postquant 0.0.1 → 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 PostQuant Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,109 @@
+# PostQuant
+
+**Find quantum-vulnerable cryptography in your TLS endpoints.**
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![npm version](https://img.shields.io/npm/v/postquant)](https://www.npmjs.com/package/postquant)
+
+PostQuant scans TLS connections and reports which algorithms are vulnerable to quantum attacks. It grades endpoints A+ through F and tells you what to migrate to.
+
+> **Early development.** The TLS scanner works. Code scanning and CBOM generation are planned.
+
+## Why
+
+NIST will **deprecate** RSA, ECC, and other quantum-vulnerable algorithms by **2030** and **disallow** them by **2035**. Adversaries are already harvesting encrypted traffic to decrypt later with quantum computers.
+
+PostQuant shows you what's exposed.
+
+## Quick Start
+
+```bash
+npx postquant scan example.com
+```
+
+Output:
+
+```
+  Overall Grade:  C
+
+  Certificate
+    Algorithm:    ECDSA P-256          🔴 Quantum Vulnerable
+
+  Connection
+    Protocol:     TLS 1.3              🟢 Current
+    Key Exchange: X25519               🔴 Quantum Vulnerable
+    Cipher:       AES-256-GCM          🟢 Quantum Safe
+```
+
+Most sites today score C or D. That's expected — almost nobody has deployed post-quantum cryptography yet.
+
+## Usage
+
+```bash
+# Scan a single host
+postquant scan example.com
+
+# Scan with explicit port
+postquant scan example.com:8443
+
+# Scan multiple hosts
+postquant scan example.com api.example.com
+
+# JSON output
+postquant scan example.com --format json
+
+# Read hosts from a file (one per line)
+postquant scan --file hosts.txt
+
+# Set connection timeout
+postquant scan example.com --timeout 5000
+```
+
+## Grading
+
+| Grade | Meaning |
+|-------|---------|
+| **A+** | All quantum-safe algorithms (PQC key exchange + signatures) |
+| **A** | Quantum-safe with minor observations |
+| **B** | Mostly safe, some moderate-risk items (e.g., AES-128) |
+| **C** | Quantum-vulnerable key exchange or signatures, but TLS 1.3 |
+| **D** | Multiple quantum-vulnerable components |
+| **F** | Critical vulnerabilities + legacy protocols |
+
+## Development
+
+```bash
+npm install        # Install dependencies
+npm run build      # Compile TypeScript
+npm test           # Run tests
+npm run dev -- scan example.com   # Run from source
+```
+
+## Roadmap
+
+| Phase | Target | Status |
+|-------|--------|--------|
+| TLS scanner CLI | March 2026 | v0.1.0 |
+| Code scanner (Python, JS, Go, Java) | April 2026 | Planned |
+| CBOM generation + risk scoring | May 2026 | Planned |
+| Web dashboard | June 2026 | Planned |
+
+See [docs/ROADMAP.md](docs/ROADMAP.md) for details.
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## Security
+
+See [SECURITY.md](SECURITY.md).
+
+## License
+
+[MIT](LICENSE)
+
+## Links
+
+- [postquant.dev](https://postquant.dev)
+- [@postquantdev](https://x.com/postquantdev)
+- [npm](https://www.npmjs.com/package/postquant)

package/dist/commands/scan.d.ts

@@ -0,0 +1,3 @@
+import type { ScanOptions } from '../types/index.js';
+export declare function scanCommand(hosts: string[], options: ScanOptions): Promise<number>;
+//# sourceMappingURL=scan.d.ts.map

package/dist/commands/scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAgB,WAAW,EAAS,MAAM,mBAAmB,CAAC;AA+B1E,wBAAsB,WAAW,CAC/B,KAAK,EAAE,MAAM,EAAE,EACf,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,MAAM,CAAC,CAwDjB"}

package/dist/commands/scan.js

@@ -0,0 +1,88 @@
+import { readFileSync } from 'node:fs';
+import chalk from 'chalk';
+import { scanHost } from '../scanner/tls.js';
+import { classify } from '../scanner/classifier.js';
+import { grade, shouldFailForGrade } from '../scanner/grader.js';
+import { formatTerminal } from '../output/terminal.js';
+import { formatJson } from '../output/json.js';
+function parseHost(input) {
+    const lastColon = input.lastIndexOf(':');
+    if (lastColon === -1) {
+        return { host: input, port: 443 };
+    }
+    const portStr = input.slice(lastColon + 1);
+    const port = parseInt(portStr, 10);
+    if (isNaN(port) || port <= 0 || port > 65535) {
+        return { host: input, port: 443 };
+    }
+    return { host: input.slice(0, lastColon), port };
+}
+function readHostsFile(filePath) {
+    const content = readFileSync(filePath, 'utf-8');
+    return content
+        .split('\n')
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0 && !line.startsWith('#'));
+}
+export async function scanCommand(hosts, options) {
+    const allHostInputs = [...hosts];
+    if (options.file) {
+        try {
+            const fileHosts = readHostsFile(options.file);
+            allHostInputs.push(...fileHosts);
+        }
+        catch (err) {
+            console.error(chalk.red(`Error reading hosts file: ${err.message}`));
+            return 1;
+        }
+    }
+    if (allHostInputs.length === 0) {
+        console.error(chalk.red('No hosts specified. Use: postquant scan <host> or --file <path>'));
+        return 1;
+    }
+    const results = [];
+    let hadErrors = false;
+    for (const input of allHostInputs) {
+        const { host, port } = parseHost(input);
+        try {
+            const scanResult = await scanHost(host, port, options.timeout);
+            const classified = classify(scanResult);
+            const graded = grade(classified);
+            results.push(graded);
+        }
+        catch (err) {
+            hadErrors = true;
+            console.error(chalk.red(`\nError scanning ${host}:${port}: ${err.message}`));
+        }
+    }
+    if (results.length > 0) {
+        if (options.format === 'json') {
+            console.log(formatJson(results));
+        }
+        else {
+            for (const result of results) {
+                console.log(formatTerminal(result));
+            }
+        }
+    }
+    if (hadErrors)
+        return 1;
+    const worstGrade = getWorstGrade(results);
+    if (worstGrade && shouldFailForGrade(worstGrade, options.failGrade)) {
+        return 1;
+    }
+    return 0;
+}
+const GRADE_ORDER = ['A+', 'A', 'B', 'C', 'D', 'F'];
+function getWorstGrade(results) {
+    if (results.length === 0)
+        return null;
+    let worst = 0;
+    for (const r of results) {
+        const idx = GRADE_ORDER.indexOf(r.grade);
+        if (idx > worst)
+            worst = idx;
+    }
+    return GRADE_ORDER[worst];
+}
+//# sourceMappingURL=scan.js.map

