guardvibe 1.6.0 → 1.6.1

package/README.md

@@ -1,6 +1,6 @@
 # GuardVibe
 
-**The security MCP built for vibe coding.** 239 security rules covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 243 security rules covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, Windsurf**, and any MCP-compatible coding agent.
 
@@ -8,7 +8,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, Windsurf**, and any MCP-com
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **239 security rules** purpose-built for the stacks AI agents generate
+- **243 security rules** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -34,7 +34,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | CVE version detection | 21 packages | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 239 (focused) | 5000+ (broad) | N/A |
+| Rule count | 243 (focused) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -146,7 +146,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (239 rules across 23 modules)
+## Security Rules (243 rules across 23 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|

package/build/cli.d.ts

@@ -1,3 +1,2 @@
 #!/usr/bin/env node
 export {};
-//# sourceMappingURL=cli.d.ts.map

package/build/cli.js

@@ -422,4 +422,3 @@ async function main() {
         process.exit(1);
     }
 }
-//# sourceMappingURL=cli.js.map

package/build/data/compliance-metadata.d.ts

@@ -21,4 +21,3 @@ export declare function enrichRulesWithCompliance<T extends {
     audit?: string;
 }>(rules: T[]): T[];
 export {};
-//# sourceMappingURL=compliance-metadata.d.ts.map

package/build/data/compliance-metadata.js

@@ -271,4 +271,3 @@ export function enrichRulesWithCompliance(rules) {
     }
     return rules;
 }
-//# sourceMappingURL=compliance-metadata.js.map

package/build/data/framework-guides.d.ts

@@ -5,4 +5,3 @@ export interface SecurityGuide {
     content: string;
 }
 export declare const frameworkGuides: SecurityGuide[];
-//# sourceMappingURL=framework-guides.d.ts.map

package/build/data/framework-guides.js

@@ -786,4 +786,3 @@ throw new TRPCError({
 `,
     },
 ];
-//# sourceMappingURL=framework-guides.js.map

package/build/data/rules/ai-security.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const aiSecurityRules: SecurityRule[];
-//# sourceMappingURL=ai-security.d.ts.map

package/build/data/rules/ai-security.js

@@ -172,4 +172,3 @@ export const aiSecurityRules = [
         compliance: ["SOC2:CC7.1"],
     },
 ];
-//# sourceMappingURL=ai-security.js.map

package/build/data/rules/api-security.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const apiSecurityRules: SecurityRule[];
-//# sourceMappingURL=api-security.d.ts.map

package/build/data/rules/api-security.js

@@ -129,4 +129,3 @@ export const apiSecurityRules = [
         compliance: ["SOC2:CC7.2"],
     },
 ];
-//# sourceMappingURL=api-security.js.map

package/build/data/rules/auth.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const authRules: SecurityRule[];
-//# sourceMappingURL=auth.d.ts.map

package/build/data/rules/auth.js

@@ -198,4 +198,3 @@ export const authRules = [
         compliance: ["SOC2:CC6.6"],
     },
 ];
-//# sourceMappingURL=auth.js.map

package/build/data/rules/cicd.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const cicdRules: SecurityRule[];
-//# sourceMappingURL=cicd.d.ts.map

package/build/data/rules/cicd.js

@@ -44,4 +44,3 @@ export const cicdRules = [
         fixCode: "# Use least-privilege permissions\npermissions:\n  contents: read\n  pull-requests: write",
     },
 ];
-//# sourceMappingURL=cicd.js.map

package/build/data/rules/core.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const coreRules: SecurityRule[];
-//# sourceMappingURL=core.d.ts.map

package/build/data/rules/core.js

@@ -299,4 +299,3 @@ export const coreRules = [
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
 ];
-//# sourceMappingURL=core.js.map

package/build/data/rules/cve-versions.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const cveVersionRules: SecurityRule[];
-//# sourceMappingURL=cve-versions.d.ts.map

package/build/data/rules/cve-versions.js

@@ -242,4 +242,3 @@ export const cveVersionRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=cve-versions.js.map

package/build/data/rules/database.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const databaseRules: SecurityRule[];
-//# sourceMappingURL=database.d.ts.map

package/build/data/rules/database.js

@@ -100,4 +100,3 @@ export const databaseRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=database.js.map

package/build/data/rules/deployment.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const deploymentRules: SecurityRule[];
-//# sourceMappingURL=deployment.d.ts.map

