npm - guardlink - Versions diffs - 1.0.0 - Mend

guardlink 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/CHANGELOG.md +30 -0
package/LICENSE +21 -0
package/README.md +344 -0
package/dist/agents/config.d.ts +46 -0
package/dist/agents/config.d.ts.map +1 -0
package/dist/agents/config.js +189 -0
package/dist/agents/config.js.map +1 -0
package/dist/agents/index.d.ts +24 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +42 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/launcher.d.ts +54 -0
package/dist/agents/launcher.d.ts.map +1 -0
package/dist/agents/launcher.js +152 -0
package/dist/agents/launcher.js.map +1 -0
package/dist/agents/prompts.d.ts +14 -0
package/dist/agents/prompts.d.ts.map +1 -0
package/dist/agents/prompts.js +120 -0
package/dist/agents/prompts.js.map +1 -0
package/dist/analyze/index.d.ts +80 -0
package/dist/analyze/index.d.ts.map +1 -0
package/dist/analyze/index.js +306 -0
package/dist/analyze/index.js.map +1 -0
package/dist/analyze/llm.d.ts +52 -0
package/dist/analyze/llm.d.ts.map +1 -0
package/dist/analyze/llm.js +295 -0
package/dist/analyze/llm.js.map +1 -0
package/dist/analyze/prompts.d.ts +14 -0
package/dist/analyze/prompts.d.ts.map +1 -0
package/dist/analyze/prompts.js +205 -0
package/dist/analyze/prompts.js.map +1 -0
package/dist/analyzer/index.d.ts +5 -0
package/dist/analyzer/index.d.ts.map +1 -0
package/dist/analyzer/index.js +5 -0
package/dist/analyzer/index.js.map +1 -0
package/dist/analyzer/sarif.d.ts +84 -0
package/dist/analyzer/sarif.d.ts.map +1 -0
package/dist/analyzer/sarif.js +149 -0
package/dist/analyzer/sarif.js.map +1 -0
package/dist/cli/index.d.ts +25 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +821 -0
package/dist/cli/index.js.map +1 -0
package/dist/dashboard/data.d.ts +52 -0
package/dist/dashboard/data.d.ts.map +1 -0
package/dist/dashboard/data.js +93 -0
package/dist/dashboard/data.js.map +1 -0
package/dist/dashboard/diagrams.d.ts +25 -0
package/dist/dashboard/diagrams.d.ts.map +1 -0
package/dist/dashboard/diagrams.js +243 -0
package/dist/dashboard/diagrams.js.map +1 -0
package/dist/dashboard/generate.d.ts +17 -0
package/dist/dashboard/generate.d.ts.map +1 -0
package/dist/dashboard/generate.js +1258 -0
package/dist/dashboard/generate.js.map +1 -0
package/dist/dashboard/index.d.ts +7 -0
package/dist/dashboard/index.d.ts.map +1 -0
package/dist/dashboard/index.js +7 -0
package/dist/dashboard/index.js.map +1 -0
package/dist/diff/engine.d.ts +51 -0
package/dist/diff/engine.d.ts.map +1 -0
package/dist/diff/engine.js +153 -0
package/dist/diff/engine.js.map +1 -0
package/dist/diff/format.d.ts +10 -0
package/dist/diff/format.d.ts.map +1 -0
package/dist/diff/format.js +111 -0
package/dist/diff/format.js.map +1 -0
package/dist/diff/git.d.ts +24 -0
package/dist/diff/git.d.ts.map +1 -0
package/dist/diff/git.js +85 -0
package/dist/diff/git.js.map +1 -0
package/dist/diff/index.d.ts +7 -0
package/dist/diff/index.d.ts.map +1 -0
package/dist/diff/index.js +7 -0
package/dist/diff/index.js.map +1 -0
package/dist/index.d.ts +20 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +17 -0
package/dist/index.js.map +1 -0
package/dist/init/detect.d.ts +42 -0
package/dist/init/detect.d.ts.map +1 -0
package/dist/init/detect.js +185 -0
package/dist/init/detect.js.map +1 -0
package/dist/init/index.d.ts +39 -0
package/dist/init/index.d.ts.map +1 -0
package/dist/init/index.js +228 -0
package/dist/init/index.js.map +1 -0
