heron-ai 0.1.0

package/dist/src/connectors/index.js

@@ -0,0 +1,13 @@
+import { HttpConnector } from './http-connector.js';
+import { InteractiveConnector } from './interactive-connector.js';
+export function createConnector(config) {
+    switch (config.type) {
+        case 'http':
+            return new HttpConnector(config);
+        case 'interactive':
+            return new InteractiveConnector();
+        default:
+            throw new Error(`Unknown connector type: ${config.type}`);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/src/connectors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/connectors/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAElE,MAAM,UAAU,eAAe,CAAC,MAAoB;IAClD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;QACnC,KAAK,aAAa;YAChB,OAAO,IAAI,oBAAoB,EAAE,CAAC;QACpC;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC"}

package/dist/src/connectors/interactive-connector.d.ts

@@ -0,0 +1,13 @@
+import type { AgentConnector, AgentMetadata } from './types.js';
+/**
+ * Interactive connector — the user manually relays questions to the agent
+ * and pastes back responses. Useful when the agent doesn't have an HTTP API.
+ */
+export declare class InteractiveConnector implements AgentConnector {
+    private rl;
+    constructor();
+    sendMessage(message: string): Promise<string>;
+    getMetadata(): Promise<AgentMetadata>;
+    close(): Promise<void>;
+}
+//# sourceMappingURL=interactive-connector.d.ts.map

package/dist/src/connectors/interactive-connector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive-connector.d.ts","sourceRoot":"","sources":["../../../src/connectors/interactive-connector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhE;;;GAGG;AACH,qBAAa,oBAAqB,YAAW,cAAc;IACzD,OAAO,CAAC,EAAE,CAAqC;;IASzC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoB7C,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAOrC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}

package/dist/src/connectors/interactive-connector.js

@@ -0,0 +1,44 @@
+import { createInterface } from 'node:readline';
+import * as logger from '../util/logger.js';
+/**
+ * Interactive connector — the user manually relays questions to the agent
+ * and pastes back responses. Useful when the agent doesn't have an HTTP API.
+ */
+export class InteractiveConnector {
+    rl;
+    constructor() {
+        this.rl = createInterface({
+            input: process.stdin,
+            output: process.stderr, // use stderr so stdout stays clean for report output
+        });
+    }
+    async sendMessage(message) {
+        logger.heading('Question for the agent:');
+        console.error(`\n${message}\n`);
+        console.error('---');
+        return new Promise((resolve) => {
+            console.error('Paste the agent\'s response below (end with an empty line):');
+            const lines = [];
+            const lineHandler = (line) => {
+                if (line === '' && lines.length > 0) {
+                    this.rl.removeListener('line', lineHandler);
+                    resolve(lines.join('\n'));
+                }
+                else {
+                    lines.push(line);
+                }
+            };
+            this.rl.on('line', lineHandler);
+        });
+    }
+    async getMetadata() {
+        return {
+            provider: 'interactive',
+            description: 'Manual relay — user copies questions to the agent',
+        };
+    }
+    async close() {
+        this.rl.close();
+    }
+}
+//# sourceMappingURL=interactive-connector.js.map

package/dist/src/connectors/interactive-connector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive-connector.js","sourceRoot":"","sources":["../../../src/connectors/interactive-connector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAC;AAE5C;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IACvB,EAAE,CAAqC;IAE/C;QACE,IAAI,CAAC,EAAE,GAAG,eAAe,CAAC;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,qDAAqD;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAErB,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;YACrC,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;YAC7E,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,MAAM,WAAW,GAAG,CAAC,IAAY,EAAE,EAAE;gBACnC,IAAI,IAAI,KAAK,EAAE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;oBAC5C,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC,CAAC;YACF,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO;YACL,QAAQ,EAAE,aAAa;YACvB,WAAW,EAAE,mDAAmD;SACjE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;CACF"}

package/dist/src/connectors/types.d.ts

@@ -0,0 +1,15 @@
+export interface AgentMetadata {
+    name?: string;
+    model?: string;
+    provider?: string;
+    description?: string;
+}
+export interface AgentConnector {
+    /** Send a message to the target agent and get a response */
+    sendMessage(message: string): Promise<string>;
+    /** Get metadata about the target agent, if available */
+    getMetadata?(): Promise<AgentMetadata>;
+    /** Clean up connection resources */
+    close(): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/connectors/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/connectors/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,4DAA4D;IAC5D,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9C,wDAAwD;IACxD,WAAW,CAAC,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IAEvC,oCAAoC;IACpC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}

