kafkacode 1.2.0

package/CHANGELOG.md

@@ -0,0 +1,26 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [1.0.0] - 2024-09-22
+
+### Added
+- Initial release of KafkaCode Privacy Scanner
+- Pattern-based detection for secrets, API keys, and sensitive data
+- AI-powered contextual analysis using Grok LLM
+- Support for multiple programming languages (Python, JavaScript, TypeScript, Java, Go, Ruby, PHP)
+- Beautiful console reporting with severity levels
+- Privacy grading system (A+ to F)
+- CLI interface with scan command
+- API key obfuscation for commercial distribution
+- Gitignore pattern support
+- Comprehensive test suite
+
+### Features
+- Detects AWS keys, Stripe keys, private keys
+- Identifies PII like emails, phone numbers, IP addresses
+- High entropy string detection for potential secrets
+- Context-aware privacy vulnerability analysis
+- Detailed suggestions for remediation
+- Verbose logging option
+- Exit codes for CI/CD integration

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 KafkaLabs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,98 @@
+# KafkaCode Privacy Scanner
+
+<div align="center">
+  <h3>by <a href="https://kafkalabs.com">KafkaLabs</a></h3>
+  <p>🔐 <strong>Shift-left privacy and compliance scanner for source code</strong></p>
+  <p>
+    <a href="https://kafkalabs.com/kafka-code">Website</a> •
+    <a href="https://github.com/nikhil-kapu/KafkacodeFnpm">GitHub</a> •
+    <a href="https://www.npmjs.com/package/kafkacode">npm</a>
+  </p>
+</div>
+
+---
+
+KafkaCode is an AI-powered privacy scanner by **KafkaLabs** that helps developers identify potential privacy issues, PII leaks, and compliance violations in their source code before they reach production.
+
+## Features
+
+- 🔍 **Pattern-based Detection**: Identifies hardcoded secrets, API keys, and sensitive data
+- 🤖 **AI-powered Analysis**: Uses advanced LLM analysis for contextual privacy issues
+- ⚡ **Fast & Efficient**: Scans entire codebases in seconds
+- 🎯 **Multiple File Types**: Supports Python, JavaScript, TypeScript, Java, Go, Ruby, PHP
+- 📊 **Detailed Reports**: Beautiful console reports with severity levels
+- 🚀 **CI/CD Ready**: Easy integration with build pipelines
+
+## Installation
+
+```bash
+npm install -g kafkacode
+```
+
+Or using npx (no installation required):
+```bash
+npx kafkacode scan /path/to/your/project
+```
+
+## Usage
+
+**Basic Scan:**
+```bash
+kafkacode scan /path/to/your/project
+```
+
+**Verbose Output:**
+```bash
+kafkacode scan /path/to/your/project --verbose
+```
+
+## What it detects
+
+- **Critical Issues**: AWS keys, Stripe keys, Private keys
+- **High Severity**: Sensitive keywords in assignment context
+- **Medium Severity**: Email addresses, Phone numbers, High entropy strings
+- **Low Severity**: IP addresses, URLs
+
+## Privacy Grade
+
+KafkaCode assigns a privacy grade (A+ to F) based on the severity and number of issues found:
+
+- **A+/A/A-**: Excellent privacy practices
+- **B+/B/B-**: Good privacy practices with minor issues
+- **C+/C/C-**: Moderate privacy issues that should be addressed
+- **D**: Multiple high-severity privacy issues
+- **F**: Critical privacy vulnerabilities detected
+
+## Example Output
+
+```
+🎯 PRIVACY SCAN REPORT
+═══════════════════════════════════════
+
+📊 SCAN SUMMARY
+📁 Directory: ./src
+⏰ Timestamp: 2024-01-15 10:30:45
+📄 Files Scanned: 25
+🔍 Total Issues: 3
+🏆 Privacy Grade: 🟡B-
+```
+
+## License
+
+MIT License - Copyright (c) 2025 KafkaLabs
+
+See [LICENSE](LICENSE) file for details.
+
+## About KafkaLabs
+
+KafkaCode is built by [KafkaLabs](https://kafkalabs.com), helping developers build privacy-first applications.
+
+- 🌐 **Website**: [kafkalabs.com/kafka-code](https://kafkalabs.com/kafka-code)
+- 📧 **Contact**: contact@kafkalabs.com
+- 💬 **Issues**: [GitHub Issues](https://github.com/nikhil-kapu/KafkacodeFnpm/issues)
+
+---
+
+<div align="center">
+  Made with ❤️ by <a href="https://kafkalabs.com">KafkaLabs</a>
+</div>

