npm - coverme-scanner - Versions diffs - 4.0.4 → 4.1.0 - Mend

coverme-scanner 4.0.4 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/prompts/coverme-command.md +59 -534
package/dist/report/index.d.ts.map +1 -1
package/dist/report/index.js +137 -0
package/dist/report/index.js.map +1 -1
package/dist/templates/scan-template.json +27 -0
package/package.json +1 -1

package/dist/prompts/coverme-command.md CHANGED Viewed

@@ -1,583 +1,108 @@
-# CoverMe - Ultimate AI Security Scanner v4.0
+# CoverMe Security Scanner v4.1
-The most comprehensive AI-powered code scanner. **33 specialized agents** including 9 AI-code-specific detectors + adversarial review.
+Fast AI-powered security scanner with template-based output.
 $ARGUMENTS
-## CRITICAL INSTRUCTIONS
-1. **DO NOT ASK ANY QUESTIONS** - Run autonomously
-2. **DO NOT STOP FOR CONFIRMATION** - Keep going
-3. **COMPLETE EVERYTHING** - All phases without interruption
-4. **AGENTS WRITE TO FILES** - Each agent writes results to `.coverme/agents/{ID}.json`
-5. **AGENTS RETURN ONLY "done" or "skipped"** - Never return findings in response
+## CRITICAL: Follow these steps exactly
 ---
-## Phase 0: Setup
+## Step 1: Setup
 ```bash
-mkdir -p .coverme/agents
-rm -f .coverme/agents/*.json 2>/dev/null
-```
-Get project stats:
-```bash
-FILES=$(find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.py" -o -name "*.go" \) -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/dist/*" 2>/dev/null | wc -l | tr -d ' ')
-LINES=$(find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.py" \) -not -path "*/node_modules/*" -not -path "*/dist/*" 2>/dev/null | head -50 | xargs wc -l 2>/dev/null | tail -1 | awk '{print $1}')
-echo "Files: $FILES, Lines: ~$LINES"
+mkdir -p .coverme
 ```
 ---
-## Phase 1: Launch 33 Agents (parallel, background)
-**CRITICAL**: Each agent MUST:
-1. Scan the codebase for its specific issues
-2. Write findings to `.coverme/agents/{PREFIX}.json`
-3. Return ONLY the word "done" or "skipped" - NOTHING ELSE
-Launch ALL with `run_in_background: true`:
-### Agent 1: SEC - Security Core
-```
-Scan for: SQL injection, XSS, command injection, SSTI, hardcoded secrets, weak crypto.
-Write to .coverme/agents/SEC.json:
-[{"id":"SEC-001","title":"...","severity":"critical|high|medium|low","file":"...","line":N,"description":"...","recommendation":"..."}]
-Return ONLY: "done" or "skipped"
-```
-### Agent 2: AUTH - Authentication
-```
-Scan for: JWT issues, session problems, OAuth flaws, weak passwords, missing MFA.
-Write to .coverme/agents/AUTH.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 3: API - API Security
-```
-Scan for: CORS issues, rate limiting, input validation, mass assignment, GraphQL issues.
-Write to .coverme/agents/API.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 4: INFRA - Infrastructure
-```
-Scan for: Docker issues, K8s misconfig, CI/CD secrets, cloud misconfig.
-Write to .coverme/agents/INFRA.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 5: DATA - Data & Privacy
-```
-Scan for: PII exposure, GDPR issues, unencrypted data.
-Write to .coverme/agents/DATA.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 5b: SECRETS - Smart Credentials Analysis
-```
-Scan for credentials/secrets WITH CONTEXT ANALYSIS:
-1. **Find all potential secrets**: API keys, tokens, passwords, connection strings
-2. **For EACH secret found, analyze context**:
-   - Is it in .env file? Check if .env is in .gitignore
-   - Is it a sandbox/test/playground key? (look for prefixes: sk_test_, sandbox_, demo_, etc.)
-   - Is the domain a test domain? (localhost, *.test, staging.*, sandbox.*)
-   - Is there a .env.example suggesting this is dev setup?
-   - Is the secret expired? (look for expiry dates, old timestamps)
-   - Is it in a test file?
-3. **Rate severity based on context**:
-   - CRITICAL: Production secret in code, not in .env, not gitignored
-   - HIGH: Real credentials but only in .env (still bad if committed)
-   - MEDIUM: Sandbox/test credentials (may still expire and break things)
-   - LOW: Demo/example credentials clearly marked as such
-   - INFO: Placeholder values like "your-api-key-here"
-4. **Smart recommendations**:
-   - If sandbox key: "Sandbox key detected. Consider rotating if published to repo. Current risk: LOW"
-   - If .env is gitignored: "Secret properly isolated in .env. Verify .env is not committed to git history"
-   - If expired: "Key may be expired (created > 1 year ago). Test and rotate"
-Write to .coverme/agents/SECRETS.json with:
-[{"id":"SECRETS-001","title":"AWS credentials in .env","severity":"medium","file":".env","line":5,"context":{"inGitignore":true,"isPlayground":true,"hasEnvExample":true},"recommendation":"Sandbox credentials properly isolated. Consider rotation schedule."}]
-Return ONLY: "done" or "skipped"
-```
-### Agent 6: AI - AI/LLM Security
-```
-FIRST: Check if AI code exists (openai, anthropic, langchain, etc.)
-If no AI code: Write {"skipped":true} and return "skipped"
-If AI code: Scan for prompt injection, data leakage, output validation.
-Write to .coverme/agents/AI.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 7: PERF - Performance & DoS
-```
-Scan for: ReDoS, N+1 queries, memory leaks, unbounded operations.
-Write to .coverme/agents/PERF.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 8: BIZ - Business Logic
-```
-Scan for: Race conditions, TOCTOU, workflow bypass, financial issues.