package/dist/src/connectors/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/connectors/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/connectors/types.ts"],"names":[],"mappings":""}

package/dist/src/index.d.ts

@@ -0,0 +1,12 @@
+import type { HeronConfig } from './config/schema.js';
+export interface RunOptions {
+    verbose?: boolean;
+    maxFollowUps?: number;
+    reportDir?: string;
+}
+/**
+ * Main entry point — runs the full interrogation pipeline:
+ * connect → interview → analyze → report
+ */
+export declare function run(config: HeronConfig, options?: RunOptions): Promise<string>;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAKtD,MAAM,WAAW,UAAU;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAsB,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,GAAE,UAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAwDxF"}

package/dist/src/index.js

@@ -0,0 +1,60 @@
+import { createConnector } from './connectors/index.js';
+import { createLLMClient } from './llm/client.js';
+import { runInterview } from './interview/interviewer.js';
+import { generateReport } from './report/generator.js';
+import * as logger from './util/logger.js';
+import { writeFileSync, mkdirSync } from 'node:fs';
+import { generateId } from './util/id.js';
+/**
+ * Main entry point — runs the full interrogation pipeline:
+ * connect → interview → analyze → report
+ */
+export async function run(config, options = {}) {
+    const { verbose = false, maxFollowUps = 3, reportDir = './reports' } = options;
+    // 1. Create LLM client for analysis
+    const llmClient = await createLLMClient(config.llm);
+    // 2. Connect to target agent
+    const connector = createConnector(config.target);
+    const targetLabel = config.target.url ?? config.target.type;
+    const scanId = generateId('scan');
+    logger.raw('');
+    logger.raw(`  \x1b[1mHeron Agent Interrogator\x1b[0m`);
+    logger.raw('');
+    logger.raw(`  Scan:    ${scanId}`);
+    logger.raw(`  Target:  ${targetLabel}`);
+    try {
+        // 3. Run interview
+        const session = await runInterview(connector, llmClient, {
+            maxFollowUps,
+            verbose,
+        });
+        // 4. Generate report
+        logger.raw('');
+        logger.raw(`  \x1b[33m⏳ Analyzing transcript...\x1b[0m`);
+        const { report, reportJson } = await generateReport(session, llmClient, {
+            target: targetLabel,
+            format: config.output.format,
+        });
+        const riskLevel = reportJson.overallRiskLevel;
+        const riskColor = riskLevel === 'high' || riskLevel === 'critical' ? '\x1b[31m'
+            : riskLevel === 'medium' ? '\x1b[33m'
+                : '\x1b[32m';
+        // 5. Save report to file
+        mkdirSync(reportDir, { recursive: true });
+        const savePath = config.output.path ?? `${reportDir}/${scanId}.md`;
+        writeFileSync(savePath, report, 'utf-8');
+        logger.raw('');
+        logger.raw(`  \x1b[1mAudit complete: ${scanId}\x1b[0m`);
+        logger.raw(`  Risk:         ${riskColor}${riskLevel.toUpperCase()}\x1b[0m`);
+        logger.raw(`  Data quality: ${reportJson.dataQuality?.score ?? 'N/A'}/100`);
+        logger.raw(`  Verdict:      ${reportJson.recommendation ?? 'APPROVE WITH CONDITIONS'}`);
+        logger.raw(`  Findings:     ${reportJson.risks.length}`);
+        logger.raw(`  Report:       ${savePath}`);
+        logger.raw('');
+        return report;
+    }
+    finally {
+        await connector.close();
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAQ1C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,MAAmB,EAAE,UAAsB,EAAE;IACrE,MAAM,EAAE,OAAO,GAAG,KAAK,EAAE,YAAY,GAAG,CAAC,EAAE,SAAS,GAAG,WAAW,EAAE,GAAG,OAAO,CAAC;IAE/E,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAEpD,6BAA6B;IAC7B,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;IAC5D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,MAAM,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACvD,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,MAAM,CAAC,GAAG,CAAC,cAAc,MAAM,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,CAAC,cAAc,WAAW,EAAE,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,SAAS,EAAE;YACvD,YAAY;YACZ,OAAO;SACR,CAAC,CAAC;QAEH,qBAAqB;QACrB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAEzD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE;YACtE,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,UAAU,CAAC,gBAAgB,CAAC;QAC9C,MAAM,SAAS,GAAG,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU;YAC7E,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU;gBACrC,CAAC,CAAC,UAAU,CAAC;QAEf,yBAAyB;QACzB,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,GAAG,SAAS,IAAI,MAAM,KAAK,CAAC;QACnE,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEzC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,CAAC,GAAG,CAAC,4BAA4B,MAAM,SAAS,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,CAAC,mBAAmB,SAAS,GAAG,SAAS,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,mBAAmB,UAAU,CAAC,WAAW,EAAE,KAAK,IAAI,KAAK,MAAM,CAAC,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,mBAAmB,UAAU,CAAC,cAAc,IAAI,yBAAyB,EAAE,CAAC,CAAC;QACxF,MAAM,CAAC,GAAG,CAAC,mBAAmB,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,GAAG,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEf,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;AACH,CAAC"}

