pwnkit-cli 0.3.0 → 0.3.2

package/dist/commands/scan.js

@@ -0,0 +1,187 @@
+import chalk from "chalk";
+import { VERSION } from "@pwnkit/shared";
+import { scan, agenticScan, createRuntime } from "@pwnkit/core";
+import { formatReport } from "../formatters/index.js";
+import { renderReplay, replayDataFromReport, createReplayCollector } from "../formatters/replay.js";
+import { createpwnkitSpinner } from "../spinner.js";
+import { createEventHandler } from "../event-handler.js";
+import { buildShareUrl, checkRuntimeAvailability } from "../utils.js";
+export function registerScanCommand(program) {
+    program
+        .command("scan")
+        .description("Run security scan against an LLM endpoint")
+        .requiredOption("--target <url>", "Target API endpoint URL")
+        .option("--depth <depth>", "Scan depth: quick, default, deep", "default")
+        .option("--format <format>", "Output format: terminal, json, md", "terminal")
+        .option("--runtime <runtime>", "Runtime: api, claude, codex, gemini, auto", "api")
+        .option("--mode <mode>", "Scan mode: probe, deep, mcp, web", "probe")
+        .option("--repo <path>", "Path to target repo for deep scan source analysis")
+        .option("--timeout <ms>", "Request timeout in milliseconds", "30000")
+        .option("--agentic", "Use multi-turn agentic scan with tool use and SQLite persistence", false)
+        .option("--db-path <path>", "Path to SQLite database (default: ~/.pwnkit/pwnkit.db)")
+        .option("--api-key <key>", "API key for LLM provider (or set OPENROUTER_API_KEY / ANTHROPIC_API_KEY / OPENAI_API_KEY)")
+        .option("--model <model>", "LLM model to use (or set PWNKIT_MODEL)")
+        .option("--verbose", "Show detailed output with live attack replay", false)
+        .option("--replay", "Replay the last scan's results as an animated attack chain", false)
+        .action(async (opts) => {
+        const depth = opts.depth;
+        const format = (opts.format === "md" ? "markdown" : opts.format);
+        const runtime = opts.runtime;
+        const mode = opts.mode;
+        const verbose = opts.verbose;
+        const replayMode = opts.replay;
+        // ── Replay last scan (--replay flag) ──
+        if (replayMode) {
+            try {
+                const { pwnkitDB } = await import("@pwnkit/db");
+                const db = new pwnkitDB(opts.dbPath);
+                const scans = db.listScans(1);
+                if (scans.length === 0) {
+                    console.error(chalk.red("No scan history found. Run a scan first."));
+                    db.close();
+                    process.exit(2);
+                }
+                const lastScan = scans[0];
+                const dbFindings = db.getFindings(lastScan.id);
+                db.close();
+                const summary = lastScan.summary ? JSON.parse(lastScan.summary) : {
+                    totalAttacks: 0, totalFindings: 0,
+                    critical: 0, high: 0, medium: 0, low: 0, info: 0,
+                };
+                const findings = dbFindings.map((f) => ({
+                    id: f.id,
+                    templateId: f.templateId,
+                    title: f.title,
+                    description: f.description,
+                    severity: f.severity,
+                    category: f.category,
+                    status: f.status,
+                    evidence: {
+                        request: f.evidenceRequest,
+                        response: f.evidenceResponse,
+                        analysis: f.evidenceAnalysis ?? undefined,
+                    },
+                    timestamp: f.timestamp,
+                }));
+                await renderReplay({
+                    target: lastScan.target,
+                    findings,
+                    summary,
+                    durationMs: lastScan.durationMs ?? 0,
+                });
+                return;
+            }
+            catch (err) {
+                console.error(chalk.red("Failed to replay: " + (err instanceof Error ? err.message : String(err))));
+                process.exit(2);
+            }
+        }
+        // Validate runtime value
+        const validRuntimes = ["api", "claude", "codex", "gemini", "auto"];
+        if (!validRuntimes.includes(runtime)) {
