kramscan 0.1.0 → 0.2.0

package/dist/utils/theme.js

@@ -0,0 +1,195 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.theme = exports.CLI_VERSION = void 0;
+exports.printBanner = printBanner;
+exports.printInfo = printInfo;
+exports.getSeverityColor = getSeverityColor;
+exports.displayScanSummary = displayScanSummary;
+const chalk_1 = __importDefault(require("chalk"));
+const path = __importStar(require("path"));
+const fs = __importStar(require("fs"));
+// Read version from package.json (single source of truth)
+function getPackageVersion() {
+    try {
+        const pkgPath = path.resolve(__dirname, "..", "..", "package.json");
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+        return pkg.version || "0.0.0";
+    }
+    catch {
+        return "0.0.0";
+    }
+}
+exports.CLI_VERSION = getPackageVersion();
+exports.theme = {
+    // Colors
+    brand: chalk_1.default.hex("#00D1FF"),
+    error: chalk_1.default.red.bold,
+    success: chalk_1.default.green,
+    warning: chalk_1.default.yellow,
+    info: chalk_1.default.blue,
+    dim: chalk_1.default.gray,
+    gray: chalk_1.default.gray,
+    white: chalk_1.default.white,
+    cyan: chalk_1.default.cyan,
+    brightWhite: chalk_1.default.white.bold,
+    brightCyan: chalk_1.default.cyan.bold,
+    brightMagenta: chalk_1.default.magenta.bold,
+    brightBlue: chalk_1.default.blue.bold,
+    brightGreen: chalk_1.default.green.bold,
+    brightYellow: chalk_1.default.yellow.bold,
+    brightRed: chalk_1.default.red.bold,
+    // Severity colors
+    critical: chalk_1.default.red.bold,
+    high: chalk_1.default.red,
+    medium: chalk_1.default.yellow,
+    low: chalk_1.default.blue,
+    infoSeverity: chalk_1.default.gray,
+    yellow: chalk_1.default.yellow,
+    green: chalk_1.default.green,
+};
+// ─── ASCII Art Banner ──────────────────────────────────────────────
+function printBanner() {
+    const lines = [
+        `██╗  ██╗██████╗  █████╗ ███╗   ███╗███████╗ ██████╗ █████╗ ███╗   ██╗`,
+        `██║ ██╔╝██╔══██╗██╔══██╗████╗ ████║██╔════╝██╔════╝██╔══██╗████╗  ██║`,
+        `█████╔╝ ██████╔╝███████║██╔████╔██║███████╗██║     ███████║██╔██╗ ██║`,
+        `██╔═██╗ ██╔══██╗██╔══██║██║╚██╔╝██║╚════██║██║     ██╔══██║██║╚██╗██║`,
+        `██║  ██╗██║  ██║██║  ██║██║ ╚═╝ ██║███████║╚██████╗██║  ██║██║ ╚████║`,
+        `╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝`,
+    ];
+    console.log("");
+    lines.forEach((line, i) => {
+        const shade = i % 2 === 0 ? exports.theme.brightWhite : exports.theme.dim;
+        console.log(`  ${shade(line)}`);
+    });
+    console.log("");
+}
+// ─── Dashboard Info ────────────────────────────────────────────────
+function printInfo() {
+    console.log(`  ${exports.theme.dim("───────────────────────────────────────────────────────")}`);
+    console.log(`  ${exports.theme.brightWhite(" KramScan")} ${exports.theme.gray(`v${exports.CLI_VERSION}`)}  ${exports.theme.dim("|")}  ${exports.theme.cyan("AI-Powered Web Security Scanner")}`);
+    console.log(`  ${exports.theme.dim("───────────────────────────────────────────────────────")}`);
+    console.log("");
+    console.log(`  ${exports.theme.brightYellow("Tips for getting started:")}`);
