coverme-security-scanner 3.0.0 → 3.2.0

package/.claude/commands/coverme.md

@@ -1,349 +0,0 @@
-# CoverMe Security Assessment v3
-
-You are a **senior security consultant** writing a Combined Assessment Report.
-
-**Ultrathink** - Read actual code, trace data flows, think like an attacker.
-
----
-
-## OUTPUT QUALITY STANDARD
-
-Every finding MUST match this quality level. Study these examples carefully.
-
-### GOOD Finding Examples (from real enterprise reports):
-
-```json
-{
-  "id": "T-FE-1",
-  "title": "Attestation Fallback Accepts Unverified Enclave Keys",
-  "severity": "high",
-  "file": "frontend/lib/e2e-encryption.ts",
-  "line": "51-91",
-  "description": "When the attestation bundle endpoint is unavailable, fetchEnclaveInfo() falls back to the legacy /api/v1/enclave endpoint and stores keys with keysVerified: false. The browser silently proceeds to encrypt messages with public keys that have not been cryptographically bound to hardware attestation - enabling a man-in-the-middle attack by a compromised gateway. DREAD-D: 6.3.",
-  "recommendation": "Block the request or display a prominent security warning when attestation fails. Do not silently proceed with unverified keys."
-}
-```
-
-```json
-{
-  "id": "CR-03",
-  "title": "Unauthenticated Enclave Registration and Status Endpoints",
-  "severity": "high",
-  "file": "backend-eks/src/routes/v1/enclave.js",
-  "line": "379-558",
-  "description": "POST /api/v1/enclave/status and POST /api/v1/enclave/register have no application-level authentication. Any party that can reach these endpoints can register fake enclaves with poisoned public keys, send fake heartbeats to influence load balancing, or retrieve VM configuration. Network-level protection exists via ingress CIDR whitelisting in Helm values, but defense in depth requires application-level auth.",
-  "recommendation": "Add a shared secret or mTLS verification. Enclave VMs already have access to secrets via RABBITMQ_CREDENTIALS - use a similar pattern."
-}
-```
-
-```json
-{
-  "id": "CR-01",
-  "title": "Massive Metrics Code Duplication in Chat Handler",
-  "severity": "high",
-  "file": "backend-eks/src/routes/v1/chat.js",
-  "line": "604-691,793-868",
-  "description": "160 lines of Redis metrics tracking code is duplicated verbatim between the streaming path and the non-streaming path. Both blocks perform identical operations: per-hour/minute/second counters, HyperLogLog unique user tracking at multiple granularities, and monthly counts. Any change to the metrics schema requires updating both locations.",
-  "recommendation": "Extract to trackRedisMetrics(redis, models, userIdentifier) and call from both paths."
-}
-```
-
-### BAD Findings (DO NOT write like this):
-
-```json
-// BAD - Title too generic
-{ "title": "Missing input validation" }
-
-// BAD - Description has no specifics
-{ "description": "Input is not validated properly" }
-
-// BAD - Recommendation not actionable
-{ "recommendation": "Add validation" }
-
-// BAD - No DREAD score for HIGH severity
-{ "severity": "high", "description": "..." }  // Missing DREAD-D: X.X
-```
-
-### Quality Checklist (verify before saving):
-
-- [ ] Every HIGH/CRITICAL finding has DREAD-D score inline in description
-- [ ] Every title is specific to the code flow (not generic categories)
-- [ ] Description traces: function -> input -> vulnerability -> consequence
-- [ ] Recommendation names specific functions/patterns to implement
-- [ ] Line numbers are exact (use ranges like "51-91" when applicable)
-- [ ] Code snippets show the actual vulnerable code
-
----
-
-## SCAN PROCESS
-
-### Phase 1: Discovery
-
-```bash
-mkdir -p .coverme
-
-# Project structure
-ls -la
-find . -maxdepth 2 -type d -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/dist/*" 2>/dev/null | head -40
-
-# Count files and lines
-find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.tsx" -o -name "*.jsx" -o -name "*.py" \) -not -path "*/node_modules/*" -not -path "*/.git/*" 2>/dev/null | wc -l
-
-# Tech stack
-cat package.json 2>/dev/null | head -50
-```
-
-### Phase 2: Map Critical Assets
-
-```bash
-# Authentication & Authorization
-find . -type f \( -name "*auth*" -o -name "*session*" -o -name "*jwt*" -o -name "*login*" \) -not -path "*/node_modules/*" 2>/dev/null | head -15
-
-# API Routes
-find . -type f \( -name "*route*" -o -name "*controller*" -o -name "*api*" \) -not -path "*/node_modules/*" 2>/dev/null | head -15
-
-# Database
-find . -type f \( -name "*model*" -o -name "*repository*" -o -name "*db*" \) -not -path "*/node_modules/*" 2>/dev/null | head -15
-
-# Config & Secrets