package/build/data/rules/deployment.js

@@ -195,4 +195,3 @@ export const deploymentRules = [
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req4.1"],
     },
 ];
-//# sourceMappingURL=deployment.js.map

package/build/data/rules/dockerfile.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const dockerfileRules: SecurityRule[];
-//# sourceMappingURL=dockerfile.d.ts.map

package/build/data/rules/dockerfile.js

@@ -55,4 +55,3 @@ export const dockerfileRules = [
         fixCode: "# Use COPY for local files\nCOPY ./src /app/src\n# Only use ADD for remote files or tar extraction\n# ADD https://example.com/file.tar.gz /app/",
     },
 ];
-//# sourceMappingURL=dockerfile.js.map

package/build/data/rules/firebase.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const firebaseRules: SecurityRule[];
-//# sourceMappingURL=firebase.d.ts.map

package/build/data/rules/firebase.js

@@ -84,4 +84,3 @@ export const firebaseRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=firebase.js.map

package/build/data/rules/go.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const goRules: SecurityRule[];
-//# sourceMappingURL=go.d.ts.map

package/build/data/rules/go.js

@@ -67,4 +67,3 @@ export const goRules = [
         fixCode: "// Specify allowed origins\nw.Header().Set(\"Access-Control-Allow-Origin\", \"https://myapp.com\")",
     },
 ];
-//# sourceMappingURL=go.js.map

package/build/data/rules/index.d.ts

@@ -1,4 +1,3 @@
 export type { SecurityRule } from "./types.js";
 export declare const owaspRules: import("./types.js").SecurityRule[];
 export declare const builtinRules: import("./types.js").SecurityRule[];
-//# sourceMappingURL=index.d.ts.map

package/build/data/rules/index.js

@@ -47,4 +47,3 @@ export const owaspRules = enrichRulesWithCompliance([
 ]);
 // Alias for clarity — these are the built-in rules without plugins
 export const builtinRules = owaspRules;
-//# sourceMappingURL=index.js.map

package/build/data/rules/modern-stack.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const modernStackRules: SecurityRule[];
-//# sourceMappingURL=modern-stack.d.ts.map

package/build/data/rules/modern-stack.js

@@ -411,4 +411,3 @@ export const modernStackRules = [
         compliance: ["SOC2:CC6.6"],
     },
 ];
-//# sourceMappingURL=modern-stack.js.map

package/build/data/rules/nextjs.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const nextjsRules: SecurityRule[];
-//# sourceMappingURL=nextjs.d.ts.map

package/build/data/rules/nextjs.js

@@ -157,4 +157,3 @@ export const nextjsRules = [
         compliance: ["SOC2:CC6.1", "HIPAA:§164.312(a)"],
     },
 ];
-//# sourceMappingURL=nextjs.js.map

package/build/data/rules/other-services.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const otherServiceRules: SecurityRule[];
-//# sourceMappingURL=other-services.d.ts.map

package/build/data/rules/other-services.js

@@ -60,4 +60,3 @@ export const otherServiceRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=other-services.js.map

package/build/data/rules/payments.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const paymentRules: SecurityRule[];
-//# sourceMappingURL=payments.d.ts.map

package/build/data/rules/payments.js

@@ -111,4 +111,3 @@ export const paymentRules = [
         compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
     },
 ];
-//# sourceMappingURL=payments.js.map

package/build/data/rules/react-native.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const reactNativeRules: SecurityRule[];
-//# sourceMappingURL=react-native.d.ts.map

package/build/data/rules/react-native.js

@@ -120,4 +120,3 @@ export const reactNativeRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=react-native.js.map

package/build/data/rules/services.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const serviceRules: SecurityRule[];
-//# sourceMappingURL=services.d.ts.map

package/build/data/rules/services.js

@@ -137,4 +137,3 @@ export const serviceRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=services.js.map

package/build/data/rules/shell.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const shellRules: SecurityRule[];
-//# sourceMappingURL=shell.d.ts.map

package/build/data/rules/shell.js

@@ -60,4 +60,3 @@ export const shellRules = [
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
 ];
-//# sourceMappingURL=shell.js.map

package/build/data/rules/sql.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const sqlRules: SecurityRule[];
-//# sourceMappingURL=sql.d.ts.map

package/build/data/rules/sql.js

@@ -48,4 +48,3 @@ export const sqlRules = [
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
 ];
-//# sourceMappingURL=sql.js.map