-Write to .coverme/agents/BIZ.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 9: QUAL - Code Quality
-```
-Scan for: High complexity, dead code, anti-patterns.
-Write to .coverme/agents/QUAL.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 9b: SILENT - Silent Failures (CRITICAL)
-```
-Scan SPECIFICALLY for silent error handling patterns:
-1. **Empty catch blocks**: catch(e) {} or catch { }
-2. **Swallowed errors**: catch(e) { console.log(e) } without rethrow
-3. **Silent fallbacks**: catch(e) { return null } or catch => defaultValue
-4. **Optional chaining abuse**: data?.field?.value without fallback handling
-5. **Nullish coalescing hiding errors**: value ?? {} or value || []
-6. **Promise swallowing**: .catch(() => {}) or .catch(() => null)
-7. **Try without meaningful catch**: try { ... } catch { /* ignore */ }
-8. **Default returns in catch**: catch(e) { return [] } hiding failures
-9. **Logging without action**: catch(e) { logger.error(e); return default }
-10. **Conditional silent fails**: if (!result) return; without error
-For EACH finding, rate severity:
-- CRITICAL: Payment/auth/security code with silent failure
-- HIGH: Data operations that silently return empty/default
-- MEDIUM: API calls that swallow errors
-- LOW: Non-critical utility functions
-Write to .coverme/agents/SILENT.json with format:
-[{"id":"SILENT-001","title":"Silent failure in payment processing","severity":"critical","file":"src/payments/charge.ts","line":45,"code":"catch(e) { return { success: false } }","impact":"Payment failures go undetected","recommendation":"Throw PaymentError and alert on-call"}]
-Return ONLY: "done" or "skipped"
-```
-### Agent 10: TEST - Testing
-```
-Scan for: Missing tests on critical paths, mocked security, no E2E.
-Write to .coverme/agents/TEST.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 11: REDIS - Cache Security
-```
-FIRST: Check if Redis/cache code exists.
-If not: Write {"skipped":true} and return "skipped"
-If yes: Scan for dangerous commands, auth issues, race conditions.
-Write to .coverme/agents/REDIS.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 12: RESIL - Resilience
-```
-Scan for: Missing circuit breakers, no timeouts, no retries.
-NOTE: For silent fallbacks, see Agent 9b (SILENT) which handles those specifically.
-Write to .coverme/agents/RESIL.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 13: PII - PII Scanner
-```
-Scan for: PII in logs, PII in URLs, unencrypted PII, missing GDPR controls.
-Write to .coverme/agents/PII.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 14: DEAD - Dead Code
-```
-Scan for: Unused functions, unused deps, commented code, TODO/FIXME.
-Write to .coverme/agents/DEAD.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 15: DB - Database Security
-```
-Scan for: SQL injection, NoSQL injection, missing RLS, exposed connections.
-Write to .coverme/agents/DB.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 16: ARCH - Architecture
-```
-Scan for: Internal endpoints exposed, missing mTLS, network issues.
-Write to .coverme/agents/ARCH.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 17: DESIGN - Design Decisions
-```
-Find documented design decisions that might look like bugs (intentional patterns).
-Write to .coverme/agents/DESIGN.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 18: CTX - Context Validator
-```
-For critical findings from other agents, check deployment context.
-Write to .coverme/agents/CTX.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 19: ENC - Enclave Security
-```
-FIRST: Check if enclave/TEE code exists.
-If not: Write {"skipped":true} and return "skipped"
-If yes: Scan for attestation issues.
-Write to .coverme/agents/ENC.json
-Return ONLY: "done" or "skipped"
-```
-### Agent 20: EXEC - Executive Summary
-```
-After scanning, generate executive summary with top risks and positives.
-Write to .coverme/agents/EXEC.json
-Return ONLY: "done"
-```
+## Step 2: Copy Template
-### Agent 21: DUP - Duplicate Finder
-```
-Find existing solutions in codebase that could fix other findings.
-Write to .coverme/agents/DUP.json
-Return ONLY: "done" or "skipped"
-```
+Read and copy this template to .coverme/scan.json:
-### Agent 22: POSITIVE - Good Patterns
-```
-Find positive security patterns and good practices in the codebase.
-Write to .coverme/agents/POSITIVE.json
-Return ONLY: "done"
+```json
+{
+  "project": "PROJECT_NAME_HERE",
+  "date": "YYYY-MM-DD",
+  "branch": "BRANCH_NAME",
+  "scope": "X files, ~Y lines",
+  "summary": { "critical": 0, "high": 0, "medium": 0, "low": 0, "total": 0 },
+  "overallRiskLevel": "critical|high|medium|low",
+  "executiveSummary": "2-3 sentence summary of security posture",
+  "topPriorities": [
+    { "finding": "Description", "severity": "critical", "action": "What to do" }
+  ],
+  "criticalFindings": [
+    { "id": "CRIT-01", "title": "Title", "file": "path/file.ts", "line": 123, "description": "What's wrong", "recommendation": "How to fix" }
+  ],
+  "highFindings": [],
+  "mediumFindings": [],
+  "lowFindings": [],
+  "positiveObservations": [
+    { "title": "Good thing found", "description": "Why it's good" }
+  ]
+}
 ```
 ---
-## AI-Generated Code Detection Agents (23-31)
+## Step 3: Scan Codebase (5-7 parallel agents)
-These agents specifically target vulnerabilities common in AI-generated code.
+Launch these agents in PARALLEL using Task tool with run_in_background:true:
-### Agent 23: ASSUME - AI Assumptions (CRITICAL)
+### Agent A: Critical Security
 ```
-AI code makes dangerous implicit assumptions. Scan for:
-1. **Non-null assertions**: data!.field, user!.id (TypeScript !)
