project-shield 1.0.0

package/dist/integrity/ruleset.js

@@ -0,0 +1,77 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeRulesetHash = computeRulesetHash;
+exports.loadRuleset = loadRuleset;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const crypto = __importStar(require("node:crypto"));
+const failsafe_js_1 = require("./failsafe.js");
+/**
+ * Compute SHA-256 hash of the ruleset content (excluding the sha256 field itself).
+ */
+function computeRulesetHash(content) {
+    const parsed = JSON.parse(content);
+    // Remove the sha256 field before hashing
+    const { sha256: _hash, ...rest } = parsed;
+    const canonical = JSON.stringify(rest, null, 2);
+    return crypto.createHash('sha256').update(canonical).digest('hex');
+}
+/**
+ * Load and verify a ruleset file.
+ * Throws RulesetNotFoundError if file doesn't exist.
+ * Throws RulesetIntegrityError if hash doesn't match.
+ */
+function loadRuleset(rulesetPath) {
+    const resolvedPath = rulesetPath ?? path.join(process.cwd(), 'rules', 'v1.0.0.json');
+    if (!fs.existsSync(resolvedPath)) {
+        throw new failsafe_js_1.RulesetNotFoundError(resolvedPath);
+    }
+    const content = fs.readFileSync(resolvedPath, 'utf-8');
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch {
+        throw new failsafe_js_1.RulesetIntegrityError();
+    }
+    const expectedHash = parsed.sha256;
+    const actualHash = computeRulesetHash(content);
+    if (actualHash !== expectedHash) {
+        throw new failsafe_js_1.RulesetIntegrityError();
+    }
+    return parsed;
+}
+//# sourceMappingURL=ruleset.js.map

package/dist/integrity/ruleset.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleset.js","sourceRoot":"","sources":["../../src/integrity/ruleset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,gDAMC;AAOD,kCAwBC;AA9CD,4CAA8B;AAC9B,gDAAkC;AAClC,oDAAsC;AAEtC,+CAA4E;AAE5E;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAe;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,yCAAyC;IACzC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC;AAED;;;;GAIG;AACH,SAAgB,WAAW,CAAC,WAAoB;IAC9C,MAAM,YAAY,GAAG,WAAW,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;IAErF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,kCAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACvD,IAAI,MAAe,CAAC;IAEpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAY,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,mCAAqB,EAAE,CAAC;IACpC,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;IACnC,MAAM,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAE/C,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,mCAAqB,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/integrity/seal.d.ts

@@ -0,0 +1,12 @@
+import type { ScanResult, ScanScore, SealedResult } from '../types/index.js';
+/**
+ * Seal scan results with a SHA-256 hash for tamper detection.
+ *
+ * The hash covers: findings + score + timestamp + rulesetVersion.
+ * Same inputs (with same timestamp) produce the same hash.
+ */
+export declare function sealResult(scanResult: ScanResult, score: ScanScore, rulesetVersion: string, options?: {
+    isPro?: boolean;
+    timestamp?: string;
+}): SealedResult;
+//# sourceMappingURL=seal.d.ts.map

package/dist/integrity/seal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal.d.ts","sourceRoot":"","sources":["../../src/integrity/seal.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAE7E;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,SAAS,EAChB,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAChD,YAAY,CAqCd"}