package/dist/commands/scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAQ/C,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEnC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,GAAG,KAAK,EAAE,CAAC;QAC7C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,OAAO,OAAO;SACX,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAe,EACf,OAAoB;IAEpB,MAAM,aAAa,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,6BAA8B,GAAa,CAAC,OAAO,EAAE,CAAC,CACjE,CAAC;YACF,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC,CAAC;QAC5F,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;YAC/D,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,GAAG,IAAI,CAAC;YACjB,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,oBAAoB,IAAI,IAAI,IAAI,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CACzE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAAS;QAAE,OAAO,CAAC,CAAC;IAExB,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,UAAU,IAAI,kBAAkB,CAAC,UAAU,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,WAAW,GAAY,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAE7D,SAAS,aAAa,CAAC,OAAuB;IAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,GAAG,GAAG,KAAK;YAAE,KAAK,GAAG,GAAG,CAAC;IAC/B,CAAC;IACD,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { scanCommand } from './commands/scan.js';
+const VALID_GRADES = ['A+', 'A', 'B', 'C', 'D', 'F'];
+const program = new Command();
+program
+    .name('postquant')
+    .description('Scan TLS endpoints for quantum-vulnerable cryptography')
+    .version('0.1.0');
+program
+    .command('scan')
+    .description('Scan one or more TLS endpoints for quantum readiness')
+    .argument('[hosts...]', 'Hostnames to scan (with optional :port)')
+    .option('-f, --format <format>', 'Output format (terminal, json)', 'terminal')
+    .option('--file <path>', 'Read hosts from file (one per line)')
+    .option('--timeout <ms>', 'Connection timeout in milliseconds', '10000')
+    .option('--verbose', 'Show raw TLS handshake details', false)
+    .option('--fail-grade <grade>', 'Exit non-zero at this grade or worse', 'C')
+    .action(async (hosts, opts) => {
+    const format = opts.format;
+    if (format !== 'terminal' && format !== 'json') {
+        console.error(`Invalid format: ${format}. Use 'terminal' or 'json'.`);
+        process.exit(1);
+    }
+    const failGrade = opts.failGrade;
+    if (!VALID_GRADES.includes(failGrade)) {
+        console.error(`Invalid fail-grade: ${failGrade}. Use one of: ${VALID_GRADES.join(', ')}`);
+        process.exit(1);
+    }
+    const exitCode = await scanCommand(hosts, {
+        format,
+        timeout: parseInt(opts.timeout, 10),
+        verbose: opts.verbose,
+        failGrade,
+        file: opts.file,
+    });
+    process.exit(exitCode);
+});
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGjD,MAAM,YAAY,GAAY,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAE9D,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,wDAAwD,CAAC;KACrE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,sDAAsD,CAAC;KACnE,QAAQ,CAAC,YAAY,EAAE,yCAAyC,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,gCAAgC,EAAE,UAAU,CAAC;KAC7E,MAAM,CAAC,eAAe,EAAE,qCAAqC,CAAC;KAC9D,MAAM,CAAC,gBAAgB,EAAE,oCAAoC,EAAE,OAAO,CAAC;KACvE,MAAM,CAAC,WAAW,EAAE,gCAAgC,EAAE,KAAK,CAAC;KAC5D,MAAM,CACL,sBAAsB,EACtB,sCAAsC,EACtC,GAAG,CACJ;KACA,MAAM,CAAC,KAAK,EAAE,KAAe,EAAE,IAAI,EAAE,EAAE;IACtC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAsB,CAAC;IAC3C,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/C,OAAO,CAAC,KAAK,CAAC,mBAAmB,MAAM,6BAA6B,CAAC,CAAC;QACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAkB,CAAC;IAC1C,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CACX,uBAAuB,SAAS,iBAAiB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3E,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,SAAS;QACT,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzB,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/output/json.d.ts

@@ -0,0 +1,3 @@
+import type { GradedResult } from '../types/index.js';
+export declare function formatJson(results: GradedResult[]): string;
+//# sourceMappingURL=json.d.ts.map

package/dist/output/json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.d.ts","sourceRoot":"","sources":["../../src/output/json.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AActD,wBAAgB,UAAU,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,MAAM,CAc1D"}

package/dist/output/json.js

@@ -0,0 +1,28 @@
+import { readFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { dirname, join } from 'node:path';
+function getVersion() {
+    try {
+        const __dirname = dirname(fileURLToPath(import.meta.url));
+        const pkg = JSON.parse(readFileSync(join(__dirname, '..', '..', 'package.json'), 'utf-8'));
+        return pkg.version;
+    }
+    catch {
+        return '0.1.0';
+    }
+}
+export function formatJson(results) {
+    const output = {
+        version: getVersion(),
+        timestamp: new Date().toISOString(),
+        results: results.map((r) => ({
+            target: `${r.host}:${r.port}`,
+            grade: r.grade,
+            findings: r.findings,
+            summary: r.summary,
+            migrationNotes: r.migrationNotes,
+        })),
+    };
+    return JSON.stringify(output, null, 2);
+}
+//# sourceMappingURL=json.js.map

package/dist/output/json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.js","sourceRoot":"","sources":["../../src/output/json.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAG1C,SAAS,UAAU;IACjB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CACnE,CAAC;QACF,OAAO,GAAG,CAAC,OAAO,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAuB;IAChD,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,UAAU,EAAE;QACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE;YAC7B,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,cAAc,EAAE,CAAC,CAAC,cAAc;SACjC,CAAC,CAAC;KACJ,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/output/terminal.d.ts

