prodlint 0.7.1 → 0.8.0

package/dist/cli.js

@@ -720,7 +720,8 @@ var SECRET_PATTERNS = [
   { name: "AWS access key", pattern: /AKIA[0-9A-Z]{16}/ },
   { name: "AWS secret key", pattern: /(?:aws_secret_access_key|AWS_SECRET)\s*[=:]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/ },
   { name: "Supabase service role key", pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[A-Za-z0-9_-]{50,}\.[A-Za-z0-9_-]{20,}/ },
-  { name: "OpenAI API key", pattern: /sk-[a-zA-Z0-9]{20,}T3BlbkFJ[a-zA-Z0-9]{20,}/ },
+  { name: "OpenAI API key (legacy)", pattern: /sk-[a-zA-Z0-9]{20,}T3BlbkFJ[a-zA-Z0-9]{20,}/ },
+  { name: "OpenAI API key", pattern: /sk-proj-[a-zA-Z0-9_\-]{20,}/ },
   { name: "GitHub token", pattern: /gh[ps]_[A-Za-z0-9_]{36,}/ },
   { name: "GitHub fine-grained token", pattern: /github_pat_[A-Za-z0-9_]{22,}/ },
   { name: "Generic API key assignment", pattern: /(?:api_key|apikey|api_secret|secret_key|private_key)\s*[=:]\s*['"][a-zA-Z0-9_\-]{20,}['"]/ },
@@ -4484,6 +4485,295 @@ function renderBar(score) {
   const color = scoreColor(score);
   return color("\u2588".repeat(filled)) + pc.dim("\u2591".repeat(empty));
 }
+var STATUS_ICONS = {
+  pass: pc.green,
+  fail: pc.red,
+  warn: pc.yellow,
+  info: pc.blue
+};
+var STATUS_SYMBOLS = {
+  pass: "\u2713",
+  fail: "\u2717",
+  warn: "!",
+  info: "i"
+};
+function reportWebPretty(result) {
+  const lines = [];
+  lines.push("");
+  lines.push(pc.bold("  prodlint site score"));
+  lines.push(pc.dim(`  ${result.domain} \xB7 ${result.summary.totalChecks} checks`));
+  lines.push("");
+  const overallColor = scoreColor(result.overallScore);
+  const bar = renderBar(result.overallScore);
+  lines.push(`  ${pc.bold("Score:")} ${overallColor(pc.bold(`${result.overallScore}`))} ${overallColor(result.grade)}  ${bar}`);
+  lines.push("");
+  const order = { fail: 0, warn: 1, info: 2, pass: 3 };
+  const sorted = [...result.checks].sort((a, b) => (order[a.status] ?? 9) - (order[b.status] ?? 9));
+  for (const check of sorted) {
+    const color = STATUS_ICONS[check.status] ?? pc.dim;
+    const symbol = STATUS_SYMBOLS[check.status] ?? "?";
+    const pts = `${check.points}/${check.maxPoints}`;
+    lines.push(`  ${color(symbol)} ${check.name.padEnd(28)} ${pc.dim(pts.padStart(6))}  ${pc.dim(check.details || "")}`);
+  }
+  lines.push("");
+  const parts = [];
+  if (result.summary.passed > 0) parts.push(pc.green(`${result.summary.passed} passed`));
+  if (result.summary.failed > 0) parts.push(pc.red(`${result.summary.failed} failed`));
+  if (result.summary.warnings > 0) parts.push(pc.yellow(`${result.summary.warnings} warnings`));
+  lines.push(`  ${parts.join(pc.dim(" \xB7 "))}`);
+  lines.push("");
+  lines.push(pc.dim(`  Full results: https://prodlint.com/score?url=${encodeURIComponent(result.domain)}`));
+  lines.push("");
+  return lines.join("\n");
+}
+
+// src/web-scanner/checks.ts
+function make(id, name, description, maxPoints, severity, status, details) {
+  return {
+    id,
+    name,
+    description,
+    status,
+    severity,
+    details,
+    points: status === "pass" ? maxPoints : status === "warn" ? Math.floor(maxPoints / 2) : 0,
+    maxPoints
+  };
+}
+function checkRobotsTxt(ctx) {
+  if (!ctx.robotsTxt) return make("robots_txt", "robots.txt", "robots.txt exists and is accessible", 5, "medium", "fail", "No robots.txt found.");
+  return make("robots_txt", "robots.txt", "robots.txt exists and is accessible", 5, "medium", "pass", "robots.txt found.");
+}
+function checkRobotsAiDirectives(ctx) {
+  if (!ctx.robotsTxt) return make("robots_ai_directives", "AI robots.txt Directives", "AI bot user-agents in robots.txt", 15, "critical", "fail", "No robots.txt found. AI bots have no guidance.");