-2. **Unsafe casts**: as any, as unknown, type assertions without validation
-3. **Unvalidated JSON**: JSON.parse() without try/catch or schema validation
-4. **Trusted input**: req.body used directly without validation (zod, joi, yup)
-5. **Array assumptions**: arr[0] without checking length, arr.map without null check
-6. **Object assumptions**: obj.field without checking obj exists
-7. **Destructuring without defaults**: const {a, b} = data (what if data is null?)
-8. **Assumed authentication**: Routes using req.user without auth middleware
-9. **Assumed types**: parseInt(x) without NaN check, Number(x) used blindly
-10. **Assumed existence**: await db.findOne() used without null check
-Severity:
-- CRITICAL: Auth/payment code with assumptions
-- HIGH: Data mutation with unchecked input
-- MEDIUM: API responses with assumptions
-- LOW: Internal utility code
-Write to .coverme/agents/ASSUME.json:
-[{"id":"ASSUME-001","title":"Unvalidated req.body in user update","severity":"high","file":"src/api/users.ts","line":45,"code":"const { email, name } = req.body","assumption":"Input is valid object with email and name","exploit":"Send malformed JSON or missing fields","recommendation":"Add zod schema validation"}]
-Return ONLY: "done" or "skipped"
+Find CRITICAL issues: hardcoded secrets, SQL injection, command injection, auth bypass.
+Return JSON array of findings with: id, title, file, line, description, recommendation
 ```
-### Agent 24: TRUST - Trust Boundary Violations (CRITICAL)
+### Agent B: High Security
 ```
-AI rarely identifies trust boundaries. Scan for:
-1. **Missing auth middleware**: app.post/get/put/delete without auth check
-2. **Admin routes unprotected**: /admin/*, /internal/* without role check
-3. **Internal service exposure**: Internal APIs accessible from public routes
-4. **Header trust**: Using x-user-id, x-role from headers without verification
-5. **Forwarded input**: User input passed to internal services without sanitization
-6. **Missing role checks**: Actions performed without checking user.role
-7. **Tenant isolation missing**: Multi-tenant data accessed without tenant filter
-8. **Service-to-service trust**: Internal calls without mTLS or API keys
-9. **Webhook endpoints**: /webhook/* without signature verification
-10. **File upload paths**: User-controlled paths without sanitization
-For each finding, identify:
-- What trust boundary is violated
-- Who can exploit it (anonymous, authenticated, admin)
-- What they can access/do
-Write to .coverme/agents/TRUST.json:
-[{"id":"TRUST-001","title":"Admin endpoint without role check","severity":"critical","file":"src/routes/admin.ts","line":12,"code":"app.post('/admin/delete-user', async (req,res) => { await deleteUser(req.body.id) })","boundary":"Admin actions accessible to any authenticated user","exploit":"Any logged-in user can delete other users","recommendation":"Add requireRole('admin') middleware"}]
-Return ONLY: "done" or "skipped"
+Find HIGH issues: XSS, CSRF missing, weak crypto, insecure sessions, IDOR.
+Return JSON array of findings.
 ```
-### Agent 25: PARTIAL - Partial Security Implementation
+### Agent C: Medium Issues
 ```
-AI implements "half security" - looks secure but isn't. Scan for:
-1. **bcrypt without proper cost**: bcrypt.hash(pwd, 1) or no salt rounds
-2. **JWT without expiration**: jwt.sign() without expiresIn
-3. **JWT without verification**: jwt.decode() instead of jwt.verify()
-4. **Rate limiting without IP**: Rate limit by user but not IP (pre-auth attacks)
-5. **CSRF token generated but not checked**: Token created but middleware missing
-6. **CORS with wildcard**: Access-Control-Allow-Origin: * with credentials
-7. **Helmet without CSP**: Using helmet() but no Content-Security-Policy
-8. **HTTPS redirect missing**: No force-ssl or redirect middleware
-9. **Cookie without flags**: Missing httpOnly, secure, sameSite
-10. **Encryption without IV**: AES without initialization vector
-11. **Password validation weak**: Only length check, no complexity
-12. **Session without rotation**: No session regeneration on auth change
-Write to .coverme/agents/PARTIAL.json:
-[{"id":"PARTIAL-001","title":"JWT signed but never expires","severity":"high","file":"src/auth/token.ts","line":23,"code":"jwt.sign(payload, secret)","issue":"Token has no expiration","impact":"Stolen tokens valid forever","recommendation":"Add expiresIn: '1h' or similar"}]
-Return ONLY: "done" or "skipped"
+Find MEDIUM issues: missing input validation, verbose errors, weak passwords.
+Return JSON array of findings.
 ```
-### Agent 26: GENERR - Over-Generalized Errors
+### Agent D: Infrastructure
 ```
-AI hides errors behind generic messages. Scan for:
-1. **Generic catch-all**: catch(e) { return { error: "Something went wrong" } }
-2. **Lost error context**: catch(e) { throw new Error("Failed") } - original e lost
-3. **Boolean error returns**: return false instead of throwing
-4. **Silent status codes**: return res.status(500) without logging
-5. **Error message swallowing**: catch(e) { console.log("error") } - e not logged
-6. **Missing error types**: All errors thrown as generic Error, not typed
-7. **No error codes**: Errors without codes for client handling
-8. **Audit trail gaps**: Security errors not logged differently
-9. **User-facing stack traces**: In dev mode, stack traces leak to client
-10. **Missing error boundaries**: React without ErrorBoundary, no global handler
-Impact analysis:
-- Security errors hidden = attacks go undetected
-- Missing audit = compliance failure
-- Generic errors = impossible debugging
-Write to .coverme/agents/GENERR.json:
-[{"id":"GENERR-001","title":"Auth failure returns generic error","severity":"high","file":"src/auth/login.ts","line":34,"code":"catch(e) { return { success: false, error: 'Login failed' } }","issue":"Cannot distinguish wrong password vs account locked vs brute force","recommendation":"Log detailed error server-side, return error code to client"}]
-Return ONLY: "done" or "skipped"
+Find infra issues: Docker running as root, exposed ports, missing TLS, weak configs.
