coverme-scanner 2.0.0 → 2.0.2

package/dist/prompts/coverme-command.md

@@ -336,6 +336,22 @@ grep -r "import.*database\|import.*db" src/controllers/ src/routes/
 
 Create `.coverme/scan.json` with this structure:
 
+### CRITICAL REQUIREMENT
+
+**YOU MUST CREATE DETAILED FINDINGS!**
+
+The `findings` array is **MANDATORY** and must contain:
+- Full finding objects with ALL fields (not just executiveSummary.topRisks)
+- businessImpact with financial/reputation/legal/operational breakdown
+- proofOfConcept with actual exploit code
+- attackChain with step-by-step exploitation
+- quickFix vs properFix with code examples
+- testing instructions (manual + automated)
+- detection methods (commands + indicators)
+- estimatedEffort (human vs claudeCode with ROI)
+
+**DO NOT** create only `executiveSummary.topRisks` - you **MUST** also create full finding objects in the `findings` array!
+
 ### Required Fields
 - `agentCount`: Always `1` (unified agent)
 - `scanDuration`: e.g., "8m 30s" or "512s"
@@ -1258,16 +1274,27 @@ Before finishing:
 
 ## REMEMBER
 
-1. **Silent failures are CRITICAL** - They hide production bugs in payments, auth, data
-2. **Read actual code** - Don't guess, read the files
-3. **Check git history** - Secrets may have been removed but still exposed
-4. **Think like an attacker** - How would you exploit this?
-5. **Be specific** - File:line, code snippets, attack chains
-6. **DREAD + Attack Chain** - Required for critical/high
-7. **Quality over quantity** - 10 solid findings > 50 vague ones
-8. **Architecture matters** - Trust boundaries, data flow, scalability
-9. **Performance impacts security** - N+1 queries → DoS, memory leaks → crashes
-10. **Run `coverme report`** - Not done until HTML opens!
+1. **CREATE DETAILED FINDINGS** - DO NOT just write executiveSummary! You MUST populate the `findings` array with full finding objects!
+2. **Silent failures are CRITICAL** - They hide production bugs in payments, auth, data
+3. **Read actual code** - Don't guess, read the files
+4. **Check git history** - Secrets may have been removed but still exposed
+5. **Think like an attacker** - How would you exploit this?
+6. **Be specific** - File:line, code snippets, attack chains
+7. **DREAD + Attack Chain** - Required for critical/high
+8. **Quality over quantity** - 10 solid findings > 50 vague ones
+9. **Architecture matters** - Trust boundaries, data flow, scalability
+10. **Performance impacts security** - N+1 queries → DoS, memory leaks → crashes
+11. **Include ROI estimates** - human vs claudeCode time for every finding
+12. **Run `coverme report`** - Not done until HTML opens!
+
+---
+
+⚠️ **FINAL CHECK BEFORE SUBMITTING scan.json:**
+
+- [ ] `findings` array contains at least 3-10 detailed finding objects (NOT empty!)
+- [ ] Each finding has businessImpact, proofOfConcept, attackChain, quickFix, properFix, testing, detection, estimatedEffort
+- [ ] executiveSummary.topRisks matches the findings in the findings array
+- [ ] summary counts (critical/high/medium/low) match the findings array length
 
 ---
 

package/dist/templates/report.html

@@ -2587,13 +2587,168 @@
                   <p>{{impact}}</p>
                 </div>
                 {{/if}}
+
+                {{#if businessImpact}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fff5f5 0%, #ffe5e5 100%); border-left: 4px solid #e53e3e;">
+                  <div class="info-label" style="color: #c53030; font-weight: 600;">💰 Business Impact</div>
+                  <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 12px; margin-top: 8px;">
+                    {{#if businessImpact.financial}}
+                    <div><strong style="color: #c53030;">Financial:</strong> {{businessImpact.financial}}</div>
+                    {{/if}}
+                    {{#if businessImpact.reputation}}
+                    <div><strong style="color: #c53030;">Reputation:</strong> {{businessImpact.reputation}}</div>
+                    {{/if}}
+                    {{#if businessImpact.legal}}
+                    <div><strong style="color: #c53030;">Legal:</strong> {{businessImpact.legal}}</div>
+                    {{/if}}
+                    {{#if businessImpact.operational}}
+                    <div><strong style="color: #c53030;">Operational:</strong> {{businessImpact.operational}}</div>
+                    {{/if}}
+                  </div>
+                </div>
+                {{/if}}
+
+                {{#if realWorldExamples}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fff7ed 0%, #ffedd5 100%); border-left: 4px solid #ea580c;">
+                  <div class="info-label" style="color: #c2410c; font-weight: 600;">🌐 Real-World Examples</div>
