pinata-security-cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +168 -0
  3. package/dist/cli/index.d.ts +1 -0
  4. package/dist/cli/index.js +6473 -0
  5. package/dist/cli/index.js.map +1 -0
  6. package/dist/index.d.ts +1188 -0
  7. package/dist/index.js +1622 -0
  8. package/dist/index.js.map +1 -0
  9. package/package.json +91 -0
  10. package/wasm/tree-sitter-javascript.wasm +0 -0
  11. package/wasm/tree-sitter-python.wasm +0 -0
  12. package/wasm/tree-sitter-typescript.wasm +0 -0
  13. package/wasm/web-tree-sitter.wasm +0 -0
package/dist/index.d.ts ADDED
@@ -0,0 +1,1188 @@
1
+ import { z } from 'zod';
2
+
3
+ /**
4
+ * Risk domains representing different areas of test coverage
5
+ */
6
+ declare const RiskDomainSchema: z.ZodEnum<["security", "data", "concurrency", "input", "resource", "reliability", "performance", "platform", "business", "compliance"]>;
7
+ /**
8
+ * Test levels from unit to chaos engineering
9
+ */
10
+ declare const TestLevelSchema: z.ZodEnum<["unit", "integration", "system", "chaos"]>;
11
+ /**
12
+ * Priority levels for categorizing importance
13
+ */
14
+ declare const PrioritySchema: z.ZodEnum<["P0", "P1", "P2"]>;
15
+ /**
16
+ * Severity levels for gap findings
17
+ */
18
+ declare const SeveritySchema: z.ZodEnum<["critical", "high", "medium", "low"]>;
19
+ /**
20
+ * Confidence levels for pattern detection
21
+ */
22
+ declare const ConfidenceSchema: z.ZodEnum<["high", "medium", "low"]>;
23
+ /**
24
+ * Supported programming languages
25
+ */
26
+ declare const LanguageSchema: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
27
+ type RiskDomain = z.infer<typeof RiskDomainSchema>;
28
+ type TestLevel = z.infer<typeof TestLevelSchema>;
29
+ type Priority = z.infer<typeof PrioritySchema>;
30
+ type Severity = z.infer<typeof SeveritySchema>;
31
+ type Confidence = z.infer<typeof ConfidenceSchema>;
32
+ type Language = z.infer<typeof LanguageSchema>;
33
+ /**
34
+ * All available risk domains
35
+ */
36
+ declare const RISK_DOMAINS: ["security", "data", "concurrency", "input", "resource", "reliability", "performance", "platform", "business", "compliance"];
37
+ /**
38
+ * All available test levels
39
+ */
40
+ declare const TEST_LEVELS: ["unit", "integration", "system", "chaos"];
41
+ /**
42
+ * All available languages
43
+ */
44
+ declare const LANGUAGES: ["python", "typescript", "javascript", "go", "java", "rust"];
45
+
46
+ /**
47
+ * Schema for example vulnerable code and corresponding tests
48
+ */
49
+ declare const ExampleSchema: z.ZodObject<{
50
+ /** Unique identifier for this example */
51
+ name: z.ZodString;
52
+ /** Explanation of the vulnerability/edge case concept */
53
+ concept: z.ZodString;
54
+ /** Example of vulnerable or problematic code */
55
+ vulnerableCode: z.ZodString;
56
+ /** Example test code that catches this vulnerability */
57
+ testCode: z.ZodString;
58
+ /** Programming language of the example */
59
+ language: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
60
+ /** Severity if this vulnerability is exploited */
61
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
62
+ /** Optional related CVE identifier */
63
+ cve: z.ZodOptional<z.ZodString>;
64
+ /** Optional link to more information */
65
+ reference: z.ZodOptional<z.ZodString>;
66
+ }, "strip", z.ZodTypeAny, {
67
+ name: string;
68
+ severity: "critical" | "high" | "medium" | "low";
69
+ concept: string;
70
+ vulnerableCode: string;
71
+ testCode: string;
72
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
73
+ cve?: string | undefined;
74
+ reference?: string | undefined;
75
+ }, {
76
+ name: string;
77
+ severity: "critical" | "high" | "medium" | "low";
78
+ concept: string;
79
+ vulnerableCode: string;
80
+ testCode: string;
81
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
82
+ cve?: string | undefined;
83
+ reference?: string | undefined;
84
+ }>;
85
+ type Example = z.infer<typeof ExampleSchema>;
86
+
87
+ /**
88
+ * Types of detection patterns
89
+ * - ast: Tree-sitter AST queries
90
+ * - regex: Regular expression patterns
91
+ * - semantic: LLM-assisted semantic analysis
92
+ */
93
+ declare const PatternTypeSchema: z.ZodEnum<["ast", "regex", "semantic"]>;
94
+ /**
95
+ * Schema for detection patterns that identify code susceptible to a category
96
+ */
97
+ declare const DetectionPatternSchema: z.ZodObject<{
98
+ /** Unique identifier for this pattern */
99
+ id: z.ZodString;
100
+ /** Type of pattern matching to use */
101
+ type: z.ZodEnum<["ast", "regex", "semantic"]>;
102
+ /** Target programming language */
103
+ language: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
104
+ /** The pattern string (AST query, regex, or semantic description) */
105
+ pattern: z.ZodString;
106
+ /** How confident we are when this pattern matches */
107
+ confidence: z.ZodEnum<["high", "medium", "low"]>;
108
+ /** Human-readable description of what this pattern detects */
109
+ description: z.ZodString;
110
+ /** Optional pattern that indicates code is NOT vulnerable (false positive filter) */
111
+ negativePattern: z.ZodOptional<z.ZodString>;
112
+ /** Optional list of framework contexts where this pattern applies */
113
+ frameworks: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
114
+ }, "strip", z.ZodTypeAny, {
115
+ id: string;
116
+ description: string;
117
+ type: "ast" | "regex" | "semantic";
118
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