+    console.log(`  ${exports.theme.white("1.")} ${exports.theme.gray("Run")} ${exports.theme.cyan("kramscan onboard")} ${exports.theme.gray("to configure your API keys.")}`);
+    console.log(`  ${exports.theme.white("2.")} ${exports.theme.gray("Run")} ${exports.theme.cyan("kramscan scan <url>")} ${exports.theme.gray("to scan a target.")}`);
+    console.log(`  ${exports.theme.white("3.")} ${exports.theme.gray("Run")} ${exports.theme.cyan("kramscan --help")} ${exports.theme.gray("for all commands.")}`);
+    console.log("");
+}
+// ─── Severity Color Helper ─────────────────────────────────────────
+function getSeverityColor(severity) {
+    const s = severity.toLowerCase();
+    if (s === "critical")
+        return exports.theme.critical;
+    if (s === "high")
+        return exports.theme.high;
+    if (s === "medium")
+        return exports.theme.medium;
+    if (s === "low")
+        return exports.theme.low;
+    return exports.theme.infoSeverity;
+}
+// ─── Scan Summary Display ──────────────────────────────────────────
+function displayScanSummary(result) {
+    const { target, duration, metadata, summary, vulnerabilities, filepath, pdfPath } = result;
+    // Scan Summary
+    console.log("");
+    console.log(exports.theme.brightWhite.bold("📊 Scan Summary"));
+    console.log(exports.theme.gray("─".repeat(50)));
+    console.log("");
+    console.log(exports.theme.white("Target:"), exports.theme.cyan(target));
+    console.log(exports.theme.white("Duration:"), exports.theme.cyan(`${(duration / 1000).toFixed(2)}s`));
+    console.log(exports.theme.white("URLs Crawled:"), exports.theme.cyan(metadata.crawledUrls));
+    console.log(exports.theme.white("Forms Tested:"), exports.theme.cyan(metadata.testedForms));
+    console.log(exports.theme.white("Requests Made:"), exports.theme.cyan(metadata.requestsMade));
+    console.log("");
+    // Vulnerability summary
+    console.log(exports.theme.brightWhite.bold("🛡️  Vulnerabilities Found"));
+    console.log(exports.theme.gray("─".repeat(50)));
+    console.log("");
+    if (summary.total === 0) {
+        console.log(exports.theme.success("✓ No vulnerabilities found!"));
+    }
+    else {
+        if (summary.critical > 0)
+            console.log(exports.theme.critical(`  ${summary.critical} Critical`), exports.theme.gray("- Immediate action required"));
+        if (summary.high > 0)
+            console.log(exports.theme.high(`  ${summary.high} High`), exports.theme.gray("- Should be fixed soon"));
+        if (summary.medium > 0)
+            console.log(exports.theme.medium(`  ${summary.medium} Medium`), exports.theme.gray("- Fix when possible"));
+        if (summary.low > 0)
+            console.log(exports.theme.low(`  ${summary.low} Low`), exports.theme.gray("- Minor issues"));
+        if (summary.info > 0)
+            console.log(exports.theme.infoSeverity(`  ${summary.info} Info`), exports.theme.gray("- Informational"));
+    }
+    console.log("");
+    console.log(exports.theme.gray("Results saved to:"), exports.theme.white(filepath));
+    if (pdfPath) {
+        console.log(exports.theme.gray("PDF report saved to:"), exports.theme.white(pdfPath));
+    }
+    console.log("");
+    // Show top vulnerabilities
+    if (vulnerabilities.length > 0) {
+        console.log(exports.theme.brightWhite.bold("🔴 Top Findings"));
