npm - opena2a-cli - Versions diffs - 0.1.0 → 0.1.2 - Mend

opena2a-cli 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/README.md +280 -0
package/dist/adapters/registry.js +1 -1
package/dist/adapters/registry.js.map +1 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +78 -3
package/dist/commands/init.js.map +1 -1
package/dist/commands/protect.d.ts +2 -0
package/dist/commands/protect.d.ts.map +1 -1
package/dist/commands/protect.js +56 -10
package/dist/commands/protect.js.map +1 -1
package/dist/commands/runtime.d.ts +1 -1
package/dist/commands/runtime.js +5 -5
package/dist/commands/runtime.js.map +1 -1
package/dist/commands/self-register.js +6 -6
package/dist/commands/self-register.js.map +1 -1
package/dist/commands/shield.d.ts +36 -0
package/dist/commands/shield.d.ts.map +1 -0
package/dist/commands/shield.js +834 -0
package/dist/commands/shield.js.map +1 -0
package/dist/commands/verify.js +1 -1
package/dist/commands/verify.js.map +1 -1
package/dist/index.js +29 -0
package/dist/index.js.map +1 -1
package/dist/shield/detect.d.ts +18 -0
package/dist/shield/detect.d.ts.map +1 -0
package/dist/shield/detect.js +402 -0
package/dist/shield/detect.js.map +1 -0
package/dist/shield/events.d.ts +65 -0
package/dist/shield/events.d.ts.map +1 -0
package/dist/shield/events.js +342 -0
package/dist/shield/events.js.map +1 -0
package/dist/shield/init.d.ts +22 -0
package/dist/shield/init.d.ts.map +1 -0
package/dist/shield/init.js +290 -0
package/dist/shield/init.js.map +1 -0
package/dist/shield/integrity.d.ts +75 -0
package/dist/shield/integrity.d.ts.map +1 -0
package/dist/shield/integrity.js +435 -0
package/dist/shield/integrity.js.map +1 -0
package/dist/shield/llm-backend.d.ts +36 -0
package/dist/shield/llm-backend.d.ts.map +1 -0
package/dist/shield/llm-backend.js +145 -0
package/dist/shield/llm-backend.js.map +1 -0
package/dist/shield/llm.d.ts +116 -0
package/dist/shield/llm.d.ts.map +1 -0
package/dist/shield/llm.js +536 -0
package/dist/shield/llm.js.map +1 -0
package/dist/shield/policy.d.ts +70 -0
package/dist/shield/policy.d.ts.map +1 -0
package/dist/shield/policy.js +399 -0
package/dist/shield/policy.js.map +1 -0
package/dist/shield/session.d.ts +63 -0
package/dist/shield/session.d.ts.map +1 -0
package/dist/shield/session.js +242 -0
package/dist/shield/session.js.map +1 -0
package/dist/shield/signing.d.ts +41 -0
package/dist/shield/signing.d.ts.map +1 -0
package/dist/shield/signing.js +161 -0
package/dist/shield/signing.js.map +1 -0
package/dist/shield/status.d.ts +4 -0
package/dist/shield/status.d.ts.map +1 -0
package/dist/shield/status.js +241 -0
package/dist/shield/status.js.map +1 -0
package/dist/shield/types.d.ts +398 -0
package/dist/shield/types.d.ts.map +1 -0
package/dist/shield/types.js +31 -0
package/dist/shield/types.js.map +1 -0
package/dist/util/drift-liveness.d.ts +37 -0
package/dist/util/drift-liveness.d.ts.map +1 -0
package/dist/util/drift-liveness.js +114 -0
package/dist/util/drift-liveness.js.map +1 -0
package/dist/util/drift-verification.d.ts +60 -0
package/dist/util/drift-verification.d.ts.map +1 -0
package/dist/util/drift-verification.js +457 -0
package/dist/util/drift-verification.js.map +1 -0
package/package.json +4 -2