+  const agents = ["GPTBot", "ChatGPT-User", "ClaudeBot", "Claude-Web", "Google-Extended", "PerplexityBot", "Bytespider", "CCBot", "anthropic-ai", "cohere-ai"];
+  const found = agents.filter((a) => ctx.robotsTxt.toLowerCase().includes(a.toLowerCase()));
+  if (found.length === 0) return make("robots_ai_directives", "AI robots.txt Directives", "AI bot user-agents in robots.txt", 15, "critical", "fail", "No AI-specific user-agent directives found.");
+  if (found.length < 3) return make("robots_ai_directives", "AI robots.txt Directives", "AI bot user-agents in robots.txt", 15, "critical", "warn", `Found ${found.length} AI bot directive(s): ${found.join(", ")}.`);
+  return make("robots_ai_directives", "AI robots.txt Directives", "AI bot user-agents in robots.txt", 15, "critical", "pass", `Found ${found.length} AI bot directive(s): ${found.join(", ")}.`);
+}
+function checkContentUsage(ctx) {
+  const hasHeader = ctx.headers["content-usage"] != null;
+  const hasInRobots = ctx.robotsTxt?.toLowerCase().includes("content-usage") ?? false;
+  if (!hasHeader && !hasInRobots) return make("content_usage", "Content-Usage (IETF aipref)", "Content-Usage header or directives", 10, "high", "fail", "No Content-Usage directives found.");
+  return make("content_usage", "Content-Usage (IETF aipref)", "Content-Usage header or directives", 10, "high", "pass", hasHeader ? `Header: ${ctx.headers["content-usage"]}` : "Found in robots.txt.");
+}
+function checkLlmsTxt(ctx) {
+  if (!ctx.llmsTxt) return make("llms_txt", "llms.txt", "LLM-optimized site summary at /llms.txt", 10, "high", "fail", "No llms.txt found.");
+  const lines = ctx.llmsTxt.split("\n").filter((l) => l.trim().length > 0);
+  if (lines.length < 3) return make("llms_txt", "llms.txt", "LLM-optimized site summary at /llms.txt", 10, "high", "warn", "llms.txt found but appears minimal.");
+  return make("llms_txt", "llms.txt", "LLM-optimized site summary at /llms.txt", 10, "high", "pass", `llms.txt found with ${lines.length} lines.`);
+}
+function checkTdmRep(ctx) {
+  const hasWK = ctx.tdmRep != null;
+  const hasHeader = ctx.headers["tdm-reservation"] != null;
+  if (!hasWK && !hasHeader) return make("tdmrep", "TDMRep (W3C)", "Text & data mining reservation file or header", 8, "medium", "fail", "No TDMRep configuration found.");
+  return make("tdmrep", "TDMRep (W3C)", "Text & data mining reservation file or header", 8, "medium", "pass", hasWK ? "/.well-known/tdmrep.json found." : `TDM-Reservation header: ${ctx.headers["tdm-reservation"]}`);
+}
+function checkAiDisclosure(ctx) {
+  if (!ctx.headers["ai-disclosure"]) return make("ai_disclosure", "AI-Disclosure Header", "Declares AI involvement in content generation", 5, "low", "fail", "No AI-Disclosure header found.");
+  return make("ai_disclosure", "AI-Disclosure Header", "Declares AI involvement in content generation", 5, "low", "pass", `Header: ${ctx.headers["ai-disclosure"]}`);
+}
+function checkAgentCard(ctx) {
+  if (!ctx.agentCard) return make("agent_card", "A2A AgentCard", "/.well-known/agent-card.json for agent discovery", 10, "high", "fail", "No A2A AgentCard found.");
+  try {
+    const card = JSON.parse(ctx.agentCard);
+    if (!card.name || !Array.isArray(card.skills) || card.skills.length === 0) return make("agent_card", "A2A AgentCard", "/.well-known/agent-card.json for agent discovery", 10, "high", "warn", "AgentCard found but missing name or skills.");
+    return make("agent_card", "A2A AgentCard", "/.well-known/agent-card.json for agent discovery", 10, "high", "pass", `AgentCard found with ${card.skills.length} skill(s).`);
+  } catch {
