fivosense 0.1.0

package/dist/features/fix.js

@@ -0,0 +1,115 @@
+/**
+ * Auto-fix Generator - Suggests and applies security fixes
+ */
+/**
+ * Generate fix for a vulnerability
+ */
+export function generateFix(trace, code) {
+    const { category, location } = trace;
+    switch (category) {
+        case 'sql':
+            return generateSQLFix(trace, code);
+        case 'xss':
+            return generateXSSFix(trace, code);
+        case 'command':
+            return generateCommandFix(trace, code);
+        default:
+            return null;
+    }
+}
+/**
+ * Generate SQL injection fix
+ */
+function generateSQLFix(trace, code) {
+    // Extract the vulnerable line
+    const lines = code.split('\n');
+    const line = lines[trace.location.line - 1] || '';
+    // Detect query pattern
+    if (line.includes('db.execute') || line.includes('db.query')) {
+        return {
+            original: line.trim(),
+            fixed: line.replace(/`([^`]+)`/, (match, query) => {
+                // Convert template literal to parameterized query
+                const parameterized = query.replace(/\$\{([^}]+)\}/g, '?');
+                return `'${parameterized}', [${query.match(/\$\{([^}]+)\}/g)?.map((m) => m.slice(2, -1)).join(', ') || ''}]`;
+            }),
+            explanation: 'Use parameterized queries to prevent SQL injection',
+            confidence: 0.9,
+            type: 'parameterize',
+        };
+    }
+    return {
+        original: line.trim(),
+        fixed: line.trim(),
+        explanation: 'Manual review required - complex SQL pattern',
+        confidence: 0.5,
+        type: 'validate',
+    };
+}
+/**
+ * Generate XSS fix
+ */
+function generateXSSFix(trace, code) {
+    const lines = code.split('\n');
+    const line = lines[trace.location.line - 1] || '';
+    if (line.includes('res.send')) {
+        return {
+            original: line.trim(),
+            fixed: line.replace(/res\.send\(([^)]+)\)/, 'res.send(escapeHtml($1))'),
+            explanation: 'Escape HTML to prevent XSS',
+            confidence: 0.85,
+            type: 'encode',
+        };
+    }
+    if (line.includes('innerHTML')) {
+        return {
+            original: line.trim(),
+            fixed: line.replace(/\.innerHTML\s*=/, '.textContent ='),
+            explanation: 'Use textContent instead of innerHTML to prevent XSS',
+            confidence: 0.9,
+            type: 'encode',
+        };
+    }
+    return {
+        original: line.trim(),
+        fixed: line.trim(),
+        explanation: 'Manual review required - XSS context unclear',
+        confidence: 0.5,
+        type: 'encode',
+    };
+}
+/**
+ * Generate command injection fix
+ */
+function generateCommandFix(trace, code) {
+    const lines = code.split('\n');
+    const line = lines[trace.location.line - 1] || '';
+    if (line.includes('exec(')) {
+        return {
+            original: line.trim(),
+            fixed: line.replace(/exec\(([^)]+)\)/, 'execFile(command, args)'),
+            explanation: 'Use execFile with array arguments to prevent command injection',
+            confidence: 0.8,
+            type: 'validate',
+        };
+    }
+    return {
+        original: line.trim(),
+        fixed: line.trim(),
+        explanation: 'Validate and sanitize all command arguments',
+        confidence: 0.6,
+        type: 'validate',
+    };
+}
+/**
+ * Apply fix to code
+ */
+export function applyFix(code, fix, lineNumber) {
+    const lines = code.split('\n');
+    if (lineNumber < 1 || lineNumber > lines.length) {
+        return code;
+    }
+    lines[lineNumber - 1] = fix.fixed;
+    return lines.join('\n');
+}
+//# sourceMappingURL=fix.js.map