+            console.error(chalk.red(`Unknown runtime '${runtime}'. Valid: ${validRuntimes.join(", ")}`));
+            process.exit(2);
+        }
+        // Deep and MCP modes require a process runtime (web mode works with api runtime)
+        if (mode !== "probe" && mode !== "web" && runtime === "api") {
+            console.error(chalk.red(`Mode '${mode}' requires a process runtime (claude, codex, gemini, or auto)`));
+            process.exit(2);
+        }
+        // Check runtime availability (auto mode checks at scan time)
+        if (runtime !== "api" && runtime !== "auto") {
+            const rt = createRuntime({
+                type: runtime,
+                timeout: parseInt(opts.timeout, 10),
+            });
+            const available = await rt.isAvailable();
+            if (!available) {
+                console.error(chalk.red(`Runtime '${runtime}' not available. Is ${runtime} installed?`));
+                process.exit(2);
+            }
+        }
+        if (format === "terminal")
+            checkRuntimeAvailability();
+        const useInkUI = format === "terminal";
+        let inkUI = null;
+        let spinner = null;
+        let eventHandler;
+        // Set up replay collector for --verbose mode
+        const replayCollector = verbose ? createReplayCollector(opts.target) : null;
+        if (useInkUI) {
+            const { renderScanUI } = await import("../ui/renderScan.js");
+            inkUI = renderScanUI({ version: VERSION, target: opts.target, depth, mode: "scan" });
+            eventHandler = (event) => {
+                if (replayCollector)
+                    replayCollector.onEvent(event);
+                inkUI.onEvent(event);
+            };
+        }
+        else {
+            spinner = createpwnkitSpinner("Initializing...");
+            eventHandler = (event) => {
+                if (replayCollector)
+                    replayCollector.onEvent(event);
+                createEventHandler({ format, spinner })(event);
+            };
+        }
+        const scanConfig = {
+            target: opts.target,
+            depth,
+            format,
+            runtime,
+            mode,
+            repoPath: opts.repo,
+            timeout: parseInt(opts.timeout, 10),
+            verbose,
+            apiKey: opts.apiKey,
+            model: opts.model,
+        };
+        try {
+            // Web mode always uses agentic scanner (needs AI to reason about HTTP responses)
+            const useAgentic = opts.agentic || mode === "web";
+            const report = useAgentic
+                ? await agenticScan({
+                    config: scanConfig,
+                    dbPath: opts.dbPath,
+                    onEvent: eventHandler,
+                })
+                : await scan(scanConfig, eventHandler, opts.dbPath);
+            if (inkUI) {
+                // In verbose mode, show the animated attack replay before the report
+                if (verbose) {
+                    inkUI.setReport(report);
+                    await inkUI.waitForExit();
+                    await renderReplay(replayDataFromReport(report));
+                }
+                else {
+                    inkUI.setReport(report);
+                    await inkUI.waitForExit();
+                }
+            }
+            else {
+                // In verbose mode, show the animated attack replay before the report
+                if (verbose && format === "terminal") {
+                    await renderReplay(replayDataFromReport(report));
+                }
+                const output = formatReport(report, format);
+                console.log(output);
+                if (format === "terminal") {
+                    console.log(`\n  ${chalk.gray("Share this report:")} ${chalk.cyan(buildShareUrl(report))}\n`);
+                }
+            }
+            // Exit with non-zero if critical/high findings
+            if (report.summary.critical > 0 || report.summary.high > 0) {
+                process.exit(1);
+            }
+            if (report.warnings.length > 0) {
+                process.exit(2);
+            }
+        }
+        catch (err) {
+            spinner?.fail("Scan failed");
+            console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+            process.exit(2);
+        }
+    });
+}
+//# sourceMappingURL=scan.js.map

