guardrail-cli 1.0.6 → 2.0.0

package/dist/init/templates.d.ts

@@ -0,0 +1,401 @@
+/**
+ * Template Configuration Module
+ * Defines startup/enterprise/oss templates with Zod schema validation
+ */
+import { z } from 'zod';
+export declare const TemplateType: z.ZodEnum<["startup", "enterprise", "oss"]>;
+export type TemplateType = z.infer<typeof TemplateType>;
+export declare const ScanConfigSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    threshold: z.ZodOptional<z.ZodEnum<["critical", "high", "medium", "low"]>>;
+    excludePatterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    enabled?: boolean;
+    threshold?: "critical" | "high" | "medium" | "low";
+    excludePatterns?: string[];
+}, {
+    enabled?: boolean;
+    threshold?: "critical" | "high" | "medium" | "low";
+    excludePatterns?: string[];
+}>;
+export declare const ComplianceConfigSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    frameworks: z.ZodOptional<z.ZodArray<z.ZodEnum<["soc2", "gdpr", "hipaa", "pci", "iso27001", "nist"]>, "many">>;
+    autoEvidence: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    enabled?: boolean;
+    frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+    autoEvidence?: boolean;
+}, {
+    enabled?: boolean;
+    frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+    autoEvidence?: boolean;
+}>;
+export declare const GatingConfigSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    blockOnCritical: z.ZodOptional<z.ZodBoolean>;
+    blockOnHigh: z.ZodOptional<z.ZodBoolean>;
+    baselineEnabled: z.ZodOptional<z.ZodBoolean>;
+    allowlistEnabled: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    enabled?: boolean;
+    blockOnCritical?: boolean;
+    blockOnHigh?: boolean;
+    baselineEnabled?: boolean;
+    allowlistEnabled?: boolean;
+}, {
+    enabled?: boolean;
+    blockOnCritical?: boolean;
+    blockOnHigh?: boolean;
+    baselineEnabled?: boolean;
+    allowlistEnabled?: boolean;
+}>;
+export declare const OutputConfigSchema: z.ZodObject<{
+    format: z.ZodEnum<["table", "json", "sarif", "markdown"]>;
+    sarifUpload: z.ZodOptional<z.ZodBoolean>;
+    badgeGeneration: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    format?: "json" | "sarif" | "table" | "markdown";
+    sarifUpload?: boolean;
+    badgeGeneration?: boolean;
+}, {
+    format?: "json" | "sarif" | "table" | "markdown";
+    sarifUpload?: boolean;
+    badgeGeneration?: boolean;
+}>;
+export declare const CIConfigSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    provider: z.ZodOptional<z.ZodEnum<["github", "gitlab", "azure", "bitbucket"]>>;
+    runOnPush: z.ZodOptional<z.ZodBoolean>;
+    runOnPR: z.ZodOptional<z.ZodBoolean>;
+    sarifUpload: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    enabled?: boolean;
+    sarifUpload?: boolean;
+    provider?: "github" | "gitlab" | "azure" | "bitbucket";
+    runOnPush?: boolean;
+    runOnPR?: boolean;
+}, {
+    enabled?: boolean;
+    sarifUpload?: boolean;
+    provider?: "github" | "gitlab" | "azure" | "bitbucket";
+    runOnPush?: boolean;
+    runOnPR?: boolean;
+}>;
+export declare const HooksConfigSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    runner: z.ZodOptional<z.ZodEnum<["husky", "lefthook"]>>;
+    preCommit: z.ZodOptional<z.ZodBoolean>;
+    prePush: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    enabled?: boolean;
+    runner?: "husky" | "lefthook";
+    preCommit?: boolean;
+    prePush?: boolean;
+}, {
+    enabled?: boolean;
+    runner?: "husky" | "lefthook";
+    preCommit?: boolean;
+    prePush?: boolean;
+}>;
+export declare const GuardrailConfigSchema: z.ZodObject<{
+    version: z.ZodString;
+    template: z.ZodOptional<z.ZodEnum<["startup", "enterprise", "oss"]>>;
+    framework: z.ZodOptional<z.ZodString>;
+    scans: z.ZodObject<{
+        secrets: z.ZodObject<{
+            enabled: z.ZodBoolean;
+            threshold: z.ZodOptional<z.ZodEnum<["critical", "high", "medium", "low"]>>;
+            excludePatterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        }, "strip", z.ZodTypeAny, {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        }, {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        }>;
+        vulnerabilities: z.ZodObject<{
+            enabled: z.ZodBoolean;
+            threshold: z.ZodOptional<z.ZodEnum<["critical", "high", "medium", "low"]>>;
