pwnkit-cli 0.3.0 → 0.3.2

package/dist/commands/audit.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from "commander";
+export declare function registerAuditCommand(program: Command): void;
+//# sourceMappingURL=audit.d.ts.map

package/dist/commands/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA6B3D"}

package/dist/commands/audit.js

@@ -0,0 +1,32 @@
+import { runUnified } from "./run.js";
+export function registerAuditCommand(program) {
+    program
+        .command("audit")
+        .description("Audit an npm package for security vulnerabilities")
+        .argument("<package>", "npm package name (e.g. lodash, express)")
+        .option("--version <version>", "Specific version to audit (default: latest)")
+        .option("--depth <depth>", "Audit depth: quick, default, deep", "default")
+        .option("--format <format>", "Output format: terminal, json, md", "terminal")
+        .option("--runtime <runtime>", "Runtime: auto, claude, codex, gemini, api", "auto")
+        .option("--db-path <path>", "Path to SQLite database")
+        .option("--api-key <key>", "API key for LLM provider")
+        .option("--model <model>", "LLM model to use")
+        .option("--verbose", "Show detailed output", false)
+        .option("--timeout <ms>", "AI agent timeout in milliseconds", "600000")
+        .action(async (packageName, opts) => {
+        await runUnified({
+            target: packageName,
+            targetType: "npm-package",
+            depth: opts.depth ?? "default",
+            format: (opts.format === "md" ? "markdown" : opts.format),
+            runtime: opts.runtime ?? "auto",
+            timeout: parseInt(opts.timeout, 10),
+            verbose: opts.verbose,
+            dbPath: opts.dbPath,
+            apiKey: opts.apiKey,
+            model: opts.model,
+            packageVersion: opts.version,
+        });
+    });
+}
+//# sourceMappingURL=audit.js.map

package/dist/commands/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,mDAAmD,CAAC;SAChE,QAAQ,CAAC,WAAW,EAAE,yCAAyC,CAAC;SAChE,MAAM,CAAC,qBAAqB,EAAE,6CAA6C,CAAC;SAC5E,MAAM,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,SAAS,CAAC;SACzE,MAAM,CAAC,mBAAmB,EAAE,mCAAmC,EAAE,UAAU,CAAC;SAC5E,MAAM,CAAC,qBAAqB,EAAE,2CAA2C,EAAE,MAAM,CAAC;SAClF,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;SAC7C,MAAM,CAAC,WAAW,EAAE,sBAAsB,EAAE,KAAK,CAAC;SAClD,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,EAAE,QAAQ,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,WAAmB,EAAE,IAAsC,EAAE,EAAE;QAC5E,MAAM,UAAU,CAAC;YACf,MAAM,EAAE,WAAW;YACnB,UAAU,EAAE,aAAa;YACzB,KAAK,EAAG,IAAI,CAAC,KAAmB,IAAI,SAAS;YAC7C,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAiB;YACzE,OAAO,EAAG,IAAI,CAAC,OAAuB,IAAI,MAAM;YAChD,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAiB,EAAE,EAAE,CAAC;YAC7C,OAAO,EAAE,IAAI,CAAC,OAAkB;YAChC,MAAM,EAAE,IAAI,CAAC,MAA4B;YACzC,MAAM,EAAE,IAAI,CAAC,MAA4B;YACzC,KAAK,EAAE,IAAI,CAAC,KAA2B;YACvC,cAAc,EAAE,IAAI,CAAC,OAA6B;SACnD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/findings.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from "commander";
+export declare function registerFindingsCommand(program: Command): void;
+//# sourceMappingURL=findings.d.ts.map

package/dist/commands/findings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/commands/findings.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoEzC,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA4E9D"}

