ferret-scan 2.2.0 → 2.3.0

package/dist/__tests__/baseline.test.js

@@ -0,0 +1,321 @@
+/**
+ * Baseline Tests
+ * Tests for baseline management: create, add, remove, filter, validate, stats.
+ */
+import { computeBaselineIntegrity, verifyBaselineIntegrity, createBaseline, addToBaseline, removeFromBaseline, filterAgainstBaseline, validateBaseline, getDefaultBaselinePath, getBaselineStats, } from '../utils/baseline.js';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: 'INJ-001',
+        ruleName: 'Test Rule',
+        severity: 'HIGH',
+        category: 'injection',
+        file: '/project/test.md',
+        relativePath: 'test.md',
+        line: 10,
+        match: 'ignore previous instructions',
+        context: [],
+        remediation: 'Fix it.',
+        timestamp: new Date(),
+        riskScore: 75,
+        ...overrides,
+    };
+}
+function makeScanResult(findings = []) {
+    return {
+        success: true,
+        startTime: new Date(),
+        endTime: new Date(),
+        duration: 100,
+        scannedPaths: ['/project'],
+        totalFiles: 10,
+        analyzedFiles: 8,
+        skippedFiles: 2,
+        findings,
+        findingsBySeverity: {
+            CRITICAL: findings.filter(f => f.severity === 'CRITICAL'),
+            HIGH: findings.filter(f => f.severity === 'HIGH'),
+            MEDIUM: findings.filter(f => f.severity === 'MEDIUM'),
+            LOW: findings.filter(f => f.severity === 'LOW'),
+            INFO: findings.filter(f => f.severity === 'INFO'),
+        },
+        findingsByCategory: {},
+        overallRiskScore: 50,
+        summary: {
+            critical: 0, high: findings.filter(f => f.severity === 'HIGH').length,
+            medium: 0, low: 0, info: 0, total: findings.length,
+        },
+        errors: [],
+    };
+}
+function makeBaseline(overrides = {}) {
+    return {
+        version: '1.0',
+        createdDate: new Date().toISOString(),
+        lastUpdated: new Date().toISOString(),
+        findings: [],
+        ...overrides,
+    };
+}
+// ---------------------------------------------------------------------------
+// computeBaselineIntegrity
+// ---------------------------------------------------------------------------
+describe('computeBaselineIntegrity', () => {
+    it('returns a sha256 integrity object', () => {
+        const baseline = makeBaseline();
+        const integrity = computeBaselineIntegrity(baseline);
+        expect(integrity.algorithm).toBe('sha256');
+        expect(typeof integrity.hash).toBe('string');
+        expect(integrity.hash.length).toBe(64);
+    });
+    it('produces consistent hashes for the same content', () => {
+        const baseline = makeBaseline({ description: 'test' });
+        const a = computeBaselineIntegrity(baseline);
+        const b = computeBaselineIntegrity(baseline);
+        expect(a.hash).toBe(b.hash);
+    });
+    it('produces different hashes when content differs', () => {
+        const a = computeBaselineIntegrity(makeBaseline({ description: 'version-a' }));
+        const b = computeBaselineIntegrity(makeBaseline({ description: 'version-b' }));
+        expect(a.hash).not.toBe(b.hash);
+    });
+});
+// ---------------------------------------------------------------------------
+// verifyBaselineIntegrity
+// ---------------------------------------------------------------------------
+describe('verifyBaselineIntegrity', () => {
+    it('returns true when no integrity field is present', () => {
+        const baseline = makeBaseline();
+        expect(verifyBaselineIntegrity(baseline)).toBe(true);
+    });
+    it('returns true when integrity matches', () => {
+        const base = makeBaseline();
+        const integrity = computeBaselineIntegrity(base);
+        const baseline = { ...base, integrity };
+        expect(verifyBaselineIntegrity(baseline)).toBe(true);
+    });
+    it('returns false when integrity hash is tampered', () => {
+        const base = makeBaseline();
