project-shield 1.0.0

package/dist/output/fixit.js

@@ -0,0 +1,387 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getFixitGuides = getFixitGuides;
+exports.formatFixitTerminal = formatFixitTerminal;
+exports.formatFixitJson = formatFixitJson;
+/**
+ * Fix-it guide database: 10 types covering secrets, PII, MCP, and injection.
+ */
+const FIXIT_GUIDES = {
+    aws_access_key: {
+        title: 'Rotate AWS Access Key',
+        steps: [
+            'Go to AWS IAM Console → Users → Security credentials',
+            'Create a new access key pair',
+            'Update all services using the old key',
+            'Deactivate the old access key',
+            'Delete the old access key after confirming everything works',
+            'Store new keys in AWS Secrets Manager or environment variables',
+        ],
+        code: `# Using AWS CLI to rotate keys
+aws iam create-access-key --user-name YOUR_USER
+aws iam update-access-key --access-key-id OLD_KEY_ID --status Inactive
+aws iam delete-access-key --access-key-id OLD_KEY_ID`,
+        severity: 'critical',
+        references: [
+            'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html',
+            'https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html',
+        ],
+    },
+    stripe_live_key: {
+        title: 'Rotate Stripe Live Key',
+        steps: [
+            'Go to Stripe Dashboard → Developers → API keys',
+            'Click "Roll key" on the exposed live key',
+            'Update your application with the new key',
+            'Use environment variables, never hardcode keys',
+        ],
+        code: `# Store in environment variable
+export STRIPE_SECRET_KEY=sk_live_new_key_here
+
+# In your app, read from env
+const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);`,
+        severity: 'critical',
+        references: [
+            'https://stripe.com/docs/keys',
+            'https://stripe.com/docs/security',
+        ],
+    },
+    private_key_file: {
+        title: 'Remove Private Key from Repository',
+        steps: [
+            'Remove the private key file from the repository immediately',
+            'Add the file pattern to .gitignore',
+            'Generate a new key pair (the exposed key is compromised)',
+            'Revoke the old key from all services that used it',
+            'Use a secrets manager for key storage',
+        ],
+        code: `# Remove from git history
+git rm --cached path/to/private_key.pem
+echo "*.pem" >> .gitignore
+echo "*.key" >> .gitignore
+
+# Generate new key
+openssl genrsa -out new_private_key.pem 4096`,
+        severity: 'critical',
+        references: [
+            'https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository',
+        ],
+    },
+    generic_secret: {
+        title: 'Remove Hardcoded Secret',
+        steps: [
+            'Move the secret to an environment variable or secrets manager',
+            'Update code to read from the environment',
+            'Add the file to .gitignore if it contains secrets',
+            'Rotate the exposed secret',
+        ],
+        code: `# .env file (add to .gitignore!)
+SECRET_VALUE=your_secret_here
+
+# In your code
+const secret = process.env.SECRET_VALUE;`,
+        severity: 'warning',
+        references: [
+            'https://12factor.net/config',
+        ],
+    },
+    korean_rrn: {
+        title: 'Remove Korean Resident Registration Number',
+        steps: [
+            'Remove or mask the RRN immediately (법적 의무사항)',
+            'Replace with a masked version: 900101-1******',
+            'If this is test data, use the official test RRN range',
+            'Review data handling for 개인정보보호법 compliance',
+        ],
+        code: `// Masking function
+function maskRRN(rrn: string): string {
+  return rrn.replace(/(\\d{6}[-]?\\d)\\d{6}/, '$1******');
+}`,
+        severity: 'critical',
+        references: [
+            'https://www.law.go.kr/법령/개인정보보호법',
+        ],
+    },
+    credit_card: {
+        title: 'Remove Credit Card Number',
+        steps: [
