getdoorman 1.0.9 → 1.1.1

package/bin/doorman.js

@@ -41,8 +41,35 @@ program
   .option('--save-baseline [path]', 'Save current findings as baseline for future diffs')
   .option('--profile', 'Show performance profile of slowest rules')
   .option('--share', 'Generate a shareable score card')
+  .option('--deep', 'Run full 2,500+ rule scan (advanced)')
   .action(async (path, options) => {
     try {
+      // Default: simple 10-check mode. --deep for full scan.
+      if (!options.deep && !options.json && !options.sarif && !options.html && !options.ci && !options.detail && !options.strict) {
+        const { collectFiles } = await import('../src/scanner.js');
+        const { runSimpleChecks, printSimpleReport } = await import('../src/simple-reporter.js');
+        const files = await collectFiles(path, { silent: true });
+        const results = runSimpleChecks(files);
+        printSimpleReport(results);
+
+        // Viral hooks on first scan
+        const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
+        const { resolve } = await import('path');
+        const resolvedPath = resolve(path);
+        if (isFirstScan(resolvedPath)) {
+          const chalk = (await import('chalk')).default;
+          installClaudeMd(resolvedPath);
+          installAgentsMd(resolvedPath);
+          installCursorRules(resolvedPath);
+          installClaudeHook(resolvedPath);
+        }
+
+        const failCount = results.filter(r => !r.passed).length;
+        process.exit(failCount > 0 ? 1 : 0);
+        return;
+      }
+
+      // Deep mode: full 2,500+ rule scan
       const result = await check(path, options);
 
       // Generate shareable score card
@@ -110,55 +137,32 @@ program
 program
   .command('fix')
   .description('Tell your AI to fix issues — works in Claude, Codex, Cursor')
-  .argument('[severity]', 'Filter: critical, high, medium, or all', 'critical')
   .argument('[path]', 'Path to scan', '.')
-  .action(async (severity, path, options) => {
+  .action(async (path) => {
     const chalk = (await import('chalk')).default;
+    const { collectFiles } = await import('../src/scanner.js');
+    const { runSimpleChecks } = await import('../src/simple-reporter.js');
 
-    // Load cached scan or run a quick scan
-    let findings = [];
-    try {
-      const { loadScanCache } = await import('../src/scan-cache.js');
-      const { resolve } = await import('path');
-      const cache = loadScanCache(resolve(path));
-      if (cache && cache.findings) findings = cache.findings;
-    } catch {}
-
-    if (findings.length === 0) {
-      console.log('Scanning...');
-      const result = await check(path, { silent: true, full: true });
-      findings = result.findings;
-    }
-
-    // Filter by severity
-    const sevFilter = severity.toLowerCase();
-    let filtered;
-    if (sevFilter === 'all') {
-      filtered = findings;
-    } else if (sevFilter === 'critical') {
-      filtered = findings.filter(f => f.severity === 'critical');
-    } else if (sevFilter === 'high') {
-      filtered = findings.filter(f => f.severity === 'critical' || f.severity === 'high');
-    } else if (sevFilter === 'medium') {
-      filtered = findings.filter(f => f.severity === 'critical' || f.severity === 'high' || f.severity === 'medium');
-    } else {
-      filtered = findings.filter(f => f.severity === sevFilter);
-    }
-
-    const top = filtered.slice(0, 20);
+    const files = await collectFiles(path, { silent: true });
+    const results = runSimpleChecks(files);
+    const failed = results.filter(r => !r.passed);
 
-    if (top.length === 0) {
-      console.log(`No ${sevFilter} issues found.`);
+    if (failed.length === 0) {
+      console.log('');
+      console.log(chalk.green.bold('  All clear. Nothing to fix.'));
+      console.log('');
       return;
     }
 
     // Build the prompt
-    const issueList = top.map(f => {
-      const loc = f.file ? ` in ${f.file}${f.line ? ':' + f.line : ''}` : '';
-      return `- ${f.severity.toUpperCase()}: ${f.title}${loc}`;
-    }).join('\n');
-
-    const prompt = `Fix these ${sevFilter === 'all' ? '' : sevFilter + ' '}issues in my code:\n\n${issueList}`;
+    const issues = [];
+    for (const r of failed) {
+      for (const f of r.findings.slice(0, 5)) {
+        const loc = f.file ? ` in ${f.file}${f.line ? ':' + f.line : ''}` : '';
+        issues.push(`- ${r.name}: ${f.message}${loc}`);
+      }
+    }
+    const prompt = `Fix these issues in my code:\n\n${issues.join('\n')}`;
 