119
+ pattern: string;
120
+ confidence: "high" | "medium" | "low";
121
+ negativePattern?: string | undefined;
122
+ frameworks?: string[] | undefined;
123
+ }, {
124
+ id: string;
125
+ description: string;
126
+ type: "ast" | "regex" | "semantic";
127
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
128
+ pattern: string;
129
+ confidence: "high" | "medium" | "low";
130
+ negativePattern?: string | undefined;
131
+ frameworks?: string[] | undefined;
132
+ }>;
133
+ /**
134
+ * Schema for a detection result (pattern match in code)
135
+ */
136
+ declare const DetectionResultSchema: z.ZodObject<{
137
+ /** ID of the pattern that matched */
138
+ patternId: z.ZodString;
139
+ /** Category this detection belongs to */
140
+ categoryId: z.ZodString;
141
+ /** File path where detection occurred */
142
+ filePath: z.ZodString;
143
+ /** Starting line number (1-indexed) */
144
+ lineStart: z.ZodNumber;
145
+ /** Ending line number (1-indexed) */
146
+ lineEnd: z.ZodNumber;
147
+ /** Code snippet that matched */
148
+ codeSnippet: z.ZodString;
149
+ /** Confidence of this specific match */
150
+ confidence: z.ZodEnum<["high", "medium", "low"]>;
151
+ /** Optional additional context */
152
+ context: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
153
+ }, "strip", z.ZodTypeAny, {
154
+ confidence: "high" | "medium" | "low";
155
+ patternId: string;
156
+ categoryId: string;
157
+ filePath: string;
158
+ lineStart: number;
159
+ lineEnd: number;
160
+ codeSnippet: string;
161
+ context?: Record<string, unknown> | undefined;
162
+ }, {
163
+ confidence: "high" | "medium" | "low";
164
+ patternId: string;
165
+ categoryId: string;
166
+ filePath: string;
167
+ lineStart: number;
168
+ lineEnd: number;
169
+ codeSnippet: string;
170
+ context?: Record<string, unknown> | undefined;
171
+ }>;
172
+ type PatternType = z.infer<typeof PatternTypeSchema>;
173
+ type DetectionPattern = z.infer<typeof DetectionPatternSchema>;
174
+ type DetectionResult = z.infer<typeof DetectionResultSchema>;
175
+ /**
176
+ * All available pattern types
177
+ */
178
+ declare const PATTERN_TYPES: ["ast", "regex", "semantic"];
179
+
180
+ /**
181
+ * Supported test frameworks
182
+ */
183
+ declare const TestFrameworkSchema: z.ZodEnum<["pytest", "unittest", "jest", "vitest", "mocha", "go-test", "junit"]>;
184
+ /**
185
+ * Schema for template variables that get substituted during generation
186
+ */
187
+ declare const TemplateVariableSchema: z.ZodObject<{
188
+ /** Variable name (used in template as {{name}}) */
189
+ name: z.ZodString;
190
+ /** Type of the variable value */
191
+ type: z.ZodEnum<["string", "number", "boolean", "array", "object"]>;
192
+ /** Human-readable description */
193
+ description: z.ZodString;
194
+ /** Whether this variable must be provided */
195
+ required: z.ZodDefault<z.ZodBoolean>;
196
+ /** Default value if not provided */
197
+ defaultValue: z.ZodOptional<z.ZodUnknown>;
198
+ }, "strip", z.ZodTypeAny, {
199
+ name: string;
200
+ description: string;
201
+ type: "string" | "number" | "boolean" | "object" | "array";
202
+ required: boolean;
203
+ defaultValue?: unknown;
204
+ }, {
205
+ name: string;
206
+ description: string;
207
+ type: "string" | "number" | "boolean" | "object" | "array";
208
+ required?: boolean | undefined;
209
+ defaultValue?: unknown;
210
+ }>;
211
+ /**
212
+ * Schema for test templates that generate runnable tests
213
+ */
214
+ declare const TestTemplateSchema: z.ZodObject<{
215
+ /** Unique identifier for this template */
216
+ id: z.ZodString;
217
+ /** Target programming language */
218
+ language: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
219
+ /** Target test framework */
220
+ framework: z.ZodEnum<["pytest", "unittest", "jest", "vitest", "mocha", "go-test", "junit"]>;
221
+ /** Template content with {{variable}} placeholders */
222
+ template: z.ZodString;
223
+ /** Variables that can be substituted in the template */
224
+ variables: z.ZodArray<z.ZodObject<{
225
+ /** Variable name (used in template as {{name}}) */
226
+ name: z.ZodString;
227
+ /** Type of the variable value */
228
+ type: z.ZodEnum<["string", "number", "boolean", "array", "object"]>;
229
+ /** Human-readable description */
230
+ description: z.ZodString;
231
+ /** Whether this variable must be provided */
232
+ required: z.ZodDefault<z.ZodBoolean>;
233
+ /** Default value if not provided */
234
+ defaultValue: z.ZodOptional<z.ZodUnknown>;
235
+ }, "strip", z.ZodTypeAny, {
236
+ name: string;
237
+ description: string;
238
+ type: "string" | "number" | "boolean" | "object" | "array";
239
+ required: boolean;
240
+ defaultValue?: unknown;
241
+ }, {
242
+ name: string;
243
+ description: string;
244
+ type: "string" | "number" | "boolean" | "object" | "array";
245
+ required?: boolean | undefined;
246
+ defaultValue?: unknown;
247
+ }>, "many">;
248
+ /** Required imports for the generated test */
249
+ imports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
250
+ /** Required fixtures or setup code */
251
+ fixtures: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
252
+ /** Description of what this template tests */
253
+ description: z.ZodOptional<z.ZodString>;
254
+ }, "strip", z.ZodTypeAny, {
255
+ id: string;
256
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
257
+ framework: "pytest" | "unittest" | "jest" | "vitest" | "mocha" | "go-test" | "junit";