+            'Remove the credit card number from source code immediately',
+            'If this is test data, use standard test card numbers (4111 1111 1111 1111)',
+            'Never store full card numbers — use tokenization',
+            'Review PCI-DSS compliance requirements',
+        ],
+        code: `// Use test card numbers for development
+const TEST_CARDS = {
+  visa: '4111111111111111',
+  mastercard: '5555555555554444',
+};`,
+        severity: 'critical',
+        references: [
+            'https://www.pcisecuritystandards.org/',
+        ],
+    },
+    mcp_no_auth: {
+        title: 'Add Authentication to MCP Configuration',
+        steps: [
+            'Add an auth/authentication section to your MCP config',
+            'Use OAuth 2.0 or API key authentication',
+            'Never expose MCP endpoints without authentication',
+        ],
+        code: `{
+  "auth": {
+    "type": "oauth2",
+    "clientId": "\${MCP_CLIENT_ID}",
+    "clientSecret": "\${MCP_CLIENT_SECRET}"
+  }
+}`,
+        severity: 'critical',
+        references: [
+            'https://modelcontextprotocol.io/docs/concepts/authentication',
+        ],
+    },
+    mcp_hardcoded_secret: {
+        title: 'Remove Hardcoded Secrets from MCP Config',
+        steps: [
+            'Replace hardcoded secrets with environment variable references',
+            'Use ${ENV_VAR} syntax in MCP configuration',
+            'Store actual values in .env (added to .gitignore)',
+        ],
+        code: `// Before (BAD)
+{ "apiKey": "sk-live-abc123" }
+
+// After (GOOD)
+{ "apiKey": "\${OPENAI_API_KEY}" }`,
+        severity: 'critical',
+    },
+    mcp_wide_permissions: {
+        title: 'Restrict MCP Permissions',
+        steps: [
+            'Apply principle of least privilege',
+            'Replace wildcard (*) and root (/) paths with specific paths',
+            'Limit network access to required endpoints only',
+            'Remove --privileged mode if not absolutely necessary',
+        ],
+        code: `// Before (BAD)
+{ "allowedPaths": ["/"] }
+
+// After (GOOD)
+{ "allowedPaths": ["/home/user/project"] }`,
+        severity: 'critical',
+    },
+    prompt_injection: {
+        title: 'Remove Prompt Injection Pattern',
+        steps: [
+            'Review the flagged content — is it legitimate documentation or an attack?',
+            'If in user-facing content: sanitize or remove the injection pattern',
+            'If in AI tool descriptions: ensure descriptions are concise and factual',
+            'Add input validation for any user-provided text that reaches AI models',
+        ],
+        code: `// Input sanitization example
+function sanitizeForAI(input: string): string {
+  // Remove common injection patterns
+  return input
+    .replace(/ignore\\s+(all\\s+)?previous\\s+instructions/gi, '[FILTERED]')
+    .replace(/you\\s+are\\s+now/gi, '[FILTERED]');
+}`,
+        severity: 'critical',
+        references: [
+            'https://owasp.org/www-project-top-10-for-large-language-model-applications/',
+        ],
+    },
+};
+/**
+ * Map a finding to a fix-it guide key.
+ */
+function mapFindingToGuideKey(findingType) {
+    // Direct mappings
+    if (findingType === 'aws_access_key')
+        return 'aws_access_key';
+    if (findingType === 'stripe_live')
+        return 'stripe_live_key';
+    if (findingType === 'private_key')
+        return 'private_key_file';
+    if (findingType === 'korean_rrn_hyphen' || findingType === 'korean_rrn_no_hyphen')
+        return 'korean_rrn';
+    if (findingType === 'credit_card')
+        return 'credit_card';
+    // MCP mappings
+    if (findingType === 'mcp_no_auth')
+        return 'mcp_no_auth';
+    if (findingType === 'mcp_hardcoded_secret')
+        return 'mcp_hardcoded_secret';
+    if (findingType === 'mcp_wide_permissions')
+        return 'mcp_wide_permissions';
+    // Injection
+    if (findingType === 'prompt_injection')
+        return 'prompt_injection';
+    // Fallback
+    return 'generic_secret';
+}
+/**
+ * Get fix-it guides for all findings in the scan result.