package/dist/init/picker.d.ts +32 -0
package/dist/init/picker.d.ts.map +1 -0
package/dist/init/picker.js +105 -0
package/dist/init/picker.js.map +1 -0
package/dist/init/templates.d.ts +25 -0
package/dist/init/templates.d.ts.map +1 -0
package/dist/init/templates.js +263 -0
package/dist/init/templates.js.map +1 -0
package/dist/mcp/index.d.ts +12 -0
package/dist/mcp/index.d.ts.map +1 -0
package/dist/mcp/index.js +18 -0
package/dist/mcp/index.js.map +1 -0
package/dist/mcp/lookup.d.ts +27 -0
package/dist/mcp/lookup.d.ts.map +1 -0
package/dist/mcp/lookup.js +282 -0
package/dist/mcp/lookup.js.map +1 -0
package/dist/mcp/server.d.ts +41 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +388 -0
package/dist/mcp/server.js.map +1 -0
package/dist/mcp/suggest.d.ts +35 -0
package/dist/mcp/suggest.d.ts.map +1 -0
package/dist/mcp/suggest.js +268 -0
package/dist/mcp/suggest.js.map +1 -0
package/dist/parser/comment-strip.d.ts +15 -0
package/dist/parser/comment-strip.d.ts.map +1 -0
package/dist/parser/comment-strip.js +76 -0
package/dist/parser/comment-strip.js.map +1 -0
package/dist/parser/index.d.ts +10 -0
package/dist/parser/index.d.ts.map +1 -0
package/dist/parser/index.js +9 -0
package/dist/parser/index.js.map +1 -0
package/dist/parser/normalize.d.ts +22 -0
package/dist/parser/normalize.d.ts.map +1 -0
package/dist/parser/normalize.js +42 -0
package/dist/parser/normalize.js.map +1 -0
package/dist/parser/parse-file.d.ts +18 -0
package/dist/parser/parse-file.d.ts.map +1 -0
package/dist/parser/parse-file.js +68 -0
package/dist/parser/parse-file.js.map +1 -0
package/dist/parser/parse-line.d.ts +21 -0
package/dist/parser/parse-line.d.ts.map +1 -0
package/dist/parser/parse-line.js +230 -0
package/dist/parser/parse-line.js.map +1 -0
package/dist/parser/parse-project.d.ts +31 -0
package/dist/parser/parse-project.d.ts.map +1 -0
package/dist/parser/parse-project.js +281 -0
package/dist/parser/parse-project.js.map +1 -0
package/dist/report/index.d.ts +6 -0
package/dist/report/index.d.ts.map +1 -0
package/dist/report/index.js +6 -0
package/dist/report/index.js.map +1 -0
package/dist/report/mermaid.d.ts +15 -0
package/dist/report/mermaid.d.ts.map +1 -0
package/dist/report/mermaid.js +260 -0
package/dist/report/mermaid.js.map +1 -0
package/dist/report/report.d.ts +16 -0
package/dist/report/report.d.ts.map +1 -0
package/dist/report/report.js +211 -0
package/dist/report/report.js.map +1 -0
package/dist/tui/commands.d.ts +42 -0
package/dist/tui/commands.d.ts.map +1 -0
package/dist/tui/commands.js +1216 -0
package/dist/tui/commands.js.map +1 -0
package/dist/tui/config.d.ts +27 -0
package/dist/tui/config.d.ts.map +1 -0
package/dist/tui/config.js +27 -0
package/dist/tui/config.js.map +1 -0
package/dist/tui/format.d.ts +63 -0
package/dist/tui/format.d.ts.map +1 -0
package/dist/tui/format.js +253 -0
package/dist/tui/format.js.map +1 -0
package/dist/tui/index.d.ts +18 -0
package/dist/tui/index.d.ts.map +1 -0
package/dist/tui/index.js +470 -0
package/dist/tui/index.js.map +1 -0
package/dist/tui/input.d.ts +63 -0
package/dist/tui/input.d.ts.map +1 -0
package/dist/tui/input.js +454 -0
package/dist/tui/input.js.map +1 -0
package/dist/types/index.d.ts +254 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +6 -0
package/dist/types/index.js.map +1 -0
package/package.json +97 -0

package/dist/analyzer/sarif.js ADDED Viewed

@@ -0,0 +1,149 @@
+/**
+ * GuardLink SARIF — Convert threat model findings to SARIF 2.1.0.