package/dist/commands/scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEzC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAc,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAElF,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,2CAA2C,CAAC;SACxD,cAAc,CAAC,gBAAgB,EAAE,yBAAyB,CAAC;SAC3D,MAAM,CAAC,iBAAiB,EAAE,kCAAkC,EAAE,SAAS,CAAC;SACxE,MAAM,CAAC,mBAAmB,EAAE,mCAAmC,EAAE,UAAU,CAAC;SAC5E,MAAM,CAAC,qBAAqB,EAAE,2CAA2C,EAAE,KAAK,CAAC;SACjF,MAAM,CAAC,eAAe,EAAE,kCAAkC,EAAE,OAAO,CAAC;SACpE,MAAM,CAAC,eAAe,EAAE,mDAAmD,CAAC;SAC5E,MAAM,CAAC,gBAAgB,EAAE,iCAAiC,EAAE,OAAO,CAAC;SACpE,MAAM,CAAC,WAAW,EAAE,kEAAkE,EAAE,KAAK,CAAC;SAC9F,MAAM,CAAC,kBAAkB,EAAE,wDAAwD,CAAC;SACpF,MAAM,CAAC,iBAAiB,EAAE,2FAA2F,CAAC;SACtH,MAAM,CAAC,iBAAiB,EAAE,wCAAwC,CAAC;SACnE,MAAM,CAAC,WAAW,EAAE,8CAA8C,EAAE,KAAK,CAAC;SAC1E,MAAM,CAAC,UAAU,EAAE,4DAA4D,EAAE,KAAK,CAAC;SACvF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAiB,CAAC;QACjF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAsB,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAgB,CAAC;QACnC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAkB,CAAC;QACxC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAiB,CAAC;QAE1C,yCAAyC;QACzC,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;gBAChD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC,CAAC;oBACrE,EAAE,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC1B,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBAC/C,EAAE,CAAC,KAAK,EAAE,CAAC;gBAEX,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAChE,YAAY,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;oBACjC,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;iBACjD,CAAC;gBAEF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACtC,EAAE,EAAE,CAAC,CAAC,EAAE;oBACR,UAAU,EAAE,CAAC,CAAC,UAAU;oBACxB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,QAAQ,EAAE,CAAC,CAAC,QAA6C;oBACzD,QAAQ,EAAE,CAAC,CAAC,QAAmD;oBAC/D,MAAM,EAAE,CAAC,CAAC,MAAgD;oBAC1D,QAAQ,EAAE;wBACR,OAAO,EAAE,CAAC,CAAC,eAAe;wBAC1B,QAAQ,EAAE,CAAC,CAAC,gBAAgB;wBAC5B,QAAQ,EAAE,CAAC,CAAC,gBAAgB,IAAI,SAAS;qBAC1C;oBACD,SAAS,EAAE,CAAC,CAAC,SAAS;iBACvB,CAAC,CAAC,CAAC;gBAEJ,MAAM,YAAY,CAAC;oBACjB,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,QAAQ;oBACR,OAAO;oBACP,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,CAAC;iBACrC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,oBAAoB,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CACrF,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,oBAAoB,OAAO,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAC9E,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,iFAAiF;QACjF,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;YAC5D,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,SAAS,IAAI,+DAA+D,CAAC,CACxF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,6DAA6D;QAC7D,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YAC5C,MAAM,EAAE,GAAG,aAAa,CAAC;gBACvB,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CACP,YAAY,OAAO,uBAAuB,OAAO,aAAa,CAC/D,CACF,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,MAAM,KAAK,UAAU;YAAE,wBAAwB,EAAE,CAAC;QAEtD,MAAM,QAAQ,GAAG,MAAM,KAAK,UAAU,CAAC;QACvC,IAAI,KAAK,GAAyE,IAAI,CAAC;QACvF,IAAI,OAAO,GAAkD,IAAI,CAAC;QAClE,IAAI,YAAkC,CAAC;QAEvC,6CAA6C;QAC7C,MAAM,eAAe,GAAG,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE5E,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;YAC7D,KAAK,GAAG,YAAY,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YACrF,YAAY,GAAG,CAAC,KAAU,EAAE,EAAE;gBAC5B,IAAI,eAAe;oBAAE,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACpD,KAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;YACjD,YAAY,GAAG,CAAC,KAAU,EAAE,EAAE;gBAC5B,IAAI,eAAe;oBAAE,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACpD,kBAAkB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YACjD,CAAC,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK;YACL,MAAM;YACN,OAAO;YACP,IAAI;YACJ,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;YACnC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAA4B;YACzC,KAAK,EAAE,IAAI,CAAC,KAA2B;SACxC,CAAC;QAEF,IAAI,CAAC;YACH,iFAAiF;YACjF,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,KAAK,CAAC;YAClD,MAAM,MAAM,GAAG,UAAU;gBACvB,CAAC,CAAC,MAAM,WAAW,CAAC;oBAChB,MAAM,EAAE,UAAU;oBAClB,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,OAAO,EAAE,YAAY;iBACtB,CAAC;gBACJ,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAEtD,IAAI,KAAK,EAAE,CAAC;gBACV,qEAAqE;gBACrE,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,CAAC,SAAS,CAAC,MAA4C,CAAC,CAAC;oBAC9D,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;oBAC1B,MAAM,YAAY,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,SAAS,CAAC,MAA4C,CAAC,CAAC;oBAC9D,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC5B,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,qEAAqE;gBACrE,IAAI,OAAO,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;oBACrC,MAAM,YAAY,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC;gBACnD,CAAC;gBAED,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAEpB,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC1B,OAAO,CAAC,GAAG,CACT,OAAO,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CACjF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,+CAA+C;YAC/C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YAC7B,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAC5D,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/event-handler.d.ts