package/dist/integrity/seal.js

@@ -0,0 +1,77 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sealResult = sealResult;
+const crypto = __importStar(require("node:crypto"));
+/**
+ * Seal scan results with a SHA-256 hash for tamper detection.
+ *
+ * The hash covers: findings + score + timestamp + rulesetVersion.
+ * Same inputs (with same timestamp) produce the same hash.
+ */
+function sealResult(scanResult, score, rulesetVersion, options) {
+    const timestamp = options?.timestamp ?? new Date().toISOString();
+    const isPro = options?.isPro ?? false;
+    const payload = {
+        findings: {
+            secrets: scanResult.secrets,
+            pii: scanResult.pii,
+            mcp: scanResult.mcp,
+            injection: scanResult.injection,
+        },
+        score: {
+            numericScore: score.numericScore,
+            grade: score.grade,
+            isLocked: score.isLocked,
+        },
+        timestamp,
+        rulesetVersion,
+    };
+    const resultHash = crypto
+        .createHash('sha256')
+        .update(JSON.stringify(payload))
+        .digest('hex');
+    const seal = {
+        resultHash,
+        timestamp,
+        rulesetVersion,
+    };
+    if (isPro) {
+        seal.badgeUUID = crypto.randomUUID();
+        seal.verifyURL = `https://shield.verify/${seal.badgeUUID}`;
+    }
+    return seal;
+}
+//# sourceMappingURL=seal.js.map

package/dist/integrity/seal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal.js","sourceRoot":"","sources":["../../src/integrity/seal.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,gCA0CC;AAnDD,oDAAsC;AAGtC;;;;;GAKG;AACH,SAAgB,UAAU,CACxB,UAAsB,EACtB,KAAgB,EAChB,cAAsB,EACtB,OAAiD;IAEjD,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjE,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,KAAK,CAAC;IAEtC,MAAM,OAAO,GAAG;QACd,QAAQ,EAAE;YACR,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,GAAG,EAAE,UAAU,CAAC,GAAG;YACnB,GAAG,EAAE,UAAU,CAAC,GAAG;YACnB,SAAS,EAAE,UAAU,CAAC,SAAS;SAChC;QACD,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB;QACD,SAAS;QACT,cAAc;KACf,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM;SACtB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;SAC/B,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,MAAM,IAAI,GAAiB;QACzB,UAAU;QACV,SAAS;QACT,cAAc;KACf,CAAC;IAEF,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACrC,IAAI,CAAC,SAAS,GAAG,yBAAyB,IAAI,CAAC,SAAS,EAAE,CAAC;IAC7D,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/output/badge.d.ts

@@ -0,0 +1,16 @@
+import type { ScanScore, LockStatus } from '../types/index.js';
+export declare class BadgeLockedError extends Error {
+    constructor(message: string);
+}
+/**
+ * Generate an SVG badge in shields.io style.
+ * Throws BadgeLockedError if score is F (locked).
+ */
+export declare function generateBadge(score: ScanScore, lockStatus: LockStatus, options?: {
+    isPro: boolean;
+}): string;
+/**
+ * Save an SVG badge to disk.
+ */
+export declare function saveBadge(svgContent: string, outputPath: string): void;
+//# sourceMappingURL=badge.d.ts.map

package/dist/output/badge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"badge.d.ts","sourceRoot":"","sources":["../../src/output/badge.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/D,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAcD;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,KAAK,EAAE,SAAS,EAChB,UAAU,EAAE,UAAU,EACtB,OAAO,GAAE;IAAE,KAAK,EAAE,OAAO,CAAA;CAAqB,GAC7C,MAAM,CAwCR;AAYD;;GAEG;AACH,wBAAgB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAEtE"}