package/dist/src/interview/interviewer.d.ts

@@ -0,0 +1,19 @@
+import type { AgentConnector } from '../connectors/types.js';
+import type { LLMClient } from '../llm/client.js';
+import type { QAPair } from '../report/types.js';
+export interface InterviewOptions {
+    maxFollowUps?: number;
+    verbose?: boolean;
+}
+export interface InterviewSession {
+    transcript: QAPair[];
+    startedAt: Date;
+    completedAt: Date;
+    questionsAsked: number;
+}
+/**
+ * Runs a structured interview with a target agent.
+ * Asks core questions, generates follow-ups, collects all answers.
+ */
+export declare function runInterview(connector: AgentConnector, llmClient: LLMClient, options?: InterviewOptions): Promise<InterviewSession>;
+//# sourceMappingURL=interviewer.d.ts.map

package/dist/src/interview/interviewer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interviewer.d.ts","sourceRoot":"","sources":["../../../src/interview/interviewer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAIjD,MAAM,WAAW,gBAAgB;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,EAAE,IAAI,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAChC,SAAS,EAAE,cAAc,EACzB,SAAS,EAAE,SAAS,EACpB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,gBAAgB,CAAC,CAyE3B"}

package/dist/src/interview/interviewer.js

@@ -0,0 +1,68 @@
+import { createProtocol } from './protocol.js';
+import * as logger from '../util/logger.js';
+/**
+ * Runs a structured interview with a target agent.
+ * Asks core questions, generates follow-ups, collects all answers.
+ */
+export async function runInterview(connector, llmClient, options = {}) {
+    const { maxFollowUps = 3 } = options;
+    const protocol = createProtocol(llmClient, maxFollowUps);
+    const startedAt = new Date();
+    const total = protocol.totalCoreQuestions;
+    let coreNum = 0;
+    logger.raw('');
+    // Ask all core questions with follow-ups between category changes
+    let prevCategory = null;
+    for (let i = 0; i < total; i++) {
+        const question = protocol.nextQuestion();
+        if (!question)
+            break;
+        // If category changed, try a follow-up on the previous category
+        if (prevCategory && question.category !== prevCategory) {
+            const followUp = await protocol.generateFollowUp(prevCategory);
+            if (followUp) {
+                // Show follow-up question
+                logger.raw('');
+                logger.raw(`  \x1b[36mFollow-up\x1b[0m \x1b[2m[${followUp.category}]\x1b[0m`);
+                logger.raw(`  \x1b[36mQ:\x1b[0m ${followUp.text}`);
+                const followUpAnswer = await connector.sendMessage(followUp.text);
+                protocol.recordAnswer(followUp, followUpAnswer);
+                logger.raw(`  \x1b[2mA:\x1b[0m ${followUpAnswer}`);
+            }
+        }
+        coreNum++;
+        // Show core question
+        logger.raw('');
+        logger.raw(`  \x1b[36mQ${coreNum}/${total}\x1b[0m \x1b[2m[${question.category}]\x1b[0m`);
+        logger.raw(`  \x1b[36mQ:\x1b[0m ${question.text}`);
+        const answer = await connector.sendMessage(question.text);
+        protocol.recordAnswer(question, answer);
+        logger.raw(`  \x1b[2mA:\x1b[0m ${answer}`);
+        prevCategory = question.category;
+    }
+    // Final follow-up on the last category
+    const transcript = protocol.getTranscript();
+    if (transcript.length > 0) {
