deepseek-coder-agent-cli 1.0.0

package/dist/core/variantExecution.js

@@ -0,0 +1,58 @@
+export function resolveWorkspaceRoot(variant, context) {
+    return context.variantWorkspaceRoots?.[variant] ?? context.variantWorkspaceRoots?.primary;
+}
+export function canRunVariantsParallel(modeDefinition, context) {
+    if (!modeDefinition.parallelVariants || !context.parallelVariants) {
+        return false;
+    }
+    const primaryRoot = context.variantWorkspaceRoots?.primary;
+    const refinerRoot = context.variantWorkspaceRoots?.refiner;
+    return Boolean(primaryRoot && refinerRoot && primaryRoot !== refinerRoot);
+}
+export async function executeVariants(options) {
+    const { module, step, mode, modeDefinition, context, executeVariant, emit } = options;
+    const variantResults = {};
+    if (canRunVariantsParallel(modeDefinition, context)) {
+        emit?.({
+            type: 'upgrade.step.variants.parallel',
+            timestamp: Date.now(),
+            data: { moduleId: module.id, stepId: step.id, variants: modeDefinition.variants },
+        });
+        const results = await Promise.all(modeDefinition.variants.map(async (variant) => {
+            const result = await executeVariant({
+                module,
+                step,
+                mode,
+                variant,
+                previousResult: undefined,
+                workspaceRoot: resolveWorkspaceRoot(variant, context),
+                repoPolicy: context.repoPolicy,
+            });
+            return { variant, result };
+        }));
+        for (const entry of results) {
+            variantResults[entry.variant] = entry.result;
+        }
+    }
+    else {
+        let primaryResult;
+        for (const variant of modeDefinition.variants) {
+            const previousResult = variant === 'refiner' ? primaryResult : undefined;
+            const result = await executeVariant({
+                module,
+                step,
+                mode,
+                variant,
+                previousResult,
+                workspaceRoot: resolveWorkspaceRoot(variant, context),
+                repoPolicy: context.repoPolicy,
+            });
+            variantResults[variant] = result;
+            if (variant === 'primary') {
+                primaryResult = result;
+            }
+        }
+    }
+    return variantResults;
+}
+//# sourceMappingURL=variantExecution.js.map

package/dist/core/variantExecution.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"variantExecution.js","sourceRoot":"","sources":["../../src/core/variantExecution.ts"],"names":[],"mappings":"AA0BA,MAAM,UAAU,oBAAoB,CAClC,OAAuB,EACvB,OAAgC;IAEhC,OAAO,OAAO,CAAC,qBAAqB,EAAE,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,cAAyC,EACzC,OAAgC;IAEhC,IAAI,CAAC,cAAc,CAAC,gBAAgB,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,WAAW,GAAG,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC;IAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC;IAC3D,OAAO,OAAO,CAAC,WAAW,IAAI,WAAW,IAAI,WAAW,KAAK,WAAW,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAgC;IAEhC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACtF,MAAM,cAAc,GAAuD,EAAE,CAAC;IAE9E,IAAI,sBAAsB,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;QACpD,IAAI,EAAE,CAAC;YACL,IAAI,EAAE,gCAAgC;YACtC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;SAClF,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;YAC5C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,MAAM;gBACN,IAAI;gBACJ,IAAI;gBACJ,OAAO;gBACP,cAAc,EAAE,SAAS;gBACzB,aAAa,EAAE,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC;gBACrD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QAC7B,CAAC,CAAC,CACH,CAAC;QACF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,aAA4C,CAAC;QACjD,KAAK,MAAM,OAAO,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC9C,MAAM,cAAc,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACzE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,MAAM;gBACN,IAAI;gBACJ,IAAI;gBACJ,OAAO;gBACP,cAAc;gBACd,aAAa,EAAE,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC;gBACrD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;YACH,cAAc,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;YACjC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,aAAa,GAAG,MAAM,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC"}