@@ -0,0 +1,3 @@
+import type { GradedResult } from '../types/index.js';
+export declare function formatTerminal(result: GradedResult): string;
+//# sourceMappingURL=terminal.d.ts.map

package/dist/output/terminal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal.d.ts","sourceRoot":"","sources":["../../src/output/terminal.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAoB,MAAM,mBAAmB,CAAC;AAwCxE,wBAAgB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAwG3D"}

package/dist/output/terminal.js

@@ -0,0 +1,103 @@
+import chalk from 'chalk';
+const VERSION = '0.1.0';
+function riskIcon(risk) {
+    switch (risk) {
+        case 'critical':
+            return chalk.red('🔴 Quantum Vulnerable');
+        case 'moderate':
+            return chalk.yellow('🟡 Moderate Risk');
+        case 'safe':
+            return chalk.green('🟢 Quantum Safe');
+    }
+}
+function protocolLabel(risk) {
+    switch (risk) {
+        case 'critical':
+            return chalk.red('🔴 Legacy (Insecure)');
+        case 'moderate':
+            return chalk.yellow('🟡 Aging');
+        case 'safe':
+            return chalk.green('🟢 Current');
+    }
+}
+function gradeColor(grade) {
+    switch (grade) {
+        case 'A+':
+        case 'A':
+            return chalk.green.bold(grade);
+        case 'B':
+            return chalk.yellow.bold(grade);
+        case 'C':
+        case 'D':
+        case 'F':
+            return chalk.red.bold(grade);
+    }
+}
+export function formatTerminal(result) {
+    const lines = [];
+    const bar = '━'.repeat(48);
+    lines.push('');
+    lines.push(chalk.bold(`🔐 PostQuant v${VERSION} — Quantum Readiness Scanner`));
+    lines.push(chalk.dim(bar));
+    lines.push('');
+    lines.push(`  Target: ${chalk.bold(`${result.host}:${result.port}`)}`);
+    lines.push('');
+    lines.push(`  Overall Grade:  ${gradeColor(result.grade)}`);
+    lines.push('');
+    const certFinding = result.findings.find((f) => f.component === 'certificate');
+    if (certFinding) {
+        lines.push('  Certificate');
+        const algoStr = certFinding.curve
+            ? `${certFinding.algorithm} ${certFinding.curve}`
+            : certFinding.keySize
+                ? `${certFinding.algorithm}-${certFinding.keySize}`
+                : certFinding.algorithm;
+        lines.push(`    Algorithm:    ${algoStr.padEnd(20)} ${riskIcon(certFinding.risk)}`);
+    }
+    const protocolFinding = result.findings.find((f) => f.component === 'protocol');
+    const kxFinding = result.findings.find((f) => f.component === 'keyExchange');
+    const cipherFinding = result.findings.find((f) => f.component === 'cipher');
+    const hashFinding = result.findings.find((f) => f.component === 'hash');
+    lines.push('');
+    lines.push('  Connection');
+    if (protocolFinding) {
+        lines.push(`    Protocol:     ${protocolFinding.algorithm.padEnd(20)} ${protocolLabel(protocolFinding.risk)}`);
+    }
+    if (kxFinding) {
+        lines.push(`    Key Exchange: ${kxFinding.algorithm.padEnd(20)} ${riskIcon(kxFinding.risk)}`);
+    }
+    if (cipherFinding) {
+        lines.push(`    Cipher:       ${cipherFinding.algorithm.padEnd(20)} ${riskIcon(cipherFinding.risk)}`);
+    }
+    if (hashFinding) {
+        const hashLabel = cipherFinding?.algorithm.includes('GCM') ||
+            cipherFinding?.algorithm.includes('CHACHA')
+            ? 'AEAD'
+            : hashFinding.algorithm;
+        lines.push(`    MAC:          ${hashLabel.padEnd(20)} ${riskIcon(hashFinding.risk)}`);
+    }
+    lines.push('');
+    lines.push('  Summary');
+    if (result.summary.critical > 0) {
+        lines.push(chalk.red(`    🔴 ${result.summary.critical} quantum-vulnerable finding${result.summary.critical > 1 ? 's' : ''}`));
+    }
+    if (result.summary.moderate > 0) {
+        lines.push(chalk.yellow(`    🟡 ${result.summary.moderate} moderate-risk finding${result.summary.moderate > 1 ? 's' : ''}`));
+    }
+    if (result.summary.safe > 0) {
+        lines.push(chalk.green(`    🟢 ${result.summary.safe} quantum-safe finding${result.summary.safe > 1 ? 's' : ''}`));
+    }
+    if (result.migrationNotes.length > 0) {
+        lines.push('');
+        lines.push('  Migration Notes');
+        for (const note of result.migrationNotes) {
+            lines.push(`    • ${note}`);
+        }
+        lines.push(chalk.dim('    • NIST Timeline: Current algorithms deprecated 2030, disallowed 2035'));
+    }
+    lines.push('');
+    lines.push(chalk.dim(bar));
+    lines.push('');
+    return lines.join('\n');
+}
+//# sourceMappingURL=terminal.js.map

package/dist/output/terminal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal.js","sourceRoot":"","sources":["../../src/output/terminal.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,MAAM,OAAO,GAAG,OAAO,CAAC;AAExB,SAAS,QAAQ,CAAC,IAAe;IAC/B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAC5C,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC1C,KAAK,MAAM;YACT,OAAO,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAe;IACpC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QAC3C,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAClC,KAAK,MAAM;YACT,OAAO,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAY;IAC9B,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,IAAI,CAAC;QACV,KAAK,GAAG;YACN,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,KAAK,GAAG;YACN,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,GAAG,CAAC;QACT,KAAK,GAAG,CAAC;QACT,KAAK,GAAG;YACN,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAoB;IACjD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,8BAA8B,CAAC,CACnE,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,aAAa,CAAC,CAAC;IAC/E,IAAI,WAAW,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK;YAC/B,CAAC,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,KAAK,EAAE;YACjD,CAAC,CAAC,WAAW,CAAC,OAAO;gBACnB,CAAC,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,OAAO,EAAE;gBACnD,CAAC,CAAC,WAAW,CAAC,SAAS,CAAC;QAC5B,KAAK,CAAC,IAAI,CACR,qBAAqB,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CACxE,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,aAAa,CAAC,CAAC;IAC7E,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC;IAExE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CACR,qBAAqB,eAAe,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CACnG,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CACR,qBAAqB,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAClF,CAAC;IACJ,CAAC;IACD,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CACR,qBAAqB,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAC1F,CAAC;IACJ,CAAC;IACD,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,SAAS,GACb,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;YACxC,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACzC,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,WAAW,CAAC,SAAS,CAAC;QAC5B,KAAK,CAAC,IAAI,CACR,qBAAqB,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxB,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,GAAG,CACP,UAAU,MAAM,CAAC,OAAO,CAAC,QAAQ,8BAA8B,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACxG,CACF,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,MAAM,CACV,UAAU,MAAM,CAAC,OAAO,CAAC,QAAQ,yBAAyB,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACnG,CACF,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,KAAK,CACT,UAAU,MAAM,CAAC,OAAO,CAAC,IAAI,wBAAwB,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1F,CACF,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,GAAG,CACP,0EAA0E,CAC3E,CACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/scanner/classifier.d.ts