258
+ template: string;
259
+ variables: {
260
+ name: string;
261
+ description: string;
262
+ type: "string" | "number" | "boolean" | "object" | "array";
263
+ required: boolean;
264
+ defaultValue?: unknown;
265
+ }[];
266
+ description?: string | undefined;
267
+ imports?: string[] | undefined;
268
+ fixtures?: string[] | undefined;
269
+ }, {
270
+ id: string;
271
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
272
+ framework: "pytest" | "unittest" | "jest" | "vitest" | "mocha" | "go-test" | "junit";
273
+ template: string;
274
+ variables: {
275
+ name: string;
276
+ description: string;
277
+ type: "string" | "number" | "boolean" | "object" | "array";
278
+ required?: boolean | undefined;
279
+ defaultValue?: unknown;
280
+ }[];
281
+ description?: string | undefined;
282
+ imports?: string[] | undefined;
283
+ fixtures?: string[] | undefined;
284
+ }>;
285
+ type TestFramework = z.infer<typeof TestFrameworkSchema>;
286
+ type TemplateVariable = z.infer<typeof TemplateVariableSchema>;
287
+ type TestTemplate = z.infer<typeof TestTemplateSchema>;
288
+ /**
289
+ * All available test frameworks
290
+ */
291
+ declare const TEST_FRAMEWORKS: ["pytest", "unittest", "jest", "vitest", "mocha", "go-test", "junit"];
292
+
293
+ /**
294
+ * Complete Category schema with all nested types
295
+ */
296
+ declare const CategorySchema: z.ZodObject<{
297
+ id: z.ZodString;
298
+ version: z.ZodNumber;
299
+ name: z.ZodString;
300
+ description: z.ZodString;
301
+ domain: z.ZodEnum<["security", "data", "concurrency", "input", "resource", "reliability", "performance", "platform", "business", "compliance"]>;
302
+ level: z.ZodEnum<["unit", "integration", "system", "chaos"]>;
303
+ priority: z.ZodEnum<["P0", "P1", "P2"]>;
304
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
305
+ applicableLanguages: z.ZodArray<z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>, "many">;
306
+ cves: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
307
+ references: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
308
+ createdAt: z.ZodDate;
309
+ updatedAt: z.ZodDate;
310
+ } & {
311
+ detectionPatterns: z.ZodArray<z.ZodObject<{
312
+ id: z.ZodString;
313
+ type: z.ZodEnum<["ast", "regex", "semantic"]>;
314
+ language: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
315
+ pattern: z.ZodString;
316
+ confidence: z.ZodEnum<["high", "medium", "low"]>;
317
+ description: z.ZodString;
318
+ negativePattern: z.ZodOptional<z.ZodString>;
319
+ frameworks: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
320
+ }, "strip", z.ZodTypeAny, {
321
+ id: string;
322
+ description: string;
323
+ type: "ast" | "regex" | "semantic";
324
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
325
+ pattern: string;
326
+ confidence: "high" | "medium" | "low";
327
+ negativePattern?: string | undefined;
328
+ frameworks?: string[] | undefined;
329
+ }, {
330
+ id: string;
331
+ description: string;
332
+ type: "ast" | "regex" | "semantic";
333
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
334
+ pattern: string;
335
+ confidence: "high" | "medium" | "low";
336
+ negativePattern?: string | undefined;
337
+ frameworks?: string[] | undefined;
338
+ }>, "many">;
339
+ testTemplates: z.ZodArray<z.ZodObject<{
340
+ id: z.ZodString;
341
+ language: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
342
+ framework: z.ZodEnum<["pytest", "unittest", "jest", "vitest", "mocha", "go-test", "junit"]>;
343
+ template: z.ZodString;
344
+ variables: z.ZodArray<z.ZodObject<{
345
+ name: z.ZodString;
346
+ type: z.ZodEnum<["string", "number", "boolean", "array", "object"]>;
347
+ description: z.ZodString;
348
+ required: z.ZodDefault<z.ZodBoolean>;
349
+ defaultValue: z.ZodOptional<z.ZodUnknown>;
350
+ }, "strip", z.ZodTypeAny, {
351
+ name: string;
352
+ description: string;
353
+ type: "string" | "number" | "boolean" | "object" | "array";
354
+ required: boolean;
355
+ defaultValue?: unknown;
356
+ }, {
357
+ name: string;
358
+ description: string;
359
+ type: "string" | "number" | "boolean" | "object" | "array";
360
+ required?: boolean | undefined;
361
+ defaultValue?: unknown;
362
+ }>, "many">;
363
+ imports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
364
+ fixtures: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
365
+ description: z.ZodOptional<z.ZodString>;
366
+ }, "strip", z.ZodTypeAny, {
367
+ id: string;
368
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
369
+ framework: "pytest" | "unittest" | "jest" | "vitest" | "mocha" | "go-test" | "junit";
370
+ template: string;
371
+ variables: {
372
+ name: string;
373
+ description: string;
374
+ type: "string" | "number" | "boolean" | "object" | "array";
375
+ required: boolean;
376
+ defaultValue?: unknown;
377
+ }[];
378
+ description?: string | undefined;
379
+ imports?: string[] | undefined;
380
+ fixtures?: string[] | undefined;
381
+ }, {
382
+ id: string;
383
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
384
+ framework: "pytest" | "unittest" | "jest" | "vitest" | "mocha" | "go-test" | "junit";
385
+ template: string;
386
+ variables: {
387
+ name: string;
388
+ description: string;
389
+ type: "string" | "number" | "boolean" | "object" | "array";
390
+ required?: boolean | undefined;
391
+ defaultValue?: unknown;
392
+ }[];
393
+ description?: string | undefined;
394
+ imports?: string[] | undefined;
395
+ fixtures?: string[] | undefined;