+                  <ul style="margin: 8px 0 0 0; padding-left: 20px;">
+                    {{#each realWorldExamples}}
+                    <li style="margin: 4px 0; color: #7c2d12;">{{this}}</li>
+                    {{/each}}
+                  </ul>
+                </div>
+                {{/if}}
+
+                {{#if attackChain}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fef3c7 0%, #fde68a 100%); border-left: 4px solid #d97706;">
+                  <div class="info-label" style="color: #92400e; font-weight: 600;">⚔️ Attack Chain</div>
+                  <div style="margin-top: 8px;">
+                    {{#each attackChain}}
+                    <div style="margin: 8px 0; padding: 8px; background: white; border-radius: 6px; border-left: 3px solid #f59e0b;">
+                      <strong style="color: #92400e;">Step {{step}}:</strong> {{action}}
+                      <div style="margin-top: 4px; color: #78350f; font-size: 13px;">→ <em>{{result}}</em></div>
+                    </div>
+                    {{/each}}
+                  </div>
+                </div>
+                {{/if}}
+
                 {{#if code}}
                 <div class="code-block"><code>{{code}}</code></div>
                 {{/if}}
+
+                {{#if proofOfConcept}}
+                <details style="margin: 16px 0; border: 2px solid #dc2626; border-radius: 8px; padding: 12px; background: #fef2f2;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #991b1b;">🎯 Proof of Concept (Click to expand exploit code)</summary>
+                  <div class="code-block" style="margin-top: 12px;"><code>{{proofOfConcept}}</code></div>
+                </details>
+                {{/if}}
+
                 <div class="info-box info-fix">
                   <div class="info-label">Recommendation</div>
                   <p>{{recommendation}}</p>
                 </div>
+
+                {{#if quickFix}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fef9c3 0%, #fef08a 100%); border-left: 4px solid #ca8a04;">
+                  <div class="info-label" style="color: #854d0e; font-weight: 600;">⚡ Quick Fix ({{quickFix.description}})</div>
+                  <div class="code-block" style="margin-top: 8px;"><code>{{quickFix.code}}</code></div>
+                  {{#if quickFix.limitations}}
+                  <p style="margin-top: 8px; padding: 8px; background: white; border-radius: 4px; color: #a16207; font-size: 13px;">
+                    <strong>⚠️ Limitations:</strong> {{quickFix.limitations}}
+                  </p>
+                  {{/if}}
+                </div>
+                {{/if}}
+
+                {{#if properFix}}
+                <div class="info-box" style="background: linear-gradient(135deg, #dcfce7 0%, #bbf7d0 100%); border-left: 4px solid #16a34a;">
+                  <div class="info-label" style="color: #166534; font-weight: 600;">✅ Proper Fix ({{properFix.description}})</div>
+                  <div class="code-block" style="margin-top: 8px;"><code>{{properFix.code}}</code></div>
+                  {{#if properFix.additionalSteps}}
+                  <div style="margin-top: 12px;">
+                    <strong style="color: #166534;">Additional Steps:</strong>
+                    <ul style="margin: 8px 0 0 0; padding-left: 20px;">
+                      {{#each properFix.additionalSteps}}
+                      <li style="margin: 4px 0; color: #14532d;">{{this}}</li>
+                      {{/each}}
+                    </ul>
+                  </div>
+                  {{/if}}
+                </div>
+                {{/if}}
+
+                {{#if testing}}
+                <details style="margin: 16px 0; border: 1px solid #3b82f6; border-radius: 8px; padding: 12px; background: #eff6ff;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #1e40af;">🧪 Testing Instructions</summary>
+                  <div style="margin-top: 12px;">
+                    {{#if testing.description}}
+                    <p style="color: #1e3a8a; margin-bottom: 8px;">{{testing.description}}</p>
+                    {{/if}}
+                    {{#if testing.manual}}
+                    <div style="margin: 8px 0;">
+                      <strong style="color: #1e40af;">Manual Tests:</strong>
+                      <ul style="margin: 4px 0 0 0; padding-left: 20px;">
+                        {{#each testing.manual}}
+                        <li style="margin: 4px 0; color: #1e3a8a;">{{this}}</li>
+                        {{/each}}
+                      </ul>
+                    </div>
+                    {{/if}}