+        const lastCategory = transcript[transcript.length - 1].category;
+        const finalFollowUp = await protocol.generateFollowUp(lastCategory);
+        if (finalFollowUp) {
+            logger.raw('');
+            logger.raw(`  \x1b[36mFollow-up\x1b[0m \x1b[2m[${finalFollowUp.category}]\x1b[0m`);
+            logger.raw(`  \x1b[36mQ:\x1b[0m ${finalFollowUp.text}`);
+            const answer = await connector.sendMessage(finalFollowUp.text);
+            protocol.recordAnswer(finalFollowUp, answer);
+            logger.raw(`  \x1b[2mA:\x1b[0m ${answer}`);
+        }
+    }
+    const completedAt = new Date();
+    const finalTranscript = protocol.getTranscript();
+    logger.raw('');
+    logger.success(`Interview complete — ${finalTranscript.length} questions asked`);
+    return {
+        transcript: finalTranscript,
+        startedAt,
+        completedAt,
+        questionsAsked: finalTranscript.length,
+    };
+}
+//# sourceMappingURL=interviewer.js.map

package/dist/src/interview/interviewer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interviewer.js","sourceRoot":"","sources":["../../../src/interview/interviewer.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAC;AAc5C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAAyB,EACzB,SAAoB,EACpB,UAA4B,EAAE;IAE9B,MAAM,EAAE,YAAY,GAAG,CAAC,EAAE,GAAG,OAAO,CAAC;IACrC,MAAM,QAAQ,GAAG,cAAc,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,QAAQ,CAAC,kBAAkB,CAAC;IAC1C,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEf,kEAAkE;IAClE,IAAI,YAAY,GAA8B,IAAI,CAAC;IAEnD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC;QACzC,IAAI,CAAC,QAAQ;YAAE,MAAM;QAErB,gEAAgE;QAChE,IAAI,YAAY,IAAI,QAAQ,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;YAC/D,IAAI,QAAQ,EAAE,CAAC;gBACb,0BAA0B;gBAC1B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACf,MAAM,CAAC,GAAG,CAAC,sCAAsC,QAAQ,CAAC,QAAQ,UAAU,CAAC,CAAC;gBAC9E,MAAM,CAAC,GAAG,CAAC,uBAAuB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBAEnD,MAAM,cAAc,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAClE,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;gBAChD,MAAM,CAAC,GAAG,CAAC,sBAAsB,cAAc,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC;QAEV,qBAAqB;QACrB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,CAAC,GAAG,CAAC,cAAc,OAAO,IAAI,KAAK,mBAAmB,QAAQ,CAAC,QAAQ,UAAU,CAAC,CAAC;QACzF,MAAM,CAAC,GAAG,CAAC,uBAAuB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAEnD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1D,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,CAAC,sBAAsB,MAAM,EAAE,CAAC,CAAC;QAE3C,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;IACnC,CAAC;IAED,uCAAuC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,EAAE,CAAC;IAC5C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;QAChE,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QACpE,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACf,MAAM,CAAC,GAAG,CAAC,sCAAsC,aAAa,CAAC,QAAQ,UAAU,CAAC,CAAC;YACnF,MAAM,CAAC,GAAG,CAAC,uBAAuB,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAC/D,QAAQ,CAAC,YAAY,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,CAAC,sBAAsB,MAAM,EAAE,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,eAAe,GAAG,QAAQ,CAAC,aAAa,EAAE,CAAC;IAEjD,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,MAAM,CAAC,OAAO,CAAC,wBAAwB,eAAe,CAAC,MAAM,kBAAkB,CAAC,CAAC;IAEjF,OAAO;QACL,UAAU,EAAE,eAAe;QAC3B,SAAS;QACT,WAAW;QACX,cAAc,EAAE,eAAe,CAAC,MAAM;KACvC,CAAC;AACJ,CAAC"}