package/dist/output/badge.js

@@ -0,0 +1,112 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BadgeLockedError = void 0;
+exports.generateBadge = generateBadge;
+exports.saveBadge = saveBadge;
+const fs = __importStar(require("node:fs"));
+class BadgeLockedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'BadgeLockedError';
+    }
+}
+exports.BadgeLockedError = BadgeLockedError;
+/**
+ * Badge color mapping by grade.
+ */
+const BADGE_COLORS = {
+    A: '#4c1', // green
+    B: '#97CA00', // brightgreen
+    C: '#dfb317', // yellow
+    D: '#fe7d37', // orange
+    E: '#e05d44', // red-orange
+    F: '#e05d44', // red
+};
+/**
+ * Generate an SVG badge in shields.io style.
+ * Throws BadgeLockedError if score is F (locked).
+ */
+function generateBadge(score, lockStatus, options = { isPro: false }) {
+    if (lockStatus.isLocked) {
+        throw new BadgeLockedError(`Badge generation is locked: ${lockStatus.message}`);
+    }
+    const color = BADGE_COLORS[score.grade] ?? '#9f9f9f';
+    const label = 'Project Shield';
+    const value = `${score.grade} (${score.numericScore}/100)`;
+    const labelWidth = label.length * 7 + 10;
+    const valueWidth = value.length * 7 + 10;
+    const totalWidth = labelWidth + valueWidth;
+    const watermark = options.isPro ? '' : generateWatermark(labelWidth, totalWidth);
+    const disclaimer = 'This badge is informational only. It does not guarantee the absence of security vulnerabilities.';
+    return `<svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="20" role="img" aria-label="${label}: ${value}">
+  <metadata>${disclaimer}</metadata>
+  <title>${label}: ${value}</title>
+  <linearGradient id="s" x2="0" y2="100%">
+    <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
+    <stop offset="1" stop-opacity=".1"/>
+  </linearGradient>
+  <clipPath id="r">
+    <rect width="${totalWidth}" height="20" rx="3" fill="#fff"/>
+  </clipPath>
+  <g clip-path="url(#r)">
+    <rect width="${labelWidth}" height="20" fill="#555"/>
+    <rect x="${labelWidth}" width="${valueWidth}" height="20" fill="${color}"/>
+    <rect width="${totalWidth}" height="20" fill="url(#s)"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="11">
+    <text aria-hidden="true" x="${labelWidth / 2}" y="15" fill="#010101" fill-opacity=".3">${label}</text>
+    <text x="${labelWidth / 2}" y="14">${label}</text>
+    <text aria-hidden="true" x="${labelWidth + valueWidth / 2}" y="15" fill="#010101" fill-opacity=".3">${value}</text>
+    <text x="${labelWidth + valueWidth / 2}" y="14">${value}</text>
+  </g>${watermark}
+</svg>`;
+}
+/**
+ * Generate watermark text for free tier badges.
+ */
+function generateWatermark(labelWidth, totalWidth) {
+    return `
+  <g fill="#fff" fill-opacity="0.15" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" font-size="8" transform="rotate(-20, ${totalWidth / 2}, 10)">
+    <text x="${totalWidth / 2}" y="12">FREE</text>
+  </g>`;
+}
+/**
+ * Save an SVG badge to disk.
+ */
+function saveBadge(svgContent, outputPath) {
+    fs.writeFileSync(outputPath, svgContent, 'utf-8');
+}
+//# sourceMappingURL=badge.js.map

package/dist/output/badge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"badge.js","sourceRoot":"","sources":["../../src/output/badge.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,sCA4CC;AAeD,8BAEC;AAvFD,4CAA8B;AAG9B,MAAa,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AALD,4CAKC;AAED;;GAEG;AACH,MAAM,YAAY,GAA2B;IAC3C,CAAC,EAAE,MAAM,EAAO,QAAQ;IACxB,CAAC,EAAE,SAAS,EAAI,cAAc;IAC9B,CAAC,EAAE,SAAS,EAAI,SAAS;IACzB,CAAC,EAAE,SAAS,EAAI,SAAS;IACzB,CAAC,EAAE,SAAS,EAAI,aAAa;IAC7B,CAAC,EAAE,SAAS,EAAI,MAAM;CACvB,CAAC;AAEF;;;GAGG;AACH,SAAgB,aAAa,CAC3B,KAAgB,EAChB,UAAsB,EACtB,UAA8B,EAAE,KAAK,EAAE,KAAK,EAAE;IAE9C,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,gBAAgB,CACxB,+BAA+B,UAAU,CAAC,OAAO,EAAE,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC;IACrD,MAAM,KAAK,GAAG,gBAAgB,CAAC;IAC/B,MAAM,KAAK,GAAG,GAAG,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,YAAY,OAAO,CAAC;IAE3D,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,EAAE,CAAC;IACzC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,EAAE,CAAC;IACzC,MAAM,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;IAE3C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACjF,MAAM,UAAU,GAAG,kGAAkG,CAAC;IAEtH,OAAO,kDAAkD,UAAU,wCAAwC,KAAK,KAAK,KAAK;cAC9G,UAAU;WACb,KAAK,KAAK,KAAK;;;;;;mBAMP,UAAU;;;mBAGV,UAAU;eACd,UAAU,YAAY,UAAU,uBAAuB,KAAK;mBACxD,UAAU;;;kCAGK,UAAU,GAAG,CAAC,6CAA6C,KAAK;eACnF,UAAU,GAAG,CAAC,YAAY,KAAK;kCACZ,UAAU,GAAG,UAAU,GAAG,CAAC,6CAA6C,KAAK;eAChG,UAAU,GAAG,UAAU,GAAG,CAAC,YAAY,KAAK;QACnD,SAAS;OACV,CAAC;AACR,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,UAAkB,EAAE,UAAkB;IAC/D,OAAO;qJAC4I,UAAU,GAAG,CAAC;eACpJ,UAAU,GAAG,CAAC;OACtB,CAAC;AACR,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,UAAkB,EAAE,UAAkB;IAC9D,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC"}