package/dist/AnalysisEngine.js

@@ -0,0 +1,53 @@
+const fs = require('fs');
+const PatternScanner = require('./PatternScanner');
+const LLMAnalyzer = require('./LLMAnalyzer');
+
+class AnalysisEngine {
+    constructor(verbose = false) {
+        this.verbose = verbose;
+        this.patternScanner = new PatternScanner();
+        this.llmAnalyzer = new LLMAnalyzer();
+        this.llmAnalyzer.verbose = verbose;
+    }
+
+    async analyzeFile(filePath) {
+        if (this.verbose) {
+            console.log(`Analyzing: ${filePath}`);
+        }
+
+        let content;
+        try {
+            content = fs.readFileSync(filePath, 'utf-8');
+        } catch (error) {
+            if (this.verbose) {
+                console.log(`Error reading ${filePath}: ${error.message}`);
+            }
+            return [];
+        }
+
+        const findings = [];
+
+        // Pattern-based analysis first
+        const patternFindings = this.patternScanner.scanContent(filePath, content);
+        findings.push(...patternFindings);
+
+        // LLM-based analysis with pattern findings as context
+        const llmFindings = await this.llmAnalyzer.analyzeFile(filePath, content, patternFindings);
+        findings.push(...llmFindings);
+
+        return findings;
+    }
+
+    async analyzeFiles(filePaths) {
+        const allFindings = [];
+
+        for (const filePath of filePaths) {
+            const fileFindings = await this.analyzeFile(filePath);
+            allFindings.push(...fileFindings);
+        }
+
+        return allFindings;
+    }
+}
+
+module.exports = AnalysisEngine;

package/dist/FileScanner.js

@@ -0,0 +1,96 @@
+const fs = require('fs');
+const path = require('path');
+const { minimatch } = require('minimatch');
+
+class FileScanner {
+    constructor(rootDir) {
+        this.rootDir = path.resolve(rootDir);
+        this.supportedExtensions = new Set(['.py', '.js', '.ts', '.java', '.go', '.rb', '.php']);
+        this.ignoreDirs = new Set([
+            '.git', 'node_modules', 'venv', '__pycache__', '.venv', 'env',
+            'build', 'dist', 'target', 'out', '.next', '.nuxt', 'vendor',
+            'coverage', '.coverage', '.pytest_cache', '.mypy_cache'
+        ]);
+        this.gitignorePatterns = this._loadGitignore();
+    }
+
+    _loadGitignore() {
+        const gitignorePath = path.join(this.rootDir, '.gitignore');
+        const patterns = [];
+
+        if (fs.existsSync(gitignorePath)) {
+            try {
+                const content = fs.readFileSync(gitignorePath, 'utf-8');
+                const lines = content.split('\n');
+
+                for (const line of lines) {
+                    const trimmed = line.trim();
+                    if (trimmed && !trimmed.startsWith('#')) {
+                        patterns.push(trimmed);
+                    }
+                }
+            } catch (error) {
+                // Ignore errors loading gitignore
+            }
+        }
+
+        return patterns;
+    }
+
+    _shouldIgnorePath(filePath) {
+        const relativePath = path.relative(this.rootDir, filePath);
+        const pathParts = relativePath.split(path.sep);
+
+        // Check built-in ignore directories
+        for (const part of pathParts) {
+            if (this.ignoreDirs.has(part)) {
+                return true;
+            }
+        }
+
+        // Check gitignore patterns
+        for (const pattern of this.gitignorePatterns) {
+            if (minimatch(relativePath, pattern) || minimatch(path.basename(filePath), pattern)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    _scanDirectory(dir) {
+        const files = [];
+
+        try {
+            const entries = fs.readdirSync(dir, { withFileTypes: true });
+
+            for (const entry of entries) {
+                const fullPath = path.join(dir, entry.name);
+
+                if (this._shouldIgnorePath(fullPath)) {
+                    continue;
+                }
+
+                if (entry.isDirectory()) {
+                    files.push(...this._scanDirectory(fullPath));
+                } else if (entry.isFile()) {
+                    const ext = path.extname(entry.name);
+                    if (this.supportedExtensions.has(ext)) {
+                        files.push(fullPath);
+                    }
+                }
+            }
+        } catch (error) {
+            // Ignore directory access errors
+        }
+
+        return files;
+    }
+
+    scanFiles() {
+        const files = this._scanDirectory(this.rootDir);
+        return files.sort();
+    }
+}
+
+module.exports = FileScanner;

