relsec 0.1.0

package/dist/security-modules.js

@@ -0,0 +1,126 @@
+import { readdir, readFile, stat } from 'node:fs/promises';
+import path from 'node:path';
+import { loadInventory, serviceRoot } from './inventory.js';
+import { discoverDependencies } from './manifests.js';
+const SKIP_DIRS = new Set(['.git', 'node_modules', 'dist', 'build', '.next', 'coverage']);
+export async function scanExposure(input) {
+    const inventory = await loadInventory(input.inventory);
+    const exposed = inventory.services.filter((service) => service.exposure === 'internet' || service.exposure === 'partner');
+    return [
+        'Exposure findings',
+        ...exposed.map((service) => `- ${service.name} ${service.exposure} ${service.ingress?.join(', ') ?? ''}`),
+        ...(exposed.length === 0 ? ['- no externally exposed services found'] : [])
+    ].join('\n');
+}
+export async function scanSbom(input) {
+    const inventory = await loadInventory(input.inventory);
+    const rows = [];
+    for (const service of inventory.services) {
+        const deps = await discoverDependencies(serviceRoot(input.workspace, service.path));
+        rows.push(...deps.map((dep) => `- ${service.name} ${dep.name}@${dep.version} ${dep.manifestPath}`));
+    }
+    return ['SBOM inventory', ...(rows.length > 0 ? rows : ['- no dependencies found'])].join('\n');
+}
+export async function scanSecrets(input) {
+    const root = path.resolve(input.target ?? input.workspace);
+    const files = await walkFiles(root);
+    const findings = [];
+    const patterns = [
+        /AWS_SECRET_ACCESS_KEY\s*=\s*([A-Z0-9/+=]{16,})/i,
+        /AKIA[0-9A-Z]{16}/,
+        /(api[_-]?key|token|secret)\s*[:=]\s*['"]?([A-Za-z0-9_./+=-]{16,})/i
+    ];
+    for (const file of files) {
+        const text = await safeRead(file);
+        if (!text)
+            continue;
+        text.split(/\r?\n/).forEach((line, index) => {
+            for (const pattern of patterns) {
+                if (pattern.test(line))
+                    findings.push(`- ${file}:${index + 1} ${redact(line.trim())}`);
+            }
+        });
+    }
+    return ['Secret scan', ...(findings.length > 0 ? findings : ['- no obvious secrets found'])].join('\n');
+}
+export async function scanCloudTrail(input) {
+    return scanLogs(input.logs, 'CloudTrail findings', [/ConsoleLogin/i, /AccessDenied/i, /AssumeRole/i, /CreateAccessKey/i]);
+}
+export async function scanAuth(input) {
+    return scanLogs(input.logs, 'Auth findings', [/203\.0\.113\.77/, /failed/i, /impossible travel/i, /MFA/i]);
+}
+export async function scanYara(input) {
+    if (!input.rule)
+        return 'set rule <file> first';
+    const ruleText = await readFile(input.rule, 'utf8');
+    const ruleName = ruleText.match(/rule\s+([A-Za-z0-9_]+)/)?.[1] ?? path.basename(input.rule);
+    const literals = [...ruleText.matchAll(/=\s*"([^"]+)"/g)].map((match) => match[1]).filter(Boolean);
+    const matches = await matchLiterals(input.logs, literals);
+    return [`YARA ${ruleName}`, ...(matches.length > 0 ? matches : ['- no matches'])].join('\n');
+}
+export async function scanSigma(input) {
+    if (!input.rule)
+        return 'set rule <file> first';
+    const ruleText = await readFile(input.rule, 'utf8');
+    const title = ruleText.match(/^title:\s*(.+)$/m)?.[1]?.trim() ?? path.basename(input.rule);
+    const literals = [...ruleText.matchAll(/-\s*([A-Za-z0-9_.:-]+\.[A-Za-z0-9_.:-]+)/g)].map((match) => match[1]).filter(Boolean);
+    const matches = await matchLiterals(input.logs, literals);
+    return [`Sigma ${title}`, ...(matches.length > 0 ? matches : ['- no matches'])].join('\n');
+}
+async function scanLogs(logs, title, patterns) {
+    const findings = [];
+    for (const log of logs) {
+        const text = await safeRead(log);
+        if (!text)
+            continue;
+        text.split(/\r?\n/).forEach((line, index) => {
+            if (patterns.some((pattern) => pattern.test(line)))
+                findings.push(`- ${log}:${index + 1} ${line.trim()}`);
+        });
+    }
