guardrail-cli 1.0.6 → 2.0.0

package/dist/commands/cache.js

@@ -0,0 +1,165 @@
+"use strict";
+/**
+ * Cache management commands
+ *
+ * Commands:
+ * - cache:clear - Clear the OSV vulnerability cache
+ * - cache:status - Show cache statistics
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerCacheCommands = registerCacheCommands;
+const path_1 = require("path");
+const fs_1 = require("fs");
+const c = {
+    bold: (s) => `\x1b[1m${s}\x1b[0m`,
+    dim: (s) => `\x1b[2m${s}\x1b[0m`,
+    success: (s) => `\x1b[32m${s}\x1b[0m`,
+    error: (s) => `\x1b[31m${s}\x1b[0m`,
+    info: (s) => `\x1b[34m${s}\x1b[0m`,
+    warning: (s) => `\x1b[33m${s}\x1b[0m`,
+};
+/**
+ * Get cache directory path
+ */
+function getCacheDir(projectPath = '.') {
+    return (0, path_1.join)(projectPath, '.guardrail', 'cache');
+}
+/**
+ * Get cache statistics
+ */
+function getCacheStats(cacheDir) {
+    if (!(0, fs_1.existsSync)(cacheDir)) {
+        return { exists: false, totalSize: 0, fileCount: 0, files: [] };
+    }
+    const files = [];
+    let totalSize = 0;
+    try {
+        const entries = (0, fs_1.readdirSync)(cacheDir);
+        for (const entry of entries) {
+            const filePath = (0, path_1.join)(cacheDir, entry);
+            const stat = (0, fs_1.statSync)(filePath);
+            if (stat.isFile()) {
+                files.push({
+                    name: entry,
+                    size: stat.size,
+                    modified: stat.mtime,
+                });
+                totalSize += stat.size;
+            }
+        }
+    }
+    catch {
+        // Failed to read cache directory
+    }
+    return {
+        exists: true,
+        totalSize,
+        fileCount: files.length,
+        files,
+    };
+}
+/**
+ * Format bytes to human readable
+ */
+function formatBytes(bytes) {
+    if (bytes === 0)
+        return '0 B';
+    const k = 1024;
+    const sizes = ['B', 'KB', 'MB', 'GB'];
+    const i = Math.floor(Math.log(bytes) / Math.log(k));
+    return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + ' ' + sizes[i];
+}
+/**
+ * Clear cache directory
+ */
+function clearCache(cacheDir) {
+    try {
+        if ((0, fs_1.existsSync)(cacheDir)) {
+            (0, fs_1.rmSync)(cacheDir, { recursive: true, force: true });
+        }
+        (0, fs_1.mkdirSync)(cacheDir, { recursive: true });
+        return { success: true };
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : 'Unknown error',
+        };
+    }
+}
+/**
+ * Register cache commands
+ */
+function registerCacheCommands(program, printLogo) {
+    program
+        .command('cache:clear')
+        .description('Clear the Guardrail cache (OSV vulnerability data)')
+        .option('-p, --path <path>', 'Project path', '.')
+        .option('--global', 'Clear global cache instead of project cache')
+        .action(async (opts) => {
+        printLogo();
+        console.log(`\n${c.bold('🗑️  CACHE CLEAR')}\n`);