package/dist/output/evidence.d.ts

@@ -0,0 +1,18 @@
+import type { ScanResult, ScanScore, LockStatus, SealedResult, EvidencePack } from '../types/index.js';
+/**
+ * Generate an EvidencePack JSON object from scan results.
+ */
+export declare function generateEvidenceJSON(result: ScanResult, score: ScanScore, lockStatus: LockStatus, seal: SealedResult, config: {
+    scanTarget: string;
+    rulesetHash: string;
+    rulesetVersion: string;
+}): EvidencePack;
+/**
+ * Save EvidencePack as JSON file.
+ */
+export declare function saveEvidenceJSON(pack: EvidencePack, outputPath: string): void;
+/**
+ * Generate a PDF Evidence Pack using pdfkit.
+ */
+export declare function generateEvidencePDF(pack: EvidencePack, outputPath: string): Promise<void>;
+//# sourceMappingURL=evidence.d.ts.map

package/dist/output/evidence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.d.ts","sourceRoot":"","sources":["../../src/output/evidence.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,UAAU,EACV,SAAS,EACT,UAAU,EACV,YAAY,EACZ,YAAY,EACb,MAAM,mBAAmB,CAAC;AAQ3B;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,SAAS,EAChB,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,GAC1E,YAAY,CAqCd;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAE7E;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,YAAY,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CAyHf"}

