315
+ "Good pattern 3 with specific evidence"
316
+ ],
317
+
318
+ "summary": {
319
+ "critical": 0,
320
+ "high": 0,
321
+ "medium": 0,
322
+ "low": 0,
323
+ "total": 0
324
+ }
233
325
  }
234
326
  ```
235
327
 
328
+ **IMPORTANT**: All fields are REQUIRED. Do not skip any field.
329
+
236
330
  ---
237
331
 
238
332
  ## Phase 4: Generate Report
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "coverme-scanner",
3
- "version": "1.7.0",
3
+ "version": "1.7.1",
4
4
  "description": "AI-powered code scanner with multi-agent verification for Claude Code. One command scans everything.",
5
5
  "main": "dist/index.js",
6
6
  "files": [