guardrail-ship 1.0.0

package/dist/reality-mode/report-generator.js

@@ -0,0 +1,233 @@
+export class ReportGenerator {
+    generateHtml(result) {
+        let verdictDisplay = "GO";
+        let verdictColor = "#10b981"; // Green
+        let verdictIcon = "✅";
+        if (result.verdict === "fake") {
+            verdictDisplay = "NO-GO";
+            verdictColor = "#ef4444"; // Red
+            verdictIcon = "🛑";
+        }
+        else if (result.verdict === "suspicious") {
+            verdictDisplay = "WARN";
+            verdictColor = "#f59e0b"; // Amber
+            verdictIcon = "⚠️";
+        }
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Reality Mode Report</title>
+  <style>
+    body { font-family: -apple-system, system-ui, sans-serif; margin: 0; padding: 0; background: #f9fafb; color: #1f2937; }
+    .container { max-width: 1000px; margin: 0 auto; padding: 2rem; }
+    .header { background: white; padding: 2rem; border-radius: 0.5rem; box-shadow: 0 1px 3px rgba(0,0,0,0.1); margin-bottom: 2rem; }
+    .verdict { font-size: 2.5rem; font-weight: 800; color: ${verdictColor}; display: flex; align-items: center; gap: 0.75rem; letter-spacing: -0.025em; }
+    .score-badge { background: ${verdictColor}; color: white; padding: 0.25rem 0.75rem; border-radius: 9999px; font-size: 1rem; font-weight: bold; }
+    .section { background: white; padding: 1.5rem; border-radius: 0.5rem; box-shadow: 0 1px 3px rgba(0,0,0,0.1); margin-bottom: 1.5rem; }
+    .section-title { font-size: 1.25rem; font-weight: bold; margin-bottom: 1rem; border-bottom: 1px solid #e5e7eb; padding-bottom: 0.5rem; }
+    .detection { border: 1px solid #e5e7eb; border-radius: 0.375rem; padding: 1rem; margin-bottom: 1rem; border-left: 4px solid #ef4444; }
+    .detection.warning { border-left-color: #f59e0b; }
+    .detection-title { font-weight: bold; display: flex; justify-content: space-between; align-items: center; }
+    .evidence { background: #f3f4f6; padding: 0.75rem; border-radius: 0.25rem; margin-top: 0.5rem; font-family: monospace; font-size: 0.875rem; overflow-x: auto; }
+    .summary-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem; }
+    .summary-item { background: #f3f4f6; padding: 1rem; border-radius: 0.375rem; text-align: center; }
+    .summary-value { font-size: 1.5rem; font-weight: bold; }
+    .summary-label { color: #6b7280; font-size: 0.875rem; }
+    .replay-step { border-left: 2px solid #d1d5db; padding-left: 1rem; margin-bottom: 1rem; position: relative; }
+    .replay-step::before { content: ''; position: absolute; left: -5px; top: 0; width: 8px; height: 8px; border-radius: 50%; background: #9ca3af; }
+    .replay-step.request::before { background: #3b82f6; }
+    .replay-step.action::before { background: #10b981; }
+    .replay-step.detection::before { background: #ef4444; }
+    .timestamp { color: #9ca3af; font-size: 0.75rem; }
+    .failure-chip { display: inline-flex; align-items: center; background: #fee2e2; color: #991b1b; padding: 0.125rem 0.5rem; border-radius: 0.25rem; font-size: 0.75rem; font-weight: bold; margin-right: 0.5rem; text-transform: uppercase; letter-spacing: 0.05em; }
+    .failure-chip.auth { background: #fef3c7; color: #92400e; } /* Amber for Auth */
+    .failure-chip.schema { background: #e0e7ff; color: #1e40af; } /* Blue for Schema */
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="header">
+      <div style="display: flex; justify-content: space-between; align-items: center;">
+        <div>
+          <h1 style="margin: 0 0 0.5rem 0; font-size: 1rem; color: #6b7280; text-transform: uppercase;">Reality Check</h1>