396
+ }>, "many">;
397
+ examples: z.ZodArray<z.ZodObject<{
398
+ name: z.ZodString;
399
+ concept: z.ZodString;
400
+ vulnerableCode: z.ZodString;
401
+ testCode: z.ZodString;
402
+ language: z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>;
403
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
404
+ cve: z.ZodOptional<z.ZodString>;
405
+ reference: z.ZodOptional<z.ZodString>;
406
+ }, "strip", z.ZodTypeAny, {
407
+ name: string;
408
+ severity: "critical" | "high" | "medium" | "low";
409
+ concept: string;
410
+ vulnerableCode: string;
411
+ testCode: string;
412
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
413
+ cve?: string | undefined;
414
+ reference?: string | undefined;
415
+ }, {
416
+ name: string;
417
+ severity: "critical" | "high" | "medium" | "low";
418
+ concept: string;
419
+ vulnerableCode: string;
420
+ testCode: string;
421
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
422
+ cve?: string | undefined;
423
+ reference?: string | undefined;
424
+ }>, "many">;
425
+ }, "strip", z.ZodTypeAny, {
426
+ id: string;
427
+ version: number;
428
+ name: string;
429
+ description: string;
430
+ domain: "security" | "data" | "concurrency" | "input" | "resource" | "reliability" | "performance" | "platform" | "business" | "compliance";
431
+ level: "unit" | "integration" | "system" | "chaos";
432
+ priority: "P0" | "P1" | "P2";
433
+ severity: "critical" | "high" | "medium" | "low";
434
+ applicableLanguages: ("python" | "typescript" | "javascript" | "go" | "java" | "rust")[];
435
+ createdAt: Date;
436
+ updatedAt: Date;
437
+ detectionPatterns: {
438
+ id: string;
439
+ description: string;
440
+ type: "ast" | "regex" | "semantic";
441
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
442
+ pattern: string;
443
+ confidence: "high" | "medium" | "low";
444
+ negativePattern?: string | undefined;
445
+ frameworks?: string[] | undefined;
446
+ }[];
447
+ testTemplates: {
448
+ id: string;
449
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
450
+ framework: "pytest" | "unittest" | "jest" | "vitest" | "mocha" | "go-test" | "junit";
451
+ template: string;
452
+ variables: {
453
+ name: string;
454
+ description: string;
455
+ type: "string" | "number" | "boolean" | "object" | "array";
456
+ required: boolean;
457
+ defaultValue?: unknown;
458
+ }[];
459
+ description?: string | undefined;
460
+ imports?: string[] | undefined;
461
+ fixtures?: string[] | undefined;
462
+ }[];
463
+ examples: {
464
+ name: string;
465
+ severity: "critical" | "high" | "medium" | "low";
466
+ concept: string;
467
+ vulnerableCode: string;
468
+ testCode: string;
469
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
470
+ cve?: string | undefined;
471
+ reference?: string | undefined;
472
+ }[];
473
+ cves?: string[] | undefined;
474
+ references?: string[] | undefined;
475
+ }, {
476
+ id: string;
477
+ version: number;
478
+ name: string;
479
+ description: string;
480
+ domain: "security" | "data" | "concurrency" | "input" | "resource" | "reliability" | "performance" | "platform" | "business" | "compliance";
481
+ level: "unit" | "integration" | "system" | "chaos";
482
+ priority: "P0" | "P1" | "P2";
483
+ severity: "critical" | "high" | "medium" | "low";
484
+ applicableLanguages: ("python" | "typescript" | "javascript" | "go" | "java" | "rust")[];
485
+ createdAt: Date;
486
+ updatedAt: Date;
487
+ detectionPatterns: {
488
+ id: string;
489
+ description: string;
490
+ type: "ast" | "regex" | "semantic";
491
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
492
+ pattern: string;
493
+ confidence: "high" | "medium" | "low";
494
+ negativePattern?: string | undefined;
495
+ frameworks?: string[] | undefined;
496
+ }[];
497
+ testTemplates: {
498
+ id: string;
499
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
500
+ framework: "pytest" | "unittest" | "jest" | "vitest" | "mocha" | "go-test" | "junit";
501
+ template: string;
502
+ variables: {
503
+ name: string;
504
+ description: string;
505
+ type: "string" | "number" | "boolean" | "object" | "array";
506
+ required?: boolean | undefined;
507
+ defaultValue?: unknown;
508
+ }[];
509
+ description?: string | undefined;
510
+ imports?: string[] | undefined;
511
+ fixtures?: string[] | undefined;
512
+ }[];
513
+ examples: {
514
+ name: string;
515
+ severity: "critical" | "high" | "medium" | "low";
516
+ concept: string;
517
+ vulnerableCode: string;
518
+ testCode: string;
519
+ language: "python" | "typescript" | "javascript" | "go" | "java" | "rust";
520
+ cve?: string | undefined;
521
+ reference?: string | undefined;
522
+ }[];
523
+ cves?: string[] | undefined;
524
+ references?: string[] | undefined;
525
+ }>;
526
+ /**
527
+ * Complete Category type
528
+ */
529
+ type Category = z.infer<typeof CategorySchema>;
530
+ /**
531
+ * Category without nested arrays (for partial loading)
532
+ */
533
+ declare const CategorySummarySchema: z.ZodObject<Pick<{
534
+ id: z.ZodString;
535
+ version: z.ZodNumber;
536
+ name: z.ZodString;
537
+ description: z.ZodString;
538
+ domain: z.ZodEnum<["security", "data", "concurrency", "input", "resource", "reliability", "performance", "platform", "business", "compliance"]>;
539
+ level: z.ZodEnum<["unit", "integration", "system", "chaos"]>;
540
+ priority: z.ZodEnum<["P0", "P1", "P2"]>;
541
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
542