@@ -0,0 +1,19 @@
+import type { OutputFormat } from "@pwnkit/shared";
+import type { createpwnkitSpinner } from "./spinner.js";
+export interface EventHandlerOptions {
+    format: OutputFormat;
+    spinner: ReturnType<typeof createpwnkitSpinner> | null;
+    /** Enable attack:end progress tracking (used by scan command). */
+    trackAttacks?: {
+        getTotal: () => number;
+        getDone: () => number;
+        incrementDone: () => void;
+    };
+}
+export declare function createEventHandler(opts: EventHandlerOptions): (event: {
+    type: string;
+    stage?: string;
+    message: string;
+    data?: unknown;
+}) => void;
+//# sourceMappingURL=event-handler.d.ts.map

package/dist/event-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-handler.d.ts","sourceRoot":"","sources":["../src/event-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAGxD,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,GAAG,IAAI,CAAC;IACvD,kEAAkE;IAClE,YAAY,CAAC,EAAE;QACb,QAAQ,EAAE,MAAM,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,IAAI,CAAC;KAC3B,CAAC;CACH;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,mBAAmB,IAGlD,OAAO;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,UA+DjF"}

package/dist/event-handler.js

@@ -0,0 +1,63 @@
+import chalk from "chalk";
+import { renderProgressBar } from "./formatters/terminal.js";
+export function createEventHandler(opts) {
+    const { format, spinner, trackAttacks } = opts;
+    return (event) => {
+        if (format !== "terminal")
+            return;
+        switch (event.type) {
+            case "stage:start": {
+                const msg = event.message;
+                if (msg.startsWith("Reading ")) {
+                    spinner?.stop();
+                    console.log(`    ${chalk.cyan("\u2192")} ${chalk.cyan("read")} ${chalk.gray(msg.replace("Reading ", ""))}`);
+                    spinner?.start();
+                }
+                else if (msg.startsWith("Running: ")) {
+                    spinner?.stop();
+                    console.log(`    ${chalk.magenta("\u2192")} ${chalk.magenta("exec")} ${chalk.gray(msg.replace("Running: ", ""))}`);
+                    spinner?.start();
+                }
+                else {
+                    spinner?.update(msg);
+                    spinner?.start();
+                }
+                break;
+            }
+            case "attack:end":
+                if (trackAttacks) {
+                    trackAttacks.incrementDone();
+                    const total = trackAttacks.getTotal();
+                    if (spinner && total > 0) {
+                        spinner.update(`Running attacks ${renderProgressBar(trackAttacks.getDone(), total)}`);
+                    }
+                }
+                break;
+            case "stage:end":
+                if (trackAttacks && event.stage === "attack") {
+                    const total = trackAttacks.getTotal();
+                    spinner?.succeed(`${chalk.gray("Attacks complete")} ${renderProgressBar(total, total)}`);
+                }
+                else if (event.stage === "discovery" &&
+                    typeof event.data === "object" &&
+                    event.data !== null &&
+                    "success" in event.data &&
+                    event.data.success === false) {
+                    spinner?.warn(event.message);
+                }
+                else {
+                    spinner?.succeed(event.message);
+                }
+                break;
+            case "finding":
+                spinner?.stop();
+                console.log(`    ${chalk.yellow("\u26A1")} ${chalk.yellow(event.message)}`);
+                spinner?.start();
+                break;
+            case "error":
+                spinner?.fail(event.message);
+                break;
+        }
+    };
+}
+//# sourceMappingURL=event-handler.js.map