+        const baseline = {
+            ...base,
+            integrity: { algorithm: 'sha256', hash: 'aabbccddeeff0011223344556677889900112233445566778899aabbccddeeff00' },
+        };
+        expect(verifyBaselineIntegrity(baseline)).toBe(false);
+    });
+});
+// ---------------------------------------------------------------------------
+// createBaseline
+// ---------------------------------------------------------------------------
+describe('createBaseline', () => {
+    it('creates a baseline with findings from scan result', () => {
+        const findings = [makeFinding(), makeFinding({ ruleId: 'CRED-001', line: 20 })];
+        const result = makeScanResult(findings);
+        const baseline = createBaseline(result);
+        expect(baseline.version).toBe('1.0');
+        expect(baseline.findings).toHaveLength(2);
+    });
+    it('each finding has a hash', () => {
+        const result = makeScanResult([makeFinding()]);
+        const baseline = createBaseline(result);
+        expect(baseline.findings[0].hash).toBeTruthy();
+        expect(baseline.findings[0].hash.length).toBe(64);
+    });
+    it('uses provided description', () => {
+        const result = makeScanResult();
+        const baseline = createBaseline(result, 'My custom baseline');
+        expect(baseline.description).toBe('My custom baseline');
+    });
+    it('generates default description when not provided', () => {
+        const result = makeScanResult();
+        const baseline = createBaseline(result);
+        expect(baseline.description).toContain('/project');
+    });
+    it('creates empty baseline from empty scan result', () => {
+        const result = makeScanResult([]);
+        const baseline = createBaseline(result);
+        expect(baseline.findings).toHaveLength(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// addToBaseline
+// ---------------------------------------------------------------------------
+describe('addToBaseline', () => {
+    it('adds new findings to baseline', () => {
+        const baseline = makeBaseline();
+        const findings = [makeFinding()];
+        const updated = addToBaseline(baseline, findings);
+        expect(updated.findings).toHaveLength(1);
+    });
+    it('does not add duplicate findings', () => {
+        const finding = makeFinding();
+        const baseline = createBaseline(makeScanResult([finding]));
+        const updated = addToBaseline(baseline, [finding]);
+        expect(updated.findings).toHaveLength(1); // no duplicate added
+    });
+    it('includes reason when provided', () => {
+        const baseline = makeBaseline();
+        const updated = addToBaseline(baseline, [makeFinding()], 'Accepted by team');
+        expect(updated.findings[0].reason).toBe('Accepted by team');
+    });
+    it('omits reason when not provided', () => {
+        const baseline = makeBaseline();
+        const updated = addToBaseline(baseline, [makeFinding()]);
+        expect(updated.findings[0].reason).toBeUndefined();
+    });
+    it('does not mutate original baseline', () => {
+        const baseline = makeBaseline();
+        addToBaseline(baseline, [makeFinding()]);
+        expect(baseline.findings).toHaveLength(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// removeFromBaseline
+// ---------------------------------------------------------------------------
+describe('removeFromBaseline', () => {
+    it('removes findings by hash', () => {
+        const finding = makeFinding();
+        const result = makeScanResult([finding]);
+        const baseline = createBaseline(result);
+        const hashToRemove = baseline.findings[0].hash;
+        const updated = removeFromBaseline(baseline, [hashToRemove]);
+        expect(updated.findings).toHaveLength(0);
+    });
+    it('keeps unmatched findings', () => {
+        const f1 = makeFinding({ line: 10 });
+        const f2 = makeFinding({ line: 20 });
+        const baseline = createBaseline(makeScanResult([f1, f2]));