package/dist/LLMAnalyzer.js

@@ -0,0 +1,286 @@
+const https = require('https');
+
+class LLMAnalyzer {
+    constructor() {
+        this.backendEndpoint = process.env.KAFKACODE_BACKEND_ENDPOINT || 'https://adorable-motivation-production.up.railway.app';
+        this.verbose = false;
+        this.interestKeywords = new Set([
+            'api', 'db', 'database', 'user', 'password', 'save', 'fetch', 'send', 'log',
+            'auth', 'token', 'key', 'secret', 'credential', 'email', 'phone', 'address',
+            'personal', 'sensitive', 'private', 'encrypt', 'decrypt', 'hash'
+        ]);
+    }
+
+    _createSnippetPrompt(codeSnippet, filePath, startLine) {
+        return `SYSTEM: You are an automated privacy and compliance analysis engine. Your task is to review the following CODE SNIPPET and identify potential privacy vulnerabilities based ONLY on the provided code. The snippet is from a larger file. Do not infer functionality outside of this snippet. Your analysis must focus on how the code handles data that could be considered sensitive or PII.
+
+Your response MUST be a single, valid JSON object. The root object should contain a single key: "vulnerabilities". The value of "vulnerabilities" must be an array of objects. Each object in the array represents a single, distinct vulnerability and must have the following keys:
+- "line_number": The integer line number where the vulnerability is found. This number MUST be relative to the original file, not the snippet.
+- "severity": A string, which must be one of "High", "Medium", or "Low".
+- "description": A concise, one-sentence string describing the vulnerability (e.g., "User email is logged to a publicly accessible file.").
+- "suggestion": A one-sentence string providing an actionable recommendation for the developer (e.g., "Consider logging only non-sensitive user identifiers or hashing the data before logging.").
+
+If you find zero vulnerabilities, you MUST return an empty array: {"vulnerabilities": []}.
+
+USER: Analyze the following code snippet from the file '${filePath}'. The snippet starts at line ${startLine}:
+
+${codeSnippet}`;
+    }
+
+    _identifyAreasOfInterest(content, patternFindings) {
+        const lines = content.split('\n');
+        const areas = new Set();
+
+        // Add lines from pattern findings
+        for (const finding of patternFindings) {
+            const lineNum = finding.line_number || 1;
+            areas.add(lineNum);
+        }
+
+        // Look for function/method definitions and lines with interest keywords
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineLower = line.toLowerCase();
+
+            // Function/method definitions
+            if (/^\s*(def\s+|function\s+|class\s+|\w+\s*\([^)]*\)\s*{)/.test(line.trim())) {
+                areas.add(i + 1);
+            }
+
+            // Lines containing interest keywords
+            if (Array.from(this.interestKeywords).some(keyword => lineLower.includes(keyword))) {
+                areas.add(i + 1);
+            }
+        }
+
+        // Convert to ranges with context
+        const ranges = [];
+        const sortedAreas = Array.from(areas).sort((a, b) => a - b);
+
+        for (const lineNum of sortedAreas) {
+            const start = Math.max(1, lineNum - 10);
+            const end = Math.min(lines.length, lineNum + 10);
+            ranges.push([start, end]);
+        }
+
+        // Merge overlapping ranges
+        const mergedRanges = [];
+        for (const [start, end] of ranges) {
+            if (mergedRanges.length > 0 && start <= mergedRanges[mergedRanges.length - 1][1] + 10) {
+                // Extend previous range
+                const lastRange = mergedRanges[mergedRanges.length - 1];
+                mergedRanges[mergedRanges.length - 1] = [lastRange[0], Math.max(lastRange[1], end)];
+            } else {
+                mergedRanges.push([start, end]);
+            }
+        }
+
+        return mergedRanges;
+    }
+
+    async callGrokApi(codeSnippet, filePath, startLine) {
+        try {
+            return await this._callBackendApi(codeSnippet, filePath, startLine);
+        } catch (error) {
+            if (this.verbose) {
+                console.log(`    ❌ LLM call failed, using mock: ${error.message}`);
+            }
+            return this._mockSnippetResponse(codeSnippet, filePath, startLine);
+        }
+    }
+
+    async _callBackendApi(codeSnippet, filePath, startLine) {
+        const payload = JSON.stringify({
+            codeSnippet,
+            filePath,
+            startLine
+        });
+
+        const url = new URL(this.backendEndpoint);
+        url.pathname = '/api/analyze';
+
+        const options = {
+            hostname: url.hostname,
+            port: url.port || 443,
+            path: url.pathname,
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Content-Length': Buffer.byteLength(payload)
+            },
+            timeout: 12000 // 12 second timeout for CLI request
+        };
+
+        return new Promise((resolve, reject) => {
+            const req = https.request(options, (res) => {
+                let data = '';
+
+                res.on('data', (chunk) => {
+                    data += chunk;
+                });
+
+                res.on('end', () => {
+                    try {
+                        if (res.statusCode === 429) {
+                            const errorData = JSON.parse(data);
+                            throw new Error(`Rate limit exceeded: ${errorData.message}`);
+                        }
+
+                        if (res.statusCode !== 200) {
+                            throw new Error(`HTTP ${res.statusCode}: ${data}`);
+                        }
+
+                        const result = JSON.parse(data);
+                        const content = result.data.choices[0].message.content;
+
+                        try {
+                            const parsedResponse = JSON.parse(content);
+                            if (this.verbose) {
+                                console.log(`    ✅ LLM returned ${parsedResponse.vulnerabilities?.length || 0} vulnerabilities`);
