fivosense 0.1.5 → 0.2.0

package/dist/rules/secrets.js

@@ -1,46 +1,294 @@
 /**
- * Secret detection - finds hardcoded API keys, tokens, passwords
- */
-/**
- * Common secret patterns
+ * FivoSense - AI Security Scanner
+ * Copyright (c) 2026 thevinsoni
+ * Licensed under the MIT License
+ * https://github.com/thevinsoni/sense
  */
 export const SECRET_PATTERNS = [
+    // === AI / ML ===
     {
-        pattern: /['"][A-Za-z0-9_]{32,}['"]/,
-        type: 'generic_token',
-        description: 'Generic API token (32+ chars)',
+        pattern: /['"]sk-proj-[A-Za-z0-9_-]{20,}['"]/,
+        type: 'openai_project_key',
+        description: 'OpenAI Project API key',
         severity: 'high',
     },
     {
-        pattern: /['"]sk-[A-Za-z0-9]{48}['"]/,
+        pattern: /['"]sk-[A-Za-z0-9]{20,}['"]/,
         type: 'openai_key',
         description: 'OpenAI API key',
         severity: 'high',
     },
+    {
+        pattern: /['"]sk-ant-[A-Za-z0-9_-]{20,}['"]/,
+        type: 'anthropic_key',
+        description: 'Anthropic Claude API key',
+        severity: 'high',
+    },
     {
         pattern: /['"]AIza[A-Za-z0-9_-]{35}['"]/,
         type: 'google_api_key',
         description: 'Google API key',
         severity: 'high',
     },
+    {
+        pattern: /['"]ya29\.[A-Za-z0-9_-]+['"]/,
+        type: 'google_oauth_token',
+        description: 'Google OAuth access token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"][0-9]+-[A-Za-z0-9_]{32}\.apps\.googleusercontent\.com['"]/,
+        type: 'google_oauth_client_id',
+        description: 'Google OAuth client ID',
+        severity: 'high',
+    },
+    // === Cloud Providers ===
     {
         pattern: /['"]AKIA[A-Z0-9]{16}['"]/,
         type: 'aws_access_key',
         description: 'AWS Access Key ID',
         severity: 'high',
     },
+    {
+        pattern: /['"]ASIA[A-Z0-9]{16}['"]/,
+        type: 'aws_temp_key',
+        description: 'AWS Temporary Access Key',
+        severity: 'high',
+    },
+    {
+        pattern: /aws[_-]?secret[_-]?access[_-]?key\s*[:=]\s*['"][A-Za-z0-9/+=]{40}['"]/i,
+        type: 'aws_secret_key',
+        description: 'AWS Secret Access Key',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]arn:aws:[a-z0-9-]+:[a-z0-9-]*:[0-9]+:/,
+        type: 'aws_arn',
+        description: 'AWS ARN (resource identifier)',
+        severity: 'medium',
+    },
+    {
+        pattern: /AccountKey\s*=\s*[A-Za-z0-9+/=]{80,}/i,
+        type: 'azure_storage_key',
+        description: 'Azure Storage Account Key',
+        severity: 'high',
+    },
+    {
+        pattern: /['"][a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]/,
+        type: 'azure_tenant_or_client',
+        description: 'Azure Tenant/Client UUID',
+        severity: 'medium',
+    },
+    {
+        pattern: /['"](?:AAAA)[A-Za-z0-9+/=]{40,}['"]/,
+        type: 'firebase_token',
+        description: 'Firebase authentication token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}['"]/,
+        type: 'sendgrid_key',
+        description: 'SendGrid API key',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]service_account['"]\s*[:=]/i,
+        type: 'gcp_service_account',
+        description: 'GCP service account',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]type['"]\s*[:=]\s*['"]service_account['"]/i,
+        type: 'gcp_sa_json',
+        description: 'GCP service account JSON',
+        severity: 'high',
+    },
+    // === GitHub / Git ===
     {
         pattern: /['"]ghp_[A-Za-z0-9]{36}['"]/,
-        type: 'github_token',