+        console.log(exports.theme.gray("─".repeat(50)));
+        console.log("");
+        const topVulns = vulnerabilities
+            .sort((a, b) => {
+            const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+            return severityOrder[a.severity] - severityOrder[b.severity];
+        })
+            .slice(0, 5);
+        for (const vuln of topVulns) {
+            const severityColor = getSeverityColor(vuln.severity);
+            console.log(severityColor(`[${vuln.severity.toUpperCase()}]`), exports.theme.brightWhite.bold(vuln.title));
+            console.log(exports.theme.gray(`  ${vuln.url}`));
+            console.log(exports.theme.white(`  ${vuln.description}`));
+            console.log("");
+        }
+        if (vulnerabilities.length > 5) {
+            console.log(exports.theme.gray(`  ... and ${vulnerabilities.length - 5} more`));
+            console.log("");
+        }
+    }
+    console.log(exports.theme.cyan("💡 Next steps:"));
+    console.log(exports.theme.white(`  1. Run ${exports.theme.cyan(`kramscan analyze ${filepath}`)} for AI-powered insights`));
+    console.log(exports.theme.white("  2. PDF report is generated automatically after the scan"));
+    console.log("");
+}
+exports.default = exports.theme;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kramscan",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "KramScan CLI — AI-powered web app security testing",
   "author": "Akram Shaikh <akramshaikh.me>",
   "license": "MIT",
@@ -15,12 +15,12 @@
   ],
   "repository": {
     "type": "git",
-    "url": "https://github.com/akramshaikh/kramscan.git"
+    "url": "https://github.com/shaikhakramshakil/kramscan.git"
   },
   "bugs": {
-    "url": "https://github.com/akramshaikh/kramscan/issues"
+    "url": "https://github.com/shaikhakramshakil/kramscan/issues"
   },
-  "homepage": "https://github.com/akramshaikh/kramscan#readme",
+  "homepage": "https://github.com/shaikhakramshakil/kramscan#readme",
   "files": [
     "dist",
     "bin",
@@ -38,10 +38,19 @@
   "scripts": {
     "build": "tsc -p tsconfig.json",
     "dev": "node dist/index.js",
-    "start": "node dist/index.js"
+    "start": "node dist/index.js",
+    "clean": "rimraf dist",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "prepublishOnly": "npm run clean && npm run build"
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.31.0",
+    "@google/generative-ai": "^0.24.1",
+    "@mistralai/mistralai": "^1.14.0",
     "axios": "^1.6.8",
     "chalk": "^5.6.2",
     "commander": "^12.1.0",
@@ -49,14 +58,26 @@
     "docx": "^9.5.1",
     "inquirer": "^9.2.12",
     "js-yaml": "^4.1.0",
+    "keytar": "^7.9.0",
     "openai": "^4.104.0",
     "ora": "^8.2.0",
-    "puppeteer": "^22.15.0"
+    "puppeteer": "^22.15.0",
+    "uuid": "^9.0.1"
   },
   "devDependencies": {
     "@types/inquirer": "^9.0.9",
+    "@types/jest": "^29.5.12",
     "@types/js-yaml": "^4.0.9",
+    "@types/keytar": "^4.4.2",
     "@types/node": "^20.12.8",
+    "@types/uuid": "^9.0.8",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
+    "eslint": "^8.57.0",
+    "jest": "^29.7.0",
+    "prettier": "^3.2.0",
+    "rimraf": "^5.0.0",
+    "ts-jest": "^29.1.2",
     "typescript": "^5.4.5"
   }
 }