@@ -0,0 +1,3 @@
+import type { TlsScanResult, ClassifiedResult } from '../types/index.js';
+export declare function classify(scan: TlsScanResult): ClassifiedResult;
+//# sourceMappingURL=classifier.d.ts.map

package/dist/scanner/classifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"classifier.d.ts","sourceRoot":"","sources":["../../src/scanner/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EAEb,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAE3B,wBAAgB,QAAQ,CAAC,IAAI,EAAE,aAAa,GAAG,gBAAgB,CAY9D"}

package/dist/scanner/classifier.js

@@ -0,0 +1,283 @@
+export function classify(scan) {
+    return {
+        host: scan.host,
+        port: scan.port,
+        findings: [
+            classifyProtocol(scan),
+            classifyCertificate(scan),
+            classifyKeyExchange(scan),
+            classifyCipher(scan),
+            classifyHash(scan),
+        ],
+    };
+}
+function classifyProtocol(scan) {
+    const protocol = scan.protocol ?? '';
+    if (protocol === 'TLSv1.3') {
+        return {
+            component: 'protocol',
+            algorithm: 'TLS 1.3',
+            risk: 'safe',
+            reason: 'Current protocol version',
+        };
+    }
+    if (protocol === 'TLSv1.2') {
+        return {
+            component: 'protocol',
+            algorithm: 'TLS 1.2',
+            risk: 'moderate',
+            reason: 'Aging protocol, still functional',
+            migration: 'Upgrade to TLS 1.3',
+        };
+    }
+    const version = protocol || 'Unknown';
+    return {
+        component: 'protocol',
+        algorithm: version,
+        risk: 'critical',
+        reason: 'Legacy protocol, already insecure',
+        migration: 'Upgrade to TLS 1.3 immediately',
+    };
+}
+function classifyCertificate(scan) {
+    if (!scan.certificate) {
+        return {
+            component: 'certificate',
+            algorithm: 'Unknown',
+            risk: 'critical',
+            reason: 'Unknown algorithm — assumed vulnerable',
+            migration: 'ML-DSA (FIPS 204)',
+        };
+    }
+    const algo = scan.certificate.publicKeyAlgorithm.toUpperCase();
+    const keySize = scan.certificate.publicKeySize;
+    const pqcAlgos = ['ML-DSA', 'ML-KEM', 'SLH-DSA', 'HQC'];
+    if (pqcAlgos.some((pqc) => algo.includes(pqc.toUpperCase()))) {
+        return {
+            component: 'certificate',
+            algorithm: scan.certificate.publicKeyAlgorithm,
+            keySize,
+            risk: 'safe',
+            reason: 'NIST post-quantum standard',
+        };
+    }
+    const classicalAlgos = ['RSA', 'EC', 'ECDSA', 'ED25519', 'ED448', 'DSA', 'DH'];
+    if (classicalAlgos.some((ca) => algo.includes(ca))) {
+        return {
+            component: 'certificate',
+            algorithm: scan.certificate.publicKeyAlgorithm,
+            keySize,
+            curve: scan.certificate.curve,
+            risk: 'critical',
+            reason: "Vulnerable to Shor's algorithm",
+            migration: 'ML-DSA (FIPS 204)',
+        };
+    }
+    return {
+        component: 'certificate',
+        algorithm: scan.certificate.publicKeyAlgorithm,
+        keySize,
+        risk: 'critical',
+        reason: 'Unknown algorithm — assumed vulnerable',
+        migration: 'ML-DSA (FIPS 204)',
+    };
+}
+function isPqcKeyExchange(scan) {
+    const ephName = scan.ephemeralKeyInfo?.name?.toUpperCase() ?? '';
+    const cipherName = scan.cipher?.name?.toUpperCase() ?? '';
+    const pqcPatterns = ['KYBER', 'MLKEM', 'ML-KEM'];
+    return pqcPatterns.some((p) => ephName.includes(p) || cipherName.includes(p));
+}
+function classifyKeyExchange(scan) {
+    if (isPqcKeyExchange(scan)) {
+        const name = scan.ephemeralKeyInfo?.name ?? 'PQC hybrid';
+        return {
+            component: 'keyExchange',
+            algorithm: name,
+            risk: 'safe',
+            reason: 'Post-quantum hybrid key exchange',
+        };
+    }
+    if (!scan.ephemeralKeyInfo) {
+        const cipherName = scan.cipher?.name?.toUpperCase() ?? '';
+        // TLS 1.2 cipher names include key exchange (e.g., ECDHE-RSA-AES256-GCM-SHA384)
+        if (cipherName.includes('ECDHE') || cipherName.includes('X25519')) {
+            return {
+                component: 'keyExchange',
+                algorithm: 'ECDHE (inferred)',
+                risk: 'critical',
+                reason: "Vulnerable to Shor's algorithm",
+                migration: 'ML-KEM (FIPS 203) hybrid key exchange',
+            };
+        }
+        if (cipherName.includes('DHE')) {
+            return {
+                component: 'keyExchange',
+                algorithm: 'DHE (inferred)',
+                risk: 'critical',
+                reason: "Vulnerable to Shor's algorithm",
+                migration: 'ML-KEM (FIPS 203) hybrid key exchange',
+            };
+        }
+        // TLS 1.3 always uses ephemeral key exchange (typically X25519 or ECDHE P-256)
+        // but cipher names don't include it — infer from protocol
+        if (scan.protocol === 'TLSv1.3') {
+            return {
+                component: 'keyExchange',
+                algorithm: 'X25519 (inferred)',
+                risk: 'critical',
+                reason: "Vulnerable to Shor's algorithm (TLS 1.3 uses ephemeral ECDHE)",