+            excludePatterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        }, "strip", z.ZodTypeAny, {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        }, {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        }>;
+        compliance: z.ZodObject<{
+            enabled: z.ZodBoolean;
+            frameworks: z.ZodOptional<z.ZodArray<z.ZodEnum<["soc2", "gdpr", "hipaa", "pci", "iso27001", "nist"]>, "many">>;
+            autoEvidence: z.ZodOptional<z.ZodBoolean>;
+        }, "strip", z.ZodTypeAny, {
+            enabled?: boolean;
+            frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+            autoEvidence?: boolean;
+        }, {
+            enabled?: boolean;
+            frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+            autoEvidence?: boolean;
+        }>;
+        sbom: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodBoolean;
+        }, "strip", z.ZodTypeAny, {
+            enabled?: boolean;
+        }, {
+            enabled?: boolean;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        vulnerabilities?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        secrets?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        compliance?: {
+            enabled?: boolean;
+            frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+            autoEvidence?: boolean;
+        };
+        sbom?: {
+            enabled?: boolean;
+        };
+    }, {
+        vulnerabilities?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        secrets?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        compliance?: {
+            enabled?: boolean;
+            frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+            autoEvidence?: boolean;
+        };
+        sbom?: {
+            enabled?: boolean;
+        };
+    }>;
+    gating: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        blockOnCritical: z.ZodOptional<z.ZodBoolean>;
+        blockOnHigh: z.ZodOptional<z.ZodBoolean>;
+        baselineEnabled: z.ZodOptional<z.ZodBoolean>;
+        allowlistEnabled: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enabled?: boolean;
+        blockOnCritical?: boolean;
+        blockOnHigh?: boolean;
+        baselineEnabled?: boolean;
+        allowlistEnabled?: boolean;
+    }, {
+        enabled?: boolean;
+        blockOnCritical?: boolean;
+        blockOnHigh?: boolean;
+        baselineEnabled?: boolean;
+        allowlistEnabled?: boolean;
+    }>;
+    output: z.ZodObject<{
+        format: z.ZodEnum<["table", "json", "sarif", "markdown"]>;
+        sarifUpload: z.ZodOptional<z.ZodBoolean>;
+        badgeGeneration: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        format?: "json" | "sarif" | "table" | "markdown";
+        sarifUpload?: boolean;
+        badgeGeneration?: boolean;
+    }, {
+        format?: "json" | "sarif" | "table" | "markdown";
+        sarifUpload?: boolean;
+        badgeGeneration?: boolean;
+    }>;
+    ci: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodBoolean;
+        provider: z.ZodOptional<z.ZodEnum<["github", "gitlab", "azure", "bitbucket"]>>;
+        runOnPush: z.ZodOptional<z.ZodBoolean>;
+        runOnPR: z.ZodOptional<z.ZodBoolean>;
+        sarifUpload: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enabled?: boolean;
+        sarifUpload?: boolean;
+        provider?: "github" | "gitlab" | "azure" | "bitbucket";
+        runOnPush?: boolean;
+        runOnPR?: boolean;
+    }, {
+        enabled?: boolean;
+        sarifUpload?: boolean;
+        provider?: "github" | "gitlab" | "azure" | "bitbucket";
+        runOnPush?: boolean;
+        runOnPR?: boolean;
+    }>>;
+    hooks: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodBoolean;
+        runner: z.ZodOptional<z.ZodEnum<["husky", "lefthook"]>>;
+        preCommit: z.ZodOptional<z.ZodBoolean>;
+        prePush: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enabled?: boolean;
+        runner?: "husky" | "lefthook";
+        preCommit?: boolean;
+        prePush?: boolean;
+    }, {
+        enabled?: boolean;
+        runner?: "husky" | "lefthook";
+        preCommit?: boolean;
+        prePush?: boolean;
+    }>>;
+    noise: z.ZodOptional<z.ZodObject<{
+        suppressTestFiles: z.ZodOptional<z.ZodBoolean>;
+        suppressLowConfidence: z.ZodOptional<z.ZodBoolean>;
+        minEntropy: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        suppressTestFiles?: boolean;
+        suppressLowConfidence?: boolean;
+        minEntropy?: number;