+ */
+function getFixitGuides(result, options) {
+    const entries = [];
+    // Secrets
+    for (const finding of result.secrets) {
+        const key = mapFindingToGuideKey(finding.type);
+        const guide = FIXIT_GUIDES[key];
+        if (guide) {
+            entries.push({
+                findingType: finding.type,
+                file: finding.file,
+                line: finding.line,
+                severity: finding.severity === 'critical' ? 'critical' : 'warning',
+                guide,
+            });
+        }
+    }
+    // PII
+    for (const finding of result.pii) {
+        const key = mapFindingToGuideKey(finding.type);
+        const guide = FIXIT_GUIDES[key];
+        if (guide) {
+            entries.push({
+                findingType: finding.type,
+                file: finding.file,
+                line: finding.line,
+                severity: finding.severity === 'confirmed' ? 'critical' : 'warning',
+                guide,
+            });
+        }
+    }
+    // MCP
+    for (const finding of result.mcp) {
+        // Map each failed item to a guide
+        const items = finding.items;
+        if (items.auth.status === 'critical') {
+            entries.push({
+                findingType: 'mcp_no_auth',
+                file: finding.file,
+                line: 0,
+                severity: 'critical',
+                guide: FIXIT_GUIDES['mcp_no_auth'],
+            });
+        }
+        if (items.secrets.status === 'critical') {
+            entries.push({
+                findingType: 'mcp_hardcoded_secret',
+                file: finding.file,
+                line: 0,
+                severity: 'critical',
+                guide: FIXIT_GUIDES['mcp_hardcoded_secret'],
+            });
+        }
+        if (items.permissions.status === 'critical') {
+            entries.push({
+                findingType: 'mcp_wide_permissions',
+                file: finding.file,
+                line: 0,
+                severity: 'critical',
+                guide: FIXIT_GUIDES['mcp_wide_permissions'],
+            });
+        }
+    }
+    // Injection
+    for (const finding of result.injection) {
+        entries.push({
+            findingType: 'prompt_injection',
+            file: finding.file,
+            line: finding.line,
+            severity: finding.severity === 'critical' ? 'critical' : 'warning',
+            guide: FIXIT_GUIDES['prompt_injection'],
+        });
+    }
+    // Sort by severity (critical first)
+    entries.sort((a, b) => {
+        if (a.severity === 'critical' && b.severity !== 'critical')
+            return -1;
+        if (a.severity !== 'critical' && b.severity === 'critical')
+            return 1;
+        return 0;
+    });
+    // Free: top 3 only
+    if (!options.isPro) {
+        return entries.slice(0, 3);
+    }
+    return entries;
+}
+/**
+ * Format fix-it guides for terminal output.
+ */
+function formatFixitTerminal(guides, isPro) {
+    const lines = [];
+    const colors = {
+        red: (s) => `\x1b[31m${s}\x1b[0m`,
+        yellow: (s) => `\x1b[33m${s}\x1b[0m`,
+        cyan: (s) => `\x1b[36m${s}\x1b[0m`,
+        bold: (s) => `\x1b[1m${s}\x1b[0m`,
+        dim: (s) => `\x1b[2m${s}\x1b[0m`,
+    };
+    lines.push(colors.bold('━━━ Fix-it Guide ━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    lines.push('');
+    if (guides.length === 0) {
+        lines.push('  No issues to fix.');
+        lines.push('');
+        return lines.join('\n');
+    }
+    for (const entry of guides) {
+        const icon = entry.severity === 'critical' ? colors.red('CRITICAL') : colors.yellow('WARNING');
+        lines.push(`  ${icon}  ${colors.bold(entry.guide.title)}`);
+        lines.push(`   ${colors.dim(`${entry.file}:${entry.line}`)}`);
+        if (isPro) {
+            // Pro: full steps + code + references
+            for (let i = 0; i < entry.guide.steps.length; i++) {
+                lines.push(`   ${i + 1}. ${entry.guide.steps[i]}`);
+            }
+            if (entry.guide.code) {
+                lines.push('');
+                lines.push(colors.dim('   Code:'));
+                for (const codeLine of entry.guide.code.split('\n')) {
+                    lines.push(`   ${colors.cyan(codeLine)}`);
+                }
+            }
+            if (entry.guide.references && entry.guide.references.length > 0) {
+                lines.push('');
+                lines.push(colors.dim('   References:'));
+                for (const ref of entry.guide.references) {
+                    lines.push(`   - ${ref}`);
+                }
+            }
+        }
+        else {
+            // Free: title + step 1 only
+            lines.push(`   1. ${entry.guide.steps[0]}`);
+            if (entry.guide.steps.length > 1) {
+                lines.push(colors.dim(`   ... ${entry.guide.steps.length - 1} more steps (Pro)`));
+            }
+        }
+        lines.push('');
+    }
+    if (!isPro) {
+        lines.push(colors.dim(`  Showing 3 of ${guides.length} guides. Upgrade to Pro for all guides with code examples.`));
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+/**
+ * Format fix-it guides as JSON-compatible objects.