+                    {{#if testing.automated}}
+                    <div style="margin: 12px 0;">
+                      <strong style="color: #1e40af;">Automated Test:</strong>
+                      <div class="code-block" style="margin-top: 4px;"><code>{{testing.automated}}</code></div>
+                    </div>
+                    {{/if}}
+                  </div>
+                </details>
+                {{/if}}
+
+                {{#if detection}}
+                <details style="margin: 16px 0; border: 1px solid #8b5cf6; border-radius: 8px; padding: 12px; background: #faf5ff;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #6b21a8;">🔍 Detection Method (Check if already exploited)</summary>
+                  <div style="margin-top: 12px;">
+                    {{#if detection.description}}
+                    <p style="color: #581c87; margin-bottom: 8px;">{{detection.description}}</p>
+                    {{/if}}
+                    {{#if detection.commands}}
+                    <div class="code-block"><code>{{#each detection.commands}}{{this}}
+{{/each}}</code></div>
+                    {{/if}}
+                    {{#if detection.indicators}}
+                    <div style="margin: 12px 0;">
+                      <strong style="color: #6b21a8;">Indicators of Compromise:</strong>
+                      <ul style="margin: 4px 0 0 0; padding-left: 20px;">
+                        {{#each detection.indicators}}
+                        <li style="margin: 4px 0; color: #581c87;">{{this}}</li>
+                        {{/each}}
+                      </ul>
+                    </div>
+                    {{/if}}
+                  </div>
+                </details>
+                {{/if}}
+
+                {{#if estimatedEffort}}
+                <div class="info-box" style="background: linear-gradient(135deg, #e0f2fe 0%, #bae6fd 100%); border-left: 4px solid #0284c7;">
+                  <div class="info-label" style="color: #075985; font-weight: 600;">⏱️ Fix Time Estimate (Human vs Claude Code)</div>
+                  <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 16px; margin-top: 12px;">
+                    <div style="padding: 12px; background: white; border-radius: 6px; border: 1px solid #7dd3fc;">
+                      <div style="font-size: 11px; color: #0c4a6e; font-weight: 600; margin-bottom: 4px;">👨‍💻 HUMAN DEVELOPER</div>
+                      <div style="font-size: 18px; color: #0369a1; font-weight: 700;">{{estimatedEffort.human}}</div>
+                    </div>
+                    <div style="padding: 12px; background: white; border-radius: 6px; border: 1px solid #0ea5e9;">
+                      <div style="font-size: 11px; color: #0c4a6e; font-weight: 600; margin-bottom: 4px;">🤖 CLAUDE CODE</div>
+                      <div style="font-size: 18px; color: #0284c7; font-weight: 700;">{{estimatedEffort.claudeCode}}</div>
+                    </div>
+                  </div>
+                  <div style="margin-top: 12px; padding: 10px; background: linear-gradient(135deg, #0ea5e9 0%, #0284c7 100%); border-radius: 6px; text-align: center; color: white; font-weight: 700; font-size: 16px;">
+                    🚀 ROI: {{estimatedEffort.roi}}
+                  </div>
+                </div>
+                {{/if}}
+
                 <div class="prompt-box">
                   <div class="prompt-header">
                     <span class="prompt-label">Claude Code Prompt</span>
@@ -3006,13 +3161,168 @@ Solution: {{recommendation}}</div>
                   <p>{{impact}}</p>
                 </div>
                 {{/if}}
+
+                {{#if businessImpact}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fff5f5 0%, #ffe5e5 100%); border-left: 4px solid #e53e3e;">
+                  <div class="info-label" style="color: #c53030; font-weight: 600;">💰 Business Impact</div>
+                  <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 12px; margin-top: 8px;">
+                    {{#if businessImpact.financial}}
+                    <div><strong style="color: #c53030;">Financial:</strong> {{businessImpact.financial}}</div>
+                    {{/if}}
+                    {{#if businessImpact.reputation}}
+                    <div><strong style="color: #c53030;">Reputation:</strong> {{businessImpact.reputation}}</div>
+                    {{/if}}
+                    {{#if businessImpact.legal}}
+                    <div><strong style="color: #c53030;">Legal:</strong> {{businessImpact.legal}}</div>
+                    {{/if}}
+                    {{#if businessImpact.operational}}
