npm - guardvibe - Versions diffs - 1.5.0 → 1.6.0 - Mend

guardvibe 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/build/data/rules/auth.d.ts.map +1 -1
package/build/data/rules/auth.js +1 -0
package/build/data/rules/auth.js.map +1 -1
package/build/data/rules/firebase.d.ts.map +1 -1
package/build/data/rules/firebase.js +1 -0
package/build/data/rules/firebase.js.map +1 -1
package/build/index.js +43 -1
package/build/index.js.map +1 -1
package/build/tools/check-command.d.ts +13 -0
package/build/tools/check-command.d.ts.map +1 -0
package/build/tools/check-command.js +227 -0
package/build/tools/check-command.js.map +1 -0
package/build/tools/explain-remediation.d.ts +15 -0
package/build/tools/explain-remediation.d.ts.map +1 -0
package/build/tools/explain-remediation.js +103 -0
package/build/tools/explain-remediation.js.map +1 -0
package/build/tools/fix-code.js +143 -51
package/build/tools/fix-code.js.map +1 -1
package/build/tools/repo-posture.d.ts +2 -0
package/build/tools/repo-posture.d.ts.map +1 -0
package/build/tools/repo-posture.js +178 -0
package/build/tools/repo-posture.js.map +1 -0
package/build/tools/review-pr.d.ts.map +1 -1
package/build/tools/review-pr.js +50 -1
package/build/tools/review-pr.js.map +1 -1
package/build/tools/scan-config-change.d.ts +12 -0
package/build/tools/scan-config-change.d.ts.map +1 -0
package/build/tools/scan-config-change.js +88 -0
package/build/tools/scan-config-change.js.map +1 -0
package/package.json +1 -1

package/build/tools/fix-code.js CHANGED Viewed

@@ -55,63 +55,155 @@ function generateFixSuggestions(findings, code) {
  * Generate a concrete patch suggestion for the matched line.
  * Returns a before/after replacement when possible.
  */
+// guardvibe-ignore — patch templates contain intentional examples of vulnerable patterns
 function generatePatch(finding, sourceLine) {
     const { rule } = finding;
-    switch (rule.id) {
-        // Hardcoded credentials -> env var
-        case "VG001":
-        case "VG062": {
-            const match = /(\w+)\s*[:=]\s*['"][^'"]+['"]/.exec(sourceLine);
-            if (match) {
-                const varName = match[1];
-                const envName = varName.replace(/([a-z])([A-Z])/g, "$1_$2").toUpperCase();
-                return `// Before:\n${sourceLine.trim()}\n// After:\nconst ${varName} = process.env.${envName};`;
-            }
-            break;
+    // --- Hardcoded credentials / secrets -> env var ---
+    if (["VG001", "VG062", "VG060", "VG506", "VG514", "VG517", "VG603",
+        "VG621", "VG626", "VG651", "VG665", "VG677"].includes(rule.id)) {
+        const match = /(\w+)\s*[:=]\s*['"][^'"]+['"]/.exec(sourceLine);
+        if (match) {
+            const varName = match[1];
+            const envName = varName.replace(/([a-z])([A-Z])/g, "$1_$2").toUpperCase();
+            return `// Before:\n${sourceLine.trim()}\n// After:\nconst ${varName} = process.env.${envName};`;
         }
-        // innerHTML -> textContent
-        case "VG012":
-        case "VG408": {
-            if (sourceLine.includes("innerHTML")) {
-                return `// Before:\n${sourceLine.trim()}\n// After:\n${sourceLine.trim().replace("innerHTML", "textContent")}`;
-            }
-            if (sourceLine.includes("dangerouslySetInnerHTML")) {
-                return '// Replace dangerouslySetInnerHTML with a sanitizer:\nimport DOMPurify from "dompurify";\n// Use: <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(content) }} />';
-            }
-            break;
-        }
-        // SQL injection -> parameterized
-        case "VG010": {
-            return "// Replace template literal interpolation with parameterized query:\n// Before: query(`SELECT * FROM users WHERE id = ${id}`)\n// After:  query('SELECT * FROM users WHERE id = $1', [id])";
-        }
-        // Missing auth -> add auth check
-        case "VG002":
-        case "VG420":
-        case "VG952": {
-            return '// Add authentication check at the start:\nconst { userId } = await auth();\nif (!userId) return new Response("Unauthorized", { status: 401 });';
-        }
-        // Mass assignment -> explicit fields
-        case "VG953": {
-            return "// Replace spread with explicit field selection:\n// Before: data: { ...req.body }\n// After:  const { field1, field2 } = schema.parse(req.body);\n//         data: { field1, field2 }";
-        }
-        // CORS wildcard -> specific origin
-        case "VG040":
-        case "VG403": {
-            return '// Replace wildcard with specific origin:\n// Before: "Access-Control-Allow-Origin": "*"\n// After:  "Access-Control-Allow-Origin": process.env.ALLOWED_ORIGIN';
-        }
-        // Error leak -> generic message
-        case "VG959": {
-            return '// Replace error details with generic message:\ncatch (error) {\n  console.error("Internal error:", error);\n  return Response.json({ error: "Something went wrong" }, { status: 500 });\n}';
+        return "// Move hardcoded value to environment variable:\nconst value = process.env.SECRET_NAME;";
+    }
+    // --- NEXT_PUBLIC_ secret exposure -> remove prefix ---
+    if (["VG411", "VG604", "VG627", "VG631", "VG655", "VG671", "VG676", "VG755"].includes(rule.id)) {
+        const match = /(NEXT_PUBLIC_)(\w+)/.exec(sourceLine);
+        if (match) {
+            return `// Remove NEXT_PUBLIC_ prefix:\n// Before: ${match[1]}${match[2]}\n// After:  ${match[2]}\n// Access only in Server Components or API routes`;
         }
-        // BOLA -> add ownership check
-        case "VG950":
-        case "VG951": {
-            return "// Add ownership check to the query:\n// Before: where: { id: params.id }\n// After:  where: { id: params.id, userId }";
+        return "// Remove NEXT_PUBLIC_ prefix. Access server-side only.";
+    }
+    // --- Client-side secret exposure -> move to server ---
+    if (["VG400", "VG600", "VG605", "VG607", "VG625", "VG630",
+        "VG670", "VG675"].includes(rule.id)) {
+        return "// Move to server-side:\nexport default async function Page() {\n  const data = await fetchWithSecret(); // server-only\n  return <ClientComponent data={data} />;\n}";
+    }
+    // --- Missing auth check -> add auth ---
+    if (["VG002", "VG010", "VG402", "VG420", "VG952"].includes(rule.id)) {
+        return '// Add auth check:\nconst { userId } = await auth();\nif (!userId) return new Response("Unauthorized", { status: 401 });';
+    }
+    // --- Missing input validation -> add Zod ---
+    if (["VG401", "VG406", "VG960"].includes(rule.id)) {
+        return 'import { z } from "zod";\nconst schema = z.object({ id: z.string().uuid(), name: z.string().min(1) });\nconst data = schema.parse(input);';
+    }