package/dist/core/verificationFirst.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Verification-First Principle
+ *
+ * @author Bo Shang <bo@shang.software>
+ * @license MIT
+ *
+ * CORE PRINCIPLE:
+ * You are NOT allowed to report ANY finding until it has been
+ * verified on actual reality first.
+ *
+ * - No hypothetical vulnerabilities
+ * - No speculative analysis
+ * - No AI-generated guesses reported as facts
+ * - ONLY verified, tested, real findings
+ *
+ * If it can't be verified, it doesn't get reported.
+ */
+export interface VerifiedFinding {
+    id: string;
+    category: string;
+    title: string;
+    description: string;
+    verified: true;
+    verificationMethod: string;
+    verificationOutput: string;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    exploitable: boolean;
+    timestamp: string;
+}
+export interface UnverifiedClaim {
+    claim: string;
+    reason: string;
+}
+/**
+ * Verify a CPU vulnerability claim against /sys/devices/system/cpu/vulnerabilities/
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function verifyCPUVulnerability(name: string): VerifiedFinding | null;
+/**
+ * Verify NVIDIA driver presence and version
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function verifyNVIDIADriver(): VerifiedFinding | null;
+/**
+ * Verify kernel security setting
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function verifyKernelSetting(name: string, path: string, vulnerableValue: string): VerifiedFinding | null;
+/**
+ * Verify syscall availability (does it exist and can we call it?)
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function verifySyscallExists(name: string, number: number): VerifiedFinding | null;
+/**
+ * Run all verifications and return ONLY verified findings
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function runVerifiedDiscovery(): VerifiedFinding[];
+/**
+ * Filter out any unverified claims
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function rejectUnverifiedClaims(claims: string[]): UnverifiedClaim[];
+/**
+ * MUST be called at application startup.
+ * System will refuse to run if this is not called.
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function enforceVerificationFirstOnLoad(): void;
+/**
+ * Check if verification-first is properly initialized.
+ * Call this before ANY output operation.
+ *
+ * @throws Error if verification-first not initialized
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function requireVerificationFirst(): void;
+/**
+ * Wrapper that enforces verification-first before executing any function
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function withVerificationFirst<T extends (...args: any[]) => any>(fn: T): T;
+/**
+ * Check if verification-first is initialized
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export declare function isVerificationFirstInitialized(): boolean;
+declare const _default: {
+    verifyCPUVulnerability: typeof verifyCPUVulnerability;
+    verifyNVIDIADriver: typeof verifyNVIDIADriver;
+    verifyKernelSetting: typeof verifyKernelSetting;
+    verifySyscallExists: typeof verifySyscallExists;
+    runVerifiedDiscovery: typeof runVerifiedDiscovery;
+    rejectUnverifiedClaims: typeof rejectUnverifiedClaims;
+    enforceVerificationFirstOnLoad: typeof enforceVerificationFirstOnLoad;
+    requireVerificationFirst: typeof requireVerificationFirst;
+    withVerificationFirst: typeof withVerificationFirst;
+    isVerificationFirstInitialized: typeof isVerificationFirstInitialized;
+};
+export default _default;
+//# sourceMappingURL=verificationFirst.d.ts.map

package/dist/core/verificationFirst.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verificationFirst.d.ts","sourceRoot":"","sources":["../../src/core/verificationFirst.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAeH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,IAAI,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAiD3E;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,eAAe,GAAG,IAAI,CAgC3D;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAwB/G;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CA0BxF;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,eAAe,EAAE,CA2CxD;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,eAAe,EAAE,CAK1E;AAMD;;;;;GAKG;AACH,wBAAgB,8BAA8B,IAAI,IAAI,CAqBrD;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAe/C;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,CAKjF;AAED;;;;GAIG;AACH,wBAAgB,8BAA8B,IAAI,OAAO,CAExD;;;;;;;;;;;;;AAMD,wBAWE"}