+    return [title, ...(findings.length > 0 ? findings : ['- no findings'])].join('\n');
+}
+async function matchLiterals(files, literals) {
+    const findings = [];
+    for (const file of files) {
+        const text = await safeRead(file);
+        if (!text)
+            continue;
+        text.split(/\r?\n/).forEach((line, index) => {
+            for (const literal of literals) {
+                if (literal && line.includes(literal))
+                    findings.push(`- ${file}:${index + 1} ${literal}`);
+            }
+        });
+    }
+    return findings;
+}
+async function walkFiles(root) {
+    const current = await stat(root);
+    if (current.isFile())
+        return [root];
+    const entries = await readdir(root, { withFileTypes: true });
+    const files = [];
+    for (const entry of entries) {
+        if (entry.isDirectory() && SKIP_DIRS.has(entry.name))
+            continue;
+        const full = path.join(root, entry.name);
+        if (entry.isDirectory())
+            files.push(...await walkFiles(full));
+        else if (entry.isFile())
+            files.push(full);
+    }
+    return files;
+}
+async function safeRead(file) {
+    try {
+        return await readFile(file, 'utf8');
+    }
+    catch {
+        return undefined;
+    }
+}
+function redact(value) {
+    return value.replace(/(=|:\s*['"]?)([A-Za-z0-9/+=_-]{8})[A-Za-z0-9/+=_-]{8,}/g, '$1$2…');
+}
+//# sourceMappingURL=security-modules.js.map

package/dist/security-modules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-modules.js","sourceRoot":"","sources":["../src/security-modules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAEtD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;AAU1F,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAsB;IACvD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAC1H,OAAO;QACL,mBAAmB;QACnB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACzG,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,wCAAwC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAAsB;IACnD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACvD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IACtG,CAAC;IACD,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAsB;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG;QACf,iDAAiD;QACjD,kBAAkB;QAClB,oEAAoE;KACrE,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC1C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YACzF,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1G,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAsB;IACzD,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,EAAE,CAAC,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAC5H,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAAsB;IACnD,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,CAAC,iBAAiB,EAAE,SAAS,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC,CAAC;AAC7G,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAAsB;IACnD,IAAI,CAAC,KAAK,CAAC,IAAI;QAAE,OAAO,uBAAuB,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5F,MAAM,QAAQ,GAAG,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnG,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC1D,OAAO,CAAC,QAAQ,QAAQ,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,KAAsB;IACpD,IAAI,CAAC,KAAK,CAAC,IAAI;QAAE,OAAO,uBAAuB,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3F,MAAM,QAAQ,GAAG,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,2CAA2C,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9H,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC1D,OAAO,CAAC,SAAS,KAAK,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7F,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,IAAc,EAAE,KAAa,EAAE,QAAkB;IACvE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC1C,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC5G,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACrF,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,KAAe,EAAE,QAAkB;IAC9D,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC1C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,IAAY;IACnC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,MAAM,EAAE;QAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,KAAK,CAAC,WAAW,EAAE;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;aACzD,IAAI,KAAK,CAAC,MAAM,EAAE;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,IAAY;IAClC,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,yDAAyD,EAAE,OAAO,CAAC,CAAC;AAC3F,CAAC"}

