relsec 0.1.0

package/dist/cli.js

@@ -0,0 +1,181 @@
+#!/usr/bin/env node
+import { fileURLToPath } from 'node:url';
+import path from 'node:path';
+import { listAdvisories, loadAdvisoriesFromFile } from './advisories.js';
+import { analyzeCveRelevance } from './engine.js';
+import { scanIocsInLogs } from './ioc.js';
+import { importOsvAdvisories } from './osv.js';
+import { renderJsonlReport, renderMarkdownReport, renderSarifReport } from './report.js';
+import { startInteractive } from './interactive.js';
+import { VERSION } from './version-info.js';
+export async function runCli(argv) {
+    const [command, ...rest] = argv;
+    if (!command || command === 'help' || command === '--help' || command === '-h')
+        return help();
+    if (command === 'version' || command === '--version' || command === '-v')
+        return `relevant ${VERSION}`;
+    if (command === 'advisories')
+        return runAdvisories(rest);
+    if (command === 'import')
+        return runImport(rest);
+    if (command === 'cve')
+        return runCve(rest);
+    if (command === 'ioc')
+        return runIoc(rest);
+    throw new Error(`Unknown command: ${command}\n\n${help()}`);
+}
+async function runImport(args) {
+    const [source, ...rest] = args;
+    if (source !== 'osv')
+        throw new Error('Usage: relevant import osv --workspace . --inventory security/inventory.json --output security/osv-advisories.json');
+    const options = parseOptions(rest);
+    const output = optionOne(options.output);
+    if (!output)
+        throw new Error('Usage: relevant import osv --workspace . --inventory security/inventory.json --output security/osv-advisories.json');
+    const workspace = path.resolve(optionOne(options.workspace) ?? '.');
+    const result = await importOsvAdvisories({
+        workspace,
+        inventoryPath: optionOne(options.inventory) ? path.resolve(optionOne(options.inventory) ?? '') : undefined,
+        outputPath: path.resolve(output),
+        apiUrl: optionOne(options['api-url'])
+    });
+    return `Imported ${result.advisories.length} OSV advisories for ${result.dependencyCount} dependencies to ${result.outputPath}.`;
+}
+async function runCve(args) {
+    const cveId = args[0];
+    if (!cveId || cveId.startsWith('--'))
+        throw new Error('Usage: relevant cve <CVE-ID> [--workspace .] [--inventory inventory.json] [--format json|markdown]');
+    const options = parseOptions(args.slice(1));
+    const workspace = path.resolve(optionOne(options.workspace) ?? '.');
+    const result = await analyzeCveRelevance({
+        workspace,
+        cveId,
+        inventoryPath: optionOne(options.inventory) ? path.resolve(optionOne(options.inventory) ?? '') : undefined,
+        advisoryPath: optionOne(options.advisories) ? path.resolve(optionOne(options.advisories) ?? '') : undefined
+    });
+    const format = parseFormat(optionOne(options.format) ?? 'text');
+    if (format === 'json')
+        return JSON.stringify(result, null, 2);
+    if (format === 'markdown')
+        return renderMarkdownReport(result);
+    if (format === 'jsonl')
+        return renderJsonlReport(result);
+    if (format === 'sarif')
+        return renderSarifReport(result);
+    return [
+        `${result.subject}: ${result.verdict} (${result.risk})`,
+        result.summary,
+        '',
+        'Evidence:',
+        ...result.evidence.map((item) => `- ${item}`),
+        '',
+        'Recommended actions:',
+        ...result.recommendedActions.map((item) => `- ${item}`)
+    ].join('\n');
+}
+async function runIoc(args) {
+    const options = parseOptions(args);
+    const indicators = optionOne(options.indicators);
+    if (!indicators)
+        throw new Error('Usage: relevant ioc --indicators indicators.txt --logs file.log [--logs another.log] [--format json]');
+    const logs = optionMany(options.logs);
+    if (!logs || logs.length === 0)
+        throw new Error('At least one --logs path is required.');
+    const result = await scanIocsInLogs({
+        indicatorsPath: path.resolve(indicators),
+        logPaths: logs.map((entry) => path.resolve(entry))
+    });
+    const format = parseFormat(optionOne(options.format) ?? 'text');
+    if (format === 'json')
+        return JSON.stringify(result, null, 2);
+    if (format === 'jsonl')
+        return [
+            JSON.stringify({ type: 'summary', totalMatches: result.totalMatches }),
+            ...result.matches.map((match) => JSON.stringify({
+                type: 'ioc_match',
+                indicator: match.indicator,
+                indicatorType: match.type,
+                file: match.file,
+                line: match.line,
+                text: match.text
+            }))
+        ].join('\n');
+    return [
+        `IOC matches: ${result.totalMatches}`,
+        ...result.matches.map((match) => `- ${match.indicator} (${match.type}) ${match.file}:${match.line}`)
+    ].join('\n');
+}
+async function runAdvisories(args) {
+    const options = parseOptions(args);
+    const file = optionOne(options.file);
+    const advisories = file ? await loadAdvisoriesFromFile(path.resolve(file)) : listAdvisories();
+    return JSON.stringify(advisories, null, 2);
+}
+function parseOptions(args) {
+    const result = {};
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (!arg?.startsWith('--'))
+            continue;
+        const key = arg.slice(2);
+        const value = args[i + 1];
+        if (!value || value.startsWith('--'))
+            throw new Error(`Missing value for --${key}`);
+        i++;
+        if (key === 'logs') {
+            const existing = result.logs;
+            result.logs = Array.isArray(existing) ? [...existing, value] : [value];
+        }
+        else {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+function parseFormat(value) {
+    const format = Array.isArray(value) ? value[0] : value;
+    if (format === 'json' || format === 'markdown' || format === 'text' || format === 'jsonl' || format === 'sarif')
+        return format;
+    throw new Error(`Unsupported format: ${format}`);
+}
+function optionOne(value) {
+    return Array.isArray(value) ? value[0] : value;
+}
+function optionMany(value) {
+    if (!value)
+        return [];
+    return Array.isArray(value) ? value : [value];
+}
+function help() {
+    return [
+        'relevant - prove whether security findings matter locally',
+        '',