package/dist/shield/types.js ADDED Viewed

@@ -0,0 +1,31 @@
+"use strict";
+// Shield: Unified Developer Workstation Security Orchestration
+// All TypeScript interfaces for the Shield module.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EVALUATE_BUDGET_MS = exports.SESSION_TIMEOUT_MS = exports.LEARN_PHASE_MIN_SESSIONS = exports.LEARN_PHASE_MIN_ACTIONS = exports.STABILITY_WINDOW_SESSIONS = exports.STABILITY_THRESHOLD = exports.MAX_EVENTS_FILE_SIZE = exports.LLM_CACHE_TTL_TRIAGE = exports.LLM_CACHE_TTL_NARRATIVE = exports.LLM_CACHE_TTL_ANOMALY = exports.LLM_CACHE_TTL_POLICY = exports.SHIELD_LLM_CACHE_FILE = exports.SHIELD_REPORTS_DIR = exports.SHIELD_BASELINES_DIR = exports.SHIELD_CONFIG_FILE = exports.SHIELD_SCAN_FILE = exports.SHIELD_POLICY_CACHE = exports.SHIELD_POLICY_FILE = exports.SHIELD_EVENTS_FILE = exports.SHIELD_SIGNATURES_FILE = exports.SHIELD_DIR = void 0;
+// --- Constants ---
+exports.SHIELD_DIR = '.opena2a/shield';
+exports.SHIELD_SIGNATURES_FILE = 'signatures.json';
+exports.SHIELD_EVENTS_FILE = 'events.jsonl';
+exports.SHIELD_POLICY_FILE = 'policy.yaml';
+exports.SHIELD_POLICY_CACHE = 'policy-cache.json';
+exports.SHIELD_SCAN_FILE = 'scan.json';
+exports.SHIELD_CONFIG_FILE = 'config.json';
+exports.SHIELD_BASELINES_DIR = 'baselines';
+exports.SHIELD_REPORTS_DIR = 'reports';
+exports.SHIELD_LLM_CACHE_FILE = 'llm-cache.json';
+// LLM cache TTLs (milliseconds)
+exports.LLM_CACHE_TTL_POLICY = 24 * 60 * 60 * 1000; // 24h
+exports.LLM_CACHE_TTL_ANOMALY = 7 * 24 * 60 * 60 * 1000; // 7d
+exports.LLM_CACHE_TTL_NARRATIVE = 30 * 24 * 60 * 60 * 1000; // 30d (per report)
+exports.LLM_CACHE_TTL_TRIAGE = 60 * 60 * 1000; // 1h
+exports.MAX_EVENTS_FILE_SIZE = 10 * 1024 * 1024; // 10MB
+// Adaptive enforcement: continuous learning, not timer-based.
+// Suggestions appear when behavior stabilizes, not after a fixed period.
+exports.STABILITY_THRESHOLD = 0.8; // suggest policy when stability >= this
+exports.STABILITY_WINDOW_SESSIONS = 5; // sessions without new behavior = stable
+exports.LEARN_PHASE_MIN_ACTIONS = 50; // minimum actions before stability is checked
+exports.LEARN_PHASE_MIN_SESSIONS = 3; // minimum sessions before stability is checked
+exports.SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+exports.EVALUATE_BUDGET_MS = 50;
+//# sourceMappingURL=types.js.map