+ *
+ * SARIF (Static Analysis Results Interchange Format) is consumed by:
+ *   - GitHub Advanced Security (code scanning alerts)
+ *   - VS Code SARIF Viewer extension
+ *   - Azure DevOps
+ *   - SonarQube, Snyk, etc.
+ *
+ * We emit results for:
+ *   1. Unmitigated exposures (the primary security findings)
+ *   2. Parse errors (annotation syntax problems)
+ *   3. Dangling references (broken #id refs)
+ *
+ * @exposes #sarif to #info-disclosure [low] cwe:CWE-200 -- "SARIF output contains detailed threat model findings"
+ * @accepts #info-disclosure on #sarif -- "SARIF export for security tools is the intended feature"
+ * @exposes #sarif to #arbitrary-write [high] cwe:CWE-73 -- "SARIF written to user-specified output path"
+ * @mitigates #sarif against #arbitrary-write using #path-validation -- "CLI resolves output path before write"
+ * @flows #parser -> #sarif via ThreatModel -- "SARIF generator receives parsed threat model"
+ * @flows #sarif -> External_Security_Tools via SARIF_JSON -- "Output consumed by GitHub, VS Code, etc."
+ */
+// ─── Rule definitions ────────────────────────────────────────────────
+const RULES = [
+    {
+        id: 'guardlink/unmitigated-exposure',
+        name: 'UnmitigatedExposure',
+        shortDescription: { text: 'Asset exposed to threat with no mitigation or acceptance' },
+        fullDescription: { text: 'An @exposes annotation exists but no matching @mitigates or @accepts covers this (asset, threat) pair. This represents an acknowledged but unaddressed security risk.' },
+        helpUri: 'https://guardlink.bugb.io/docs/exposures',
+        defaultConfiguration: { level: 'warning' },
+    },
+    {
+        id: 'guardlink/unmitigated-critical',
+        name: 'UnmitigatedCriticalExposure',
+        shortDescription: { text: 'Critical/high severity exposure with no mitigation' },
+        fullDescription: { text: 'A critical or high severity exposure exists without mitigation. This should be addressed before deployment.' },
+        helpUri: 'https://guardlink.bugb.io/docs/exposures',
+        defaultConfiguration: { level: 'error' },
+    },
+    {
+        id: 'guardlink/parse-error',
+        name: 'AnnotationParseError',
+        shortDescription: { text: 'Malformed GuardLink annotation' },
+        fullDescription: { text: 'A GuardLink annotation could not be parsed. Check syntax against the specification.' },
+        helpUri: 'https://guardlink.bugb.io/docs/syntax',
+        defaultConfiguration: { level: 'error' },
+    },
+    {
+        id: 'guardlink/dangling-ref',
+        name: 'DanglingReference',
+        shortDescription: { text: 'Reference to undefined threat, control, or asset ID' },
+        fullDescription: { text: 'An annotation references a #id that is not defined anywhere in the project.' },
+        helpUri: 'https://guardlink.bugb.io/docs/definitions',
+        defaultConfiguration: { level: 'warning' },
+    },
+];
+export function generateSarif(model, diagnostics = [], danglingRefs = [], options = {}) {
+    const { includeDiagnostics = true, includeDanglingRefs = true } = options;
+    const results = [];
+    // ── Unmitigated exposures ──
+    const mitigated = new Set();
+    const accepted = new Set();
+    for (const m of model.mitigations)
+        mitigated.add(`${m.asset}::${m.threat}`);
+    for (const a of model.acceptances)
+        accepted.add(`${a.asset}::${a.threat}`);
+    for (const e of model.exposures) {
+        const key = `${e.asset}::${e.threat}`;
+        if (mitigated.has(key) || accepted.has(key))
+            continue;
+        // Severity filter
+        if (options.minSeverity && !meetsMinSeverity(e.severity, options.minSeverity))
+            continue;
+        const isCritical = e.severity === 'critical' || e.severity === 'high';