package/dist/event-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-handler.js","sourceRoot":"","sources":["../src/event-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAa7D,MAAM,UAAU,kBAAkB,CAAC,IAAyB;IAC1D,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;IAE/C,OAAO,CAAC,KAAwE,EAAE,EAAE;QAClF,IAAI,MAAM,KAAK,UAAU;YAAE,OAAO;QAElC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;YACnB,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC;gBAC1B,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC/B,OAAO,EAAE,IAAI,EAAE,CAAC;oBAChB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC5G,OAAO,EAAE,KAAK,EAAE,CAAC;gBACnB,CAAC;qBAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;oBACvC,OAAO,EAAE,IAAI,EAAE,CAAC;oBAChB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;oBACnH,OAAO,EAAE,KAAK,EAAE,CAAC;gBACnB,CAAC;qBAAM,CAAC;oBACN,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;oBACrB,OAAO,EAAE,KAAK,EAAE,CAAC;gBACnB,CAAC;gBACD,MAAM;YACR,CAAC;YAED,KAAK,YAAY;gBACf,IAAI,YAAY,EAAE,CAAC;oBACjB,YAAY,CAAC,aAAa,EAAE,CAAC;oBAC7B,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;oBACtC,IAAI,OAAO,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;wBACzB,OAAO,CAAC,MAAM,CAAC,mBAAmB,iBAAiB,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;oBACxF,CAAC;gBACH,CAAC;gBACD,MAAM;YAER,KAAK,WAAW;gBACd,IAAI,YAAY,IAAI,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC7C,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;oBACtC,OAAO,EAAE,OAAO,CACd,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,iBAAiB,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,CACvE,CAAC;gBACJ,CAAC;qBAAM,IACL,KAAK,CAAC,KAAK,KAAK,WAAW;oBAC3B,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ;oBAC9B,KAAK,CAAC,IAAI,KAAK,IAAI;oBACnB,SAAS,IAAI,KAAK,CAAC,IAAI;oBACvB,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,EAC5B,CAAC;oBACD,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC/B,CAAC;qBAAM,CAAC;oBACN,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAClC,CAAC;gBACD,MAAM;YAER,KAAK,SAAS;gBACZ,OAAO,EAAE,IAAI,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CACT,OAAO,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAC/D,CAAC;gBACF,OAAO,EAAE,KAAK,EAAE,CAAC;gBACjB,MAAM;YAER,KAAK,OAAO;gBACV,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC7B,MAAM;QACV,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/formatters/index.d.ts

@@ -0,0 +1,14 @@
+import type { ScanReport, AuditReport, ReviewReport, OutputFormat } from "@pwnkit/shared";
+export { renderReplay, renderReplayStatic, replayDataFromReport, createReplayCollector } from "./replay.js";
+export type { ReplayData, ReplayCollector } from "./replay.js";
+export declare function formatReport(report: ScanReport, format: OutputFormat): string;
+/**
+ * Format an audit report. Adapts AuditReport to ScanReport for reuse,
+ * but adds audit-specific header information.
+ */
+export declare function formatAuditReport(report: AuditReport, format: OutputFormat): string;
+/**
+ * Format a review report. Adapts ReviewReport to ScanReport for reuse.
+ */
+export declare function formatReviewReport(report: ReviewReport, format: OutputFormat): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/formatters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/formatters/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAI1F,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC5G,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE/D,wBAAgB,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,GAAG,MAAM,CAS7E;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,YAAY,GACnB,MAAM,CAmBR;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,YAAY,EACpB,MAAM,EAAE,YAAY,GACnB,MAAM,CAiBR"}