+        const hashToRemove = baseline.findings[0].hash;
+        const updated = removeFromBaseline(baseline, [hashToRemove]);
+        expect(updated.findings).toHaveLength(1);
+    });
+    it('does not mutate original baseline', () => {
+        const baseline = createBaseline(makeScanResult([makeFinding()]));
+        const hash = baseline.findings[0].hash;
+        removeFromBaseline(baseline, [hash]);
+        expect(baseline.findings).toHaveLength(1);
+    });
+});
+// ---------------------------------------------------------------------------
+// filterAgainstBaseline
+// ---------------------------------------------------------------------------
+describe('filterAgainstBaseline', () => {
+    it('returns original result when baseline is null', () => {
+        const result = makeScanResult([makeFinding()]);
+        const filtered = filterAgainstBaseline(result, null);
+        expect(filtered).toBe(result);
+    });
+    it('returns original result when baseline has no findings', () => {
+        const result = makeScanResult([makeFinding()]);
+        const baseline = makeBaseline({ findings: [] });
+        const filtered = filterAgainstBaseline(result, baseline);
+        expect(filtered).toBe(result);
+    });
+    it('filters out findings that are in baseline', () => {
+        const finding = makeFinding();
+        const result = makeScanResult([finding]);
+        const baseline = createBaseline(result);
+        const filtered = filterAgainstBaseline(result, baseline);
+        expect(filtered.findings).toHaveLength(0);
+        expect(filtered.summary.total).toBe(0);
+    });
+    it('keeps findings not in baseline', () => {
+        const known = makeFinding({ line: 10 });
+        const newFinding = makeFinding({ line: 99, match: 'different match' });
+        const baseline = createBaseline(makeScanResult([known]));
+        const result = makeScanResult([known, newFinding]);
+        const filtered = filterAgainstBaseline(result, baseline);
+        expect(filtered.findings).toHaveLength(1);
+        expect(filtered.findings[0].line).toBe(99);
+    });
+    it('updates summary counts correctly after filtering', () => {
+        const critFinding = makeFinding({ severity: 'CRITICAL', line: 1 });
+        const highFinding = makeFinding({ severity: 'HIGH', line: 2 });
+        const baseline = createBaseline(makeScanResult([critFinding]));
+        const result = makeScanResult([critFinding, highFinding]);
+        const filtered = filterAgainstBaseline(result, baseline);
+        expect(filtered.summary.critical).toBe(0);
+        expect(filtered.summary.high).toBe(1);
+    });
+});
+// ---------------------------------------------------------------------------
+// validateBaseline
+// ---------------------------------------------------------------------------
+describe('validateBaseline', () => {
+    it('returns all valid when all baseline findings still present in scan', () => {
+        const finding = makeFinding();
+        const result = makeScanResult([finding]);
+        const baseline = createBaseline(result);
+        const { valid, invalid } = validateBaseline(baseline, result);
+        expect(valid).toHaveLength(1);
+        expect(invalid).toHaveLength(0);
+    });
+    it('returns invalid when baseline findings are no longer in scan', () => {
+        const finding = makeFinding();
+        const baseline = createBaseline(makeScanResult([finding]));
+        const emptyResult = makeScanResult([]);
+        const { valid, invalid } = validateBaseline(baseline, emptyResult);
+        expect(valid).toHaveLength(0);
+        expect(invalid).toHaveLength(1);
+    });
+    it('correctly separates valid and invalid findings', () => {
+        const f1 = makeFinding({ line: 10 });
+        const f2 = makeFinding({ line: 20 });
+        const baseline = createBaseline(makeScanResult([f1, f2]));
+        // Only f1 still present
+        const { valid, invalid } = validateBaseline(baseline, makeScanResult([f1]));