-find . -type f \( -name "*.env*" -o -name "*secret*" -o -name "*config*" \) -not -path "*/node_modules/*" 2>/dev/null | head -15
-
-# Infrastructure
-find . -type f \( -name "Dockerfile*" -o -name "*.yaml" -o -name "*.yml" \) -not -path "*/node_modules/*" 2>/dev/null | head -15
-```
-
-### Phase 3: Deep Analysis
-
-**READ the critical files you found.** For each, check:
-
-**Security Issues:**
-- SQL/NoSQL Injection (string concatenation in queries)
-- Command Injection (user input in exec/spawn)
-- XSS (unescaped output, dangerouslySetInnerHTML)
-- SSRF (user-controlled URLs)
-- Path Traversal (../ in file operations)
-- Hardcoded Secrets (API keys, passwords in code)
-- Auth Bypass (missing checks, fail-open patterns)
-- Race Conditions (TOCTOU, non-atomic operations)
-
-**Quality Issues:**
-- Dead Code (unused functions, unreachable code)
-- Code Duplication (copy-pasted blocks)
-- High Complexity (functions > 100 lines)
-- Missing Error Handling
-
-### Phase 4: Check Previous Scan
-
-```bash
-cat .coverme/scan.json 2>/dev/null | head -50 || echo "NO_PREVIOUS_SCAN"
-```
-
-If previous scan exists, compare findings and note what was resolved.
-
----
-
-## REQUIRED OUTPUT FORMAT
-
-Save this JSON to `.coverme/scan.json`:
-
-```json
-{
-  "projectName": "project-name",
-  "scanDate": "2026-02-18T12:00:00.000Z",
-  "branch": "main",
-  "filesScanned": 45,
-  "linesOfCode": 4850,
-  "projectTree": "project/\n├── src/\n│   ├── api/\n│   └── services/\n└── package.json",
-
-  "projectOverview": {
-    "name": "project-name",
-    "type": "Backend API",
-    "stack": ["Node.js", "TypeScript", "PostgreSQL"],
-    "purpose": "Brief description of what this project does",
-    "architecture": "Monolith",
-    "keyComponents": ["auth service", "api routes", "database"]
-  },
-
-  "executiveSummary": {
-    "headline": "0 Critical + 3 High findings - key gaps remain",
-    "riskLevel": "HIGH",
-    "overview": "Project-name is a [describe architecture]. No critical vulnerabilities found. The most significant remaining issues are: [specific issue 1], [specific issue 2], and [specific issue 3].",
-    "topRisks": [
-      "Specific risk with file reference and technical detail",
-      "Another specific risk with impact quantification"
-    ],
-    "positives": [
-      "Specific strength citing libraries/patterns/algorithms used"
-    ]
-  },
-
-  "findings": [
-    {
-      "id": "SEC-001",
-      "title": "Specific Descriptive Title for This Exact Vulnerability",
-      "severity": "high",
-      "category": "security",
-      "file": "src/routes/users.ts",
-      "line": "45-52",
-      "code": "const query = `SELECT * FROM users WHERE id = ${userId}`;",
-      "description": "The getUserById function at line 45 concatenates userId directly into SQL without parameterization. An attacker sending id=1 OR 1=1 can extract all user records. DREAD-D: 7.5.",
-      "recommendation": "Use parameterized queries: db.query('SELECT * FROM users WHERE id = $1', [userId])",
-      "cwe": "CWE-89",
-      "dread": {
-        "damage": 9,
-        "reproducibility": 9,
-        "exploitability": 8,
-        "affectedUsers": 8,
-        "discoverability": 6,
-        "total": 8.0
-      },
-      "confidence": 95,
-      "fixOwner": "developer"
-    }
-  ],
-
-  "threatModel": [
-    {
-      "id": "T-001",
-      "threat": "SQL Injection via user input",
-      "category": "STRIDE",
-      "strideType": "T",
-      "status": "open",
-      "relatedFindings": ["SEC-001"],
-      "mitigation": "Use parameterized queries",
-      "dreadScore": 8.0
-    }
-  ],
-
-  "qualityReview": {
-    "deleteItems": [
-      {
-        "type": "delete",
-        "file": "src/legacy/old-auth.ts",
-        "lines": 250,
-        "title": "Dead legacy auth module",
-        "description": "Entire file unused since migration to Clerk",
-        "reason": "No imports found in codebase",
-        "roi": "~250 lines"
-      }
-    ],
-    "mergeItems": [
-      {
-        "type": "merge",
-        "file": "src/utils/validate.ts + src/helpers/validation.ts",
-        "title": "Duplicate validation modules",
-        "description": "Two files with overlapping validation functions",
-        "reason": "DRY violation - consolidate",
-        "roi": "~120 lines"
-      }
-    ],
-    "simplifyItems": [],
-    "totalLinesRemovable": 370,
-    "percentageOfCodebase": 3.5
-  },
-
-  "positiveObservations": [
-    {
-      "title": "Strong Authentication Implementation",
-      "description": "Clerk integration with proper session management. All tokens kept server-side. httpOnly + secure cookies with SameSite=strict."