-        description: 'GitHub Personal Access Token',
+        type: 'github_pat',
+        description: 'GitHub Personal Access Token (classic)',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]github_pat_[A-Za-z0-9_]{22,}['"]/,
+        type: 'github_fine_grained_pat',
+        description: 'GitHub Fine-Grained PAT',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]gho_[A-Za-z0-9]{36}['"]/,
+        type: 'github_oauth',
+        description: 'GitHub OAuth token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]ghs_[A-Za-z0-9]{36}['"]/,
+        type: 'github_app_token',
+        description: 'GitHub App installation token',
         severity: 'high',
     },
+    {
+        pattern: /['"]ghr_[A-Za-z0-9]{36}['"]/,
+        type: 'github_refresh',
+        description: 'GitHub refresh token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]glpat-[A-Za-z0-9_-]{20,}['"]/,
+        type: 'gitlab_pat',
+        description: 'GitLab Personal Access Token',
+        severity: 'high',
+    },
+    // === Communication ===
     {
         pattern: /['"]xox[baprs]-[A-Za-z0-9-]{10,}['"]/,
         type: 'slack_token',
         description: 'Slack Token',
         severity: 'high',
     },
+    {
+        pattern: /['"]https:\/\/hooks\.slack\.com\/services\/T[A-Z0-9]+\/B[A-Z0-9]+\/[A-Za-z0-9]+['"]/,
+        type: 'slack_webhook',
+        description: 'Slack Webhook URL',
+        severity: 'high',
+    },
+    {
+        pattern: /['"][0-9]+:AA[A-Za-z0-9_-]{30,}['"]/,
+        type: 'telegram_bot_token',
+        description: 'Telegram Bot Token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]discord(app)?\.com\/api\/webhooks\/[0-9]+\/[A-Za-z0-9_-]+['"]/,
+        type: 'discord_webhook',
+        description: 'Discord Webhook URL',
+        severity: 'high',
+    },
+    // === Payment ===
+    {
+        pattern: /['"]sk_live_[A-Za-z0-9]{20,}['"]/,
+        type: 'stripe_secret_live',
+        description: 'Stripe Secret Key (LIVE)',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]sk_test_[A-Za-z0-9]{20,}['"]/,
+        type: 'stripe_secret_test',
+        description: 'Stripe Secret Key (test)',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]rk_live_[A-Za-z0-9]{20,}['"]/,
+        type: 'stripe_restricted_live',
+        description: 'Stripe Restricted Key (LIVE)',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]rk_test_[A-Za-z0-9]{20,}['"]/,
+        type: 'stripe_restricted_test',
+        description: 'Stripe Restricted Key (test)',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]sq0csp-[A-Za-z0-9_-]{22,}['"]/,
+        type: 'square_key',
+        description: 'Square OAuth secret',
+        severity: 'high',
+    },
+    // === SaaS / Dev Tools ===
+    {
+        pattern: /['"]npm_[A-Za-z0-9]{36}['"]/,
+        type: 'npm_token',
+        description: 'npm access token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]pypi-[A-Za-z0-9_-]{50,}['"]/,
+        type: 'pypi_token',
+        description: 'PyPI API token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]do_[a-zA-Z0-9]{64}['"]/,
+        type: 'digitalocean_token',
+        description: 'DigitalOcean API token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]dop_v1_[a-f0-9]{64}['"]/,
+        type: 'doppler_token',
+        description: 'Doppler service token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]NRAK-[A-Z0-9]{27}['"]/,
+        type: 'newrelic_key',
+        description: 'New Relic API key',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]shpat_[a-fA-F0-9]{32}['"]/,