package/dist/features/fix.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix.js","sourceRoot":"","sources":["../../src/features/fix.ts"],"names":[],"mappings":"AAAA;;GAEG;AAYH;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,IAAY;IACzD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAErC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK;YACR,OAAO,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACrC,KAAK,KAAK;YACR,OAAO,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAiB,EAAE,IAAY;IACrD,8BAA8B;IAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAElD,uBAAuB;IACvB,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7D,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;YACrB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;gBAChD,kDAAkD;gBAClD,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAC3D,OAAO,IAAI,aAAa,OAAO,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC;YACvH,CAAC,CAAC;YACF,WAAW,EAAE,oDAAoD;YACjE,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,cAAc;SACrB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;QACrB,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;QAClB,WAAW,EAAE,8CAA8C;QAC3D,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,UAAU;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAiB,EAAE,IAAY;IACrD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAElD,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;YACrB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,0BAA0B,CAAC;YACvE,WAAW,EAAE,4BAA4B;YACzC,UAAU,EAAE,IAAI;YAChB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;YACrB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;YACxD,WAAW,EAAE,qDAAqD;YAClE,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;QACrB,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;QAClB,WAAW,EAAE,8CAA8C;QAC3D,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,QAAQ;KACf,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAiB,EAAE,IAAY;IACzD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAElD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;YACrB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;YACjE,WAAW,EAAE,gEAAgE;YAC7E,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,UAAU;SACjB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;QACrB,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;QAClB,WAAW,EAAE,6CAA6C;QAC1D,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,UAAU;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,GAAgB,EAAE,UAAkB;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC;IAClC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/features/roast.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Roast Mode - Generates viral, shareable roasts for insecure code
+ */
+import { AuditResult } from '../index.js';
+export interface Roast {
+    title: string;
+    message: string;
+    severity: 'mild' | 'spicy' | 'brutal';
+    emoji: string;
+}
+/**
+ * Generate roast based on audit results
+ */
+export declare function generateRoast(result: AuditResult): Roast;
+/**
+ * Format roast for display
+ */
+export declare function formatRoast(roast: Roast): string;
+/**
+ * Generate shareable roast badge
+ */
+export declare function generateRoastBadge(result: AuditResult): string;
+//# sourceMappingURL=roast.d.ts.map

package/dist/features/roast.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roast.d.ts","sourceRoot":"","sources":["../../src/features/roast.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,WAAW,KAAK;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IACtC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,WAAW,GAAG,KAAK,CAgDxD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CAMhD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAe9D"}

package/dist/features/roast.js

@@ -0,0 +1,96 @@
+/**
+ * Roast Mode - Generates viral, shareable roasts for insecure code
+ */
+/**
+ * Generate roast based on audit results
+ */
+export function generateRoast(result) {
+    const { summary } = result;
+    const total = summary.total;
+    const critical = summary.critical;
+    const high = summary.high;
+    if (total === 0) {
+        return {
+            title: 'Clean Code Champion',
+            message: '🎉 No vulnerabilities found! Your code is cleaner than your browser history.',
+            severity: 'mild',
+            emoji: '✨',
+        };
+    }
+    if (critical >= 3) {
+        return {
+            title: 'Security Nightmare',
+            message: `💀 ${critical} critical vulnerabilities? Even script kiddies are embarrassed for you. This code is more open than a 24/7 convenience store.`,
+            severity: 'brutal',
+            emoji: '💀',
+        };
+    }
+    if (critical >= 1) {
+        return {
+            title: 'Living Dangerously',
+            message: `🔥 ${critical} critical issue(s) detected. Your code has more holes than Swiss cheese. SQL injection goes brrr.`,
+            severity: 'spicy',
+            emoji: '🔥',
+        };
+    }
+    if (high >= 3) {
+        return {
+            title: 'Almost There',
+            message: `⚠️ ${high} high-severity issues. You're one XSS away from trending on HackerNews for the wrong reasons.`,
+            severity: 'spicy',
+            emoji: '⚠️',
+        };
+    }
+    return {
+        title: 'Needs Improvement',
+        message: `📝 ${total} security issue(s) found. Not terrible, but your future self will judge you.`,
+        severity: 'mild',
+        emoji: '📝',
+    };
+}
+/**
+ * Format roast for display
+ */
+export function formatRoast(roast) {
+    return `
+${roast.emoji} ${roast.title} ${roast.emoji}
+
+${roast.message}
+`;
+}
+/**
+ * Generate shareable roast badge
+ */
+export function generateRoastBadge(result) {
+    const roast = generateRoast(result);
+    const grade = getSecurityGrade(result);
+    return `
+## 🛡️ FivoSense Security Roast
+
+**Grade:** ${grade}  
+**Verdict:** ${roast.title}
+
+${roast.message}
+
+---
+Roasted by [FivoSense](https://github.com/fivosense) — Neuro-symbolic security scanner
+`;
+}
+/**
+ * Get security grade (A-F)
+ */
+function getSecurityGrade(result) {
+    const { summary } = result;
+    if (summary.total === 0)
+        return 'A+';
+    if (summary.critical === 0 && summary.high === 0)
+        return 'A';
+    if (summary.critical === 0 && summary.high <= 2)
+        return 'B';
+    if (summary.critical === 0)
+        return 'C';
+    if (summary.critical <= 1)
+        return 'D';
+    return 'F';
+}
+//# sourceMappingURL=roast.js.map