package/dist/core/verificationFirst.js

@@ -0,0 +1,312 @@
+/**
+ * Verification-First Principle
+ *
+ * @author Bo Shang <bo@shang.software>
+ * @license MIT
+ *
+ * CORE PRINCIPLE:
+ * You are NOT allowed to report ANY finding until it has been
+ * verified on actual reality first.
+ *
+ * - No hypothetical vulnerabilities
+ * - No speculative analysis
+ * - No AI-generated guesses reported as facts
+ * - ONLY verified, tested, real findings
+ *
+ * If it can't be verified, it doesn't get reported.
+ */
+import { execSync } from 'child_process';
+import { existsSync, readFileSync } from 'fs';
+// ═══════════════════════════════════════════════════════════════════════════════
+// Enforcement State
+// ═══════════════════════════════════════════════════════════════════════════════
+let verificationFirstInitialized = false;
+// ═══════════════════════════════════════════════════════════════════════════════
+// Verification Functions
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * Verify a CPU vulnerability claim against /sys/devices/system/cpu/vulnerabilities/
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function verifyCPUVulnerability(name) {
+    const sysPath = `/sys/devices/system/cpu/vulnerabilities/${name.toLowerCase().replace(/[\s-]/g, '_')}`;
+    // Map common names to kernel paths
+    const nameMap = {
+        'spectre_v1': 'spectre_v1',
+        'spectre_v2': 'spectre_v2',
+        'spectre': 'spectre_v1',
+        'meltdown': 'meltdown',
+        'l1tf': 'l1tf',
+        'mds': 'mds',
+        'tsx_async_abort': 'tsx_async_abort',
+        'itlb_multihit': 'itlb_multihit',
+        'mmio_stale_data': 'mmio_stale_data',
+        'retbleed': 'retbleed',
+        'spec_store_bypass': 'spec_store_bypass',
+        'srbds': 'srbds',
+        'gather_data_sampling': 'gather_data_sampling',
+        'gds': 'gather_data_sampling',
+        'downfall': 'gather_data_sampling',
+    };
+    const kernelName = nameMap[name.toLowerCase()] || name.toLowerCase().replace(/[\s-]/g, '_');
+    const path = `/sys/devices/system/cpu/vulnerabilities/${kernelName}`;
+    if (!existsSync(path)) {
+        return null; // Can't verify - don't report
+    }
+    try {
+        const status = readFileSync(path, 'utf-8').trim();
+        const isVulnerable = status.toLowerCase().includes('vulnerable');
+        const isMitigated = status.toLowerCase().includes('mitigation');
+        return {
+            id: `cpu-${kernelName}-${Date.now()}`,
+            category: 'cpu-vulnerability',
+            title: `${name}: ${status}`,
+            description: status,
+            verified: true,
+            verificationMethod: `cat ${path}`,
+            verificationOutput: status,
+            severity: isVulnerable ? 'critical' : (isMitigated ? 'info' : 'low'),
+            exploitable: isVulnerable && !isMitigated,
+            timestamp: new Date().toISOString()
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Verify NVIDIA driver presence and version
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function verifyNVIDIADriver() {
+    if (!existsSync('/proc/driver/nvidia/version')) {
+        return null;
+    }
+    try {
+        const version = readFileSync('/proc/driver/nvidia/version', 'utf-8').trim();
+        const versionMatch = version.match(/(\d+\.\d+\.\d+)/);
+        const driverVersion = versionMatch ? versionMatch[1] : 'unknown';
+        // Check for device files
+        const hasDevice = existsSync('/dev/nvidia0') || existsSync('/dev/nvidia-uvm');
+        if (!hasDevice) {
+            return null;
+        }
+        return {
+            id: `nvidia-driver-${Date.now()}`,
+            category: 'gpu-driver',
+            title: `NVIDIA Driver ${driverVersion}`,
+            description: version.split('\n')[0],
+            verified: true,
+            verificationMethod: 'cat /proc/driver/nvidia/version && ls /dev/nvidia*',
+            verificationOutput: version.split('\n')[0],
+            severity: 'info',
+            exploitable: false, // Don't claim exploitable without actual test
+            timestamp: new Date().toISOString()
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Verify kernel security setting
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function verifyKernelSetting(name, path, vulnerableValue) {
+    if (!existsSync(path)) {
+        return null;
+    }
+    try {
+        const value = readFileSync(path, 'utf-8').trim();
+        const isVulnerable = value === vulnerableValue;
+        return {
+            id: `kernel-${name}-${Date.now()}`,
+            category: 'kernel-config',
+            title: `${name}: ${value}`,
+            description: `${path} = ${value}`,
+            verified: true,
+            verificationMethod: `cat ${path}`,
+            verificationOutput: value,
+            severity: isVulnerable ? 'high' : 'info',
+            exploitable: isVulnerable,
+            timestamp: new Date().toISOString()
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Verify syscall availability (does it exist and can we call it?)
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function verifySyscallExists(name, number) {
+    // Check if syscall is available by looking at audit or testing
+    // For now, verify via /proc/kallsyms if accessible
+    try {
+        const kallsyms = execSync(`grep -c "sys_${name}\\|__x64_sys_${name}" /proc/kallsyms 2>/dev/null || echo 0`, { encoding: 'utf-8' }).trim();
+        const exists = parseInt(kallsyms) > 0;
+        if (!exists) {
+            return null;
+        }
+        return {
+            id: `syscall-${name}-${Date.now()}`,
+            category: 'syscall',
+            title: `Syscall: ${name} (#${number})`,
+            description: `Syscall ${name} is present in kernel`,
+            verified: true,
+            verificationMethod: `grep sys_${name} /proc/kallsyms`,
+            verificationOutput: `Found ${kallsyms} symbols`,
