k8s-av 1.0.0 → 1.0.2

package/dist/cli/docker.d.ts

@@ -1,9 +1,3 @@
-/**
- * docker.ts — Docker detection and Neo4j container lifecycle helpers.
- *
- * Used by the `start` and `ingest` CLI commands before they touch Neo4j.
- * The `scan` command is Docker-free and never calls this module.
- */
 declare const NEO4J_BOLT_PORT = 7687;
 declare const NEO4J_HTTP_PORT = 7474;
 export declare function checkDockerInstalled(): Promise<boolean>;
@@ -14,16 +8,6 @@ export declare function waitForNeo4j(timeoutMs?: number, pollMs?: number): Promi
 export interface PreflightResult {
     ok: boolean;
 }
-/**
- * Run the full Docker preflight:
- *   1. Docker installed?
- *   2. Docker daemon running?
- *   3. Neo4j container up? (start it if not)
- *   4. Neo4j accepting connections?
- *
- * Prints clear, actionable messages for every failure case.
- * Never throws — returns { ok: false } so the caller can exit cleanly.
- */
 export declare function runPreflight(): Promise<PreflightResult>;
 export { NEO4J_BOLT_PORT, NEO4J_HTTP_PORT };
 //# sourceMappingURL=docker.d.ts.map

package/dist/cli/docker.js

@@ -1,10 +1,4 @@
 "use strict";
-/**
- * docker.ts — Docker detection and Neo4j container lifecycle helpers.
- *
- * Used by the `start` and `ingest` CLI commands before they touch Neo4j.
- * The `scan` command is Docker-free and never calls this module.
- */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -50,22 +44,17 @@ const child_process_1 = require("child_process");
 const path = __importStar(require("path"));
 const util = __importStar(require("util"));
 const exec = util.promisify(child_process_1.exec);
-// ─── Constants ───────────────────────────────────────────────────────────────
 const CONTAINER_NAME = 'k8s-attack-neo4j';
 const COMPOSE_DIR = path.resolve(__dirname, '..', '..', 'docker');
 const NEO4J_BOLT_PORT = 7687;
 exports.NEO4J_BOLT_PORT = NEO4J_BOLT_PORT;
 const NEO4J_HTTP_PORT = 7474;
 exports.NEO4J_HTTP_PORT = NEO4J_HTTP_PORT;
-// ─── Logging helpers ─────────────────────────────────────────────────────────
 const ok = (msg) => console.log(`  ✔  ${msg}`);
 const warn = (msg) => console.log(`  ⚠  ${msg}`);
 const fail = (msg) => console.error(`  ✖  ${msg}`);
 const info = (msg) => console.log(`     ${msg}`);
 const line = () => console.log('  ' + '─'.repeat(58));
-// ─────────────────────────────────────────────────────────────────────────────
-// PART 1 — Is Docker installed?
-// ─────────────────────────────────────────────────────────────────────────────
 async function checkDockerInstalled() {
     try {
         const { stdout } = await exec('docker --version');
@@ -77,12 +66,9 @@ async function checkDockerInstalled() {
         return false;
     }
 }
-// ─────────────────────────────────────────────────────────────────────────────
-// PART 2 — Is the Docker daemon running?
-// ─────────────────────────────────────────────────────────────────────────────
 async function checkDockerRunning() {
     try {
-        await exec('docker ps');
+        await exec('docker ps', { timeout: 8000 });
         ok('Docker daemon is running');
         return true;
     }
@@ -90,9 +76,6 @@ async function checkDockerRunning() {
         return false;
     }
 }
-// ─────────────────────────────────────────────────────────────────────────────
-// PART 3 — Is the Neo4j container already up?
-// ─────────────────────────────────────────────────────────────────────────────
 async function isNeo4jContainerRunning() {
     try {
         const { stdout } = await exec(`docker inspect --format "{{.State.Running}}" ${CONTAINER_NAME}`);
@@ -102,9 +85,6 @@ async function isNeo4jContainerRunning() {
         return false;
     }
 }
-// ─────────────────────────────────────────────────────────────────────────────
-// PART 4 — Start Neo4j via docker-compose
-// ─────────────────────────────────────────────────────────────────────────────
 async function startNeo4j() {
     return new Promise((resolve, reject) => {