+                migration: 'ML-KEM (FIPS 203) hybrid key exchange',
+            };
+        }
+        return {
+            component: 'keyExchange',
+            algorithm: 'Unknown',
+            risk: 'critical',
+            reason: 'Unknown key exchange — assumed vulnerable',
+            migration: 'ML-KEM (FIPS 203) hybrid key exchange',
+        };
+    }
+    const type = scan.ephemeralKeyInfo.type.toUpperCase();
+    const name = scan.ephemeralKeyInfo.name ?? scan.ephemeralKeyInfo.type;
+    if (type === 'ECDH' || type === 'DH') {
+        return {
+            component: 'keyExchange',
+            algorithm: name,
+            keySize: scan.ephemeralKeyInfo.size,
+            risk: 'critical',
+            reason: "Vulnerable to Shor's algorithm",
+            migration: 'ML-KEM (FIPS 203) hybrid key exchange',
+        };
+    }
+    return {
+        component: 'keyExchange',
+        algorithm: name,
+        keySize: scan.ephemeralKeyInfo.size,
+        risk: 'critical',
+        reason: 'Unknown key exchange — assumed vulnerable',
+        migration: 'ML-KEM (FIPS 203) hybrid key exchange',
+    };
+}
+function classifyCipher(scan) {
+    if (!scan.cipher) {
+        return {
+            component: 'cipher',
+            algorithm: 'Unknown',
+            risk: 'critical',
+            reason: 'Unknown cipher — assumed vulnerable',
+            migration: 'Use AES-256-GCM or ChaCha20-Poly1305',
+        };
+    }
+    const name = scan.cipher.name.toUpperCase();
+    const bits = scan.cipher.bits;
+    if (name.includes('CHACHA20')) {
+        return {
+            component: 'cipher',
+            algorithm: 'ChaCha20-Poly1305',
+            keySize: 256,
+            risk: 'safe',
+            reason: 'Quantum-resistant symmetric cipher',
+        };
+    }
+    if (name.includes('AES')) {
+        if (bits >= 256) {
+            return {
+                component: 'cipher',
+                algorithm: `AES-${bits}`,
+                keySize: bits,
+                risk: 'safe',
+                reason: 'Quantum-resistant at current key size',
+            };
+        }
+        return {
+            component: 'cipher',
+            algorithm: `AES-${bits}`,
+            keySize: bits,
+            risk: 'moderate',
+            reason: "Grover's algorithm reduces to 64-bit effective security",
+            migration: 'Upgrade to AES-256',
+        };
+    }
+    return {
+        component: 'cipher',
+        algorithm: scan.cipher.name,
+        keySize: bits,
+        risk: 'critical',
+        reason: 'Unknown cipher — assumed vulnerable',
+        migration: 'Use AES-256-GCM or ChaCha20-Poly1305',
+    };
+}
+function extractHash(scan) {
+    const name = scan.cipher?.name?.toUpperCase() ?? '';
+    const standardName = scan.cipher?.standardName?.toUpperCase() ?? '';
+    // Check cipher name first (primary source)
+    if (name.includes('SHA384') || name.includes('SHA_384'))
+        return 'SHA-384';
+    if (name.includes('SHA512') || name.includes('SHA_512'))
+        return 'SHA-512';
+    if (name.includes('SHA256') || name.includes('SHA_256'))
+        return 'SHA-256';
+    if (name.endsWith('-SHA') || name.endsWith('_SHA'))
+        return 'SHA-1';
+    if (name.includes('MD5'))
+        return 'MD5';
+    // Fallback to standardName
+    if (standardName.includes('SHA384') || standardName.includes('SHA_384'))
+        return 'SHA-384';
+    if (standardName.includes('SHA512') || standardName.includes('SHA_512'))
+        return 'SHA-512';
+    if (standardName.includes('SHA256') || standardName.includes('SHA_256'))
+        return 'SHA-256';
+    if (standardName.endsWith('_SHA'))
+        return 'SHA-1';
+    if (standardName.includes('MD5'))
+        return 'MD5';
+    return 'Unknown';
+}
+function classifyHash(scan) {
+    const hash = extractHash(scan);
+    if (hash === 'SHA-384' || hash === 'SHA-512') {
+        return {
+            component: 'hash',
+            algorithm: hash,
+            risk: 'safe',
+            reason: 'Sufficient post-quantum security margin',
+        };
+    }
+    if (hash === 'SHA-256') {
+        return {
+            component: 'hash',
+            algorithm: hash,
+            risk: 'moderate',
+            reason: "Grover's reduces to 128-bit effective (still acceptable)",
+            migration: 'Consider upgrading to SHA-384',
+        };
+    }
+    if (hash === 'SHA-1') {
+        return {
+            component: 'hash',
+            algorithm: hash,
+            risk: 'critical',
+            reason: 'Already broken — not quantum-specific',
+            migration: 'Upgrade to SHA-256 or SHA-384 immediately',
+        };
+    }
+    if (hash === 'MD5') {
+        return {
+            component: 'hash',
+            algorithm: hash,
+            risk: 'critical',
+            reason: 'Already broken — not quantum-specific',
+            migration: 'Upgrade to SHA-256 or SHA-384 immediately',
+        };
+    }
+    return {
+        component: 'hash',
+        algorithm: hash,
+        risk: 'critical',
+        reason: 'Unknown hash — assumed vulnerable',
+        migration: 'Use SHA-384 or SHA-512',
+    };
+}
+//# sourceMappingURL=classifier.js.map