+    }, {
+        suppressTestFiles?: boolean;
+        suppressLowConfidence?: boolean;
+        minEntropy?: number;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    version?: string;
+    template?: "enterprise" | "startup" | "oss";
+    framework?: string;
+    scans?: {
+        vulnerabilities?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        secrets?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        compliance?: {
+            enabled?: boolean;
+            frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+            autoEvidence?: boolean;
+        };
+        sbom?: {
+            enabled?: boolean;
+        };
+    };
+    gating?: {
+        enabled?: boolean;
+        blockOnCritical?: boolean;
+        blockOnHigh?: boolean;
+        baselineEnabled?: boolean;
+        allowlistEnabled?: boolean;
+    };
+    output?: {
+        format?: "json" | "sarif" | "table" | "markdown";
+        sarifUpload?: boolean;
+        badgeGeneration?: boolean;
+    };
+    ci?: {
+        enabled?: boolean;
+        sarifUpload?: boolean;
+        provider?: "github" | "gitlab" | "azure" | "bitbucket";
+        runOnPush?: boolean;
+        runOnPR?: boolean;
+    };
+    hooks?: {
+        enabled?: boolean;
+        runner?: "husky" | "lefthook";
+        preCommit?: boolean;
+        prePush?: boolean;
+    };
+    noise?: {
+        suppressTestFiles?: boolean;
+        suppressLowConfidence?: boolean;
+        minEntropy?: number;
+    };
+}, {
+    version?: string;
+    template?: "enterprise" | "startup" | "oss";
+    framework?: string;
+    scans?: {
+        vulnerabilities?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        secrets?: {
+            enabled?: boolean;
+            threshold?: "critical" | "high" | "medium" | "low";
+            excludePatterns?: string[];
+        };
+        compliance?: {
+            enabled?: boolean;
+            frameworks?: ("soc2" | "gdpr" | "hipaa" | "pci" | "iso27001" | "nist")[];
+            autoEvidence?: boolean;
+        };
+        sbom?: {
+            enabled?: boolean;
+        };
+    };
+    gating?: {
+        enabled?: boolean;
+        blockOnCritical?: boolean;
+        blockOnHigh?: boolean;
+        baselineEnabled?: boolean;
+        allowlistEnabled?: boolean;
+    };
+    output?: {
+        format?: "json" | "sarif" | "table" | "markdown";
+        sarifUpload?: boolean;
+        badgeGeneration?: boolean;
+    };
+    ci?: {
+        enabled?: boolean;
+        sarifUpload?: boolean;
+        provider?: "github" | "gitlab" | "azure" | "bitbucket";
+        runOnPush?: boolean;
+        runOnPR?: boolean;
+    };
+    hooks?: {
+        enabled?: boolean;
+        runner?: "husky" | "lefthook";
+        preCommit?: boolean;
+        prePush?: boolean;
+    };
+    noise?: {
+        suppressTestFiles?: boolean;
+        suppressLowConfidence?: boolean;
+        minEntropy?: number;
+    };
+}>;
+export type GuardrailConfig = z.infer<typeof GuardrailConfigSchema>;
+export interface TemplateDefinition {
+    name: string;
+    description: string;
+    config: GuardrailConfig;
+}
+export declare const TEMPLATES: Record<TemplateType, TemplateDefinition>;
+export declare function getTemplate(templateType: TemplateType): TemplateDefinition;
+export declare function validateConfig(config: unknown): {
+    success: true;
+    data: GuardrailConfig;
+} | {
+    success: false;
+    error: z.ZodError;
+};
+export declare function mergeWithFrameworkDefaults(config: GuardrailConfig, framework: string, recommendedScans: string[]): GuardrailConfig;
+export declare function getTemplateChoices(): Array<{
+    name: string;
+    value: TemplateType;
+    description: string;
+}>;
+//# sourceMappingURL=templates.d.ts.map

package/dist/init/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/init/templates.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,YAAY,6CAA2C,CAAC;AACrE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;EAI3B,CAAC;AAEH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;EAIjC,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;EAM7B,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;EAI7B,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;EAMzB,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;EAK5B,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmBhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,eAAe,CAAC;CACzB;AA8HD,eAAO,MAAM,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE,kBAAkB,CAI9D,CAAC;AAEF,wBAAgB,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,kBAAkB,CAE1E;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,eAAe,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAA;CAAE,CAMhI;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,eAAe,EACvB,SAAS,EAAE,MAAM,EACjB,gBAAgB,EAAE,MAAM,EAAE,GACzB,eAAe,CAkBjB;AAED,wBAAgB,kBAAkB,IAAI,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,YAAY,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAkBtG"}