         const child = (0, child_process_1.spawn)('docker', ['compose', 'up', '-d', '--remove-orphans'], { cwd: COMPOSE_DIR, stdio: 'pipe', shell: process.platform === 'win32' });
@@ -121,18 +101,14 @@ async function startNeo4j() {
         child.once('error', reject);
     });
 }
-// ─────────────────────────────────────────────────────────────────────────────
-// PART 5 — Poll until Neo4j Bolt port is accepting connections
-// ─────────────────────────────────────────────────────────────────────────────
 async function waitForNeo4j(timeoutMs = 120000, pollMs = 3000) {
     const deadline = Date.now() + timeoutMs;
     let attempt = 0;
     while (Date.now() < deadline) {
         attempt++;
         try {
-            // Use `docker exec` to run a lightweight cypher-shell ping
             await exec(`docker exec ${CONTAINER_NAME} cypher-shell -u neo4j -p password "RETURN 1" --format plain`);
-            return; // success
+            return;
         }
         catch {
             const remaining = Math.ceil((deadline - Date.now()) / 1000);
@@ -144,21 +120,10 @@ async function waitForNeo4j(timeoutMs = 120000, pollMs = 3000) {
     throw new Error(`Neo4j did not become ready within ${timeoutMs / 1000}s.\n` +
         `  Check container logs: docker logs ${CONTAINER_NAME}`);
 }
-/**
- * Run the full Docker preflight:
- *   1. Docker installed?
- *   2. Docker daemon running?
- *   3. Neo4j container up? (start it if not)
- *   4. Neo4j accepting connections?
- *
- * Prints clear, actionable messages for every failure case.
- * Never throws — returns { ok: false } so the caller can exit cleanly.
- */
 async function runPreflight() {
     console.log('\n' + '─'.repeat(62));
     console.log('  Docker & Neo4j Preflight');
     console.log('─'.repeat(62));
-    // ── 1. Docker installed ───────────────────────────────────────────────────
     const installed = await checkDockerInstalled();
     if (!installed) {
         fail('Docker is not installed.\n');
@@ -175,7 +140,6 @@ async function runPreflight() {
         line();
         return { ok: false };
     }
-    // ── 2. Docker daemon running ──────────────────────────────────────────────
     const running = await checkDockerRunning();
     if (!running) {
         warn('Docker is installed but the daemon is not running.\n');
@@ -189,7 +153,6 @@ async function runPreflight() {
         line();
         return { ok: false };
     }
-    // ── 3. Neo4j container ───────────────────────────────────────────────────
     const neo4jUp = await isNeo4jContainerRunning();
     if (neo4jUp) {
         ok(`Neo4j container running  (${CONTAINER_NAME})`);
@@ -214,11 +177,10 @@ async function runPreflight() {
             return { ok: false };
         }
     }
-    // ── 4. Wait for Neo4j to be ready ────────────────────────────────────────
     info(`Neo4j ports: Bolt :${NEO4J_BOLT_PORT}  Browser :${NEO4J_HTTP_PORT}`);
     try {
         await waitForNeo4j(120000);
-        process.stdout.write('\n'); // clear the spinner line
+        process.stdout.write('\n');
         ok('Neo4j is ready');
     }
     catch (err) {
@@ -234,7 +196,6 @@ async function runPreflight() {
     line();
     return { ok: true };
 }
-// ─── Utility ─────────────────────────────────────────────────────────────────
 function sleep(ms) {
     return new Promise((r) => setTimeout(r, ms));
 }

package/dist/cli/index.d.ts

@@ -1,16 +1,2 @@
-#!/usr/bin/env node
-/**
- * Kubernetes Attack Path Visualizer — CLI Entry Point
- *
- * Commands:
- *   scan    — fetch + transform + enrich → write cluster-graph.json  (no Neo4j)
- *   ingest  — full pipeline: scan → load Neo4j → re-project GDS
- *   report  — generate + print attack report from Neo4j
- *
- * Usage:
- *   npx ts-node src/cli/index.ts scan   --mock
- *   npx ts-node src/cli/index.ts ingest --source mock
- *   npx ts-node src/cli/index.ts report --format text
- */
 import 'dotenv/config';
 //# sourceMappingURL=index.d.ts.map

