ferret-scan 2.1.2 → 2.3.0

package/dist/__tests__/interactiveTuiMore.test.js

@@ -0,0 +1,194 @@
+/**
+ * More Interactive TUI Command Tests
+ * Tests for files, export, clear, filter variations, and sort variations
+ */
+import { EventEmitter } from 'events';
+const mockRlInstance2 = new EventEmitter();
+jest.mock('node:readline', () => ({
+    createInterface: jest.fn().mockReturnValue(mockRlInstance2),
+}));
+import { startInteractiveSession } from '../features/interactiveTui.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: 'INJ-001',
+        ruleName: 'Injection Rule',
+        severity: 'HIGH',
+        category: 'injection',
+        file: '/project/test.md',
+        relativePath: 'test.md',
+        line: 5,
+        match: 'IGNORE PREVIOUS',
+        context: [],
+        remediation: 'Remove',
+        timestamp: new Date(),
+        riskScore: 75,
+        ...overrides,
+    };
+}
+function makeScanResult(findings = []) {
+    return {
+        success: true,
+        startTime: new Date(),
+        endTime: new Date(),
+        duration: 1000,
+        scannedPaths: ['/project'],
+        totalFiles: 5,
+        analyzedFiles: 4,
+        skippedFiles: 1,
+        findings,
+        findingsBySeverity: {
+            CRITICAL: findings.filter(f => f.severity === 'CRITICAL'),
+            HIGH: findings.filter(f => f.severity === 'HIGH'),
+            MEDIUM: findings.filter(f => f.severity === 'MEDIUM'),
+            LOW: findings.filter(f => f.severity === 'LOW'),
+            INFO: [],
+        },
+        findingsByCategory: {},
+        overallRiskScore: 50,
+        summary: { critical: 0, high: 0, medium: 0, low: 0, info: 0, total: findings.length },
+        errors: [],
+    };
+}
+async function runCommands(scanResult, commands) {
+    const outputs = [];
+    const consoleSpy = jest.spyOn(console, 'log').mockImplementation((msg) => {
+        if (msg)
+            outputs.push(msg);
+    });
+    let callCount = 0;
+    mockRlInstance2.question = jest.fn((_prompt, cb) => {
+        const cmd = commands[callCount++] ?? 'quit';
+        cb(cmd);
+    });
+    mockRlInstance2.close = jest.fn(() => {
+        mockRlInstance2.emit('close');
+    });
+    try {
+        await startInteractiveSession(scanResult);
+    }
+    finally {
+        consoleSpy.mockRestore();
+    }
+    return outputs;
+}
+describe('startInteractiveSession - additional commands', () => {
+    let tmpDir;
+    beforeEach(() => {
+        jest.clearAllMocks();
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-tui-more-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('handles files command', async () => {
+        const findings = [
+            makeFinding({ relativePath: 'agents/agent1.md' }),
+            makeFinding({ relativePath: 'agents/agent2.md', ruleId: 'CRED-001' }),
+            makeFinding({ relativePath: 'agents/agent1.md', ruleId: 'CRED-002' }),
+        ];
+        const result = makeScanResult(findings);
+        const outputs = await runCommands(result, ['files', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('by file');
+    });
+    it('handles files command without scan result', async () => {
+        const outputs = await runCommands(null, ['files', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('No scan results');
+    });
+    it('handles export command', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const exportFile = path.join(tmpDir, 'test-export.json');
+        const outputs = await runCommands(result, [`export ${exportFile}`, 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('exported');
+    });
+    it('handles export without scan result', async () => {
+        const outputs = await runCommands(null, ['export', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('No scan results');
+    });
+    it('handles clear command', async () => {
+        const result = makeScanResult();
+        // clear writes to stdout, just verify it doesn't throw
+        await expect(runCommands(result, ['clear', 'quit'])).resolves.toBeDefined();
+    });
+    it('handles filter command with no args (shows current filters)', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['filter', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('filter');
+    });
+    it('handles filter clear severity', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['filter severity NONE', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('cleared');
+    });
+    it('handles filter invalid severity value', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['filter severity INVALID', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('Invalid severity');
+    });
+    it('handles filter category', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['filter category injection', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('Filtering by category');
+    });
+    it('handles filter category clear', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['filter cat NONE', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('cleared');
+    });
+    it('handles filter unknown type', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['filter unknowntype value', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('Unknown filter');
+    });
+    it('handles sort riskscore', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['sort riskscore', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('Sorting');
+    });
+    it('handles sort risk (alias for riskscore)', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['sort risk', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('Sorting');
+    });
+    it('handles sort invalid option', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['sort invalid', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('Unknown sort');
+    });
+    it('handles by-file alias for files command', async () => {
+        const result = makeScanResult([makeFinding()]);
+        const outputs = await runCommands(result, ['by-file', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('by file');
+    });
+    it('handles show with no args uses current index', async () => {
+        const findings = [makeFinding({ ruleId: 'INJ-001' })];
+        const result = makeScanResult(findings);
+        const outputs = await runCommands(result, ['show', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('INJ-001');
+    });
+    it('handles files command with many findings per file (shows truncated)', async () => {
+        const findings = Array.from({ length: 10 }, (_, i) => makeFinding({ relativePath: 'same/file.md', ruleId: `RULE-${i}`, line: i + 1 }));
+        const result = makeScanResult(findings);
+        const outputs = await runCommands(result, ['files', 'quit']);
+        const allOutput = outputs.join('');
+        expect(allOutput).toContain('more');
+    });
+});
+//# sourceMappingURL=interactiveTuiMore.test.js.map