+            severity: 'info', // Don't claim severity without actual exploitation test
+            exploitable: false, // Don't claim exploitable without proof
+            timestamp: new Date().toISOString()
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Run all verifications and return ONLY verified findings
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function runVerifiedDiscovery() {
+    const findings = [];
+    console.log('[VERIFY] Running verification-first discovery...');
+    console.log('[VERIFY] Only verified findings will be reported.\n');
+    // CPU vulnerabilities - verify each one
+    const cpuVulns = ['spectre_v1', 'spectre_v2', 'meltdown', 'l1tf', 'mds',
+        'tsx_async_abort', 'mmio_stale_data', 'retbleed',
+        'gather_data_sampling', 'spec_store_bypass'];
+    for (const vuln of cpuVulns) {
+        const verified = verifyCPUVulnerability(vuln);
+        if (verified) {
+            findings.push(verified);
+        }
+    }
+    // NVIDIA driver
+    const nvidia = verifyNVIDIADriver();
+    if (nvidia) {
+        findings.push(nvidia);
+    }
+    // Kernel security settings
+    const kernelSettings = [
+        { name: 'io_uring', path: '/proc/sys/kernel/io_uring_disabled', vulnValue: '0' },
+        { name: 'unprivileged_bpf', path: '/proc/sys/kernel/unprivileged_bpf_disabled', vulnValue: '0' },
+        { name: 'unprivileged_userfaultfd', path: '/proc/sys/vm/unprivileged_userfaultfd', vulnValue: '1' },
+        { name: 'kptr_restrict', path: '/proc/sys/kernel/kptr_restrict', vulnValue: '0' },
+        { name: 'dmesg_restrict', path: '/proc/sys/kernel/dmesg_restrict', vulnValue: '0' },
+    ];
+    for (const setting of kernelSettings) {
+        const verified = verifyKernelSetting(setting.name, setting.path, setting.vulnValue);
+        if (verified) {
+            findings.push(verified);
+        }
+    }
+    console.log(`[VERIFY] Completed: ${findings.length} verified findings\n`);
+    return findings;
+}
+/**
+ * Filter out any unverified claims
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function rejectUnverifiedClaims(claims) {
+    return claims.map(claim => ({
+        claim,
+        reason: 'Not verified on actual system - rejected per verification-first principle'
+    }));
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// Mandatory Load Enforcement
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * MUST be called at application startup.
+ * System will refuse to run if this is not called.
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function enforceVerificationFirstOnLoad() {
+    console.log(`
+╔══════════════════════════════════════════════════════════════════════════════╗
+║  VERIFICATION-FIRST ENFORCEMENT - MANDATORY SECURITY CHECK                   ║
+║  Author: Bo Shang <bo@shang.software>                                        ║
+║                                                                              ║
+║  ⚠️  CORE PRINCIPLE: You are NOT allowed to report ANY finding until it     ║
+║     has been verified on actual reality first.                               ║
+║                                                                              ║
+║  - No hypothetical vulnerabilities                                           ║
+║  - No speculative analysis                                                   ║
+║  - No AI-generated guesses reported as facts                                 ║
+║  - ONLY verified, tested, real findings                                      ║
+║                                                                              ║
+║  If it can't be verified, it doesn't get reported.                          ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+`);
+    verificationFirstInitialized = true;
+    console.log('[VERIFY] Verification-first principle ENFORCED');
+    console.log('[VERIFY] All outputs will be verified against actual system state\n');
+}
+/**
+ * Check if verification-first is properly initialized.
+ * Call this before ANY output operation.
+ *
+ * @throws Error if verification-first not initialized
+ * @author Bo Shang <bo@shang.software>
+ */
+export function requireVerificationFirst() {
+    if (!verificationFirstInitialized) {
+        console.error(`
+╔══════════════════════════════════════════════════════════════════════════════╗
+║  ❌ VERIFICATION-FIRST ENFORCEMENT FAILURE                                   ║
+║                                                                              ║
+║  Verification-first was not initialized. System cannot proceed.              ║
+║                                                                              ║
+║  Call enforceVerificationFirstOnLoad() at application startup.               ║
+║                                                                              ║
+║  Author: Bo Shang <bo@shang.software>                                        ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+`);
+        process.exit(1);
+    }
+}
+/**
+ * Wrapper that enforces verification-first before executing any function
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function withVerificationFirst(fn) {
+    return ((...args) => {
+        requireVerificationFirst();
+        return fn(...args);
+    });
+}
+/**
+ * Check if verification-first is initialized
+ *
+ * @author Bo Shang <bo@shang.software>
+ */
+export function isVerificationFirstInitialized() {
+    return verificationFirstInitialized;
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// Exports
+// ═══════════════════════════════════════════════════════════════════════════════
+export default {
+    verifyCPUVulnerability,
+    verifyNVIDIADriver,
+    verifyKernelSetting,
+    verifySyscallExists,
+    runVerifiedDiscovery,
+    rejectUnverifiedClaims,
+    enforceVerificationFirstOnLoad,
+    requireVerificationFirst,
+    withVerificationFirst,
+    isVerificationFirstInitialized
+};
+//# sourceMappingURL=verificationFirst.js.map