package/dist/commands/findings.js

@@ -0,0 +1,110 @@
+import chalk from "chalk";
+function withFindingsListOptions(command) {
+    return command
+        .option("--db-path <path>", "Path to SQLite database")
+        .option("--scan <scanId>", "Filter by scan ID")
+        .option("--severity <severity>", "Filter by severity: critical, high, medium, low, info")
+        .option("--category <category>", "Filter by attack category")
+        .option("--status <status>", "Filter by status: discovered, verified, confirmed, scored, reported, false-positive")
+        .option("--limit <n>", "Max findings to show", "50");
+}
+async function renderFindingsList(opts) {
+    const { pwnkitDB } = await import("@pwnkit/db");
+    const db = new pwnkitDB(opts.dbPath);
+    const rows = db.listFindings({
+        scanId: opts.scan,
+        severity: opts.severity,
+        category: opts.category,
+        status: opts.status,
+        limit: parseInt(opts.limit ?? "50", 10),
+    });
+    db.close();
+    if (rows.length === 0) {
+        console.log(chalk.gray("No findings found."));
+        return;
+    }
+    console.log("");
+    console.log(chalk.red.bold("  \u25C6 pwnkit") + chalk.gray(` findings (${rows.length})`));
+    console.log("");
+    for (const f of rows) {
+        const sevColor = f.severity === "critical" ? chalk.red.bold :
+            f.severity === "high" ? chalk.redBright :
+                f.severity === "medium" ? chalk.yellow :
+                    f.severity === "low" ? chalk.blue :
+                        chalk.gray;
+        const statusColor = f.status === "reported" ? chalk.green :
+            f.status === "scored" ? chalk.cyan :
+                f.status === "verified" ? chalk.yellow :
+                    f.status === "false-positive" ? chalk.strikethrough.gray :
+                        chalk.white;
+        console.log(`  ${sevColor(f.severity.padEnd(8))} ${statusColor(f.status.padEnd(14))} ${chalk.white(f.title)}`);
+        console.log(`  ${chalk.gray(f.id.slice(0, 8))}  ${chalk.gray(f.category)}  ${chalk.gray(`scan:${f.scanId.slice(0, 8)}`)}`);
+        console.log("");
+    }
+}
+export function registerFindingsCommand(program) {
+    const findingsCmd = withFindingsListOptions(program
+        .command("findings")
+        .description("Browse and manage persisted findings")).action(async (opts) => {
+        await renderFindingsList(opts);
+    });
+    withFindingsListOptions(findingsCmd
+        .command("list")
+        .description("List findings from the database")).action(async (opts) => {
+        await renderFindingsList(opts);
+    });
+    findingsCmd
+        .command("show")
+        .description("Show detailed information about a finding")
+        .argument("<id>", "Finding ID (full or prefix)")
+        .option("--db-path <path>", "Path to SQLite database")
+        .action(async (id, opts) => {
+        const { pwnkitDB } = await import("@pwnkit/db");
+        const db = new pwnkitDB(opts.dbPath);
+        // Support prefix matching
+        let finding = db.getFinding(id);
+        if (!finding) {
+            const all = db.listFindings({ limit: 1000 });
+            finding = all.find((f) => f.id.startsWith(id));
+        }
+        db.close();
+        if (!finding) {
+            console.error(chalk.red(`Finding '${id}' not found.`));
+            process.exit(1);
+        }
+        console.log("");
+        console.log(chalk.red.bold("  \u25C6 pwnkit") + chalk.gray(" finding detail"));
+        console.log("");
+        const sevColor = finding.severity === "critical" ? chalk.red.bold :
+            finding.severity === "high" ? chalk.redBright :
+                finding.severity === "medium" ? chalk.yellow :
+                    finding.severity === "low" ? chalk.blue :
+                        chalk.gray;
+        console.log(`  ${chalk.white.bold(finding.title)}`);
+        console.log(`  ${sevColor(finding.severity.toUpperCase())} ${chalk.gray("\u2502")} ${chalk.white(finding.status)} ${chalk.gray("\u2502")} ${chalk.gray(finding.category)}`);
+        if (finding.score != null) {
+            console.log(`  ${chalk.gray("Score:")} ${chalk.cyan(String(finding.score) + "/100")}`);
+        }
+        console.log("");
+        console.log(`  ${chalk.gray("ID:")}       ${finding.id}`);
+        console.log(`  ${chalk.gray("Scan:")}     ${finding.scanId}`);
+        console.log(`  ${chalk.gray("Template:")} ${finding.templateId}`);
+        console.log(`  ${chalk.gray("Time:")}     ${new Date(finding.timestamp).toISOString()}`);
+        console.log("");
+        console.log(`  ${chalk.gray("Description:")}`);
+        console.log(`  ${finding.description}`);
+        console.log("");
+        console.log(`  ${chalk.gray("Evidence \u2014 Request:")}`);
+        console.log(`  ${chalk.dim(finding.evidenceRequest)}`);
+        console.log("");
+        console.log(`  ${chalk.gray("Evidence \u2014 Response:")}`);
+        console.log(`  ${chalk.dim(finding.evidenceResponse)}`);
+        if (finding.evidenceAnalysis) {
+            console.log("");
+            console.log(`  ${chalk.gray("Evidence \u2014 Analysis:")}`);
+            console.log(`  ${chalk.dim(finding.evidenceAnalysis)}`);
+        }
+        console.log("");
+    });
+}
+//# sourceMappingURL=findings.js.map