+    // --- SQL injection -> parameterized query ---
+    if (["VG984"].includes(rule.id)) {
+        return "// Use parameterized query:\n// Before: query(`SELECT * FROM t WHERE id = ${id}`)\n// After:  query('SELECT * FROM t WHERE id = $1', [id])";
+    }
+    // --- XSS / innerHTML -> sanitize ---
+    if (["VG012", "VG042", "VG408"].includes(rule.id)) {
+        if (sourceLine.includes("innerHTML")) {
+            return `// Before:\n${sourceLine.trim()}\n// After:\n${sourceLine.trim().replace("innerHTML", "textContent")}`;
         }
-        default:
-            break;
+        return 'import DOMPurify from "dompurify";\nconst clean = DOMPurify.sanitize(userContent);';
+    }
+    // --- CORS wildcard -> specific origin ---
+    if (["VG040", "VG403", "VG500", "VG510"].includes(rule.id)) {
+        return '// Replace wildcard:\n// Before: "Access-Control-Allow-Origin": "*"\n// After:  "Access-Control-Allow-Origin": process.env.ALLOWED_ORIGIN';
+    }
+    // --- Webhook missing signature -> verify ---
+    if (["VG601", "VG606", "VG608", "VG650"].includes(rule.id)) {
+        return "import crypto from 'crypto';\nconst sig = request.headers.get('x-signature');\nconst expected = crypto.createHmac('sha256', process.env.WEBHOOK_SECRET!)\n  .update(body).digest('hex');\nif (sig !== expected) return new Response('Unauthorized', { status: 401 });";
+    }
+    // --- Server Action returns full object -> select ---
+    if (rule.id === "VG412") {
+        return "// Use select:\nprisma.user.findUnique({\n  where: { id },\n  select: { id: true, name: true, email: true },\n});";
+    }
+    // --- Missing security headers ---
+    if (rule.id === "VG405") {
+        return '// next.config.ts headers():\nreturn [{ source: "/(.*)", headers: [\n  { key: "X-Frame-Options", value: "DENY" },\n  { key: "X-Content-Type-Options", value: "nosniff" },\n  { key: "Strict-Transport-Security", value: "max-age=63072000" },\n]}];';
+    }
+    // --- Open redirect -> validate ---
+    if (["VG409", "VG660"].includes(rule.id)) {
+        return 'const ALLOWED = ["example.com"];\nconst url = new URL(target, request.url);\nif (!ALLOWED.includes(url.hostname)) redirect("/");';
+    }
+    // --- Mass assignment ---
+    if (rule.id === "VG953") {
+        return "const { field1, field2 } = schema.parse(req.body);\nawait prisma.item.update({ data: { field1, field2 } });";
+    }
+    // --- Error leak ---
+    if (rule.id === "VG959") {
+        return 'catch (error) {\n  console.error("Internal:", error);\n  return Response.json({ error: "Something went wrong" }, { status: 500 });\n}';
+    }
+    // --- BOLA -> ownership ---
+    if (["VG950", "VG951"].includes(rule.id)) {
+        return "// Add ownership:\n// Before: where: { id: params.id }\n// After:  where: { id: params.id, userId }";
+    }
+    // --- Missing pagination ---
+    if (rule.id === "VG955") {
+        return "const items = await prisma.item.findMany({\n  take: Math.min(Number(limit) || 20, 100),\n  skip: Number(offset) || 0,\n});";
+    }
+    // --- Rate limiting ---
+    if (rule.id === "VG956") {
+        return 'import { Ratelimit } from "@upstash/ratelimit";\nconst rl = new Ratelimit({ redis, limiter: Ratelimit.slidingWindow(10, "60s") });\nconst { success } = await rl.limit(userId);\nif (!success) return new Response("Too many requests", { status: 429 });';
+    }
+    // --- Sensitive op without confirmation ---
+    if (rule.id === "VG958") {
+        return "export async function deleteAccount(confirmToken: string) {\n  const valid = await verifyToken(confirmToken);\n  if (!valid) throw new Error('Invalid confirmation');\n}";
+    }
+    // --- Supabase RLS ---
+    if (["VG440", "VG432"].includes(rule.id)) {
+        return "ALTER TABLE your_table ENABLE ROW LEVEL SECURITY;\nCREATE POLICY \"Users own data\" ON your_table\n  FOR ALL USING (auth.uid() = user_id);";
+    }
+    // --- Supabase service key exposure ---
+    if (rule.id === "VG441") {
+        return "// Client: supabase = createClient(url, NEXT_PUBLIC_SUPABASE_ANON_KEY)\n// Server: supabase = createClient(url, SUPABASE_SERVICE_ROLE_KEY)";
+    }
+    // --- Stripe price client-side ---
+    if (rule.id === "VG602") {
+        return "const session = await stripe.checkout.sessions.create({\n  line_items: [{ price: 'price_xxx', quantity: 1 }],\n});";
+    }
+    // --- Docker ---
+    if (rule.id === "VG515")
+        return "# Use specific capabilities:\ncap_add:\n  - NET_ADMIN";
+    if (rule.id === "VG516")
+        return "# Mount only needed dirs:\nvolumes:\n  - ./data:/app/data";
+    // --- Source maps ---
+    if (["VG512", "VG662"].includes(rule.id))
+        return "// next.config.ts\nproductionBrowserSourceMaps: false,";
+    // --- Wildcard image ---
+    if (rule.id === "VG507")
+        return 'images: { remotePatterns: [{ protocol: "https", hostname: "images.example.com" }] }';
+    // --- AI specific ---
+    if (rule.id === "VG874")
+        return "// Move OpenAI to API route, remove dangerouslyAllowBrowser";
+    if (rule.id === "VG875")
+        return "const result = await generateText({ model, prompt, maxTokens: 1024 });";
+    // --- React Native ---
+    if (rule.id === "VG700")
+        return 'import * as SecureStore from "expo-secure-store";\nawait SecureStore.setItemAsync("authToken", token);';
+    if (rule.id === "VG705")
+        return 'import { fetch } from "react-native-ssl-pinning";\nawait fetch(url, { sslPinning: { certs: ["cert"] } });';
+    if (rule.id === "VG707")
+        return "// Use NSExceptionDomains instead of NSAllowsArbitraryLoads";
+    if (rule.id === "VG709")
+        return 'import * as SecureStore from "expo-secure-store";\nawait SecureStore.setItemAsync("key", value);';
+    // --- CSP unsafe-inline ---
+    if (rule.id === "VG978")
+        return "// Replace 'unsafe-inline' with nonce-based CSP";
+    // --- .env not in gitignore ---
+    if (rule.id === "VG656")
+        return "# .gitignore\n.env\n.env.*\n.env.local\n!.env.example";
+    // --- Cron secret ---
+    if (rule.id === "VG503")
+        return 'const auth = request.headers.get("authorization");\nif (auth !== `Bearer ${process.env.CRON_SECRET}`) return new Response("Unauthorized", { status: 401 });';
+    // --- Cache revalidation ---
+    if (rule.id === "VG410")
+        return 'const { userId } = await auth();\nif (!userId) return new Response("Unauthorized", { status: 401 });\nrevalidateTag("posts");';
+    // --- Middleware bypass ---
+    if (rule.id === "VG404")
+        return 'export const config = { matcher: ["/dashboard/:path*", "/api/:path*"] };';
+    // --- Server data leaked to client ---
+    if (rule.id === "VG407")