+ */
+function formatFixitJson(guides, isPro) {
+    return guides.map(entry => {
+        const base = {
+            findingType: entry.findingType,
+            file: entry.file,
+            line: entry.line,
+            severity: entry.severity,
+            title: entry.guide.title,
+            steps: isPro ? entry.guide.steps : [entry.guide.steps[0]],
+        };
+        if (isPro && entry.guide.code)
+            base.code = entry.guide.code;
+        if (isPro && entry.guide.references)
+            base.references = entry.guide.references;
+        return base;
+    });
+}
+//# sourceMappingURL=fixit.js.map

package/dist/output/fixit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fixit.js","sourceRoot":"","sources":["../../src/output/fixit.ts"],"names":[],"mappings":";;AAwOA,wCA6FC;AAKD,kDA2DC;AAKD,0CAmCC;AAnaD;;GAEG;AACH,MAAM,YAAY,GAA+B;IAC/C,cAAc,EAAE;QACd,KAAK,EAAE,uBAAuB;QAC9B,KAAK,EAAE;YACL,sDAAsD;YACtD,8BAA8B;YAC9B,uCAAuC;YACvC,+BAA+B;YAC/B,6DAA6D;YAC7D,gEAAgE;SACjE;QACD,IAAI,EAAE;;;qDAG2C;QACjD,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,kFAAkF;YAClF,wEAAwE;SACzE;KACF;IAED,eAAe,EAAE;QACf,KAAK,EAAE,wBAAwB;QAC/B,KAAK,EAAE;YACL,gDAAgD;YAChD,0CAA0C;YAC1C,0CAA0C;YAC1C,gDAAgD;SACjD;QACD,IAAI,EAAE;;;;0DAIgD;QACtD,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,8BAA8B;YAC9B,kCAAkC;SACnC;KACF;IAED,gBAAgB,EAAE;QAChB,KAAK,EAAE,oCAAoC;QAC3C,KAAK,EAAE;YACL,6DAA6D;YAC7D,oCAAoC;YACpC,0DAA0D;YAC1D,mDAAmD;YACnD,uCAAuC;SACxC;QACD,IAAI,EAAE;;;;;;6CAMmC;QACzC,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,0HAA0H;SAC3H;KACF;IAED,cAAc,EAAE;QACd,KAAK,EAAE,yBAAyB;QAChC,KAAK,EAAE;YACL,+DAA+D;YAC/D,0CAA0C;YAC1C,mDAAmD;YACnD,2BAA2B;SAC5B;QACD,IAAI,EAAE;;;;yCAI+B;QACrC,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE;YACV,6BAA6B;SAC9B;KACF;IAED,UAAU,EAAE;QACV,KAAK,EAAE,4CAA4C;QACnD,KAAK,EAAE;YACL,8CAA8C;YAC9C,+CAA+C;YAC/C,uDAAuD;YACvD,6CAA6C;SAC9C;QACD,IAAI,EAAE;;;EAGR;QACE,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,kCAAkC;SACnC;KACF;IAED,WAAW,EAAE;QACX,KAAK,EAAE,2BAA2B;QAClC,KAAK,EAAE;YACL,4DAA4D;YAC5D,4EAA4E;YAC5E,kDAAkD;YAClD,wCAAwC;SACzC;QACD,IAAI,EAAE;;;;GAIP;QACC,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,uCAAuC;SACxC;KACF;IAED,WAAW,EAAE;QACX,KAAK,EAAE,yCAAyC;QAChD,KAAK,EAAE;YACL,uDAAuD;YACvD,yCAAyC;YACzC,mDAAmD;SACpD;QACD,IAAI,EAAE;;;;;;EAMR;QACE,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,8DAA8D;SAC/D;KACF;IAED,oBAAoB,EAAE;QACpB,KAAK,EAAE,0CAA0C;QACjD,KAAK,EAAE;YACL,gEAAgE;YAChE,4CAA4C;YAC5C,mDAAmD;SACpD;QACD,IAAI,EAAE;;;;mCAIyB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IAED,oBAAoB,EAAE;QACpB,KAAK,EAAE,0BAA0B;QACjC,KAAK,EAAE;YACL,oCAAoC;YACpC,6DAA6D;YAC7D,iDAAiD;YACjD,sDAAsD;SACvD;QACD,IAAI,EAAE;;;;2CAIiC;QACvC,QAAQ,EAAE,UAAU;KACrB;IAED,gBAAgB,EAAE;QAChB,KAAK,EAAE,iCAAiC;QACxC,KAAK,EAAE;YACL,2EAA2E;YAC3E,qEAAqE;YACrE,yEAAyE;YACzE,wEAAwE;SACzE;QACD,IAAI,EAAE;;;;;;EAMR;QACE,QAAQ,EAAE,UAAU;QACpB,UAAU,EAAE;YACV,6EAA6E;SAC9E;KACF;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAAmB;IAC/C,kBAAkB;IAClB,IAAI,WAAW,KAAK,gBAAgB;QAAE,OAAO,gBAAgB,CAAC;IAC9D,IAAI,WAAW,KAAK,aAAa;QAAE,OAAO,iBAAiB,CAAC;IAC5D,IAAI,WAAW,KAAK,aAAa;QAAE,OAAO,kBAAkB,CAAC;IAC7D,IAAI,WAAW,KAAK,mBAAmB,IAAI,WAAW,KAAK,sBAAsB;QAAE,OAAO,YAAY,CAAC;IACvG,IAAI,WAAW,KAAK,aAAa;QAAE,OAAO,aAAa,CAAC;IAExD,eAAe;IACf,IAAI,WAAW,KAAK,aAAa;QAAE,OAAO,aAAa,CAAC;IACxD,IAAI,WAAW,KAAK,sBAAsB;QAAE,OAAO,sBAAsB,CAAC;IAC1E,IAAI,WAAW,KAAK,sBAAsB;QAAE,OAAO,sBAAsB,CAAC;IAE1E,YAAY;IACZ,IAAI,WAAW,KAAK,kBAAkB;QAAE,OAAO,kBAAkB,CAAC;IAElE,WAAW;IACX,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,MAAkB,EAClB,OAA2B;IAE3B,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,UAAU;IACV,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW,EAAE,OAAO,CAAC,IAAI;gBACzB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;gBAClE,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM;IACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW,EAAE,OAAO,CAAC,IAAI;gBACzB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;gBACnE,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM;IACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QACjC,kCAAkC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW,EAAE,aAAa;gBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,YAAY,CAAC,aAAa,CAAC;aACnC,CAAC,CAAC;QACL,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW,EAAE,sBAAsB;gBACnC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,YAAY,CAAC,sBAAsB,CAAC;aAC5C,CAAC,CAAC;QACL,CAAC;QACD,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW,EAAE,sBAAsB;gBACnC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,YAAY,CAAC,sBAAsB,CAAC;aAC5C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,YAAY;IACZ,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YAClE,KAAK,EAAE,YAAY,CAAC,kBAAkB,CAAC;SACxC,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,OAAO,CAAC,CAAC,CAAC;QACtE,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IAEH,mBAAmB;IACnB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,MAAoB,EAAE,KAAc;IACtE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG;QACb,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;QACzC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;QAC5C,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;QAC1C,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;QACzC,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;KACzC,CAAC;IAEF,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/F,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAE9D,IAAI,KAAK,EAAE,CAAC;YACV,sCAAsC;YACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAClD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;gBACnC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpD,KAAK,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;YACD,IAAI,KAAK,CAAC,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;gBACzC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;oBACzC,KAAK,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4BAA4B;YAC5B,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,MAAM,4DAA4D,CAAC,CAAC,CAAC;QACpH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,MAAoB,EACpB,KAAc;IAWd,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QACxB,MAAM,IAAI,GASN;YACF,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK;YACxB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC1D,CAAC;QACF,IAAI,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI;YAAE,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;QAC5D,IAAI,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,UAAU;YAAE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/output/terminal.d.ts

@@ -0,0 +1,10 @@
+import type { ScanResult, ScanScore, LockStatus, SealedResult } from '../types/index.js';
+/**
+ * Format scan results for terminal output.
+ */
+export declare function formatTerminalOutput(result: ScanResult, rulesetVersion: string, rulesetHash: string, score?: ScanScore, lockStatus?: LockStatus): string;
+/**
+ * Format scan results as JSON.