     // Detect environment: AI tool or manual terminal
     const isAI = process.env.CLAUDE_CODE || process.env.CURSOR_SESSION || process.env.CODEX_SANDBOX || process.env.TERM_PROGRAM === 'claude';

package/bin/getdoorman.js

@@ -41,8 +41,35 @@ program
   .option('--save-baseline [path]', 'Save current findings as baseline for future diffs')
   .option('--profile', 'Show performance profile of slowest rules')
   .option('--share', 'Generate a shareable score card')
+  .option('--deep', 'Run full 2,500+ rule scan (advanced)')
   .action(async (path, options) => {
     try {
+      // Default: simple 10-check mode. --deep for full scan.
+      if (!options.deep && !options.json && !options.sarif && !options.html && !options.ci && !options.detail && !options.strict) {
+        const { collectFiles } = await import('../src/scanner.js');
+        const { runSimpleChecks, printSimpleReport } = await import('../src/simple-reporter.js');
+        const files = await collectFiles(path, { silent: true });
+        const results = runSimpleChecks(files);
+        printSimpleReport(results);
+
+        // Viral hooks on first scan
+        const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
+        const { resolve } = await import('path');
+        const resolvedPath = resolve(path);
+        if (isFirstScan(resolvedPath)) {
+          const chalk = (await import('chalk')).default;
+          installClaudeMd(resolvedPath);
+          installAgentsMd(resolvedPath);
+          installCursorRules(resolvedPath);
+          installClaudeHook(resolvedPath);
+        }
+
+        const failCount = results.filter(r => !r.passed).length;
+        process.exit(failCount > 0 ? 1 : 0);
+        return;
+      }
+
+      // Deep mode: full 2,500+ rule scan
       const result = await check(path, options);
 
       // Generate shareable score card
@@ -110,55 +137,32 @@ program
 program
   .command('fix')
   .description('Tell your AI to fix issues — works in Claude, Codex, Cursor')
-  .argument('[severity]', 'Filter: critical, high, medium, or all', 'critical')
   .argument('[path]', 'Path to scan', '.')
-  .action(async (severity, path, options) => {
+  .action(async (path) => {
     const chalk = (await import('chalk')).default;
+    const { collectFiles } = await import('../src/scanner.js');
+    const { runSimpleChecks } = await import('../src/simple-reporter.js');
 
-    // Load cached scan or run a quick scan
-    let findings = [];
-    try {
-      const { loadScanCache } = await import('../src/scan-cache.js');
-      const { resolve } = await import('path');
-      const cache = loadScanCache(resolve(path));
-      if (cache && cache.findings) findings = cache.findings;
-    } catch {}
-
-    if (findings.length === 0) {
-      console.log('Scanning...');
-      const result = await check(path, { silent: true, full: true });
-      findings = result.findings;
-    }
-
-    // Filter by severity
-    const sevFilter = severity.toLowerCase();
-    let filtered;
-    if (sevFilter === 'all') {
-      filtered = findings;
-    } else if (sevFilter === 'critical') {
-      filtered = findings.filter(f => f.severity === 'critical');
-    } else if (sevFilter === 'high') {
-      filtered = findings.filter(f => f.severity === 'critical' || f.severity === 'high');
-    } else if (sevFilter === 'medium') {
-      filtered = findings.filter(f => f.severity === 'critical' || f.severity === 'high' || f.severity === 'medium');
-    } else {
-      filtered = findings.filter(f => f.severity === sevFilter);
-    }
-
-    const top = filtered.slice(0, 20);
+    const files = await collectFiles(path, { silent: true });
+    const results = runSimpleChecks(files);
+    const failed = results.filter(r => !r.passed);
 
-    if (top.length === 0) {
-      console.log(`No ${sevFilter} issues found.`);
+    if (failed.length === 0) {
+      console.log('');
+      console.log(chalk.green.bold('  All clear. Nothing to fix.'));
+      console.log('');
       return;
     }
 