+        return "// Keep sensitive data server-side:\nexport default async function Page() {\n  const secret = process.env.SECRET;\n  const safeData = transform(secret);\n  return <Client data={safeData} />;\n}";
+    // --- Fallback: use fixCode from rule ---
+    if (rule.fixCode) {
+        return `// Secure alternative:\n${rule.fixCode}`;
     }
-    // Fallback: no specific patch
     return undefined;
 }
 function formatFixMarkdown(suggestions) {

package/build/tools/fix-code.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"fix-code.js","sourceRoot":"","sources":["../../src/tools/fix-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAc5D;;GAEG;AACH,MAAM,UAAU,OAAO,CACrB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAA8B,MAAM,EACpC,KAAsB;IAEtB,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAE7F,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,8EAA8E,CAAC;IACxF,CAAC;IAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAE3D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,MAAM,EAAE,cAAc;YACtB,KAAK,EAAE,WAAW,CAAC,MAAM;YACzB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,iBAAiB,CAAC,WAAW,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAmB,EAAE,IAAY;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,2BAA2B;QAC3B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEd,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEjD,WAAW,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE;YACvB,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;YAC3B,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;YAC/B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,WAAW;YACrC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;YACrB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO;YAC7B,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhG,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,OAAgB,EAAE,UAAkB;IACzD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzB,~~QAAQ~~,IAAI,CAAC,EAAE,EAAE,~~CAAC;QAChB~~,~~mCAAmC;QACnC~~,~~KAAK~~,OAAO,~~CAAC~~;~~QACb~~,~~KAAK~~,OAAO,CAAC,CAAC,CAAC;~~YACb~~,MAAM,KAAK,GAAG,+BAA+B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;~~YAC~~/D,IAAI,KAAK,EAAE,CAAC;~~gBACV~~,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;~~gBACzB~~,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;~~gBAC1E~~,OAAO,eAAe,UAAU,CAAC,IAAI,EAAE,sBAAsB,OAAO,kBAAkB,OAAO,GAAG,CAAC;~~YACnG~~,CAAC;~~YACD~~,~~MAAM~~;~~QACR~~,CAAC;~~QAED~~,~~2BAA2B~~;~~QAC3B~~,~~KAAK~~,OAAO,CAAC;~~QACb~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;~~gBACrC~~,OAAO,eAAe,UAAU,CAAC,IAAI,EAAE,gBAAgB,UAAU,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;~~YACjH~~,CAAC;~~YACD~~,IAAI,~~UAAU~~,CAAC,QAAQ,CAAC,~~yBAAyB~~,CAAC,EAAE,CAAC;~~gBACnD~~,OAAO,~~6KAA6K~~,CAAC;~~YACvL~~,CAAC;~~YACD~~,~~MAAM~~;~~QACR~~,CAAC;~~QAED~~,~~iCAAiC~~;~~QACjC~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,OAAO,~~4LAA4L~~,CAAC;~~QACtM~~,CAAC;~~QAED~~,~~iCAAiC~~;~~QACjC~~,KAAK,OAAO,CAAC;~~QACb~~,KAAK,OAAO,CAAC;~~QACb~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,OAAO,~~iJAAiJ~~,CAAC;~~QAC3J~~,CAAC;~~QAED~~,~~qCAAqC~~;~~QACrC~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,OAAO,~~wLAAwL~~,CAAC;~~QAClM~~,CAAC;~~QAED~~,mCAAmC;~~QACnC~~,KAAK,OAAO,CAAC;~~QACb~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,OAAO,~~gKAAgK~~,CAAC;~~QAC1K~~,CAAC;~~QAED~~,~~gCAAgC~~;~~QAChC~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,OAAO,~~6LAA6L~~,CAAC;~~QACvM~~,CAAC;~~QAED~~,~~8BAA8B~~;~~QAC9B~~,KAAK,OAAO,CAAC;~~QACb~~,KAAK,OAAO,CAAC,CAAC,CAAC;~~YACb~~,OAAO,~~wHAAwH~~,CAAC;~~QAClI~~,CAAC;~~QAED~~;~~YACE~~,~~MAAM~~;~~IACV~~,CAAC;~~IAED~~,~~8BAA8B~~;~~IAC9B~~,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAA4B;IACrD,MAAM,KAAK,GAAG;QACZ,kCAAkC;QAClC,EAAE;QACF,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,EAAE;QACF,wDAAwD;QACxD,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE1C,KAAK,CAAC,IAAI,CACR,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,MAAM,GAAG,EAC9C,EAAE,EACF,iBAAiB,QAAQ,EAAE,EAC3B,aAAa,CAAC,CAAC,IAAI,EAAE,EACrB,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAC3B,EAAE,EACF,CAAC,CAAC,WAAW,EACb,EAAE,EACF,mBAAmB,CAAC,CAAC,GAAG,EAAE,EAC1B,EAAE,CACH,CAAC;QAEF,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
1	+ {"version":3,"file":"fix-code.js","sourceRoot":"","sources":["../../src/tools/fix-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAc5D;;GAEG;AACH,MAAM,UAAU,OAAO,CACrB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAA8B,MAAM,EACpC,KAAsB;IAEtB,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAE7F,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,8EAA8E,CAAC;IACxF,CAAC;IAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAE3D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,MAAM,EAAE,cAAc;YACtB,KAAK,EAAE,WAAW,CAAC,MAAM;YACzB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,iBAAiB,CAAC,WAAW,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAmB,EAAE,IAAY;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,2BAA2B;QAC3B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEd,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEjD,WAAW,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE;YACvB,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;YAC3B,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;YAC/B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,WAAW;YACrC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;YACrB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO;YAC7B,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhG,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,yFAAyF;AACzF,SAAS,aAAa,CAAC,OAAgB,EAAE,UAAkB;IACzD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzB,qDAAqD;IACrD,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;QAC7D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACpE,MAAM,KAAK,GAAG,+BAA+B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/D,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC1E,OAAO,eAAe,UAAU,CAAC,IAAI,EAAE,sBAAsB,OAAO,kBAAkB,OAAO,GAAG,CAAC;QACnG,CAAC;QACD,OAAO,0FAA0F,CAAC;IACpG,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAC/F,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,8CAA8C,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,gBAAgB,KAAK,CAAC,CAAC,CAAC,qDAAqD,CAAC;QACxJ,CAAC;QACD,OAAO,yDAAyD,CAAC;IACnE,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;QACpD,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACzC,OAAO,uKAAuK,CAAC;IACjL,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACpE,OAAO,0HAA0H,CAAC;IACpI,CAAC;IAED,8CAA8C;IAC9C,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAClD,OAAO,2IAA2I,CAAC;IACrJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAChC,OAAO,4IAA4I,CAAC;IACtJ,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAClD,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACrC,OAAO,eAAe,UAAU,CAAC,IAAI,EAAE,gBAAgB,UAAU,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;QACjH,CAAC;QACD,OAAO,oFAAoF,CAAC;IAC9F,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3D,OAAO,2IAA2I,CAAC;IACrJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3D,OAAO,uQAAuQ,CAAC;IACjR,CAAC;IAED,sDAAsD;IACtD,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,mHAAmH,CAAC;IAC7H,CAAC;IAED,mCAAmC;IACnC,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,qPAAqP,CAAC;IAC/P,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACzC,OAAO,kIAAkI,CAAC;IAC5I,CAAC;IAED,0BAA0B;IAC1B,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,6GAA6G,CAAC;IACvH,CAAC;IAED,qBAAqB;IACrB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,uIAAuI,CAAC;IACjJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACzC,OAAO,qGAAqG,CAAC;IAC/G,CAAC;IAED,6BAA6B;IAC7B,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,4HAA4H,CAAC;IACtI,CAAC;IAED,wBAAwB;IACxB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,2PAA2P,CAAC;IACrQ,CAAC;IAED,4CAA4C;IAC5C,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,0KAA0K,CAAC;IACpL,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACzC,OAAO,4IAA4I,CAAC;IACtJ,CAAC;IAED,wCAAwC;IACxC,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,4IAA4I,CAAC;IACtJ,CAAC;IAED,mCAAmC;IACnC,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,oHAAoH,CAAC;IAC9H,CAAC;IAED,iBAAiB;IACjB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,uDAAuD,CAAC;IACxF,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,2DAA2D,CAAC;IAE5F,sBAAsB;IACtB,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,wDAAwD,CAAC;IAE1G,yBAAyB;IACzB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,qFAAqF,CAAC;IAEtH,sBAAsB;IACtB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,6DAA6D,CAAC;IAC9F,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,wEAAwE,CAAC;IAEzG,uBAAuB;IACvB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,wGAAwG,CAAC;IACzI,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,2GAA2G,CAAC;IAC5I,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,6DAA6D,CAAC;IAC9F,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,kGAAkG,CAAC;IAEnI,4BAA4B;IAC5B,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,iDAAiD,CAAC;IAElF,gCAAgC;IAChC,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,uDAAuD,CAAC;IAExF,sBAAsB;IACtB,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,6JAA6J,CAAC;IAE9L,6BAA6B;IAC7B,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,+HAA+H,CAAC;IAEhK,4BAA4B;IAC5B,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,0EAA0E,CAAC;IAE3G,uCAAuC;IACvC,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO;QAAE,OAAO,mMAAmM,CAAC;IAEpO,0CAA0C;IAC1C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO,2BAA2B,IAAI,CAAC,OAAO,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAA4B;IACrD,MAAM,KAAK,GAAG;QACZ,kCAAkC;QAClC,EAAE;QACF,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,EAAE;QACF,wDAAwD;QACxD,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE1C,KAAK,CAAC,IAAI,CACR,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,MAAM,GAAG,EAC9C,EAAE,EACF,iBAAiB,QAAQ,EAAE,EAC3B,aAAa,CAAC,CAAC,IAAI,EAAE,EACrB,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAC3B,EAAE,EACF,CAAC,CAAC,WAAW,EACb,EAAE,EACF,mBAAmB,CAAC,CAAC,GAAG,EAAE,EAC1B,EAAE,CACH,CAAC;QAEF,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/repo-posture.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare function repoSecurityPosture(path: string, format?: "markdown" \| "json"): string;
2	+ //# sourceMappingURL=repo-posture.d.ts.map

package/build/tools/repo-posture.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"repo-posture.d.ts","sourceRoot":"","sources":["../../src/tools/repo-posture.ts"],"names":[],"mappings":"AAwDA,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,GAAE,UAAU,GAAG,MAAmB,GAAG,MAAM,CAyIlG"}

package/build/tools/repo-posture.js ADDED Viewed

@@ -0,0 +1,178 @@
+import { readdirSync, readFileSync, existsSync } from "fs";
+import { join, resolve } from "path";
+function tryRead(path) {
+    try {
+        return existsSync(path) ? readFileSync(path, "utf-8") : null;
+    }
+    catch {
+        return null;
+    }
+}
+function countFiles(dir, depth = 0) {
+    if (depth > 5)
+        return { files: 0, dirs: 0 };
+    let files = 0, dirs = 0;
+    const skip = new Set(["node_modules", ".git", ".next", "build", "dist", "coverage"]);
+    try {
+        for (const entry of readdirSync(dir, { withFileTypes: true })) {
+            if (skip.has(entry.name))
+                continue;
+            if (entry.isDirectory()) {
+                dirs++;
+                const sub = countFiles(join(dir, entry.name), depth + 1);
+                files += sub.files;
+                dirs += sub.dirs;
+            }
+            else if (entry.isFile())
+                files++;
+        }
+    }
+    catch { /* skip */ }
+    return { files, dirs };
+}
+function findFiles(dir, patterns, depth = 0) {
+    if (depth > 6)
+        return [];
+    const results = [];
+    const skip = new Set(["node_modules", ".git", ".next", "build", "dist", "coverage"]);
+    try {
+        for (const entry of readdirSync(dir, { withFileTypes: true })) {
+            if (skip.has(entry.name))
+                continue;
+            const full = join(dir, entry.name);
+            if (entry.isDirectory())
+                results.push(...findFiles(full, patterns, depth + 1));
+            else if (entry.isFile()) {
+                const name = entry.name.toLowerCase();
+                if (patterns.some(p => name.includes(p)))
+                    results.push(full);
+            }
+        }
+    }
+    catch { /* skip */ }
+    return results;
+}
+export function repoSecurityPosture(path, format = "markdown") {
+    const root = resolve(path);
+    const pkg = tryRead(join(root, "package.json"));
+    const deps = pkg ? Object.keys({ ...JSON.parse(pkg).dependencies, ...JSON.parse(pkg).devDependencies }) : [];
+    const has = (s) => deps.some(d => d.includes(s));
+    const { files, dirs } = countFiles(root);
+    const sensitiveAreas = [];
+    const highRiskWorkflows = [];
+    const priorityFixes = [];
+    const guardRecommendations = [];
+    // --- Auth surface ---
+    const hasAuth = has("clerk") || has("next-auth") || has("@auth/") || has("@supabase/auth") || has("firebase");
+    const authFiles = findFiles(root, ["auth", "login", "signup", "session", "middleware", "proxy"]);
+    if (authFiles.length > 0) {
+        sensitiveAreas.push({ name: "Authentication", risk: "critical", files: authFiles.slice(0, 10),