package/dist/theme.d.ts

@@ -0,0 +1,43 @@
+import type { IocScanResult } from './ioc.js';
+import type { RelevanceResult } from './types.js';
+export declare const colors: {
+    reset: string;
+    bold: string;
+    dim: string;
+    green: string;
+    yellow: string;
+    red: string;
+    blue: string;
+    mauve: string;
+    teal: string;
+    text: string;
+    muted: string;
+};
+export declare function renderBanner(input: {
+    workspace: string;
+    inventory?: string;
+}): string;
+export declare function renderResultCard(result: RelevanceResult): string;
+export declare function renderIocSummary(result: IocScanResult): string;
+export declare function renderStatus(input: {
+    workspace: string;
+    inventory?: string;
+    indicators?: string;
+    format: string;
+    lastResult?: RelevanceResult;
+}): string;
+export declare function renderHelp(): string;
+export declare function renderOptions(input: {
+    workspace: string;
+    inventory?: string;
+    indicators?: string;
+    format: string;
+    module?: string;
+    cve?: string;
+    logs: string[];
+}): string;
+export declare function renderSet(key: string, value: string): string;
+export declare function renderOk(message: string): string;
+export declare function renderError(message: string): string;
+export declare function prompt(module?: string): string;
+export declare function stripAnsi(value: string): string;

package/dist/theme.js

@@ -0,0 +1,191 @@
+export const colors = {
+    reset: '\x1b[0m',
+    bold: '\x1b[1m',
+    dim: '\x1b[2m',
+    green: '\x1b[38;2;166;227;161m',
+    yellow: '\x1b[38;2;249;226;175m',
+    red: '\x1b[38;2;243;139;168m',
+    blue: '\x1b[38;2;137;180;250m',
+    mauve: '\x1b[38;2;203;166;247m',
+    teal: '\x1b[38;2;148;226;213m',
+    text: '\x1b[38;2;205;214;244m',
+    muted: '\x1b[38;2;127;132;156m'
+};
+export function renderBanner(input) {
+    const width = 76;
+    return [
+        `${colors.red}${colors.bold}          __                     __${colors.reset}`,
+        `${colors.red}${colors.bold}   _____ / /__ _   __ ___ _ ____ / /_${colors.reset}`,
+        `${colors.red}${colors.bold}  / ___// //_/| | / // _ \`// __// __/${colors.reset}`,
+        `${colors.red}${colors.bold} / /   / ,<   | |/ //  __// /  / /_${colors.reset}`,
+        `${colors.red}${colors.bold}/_/   /_/|_|  |___/ \\___//_/   \\__/${colors.reset}`,
+        `${colors.muted}        relevant console · local-first security relevance${colors.reset}`,
+        `${colors.muted}${'─'.repeat(width)}${colors.reset}`,
+        `${colors.muted}workspace ${colors.reset}${colors.text}${input.workspace}${colors.reset}`,
+        `${colors.muted}inventory ${colors.reset}${colors.text}${input.inventory ?? 'not set'}${colors.reset}`,
+        `${colors.muted}${'─'.repeat(width)}${colors.reset}`,
+        `${colors.muted}type ${colors.yellow}help${colors.muted} for commands, ${colors.yellow}exit${colors.muted} to quit${colors.reset}`,
+        ''
+    ].join('\n');
+}
+export function renderResultCard(result) {
+    const badge = verdictBadge(result.verdict);
+    const risk = riskBadge(result.risk);
+    return [
+        `${colors.bold}${colors.text}${result.subject}${colors.reset}  ${badge} ${risk}`,
+        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
+        wrap(result.summary, 76),
+        '',
+        `${colors.blue}${colors.bold}Affected${colors.reset}`,
+        ...(result.affectedComponents.length > 0
+            ? result.affectedComponents.map((component) => `  ${colors.muted}•${colors.reset} ${component}`)
+            : [`  ${colors.muted}• none${colors.reset}`]),
+        '',