+                                if (result.rateLimitRemaining !== undefined) {
+                                    console.log(`    📊 Rate limit remaining: ${result.rateLimitRemaining}`);
+                                }
+                            }
+                            parsedResponse.__source = 'llm';
+                            resolve(parsedResponse);
+                        } catch (jsonError) {
+                            const jsonStart = content.indexOf('{');
+                            const jsonEnd = content.lastIndexOf('}') + 1;
+                            if (jsonStart !== -1 && jsonEnd > jsonStart) {
+                                const parsed = JSON.parse(content.substring(jsonStart, jsonEnd));
+                                if (this.verbose) {
+                                    console.log(`    ✅ LLM returned ${parsed.vulnerabilities?.length || 0} vulnerabilities (extracted JSON)`);
+                                }
+                                parsed.__source = 'llm';
+                                resolve(parsed);
+                            } else {
+                                resolve({ vulnerabilities: [] });
+                            }
+                        }
+                    } catch (error) {
+                        reject(error);
+                    }
+                });
+            });
+
+            req.on('error', (error) => {
+                reject(error);
+            });
+
+            req.on('timeout', () => {
+                req.destroy();
+                reject(new Error('Backend API request timeout'));
+            });
+
+            req.write(payload);
+            req.end();
+        });
+    }
+
+
+    _mockSnippetResponse(codeSnippet, filePath, startLine) {
+        const vulnerabilities = [];
+        const lines = codeSnippet.split('\n');
+
+        // Simple heuristic-based mock analysis
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineLower = line.toLowerCase();
+            const actualLineNum = startLine + i;
+
+            // Look for logging of potentially sensitive data
+            if (lineLower.includes('log') && ['email', 'user', 'password', 'token'].some(term => lineLower.includes(term))) {
+                vulnerabilities.push({
+                    line_number: actualLineNum,
+                    severity: 'Medium',
+                    description: 'Potential logging of sensitive user data detected.',
+                    suggestion: 'Consider logging only non-sensitive identifiers or hashing sensitive data before logging.'
+                });
+            }
+
+            // Look for insecure data transmission
+            if (lineLower.includes('http://') && ['api', 'send', 'post', 'request'].some(term => lineLower.includes(term))) {
+                vulnerabilities.push({
+                    line_number: actualLineNum,
+                    severity: 'High',
+                    description: 'Insecure HTTP transmission of potentially sensitive data.',
+                    suggestion: 'Use HTTPS instead of HTTP for all data transmission.'
+                });
+            }
+        }
+
+        return { vulnerabilities, __source: 'mock' };
+    }
+
+    async analyzeFile(filePath, content, patternFindings = []) {
+        const lines = content.split('\n');
+        const areasOfInterest = this._identifyAreasOfInterest(content, patternFindings);
+        const findings = [];
+
+        if (this.verbose && areasOfInterest.length > 0) {
+            console.log(`  Found ${areasOfInterest.length} areas of interest for LLM analysis`);
+        }
+
+        // Analyze each area of interest
+        for (const [startLine, endLine] of areasOfInterest) {
+            // Extract snippet
+            const snippetLines = lines.slice(startLine - 1, endLine);
+            const snippet = snippetLines.join('\n');
+
+            // Skip very small snippets
+            if (snippet.trim().length < 50) {
+                continue;
+            }
+
+            try {
+                // Call API with rate limiting
+                const grokResponse = await this.callGrokApi(snippet, filePath, startLine);
+
+                // Add delay to prevent rate limiting from free tier
+                await new Promise(resolve => setTimeout(resolve, 1000));
+
+                // Process findings
+                for (const vuln of grokResponse.vulnerabilities || []) {
+                    const finding = {
+                        file_path: filePath,
+                        line_number: vuln.line_number || startLine,
+                        severity: vuln.severity || 'Medium',
+                        finding_type: 'Context-Based Issue',
+                        description: vuln.description || 'Privacy vulnerability detected',
+                        code_snippet: this._getCodeSnippet(content, vuln.line_number || startLine),
+                        suggestion: vuln.suggestion || 'Review and address the identified issue.',
+                        source: grokResponse.__source || 'unknown'
+                    };
+                    findings.push(finding);
+                }
+
+            } catch (error) {
+                // Continue with other snippets if one fails
+                continue;
+            }
+        }
+
+        // Remove duplicates based on line number and description
+        const seen = new Set();
+        const uniqueFindings = [];
+        for (const finding of findings) {
+            const key = `${finding.line_number}:${finding.description}`;
+            if (!seen.has(key)) {
+                seen.add(key);
+                uniqueFindings.push(finding);
+            }
+        }
+
+        return uniqueFindings;
+    }
+
+    _getCodeSnippet(content, lineNumber) {
+        const lines = content.split('\n');
+        if (lineNumber >= 1 && lineNumber <= lines.length) {
+            return lines[lineNumber - 1].trim();
+        }
+        return 'Code snippet unavailable';
+    }
+}
+
+module.exports = LLMAnalyzer;