package/dist/__tests__/interactiveTuiSession.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Interactive TUI Session Tests
+ * Tests for startInteractiveSession with mocked readline
+ */
+export {};
+//# sourceMappingURL=interactiveTuiSession.test.d.ts.map

package/dist/__tests__/interactiveTuiSession.test.js

@@ -0,0 +1,173 @@
+/**
+ * Interactive TUI Session Tests
+ * Tests for startInteractiveSession with mocked readline
+ */
+import { EventEmitter } from 'events';
+// Mock readline
+const mockRlInstance = new EventEmitter();
+mockRlInstance.question = jest.fn();
+mockRlInstance.close = jest.fn(() => {
+    mockRlInstance.emit('close');
+});
+mockRlInstance.setPrompt = jest.fn();
+mockRlInstance.prompt = jest.fn();
+jest.mock('node:readline', () => ({
+    createInterface: jest.fn().mockReturnValue(mockRlInstance),
+}));
+import { startInteractiveSession } from '../features/interactiveTui.js';
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: 'INJ-001',
+        ruleName: 'Injection Rule',
+        severity: 'HIGH',
+        category: 'injection',
+        file: '/project/test.md',
+        relativePath: 'test.md',
+        line: 5,
+        match: 'IGNORE PREVIOUS',
+        context: [],
+        remediation: 'Remove',
+        timestamp: new Date(),
+        riskScore: 75,
+        ...overrides,
+    };
+}
+function makeScanResult(findings = []) {
+    return {
+        success: true,
+        startTime: new Date(),
+        endTime: new Date(),
+        duration: 1000,
+        scannedPaths: ['/project'],
+        totalFiles: 5,
+        analyzedFiles: 4,
+        skippedFiles: 1,
+        findings,
+        findingsBySeverity: {
+            CRITICAL: findings.filter(f => f.severity === 'CRITICAL'),
+            HIGH: findings.filter(f => f.severity === 'HIGH'),
+            MEDIUM: findings.filter(f => f.severity === 'MEDIUM'),
+            LOW: findings.filter(f => f.severity === 'LOW'),
+            INFO: findings.filter(f => f.severity === 'INFO'),
+        },
+        findingsByCategory: {},
+        overallRiskScore: 50,
+        summary: {
+            critical: 0,
+            high: findings.filter(f => f.severity === 'HIGH').length,
+            medium: 0, low: 0, info: 0,
+            total: findings.length,
+        },
+        errors: [],
+    };
+}
+describe('startInteractiveSession', () => {
+    let consoleSpy;
+    beforeEach(() => {
+        jest.clearAllMocks();
+        consoleSpy = jest.spyOn(console, 'log').mockImplementation(() => { });
+    });
+    afterEach(() => {
+        consoleSpy.mockRestore();
+    });
+    it('starts session with null scan result', async () => {
+        // Immediately close the session
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            cb('quit');
+        });
+        const sessionPromise = startInteractiveSession(null);
+        // The 'close' event should fire after quit
+        await sessionPromise;
+        expect(consoleSpy).toHaveBeenCalled();
+    });
+    it('starts session with scan result', async () => {
+        const result = makeScanResult([makeFinding()]);
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            cb('quit');
+        });
+        await startInteractiveSession(result);
+        const output = consoleSpy.mock.calls.flat().join('');
+        expect(output).toContain('Ferret Security Scanner');
+    });
+    it('handles help command', async () => {
+        const result = makeScanResult();
+        let callCount = 0;
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            callCount++;
+            if (callCount === 1) {
+                cb('help');
+            }
+            else {
+                cb('quit');
+            }
+        });
+        await startInteractiveSession(result);
+        const output = consoleSpy.mock.calls.flat().join('');
+        expect(output).toContain('Commands');
+    });
+    it('handles unknown command', async () => {
+        const result = makeScanResult();
+        let callCount = 0;
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            callCount++;
+            if (callCount === 1) {
+                cb('unknowncommand123');
+            }
+            else {
+                cb('quit');
+            }
+        });
+        await startInteractiveSession(result);
+        const output = consoleSpy.mock.calls.flat().join('');
+        expect(output).toContain('Unknown command');
+    });
+    it('handles empty input (whitespace)', async () => {
+        const result = makeScanResult();
+        let callCount = 0;
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            callCount++;
+            if (callCount === 1) {
+                cb('   '); // whitespace
+            }
+            else if (callCount === 2) {
+                cb('quit');
+            }
+        });
+        await startInteractiveSession(result);
+        // Should not have printed "Unknown command" for empty input
+        const output = consoleSpy.mock.calls.flat().join('');
+        expect(output).not.toContain('Unknown command:    ');
+    });
+    it('handles list command', async () => {
+        const result = makeScanResult([makeFinding(), makeFinding({ ruleId: 'CRED-001' })]);
+        let callCount = 0;
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            callCount++;
+            if (callCount === 1) {
+                cb('list');
+            }
+            else {
+                cb('quit');
+            }
+        });
+        await startInteractiveSession(result);
+        // list command should work
+        expect(consoleSpy).toHaveBeenCalled();
+    });
+    it('handles show command for a finding', async () => {
+        const result = makeScanResult([makeFinding()]);
+        let callCount = 0;
+        mockRlInstance.question = jest.fn((_prompt, cb) => {
+            callCount++;
+            if (callCount === 1) {
+                cb('show 1');
+            }
+            else {
+                cb('quit');
+            }
+        });
+        await startInteractiveSession(result);
+        expect(consoleSpy).toHaveBeenCalled();
+    });
+});
+//# sourceMappingURL=interactiveTuiSession.test.js.map