package/dist/scanner/classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/scanner/classifier.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,QAAQ,CAAC,IAAmB;IAC1C,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE;YACR,gBAAgB,CAAC,IAAI,CAAC;YACtB,mBAAmB,CAAC,IAAI,CAAC;YACzB,mBAAmB,CAAC,IAAI,CAAC;YACzB,cAAc,CAAC,IAAI,CAAC;YACpB,YAAY,CAAC,IAAI,CAAC;SACnB;KACF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAmB;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;IAErC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO;YACL,SAAS,EAAE,UAAU;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,0BAA0B;SACnC,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO;YACL,SAAS,EAAE,UAAU;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,kCAAkC;YAC1C,SAAS,EAAE,oBAAoB;SAChC,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,IAAI,SAAS,CAAC;IACtC,OAAO;QACL,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,mCAAmC;QAC3C,SAAS,EAAE,gCAAgC;KAC5C,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAmB;IAC9C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,OAAO;YACL,SAAS,EAAE,aAAa;YACxB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,wCAAwC;YAChD,SAAS,EAAE,mBAAmB;SAC/B,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC;IAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC;IAE/C,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IACxD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;QAC7D,OAAO;YACL,SAAS,EAAE,aAAa;YACxB,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,kBAAkB;YAC9C,OAAO;YACP,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,4BAA4B;SACrC,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/E,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO;YACL,SAAS,EAAE,aAAa;YACxB,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,kBAAkB;YAC9C,OAAO;YACP,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK;YAC7B,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,gCAAgC;YACxC,SAAS,EAAE,mBAAmB;SAC/B,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,aAAa;QACxB,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,kBAAkB;QAC9C,OAAO;QACP,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,wCAAwC;QAChD,SAAS,EAAE,mBAAmB;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAmB;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACjE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAE1D,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACjD,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CACrD,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAmB;IAC9C,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,EAAE,IAAI,IAAI,YAAY,CAAC;QACzD,OAAO;YACL,SAAS,EAAE,aAAa;YACxB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,kCAAkC;SAC3C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAE1D,gFAAgF;QAChF,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,SAAS,EAAE,aAAa;gBACxB,SAAS,EAAE,kBAAkB;gBAC7B,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,gCAAgC;gBACxC,SAAS,EAAE,uCAAuC;aACnD,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,SAAS,EAAE,aAAa;gBACxB,SAAS,EAAE,gBAAgB;gBAC3B,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,gCAAgC;gBACxC,SAAS,EAAE,uCAAuC;aACnD,CAAC;QACJ,CAAC;QAED,+EAA+E;QAC/E,0DAA0D;QAC1D,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO;gBACL,SAAS,EAAE,aAAa;gBACxB,SAAS,EAAE,mBAAmB;gBAC9B,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,+DAA+D;gBACvE,SAAS,EAAE,uCAAuC;aACnD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,SAAS,EAAE,aAAa;YACxB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,2CAA2C;YACnD,SAAS,EAAE,uCAAuC;SACnD,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;IAEtE,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QACrC,OAAO;YACL,SAAS,EAAE,aAAa;YACxB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI;YACnC,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,gCAAgC;YACxC,SAAS,EAAE,uCAAuC;SACnD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,aAAa;QACxB,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI;QACnC,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,2CAA2C;QACnD,SAAS,EAAE,uCAAuC;KACnD,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAmB;IACzC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,qCAAqC;YAC7C,SAAS,EAAE,sCAAsC;SAClD,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAE9B,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,mBAAmB;YAC9B,OAAO,EAAE,GAAG;YACZ,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,oCAAoC;SAC7C,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YAChB,OAAO;gBACL,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,OAAO,IAAI,EAAE;gBACxB,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,uCAAuC;aAChD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,OAAO,IAAI,EAAE;YACxB,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,yDAAyD;YACjE,SAAS,EAAE,oBAAoB;SAChC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;QAC3B,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,qCAAqC;QAC7C,SAAS,EAAE,sCAAsC;KAClD,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,IAAmB;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACpD,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAEpE,2CAA2C;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1E,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IACnE,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvC,2BAA2B;IAC3B,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1F,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1F,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1F,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IAClD,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE/C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,IAAmB;IACvC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAE/B,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7C,OAAO;YACL,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,yCAAyC;SAClD,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO;YACL,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,0DAA0D;YAClE,SAAS,EAAE,+BAA+B;SAC3C,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO;YACL,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,uCAAuC;YAC/C,SAAS,EAAE,2CAA2C;SACvD,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnB,OAAO;YACL,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,uCAAuC;YAC/C,SAAS,EAAE,2CAA2C;SACvD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,MAAM;QACjB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,mCAAmC;QAC3C,SAAS,EAAE,wBAAwB;KACpC,CAAC;AACJ,CAAC"}

package/dist/scanner/grader.d.ts

@@ -0,0 +1,4 @@
+import type { ClassifiedResult, GradedResult, Grade } from '../types/index.js';
+export declare function grade(classified: ClassifiedResult): GradedResult;
+export declare function shouldFailForGrade(actual: Grade, threshold: Grade): boolean;
+//# sourceMappingURL=grader.d.ts.map

package/dist/scanner/grader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grader.d.ts","sourceRoot":"","sources":["../../src/scanner/grader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,YAAY,EACZ,KAAK,EACN,MAAM,mBAAmB,CAAC;AAM3B,wBAAgB,KAAK,CAAC,UAAU,EAAE,gBAAgB,GAAG,YAAY,CA4ChE;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,GAAG,OAAO,CAI3E"}

package/dist/scanner/grader.js

@@ -0,0 +1,49 @@
+const PQC_KEYWORDS = ['KYBER', 'MLKEM', 'ML-KEM', 'ML-DSA', 'SLH-DSA', 'HQC'];
+const GRADE_ORDER = ['A+', 'A', 'B', 'C', 'D', 'F'];
+export function grade(classified) {
+    const { findings } = classified;
+    const critical = findings.filter((f) => f.risk === 'critical');
+    const moderate = findings.filter((f) => f.risk === 'moderate');
+    const safe = findings.filter((f) => f.risk === 'safe');
+    const protocolFinding = findings.find((f) => f.component === 'protocol');
+    const hashFinding = findings.find((f) => f.component === 'hash');
+    let computedGrade;
+    if (protocolFinding?.risk === 'critical' || hashFinding?.risk === 'critical') {
+        computedGrade = 'F';
+    }
+    else if (critical.length >= 3) {
+        computedGrade = 'D';
+    }
+    else if (critical.length >= 1) {
+        computedGrade = 'C';
+    }
+    else if (moderate.length >= 1) {
+        computedGrade = 'B';
+    }
+    else {
+        const hasPqc = findings.some((f) => PQC_KEYWORDS.some((kw) => f.algorithm.toUpperCase().includes(kw)));
+        computedGrade = hasPqc ? 'A+' : 'A';
+    }
+    const migrationNotes = findings
+        .filter((f) => f.migration)
+        .map((f) => f.migration);
+    return {
+        host: classified.host,
+        port: classified.port,
+        grade: computedGrade,
+        findings,
+        migrationNotes,
+        summary: {
+            critical: critical.length,
+            moderate: moderate.length,
+            safe: safe.length,
+            total: findings.length,
+        },
+    };
+}
+export function shouldFailForGrade(actual, threshold) {
+    const actualIndex = GRADE_ORDER.indexOf(actual);
+    const thresholdIndex = GRADE_ORDER.indexOf(threshold);
+    return actualIndex >= thresholdIndex;
+}
+//# sourceMappingURL=grader.js.map