package/dist/PatternScanner.js

@@ -0,0 +1,135 @@
+class PatternScanner {
+    constructor() {
+        this.patterns = this._initPatterns();
+    }
+
+    _initPatterns() {
+        return {
+            'aws_access_key': {
+                pattern: /\b(AKIA[0-9A-Z]{16})\b/g,
+                severity: 'Critical',
+                type: 'Hardcoded Secret',
+                description: 'AWS Access Key ID detected'
+            },
+            'aws_secret_key': {
+                pattern: /\b[A-Za-z0-9/+=]{40}\b/g,
+                severity: 'Critical',
+                type: 'Hardcoded Secret',
+                description: 'Potential AWS Secret Access Key detected'
+            },
+            'stripe_key': {
+                pattern: /\b(sk_live_[0-9a-zA-Z]{24}|pk_live_[0-9a-zA-Z]{24})\b/g,
+                severity: 'Critical',
+                type: 'Hardcoded Secret',
+                description: 'Stripe API key detected'
+            },
+            'private_key': {
+                pattern: /-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----/g,
+                severity: 'Critical',
+                type: 'Hardcoded Secret',
+                description: 'Private key detected'
+            },
+            'high_entropy': {
+                pattern: /\b[A-Za-z0-9+/=]{32,}\b/g,
+                severity: 'Medium',
+                type: 'Hardcoded Secret',
+                description: 'High entropy string (potential secret)'
+            },
+            'email': {
+                pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/gi,
+                severity: 'Medium',
+                type: 'PII Detected',
+                description: 'Email address detected'
+            },
+            'phone': {
+                pattern: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b|\b\(\d{3}\)\s?\d{3}[-.]?\d{4}\b/g,
+                severity: 'Medium',
+                type: 'PII Detected',
+                description: 'Phone number detected'
+            },
+            'ip_address': {
+                pattern: /\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/g,
+                severity: 'Low',
+                type: 'PII Detected',
+                description: 'IP address detected'
+            },
+            'sensitive_keywords': {
+                pattern: /\b(password|secret|api_key|token|ssn|credit_card|credentials)\s*[=:]\s*["']?[^"'\s]+/gi,
+                severity: 'High',
+                type: 'Hardcoded Secret',
+                description: 'Sensitive keyword in assignment context'
+            }
+        };
+    }
+
+    _calculateEntropy(data) {
+        if (!data) return 0;
+
+        const counts = {};
+        for (const char of data) {
+            counts[char] = (counts[char] || 0) + 1;
+        }
+
+        let entropy = 0;
+        const length = data.length;
+
+        for (const count of Object.values(counts)) {
+            const probability = count / length;
+            entropy -= probability * Math.log2(probability);
+        }
+
+        return entropy;
+    }
+
+    scanContent(filePath, content) {
+        const findings = [];
+        const lines = content.split('\n');
+
+        for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+            const line = lines[lineNum];
+
+            for (const [patternName, patternInfo] of Object.entries(this.patterns)) {
+                // Reset regex lastIndex for global patterns
+                patternInfo.pattern.lastIndex = 0;
+
+                let match;
+                while ((match = patternInfo.pattern.exec(line)) !== null) {
+                    // Additional filtering for high entropy strings
+                    if (patternName === 'high_entropy') {
+                        const matchedText = match[0];
+                        if (this._calculateEntropy(matchedText) < 4.0) {
+                            continue;
+                        }
+                        if (matchedText.length < 20) {
+                            continue;
+                        }
+                    }
+
+                    // Skip common false positives for AWS secret pattern
+                    if (patternName === 'aws_secret_key') {
+                        const matchedText = match[0];
+                        const falsePositives = ['example', 'dummy', 'test', 'fake'];
+                        if (falsePositives.some(fp => matchedText.toLowerCase().includes(fp))) {
+                            continue;
+                        }
+                    }
+
+                    const finding = {
+                        file_path: filePath,
+                        line_number: lineNum + 1,
+                        severity: patternInfo.severity,
+                        finding_type: patternInfo.type,
+                        description: patternInfo.description,
+                        code_snippet: line.trim()
+                    };
+
+                    findings.push(finding);
+                }
+            }
+        }
+
+        return findings;
+    }
+}
+
+module.exports = PatternScanner;