+                    <div><strong style="color: #c53030;">Operational:</strong> {{businessImpact.operational}}</div>
+                    {{/if}}
+                  </div>
+                </div>
+                {{/if}}
+
+                {{#if realWorldExamples}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fff7ed 0%, #ffedd5 100%); border-left: 4px solid #ea580c;">
+                  <div class="info-label" style="color: #c2410c; font-weight: 600;">🌐 Real-World Examples</div>
+                  <ul style="margin: 8px 0 0 0; padding-left: 20px;">
+                    {{#each realWorldExamples}}
+                    <li style="margin: 4px 0; color: #7c2d12;">{{this}}</li>
+                    {{/each}}
+                  </ul>
+                </div>
+                {{/if}}
+
+                {{#if attackChain}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fef3c7 0%, #fde68a 100%); border-left: 4px solid #d97706;">
+                  <div class="info-label" style="color: #92400e; font-weight: 600;">⚔️ Attack Chain</div>
+                  <div style="margin-top: 8px;">
+                    {{#each attackChain}}
+                    <div style="margin: 8px 0; padding: 8px; background: white; border-radius: 6px; border-left: 3px solid #f59e0b;">
+                      <strong style="color: #92400e;">Step {{step}}:</strong> {{action}}
+                      <div style="margin-top: 4px; color: #78350f; font-size: 13px;">→ <em>{{result}}</em></div>
+                    </div>
+                    {{/each}}
+                  </div>
+                </div>
+                {{/if}}
+
                 {{#if code}}
                 <div class="code-block"><code>{{code}}</code></div>
                 {{/if}}
+
+                {{#if proofOfConcept}}
+                <details style="margin: 16px 0; border: 2px solid #dc2626; border-radius: 8px; padding: 12px; background: #fef2f2;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #991b1b;">🎯 Proof of Concept (Click to expand exploit code)</summary>
+                  <div class="code-block" style="margin-top: 12px;"><code>{{proofOfConcept}}</code></div>
+                </details>
+                {{/if}}
+
                 <div class="info-box info-fix">
                   <div class="info-label">Recommendation</div>
                   <p>{{recommendation}}</p>
                 </div>
+
+                {{#if quickFix}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fef9c3 0%, #fef08a 100%); border-left: 4px solid #ca8a04;">
+                  <div class="info-label" style="color: #854d0e; font-weight: 600;">⚡ Quick Fix ({{quickFix.description}})</div>
+                  <div class="code-block" style="margin-top: 8px;"><code>{{quickFix.code}}</code></div>
+                  {{#if quickFix.limitations}}
+                  <p style="margin-top: 8px; padding: 8px; background: white; border-radius: 4px; color: #a16207; font-size: 13px;">
+                    <strong>⚠️ Limitations:</strong> {{quickFix.limitations}}
+                  </p>
+                  {{/if}}
+                </div>
+                {{/if}}
+
+                {{#if properFix}}
+                <div class="info-box" style="background: linear-gradient(135deg, #dcfce7 0%, #bbf7d0 100%); border-left: 4px solid #16a34a;">
+                  <div class="info-label" style="color: #166534; font-weight: 600;">✅ Proper Fix ({{properFix.description}})</div>
+                  <div class="code-block" style="margin-top: 8px;"><code>{{properFix.code}}</code></div>
+                  {{#if properFix.additionalSteps}}
+                  <div style="margin-top: 12px;">
+                    <strong style="color: #166534;">Additional Steps:</strong>
+                    <ul style="margin: 8px 0 0 0; padding-left: 20px;">
+                      {{#each properFix.additionalSteps}}
+                      <li style="margin: 4px 0; color: #14532d;">{{this}}</li>
+                      {{/each}}
+                    </ul>
+                  </div>
+                  {{/if}}
+                </div>
+                {{/if}}
+
+                {{#if testing}}
+                <details style="margin: 16px 0; border: 1px solid #3b82f6; border-radius: 8px; padding: 12px; background: #eff6ff;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #1e40af;">🧪 Testing Instructions</summary>
+                  <div style="margin-top: 12px;">
+                    {{#if testing.description}}
+                    <p style="color: #1e3a8a; margin-bottom: 8px;">{{testing.description}}</p>
+                    {{/if}}
+                    {{#if testing.manual}}
+                    <div style="margin: 8px 0;">