+            description: "Auth logic — any vulnerability here means full account takeover." });
+        guardRecommendations.push("Enable strict review for auth/ and middleware files.");
+    }
+    // --- Payment surface ---
+    const hasPayments = has("stripe") || has("@polar") || has("lemonsqueezy");
+    const paymentFiles = findFiles(root, ["payment", "stripe", "checkout", "billing", "subscription", "webhook"]);
+    if (paymentFiles.length > 0) {
+        sensitiveAreas.push({ name: "Payments", risk: "critical", files: paymentFiles.slice(0, 10),
+            description: "Payment flow — financial impact, PCI-DSS scope." });
+        highRiskWorkflows.push("Payment webhook endpoints must verify signatures.");
+        guardRecommendations.push("Block PRs touching payment files without review.");
+    }
+    // --- PII / user data ---
+    const hasPII = has("prisma") || has("drizzle") || has("@supabase") || has("mongoose");
+    const piiFiles = findFiles(root, ["user", "profile", "account", "patient", "customer", "personal"]);
+    if (piiFiles.length > 0) {
+        sensitiveAreas.push({ name: "PII / User Data", risk: "high", files: piiFiles.slice(0, 10),
+            description: "Contains user personal data — GDPR/CCPA scope." });
+        priorityFixes.push("Ensure all PII queries have access control (RLS or WHERE userId).");
+    }
+    // --- Admin surface ---
+    const adminFiles = findFiles(root, ["admin", "dashboard", "internal", "management"]);
+    if (adminFiles.length > 0) {
+        sensitiveAreas.push({ name: "Admin / Internal", risk: "high", files: adminFiles.slice(0, 10),
+            description: "Admin interfaces — privilege escalation target." });
+        guardRecommendations.push("Admin routes need role-based access control check.");
+    }
+    // --- API surface ---
+    const apiFiles = findFiles(root, ["route.ts", "route.js", "api"]);
+    if (apiFiles.length > 0) {
+        sensitiveAreas.push({ name: "API Surface", risk: "medium", files: apiFiles.slice(0, 10),
+            description: `${apiFiles.length} API endpoints — attack surface for injection and auth bypass.` });
+        if (apiFiles.length > 20)
+            highRiskWorkflows.push("Large API surface — consider API gateway rate limiting.");
+    }
+    // --- Infrastructure ---
+    const hasInfra = existsSync(join(root, "Dockerfile")) || existsSync(join(root, "docker-compose.yml")) ||
+        existsSync(join(root, "terraform")) || existsSync(join(root, ".github/workflows"));
+    const infraFiles = findFiles(root, ["dockerfile", "docker-compose", ".tf", "workflow", "deploy"]);
+    if (infraFiles.length > 0) {
+        sensitiveAreas.push({ name: "Infrastructure / CI/CD", risk: "high", files: infraFiles.slice(0, 10),
+            description: "Infrastructure configs — supply chain and deployment risks." });
+        highRiskWorkflows.push("CI/CD config changes should require approval.");
+    }
+    // --- Secrets ---
+    const envFiles = [".env", ".env.local", ".env.production", ".env.example"].filter(f => existsSync(join(root, f)));
+    if (envFiles.length > 0) {
+        const gitignore = tryRead(join(root, ".gitignore")) ?? "";
+        if (!/\.env/.test(gitignore)) {
+            priorityFixes.push("CRITICAL: .env files not in .gitignore — secrets at risk!");
+        }
+        sensitiveAreas.push({ name: "Secrets / Config", risk: "critical", files: envFiles.map(f => join(root, f)),
+            description: `${envFiles.length} env file(s) with potential secrets.` });
+    }
+    // --- Risk profile ---
+    const criticalAreas = sensitiveAreas.filter(a => a.risk === "critical").length;
+    const highAreas = sensitiveAreas.filter(a => a.risk === "high").length;
+    const riskProfile = criticalAreas >= 2 ? "critical" : criticalAreas >= 1 ? "high" : highAreas >= 2 ? "medium" : "low";
+    // --- Guard mode recommendation ---
+    if (riskProfile === "critical" || riskProfile === "high") {
+        guardRecommendations.push("Run GuardVibe on every PR (review_pr with fail_on=high).");
+        guardRecommendations.push("Enable pre-commit hook (guardvibe hook install).");
+        guardRecommendations.push("Run scan_secrets_history to check for leaked secrets in git history.");
+    }
+    if (hasPayments)
+        guardRecommendations.push("Run policy_check with PCI-DSS framework.");
+    if (hasPII)
+        guardRecommendations.push("Run policy_check with GDPR framework.");
+    const result = {
+        riskProfile,
+        summary: `${files} files across ${sensitiveAreas.length} sensitive areas. Risk: ${riskProfile.toUpperCase()}.`,
+        sensitiveAreas,
+        guardRecommendations,
+        highRiskWorkflows,
+        priorityFixes,
+        stats: { files, dirs, hasAuth, hasPayments, hasPII, hasInfra },
+    };
+    if (format === "json")
+        return JSON.stringify(result);
+    const lines = [
+        `# GuardVibe Repository Security Posture`,
+        ``,
+        `**Risk Profile:** ${riskProfile.toUpperCase()}`,
+        `**Files:** ${files} | **Sensitive Areas:** ${sensitiveAreas.length}`,
+        ``,
+    ];
+    if (sensitiveAreas.length > 0) {
+        lines.push(`## Sensitive Areas`, ``);
+        for (const area of sensitiveAreas) {
+            lines.push(`### [${area.risk.toUpperCase()}] ${area.name}`, area.description, `Files: ${area.files.slice(0, 5).map(f => f.replace(root, ".")).join(", ")}`, ``);
+        }
+    }
+    if (highRiskWorkflows.length > 0) {
+        lines.push(`## High-Risk Workflows`, ``);
+        highRiskWorkflows.forEach(w => lines.push(`- ${w}`));
+        lines.push(``);
+    }
+    if (priorityFixes.length > 0) {
+        lines.push(`## Priority Fixes`, ``);
+        priorityFixes.forEach(f => lines.push(`- ${f}`));
+        lines.push(``);
+    }
+    if (guardRecommendations.length > 0) {
+        lines.push(`## Guard Mode Recommendations`, ``);
+        guardRecommendations.forEach(r => lines.push(`- ${r}`));
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=repo-posture.js.map