package/dist/shield/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/shield/types.ts"],"names":[],"mappings":";AAAA,+DAA+D;AAC/D,mDAAmD;;;AAgdnD,oBAAoB;AAEP,QAAA,UAAU,GAAG,iBAAiB,CAAC;AAC/B,QAAA,sBAAsB,GAAG,iBAAiB,CAAC;AAC3C,QAAA,kBAAkB,GAAG,cAAc,CAAC;AACpC,QAAA,kBAAkB,GAAG,aAAa,CAAC;AACnC,QAAA,mBAAmB,GAAG,mBAAmB,CAAC;AAC1C,QAAA,gBAAgB,GAAG,WAAW,CAAC;AAC/B,QAAA,kBAAkB,GAAG,aAAa,CAAC;AACnC,QAAA,oBAAoB,GAAG,WAAW,CAAC;AACnC,QAAA,kBAAkB,GAAG,SAAS,CAAC;AAC/B,QAAA,qBAAqB,GAAG,gBAAgB,CAAC;AAEtD,gCAAgC;AACnB,QAAA,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAM,MAAM;AACvD,QAAA,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK;AACtD,QAAA,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,mBAAmB;AACvE,QAAA,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAY,KAAK;AAEvD,QAAA,oBAAoB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAE7D,8DAA8D;AAC9D,yEAAyE;AAC5D,QAAA,mBAAmB,GAAG,GAAG,CAAC,CAAC,wCAAwC;AACnE,QAAA,yBAAyB,GAAG,CAAC,CAAC,CAAC,yCAAyC;AACxE,QAAA,uBAAuB,GAAG,EAAE,CAAC,CAAC,8CAA8C;AAC5E,QAAA,wBAAwB,GAAG,CAAC,CAAC,CAAC,+CAA+C;AAE7E,QAAA,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAClD,QAAA,kBAAkB,GAAG,EAAE,CAAC"}

package/dist/util/drift-liveness.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Drift liveness verification — confirms whether a detected credential
+ * actually grants access to AI/ML services (scope drift).
+ *
+ * DRIFT-001: Google API Key -> Gemini Generative Language API
+ * DRIFT-002: AWS Access Key -> no liveness check (requires secret key)
+ */
+export interface LivenessResult {
+    /** Whether the credential confirmed access to the AI service */
+    confirmed: boolean;
+    /** HTTP status code from the verification request */
+    statusCode?: number;
+    /** Human-readable detail (e.g., model names found) */
+    details?: string;
+    /** Error message if the check failed to complete */
+    error?: string;
+}
+/** Timeout for each liveness HTTP request (ms) */
+export declare const LIVENESS_TIMEOUT = 5000;
+/** Delay between consecutive liveness checks to avoid rate limiting (ms) */
+export declare const LIVENESS_DELAY = 500;
+/** Maximum number of liveness checks per scan run */
+export declare const MAX_LIVENESS_CHECKS = 5;
+/**
+ * Verify whether a Google API key grants access to the Gemini Generative
+ * Language API by listing available models.
+ *
+ * GET {baseUrl}/v1beta/models?key={KEY}
+ *   - 200 with model list -> confirmed (scope drift to AI)
+ *   - 401/403            -> not confirmed (key restricted)
+ *   - timeout/error      -> not confirmed (inconclusive)
+ *
+ * @param apiKey  The Google API key value
+ * @param baseUrl Override for testing (default: generativelanguage.googleapis.com)
+ */
+export declare function verifyGeminiAccess(apiKey: string, baseUrl?: string): Promise<LivenessResult>;
+//# sourceMappingURL=drift-liveness.d.ts.map

package/dist/util/drift-liveness.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"drift-liveness.d.ts","sourceRoot":"","sources":["../../src/util/drift-liveness.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,MAAM,WAAW,cAAc;IAC7B,gEAAgE;IAChE,SAAS,EAAE,OAAO,CAAC;IACnB,qDAAqD;IACrD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,kDAAkD;AAClD,eAAO,MAAM,gBAAgB,OAAO,CAAC;AAErC,4EAA4E;AAC5E,eAAO,MAAM,cAAc,MAAM,CAAC;AAElC,qDAAqD;AACrD,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAIrC;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC,CAmDzB"}