+        expect(valid).toHaveLength(1);
+        expect(invalid).toHaveLength(1);
+    });
+});
+// ---------------------------------------------------------------------------
+// getDefaultBaselinePath
+// ---------------------------------------------------------------------------
+describe('getDefaultBaselinePath', () => {
+    it('returns a path ending in .ferret-baseline.json', () => {
+        const path = getDefaultBaselinePath(['/some/project/dir']);
+        expect(path).toMatch(/\.ferret-baseline\.json$/);
+    });
+    it('uses process.cwd() when no paths provided', () => {
+        const path = getDefaultBaselinePath([]);
+        expect(path).toMatch(/\.ferret-baseline\.json$/);
+    });
+});
+// ---------------------------------------------------------------------------
+// getBaselineStats
+// ---------------------------------------------------------------------------
+describe('getBaselineStats', () => {
+    it('returns zero stats for empty baseline', () => {
+        const baseline = makeBaseline();
+        const stats = getBaselineStats(baseline);
+        expect(stats.totalFindings).toBe(0);
+        expect(stats.byRule).toEqual({});
+        expect(stats.bySeverity).toEqual({});
+    });
+    it('counts findings by rule', () => {
+        const findings = [
+            { ruleId: 'INJ-001', file: 'a.md', line: 1, match: 'x', hash: 'h1', acceptedDate: '2024-01-01T00:00:00Z', severity: 'HIGH' },
+            { ruleId: 'INJ-001', file: 'b.md', line: 2, match: 'y', hash: 'h2', acceptedDate: '2024-01-02T00:00:00Z', severity: 'HIGH' },
+            { ruleId: 'CRED-001', file: 'c.md', line: 3, match: 'z', hash: 'h3', acceptedDate: '2024-01-03T00:00:00Z', severity: 'CRITICAL' },
+        ];
+        const baseline = makeBaseline({ findings });
+        const stats = getBaselineStats(baseline);
+        expect(stats.totalFindings).toBe(3);
+        expect(stats.byRule['INJ-001']).toBe(2);
+        expect(stats.byRule['CRED-001']).toBe(1);
+        expect(stats.bySeverity['HIGH']).toBe(2);
+        expect(stats.bySeverity['CRITICAL']).toBe(1);
+    });
+    it('tracks oldest and newest finding dates', () => {
+        const findings = [
+            { ruleId: 'X-001', file: 'a.md', line: 1, match: 'x', hash: 'h1', acceptedDate: '2023-01-01T00:00:00Z' },
+            { ruleId: 'X-001', file: 'b.md', line: 2, match: 'y', hash: 'h2', acceptedDate: '2025-12-01T00:00:00Z' },
+        ];
+        const baseline = makeBaseline({ findings });
+        const stats = getBaselineStats(baseline);
+        expect(stats.oldestFinding).toBe('2023-01-01T00:00:00Z');
+        expect(stats.newestFinding).toBe('2025-12-01T00:00:00Z');
+    });
+});
+//# sourceMappingURL=baseline.test.js.map

package/dist/__tests__/baselineExtra.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Additional Baseline Tests
+ * Tests for baseline utility functions
+ */
+export {};
+//# sourceMappingURL=baselineExtra.test.d.ts.map

package/dist/__tests__/baselineExtra.test.js

@@ -0,0 +1,317 @@
+/**
+ * Additional Baseline Tests
+ * Tests for baseline utility functions
+ */
+import { computeBaselineIntegrity, verifyBaselineIntegrity, loadBaseline, saveBaseline, createBaseline, addToBaseline, removeFromBaseline, filterAgainstBaseline, validateBaseline, getDefaultBaselinePath, getBaselineStats, } from '../utils/baseline.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: 'INJ-001',
+        ruleName: 'Test Rule',
+        severity: 'HIGH',
+        category: 'injection',
+        file: '/project/test.md',
+        relativePath: 'test.md',
+        line: 1,
+        match: 'bad content',
+        context: [],
+        remediation: 'fix it',
+        timestamp: new Date(),
+        riskScore: 75,
+        ...overrides,
+    };
+}
+function makeScanResult(findings = []) {
+    return {
+        success: true,
+        startTime: new Date(),
+        endTime: new Date(),
+        duration: 100,
+        scannedPaths: ['/project'],