package/dist/commands/findings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"findings.js","sourceRoot":"","sources":["../../src/commands/findings.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAW1B,SAAS,uBAAuB,CAAC,OAAgB;IAC/C,OAAO,OAAO;SACX,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC;SAC9C,MAAM,CAAC,uBAAuB,EAAE,uDAAuD,CAAC;SACxF,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,CAAC;SAC5D,MAAM,CAAC,mBAAmB,EAAE,qFAAqF,CAAC;SAClH,MAAM,CAAC,aAAa,EAAE,sBAAsB,EAAE,IAAI,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,IAAyB;IACzD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC;QAC3B,MAAM,EAAE,IAAI,CAAC,IAAI;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,EAAE,EAAE,CAAC;KACxC,CAAC,CAAC;IACH,EAAE,CAAC,KAAK,EAAE,CAAC;IAEX,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,QAAQ,GACZ,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC5C,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACzC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBACxC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACnC,KAAK,CAAC,IAAI,CAAC;QAEb,MAAM,WAAW,GACf,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACvC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACpC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBACxC,CAAC,CAAC,MAAM,KAAK,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;wBAC1D,KAAK,CAAC,KAAK,CAAC;QAEd,OAAO,CAAC,GAAG,CACT,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAClG,CAAC;QACF,OAAO,CAAC,GAAG,CACT,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAC9G,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAgB;IACtD,MAAM,WAAW,GAAG,uBAAuB,CACzC,OAAO;SACJ,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,sCAAsC,CAAC,CACvD,CAAC,MAAM,CAAC,KAAK,EAAE,IAAyB,EAAE,EAAE;QAC3C,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,uBAAuB,CACrB,WAAW;SACR,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,iCAAiC,CAAC,CAClD,CAAC,MAAM,CAAC,KAAK,EAAE,IAAyB,EAAE,EAAE;QAC3C,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,WAAW;SACR,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,2CAA2C,CAAC;SACxD,QAAQ,CAAC,MAAM,EAAE,6BAA6B,CAAC;SAC/C,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;SACrD,MAAM,CAAC,KAAK,EAAE,EAAU,EAAE,IAAI,EAAE,EAAE;QACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErC,0BAA0B;QAC1B,IAAI,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAChC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,EAAE,CAAC,KAAK,EAAE,CAAC;QAEX,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAC/C,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBAC9C,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACzC,KAAK,CAAC,IAAI,CAAC;QAEb,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC5K,IAAI,OAAO,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACzF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/history.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from "commander";
+export declare function registerHistoryCommand(program: Command): void;
+//# sourceMappingURL=history.d.ts.map

package/dist/commands/history.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"history.d.ts","sourceRoot":"","sources":["../../src/commands/history.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGzC,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAsC7D"}