package/dist/formatters/index.js

@@ -0,0 +1,56 @@
+import { formatTerminal } from "./terminal.js";
+import { formatJson } from "./json.js";
+import { formatMarkdown } from "./markdown.js";
+export { renderReplay, renderReplayStatic, replayDataFromReport, createReplayCollector } from "./replay.js";
+export function formatReport(report, format) {
+    switch (format) {
+        case "terminal":
+            return formatTerminal(report);
+        case "json":
+            return formatJson(report);
+        case "markdown":
+            return formatMarkdown(report);
+    }
+}
+/**
+ * Format an audit report. Adapts AuditReport to ScanReport for reuse,
+ * but adds audit-specific header information.
+ */
+export function formatAuditReport(report, format) {
+    // Convert to ScanReport shape for formatters
+    const scanReport = {
+        target: `${report.package}@${report.version}`,
+        scanDepth: "deep",
+        startedAt: report.startedAt,
+        completedAt: report.completedAt,
+        durationMs: report.durationMs,
+        summary: report.summary,
+        findings: report.findings,
+        warnings: [],
+    };
+    if (format === "json") {
+        // For JSON, return the full audit report with extra fields
+        return JSON.stringify(report, null, 2);
+    }
+    return formatReport(scanReport, format);
+}
+/**
+ * Format a review report. Adapts ReviewReport to ScanReport for reuse.
+ */
+export function formatReviewReport(report, format) {
+    const scanReport = {
+        target: report.repo,
+        scanDepth: "deep",
+        startedAt: report.startedAt,
+        completedAt: report.completedAt,
+        durationMs: report.durationMs,
+        summary: report.summary,
+        findings: report.findings,
+        warnings: [],
+    };
+    if (format === "json") {
+        return JSON.stringify(report, null, 2);
+    }
+    return formatReport(scanReport, format);
+}
+//# sourceMappingURL=index.js.map

package/dist/formatters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/formatters/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAG5G,MAAM,UAAU,YAAY,CAAC,MAAkB,EAAE,MAAoB;IACnE,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,UAAU;YACb,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;QAChC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5B,KAAK,UAAU;YACb,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAmB,EACnB,MAAoB;IAEpB,6CAA6C;IAC7C,MAAM,UAAU,GAAe;QAC7B,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE;QAC7C,SAAS,EAAE,MAAM;QACjB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,2DAA2D;QAC3D,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAoB,EACpB,MAAoB;IAEpB,MAAM,UAAU,GAAe;QAC7B,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,SAAS,EAAE,MAAM;QACjB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAC1C,CAAC"}

package/dist/formatters/json.d.ts

@@ -0,0 +1,3 @@
+import type { ScanReport } from "@pwnkit/shared";
+export declare function formatJson(report: ScanReport): string;
+//# sourceMappingURL=json.d.ts.map

package/dist/formatters/json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.d.ts","sourceRoot":"","sources":["../../src/formatters/json.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEjD,wBAAgB,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAErD"}

package/dist/formatters/json.js

@@ -0,0 +1,4 @@
+export function formatJson(report) {
+    return JSON.stringify(report, null, 2);
+}
+//# sourceMappingURL=json.js.map

package/dist/formatters/json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.js","sourceRoot":"","sources":["../../src/formatters/json.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,UAAU,CAAC,MAAkB;IAC3C,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/formatters/markdown.d.ts

@@ -0,0 +1,3 @@
+import type { ScanReport } from "@pwnkit/shared";
+export declare function formatMarkdown(report: ScanReport): string;
+//# sourceMappingURL=markdown.d.ts.map

package/dist/formatters/markdown.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"markdown.d.ts","sourceRoot":"","sources":["../../src/formatters/markdown.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAW,MAAM,gBAAgB,CAAC;AAE1D,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAoDzD"}