+                      <strong style="color: #1e40af;">Manual Tests:</strong>
+                      <ul style="margin: 4px 0 0 0; padding-left: 20px;">
+                        {{#each testing.manual}}
+                        <li style="margin: 4px 0; color: #1e3a8a;">{{this}}</li>
+                        {{/each}}
+                      </ul>
+                    </div>
+                    {{/if}}
+                    {{#if testing.automated}}
+                    <div style="margin: 12px 0;">
+                      <strong style="color: #1e40af;">Automated Test:</strong>
+                      <div class="code-block" style="margin-top: 4px;"><code>{{testing.automated}}</code></div>
+                    </div>
+                    {{/if}}
+                  </div>
+                </details>
+                {{/if}}
+
+                {{#if detection}}
+                <details style="margin: 16px 0; border: 1px solid #8b5cf6; border-radius: 8px; padding: 12px; background: #faf5ff;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #6b21a8;">🔍 Detection Method (Check if already exploited)</summary>
+                  <div style="margin-top: 12px;">
+                    {{#if detection.description}}
+                    <p style="color: #581c87; margin-bottom: 8px;">{{detection.description}}</p>
+                    {{/if}}
+                    {{#if detection.commands}}
+                    <div class="code-block"><code>{{#each detection.commands}}{{this}}
+{{/each}}</code></div>
+                    {{/if}}
+                    {{#if detection.indicators}}
+                    <div style="margin: 12px 0;">
+                      <strong style="color: #6b21a8;">Indicators of Compromise:</strong>
+                      <ul style="margin: 4px 0 0 0; padding-left: 20px;">
+                        {{#each detection.indicators}}
+                        <li style="margin: 4px 0; color: #581c87;">{{this}}</li>
+                        {{/each}}
+                      </ul>
+                    </div>
+                    {{/if}}
+                  </div>
+                </details>
+                {{/if}}
+
+                {{#if estimatedEffort}}
+                <div class="info-box" style="background: linear-gradient(135deg, #e0f2fe 0%, #bae6fd 100%); border-left: 4px solid #0284c7;">
+                  <div class="info-label" style="color: #075985; font-weight: 600;">⏱️ Fix Time Estimate (Human vs Claude Code)</div>
+                  <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 16px; margin-top: 12px;">
+                    <div style="padding: 12px; background: white; border-radius: 6px; border: 1px solid #7dd3fc;">
+                      <div style="font-size: 11px; color: #0c4a6e; font-weight: 600; margin-bottom: 4px;">👨‍💻 HUMAN DEVELOPER</div>
+                      <div style="font-size: 18px; color: #0369a1; font-weight: 700;">{{estimatedEffort.human}}</div>
+                    </div>
+                    <div style="padding: 12px; background: white; border-radius: 6px; border: 1px solid #0ea5e9;">
+                      <div style="font-size: 11px; color: #0c4a6e; font-weight: 600; margin-bottom: 4px;">🤖 CLAUDE CODE</div>
+                      <div style="font-size: 18px; color: #0284c7; font-weight: 700;">{{estimatedEffort.claudeCode}}</div>
+                    </div>
+                  </div>
+                  <div style="margin-top: 12px; padding: 10px; background: linear-gradient(135deg, #0ea5e9 0%, #0284c7 100%); border-radius: 6px; text-align: center; color: white; font-weight: 700; font-size: 16px;">
+                    🚀 ROI: {{estimatedEffort.roi}}
+                  </div>
+                </div>
+                {{/if}}
+
                 <div class="prompt-box">
                   <div class="prompt-header">
                     <span class="prompt-label">Claude Code Prompt</span>
@@ -3063,13 +3373,168 @@ Solution: {{recommendation}}</div>
                   <p>{{impact}}</p>
                 </div>
                 {{/if}}
+
+                {{#if businessImpact}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fff5f5 0%, #ffe5e5 100%); border-left: 4px solid #e53e3e;">
+                  <div class="info-label" style="color: #c53030; font-weight: 600;">💰 Business Impact</div>
+                  <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 12px; margin-top: 8px;">
+                    {{#if businessImpact.financial}}
+                    <div><strong style="color: #c53030;">Financial:</strong> {{businessImpact.financial}}</div>
+                    {{/if}}
+                    {{#if businessImpact.reputation}}