package/dist/commands/history.js

@@ -0,0 +1,34 @@
+import chalk from "chalk";
+export function registerHistoryCommand(program) {
+    program
+        .command("history")
+        .description("Show past scan history from the SQLite database")
+        .option("--db-path <path>", "Path to SQLite database")
+        .option("--limit <n>", "Number of scans to show", "10")
+        .action(async (opts) => {
+        const { pwnkitDB } = await import("@pwnkit/db");
+        const db = new pwnkitDB(opts.dbPath);
+        const scans = db.listScans(parseInt(opts.limit, 10));
+        db.close();
+        if (scans.length === 0) {
+            console.log(chalk.gray("No scan history found."));
+            return;
+        }
+        console.log("");
+        console.log(chalk.red.bold("  \u25C6 pwnkit") + chalk.gray(" scan history"));
+        console.log("");
+        for (const s of scans) {
+            const status = s.status === "completed"
+                ? chalk.green("done")
+                : s.status === "failed"
+                    ? chalk.red("fail")
+                    : chalk.yellow("run");
+            const summary = s.summary ? JSON.parse(s.summary) : null;
+            const findings = summary?.totalFindings ?? "?";
+            const duration = s.durationMs ? `${(s.durationMs / 1000).toFixed(1)}s` : "-";
+            console.log(`  ${status} ${chalk.white(s.target)} ${chalk.gray(`[${s.depth}]`)} ${chalk.gray(duration)} ${chalk.yellow(`${findings} findings`)} ${chalk.gray(s.startedAt)}`);
+        }
+        console.log("");
+    });
+}
+//# sourceMappingURL=history.js.map

package/dist/commands/history.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/commands/history.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,iDAAiD,CAAC;SAC9D,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;SACrD,MAAM,CAAC,aAAa,EAAE,yBAAyB,EAAE,IAAI,CAAC;SACtD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;QACrD,EAAE,CAAC,KAAK,EAAE,CAAC;QAEX,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GACV,CAAC,CAAC,MAAM,KAAK,WAAW;gBACtB,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;gBACrB,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ;oBACrB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC;oBACnB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5B,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACzD,MAAM,QAAQ,GAAG,OAAO,EAAE,aAAa,IAAI,GAAG,CAAC;YAC/C,MAAM,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YAE7E,OAAO,CAAC,GAAG,CACT,KAAK,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,QAAQ,WAAW,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAChK,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/index.d.ts

@@ -0,0 +1,7 @@
+export { registerScanCommand } from "./scan.js";
+export { registerReplayCommand } from "./replay.js";
+export { registerHistoryCommand } from "./history.js";
+export { registerFindingsCommand } from "./findings.js";
+export { registerReviewCommand } from "./review.js";
+export { registerAuditCommand } from "./audit.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC"}

package/dist/commands/index.js

@@ -0,0 +1,7 @@
+export { registerScanCommand } from "./scan.js";
+export { registerReplayCommand } from "./replay.js";
+export { registerHistoryCommand } from "./history.js";
+export { registerFindingsCommand } from "./findings.js";
+export { registerReviewCommand } from "./review.js";
+export { registerAuditCommand } from "./audit.js";
+//# sourceMappingURL=index.js.map

package/dist/commands/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC"}

package/dist/commands/replay.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from "commander";
+export declare function registerReplayCommand(program: Command): void;
+//# sourceMappingURL=replay.d.ts.map

package/dist/commands/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../../src/commands/replay.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAqF5D"}

