guardlink 1.4.2 → 1.4.3

package/dist/analyze/prompts.js

@@ -25,12 +25,17 @@ You will receive:
 1. **Project context** — language/framework, dependencies, deployment signals (Dockerfile, CI config, etc.)
 2. **Annotation graph** — structured security metadata extracted from GuardLink annotations in source comments or standalone \`.gal\` files
 3. **Code snippets** — the actual source lines surrounding each annotation, so you can validate what developers claimed
+4. **Pentest findings** (if available) — actual CXG (CERT-X-GEN) scan results from automated security testing, including confirmed vulnerabilities with evidence, severity, CWE mappings, and remediation guidance
 
 ## How to use these inputs
 
 - Treat annotations as **developer hypotheses**, not ground truth. Validate them against the code snippets.
 - Use the project context to reason about the **real attack surface** — what frameworks introduce, what dependencies are known-vulnerable, what the deployment model exposes.
 - **Identify gaps**: what is NOT annotated but should be? Look at unannotated symbols, data flows with no security coverage, and dependency-level risks.
+- If **pentest findings** are provided, treat them as **empirical evidence** — these are confirmed or high-confidence vulnerabilities found by automated security templates. Cross-reference findings against annotations: which @exposes are now validated? Recommend adding @confirmed in code where verification is definitive. Which threats have actual evidence? Are there findings for threats that were NOT annotated?
+- Pentest findings with high confidence (>70%) and evidence (request + response) should be treated as **confirmed exploitable** unless the evidence clearly shows a false positive.
+- If the annotation graph includes **@confirmed** rows, treat them as **already verified** — prioritize them in executive summary and remediation ordering alongside pentest JSON evidence.
+- Include a dedicated **Pentest Results** section in your report that summarizes confirmed findings, correlates them with the threat model, and highlights any new attack vectors discovered by scanning.
 - Produce a threat model a **security team could hand to an auditor** — specific, evidence-based, and actionable.
 
 ## Annotation semantics
@@ -40,6 +45,7 @@ You will receive:
 - **@control** — a security mechanism in place
 - **@mitigates** — a real control exists in code defending an asset against a threat. This is a genuine defense.
 - **@exposes** — a known vulnerability: this asset is exposed to this threat
+- **@confirmed** — the threat was **verified** exploitable (pentest, scan with evidence, or manual reproduction). Treat as ground truth for that finding, not a hypothesis. Distinct from @exposes (theoretical) and @accepts (governance).
 - **@accepts** — risk acknowledged but **NO control in code**. This is a governance decision, not a technical fix.
 - **@flows** — data movement between components
 - **@boundary** — a trust boundary between security zones
@@ -53,6 +59,7 @@ You will receive:
 - Treat accepted-but-unmitigated exposures as **OPEN RISKS**, not resolved findings.
 - If a code snippet contradicts its annotation (e.g., a @mitigates annotation but the code shows no actual check), flag the annotation as **potentially inaccurate**.
 - Challenge accepted risks: "You accepted this — is that reasonable given the severity and blast radius?"
+- Distinguish **pentest-confirmable threats** from **governance/design-only gaps**. Pentest-confirmable issues should include concrete validation ideas; governance/design-only risks should be called out explicitly as **audit-required** items with suggested @audit/@comment annotations instead of fake exploit claims.
 - Always reference **specific files, assets, and threat IDs** from the model. Never give generic advice.
 
 ## Output structure
@@ -297,9 +304,10 @@ Top 5–10 items the team should act on, ordered by risk. For each: one-line des
 };
 /**
  * Build the user message containing the serialized threat model,
- * optional project context, and optional code snippets.
+ * optional project context, optional code snippets, and optional
+ * pentest findings from CXG scans.
  */
-export function buildUserMessage(modelJson, framework, customPrompt, projectContext, codeSnippets) {
+export function buildUserMessage(modelJson, framework, customPrompt, projectContext, codeSnippets, pentestFindings) {
     const header = customPrompt
         ? `Use these annotations as input to produce a threat model. Additional focus: ${customPrompt}`
         : `Produce a ${FRAMEWORK_LABELS[framework]} for this codebase using all available evidence below.`;
@@ -319,6 +327,12 @@ export function buildUserMessage(modelJson, framework, customPrompt, projectCont
         parts.push(codeSnippets);
         parts.push('</code_snippets>');
     }
+    if (pentestFindings) {
+        parts.push('');
+        parts.push('<pentest_findings>');
+        parts.push(pentestFindings);
+        parts.push('</pentest_findings>');
+    }
     return parts.join('\n');
 }
 //# sourceMappingURL=prompts.js.map