+        const ruleId = isCritical ? 'guardlink/unmitigated-critical' : 'guardlink/unmitigated-exposure';
+        const level = isCritical ? 'error' : 'warning';
+        const threat = e.threat.startsWith('#') ? e.threat.slice(1) : e.threat;
+        const desc = e.description ? `: ${e.description}` : '';
+        results.push({
+            ruleId,
+            level,
+            message: { text: `${e.asset} is exposed to ${threat}${desc}` },
+            locations: [locationFrom(e.location.file, e.location.line)],
+            properties: {
+                severity: e.severity || 'unset',
+                asset: e.asset,
+                threat: e.threat,
+                ...(e.external_refs.length > 0 ? { externalRefs: e.external_refs } : {}),
+            },
+        });
+    }
+    // ── Parse errors ──
+    if (includeDiagnostics) {
+        for (const d of diagnostics) {
+            if (d.level !== 'error')
+                continue;
+            results.push({
+                ruleId: 'guardlink/parse-error',
+                level: 'error',
+                message: { text: d.message },
+                locations: [locationFrom(d.file, d.line)],
+            });
+        }
+    }
+    // ── Dangling refs ──
+    if (includeDanglingRefs) {
+        for (const d of danglingRefs) {
+            results.push({
+                ruleId: 'guardlink/dangling-ref',
+                level: 'warning',
+                message: { text: d.message },
+                locations: [locationFrom(d.file, d.line)],
+            });
+        }
+    }
+    return {
+        $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json',
+        version: '2.1.0',
+        runs: [{
+                tool: {
+                    driver: {
+                        name: 'GuardLink',
+                        version: '1.0.0',
+                        informationUri: 'https://guardlink.bugb.io',
+                        rules: RULES,
+                    },
+                },
+                results,
+            }],
+    };
+}
+// ─── Helpers ─────────────────────────────────────────────────────────
+function locationFrom(file, line) {
+    // SARIF uses forward-slash URIs
+    const uri = file.replace(/\\/g, '/');
+    return {
+        physicalLocation: {
+            artifactLocation: { uri },
+            region: { startLine: line },
+        },
+    };
+}
+const SEV_ORDER = { critical: 0, high: 1, medium: 2, low: 3 };
+function meetsMinSeverity(actual, min) {
+    if (!actual || !min)
+        return true;
+    return (SEV_ORDER[actual] ?? 4) <= (SEV_ORDER[min] ?? 4);
+}
+//# sourceMappingURL=sarif.js.map

package/dist/analyzer/sarif.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sarif.js","sourceRoot":"","sources":["../../src/analyzer/sarif.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAsDH,wEAAwE;AAExE,MAAM,KAAK,GAAgB;IACzB;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,qBAAqB;QAC3B,gBAAgB,EAAE,EAAE,IAAI,EAAE,0DAA0D,EAAE;QACtF,eAAe,EAAE,EAAE,IAAI,EAAE,uKAAuK,EAAE;QAClM,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;KAC3C;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,6BAA6B;QACnC,gBAAgB,EAAE,EAAE,IAAI,EAAE,oDAAoD,EAAE;QAChF,eAAe,EAAE,EAAE,IAAI,EAAE,6GAA6G,EAAE;QACxI,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sBAAsB;QAC5B,gBAAgB,EAAE,EAAE,IAAI,EAAE,gCAAgC,EAAE;QAC5D,eAAe,EAAE,EAAE,IAAI,EAAE,qFAAqF,EAAE;QAChH,OAAO,EAAE,uCAAuC;QAChD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,mBAAmB;QACzB,gBAAgB,EAAE,EAAE,IAAI,EAAE,qDAAqD,EAAE;QACjF,eAAe,EAAE,EAAE,IAAI,EAAE,6EAA6E,EAAE;QACxG,OAAO,EAAE,4CAA4C;QACrD,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;KAC3C;CACF,CAAC;AAaF,MAAM,UAAU,aAAa,CAC3B,KAAkB,EAClB,cAAiC,EAAE