+    return make("agent_card", "A2A AgentCard", "/.well-known/agent-card.json for agent discovery", 10, "high", "warn", "AgentCard found but contains invalid JSON.");
+  }
+}
+function checkAiTxt(ctx) {
+  if (!ctx.aiTxt) return make("ai_txt", "ai.txt", "AI training permissions per Spawning spec", 5, "medium", "fail", "No ai.txt found at site root.");
+  const lines = ctx.aiTxt.split("\n").filter((l) => l.trim().length > 0 && !l.trim().startsWith("#"));
+  if (lines.length < 2) return make("ai_txt", "ai.txt", "AI training permissions per Spawning spec", 5, "medium", "warn", "ai.txt found but appears minimal.");
+  return make("ai_txt", "ai.txt", "AI training permissions per Spawning spec", 5, "medium", "pass", `ai.txt found with ${lines.length} directive(s).`);
+}
+function checkWebMCP(ctx) {
+  if (!ctx.html) return make("webmcp", "WebMCP Tools", "Chrome 146+ WebMCP tool registration", 10, "high", "info", "Could not check for WebMCP tools.");
+  const hasToolname = /toolname=/i.test(ctx.html);
+  const hasModelContext = /navigator\.modelContext/i.test(ctx.html) || /registerTool/i.test(ctx.html);
+  if (!hasToolname && !hasModelContext) return make("webmcp", "WebMCP Tools", "Chrome 146+ WebMCP tool registration", 10, "high", "fail", "No WebMCP tools detected.");
+  const count = (ctx.html.match(/toolname=/gi) || []).length;
+  return make("webmcp", "WebMCP Tools", "Chrome 146+ WebMCP tool registration", 10, "high", "pass", hasToolname ? `${count} form(s) with toolname attributes.` : "registerTool() usage detected.");
+}
+function checkStructuredData(ctx) {
+  if (!ctx.html) return make("structured_data", "Structured Data", "JSON-LD or Schema.org markup", 10, "medium", "info", "Could not fetch page HTML.");
+  const jsonLd = ctx.html.match(/<script[^>]*type=["']application\/ld\+json["'][^>]*>/gi);
+  const hasMicrodata = ctx.html.includes("itemscope") && ctx.html.includes("itemtype");
+  if (!jsonLd && !hasMicrodata) return make("structured_data", "Structured Data", "JSON-LD or Schema.org markup", 10, "medium", "fail", "No structured data found.");
+  return make("structured_data", "Structured Data", "JSON-LD or Schema.org markup", 10, "medium", "pass", `Found ${(jsonLd?.length || 0) + (hasMicrodata ? 1 : 0)} structured data block(s).`);
+}
+function checkOpenGraph(ctx) {
+  if (!ctx.html) return make("opengraph", "OpenGraph & Meta", "OG tags and meta description", 7, "low", "info", "Could not fetch HTML.");
+  const checks = [/og:title/i.test(ctx.html), /og:description/i.test(ctx.html), /og:image/i.test(ctx.html), /name=["']description["']/i.test(ctx.html)];
+  const passed = checks.filter(Boolean).length;
+  if (passed === 0) return make("opengraph", "OpenGraph & Meta", "OG tags and meta description", 7, "low", "fail", "No OpenGraph tags or meta description.");
+  if (passed < 3) return make("opengraph", "OpenGraph & Meta", "OG tags and meta description", 7, "low", "warn", `Found ${passed}/4 meta tags.`);
+  return make("opengraph", "OpenGraph & Meta", "OG tags and meta description", 7, "low", "pass", `All ${passed} key meta tags present.`);
+}
+function checkSitemap(ctx) {
+  if (!ctx.sitemapXml) return make("sitemap", "sitemap.xml", "Sitemap exists and is valid", 5, "medium", "fail", "No sitemap.xml found.");
+  const count = Math.max((ctx.sitemapXml.match(/<url>/gi) || []).length, (ctx.sitemapXml.match(/<loc>/gi) || []).length);
+  if (count === 0 && /<sitemapindex/i.test(ctx.sitemapXml)) return make("sitemap", "sitemap.xml", "Sitemap exists and is valid", 5, "medium", "pass", "Sitemap index found.");
+  if (count === 0) return make("sitemap", "sitemap.xml", "Sitemap exists and is valid", 5, "medium", "warn", "sitemap.xml found but appears empty.");