+        totalFiles: 5,
+        analyzedFiles: 5,
+        skippedFiles: 0,
+        findings,
+        findingsBySeverity: {
+            CRITICAL: [],
+            HIGH: findings.filter(f => f.severity === 'HIGH'),
+            MEDIUM: [],
+            LOW: [],
+            INFO: [],
+        },
+        findingsByCategory: {},
+        overallRiskScore: 0,
+        summary: {
+            critical: 0,
+            high: findings.filter(f => f.severity === 'HIGH').length,
+            medium: 0,
+            low: 0,
+            info: 0,
+            total: findings.length,
+        },
+        errors: [],
+    };
+}
+function makeBaseline(overrides = {}) {
+    return {
+        version: '1.0',
+        createdDate: new Date().toISOString(),
+        lastUpdated: new Date().toISOString(),
+        findings: [],
+        ...overrides,
+    };
+}
+describe('computeBaselineIntegrity', () => {
+    it('returns an integrity object with sha256 algorithm', () => {
+        const baseline = makeBaseline();
+        const integrity = computeBaselineIntegrity(baseline);
+        expect(integrity.algorithm).toBe('sha256');
+        expect(typeof integrity.hash).toBe('string');
+        expect(integrity.hash.length).toBeGreaterThan(0);
+    });
+    it('produces consistent hashes', () => {
+        const baseline = makeBaseline({ description: 'Test' });
+        const i1 = computeBaselineIntegrity(baseline);
+        const i2 = computeBaselineIntegrity(baseline);
+        expect(i1.hash).toBe(i2.hash);
+    });
+    it('produces different hashes for different content', () => {
+        const b1 = makeBaseline({ description: 'Test 1' });
+        const b2 = makeBaseline({ description: 'Test 2' });
+        expect(computeBaselineIntegrity(b1).hash).not.toBe(computeBaselineIntegrity(b2).hash);
+    });
+});
+describe('verifyBaselineIntegrity', () => {
+    it('returns true when no integrity field present', () => {
+        const baseline = makeBaseline();
+        expect(verifyBaselineIntegrity(baseline)).toBe(true);
+    });
+    it('returns true when integrity matches', () => {
+        const baseline = makeBaseline();
+        const integrity = computeBaselineIntegrity(baseline);
+        const withIntegrity = { ...baseline, integrity };
+        expect(verifyBaselineIntegrity(withIntegrity)).toBe(true);
+    });
+    it('returns false when integrity does not match', () => {
+        const baseline = makeBaseline();
+        const withFakeIntegrity = {
+            ...baseline,
+            integrity: { algorithm: 'sha256', hash: 'fakehash123' },
+        };
+        expect(verifyBaselineIntegrity(withFakeIntegrity)).toBe(false);
+    });
+});
+describe('loadBaseline', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-baseline-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('returns null for non-existent file', async () => {
+        const result = await loadBaseline('/nonexistent/baseline.json');
+        expect(result).toBeNull();
+    });
+    it('loads a valid baseline', async () => {
+        const filePath = path.join(tmpDir, 'baseline.json');
+        const baseline = makeBaseline();
+        fs.writeFileSync(filePath, JSON.stringify(baseline));
+        const result = await loadBaseline(filePath);
+        expect(result).not.toBeNull();
+        expect(result?.version).toBe('1.0');
+    });
+    it('returns null for invalid JSON', async () => {
+        const filePath = path.join(tmpDir, 'baseline.json');
+        fs.writeFileSync(filePath, 'invalid json {{{');
+        const result = await loadBaseline(filePath);
+        expect(result).toBeNull();
+    });
+    it('returns null for baseline with missing required fields', async () => {
+        const filePath = path.join(tmpDir, 'baseline.json');
+        fs.writeFileSync(filePath, JSON.stringify({ version: '1.0' })); // missing findings
+        const result = await loadBaseline(filePath);
+        expect(result).toBeNull();
+    });
+});