+        `${colors.blue}${colors.bold}Evidence${colors.reset}`,
+        ...result.evidence.map((item) => `  ${colors.muted}•${colors.reset} ${item}`),
+        '',
+        `${colors.blue}${colors.bold}Actions${colors.reset}`,
+        ...result.recommendedActions.map((item) => `  ${colors.muted}•${colors.reset} ${item}`)
+    ].join('\n');
+}
+export function renderIocSummary(result) {
+    return [
+        `${colors.bold}${colors.text}IOC matches${colors.reset}  ${riskBadge(result.totalMatches > 0 ? 'high' : 'low')} ${result.totalMatches}`,
+        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
+        ...(result.matches.length > 0
+            ? result.matches.map((match) => `  ${colors.muted}•${colors.reset} ${colors.yellow}${match.indicator}${colors.reset} ${colors.muted}${match.type}${colors.reset} ${match.file}:${match.line}`)
+            : [`  ${colors.muted}• no indicators matched${colors.reset}`])
+    ].join('\n');
+}
+export function renderStatus(input) {
+    return table([
+        ['workspace', input.workspace],
+        ['inventory', input.inventory ?? 'not set'],
+        ['indicators', input.indicators ?? 'not set'],
+        ['format', input.format],
+        ['last', input.lastResult?.subject ?? 'none']
+    ]);
+}
+export function renderHelp() {
+    return [
+        `${colors.bold}${colors.text}Interactive commands${colors.reset}`,
+        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
+        table([
+            ['set workspace <path>', 'set repo/environment root'],
+            ['set inventory <path>', 'set service exposure inventory'],
+            ['set indicators <path>', 'set IOC list'],
+            ['set format <text|json|markdown>', 'change output mode'],
+            ['set logdir <dir> / set logglob <glob>', 'discover log files for hunts'],
+            ['set target <path> / set rule <path>', 'set target/rule for scanner modules'],
+            ['use <module>', 'select cve/ioc/exposure/sbom/secrets/cloudtrail/auth/yara/sigma'],
+            ['show options/modules/advisories', 'inspect console state'],
+            ['run', 'execute selected module'],
+            ['back', 'clear selected module'],
+            ['cve <CVE-ID>', 'scan using current workspace/inventory'],
+            ['scan <CVE-ID>', 'alias for cve'],
+            ['ioc <log> [more logs]', 'scan logs using current indicators'],
+            ['explain / evidence / actions', 'inspect last CVE result'],
+            ['export markdown <file>', 'write last result as Markdown'],
+            ['export json <file>', 'write last result as JSON'],
+            ['config save | config show', 'persist or inspect defaults'],
+            ['profile save/use/list', 'save and restore console profiles'],
+            ['workspace add/use/list', 'manage named workspaces'],
+            ['sessions / session show <id>', 'revisit previous scan output'],
+            ['clear | cls', 'clear the terminal screen'],
+            ['!<command>', 'run shell command'],
+            ['exit', 'quit']
+        ])
+    ].join('\n');
+}
+export function renderOptions(input) {
+    const rows = [
+        ['WORKSPACE', input.workspace, 'repo/environment root'],
+        ['FORMAT', input.format, 'output format']
+    ];
+    if (input.module === 'cve') {
+        rows.push(['INVENTORY', input.inventory ?? 'not set', 'service exposure inventory']);
+        rows.push(['CVE', input.cve ?? 'not set', 'CVE identifier']);
+    }
+    else if (input.module === 'ioc') {
+        rows.push(['INDICATORS', input.indicators ?? 'not set', 'IOC file']);
+        rows.push(['LOGS', input.logs.length > 0 ? input.logs.join(', ') : 'not set', 'log files']);
+    }
+    else {
+        rows.push(['MODULE', 'not set', 'use cve | use ioc']);
+    }
+    return [
+        `${colors.bold}${colors.text}Module options${colors.reset} ${colors.muted}${input.module ? `(${input.module})` : ''}${colors.reset}`,
+        `${colors.muted}${'─'.repeat(76)}${colors.reset}`,
+        optionTable(rows)
+    ].join('\n');
+}
+export function renderSet(key, value) {
