moyan-security-audit 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Moyan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,113 @@
+# moyan-security-audit
+
+Agent-native security audit SDK for Node.js — send source code to the Moyan audit engine and receive structured vulnerability reports with PMI trust scoring.
+
+## Installation
+
+```bash
+npm install moyan-security-audit
+```
+
+## Prerequisites
+
+Set your API key via one of:
+
+1. Environment variable:
+   ```bash
+   export MOYAN_API_KEY="your-api-key"
+   ```
+2. Config file `~/.moyan/config.json`:
+   ```json
+   { "apiKey": "your-api-key" }
+   ```
+
+If neither is set, the SDK throws a descriptive error.
+
+## Usage
+
+### CommonJS
+
+```js
+const { audit } = require('moyan-security-audit');
+
+async function main() {
+  const result = await audit({
+    code: 'SELECT * FROM users WHERE id = ' + userId,
+    language: 'sql',
+    auditLevel: 'L2',
+    timeout: 30000,
+    retries: 2,
+  });
+
+  console.log(`PMI Score: ${result.pmi_score}`);
+  console.log(`Severity: ${result.severity}`);
+  console.log(`Violations: ${result.violations.length}`);
+  console.log(`Recommendation: ${result.recommendation}`);
+}
+
+main();
+```
+
+### ESM / TypeScript
+
+```ts
+import { audit, AuditOptions, AuditResult } from 'moyan-security-audit';
+
+const opts: AuditOptions = {
+  code: `const query = "SELECT * FROM users WHERE id = " + userId;`,
+  language: 'javascript',
+  auditLevel: 'L1',
+};
+
+const result: AuditResult = await audit(opts);
+console.log(result);
+```
+
+## API Reference
+
+### `audit(options: AuditOptions): Promise<AuditResult>`
+
+| Parameter | Type | Required | Default | Description |
+|---|---|---|---|---|
+| `code` | `string` | Yes | — | Source code to audit |
+| `language` | `AuditLanguage` | Yes | — | One of: sql, python, javascript, typescript, java, go, rust, solidity |
+| `auditLevel` | `AuditLevel` | No | `'L1'` | L1 (quick scan), L2 (deep analysis), L3 (full audit) |
+| `timeout` | `number` | No | `30000` | Request timeout in ms |
+| `retries` | `number` | No | `2` | Retry count with exponential backoff (1s, 2s, 4s, ...) |
+
+### AuditResult
+
+| Field | Type | Description |
+|---|---|---|
+| `audit_id` | `string` | Unique identifier for this audit run |
+| `pmi_score` | `number` | PMI trust score (0-100) |
+| `severity` | `'pass' \| 'warn' \| 'fail'` | Overall verdict |
+| `violations` | `AuditViolation[]` | Detected rule violations |
+| `recommendation` | `string` | High-level remediation guidance |
+
+### AuditViolation
+
+| Field | Type | Description |
+|---|---|---|
+| `rule_id` | `string` | Rule identifier (e.g. SQLI-001) |
+| `severity` | `'critical' \| 'high' \| 'medium' \| 'low' \| 'info'` | Violation severity |
+| `message` | `string` | Human-readable description |
+| `line` | `number` | Source line number (1-based) |
+| `snippet` | `string` | Violating code snippet |
+| `fix` | `string` | Suggested remediation |
+
+## API Endpoint
+
+All audit requests are sent to:
+
+```
+POST https://sixu-ai.net.cn/api/v1/audit
+Authorization: Bearer <MOYAN_API_KEY>
+Content-Type: application/json
+
+{ "code": "...", "language": "sql", "audit_level": "L2" }
+```
+
+## License
+
+MIT

package/dist/audit.d.ts

@@ -0,0 +1,2 @@
+import type { AuditOptions, AuditResult } from './types';
+export declare function audit(options: AuditOptions): Promise<AuditResult>;

package/dist/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AA2BzD;;;;GAIG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CA+DvE"}