package/dist/cli/index.js

@@ -1,18 +1,5 @@
 #!/usr/bin/env node
 "use strict";
-/**
- * Kubernetes Attack Path Visualizer — CLI Entry Point
- *
- * Commands:
- *   scan    — fetch + transform + enrich → write cluster-graph.json  (no Neo4j)
- *   ingest  — full pipeline: scan → load Neo4j → re-project GDS
- *   report  — generate + print attack report from Neo4j
- *
- * Usage:
- *   npx ts-node src/cli/index.ts scan   --mock
- *   npx ts-node src/cli/index.ts ingest --source mock
- *   npx ts-node src/cli/index.ts report --format text
- */
 Object.defineProperty(exports, "__esModule", { value: true });
 require("dotenv/config");
 const commander_1 = require("commander");
@@ -32,9 +19,6 @@ program
     'Ingests cluster data, builds an RBAC graph, enriches with CVEs,\n' +
     'detects attack paths from entry points to crown jewels.')
     .version('1.0.0', '-v, --version');
-// ─────────────────────────────────────────────────────────────────────────────
-// scan — local pipeline only (no Neo4j)
-// ─────────────────────────────────────────────────────────────────────────────
 program
     .command('scan')
     .description('Scan a Kubernetes cluster and output an attack-path graph (no Neo4j)')
@@ -52,10 +36,6 @@ program
         process.exit(1);
     }
 });
-// ─────────────────────────────────────────────────────────────────────────────
-// ingest — full pipeline: scan → Neo4j → GDS
-// Reuses same services as POST /api/ingest
-// ─────────────────────────────────────────────────────────────────────────────
 program
     .command('ingest')
     .description('Full ingestion: fetch cluster data → load Neo4j → re-project GDS')
@@ -68,22 +48,17 @@ program
         console.log('\n' + '═'.repeat(60));
         console.log('  🔷 K8s Attack Path Visualizer — Ingest');
         console.log('═'.repeat(60));
-        // ── Docker + Neo4j preflight ──────────────────────────────────────────
         const preflight = await (0, docker_1.runPreflight)();
         if (!preflight.ok)
             process.exit(1);
-        // Verify Neo4j driver connection
         console.log('\n  Connecting to Neo4j...');
         await (0, neo4j_client_1.verifyConnection)();
-        // ── Step 1: ingestCluster (Teammate 1) ───────────────────────────────
         console.log('\n  [1/3] Ingesting cluster data...');
         const ingestResult = await (0, ingestion_service_1.ingestCluster)({ source, skipCve: opts.skipCve });
         console.log(`  ✔ Graph JSON written: ${ingestResult.nodes} nodes, ${ingestResult.edges} edges`);
-        // ── Step 2: loadGraph (Teammate 2) ───────────────────────────────────
         console.log('\n  [2/3] Loading graph into Neo4j...');
         const stats = await (0, loader_1.loadGraph)(ingestResult.graphPath, opts.wipe);
         console.log(`  ✔ Neo4j: ${stats.nodesLoaded} nodes, ${stats.edgesLoaded} edges (${stats.durationMs}ms)`);
-        // ── Step 3: Re-project GDS ────────────────────────────────────────────
         console.log('\n  [3/3] Projecting GDS graph...');
         await (0, queries_1.ensureProjection)(true);
         console.log('  ✔ GDS projection ready');
@@ -96,10 +71,6 @@ program
         process.exit(1);
     }
 });
-// ─────────────────────────────────────────────────────────────────────────────
-// report — generate + print attack report
-// Reuses same generator + formatter as GET /api/report
-// ─────────────────────────────────────────────────────────────────────────────
 program
     .command('report')
     .description('Generate a full attack-path report from Neo4j data')
@@ -111,7 +82,6 @@ program
         await (0, neo4j_client_1.verifyConnection)();
         console.log('  Generating report...\n');
         const data = await (0, generator_1.generateReport)();
-        // Same formatter used by the API — no duplication
         const output = (0, formatter_1.formatReport)(data, format);
         console.log(output);
         process.exit(0);
@@ -121,9 +91,6 @@ program
         process.exit(1);
     }
 });
-// ─────────────────────────────────────────────────────────────────────────────
-// start — full system orchestrator: backend + ingest + UI + browser
-// ─────────────────────────────────────────────────────────────────────────────
 program
     .command('start')
     .description('Start backend, load mock data, open the UI in your browser')
@@ -141,9 +108,6 @@ program
         process.exit(1);
     }
 });
-// ─────────────────────────────────────────────────────────────────────────────
-// Fallback
-// ─────────────────────────────────────────────────────────────────────────────
 program.on('command:*', () => {
     console.error(`Unknown command: ${program.args.join(' ')}`);
     program.help();