+ applicableLanguages: z.ZodArray<z.ZodEnum<["python", "typescript", "javascript", "go", "java", "rust"]>, "many">;
543
+ cves: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
544
+ references: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
545
+ createdAt: z.ZodDate;
546
+ updatedAt: z.ZodDate;
547
+ }, "id" | "name" | "description" | "domain" | "level" | "priority" | "severity">, "strip", z.ZodTypeAny, {
548
+ id: string;
549
+ name: string;
550
+ description: string;
551
+ domain: "security" | "data" | "concurrency" | "input" | "resource" | "reliability" | "performance" | "platform" | "business" | "compliance";
552
+ level: "unit" | "integration" | "system" | "chaos";
553
+ priority: "P0" | "P1" | "P2";
554
+ severity: "critical" | "high" | "medium" | "low";
555
+ }, {
556
+ id: string;
557
+ name: string;
558
+ description: string;
559
+ domain: "security" | "data" | "concurrency" | "input" | "resource" | "reliability" | "performance" | "platform" | "business" | "compliance";
560
+ level: "unit" | "integration" | "system" | "chaos";
561
+ priority: "P0" | "P1" | "P2";
562
+ severity: "critical" | "high" | "medium" | "low";
563
+ }>;
564
+ type CategorySummary = z.infer<typeof CategorySummarySchema>;
565
+
566
+ /**
567
+ * Base error class for all Pinata errors
568
+ */
569
+ declare class PinataError extends Error {
570
+ readonly code: string;
571
+ readonly context?: Record<string, unknown> | undefined;
572
+ constructor(message: string, code: string, context?: Record<string, unknown> | undefined);
573
+ /**
574
+ * Serialize error for logging or API responses
575
+ */
576
+ toJSON(): Record<string, unknown>;
577
+ }
578
+ /**
579
+ * Error for schema validation failures
580
+ */
581
+ declare class ValidationError extends PinataError {
582
+ constructor(message: string, context?: Record<string, unknown>);
583
+ }
584
+ /**
585
+ * Error for file/code parsing failures
586
+ */
587
+ declare class ParseError extends PinataError {
588
+ readonly filePath: string;
589
+ readonly line?: number | undefined;
590
+ constructor(message: string, filePath: string, line?: number | undefined, context?: Record<string, unknown>);
591
+ }
592
+ /**
593
+ * Error for configuration issues
594
+ */
595
+ declare class ConfigError extends PinataError {
596
+ constructor(message: string, context?: Record<string, unknown>);
597
+ }
598
+ /**
599
+ * Error during codebase analysis
600
+ */
601
+ declare class AnalysisError extends PinataError {
602
+ constructor(message: string, context?: Record<string, unknown>);
603
+ }
604
+ /**
605
+ * Error during test generation
606
+ */
607
+ declare class GenerationError extends PinataError {
608
+ constructor(message: string, context?: Record<string, unknown>);
609
+ }
610
+ /**
611
+ * Error for category not found
612
+ */
613
+ declare class CategoryNotFoundError extends PinataError {
614
+ constructor(categoryId: string);
615
+ }
616
+ /**
617
+ * Error for pattern not found
618
+ */
619
+ declare class PatternNotFoundError extends PinataError {
620
+ constructor(patternId: string);
621
+ }
622
+
623
+ /**
624
+ * Result type for operations that can fail
625
+ * Prefer this over throwing exceptions for expected failures
626
+ */
627
+ type Result<T, E = Error> = {
628
+ success: true;
629
+ data: T;
630
+ } | {
631
+ success: false;
632
+ error: E;
633
+ };
634
+ /**
635
+ * Create a successful result
636
+ */
637
+ declare function ok<T>(data: T): Result<T, never>;
638
+ /**
639
+ * Create a failed result
640
+ */
641
+ declare function err<E>(error: E): Result<never, E>;
642
+ /**
643
+ * Unwrap a result, throwing if it's an error
644
+ * Use sparingly - prefer pattern matching with if/else
645
+ */
646
+ declare function unwrap<T, E>(result: Result<T, E>): T;
647
+ /**
648
+ * Unwrap a result with a default value for errors
649
+ */
650
+ declare function unwrapOr<T, E>(result: Result<T, E>, defaultValue: T): T;
651
+ /**
652
+ * Map over a successful result
653
+ */
654
+ declare function map<T, U, E>(result: Result<T, E>, fn: (value: T) => U): Result<U, E>;
655
+ /**
656
+ * Map over a failed result
657
+ */
658
+ declare function mapErr<T, E, F>(result: Result<T, E>, fn: (error: E) => F): Result<T, F>;
659
+ /**
660
+ * Chain results together (flatMap)
661
+ */
662
+ declare function andThen<T, U, E>(result: Result<T, E>, fn: (value: T) => Result<U, E>): Result<U, E>;
663
+ /**
664
+ * Combine multiple results into one
665
+ * Returns first error if any fail, otherwise returns array of all values
666
+ */
667
+ declare function all<T, E>(results: Result<T, E>[]): Result<T[], E>;
668
+ /**
669
+ * Try to execute a function, returning a Result
670
+ */
671
+ declare function tryCatch<T>(fn: () => T): Result<T, Error>;
672
+ /**
673
+ * Try to execute an async function, returning a Result
674
+ */
675
+ declare function tryCatchAsync<T>(fn: () => Promise<T>): Promise<Result<T, Error>>;
676
+
677
+ /**
678
+ * Options for filtering categories
679
+ */
680
+ interface CategoryFilter {
681
+ domain?: RiskDomain;
682
+ level?: TestLevel;
683
+ language?: Language;
684
+ priority?: Priority;
685
+ severity?: Severity;
686
+ }
687
+ /**
688
+ * Options for searching categories
689
+ */
690
+ interface SearchOptions {
691
+ query: string;
692
+ filter?: CategoryFilter;
693
+ limit?: number;
694
+ }
695
+ /**
696
+ * Search result with relevance score
697
+ */
698
+ interface SearchResult {
699