package/build/tools/repo-posture.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"repo-posture.js","sourceRoot":"","sources":["../../src/tools/repo-posture.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAY,MAAM,IAAI,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAqB,MAAM,MAAM,CAAC;AAmBxD,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,CAAC;QAAC,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AAC9F,CAAC;AAED,SAAS,UAAU,CAAC,GAAW,EAAE,QAAgB,CAAC;IAChD,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC5C,IAAI,KAAK,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC;IACxB,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;IACrF,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YACnC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBAAC,IAAI,EAAE,CAAC;gBAAC,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;gBAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC;gBAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC;YAAC,CAAC;iBAC/H,IAAI,KAAK,CAAC,MAAM,EAAE;gBAAE,KAAK,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACtB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,QAAkB,EAAE,QAAgB,CAAC;IACnE,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;IACrF,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,WAAW,EAAE;gBAAE,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;iBAC1E,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACtC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACtB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAY,EAAE,SAA8B,UAAU;IACxF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7G,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzD,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,cAAc,GAAkB,EAAE,CAAC;IACzC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,oBAAoB,GAAa,EAAE,CAAC;IAE1C,uBAAuB;IACvB,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9G,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;IACjG,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC3F,WAAW,EAAE,kEAAkE,EAAE,CAAC,CAAC;QACrF,oBAAoB,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;IACpF,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;IAC1E,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9G,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACxF,WAAW,EAAE,iDAAiD,EAAE,CAAC,CAAC;QACpE,iBAAiB,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5E,oBAAoB,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAChF,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;IACpG,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACvF,WAAW,EAAE,gDAAgD,EAAE,CAAC,CAAC;QACnE,aAAa,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAC1F,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,CAAC;IACrF,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC1F,WAAW,EAAE,iDAAiD,EAAE,CAAC,CAAC;QACpE,oBAAoB,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IAClF,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;IAClE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACrF,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,gEAAgE,EAAE,CAAC,CAAC;QACrG,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE;YAAE,iBAAiB,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;IAC9G,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QACnG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACrF,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClG,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAChG,WAAW,EAAE,6DAA6D,EAAE,CAAC,CAAC;QAChF,iBAAiB,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC1E,CAAC;IAED,kBAAkB;IAClB,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAE,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAClH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,aAAa,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAClF,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACvG,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,sCAAsC,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,uBAAuB;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAiC,aAAa,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;IAEpJ,oCAAoC;IACpC,IAAI,WAAW,KAAK,UAAU,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QACzD,oBAAoB,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QACtF,oBAAoB,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC9E,oBAAoB,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,WAAW;QAAE,oBAAoB,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IACvF,IAAI,MAAM;QAAE,oBAAoB,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IAE/E,MAAM,MAAM,GAAkB;QAC5B,WAAW;QACX,OAAO,EAAE,GAAG,KAAK,iBAAiB,cAAc,CAAC,MAAM,2BAA2B,WAAW,CAAC,WAAW,EAAE,GAAG;QAC9G,cAAc;QACd,oBAAoB;QACpB,iBAAiB;QACjB,aAAa;QACb,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;KAC/D,CAAC;IAEF,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAErD,MAAM,KAAK,GAAG;QACZ,yCAAyC;QACzC,EAAE;QACF,qBAAqB,WAAW,CAAC,WAAW,EAAE,EAAE;QAChD,cAAc,KAAK,2BAA2B,cAAc,CAAC,MAAM,EAAE;QACrE,EAAE;KACH,CAAC;IAEF,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;QACrC,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,WAAW,EAC1E,UAAU,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAC;QACzC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC;QACpC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,CAAC,CAAC;QAChD,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/review-pr.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"review-pr.d.ts","sourceRoot":"","sources":["../../src/tools/review-pr.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;~~AA0F3D~~,wBAAgB,QAAQ,CACtB,GAAG,GAAE,MAAsB,EAC3B,IAAI,GAAE,MAAe,EACrB,MAAM,GAAE,UAAU,GAAG,MAAM,GAAG,aAA0B,EACxD,QAAQ,GAAE,OAAc,EACxB,MAAM,GAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAe,EAChE,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,~~CA8HR~~"}
1	+ {"version":3,"file":"review-pr.d.ts","sourceRoot":"","sources":["../../src/tools/review-pr.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AA0H3D,wBAAgB,QAAQ,CACtB,GAAG,GAAE,MAAsB,EAC3B,IAAI,GAAE,MAAe,EACrB,MAAM,GAAE,UAAU,GAAG,MAAM,GAAG,aAA0B,EACxD,QAAQ,GAAE,OAAc,EACxB,MAAM,GAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAe,EAChE,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CAsIR"}

package/build/tools/review-pr.js CHANGED Viewed

@@ -57,6 +57,47 @@ function detectLanguage(filePath) {
         return "dockerfile";
     return CONFIG_FILE_MAP[basename(filePath)] ?? null;
 }
+function assessConfidence(rule, match) {
+    // Higher confidence for specific patterns (secrets, hardcoded values)
+    if (rule.id.startsWith("VG0") || rule.id.startsWith("VG6"))
+        return 0.95; // core + secrets
+    if (rule.severity === "critical")
+        return 0.90;
+    if (rule.severity === "high")
+        return 0.80;
+    if (rule.severity === "medium")
+        return 0.70;
+    return 0.60;
+}
+function assessExploitability(rule) {
+    // Hardcoded secrets, SQL injection, XSS = proven exploitable
+    if (["VG001", "VG002", "VG003", "VG010", "VG042", "VG408"].includes(rule.id))
+        return "proven";
+    if (rule.severity === "critical")
+        return "likely";
+    if (rule.severity === "high")
+        return "possible";
+    return "theoretical";
+}
+function detectImpactArea(file, rule) {
+    if (file.includes("/api/") || file.includes("route."))
+        return "API surface";