package/dist/cli/scan.d.ts

@@ -1,16 +1,8 @@
 export interface ScanOptions {
-    /** Load data from mock JSON instead of running kubectl */
     mock: boolean;
-    /** Destination file path for the cluster-graph.json output */
     output: string;
-    /** Skip CVE enrichment (faster runs, no network required) */
     skipCve?: boolean;
-    /** Print verbose attack-path report including alternate routes */
     verbose?: boolean;
 }
-/**
- * Orchestrates the full ingestion → transformation → enrichment →
- * validation → output pipeline.
- */
 export declare function runScan(options: ScanOptions): Promise<void>;
 //# sourceMappingURL=scan.d.ts.map

package/dist/cli/scan.js

@@ -41,28 +41,17 @@ const transformer_1 = require("../core/transformer");
 const cve_enricher_1 = require("../core/cve-enricher");
 const schema_1 = require("../core/schema");
 const attack_path_1 = require("../core/attack-path");
-// ─────────────────────────────────────────────────────────────────────────────
-// LOGGING HELPERS
-// ─────────────────────────────────────────────────────────────────────────────
 function step(label) {
     console.log(`\n✔ ${label}`);
 }
 function divider() {
     console.log('  ' + '─'.repeat(60));
 }
-// ─────────────────────────────────────────────────────────────────────────────
-// MAIN SCAN PIPELINE
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Orchestrates the full ingestion → transformation → enrichment →
- * validation → output pipeline.
- */
 async function runScan(options) {
     console.log('\n' + '═'.repeat(62));
     console.log('  🔐 Kubernetes Attack Path Visualizer');
     console.log('     RBAC Graph Ingestion & CVE Enrichment Pipeline');
     console.log('═'.repeat(62));
-    // ── Step 1: Fetch ──────────────────────────────────────────────────────────
     step('Fetching cluster data...');
     const rawData = await (0, fetcher_1.fetchClusterData)(options.mock);
     const podCount = (rawData.pods?.items ?? []).length;
@@ -73,14 +62,12 @@ async function runScan(options) {
         (rawData.clusterRoleBindings?.items ?? []).length;
     console.log(`  → Pods: ${podCount}  |  ServiceAccounts: ${saCount}  |  ` +
         `Roles: ${roleCount}  |  Bindings: ${bindingCount}`);
-    // ── Step 2: Transform ─────────────────────────────────────────────────────
     step('Transforming RBAC graph...');
     let graph = (0, transformer_1.transformToGraph)(rawData);
     console.log(`  → Built ${graph.nodes.length} nodes and ${graph.edges.length} edges`);
     const entryPts = graph.nodes.filter((n) => n.isEntryPoint).length;
     const crownJs = graph.nodes.filter((n) => n.isCrownJewel).length;
     console.log(`  → Entry points: ${entryPts}  |  Crown jewels: ${crownJs}`);
-    // ── Step 3: CVE Enrichment ────────────────────────────────────────────────
     if (options.skipCve) {
         console.log('\n✔ CVE enrichment skipped (--skip-cve)');
     }
@@ -90,7 +77,6 @@ async function runScan(options) {
         const enriched = graph.nodes.filter((n) => (n.cve?.length ?? 0) > 0).length;
         console.log(`  → ${enriched} pod(s) enriched with CVE data`);
     }
-    // ── Step 4: Attack Path Detection ─────────────────────────────────────────
     step('Detecting attack paths...');
     let attackPaths;
     if (options.verbose) {
@@ -112,7 +98,6 @@ async function runScan(options) {
         }
     }
     graph = { ...graph, attackPaths };
-    // ── Step 5: Validation ────────────────────────────────────────────────────
     step('Validating schema...');
     const finalGraph = {
         ...graph,
@@ -127,7 +112,6 @@ async function runScan(options) {
         },
     };
     const validated = (0, schema_1.validateGraph)(finalGraph);
-    // ── Step 6: Persist ───────────────────────────────────────────────────────
     step('Saving graph...');
     const outputPath = path.resolve(options.output);
     const outputDir = path.dirname(outputPath);
@@ -136,7 +120,6 @@ async function runScan(options) {
     }
     fs.writeFileSync(outputPath, JSON.stringify(validated, null, 2), 'utf8');
     console.log(`  → Saved to: ${outputPath}`);
-    // ── Final Summary ─────────────────────────────────────────────────────────
     divider();
     console.log('\n  📊 Final Summary\n');
     console.log(`     Nodes            : ${validated.nodes.length}`);