     // Build the prompt
-    const issueList = top.map(f => {
-      const loc = f.file ? ` in ${f.file}${f.line ? ':' + f.line : ''}` : '';
-      return `- ${f.severity.toUpperCase()}: ${f.title}${loc}`;
-    }).join('\n');
-
-    const prompt = `Fix these ${sevFilter === 'all' ? '' : sevFilter + ' '}issues in my code:\n\n${issueList}`;
+    const issues = [];
+    for (const r of failed) {
+      for (const f of r.findings.slice(0, 5)) {
+        const loc = f.file ? ` in ${f.file}${f.line ? ':' + f.line : ''}` : '';
+        issues.push(`- ${r.name}: ${f.message}${loc}`);
+      }
+    }
+    const prompt = `Fix these issues in my code:\n\n${issues.join('\n')}`;
 
     // Detect environment: AI tool or manual terminal
     const isAI = process.env.CLAUDE_CODE || process.env.CURSOR_SESSION || process.env.CODEX_SANDBOX || process.env.TERM_PROGRAM === 'claude';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "getdoorman",
-  "version": "1.0.9",
+  "version": "1.1.1",
   "description": "Zero-config security scanner for AI-assisted development. 2000+ rules, 11 languages, 4 detection engines.",
   "main": "src/index.js",
   "exports": {

package/src/rules/bugs/general.js

@@ -290,9 +290,10 @@ const rules = [
         for (let i = 0; i < lines.length; i++) {
           const line = lines[i];
           // JS: fs.openSync, createReadStream, createConnection without close
-          if (/(?:openSync|createReadStream|createWriteStream|createConnection|createServer)\s*\(/.test(line)) {
+          if (/(?:openSync|createReadStream|createWriteStream|createServer)\s*\(/.test(line)) {
+            // Skip createConnection — often a DB client that handles pooling internally
             const rest = lines.slice(i, Math.min(lines.length, i + 30)).join('\n');
-            if (!rest.includes('.close') && !rest.includes('.end') && !rest.includes('.destroy') && !rest.includes('finally')) {
+            if (!rest.includes('.close') && !rest.includes('.end') && !rest.includes('.destroy') && !rest.includes('finally') && !rest.includes('pool') && !rest.includes('await')) {
               findings.push({
                 ruleId: 'BUG-GEN-009', category: 'bugs', severity: 'high',
                 title: 'Resource opened but never closed — potential leak',

package/src/rules/compliance/healthcare.js

@@ -107,7 +107,7 @@ const rules = [
 
   // COMP-HIPAA-011: PHI in client-side storage
   {
-    id: 'COMP-HIPAA-011', category: 'compliance', severity: 'critical', confidence: 'definite',
+    id: 'COMP-HIPAA-011', category: 'compliance', severity: 'high', confidence: 'definite',
     title: 'PHI in Client-Side Storage',
     check({ files }) {
       const findings = [];

package/src/rules/compliance/index.js

@@ -422,7 +422,7 @@ const rules = [
   },
 
   // COMP-FIN-001: Payment card data stored
-  { id: 'COMP-FIN-001', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Payment Card Data Stored (PCI DSS Violation)',
+  { id: 'COMP-FIN-001', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Payment Card Data Stored (PCI DSS Violation)',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -440,7 +440,7 @@ const rules = [
   },
 
   // COMP-FIN-002: CVV stored after authorization
-  { id: 'COMP-FIN-002', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'CVV/CVC Stored After Authorization',
+  { id: 'COMP-FIN-002', category: 'compliance', severity: 'high', confidence: 'definite', title: 'CVV/CVC Stored After Authorization',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -652,7 +652,7 @@ const rules = [
   },
 
   // COMP-FIN-003: Payment page not on HTTPS
-  { id: 'COMP-FIN-003', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Payment Form Served Over HTTP',
+  { id: 'COMP-FIN-003', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Payment Form Served Over HTTP',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -869,7 +869,7 @@ const rules = [
   },
 
   // COMP-PCI-001: Credit card number in logs
-  { id: 'COMP-PCI-001', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Credit Card Number Potentially Logged',
+  { id: 'COMP-PCI-001', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Credit Card Number Potentially Logged',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -886,7 +886,7 @@ const rules = [
   },
 
   // COMP-PCI-002: Direct Stripe/Braintree keys in client-side code
-  { id: 'COMP-PCI-002', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Payment Provider Secret Key in Client-Side Code',
+  { id: 'COMP-PCI-002', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Payment Provider Secret Key in Client-Side Code',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -902,7 +902,7 @@ const rules = [
   },
 