package/build/data/rules/supply-chain.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const supplyChainRules: SecurityRule[];
-//# sourceMappingURL=supply-chain.d.ts.map

package/build/data/rules/supply-chain.js

@@ -24,5 +24,52 @@ export const supplyChainRules = [
         fixCode: "- uses: actions/checkout@v4\n  with:\n    persist-credentials: false",
         compliance: ["SOC2:CC6.1"],
     },
+    {
+        id: "VG862",
+        name: "Source Map Publish Risk",
+        severity: "critical",
+        owasp: "A05:2021 Security Misconfiguration",
+        description: 'Source map files (.map) expose original source code when published to npm. Anthropic\'s Claude Code source leak (March 2026) was caused by this exact misconfiguration. If tsconfig enables sourceMap and the package lacks .npmignore exclusions, your entire codebase ships to the registry.',
+        pattern: /"sourceMap"\s*:\s*true/g,
+        languages: ["json"],
+        fix: 'Set "sourceMap": false in tsconfig.json for production builds, or add *.map to .npmignore to prevent source maps from being published.',
+        fixCode: '// tsconfig.json — disable source maps for published packages\n{\n  "compilerOptions": {\n    "sourceMap": false,\n    "declarationMap": false\n  }\n}\n\n// Or add to .npmignore:\n// *.map',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG863",
+        name: 'package.json Missing "files" Field',
+        severity: "high",
+        owasp: "A05:2021 Security Misconfiguration",
+        description: 'A publishable npm package without a "files" field in package.json publishes the entire project directory — including src/, .env, test fixtures, and internal configs. Always use "files" to whitelist only build output.',
+        pattern: /"version"\s*:\s*"[^"]*"(?![\s\S]*"files"\s*:)(?![\s\S]*"private"\s*:\s*true)/g,
+        languages: ["json"],
+        fix: 'Add a "files" field to package.json listing only the directories and files needed by consumers (e.g., dist/, build/).',
+        fixCode: '// package.json — whitelist published files\n{\n  "name": "my-package",\n  "version": "1.0.0",\n  "files": [\n    "dist",\n    "build",\n    "README.md"\n  ]\n}',
+        compliance: ["SOC2:CC6.1"],
+    },
+    {
+        id: "VG864",
+        name: '"files" Field Includes Source Code',
+        severity: "high",
+        owasp: "A05:2021 Security Misconfiguration",
+        description: 'The "files" field in package.json includes source directories ("src", ".", or "**"). This publishes raw source code to npm, defeating the purpose of the whitelist. Only compiled output should be listed.',
+        pattern: /"files"\s*:\s*\[[^\]]*(?:"src"|"\.\/?"|"\*\*")[^\]]*\]/g,
+        languages: ["json"],
+        fix: 'Remove "src", ".", and "**" from the "files" array. Only include compiled output directories like "dist" or "build".',
+        fixCode: '// BAD — leaks source code\n// "files": ["src", "dist"]\n\n// GOOD — only build output\n{\n  "files": [\n    "dist",\n    "build"\n  ]\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG865",
+        name: ".npmignore Missing Sensitive File Patterns",
+        severity: "medium",
+        owasp: "A05:2021 Security Misconfiguration",
+        description: ".npmignore exists but does not exclude common sensitive files (*.map, .env, src/). Without these exclusions, source maps, environment secrets, and raw source code can leak into the published package.",
+        pattern: /^(?![\s\S]*\*\.map)(?![\s\S]*\.env)(?![\s\S]*src\/).+/gm,
+        languages: ["shell"],
+        fix: "Add *.map, .env*, src/, and tests/ to .npmignore to prevent accidental publish of sensitive files.",
+        fixCode: "# .npmignore — exclude sensitive files from npm publish\n*.map\n.env\n.env.*\nsrc/\ntests/\n__tests__/\n*.test.*\n*.spec.*\ntsconfig*.json\n.github/",
+        compliance: ["SOC2:CC6.1"],
+    },
 ];
-//# sourceMappingURL=supply-chain.js.map

package/build/data/rules/terraform.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const terraformRules: SecurityRule[];
-//# sourceMappingURL=terraform.d.ts.map

package/build/data/rules/terraform.js

@@ -60,4 +60,3 @@ export const terraformRules = [
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "HIPAA:§164.312(a)"],
     },
 ];
-//# sourceMappingURL=terraform.js.map

package/build/data/rules/types.d.ts

@@ -12,4 +12,3 @@ export interface SecurityRule {
     exploit?: string;
     audit?: string;
 }
-//# sourceMappingURL=types.d.ts.map