+  return make("sitemap", "sitemap.xml", "Sitemap exists and is valid", 5, "medium", "pass", `sitemap.xml found with ${count} URL(s).`);
+}
+function checkHttpSignatures(ctx) {
+  const hasDirectory = ctx.httpSigDirectory != null;
+  const hasSignatureHeader = ctx.headers["signature"] != null || ctx.headers["signature-input"] != null;
+  const hasSignatureAgent = ctx.headers["signature-agent"] != null;
+  if (!hasDirectory && !hasSignatureHeader && !hasSignatureAgent) return make("http_signatures", "HTTP Message Signatures (RFC 9421)", "Agent identity verification via cryptographic signatures", 5, "medium", "fail", "No HTTP signature support detected.");
+  if (hasDirectory) return make("http_signatures", "HTTP Message Signatures (RFC 9421)", "Agent identity verification via cryptographic signatures", 5, "medium", "pass", "/.well-known/http-message-signatures-directory found.");
+  return make("http_signatures", "HTTP Message Signatures (RFC 9421)", "Agent identity verification via cryptographic signatures", 5, "medium", "pass", hasSignatureAgent ? "Signature-Agent header detected." : "Signature/Signature-Input headers detected.");
+}
+function checkPageSpeed(ctx) {
+  if (ctx.loadTimeMs == null) return make("page_speed", "Page Load Time", "Response time for AI agent interactions", 5, "low", "info", "Could not measure.");
+  if (ctx.loadTimeMs > 5e3) return make("page_speed", "Page Load Time", "Response time for AI agent interactions", 5, "low", "fail", `${(ctx.loadTimeMs / 1e3).toFixed(1)}s \u2014 agents may time out.`);
+  if (ctx.loadTimeMs > 2e3) return make("page_speed", "Page Load Time", "Response time for AI agent interactions", 5, "low", "warn", `${(ctx.loadTimeMs / 1e3).toFixed(1)}s \u2014 consider optimizing.`);
+  return make("page_speed", "Page Load Time", "Response time for AI agent interactions", 5, "low", "pass", `${(ctx.loadTimeMs / 1e3).toFixed(1)}s.`);
+}
+var allChecks = [
+  checkRobotsTxt,
+  checkRobotsAiDirectives,
+  checkContentUsage,
+  checkLlmsTxt,
+  checkAiTxt,
+  checkTdmRep,
+  checkAiDisclosure,
+  checkAgentCard,
+  checkWebMCP,
+  checkHttpSignatures,
+  checkStructuredData,
+  checkOpenGraph,
+  checkSitemap,
+  checkPageSpeed
+];
+
+// src/web-scanner/index.ts
+function getGrade(score) {
+  if (score >= 80) return "A";
+  if (score >= 60) return "B";
+  if (score >= 40) return "C";
+  if (score >= 20) return "D";
+  return "F";
+}
+function getDomain(url) {
+  try {
+    return new URL(url).hostname;
+  } catch {
+    return url;
+  }
+}
+var PRIVATE_HOSTNAMES = /* @__PURE__ */ new Set(["localhost", "127.0.0.1", "0.0.0.0", "[::1]", "metadata.google.internal"]);
+function isPrivateHost(hostname) {
+  if (PRIVATE_HOSTNAMES.has(hostname.toLowerCase())) return true;
+  const h = hostname.replace(/^\[|\]$/g, "").toLowerCase();
+  if (h === "::1" || h.startsWith("fe80:") || h.startsWith("fc") || h.startsWith("fd") || h === "::") return true;
+  const ipv4 = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (ipv4) {
+    const [, a, b] = ipv4.map(Number);
+    if (a === 10 || a === 127 || a === 0) return true;
+    if (a === 172 && b >= 16 && b <= 31) return true;
+    if (a === 192 && b === 168) return true;
+    if (a === 169 && b === 254) return true;
+    if (a === 100 && b >= 64 && b <= 127) return true;
+    if (a === 198 && (b === 18 || b === 19)) return true;
+  }
+  return false;
+}
+function validateRedirectUrl(responseUrl) {
+  try {
+    const parsed = new URL(responseUrl);
+    return !isPrivateHost(parsed.hostname);
+  } catch {
+    return false;
+  }
+}
+async function fetchText(url, timeout = 8e3) {
+  try {
+    const c = new AbortController();
+    const t = setTimeout(() => c.abort(), timeout);