package/dist/__tests__/llmAnalysis.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * LLM Analysis Tests
+ * Tests for createLlmProvider, createOpenAICompatibleProvider, and analyzeWithLlm
+ */
+export {};
+//# sourceMappingURL=llmAnalysis.test.d.ts.map

package/dist/__tests__/llmAnalysis.test.js

@@ -0,0 +1,229 @@
+/**
+ * LLM Analysis Tests
+ * Tests for createLlmProvider, createOpenAICompatibleProvider, and analyzeWithLlm
+ */
+import { createLlmProvider, createOpenAICompatibleProvider, analyzeWithLlm } from '../features/llmAnalysis.js';
+function makeConfig(overrides = {}) {
+    return {
+        provider: 'openai-compatible',
+        baseUrl: 'http://localhost:11434/v1/chat/completions',
+        model: 'llama3',
+        apiKeyEnv: 'OPENAI_API_KEY',
+        timeoutMs: 5000,
+        jsonMode: true,
+        maxInputChars: 10000,
+        maxOutputTokens: 500,
+        temperature: 0,
+        systemPromptAddendum: '',
+        includeMitreAtlasTechniques: false,
+        maxMitreAtlasTechniques: 0,
+        cacheDir: '/tmp/ferret-llm-test-cache',
+        cacheTtlHours: 1,
+        maxRetries: 0,
+        retryBackoffMs: 100,
+        retryMaxBackoffMs: 1000,
+        minRequestIntervalMs: 0,
+        onlyIfFindings: false,
+        maxFindingsPerFile: 10,
+        maxFiles: 5,
+        minConfidence: 0.6,
+        ...overrides,
+    };
+}
+describe('createLlmProvider', () => {
+    it('returns null for unknown provider', () => {
+        const provider = createLlmProvider(makeConfig({ provider: 'unknown' }));
+        expect(provider).toBeNull();
+    });
+    it('returns a provider for openai-compatible with localhost URL (no API key needed)', () => {
+        const provider = createLlmProvider(makeConfig({
+            provider: 'openai-compatible',
+            baseUrl: 'http://localhost:11434/v1/chat/completions',
+        }));
+        expect(provider).not.toBeNull();
+        expect(provider?.name).toBe('openai-compatible');
+    });
+    it('returns null for openai-compatible with non-local URL and no API key', () => {
+        const origKey = process.env['OPENAI_API_KEY'];
+        delete process.env['OPENAI_API_KEY'];
+        const provider = createLlmProvider(makeConfig({
+            provider: 'openai-compatible',
+            baseUrl: 'https://api.openai.com/v1/chat/completions',
+            apiKeyEnv: 'OPENAI_API_KEY',
+        }));
+        expect(provider).toBeNull();
+        if (origKey !== undefined)
+            process.env['OPENAI_API_KEY'] = origKey;
+    });
+    it('returns a provider when API key env var is set', () => {
+        const origKey = process.env['TEST_LLM_API_KEY'];
+        process.env['TEST_LLM_API_KEY'] = 'test-api-key-123';
+        const provider = createLlmProvider(makeConfig({
+            provider: 'openai-compatible',
+            baseUrl: 'https://api.openai.com/v1/chat/completions',
+            apiKeyEnv: 'TEST_LLM_API_KEY',
+        }));
+        expect(provider).not.toBeNull();
+        expect(provider?.name).toBe('openai-compatible');
+        if (origKey !== undefined)
+            process.env['TEST_LLM_API_KEY'] = origKey;
+        else
+            delete process.env['TEST_LLM_API_KEY'];
+    });
+});
+describe('createOpenAICompatibleProvider', () => {
+    it('returns an object with analyze method', () => {
+        const provider = createOpenAICompatibleProvider(makeConfig({
+            baseUrl: 'http://localhost:11434/v1/chat/completions',
+        }));
+        expect(provider).not.toBeNull();