+        let cacheDir;
+        if (opts.global) {
+            const homeDir = process.env.HOME || process.env.USERPROFILE || '.';
+            cacheDir = (0, path_1.join)(homeDir, '.guardrail', 'cache');
+        }
+        else {
+            cacheDir = getCacheDir(opts.path);
+        }
+        const stats = getCacheStats(cacheDir);
+        if (!stats.exists || stats.fileCount === 0) {
+            console.log(`  ${c.info('ℹ')} Cache is already empty\n`);
+            console.log(`  ${c.dim('Path:')} ${cacheDir}\n`);
+            return;
+        }
+        console.log(`  ${c.dim('Path:')} ${cacheDir}`);
+        console.log(`  ${c.dim('Files:')} ${stats.fileCount}`);
+        console.log(`  ${c.dim('Size:')} ${formatBytes(stats.totalSize)}\n`);
+        const result = clearCache(cacheDir);
+        if (result.success) {
+            console.log(`  ${c.success('✓')} Cache cleared successfully\n`);
+        }
+        else {
+            console.log(`  ${c.error('✗')} Failed to clear cache: ${result.error}\n`);
+            process.exit(1);
+        }
+    });
+    program
+        .command('cache:status')
+        .description('Show cache statistics')
+        .option('-p, --path <path>', 'Project path', '.')
+        .option('--global', 'Show global cache instead of project cache')
+        .action(async (opts) => {
+        printLogo();
+        console.log(`\n${c.bold('📊 CACHE STATUS')}\n`);
+        let cacheDir;
+        if (opts.global) {
+            const homeDir = process.env.HOME || process.env.USERPROFILE || '.';
+            cacheDir = (0, path_1.join)(homeDir, '.guardrail', 'cache');
+        }
+        else {
+            cacheDir = getCacheDir(opts.path);
+        }
+        const stats = getCacheStats(cacheDir);
+        console.log(`  ${c.dim('Path:')} ${cacheDir}`);
+        console.log(`  ${c.dim('Exists:')} ${stats.exists ? c.success('yes') : c.warning('no')}`);
+        console.log(`  ${c.dim('Files:')} ${stats.fileCount}`);
+        console.log(`  ${c.dim('Total size:')} ${formatBytes(stats.totalSize)}\n`);
+        if (stats.files.length > 0) {
+            console.log(`  ${c.bold('Cached files:')}\n`);
+            for (const file of stats.files) {
+                const age = Date.now() - file.modified.getTime();
+                const ageHours = Math.floor(age / (1000 * 60 * 60));
+                const ageStr = ageHours < 24 ? `${ageHours}h ago` : `${Math.floor(ageHours / 24)}d ago`;
+                console.log(`  ${c.info('•')} ${file.name}`);
+                console.log(`    ${c.dim('Size:')} ${formatBytes(file.size)} | ${c.dim('Modified:')} ${ageStr}`);
+            }
+            console.log('');
+        }
+        // Show TTL info
+        console.log(`  ${c.dim('Cache TTL:')} 24 hours`);
+        console.log(`  ${c.dim('Tip:')} Use ${c.bold('--no-cache')} flag to bypass cache\n`);
+    });
+}
+//# sourceMappingURL=cache.js.map