+        'Commands:',
+        '  relevant cve <CVE-ID> --workspace . --inventory security/inventory.json --format json',
+        '  relevant ioc --indicators indicators.txt --logs auth.log --logs proxy.log --format json',
+        '  relevant import osv --workspace . --inventory security/inventory.json --output security/osv-advisories.json',
+        '  relevant advisories',
+        '  relevant version',
+        '  relevant                 start interactive command shell',
+        '',
+        'Formats: text, json, markdown, jsonl, sarif'
+    ].join('\n');
+}
+async function main() {
+    try {
+        if (process.argv.slice(2).length === 0 && process.stdin.isTTY && process.stdout.isTTY) {
+            await startInteractive();
+            return;
+        }
+        const output = await runCli(process.argv.slice(2));
+        process.stdout.write(output.endsWith('\n') ? output : `${output}\n`);
+    }
+    catch (error) {
+        process.stderr.write(`${error.message}\n`);
+        process.exitCode = 1;
+    }
+}
+const isDirect = process.argv[1] ? path.resolve(process.argv[1]) === fileURLToPath(import.meta.url) : false;
+if (isDirect)
+    void main();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAI5C,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAc;IACzC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,EAAE,CAAC;IAC9F,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,WAAW,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,YAAY,OAAO,EAAE,CAAC;IACvG,IAAI,OAAO,KAAK,YAAY;QAAE,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;IACzD,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;IACjD,IAAI,OAAO,KAAK,KAAK;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,OAAO,KAAK,KAAK;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,OAAO,IAAI,EAAE,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,IAAc;IACrC,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAC/B,IAAI,MAAM,KAAK,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC,CAAC;IAC5J,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC,CAAC;IACnJ,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACpE,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC;QACvC,SAAS;QACT,aAAa,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1G,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAChC,MAAM,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;KACtC,CAAC,CAAC;IACH,OAAO,YAAY,MAAM,CAAC,UAAU,CAAC,MAAM,uBAAuB,MAAM,CAAC,eAAe,oBAAoB,MAAM,CAAC,UAAU,GAAG,CAAC;AACnI,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAc;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACtB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,oGAAoG,CAAC,CAAC;IAC5J,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACpE,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC;QACvC,SAAS;QACT,KAAK;QACL,aAAa,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1G,YAAY,EAAE,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;KAC5G,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,CAAC;IAChE,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC9D,IAAI,MAAM,KAAK,UAAU;QAAE,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC/D,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzD,OAAO;QACL,GAAG,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,IAAI,GAAG;QACvD,MAAM,CAAC,OAAO;QACd,EAAE;QACF,WAAW;QACX,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7C,EAAE;QACF,sBAAsB;QACtB,GAAG,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;KACxD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAc;IAClC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,sGAAsG,CAAC,CAAC;IACzI,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACzF,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;QAClC,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QACxC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,KAAa,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;KAC3D,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,CAAC;IAChE,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC9D,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO;YAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;YACtE,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC9C,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,aAAa,EAAE,KAAK,CAAC,IAAI;gBACzB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,IAAI;aACjB,CAAC,CAAC;SACJ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACb,OAAO;QACL,gBAAgB,MAAM,CAAC,YAAY,EAAE;QACrC,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;KACrG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAc;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;IAC9F,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,YAAY,CAAC,IAAc;IAClC,MAAM,MAAM,GAAsC,EAAE,CAAC;IACrD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QACrC,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;QACpF,CAAC,EAAE,CAAC;QACJ,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YACnB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;YAC7B,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,KAAwB;IAC3C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACvD,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC;IAC/H,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,KAAoC;IACrD,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACjD,CAAC;AAED,SAAS,UAAU,CAAC,KAAoC;IACtD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,IAAI;IACX,OAAO;QACL,2DAA2D;QAC3D,EAAE;QACF,WAAW;QACX,yFAAyF;QACzF,2FAA2F;QAC3F,+GAA+G;QAC/G,uBAAuB;QACvB,oBAAoB;QACpB,4DAA4D;QAC5D,EAAE;QACF,6CAA6C;KAC9C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtF,MAAM,gBAAgB,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC;IACvE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAI,KAAe,CAAC,OAAO,IAAI,CAAC,CAAC;QACtD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5G,IAAI,QAAQ;IAAE,KAAK,IAAI,EAAE,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,15 @@
+export interface RelevantConfig {
+    schemaVersion: 1;
+    workspace?: string;
+    inventory?: string;
+    indicators?: string;
+    format?: 'text' | 'json' | 'markdown';
+    profiles?: Record<string, unknown>;
+    workspaces?: Record<string, string>;
+}
+export interface ValidationResult {
+    ok: boolean;
+    errors: string[];
+}
+export declare function migrateConfig(value: unknown): RelevantConfig;
+export declare function validateConfig(value: unknown): ValidationResult;