package/dist/util/drift-liveness.js ADDED Viewed

@@ -0,0 +1,114 @@
+"use strict";
+/**
+ * Drift liveness verification — confirms whether a detected credential
+ * actually grants access to AI/ML services (scope drift).
+ *
+ * DRIFT-001: Google API Key -> Gemini Generative Language API
+ * DRIFT-002: AWS Access Key -> no liveness check (requires secret key)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_LIVENESS_CHECKS = exports.LIVENESS_DELAY = exports.LIVENESS_TIMEOUT = void 0;
+exports.verifyGeminiAccess = verifyGeminiAccess;
+const https = __importStar(require("node:https"));
+const http = __importStar(require("node:http"));
+// --- Constants ---
+/** Timeout for each liveness HTTP request (ms) */
+exports.LIVENESS_TIMEOUT = 5000;
+/** Delay between consecutive liveness checks to avoid rate limiting (ms) */
+exports.LIVENESS_DELAY = 500;
+/** Maximum number of liveness checks per scan run */
+exports.MAX_LIVENESS_CHECKS = 5;
+// --- Gemini liveness ---
+/**
+ * Verify whether a Google API key grants access to the Gemini Generative
+ * Language API by listing available models.
+ *
+ * GET {baseUrl}/v1beta/models?key={KEY}
+ *   - 200 with model list -> confirmed (scope drift to AI)
+ *   - 401/403            -> not confirmed (key restricted)
+ *   - timeout/error      -> not confirmed (inconclusive)
+ *
+ * @param apiKey  The Google API key value
+ * @param baseUrl Override for testing (default: generativelanguage.googleapis.com)
+ */
+function verifyGeminiAccess(apiKey, baseUrl) {
+    const host = baseUrl ?? 'https://generativelanguage.googleapis.com';
+    const url = `${host}/v1beta/models?key=${apiKey}`;
+    return new Promise((resolve) => {
+        const transport = url.startsWith('https') ? https : http;
+        const req = transport.get(url, { timeout: exports.LIVENESS_TIMEOUT }, (res) => {
+            const chunks = [];
+            res.on('data', (chunk) => chunks.push(chunk));
+            res.on('end', () => {
+                const statusCode = res.statusCode ?? 0;
+                if (statusCode === 200) {
+                    try {
+                        const body = JSON.parse(Buffer.concat(chunks).toString('utf-8'));
+                        const models = (body.models ?? [])
+                            .slice(0, 3)
+                            .map((m) => m.name ?? 'unknown');
+                        resolve({
+                            confirmed: true,
+                            statusCode,
+                            details: `Active Gemini access: ${models.join(', ')}`,
+                        });
+                    }
+                    catch {
+                        resolve({
+                            confirmed: true,
+                            statusCode,
+                            details: 'Active Gemini access (response parsed partially)',
+                        });
+                    }
+                }
+                else {
+                    resolve({
+                        confirmed: false,
+                        statusCode,
+                    });
+                }
+            });
+        });
+        req.on('timeout', () => {
+            req.destroy();
+            resolve({ confirmed: false, error: 'Liveness check timed out' });
+        });
+        req.on('error', (err) => {
+            resolve({ confirmed: false, error: err.message });
+        });
+    });
+}
+//# sourceMappingURL=drift-liveness.js.map