package/dist/commands/replay.js

@@ -0,0 +1,83 @@
+import chalk from "chalk";
+import { renderReplay } from "../formatters/replay.js";
+export function registerReplayCommand(program) {
+    program
+        .command("replay")
+        .description("Replay the last scan's attack chain as an animated terminal sequence")
+        .option("--db-path <path>", "Path to SQLite database")
+        .option("--scan <scanId>", "Replay a specific scan by ID (default: last scan)")
+        .action(async (opts) => {
+        try {
+            const { pwnkitDB } = await import("@pwnkit/db");
+            const db = new pwnkitDB(opts.dbPath);
+            let scanRecord;
+            if (opts.scan) {
+                scanRecord = db.getScan(opts.scan);
+                if (!scanRecord) {
+                    // Try prefix match
+                    const all = db.listScans(100);
+                    scanRecord = all.find((s) => s.id.startsWith(opts.scan));
+                }
+                if (!scanRecord) {
+                    console.error(chalk.red(`Scan '${opts.scan}' not found.`));
+                    db.close();
+                    process.exit(2);
+                }
+            }
+            else {
+                const scans = db.listScans(1);
+                if (scans.length === 0) {
+                    console.error(chalk.red("No scan history found. Run a scan first."));
+                    db.close();
+                    process.exit(2);
+                }
+                scanRecord = scans[0];
+            }
+            const dbFindings = db.getFindings(scanRecord.id);
+            const target = db.getTarget(scanRecord.target);
+            db.close();
+            const summary = scanRecord.summary ? JSON.parse(scanRecord.summary) : {
+                totalAttacks: 0, totalFindings: 0,
+                critical: 0, high: 0, medium: 0, low: 0, info: 0,
+            };
+            const findings = dbFindings.map((f) => ({
+                id: f.id,
+                templateId: f.templateId,
+                title: f.title,
+                description: f.description,
+                severity: f.severity,
+                category: f.category,
+                status: f.status,
+                evidence: {
+                    request: f.evidenceRequest,
+                    response: f.evidenceResponse,
+                    analysis: f.evidenceAnalysis ?? undefined,
+                },
+                timestamp: f.timestamp,
+            }));
+            const targetInfo = target
+                ? {
+                    url: target.url,
+                    type: target.type,
+                    systemPrompt: target.systemPrompt ?? undefined,
+                    detectedFeatures: target.detectedFeatures
+                        ? JSON.parse(target.detectedFeatures)
+                        : undefined,
+                    endpoints: target.endpoints ? JSON.parse(target.endpoints) : undefined,
+                }
+                : undefined;
+            await renderReplay({
+                target: scanRecord.target,
+                targetInfo,
+                findings,
+                summary,
+                durationMs: scanRecord.durationMs ?? 0,
+            });
+        }
+        catch (err) {
+            console.error(chalk.red("Failed to replay: " + (err instanceof Error ? err.message : String(err))));
+            process.exit(2);
+        }
+    });
+}
+//# sourceMappingURL=replay.js.map

package/dist/commands/replay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.js","sourceRoot":"","sources":["../../src/commands/replay.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,sEAAsE,CAAC;SACnF,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,mDAAmD,CAAC;SAC9E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;YAChD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErC,IAAI,UAAU,CAAC;YACf,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,mBAAmB;oBACnB,MAAM,GAAG,GAAG,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBAC9B,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC3E,CAAC;gBACD,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC;oBAC3D,EAAE,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC,CAAC;oBACrE,EAAE,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;YAED,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC/C,EAAE,CAAC,KAAK,EAAE,CAAC;YAEX,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACpE,YAAY,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;gBACjC,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;aACjD,CAAC;YAEF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtC,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,QAAQ,EAAE,CAAC,CAAC,QAA6C;gBACzD,QAAQ,EAAE,CAAC,CAAC,QAAmD;gBAC/D,MAAM,EAAE,CAAC,CAAC,MAAgD;gBAC1D,QAAQ,EAAE;oBACR,OAAO,EAAE,CAAC,CAAC,eAAe;oBAC1B,QAAQ,EAAE,CAAC,CAAC,gBAAgB;oBAC5B,QAAQ,EAAE,CAAC,CAAC,gBAAgB,IAAI,SAAS;iBAC1C;gBACD,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC,CAAC;YAEJ,MAAM,UAAU,GAAG,MAAM;gBACvB,CAAC,CAAC;oBACE,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,IAAI,EAAE,MAAM,CAAC,IAAmD;oBAChE,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,SAAS;oBAC9C,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;wBACvC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC;wBACrC,CAAC,CAAC,SAAS;oBACb,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;iBACvE;gBACH,CAAC,CAAC,SAAS,CAAC;YAEd,MAAM,YAAY,CAAC;gBACjB,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,UAAU;gBACV,QAAQ;gBACR,OAAO;gBACP,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,CAAC;aACvC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,oBAAoB,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CACrF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/review.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from "commander";
+export declare function registerReviewCommand(program: Command): void;
+//# sourceMappingURL=review.d.ts.map

package/dist/commands/review.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"review.d.ts","sourceRoot":"","sources":["../../src/commands/review.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA2B5D"}