+ category: CategorySummary;
700
+ score: number;
701
+ matches: string[];
702
+ }
703
+ /**
704
+ * Store for managing test categories
705
+ *
706
+ * Provides:
707
+ * - CRUD operations for categories
708
+ * - Indexing by domain, level, language
709
+ * - Full-text search
710
+ * - Validation on load
711
+ */
712
+ declare class CategoryStore {
713
+ /** All loaded categories by ID */
714
+ private categories;
715
+ /** Index by domain */
716
+ private domainIndex;
717
+ /** Index by level */
718
+ private levelIndex;
719
+ /** Index by language */
720
+ private languageIndex;
721
+ /** Index by priority */
722
+ private priorityIndex;
723
+ /** Search index: word -> category IDs */
724
+ private searchIndex;
725
+ /** Version tracking for loaded categories */
726
+ private versions;
727
+ /**
728
+ * Get total number of loaded categories
729
+ */
730
+ get size(): number;
731
+ /**
732
+ * Load a single category into the store
733
+ */
734
+ add(category: Category): Result<Category, ValidationError>;
735
+ /**
736
+ * Get a category by ID
737
+ */
738
+ get(id: string): Result<Category, CategoryNotFoundError>;
739
+ /**
740
+ * Check if a category exists
741
+ */
742
+ has(id: string): boolean;
743
+ /**
744
+ * Remove a category by ID
745
+ */
746
+ remove(id: string): Result<Category, CategoryNotFoundError>;
747
+ /**
748
+ * List all categories, optionally filtered
749
+ */
750
+ list(filter?: CategoryFilter): CategorySummary[];
751
+ /**
752
+ * Get all categories in a specific domain
753
+ */
754
+ byDomain(domain: RiskDomain): CategorySummary[];
755
+ /**
756
+ * Get all categories at a specific test level
757
+ */
758
+ byLevel(level: TestLevel): CategorySummary[];
759
+ /**
760
+ * Get all categories applicable to a language
761
+ */
762
+ byLanguage(language: Language): CategorySummary[];
763
+ /**
764
+ * Full-text search across categories
765
+ */
766
+ search(options: SearchOptions): SearchResult[];
767
+ /**
768
+ * Load categories from a directory of YAML files
769
+ */
770
+ loadFromDirectory(dirPath: string): Promise<Result<number, ValidationError>>;
771
+ /**
772
+ * Load a single category from a YAML file
773
+ */
774
+ loadFromFile(filePath: string): Promise<Result<Category, ValidationError>>;
775
+ /**
776
+ * Export all categories as an array
777
+ */
778
+ toArray(): Category[];
779
+ /**
780
+ * Clear all categories and indexes
781
+ */
782
+ clear(): void;
783
+ /**
784
+ * Get statistics about loaded categories
785
+ */
786
+ stats(): {
787
+ total: number;
788
+ byDomain: Record<string, number>;
789
+ byLevel: Record<string, number>;
790
+ byPriority: Record<string, number>;
791
+ };
792
+ /**
793
+ * Add category to all indexes
794
+ */
795
+ private addToIndexes;
796
+ /**
797
+ * Remove category from all indexes
798
+ */
799
+ private removeFromIndexes;
800
+ /**
801
+ * Add ID to an index map
802
+ */
803
+ private addToIndex;
804
+ /**
805
+ * Remove ID from an index map
806
+ */
807
+ private removeFromIndex;
808
+ /**
809
+ * Index category text for search
810
+ */
811
+ private indexForSearch;
812
+ /**
813
+ * Remove category from search index
814
+ */
815
+ private removeFromSearchIndex;
816
+ /**
817
+ * Tokenize text for search indexing
818
+ */
819
+ private tokenize;
820
+ /**
821
+ * Intersect two sets, handling undefined
822
+ * Returns empty set if either input is empty set (filter found no matches)
823
+ */
824
+ private intersect;
825
+ /**
826
+ * Convert full category to summary
827
+ */
828
+ private toSummary;
829
+ /**
830
+ * Recursively load YAML files from directory
831
+ */
832
+ private loadYamlFilesRecursive;
833
+ }
834
+ /**
835
+ * Create a new CategoryStore instance
836
+ */
837
+ declare function createCategoryStore(): CategoryStore;
838
+
839
+ /**
840
+ * Log levels from most to least verbose
841
+ */
842
+ type LogLevel = "debug" | "info" | "warn" | "error" | "silent";
843
+ /**
844
+ * Logger configuration
845
+ */
846
+ interface LoggerConfig {
847
+ level: LogLevel;
848
+ prefix?: string;
849
+ }
850
+ /**
851
+ * Simple logger with colored output
852
+ */
853
+ declare class Logger {
854
+ private level;
855
+ private prefix;
856
+ /**
857
+ * Configure the logger
858
+ */
859
+ configure(config: Partial<LoggerConfig>): void;
860
+ /**
861
+ * Check if a log level should be output
862
+ */
863
+ private shouldLog;
864
+ /**
865
+ * Format a message with optional prefix
866
+ */
867
+ private format;
868
+ /**
869
+ * Debug level logging (gray)
870
+ */
871
+ debug(message: string, ...args: unknown[]): void;
872
+ /**
873
+ * Info level logging (default color)
874
+ */
875
+ info(message: string, ...args: unknown[]): void;
876
+ /**
877
+ * Warning level logging (yellow)
878
+ */
879
+ warn(message: string, ...args: unknown[]): void;
880
+ /**
881
+ * Error level logging (red)
882
+ */
883
+ error(message: string, ...args: unknown[]): void;
884
+ /**
885
+ * Success message (green)
886
+ */
887
+ success(message: string, ...args: unknown[]): void;
888
+ /**
889
+ * Create a child logger with a prefix
890
+ */
891
+ child(prefix: string): Logger;
892
+ }
893
+ /**
894
+ * Global logger instance
895
+ */
896
+ declare const logger: Logger;
897
+
898
+ /**
899
+ * Scanner types and schemas
900
+ *
901
+ * Defines the data structures for codebase scanning results,
902
+ * gap detection, coverage metrics, and Pinata Score calculation.