+Return JSON array of findings.
 ```
-### Agent 27: CLONE - Copy-Paste Vulnerabilities
+### Agent E: Positive Patterns
 ```
-AI duplicates code blocks, spreading bugs. Scan for:
-1. **Near-identical functions**: Functions >80% similar in different files
-2. **Duplicated middleware**: Same auth/validation logic repeated
-3. **Copy-pasted API handlers**: Similar CRUD operations with slight changes
-4. **Repeated validation**: Same validation rules in multiple places
-5. **Duplicated error handling**: Same try/catch pattern everywhere
-6. **Config duplication**: Same config values hardcoded in multiple files
-7. **SQL query duplication**: Same queries in different files
-8. **Duplicated security checks**: Same role check logic repeated
-Why this matters:
-- Fix in one place, bug remains in copies
-- Inconsistent behavior across duplicates
-- Maintenance nightmare
-Write to .coverme/agents/CLONE.json:
-[{"id":"CLONE-001","title":"Auth check duplicated in 5 files","severity":"medium","files":["src/api/users.ts:12","src/api/orders.ts:8","src/api/products.ts:15"],"pattern":"if (!req.user) return res.status(401)","issue":"Auth logic duplicated, inconsistent in orders.ts","recommendation":"Extract to requireAuth middleware"}]
-Return ONLY: "done" or "skipped"
+Find GOOD security practices: encryption, auth checks, input validation, rate limiting.
+Return array of positive observations.
 ```
-### Agent 28: HARDCODE - Hardcoded Logic Vulnerabilities
-```
-AI hardcodes values that should be configurable/validated. Scan for:
-1. **Role checks with strings**: if (user.role === "admin") - role from where?
-2. **Hardcoded IDs**: if (userId === "123") or specific UUIDs
-3. **Magic numbers**: if (amount > 10000) without named constant
-4. **Hardcoded URLs**: fetch("https://api.example.com") in code
-5. **Hardcoded credentials**: Even in dev, password = "admin123"
-6. **Hardcoded feature flags**: if (process.env.NODE_ENV === "production")
-7. **Hardcoded timeouts**: setTimeout(fn, 5000) without config
-8. **Hardcoded limits**: if (items.length > 100) without constant
-9. **Hardcoded paths**: fs.readFile("/var/app/config.json")
-10. **Hardcoded emails/domains**: admin@company.com in code
-Security impact:
-- Role checks bypassable if role source is tainted
-- IDs expose internal structure
-- Can't rotate credentials without code change
-Write to .coverme/agents/HARDCODE.json:
-[{"id":"HARDCODE-001","title":"Admin role check trusts user-provided role","severity":"critical","file":"src/middleware/admin.ts","line":5,"code":"if (req.user.role === 'admin')","issue":"role comes from JWT claims which user might control","recommendation":"Verify role from database, not token"}]
-Return ONLY: "done" or "skipped"
-```
-### Agent 29: AISTYLE - AI Code Style Heuristics
-```
-Identify code that shows signs of AI generation, then audit harder. Scan for:
-DETECTION PATTERNS (AI-generated code often has):
-1. **Excessive comments**: // This function does X, // Check if Y
-2. **Over-engineering**: Simple task with complex abstraction
-3. **Inconsistent style**: Mixed patterns in same file
-4. **TODO/FIXME clusters**: Multiple incomplete items
-5. **Heavy use of any**: TypeScript with lots of any/unknown
-6. **console.log in production**: Debug statements left in
-7. **Default values everywhere**: value ?? defaultValue pattern
-8. **Try-catch wrapping everything**: Even simple operations
-9. **Unused imports/variables**: Dead code not cleaned up
-10. **Generic function names**: handleClick, processData, doSomething
-For detected AI-style code, perform DEEPER AUDIT:
-- Check all assumptions
-- Verify error handling
-- Look for edge cases
-- Check security controls
-Write to .coverme/agents/AISTYLE.json:
-[{"id":"AISTYLE-001","title":"AI-generated payment handler needs audit","severity":"high","file":"src/payments/process.ts","indicators":["excessive comments","try-catch everything","multiple TODO"],"concerns":["Error handling hides failures","No idempotency key","Missing amount validation"],"recommendation":"Manual security review required"}]
-Return ONLY: "done" or "skipped"
-```
-### Agent 30: DEPMIS - Dependency Misuse
-```
-AI imports libraries but uses them incorrectly. Scan for:
-1. **crypto misuse**: createHash without proper algorithm, no HMAC for auth
-2. **JWT misuse**: jwt.decode() for auth (should be verify), algorithm confusion
-3. **bcrypt misuse**: compareSync in async code, low rounds
-4. **axios misuse**: No timeout, no abort controller, no retry
-5. **fetch misuse**: No error handling for non-2xx, no timeout
-6. **SQL client misuse**: String concatenation instead of parameterized
-7. **Redis misuse**: No auth, KEYS in production, no TTL
-8. **fs misuse**: Sync operations blocking event loop, no path sanitization
-9. **child_process misuse**: exec with user input (command injection)
-10. **path misuse**: path.join with user input without sanitization
-Write to .coverme/agents/DEPMIS.json:
-[{"id":"DEPMIS-001","title":"JWT decoded but not verified","severity":"critical","file":"src/auth/middleware.ts","line":18,"code":"const user = jwt.decode(token)","issue":"decode() doesn't verify signature, attacker can forge tokens","recommendation":"Use jwt.verify(token, secret) instead"}]
-Return ONLY: "done" or "skipped"
-```
-### Agent 31: LOGICGAP - Logic Gaps (CRITICAL)
-```
-AI creates early returns without proper handling. Scan for:
-1. **Silent returns**: if (!user) return; - no log, no error, no audit
-2. **Missing else**: if (condition) { action } with no else handling
-3. **Incomplete state machines**: Enum/status with unhandled cases
-4. **Missing default**: switch without default case
-5. **Null returns**: return null without caller handling
-6. **Incomplete cleanup**: Resource opened but not closed on error path
-7. **Transaction gaps**: DB operations without proper rollback
-8. **Missing finally**: try/catch without finally for cleanup
-9. **Event handler gaps**: addEventListener without removeEventListener
-10. **Incomplete validation**: Some fields validated, others not
-For each gap, analyze:
-- What happens when the gap is hit
-- Can attacker trigger the gap
-- What's the impact
-Write to .coverme/agents/LOGICGAP.json:
-[{"id":"LOGICGAP-001","title":"Silent return on missing user","severity":"high","file":"src/api/profile.ts","line":23,"code":"if (!user) return","issue":"No logging, no 404 response, client hangs","exploit":"Probe for valid user IDs by timing differences","recommendation":"return res.status(404).json({error: 'Not found'}) and log attempt"}]
-Return ONLY: "done" or "skipped"
-```
----
-## Phase 2: Wait for Agents
-Wait for ALL background agents using `AgentOutputTool`.