+        type: 'shopify_key',
+        description: 'Shopify Private App Access Token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]shpss_[a-fA-F0-9]{32}['"]/,
+        type: 'shopify_secret',
+        description: 'Shopify Shared Secret',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]Bearer\s+[A-Za-z0-9_-]{20,}['"]/,
+        type: 'bearer_token',
+        description: 'Bearer authentication token',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]Basic\s+[A-Za-z0-9+/=]{20,}['"]/,
+        type: 'basic_auth',
+        description: 'Basic authentication header',
+        severity: 'high',
+    },
+    // === Database Connection Strings ===
+    {
+        pattern: /['"]mongodb(\+srv)?:\/\/[^'"]+['"]/,
+        type: 'mongodb_uri',
+        description: 'MongoDB connection string',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]postgres(ql)?:\/\/[^'"]+['"]/,
+        type: 'postgres_uri',
+        description: 'PostgreSQL connection string',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]mysql:\/\/[^'"]+['"]/,
+        type: 'mysql_uri',
+        description: 'MySQL connection string',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]redis:\/\/[^'"]+['"]/,
+        type: 'redis_uri',
+        description: 'Redis connection string',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]amqps?:\/\/[^'"]+['"]/,
+        type: 'amqp_uri',
+        description: 'AMQP connection string',
+        severity: 'high',
+    },
+    {
+        pattern: /['"]jdbc:[^'"]+['"]/,
+        type: 'jdbc_uri',
+        description: 'JDBC connection string',
+        severity: 'high',
+    },
+    // === Generic Hardcoded Credentials ===
     {
         pattern: /password\s*[:=]\s*['"][^'"]+['"]/i,
         type: 'password',
@@ -59,15 +307,47 @@ export const SECRET_PATTERNS = [
         description: 'Hardcoded secret',
         severity: 'high',
     },
+    {
+        pattern: /token\s*[:=]\s*['"][^'"]{20,}['"]/i,
+        type: 'token',
+        description: 'Hardcoded token',
+        severity: 'high',
+    },
+    {
+        pattern: /private[_-]?key\s*[:=]\s*['"][^'"]+['"]/i,
+        type: 'private_key',
+        description: 'Hardcoded private key',
+        severity: 'high',
+    },
+    {
+        pattern: /access[_-]?key\s*[:=]\s*['"][^'"]+['"]/i,
+        type: 'access_key',
+        description: 'Hardcoded access key',
+        severity: 'high',
+    },
+    {
+        pattern: /auth[_-]?token\s*[:=]\s*['"][^'"]+['"]/i,
+        type: 'auth_token',
+        description: 'Hardcoded auth token',
+        severity: 'high',
+    },
+    {
+        pattern: /client[_-]?secret\s*[:=]\s*['"][^'"]+['"]/i,
+        type: 'client_secret',
+        description: 'Hardcoded client secret',
+        severity: 'high',
+    },
+    {
+        pattern: /['"][A-Za-z0-9_]{32,}['"]/,
+        type: 'generic_token',
+        description: 'Generic high-entropy token (32+ chars)',
+        severity: 'medium',
+    },
 ];
-/**
- * Detect secrets in code
- */
 export function detectSecrets(code) {
     const lines = code.split('\n');
     const matches = [];
     lines.forEach((line, index) => {
-        // Skip comments
         if (line.trim().startsWith('//') || line.trim().startsWith('*')) {
             return;
         }
@@ -86,9 +366,6 @@ export function detectSecrets(code) {
     });
     return matches;
 }
-/**
- * Check if specific line contains a secret
- */
 export function isSecretLine(line) {
     for (const pattern of SECRET_PATTERNS) {
         if (pattern.pattern.test(line)) {