+          <div class="verdict">${verdictIcon} ${verdictDisplay}</div>
+        </div>
+        <div class="score-badge">Score: ${result.score}/100</div>
+      </div>
+      <p style="margin-top: 1rem; color: #6b7280;">Generated: ${result.timestamp}</p>
+    </div>
+
+    <div class="section">
+      <h2 class="section-title">Summary</h2>
+      <div class="summary-grid">
+        <div class="summary-item">
+          <div class="summary-value">${result.summary.totalRequests}</div>
+          <div class="summary-label">Total Requests</div>
+        </div>
+        <div class="summary-item">
+          <div class="summary-value">${result.summary.fakeRequests}</div>
+          <div class="summary-label">Fake/Mock Requests</div>
+        </div>
+        <div class="summary-item">
+          <div class="summary-value">${result.summary.criticalIssues}</div>
+          <div class="summary-label">Critical Issues</div>
+        </div>
+        <div class="summary-item">
+          <div class="summary-value">${result.summary.warnings}</div>
+          <div class="summary-label">Warnings</div>
+        </div>
+      </div>
+    </div>
+
+    ${this.renderDetections(result)}
+    ${this.renderFakeSuccess(result)}
+    ${this.renderTrafficAnalysis(result)}
+    ${this.renderAuthViolations(result)}
+
+    <div class="section">
+      <h2 class="section-title">Flight Recorder Replay</h2>
+      <div class="replay-log">
+        ${result.replay.map((step) => this.renderReplayStep(step)).join("")}
+      </div>
+    </div>
+  </div>
+</body>
+</html>`;
+    }
+    getBrandedChip(text) {
+        const t = text.toLowerCase();
+        if (t.includes("mock backend"))
+            return '<span class="failure-chip">MOCK BACKEND</span>';
+        if (t.includes("fake success"))
+            return '<span class="failure-chip">FAKE SUCCESS</span>';
+        if (t.includes("no-wire"))
+            return '<span class="failure-chip">NO-WIRE UI</span>';
+        if (t.includes("auth mirage"))
+            return '<span class="failure-chip auth">AUTH MIRAGE</span>';
+        if (t.includes("schema drift") || t.includes("missing wiring"))
+            return '<span class="failure-chip schema">SCHEMA DRIFT</span>';
+        return "";
+    }
+    renderDetections(result) {
+        if (result.detections.length === 0)
+            return "";
+        return `
+    <div class="section">
+      <h2 class="section-title">Issues Detected</h2>
+      ${result.detections
+            .map((d) => `
+        <div class="detection ${d.pattern.severity === "warning" ? "warning" : ""}">
+          <div class="detection-title">
+            <span>${this.getBrandedChip(d.pattern.name)} ${d.pattern.name}</span>
+            <span style="font-size: 0.75rem; text-transform: uppercase; color: #6b7280;">${d.pattern.severity}</span>
+          </div>
+          <p>${d.pattern.description}</p>
+          <div class="evidence">
+            ${d.evidence}<br>
+            ${d.request ? `URL: ${d.request.url}` : ""}
+            ${d.response ? `URL: ${d.response.url}` : ""}
+          </div>
+        </div>
+      `)
+            .join("")}
+    </div>`;
+    }
+    renderFakeSuccess(result) {
+        const fakes = result.fakeSuccessAnalysis?.filter((f) => f.isFake) || [];
+        if (fakes.length === 0)
+            return "";
+        return `
+    <div class="section">
+      <h2 class="section-title">🚨 Fake Success Detected</h2>
+      <p style="color: #ef4444; margin-bottom: 1rem;">Actions appeared to succeed but triggered no backend persistence.</p>
+      ${fakes
+            .map((f) => `
+        <div class="detection">