package/dist/src/interview/protocol.d.ts

@@ -0,0 +1,38 @@
+import type { QAPair } from '../report/types.js';
+import type { LLMClient } from '../llm/client.js';
+import { type InterviewQuestion } from './questions.js';
+export interface InterviewProtocol {
+    /** Get the next question to ask, or null if interview is complete */
+    nextQuestion(): InterviewQuestion | null;
+    /** Record an answer. Returns false if answer was skipped (greeting/repeat). */
+    recordAnswer(question: InterviewQuestion, answer: string): boolean;
+    /** Generate a follow-up question based on context and missing compliance fields */
+    generateFollowUp(category: QAPair['category']): Promise<InterviewQuestion | null>;
+    /** Get the full transcript so far */
+    getTranscript(): QAPair[];
+    /** Check if the interview is complete */
+    isComplete(): boolean;
+    /** Total number of core questions (excluding follow-ups) */
+    totalCoreQuestions: number;
+}
+/** Detect if an answer is just a greeting with no substantive content */
+export declare function isGreeting(answer: string): boolean;
+/**
+ * Detect if an answer is clearly responding to a different question (stale session).
+ * Returns true if the answer strongly matches a DIFFERENT question's topic
+ * but has no relevance to the current question.
+ *
+ * Conservative: only triggers on long answers (300+ chars) that match 2+ signals
+ * from a different topic AND zero signals from the current topic. Skips Q1 entirely
+ * since first answers are too varied to classify reliably.
+ */
+export declare function isStaleAnswer(question: InterviewQuestion, answer: string): boolean;
+/** Detect if an answer is too vague for compliance-grade reporting */
+export declare function isVagueAnswer(answer: string): boolean;
+export declare function createProtocol(llmClient: LLMClient, maxFollowUps?: number): InterviewProtocol;
+/**
+ * Enqueue a follow-up question to be asked next.
+ * Used by SessionManager to avoid monkey-patching protocol.nextQuestion.
+ */
+export declare function enqueueFollowUp(protocol: InterviewProtocol, followUp: InterviewQuestion): void;
+//# sourceMappingURL=protocol.d.ts.map

package/dist/src/interview/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/interview/protocol.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAyB,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAG/E,MAAM,WAAW,iBAAiB;IAChC,qEAAqE;IACrE,YAAY,IAAI,iBAAiB,GAAG,IAAI,CAAC;IAEzC,+EAA+E;IAC/E,YAAY,CAAC,QAAQ,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAEnE,mFAAmF;IACnF,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAElF,qCAAqC;IACrC,aAAa,IAAI,MAAM,EAAE,CAAC;IAE1B,yCAAyC;IACzC,UAAU,IAAI,OAAO,CAAC;IAEtB,4DAA4D;IAC5D,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAiBD,yEAAyE;AACzE,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAKlD;AAsCD;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAuBlF;AA8BD,sEAAsE;AACtE,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAErD;AAgED,wBAAgB,cAAc,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,SAAI,GAAG,iBAAiB,CA2HxF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,EAAE,iBAAiB,GAAG,IAAI,CAO9F"}