package/dist/init/templates.js

@@ -0,0 +1,240 @@
+"use strict";
+/**
+ * Template Configuration Module
+ * Defines startup/enterprise/oss templates with Zod schema validation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TEMPLATES = exports.GuardrailConfigSchema = exports.HooksConfigSchema = exports.CIConfigSchema = exports.OutputConfigSchema = exports.GatingConfigSchema = exports.ComplianceConfigSchema = exports.ScanConfigSchema = exports.TemplateType = void 0;
+exports.getTemplate = getTemplate;
+exports.validateConfig = validateConfig;
+exports.mergeWithFrameworkDefaults = mergeWithFrameworkDefaults;
+exports.getTemplateChoices = getTemplateChoices;
+const zod_1 = require("zod");
+exports.TemplateType = zod_1.z.enum(['startup', 'enterprise', 'oss']);
+exports.ScanConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    threshold: zod_1.z.enum(['critical', 'high', 'medium', 'low']).optional(),
+    excludePatterns: zod_1.z.array(zod_1.z.string()).optional(),
+});
+exports.ComplianceConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    frameworks: zod_1.z.array(zod_1.z.enum(['soc2', 'gdpr', 'hipaa', 'pci', 'iso27001', 'nist'])).optional(),
+    autoEvidence: zod_1.z.boolean().optional(),
+});
+exports.GatingConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    blockOnCritical: zod_1.z.boolean().optional(),
+    blockOnHigh: zod_1.z.boolean().optional(),
+    baselineEnabled: zod_1.z.boolean().optional(),
+    allowlistEnabled: zod_1.z.boolean().optional(),
+});
+exports.OutputConfigSchema = zod_1.z.object({
+    format: zod_1.z.enum(['table', 'json', 'sarif', 'markdown']),
+    sarifUpload: zod_1.z.boolean().optional(),
+    badgeGeneration: zod_1.z.boolean().optional(),
+});
+exports.CIConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    provider: zod_1.z.enum(['github', 'gitlab', 'azure', 'bitbucket']).optional(),
+    runOnPush: zod_1.z.boolean().optional(),
+    runOnPR: zod_1.z.boolean().optional(),
+    sarifUpload: zod_1.z.boolean().optional(),
+});
+exports.HooksConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    runner: zod_1.z.enum(['husky', 'lefthook']).optional(),
+    preCommit: zod_1.z.boolean().optional(),
+    prePush: zod_1.z.boolean().optional(),
+});
+exports.GuardrailConfigSchema = zod_1.z.object({
+    version: zod_1.z.string(),
+    template: exports.TemplateType.optional(),
+    framework: zod_1.z.string().optional(),
+    scans: zod_1.z.object({
+        secrets: exports.ScanConfigSchema,
+        vulnerabilities: exports.ScanConfigSchema,
+        compliance: exports.ComplianceConfigSchema,
+        sbom: zod_1.z.object({ enabled: zod_1.z.boolean() }).optional(),
+    }),
+    gating: exports.GatingConfigSchema,
+    output: exports.OutputConfigSchema,
+    ci: exports.CIConfigSchema.optional(),
+    hooks: exports.HooksConfigSchema.optional(),
+    noise: zod_1.z.object({
+        suppressTestFiles: zod_1.z.boolean().optional(),
+        suppressLowConfidence: zod_1.z.boolean().optional(),
+        minEntropy: zod_1.z.number().optional(),
+    }).optional(),
+});
+const STARTUP_TEMPLATE = {
+    name: 'Startup',
+    description: 'Fast scans, minimal compliance, friendly noise thresholds - ideal for early-stage teams',
+    config: {
+        version: '1.0.0',
+        template: 'startup',
+        scans: {
+            secrets: {
+                enabled: true,
+                threshold: 'high',
+                excludePatterns: ['**/*.test.*', '**/*.spec.*', '**/fixtures/**'],
+            },
+            vulnerabilities: {
+                enabled: true,
+                threshold: 'high',
+            },
+            compliance: {
+                enabled: false,
+            },
+        },
+        gating: {
+            enabled: true,
+            blockOnCritical: true,
+            blockOnHigh: false,
+            baselineEnabled: false,
+            allowlistEnabled: false,
+        },
+        output: {
+            format: 'table',