package/build/data/rules/types.js

@@ -1,2 +1 @@
 export {};
-//# sourceMappingURL=types.js.map

package/build/data/rules/web-security.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "./types.js";
 export declare const webSecurityRules: SecurityRule[];
-//# sourceMappingURL=web-security.d.ts.map

package/build/data/rules/web-security.js

@@ -174,4 +174,3 @@ export const webSecurityRules = [
         compliance: ["SOC2:CC6.1"],
     },
 ];
-//# sourceMappingURL=web-security.js.map

package/build/data/secret-patterns.d.ts

@@ -6,4 +6,3 @@ export interface SecretPattern {
 }
 export declare const secretPatterns: SecretPattern[];
 export declare function calculateEntropy(str: string): number;
-//# sourceMappingURL=secret-patterns.d.ts.map

package/build/data/secret-patterns.js

@@ -84,4 +84,3 @@ export function calculateEntropy(str) {
     }
     return entropy;
 }
-//# sourceMappingURL=secret-patterns.js.map

package/build/index.d.ts

@@ -1,3 +1,2 @@
 #!/usr/bin/env node
 export {};
-//# sourceMappingURL=index.d.ts.map

package/build/index.js

@@ -313,4 +313,3 @@ main().catch((error) => {
     console.error("Fatal error:", error);
     process.exit(1);
 });
-//# sourceMappingURL=index.js.map

package/build/plugins/loader.d.ts

@@ -15,4 +15,3 @@ export interface LoadedPlugins {
 }
 export declare function discoverPlugins(baseDir: string, configPlugins?: string[]): Promise<LoadedPlugins>;
 export {};
-//# sourceMappingURL=loader.d.ts.map

package/build/plugins/loader.js

@@ -148,4 +148,3 @@ export async function discoverPlugins(baseDir, configPlugins = []) {
     }
     return result;
 }
-//# sourceMappingURL=loader.js.map

package/build/plugins/types.d.ts

@@ -14,4 +14,3 @@ export interface GuardVibePlugin {
     rules?: SecurityRule[];
     tools?: GuardVibeTool[];
 }
-//# sourceMappingURL=types.d.ts.map

package/build/plugins/types.js

@@ -1,2 +1 @@
 export {};
-//# sourceMappingURL=types.js.map

package/build/tools/audit-config.d.ts

@@ -8,4 +8,3 @@ export interface ConfigIssue {
     files: string[];
 }
 export declare function auditConfig(path: string, format?: "markdown" | "json"): string;
-//# sourceMappingURL=audit-config.d.ts.map

package/build/tools/audit-config.js

@@ -367,4 +367,3 @@ export function auditConfig(path, format = "markdown") {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=audit-config.js.map

package/build/tools/check-code.d.ts

@@ -7,4 +7,3 @@ export interface Finding {
 export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, rules?: SecurityRule[]): Finding[];
 export declare function formatFindingsJson(findings: Finding[], extra?: Record<string, unknown>): string;
 export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
-//# sourceMappingURL=check-code.d.ts.map

package/build/tools/check-code.js

@@ -204,4 +204,3 @@ function formatReport(findings, language, framework) {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=check-code.js.map

package/build/tools/check-command.d.ts

@@ -10,4 +10,3 @@ export interface CommandVerdict {
     details: string[];
 }
 export declare function checkCommand(command: string, cwd?: string, branch?: string, format?: "markdown" | "json"): string;
-//# sourceMappingURL=check-command.d.ts.map

package/build/tools/check-command.js

@@ -224,4 +224,3 @@ export function checkCommand(command, cwd = ".", branch, format = "json") {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=check-command.js.map

package/build/tools/check-deps.d.ts

@@ -5,4 +5,3 @@ interface PackageInput {
 }
 export declare function checkDependencies(packages: PackageInput[]): Promise<string>;
 export {};
-//# sourceMappingURL=check-deps.d.ts.map

package/build/tools/check-deps.js

@@ -54,4 +54,3 @@ export async function checkDependencies(packages) {
     }
     return results.join("\n");
 }
-//# sourceMappingURL=check-deps.js.map

package/build/tools/check-package-health.d.ts

@@ -26,4 +26,3 @@ export interface PackageHealthResult {
 export declare function assessPackageRisk(name: string, data: RegistryData): PackageHealthResult;
 export declare function checkPackageHealth(packages: string[], format?: "markdown" | "json"): Promise<string>;
 export {};
-//# sourceMappingURL=check-package-health.d.ts.map