+          <div class="detection-title"><span class="failure-chip">FAKE SUCCESS</span> Action Failed Persistence</div>
+          <div class="evidence">${f.evidence.join("<br>")}</div>
+        </div>
+      `)
+            .join("")}
+    </div>`;
+    }
+    renderTrafficAnalysis(result) {
+        const red = result.trafficAnalysis?.filter((t) => t.verdict === "red") || [];
+        const yellow = result.trafficAnalysis?.filter((t) => t.verdict === "yellow") || [];
+        const issues = [...red, ...yellow];
+        if (issues.length === 0)
+            return "";
+        return `
+    <div class="section">
+      <h2 class="section-title">Traffic Analysis Issues</h2>
+      ${issues
+            .map((t) => `
+        <div class="detection ${t.verdict === "yellow" ? "warning" : ""}">
+          <div class="detection-title">
+            <span>${this.getBrandedChip(t.reasons.join(" "))} Traffic Analysis: ${t.verdict.toUpperCase()}</span>
+          </div>
+          <div class="evidence">${t.reasons.join("<br>")}</div>
+        </div>
+      `)
+            .join("")}
+    </div>`;
+    }
+    renderAuthViolations(result) {
+        if (!result.authViolations || result.authViolations.length === 0)
+            return "";
+        return `
+    <div class="section">
+      <h2 class="section-title">🔐 Auth Violations</h2>
+      ${result.authViolations
+            .map((v) => `
+        <div class="detection">
+          <div class="detection-title">
+            <span><span class="failure-chip auth">AUTH MIRAGE</span> ${v.type}</span>
+          </div>
+          <div class="evidence">
+            Route: ${v.route}<br>
+            Status: ${v.status} (Expected 401/403/Redirect)
+          </div>
+        </div>
+      `)
+            .join("")}
+    </div>`;
+    }
+    renderReplayStep(step) {
+        let content = "";
+        let className = "replay-step";
+        if (step.type === "request") {
+            className += " request";
+            content = `<strong>Request:</strong> ${step.data.method} ${step.data.url}`;
+        }
+        else if (step.type === "response") {
+            className += " request"; // group with request visually
+            content = `<strong>Response:</strong> ${step.data.status} ${step.data.url}`;
+        }
+        else if (step.type === "action") {
+            className += " action";
+            content = `<strong>Action:</strong> ${step.data.type} ${step.data.selector || step.data.url}`;
+        }
+        else if (step.type === "console") {
+            className += " console";
+            const isError = step.data.type === "error";
+            const color = isError ? "#ef4444" : "#6b7280";
+            content = `<strong style="color: ${color}">Console ${step.data.type}:</strong> <span style="font-family: monospace">${step.data.text}</span>`;
+        }
+        if (step.detections && step.detections.length > 0) {
+            className += " detection";
+            content += `<div style="color: #ef4444; font-size: 0.875rem; margin-top: 0.25rem;">⚠️ Issue detected here</div>`;
+        }
+        if (step.screenshot) {
+            content += `<div style="margin-top: 0.5rem;"><img src="./${step.screenshot}" style="max-width: 100%; border: 1px solid #ddd; border-radius: 4px; max-height: 300px; cursor: pointer;" onclick="this.style.maxHeight='none'" loading="lazy" alt="Step Screenshot"></div>`;
+        }
+        return `
+      <div class="${className}">
+        <div class="timestamp">${(new Date(step.timestamp || 0).toISOString().split("T")[1] || "").slice(0, -1)}</div>
+        <div>${content}</div>
+      </div>
+    `;
+    }
+}
+//# sourceMappingURL=report-generator.js.map