package/dist/ReportGenerator.js

@@ -0,0 +1,229 @@
+const chalk = require('chalk');
+
+class ReportGenerator {
+    constructor() {
+        this.reportTime = new Date();
+        this.severityIcons = {
+            'Critical': '🚨',
+            'High': '🔥',
+            'Medium': '⚠️',
+            'Low': '🔵'
+        };
+        this.severityOrder = ['Critical', 'High', 'Medium', 'Low'];
+    }
+
+    _calculateGrade(findings) {
+        if (!findings.length) {
+            return 'A+';
+        }
+
+        const severityCounts = {};
+        this.severityOrder.forEach(severity => {
+            severityCounts[severity] = 0;
+        });
+
+        for (const finding of findings) {
+            const severity = finding.severity || 'Low';
+            if (severityCounts.hasOwnProperty(severity)) {
+                severityCounts[severity]++;
+            }
+        }
+
+        // Grading logic
+        if (severityCounts['Critical'] > 0) {
+            return 'F';
+        } else if (severityCounts['High'] > 3) {
+            return 'D';
+        } else if (severityCounts['High'] > 0) {
+            return 'C-';
+        } else if (severityCounts['Medium'] > 5) {
+            return 'B-';
+        } else if (severityCounts['Medium'] > 0) {
+            return 'B';
+        } else if (severityCounts['Low'] > 0) {
+            return 'A-';
+        } else {
+            return 'A+';
+        }
+    }
+
+    _groupFindingsBySeverity(findings) {
+        const groups = {};
+        this.severityOrder.forEach(severity => {
+            groups[severity] = [];
+        });
+
+        for (const finding of findings) {
+            const severity = finding.severity || 'Low';
+            if (groups.hasOwnProperty(severity)) {
+                groups[severity].push(finding);
+            }
+        }
+
+        return groups;
+    }
+
+    _getGradeColor(grade) {
+        const colors = {
+            'A+': '🟢', 'A': '🟢', 'A-': '🟢',
+            'B+': '🟡', 'B': '🟡', 'B-': '🟡',
+            'C+': '🟠', 'C': '🟠', 'C-': '🟠',
+            'D': '🔴', 'F': '🔴'
+        };
+        return colors[grade] || '⚪';
+    }
+
+    generateReport(scanDir, findings, fileCount) {
+        const reportLines = [];
+
+        // ASCII Art Header
+        reportLines.push(
+            '',
+            chalk.red('╔═══════════════════════════════════════════════════════════════════════════════╗'),
+            chalk.red('║                                                                               ║'),
+            chalk.red('║    ██╗  ██╗ █████╗ ███████╗██╗  ██╗ █████╗  ██████╗ ██████╗ ██████╗ ███████╗ ║'),
+            chalk.red('║    ██║ ██╔╝██╔══██╗██╔════╝██║ ██╔╝██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝ ║'),
+            chalk.red('║    █████╔╝ ███████║█████╗  █████╔╝ ███████║██║     ██║   ██║██║  ██║█████╗   ║'),
+            chalk.red('║    ██╔═██╗ ██╔══██║██╔══╝  ██╔═██╗ ██╔══██║██║     ██║   ██║██║  ██║██╔══╝   ║'),
+            chalk.red('║    ██║  ██╗██║  ██║██║     ██║  ██╗██║  ██║╚██████╗╚██████╔╝██████╔╝███████╗ ║'),
+            chalk.red('║    ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝ ║'),
+            chalk.red('║                                                                               ║'),
+            chalk.red('║                   🔐 SHIFT-LEFT PRIVACY & COMPLIANCE SCANNER 🔐                ║'),
+            chalk.red('║                        Powered by AI • Built for Developers                   ║'),
+            chalk.red('║                                                                               ║'),
+            chalk.red('╚═══════════════════════════════════════════════════════════════════════════════╝'),
+            '',
+            '🎯 PRIVACY SCAN REPORT',
+            '═'.repeat(80),
+            ''
+        );
+
+        // Summary box
+        const severityCounts = {};
+        this.severityOrder.forEach(severity => {
+            severityCounts[severity] = 0;
+        });
+
+        for (const finding of findings) {
+            const severity = finding.severity || 'Low';
+            if (severityCounts.hasOwnProperty(severity)) {
+                severityCounts[severity]++;
+            }
+        }
+
+        const grade = this._calculateGrade(findings);
+        const gradeColor = this._getGradeColor(grade);
+
+        // Count LLM vs Mock findings
+        const llmCount = findings.filter(f => f.source === 'llm').length;
+        const patternCount = findings.length - llmCount;
+
+        const timestamp = this.reportTime.toISOString().slice(0, 19).replace('T', ' ');
+
+        reportLines.push(
+            '┌─────────────────────────────────────────────────────────────────────────────┐',
+            '│                              📊 SCAN SUMMARY                                │',
+            '├─────────────────────────────────────────────────────────────────────────────┤',
+            `│ 📁 Directory: ${scanDir.padEnd(60)} │`,
+            `│ ⏰ Timestamp: ${timestamp.padEnd(60)} │`,
+            `│ 📄 Files Scanned: ${fileCount.toString().padEnd(57)} │`,
+            `│ 🔍 Total Issues: ${findings.length.toString().padEnd(58)} │`,
+            `│ 🏆 Privacy Grade: ${gradeColor}${grade.padEnd(56)} │`,
+            '│                                                                             │',