package/dist/core/executor.d.ts

@@ -1,2 +0,0 @@
-import { ScanOptions, ScanResult } from "./types";
-export declare function executeScan(targetUrl: string, options: ScanOptions): Promise<ScanResult>;

package/dist/core/executor.js

@@ -1,74 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.executeScan = executeScan;
-const scanner_1 = require("./scanner");
-const builtin_1 = require("../skills/builtin");
-const registry_1 = require("./registry");
-const logger_1 = require("./logger");
-async function executeScan(targetUrl, options) {
-    const logger = (0, logger_1.createLogger)();
-    const startedAt = new Date().toISOString();
-    const skills = (0, registry_1.listSkills)();
-    const selectedSkills = skills
-        .map((skill) => skill.id)
-        .filter((skillId) => {
-        if (options.skills && options.skills.length > 0) {
-            return options.skills.includes(skillId);
-        }
-        return true;
-    })
-        .filter((skillId) => {
-        if (options.excludeSkills && options.excludeSkills.length > 0) {
-            return !options.excludeSkills.includes(skillId);
-        }
-        return true;
-    });
-    const scanner = await (0, scanner_1.createScannerClient)({
-        userAgent: "OpenScan/0.1.0",
-        timeoutSeconds: options.timeoutSeconds,
-        proxy: options.proxy,
-        verifySSL: true,
-        followRedirects: true,
-        enableBrowser: options.deep
-    });
-    const findings = [];
-    for (const skillId of selectedSkills) {
-        const runner = builtin_1.builtinSkillRunners[skillId];
-        if (!runner) {
-            logger.warn(`No runner available for skill ${skillId}.`);
-            continue;
-        }
-        try {
-            const result = await runner({
-                targetUrl,
-                timeoutSeconds: options.timeoutSeconds,
-                logger,
-                http: {
-                    get: async (url) => {
-                        const response = await scanner.http.get(url);
-                        return {
-                            data: response.data,
-                            headers: response.headers
-                        };
-                    }
-                }
-            });
-            findings.push(...result.findings);
-        }
-        catch (error) {
-            logger.error(`Skill ${skillId} failed: ${error.message}`);
-        }
-    }
-    await scanner.close();
-    const finishedAt = new Date().toISOString();
-    const result = {
-        id: `scan-${Date.now()}`,
-        startedAt,
-        finishedAt,
-        target: { url: targetUrl },
-        options,
-        skillsRun: selectedSkills,
-        findings
-    };
-    return result;
-}

package/dist/core/logger.d.ts

@@ -1,12 +0,0 @@
-export interface Logger {
-    info(message: string): void;
-    warn(message: string): void;
-    error(message: string): void;
-    success(message: string): void;
-    spinner(message: string): {
-        stop: () => void;
-        succeed: (msg?: string) => void;
-        fail: (msg?: string) => void;
-    };
-}
-export declare function createLogger(): Logger;

package/dist/core/logger.js

@@ -1,51 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createLogger = createLogger;
-// ANSI color helpers (replaces ESM-only chalk)
-const c = {
-    reset: "\x1b[0m",
-    cyan: "\x1b[36m",
-    yellow: "\x1b[33m",
-    red: "\x1b[31m",
-    green: "\x1b[32m",
-    gray: "\x1b[90m",
-    bold: "\x1b[1m",
-};
-function createLogger() {
-    return {
-        info(message) {
-            console.log(`${c.cyan}ℹ ${message}${c.reset}`);
-        },
-        warn(message) {
-            console.log(`${c.yellow}⚠ ${message}${c.reset}`);
-        },
-        error(message) {
-            console.error(`${c.red}✖ ${message}${c.reset}`);
-        },
-        success(message) {
-            console.log(`${c.green}✔ ${message}${c.reset}`);
-        },
-        spinner(message) {
-            const frames = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
-            let i = 0;
-            const id = setInterval(() => {
-                process.stdout.write(`\r${c.cyan}${frames[i % frames.length]}${c.reset} ${message}`);
-                i++;
-            }, 80);
-            return {
-                stop() {
-                    clearInterval(id);
-                    process.stdout.write("\r\x1b[K"); // Clear line
-                },
-                succeed(msg) {
-                    clearInterval(id);
-                    console.log(`\r${c.green}✔${c.reset} ${msg || message}`);
-                },
-                fail(msg) {
-                    clearInterval(id);
-                    console.log(`\r${c.red}✖${c.reset} ${msg || message}`);
-                },
-            };
-        },
-    };
-}

package/dist/core/registry.d.ts

@@ -1,3 +0,0 @@
-import { SkillMetadata } from "../skills/types";
-export declare function listSkills(): SkillMetadata[];
-export declare function getSkillMetadata(skillId: string): SkillMetadata | undefined;