package/dist/commands/cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/commands/cache.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAgGH,sDAoFC;AAjLD,+BAA4B;AAC5B,2BAA0E;AAE1E,MAAM,CAAC,GAAG;IACR,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;IACzC,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;IACxC,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC7C,KAAK,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC3C,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC1C,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;CAC9C,CAAC;AAEF;;GAEG;AACH,SAAS,WAAW,CAAC,cAAsB,GAAG;IAC5C,OAAO,IAAA,WAAI,EAAC,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,QAAgB;IAMrC,IAAI,CAAC,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAClE,CAAC;IAED,MAAM,KAAK,GAAqD,EAAE,CAAC;IACnE,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,gBAAW,EAAC,QAAQ,CAAC,CAAC;QACtC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvC,MAAM,IAAI,GAAG,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,KAAK;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,KAAK;iBACrB,CAAC,CAAC;gBACH,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iCAAiC;IACnC,CAAC;IAED,OAAO;QACL,MAAM,EAAE,IAAI;QACZ,SAAS;QACT,SAAS,EAAE,KAAK,CAAC,MAAM;QACvB,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9B,MAAM,CAAC,GAAG,IAAI,CAAC;IACf,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,UAAU,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,QAAgB;IAClC,IAAI,CAAC;QACH,IAAI,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAA,WAAM,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,IAAA,cAAS,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAAgB,EAChB,SAAqB;IAErB,OAAO;SACJ,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,oDAAoD,CAAC;SACjE,MAAM,CAAC,mBAAmB,EAAE,cAAc,EAAE,GAAG,CAAC;SAChD,MAAM,CAAC,UAAU,EAAE,6CAA6C,CAAC;SACjE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEjD,IAAI,QAAgB,CAAC;QACrB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC;YACnE,QAAQ,GAAG,IAAA,WAAI,EAAC,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,KAAK,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QAEtC,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,QAAQ,IAAI,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAErE,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,uBAAuB,CAAC;SACpC,MAAM,CAAC,mBAAmB,EAAE,cAAc,EAAE,GAAG,CAAC;SAChD,MAAM,CAAC,UAAU,EAAE,4CAA4C,CAAC;SAChE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAEhD,IAAI,QAAgB,CAAC;QACrB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC;YACnE,QAAQ,GAAG,IAAA,WAAI,EAAC,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,KAAK,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QAEtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAE3E,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC9C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,QAAQ,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,EAAE,CAAC,OAAO,CAAC;gBAExF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;YACnG,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QAED,gBAAgB;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/evidence.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Signed Evidence Packs
+ * Enterprise-grade audit trail with cryptographic attestation
+ *
+ * Generates:
+ * - manifest.json (scan metadata)
+ * - inputs.sha256 (hash list of scanned files)
+ * - results.json / results.sarif
+ * - attestation.sig (signature for tamper detection)
+ */
+export interface EvidenceManifest {
+    schemaVersion: string;
+    runId: string;
+    tool: {
+        name: string;
+        version: string;
+        commit?: string;
+    };
+    project: {
+        path: string;
+        gitSha?: string;
+        gitBranch?: string;
+        gitRemote?: string;
+    };
+    scan: {
+        type: string;
+        startedAt: string;
+        completedAt: string;
+        filesScanned: number;
+        findingsCount: number;
+    };
+    evidence: {
+        inputsSha256: string;
+        resultsSha256: string;
+        policySha256?: string;
+    };
+    attestation: {
+        algorithm: string;
+        keyId: string;
+        signature?: string;
+    };
+}
+export declare function generateEvidence(scanType: string, results: any, projectPath: string): Promise<string>;
+export declare function verifyEvidence(evidencePath: string): Promise<boolean>;
+//# sourceMappingURL=evidence.d.ts.map