package/dist/output/evidence.js

@@ -0,0 +1,205 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateEvidenceJSON = generateEvidenceJSON;
+exports.saveEvidenceJSON = saveEvidenceJSON;
+exports.generateEvidencePDF = generateEvidencePDF;
+const fs = __importStar(require("node:fs"));
+const fixit_js_1 = require("./fixit.js");
+const DISCLAIMER = 'This scan covers: secret exposure, config checks, PII patterns, prompt injection patterns. ' +
+    'This is NOT a penetration test. Results do not guarantee complete security. ' +
+    'Generated by Project Shield v1.0.0.';
+/**
+ * Generate an EvidencePack JSON object from scan results.
+ */
+function generateEvidenceJSON(result, score, lockStatus, seal, config) {
+    const guides = (0, fixit_js_1.getFixitGuides)(result, { isPro: true });
+    const criticalGuides = guides.filter(g => g.severity === 'critical');
+    return {
+        generatedAt: new Date().toISOString(),
+        toolVersion: '1.0.0',
+        rulesetVersion: config.rulesetVersion,
+        scanTarget: config.scanTarget,
+        filesScanned: result.summary.filesScanned,
+        filesExcluded: result.summary.filesExcluded,
+        scanDuration: `${(result.summary.timeMs / 1000).toFixed(1)}s`,
+        score,
+        lockStatus,
+        findings: {
+            secrets: result.secrets,
+            pii: result.pii,
+            mcp: result.mcp,
+            injection: result.injection,
+        },
+        fixitSummary: {
+            totalIssues: result.secrets.length +
+                result.pii.length +
+                result.mcp.length +
+                result.injection.length,
+            criticalIssues: criticalGuides.length,
+            fixitGuidesAvailable: guides.length,
+        },
+        integrity: {
+            rulesetHash: config.rulesetHash,
+            resultHash: seal.resultHash,
+            badgeUUID: seal.badgeUUID,
+            verifyURL: seal.verifyURL,
+        },
+        disclaimer: DISCLAIMER,
+    };
+}
+/**
+ * Save EvidencePack as JSON file.
+ */
+function saveEvidenceJSON(pack, outputPath) {
+    fs.writeFileSync(outputPath, JSON.stringify(pack, null, 2), 'utf-8');
+}
+/**
+ * Generate a PDF Evidence Pack using pdfkit.
+ */
+async function generateEvidencePDF(pack, outputPath) {
+    // Dynamic import for pdfkit (CJS module)
+    const PDFDocumentModule = await import('pdfkit');
+    const PDFDocument = PDFDocumentModule.default ?? PDFDocumentModule;
+    return new Promise((resolve, reject) => {
+        const doc = new PDFDocument({
+            size: 'A4',
+            margins: { top: 60, bottom: 60, left: 50, right: 50 },
+        });
+        const stream = fs.createWriteStream(outputPath);
+        doc.pipe(stream);
+        // ─── Cover Page ───────────────────────────────────────
+        doc.fontSize(28).font('Helvetica-Bold').text('Project Shield', { align: 'center' });
+        doc.moveDown(0.5);
+        doc.fontSize(16).font('Helvetica').text('Security Scan Report', { align: 'center' });
+        doc.moveDown(1);
+        doc.fontSize(12).text(`Date: ${pack.generatedAt}`, { align: 'center' });
+        doc.text(`Target: ${pack.scanTarget}`, { align: 'center' });
+        doc.text(`Grade: ${pack.score.grade} (${pack.score.numericScore}/100)`, { align: 'center' });
+        doc.moveDown(2);
+        // ─── Executive Summary ────────────────────────────────
+        doc.fontSize(18).font('Helvetica-Bold').text('Executive Summary');
+        doc.moveDown(0.5);
+        doc.fontSize(11).font('Helvetica');
+        doc.text(`Score: ${pack.score.numericScore}/100 (Grade ${pack.score.grade})`);
+        doc.text(`Ruleset Version: ${pack.rulesetVersion}`);
+        doc.text(`Files Scanned: ${pack.filesScanned}`);
+        doc.text(`Files Excluded: ${pack.filesExcluded}`);
+        doc.text(`Scan Duration: ${pack.scanDuration}`);
+        doc.text(`Lock Status: ${pack.lockStatus.isLocked ? 'LOCKED' : 'Unlocked'}`);
+        doc.moveDown(0.5);
+        const { fixitSummary } = pack;
+        doc.text(`Total Issues: ${fixitSummary.totalIssues}`);
+        doc.text(`Critical Issues: ${fixitSummary.criticalIssues}`);
+        doc.text(`Fix-it Guides Available: ${fixitSummary.fixitGuidesAvailable}`);
+        doc.moveDown(1);
+        // ─── Findings Detail ──────────────────────────────────
+        doc.fontSize(18).font('Helvetica-Bold').text('Findings Detail');
+        doc.moveDown(0.5);
+        doc.fontSize(11).font('Helvetica');
+        // Secrets
+        doc.fontSize(14).font('Helvetica-Bold').text(`Secrets (${pack.findings.secrets.length})`);
+        doc.fontSize(10).font('Helvetica');
+        if (pack.findings.secrets.length === 0) {
+            doc.text('  No secrets detected.');
+        }
+        else {
+            for (const s of pack.findings.secrets) {
+                doc.text(`  [${s.severity.toUpperCase()}] ${s.file}:${s.line} — ${s.description} (${s.matched})`);
+            }
+        }
+        doc.moveDown(0.5);
+        // PII
+        doc.fontSize(14).font('Helvetica-Bold').text(`PII (${pack.findings.pii.length})`);
+        doc.fontSize(10).font('Helvetica');
+        if (pack.findings.pii.length === 0) {
+            doc.text('  No PII detected.');
+        }
+        else {
+            for (const p of pack.findings.pii) {
+                doc.text(`  [${p.severity.toUpperCase()}] ${p.file}:${p.line} — ${p.description} (${p.matched})`);
+            }
+        }
+        doc.moveDown(0.5);
+        // MCP
+        doc.fontSize(14).font('Helvetica-Bold').text(`MCP Config (${pack.findings.mcp.length})`);
+        doc.fontSize(10).font('Helvetica');
+        if (pack.findings.mcp.length === 0) {
+            doc.text('  No MCP configuration issues.');
+        }
+        else {
+            for (const m of pack.findings.mcp) {
+                doc.text(`  [${m.overallSeverity.toUpperCase()}] ${m.file} — ${m.failedCount}/5 checks failed`);
+            }
+        }
+        doc.moveDown(0.5);
+        // Injection
+        doc.fontSize(14).font('Helvetica-Bold').text(`Injection (${pack.findings.injection.length})`);
+        doc.fontSize(10).font('Helvetica');
+        if (pack.findings.injection.length === 0) {
+            doc.text('  No injection patterns detected.');
+        }
+        else {
+            for (const inj of pack.findings.injection) {
+                doc.text(`  [${inj.severity.toUpperCase()}] ${inj.file}:${inj.line} — ${inj.description}`);
+            }
+        }
+        doc.moveDown(1);
+        // ─── Integrity Verification ───────────────────────────
+        doc.fontSize(18).font('Helvetica-Bold').text('Integrity Verification');
+        doc.moveDown(0.5);
+        doc.fontSize(10).font('Helvetica');
+        doc.text(`Result Hash: ${pack.integrity.resultHash}`);
+        doc.text(`Ruleset Hash: ${pack.integrity.rulesetHash}`);
+        if (pack.integrity.badgeUUID) {
+            doc.text(`Badge UUID: ${pack.integrity.badgeUUID}`);
+        }
+        if (pack.integrity.verifyURL) {
+            doc.text(`Verify URL: ${pack.integrity.verifyURL}`);
+        }
+        doc.moveDown(1);
+        // ─── Disclaimer ───────────────────────────────────────
+        doc.fontSize(18).font('Helvetica-Bold').text('Disclaimer');
+        doc.moveDown(0.5);
+        doc.fontSize(9).font('Helvetica').text(pack.disclaimer, {
+            width: 500,
+            align: 'left',
+        });
+        doc.end();
+        stream.on('finish', resolve);
+        stream.on('error', reject);
+    });
+}
+//# sourceMappingURL=evidence.js.map