package/dist/audit.js

@@ -0,0 +1,77 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.audit = audit;
+const axios_1 = __importDefault(require("axios"));
+const zod_1 = require("zod");
+const config_1 = require("./config");
+const utils_1 = require("./utils");
+const API_BASE = 'https://sixu-ai.net.cn/api/v1/audit';
+const optionsSchema = zod_1.z.object({
+    code: zod_1.z.string().min(1, 'code must be non-empty'),
+    language: zod_1.z.enum(['sql', 'python', 'javascript', 'typescript', 'java', 'go', 'rust', 'solidity']),
+    auditLevel: zod_1.z.enum(['L1', 'L2', 'L3']).optional().default('L1'),
+    timeout: zod_1.z.number().int().positive().optional().default(30000),
+    retries: zod_1.z.number().int().min(0).max(5).optional().default(2),
+});
+function toAuditResult(raw) {
+    return {
+        audit_id: String(raw.audit_id ?? ''),
+        pmi_score: Number(raw.pmi_score ?? 0),
+        severity: (['pass', 'warn', 'fail'].includes(String(raw.severity)) ? String(raw.severity) : 'warn'),
+        violations: Array.isArray(raw.violations)
+            ? raw.violations.map((v) => ({
+                rule_id: String(v.rule_id ?? ''),
+                severity: (['critical', 'high', 'medium', 'low', 'info'].includes(String(v.severity)) ? String(v.severity) : 'info'),
+                message: String(v.message ?? ''),
+                line: Number(v.line ?? 0),
+                snippet: String(v.snippet ?? ''),
+                fix: String(v.fix ?? ''),
+            }))
+            : [],
+        recommendation: String(raw.recommendation ?? ''),
+    };
+}
+async function audit(options) {
+    const opts = optionsSchema.parse(options);
+    const apiKey = (0, config_1.getApiKey)();
+    const maxRetries = opts.retries;
+    let lastError = null;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            const response = await axios_1.default.post(API_BASE, {
+                code: opts.code,
+                language: opts.language,
+                audit_level: opts.auditLevel,
+            }, {
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${apiKey}`,
+                },
+                timeout: opts.timeout,
+            });
+            return toAuditResult(response.data);
+        }
+        catch (err) {
+            lastError = err instanceof Error ? err : new Error(String(err));
+            if (attempt < maxRetries) {
+                const backoffMs = Math.pow(2, attempt) * 1000; // 1s, 2s, 4s...
+                await (0, utils_1.sleep)(backoffMs);
+                continue;
+            }
+            if (axios_1.default.isAxiosError(err)) {
+                if (err.code === 'ECONNABORTED') {
+                    throw new Error(`Audit request timed out after ${opts.timeout}ms.`);
+                }
+                if (err.response) {
+                    throw new Error(`Audit API returned status ${err.response.status}: ${JSON.stringify(err.response.data)}`);
+                }
+                throw new Error(`Network error contacting audit API: ${err.message}`);
+            }
+            throw lastError;
+        }
+    }
+    throw lastError ?? new Error('Audit failed after retries.');
+}

package/dist/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,sBA+DC;AAnGD,+CAA0C;AAC1C,6BAAwB;AACxB,qCAAqD;AACrD,mCAAiD;AAGjD,4CAA4C;AAE5C,MAAM,mBAAmB,GAAG,OAAC,CAAC,IAAI,CAAC;IACjC,KAAK;IACL,QAAQ;IACR,YAAY;IACZ,YAAY;IACZ,MAAM;IACN,IAAI;IACJ,MAAM;IACN,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAEpD,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACjD,QAAQ,EAAE,mBAAmB;IAC7B,UAAU,EAAE,gBAAgB,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACrD,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9D,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;CACvD,CAAC,CAAC;AAEH,gCAAgC;AAEhC;;;;GAIG;AACI,KAAK,UAAU,KAAK,CAAC,OAAqB;IAC/C,OAAO;IACP,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;IAE3B,MAAM,WAAW,GAAG,KAAK,IAA0B,EAAE;QACnD,MAAM,cAAc,GAAG,eAAK,CAAC,IAAI,CAC/B,uBAAc,EACd;YACE,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,UAAU;SAC/B,EACD;YACE,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;SACF,CACF,CAAC;QAEF,MAAM;QACN,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAW,EAAC,cAAc,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnE,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,iBAAS,EAAC,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,sBAAsB;QACtB,IAAI,GAAG,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM;iBACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;iBAC/C,IAAI,CAAC,IAAI,CAAC,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,GAAG,YAAY,kBAAU,EAAE,CAAC;YAC9B,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,+BAA+B,uBAAc,YAAY,CAAC,CAAC;YAC7E,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,IAAI,KAAK,CACb,cAAc,MAAM,MAAM,IAAI,gBAAgB,uBAAc,SAAS,CACtE,CAAC;YACJ,CAAC;YACD,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,kCAAkC,uBAAc,kCAAkC,CACnF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnD,CAAC;AACH,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1 @@
+export declare function getApiKey(): string;