package/dist/cli/start.d.ts

@@ -1,17 +1,3 @@
-/**
- * start.ts — CLI orchestrator
- *
- * Sequence:
- *   0. Docker + Neo4j preflight  (skipped with --mock)
- *   1. Spawn Express backend     (ts-node or node dist/server/server.js)
- *   2. Poll /health until ready  (60s timeout)
- *   3. POST /api/ingest          (load cluster data)
- *   4. Ensure UI deps installed  (npm install inside ui/ if needed)
- *   5. Spawn Vite frontend       (npm run dev inside ui/)
- *   6. Wait for Vite             (poll localhost:5173, 30s timeout)
- *   7. Open browser
- *   8. Park — Ctrl+C kills both children cleanly
- */
 export interface StartOptions {
     skipBrowser: boolean;
     source: 'mock' | 'live';

package/dist/cli/start.js

@@ -1,18 +1,4 @@
 "use strict";
-/**
- * start.ts — CLI orchestrator
- *
- * Sequence:
- *   0. Docker + Neo4j preflight  (skipped with --mock)
- *   1. Spawn Express backend     (ts-node or node dist/server/server.js)
- *   2. Poll /health until ready  (60s timeout)
- *   3. POST /api/ingest          (load cluster data)
- *   4. Ensure UI deps installed  (npm install inside ui/ if needed)
- *   5. Spawn Vite frontend       (npm run dev inside ui/)
- *   6. Wait for Vite             (poll localhost:5173, 30s timeout)
- *   7. Open browser
- *   8. Park — Ctrl+C kills both children cleanly
- */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -55,17 +41,12 @@ const http = __importStar(require("http"));
 const util = __importStar(require("util"));
 const docker_1 = require("./docker");
 const exec = util.promisify(child_process_1.exec);
-// ─── Resolved paths ───────────────────────────────────────────────────────────
-// __dirname is dist/cli/ at runtime (both ts-node and compiled).
-// ROOT is always the package root (two levels up from dist/cli/).
 const ROOT = path.resolve(__dirname, '..', '..');
 const UI_DIR = path.join(ROOT, 'ui');
 const BACKEND_URL = 'http://localhost:3001';
 const FRONTEND_URL = 'http://localhost:5173';
-// ─── Helpers ──────────────────────────────────────────────────────────────────
 const log = (msg) => console.log(`  ${msg}`);
 const warn = (msg) => console.log(`  ⚠  ${msg}`);
-/** Poll a URL until it responds < 400. Rejects after timeoutMs. */
 function waitFor(url, timeoutMs = 30000) {
     return new Promise((resolve, reject) => {
         const deadline = Date.now() + timeoutMs;
@@ -89,7 +70,6 @@ function waitFor(url, timeoutMs = 30000) {
         attempt();
     });
 }
-/** POST /api/ingest — load cluster data into Neo4j */
 async function ingest(source) {
     const res = await fetch(`${BACKEND_URL}/api/ingest`, {
         method: 'POST',
@@ -101,18 +81,12 @@ async function ingest(source) {
         throw new Error(`HTTP ${res.status}: ${text.slice(0, 200)}`);
     }
 }
-/** Open the system default browser cross-platform */
 function openBrowser(url) {
     const [cmd, args] = process.platform === 'win32' ? ['cmd', ['/c', `start ${url}`]] :
         process.platform === 'darwin' ? ['open', [url]] :
             ['xdg-open', [url]];
     (0, child_process_1.spawn)(cmd, args, { shell: false, detached: true, stdio: 'ignore' }).unref();
 }
-/**
- * Ensure the ui/ directory has its node_modules installed.
- * Runs `npm install --omit=dev` inside ui/ if node_modules is absent.
- * This handles the `npx k8s-av` case where ui/node_modules is not present.
- */
 async function ensureUiDeps() {
     const nmDir = path.join(UI_DIR, 'node_modules');
     if (fs.existsSync(nmDir))
@@ -133,7 +107,6 @@ async function runStart(opts) {
     console.log('  🔐 Kubernetes Attack Path Visualizer');
     console.log('  ' + (opts.source === 'mock' ? 'Demo mode (mock data)' : 'Live cluster mode'));
     console.log('═'.repeat(62));
-    // ── 0. Docker preflight (skipped in mock mode) ────────────────────────────
     if (opts.source === 'mock') {
         console.log('\n  ℹ  Mock mode — skipping Docker & Neo4j preflight.');
     }
@@ -143,9 +116,7 @@ async function runStart(opts) {
             process.exit(1);
     }
     console.log();
-    // ── 1. Spawn backend ───────────────────────────────────────────────────────
     log('✔ Starting backend...');