+    if (file.includes("middleware") || file.includes("proxy."))
+        return "Auth/routing layer";
+    if (file.includes("action") || file.includes("server"))
+        return "Server action";
+    if (file.includes(".env"))
+        return "Secrets/config";
+    if (file.includes("payment") || file.includes("stripe") || file.includes("checkout"))
+        return "Payment flow";
+    if (file.includes("auth") || file.includes("login") || file.includes("session"))
+        return "Authentication";
+    if (rule.compliance?.some(c => c.includes("PCI")))
+        return "Payment/PCI scope";
+    if (rule.compliance?.some(c => c.includes("HIPAA")))
+        return "Healthcare/PHI scope";
+    return "Application code";
+}
 function severityToLevel(severity) {
     if (severity === "critical" || severity === "high")
         return "failure";
@@ -87,7 +128,12 @@ export function reviewPr(cwd = process.cwd(), base = "main", format = "markdown"
         const findings = analyzeCode(content, language, undefined, file, cwd, rules);
         for (const f of findings) {
             const inDiff = isLineInDiff(f.line, hunks);
-            allFindings.push({ rule: f.rule, match: f.match, line: f.line, file, inDiff });
+            allFindings.push({
+                rule: f.rule, match: f.match, line: f.line, file, inDiff,
+                confidence: assessConfidence(f.rule, f.match),
+                exploitability: assessExploitability(f.rule),
+                impactArea: detectImpactArea(file, f.rule),
+            });
         }
     }
     const reportFindings = diffOnly ? allFindings.filter(f => f.inDiff) : allFindings;
@@ -124,6 +170,9 @@ export function reviewPr(cwd = process.cwd(), base = "main", format = "markdown"
                 owasp: f.rule.owasp, file: f.file, line: f.line, match: f.match,
                 inDiff: f.inDiff, fix: f.rule.fix, fixCode: f.rule.fixCode,
                 compliance: f.rule.compliance,
+                confidence: f.confidence,
+                exploitability: f.exploitability,
+                impactArea: f.impactArea,
             })),
         });
     }

package/build/tools/review-pr.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"review-pr.js","sourceRoot":"","sources":["../../src/tools/review-pr.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAG5D,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;IACnD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CACjC,CAAC;AAEF,MAAM,eAAe,GAA2B;IAC9C,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,eAAe,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe;IACxG,oBAAoB,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,gBAAgB;CAChF,CAAC;AAwBF,SAAS,OAAO,CAAC,IAAc,EAAE,GAAW;IAC1C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,GAAW,EAAE,IAAY;IAChD,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3D,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,IAAY,EAAE,IAAY;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,MAAM,WAAW,GAAG,+CAA+C,CAAC;IACpE,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,IAAY;IAC/C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACnG,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,KAAiB;IACnD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,GAAG,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,aAAa;QAAE,OAAO,YAAY,CAAC;IAC9F,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAC;AACrD,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IACrE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,QAAQ,CACtB,MAAc,OAAO,CAAC,GAAG,EAAE,EAC3B,OAAe,MAAM,EACrB,SAA8C,UAAU,EACxD,WAAoB,IAAI,EACxB,SAA0D,MAAM,EAChE,KAAsB;IAEtB,MAAM,YAAY,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAChD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,IAAI,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAChG,IAAI,MAAM,KAAK,aAAa;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,kDAAkD,CAAC;IAC5D,CAAC;IAED,MAAM,WAAW,GAAgB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAE7E,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC3C,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IAElF,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACnF,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC3E,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC;IAEpC,MAAM,cAAc,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC3F,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/C,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,MAAM,OAAO,GAAG,SAAS,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAE/G,qDAAqD;IACrD,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAuB,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/D,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,UAAU,EAAE,CAAC,CAAC,IAAI;YAClB,QAAQ,EAAE,CAAC,CAAC,IAAI;YAChB,gBAAgB,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;YAClD,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;SAC1E,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE;gBACP,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM;gBAC7B,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,MAAM;gBAC7D,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI;aAChC;YACD,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACjC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBAC3D,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;gBAC/D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO;gBAC1D,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;aAC9B,CAAC,CAAC;SACJ,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5E,MAAM,KAAK,GAAa;QACtB,iCAAiC;QACjC,EAAE;QACF,aAAa,IAAI,yBAAyB,YAAY,CAAC,MAAM,mBAAmB,YAAY,CAAC,MAAM,EAAE;QACrG,aAAa,QAAQ,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,WAAW,EAAE;QAC9D,EAAE;KACH,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,uCAAuC,EAAE,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,2BAA2B,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,gBAAgB,CAAC,CAAC;QACpG,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,gBAAgB,CAAC,MAAM,4CAA4C,CAAC,CAAC;QAChG,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAC3D,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,QAAQ,IAAI,CAAC,CAAC;IAC3D,IAAI,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC;IAC/C,IAAI,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,IAAI,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC5C,KAAK,CAAC,IAAI,CACR,QAAQ,KAAK,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE,EACjE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAClB,CAAC;YACF,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YAC3E,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,gBAAgB,CAAC,MAAM,wDAAwD,CAAC,CAAC;IAC7G,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