package/dist/features/roast.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roast.js","sourceRoot":"","sources":["../../src/features/roast.ts"],"names":[],"mappings":"AAAA;;GAEG;AAWH;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,MAAmB;IAC/C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAE1B,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,OAAO;YACL,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EAAE,8EAA8E;YACvF,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,GAAG;SACX,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,KAAK,EAAE,oBAAoB;YAC3B,OAAO,EAAE,MAAM,QAAQ,+HAA+H;YACtJ,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,KAAK,EAAE,oBAAoB;YAC3B,OAAO,EAAE,MAAM,QAAQ,mGAAmG;YAC1H,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;QACd,OAAO;YACL,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,MAAM,IAAI,+FAA+F;YAClH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,MAAM,KAAK,8EAA8E;QAClG,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,IAAI;KACZ,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAY;IACtC,OAAO;EACP,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK;;EAEzC,KAAK,CAAC,OAAO;CACd,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAmB;IACpD,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO;;;aAGI,KAAK;eACH,KAAK,CAAC,KAAK;;EAExB,KAAK,CAAC,OAAO;;;;CAId,CAAC;AACF,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAmB;IAC3C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAE3B,IAAI,OAAO,CAAC,KAAK,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,OAAO,CAAC,QAAQ,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAC7D,IAAI,OAAO,CAAC,QAAQ,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC;IAC5D,IAAI,OAAO,CAAC,QAAQ,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACvC,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC;IACtC,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/hooks/agent.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Agent PreToolUse Hook - Blocks dangerous AI actions in real-time
+ */
+export interface BlockResult {
+    blocked: boolean;
+    reason: string;
+    severity: 'critical' | 'high' | 'medium';
+    suggestion?: string;
+}
+/**
+ * Check if proposed action should be blocked
+ */
+export declare function checkAction(action: string, code?: string): BlockResult;
+/**
+ * PreToolUse hook for AI agents
+ * Returns exit code 2 if action should be blocked
+ */
+export declare function preToolUseHook(toolName: string, args: any): number;
+//# sourceMappingURL=agent.d.ts.map

package/dist/hooks/agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/hooks/agent.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,WAAW,CA8BtE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,MAAM,CA8BlE"}

package/dist/hooks/agent.js

@@ -0,0 +1,69 @@
+/**
+ * Agent PreToolUse Hook - Blocks dangerous AI actions in real-time
+ */
+import { detectDestructive } from '../rules/destructive.js';
+import { detectSecrets } from '../rules/secrets.js';
+/**
+ * Check if proposed action should be blocked
+ */
+export function checkAction(action, code) {
+    // Check for destructive commands
+    const destructive = detectDestructive(action);
+    if (destructive.length > 0) {
+        return {
+            blocked: true,
+            reason: `Destructive command detected: ${destructive[0].description}`,
+            severity: destructive[0].severity,
+            suggestion: 'Review the command carefully before executing',
+        };
+    }
+    // Check for hardcoded secrets in code
+    if (code) {
+        const secrets = detectSecrets(code);
+        if (secrets.length > 0) {
+            return {
+                blocked: true,
+                reason: `Hardcoded secret detected: ${secrets[0].description}`,
+                severity: 'high',
+                suggestion: 'Use environment variables instead',
+            };
+        }
+    }
+    return {
+        blocked: false,
+        reason: '',
+        severity: 'medium',
+    };
+}
+/**
+ * PreToolUse hook for AI agents
+ * Returns exit code 2 if action should be blocked
+ */
+export function preToolUseHook(toolName, args) {
+    // Check file write operations
+    if (toolName === 'write_file' || toolName === 'edit_file') {
+        const content = args.content || args.new_content || '';
+        const result = checkAction('', content);
+        if (result.blocked) {
+            console.error(`\n❌ BLOCKED: ${result.reason}`);
+            if (result.suggestion) {
+                console.error(`💡 Suggestion: ${result.suggestion}`);
+            }
+            return 2; // Exit code 2 signals block
+        }
+    }
+    // Check shell commands
+    if (toolName === 'bash' || toolName === 'execute') {
+        const command = args.command || args.cmd || '';
+        const result = checkAction(command);
+        if (result.blocked) {
+            console.error(`\n❌ BLOCKED: ${result.reason}`);
+            if (result.suggestion) {
+                console.error(`💡 Suggestion: ${result.suggestion}`);
+            }
+            return 2;
+        }
+    }
+    return 0; // Allow
+}
+//# sourceMappingURL=agent.js.map