package/dist/core/registry.js

@@ -1,35 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.listSkills = listSkills;
-exports.getSkillMetadata = getSkillMetadata;
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const loader_1 = require("../skills/loader");
-function getSkillsRoot() {
-    return path_1.default.resolve(process.cwd(), "skills");
-}
-function listSkills() {
-    const skillsRoot = getSkillsRoot();
-    if (!fs_1.default.existsSync(skillsRoot)) {
-        return [];
-    }
-    const entries = fs_1.default.readdirSync(skillsRoot, { withFileTypes: true });
-    const skills = [];
-    for (const entry of entries) {
-        if (!entry.isDirectory()) {
-            continue;
-        }
-        const skillDir = path_1.default.join(skillsRoot, entry.name);
-        const meta = (0, loader_1.loadSkillMetadata)(skillDir);
-        if (meta) {
-            skills.push(meta);
-        }
-    }
-    return skills;
-}
-function getSkillMetadata(skillId) {
-    return listSkills().find((skill) => skill.id === skillId);
-}

package/dist/core/storage.d.ts

@@ -1,4 +0,0 @@
-import { ScanResult } from "./types";
-export declare function saveScanResult(result: ScanResult): string;
-export declare function loadLastScanResult(): ScanResult | null;
-export declare function loadScanResultFromFile(filePath: string): ScanResult;

package/dist/core/storage.js

@@ -1,39 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.saveScanResult = saveScanResult;
-exports.loadLastScanResult = loadLastScanResult;
-exports.loadScanResultFromFile = loadScanResultFromFile;
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const os_1 = __importDefault(require("os"));
-const ROOT_DIR = path_1.default.join(os_1.default.homedir(), ".openscan");
-const SCANS_DIR = path_1.default.join(ROOT_DIR, "scans");
-const LAST_SCAN_PATH = path_1.default.join(SCANS_DIR, "last.json");
-function ensureDir(dirPath) {
-    if (!fs_1.default.existsSync(dirPath)) {
-        fs_1.default.mkdirSync(dirPath, { recursive: true });
-    }
-}
-function saveScanResult(result) {
-    ensureDir(SCANS_DIR);
-    const filename = `${result.id}.json`;
-    const filePath = path_1.default.join(SCANS_DIR, filename);
-    const payload = JSON.stringify(result, null, 2);
-    fs_1.default.writeFileSync(filePath, payload, "utf-8");
-    fs_1.default.writeFileSync(LAST_SCAN_PATH, payload, "utf-8");
-    return filePath;
-}
-function loadLastScanResult() {
-    if (!fs_1.default.existsSync(LAST_SCAN_PATH)) {
-        return null;
-    }
-    const raw = fs_1.default.readFileSync(LAST_SCAN_PATH, "utf-8");
-    return JSON.parse(raw);
-}
-function loadScanResultFromFile(filePath) {
-    const raw = fs_1.default.readFileSync(filePath, "utf-8");
-    return JSON.parse(raw);
-}

package/dist/core/types.d.ts

@@ -1,24 +0,0 @@
-import { Finding } from "../skills/types";
-export interface ScanTarget {
-    url: string;
-}
-export interface ScanOptions {
-    deep: boolean;
-    timeoutSeconds: number;
-    threads: number;
-    skills?: string[];
-    excludeSkills?: string[];
-    proxy?: string;
-    aiEnabled?: boolean;
-    aiModel?: string;
-}
-export interface ScanResult {
-    id: string;
-    startedAt: string;
-    finishedAt: string;
-    target: ScanTarget;
-    options: ScanOptions;
-    skillsRun: string[];
-    findings: Finding[];
-    aiSummary?: string;
-}

package/dist/core/types.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/skills/base.d.ts