-Each should return only "done" or "skipped".
 ---
-## Phase 2.5: Adversarial Review (CRITICAL)
-After all agents complete, run ONE final agent with this mindset:
-### Agent 32: ADVERSARIAL - Systemic Weakness Review
-```
-IMPORTANT: This agent runs AFTER reading all other agent findings.
-ASSUME: This entire codebase was written by a junior developer
-under deadline pressure using AI autocomplete.
-Your mission: Find SYSTEMIC weaknesses, not just individual bugs.
-1. **Pattern Analysis**:
-   - What security controls are MISSING across the codebase?
-   - What patterns suggest "happy path only" thinking?
-   - Where is defensive programming absent?
-2. **Attack Surface Summary**:
-   - List all entry points (APIs, webhooks, file uploads, etc.)
-   - Which have weakest protection?
-   - What can an attacker do without authentication?
-3. **Business Logic Abuse**:
-   - Can users get free money/credits/access?
-   - Can users manipulate pricing/quantities?
-   - Can users access other users' data?
-   - Can users escalate privileges?
+## Step 4: Fill Template
-4. **Economic Attacks** (AI never thinks about these):
-   - Resource exhaustion (create unlimited X)
-   - Referral abuse
-   - Trial abuse
-   - Rate limit bypass for profit
+After agents complete, use the Edit tool to fill in the template at .coverme/scan.json:
-5. **Chain Attacks**:
-   - Which LOW findings combine into HIGH/CRITICAL?
-   - What's the worst-case attack scenario?
+1. Replace PROJECT_NAME_HERE with actual project name
+2. Replace date with today's date
+3. Fill summary counts from agent findings
+4. Add criticalFindings from Agent A
+5. Add highFindings from Agent B
+6. Add mediumFindings from Agent C
+7. Add positiveObservations from Agent E
+8. Write executiveSummary (2-3 sentences)
-6. **Missing Controls Checklist**:
-   [ ] Input validation on all endpoints
-   [ ] Output encoding for all user data
-   [ ] Authentication on all non-public routes
-   [ ] Authorization checks for all resources
-   [ ] Rate limiting on all endpoints
-   [ ] Audit logging for security events
-   [ ] Error handling that doesn't leak info
-   [ ] CSRF protection on state-changing operations
-Write to .coverme/agents/ADVERSARIAL.json:
-{
-  "systemicWeaknesses": ["..."],
-  "missingControls": ["..."],
-  "attackSurface": {"unauthenticated": [...], "authenticated": [...]},
-  "worstCaseScenario": "...",
-  "chainAttacks": [{"chain": [...], "impact": "..."}],
-  "prioritizedRisks": ["..."]
-}
-Return ONLY: "done"
-```
+**IMPORTANT**: Use Edit tool to modify individual fields. Do NOT rewrite the entire file.
 ---
-## Phase 3: Generate PDF Report (NO JSON NEEDED)
-**Run this single command - it handles everything:**
-```bash
-coverme --scan . --output security-report-$(date +%Y-%m-%d).pdf && open security-report-$(date +%Y-%m-%d).pdf
-```
+## Step 5: Generate PDF
-If that doesn't work, use the legacy method:
 ```bash
-coverme .coverme/scan.json security-report.pdf 2>/dev/null || npx coverme-scanner .coverme/scan.json security-report.pdf
-open security-report.pdf
+coverme .coverme/scan.json security-report-$(date +%Y-%m-%d).pdf && open security-report-$(date +%Y-%m-%d).pdf
 ```
 ---

package/dist/report/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/report/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;~~AAwEpF~~,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,MAAM,GAAE,MAAM,GAAG,KAAc,GAC9B,OAAO,CAAC,IAAI,CAAC,CAwDf"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/report/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAuNpF,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,MAAM,GAAE,MAAM,GAAG,KAAc,GAC9B,OAAO,CAAC,IAAI,CAAC,CAwDf"}

package/dist/report/index.js CHANGED Viewed

@@ -47,10 +47,147 @@ Object.defineProperty(exports, "PDFGenerator", { enumerable: true, get: function
  * Normalize different JSON structures into a consistent format.