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAwBlC;AAED,eAAO,MAAM,cAAc,wCAAwC,CAAC"}

package/dist/config.js

@@ -0,0 +1,56 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getApiKey = getApiKey;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+function getApiKey() {
+    const envKey = process.env.MOYAN_API_KEY;
+    if (envKey && envKey.trim().length > 0)
+        return envKey.trim();
+    const configPath = path.join(os.homedir(), '.moyan', 'config.json');
+    try {
+        if (fs.existsSync(configPath)) {
+            const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+            if (config.apiKey && typeof config.apiKey === 'string' && config.apiKey.trim().length > 0) {
+                return config.apiKey.trim();
+            }
+        }
+    }
+    catch { /* fall through */ }
+    throw new Error('MOYAN_API_KEY not found. Set the MOYAN_API_KEY environment variable or create ' +
+        configPath + ' with {"apiKey": "your-key"}.');
+}

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,8BAwBC;AAjCD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAEzB;;;;GAIG;AACH,SAAgB,SAAS;IACvB,YAAY;IACZ,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACzC,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAED,YAAY;IACZ,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;IACpE,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,MAAM,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACtF,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAC;AACJ,CAAC;AAEY,QAAA,cAAc,GAAG,qCAAqC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export { audit } from './audit';
+export * from './types';

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAChC,cAAc,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.audit = void 0;
+var audit_1 = require("./audit");
+Object.defineProperty(exports, "audit", { enumerable: true, get: function () { return audit_1.audit; } });
+__exportStar(require("./types"), exports);

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,iCAAgC;AAAvB,8FAAA,KAAK,OAAA;AACd,0CAAwB"}

package/dist/types.d.ts

@@ -0,0 +1,24 @@
+export type AuditLanguage = 'sql' | 'python' | 'javascript' | 'typescript' | 'java' | 'go' | 'rust' | 'solidity';
+export type AuditLevel = 'L1' | 'L2' | 'L3';
+export interface AuditOptions {
+    code: string;
+    language: AuditLanguage;
+    auditLevel?: AuditLevel;
+    timeout?: number;
+    retries?: number;
+}
+export interface AuditViolation {
+    rule_id: string;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    message: string;
+    line: number;
+    snippet: string;
+    fix: string;
+}
+export interface AuditResult {
+    audit_id: string;
+    pmi_score: number;
+    severity: 'pass' | 'warn' | 'fail';
+    violations: AuditViolation[];
+    recommendation: string;
+}

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GACrB,KAAK,GACL,QAAQ,GACR,YAAY,GACZ,YAAY,GACZ,MAAM,GACN,IAAI,GACJ,MAAM,GACN,UAAU,CAAC;AAEf,MAAM,MAAM,UAAU,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAE5C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,aAAa,CAAC;IACxB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACnC,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/utils.d.ts

@@ -0,0 +1 @@
+export declare function sleep(ms: number): Promise<void>;

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAkBjF;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,CAAC,EAC/B,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,CAAC,CAAC,CAiBZ"}

package/dist/utils.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sleep = sleep;
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;AAGA,sBAGC;AAKD,kCAkBC;AAKD,8BAoBC;AAtDD;;GAEG;AACH,SAAgB,KAAK,CAAC,OAAe;IACnC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;IACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAI,OAAmB,EAAE,SAAiB;IACnE,IAAI,SAAS,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IAEnC,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,SAAS,IAAI,CAAC,CAAC,CAAC;QAC9D,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,OAAO;aACJ,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,SAAS,CAC7B,EAAoB,EACpB,UAAkB;IAElB,IAAI,SAA4B,CAAC;IAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAEhE,aAAa;YACb,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;AAC7D,CAAC"}

package/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "moyan-security-audit",
+  "version": "1.0.0",
+  "description": "Agent-native security audit SDK — audit(code, language, auditLevel) → { audit_id, pmi_score, severity, violations, recommendation }",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": ["dist/"],
+  "scripts": {
+    "build": "tsc",
+    "test": "jest",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": ["security","audit","code-review","agent","sql-injection","sast","moyan","sixu"],
+  "license": "MIT",
+  "author": "Sixu AI",
+  "repository": { "type": "git", "url": "https://github.com/sixu-ai/moyan-security-audit-js" },
+  "dependencies": { "axios": "^1.7.0", "zod": "^3.23.0" },
+  "devDependencies": { "typescript": "^5.5.0", "@types/node": "^20.0.0", "jest": "^29.0.0", "ts-jest": "^29.0.0", "@types/jest": "^29.0.0" }
+}