package/dist/formatters/markdown.js

@@ -0,0 +1,90 @@
+export function formatMarkdown(report) {
+    const lines = [];
+    lines.push("# pwnkit Scan Report");
+    lines.push("");
+    lines.push(`| Field | Value |`);
+    lines.push(`|-------|-------|`);
+    lines.push(`| Target | ${report.target} |`);
+    lines.push(`| Depth | ${report.scanDepth} |`);
+    lines.push(`| Started | ${report.startedAt} |`);
+    lines.push(`| Duration | ${(report.durationMs / 1000).toFixed(1)}s |`);
+    lines.push("");
+    // Summary
+    lines.push("## Summary");
+    lines.push("");
+    lines.push(`- **Attacks:** ${report.summary.totalAttacks}`);
+    lines.push(`- **Findings:** ${report.summary.totalFindings}`);
+    if (report.summary.critical > 0)
+        lines.push(`- **Critical:** ${report.summary.critical}`);
+    if (report.summary.high > 0)
+        lines.push(`- **High:** ${report.summary.high}`);
+    if (report.summary.medium > 0)
+        lines.push(`- **Medium:** ${report.summary.medium}`);
+    if (report.summary.low > 0)
+        lines.push(`- **Low:** ${report.summary.low}`);
+    lines.push("");
+    if (report.warnings.length > 0) {
+        lines.push("## Warnings");
+        lines.push("");
+        for (const warning of report.warnings) {
+            lines.push(`- **${warning.stage}:** ${warning.message}`);
+        }
+        lines.push("");
+    }
+    // Findings
+    if (report.findings.length > 0) {
+        lines.push("## Findings");
+        lines.push("");
+        for (const finding of report.findings) {
+            lines.push(formatFinding(finding));
+        }
+    }
+    else {
+        lines.push(report.warnings.length > 0 ? "## No Confirmed Vulnerabilities" : "## No Vulnerabilities Found");
+        lines.push("");
+        lines.push(report.warnings.length > 0
+            ? "The scanner did not confirm vulnerabilities, but target validation or probe execution produced warnings."
+            : "The target passed all tests.");
+    }
+    return lines.join("\n");
+}
+function formatFinding(finding) {
+    const lines = [];
+    const badge = severityBadge(finding.severity);
+    lines.push(`### ${badge} ${finding.title}`);
+    lines.push("");
+    lines.push(`- **Category:** ${finding.category}`);
+    lines.push(`- **Status:** ${finding.status}`);
+    lines.push(`- **Description:** ${finding.description}`);
+    lines.push("");
+    if (finding.evidence.analysis) {
+        lines.push(`**Evidence:** ${finding.evidence.analysis}`);
+        lines.push("");
+    }
+    lines.push("<details>");
+    lines.push("<summary>Request / Response</summary>");
+    lines.push("");
+    lines.push("**Request:**");
+    lines.push("```");
+    lines.push(finding.evidence.request.slice(0, 500));
+    lines.push("```");
+    lines.push("");
+    lines.push("**Response:**");
+    lines.push("```");
+    lines.push(finding.evidence.response.slice(0, 500));
+    lines.push("```");
+    lines.push("</details>");
+    lines.push("");
+    return lines.join("\n");
+}
+function severityBadge(severity) {
+    const badges = {
+        critical: "[CRITICAL]",
+        high: "[HIGH]",
+        medium: "[MEDIUM]",
+        low: "[LOW]",
+        info: "[INFO]",
+    };
+    return badges[severity] ?? `[${severity.toUpperCase()}]`;
+}
+//# sourceMappingURL=markdown.js.map

package/dist/formatters/markdown.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"markdown.js","sourceRoot":"","sources":["../../src/formatters/markdown.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9E,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpF,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC3E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,KAAK,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,WAAW;IACX,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC;QAC3G,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YACxB,CAAC,CAAC,0GAA0G;YAC5G,CAAC,CAAC,8BAA8B,CACnC,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,OAAgB;IACrC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE9C,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxB,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,MAAM,GAA2B;QACrC,QAAQ,EAAE,YAAY;QACtB,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,UAAU;QAClB,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,QAAQ;KACf,CAAC;IACF,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC;AAC3D,CAAC"}

package/dist/formatters/replay.d.ts

@@ -0,0 +1,24 @@
+import type { ScanReport, Finding, AttackResult, TargetInfo } from "@pwnkit/shared";
+export interface ReplayData {
+    target: string;
+    targetInfo?: TargetInfo;
+    findings: Finding[];
+    attackResults?: AttackResult[];
+    summary: ScanReport["summary"];
+    durationMs: number;
+    warnings?: ScanReport["warnings"];
+}
+export declare function renderReplay(data: ReplayData): Promise<void>;
+export declare function renderReplayStatic(data: ReplayData): string;
+export interface ReplayCollector {
+    onEvent: (event: {
+        type: string;
+        stage?: string;
+        message: string;
+        data?: unknown;
+    }) => void;
+    getReplayData: () => ReplayData;
+}
+export declare function createReplayCollector(target: string): ReplayCollector;
+export declare function replayDataFromReport(report: ScanReport): ReplayData;
+//# sourceMappingURL=replay.d.ts.map

package/dist/formatters/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../../src/formatters/replay.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,UAAU,EAEX,MAAM,gBAAgB,CAAC;AAIxB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;CACnC;AA2TD,wBAAsB,YAAY,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBlE;AAID,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAiB3D;AAID,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,CAAC,KAAK,EAAE;QACf,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,KAAK,IAAI,CAAC;IACX,aAAa,EAAE,MAAM,UAAU,CAAC;CACjC;AAED,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CAkFrE;AAID,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,UAAU,GAAG,UAAU,CAQnE"}