  * Supports:
  * - Flat structure: { projectName, findings, ... }
+ * - Alternative flat: { project, date, topPriorities, ... } (from Claude agents)
  * - Metadata wrapper: { scanMetadata: { projectName, ... }, findings, ... }
  * - Statistics wrapper: { projectStatistics: { ... }, findings, ... }
  */
 function normalizeReportData(rawData) {
+    // Handle Claude agent output format: { project, date, topPriorities, attackChains, etc }
+    if (rawData.project && !rawData.projectName) {
+        const findings = [];
+        // Convert topPriorities to findings
+        if (rawData.topPriorities) {
+            rawData.topPriorities.forEach((p, i) => {
+                findings.push({
+                    id: `CRIT-${String(i + 1).padStart(2, '0')}`,
+                    title: p.finding,
+                    severity: p.severity || 'critical',
+                    category: 'security',
+                    description: p.finding,
+                    recommendation: p.action,
+                });
+            });
+        }
+        // Convert criticalFindings
+        if (rawData.criticalFindings) {
+            rawData.criticalFindings.forEach((f) => {
+                findings.push({
+                    id: f.id || `CRIT-${findings.length + 1}`,
+                    title: f.title || f.finding,
+                    severity: 'critical',
+                    category: f.category || 'security',
+                    file: f.file || f.location,
+                    line: f.line,
+                    description: f.description || f.finding,
+                    code: f.evidence || f.code,
+                    recommendation: f.recommendation || f.remediation,
+                });
+            });
+        }
+        // Convert highFindings
+        if (rawData.highFindings) {
+            rawData.highFindings.forEach((f) => {
+                findings.push({
+                    id: f.id || `HIGH-${findings.length + 1}`,
+                    title: f.title || f.finding,
+                    severity: 'high',
+                    category: f.category || 'security',
+                    file: f.file || f.location,
+                    line: f.line,
+                    description: f.description || f.finding,
+                    code: f.evidence || f.code,
+                    recommendation: f.recommendation || f.remediation,
+                });
+            });
+        }
+        // Convert mediumFindings
+        if (rawData.mediumFindings) {
+            rawData.mediumFindings.forEach((f) => {
+                findings.push({
+                    id: f.id || `MED-${findings.length + 1}`,
+                    title: f.title || f.finding,
+                    severity: 'medium',
+                    category: f.category || 'security',
+                    file: f.file || f.location,
+                    line: f.line,
+                    description: f.description || f.finding,
+                    code: f.evidence || f.code,
+                    recommendation: f.recommendation || f.remediation,
+                });
+            });
+        }
+        // Convert lowFindings
+        if (rawData.lowFindings) {
+            rawData.lowFindings.forEach((f) => {
+                findings.push({
+                    id: f.id || `LOW-${findings.length + 1}`,
+                    title: f.title || f.finding,
+                    severity: 'low',
+                    category: f.category || 'security',
+                    file: f.file || f.location,
+                    line: f.line,
+                    description: f.description || f.finding,
+                    code: f.evidence || f.code,
+                    recommendation: f.recommendation || f.remediation,
+                });
+            });
+        }
+        // Parse scope for file/line counts
+        let filesScanned = 0;
+        let linesOfCode = 0;
+        if (rawData.scope) {
+            const scopeMatch = rawData.scope.match(/(\d[\d,]*)\s*files.*?([\d.]+[KM]?)\s*lines/i);
+            if (scopeMatch) {
+                filesScanned = parseInt(scopeMatch[1].replace(/,/g, ''));
+                const linesStr = scopeMatch[2];
+                if (linesStr.endsWith('M')) {
+                    linesOfCode = parseFloat(linesStr) * 1000000;
+                }
+                else if (linesStr.endsWith('K')) {
+                    linesOfCode = parseFloat(linesStr) * 1000;
+                }
+                else {
+                    linesOfCode = parseInt(linesStr);
+                }
+            }
+        }
+        return {
+            projectName: rawData.project,
+            scanDate: rawData.date || new Date().toISOString(),
+            branch: rawData.branch,
+            filesScanned,
+            linesOfCode,
+            summary: rawData.summary || {
+                total: findings.length,
+                critical: findings.filter(f => f.severity === 'critical').length,
+                high: findings.filter(f => f.severity === 'high').length,
+                medium: findings.filter(f => f.severity === 'medium').length,
+                low: findings.filter(f => f.severity === 'low').length,
+                info: 0,
+            },
+            findings,
+            positiveObservations: rawData.positiveObservations || rawData.goodPractices || [],
+            executiveSummary: {
+                headline: rawData.executiveSummary?.substring(0, 200) || `${rawData.summary?.critical || 0} Critical + ${rawData.summary?.high || 0} High findings`,
+                riskLevel: rawData.overallRiskLevel?.toUpperCase() || 'HIGH',
+                summary: rawData.executiveSummary,
+                topRisks: rawData.topPriorities || [],
+            },
+            architectureOverview: rawData.architecture,
+            threatModel: rawData.attackChains ? {
+                threats: rawData.attackChains.map((ac, i) => ({
+                    id: ac.id || `T-${i + 1}`,
+                    title: ac.name,
+                    severity: ac.impact || 'high',
+                    dreadScore: ac.likelihood === 'high' ? 8 : ac.likelihood === 'medium' ? 5 : 3,
+                    status: 'open',
+                    description: ac.description,
+                    mitigation: ac.mitigationStrategy,
+                })),
+            } : undefined,
+            actionItems: rawData.remediationRoadmap,
+        };
+    }
     // If it has scanMetadata, extract from there
     if (rawData.scanMetadata) {
         const meta = rawData.scanMetadata;