+describe('saveBaseline', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-baseline-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('saves baseline to file with integrity', async () => {
+        const filePath = path.join(tmpDir, 'baseline.json');
+        const baseline = makeBaseline();
+        await saveBaseline(baseline, filePath);
+        expect(fs.existsSync(filePath)).toBe(true);
+        const saved = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        expect(saved.version).toBe('1.0');
+        expect(saved.integrity).toBeDefined();
+    });
+    it('creates nested directories', async () => {
+        const filePath = path.join(tmpDir, 'nested', 'dir', 'baseline.json');
+        const baseline = makeBaseline();
+        await saveBaseline(baseline, filePath);
+        expect(fs.existsSync(filePath)).toBe(true);
+    });
+});
+describe('createBaseline', () => {
+    it('creates a baseline from scan results', () => {
+        const findings = [makeFinding(), makeFinding({ ruleId: 'CRED-001', line: 5 })];
+        const result = makeScanResult(findings);
+        const baseline = createBaseline(result);
+        expect(baseline.version).toBe('1.0');
+        expect(baseline.findings).toHaveLength(2);
+        expect(baseline.findings[0]?.hash).toBeDefined();
+    });
+    it('includes description when provided', () => {
+        const baseline = createBaseline(makeScanResult(), 'My custom baseline');
+        expect(baseline.description).toBe('My custom baseline');
+    });
+    it('generates default description when not provided', () => {
+        const baseline = createBaseline(makeScanResult());
+        expect(baseline.description).toBeDefined();
+        expect(baseline.description).toContain('/project');
+    });
+});
+describe('addToBaseline', () => {
+    it('adds new findings to baseline', () => {
+        const baseline = makeBaseline();
+        const findings = [makeFinding()];
+        const updated = addToBaseline(baseline, findings);
+        expect(updated.findings).toHaveLength(1);
+    });
+    it('does not add duplicate findings', () => {
+        const finding = makeFinding();
+        // First add via createBaseline which generates the same hash
+        const baseline = createBaseline(makeScanResult([finding]));
+        const updated = addToBaseline(baseline, [finding]);
+        // Should still be 1 (not duplicated)
+        expect(updated.findings).toHaveLength(1);
+    });
+    it('includes reason when provided', () => {
+        const baseline = makeBaseline();
+        const updated = addToBaseline(baseline, [makeFinding()], 'Accepted as known issue');
+        expect(updated.findings[0]?.reason).toBe('Accepted as known issue');
+    });
+});
+describe('removeFromBaseline', () => {
+    it('removes findings by hash', () => {
+        const finding = {
+            ruleId: 'INJ-001',
+            file: 'test.md',
+            line: 1,
+            match: 'bad',
+            hash: 'abc123',
+            acceptedDate: new Date().toISOString(),
+        };
+        const baseline = makeBaseline({ findings: [finding] });
+        const updated = removeFromBaseline(baseline, ['abc123']);
+        expect(updated.findings).toHaveLength(0);
+    });
+    it('keeps non-matching findings', () => {
+        const finding1 = {
+            ruleId: 'INJ-001', file: 'test.md', line: 1, match: 'bad',
+            hash: 'abc123', acceptedDate: new Date().toISOString(),
+        };
+        const finding2 = {
+            ruleId: 'CRED-001', file: 'test.md', line: 2, match: 'secret',
+            hash: 'def456', acceptedDate: new Date().toISOString(),
+        };
+        const baseline = makeBaseline({ findings: [finding1, finding2] });
+        const updated = removeFromBaseline(baseline, ['abc123']);
+        expect(updated.findings).toHaveLength(1);
+        expect(updated.findings[0]?.hash).toBe('def456');
+    });
+});
+describe('filterAgainstBaseline', () => {
+    it('returns same result when baseline is null', () => {