package/dist/scanner/grader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grader.js","sourceRoot":"","sources":["../../src/scanner/grader.ts"],"names":[],"mappings":"AAMA,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;AAE9E,MAAM,WAAW,GAAY,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAE7D,MAAM,UAAU,KAAK,CAAC,UAA4B;IAChD,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEhC,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAEvD,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC;IAEjE,IAAI,aAAoB,CAAC;IAEzB,IAAI,eAAe,EAAE,IAAI,KAAK,UAAU,IAAI,WAAW,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7E,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACjC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAClE,CAAC;QACF,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ;SAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAU,CAAC,CAAC;IAE5B,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,KAAK,EAAE,aAAa;QACpB,QAAQ;QACR,cAAc;QACd,OAAO,EAAE;YACP,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,KAAK,EAAE,QAAQ,CAAC,MAAM;SACvB;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAa,EAAE,SAAgB;IAChE,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtD,OAAO,WAAW,IAAI,cAAc,CAAC;AACvC,CAAC"}

package/dist/scanner/tls.d.ts

@@ -0,0 +1,3 @@
+import type { TlsScanResult } from '../types/index.js';
+export declare function scanHost(host: string, port: number, timeout: number): Promise<TlsScanResult>;
+//# sourceMappingURL=tls.d.ts.map

package/dist/scanner/tls.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/scanner/tls.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,wBAAgB,QAAQ,CACtB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,aAAa,CAAC,CA+BxB"}

package/dist/scanner/tls.js

@@ -0,0 +1,122 @@
+import tls from 'node:tls';
+export function scanHost(host, port, timeout) {
+    return new Promise((resolve, reject) => {
+        const socket = tls.connect({
+            host,
+            port,
+            rejectUnauthorized: false,
+            timeout,
+        }, () => {
+            try {
+                const result = extractTlsData(socket, host, port);
+                socket.destroy();
+                resolve(result);
+            }
+            catch (err) {
+                socket.destroy();
+                reject(err);
+            }
+        });
+        socket.on('error', (err) => {
+            socket.destroy();
+            reject(err);
+        });
+        socket.on('timeout', () => {
+            socket.destroy();
+            reject(new Error(`Connection to ${host}:${port} timed out`));
+        });
+    });
+}
+function extractTlsData(socket, host, port) {
+    const cipher = socket.getCipher();
+    const protocol = socket.getProtocol();
+    const cert = socket.getPeerCertificate(true);
+    let ephemeralKeyInfo = null;
+    try {
+        const eki = socket.getEphemeralKeyInfo?.();
+        if (eki && eki.type) {
+            ephemeralKeyInfo = {
+                type: eki.type,
+                name: eki.name,
+                size: eki.size,
+            };
+        }
+    }
+    catch {
+        // getEphemeralKeyInfo not available — leave null
+    }
+    let certificate = null;
+    if (cert && cert.subject) {
+        const cn = typeof cert.subject === 'object'
+            ? cert.subject.CN ?? ''
+            : String(cert.subject);
+        const issuerCN = typeof cert.issuer === 'object'
+            ? cert.issuer.CN ?? cert.issuer.O ?? ''
+            : String(cert.issuer);
+        let publicKeyAlgorithm = 'Unknown';
+        const publicKeySize = cert.bits ?? 0;
+        const curve = cert.asn1Curve;
+        const modulus = cert.modulus;
+        const sigAlgorithm = cert.sigalg ?? '';
+        // Detect algorithm from cert properties (sigalg is not always available)
+        if (modulus) {
+            publicKeyAlgorithm = 'RSA';
+        }
+        else if (curve) {
+            publicKeyAlgorithm = 'EC';
+        }
+        else if (sigAlgorithm.includes('RSA') || sigAlgorithm.includes('rsa')) {
+            publicKeyAlgorithm = 'RSA';
+        }
+        else if (sigAlgorithm.includes('ecdsa') || sigAlgorithm.includes('ECDSA')) {
+            publicKeyAlgorithm = 'EC';
+        }
+        else if (sigAlgorithm.includes('ed25519') || sigAlgorithm.includes('Ed25519')) {
+            publicKeyAlgorithm = 'Ed25519';
+        }
+        else if (sigAlgorithm.includes('ed448') || sigAlgorithm.includes('Ed448')) {
+            publicKeyAlgorithm = 'Ed448';
+        }
+        else if (sigAlgorithm.includes('dsa') || sigAlgorithm.includes('DSA')) {
+            publicKeyAlgorithm = 'DSA';
+        }
+        certificate = {
+            subject: cn,
+            issuer: issuerCN,
+            validFrom: cert.valid_from ?? '',
+            validTo: cert.valid_to ?? '',
+            serialNumber: cert.serialNumber ?? '',
+            fingerprint256: cert.fingerprint256 ?? '',
+            sigAlgorithm,
+            publicKeyAlgorithm,
+            publicKeySize,
+            curve,
+        };
+    }
+    return {
+        host,
+        port,
+        protocol: protocol ?? null,
+        cipher: cipher
+            ? {
+                name: cipher.name,
+                standardName: cipher.standardName ?? cipher.name,
+                version: cipher.version,
+                bits: cipher.bits ?? parseCipherBits(cipher.name),
+            }
+            : null,
+        certificate,
+        ephemeralKeyInfo,
+    };
+}
+function parseCipherBits(cipherName) {
+    const upper = cipherName.toUpperCase();
+    if (upper.includes('256'))
+        return 256;
+    if (upper.includes('128'))
+        return 128;
+    if (upper.includes('CHACHA20'))
+        return 256;
+    return 0;
+}
+//# sourceMappingURL=tls.js.map