+            badgeGeneration: true,
+        },
+        noise: {
+            suppressTestFiles: true,
+            suppressLowConfidence: true,
+            minEntropy: 3.5,
+        },
+    },
+};
+const ENTERPRISE_TEMPLATE = {
+    name: 'Enterprise',
+    description: 'Strict gating, baseline/allowlist enabled, compliance on by default, SARIF output for CI',
+    config: {
+        version: '1.0.0',
+        template: 'enterprise',
+        scans: {
+            secrets: {
+                enabled: true,
+                threshold: 'low',
+            },
+            vulnerabilities: {
+                enabled: true,
+                threshold: 'medium',
+            },
+            compliance: {
+                enabled: true,
+                frameworks: ['soc2'],
+                autoEvidence: true,
+            },
+            sbom: {
+                enabled: true,
+            },
+        },
+        gating: {
+            enabled: true,
+            blockOnCritical: true,
+            blockOnHigh: true,
+            baselineEnabled: true,
+            allowlistEnabled: true,
+        },
+        output: {
+            format: 'sarif',
+            sarifUpload: true,
+            badgeGeneration: true,
+        },
+        noise: {
+            suppressTestFiles: false,
+            suppressLowConfidence: false,
+        },
+    },
+};
+const OSS_TEMPLATE = {
+    name: 'OSS',
+    description: 'Focus on supply chain (SBOM, vulns), permissive gating, contributor-friendly output',
+    config: {
+        version: '1.0.0',
+        template: 'oss',
+        scans: {
+            secrets: {
+                enabled: true,
+                threshold: 'high',
+                excludePatterns: ['**/*.example.*', '**/examples/**', '**/docs/**'],
+            },
+            vulnerabilities: {
+                enabled: true,
+                threshold: 'medium',
+            },
+            compliance: {
+                enabled: false,
+            },
+            sbom: {
+                enabled: true,
+            },
+        },
+        gating: {
+            enabled: true,
+            blockOnCritical: true,
+            blockOnHigh: false,
+            baselineEnabled: true,
+            allowlistEnabled: true,
+        },
+        output: {
+            format: 'markdown',
+            badgeGeneration: true,
+        },
+        noise: {
+            suppressTestFiles: true,
+            suppressLowConfidence: true,
+            minEntropy: 3.0,
+        },
+    },
+};
+exports.TEMPLATES = {
+    startup: STARTUP_TEMPLATE,
+    enterprise: ENTERPRISE_TEMPLATE,
+    oss: OSS_TEMPLATE,
+};
+function getTemplate(templateType) {
+    return exports.TEMPLATES[templateType];
+}
+function validateConfig(config) {
+    const result = exports.GuardrailConfigSchema.safeParse(config);
+    if (result.success) {
+        return { success: true, data: result.data };
+    }
+    return { success: false, error: result.error };
+}
+function mergeWithFrameworkDefaults(config, framework, recommendedScans) {
+    const merged = { ...config, framework };
+    if (recommendedScans.includes('reality')) {
+        merged.scans = {
+            ...merged.scans,
+        };
+    }
+    if (recommendedScans.includes('compliance') && !merged.scans.compliance.enabled) {
+        merged.scans.compliance = {
+            ...merged.scans.compliance,
+            enabled: true,
+            frameworks: ['soc2'],
+        };
+    }
+    return merged;
+}
+function getTemplateChoices() {
+    return [
+        {
+            name: 'Startup',
+            value: 'startup',
+            description: STARTUP_TEMPLATE.description,
+        },
+        {
+            name: 'Enterprise',
+            value: 'enterprise',
+            description: ENTERPRISE_TEMPLATE.description,
+        },
+        {
+            name: 'OSS',
+            value: 'oss',
+            description: OSS_TEMPLATE.description,
+        },
+    ];
+}
+//# sourceMappingURL=templates.js.map