+                    <div><strong style="color: #c53030;">Reputation:</strong> {{businessImpact.reputation}}</div>
+                    {{/if}}
+                    {{#if businessImpact.legal}}
+                    <div><strong style="color: #c53030;">Legal:</strong> {{businessImpact.legal}}</div>
+                    {{/if}}
+                    {{#if businessImpact.operational}}
+                    <div><strong style="color: #c53030;">Operational:</strong> {{businessImpact.operational}}</div>
+                    {{/if}}
+                  </div>
+                </div>
+                {{/if}}
+
+                {{#if realWorldExamples}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fff7ed 0%, #ffedd5 100%); border-left: 4px solid #ea580c;">
+                  <div class="info-label" style="color: #c2410c; font-weight: 600;">🌐 Real-World Examples</div>
+                  <ul style="margin: 8px 0 0 0; padding-left: 20px;">
+                    {{#each realWorldExamples}}
+                    <li style="margin: 4px 0; color: #7c2d12;">{{this}}</li>
+                    {{/each}}
+                  </ul>
+                </div>
+                {{/if}}
+
+                {{#if attackChain}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fef3c7 0%, #fde68a 100%); border-left: 4px solid #d97706;">
+                  <div class="info-label" style="color: #92400e; font-weight: 600;">⚔️ Attack Chain</div>
+                  <div style="margin-top: 8px;">
+                    {{#each attackChain}}
+                    <div style="margin: 8px 0; padding: 8px; background: white; border-radius: 6px; border-left: 3px solid #f59e0b;">
+                      <strong style="color: #92400e;">Step {{step}}:</strong> {{action}}
+                      <div style="margin-top: 4px; color: #78350f; font-size: 13px;">→ <em>{{result}}</em></div>
+                    </div>
+                    {{/each}}
+                  </div>
+                </div>
+                {{/if}}
+
                 {{#if code}}
                 <div class="code-block"><code>{{code}}</code></div>
                 {{/if}}
+
+                {{#if proofOfConcept}}
+                <details style="margin: 16px 0; border: 2px solid #dc2626; border-radius: 8px; padding: 12px; background: #fef2f2;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #991b1b;">🎯 Proof of Concept (Click to expand exploit code)</summary>
+                  <div class="code-block" style="margin-top: 12px;"><code>{{proofOfConcept}}</code></div>
+                </details>
+                {{/if}}
+
                 <div class="info-box info-fix">
                   <div class="info-label">Recommendation</div>
                   <p>{{recommendation}}</p>
                 </div>
+
+                {{#if quickFix}}
+                <div class="info-box" style="background: linear-gradient(135deg, #fef9c3 0%, #fef08a 100%); border-left: 4px solid #ca8a04;">
+                  <div class="info-label" style="color: #854d0e; font-weight: 600;">⚡ Quick Fix ({{quickFix.description}})</div>
+                  <div class="code-block" style="margin-top: 8px;"><code>{{quickFix.code}}</code></div>
+                  {{#if quickFix.limitations}}
+                  <p style="margin-top: 8px; padding: 8px; background: white; border-radius: 4px; color: #a16207; font-size: 13px;">
+                    <strong>⚠️ Limitations:</strong> {{quickFix.limitations}}
+                  </p>
+                  {{/if}}
+                </div>
+                {{/if}}
+
+                {{#if properFix}}
+                <div class="info-box" style="background: linear-gradient(135deg, #dcfce7 0%, #bbf7d0 100%); border-left: 4px solid #16a34a;">
+                  <div class="info-label" style="color: #166534; font-weight: 600;">✅ Proper Fix ({{properFix.description}})</div>
+                  <div class="code-block" style="margin-top: 8px;"><code>{{properFix.code}}</code></div>
+                  {{#if properFix.additionalSteps}}
+                  <div style="margin-top: 12px;">
+                    <strong style="color: #166534;">Additional Steps:</strong>
+                    <ul style="margin: 8px 0 0 0; padding-left: 20px;">
+                      {{#each properFix.additionalSteps}}
+                      <li style="margin: 4px 0; color: #14532d;">{{this}}</li>
+                      {{/each}}
+                    </ul>
+                  </div>
+                  {{/if}}
+                </div>
+                {{/if}}
+
+                {{#if testing}}