package/dist/reality-mode/report-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-generator.js","sourceRoot":"","sources":["../../src/reality-mode/report-generator.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,eAAe;IAC1B,YAAY,CAAC,MAAyB;QACpC,IAAI,cAAc,GAAG,IAAI,CAAC;QAC1B,IAAI,YAAY,GAAG,SAAS,CAAC,CAAC,QAAQ;QACtC,IAAI,WAAW,GAAG,GAAG,CAAC;QAEtB,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,cAAc,GAAG,OAAO,CAAC;YACzB,YAAY,GAAG,SAAS,CAAC,CAAC,MAAM;YAChC,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;aAAM,IAAI,MAAM,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YAC3C,cAAc,GAAG,MAAM,CAAC;YACxB,YAAY,GAAG,SAAS,CAAC,CAAC,QAAQ;YAClC,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,OAAO;;;;;;;;;;6DAUkD,YAAY;iCACxC,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCA4BZ,WAAW,IAAI,cAAc;;0CAEpB,MAAM,CAAC,KAAK;;gEAEU,MAAM,CAAC,SAAS;;;;;;;uCAOzC,MAAM,CAAC,OAAO,CAAC,aAAa;;;;uCAI5B,MAAM,CAAC,OAAO,CAAC,YAAY;;;;uCAI3B,MAAM,CAAC,OAAO,CAAC,cAAc;;;;uCAI7B,MAAM,CAAC,OAAO,CAAC,QAAQ;;;;;;MAMxD,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;MAC7B,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;MAC9B,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC;MAClC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC;;;;;UAK7B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;;;;;QAKnE,CAAC;IACP,CAAC;IAEO,cAAc,CAAC,IAAY;QACjC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAC7B,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;YAC5B,OAAO,gDAAgD,CAAC;QAC1D,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;YAC5B,OAAO,gDAAgD,CAAC;QAC1D,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;YACvB,OAAO,8CAA8C,CAAC;QACxD,IAAI,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YAC3B,OAAO,oDAAoD,CAAC;QAC9D,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAC5D,OAAO,uDAAuD,CAAC;QACjE,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,gBAAgB,CAAC,MAAyB;QAChD,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAE9C,OAAO;;;QAGH,MAAM,CAAC,UAAU;aAChB,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CAAC;gCACe,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;;oBAE7D,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI;2FACkB,CAAC,CAAC,OAAO,CAAC,QAAQ;;eAE9F,CAAC,CAAC,OAAO,CAAC,WAAW;;cAEtB,CAAC,CAAC,QAAQ;cACV,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE;cACxC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE;;;OAGjD,CACE;aACA,IAAI,CAAC,EAAE,CAAC;WACN,CAAC;IACV,CAAC;IAEO,iBAAiB,CAAC,MAAyB;QACjD,MAAM,KAAK,GAAG,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACxE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAElC,OAAO;;;;QAIH,KAAK;aACJ,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CAAC;;;kCAGiB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;;OAElD,CACE;aACA,IAAI,CAAC,EAAE,CAAC;WACN,CAAC;IACV,CAAC;IAEO,qBAAqB,CAAC,MAAyB;QACrD,MAAM,GAAG,GACP,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC;QACnE,MAAM,MAAM,GACV,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtE,MAAM,MAAM,GAAG,CAAC,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC;QAEnC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEnC,OAAO;;;QAGH,MAAM;aACL,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CAAC;gCACe,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;;oBAEnD,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,sBAAsB,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE;;kCAEvE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;;OAEjD,CACE;aACA,IAAI,CAAC,EAAE,CAAC;WACN,CAAC;IACV,CAAC;IAEO,oBAAoB,CAAC,MAAyB;QACpD,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAE5E,OAAO;;;QAGH,MAAM,CAAC,cAAc;aACpB,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CAAC;;;uEAGsD,CAAC,CAAC,IAAI;;;qBAGxD,CAAC,CAAC,KAAK;sBACN,CAAC,CAAC,MAAM;;;OAGvB,CACE;aACA,IAAI,CAAC,EAAE,CAAC;WACN,CAAC;IACV,CAAC;IAEO,gBAAgB,CAAC,IAAS;QAChC,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,SAAS,GAAG,aAAa,CAAC;QAE9B,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,SAAS,IAAI,UAAU,CAAC;YACxB,OAAO,GAAG,6BAA6B,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7E,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACpC,SAAS,IAAI,UAAU,CAAC,CAAC,8BAA8B;YACvD,OAAO,GAAG,8BAA8B,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9E,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClC,SAAS,IAAI,SAAS,CAAC;YACvB,OAAO,GAAG,4BAA4B,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAChG,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,SAAS,IAAI,UAAU,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC;YAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9C,OAAO,GAAG,yBAAyB,KAAK,aAAa,IAAI,CAAC,IAAI,CAAC,IAAI,mDAAmD,IAAI,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;QAChJ,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,SAAS,IAAI,YAAY,CAAC;YAC1B,OAAO,IAAI,qGAAqG,CAAC;QACnH,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,IAAI,gDAAgD,IAAI,CAAC,UAAU,8LAA8L,CAAC;QAC3Q,CAAC;QAED,OAAO;oBACS,SAAS;iCACI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;eAChG,OAAO;;KAEjB,CAAC;IACJ,CAAC;CACF"}