package/dist/analyze/prompts.js.map

@@ -1 +1 @@
-{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/analyze/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,CAAC,MAAM,gBAAgB,GAAsC;IACjE,MAAM,EAAE,wBAAwB;IAChC,KAAK,EAAE,uBAAuB;IAC9B,KAAK,EAAE,yBAAyB;IAChC,QAAQ,EAAE,2BAA2B;IACrC,KAAK,EAAE,uBAAuB;IAC9B,OAAO,EAAE,yBAAyB;CACnC,CAAC;AAEF,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+PAgD2O,CAAC;AAEhQ,MAAM,CAAC,MAAM,iBAAiB,GAAsC;IAClE,MAAM,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yDAsCiC;IAEvD,KAAK,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8CA8BuB;IAE5C,KAAK,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+FAiCwE;IAE7F,QAAQ,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iDAiCuB;IAE/C,KAAK,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+DA6BwC;IAE7D,OAAO,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8MA4DqL;CAC7M,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAAiB,EACjB,SAA4B,EAC5B,YAAqB,EACrB,cAAuB,EACvB,YAAqB;IAErB,MAAM,MAAM,GAAG,YAAY;QACzB,CAAC,CAAC,+EAA+E,YAAY,EAAE;QAC/F,CAAC,CAAC,aAAa,gBAAgB,CAAC,SAAS,CAAC,wDAAwD,CAAC;IAErG,MAAM,KAAK,GAAa,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErC,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtB,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAElC,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/analyze/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,CAAC,MAAM,gBAAgB,GAAsC;IACjE,MAAM,EAAE,wBAAwB;IAChC,KAAK,EAAE,uBAAuB;IAC9B,KAAK,EAAE,yBAAyB;IAChC,QAAQ,EAAE,2BAA2B;IACrC,KAAK,EAAE,uBAAuB;IAC9B,OAAO,EAAE,yBAAyB;CACnC,CAAC;AAEF,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+PAuD2O,CAAC;AAEhQ,MAAM,CAAC,MAAM,iBAAiB,GAAsC;IAClE,MAAM,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yDAsCiC;IAEvD,KAAK,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8CA8BuB;IAE5C,KAAK,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+FAiCwE;IAE7F,QAAQ,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iDAiCuB;IAE/C,KAAK,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+DA6BwC;IAE7D,OAAO,EAAE,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8MA4DqL;CAC7M,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAAiB,EACjB,SAA4B,EAC5B,YAAqB,EACrB,cAAuB,EACvB,YAAqB,EACrB,eAAwB;IAExB,MAAM,MAAM,GAAG,YAAY;QACzB,CAAC,CAAC,+EAA+E,YAAY,EAAE;QAC/F,CAAC,CAAC,aAAa,gBAAgB,CAAC,SAAS,CAAC,wDAAwD,CAAC;IAErG,MAAM,KAAK,GAAa,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErC,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtB,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAElC,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/analyzer/sarif.d.ts

@@ -9,8 +9,9 @@
  *
  * We emit results for:
  *   1. Unmitigated exposures (the primary security findings)
- *   2. Parse errors (annotation syntax problems)
- *   3. Dangling references (broken #id refs)
+ *   2. @confirmed verified exploitable annotations (always error-level)
+ *   3. Parse errors (annotation syntax problems)
+ *   4. Dangling references (broken #id refs)
  *
  * @exposes #sarif to #data-exposure [low] cwe:CWE-200 -- "Exposes threat model findings to SARIF consumers"
  * @audit #sarif -- "SARIF output intentionally reveals security findings for CI/CD integration"