package/dist/commands/evidence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.d.ts","sourceRoot":"","sources":["../../src/commands/evidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAOH,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,QAAQ,EAAE;QACR,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,WAAW,EAAE;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AA2ED,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,GAAG,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,CAAC,CAoFjB;AAED,wBAAsB,cAAc,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAkC3E"}

package/dist/commands/evidence.js

@@ -0,0 +1,197 @@
+"use strict";
+/**
+ * Signed Evidence Packs
+ * Enterprise-grade audit trail with cryptographic attestation
+ *
+ * Generates:
+ * - manifest.json (scan metadata)
+ * - inputs.sha256 (hash list of scanned files)
+ * - results.json / results.sarif
+ * - attestation.sig (signature for tamper detection)
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateEvidence = generateEvidence;
+exports.verifyEvidence = verifyEvidence;
+const crypto_1 = __importDefault(require("crypto"));
+const fs_1 = require("fs");
+const path_1 = require("path");
+const child_process_1 = require("child_process");
+function getVersion() {
+    try {
+        const pkg = require('../../package.json');
+        return pkg.version || '1.0.0';
+    }
+    catch {
+        return '1.0.0';
+    }
+}
+function getGitInfo(projectPath) {
+    try {
+        const sha = (0, child_process_1.execSync)('git rev-parse HEAD', { cwd: projectPath, encoding: 'utf8' }).trim();
+        const branch = (0, child_process_1.execSync)('git rev-parse --abbrev-ref HEAD', { cwd: projectPath, encoding: 'utf8' }).trim();
+        let remote;
+        try {
+            remote = (0, child_process_1.execSync)('git remote get-url origin', { cwd: projectPath, encoding: 'utf8' }).trim();
+        }
+        catch {
+            // No remote configured
+        }
+        return { sha, branch, remote };
+    }
+    catch {
+        return {};
+    }
+}
+function sha256(content) {
+    return crypto_1.default.createHash('sha256').update(content).digest('hex');
+}
+function generateRunId() {
+    return `run_${Date.now()}_${crypto_1.default.randomBytes(4).toString('hex')}`;
+}
+function hashFileList(projectPath, extensions = ['.ts', '.js', '.json', '.env', '.yaml', '.yml']) {
+    const hashes = [];
+    function walkDir(dir) {
+        try {
+            const items = (0, fs_1.readdirSync)(dir);
+            for (const item of items) {
+                if (item.startsWith('.') || item === 'node_modules' || item === 'dist' || item === '.git')
+                    continue;
+                const fullPath = (0, path_1.join)(dir, item);
+                try {
+                    const stat = (0, fs_1.statSync)(fullPath);
+                    if (stat.isDirectory()) {
+                        walkDir(fullPath);
+                    }
+                    else if (extensions.some(ext => item.endsWith(ext))) {
+                        const content = (0, fs_1.readFileSync)(fullPath);
+                        const hash = crypto_1.default.createHash('sha256').update(content).digest('hex');
+                        const relPath = (0, path_1.relative)(projectPath, fullPath).replace(/\\/g, '/');
+                        hashes.push(`${hash}  ${relPath}`);
+                    }
+                }
+                catch {
+                    // Skip inaccessible files
+                }
+            }
+        }
+        catch {
+            // Skip inaccessible directories
+        }
+    }
+    walkDir(projectPath);
+    hashes.sort();
+    return hashes.join('\n');
+}
+function signContent(content, keyId) {
+    // Use HMAC-SHA256 with a per-installation key
+    // In production, this would use a proper signing key from keychain
+    const key = process.env.GUARDRAIL_SIGNING_KEY || `guardrail-${keyId}`;
+    return crypto_1.default.createHmac('sha256', key).update(content).digest('hex');
+}
+async function generateEvidence(scanType, results, projectPath) {
+    const evidenceDir = (0, path_1.join)(projectPath, '.guardrail', 'evidence');
+    if (!(0, fs_1.existsSync)(evidenceDir)) {