package/dist/scanner/tls.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/scanner/tls.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAG3B,MAAM,UAAU,QAAQ,CACtB,IAAY,EACZ,IAAY,EACZ,OAAe;IAEf,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CACxB;YACE,IAAI;YACJ,IAAI;YACJ,kBAAkB,EAAE,KAAK;YACzB,OAAO;SACR,EACD,GAAG,EAAE;YACH,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;gBAClD,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACxB,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,IAAI,IAAI,IAAI,YAAY,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CACrB,MAAqB,EACrB,IAAY,EACZ,IAAY;IAEZ,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,gBAAgB,GAAsC,IAAI,CAAC;IAC/D,IAAI,CAAC;QACH,MAAM,GAAG,GAAI,MAAc,CAAC,mBAAmB,EAAE,EAAE,CAAC;QACpD,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACpB,gBAAgB,GAAG;gBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,IAAI,WAAW,GAAiC,IAAI,CAAC;IACrD,IAAI,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,EAAE,GACN,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;YAC9B,CAAC,CAAE,IAAI,CAAC,OAAe,CAAC,EAAE,IAAI,EAAE;YAChC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE3B,MAAM,QAAQ,GACZ,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;YAC7B,CAAC,CAAE,IAAI,CAAC,MAAc,CAAC,EAAE,IAAK,IAAI,CAAC,MAAc,CAAC,CAAC,IAAI,EAAE;YACzD,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE1B,IAAI,kBAAkB,GAAG,SAAS,CAAC;QACnC,MAAM,aAAa,GAAI,IAAY,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAI,IAAY,CAAC,SAAS,CAAC;QACtC,MAAM,OAAO,GAAI,IAAY,CAAC,OAAO,CAAC;QACtC,MAAM,YAAY,GAAI,IAAY,CAAC,MAAM,IAAI,EAAE,CAAC;QAEhD,yEAAyE;QACzE,IAAI,OAAO,EAAE,CAAC;YACZ,kBAAkB,GAAG,KAAK,CAAC;QAC7B,CAAC;aAAM,IAAI,KAAK,EAAE,CAAC;YACjB,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACxE,kBAAkB,GAAG,KAAK,CAAC;QAC7B,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChF,kBAAkB,GAAG,SAAS,CAAC;QACjC,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,kBAAkB,GAAG,OAAO,CAAC;QAC/B,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACxE,kBAAkB,GAAG,KAAK,CAAC;QAC7B,CAAC;QAED,WAAW,GAAG;YACZ,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE;YAChC,OAAO,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;YAC5B,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE;YACrC,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,EAAE;YACzC,YAAY;YACZ,kBAAkB;YAClB,aAAa;YACb,KAAK;SACN,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI;QACJ,IAAI;QACJ,QAAQ,EAAE,QAAQ,IAAI,IAAI;QAC1B,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC;gBACE,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,YAAY,EAAG,MAAc,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI;gBACzD,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAG,MAAc,CAAC,IAAI,IAAI,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC;aAC3D;YACH,CAAC,CAAC,IAAI;QACR,WAAW;QACX,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACtC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACtC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,GAAG,CAAC;IAC3C,OAAO,CAAC,CAAC;AACX,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,72 @@
+export type RiskLevel = 'critical' | 'moderate' | 'safe';
+export type Grade = 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
+export type ComponentType = 'protocol' | 'certificate' | 'keyExchange' | 'cipher' | 'hash';
+export type OutputFormat = 'terminal' | 'json';
+export interface TlsScanResult {
+    host: string;
+    port: number;
+    protocol: string | null;
+    cipher: {
+        name: string;
+        standardName: string;
+        version: string;
+        bits: number;
+    } | null;
+    certificate: {
+        subject: string;
+        issuer: string;
+        validFrom: string;
+        validTo: string;
+        serialNumber: string;
+        fingerprint256: string;
+        sigAlgorithm: string;
+        publicKeyAlgorithm: string;
+        publicKeySize: number;
+        curve?: string;
+    } | null;
+    ephemeralKeyInfo: {
+        type: string;
+        name?: string;
+        size: number;
+    } | null;
+}
+export interface ClassifiedFinding {
+    component: ComponentType;
+    algorithm: string;
+    keySize?: number;
+    curve?: string;
+    risk: RiskLevel;
+    reason: string;
+    migration?: string;
+}
+export interface ClassifiedResult {
+    host: string;
+    port: number;
+    findings: ClassifiedFinding[];
+}
+export interface GradedResult {
+    host: string;
+    port: number;
+    grade: Grade;
+    findings: ClassifiedFinding[];
+    migrationNotes: string[];
+    summary: {
+        critical: number;
+        moderate: number;
+        safe: number;
+        total: number;
+    };
+}
+export interface ScanReport {
+    version: string;
+    timestamp: string;
+    results: GradedResult[];
+}
+export interface ScanOptions {
+    format: OutputFormat;
+    timeout: number;
+    verbose: boolean;
+    failGrade: Grade;
+    file?: string;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;AAEzD,MAAM,MAAM,KAAK,GAAG,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEvD,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,aAAa,GACb,aAAa,GACb,QAAQ,GACR,MAAM,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,MAAM,CAAC;AAE/C,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,GAAG,IAAI,CAAC;IACT,WAAW,EAAE;QACX,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,IAAI,CAAC;IACT,gBAAgB,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;KACd,GAAG,IAAI,CAAC;CACV;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,aAAa,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,iBAAiB,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,YAAY,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,KAAK,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}

package/dist/types/index.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,11 +1,57 @@
 {
   "name": "postquant",
-  "version": "0.0.1",
-  "description": "Post-quantum cryptography audit tool. Scan your code for quantum-vulnerable crypto.",
-  "main": "index.js",
-  "bin": { "postquant": "./index.js" },
-  "keywords": ["post-quantum","cryptography","pqc","security","audit","quantum","nist"],
+  "version": "0.1.0",
+  "description": "Scan your code and infrastructure for quantum-vulnerable cryptography.",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "postquant": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "post-quantum",
+    "cryptography",
+    "pqc",
+    "security",
+    "audit",
+    "quantum",
+    "nist",
+    "ml-kem",
+    "ml-dsa",
+    "scanner"
+  ],
   "author": "PostQuant <hello@postquant.dev> (https://postquant.dev)",
   "license": "MIT",
-  "homepage": "https://postquant.dev"
+  "homepage": "https://postquant.dev",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/postquantdev/postquant.git"
+  },
+  "bugs": {
+    "url": "https://github.com/postquantdev/postquant/issues"
+  },
+  "dependencies": {
+    "chalk": "^5.6.2",
+    "commander": "^14.0.3"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.3",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  }
 }

package/index.js

@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-console.log("postquant v0.0.1 - PQC audit tool. Coming soon. https://postquant.dev");