package/build/tools/check-package-health.js

@@ -139,4 +139,3 @@ export async function checkPackageHealth(packages, format = "markdown") {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=check-package-health.js.map

package/build/tools/check-project.d.ts

@@ -5,4 +5,3 @@ interface FileInput {
 }
 export declare function checkProject(files: FileInput[], format?: "markdown" | "json", rules?: SecurityRule[]): string;
 export {};
-//# sourceMappingURL=check-project.d.ts.map

package/build/tools/check-project.js

@@ -158,4 +158,3 @@ export function checkProject(files, format = "markdown", rules) {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=check-project.js.map

package/build/tools/compliance-report.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "../data/rules/types.js";
 export declare function complianceReport(path: string, framework: string, format?: "markdown" | "json", rules?: SecurityRule[], mode?: "full" | "executive"): string;
-//# sourceMappingURL=compliance-report.d.ts.map

package/build/tools/compliance-report.js

@@ -235,4 +235,3 @@ function formatExecutiveSummary(framework, scanRoot, filesScanned, relevant, con
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=compliance-report.js.map

package/build/tools/explain-remediation.d.ts

@@ -12,4 +12,3 @@ export interface RemediationExplanation {
     testStrategy: string;
 }
 export declare function explainRemediation(ruleId: string, code?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
-//# sourceMappingURL=explain-remediation.d.ts.map

package/build/tools/explain-remediation.js

@@ -100,4 +100,3 @@ function getTestStrategy(rule) {
         return "1. Send webhook with valid signature → expect 200\n2. Send with invalid signature → expect 401\n3. Send with missing signature → expect 401";
     return `1. Apply the fix\n2. Run existing tests\n3. Manually verify the affected ${rule.owasp.split(" ")[0]} surface`;
 }
-//# sourceMappingURL=explain-remediation.js.map

package/build/tools/export-sarif.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "../data/rules/types.js";
 export declare function exportSarif(path: string, rules?: SecurityRule[]): string;
-//# sourceMappingURL=export-sarif.d.ts.map

package/build/tools/export-sarif.js

@@ -114,4 +114,3 @@ export function exportSarif(path, rules) {
     };
     return JSON.stringify(sarif, null, 2);
 }
-//# sourceMappingURL=export-sarif.js.map

package/build/tools/fix-code.d.ts

@@ -14,4 +14,3 @@ export interface FixSuggestion {
  * Analyze code and return structured fix suggestions that an AI agent can apply.
  */
 export declare function fixCode(code: string, language: string, framework?: string, filePath?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
-//# sourceMappingURL=fix-code.d.ts.map

package/build/tools/fix-code.js

@@ -231,4 +231,3 @@ function formatFixMarkdown(suggestions) {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=fix-code.js.map

package/build/tools/generate-policy.d.ts

@@ -1,2 +1 @@
 export declare function generatePolicy(path: string, format?: "markdown" | "json"): string;
-//# sourceMappingURL=generate-policy.d.ts.map

package/build/tools/generate-policy.js

@@ -365,4 +365,3 @@ export function generatePolicy(path, format = "markdown") {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=generate-policy.js.map

package/build/tools/get-security-docs.d.ts

@@ -1,2 +1 @@
 export declare function getSecurityDocs(topic: string): string;
-//# sourceMappingURL=get-security-docs.d.ts.map

package/build/tools/get-security-docs.js

@@ -58,4 +58,3 @@ export function getSecurityDocs(topic) {
         `8. Set secure cookie flags (httpOnly, secure, sameSite)`,
     ].join("\n");
 }
-//# sourceMappingURL=get-security-docs.js.map

package/build/tools/policy-check.d.ts

@@ -1,3 +1,2 @@
 import type { SecurityRule } from "../data/rules/types.js";
 export declare function policyCheck(path: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
-//# sourceMappingURL=policy-check.d.ts.map

package/build/tools/policy-check.js

@@ -205,4 +205,3 @@ export function policyCheck(path, format = "markdown", rules) {
     }
     return lines.join("\n");
 }
-//# sourceMappingURL=policy-check.js.map

package/build/tools/repo-posture.d.ts

@@ -1,2 +1 @@
 export declare function repoSecurityPosture(path: string, format?: "markdown" | "json"): string;
-//# sourceMappingURL=repo-posture.d.ts.map