   // COMP-PCI-003: No TLS on payment endpoints
-  { id: 'COMP-PCI-003', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Payment Endpoint Without TLS Enforcement',
+  { id: 'COMP-PCI-003', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Payment Endpoint Without TLS Enforcement',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -946,7 +946,7 @@ const rules = [
   },
 
   // COMP-HIPAA-001: Health data without encryption
-  { id: 'COMP-HIPAA-001', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Health Information Without Encryption (HIPAA)',
+  { id: 'COMP-HIPAA-001', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Health Information Without Encryption (HIPAA)',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -962,7 +962,7 @@ const rules = [
   },
 
   // COMP-HIPAA-002: PHI logged without redaction
-  { id: 'COMP-HIPAA-002', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Protected Health Information in Logs',
+  { id: 'COMP-HIPAA-002', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Protected Health Information in Logs',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -1267,7 +1267,7 @@ const rules = [
   },
 
   // COMP-CHILDREN-001: Behavioral advertising targeting children
-  { id: 'COMP-CHILDREN-001', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Behavioral Advertising on Platform Serving Minors',
+  { id: 'COMP-CHILDREN-001', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Behavioral Advertising on Platform Serving Minors',
     check({ files }) {
       const findings = [];
       const allCode = [...files.values()].join('\n');
@@ -1379,7 +1379,7 @@ const rules = [
   },
 
   // COMP-PCI-005: Card number pattern in source code
-  { id: 'COMP-PCI-005', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Payment Card Number Regex in Source',
+  { id: 'COMP-PCI-005', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Payment Card Number Regex in Source',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -1499,7 +1499,7 @@ const rules = [
     },
   },
   // COMP-HIPAA-005: PHI transmitted over HTTP
-  { id: 'COMP-HIPAA-005', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'Health Data Transmitted Over HTTP',
+  { id: 'COMP-HIPAA-005', category: 'compliance', severity: 'high', confidence: 'definite', title: 'Health Data Transmitted Over HTTP',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -1642,7 +1642,7 @@ const rules = [
     },
   },
   // COMP-HIPAA-006: PHI in URL parameters
-  { id: 'COMP-HIPAA-006', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'PHI in URL Parameters',
+  { id: 'COMP-HIPAA-006', category: 'compliance', severity: 'high', confidence: 'definite', title: 'PHI in URL Parameters',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -1658,7 +1658,7 @@ const rules = [
     },
   },
   // COMP-PCI-007: Storing CVV after authorization
-  { id: 'COMP-PCI-007', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'CVV/CVV2 Value Stored in Database',
+  { id: 'COMP-PCI-007', category: 'compliance', severity: 'high', confidence: 'definite', title: 'CVV/CVV2 Value Stored in Database',
     check({ files }) {
       const findings = [];
       for (const [fp, c] of files) {
@@ -1740,7 +1740,7 @@ const rules = [
     },
   },
   // COMP-CHILDREN-002: Collecting children's location data — only for apps explicitly targeting children
-  { id: 'COMP-CHILDREN-002', category: 'compliance', severity: 'critical', confidence: 'definite', title: "Location Data Collected That May Apply to Children's Platforms",
+  { id: 'COMP-CHILDREN-002', category: 'compliance', severity: 'high', confidence: 'definite', title: "Location Data Collected That May Apply to Children's Platforms",
     check({ files }) {
       const findings = [];
       // Only fire if package.json or config explicitly mentions COPPA/children targeting
@@ -1780,7 +1780,7 @@ function isSourceFile(f) { return ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs']
 
 // COMP-016: HIPAA - PHI in log statements
 rules.push({
-  id: 'COMP-016', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'HIPAA: Protected Health Information (PHI) logged',
+  id: 'COMP-016', category: 'compliance', severity: 'high', confidence: 'definite', title: 'HIPAA: Protected Health Information (PHI) logged',
   check({ files }) {
     const findings = [];
     const phiFields = /(?:diagnosis|condition|medication|treatment|prescription|patient.*name|dob|date_of_birth|ssn|medical_record|insurance|health_plan)/i;
@@ -1801,7 +1801,7 @@ rules.push({
 
 // COMP-017: HIPAA - Unencrypted health data storage
 rules.push({
-  id: 'COMP-017', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'HIPAA: Health data field stored without encryption annotation',
+  id: 'COMP-017', category: 'compliance', severity: 'high', confidence: 'definite', title: 'HIPAA: Health data field stored without encryption annotation',
   check({ files }) {
     const findings = [];
     const phiField = /(?:diagnosis|condition|medication|prescription|health_data|medical_history|lab_result)\s*[:=]/i;
@@ -1822,7 +1822,7 @@ rules.push({
 