+            '│ 🎯 Detection Methods:                                                       │',
+            `│   • Pattern-based: ${patternCount} issues                                      │`,
+            `│   • AI-powered: ${llmCount} issues (Grok 4 Fast)                               │`,
+            '│                                                                             │',
+            '│ 📈 Severity Breakdown:                                                      │',
+            `│   🚨 Critical: ${severityCounts['Critical'].toString().padEnd(10)} 🔥 High: ${severityCounts['High'].toString().padEnd(14)} │`,
+            `│   ⚠️  Medium: ${severityCounts['Medium'].toString().padEnd(11)} 🔵 Low: ${severityCounts['Low'].toString().padEnd(15)} │`,
+            '└─────────────────────────────────────────────────────────────────────────────┘',
+            ''
+        );
+
+        // Findings breakdown
+        if (!findings.length) {
+            reportLines.push(
+                '┌─────────────────────────────────────────────────────────────────────────────┐',
+                '│                          🎉 CONGRATULATIONS! 🎉                            │',
+                '│                                                                             │',
+                '│                   ✨ No privacy issues detected! ✨                       │',
+                '│                                                                             │',
+                '│              Your codebase follows privacy best practices!                 │',
+                '│                                                                             │',
+                '└─────────────────────────────────────────────────────────────────────────────┘',
+                ''
+            );
+        } else {
+            const groupedFindings = this._groupFindingsBySeverity(findings);
+
+            for (const severity of this.severityOrder) {
+                const severityFindings = groupedFindings[severity];
+                if (!severityFindings.length) {
+                    continue;
+                }
+
+                const icon = this.severityIcons[severity];
+                const colorBar = '█'.repeat(Math.min(severityFindings.length, 40));
+
+                reportLines.push(
+                    '',
+                    `╭${'─'.repeat(77)}╮`,
+                    `│ ${icon} ${severity.toUpperCase()} SEVERITY ISSUES (${severityFindings.length} found)`.padEnd(76) + '│',
+                    `│ ${colorBar}`.padEnd(76) + '│',
+                    `╰${'─'.repeat(77)}╯`,
+                    ''
+                );
+
+                for (let i = 0; i < severityFindings.length; i++) {
+                    const finding = severityFindings[i];
+                    const sourceBadge = finding.source === 'llm' ? '🤖 AI' : '🔍 Pattern';
+
+                    reportLines.push(
+                        `┌── Issue #${i + 1} ──────────────────────────────────────────────────────────`,
+                        `│ ${icon} ${finding.description || 'Privacy issue detected'}`,
+                        '│',
+                        `│ 📍 Location: ${finding.file_path || 'Unknown'}:${finding.line_number || 0}`,
+                        `│ 🚨 Severity: ${finding.severity || 'Unknown'}`,
+                        `│ 🔎 Detection: ${sourceBadge}`,
+                        '│',
+                        '│ 💾 Code:',
+                        `│    ${(finding.line_number || 0).toString().padStart(3)} │ ${finding.code_snippet || 'N/A'}`
+                    );
+
+                    if (finding.suggestion) {
+                        reportLines.push(
+                            '│',
+                            '│ 💡 Suggestion:',
+                            `│    ${finding.suggestion}`
+                        );
+                    }
+
+                    reportLines.push(
+                        '└────────────────────────────────────────────────────────────────────────',
+                        ''
+                    );
+                }
+            }
+        }
+
+        // Footer
+        reportLines.push(
+            '╔═══════════════════════════════════════════════════════════════════════════════╗',
+            '║                              🚀 GET STARTED                                  ║',
+            '║                                                                               ║',
+            '║  📚 Documentation: https://kafkacode.dev/docs                                 ║',
+            '║  🐙 GitHub: https://github.com/kafkacode/privacy-scanner                     ║',
+            '║  💬 Support: https://discord.gg/kafkacode                                    ║',
+            '║  🐦 Follow: @KafkaCodeDev                                                     ║',
+            '║                                                                               ║',
+            '║              🛡️ Keep your code secure, keep your users safe! 🛡️               ║',
+            '╚═══════════════════════════════════════════════════════════════════════════════╝',
+            ''
+        );
+
+        return reportLines.join('\n');
+    }
+}
+
+module.exports = ReportGenerator;