package/dist/commands/review.js

@@ -0,0 +1,30 @@
+import { runUnified } from "./run.js";
+export function registerReviewCommand(program) {
+    program
+        .command("review")
+        .description("Deep source code security review of a repository")
+        .argument("<repo>", "Local path or git URL to review")
+        .option("--depth <depth>", "Review depth: quick, default, deep", "default")
+        .option("--format <format>", "Output format: terminal, json, md", "terminal")
+        .option("--runtime <runtime>", "Runtime: auto, claude, codex, gemini, api", "auto")
+        .option("--db-path <path>", "Path to SQLite database")
+        .option("--api-key <key>", "API key for LLM provider")
+        .option("--model <model>", "LLM model to use")
+        .option("--verbose", "Show detailed output", false)
+        .option("--timeout <ms>", "AI agent timeout in milliseconds", "600000")
+        .action(async (repo, opts) => {
+        await runUnified({
+            target: repo,
+            targetType: "source-code",
+            depth: opts.depth ?? "default",
+            format: (opts.format === "md" ? "markdown" : opts.format),
+            runtime: opts.runtime ?? "auto",
+            timeout: parseInt(opts.timeout, 10),
+            verbose: opts.verbose,
+            dbPath: opts.dbPath,
+            apiKey: opts.apiKey,
+            model: opts.model,
+        });
+    });
+}
+//# sourceMappingURL=review.js.map

package/dist/commands/review.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"review.js","sourceRoot":"","sources":["../../src/commands/review.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,kDAAkD,CAAC;SAC/D,QAAQ,CAAC,QAAQ,EAAE,iCAAiC,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,oCAAoC,EAAE,SAAS,CAAC;SAC1E,MAAM,CAAC,mBAAmB,EAAE,mCAAmC,EAAE,UAAU,CAAC;SAC5E,MAAM,CAAC,qBAAqB,EAAE,2CAA2C,EAAE,MAAM,CAAC;SAClF,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;SACrD,MAAM,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;SAC7C,MAAM,CAAC,WAAW,EAAE,sBAAsB,EAAE,KAAK,CAAC;SAClD,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,EAAE,QAAQ,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAsC,EAAE,EAAE;QACrE,MAAM,UAAU,CAAC;YACf,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,aAAa;YACzB,KAAK,EAAG,IAAI,CAAC,KAAmB,IAAI,SAAS;YAC7C,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAiB;YACzE,OAAO,EAAG,IAAI,CAAC,OAAuB,IAAI,MAAM;YAChD,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAiB,EAAE,EAAE,CAAC;YAC7C,OAAO,EAAE,IAAI,CAAC,OAAkB;YAChC,MAAM,EAAE,IAAI,CAAC,MAA4B;YACzC,MAAM,EAAE,IAAI,CAAC,MAA4B;YACzC,KAAK,EAAE,IAAI,CAAC,KAA2B;SACxC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/run.d.ts

@@ -0,0 +1,16 @@
+import type { ScanDepth, OutputFormat, RuntimeMode } from "@pwnkit/shared";
+export interface RunOptions {
+    target: string;
+    targetType?: "npm-package" | "source-code" | "url" | "web-app";
+    depth: ScanDepth;
+    format: OutputFormat;
+    runtime: RuntimeMode;
+    timeout: number;
+    verbose: boolean;
+    dbPath?: string;
+    apiKey?: string;
+    model?: string;
+    packageVersion?: string;
+}
+export declare function runUnified(opts: RunOptions): Promise<void>;
+//# sourceMappingURL=run.d.ts.map

package/dist/commands/run.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAO3E,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,aAAa,GAAG,aAAa,GAAG,KAAK,GAAG,SAAS,CAAC;IAC/D,KAAK,EAAE,SAAS,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,WAAW,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,wBAAsB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA+EhE"}