package/dist/hooks/agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.js","sourceRoot":"","sources":["../../src/hooks/agent.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AASpD;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,MAAc,EAAE,IAAa;IACvD,iCAAiC;IACjC,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,iCAAiC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YACrE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ;YACjC,UAAU,EAAE,+CAA+C;SAC5D,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,8BAA8B,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;gBAC9D,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,mCAAmC;aAChD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,QAAQ;KACnB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAS;IACxD,8BAA8B;IAC9B,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QACvD,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAExC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;YACvD,CAAC;YACD,OAAO,CAAC,CAAC,CAAC,4BAA4B;QACxC,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAEpC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;YACvD,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,CAAC,CAAC,QAAQ;AACpB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,34 @@
+/**
+ * FivoSense - Neuro-symbolic AI security plugin
+ * Entry point for the engine
+ */
+export interface AuditResult {
+    vulnerabilities: any[];
+    secrets: any[];
+    destructive: any[];
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+    };
+}
+/**
+ * Audit a file for security issues
+ */
+export declare function auditFile(filepath: string): Promise<AuditResult>;
+/**
+ * Audit code string for security issues
+ */
+export declare function auditCode(code: string, filename?: string): Promise<AuditResult>;
+/**
+ * Format audit result for display
+ */
+export declare function formatAuditResult(result: AuditResult): string;
+export * from './engine/graph.js';
+export * from './engine/taint.js';
+export * from './engine/sources.js';
+export * from './engine/sinks.js';
+export * from './rules/secrets.js';
+export * from './rules/destructive.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,WAAW,WAAW;IAC1B,eAAe,EAAE,GAAG,EAAE,CAAC;IACvB,OAAO,EAAE,GAAG,EAAE,CAAC;IACf,WAAW,EAAE,GAAG,EAAE,CAAC;IACnB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAKD;;GAEG;AACH,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAStE;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,SAAa,GAAG,OAAO,CAAC,WAAW,CAAC,CAsCzF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAoD7D;AAGD,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,wBAAwB,CAAC"}