+ */
+export declare function formatJsonOutput(result: ScanResult, score?: ScanScore, seal?: SealedResult): string;
+//# sourceMappingURL=terminal.d.ts.map

package/dist/output/terminal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal.d.ts","sourceRoot":"","sources":["../../src/output/terminal.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EAKV,SAAS,EACT,UAAU,EACV,YAAY,EACb,MAAM,mBAAmB,CAAC;AAiG3B;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,UAAU,EAClB,cAAc,EAAE,MAAM,EACtB,WAAW,EAAE,MAAM,EACnB,KAAK,CAAC,EAAE,SAAS,EACjB,UAAU,CAAC,EAAE,UAAU,GACtB,MAAM,CA+FR;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,UAAU,EAClB,KAAK,CAAC,EAAE,SAAS,EACjB,IAAI,CAAC,EAAE,YAAY,GAClB,MAAM,CASR"}

package/dist/output/terminal.js

@@ -0,0 +1,190 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatTerminalOutput = formatTerminalOutput;
+exports.formatJsonOutput = formatJsonOutput;
+// chalk v5 is ESM-only, so we use a simple color implementation for CJS compatibility
+const colors = {
+    red: (s) => `\x1b[31m${s}\x1b[0m`,
+    yellow: (s) => `\x1b[33m${s}\x1b[0m`,
+    green: (s) => `\x1b[32m${s}\x1b[0m`,
+    cyan: (s) => `\x1b[36m${s}\x1b[0m`,
+    bold: (s) => `\x1b[1m${s}\x1b[0m`,
+    dim: (s) => `\x1b[2m${s}\x1b[0m`,
+};
+function formatSecretFinding(finding) {
+    const icon = finding.severity === 'critical' ? colors.red('CRITICAL') : colors.yellow('WARNING');
+    const location = colors.dim(`${finding.file}:${finding.line}`);
+    const layerInfo = [
+        `regex ${finding.layers.regex ? '✓' : '✗'}`,
+        `entropy ${finding.layers.entropy > 4.5 ? '✓' : '✗'}`,
+        `context ${finding.layers.context ? '✓' : '✗'}`,
+    ].join(' ');
+    return [
+        `  ${icon}  ${location}`,
+        `   ${finding.description} (${finding.matched})`,
+        `   Layers: ${layerInfo}`,
+    ].join('\n');
+}
+function formatPIIFinding(finding) {
+    const icon = finding.severity === 'confirmed'
+        ? colors.red('CONFIRMED')
+        : colors.yellow('POSSIBLE');
+    const location = colors.dim(`${finding.file}:${finding.line}`);
+    const checksumStr = finding.layers.checksum === null
+        ? 'N/A'
+        : finding.layers.checksum ? '✓' : '✗';
+    const layerInfo = [
+        `regex ${finding.layers.regex ? '✓' : '✗'}`,
+        `checksum ${checksumStr}`,
+    ].join(' ');
+    return [
+        `  ${icon}  ${location}`,
+        `   ${finding.description} (${finding.matched})`,
+        `   Layers: ${layerInfo}`,
+    ].join('\n');
+}
+function formatMCPFinding(finding) {
+    const severityLabel = finding.overallSeverity === 'critical'
+        ? colors.red('CRITICAL')
+        : finding.overallSeverity === 'warning'
+            ? colors.yellow('WARNING')
+            : colors.green('PASS');
+    const lines = [
+        `  ${severityLabel}  ${colors.dim(finding.file)}  (${finding.failedCount}/5 failed)`,
+    ];
+    const checks = [
+        { name: 'Auth', item: finding.items.auth },
+        { name: 'Secrets', item: finding.items.secrets },
+        { name: 'Tool Meta', item: finding.items.toolMeta },
+        { name: 'Permissions', item: finding.items.permissions },
+        { name: 'Logging', item: finding.items.logging },
+    ];
+    for (const check of checks) {
+        const icon = check.item.status === 'pass'
+            ? colors.green('✓')
+            : check.item.status === 'critical'
+                ? colors.red('✗')
+                : colors.yellow('!');
+        lines.push(`   ${icon} ${check.name}: ${check.item.detail}`);
+    }
+    return lines.join('\n');
+}
+function formatInjectionFinding(finding) {
+    const icon = finding.severity === 'critical' ? colors.red('CRITICAL') : colors.yellow('WARNING');
+    const location = colors.dim(`${finding.file}:${finding.line}`);
+    const layerInfo = [
+        `keyword ${finding.layers.keyword ? '✓' : '✗'}`,
+        `structure ${finding.layers.structure ? '✓' : '✗'}`,
+    ].join(' ');
+    return [
+        `  ${icon}  ${location}`,
+        `   ${finding.description} [${finding.type}]`,
+        `   Pattern: ${finding.pattern}  |  Layers: ${layerInfo}`,
+        `   Context: "${finding.context}"`,
+    ].join('\n');
+}
+/**
+ * Format scan results for terminal output.