+        const findings = [makeFinding()];
+        const result = makeScanResult(findings);
+        const filtered = filterAgainstBaseline(result, null);
+        expect(filtered.findings).toHaveLength(1);
+    });
+    it('returns same result when baseline is empty', () => {
+        const findings = [makeFinding()];
+        const result = makeScanResult(findings);
+        const filtered = filterAgainstBaseline(result, makeBaseline());
+        expect(filtered.findings).toHaveLength(1);
+    });
+    it('filters out baseline findings', () => {
+        const finding = makeFinding();
+        // Create a baseline that contains this finding
+        const baselineResult = makeScanResult([finding]);
+        const baseline = createBaseline(baselineResult);
+        const result = makeScanResult([finding]);
+        const filtered = filterAgainstBaseline(result, baseline);
+        expect(filtered.findings).toHaveLength(0);
+    });
+    it('keeps new findings not in baseline', () => {
+        const knownFinding = makeFinding({ ruleId: 'INJ-001', line: 1 });
+        const newFinding = makeFinding({ ruleId: 'CRED-001', line: 5 });
+        const baseline = createBaseline(makeScanResult([knownFinding]));
+        const result = makeScanResult([knownFinding, newFinding]);
+        const filtered = filterAgainstBaseline(result, baseline);
+        expect(filtered.findings).toHaveLength(1);
+        expect(filtered.findings[0]?.ruleId).toBe('CRED-001');
+    });
+});
+describe('getDefaultBaselinePath', () => {
+    it('returns a string path', () => {
+        const p = getDefaultBaselinePath(['/project']);
+        expect(typeof p).toBe('string');
+        expect(p.length).toBeGreaterThan(0);
+    });
+    it('handles empty paths', () => {
+        const p = getDefaultBaselinePath([]);
+        expect(typeof p).toBe('string');
+    });
+});
+describe('getBaselineStats', () => {
+    it('returns stats for empty baseline', () => {
+        const stats = getBaselineStats(makeBaseline());
+        expect(stats.totalFindings).toBe(0);
+    });
+    it('returns correct stats for baseline with findings', () => {
+        const baseline = makeBaseline({
+            findings: [
+                { ruleId: 'INJ-001', file: 'test.md', line: 1, match: 'x', hash: 'a', acceptedDate: new Date().toISOString(), severity: 'HIGH' },
+                { ruleId: 'CRED-001', file: 'test.md', line: 2, match: 'y', hash: 'b', acceptedDate: new Date().toISOString(), severity: 'CRITICAL' },
+            ],
+        });
+        const stats = getBaselineStats(baseline);
+        expect(stats.totalFindings).toBe(2);
+    });
+});
+describe('validateBaseline', () => {
+    it('validates a baseline against scan results', () => {
+        const finding = makeFinding();
+        const scanResult = makeScanResult([finding]);
+        const baseline = createBaseline(scanResult);
+        const result = validateBaseline(baseline, scanResult);
+        expect(Array.isArray(result.valid)).toBe(true);
+        expect(Array.isArray(result.invalid)).toBe(true);
+        expect(result.valid.length).toBe(1);
+    });
+    it('marks findings as invalid when not in current scan', () => {
+        const oldFinding = {
+            ruleId: 'OLD-001',
+            file: 'old.md',
+            line: 1,
+            match: 'old content',
+            hash: 'oldhash123',
+            acceptedDate: new Date().toISOString(),
+        };
+        const baseline = makeBaseline({ findings: [oldFinding] });
+        const emptyResult = makeScanResult([]);
+        const result = validateBaseline(baseline, emptyResult);
+        expect(result.invalid).toHaveLength(1);
+        expect(result.valid).toHaveLength(0);
+    });
+});
+//# sourceMappingURL=baselineExtra.test.js.map

package/dist/__tests__/capabilityMapping.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Capability Mapping Tests
+ */
+export {};
+//# sourceMappingURL=capabilityMapping.test.d.ts.map