package/dist/reality-mode/traffic-classifier.d.ts

@@ -0,0 +1,14 @@
+import { InterceptedRequest, InterceptedResponse, FakePattern, TrafficClassification } from "./types";
+export declare class TrafficClassifier {
+    private fakePatterns;
+    constructor(patterns: FakePattern[]);
+    /**
+     * Classify a single network interaction (request + response)
+     */
+    classify(request: InterceptedRequest, response?: InterceptedResponse): TrafficClassification;
+    /**
+     * Analyze consistency across multiple runs (stateful check)
+     */
+    classifyConsistency(currentResponse: InterceptedResponse, previousResponse?: InterceptedResponse): TrafficClassification;
+}
+//# sourceMappingURL=traffic-classifier.d.ts.map

package/dist/reality-mode/traffic-classifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"traffic-classifier.d.ts","sourceRoot":"","sources":["../../src/reality-mode/traffic-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,EACX,qBAAqB,EAEtB,MAAM,SAAS,CAAC;AAEjB,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,YAAY,CAAgB;gBAExB,QAAQ,EAAE,WAAW,EAAE;IAInC;;OAEG;IACH,QAAQ,CACN,OAAO,EAAE,kBAAkB,EAC3B,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,qBAAqB;IA6GxB;;OAEG;IACH,mBAAmB,CACjB,eAAe,EAAE,mBAAmB,EACpC,gBAAgB,CAAC,EAAE,mBAAmB,GACrC,qBAAqB;CAgCzB"}

package/dist/reality-mode/traffic-classifier.js

@@ -0,0 +1,131 @@
+export class TrafficClassifier {
+    fakePatterns;
+    constructor(patterns) {
+        this.fakePatterns = patterns;
+    }
+    /**
+     * Classify a single network interaction (request + response)
+     */
+    classify(request, response) {
+        const reasons = [];
+        let score = 100;
+        let verdict = "green";
+        // 1. Check for Red Flags (Fake Patterns)
+        for (const pattern of this.fakePatterns) {
+            if (pattern.detect(request)) {
+                score -= pattern.severity === "critical" ? 100 : 20;
+                reasons.push(`Mock Backend: Request matches ${pattern.name} (${pattern.description})`);
+            }
+            if (response && pattern.detect(response)) {
+                score -= pattern.severity === "critical" ? 100 : 20;
+                reasons.push(`Mock Backend: Response matches ${pattern.name} (${pattern.description})`);
+            }
+        }
+        if (score <= 50) {
+            return { verdict: "red", reasons, score: Math.max(0, score) };
+        }
+        // 2. Check for Yellow Flags (Suspicious)
+        // Suspicious: API returns "success" but no data
+        if (response && response.body) {
+            try {
+                const body = JSON.parse(response.body);
+                if (body.success === true &&
+                    !body.data &&
+                    Object.keys(body).length <= 2) {
+                    score -= 10;
+                    reasons.push("Potential No-Wire UI: API returns generic success with no data");
+                }
+            }
+            catch (e) {
+                // Ignore parsing errors
+            }
+        }
+        // Suspicious: URL looks like a dev/staging environment but we are running in "production" mode?
+        // (Assuming we are looking for production credibility)
+        if (request.url.includes("localhost") ||
+            request.url.includes("127.0.0.1")) {
+            // If we are testing local, this is fine. If testing prod, it's red.
+            // Context matters. For now, let's treat localhost as "yellow" unless explicitly allowed.
+            // Actually, reality-scanner treats localhost as a fake pattern (critical) in default patterns.
+            // So it's already caught above.
+        }
+        // Suspicious: Non-standard status codes
+        if (response && response.status >= 400) {
+            // 404/500 on API endpoints -> Red flag (Missing Wiring)
+            if (response.url.includes("/api/") ||
+                response.url.includes("/graphql") ||
+                response.url.includes("/trpc")) {
+                score -= 40;
+                reasons.push(`Missing Wiring: API Error ${response.status} on ${response.url}`);
+                if (response.status === 404)
+                    verdict = "red";
+            }
+            else if (response.status === 418 || response.status === 999) {
+                score -= 30;
+                reasons.push(`Mock Backend: Suspicious HTTP status code ${response.status}`);
+            }
+            else {
+                // Other errors (e.g. 401/403 are handled by AuthEnforcer, but still suspicious if unintended)
+                score -= 10;
+                reasons.push(`Schema Drift: HTTP Error ${response.status}`);
+            }
+        }
+        // 3. Green Signals (Real Data)
+        if (response && response.body) {
+            // IDs looking like UUIDs or MongoDB IDs or integer sequences
+            if (/"id":\s*["'][a-f0-9-]{36}["']/i.test(response.body)) {
+                // UUID found - likely real
+                // Boost score slightly if it was lowered by minor things
+                if (score < 100)
+                    score += 5;
+            }
+            if (/"created_at":\s*["']\d{4}-\d{2}-\d{2}/i.test(response.body)) {
+                // ISO Date found
+                if (score < 100)
+                    score += 5;
+            }
+        }
+        // Final Verdict
+        if (score < 60)
+            verdict = "red";
+        else if (score < 90)
+            verdict = "yellow";
+        else
+            verdict = "green";
+        return {
+            verdict,
+            reasons,
+            score: Math.min(100, Math.max(0, score)),
+        };
+    }
+    /**
+     * Analyze consistency across multiple runs (stateful check)
+     */
+    classifyConsistency(currentResponse, previousResponse) {
+        if (!previousResponse) {
+            return { verdict: "green", reasons: ["First run"], score: 100 };
+        }
+        // Exact body match is suspicious for dynamic data (timestamps, nonces)
+        if (currentResponse.body &&
+            currentResponse.body === previousResponse.body) {
+            // Check if the body looks like it SHOULD have dynamic data
+            if (currentResponse.body.includes("timestamp") ||
+                currentResponse.body.includes("created_at") ||
+                currentResponse.body.includes("nonce")) {
+                return {
+                    verdict: "yellow",
+                    reasons: [
+                        "Response body identical across runs despite containing timestamps",
+                    ],
+                    score: 70,
+                };
+            }
+        }
+        return {
+            verdict: "green",
+            reasons: ["Data varies or is static static-content"],
+            score: 100,
+        };
+    }
+}
+//# sourceMappingURL=traffic-classifier.js.map