package/dist/src/interview/protocol.js

@@ -0,0 +1,290 @@
+import { getAllQuestionsSorted } from './questions.js';
+import { INTERVIEW_SYSTEM_PROMPT, buildFollowUpPrompt } from '../llm/prompts.js';
+// ─── Greeting detection ──────────────────────────────────────────────────────
+const GREETING_PATTERNS = [
+    /^hi\b/i,
+    /^hello\b/i,
+    /^hey\b/i,
+    /ready to answer/i,
+    /ready for questions/i,
+    /^i am ready/i,
+    /^i'm ready/i,
+    /let'?s begin/i,
+    /let'?s start/i,
+    /^greetings/i,
+];
+/** Detect if an answer is just a greeting with no substantive content */
+export function isGreeting(answer) {
+    const trimmed = answer.trim();
+    // Short answers that match greeting patterns
+    if (trimmed.length > 200)
+        return false; // Long answers aren't greetings
+    return GREETING_PATTERNS.some(p => p.test(trimmed));
+}
+// ─── Stale / off-topic answer detection ─────────────────────────────────────
+/** Topic keywords per compliance field — used to detect answers to the wrong question */
+const TOPIC_SIGNALS = {
+    agentProfile: [
+        /\bproject.?name\b/i, /\bowner\b/i, /\btrigger/i, /\bwhat I (do|specifically)\b/i,
+    ],
+    systemId: [
+        /\b(→|->)\s*(REST|API|OAuth|SDK|Bot)\b/i, /\bconnect to\b/i, /\bsystems?\s+I\b/i,
+    ],
+    scopesRequested: [
+        /\boauth\s*scop/i, /\bgoogleapis\.com\/auth\//i, /\b(readonly|readwrite|\.edit|\.send|\.admin)\b/i,
+    ],
+    dataSensitivity: [
+        /\b(PII|financial|credentials|confidential|non.?sensitive)\b/i, /\bclassif(y|ied)\b/i,
+    ],
+    writeOperations: [
+        /\b(→|->)\s*(Yes|No)\s*(→|->)/i, /\b(append|insert|create|delete)\s*(row|record|spreadsheet|message)/i,
+        /\bvolume\/day\b/i,
+    ],
+    blastRadius: [
+        /\b(worst.?case|single.?record|single.?user|cross.?tenant|org.?wide)\b/i,
+        /\bcan it be (undone|recovered)\b/i,
+    ],
+    frequencyAndVolume: [
+        /\b(times?\s+per|runs?\s+per|calls?\s+per|\/week|\/day)\b/i, /\bbatch\s+size\b/i,
+    ],
+    scopesDelta: [
+        /\bnever\s+(actually\s+)?used\b/i, /\bsafely\s+(be\s+)?revoked\b/i, /\bunused\s+permission/i,
+    ],
+    riskAssessment: [
+        /\bworst\s+realistic\s+failure\b/i, /\bwho\s+is\s+affected\b/i, /\bhow\s+bad\s+is\s+the\s+damage\b/i,
+        /\bcan\s+it\s+be\s+recovered\b/i,
+    ],
+};
+/**
+ * Detect if an answer is clearly responding to a different question (stale session).
+ * Returns true if the answer strongly matches a DIFFERENT question's topic
+ * but has no relevance to the current question.
+ *
+ * Conservative: only triggers on long answers (300+ chars) that match 2+ signals
+ * from a different topic AND zero signals from the current topic. Skips Q1 entirely
+ * since first answers are too varied to classify reliably.
+ */
+export function isStaleAnswer(question, answer) {
+    if (answer.length < 300)
+        return false; // Only check long, detailed answers
+    const currentField = question.complianceField;
+    if (!currentField)
+        return false;
+    // Never flag Q1 (agentProfile) — first answers are too varied
+    if (currentField === 'agentProfile')
+        return false;
+    const currentSignals = TOPIC_SIGNALS[currentField] ?? [];
+    const matchesCurrent = currentSignals.some(p => p.test(answer));
+    // If the answer matches the current question's topic at all, it's not stale
+    if (matchesCurrent)
+        return false;
+    // Check if it strongly matches a different question's topic (need 3+ signals)
+    let strongOtherMatch = false;
+    for (const [field, signals] of Object.entries(TOPIC_SIGNALS)) {
+        if (field === currentField)
+            continue;
+        const matches = signals.filter(p => p.test(answer)).length;
+        if (matches >= 3) {
+            strongOtherMatch = true;
+            break;
+        }
+    }
+    return strongOtherMatch;
+}
+// ─── Vagueness detection ─────────────────────────────────────────────────────
+/** Vagueness indicators — if an answer matches these patterns, it needs a follow-up */
+const VAGUE_PATTERNS = [
+    /\b(the database|a database|some database)\b/i,
+    /\b(read and write|read\/write|full access)\b/i,
+    /\b(user data|some data|the data)\b/i,
+    /\b(regularly|periodically|sometimes|occasionally|as needed|when needed)\b/i,
+    /\b(could affect|might affect|may affect)\b/i,
+    /\b(various|several|multiple|many|some)\s+(systems?|apis?|services?|databases?)/i,