package/dist/analyzer/sarif.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sarif.d.ts","sourceRoot":"","sources":["../../src/analyzer/sarif.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAuB,eAAe,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAIrG,UAAU,QAAQ;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,QAAQ,EAAE,CAAC;CAClB;AAED,UAAU,QAAQ;IAChB,IAAI,EAAE;QACJ,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,SAAS,EAAE,CAAC;SACpB,CAAC;KACH,CAAC;IACF,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAED,UAAU,SAAS;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACnC,eAAe,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE;QACpB,KAAK,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;KACrC,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACpC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,SAAS,EAAE,aAAa,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,UAAU,aAAa;IACrB,gBAAgB,EAAE;QAChB,gBAAgB,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QAClC,MAAM,EAAE;YACN,SAAS,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;KACH,CAAC;CACH;AAyCD,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mEAAmE;IACnE,WAAW,CAAC,EAAE,QAAQ,CAAC;CACxB;AAED,wBAAgB,aAAa,CAC3B,KAAK,EAAE,WAAW,EAClB,WAAW,GAAE,eAAe,EAAO,EACnC,YAAY,GAAE,eAAe,EAAO,EACpC,OAAO,GAAE,YAAiB,GACzB,QAAQ,CA+EV"}
+{"version":3,"file":"sarif.d.ts","sourceRoot":"","sources":["../../src/analyzer/sarif.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAuB,eAAe,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAIrG,UAAU,QAAQ;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,QAAQ,EAAE,CAAC;CAClB;AAED,UAAU,QAAQ;IAChB,IAAI,EAAE;QACJ,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,SAAS,EAAE,CAAC;SACpB,CAAC;KACH,CAAC;IACF,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAED,UAAU,SAAS;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACnC,eAAe,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE;QACpB,KAAK,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;KACrC,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACpC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,SAAS,EAAE,aAAa,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,UAAU,aAAa;IACrB,gBAAgB,EAAE;QAChB,gBAAgB,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QAClC,MAAM,EAAE;YACN,SAAS,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;KACH,CAAC;CACH;AAiDD,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mEAAmE;IACnE,WAAW,CAAC,EAAE,QAAQ,CAAC;CACxB;AAED,wBAAgB,aAAa,CAC3B,KAAK,EAAE,WAAW,EAClB,WAAW,GAAE,eAAe,EAAO,EACnC,YAAY,GAAE,eAAe,EAAO,EACpC,OAAO,GAAE,YAAiB,GACzB,QAAQ,CAkGV"}

package/dist/analyzer/sarif.js

@@ -9,8 +9,9 @@
  *
  * We emit results for:
  *   1. Unmitigated exposures (the primary security findings)
- *   2. Parse errors (annotation syntax problems)
- *   3. Dangling references (broken #id refs)
+ *   2. @confirmed verified exploitable annotations (always error-level)
+ *   3. Parse errors (annotation syntax problems)
+ *   4. Dangling references (broken #id refs)
  *
  * @exposes #sarif to #data-exposure [low] cwe:CWE-200 -- "Exposes threat model findings to SARIF consumers"
  * @audit #sarif -- "SARIF output intentionally reveals security findings for CI/CD integration"
@@ -36,6 +37,14 @@ const RULES = [
         helpUri: 'https://guardlink.bugb.io/docs/exposures',
         defaultConfiguration: { level: 'error' },
     },
+    {
+        id: 'guardlink/confirmed-exploitable',
+        name: 'ConfirmedExploitable',
+        shortDescription: { text: 'Threat verified exploitable through testing' },
+        fullDescription: { text: 'A @confirmed annotation marks this threat as verified through pentest, scanning, or manual reproduction. This is not a false positive and requires immediate remediation.' },
+        helpUri: 'https://guardlink.bugb.io/docs/confirmed',
+        defaultConfiguration: { level: 'error' },
+    },
     {
         id: 'guardlink/parse-error',
         name: 'AnnotationParseError',
@@ -88,6 +97,23 @@ export function generateSarif(model, diagnostics = [], danglingRefs = [], option
             },
         });
     }
+    // ── Confirmed exploitable ──
+    for (const c of (model.confirmed || [])) {
+        const threat = c.threat.startsWith('#') ? c.threat.slice(1) : c.threat;
+        const desc = c.description ? `: ${c.description}` : '';
+        results.push({
+            ruleId: 'guardlink/confirmed-exploitable',
+            level: 'error',
+            message: { text: `CONFIRMED: ${c.asset} exploitable via ${threat}${desc}` },
+            locations: [locationFrom(c.location.file, c.location.line)],
+            properties: {
+                severity: c.severity || 'unset',
+                asset: c.asset,
+                threat: c.threat,
+                ...(c.external_refs.length > 0 ? { externalRefs: c.external_refs } : {}),
+            },
+        });
+    }
     // ── Parse errors ──
     if (includeDiagnostics) {
         for (const d of diagnostics) {
@@ -119,7 +145,7 @@ export function generateSarif(model, diagnostics = [], danglingRefs = [], option
                 tool: {
                     driver: {
                         name: 'GuardLink',
-                        version: '1.1.0',
+                        version: '1.4.3',
                         informationUri: 'https://guardlink.bugb.io',
                         rules: RULES,
                     },