package/dist/reality-mode/traffic-classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"traffic-classifier.js","sourceRoot":"","sources":["../../src/reality-mode/traffic-classifier.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,iBAAiB;IACpB,YAAY,CAAgB;IAEpC,YAAY,QAAuB;QACjC,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,QAAQ,CACN,OAA2B,EAC3B,QAA8B;QAE9B,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,KAAK,GAAG,GAAG,CAAC;QAChB,IAAI,OAAO,GAAmB,OAAO,CAAC;QAEtC,yCAAyC;QACzC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,KAAK,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpD,OAAO,CAAC,IAAI,CACV,iCAAiC,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,GAAG,CACzE,CAAC;YACJ,CAAC;YACD,IAAI,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzC,KAAK,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpD,OAAO,CAAC,IAAI,CACV,kCAAkC,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,GAAG,CAC1E,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YAChB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;QAChE,CAAC;QAED,yCAAyC;QAEzC,gDAAgD;QAChD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACvC,IACE,IAAI,CAAC,OAAO,KAAK,IAAI;oBACrB,CAAC,IAAI,CAAC,IAAI;oBACV,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,EAC7B,CAAC;oBACD,KAAK,IAAI,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,CACV,gEAAgE,CACjE,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,wBAAwB;YAC1B,CAAC;QACH,CAAC;QAED,gGAAgG;QAChG,uDAAuD;QACvD,IACE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EACjC,CAAC;YACD,oEAAoE;YACpE,yFAAyF;YACzF,+FAA+F;YAC/F,gCAAgC;QAClC,CAAC;QAED,wCAAwC;QACxC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YACvC,wDAAwD;YACxD,IACE,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC9B,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACjC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC9B,CAAC;gBACD,KAAK,IAAI,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CACV,6BAA6B,QAAQ,CAAC,MAAM,OAAO,QAAQ,CAAC,GAAG,EAAE,CAClE,CAAC;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;oBAAE,OAAO,GAAG,KAAK,CAAC;YAC/C,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC9D,KAAK,IAAI,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CACV,6CAA6C,QAAQ,CAAC,MAAM,EAAE,CAC/D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,8FAA8F;gBAC9F,KAAK,IAAI,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,4BAA4B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC9B,6DAA6D;YAC7D,IAAI,gCAAgC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,2BAA2B;gBAC3B,yDAAyD;gBACzD,IAAI,KAAK,GAAG,GAAG;oBAAE,KAAK,IAAI,CAAC,CAAC;YAC9B,CAAC;YACD,IAAI,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjE,iBAAiB;gBACjB,IAAI,KAAK,GAAG,GAAG;oBAAE,KAAK,IAAI,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,GAAG,EAAE;YAAE,OAAO,GAAG,KAAK,CAAC;aAC3B,IAAI,KAAK,GAAG,EAAE;YAAE,OAAO,GAAG,QAAQ,CAAC;;YACnC,OAAO,GAAG,OAAO,CAAC;QAEvB,OAAO;YACL,OAAO;YACP,OAAO;YACP,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;SACzC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CACjB,eAAoC,EACpC,gBAAsC;QAEtC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QAClE,CAAC;QAED,uEAAuE;QACvE,IACE,eAAe,CAAC,IAAI;YACpB,eAAe,CAAC,IAAI,KAAK,gBAAgB,CAAC,IAAI,EAC9C,CAAC;YACD,2DAA2D;YAC3D,IACE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC1C,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtC,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE,QAAQ;oBACjB,OAAO,EAAE;wBACP,mEAAmE;qBACpE;oBACD,KAAK,EAAE,EAAE;iBACV,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,CAAC,yCAAyC,CAAC;YACpD,KAAK,EAAE,GAAG;SACX,CAAC;IACJ,CAAC;CACF"}