package/dist/report/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/report/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwHA,wCA4DC;AApLD,uCAAyB;AACzB,iDAAoD;AACpD,yDAAkD;AAGlD,+CAA+C;AAC/C,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAC3B,uDAAkD;AAAzC,gHAAA,YAAY,OAAA;AA6BrB;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,OAAY;IACvC,6CAA6C;IAC7C,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAEtC,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,IAAI,iBAAiB;YACzE,QAAQ,EAAE,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACxE,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC;YAC3D,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC;YAC1D,WAAW,EAAE,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,WAAW;YAC/D,eAAe,EAAE;gBACf,IAAI,EAAE,IAAI,CAAC,WAAW;gBACtB,IAAI,EAAE,IAAI,CAAC,WAAW,IAAI,SAAS;gBACnC,KAAK,EAAE,KAAK,CAAC,YAAY,IAAI,EAAE;gBAC/B,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;gBAC3B,YAAY,EAAE,SAAS;gBACvB,aAAa,EAAE,KAAK,CAAC,SAAS,IAAI,EAAE;aACrC;YACD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,EAAE;YACpC,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC;YACtD,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtC,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;gBACpC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC;gBACpE,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC;gBACxD,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,MAAM,IAAI,IAAI,CAAC,cAAc,IAAI,CAAC;gBAC9D,GAAG,EAAE,OAAO,CAAC,UAAU,EAAE,GAAG,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC;gBACrD,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC;aAC1D;YACD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;YAChC,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,IAAI,EAAE;YACxD,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC;YAC5D,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;YAClD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;gBACrC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;gBACjI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC5H,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;aAC9H,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;YACvB,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,gDAAgD;YAChD,gBAAgB,EAAE;gBAChB,QAAQ,EAAE,IAAI,CAAC,OAAO,IAAI,GAAG,IAAI,CAAC,gBAAgB,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY,IAAI,CAAC,kCAAkC;gBAC9H,SAAS,EAAE,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,SAAS,IAAI,QAAQ;gBAC9D,QAAQ,EAAE,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE;gBACnD,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE;gBAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;gBACvC,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC;YACD,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;SAC7C,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAYD;;;GAGG;AACI,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,UAAmB,EACnB,SAAyB,MAAM;IAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAE/D,MAAM,UAAU,GAAG,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IACvD,MAAM,SAAS,GAAG,UAAU,IAAI,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAEtE,uFAAuF;IACvF,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAEhD,mEAAmE;IACnE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC3C,MAAM,UAAU,GAAe;QAC7B,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,YAAY,EAAE,UAAU,CAAC,YAAY,IAAI,CAAC;QAC1C,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,CAAC;QACxC,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,eAAe,EAAE,UAAU,CAAC,eAAe;QAC3C,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,EAAE;QACvC,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI;YAC7B,KAAK,EAAE,QAAQ,CAAC,MAAM;YACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC3E,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACnE,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACvE,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;YACjE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACnE,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC;SACtD;QACD,QAAQ;QACR,oBAAoB,EAAE,UAAU,CAAC,oBAAoB,IAAI,EAAE;QAC3D,YAAY,EAAE,UAAU,CAAC,YAAY,IAAI,CAAC;QAC1C,2BAA2B;QAC3B,oBAAoB,EAAE,UAAU,CAAC,oBAAoB;QACrD,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,aAAa,EAAE,UAAU,CAAC,aAAa;QACvC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;KAC9C,CAAC;IAEF,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,CAAC;QACzE,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE;QACxB,IAAI,EAAE,EAAE,CAAC,IAAI;QACb,eAAe,EAAE,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,eAAe,IAAI,EAAE;KACvD,CAAC,CAAC,CAAC;IAEJ,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,IAAI,+BAAY,EAAE,CAAC;QAClC,MAAM,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,MAAM,IAAA,iCAAkB,EAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAClE,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/report/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuQA,wCA4DC;AAnUD,uCAAyB;AACzB,iDAAoD;AACpD,yDAAkD;AAGlD,+CAA+C;AAC/C,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAC3B,uDAAkD;AAAzC,gHAAA,YAAY,OAAA;AA6BrB;;;;;;;GAOG;AACH,SAAS,mBAAmB,CAAC,OAAY;IACvC,yFAAyF;IACzF,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAU,EAAE,CAAC;QAE3B,oCAAoC;QACpC,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAM,EAAE,CAAS,EAAE,EAAE;gBAClD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,QAAQ,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBAC5C,KAAK,EAAE,CAAC,CAAC,OAAO;oBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,UAAU;oBAClC,QAAQ,EAAE,UAAU;oBACpB,WAAW,EAAE,CAAC,CAAC,OAAO;oBACtB,cAAc,EAAE,CAAC,CAAC,MAAM;iBACzB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAM,EAAE,EAAE;gBAC1C,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,QAAQ,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACzC,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO;oBAC3B,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,UAAU;oBAClC,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ;oBAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO;oBACvC,IAAI,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI;oBAC1B,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,WAAW;iBAClD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,uBAAuB;QACvB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAM,EAAE,EAAE;gBACtC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,QAAQ,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACzC,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO;oBAC3B,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,UAAU;oBAClC,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ;oBAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO;oBACvC,IAAI,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI;oBAC1B,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,WAAW;iBAClD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,yBAAyB;QACzB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAM,EAAE,EAAE;gBACxC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACxC,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO;oBAC3B,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,UAAU;oBAClC,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ;oBAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO;oBACvC,IAAI,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI;oBAC1B,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,WAAW;iBAClD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,sBAAsB;QACtB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAM,EAAE,EAAE;gBACrC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACxC,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO;oBAC3B,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,UAAU;oBAClC,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ;oBAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO;oBACvC,IAAI,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI;oBAC1B,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,WAAW;iBAClD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACtF,IAAI,UAAU,EAAE,CAAC;gBACf,YAAY,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;gBACzD,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC;gBAC/C,CAAC;qBAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAClC,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;gBAC5C,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,OAAO;YAC5B,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAClD,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY;YACZ,WAAW;YACX,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI;gBAC1B,KAAK,EAAE,QAAQ,CAAC,MAAM;gBACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;gBAChE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;gBACxD,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;gBAC5D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;gBACtD,IAAI,EAAE,CAAC;aACR;YACD,QAAQ;YACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,aAAa,IAAI,EAAE;YACjF,gBAAgB,EAAE;gBAChB,QAAQ,EAAE,OAAO,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC,eAAe,OAAO,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,gBAAgB;gBACnJ,SAAS,EAAE,OAAO,CAAC,gBAAgB,EAAE,WAAW,EAAE,IAAI,MAAM;gBAC5D,OAAO,EAAE,OAAO,CAAC,gBAAgB;gBACjC,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE;aACtC;YACD,oBAAoB,EAAE,OAAO,CAAC,YAAY;YAC1C,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;gBAClC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC;oBACzD,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,KAAK,CAAC,GAAG,CAAC,EAAE;oBACzB,KAAK,EAAE,EAAE,CAAC,IAAI;oBACd,QAAQ,EAAE,EAAE,CAAC,MAAM,IAAI,MAAM;oBAC7B,UAAU,EAAE,EAAE,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC7E,MAAM,EAAE,MAAM;oBACd,WAAW,EAAE,EAAE,CAAC,WAAW;oBAC3B,UAAU,EAAE,EAAE,CAAC,kBAAkB;iBAClC,CAAC,CAAC;aACJ,CAAC,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,OAAO,CAAC,kBAAkB;SACxC,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAEtC,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,IAAI,iBAAiB;YACzE,QAAQ,EAAE,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACxE,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC;YAC3D,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC;YAC1D,WAAW,EAAE,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,WAAW;YAC/D,eAAe,EAAE;gBACf,IAAI,EAAE,IAAI,CAAC,WAAW;gBACtB,IAAI,EAAE,IAAI,CAAC,WAAW,IAAI,SAAS;gBACnC,KAAK,EAAE,KAAK,CAAC,YAAY,IAAI,EAAE;gBAC/B,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;gBAC3B,YAAY,EAAE,SAAS;gBACvB,aAAa,EAAE,KAAK,CAAC,SAAS,IAAI,EAAE;aACrC;YACD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,EAAE;YACpC,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC;YACtD,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtC,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;gBACpC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC;gBACpE,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC;gBACxD,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,MAAM,IAAI,IAAI,CAAC,cAAc,IAAI,CAAC;gBAC9D,GAAG,EAAE,OAAO,CAAC,UAAU,EAAE,GAAG,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC;gBACrD,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC;aAC1D;YACD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;YAChC,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,IAAI,EAAE;YACxD,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC;YAC5D,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;YAClD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;gBACrC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;gBACjI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC5H,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,GAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;aAC9H,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;YACvB,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,gDAAgD;YAChD,gBAAgB,EAAE;gBAChB,QAAQ,EAAE,IAAI,CAAC,OAAO,IAAI,GAAG,IAAI,CAAC,gBAAgB,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY,IAAI,CAAC,kCAAkC;gBAC9H,SAAS,EAAE,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,SAAS,IAAI,QAAQ;gBAC9D,QAAQ,EAAE,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE;gBACnD,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE;gBAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;gBACvC,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC;YACD,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;SAC7C,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAYD;;;GAGG;AACI,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,UAAmB,EACnB,SAAyB,MAAM;IAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAE/D,MAAM,UAAU,GAAG,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IACvD,MAAM,SAAS,GAAG,UAAU,IAAI,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAEtE,uFAAuF;IACvF,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAEhD,mEAAmE;IACnE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC3C,MAAM,UAAU,GAAe;QAC7B,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,YAAY,EAAE,UAAU,CAAC,YAAY,IAAI,CAAC;QAC1C,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,CAAC;QACxC,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,eAAe,EAAE,UAAU,CAAC,eAAe;QAC3C,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,EAAE;QACvC,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI;YAC7B,KAAK,EAAE,QAAQ,CAAC,MAAM;YACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC3E,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACnE,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACvE,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;YACjE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACnE,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC;SACtD;QACD,QAAQ;QACR,oBAAoB,EAAE,UAAU,CAAC,oBAAoB,IAAI,EAAE;QAC3D,YAAY,EAAE,UAAU,CAAC,YAAY,IAAI,CAAC;QAC1C,2BAA2B;QAC3B,oBAAoB,EAAE,UAAU,CAAC,oBAAoB;QACrD,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,aAAa,EAAE,UAAU,CAAC,aAAa;QACvC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;KAC9C,CAAC;IAEF,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,CAAC;QACzE,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE;QACxB,IAAI,EAAE,EAAE,CAAC,IAAI;QACb,eAAe,EAAE,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,eAAe,IAAI,EAAE;KACvD,CAAC,CAAC,CAAC;IAEJ,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,IAAI,+BAAY,EAAE,CAAC;QAClC,MAAM,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,MAAM,IAAA,iCAAkB,EAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAClE,CAAC;AACH,CAAC"}

package/dist/templates/scan-template.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "project": "",
+  "date": "",
+  "branch": "",
+  "scope": "",
+  "summary": {
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "total": 0
+  },
+  "overallRiskLevel": "",
+  "executiveSummary": "",
+  "topPriorities": [],
+  "criticalFindings": [],
+  "highFindings": [],
+  "mediumFindings": [],
+  "lowFindings": [],
+  "attackChains": [],
+  "positiveObservations": [],
+  "remediationRoadmap": {
+    "immediate": [],
+    "shortTerm": [],
+    "longTerm": []
+  }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "coverme-scanner",
-  "version": "4.0.4",
+  "version": "4.1.0",
   "description": "AI-powered security scanner with 33 agents including AI-generated code detection. STRIDE/DREAD scoring, adversarial review, professional PDF reports.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",