package/dist/core/verificationFirst.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verificationFirst.js","sourceRoot":"","sources":["../../src/core/verificationFirst.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAE9C,kFAAkF;AAClF,oBAAoB;AACpB,kFAAkF;AAElF,IAAI,4BAA4B,GAAG,KAAK,CAAC;AAwBzC,kFAAkF;AAClF,yBAAyB;AACzB,kFAAkF;AAElF;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAY;IACjD,MAAM,OAAO,GAAG,2CAA2C,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;IAEvG,mCAAmC;IACnC,MAAM,OAAO,GAA2B;QACtC,YAAY,EAAE,YAAY;QAC1B,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,UAAU;QACtB,MAAM,EAAE,MAAM;QACd,KAAK,EAAE,KAAK;QACZ,iBAAiB,EAAE,iBAAiB;QACpC,eAAe,EAAE,eAAe;QAChC,iBAAiB,EAAE,iBAAiB;QACpC,UAAU,EAAE,UAAU;QACtB,mBAAmB,EAAE,mBAAmB;QACxC,OAAO,EAAE,OAAO;QAChB,sBAAsB,EAAE,sBAAsB;QAC9C,KAAK,EAAE,sBAAsB;QAC7B,UAAU,EAAE,sBAAsB;KACnC,CAAC;IAEF,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC5F,MAAM,IAAI,GAAG,2CAA2C,UAAU,EAAE,CAAC;IAErE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,CAAC,8BAA8B;IAC7C,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEhE,OAAO;YACL,EAAE,EAAE,OAAO,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YACrC,QAAQ,EAAE,mBAAmB;YAC7B,KAAK,EAAE,GAAG,IAAI,KAAK,MAAM,EAAE;YAC3B,WAAW,EAAE,MAAM;YACnB,QAAQ,EAAE,IAAI;YACd,kBAAkB,EAAE,OAAO,IAAI,EAAE;YACjC,kBAAkB,EAAE,MAAM;YAC1B,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YACpE,WAAW,EAAE,YAAY,IAAI,CAAC,WAAW;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,CAAC,UAAU,CAAC,6BAA6B,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5E,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACtD,MAAM,aAAa,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEjE,yBAAyB;QACzB,MAAM,SAAS,GAAG,UAAU,CAAC,cAAc,CAAC,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAE9E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE;YACjC,QAAQ,EAAE,YAAY;YACtB,KAAK,EAAE,iBAAiB,aAAa,EAAE;YACvC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACnC,QAAQ,EAAE,IAAI;YACd,kBAAkB,EAAE,oDAAoD;YACxE,kBAAkB,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1C,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,KAAK,EAAE,8CAA8C;YAClE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY,EAAE,IAAY,EAAE,eAAuB;IACrF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,YAAY,GAAG,KAAK,KAAK,eAAe,CAAC;QAE/C,OAAO;YACL,EAAE,EAAE,UAAU,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YAClC,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,GAAG,IAAI,KAAK,KAAK,EAAE;YAC1B,WAAW,EAAE,GAAG,IAAI,MAAM,KAAK,EAAE;YACjC,QAAQ,EAAE,IAAI;YACd,kBAAkB,EAAE,OAAO,IAAI,EAAE;YACjC,kBAAkB,EAAE,KAAK;YACzB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACxC,WAAW,EAAE,YAAY;YACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY,EAAE,MAAc;IAC9D,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,QAAQ,CAAC,gBAAgB,IAAI,gBAAgB,IAAI,wCAAwC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1I,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAEtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,WAAW,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YACnC,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,YAAY,IAAI,MAAM,MAAM,GAAG;YACtC,WAAW,EAAE,WAAW,IAAI,uBAAuB;YACnD,QAAQ,EAAE,IAAI;YACd,kBAAkB,EAAE,YAAY,IAAI,iBAAiB;YACrD,kBAAkB,EAAE,SAAS,QAAQ,UAAU;YAC/C,QAAQ,EAAE,MAAM,EAAE,wDAAwD;YAC1E,WAAW,EAAE,KAAK,EAAE,wCAAwC;YAC5D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;IAEnE,wCAAwC;IACxC,MAAM,QAAQ,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK;QACtD,iBAAiB,EAAE,iBAAiB,EAAE,UAAU;QAChD,sBAAsB,EAAE,mBAAmB,CAAC,CAAC;IAE9D,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IACpC,IAAI,MAAM,EAAE,CAAC;QACX,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,2BAA2B;IAC3B,MAAM,cAAc,GAAG;QACrB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,oCAAoC,EAAE,SAAS,EAAE,GAAG,EAAE;QAChF,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,4CAA4C,EAAE,SAAS,EAAE,GAAG,EAAE;QAChG,EAAE,IAAI,EAAE,0BAA0B,EAAE,IAAI,EAAE,uCAAuC,EAAE,SAAS,EAAE,GAAG,EAAE;QACnG,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,gCAAgC,EAAE,SAAS,EAAE,GAAG,EAAE;QACjF,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,iCAAiC,EAAE,SAAS,EAAE,GAAG,EAAE;KACpF,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QACpF,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,CAAC,MAAM,sBAAsB,CAAC,CAAC;IAE1E,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAgB;IACrD,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC1B,KAAK;QACL,MAAM,EAAE,2EAA2E;KACpF,CAAC,CAAC,CAAC;AACN,CAAC;AAED,kFAAkF;AAClF,6BAA6B;AAC7B,kFAAkF;AAElF;;;;;GAKG;AACH,MAAM,UAAU,8BAA8B;IAC5C,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;CAeb,CAAC,CAAC;IAED,4BAA4B,GAAG,IAAI,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;AACrF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,CAAC,4BAA4B,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC;;;;;;;;;;CAUjB,CAAC,CAAC;QACC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAoC,EAAK;IAC5E,OAAO,CAAC,CAAC,GAAG,IAAmB,EAAE,EAAE;QACjC,wBAAwB,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IACrB,CAAC,CAAM,CAAC;AACV,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,8BAA8B;IAC5C,OAAO,4BAA4B,CAAC;AACtC,CAAC;AAED,kFAAkF;AAClF,UAAU;AACV,kFAAkF;AAElF,eAAe;IACb,sBAAsB;IACtB,kBAAkB;IAClB,mBAAmB;IACnB,mBAAmB;IACnB,oBAAoB;IACpB,sBAAsB;IACtB,8BAA8B;IAC9B,wBAAwB;IACxB,qBAAqB;IACrB,8BAA8B;CAC/B,CAAC"}