+        (0, fs_1.mkdirSync)(evidenceDir, { recursive: true });
+    }
+    const runId = generateRunId();
+    const runDir = (0, path_1.join)(evidenceDir, runId);
+    (0, fs_1.mkdirSync)(runDir, { recursive: true });
+    const startTime = new Date().toISOString();
+    const gitInfo = getGitInfo(projectPath);
+    const version = getVersion();
+    // Generate inputs hash
+    const inputsContent = hashFileList(projectPath);
+    const inputsPath = (0, path_1.join)(runDir, 'inputs.sha256');
+    (0, fs_1.writeFileSync)(inputsPath, inputsContent);
+    const inputsSha256 = sha256(inputsContent);
+    // Write results
+    const resultsJson = JSON.stringify(results, null, 2);
+    const resultsPath = (0, path_1.join)(runDir, 'results.json');
+    (0, fs_1.writeFileSync)(resultsPath, resultsJson);
+    const resultsSha256 = sha256(resultsJson);
+    // Generate machine ID for key identification
+    const keyId = crypto_1.default.createHash('sha256')
+        .update(process.env.COMPUTERNAME || process.env.HOSTNAME || 'unknown')
+        .digest('hex')
+        .slice(0, 16);
+    // Build manifest
+    const manifest = {
+        schemaVersion: 'guardrail.evidence.v1',
+        runId,
+        tool: {
+            name: 'guardrail-cli',
+            version,
+        },
+        project: {
+            path: projectPath,
+            gitSha: gitInfo.sha,
+            gitBranch: gitInfo.branch,
+            gitRemote: gitInfo.remote,
+        },
+        scan: {
+            type: scanType,
+            startedAt: startTime,
+            completedAt: new Date().toISOString(),
+            filesScanned: results.filesScanned || 0,
+            findingsCount: results.findings?.length || 0,
+        },
+        evidence: {
+            inputsSha256,
+            resultsSha256,
+        },
+        attestation: {
+            algorithm: 'HMAC-SHA256',
+            keyId,
+        },
+    };
+    // Sign the manifest
+    const manifestContent = JSON.stringify(manifest, null, 2);
+    const signature = signContent(manifestContent, keyId);
+    manifest.attestation.signature = signature;
+    // Write final manifest with signature
+    const manifestPath = (0, path_1.join)(runDir, 'manifest.json');
+    (0, fs_1.writeFileSync)(manifestPath, JSON.stringify(manifest, null, 2));
+    // Write attestation separately
+    const attestationPath = (0, path_1.join)(runDir, 'attestation.sig');
+    (0, fs_1.writeFileSync)(attestationPath, signature);
+    console.log(`\n  📦 Evidence pack generated: ${runDir}`);
+    console.log(`     Run ID: ${runId}`);
+    console.log(`     Inputs hash: ${inputsSha256.slice(0, 16)}...`);
+    console.log(`     Results hash: ${resultsSha256.slice(0, 16)}...`);
+    console.log(`     Signature: ${signature.slice(0, 16)}...\n`);
+    return runDir;
+}
+async function verifyEvidence(evidencePath) {
+    try {
+        const manifestPath = (0, path_1.join)(evidencePath, 'manifest.json');
+        const manifestContent = (0, fs_1.readFileSync)(manifestPath, 'utf8');
+        const manifest = JSON.parse(manifestContent);
+        // Remove signature for verification
+        const storedSignature = manifest.attestation.signature;
+        delete manifest.attestation.signature;
+        // Recompute signature
+        const expectedSignature = signContent(JSON.stringify(manifest, null, 2), manifest.attestation.keyId);
+        if (storedSignature !== expectedSignature) {
+            console.error('❌ Evidence verification failed: signature mismatch');
+            return false;
+        }
+        // Verify results hash
+        const resultsPath = (0, path_1.join)(evidencePath, 'results.json');
+        const resultsContent = (0, fs_1.readFileSync)(resultsPath, 'utf8');
+        const resultsSha256 = sha256(resultsContent);
+        if (resultsSha256 !== manifest.evidence.resultsSha256) {
+            console.error('❌ Evidence verification failed: results tampered');
+            return false;
+        }
+        console.log('✓ Evidence pack verified successfully');
+        return true;
+    }
+    catch (err) {
+        console.error(`❌ Evidence verification failed: ${err.message}`);
+        return false;
+    }
+}
+//# sourceMappingURL=evidence.js.map