+    const r = await fetch(url, { signal: c.signal, headers: { "User-Agent": "Prodlint-WebScanner/1.0" }, redirect: "follow" });
+    clearTimeout(t);
+    if (r.url && !validateRedirectUrl(r.url)) return null;
+    return r.ok ? await r.text() : null;
+  } catch {
+    return null;
+  }
+}
+async function fetchHeaders(url, timeout = 8e3) {
+  try {
+    const c = new AbortController();
+    const t = setTimeout(() => c.abort(), timeout);
+    const r = await fetch(url, { signal: c.signal, headers: { "User-Agent": "Prodlint-WebScanner/1.0" }, redirect: "follow" });
+    clearTimeout(t);
+    if (r.url && !validateRedirectUrl(r.url)) return {};
+    const h = {};
+    r.headers.forEach((v, k) => {
+      h[k.toLowerCase()] = v;
+    });
+    return h;
+  } catch {
+    return {};
+  }
+}
+async function fetchWithTiming(url, timeout = 15e3) {
+  try {
+    const c = new AbortController();
+    const t = setTimeout(() => c.abort(), timeout);
+    const start = Date.now();
+    const r = await fetch(url, { signal: c.signal, headers: { "User-Agent": "Prodlint-WebScanner/1.0" }, redirect: "follow" });
+    const html = await r.text();
+    clearTimeout(t);
+    if (r.url && !validateRedirectUrl(r.url)) return { html: null, loadTimeMs: null };
+    return r.ok ? { html, loadTimeMs: Date.now() - start } : { html: null, loadTimeMs: null };
+  } catch {
+    return { html: null, loadTimeMs: null };
+  }
+}
+function normalizeUrl(input) {
+  let url = input.trim();
+  if (!/^https?:\/\//i.test(url)) {
+    url = `https://${url}`;
+  }
+  const parsed = new URL(url);
+  return parsed.origin;
+}
+async function runWebScan(targetUrl) {
+  const domain = getDomain(targetUrl);
+  const [robotsTxt, llmsTxt, aiTxt, tdmRep, agentCard, sitemapXml, httpSigDirectory, headers, pageData] = await Promise.all([
+    fetchText(`${targetUrl}/robots.txt`),
+    fetchText(`${targetUrl}/llms.txt`),
+    fetchText(`${targetUrl}/ai.txt`),
+    fetchText(`${targetUrl}/.well-known/tdmrep.json`),
+    fetchText(`${targetUrl}/.well-known/agent-card.json`),
+    fetchText(`${targetUrl}/sitemap.xml`),
+    fetchText(`${targetUrl}/.well-known/http-message-signatures-directory`),
+    fetchHeaders(targetUrl),
+    fetchWithTiming(targetUrl)
+  ]);
+  const ctx = { url: targetUrl, domain, robotsTxt, llmsTxt, aiTxt, tdmRep, agentCard, sitemapXml, httpSigDirectory, headers, html: pageData.html, loadTimeMs: pageData.loadTimeMs };
+  const checks = allChecks.map((fn) => fn(ctx));
+  const totalPoints = checks.reduce((s, c) => s + c.points, 0);
+  const maxPoints = checks.reduce((s, c) => s + c.maxPoints, 0);
+  const overallScore = maxPoints > 0 ? Math.round(totalPoints / maxPoints * 100) : 0;
+  return {
+    url: targetUrl,
+    domain,
+    scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    overallScore,
+    grade: getGrade(overallScore),
+    checks,
+    summary: {
+      passed: checks.filter((c) => c.status === "pass").length,
+      failed: checks.filter((c) => c.status === "fail").length,
+      warnings: checks.filter((c) => c.status === "warn").length,
+      totalChecks: checks.length
+    }
+  };
+}
 
 // src/cli.ts
 var SEVERITY_RANK = { critical: 3, warning: 2, info: 1 };
@@ -4495,6 +4785,7 @@ async function main() {
       ignore: { type: "string", multiple: true, default: [] },
       "min-severity": { type: "string", default: "info" },
       quiet: { type: "boolean", default: false },
+      web: { type: "boolean", default: false },
       help: { type: "boolean", short: "h", default: false },
       version: { type: "boolean", short: "v", default: false }
     }
@@ -4507,6 +4798,15 @@ async function main() {
     console.log(getVersion());
     process.exit(0);