package/dist/reality-mode/types.d.ts

@@ -0,0 +1,90 @@
+export interface FakePattern {
+    id: string;
+    name: string;
+    description: string;
+    severity: "critical" | "warning" | "info";
+    detect: (request: InterceptedRequest | InterceptedResponse) => boolean;
+}
+export interface InterceptedRequest {
+    type: "request";
+    url: string;
+    method: string;
+    headers: Record<string, string>;
+    body?: string;
+    timestamp: number;
+}
+export interface InterceptedResponse {
+    type: "response";
+    url: string;
+    status: number;
+    headers: Record<string, string>;
+    body?: string;
+    timestamp: number;
+}
+export interface UserAction {
+    type: "click" | "input" | "navigation" | "scroll";
+    selector?: string;
+    value?: string;
+    url?: string;
+    timestamp: number;
+    screenshot?: string;
+}
+export interface FakeDetection {
+    pattern: FakePattern;
+    request?: InterceptedRequest;
+    response?: InterceptedResponse;
+    action?: UserAction;
+    timestamp: number;
+    evidence: string;
+}
+export interface ReplayStep {
+    timestamp: number;
+    type: "request" | "response" | "action";
+    data: any;
+    detections: FakeDetection[];
+    screenshot?: string;
+}
+export type TrafficVerdict = "green" | "yellow" | "red";
+export interface TrafficClassification {
+    verdict: TrafficVerdict;
+    reasons: string[];
+    score: number;
+}
+export interface FakeSuccessResult {
+    isFake: boolean;
+    score: number;
+    evidence: string[];
+    actionStep?: ReplayStep;
+}
+export interface RealityModeResult {
+    verdict: "real" | "fake" | "suspicious";
+    score: number;
+    detections: FakeDetection[];
+    replay: ReplayStep[];
+    trafficAnalysis: TrafficClassification[];
+    fakeSuccessAnalysis: FakeSuccessResult[];
+    authViolations?: {
+        route: string;
+        status: number;
+        type: string;
+    }[];
+    summary: {
+        totalRequests: number;
+        fakeRequests: number;
+        totalActions: number;
+        criticalIssues: number;
+        warnings: number;
+    };
+    timestamp: string;
+    duration: number;
+}
+export interface RealityModeConfig {
+    baseUrl: string;
+    timeout: number;
+    patterns: FakePattern[];
+    clickPaths: string[][];
+    screenshotOnDetection: boolean;
+    headless: boolean;
+    checkAuth: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/reality-mode/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/reality-mode/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;IAC1C,MAAM,EAAE,CAAC,OAAO,EAAE,kBAAkB,GAAG,mBAAmB,KAAK,OAAO,CAAC;CACxE;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,SAAS,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,GAAG,OAAO,GAAG,YAAY,GAAG,QAAQ,CAAC;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,CAAC;IACrB,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;IACxC,IAAI,EAAE,GAAG,CAAC;IACV,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,QAAQ,GAAG,KAAK,CAAC;AAExD,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,cAAc,CAAC;IACxB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,YAAY,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,eAAe,EAAE,qBAAqB,EAAE,CAAC;IACzC,mBAAmB,EAAE,iBAAiB,EAAE,CAAC;IACzC,cAAc,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACnE,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,UAAU,EAAE,MAAM,EAAE,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;CACpB"}

package/dist/reality-mode/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/reality-mode/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/reality-mode/types.ts"],"names":[],"mappings":""}

package/dist/ship-badge/__tests__/ship-badge-generator.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for Ship Badge Generator
+ */
+export {};
+//# sourceMappingURL=ship-badge-generator.test.d.ts.map

package/dist/ship-badge/__tests__/ship-badge-generator.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ship-badge-generator.test.d.ts","sourceRoot":"","sources":["../../../src/ship-badge/__tests__/ship-badge-generator.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}