package/dist/core/winnerStrategy.d.ts

@@ -0,0 +1,15 @@
+import type { TournamentOutcome } from './dualTournament.js';
+import type { RepoUpgradeModeDefinition, UpgradeStepResult, UpgradeVariant } from './repoUpgradeOrchestrator.js';
+export interface WinnerResolutionInput {
+    modeDefinition: RepoUpgradeModeDefinition;
+    variantResults: Partial<Record<UpgradeVariant, UpgradeStepResult>>;
+    tournamentOutcome: TournamentOutcome | null;
+}
+export declare function resolveWinner(input: WinnerResolutionInput, pickWinner: (definition: RepoUpgradeModeDefinition, primary: UpgradeStepResult, refiner?: UpgradeStepResult) => {
+    winner: UpgradeStepResult;
+    winnerVariant: UpgradeVariant;
+}): {
+    winner: UpgradeStepResult;
+    winnerVariant: UpgradeVariant;
+};
+//# sourceMappingURL=winnerStrategy.d.ts.map

package/dist/core/winnerStrategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"winnerStrategy.d.ts","sourceRoot":"","sources":["../../src/core/winnerStrategy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,KAAK,EAAE,yBAAyB,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAEjH,MAAM,WAAW,qBAAqB;IACpC,cAAc,EAAE,yBAAyB,CAAC;IAC1C,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC,CAAC;IACnE,iBAAiB,EAAE,iBAAiB,GAAG,IAAI,CAAC;CAC7C;AAED,wBAAgB,aAAa,CAC3B,KAAK,EAAE,qBAAqB,EAC5B,UAAU,EAAE,CAAC,UAAU,EAAE,yBAAyB,EAAE,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,iBAAiB,KAAK;IAC9G,MAAM,EAAE,iBAAiB,CAAC;IAC1B,aAAa,EAAE,cAAc,CAAC;CAC/B,GACA;IAAE,MAAM,EAAE,iBAAiB,CAAC;IAAC,aAAa,EAAE,cAAc,CAAA;CAAE,CAiB9D"}

package/dist/core/winnerStrategy.js

@@ -0,0 +1,18 @@
+export function resolveWinner(input, pickWinner) {
+    const primary = input.variantResults.primary;
+    const refiner = input.variantResults.refiner;
+    if (input.tournamentOutcome?.ranked?.length) {
+        const top = input.tournamentOutcome.ranked[0];
+        const winnerVariant = top.candidateId === 'refiner' && refiner ? 'refiner' : 'primary';
+        if (winnerVariant === 'primary') {
+            primary.humanAccuracy = top.humanAccuracy;
+        }
+        else if (refiner) {
+            refiner.humanAccuracy = top.humanAccuracy;
+        }
+        const winner = winnerVariant === 'refiner' && refiner ? refiner : primary;
+        return { winner, winnerVariant };
+    }
+    return pickWinner(input.modeDefinition, primary, refiner);
+}
+//# sourceMappingURL=winnerStrategy.js.map

package/dist/core/winnerStrategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"winnerStrategy.js","sourceRoot":"","sources":["../../src/core/winnerStrategy.ts"],"names":[],"mappings":"AASA,MAAM,UAAU,aAAa,CAC3B,KAA4B,EAC5B,UAGC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,cAAc,CAAC,OAAQ,CAAC;IAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC;IAE7C,IAAI,KAAK,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5C,MAAM,GAAG,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC;QAC/C,MAAM,aAAa,GAAmB,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QACvG,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QAC5C,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QAC5C,CAAC;QACD,MAAM,MAAM,GAAG,aAAa,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QAC1E,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,UAAU,CAAC,KAAK,CAAC,cAAc,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC5D,CAAC"}