package/dist/init/templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../src/init/templates.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA+MH,kCAEC;AAED,wCAMC;AAED,gEAsBC;AAED,gDAkBC;AAnQD,6BAAwB;AAEX,QAAA,YAAY,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;AAGxD,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,SAAS,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnE,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEU,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC5F,YAAY,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC;AAEU,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,gBAAgB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEU,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IACtD,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEU,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;IAChD,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEU,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;IACnB,QAAQ,EAAE,oBAAY,CAAC,QAAQ,EAAE;IACjC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;QACd,OAAO,EAAE,wBAAgB;QACzB,eAAe,EAAE,wBAAgB;QACjC,UAAU,EAAE,8BAAsB;QAClC,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE;KACpD,CAAC;IACF,MAAM,EAAE,0BAAkB;IAC1B,MAAM,EAAE,0BAAkB;IAC1B,EAAE,EAAE,sBAAc,CAAC,QAAQ,EAAE;IAC7B,KAAK,EAAE,yBAAiB,CAAC,QAAQ,EAAE;IACnC,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;QACd,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACzC,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC7C,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAClC,CAAC,CAAC,QAAQ,EAAE;CACd,CAAC,CAAC;AAUH,MAAM,gBAAgB,GAAuB;IAC3C,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,yFAAyF;IACtG,MAAM,EAAE;QACN,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE;YACL,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,MAAM;gBACjB,eAAe,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,gBAAgB,CAAC;aAClE;YACD,eAAe,EAAE;gBACf,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,MAAM;aAClB;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,KAAK;aACf;SACF;QACD,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;SACxB;QACD,MAAM,EAAE;YACN,MAAM,EAAE,OAAO;YACf,eAAe,EAAE,IAAI;SACtB;QACD,KAAK,EAAE;YACL,iBAAiB,EAAE,IAAI;YACvB,qBAAqB,EAAE,IAAI;YAC3B,UAAU,EAAE,GAAG;SAChB;KACF;CACF,CAAC;AAEF,MAAM,mBAAmB,GAAuB;IAC9C,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,0FAA0F;IACvG,MAAM,EAAE;QACN,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE;YACL,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,KAAK;aACjB;YACD,eAAe,EAAE;gBACf,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,QAAQ;aACpB;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,CAAC,MAAM,CAAC;gBACpB,YAAY,EAAE,IAAI;aACnB;YACD,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;aACd;SACF;QACD,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,gBAAgB,EAAE,IAAI;SACvB;QACD,MAAM,EAAE;YACN,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;SACtB;QACD,KAAK,EAAE;YACL,iBAAiB,EAAE,KAAK;YACxB,qBAAqB,EAAE,KAAK;SAC7B;KACF;CACF,CAAC;AAEF,MAAM,YAAY,GAAuB;IACvC,IAAI,EAAE,KAAK;IACX,WAAW,EAAE,qFAAqF;IAClG,MAAM,EAAE;QACN,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE;YACL,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,MAAM;gBACjB,eAAe,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,YAAY,CAAC;aACpE;YACD,eAAe,EAAE;gBACf,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,QAAQ;aACpB;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,KAAK;aACf;YACD,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;aACd;SACF;QACD,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,IAAI;YACrB,gBAAgB,EAAE,IAAI;SACvB;QACD,MAAM,EAAE;YACN,MAAM,EAAE,UAAU;YAClB,eAAe,EAAE,IAAI;SACtB;QACD,KAAK,EAAE;YACL,iBAAiB,EAAE,IAAI;YACvB,qBAAqB,EAAE,IAAI;YAC3B,UAAU,EAAE,GAAG;SAChB;KACF;CACF,CAAC;AAEW,QAAA,SAAS,GAA6C;IACjE,OAAO,EAAE,gBAAgB;IACzB,UAAU,EAAE,mBAAmB;IAC/B,GAAG,EAAE,YAAY;CAClB,CAAC;AAEF,SAAgB,WAAW,CAAC,YAA0B;IACpD,OAAO,iBAAS,CAAC,YAAY,CAAC,CAAC;AACjC,CAAC;AAED,SAAgB,cAAc,CAAC,MAAe;IAC5C,MAAM,MAAM,GAAG,6BAAqB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AACjD,CAAC;AAED,SAAgB,0BAA0B,CACxC,MAAuB,EACvB,SAAiB,EACjB,gBAA0B;IAE1B,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,CAAC;IAExC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,MAAM,CAAC,KAAK,GAAG;YACb,GAAG,MAAM,CAAC,KAAK;SAChB,CAAC;IACJ,CAAC;IAED,IAAI,gBAAgB,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QAChF,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG;YACxB,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU;YAC1B,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,CAAC,MAAM,CAAC;SACrB,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,kBAAkB;IAChC,OAAO;QACL;YACE,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,gBAAgB,CAAC,WAAW;SAC1C;QACD;YACE,IAAI,EAAE,YAAY;YAClB,KAAK,EAAE,YAAY;YACnB,WAAW,EAAE,mBAAmB,CAAC,WAAW;SAC7C;QACD;YACE,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,YAAY,CAAC,WAAW;SACtC;KACF,CAAC;AACJ,CAAC"}