package/dist/config.js

@@ -0,0 +1,50 @@
+export function migrateConfig(value) {
+    const candidate = isRecord(value) ? value : {};
+    return {
+        schemaVersion: 1,
+        workspace: stringValue(candidate.workspace),
+        inventory: stringValue(candidate.inventory),
+        indicators: stringValue(candidate.indicators),
+        format: parseFormat(candidate.format),
+        profiles: isRecord(candidate.profiles) ? candidate.profiles : undefined,
+        workspaces: stringMap(candidate.workspaces)
+    };
+}
+export function validateConfig(value) {
+    const errors = [];
+    if (!isRecord(value))
+        return { ok: false, errors: ['config must be an object'] };
+    if (value.schemaVersion !== 1)
+        errors.push('schemaVersion must be 1');
+    if (value.workspace !== undefined && typeof value.workspace !== 'string')
+        errors.push('workspace must be a string');
+    if (value.inventory !== undefined && typeof value.inventory !== 'string')
+        errors.push('inventory must be a string');
+    if (value.indicators !== undefined && typeof value.indicators !== 'string')
+        errors.push('indicators must be a string');
+    if (value.format !== undefined && value.format !== 'text' && value.format !== 'json' && value.format !== 'markdown')
+        errors.push('format must be text, json, or markdown');
+    if (value.workspaces !== undefined && stringMap(value.workspaces) === undefined)
+        errors.push('workspaces must be a string map');
+    return { ok: errors.length === 0, errors };
+}
+function parseFormat(value) {
+    if (value === 'text' || value === 'json' || value === 'markdown')
+        return value;
+    return undefined;
+}
+function stringValue(value) {
+    return typeof value === 'string' ? value : undefined;
+}
+function stringMap(value) {
+    if (!isRecord(value))
+        return undefined;
+    const entries = Object.entries(value);
+    if (!entries.every(([, item]) => typeof item === 'string'))
+        return undefined;
+    return Object.fromEntries(entries);
+}
+function isRecord(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAeA,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC;QAC3C,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC;QAC7C,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACvE,UAAU,EAAE,SAAS,CAAC,SAAS,CAAC,UAAU,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,0BAA0B,CAAC,EAAE,CAAC;IACjF,IAAI,KAAK,CAAC,aAAa,KAAK,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACtE,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACpH,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACpH,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACvH,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,UAAU;QAAE,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC3K,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,SAAS;QAAE,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAChI,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,UAAU;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACvC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IAC7E,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,CAA2B,CAAC;AAC/D,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC"}