package/dist/util/drift-liveness.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"drift-liveness.js","sourceRoot":"","sources":["../../src/util/drift-liveness.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CH,gDAsDC;AA/FD,kDAAoC;AACpC,gDAAkC;AAelC,oBAAoB;AAEpB,kDAAkD;AACrC,QAAA,gBAAgB,GAAG,IAAI,CAAC;AAErC,4EAA4E;AAC/D,QAAA,cAAc,GAAG,GAAG,CAAC;AAElC,qDAAqD;AACxC,QAAA,mBAAmB,GAAG,CAAC,CAAC;AAErC,0BAA0B;AAE1B;;;;;;;;;;;GAWG;AACH,SAAgB,kBAAkB,CAChC,MAAc,EACd,OAAgB;IAEhB,MAAM,IAAI,GAAG,OAAO,IAAI,2CAA2C,CAAC;IACpE,MAAM,GAAG,GAAG,GAAG,IAAI,sBAAsB,MAAM,EAAE,CAAC;IAElD,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;QAC7C,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAEzD,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wBAAgB,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YACpE,MAAM,MAAM,GAAa,EAAE,CAAC;YAE5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAEtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;gBAEvC,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,IAAI,CAAC;wBACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBACjE,MAAM,MAAM,GAAa,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;6BACzC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;6BACX,GAAG,CAAC,CAAC,CAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC;wBACtD,OAAO,CAAC;4BACN,SAAS,EAAE,IAAI;4BACf,UAAU;4BACV,OAAO,EAAE,yBAAyB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBACtD,CAAC,CAAC;oBACL,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,CAAC;4BACN,SAAS,EAAE,IAAI;4BACf,UAAU;4BACV,OAAO,EAAE,kDAAkD;yBAC5D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC;wBACN,SAAS,EAAE,KAAK;wBAChB,UAAU;qBACX,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,OAAO,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7B,OAAO,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/util/drift-verification.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * Drift liveness verification.
+ *
+ * After pattern matching detects a credential (e.g., DRIFT-001 Google API key),
+ * this module performs an actual API call to verify whether the credential has
+ * drifted capabilities (e.g., Gemini access on a Maps key).
+ *
+ * Liveness checks are opt-in, non-blocking, and timeout after 5 seconds.
+ */
+import type { CredentialMatch } from './credential-patterns.js';
+export interface LivenessResult {
+    /** Finding ID (e.g., "DRIFT-001") */
+    findingId: string;
+    /** Whether liveness verification was attempted */
+    checked: boolean;
+    /** Whether the drifted capability is confirmed live */
+    live: boolean;
+    /** Original severity before verification */
+    originalSeverity: string;
+    /** Escalated severity (if live) */
+    escalatedSeverity: string;
+    /** Human-readable detail about the verification result */
+    detail: string;
+    /** Error message if the check failed */
+    error?: string;
+}
+/**
+ * Verify whether a Google API key has active Gemini access by calling
+ * the Generative Language API's models endpoint.
+ *
+ * - 200: Key has Gemini access (drift confirmed)
+ * - 403/401/400: No Gemini access or key invalid
+ * - Network error: Inconclusive
+ */
+export declare function verifyGeminiAccess(apiKey: string): Promise<LivenessResult>;
+/**
+ * Verify whether an AWS access key is live and has Bedrock access.
+ *
+ * Step 1: STS GetCallerIdentity -- confirms key is live (always works, zero permissions needed).
+ * Step 2: If live, try ListFoundationModels to check Bedrock access.
+ *
+ * AWS SigV4 signing is done manually -- no SDK dependency.
+ * Requires the secret key to be found alongside the access key.
+ */
+export declare function verifyBedrockAccess(accessKeyId: string, secretAccessKey?: string): Promise<LivenessResult>;
+/**
+ * Run liveness verification on all DRIFT-prefixed credential matches.
+ * Returns a map of credential value -> LivenessResult.
+ *
+ * Runs checks in parallel with a concurrency limit of 3.
+ */
+export declare function verifyDriftFindings(matches: CredentialMatch[]): Promise<Map<string, LivenessResult>>;
+/**
+ * Apply liveness results to credential matches: escalate severity
+ * and update explanation text for confirmed drift.
+ *
+ * Returns new match objects (does not mutate originals).
+ */
+export declare function applyLivenessResults(matches: CredentialMatch[], livenessResults: Map<string, LivenessResult>): CredentialMatch[];
+//# sourceMappingURL=drift-verification.d.ts.map

package/dist/util/drift-verification.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"drift-verification.d.ts","sourceRoot":"","sources":["../../src/util/drift-verification.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAIhE,MAAM,WAAW,cAAc;IAC7B,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,OAAO,EAAE,OAAO,CAAC;IACjB,uDAAuD;IACvD,IAAI,EAAE,OAAO,CAAC;IACd,4CAA4C;IAC5C,gBAAgB,EAAE,MAAM,CAAC;IACzB,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAUD;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAyDhF;AA+PD;;;;;;;;GAQG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,cAAc,CAAC,CAwEzB;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,eAAe,EAAE,GACzB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAmDtC;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,eAAe,EAAE,EAC1B,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,GAC3C,eAAe,EAAE,CA2BnB"}