+    /\b(everything|all access|full permissions?)\b/i,
+    /\bi[' ']?m not sure\b/i,
+    /\bnot sure\b/i,
+    /\bi don[' ']?t know\b/i,
+    // Hedging language — agent describes theoretical capabilities, not actual behavior
+    /\bi may (also )?(read|write|access|connect|use|modify|create|delete)\b/i,
+    /\bwhen enabled\b/i,
+    /\bif the task (requires|involves|needs)\b/i,
+    /\bwhen (available|needed|required|the workflow)\b/i,
+    /\b(can include|could include|may include)\b/i,
+    /\baccess is (environment|session|task).dependent\b/i,
+    /\bdepending on (the )?task\b/i,
+    /\bconnectors? (are |is )?enabled\b/i,
+    // Generic tool descriptions instead of specific project usage
+    /\b(local workspace|active workspace|working directory)\b/i,
+    /\bconnected (development )?tools\b/i,
+];
+/** Detect if an answer is too vague for compliance-grade reporting */
+export function isVagueAnswer(answer) {
+    return VAGUE_PATTERNS.some(p => p.test(answer));
+}
+// ─── Repeated answer detection ───────────────────────────────────────────────
+/** Normalize answer text for comparison (trim, lowercase, collapse whitespace) */
+function normalizeForComparison(text) {
+    return text.trim().toLowerCase().replace(/\s+/g, ' ');
+}
+/** Check if an answer is a repeat of a previous answer */
+function isRepeatedAnswer(answer, transcript) {
+    if (transcript.length === 0)
+        return false;
+    const normalized = normalizeForComparison(answer);
+    // Check for exact or near-exact repeats
+    return transcript.some(qa => {
+        const prevNormalized = normalizeForComparison(qa.answer);
+        // Exact match or >90% overlap (handles minor variations)
+        return normalized === prevNormalized ||
+            (normalized.length > 50 && prevNormalized.includes(normalized.slice(0, normalized.length * 0.9 | 0)));
+    });
+}
+// ─── Missing compliance fields ───────────────────────────────────────────────
+/** Check which compliance fields are missing from the transcript for a given category */
+function findMissingFields(transcript) {
+    const allText = transcript.map(qa => qa.answer.toLowerCase()).join(' ');
+    const missing = [];
+    // Check for specific system identifiers
+    if (!/\b(api|oauth|sdk|via|using)\b/i.test(allText)) {
+        missing.push('systemId (specific API names, auth methods)');
+    }
+    // Check for specific scopes
+    if (!/\b(scope|permission|role|\.readonly|\.send|\.modify|\.admin)\b/i.test(allText)) {
+        missing.push('scopesRequested (specific OAuth scopes, API permissions)');
+    }
+    // Check for data sensitivity classification
+    if (!/\b(pii|sensitive|confidential|financial|personal|classified)\b/i.test(allText)) {
+        missing.push('dataSensitivity (PII, financial, confidential classification)');
+    }
+    // Check for blast radius
+    if (!/\b(single.?record|single.?user|team|org.?wide|cross.?tenant|mailbox|affected)\b/i.test(allText)) {
+        missing.push('blastRadius (scope of impact: single-record/user/team/org-wide)');
+    }
+    // Check for frequency numbers
+    if (!/\b(\d+\s*(times?|per|\/)\s*(day|hour|minute|week|session)|batch)\b/i.test(allText)) {
+        missing.push('frequencyAndVolume (specific numbers: times/day, batch size)');
+    }
+    // Check for write reversibility
+    if (!/\b(revers|rollback|undo|irrevers|cannot be undone|can be restored)\b/i.test(allText)) {
+        missing.push('writeOperations.reversible (whether writes can be rolled back)');
+    }
+    return missing;
+}
+// ─── Protocol factory ────────────────────────────────────────────────────────
+export function createProtocol(llmClient, maxFollowUps = 6) {
+    const coreQuestions = getAllQuestionsSorted();
+    let currentIndex = 0;
+    const transcript = [];
+    let globalFollowUpCount = 0;
+    const followUpCountPerQuestion = new Map();
+    let repeatedAnswerCount = 0;
+    // Follow-up queue
+    const followUpQueue = [];
+    return {
+        totalCoreQuestions: coreQuestions.length,
+        nextQuestion() {
+            // Drain follow-up queue first
+            if (followUpQueue.length > 0) {
+                return followUpQueue.shift();
+            }
+            if (currentIndex >= coreQuestions.length) {
+                return null;
+            }
+            return coreQuestions[currentIndex++];
+        },