package/dist/output/evidence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.js","sourceRoot":"","sources":["../../src/output/evidence.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,oDA2CC;AAKD,4CAEC;AAKD,kDA4HC;AArMD,4CAA8B;AAQ9B,yCAA4C;AAE5C,MAAM,UAAU,GACd,6FAA6F;IAC7F,8EAA8E;IAC9E,qCAAqC,CAAC;AAExC;;GAEG;AACH,SAAgB,oBAAoB,CAClC,MAAkB,EAClB,KAAgB,EAChB,UAAsB,EACtB,IAAkB,EAClB,MAA2E;IAE3E,MAAM,MAAM,GAAG,IAAA,yBAAc,EAAC,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IAErE,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,WAAW,EAAE,OAAO;QACpB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,YAAY;QACzC,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,aAAa;QAC3C,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;QAC7D,KAAK;QACL,UAAU;QACV,QAAQ,EAAE;YACR,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;QACD,YAAY,EAAE;YACZ,WAAW,EACT,MAAM,CAAC,OAAO,CAAC,MAAM;gBACrB,MAAM,CAAC,GAAG,CAAC,MAAM;gBACjB,MAAM,CAAC,GAAG,CAAC,MAAM;gBACjB,MAAM,CAAC,SAAS,CAAC,MAAM;YACzB,cAAc,EAAE,cAAc,CAAC,MAAM;YACrC,oBAAoB,EAAE,MAAM,CAAC,MAAM;SACpC;QACD,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B;QACD,UAAU,EAAE,UAAU;KACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,IAAkB,EAAE,UAAkB;IACrE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,IAAkB,EAClB,UAAkB;IAElB,yCAAyC;IACzC,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,iBAAiB,CAAC,OAAO,IAAI,iBAAiB,CAAC;IAEnE,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC;YAC1B,IAAI,EAAE,IAAI;YACV,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;SACtD,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAChD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEjB,yDAAyD;QACzD,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpF,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClB,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACrF,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAChB,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxE,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5D,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,CAAC,YAAY,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7F,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEhB,yDAAyD;QACzD,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAClE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClB,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,YAAY,eAAe,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,oBAAoB,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;QAChD,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;QAClD,GAAG,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;QAChD,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;QAC7E,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAElB,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;QAC9B,GAAG,CAAC,IAAI,CAAC,iBAAiB,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;QACtD,GAAG,CAAC,IAAI,CAAC,oBAAoB,YAAY,CAAC,cAAc,EAAE,CAAC,CAAC;QAC5D,GAAG,CAAC,IAAI,CAAC,4BAA4B,YAAY,CAAC,oBAAoB,EAAE,CAAC,CAAC;QAC1E,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEhB,yDAAyD;QACzD,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAChE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClB,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEnC,UAAU;QACV,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1F,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC;YACpG,CAAC;QACH,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAElB,MAAM;QACN,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QAClF,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAClC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC;YACpG,CAAC;QACH,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAElB,MAAM;QACN,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QACzF,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAClC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,kBAAkB,CAAC,CAAC;YAClG,CAAC;QACH,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAElB,YAAY;QACZ,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;QAC9F,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,GAAG,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;gBAC1C,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEhB,yDAAyD;QACzD,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACvE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClB,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnC,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;QACtD,GAAG,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;QACxD,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEhB,yDAAyD;QACzD,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3D,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClB,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;YACtD,KAAK,EAAE,GAAG;YACV,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QAEH,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/output/fixit.d.ts