package/dist/index.js

@@ -0,0 +1,116 @@
+/**
+ * FivoSense - Neuro-symbolic AI security plugin
+ * Entry point for the engine
+ */
+import { readFileSync, statSync } from 'fs';
+import { buildDataFlowGraph } from './engine/graph.js';
+import { generateTaintTraces, getVulnerableTraces, formatTrace } from './engine/taint.js';
+import { detectSecrets } from './rules/secrets.js';
+import { detectDestructive } from './rules/destructive.js';
+// Security: Max file size to prevent memory exhaustion
+const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB
+/**
+ * Audit a file for security issues
+ */
+export async function auditFile(filepath) {
+    // Security check: File size limit
+    const stats = statSync(filepath);
+    if (stats.size > MAX_FILE_SIZE) {
+        throw new Error(`File too large: ${(stats.size / 1024 / 1024).toFixed(2)}MB (max ${MAX_FILE_SIZE / 1024 / 1024}MB)`);
+    }
+    const code = readFileSync(filepath, 'utf-8');
+    return auditCode(code, filepath);
+}
+/**
+ * Audit code string for security issues
+ */
+export async function auditCode(code, filename = 'input.js') {
+    // Security check: Code length
+    if (code.length > MAX_FILE_SIZE) {
+        throw new Error(`Code too large: ${(code.length / 1024 / 1024).toFixed(2)}MB (max ${MAX_FILE_SIZE / 1024 / 1024}MB)`);
+    }
+    // Build data-flow graph
+    const graph = buildDataFlowGraph(code, filename);
+    // Generate taint traces
+    const allTraces = generateTaintTraces(graph, filename);
+    const vulnerabilities = getVulnerableTraces(allTraces);
+    // Detect secrets
+    const secrets = detectSecrets(code);
+    // Detect destructive commands
+    const destructive = detectDestructive(code);
+    // Calculate summary
+    const criticalCount = vulnerabilities.filter(v => v.severity === 'critical').length +
+        destructive.filter(d => d.severity === 'critical').length;
+    const highCount = vulnerabilities.filter(v => v.severity === 'high').length +
+        secrets.length +
+        destructive.filter(d => d.severity === 'high').length;
+    const mediumCount = vulnerabilities.filter(v => v.severity === 'medium').length;
+    return {
+        vulnerabilities,
+        secrets,
+        destructive,
+        summary: {
+            total: vulnerabilities.length + secrets.length + destructive.length,
+            critical: criticalCount,
+            high: highCount,
+            medium: mediumCount,
+        },
+    };
+}
+/**
+ * Format audit result for display
+ */
+export function formatAuditResult(result) {
+    const lines = [];
+    lines.push('🛡️  FivoSense Security Audit\n');
+    lines.push('═'.repeat(50));
+    lines.push('');
+    // Summary
+    lines.push('📊 Summary:');
+    lines.push(`   Total findings: ${result.summary.total}`);
+    lines.push(`   Critical: ${result.summary.critical}`);
+    lines.push(`   High: ${result.summary.high}`);
+    lines.push(`   Medium: ${result.summary.medium}`);
+    lines.push('');
+    // Vulnerabilities
+    if (result.vulnerabilities.length > 0) {
+        lines.push('❌ Vulnerabilities:');
+        lines.push('');
+        result.vulnerabilities.forEach((vuln, i) => {
+            lines.push(`${i + 1}. ${formatTrace(vuln)}`);
+            lines.push('');
+        });
+    }
+    // Secrets
+    if (result.secrets.length > 0) {
+        lines.push('🔑 Hardcoded Secrets:');
+        lines.push('');
+        result.secrets.forEach((secret, i) => {
+            lines.push(`${i + 1}. [${secret.severity.toUpperCase()}] ${secret.description}`);
+            lines.push(`   Line ${secret.line}: ${secret.match}`);
+            lines.push('');
+        });
+    }
+    // Destructive commands
+    if (result.destructive.length > 0) {
+        lines.push('💥 Destructive Commands:');
+        lines.push('');
+        result.destructive.forEach((cmd, i) => {
+            lines.push(`${i + 1}. [${cmd.severity.toUpperCase()}] ${cmd.description}`);
+            lines.push(`   Category: ${cmd.category}`);
+            lines.push('');
+        });
+    }
+    if (result.summary.total === 0) {
+        lines.push('✅ No security issues found!');
+    }
+    return lines.join('\n');
+}
+// Export main functions
+export * from './engine/graph.js';
+export * from './engine/taint.js';
+export * from './engine/sources.js';
+export * from './engine/sinks.js';
+export * from './rules/secrets.js';
+export * from './rules/destructive.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAsB,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC1F,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAc3D,uDAAuD;AACvD,MAAM,aAAa,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,kCAAkC;IAClC,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,IAAI,GAAG,aAAa,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,aAAa,GAAG,IAAI,GAAG,IAAI,KAAK,CAAC,CAAC;IACvH,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,OAAO,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAY,EAAE,QAAQ,GAAG,UAAU;IACjE,8BAA8B;IAC9B,IAAI,IAAI,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,aAAa,GAAG,IAAI,GAAG,IAAI,KAAK,CAAC,CAAC;IACxH,CAAC;IAED,wBAAwB;IACxB,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAEjD,wBAAwB;IACxB,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAEvD,iBAAiB;IACjB,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAEpC,8BAA8B;IAC9B,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAE5C,oBAAoB;IACpB,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAC7D,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAChF,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACzD,OAAO,CAAC,MAAM;QACd,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEhF,OAAO;QACL,eAAe;QACf,OAAO;QACP,WAAW;QACX,OAAO,EAAE;YACP,KAAK,EAAE,eAAe,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM;YACnE,QAAQ,EAAE,aAAa;YACvB,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,WAAW;SACpB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAmB;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC1B,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACzD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,kBAAkB;IAClB,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACzC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,UAAU;IACV,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACnC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;YACjF,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YACtD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;YACpC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;YAC3E,KAAK,CAAC,IAAI,CAAC,gBAAgB,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,wBAAwB;AACxB,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,wBAAwB,CAAC"}