package/dist/commands/run.js

@@ -0,0 +1,83 @@
+import chalk from "chalk";
+import { VERSION } from "@pwnkit/shared";
+import { runPipeline, createRuntime } from "@pwnkit/core";
+import { formatAuditReport, formatReviewReport, formatReport } from "../formatters/index.js";
+import { createpwnkitSpinner } from "../spinner.js";
+import { createEventHandler } from "../event-handler.js";
+import { buildShareUrl, checkRuntimeAvailability } from "../utils.js";
+export async function runUnified(opts) {
+    const { target, depth, format, runtime, timeout } = opts;
+    const validRuntimes = ["api", "claude", "codex", "gemini", "auto"];
+    if (!validRuntimes.includes(runtime)) {
+        console.error(chalk.red(`Unknown runtime '${runtime}'. Valid: ${validRuntimes.join(", ")}`));
+        process.exit(2);
+    }
+    // Check non-auto runtime availability
+    if (runtime !== "api" && runtime !== "auto") {
+        const rt = createRuntime({ type: runtime, timeout });
+        const available = await rt.isAvailable();
+        if (!available) {
+            console.error(chalk.red(`Runtime '${runtime}' not available. Is ${runtime} installed?`));
+            process.exit(2);
+        }
+    }
+    if (format === "terminal")
+        checkRuntimeAvailability();
+    // Ink TUI for terminal, plain text for json/md
+    const useInkUI = format === "terminal";
+    let inkUI = null;
+    let eventHandler;
+    if (useInkUI) {
+        const { renderScanUI } = await import("../ui/renderScan.js");
+        const mode = opts.targetType === "npm-package" ? "audit"
+            : opts.targetType === "source-code" ? "review"
+                : "scan";
+        inkUI = renderScanUI({ version: VERSION, target, depth, mode });
+        eventHandler = inkUI.onEvent;
+    }
+    else {
+        const spinner = createpwnkitSpinner("Initializing...");
+        eventHandler = createEventHandler({ format, spinner });
+    }
+    try {
+        const report = await runPipeline({
+            target,
+            targetType: opts.targetType,
+            depth,
+            format,
+            runtime,
+            onEvent: eventHandler,
+            dbPath: opts.dbPath,
+            apiKey: opts.apiKey,
+            model: opts.model,
+            timeout,
+            packageVersion: opts.packageVersion,
+        });
+        if (inkUI) {
+            inkUI.setReport(report);
+            await inkUI.waitForExit();
+        }
+        else {
+            // Pick the right formatter based on target type
+            const reportAny = report;
+            const output = reportAny.targetType === "npm-package"
+                ? formatAuditReport(reportAny, format)
+                : reportAny.targetType === "source-code"
+                    ? formatReviewReport(reportAny, format)
+                    : formatReport(reportAny, format);
+            console.log(output);
+            if (format === "terminal") {
+                console.log(`\n  ${chalk.gray("Share this report:")} ${chalk.cyan(buildShareUrl(reportAny))}\n`);
+            }
+        }
+        // Exit with non-zero if critical/high findings
+        if (report.summary.critical > 0 || report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+        process.exit(2);
+    }
+}
+//# sourceMappingURL=run.js.map

package/dist/commands/run.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.js","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEzC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAgBtE,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAgB;IAC/C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAEzD,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,OAAO,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAC7F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sCAAsC;IACtC,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QAC5C,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,OAAO,uBAAuB,OAAO,aAAa,CAAC,CAAC,CAAC;YACzF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,KAAK,UAAU;QAAE,wBAAwB,EAAE,CAAC;IAEtD,+CAA+C;IAC/C,MAAM,QAAQ,GAAG,MAAM,KAAK,UAAU,CAAC;IACvC,IAAI,KAAK,GAAyE,IAAI,CAAC;IACvF,IAAI,YAAkC,CAAC;IAEvC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,KAAK,aAAa,CAAC,CAAC,CAAC,OAAO;YACtD,CAAC,CAAC,IAAI,CAAC,UAAU,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ;gBAC9C,CAAC,CAAC,MAAM,CAAC;QACX,KAAK,GAAG,YAAY,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;QACvD,YAAY,GAAG,kBAAkB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;YAC/B,MAAM;YACN,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK;YACL,MAAM;YACN,OAAO;YACP,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO;YACP,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,SAAS,CAAC,MAAa,CAAC,CAAC;YAC/B,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,gDAAgD;YAChD,MAAM,SAAS,GAAG,MAAa,CAAC;YAChC,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,KAAK,aAAa;gBACnD,CAAC,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,CAAC;gBACtC,CAAC,CAAC,SAAS,CAAC,UAAU,KAAK,aAAa;oBACtC,CAAC,CAAC,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC;oBACvC,CAAC,CAAC,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEpB,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC;YACnG,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/scan.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from "commander";
+export declare function registerScanCommand(program: Command): void;
+//# sourceMappingURL=scan.d.ts.map

package/dist/commands/scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAWzC,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAwM1D"}