package/dist/analyzer/sarif.js.map

@@ -1 +1 @@
-{"version":3,"file":"sarif.js","sourceRoot":"","sources":["../../src/analyzer/sarif.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAsDH,wEAAwE;AAExE,MAAM,KAAK,GAAgB;IACzB;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,qBAAqB;QAC3B,gBAAgB,EAAE,EAAE,IAAI,EAAE,0DAA0D,EAAE;QACtF,eAAe,EAAE,EAAE,IAAI,EAAE,uKAAuK,EAAE;QAClM,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;KAC3C;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,6BAA6B;QACnC,gBAAgB,EAAE,EAAE,IAAI,EAAE,oDAAoD,EAAE;QAChF,eAAe,EAAE,EAAE,IAAI,EAAE,6GAA6G,EAAE;QACxI,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sBAAsB;QAC5B,gBAAgB,EAAE,EAAE,IAAI,EAAE,gCAAgC,EAAE;QAC5D,eAAe,EAAE,EAAE,IAAI,EAAE,qFAAqF,EAAE;QAChH,OAAO,EAAE,uCAAuC;QAChD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,mBAAmB;QACzB,gBAAgB,EAAE,EAAE,IAAI,EAAE,qDAAqD,EAAE;QACjF,eAAe,EAAE,EAAE,IAAI,EAAE,6EAA6E,EAAE;QACxG,OAAO,EAAE,4CAA4C;QACrD,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;KAC3C;CACF,CAAC;AAaF,MAAM,UAAU,aAAa,CAC3B,KAAkB,EAClB,cAAiC,EAAE,EACnC,eAAkC,EAAE,EACpC,UAAwB,EAAE;IAE1B,MAAM,EAAE,kBAAkB,GAAG,IAAI,EAAE,mBAAmB,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE1E,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;QAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;QAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAEtD,kBAAkB;QAClB,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;YAAE,SAAS;QAExF,MAAM,UAAU,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACtE,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,gCAAgC,CAAC;QAChG,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAgB,CAAC,CAAC,CAAC,SAAkB,CAAC;QAEjE,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACvE,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM;YACN,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,KAAK,kBAAkB,MAAM,GAAG,IAAI,EAAE,EAAE;YAC9D,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC3D,UAAU,EAAE;gBACV,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,OAAO;gBAC/B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACzE;SACF,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,IAAI,kBAAkB,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,KAAK,KAAK,OAAO;gBAAE,SAAS;YAClC,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,uBAAuB;gBAC/B,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBAC5B,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,mBAAmB,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,wBAAwB;gBAChC,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBAC5B,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,CAAC;gBACL,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,2BAA2B;wBAC3C,KAAK,EAAE,KAAK;qBACb;iBACF;gBACD,OAAO;aACR,CAAC;KACH,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,SAAS,YAAY,CAAC,IAAY,EAAE,IAAY;IAC9C,gCAAgC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACrC,OAAO;QACL,gBAAgB,EAAE;YAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE;YACzB,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;SAC5B;KACF,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAEtF,SAAS,gBAAgB,CAAC,MAAiB,EAAE,GAAc;IACzD,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC"}
+{"version":3,"file":"sarif.js","sourceRoot":"","sources":["../../src/analyzer/sarif.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAsDH,wEAAwE;AAExE,MAAM,KAAK,GAAgB;IACzB;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,qBAAqB;QAC3B,gBAAgB,EAAE,EAAE,IAAI,EAAE,0DAA0D,EAAE;QACtF,eAAe,EAAE,EAAE,IAAI,EAAE,uKAAuK,EAAE;QAClM,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;KAC3C;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,6BAA6B;QACnC,gBAAgB,EAAE,EAAE,IAAI,EAAE,oDAAoD,EAAE;QAChF,eAAe,EAAE,EAAE,IAAI,EAAE,6GAA6G,EAAE;QACxI,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,iCAAiC;QACrC,IAAI,EAAE,sBAAsB;QAC5B,gBAAgB,EAAE,EAAE,IAAI,EAAE,6CAA6C,EAAE;QACzE,eAAe,EAAE,EAAE,IAAI,EAAE,2KAA2K,EAAE;QACtM,OAAO,EAAE,0CAA0C;QACnD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sBAAsB;QAC5B,gBAAgB,EAAE,EAAE,IAAI,EAAE,gCAAgC,EAAE;QAC5D,eAAe,EAAE,EAAE,IAAI,EAAE,qFAAqF,EAAE;QAChH,OAAO,EAAE,uCAAuC;QAChD,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;KACzC;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,mBAAmB;QACzB,gBAAgB,EAAE,EAAE,IAAI,EAAE,qDAAqD,EAAE;QACjF,eAAe,EAAE,EAAE,IAAI,EAAE,6EAA6E,EAAE;QACxG,OAAO,EAAE,4CAA4C;QACrD,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;KAC3C;CACF,CAAC;AAaF,MAAM,UAAU,aAAa,CAC3B,KAAkB,EAClB,cAAiC,EAAE,EACnC,eAAkC,EAAE,EACpC,UAAwB,EAAE;IAE1B,MAAM,EAAE,kBAAkB,GAAG,IAAI,EAAE,mBAAmB,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE1E,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;QAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW;QAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3E,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAEtD,kBAAkB;QAClB,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;YAAE,SAAS;QAExF,MAAM,UAAU,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACtE,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,gCAAgC,CAAC;QAChG,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAgB,CAAC,CAAC,CAAC,SAAkB,CAAC;QAEjE,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACvE,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM;YACN,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,KAAK,kBAAkB,MAAM,GAAG,IAAI,EAAE,EAAE;YAC9D,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC3D,UAAU,EAAE;gBACV,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,OAAO;gBAC/B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACzE;SACF,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACvE,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,iCAAiC;YACzC,KAAK,EAAE,OAAO;YACd,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC,KAAK,oBAAoB,MAAM,GAAG,IAAI,EAAE,EAAE;YAC3E,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC3D,UAAU,EAAE;gBACV,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,OAAO;gBAC/B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACzE;SACF,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,IAAI,kBAAkB,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,KAAK,KAAK,OAAO;gBAAE,SAAS;YAClC,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,uBAAuB;gBAC/B,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBAC5B,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,mBAAmB,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,wBAAwB;gBAChC,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;gBAC5B,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,CAAC;gBACL,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,2BAA2B;wBAC3C,KAAK,EAAE,KAAK;qBACb;iBACF;gBACD,OAAO;aACR,CAAC;KACH,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,SAAS,YAAY,CAAC,IAAY,EAAE,IAAY;IAC9C,gCAAgC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACrC,OAAO;QACL,gBAAgB,EAAE;YAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE;YACzB,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;SAC5B;KACF,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAEtF,SAAS,gBAAgB,CAAC,MAAiB,EAAE,GAAc;IACzD,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/cli/index.d.ts

@@ -12,6 +12,8 @@
  *   guardlink sarif [dir]             Export SARIF 2.1.0 for GitHub / VS Code
  *   guardlink threat-report <prompt>  AI-powered threat analysis (STRIDE, DREAD, PASTA, etc.)
  *   guardlink threat-reports          List saved AI threat reports
+ *   guardlink translate [prompt]      Generate CERT-X-GEN pentest templates from threats
+ *   guardlink ask <query>             Ask questions about threats and codebase context
  *   guardlink annotate <prompt>       Launch coding agent to add annotations
  *   guardlink config <action>         Manage LLM provider configuration
  *   guardlink dashboard [dir]         Generate interactive HTML dashboard

package/dist/cli/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG"}