package/dist/rules/destructive.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Destructive command detection
+ * Blocks dangerous operations: rm -rf, DROP TABLE, mass deletes, etc.
+ */
+export interface DestructivePattern {
+    pattern: RegExp;
+    description: string;
+    severity: 'critical' | 'high';
+    category: 'filesystem' | 'database' | 'system';
+}
+/**
+ * Filesystem destructive patterns
+ */
+export declare const FS_DESTRUCTIVE: DestructivePattern[];
+/**
+ * Database destructive patterns
+ */
+export declare const DB_DESTRUCTIVE: DestructivePattern[];
+/**
+ * System destructive patterns
+ */
+export declare const SYSTEM_DESTRUCTIVE: DestructivePattern[];
+/**
+ * All destructive patterns
+ */
+export declare const ALL_DESTRUCTIVE: DestructivePattern[];
+/**
+ * Check if code contains destructive patterns
+ */
+export declare function detectDestructive(code: string): DestructivePattern[];
+/**
+ * Check if specific line contains destructive command
+ */
+export declare function isDestructiveLine(line: string): DestructivePattern | null;
+//# sourceMappingURL=destructive.d.ts.map

package/dist/rules/destructive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"destructive.d.ts","sourceRoot":"","sources":["../../src/rules/destructive.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,CAAC;IAC9B,QAAQ,EAAE,YAAY,GAAG,UAAU,GAAG,QAAQ,CAAC;CAChD;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,kBAAkB,EAyB9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,kBAAkB,EA+B9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,kBAAkB,EAalD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,sBAI3B,CAAC;AAEF;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAUpE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI,CAOzE"}

package/dist/rules/destructive.js

@@ -0,0 +1,117 @@
+/**
+ * Destructive command detection
+ * Blocks dangerous operations: rm -rf, DROP TABLE, mass deletes, etc.
+ */
+/**
+ * Filesystem destructive patterns
+ */
+export const FS_DESTRUCTIVE = [
+    {
+        pattern: /rm\s+-rf\s+[\/~]/,
+        description: 'Recursive force delete from root',
+        severity: 'critical',
+        category: 'filesystem',
+    },
+    {
+        pattern: /rm\s+-rf\s+\*/,
+        description: 'Recursive force delete with wildcard',
+        severity: 'critical',
+        category: 'filesystem',
+    },
+    {
+        pattern: /unlink\s*\(\s*['"]\/['"]\s*\)/,
+        description: 'Unlink root directory',
+        severity: 'critical',
+        category: 'filesystem',
+    },
+    {
+        pattern: /fs\.rmdir\s*\(\s*['"]\/['"]/,
+        description: 'Remove root directory',
+        severity: 'critical',
+        category: 'filesystem',
+    },
+];
+/**
+ * Database destructive patterns
+ */
+export const DB_DESTRUCTIVE = [
+    {
+        pattern: /DROP\s+TABLE/i,
+        description: 'SQL DROP TABLE',
+        severity: 'critical',
+        category: 'database',
+    },
+    {
+        pattern: /DROP\s+DATABASE/i,
+        description: 'SQL DROP DATABASE',
+        severity: 'critical',
+        category: 'database',
+    },
+    {
+        pattern: /TRUNCATE\s+TABLE/i,
+        description: 'SQL TRUNCATE TABLE',
+        severity: 'high',
+        category: 'database',
+    },
+    {
+        pattern: /DELETE\s+FROM\s+\w+\s*;/i,
+        description: 'SQL DELETE without WHERE clause',
+        severity: 'critical',
+        category: 'database',
+    },
+    {
+        pattern: /db\.collection\(\w+\)\.drop\(\)/,
+        description: 'MongoDB collection drop',
+        severity: 'high',
+        category: 'database',
+    },
+];
+/**
+ * System destructive patterns
+ */
+export const SYSTEM_DESTRUCTIVE = [
+    {
+        pattern: /shutdown|reboot|halt/i,
+        description: 'System shutdown command',
+        severity: 'critical',
+        category: 'system',
+    },
+    {
+        pattern: /kill\s+-9\s+1/,
+        description: 'Kill init process',
+        severity: 'critical',
+        category: 'system',
+    },
+];
+/**
+ * All destructive patterns
+ */
+export const ALL_DESTRUCTIVE = [
+    ...FS_DESTRUCTIVE,
+    ...DB_DESTRUCTIVE,
+    ...SYSTEM_DESTRUCTIVE,
+];
+/**
+ * Check if code contains destructive patterns
+ */
+export function detectDestructive(code) {
+    const matches = [];
+    for (const pattern of ALL_DESTRUCTIVE) {
+        if (pattern.pattern.test(code)) {
+            matches.push(pattern);
+        }
+    }
+    return matches;
+}
+/**
+ * Check if specific line contains destructive command
+ */
+export function isDestructiveLine(line) {
+    for (const pattern of ALL_DESTRUCTIVE) {
+        if (pattern.pattern.test(line)) {
+            return pattern;
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=destructive.js.map