package/dist/core/zeroDayDiscovery.d.ts

@@ -0,0 +1,96 @@
+/**
+ * Zero-Day Discovery Engine
+ *
+ * MAXIMUM CAPABILITIES FOR DISCOVERING ZERO-DAYS IN ANY POSSIBLE WAY
+ *
+ * Integrates with universal security audit, tournament RL, and provides
+ * comprehensive zero-day discovery pathways across all attack surfaces.
+ */
+import { type SecurityFinding } from './universalSecurityAudit.js';
+export interface ZeroDayDiscoveryConfig {
+    /** Primary target (domain, IP, cloud project, etc.) */
+    target: string;
+    /** Type of target for focused discovery */
+    targetType: 'web' | 'cloud' | 'mobile' | 'api' | 'infrastructure' | 'iot' | 'network' | 'binary' | 'source';
+    /** Specific attack surfaces to target */
+    attackSurface: string[];
+    /** Discovery aggressiveness 0-1 */
+    aggressiveness: number;
+    /** Enable live exploitation verification */
+    liveVerification: boolean;
+    /** Enable tournament RL optimization */
+    enableTournament: boolean;
+    /** Zero-day heuristic categories to apply */
+    heuristics: ZeroDayHeuristic[];
+    /** Output directory for findings */
+    outputDir: string;
+}
+export type ZeroDayHeuristic = 'complexityCorrelation' | 'trustBoundaryAnalysis' | 'temporalCoupling' | 'serializationBoundaries' | 'emergentBehaviors' | 'errorHandlingAsymmetry' | 'implicitStateDependencies' | 'resourceExhaustion' | 'supplyChainAnalysis' | 'cryptographicWeakness' | 'raceConditions' | 'memoryCorruption' | 'logicBugs' | 'configurationDrift';
+export interface ZeroDayFinding extends SecurityFinding {
+    zeroDayConfidence: number;
+    heuristic: ZeroDayHeuristic;
+    attackVector: string;
+    exploitationComplexity: 'low' | 'medium' | 'high' | 'expert';
+    patchedIn: string | null;
+    discoveryMethod: 'heuristic' | 'tournament' | 'fuzzing' | 'symbolic' | 'taint' | 'pattern';
+}
+export interface ZeroDayDiscoveryResult {
+    target: string;
+    targetType: string;
+    startTime: string;
+    endTime: string;
+    duration: number;
+    findings: ZeroDayFinding[];
+    discoveryMetrics: {
+        totalPathsExplored: number;
+        uniqueAttackVectors: number;
+        heuristicMatches: number;
+        tournamentRounds: number;
+        verificationAttempts: number;
+        falsePositives: number;
+    };
+    recommendations: {
+        immediate: string[];
+        shortTerm: string[];
+        longTerm: string[];
+    };
+    evidence: {
+        logs: string[];
+        screenshots?: string[];
+        networkTraces?: string[];
+        memoryDumps?: string[];
+    };
+}
+export declare class ZeroDayDiscovery {
+    private config;
+    private findings;
+    private evidence;
+    constructor(config: Partial<ZeroDayDiscoveryConfig> & {
+        target: string;
+    });
+    /**
+     * MAXIMUM CAPABILITY ZERO-DAY DISCOVERY
+     *
+     * Executes comprehensive discovery across all available pathways:
+     * 1. Heuristic-based vulnerability prediction
+     * 2. Universal security audit integration
+     * 3. Tournament RL optimization
+     * 4. Live verification and exploitation
+     * 5. Multi-vector attack surface exploration
+     */
+    discover(): Promise<ZeroDayDiscoveryResult>;
+    private discoverViaHeuristics;
+    private generateHeuristicFindings;
+    private discoverViaUniversalAudit;
+    private discoverViaTournament;
+    private verifyFindings;
+    private generateDiscoveryResult;
+    private saveFindings;
+    private inferProviderFromTarget;
+    private determineAttackVectorFromFinding;
+    private determineSeverity;
+    private determineExploitability;
+    private determineAttackVector;
+    private determineExploitationComplexity;
+}
+//# sourceMappingURL=zeroDayDiscovery.d.ts.map

package/dist/core/zeroDayDiscovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zeroDayDiscovery.d.ts","sourceRoot":"","sources":["../../src/core/zeroDayDiscovery.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAsB,KAAK,eAAe,EAA2C,MAAM,6BAA6B,CAAC;AAMhI,MAAM,WAAW,sBAAsB;IACrC,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,UAAU,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,KAAK,GAAG,gBAAgB,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC5G,yCAAyC;IACzC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,4CAA4C;IAC5C,gBAAgB,EAAE,OAAO,CAAC;IAC1B,wCAAwC;IACxC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,6CAA6C;IAC7C,UAAU,EAAE,gBAAgB,EAAE,CAAC;IAC/B,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,gBAAgB,GACxB,uBAAuB,GACvB,uBAAuB,GACvB,kBAAkB,GAClB,yBAAyB,GACzB,mBAAmB,GACnB,wBAAwB,GACxB,2BAA2B,GAC3B,oBAAoB,GACpB,qBAAqB,GACrB,uBAAuB,GACvB,gBAAgB,GAChB,kBAAkB,GAClB,WAAW,GACX,oBAAoB,CAAC;AAEzB,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,gBAAgB,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IAC7D,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,EAAE,WAAW,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;CAC5F;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,gBAAgB,EAAE;QAChB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,mBAAmB,EAAE,MAAM,CAAC;QAC5B,gBAAgB,EAAE,MAAM,CAAC;QACzB,gBAAgB,EAAE,MAAM,CAAC;QACzB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,eAAe,EAAE;QACf,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IACF,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;CACH;AA8GD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,QAAQ,CAAoD;gBAExD,MAAM,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE;IAkBxE;;;;;;;;;OASG;IACG,QAAQ,IAAI,OAAO,CAAC,sBAAsB,CAAC;YAkDnC,qBAAqB;IAsBnC,OAAO,CAAC,yBAAyB;YA0CnB,yBAAyB;YAMzB,qBAAqB;YAMrB,cAAc;IAwB5B,OAAO,CAAC,uBAAuB;IA2C/B,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,uBAAuB;IAO/B,OAAO,CAAC,gCAAgC;IAMxC,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,uBAAuB;IAQ/B,OAAO,CAAC,qBAAqB;IAK7B,OAAO,CAAC,+BAA+B;CAOxC"}