@@ -1,8 +0,0 @@
-import { Skill, SkillContext, SkillResult } from "./types";
-export declare abstract class BaseSkill implements Skill {
-    abstract id: string;
-    abstract name: string;
-    abstract description: string;
-    abstract tags: string[];
-    abstract run(context: SkillContext): Promise<SkillResult>;
-}

package/dist/skills/base.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.BaseSkill = void 0;
-class BaseSkill {
-}
-exports.BaseSkill = BaseSkill;

package/dist/skills/builtin.d.ts

@@ -1,4 +0,0 @@
-import { SkillContext, SkillResult } from "./types";
-type SkillRunner = (context: SkillContext) => Promise<SkillResult>;
-export declare const builtinSkillRunners: Record<string, SkillRunner>;
-export {};

package/dist/skills/builtin.js

@@ -1,71 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.builtinSkillRunners = void 0;
-async function runHeadersSkill(context) {
-    const response = await context.http.get(context.targetUrl);
-    const headers = {};
-    for (const [key, value] of Object.entries(response.headers)) {
-        headers[key.toLowerCase()] = Array.isArray(value) ? value.join(", ") : String(value);
-    }
-    const checks = [
-        {
-            key: "strict-transport-security",
-            title: "Missing HSTS header",
-            recommendation: "Enable Strict-Transport-Security with a long max-age and includeSubDomains."
-        },
-        {
-            key: "content-security-policy",
-            title: "Missing Content-Security-Policy header",
-            recommendation: "Define a CSP to restrict scripts, styles, and frames."
-        },
-        {
-            key: "x-frame-options",
-            title: "Missing X-Frame-Options header",
-            recommendation: "Set X-Frame-Options to DENY or SAMEORIGIN."
-        },
-        {
-            key: "x-content-type-options",
-            title: "Missing X-Content-Type-Options header",
-            recommendation: "Set X-Content-Type-Options to nosniff."
-        },
-        {
-            key: "referrer-policy",
-            title: "Missing Referrer-Policy header",
-            recommendation: "Set Referrer-Policy to strict-origin-when-cross-origin or similar."
-        },
-        {
-            key: "permissions-policy",
-            title: "Missing Permissions-Policy header",
-            recommendation: "Set Permissions-Policy to restrict sensitive browser APIs."
-        }
-    ];
-    const findings = checks
-        .filter((check) => !headers[check.key])
-        .map((check) => ({
-        id: `headers-${check.key}`,
-        skillId: "headers",
-        title: check.title,
-        severity: "low",
-        description: `The response did not include the ${check.key} header.`,
-        recommendation: check.recommendation
-    }));
-    return {
-        skillId: "headers",
-        findings
-    };
-}
-async function runPlaceholderSkill(skillId, context) {
-    context.logger.warn(`${skillId} is not implemented yet. Returning no findings.`);
-    return {
-        skillId,
-        findings: []
-    };
-}
-exports.builtinSkillRunners = {
-    headers: runHeadersSkill,
-    sqli: (context) => runPlaceholderSkill("sqli", context),
-    xss: (context) => runPlaceholderSkill("xss", context),
-    csrf: (context) => runPlaceholderSkill("csrf", context),
-    idor: (context) => runPlaceholderSkill("idor", context),
-    jwt: (context) => runPlaceholderSkill("jwt", context)
-};

package/dist/skills/loader.d.ts

@@ -1,2 +0,0 @@
-import { SkillMetadata } from "./types";
-export declare function loadSkillMetadata(skillDir: string): SkillMetadata | null;

package/dist/skills/loader.js

@@ -1,27 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.loadSkillMetadata = loadSkillMetadata;
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const js_yaml_1 = __importDefault(require("js-yaml"));
-function loadSkillMetadata(skillDir) {
-    const skillPath = path_1.default.join(skillDir, "skill.yaml");
-    if (!fs_1.default.existsSync(skillPath)) {
-        return null;
-    }
-    const raw = fs_1.default.readFileSync(skillPath, "utf-8");
-    const doc = js_yaml_1.default.load(raw);
-    if (!doc || !doc.id || !doc.name) {
-        return null;
-    }
-    return {
-        id: doc.id,
-        name: doc.name,
-        description: doc.description ?? "",
-        tags: doc.tags ?? [],
-        category: doc.category
-    };
-}