+    return `${colors.green}✓${colors.reset} ${colors.muted}${key}${colors.reset} = ${colors.text}${value}${colors.reset}`;
+}
+export function renderOk(message) {
+    return `${colors.green}✓${colors.reset} ${message}`;
+}
+export function renderError(message) {
+    return `${colors.red}error${colors.reset}: ${message}`;
+}
+export function prompt(module) {
+    const head = module ? `rel(${module})` : 'rel';
+    return `${colors.red}${head}${colors.reset} ${colors.muted}>${colors.reset} `;
+}
+export function stripAnsi(value) {
+    return value.replace(/\x1b\[[0-9;]*m/g, '');
+}
+function verdictBadge(verdict) {
+    if (verdict === 'relevant')
+        return `${colors.red}${colors.bold}RELEVANT${colors.reset}`;
+    if (verdict === 'not_relevant')
+        return `${colors.green}${colors.bold}NOT RELEVANT${colors.reset}`;
+    return `${colors.yellow}${colors.bold}UNKNOWN${colors.reset}`;
+}
+function riskBadge(risk) {
+    if (risk === 'critical' || risk === 'high')
+        return `${colors.red}${colors.bold}${risk.toUpperCase()}${colors.reset}`;
+    if (risk === 'medium')
+        return `${colors.yellow}${colors.bold}MEDIUM${colors.reset}`;
+    if (risk === 'low')
+        return `${colors.green}${colors.bold}LOW${colors.reset}`;
+    return `${colors.yellow}${colors.bold}UNKNOWN${colors.reset}`;
+}
+function table(rows) {
+    const keyWidth = Math.max(...rows.map(([key]) => key.length));
+    return rows
+        .map(([key, value]) => `  ${colors.muted}${key.padEnd(keyWidth)}${colors.reset}  ${colors.text}${value}${colors.reset}`)
+        .join('\n');
+}
+function optionTable(rows) {
+    const nameWidth = Math.max('Name'.length, ...rows.map(([name]) => name.length));
+    const valueWidth = Math.min(36, Math.max('Current Setting'.length, ...rows.map(([, value]) => stripAnsi(value).length)));
+    const header = `  ${colors.muted}${'Name'.padEnd(nameWidth)}  ${'Current Setting'.padEnd(valueWidth)}  Description${colors.reset}`;
+    const divider = `  ${colors.muted}${'-'.repeat(nameWidth)}  ${'-'.repeat(valueWidth)}  ${'-'.repeat(28)}${colors.reset}`;
+    const body = rows.map(([name, value, description]) => `  ${colors.text}${name.padEnd(nameWidth)}${colors.reset}  ${colors.yellow}${truncate(value, valueWidth).padEnd(valueWidth)}${colors.reset}  ${colors.muted}${description}${colors.reset}`);
+    return [header, divider, ...body].join('\n');
+}
+function truncate(value, max) {
+    const plain = stripAnsi(value);
+    if (plain.length <= max)
+        return value;
+    return `${plain.slice(0, Math.max(1, max - 1))}…`;
+}
+function wrap(value, width) {
+    const words = value.split(/\s+/);
+    const lines = [];
+    let current = '';
+    for (const word of words) {
+        if ((current + ' ' + word).trim().length > width) {
+            lines.push(current);
+            current = word;
+        }
+        else {
+            current = `${current} ${word}`.trim();
+        }
+    }
+    if (current)
+        lines.push(current);
+    return lines.join('\n');
+}
+//# sourceMappingURL=theme.js.map

package/dist/theme.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"theme.js","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,KAAK,EAAE,SAAS;IAChB,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,SAAS;IACd,KAAK,EAAE,wBAAwB;IAC/B,MAAM,EAAE,wBAAwB;IAChC,GAAG,EAAE,wBAAwB;IAC7B,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,wBAAwB;IAC/B,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,wBAAwB;CAChC,CAAC;AAEF,MAAM,UAAU,YAAY,CAAC,KAAgD;IAC3E,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,OAAO;QACL,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,sCAAsC,MAAM,CAAC,KAAK,EAAE;QAC/E,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,wCAAwC,MAAM,CAAC,KAAK,EAAE;QACjF,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,yCAAyC,MAAM,CAAC,KAAK,EAAE;QAClF,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,sCAAsC,MAAM,CAAC,KAAK,EAAE;QAC/E,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,wCAAwC,MAAM,CAAC,KAAK,EAAE;QACjF,GAAG,MAAM,CAAC,KAAK