+        expect(typeof provider?.analyze).toBe('function');
+    });
+    it('returns null when no API key and non-localhost URL', () => {
+        const origKey = process.env['MY_API_KEY'];
+        delete process.env['MY_API_KEY'];
+        const provider = createOpenAICompatibleProvider(makeConfig({
+            baseUrl: 'https://api.groq.com/openai/v1/chat/completions',
+            apiKeyEnv: 'MY_API_KEY',
+        }));
+        expect(provider).toBeNull();
+        if (origKey !== undefined)
+            process.env['MY_API_KEY'] = origKey;
+    });
+    it('provider.analyze calls fetch with correct structure', async () => {
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            json: () => Promise.resolve({
+                choices: [{ message: { content: '{"version":1,"findings":[]}' } }],
+            }),
+            text: () => Promise.resolve(''),
+        };
+        globalThis.fetch = jest.fn().mockResolvedValue(mockResponse);
+        const provider = createOpenAICompatibleProvider(makeConfig({
+            baseUrl: 'http://localhost:11434/v1/chat/completions',
+            jsonMode: false,
+        }));
+        expect(provider).not.toBeNull();
+        const result = await provider.analyze({ system: 'system prompt', user: 'user content' });
+        expect(result).toBe('{"version":1,"findings":[]}');
+        expect(globalThis.fetch).toHaveBeenCalledWith('http://localhost:11434/v1/chat/completions', expect.objectContaining({
+            method: 'POST',
+            headers: expect.objectContaining({ 'content-type': 'application/json' }),
+        }));
+    });
+    it('provider.analyze throws on HTTP error', async () => {
+        globalThis.fetch = jest.fn().mockResolvedValue({
+            ok: false,
+            status: 401,
+            headers: { get: () => null },
+            text: () => Promise.resolve('Unauthorized'),
+        });
+        const provider = createOpenAICompatibleProvider(makeConfig({
+            baseUrl: 'http://localhost:11434/v1/chat/completions',
+            maxRetries: 0,
+            jsonMode: false,
+        }));
+        expect(provider).not.toBeNull();
+        await expect(provider.analyze({ system: 'sys', user: 'usr' })).rejects.toThrow('LLM HTTP 401');
+    });
+});
+describe('analyzeWithLlm', () => {
+    const mockProvider = {
+        name: 'mock',
+        analyze: jest.fn(),
+    };
+    beforeEach(() => {
+        jest.clearAllMocks();
+    });
+    function makeFile(overrides = {}) {
+        return {
+            path: '/project/.claude/agents/test.md',
+            relativePath: 'agents/test.md',
+            type: 'md',
+            component: 'agent',
+            size: 100,
+            modified: new Date(),
+            ...overrides,
+        };
+    }
+    it('returns ran=false for non-AI file types', async () => {
+        // Use a JSON file that is not in an AI config directory - analyzeWithLlm checks shouldAnalyzeFileWithLlm
+        const file = makeFile({ type: 'json', path: '/project/package.json', relativePath: 'package.json', component: 'settings' });
+        const result = await analyzeWithLlm(mockProvider, makeConfig(), file, 'content', []);
+        expect(result.ran).toBe(false);
+        expect(result.findings).toHaveLength(0);
+        expect(mockProvider.analyze).not.toHaveBeenCalled();
+    });
+    it('returns ran=false when onlyIfFindings=true and no existing findings', async () => {
+        const file = makeFile();