+        recordAnswer(question, answer) {
+            // Skip greetings — don't record them as answers
+            if (transcript.length === 0 && isGreeting(answer)) {
+                // Don't rewind currentIndex — SessionManager will re-ask pendingQuestion directly
+                return false;
+            }
+            // Detect stale answers from a lost/different session
+            if (isStaleAnswer(question, answer)) {
+                // Don't rewind — SessionManager will re-ask pendingQuestion directly
+                return false;
+            }
+            // Detect repeated/canned answers
+            if (isRepeatedAnswer(answer, transcript)) {
+                repeatedAnswerCount++;
+                // Still record it (for transparency in transcript) but mark the category
+                transcript.push({
+                    question: question.text,
+                    answer: `[REPEATED RESPONSE] ${answer}`,
+                    category: question.category,
+                });
+                // After 3+ repeats, stop generating follow-ups — agent is stuck
+                return true;
+            }
+            transcript.push({
+                question: question.text,
+                answer,
+                category: question.category,
+            });
+            return true;
+        },
+        async generateFollowUp(category) {
+            // Global cap
+            if (globalFollowUpCount >= maxFollowUps)
+                return null;
+            // Per-question cap (2 follow-ups per core question)
+            const lastCoreQ = coreQuestions.find(q => q.category === category && transcript.some(t => t.question === q.text));
+            if (lastCoreQ) {
+                const count = followUpCountPerQuestion.get(lastCoreQ.id) ?? 0;
+                if (count >= 2)
+                    return null;
+            }
+            // Don't follow up if agent is repeating canned responses
+            if (repeatedAnswerCount >= 3)
+                return null;
+            const categoryQA = transcript.filter(qa => qa.category === category);
+            if (categoryQA.length === 0)
+                return null;
+            // Check if the last answer was vague
+            const lastAnswer = categoryQA[categoryQA.length - 1].answer;
+            const vague = isVagueAnswer(lastAnswer);
+            // Find missing compliance fields across all transcript
+            const missingFields = findMissingFields(transcript);
+            // Only generate follow-up if answer was vague or compliance fields are missing
+            if (!vague && missingFields.length === 0)
+                return null;
+            try {
+                const followUpText = await llmClient.chat(INTERVIEW_SYSTEM_PROMPT, buildFollowUpPrompt(category, categoryQA, missingFields.length > 0 ? missingFields : undefined));
+                if (!followUpText.trim())
+                    return null;
+                globalFollowUpCount++;
+                if (lastCoreQ) {
+                    followUpCountPerQuestion.set(lastCoreQ.id, (followUpCountPerQuestion.get(lastCoreQ.id) ?? 0) + 1);
+                }
+                const followUp = {
+                    id: `followup_${category}_${globalFollowUpCount}`,
+                    category,
+                    text: followUpText.trim(),
+                    priority: 100 + globalFollowUpCount,
+                };
+                return followUp;
+            }
+            catch {
+                return null;
+            }
+        },
+        getTranscript() {
+            return [...transcript];
+        },
+        isComplete() {
+            return currentIndex >= coreQuestions.length && followUpQueue.length === 0;
+        },
+    };
+}
+/**
+ * Enqueue a follow-up question to be asked next.
+ * Used by SessionManager to avoid monkey-patching protocol.nextQuestion.
+ */
+export function enqueueFollowUp(protocol, followUp) {
+    // The follow-up queue is internal to createProtocol, so we need another approach.
+    // Instead, we expose a method to push into the queue via the protocol's nextQuestion behavior.
+    // Actually, the clean way is to just have SessionManager track its own queue — see sessions.ts.
+    // This function exists for the scan/CLI path where the interviewer handles follow-ups inline.
+    void protocol;
+    void followUp;
+}
+//# sourceMappingURL=protocol.js.map