 // COMP-018: PCI-DSS - Full card number stored
 rules.push({
-  id: 'COMP-018', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'PCI-DSS: Full credit card number stored or logged',
+  id: 'COMP-018', category: 'compliance', severity: 'high', confidence: 'definite', title: 'PCI-DSS: Full credit card number stored or logged',
   check({ files }) {
     const findings = [];
     const cardField = /(?:card_number|cardNumber|pan|credit_card|cc_number)\s*[:=]/i;
@@ -1843,7 +1843,7 @@ rules.push({
 
 // COMP-019: PCI-DSS - CVV stored
 rules.push({
-  id: 'COMP-019', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'PCI-DSS: CVV/CVV2 security code stored',
+  id: 'COMP-019', category: 'compliance', severity: 'high', confidence: 'definite', title: 'PCI-DSS: CVV/CVV2 security code stored',
   check({ files }) {
     const findings = [];
     const cvvField = /(?:cvv|cvv2|cvc|security_code|card_verification)\s*[:=]/i;
@@ -1863,7 +1863,7 @@ rules.push({
 
 // COMP-020: PCI-DSS - Unmasked PAN in logs
 rules.push({
-  id: 'COMP-020', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'PCI-DSS: Card number or PAN in log output',
+  id: 'COMP-020', category: 'compliance', severity: 'high', confidence: 'definite', title: 'PCI-DSS: Card number or PAN in log output',
   check({ files }) {
     const findings = [];
     const pattern = /(?:console\.|logger\.|log\.)\w*\s*\([^)]*(?:cardNumber|card_number|pan|creditCard|credit_card)/i;
@@ -2076,7 +2076,7 @@ rules.push({
 
 // COMP-032: PCI-DSS - Unencrypted transmission
 rules.push({
-  id: 'COMP-032', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'PCI-DSS: Payment data transmitted over unencrypted connection',
+  id: 'COMP-032', category: 'compliance', severity: 'high', confidence: 'definite', title: 'PCI-DSS: Payment data transmitted over unencrypted connection',
   check({ files }) {
     const findings = [];
     for (const [fp, c] of files) {
@@ -2145,7 +2145,7 @@ rules.push({
 
 // COMP-036: SOC2 - Plaintext passwords in configuration
 rules.push({
-  id: 'COMP-036', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'SOC2: Plaintext credentials in configuration files',
+  id: 'COMP-036', category: 'compliance', severity: 'high', confidence: 'definite', title: 'SOC2: Plaintext credentials in configuration files',
   check({ files }) {
     const findings = [];
     for (const [fp, c] of files) {
@@ -2199,7 +2199,7 @@ rules.push({
 
 // COMP-039: PCI-DSS - Logging card data
 rules.push({
-  id: 'COMP-039', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'PCI-DSS: Full card data logged — compliance violation',
+  id: 'COMP-039', category: 'compliance', severity: 'high', confidence: 'definite', title: 'PCI-DSS: Full card data logged — compliance violation',
   check({ files }) {
     const findings = [];
     const p = /(?:console\.|logger\.)\w*\s*\([^)]*(?:card|pan|cvv|expiry|expirationDate)/i;
@@ -2285,7 +2285,7 @@ rules.push({
 
 // COMP-044: HIPAA - PHI sent via email without encryption
 rules.push({
-  id: 'COMP-044', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'HIPAA: Health data potentially sent via email without encryption',
+  id: 'COMP-044', category: 'compliance', severity: 'high', confidence: 'definite', title: 'HIPAA: Health data potentially sent via email without encryption',
   check({ files }) {
     const findings = [];
     for (const [fp, c] of files) {
@@ -2598,7 +2598,7 @@ rules.push({
 
 // COMP-064: HIPAA - PHI in debug logs
 rules.push({
-  id: 'COMP-064', category: 'compliance', severity: 'critical', confidence: 'definite', title: 'HIPAA: PHI fields may appear in debug logs',
+  id: 'COMP-064', category: 'compliance', severity: 'high', confidence: 'definite', title: 'HIPAA: PHI fields may appear in debug logs',
   check({ files }) {
     const findings = [];
     for (const [fp, c] of files) {