-    // Use compiled JS if available (npm package context), fall back to ts-node
     const distServer = path.join(ROOT, 'dist', 'server', 'server.js');
     const [backendCmd, backendArgs] = fs.existsSync(distServer)
         ? ['node', [distServer]]
@@ -153,7 +124,7 @@ async function runStart(opts) {
     const backend = (0, child_process_1.spawn)(backendCmd, backendArgs, {
         cwd: ROOT,
         stdio: ['ignore', 'pipe', 'pipe'],
-        shell: process.platform === 'win32',
+        shell: false,
         env: { ...process.env, CORS_ORIGIN: FRONTEND_URL },
     });
     let backendExited = false;
@@ -174,7 +145,6 @@ async function runStart(opts) {
             process.exit(1);
         }
     });
-    // ── 2. Wait for backend ────────────────────────────────────────────────────
     log('⏳ Waiting for backend...');
     try {
         await waitFor(`${BACKEND_URL}/health`, 60000);
@@ -189,7 +159,6 @@ async function runStart(opts) {
         process.exit(1);
     }
     log('✔ Backend ready');
-    // ── 3. Ingest data ────────────────────────────────────────────────────────
     log(`✔ Loading cluster data (source: ${opts.source})...`);
     try {
         await ingest(opts.source);
@@ -199,7 +168,6 @@ async function runStart(opts) {
         warn(`Ingest warning: ${err.message}`);
         warn('   UI will start in empty state — check Neo4j connection.');
     }
-    // ── 4. Ensure UI dependencies ─────────────────────────────────────────────
     try {
         await ensureUiDeps();
     }
@@ -208,12 +176,11 @@ async function runStart(opts) {
         backend.kill();
         process.exit(1);
     }
-    // ── 5. Spawn frontend ─────────────────────────────────────────────────────
     log('✔ Starting UI...');
     const frontend = (0, child_process_1.spawn)('npm', ['run', 'dev'], {
         cwd: UI_DIR,
         stdio: ['ignore', 'pipe', 'pipe'],
-        shell: process.platform === 'win32',
+        shell: true,
         env: process.env,
     });
     frontend.stdout?.on('data', (d) => {
@@ -226,26 +193,22 @@ async function runStart(opts) {
         if (line)
             process.stderr.write(`     [ui] ${line}\n`);
     });
-    // ── 6. Wait for Vite ──────────────────────────────────────────────────────
     try {
         await waitFor(FRONTEND_URL, 45000);
     }
     catch {
         warn('Vite did not respond in time — opening browser anyway.');
     }
-    // ── 7. Open browser ───────────────────────────────────────────────────────
     if (!opts.skipBrowser) {
         log('✔ Opening browser...');
         openBrowser(FRONTEND_URL);
     }
-    // ── 8. Summary ────────────────────────────────────────────────────────────
     console.log('\n  ' + '─'.repeat(58));
     console.log('  ✔ System ready');
     console.log(`     Backend  →  ${BACKEND_URL}`);
     console.log(`     UI       →  ${FRONTEND_URL}`);
     console.log('  ' + '─'.repeat(58));
     console.log('\n  Press Ctrl+C to stop.\n');
-    // ── Shutdown handler ──────────────────────────────────────────────────────
     const shutdown = () => {
         log('Shutting down...');
         if (!backendExited)
@@ -255,7 +218,6 @@ async function runStart(opts) {
     };
     process.on('SIGINT', shutdown);
     process.on('SIGTERM', shutdown);
-    // Park indefinitely until Ctrl+C
     await new Promise(() => { });
 }
 //# sourceMappingURL=start.js.map

package/dist/core/attack-path.d.ts

@@ -9,18 +9,7 @@ export interface AttackPathReport {
         avgHops: number;
     };
 }
-/**
- * Detects all attack paths in the graph that lead from an entry-point node
- * to a crown-jewel node using BFS (shortest path) per pair.
- *
- * Paths are sorted by descending riskScore.
- */
 export declare function detectAttackPaths(graph: Graph): AttackPath[];
-/**
- * Same as `detectAttackPaths` but also finds ALTERNATE (non-shortest) paths
- * for richer analysis. Returns a full report with statistics.
- */
 export declare function generateFullAttackReport(graph: Graph): AttackPathReport;
-/** Pretty-prints the top N attack paths to the console. */
 export declare function printAttackPaths(paths: AttackPath[], limit?: number): void;
 //# sourceMappingURL=attack-path.d.ts.map