-    },
-    {
-      "title": "Comprehensive Input Validation",
-      "description": "Zod schemas used consistently across all API endpoints with proper error handling."
-    }
-  ],
-
-  "previouslyResolved": [],
-
-  "summary": {
-    "total": 5,
-    "critical": 0,
-    "high": 3,
-    "medium": 2,
-    "low": 0,
-    "info": 0
-  }
-}
-```
-
----
-
-## DREAD SCORING (for HIGH and CRITICAL)
-
-Calculate and include in description as "DREAD-D: X.X":
-
-| Score | Meaning |
-|-------|---------|
-| **Damage** | 10 = full system compromise, 1 = minimal |
-| **Reproducibility** | 10 = always works, 1 = rare conditions |
-| **Exploitability** | 10 = script kiddie, 1 = expert required |
-| **Affected Users** | 10 = all users, 1 = single admin |
-| **Discoverability** | 10 = obvious, 1 = requires source code |
-
-Average = DREAD-D score. Include in description for HIGH/CRITICAL findings.
-
----
-
-## ID PREFIXES
-
-Use component-based prefixes:
-- `SEC-` Security issues
-- `AUTH-` Authentication/authorization
-- `API-` API security
-- `DB-` Database issues
-- `INFRA-` Infrastructure
-- `QUAL-` Code quality
-- `PERF-` Performance
-
-For threat model: `T-` prefix with component (e.g., `T-FE-1`, `T-EKS-2`)
-
----
-
-## AFTER SCAN
-
-1. Save JSON to `.coverme/scan.json`
-2. Generate PDF report:
-
-```bash
-npx coverme report .coverme/scan.json --format pdf
-```
-
-Or if coverme is installed globally:
-
-```bash
-coverme report .coverme/scan.json --format pdf
-```
-
-The PDF will be saved to `.coverme/assessment-report.pdf`
-
----
-
-## EXECUTIVE SUMMARY WRITING GUIDE
-
-The overview field must read like a professional security consultant's opening paragraph:
-
-**Structure:**
-1. One sentence describing what the project IS (architecture, purpose)
-2. State overall security posture clearly
-3. List the most significant remaining issues
-
-**Example:**
-> "Express-AI Officely is a confidential AI platform built on a three-tier encrypted architecture: a Next.js frontend with BFF pattern, an Express.js API gateway on EKS, and backend enclaves running inside AMD SEV-SNP encrypted VMs. No critical vulnerabilities remain. The most significant remaining issues are: unauthenticated enclave registration endpoints (mitigated by network whitelisting), hardcoded secrets in Helm values, and zero test coverage across all components."
-
----
-
-## POSITIVE OBSERVATIONS GUIDE
-
-Each observation must cite specific technical evidence:
-
-**BAD:** "Good authentication implementation"
-
-**GOOD:** "Zero-Knowledge Architecture - EKS gateway genuinely never sees plaintext. Encrypted payloads flow through without decryption. Well-enforced across all components."
-
-**GOOD:** "Atomic Credit Operations - Lua scripts for token burning and balance deduction prevent cross-pod race conditions. Check-and-deduct is atomic."
-
----
-
-## START SCANNING
-
-Begin with Phase 1: Discovery. Read critical files. Find real issues with real specifics.