903
+ */
904
+
905
+ /**
906
+ * A detected gap (missing test coverage)
907
+ */
908
+ interface Gap {
909
+ /** Category ID this gap relates to */
910
+ categoryId: string;
911
+ /** Category name for display */
912
+ categoryName: string;
913
+ /** Risk domain */
914
+ domain: RiskDomain;
915
+ /** Test level */
916
+ level: TestLevel;
917
+ /** Priority of addressing this gap */
918
+ priority: Priority;
919
+ /** Severity if exploited */
920
+ severity: Severity;
921
+ /** Detection confidence */
922
+ confidence: Confidence;
923
+ /** File where the gap was detected */
924
+ filePath: string;
925
+ /** Line number in file */
926
+ lineStart: number;
927
+ /** End line number */
928
+ lineEnd: number;
929
+ /** Column start */
930
+ columnStart: number;
931
+ /** Column end */
932
+ columnEnd: number;
933
+ /** Code snippet showing the gap */
934
+ codeSnippet: string;
935
+ /** Pattern ID that detected this */
936
+ patternId: string;
937
+ /** Detection type used */
938
+ patternType: "regex" | "ast" | "semantic";
939
+ /** Weighted score for prioritization (severity × confidence) */
940
+ priorityScore: number;
941
+ }
942
+
943
+ /**
944
+ * Core analysis engine
945
+ *
946
+ * This module contains:
947
+ * - detection/ - Pattern matching against categories
948
+ * - scanner/ - Codebase analysis orchestration
949
+ * - ingestion/ - Code parsing and AST extraction (coming soon)
950
+ * - generation/ - Test code generation (coming soon)
951
+ */
952
+ declare const VERSION = "0.1.0";
953
+
954
+ /**
955
+ * AI Service Types
956
+ */
957
+ type AIProvider = "anthropic" | "openai" | "mock";
958
+ interface AIConfig {
959
+ /** AI provider to use */
960
+ provider: AIProvider;
961
+ /** API key (reads from env if not provided) */
962
+ apiKey?: string;
963
+ /** Model to use (provider-specific) */
964
+ model?: string;
965
+ /** Maximum tokens in response */
966
+ maxTokens?: number;
967
+ /** Temperature (0-1) */
968
+ temperature?: number;
969
+ /** Timeout in milliseconds */
970
+ timeoutMs?: number;
971
+ }
972
+ interface AIResponse<T = string> {
973
+ /** Whether the request succeeded */
974
+ success: boolean;
975
+ /** Response data */
976
+ data?: T;
977
+ /** Error message if failed */
978
+ error?: string;
979
+ /** Usage statistics */
980
+ usage?: {
981
+ inputTokens: number;
982
+ outputTokens: number;
983
+ };
984
+ /** Response time in ms */
985
+ durationMs: number;
986
+ }
987
+ interface Message {
988
+ role: "user" | "assistant" | "system";
989
+ content: string;
990
+ }
991
+ interface CompletionRequest {
992
+ messages: Message[];
993
+ maxTokens?: number;
994
+ temperature?: number;
995
+ systemPrompt?: string;
996
+ }
997
+ /**
998
+ * Gap explanation result
999
+ */
1000
+ interface GapExplanation {
1001
+ /** Short summary (1-2 sentences) */
1002
+ summary: string;
1003
+ /** Detailed explanation */
1004
+ explanation: string;
1005
+ /** Why this is a security/quality risk */
1006
+ risk: string;
1007
+ /** How to fix it */
1008
+ remediation: string;
1009
+ /** Example of safe code */
1010
+ safeExample?: string;
1011
+ /** Relevant CVEs or references */
1012
+ references?: string[];
1013
+ }
1014
+ /**
1015
+ * Template variable suggestion
1016
+ */
1017
+ interface VariableSuggestion {
1018
+ /** Variable name */
1019
+ name: string;
1020
+ /** Suggested value */
1021
+ value: string | number | boolean | string[];
1022
+ /** Reasoning for the suggestion */
1023
+ reasoning: string;
1024
+ /** Confidence in the suggestion (0-1) */
1025
+ confidence: number;
1026
+ }
1027
+ /**
1028
+ * Pattern suggestion result
1029
+ */
1030
+ interface PatternSuggestion {
1031
+ /** Suggested pattern ID */
1032
+ id: string;
1033
+ /** Regex pattern */
1034
+ pattern: string;
1035
+ /** Description of what it detects */
1036
+ description: string;
1037
+ /** Confidence level */
1038
+ confidence: "high" | "medium" | "low";
1039
+ /** Example code that would match */
1040
+ matchExample: string;
1041
+ /** Example code that should NOT match */
1042
+ safeExample: string;
1043
+ /** Reasoning for the pattern */
1044
+ reasoning: string;
1045
+ }
1046
+
1047
+ /**
1048
+ * AI Service Implementation
1049
+ *
1050
+ * Provides a unified interface for AI completions across providers.
1051
+ * Supports Anthropic Claude and OpenAI GPT models.