   }
+  if (values.web) {
+    const url = positionals[0];
+    if (!url) {
+      console.error("Usage: npx prodlint --web <url>");
+      process.exit(2);
+    }
+    await runWebScan2(url, { json: values.json });
+    return;
+  }
   const targetPath = positionals[0] ?? ".";
   const minSeverity = values["min-severity"] ?? "info";
   const result = await scan({
@@ -4524,18 +4824,40 @@ async function main() {
     process.exit(1);
   }
 }
+async function runWebScan2(url, opts) {
+  let normalizedUrl;
+  try {
+    normalizedUrl = normalizeUrl(url);
+  } catch {
+    console.error("Invalid URL:", url);
+    process.exit(2);
+  }
+  const hostname = new URL(normalizedUrl).hostname;
+  if (isPrivateHost(hostname)) {
+    console.error("Cannot scan private/internal hosts.");
+    process.exit(2);
+  }
+  const result = await runWebScan(normalizedUrl);
+  if (opts.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(reportWebPretty(result));
+  }
+}
 function printHelp() {
   console.log(`
   prodlint - The linter for vibe-coded apps
 
   Usage:
     npx prodlint [path] [options]
+    npx prodlint --web <url>
 
   Options:
     --json                    Output results as JSON
     --ignore <pattern>        Glob patterns to ignore (can be repeated)
     --min-severity <level>    Minimum severity to show: critical, warning, info (default: info)
     --quiet                   Suppress badge and summary
+    --web                     Get your site's prodlint score (14 AI agent checks)
     -h, --help                Show this help message
     -v, --version             Show version
 
@@ -4546,6 +4868,8 @@ function printHelp() {
     npx prodlint --ignore "*.test"            Ignore test files
     npx prodlint --min-severity warning       Only warnings and criticals
     npx prodlint --quiet                      No badge output
+    npx prodlint --web example.com            Site score
+    npx prodlint --web example.com --json     Site score with JSON output
 `);
 }
 main().catch((err) => {

package/dist/index.d.ts

@@ -73,4 +73,47 @@ declare function scan(options: ScanOptions): Promise<ScanResult>;
 
 declare const rules: Rule[];
 
-export { type Category, type CategoryScore, type FileContext, type Finding, type ProjectContext, type Rule, type ScanOptions, type ScanResult, type Severity, rules, scan };
+type CheckStatus = "pass" | "fail" | "warn" | "info";
+type CheckSeverity = "critical" | "high" | "medium" | "low";
+interface ScanCheck {
+    id: string;
+    name: string;
+    description: string;
+    status: CheckStatus;
+    severity: CheckSeverity;
+    points: number;
+    maxPoints: number;
+    details?: string;
+}
+interface CheckContext {
+    url: string;
+    domain: string;
+    robotsTxt: string | null;
+    llmsTxt: string | null;
+    aiTxt: string | null;
+    tdmRep: string | null;
+    agentCard: string | null;
+    sitemapXml: string | null;
+    httpSigDirectory: string | null;
+    headers: Record<string, string>;
+    html: string | null;
+    loadTimeMs: number | null;
+}
+interface WebScanResult {
+    url: string;
+    domain: string;
+    scannedAt: string;
+    overallScore: number;
+    grade: string;
+    checks: ScanCheck[];
+    summary: {
+        passed: number;
+        failed: number;
+        warnings: number;
+        totalChecks: number;
+    };
+}
+
+declare function runWebScan(targetUrl: string): Promise<WebScanResult>;
+
+export { type Category, type CategoryScore, type FileContext, type Finding, type ProjectContext, type Rule, type ScanOptions, type ScanResult, type Severity, type CheckContext as WebCheckContext, type ScanCheck as WebScanCheck, type WebScanResult, rules, runWebScan, scan };