package/dist/engine.d.ts

@@ -0,0 +1,8 @@
+import type { RelevanceResult } from './types.js';
+export interface AnalyzeCveInput {
+    workspace: string;
+    cveId: string;
+    inventoryPath?: string;
+    advisoryPath?: string;
+}
+export declare function analyzeCveRelevance(input: AnalyzeCveInput): Promise<RelevanceResult>;

package/dist/engine.js

@@ -0,0 +1,76 @@
+import path from 'node:path';
+import { findAdvisory, loadAdvisoriesFromFile } from './advisories.js';
+import { loadInventory } from './inventory.js';
+import { findDependency } from './manifests.js';
+import { analyzeReachability } from './reachability.js';
+import { satisfiesVulnerableRange } from './version.js';
+export async function analyzeCveRelevance(input) {
+    const importedAdvisories = input.advisoryPath ? await loadAdvisoriesFromFile(input.advisoryPath) : [];
+    const advisory = findAdvisory(input.cveId, importedAdvisories);
+    if (!advisory) {
+        return {
+            subject: input.cveId,
+            verdict: 'unknown',
+            risk: 'unknown',
+            summary: 'No local advisory knowledge is available. Import an advisory, SBOM, or scanner finding to assess relevance.',
+            affectedComponents: [],
+            evidence: [`No local advisory record for ${input.cveId}.`],
+            recommendedActions: ['Fetch authoritative advisory details and rerun with a local advisory file.']
+        };
+    }
+    const inventory = await loadInventory(input.inventoryPath);
+    const vulnerableServices = [];
+    const evidence = [];
+    for (const service of inventory.services) {
+        const dependency = await findDependency(input.workspace, service, advisory);
+        if (!dependency)
+            continue;
+        if (!satisfiesVulnerableRange(dependency.version, advisory.vulnerableRange, advisory.ecosystem))
+            continue;
+        vulnerableServices.push(service);
+        const manifestPath = path.relative(input.workspace, path.resolve(process.cwd(), dependency.manifestPath)).replaceAll('\\', '/');
+        evidence.push(`Found ${dependency.packageName} ${dependency.version} in ${manifestPath || dependency.manifestPath}.`);
+        const reachability = await analyzeReachability(input.workspace, service, advisory.vulnerableSymbols);
+        if (reachability.reachable) {
+            evidence.push(...reachability.evidence);
+        }
+        else {
+            evidence.push(`vulnerable symbol not referenced in ${service.path}.`);
+        }
+        if (service.exposure === 'internet') {
+            evidence.push(`${service.name} has public ingress: ${(service.ingress ?? []).join(', ') || 'internet exposed'}.`);
+        }
+        else {
+            evidence.push(`${service.name} is ${service.exposure === 'internal' ? 'internal-only' : service.exposure}.`);
+        }
+    }
+    if (vulnerableServices.length === 0) {
+        return {
+            subject: advisory.id,
+            verdict: 'not_relevant',
+            risk: 'low',
+            summary: `No vulnerable ${advisory.packageName} version was found in the supplied inventory.`,
+            affectedComponents: [],
+            evidence: [`No affected ${advisory.packageName} dependency matched ${advisory.vulnerableRange}.`],
+            recommendedActions: ['Keep dependency inventory current and rerun when new services are added.']
+        };
+    }
+    const anyReachable = evidence.some((item) => item.startsWith('Reachable symbol'));
+    const anyInternet = vulnerableServices.some((service) => service.exposure === 'internet');
+    const verdict = anyReachable && anyInternet ? 'relevant' : 'not_relevant';
+    const risk = verdict === 'relevant' ? 'critical' : anyReachable ? 'medium' : 'low';
+    return {
+        subject: advisory.id,
+        verdict,
+        risk,
+        summary: verdict === 'relevant'
+            ? `${advisory.title}: vulnerable package is reachable from an externally exposed service.`
+            : `${advisory.title}: vulnerable version exists, but current evidence does not show reachable exposed risk.`,
+        affectedComponents: vulnerableServices.map((service) => service.name),
+        evidence,
+        recommendedActions: verdict === 'relevant'
+            ? advisory.recommendedActions
+            : ['Track as accepted risk or patch in the next maintenance window.', ...advisory.recommendedActions.slice(0, 1)]
+    };
+}
+//# sourceMappingURL=engine.js.map