package/dist/rules/secrets.js.map

@@ -1 +1 @@
-{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/rules/secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,gBAAgB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gBAAgB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,aAAa;QAC1B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,oBAAoB;QACjC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,kBAAkB;QAC/B,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAUF;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,gBAAgB;QAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChE,OAAO;QACT,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/rules/secrets.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAcH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,kBAAkB;IAClB;QACE,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,gBAAgB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gBAAgB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,+DAA+D;QACxE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,MAAM;KACjB;IAED,0BAA0B;IAC1B;QACE,OAAO,EAAE,0BAA0B;QACnC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,wEAAwE;QACjF,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uBAAuB;QACpC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,2CAA2C;QACpD,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,sEAAsE;QAC/E,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kDAAkD;QAC3D,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,kBAAkB;QAC/B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,qBAAqB;QAClC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,gDAAgD;QACzD,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,MAAM;KACjB;IAED,uBAAuB;IACvB;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,yBAAyB;QACtC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,oBAAoB;QACjC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,sBAAsB;QACnC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,MAAM;KACjB;IAED,wBAAwB;IACxB;QACE,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,aAAa;QAC1B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,qFAAqF;QAC9F,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,oBAAoB;QACjC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,mEAAmE;QAC5E,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,qBAAqB;QAClC,QAAQ,EAAE,MAAM;KACjB;IAED,kBAAkB;IAClB;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,qBAAqB;QAClC,QAAQ,EAAE,MAAM;KACjB;IAED,2BAA2B;IAC3B;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,kBAAkB;QAC/B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,gBAAgB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uBAAuB;QACpC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,kCAAkC;QAC/C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uBAAuB;QACpC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,6BAA6B;QAC1C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,6BAA6B;QAC1C,QAAQ,EAAE,MAAM;KACjB;IAED,sCAAsC;IACtC;QACE,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,yBAAyB;QACtC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,yBAAyB;QACtC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,MAAM;KACjB;IAED,wCAAwC;IACxC;QACE,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,oBAAoB;QACjC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,kBAAkB;QAC/B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,iBAAiB;QAC9B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,uBAAuB;QACpC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,sBAAsB;QACnC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,sBAAsB;QACnC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,yBAAyB;QACtC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAUF,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChE,OAAO;QACT,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/mcp/index.js

@@ -1,4 +1,11 @@
 #!/usr/bin/env node
+/**
+ * FivoSense MCP Server
+ * Copyright (c) 2026 thevinsoni
+ * Licensed under the MIT License
+ * https://github.com/thevinsoni/sense
+ */
+
 /**
  * FivoSense MCP Server
  * 
@@ -117,17 +124,33 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           low: result.summary.low,
         };
 
-        const findings = result.findings.map(f => ({
-          type: f.type,
-          severity: f.severity,
-          message: f.message,
-          source: f.source,
-          sink: f.sink,
-          cwe: f.cwe,
-          line: f.line,
-          evidence: f.evidence,
-          fix: f.fix,
-        }));
+        // Combine vulnerabilities and secrets
+        const allFindings = [
+          ...result.vulnerabilities.map(v => ({
+            type: v.category,
+            severity: v.severity,
+            message: `${v.finding} vulnerability detected`,
+            source: v.path[0] || 'unknown',
+            sink: v.path[v.path.length - 1] || 'unknown',
+            cwe: v.cwe,
+            line: v.location.line,
+            evidence: v.evidence.filter(e => e.line).map(e => `${e.type} at line ${e.line}`).join(', ') || 'No evidence',
+            fix: 'Use proper sanitization (parameterized queries, input validation, etc.)',
+          })),
+          ...result.secrets.map(s => ({
+            type: 'secret',
+            severity: 'high',
+            message: `${s.type} detected`,
+            source: 'hardcoded',
+            sink: 'code',
+            cwe: 'CWE-798',
+            line: s.line,
+            evidence: s.match,
+            fix: 'Use environment variables',
+          }))
+        ];
+        
+        const findings = allFindings;
 
         return {
           content: [
@@ -158,17 +181,29 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             critical: result.summary.critical,
             high: result.summary.high,
             medium: result.summary.medium,
-            low: result.summary.low,
           };
 
-          const findings = result.findings.map(f => ({
-            type: f.type,
-            severity: f.severity,
-            message: f.message,
-            line: f.line,
-            evidence: f.evidence,
-            fix: f.fix,
-          }));
+          // Combine vulnerabilities and secrets
+          const allFindings = [
+            ...result.vulnerabilities.map(v => ({
+              type: v.category,
+              severity: v.severity,
+              message: `${v.finding} vulnerability detected`,
+              line: v.location.line,
+              evidence: v.evidence.filter(e => e.line).map(e => `${e.type} at line ${e.line}`).join(', ') || 'No evidence',
+              fix: 'Use proper sanitization (parameterized queries, input validation, etc.)',
+            })),
+            ...result.secrets.map(s => ({
+              type: 'secret',
+              severity: 'high',
+              message: `${s.type} detected`,
+              line: s.line,
+              evidence: s.match,
+              fix: 'Use environment variables',
+            }))
+          ];
+          
+          const findings = allFindings;
 
           return {
             content: [