package/dist/commands/evidence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.js","sourceRoot":"","sources":["../../src/commands/evidence.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;AAiHH,4CAwFC;AAED,wCAkCC;AA3OD,oDAA4B;AAC5B,2BAA+F;AAC/F,+BAAsC;AACtC,iDAAyC;AAmCzC,SAAS,UAAU;IACjB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAC1C,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,WAAmB;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,iCAAiC,EAAE,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1G,IAAI,MAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,GAAG,IAAA,wBAAQ,EAAC,2BAA2B,EAAE,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChG,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CAAC,OAAe;IAC7B,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,gBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,SAAS,YAAY,CAAC,WAAmB,EAAE,aAAuB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC;IAChH,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,SAAS,OAAO,CAAC,GAAW;QAC1B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAA,gBAAW,EAAC,GAAG,CAAC,CAAC;YAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,MAAM;oBAAE,SAAS;gBACpG,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBACjC,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC;oBAChC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;wBACvB,OAAO,CAAC,QAAQ,CAAC,CAAC;oBACpB,CAAC;yBAAM,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;wBACtD,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,QAAQ,CAAC,CAAC;wBACvC,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;wBACvE,MAAM,OAAO,GAAG,IAAA,eAAQ,EAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;wBACpE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,OAAO,EAAE,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,CAAC,WAAW,CAAC,CAAC;IACrB,MAAM,CAAC,IAAI,EAAE,CAAC;IACd,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,KAAa;IACjD,8CAA8C;IAC9C,mEAAmE;IACnE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,aAAa,KAAK,EAAE,CAAC;IACtE,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxE,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,QAAgB,EAChB,OAAY,EACZ,WAAmB;IAEnB,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,WAAW,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;IAEhE,IAAI,CAAC,IAAA,eAAU,EAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,IAAA,cAAS,EAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,IAAA,WAAI,EAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IACxC,IAAA,cAAS,EAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEvC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,uBAAuB;IACvB,MAAM,aAAa,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACjD,IAAA,kBAAa,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACzC,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;IAE3C,gBAAgB;IAChB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACjD,IAAA,kBAAa,EAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IACxC,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAE1C,6CAA6C;IAC7C,MAAM,KAAK,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;SACtC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,SAAS,CAAC;SACrE,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEhB,iBAAiB;IACjB,MAAM,QAAQ,GAAqB;QACjC,aAAa,EAAE,uBAAuB;QACtC,KAAK;QACL,IAAI,EAAE;YACJ,IAAI,EAAE,eAAe;YACrB,OAAO;SACR;QACD,OAAO,EAAE;YACP,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,SAAS,EAAE,OAAO,CAAC,MAAM;YACzB,SAAS,EAAE,OAAO,CAAC,MAAM;SAC1B;QACD,IAAI,EAAE;YACJ,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,SAAS;YACpB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,CAAC;YACvC,aAAa,EAAE,OAAO,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;SAC7C;QACD,QAAQ,EAAE;YACR,YAAY;YACZ,aAAa;SACd;QACD,WAAW,EAAE;YACX,SAAS,EAAE,aAAa;YACxB,KAAK;SACN;KACF,CAAC;IAEF,oBAAoB;IACpB,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,WAAW,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACtD,QAAQ,CAAC,WAAW,CAAC,SAAS,GAAG,SAAS,CAAC;IAE3C,sCAAsC;IACtC,MAAM,YAAY,GAAG,IAAA,WAAI,EAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACnD,IAAA,kBAAa,EAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAE/D,+BAA+B;IAC/B,MAAM,eAAe,GAAG,IAAA,WAAI,EAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IACxD,IAAA,kBAAa,EAAC,eAAe,EAAE,SAAS,CAAC,CAAC;IAE1C,OAAO,CAAC,GAAG,CAAC,mCAAmC,MAAM,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,sBAAsB,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,mBAAmB,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC;IAE9D,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,YAAoB;IACvD,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAA,WAAI,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QACzD,MAAM,eAAe,GAAG,IAAA,iBAAY,EAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAqB,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAE/D,oCAAoC;QACpC,MAAM,eAAe,GAAG,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC;QACvD,OAAO,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC;QAEtC,sBAAsB;QACtB,MAAM,iBAAiB,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAErG,IAAI,eAAe,KAAK,iBAAiB,EAAE,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACpE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,sBAAsB;QACtB,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QACvD,MAAM,cAAc,GAAG,IAAA,iBAAY,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC;QAE7C,IAAI,aAAa,KAAK,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,mCAAmC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAChE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/commands/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI Commands Module
+ * Re-exports all command registration functions
+ */
+export { registerScanSecretsCommand } from './scan-secrets';
+export { registerScanVulnerabilitiesCommand } from './scan-vulnerabilities';
+export { generateEvidence, verifyEvidence } from './evidence';
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,kCAAkC,EAAE,MAAM,wBAAwB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC"}