1	+ {"version":3,"file":"review-pr.js","sourceRoot":"","sources":["../../src/tools/review-pr.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAG5D,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;IACnD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CACjC,CAAC;AAEF,MAAM,eAAe,GAA2B;IAC9C,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,eAAe,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe;IACxG,oBAAoB,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,gBAAgB;CAChF,CAAC;AA2BF,SAAS,OAAO,CAAC,IAAc,EAAE,GAAW;IAC1C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,GAAW,EAAE,IAAY;IAChD,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3D,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,IAAY,EAAE,IAAY;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,MAAM,WAAW,GAAG,+CAA+C,CAAC;IACpE,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,IAAY;IAC/C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACnG,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,KAAiB;IACnD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,GAAG,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,aAAa;QAAE,OAAO,YAAY,CAAC;IAC9F,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAkB,EAAE,KAAa;IACzD,sEAAsE;IACtE,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,iBAAiB;IAC1F,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC5C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAkB;IAC9C,6DAA6D;IAC7D,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC9F,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;QAAE,OAAO,UAAU,CAAC;IAChD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,IAAkB;IACxD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,aAAa,CAAC;IAC5E,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,oBAAoB,CAAC;IACxF,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAC;IAC/E,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,cAAc,CAAC;IAC5G,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACzG,IAAI,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAC9E,IAAI,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAAE,OAAO,sBAAsB,CAAC;IACnF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IACrE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,QAAQ,CACtB,MAAc,OAAO,CAAC,GAAG,EAAE,EAC3B,OAAe,MAAM,EACrB,SAA8C,UAAU,EACxD,WAAoB,IAAI,EACxB,SAA0D,MAAM,EAChE,KAAsB;IAEtB,MAAM,YAAY,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAChD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,IAAI,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAChG,IAAI,MAAM,KAAK,aAAa;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,kDAAkD,CAAC;IAC5D,CAAC;IAED,MAAM,WAAW,GAAgB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAE7E,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC3C,WAAW,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM;gBACxD,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC;gBAC7C,cAAc,EAAE,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC5C,UAAU,EAAE,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;aAC3C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IAElF,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACnF,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC3E,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC;IAEpC,MAAM,cAAc,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC3F,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/C,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,MAAM,OAAO,GAAG,SAAS,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAE/G,qDAAqD;IACrD,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAuB,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/D,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,UAAU,EAAE,CAAC,CAAC,IAAI;YAClB,QAAQ,EAAE,CAAC,CAAC,IAAI;YAChB,gBAAgB,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;YAClD,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;SAC1E,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE;gBACP,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM;gBAC7B,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,MAAM;gBAC7D,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI;aAChC;YACD,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACjC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBAC3D,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;gBAC/D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO;gBAC1D,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;gBAC7B,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAC,CAAC;SACJ,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5E,MAAM,KAAK,GAAa;QACtB,iCAAiC;QACjC,EAAE;QACF,aAAa,IAAI,yBAAyB,YAAY,CAAC,MAAM,mBAAmB,YAAY,CAAC,MAAM,EAAE;QACrG,aAAa,QAAQ,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,WAAW,EAAE;QAC9D,EAAE;KACH,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,uCAAuC,EAAE,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,2BAA2B,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,gBAAgB,CAAC,CAAC;QACpG,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,gBAAgB,CAAC,MAAM,4CAA4C,CAAC,CAAC;QAChG,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAC3D,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,QAAQ,IAAI,CAAC,CAAC;IAC3D,IAAI,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC;IAC/C,IAAI,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,IAAI,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC5C,KAAK,CAAC,IAAI,CACR,QAAQ,KAAK,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE,EACjE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAClB,CAAC;YACF,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YAC3E,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,gBAAgB,CAAC,MAAM,wDAAwD,CAAC,CAAC;IAC7G,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/scan-config-change.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Config change analyzer — compares before/after config to detect security downgrades.
+ */
+export interface ConfigChangeFinding {
+    severity: "critical" | "high" | "medium" | "low";
+    category: string;
+    title: string;
+    description: string;
+    recommendation: string;
+}
+export declare function scanConfigChange(before: string, after: string, filePath?: string, format?: "markdown" | "json"): string;
+//# sourceMappingURL=scan-config-change.d.ts.map

package/build/tools/scan-config-change.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scan-config-change.d.ts","sourceRoot":"","sources":["../../src/tools/scan-config-change.ts"],"names":[],"mappings":"AACA;;GAEG;AAEH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AA0DD,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAiB,EAC1D,MAAM,GAAE,UAAU,GAAG,MAAe,GACnC,MAAM,CA8CR"}