@@ -0,0 +1,32 @@
+import type { ScanResult, FixitGuide } from '../types/index.js';
+export interface FixitEntry {
+    findingType: string;
+    file: string;
+    line: number;
+    severity: 'critical' | 'warning';
+    guide: FixitGuide;
+}
+/**
+ * Get fix-it guides for all findings in the scan result.
+ */
+export declare function getFixitGuides(result: ScanResult, options: {
+    isPro: boolean;
+}): FixitEntry[];
+/**
+ * Format fix-it guides for terminal output.
+ */
+export declare function formatFixitTerminal(guides: FixitEntry[], isPro: boolean): string;
+/**
+ * Format fix-it guides as JSON-compatible objects.
+ */
+export declare function formatFixitJson(guides: FixitEntry[], isPro: boolean): Array<{
+    findingType: string;
+    file: string;
+    line: number;
+    severity: string;
+    title: string;
+    steps: string[];
+    code?: string;
+    references?: string[];
+}>;
+//# sourceMappingURL=fixit.d.ts.map

package/dist/output/fixit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fixit.d.ts","sourceRoot":"","sources":["../../src/output/fixit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAC;IACjC,KAAK,EAAE,UAAU,CAAC;CACnB;AA6ND;;GAEG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE;IAAE,KAAK,EAAE,OAAO,CAAA;CAAE,GAC1B,UAAU,EAAE,CA0Fd;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,OAAO,GAAG,MAAM,CA2DhF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,UAAU,EAAE,EACpB,KAAK,EAAE,OAAO,GACb,KAAK,CAAC;IACP,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB,CAAC,CAuBD"}