package/dist/commands/index.js

@@ -0,0 +1,15 @@
+"use strict";
+/**
+ * CLI Commands Module
+ * Re-exports all command registration functions
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyEvidence = exports.generateEvidence = exports.registerScanVulnerabilitiesCommand = exports.registerScanSecretsCommand = void 0;
+var scan_secrets_1 = require("./scan-secrets");
+Object.defineProperty(exports, "registerScanSecretsCommand", { enumerable: true, get: function () { return scan_secrets_1.registerScanSecretsCommand; } });
+var scan_vulnerabilities_1 = require("./scan-vulnerabilities");
+Object.defineProperty(exports, "registerScanVulnerabilitiesCommand", { enumerable: true, get: function () { return scan_vulnerabilities_1.registerScanVulnerabilitiesCommand; } });
+var evidence_1 = require("./evidence");
+Object.defineProperty(exports, "generateEvidence", { enumerable: true, get: function () { return evidence_1.generateEvidence; } });
+Object.defineProperty(exports, "verifyEvidence", { enumerable: true, get: function () { return evidence_1.verifyEvidence; } });
+//# sourceMappingURL=index.js.map

package/dist/commands/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,+CAA4D;AAAnD,0HAAA,0BAA0B,OAAA;AACnC,+DAA4E;AAAnE,0IAAA,kCAAkC,OAAA;AAC3C,uCAA8D;AAArD,4GAAA,gBAAgB,OAAA;AAAE,0GAAA,cAAc,OAAA"}

package/dist/commands/scan-secrets.d.ts

@@ -0,0 +1,47 @@
+/**
+ * scan:secrets command
+ * Enterprise-grade secret detection with SecretsGuardian
+ */
+import { Command } from 'commander';
+export interface ScanSecretsOptions {
+    path: string;
+    format: 'table' | 'json' | 'sarif';
+    output?: string;
+    excludeTests: boolean;
+    minConfidence?: number;
+    failOnDetection: boolean;
+    evidence: boolean;
+    history?: boolean;
+    historyDepth?: number;
+    noCustomPatterns?: boolean;
+    noAllowlist?: boolean;
+    noContextualRisk?: boolean;
+}
+export interface SecretFinding {
+    type: string;
+    file: string;
+    line: number;
+    risk: string;
+    confidence: number;
+    entropy: number;
+    match: string;
+    isTest: boolean;
+    recommendation: any;
+}
+export interface ScanSecretsResult {
+    projectPath: string;
+    scanType: string;
+    filesScanned: number;
+    patterns: string[];
+    findings: SecretFinding[];
+    summary: {
+        total: number;
+        highEntropy: number;
+        lowEntropy: number;
+        byRisk: Record<string, number>;
+    };
+}
+export declare function scanSecrets(projectPath: string, options: ScanSecretsOptions): Promise<ScanSecretsResult>;
+export declare function outputSecretsResults(results: ScanSecretsResult, options: ScanSecretsOptions): void;
+export declare function registerScanSecretsCommand(program: Command, requireAuth: () => any, printLogo: () => void): void;
+//# sourceMappingURL=scan-secrets.d.ts.map

package/dist/commands/scan-secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-secrets.d.ts","sourceRoot":"","sources":["../../src/commands/scan-secrets.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoBpC,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,OAAO,CAAC;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;IAChB,cAAc,EAAE,GAAG,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAChC,CAAC;CACH;AAED,wBAAsB,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAyG9G;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,kBAAkB,GAAG,IAAI,CAsClG;AAED,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,GAAG,EAAE,SAAS,EAAE,MAAM,IAAI,GAAG,IAAI,CAgFhH"}