coverme-scanner 1.8.0 → 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +52 -35
- package/dist/cli/init.js.map +1 -1
- package/dist/prompts/coverme-command.md +2086 -124
- package/package.json +2 -2
package/dist/cli/init.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAqM9D"}
|
package/dist/cli/init.js
CHANGED
|
@@ -633,18 +633,35 @@ async function init(options) {
|
|
|
633
633
|
const covermePermissions = {
|
|
634
634
|
permissions: {
|
|
635
635
|
allow: [
|
|
636
|
+
// Basic file operations
|
|
636
637
|
"Bash(mkdir:*)",
|
|
637
638
|
"Bash(ls:*)",
|
|
638
639
|
"Bash(cat:*)",
|
|
639
640
|
"Bash(cp:*)",
|
|
641
|
+
"Bash(head:*)",
|
|
642
|
+
"Bash(tail:*)",
|
|
643
|
+
"Bash(wc:*)",
|
|
644
|
+
// Search and discovery
|
|
645
|
+
"Bash(find:*)",
|
|
646
|
+
"Bash(grep:*)",
|
|
647
|
+
"Bash(sort:*)",
|
|
648
|
+
"Bash(xargs:*)",
|
|
649
|
+
// Git operations
|
|
650
|
+
"Bash(git ls-files:*)",
|
|
651
|
+
"Bash(git log:*)",
|
|
652
|
+
"Bash(git status:*)",
|
|
653
|
+
"Bash(git diff:*)",
|
|
654
|
+
"Bash(git check-ignore:*)",
|
|
655
|
+
// Time and utils
|
|
640
656
|
"Bash(date:*)",
|
|
657
|
+
"Bash(echo:*)",
|
|
658
|
+
// Report generation
|
|
641
659
|
"Bash(npx coverme*:*)",
|
|
642
660
|
"Bash(npx coverme-scanner*:*)",
|
|
643
661
|
"Bash(open:*)",
|
|
644
|
-
|
|
645
|
-
"Bash(git log:*)",
|
|
646
|
-
"Bash(grep:*)",
|
|
662
|
+
// SSH for runtime verification
|
|
647
663
|
"Bash(ssh:*)",
|
|
664
|
+
// .coverme directory access
|
|
648
665
|
"Read(.coverme/*)",
|
|
649
666
|
"Write(.coverme/*)",
|
|
650
667
|
"Edit(.coverme/*)"
|
|
@@ -674,30 +691,6 @@ async function init(options) {
|
|
|
674
691
|
};
|
|
675
692
|
fs.writeFileSync(settingsPath, JSON.stringify(mergedSettings, null, 2));
|
|
676
693
|
console.log(`Created/updated: ${settingsPath} with coverme permissions`);
|
|
677
|
-
// Install subagents
|
|
678
|
-
const agentsDir = path.join(process.cwd(), '.claude', 'agents');
|
|
679
|
-
if (!fs.existsSync(agentsDir)) {
|
|
680
|
-
fs.mkdirSync(agentsDir, { recursive: true });
|
|
681
|
-
}
|
|
682
|
-
const subagentFiles = [
|
|
683
|
-
'security-scanner.md',
|
|
684
|
-
'infra-scanner.md',
|
|
685
|
-
'quality-scanner.md',
|
|
686
|
-
'business-scanner.md',
|
|
687
|
-
'validator.md',
|
|
688
|
-
'executive.md'
|
|
689
|
-
];
|
|
690
|
-
const distAgentsDir = path.join(__dirname, '..', 'agents');
|
|
691
|
-
for (const agentFile of subagentFiles) {
|
|
692
|
-
const sourcePath = path.join(distAgentsDir, agentFile);
|
|
693
|
-
const targetPath = path.join(agentsDir, agentFile);
|
|
694
|
-
if (fs.existsSync(sourcePath)) {
|
|
695
|
-
if (!fs.existsSync(targetPath) || options.force) {
|
|
696
|
-
fs.copyFileSync(sourcePath, targetPath);
|
|
697
|
-
console.log(`${options.force ? 'Updated' : 'Created'}: ${targetPath}`);
|
|
698
|
-
}
|
|
699
|
-
}
|
|
700
|
-
}
|
|
701
694
|
console.log(`
|
|
702
695
|
================================================================================
|
|
703
696
|
COVERME INSTALLED
|
|
@@ -706,16 +699,31 @@ async function init(options) {
|
|
|
706
699
|
Usage:
|
|
707
700
|
1. Open Claude Code in your project
|
|
708
701
|
2. Type /coverme and press Enter
|
|
709
|
-
3. Wait for the scan to complete (
|
|
702
|
+
3. Wait for the scan to complete (22 AI agents!)
|
|
710
703
|
4. Report opens automatically in your browser
|
|
711
704
|
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
-
|
|
705
|
+
What it scans (22 specialized agents):
|
|
706
|
+
Phase 1 - Discovery (10 parallel agents):
|
|
707
|
+
SEC - OWASP Top 10, injection, XSS, crypto
|
|
708
|
+
AUTH - OAuth/JWT/session, cookies, password reset
|
|
709
|
+
API - Input validation, rate limiting, CORS, webhooks
|
|
710
|
+
INFRA - Docker, K8s, Helm, CI/CD, cloud
|
|
711
|
+
DATA - PII, GDPR, secrets, encryption
|
|
712
|
+
AI - Prompt injection, jailbreaks (if AI code exists)
|
|
713
|
+
PERF - N+1, ReDoS, memory leaks, DoS vectors
|
|
714
|
+
BIZ - Race conditions, workflow bypass, financial
|
|
715
|
+
QUAL - Complexity, DRY, anti-patterns, errors
|
|
716
|
+
TEST - Coverage, reliability, observability
|
|
717
|
+
|
|
718
|
+
Phase 2 - Cross-Validation (3 validators):
|
|
719
|
+
Validator A - False positive hunter
|
|
720
|
+
Validator B - Evidence challenger
|
|
721
|
+
Validator C - Missing issues hunter
|
|
722
|
+
|
|
723
|
+
Phase 3 - Deep Analysis (9 specialized agents):
|
|
724
|
+
REDIS, RESIL, PII, DEAD, DB, ARCH, DESIGN, CTX, ENC
|
|
725
|
+
|
|
726
|
+
Phase 4 - Executive Summary & Positive Observations
|
|
719
727
|
|
|
720
728
|
Reports saved to: .coverme/
|
|
721
729
|
- report_YYYY-MM-DD_HH-MM-SS.html
|
|
@@ -726,6 +734,15 @@ Custom Agents:
|
|
|
726
734
|
coverme agent list
|
|
727
735
|
coverme agent remove "John"
|
|
728
736
|
|
|
737
|
+
Runtime Verification (Optional):
|
|
738
|
+
Compare your actual runtime environment against code configuration.
|
|
739
|
+
Catches issues like "Dockerfile says USER appuser but container runs as root"
|
|
740
|
+
|
|
741
|
+
coverme verify setup --host user@server.com --name production
|
|
742
|
+
coverme verify list
|
|
743
|
+
|
|
744
|
+
Once configured, /coverme will automatically SSH and verify runtime.
|
|
745
|
+
|
|
729
746
|
The .coverme/ folder is automatically added to .gitignore
|
|
730
747
|
|
|
731
748
|
================================================================================
|
package/dist/cli/init.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwhBA,
|
|
1
|
+
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwhBA,oBAqMC;AA7tBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAOzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6gBrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEvD,iDAAiD;IACjD,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,wBAAwB,WAAW,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,oDAAoD;QACpD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;QACpF,IAAI,cAAc,GAAG,aAAa,CAAC;QAEnC,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACnC,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG;QACzB,WAAW,EAAE;YACX,KAAK,EAAE;gBACL,wBAAwB;gBACxB,eAAe;gBACf,YAAY;gBACZ,aAAa;gBACb,YAAY;gBACZ,cAAc;gBACd,cAAc;gBACd,YAAY;gBACZ,uBAAuB;gBACvB,cAAc;gBACd,cAAc;gBACd,cAAc;gBACd,eAAe;gBACf,iBAAiB;gBACjB,sBAAsB;gBACtB,iBAAiB;gBACjB,oBAAoB;gBACpB,kBAAkB;gBAClB,0BAA0B;gBAC1B,iBAAiB;gBACjB,cAAc;gBACd,cAAc;gBACd,oBAAoB;gBACpB,sBAAsB;gBACtB,8BAA8B;gBAC9B,cAAc;gBACd,+BAA+B;gBAC/B,aAAa;gBACb,4BAA4B;gBAC5B,kBAAkB;gBAClB,mBAAmB;gBACnB,kBAAkB;aACnB;SACF;KACF,CAAC;IAEF,0CAA0C;IAC1C,IAAI,gBAAgB,GAAQ,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAG;QACrB,GAAG,gBAAgB;QACnB,WAAW,EAAE;YACX,GAAG,gBAAgB,CAAC,WAAW;YAC/B,KAAK,EAAE;gBACL,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC9C,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK;aACxC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD;KACF,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,2BAA2B,CAAC,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuDb,CAAC,CAAC;AACH,CAAC"}
|