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;GAGG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,sEAAsE,CAAC;KACnF,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,oBAAoB,CAAC;KAC7B,WAAW,CAAC,+CAA+C,CAAC;KAC5D,MAAM,CAAC,qBAAqB,EAAE,iBAAiB,CAAC;KAChD,MAAM,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC7C,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAA4C,EAAE,EAAE;IAC/E,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,IAAgB,CAAC;QAErB,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxC,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,wBAAwB;QACxB,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM;YAC/B,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;YACzB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;QAElF,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAEjD,MAAM,SAAS,GAAG,IAAI,YAAY,EAAE,CAAC;QACrC,MAAM,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAE3C,OAAO,CAAC,GAAG,CAAC,oBAAoB,UAAU,EAAE,CAAC,CAAC;QAE9C,wBAAwB;QACxB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;gBACxC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;YACpE,IAAI,CAAC,GAAG,OAAO,KAAK,UAAU,GAAG,CAAC,CAAC;QACrC,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,sBAAsB,CAAC;KAC/B,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,CAAC,QAAgB,EAAE,EAAE;IAC3B,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;QAE/C,oBAAoB;QACpB,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,gBAAgB;YAAE,QAAQ,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAE5D,oBAAoB;QACpB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBAC7B,IAAI,CAAC,CAAC,CAAC,KAAK;oBAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;gBAC7D,IAAI,CAAC,CAAC,CAAC,QAAQ;oBAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;gBACnE,IAAI,CAAC,CAAC,CAAC,WAAW;oBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBAC3E,IAAI,CAAC,CAAC,CAAC,WAAW;oBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAC7E,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACpC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;YAC/C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1B,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;YAClD,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEtE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC1B,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/pdf-generator.d.ts

@@ -1,32 +0,0 @@
-/**
- * CoverMe Scanner v3 - PDF Generator
- * Generates professional security assessment reports
- */
-import type { ScanResult } from './types.js';
-export declare class PDFGenerator {
-    private doc;
-    private yPosition;
-    private pageHeight;
-    private pageWidth;
-    private margin;
-    constructor();
-    generate(result: ScanResult, outputPath: string): Promise<void>;
-    private renderCoverPage;
-    private renderCoverTable;
-    private renderSeverityBoxes;
-    private renderTableOfContents;
-    private renderExecutiveSummary;
-    private renderArchitectureOverview;
-    private renderFindingsSection;
-    private renderFinding;
-    private renderLowSeveritySection;
-    private renderThreatModel;
-    private renderQualityReview;
-    private renderQualityItem;
-    private renderPreviouslyResolved;
-    private renderPositiveObservations;
-    private renderSummaryPage;
-    private renderSectionHeader;
-    private addPage;
-}
-//# sourceMappingURL=pdf-generator.d.ts.map

package/dist/pdf-generator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pdf-generator.d.ts","sourceRoot":"","sources":["../src/pdf-generator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAyC,MAAM,YAAY,CAAC;AAEpF,qBAAa,YAAY;IACvB,OAAO,CAAC,GAAG,CAAqB;IAChC,OAAO,CAAC,SAAS,CAAK;IACtB,OAAO,CAAC,UAAU,CAAO;IACzB,OAAO,CAAC,SAAS,CAAU;IAC3B,OAAO,CAAC,MAAM,CAAM;;IASd,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoFrE,OAAO,CAAC,eAAe;IAmEvB,OAAO,CAAC,gBAAgB;IAuBxB,OAAO,CAAC,mBAAmB;IAqC3B,OAAO,CAAC,qBAAqB;IAyB7B,OAAO,CAAC,sBAAsB;IAoD9B,OAAO,CAAC,0BAA0B;IAwClC,OAAO,CAAC,qBAAqB;IAgB7B,OAAO,CAAC,aAAa;IAiErB,OAAO,CAAC,wBAAwB;IAiBhC,OAAO,CAAC,iBAAiB;IA8EzB,OAAO,CAAC,mBAAmB;IAuC3B,OAAO,CAAC,iBAAiB;IAqBzB,OAAO,CAAC,wBAAwB;IA2BhC,OAAO,CAAC,0BAA0B;IA4BlC,OAAO,CAAC,iBAAiB;IAgCzB,OAAO,CAAC,mBAAmB;IAK3B,OAAO,CAAC,OAAO;CAIhB"}