,EACnC,eAAkC,EAAE,EACpC,UAAwB,EAAE;IAE1B,MAAM,EAAE,kBAAkB,GAAG,IAAI,EAAE,mBAAmB,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE1E,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;QAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;QAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAEtD,kBAAkB;QAClB,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;YAAE,SAAS;QAExF,MAAM,UAAU,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACtE,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,gCAAgC,CAAC;QAChG,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAgB,CAAC,CAAC,CAAC,SAAkB,CAAC;QAEjE,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACvE,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM;YACN,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,KAAK,kBAAkB,MAAM,GAAG,IAAI,EAAE,EAAE;YAC9D,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC3D,UAAU,EAAE;gBACV,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,OAAO;gBAC/B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACzE;SACF,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,IAAI,kBAAkB,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,KAAK,KAAK,OAAO;gBAAE,SAAS;YAClC,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,uBAAuB;gBAC/B,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBAC5B,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,mBAAmB,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,wBAAwB;gBAChC,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBAC5B,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,CAAC;gBACL,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,2BAA2B;wBAC3C,KAAK,EAAE,KAAK;qBACb;iBACF;gBACD,OAAO;aACR,CAAC;KACH,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,SAAS,YAAY,CAAC,IAAY,EAAE,IAAY;IAC9C,gCAAgC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACrC,OAAO;QACL,gBAAgB,EAAE;YAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE;YACzB,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;SAC5B;KACF,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAEtF,SAAS,gBAAgB,CAAC,MAAiB,EAAE,GAAc;IACzD,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/cli/index.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+/**
+ * GuardLink CLI — Reference Implementation
+ *
+ * Usage:
+ *   guardlink init [dir]        Initialize GuardLink in a project
+ *   guardlink parse [dir]       Parse annotations, output ThreatModel JSON
+ *   guardlink status [dir]      Show annotation coverage summary
+ *   guardlink validate [dir]    Check for syntax errors and dangling refs
+ *   guardlink analyze [framework] AI-powered threat analysis (STRIDE, DREAD, etc.)
+ *   guardlink annotate <prompt>  Launch coding agent for annotation
+ *   guardlink config <action>    Manage LLM provider configuration
+ *
+ * @exposes #cli to #path-traversal [high] cwe:CWE-22 -- "Accepts directory paths from command line arguments"
+ * @exposes #cli to #arbitrary-write [high] cwe:CWE-73 -- "Writes reports and SARIF to user-specified output paths"
+ * @accepts #arbitrary-write on #cli -- "Intentional feature: users specify output paths for reports"
+ * @mitigates #cli against #path-traversal using #path-validation -- "resolve() normalizes paths before passing to submodules"
+ * @boundary between #cli and #parser (#cli-parser-boundary) -- "CLI is the primary user input trust boundary"
+ * @flows User -> #cli via argv -- "User provides directory paths and options via command line"
+ * @flows #cli -> #parser via parseProject -- "CLI dispatches parsed commands to parser"
+ * @flows #cli -> #report via generateReport -- "CLI writes report output"
+ * @flows #cli -> #init via initProject -- "CLI initializes project structure"
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;GAqBG"}