+ */
+function formatTerminalOutput(result, rulesetVersion, rulesetHash, score, lockStatus) {
+    const lines = [];
+    lines.push('');
+    lines.push(colors.bold('Project Shield v1.0.0'));
+    lines.push(`Ruleset: v${rulesetVersion} (SHA-256: ${rulesetHash.substring(0, 8)}...)`);
+    lines.push(`Scanning: ${result.summary.filesScanned} files (${result.summary.filesExcluded} excluded)`);
+    lines.push('');
+    // Secrets section
+    lines.push(colors.bold('━━━ Secrets ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    lines.push('');
+    if (result.secrets.length === 0) {
+        lines.push(colors.green('  No secrets detected.'));
+    }
+    else {
+        for (const finding of result.secrets) {
+            lines.push(formatSecretFinding(finding));
+            lines.push('');
+        }
+    }
+    // PII section
+    lines.push(colors.bold('━━━ PII ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    lines.push('');
+    if (result.pii.length === 0) {
+        lines.push(colors.green('  No PII detected.'));
+    }
+    else {
+        for (const finding of result.pii) {
+            lines.push(formatPIIFinding(finding));
+            lines.push('');
+        }
+    }
+    // MCP section
+    lines.push(colors.bold('━━━ MCP Config ━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    lines.push('');
+    if (result.mcp.length === 0) {
+        lines.push(colors.green('  No MCP configuration files found.'));
+    }
+    else {
+        for (const finding of result.mcp) {
+            lines.push(formatMCPFinding(finding));
+            lines.push('');
+        }
+    }
+    // Injection section
+    lines.push(colors.bold('━━━ Injection ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    lines.push('');
+    if (result.injection.length === 0) {
+        lines.push(colors.green('  No injection patterns detected.'));
+    }
+    else {
+        for (const finding of result.injection) {
+            lines.push(formatInjectionFinding(finding));
+            lines.push('');
+        }
+    }
+    // Summary section
+    lines.push(colors.bold('━━━ Summary ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    lines.push('');
+    lines.push(`  Critical: ${result.summary.critical}  |  Warning: ${result.summary.warning}  |  Confirmed PII: ${result.summary.confirmedPii}  |  Possible PII: ${result.summary.possiblePii}`);
+    lines.push(`  MCP Critical: ${result.summary.mcpCritical}  |  MCP Warning: ${result.summary.mcpWarning}`);
+    lines.push(`  Injection Critical: ${result.summary.injectionCritical}  |  Injection Warning: ${result.summary.injectionWarning}`);
+    lines.push(`  Files scanned: ${result.summary.filesScanned}  |  Time: ${(result.summary.timeMs / 1000).toFixed(1)}s`);
+    lines.push('');
+    // Score section
+    if (score) {
+        lines.push(colors.bold('━━━ Score ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+        lines.push('');
+        const gradeColor = score.grade === 'A' || score.grade === 'B'
+            ? colors.green
+            : score.grade === 'C'
+                ? colors.yellow
+                : colors.red;
+        lines.push(`  Grade: ${gradeColor(score.grade)} (${score.numericScore}/100) — ${score.label}`);
+        lines.push(`  Breakdown: ${score.breakdown.criticalCount} critical, ${score.breakdown.warningCount} warning, ${score.breakdown.possibleCount} possible, ${score.breakdown.infoCount} info`);
+        lines.push('');
+        // Lock status
+        if (lockStatus) {
+            if (lockStatus.isLocked) {
+                lines.push(colors.red(`  Badge generation LOCKED — Fix all critical findings first.`));
+            }
+            else {
+                lines.push(colors.green(`  Badge: ${lockStatus.badgeType} badge available.`));
+            }
+            lines.push('');
+        }
+    }
+    return lines.join('\n');
+}
+/**
+ * Format scan results as JSON.