package/dist/cli.js

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+
+const { Command } = require('commander');
+const path = require('path');
+const fs = require('fs');
+const FileScanner = require('./FileScanner');
+const AnalysisEngine = require('./AnalysisEngine');
+const ReportGenerator = require('./ReportGenerator');
+
+const program = new Command();
+
+program
+    .name('kafkacode')
+    .description('KafkaCode - Privacy and Compliance Scanner')
+    .version('1.2.0');
+
+program
+    .command('scan')
+    .description('Scan a directory for privacy issues')
+    .argument('<directory>', 'Path to the source code directory to scan')
+    .option('-v, --verbose', 'Print verbose progress updates during the scan')
+    .action(async (directory, options) => {
+        await runScan(directory, options);
+    });
+
+async function runScan(directory, options = {}) {
+    const verbose = options.verbose || false;
+
+    // Validate directory
+    if (!fs.existsSync(directory) || !fs.statSync(directory).isDirectory()) {
+        console.error(`Error: Directory '${directory}' does not exist or is not a directory.`);
+        process.exit(1);
+    }
+
+    if (verbose) {
+        console.log('🚀 Starting KafkaCode privacy scan...');
+    }
+
+    try {
+        // Initialize components
+        const fileScanner = new FileScanner(directory);
+        const analysisEngine = new AnalysisEngine(verbose);
+        const reportGenerator = new ReportGenerator();
+
+        // Scan for files
+        if (verbose) {
+            console.log('📁 Discovering source code files...');
+        }
+        const files = fileScanner.scanFiles();
+
+        if (!files.length) {
+            console.log('No source code files found to analyze.');
+            process.exit(0);
+        }
+
+        if (verbose) {
+            console.log(`Found ${files.length} files to analyze`);
+        }
+
+        // Analyze files
+        if (verbose) {
+            console.log('🔍 Performing privacy analysis...');
+        }
+        const findings = await analysisEngine.analyzeFiles(files);
+
+        // Generate and display report
+        const report = reportGenerator.generateReport(directory, findings, files.length);
+        console.log(report);
+
+        // Return appropriate exit code
+        process.exit(findings.length > 0 ? 1 : 0);
+
+    } catch (error) {
+        if (error.name === 'AbortError' || error.message.includes('aborted')) {
+            console.log('\n⚠️  Scan interrupted by user.');
+            process.exit(1);
+        } else {
+            console.error(`❌ Error during scan: ${error.message}`);
+            if (verbose) {
+                console.error(error.stack);
+            }
+            process.exit(1);
+        }
+    }
+}
+
+// Handle SIGINT (Ctrl+C)
+process.on('SIGINT', () => {
+    console.log('\n⚠️  Scan interrupted by user.');
+    process.exit(1);
+});
+
+program.parse();

package/dist/index.js

@@ -0,0 +1,13 @@
+const FileScanner = require('./FileScanner');
+const PatternScanner = require('./PatternScanner');
+const LLMAnalyzer = require('./LLMAnalyzer');
+const AnalysisEngine = require('./AnalysisEngine');
+const ReportGenerator = require('./ReportGenerator');
+
+module.exports = {
+    FileScanner,
+    PatternScanner,
+    LLMAnalyzer,
+    AnalysisEngine,
+    ReportGenerator
+};

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "kafkacode",
+  "version": "1.2.0",
+  "description": "AI-powered privacy and compliance scanner by KafkaLabs - identify PII leaks, secrets, and compliance violations",
+  "main": "dist/index.js",
+  "bin": {
+    "kafkacode": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "node build.js",
+    "prepublishOnly": "npm run build",
+    "test": "node test/test.js"
+  },
+  "keywords": [
+    "privacy",
+    "compliance",
+    "security",
+    "scanner",
+    "static-analysis",
+    "pii",
+    "gdpr",
+    "ccpa",
+    "secret-detection",
+    "code-analysis",
+    "privacy-scanner",
+    "ai-powered",
+    "shift-left",
+    "cli-tool",
+    "security-scanner",
+    "vulnerability-scanner",
+    "kafkalabs"
+  ],
+  "author": "KafkaLabs <contact@kafkalabs.com>",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^9.4.1",
+    "minimatch": "^9.0.3",
+    "chalk": "^4.1.2"
+  },
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE",
+    "CHANGELOG.md"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/nikhil-kapu/KafkacodeFnpm.git"
+  },
+  "homepage": "https://kafkalabs.com/kafka-code",
+  "bugs": {
+    "url": "https://github.com/nikhil-kapu/KafkacodeFnpm/issues"
+  }
+}