+                <details style="margin: 16px 0; border: 1px solid #3b82f6; border-radius: 8px; padding: 12px; background: #eff6ff;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #1e40af;">🧪 Testing Instructions</summary>
+                  <div style="margin-top: 12px;">
+                    {{#if testing.description}}
+                    <p style="color: #1e3a8a; margin-bottom: 8px;">{{testing.description}}</p>
+                    {{/if}}
+                    {{#if testing.manual}}
+                    <div style="margin: 8px 0;">
+                      <strong style="color: #1e40af;">Manual Tests:</strong>
+                      <ul style="margin: 4px 0 0 0; padding-left: 20px;">
+                        {{#each testing.manual}}
+                        <li style="margin: 4px 0; color: #1e3a8a;">{{this}}</li>
+                        {{/each}}
+                      </ul>
+                    </div>
+                    {{/if}}
+                    {{#if testing.automated}}
+                    <div style="margin: 12px 0;">
+                      <strong style="color: #1e40af;">Automated Test:</strong>
+                      <div class="code-block" style="margin-top: 4px;"><code>{{testing.automated}}</code></div>
+                    </div>
+                    {{/if}}
+                  </div>
+                </details>
+                {{/if}}
+
+                {{#if detection}}
+                <details style="margin: 16px 0; border: 1px solid #8b5cf6; border-radius: 8px; padding: 12px; background: #faf5ff;">
+                  <summary style="cursor: pointer; font-weight: 600; color: #6b21a8;">🔍 Detection Method (Check if already exploited)</summary>
+                  <div style="margin-top: 12px;">
+                    {{#if detection.description}}
+                    <p style="color: #581c87; margin-bottom: 8px;">{{detection.description}}</p>
+                    {{/if}}
+                    {{#if detection.commands}}
+                    <div class="code-block"><code>{{#each detection.commands}}{{this}}
+{{/each}}</code></div>
+                    {{/if}}
+                    {{#if detection.indicators}}
+                    <div style="margin: 12px 0;">
+                      <strong style="color: #6b21a8;">Indicators of Compromise:</strong>
+                      <ul style="margin: 4px 0 0 0; padding-left: 20px;">
+                        {{#each detection.indicators}}
+                        <li style="margin: 4px 0; color: #581c87;">{{this}}</li>
+                        {{/each}}
+                      </ul>
+                    </div>
+                    {{/if}}
+                  </div>
+                </details>
+                {{/if}}
+
+                {{#if estimatedEffort}}
+                <div class="info-box" style="background: linear-gradient(135deg, #e0f2fe 0%, #bae6fd 100%); border-left: 4px solid #0284c7;">
+                  <div class="info-label" style="color: #075985; font-weight: 600;">⏱️ Fix Time Estimate (Human vs Claude Code)</div>
+                  <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 16px; margin-top: 12px;">
+                    <div style="padding: 12px; background: white; border-radius: 6px; border: 1px solid #7dd3fc;">
+                      <div style="font-size: 11px; color: #0c4a6e; font-weight: 600; margin-bottom: 4px;">👨‍💻 HUMAN DEVELOPER</div>
+                      <div style="font-size: 18px; color: #0369a1; font-weight: 700;">{{estimatedEffort.human}}</div>
+                    </div>
+                    <div style="padding: 12px; background: white; border-radius: 6px; border: 1px solid #0ea5e9;">
+                      <div style="font-size: 11px; color: #0c4a6e; font-weight: 600; margin-bottom: 4px;">🤖 CLAUDE CODE</div>
+                      <div style="font-size: 18px; color: #0284c7; font-weight: 700;">{{estimatedEffort.claudeCode}}</div>
+                    </div>
+                  </div>
+                  <div style="margin-top: 12px; padding: 10px; background: linear-gradient(135deg, #0ea5e9 0%, #0284c7 100%); border-radius: 6px; text-align: center; color: white; font-weight: 700; font-size: 16px;">
+                    🚀 ROI: {{estimatedEffort.roi}}
+                  </div>
+                </div>
+                {{/if}}
+
                 <div class="prompt-box">
                   <div class="prompt-header">
                     <span class="prompt-label">Claude Code Prompt</span>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coverme-scanner",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "AI-powered code scanner with multi-agent verification for Claude Code. One command scans everything.",
   "main": "dist/index.js",
   "files": [