+ */
+function formatJsonOutput(result, score, seal) {
+    const output = { ...result };
+    if (score) {
+        output.score = score;
+    }
+    if (seal) {
+        output.seal = seal;
+    }
+    return JSON.stringify(output, null, 2);
+}
+//# sourceMappingURL=terminal.js.map

package/dist/output/terminal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal.js","sourceRoot":"","sources":["../../src/output/terminal.ts"],"names":[],"mappings":";;AA6GA,oDAqGC;AAKD,4CAaC;AAzND,sFAAsF;AACtF,MAAM,MAAM,GAAG;IACb,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IACzC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC5C,KAAK,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC3C,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC1C,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;IACzC,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;CACzC,CAAC;AAEF,SAAS,mBAAmB,CAAC,OAAsB;IACjD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjG,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG;QAChB,SAAS,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;QAC3C,WAAW,OAAO,CAAC,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;QACrD,WAAW,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;KAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,OAAO;QACL,KAAK,IAAI,KAAK,QAAQ,EAAE;QACxB,MAAM,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,OAAO,GAAG;QAChD,cAAc,SAAS,EAAE;KAC1B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAmB;IAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,KAAK,WAAW;QAC3C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACzB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,IAAI;QAClD,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IACxC,MAAM,SAAS,GAAG;QAChB,SAAS,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;QAC3C,YAAY,WAAW,EAAE;KAC1B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,OAAO;QACL,KAAK,IAAI,KAAK,QAAQ,EAAE;QACxB,MAAM,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,OAAO,GAAG;QAChD,cAAc,SAAS,EAAE;KAC1B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAmB;IAC3C,MAAM,aAAa,GACjB,OAAO,CAAC,eAAe,KAAK,UAAU;QACpC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;QACxB,CAAC,CAAC,OAAO,CAAC,eAAe,KAAK,SAAS;YACrC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;YAC1B,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAG;QACZ,KAAK,aAAa,KAAK,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,WAAW,YAAY;KACrF,CAAC;IAEF,MAAM,MAAM,GAAG;QACb,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE;QAC1C,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE;QAChD,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE;QACnD,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE;QACxD,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE;KACjD,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM;YAC1B,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;YACnB,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,UAAU;gBAChC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;gBACjB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAyB;IACvD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjG,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG;QAChB,WAAW,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;QAC/C,aAAa,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;KACpD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,OAAO;QACL,KAAK,IAAI,KAAK,QAAQ,EAAE;QACxB,MAAM,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,IAAI,GAAG;QAC7C,eAAe,OAAO,CAAC,OAAO,gBAAgB,SAAS,EAAE;QACzD,gBAAgB,OAAO,CAAC,OAAO,GAAG;KACnC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,MAAkB,EAClB,cAAsB,EACtB,WAAmB,EACnB,KAAiB,EACjB,UAAuB;IAEvB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;IACjD,KAAK,CAAC,IAAI,CAAC,aAAa,cAAc,cAAc,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACvF,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,OAAO,CAAC,YAAY,WAAW,MAAM,CAAC,OAAO,CAAC,aAAa,YAAY,CAAC,CAAC;IACxG,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,kBAAkB;IAClB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,cAAc;IACd,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC,CAAC;IACtE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,cAAc;IACd,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC,CAAC;IACtE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC,CAAC;IAClE,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,QAAQ,iBAAiB,MAAM,CAAC,OAAO,CAAC,OAAO,uBAAuB,MAAM,CAAC,OAAO,CAAC,YAAY,sBAAsB,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9L,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,WAAW,qBAAqB,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1G,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,OAAO,CAAC,iBAAiB,2BAA2B,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAClI,KAAK,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,OAAO,CAAC,YAAY,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,gBAAgB;IAChB,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC;QACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,GAAG;YAC3D,CAAC,CAAC,MAAM,CAAC,KAAK;YACd,CAAC,CAAC,KAAK,CAAC,KAAK,KAAK,GAAG;gBACnB,CAAC,CAAC,MAAM,CAAC,MAAM;gBACf,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,YAAY,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,YAAY,WAAW,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/F,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,SAAS,CAAC,aAAa,cAAc,KAAK,CAAC,SAAS,CAAC,YAAY,aAAa,KAAK,CAAC,SAAS,CAAC,aAAa,cAAc,KAAK,CAAC,SAAS,CAAC,SAAS,OAAO,CAAC,CAAC;QAC5L,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,cAAc;QACd,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC,CAAC;YACzF,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,UAAU,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC;YAChF,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAC9B,MAAkB,EAClB,KAAiB,EACjB,IAAmB;IAEnB,MAAM,MAAM,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IACtD,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;IACrB,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/scanner/engine.d.ts

@@ -0,0 +1,6 @@
+import type { ScanResult, ScanConfig } from '../types/index.js';
+/**
+ * Run the full scan pipeline.
+ */
+export declare function scan(config: ScanConfig): Promise<ScanResult>;
+//# sourceMappingURL=engine.d.ts.map

package/dist/scanner/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/scanner/engine.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAW,MAAM,mBAAmB,CAAC;AA0CzE;;GAEG;AACH,wBAAsB,IAAI,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAwFlE"}