1052
+ */
1053
+
1054
+ /**
1055
+ * AI Service for generating completions
1056
+ */
1057
+ declare class AIService {
1058
+ private readonly config;
1059
+ constructor(config?: Partial<AIConfig>);
1060
+ /**
1061
+ * Get API key from environment variable
1062
+ * For config file support, use the sync version below
1063
+ */
1064
+ private getApiKeyFromEnv;
1065
+ /**
1066
+ * Read API key from config file synchronously
1067
+ * Uses require() for sync file access in constructor context
1068
+ */
1069
+ private getApiKeyFromConfig;
1070
+ /**
1071
+ * Check if the service is configured with an API key
1072
+ */
1073
+ isConfigured(): boolean;
1074
+ /**
1075
+ * Get the current provider
1076
+ */
1077
+ getProvider(): AIProvider;
1078
+ /**
1079
+ * Generate a completion
1080
+ */
1081
+ complete(request: CompletionRequest): Promise<AIResponse<string>>;
1082
+ /**
1083
+ * Generate a JSON completion (parses response as JSON)
1084
+ */
1085
+ completeJSON<T>(request: CompletionRequest): Promise<AIResponse<T>>;
1086
+ /**
1087
+ * Call the AI provider API
1088
+ */
1089
+ private callProvider;
1090
+ /**
1091
+ * Call Anthropic API
1092
+ */
1093
+ private callAnthropic;
1094
+ /**
1095
+ * Call OpenAI API
1096
+ */
1097
+ private callOpenAI;
1098
+ /**
1099
+ * Mock completion for testing
1100
+ */
1101
+ private mockComplete;
1102
+ }
1103
+ /**
1104
+ * Create an AI service instance
1105
+ */
1106
+ declare function createAIService(config?: Partial<AIConfig>): AIService;
1107
+
1108
+ /**
1109
+ * Gap Explainer
1110
+ *
1111
+ * Uses AI to generate natural language explanations of detected gaps.
1112
+ */
1113
+
1114
+ /**
1115
+ * Explain a single gap
1116
+ */
1117
+ declare function explainGap(gap: Gap, category?: Category, config?: Partial<AIConfig>): Promise<AIResponse<GapExplanation>>;
1118
+ /**
1119
+ * Explain multiple gaps in batch
1120
+ */
1121
+ declare function explainGaps(gaps: Gap[], categories?: Map<string, Category>, config?: Partial<AIConfig>): Promise<Map<string, AIResponse<GapExplanation>>>;
1122
+
1123
+ /**
1124
+ * AI Template Variable Filler
1125
+ *
1126
+ * Uses AI to intelligently fill template variables based on context.
1127
+ */
1128
+
1129
+ interface VariableFillRequest {
1130
+ /** Code snippet for context */
1131
+ codeSnippet: string;
1132
+ /** File path for additional context */
1133
+ filePath: string;
1134
+ /** Template variables to fill */
1135
+ variables: TemplateVariable[];
1136
+ /** Optional gap information */
1137
+ gap?: Gap;
1138
+ /** Any pre-filled values to exclude */
1139
+ existingValues?: Record<string, unknown>;
1140
+ }
1141
+ interface VariableFillResult {
1142
+ /** Suggested values for each variable */
1143
+ suggestions: Map<string, VariableSuggestion>;
1144
+ /** Variables that couldn't be filled */
1145
+ unfilled: string[];
1146
+ /** Merged values (suggestions + existing) */
1147
+ values: Record<string, unknown>;
1148
+ }
1149
+ /**
1150
+ * Suggest variable values for a template
1151
+ */
1152
+ declare function suggestVariables(request: VariableFillRequest, config?: Partial<AIConfig>): Promise<AIResponse<VariableFillResult>>;
1153
+
1154
+ /**
1155
+ * AI Pattern Suggester
1156
+ *
1157
+ * Uses AI to suggest new detection patterns based on code samples.
1158
+ */
1159
+
1160
+ interface PatternSuggestionRequest {
1161
+ /** Category to suggest patterns for */
1162
+ category: string;
1163
+ /** Vulnerable code samples */
1164
+ vulnerableCode: string[];
1165
+ /** Safe code samples (to avoid matching) */
1166
+ safeCode?: string[];
1167
+ /** Language of the code */
1168
+ language: string;
1169
+ /** Existing patterns to avoid duplicating */
1170
+ existingPatterns?: string[];
1171
+ /** Maximum number of suggestions */
1172
+ maxSuggestions?: number;
1173
+ }
1174
+ interface PatternSuggestionResult {
1175
+ /** Suggested patterns */
1176
+ suggestions: PatternSuggestion[];
1177
+ /** Patterns that were tested but had issues */
1178
+ rejected: Array<{
1179
+ pattern: string;
1180
+ reason: string;
1181
+ }>;
1182
+ }
1183
+ /**
1184
+ * Suggest patterns based on code samples
1185
+ */
1186
+ declare function suggestPatterns(request: PatternSuggestionRequest, config?: Partial<AIConfig>): Promise<AIResponse<PatternSuggestionResult>>;
1187
+
1188
+ export { type AIConfig, type AIProvider, type AIResponse, AIService, AnalysisError, type Category, type CategoryFilter, CategoryNotFoundError, CategorySchema, CategoryStore, type CategorySummary, CategorySummarySchema, type Confidence, ConfidenceSchema, ConfigError, type DetectionPattern, DetectionPatternSchema, type DetectionResult, type Example, ExampleSchema, type GapExplanation, GenerationError, LANGUAGES, type Language, LanguageSchema, type LogLevel, PATTERN_TYPES, ParseError, PatternNotFoundError, type PatternSuggestion, type PatternType, PatternTypeSchema, PinataError, type Priority, PrioritySchema, RISK_DOMAINS, type Result, type RiskDomain, RiskDomainSchema, type SearchOptions, type SearchResult, type Severity, SeveritySchema, TEST_FRAMEWORKS, TEST_LEVELS, type TestFramework, TestFrameworkSchema, type TestLevel, TestLevelSchema, type TestTemplate, TestTemplateSchema, VERSION, ValidationError, type VariableSuggestion, all, andThen, createAIService, createCategoryStore, err, explainGap, explainGaps, logger, map, mapErr, ok, suggestPatterns, suggestVariables, tryCatch, tryCatchAsync, unwrap, unwrapOr };