package/dist/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AASxD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAAsB;IAC9D,MAAM,kBAAkB,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,sBAAsB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACtG,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;IAC/D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,KAAK;YACpB,OAAO,EAAE,SAAS;YAClB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,6GAA6G;YACtH,kBAAkB,EAAE,EAAE;YACtB,QAAQ,EAAE,CAAC,gCAAgC,KAAK,CAAC,KAAK,GAAG,CAAC;YAC1D,kBAAkB,EAAE,CAAC,4EAA4E,CAAC;SACnG,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAC3D,MAAM,kBAAkB,GAAG,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC5E,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAC,SAAS,CAAC;YAAE,SAAS;QAE1G,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAChI,QAAQ,CAAC,IAAI,CAAC,SAAS,UAAU,CAAC,WAAW,IAAI,UAAU,CAAC,OAAO,OAAO,YAAY,IAAI,UAAU,CAAC,YAAY,GAAG,CAAC,CAAC;QAEtH,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACrG,IAAI,YAAY,CAAC,SAAS,EAAE,CAAC;YAC3B,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,uCAAuC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;YACpC,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,wBAAwB,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,GAAG,CAAC,CAAC;QACpH,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC/G,CAAC;IACH,CAAC;IAED,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO;YACL,OAAO,EAAE,QAAQ,CAAC,EAAE;YACpB,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,iBAAiB,QAAQ,CAAC,WAAW,+CAA+C;YAC7F,kBAAkB,EAAE,EAAE;YACtB,QAAQ,EAAE,CAAC,eAAe,QAAQ,CAAC,WAAW,uBAAuB,QAAQ,CAAC,eAAe,GAAG,CAAC;YACjG,kBAAkB,EAAE,CAAC,0EAA0E,CAAC;SACjG,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAClF,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IAC1F,MAAM,OAAO,GAAG,YAAY,IAAI,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC;IAC1E,MAAM,IAAI,GAAG,OAAO,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;IAEnF,OAAO;QACL,OAAO,EAAE,QAAQ,CAAC,EAAE;QACpB,OAAO;QACP,IAAI;QACJ,OAAO,EAAE,OAAO,KAAK,UAAU;YAC7B,CAAC,CAAC,GAAG,QAAQ,CAAC,KAAK,uEAAuE;YAC1F,CAAC,CAAC,GAAG,QAAQ,CAAC,KAAK,yFAAyF;QAC9G,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QACrE,QAAQ;QACR,kBAAkB,EAAE,OAAO,KAAK,UAAU;YACxC,CAAC,CAAC,QAAQ,CAAC,kBAAkB;YAC7B,CAAC,CAAC,CAAC,iEAAiE,EAAE,GAAG,QAAQ,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;KACpH,CAAC;AACJ,CAAC"}

package/dist/interactive.d.ts

@@ -0,0 +1,58 @@
+import type { RelevanceResult } from './types.js';
+declare const MODULES: readonly ["cve", "ioc", "exposure", "sbom", "secrets", "cloudtrail", "auth", "yara", "sigma", "asset", "vuln", "hunt"];
+type InteractiveModule = typeof MODULES[number];
+export interface InteractiveSessionOptions {
+    workspace?: string;
+    inventory?: string;
+    indicators?: string;
+    advisories?: string;
+    format?: 'text' | 'json' | 'markdown';
+    configPath?: string;
+    historyPath?: string;
+    shellRunner?: (command: string) => Promise<string>;
+}
+export interface InteractiveSession {
+    workspace: string;
+    inventory?: string;
+    indicators?: string;
+    advisories?: string;
+    format: 'text' | 'json' | 'markdown';
+    configPath: string;
+    historyPath: string;
+    lastResult?: RelevanceResult;
+    lastOutput?: string;
+    module?: InteractiveModule;
+    cve?: string;
+    logs: string[];
+    logdir?: string;
+    logglob: string;
+    target?: string;
+    rule?: string;
+    sessions: Array<{
+        id: number;
+        kind: string;
+        subject: string;
+        output: string;
+    }>;
+    profiles: Record<string, SessionProfile>;
+    workspaces: Record<string, string>;
+    shouldExit: boolean;
+    shellRunner: (command: string) => Promise<string>;
+}
+interface SessionProfile {
+    workspace: string;
+    inventory?: string;
+    indicators?: string;
+    advisories?: string;
+    format: 'text' | 'json' | 'markdown';
+    logs: string[];
+    logdir?: string;
+    logglob: string;
+}
+export declare function createInteractiveSession(options?: InteractiveSessionOptions): InteractiveSession;
+export declare function executeInteractiveCommand(session: InteractiveSession, line: string): Promise<string>;
+export declare function startInteractive(session?: InteractiveSession): Promise<void>;
+export declare function recordHistory(session: InteractiveSession, line: string): Promise<void>;
+export declare function completeInteractiveLine(session: InteractiveSession, line: string): [string[], string];
+export declare function createCyclingCompleter(session: InteractiveSession): (line: string) => [string[], string];
+export {};