+        const result = await analyzeWithLlm(mockProvider, makeConfig({ onlyIfFindings: true }), file, 'content', []);
+        expect(result.ran).toBe(false);
+        expect(mockProvider.analyze).not.toHaveBeenCalled();
+    });
+    it('returns findings when provider returns valid response', async () => {
+        const mockResponse = JSON.stringify({
+            version: 1,
+            findings: [
+                {
+                    title: 'Prompt Injection',
+                    severity: 'HIGH',
+                    category: 'injection',
+                    line: 5,
+                    match: 'IGNORE PREVIOUS INSTRUCTIONS',
+                    remediation: 'Remove instruction override',
+                    confidence: 0.9,
+                },
+            ],
+        });
+        mockProvider.analyze.mockResolvedValue(mockResponse);
+        const file = makeFile();
+        const result = await analyzeWithLlm(mockProvider, makeConfig({ cacheDir: '/tmp/ferret-llm-no-cache-test-' + Date.now() }), file, 'line 1\nIGNORE PREVIOUS INSTRUCTIONS\nline 3', []);
+        expect(result.ran).toBe(true);
+        expect(result.findings.length).toBeGreaterThan(0);
+        expect(result.findings[0]?.severity).toBe('HIGH');
+    });
+    it('returns error when provider throws', async () => {
+        mockProvider.analyze.mockRejectedValue(new Error('Network error'));
+        const file = makeFile();
+        const result = await analyzeWithLlm(mockProvider, makeConfig({ cacheDir: '/tmp/ferret-llm-no-cache-test-' + Date.now() }), file, 'file content', []);
+        // When provider throws, either ran=false with error or ran=true with empty findings
+        expect(result.findings).toHaveLength(0);
+        expect(result.error).toBeDefined();
+    });
+    it('filters findings below minConfidence', async () => {
+        const mockResponse = JSON.stringify({
+            version: 1,
+            findings: [
+                {
+                    title: 'High Confidence Finding',
+                    severity: 'HIGH',
+                    category: 'injection',
+                    match: 'bad',
+                    remediation: 'fix',
+                    confidence: 0.9,
+                },
+                {
+                    title: 'Low Confidence Finding',
+                    severity: 'MEDIUM',
+                    category: 'obfuscation',
+                    match: 'maybe bad',
+                    remediation: 'maybe fix',
+                    confidence: 0.3,
+                },
+            ],
+        });
+        mockProvider.analyze.mockResolvedValue(mockResponse);
+        const file = makeFile();
+        const result = await analyzeWithLlm(mockProvider, makeConfig({
+            minConfidence: 0.6,
+            cacheDir: '/tmp/ferret-llm-no-cache-test-' + Date.now(),
+        }), file, 'bad content here', []);
+        expect(result.ran).toBe(true);
+        const highConf = result.findings.filter(f => f.ruleName?.includes('High Confidence'));
+        const lowConf = result.findings.filter(f => f.ruleName?.includes('Low Confidence'));
+        expect(highConf.length).toBeGreaterThan(0);
+        expect(lowConf.length).toBe(0);
+    });
+});
+//# sourceMappingURL=llmAnalysis.test.js.map

package/dist/__tests__/llmAnalysisBuildExcerpt.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * LLM Analysis buildFindingsAwareExcerpt Tests
+ * Tests the excerpt building logic for large files with existing findings
+ */
+export {};
+//# sourceMappingURL=llmAnalysisBuildExcerpt.test.d.ts.map