,4DAA4D,MAAM,CAAC,KAAK,EAAE;QACzF,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACpD,GAAG,MAAM,CAAC,KAAK,aAAa,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE;QACzF,GAAG,MAAM,CAAC,KAAK,aAAa,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,SAAS,IAAI,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE;QACtG,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACpD,GAAG,MAAM,CAAC,KAAK,QAAQ,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,kBAAkB,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,WAAW,MAAM,CAAC,KAAK,EAAE;QAClI,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAuB;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,KAAK,KAAK,IAAI,IAAI,EAAE;QAChF,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;QACxB,EAAE;QACF,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE;QACrD,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC;YACtC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC;YAChG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,KAAK,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/C,EAAE;QACF,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE;QACrD,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7E,EAAE;QACF,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE;QACpD,GAAG,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;KACxF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,cAAc,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE;QACvI,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAC3B,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YAC9L,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,KAAK,0BAA0B,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;KACjE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAM5B;IACC,OAAO,KAAK,CAAC;QACX,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;QAC9B,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QAC3C,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;QAC7C,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;QACxB,CAAC,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,OAAO,IAAI,MAAM,CAAC;KAC9C,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,uBAAuB,MAAM,CAAC,KAAK,EAAE;QACjE,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,KAAK,CAAC;YACJ,CAAC,sBAAsB,EAAE,2BAA2B,CAAC;YACrD,CAAC,sBAAsB,EAAE,gCAAgC,CAAC;YAC1D,CAAC,uBAAuB,EAAE,cAAc,CAAC;YACzC,CAAC,iCAAiC,EAAE,oBAAoB,CAAC;YACzD,CAAC,uCAAuC,EAAE,8BAA8B,CAAC;YACzE,CAAC,qCAAqC,EAAE,qCAAqC,CAAC;YAC9E,CAAC,cAAc,EAAE,iEAAiE,CAAC;YACnF,CAAC,iCAAiC,EAAE,uBAAuB,CAAC;YAC5D,CAAC,KAAK,EAAE,yBAAyB,CAAC;YAClC,CAAC,MAAM,EAAE,uBAAuB,CAAC;YACjC,CAAC,cAAc,EAAE,wCAAwC,CAAC;YAC1D,CAAC,eAAe,EAAE,eAAe,CAAC;YAClC,CAAC,uBAAuB,EAAE,oCAAoC,CAAC;YAC/D,CAAC,8BAA8B,EAAE,yBAAyB,CAAC;YAC3D,CAAC,wBAAwB,EAAE,+BAA+B,CAAC;YAC3D,CAAC,oBAAoB,EAAE,2BAA2B,CAAC;YACnD,CAAC,2BAA2B,EAAE,6BAA6B,CAAC;YAC5D,CAAC,uBAAuB,EAAE,mCAAmC,CAAC;YAC9D,CAAC,wBAAwB,EAAE,yBAAyB,CAAC;YACrD,CAAC,8BAA8B,EAAE,8BAA8B,CAAC;YAChE,CAAC,aAAa,EAAE,2BAA2B,CAAC;YAC5C,CAAC,YAAY,EAAE,mBAAmB,CAAC;YACnC,CAAC,MAAM,EAAE,MAAM,CAAC;SACjB,CAAC;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAQ7B;IACC,MAAM,IAAI,GAAoC;QAC5C,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC;QACvD,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,eAAe,CAAC;KAC1C,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS,EAAE,4BAA4B,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,IAAI,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;IAC9F,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO;QACL,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,iBAAiB,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE;QACpI,GAAG,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE;QACjD,WAAW,CAAC,IAAI,CAAC;KAClB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,GAAW,EAAE,KAAa;IAClD,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,GAAG,GAAG,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;AACxH,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,OAAO,EAAE,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,OAAO,GAAG,MAAM,CAAC,GAAG,QAAQ,MAAM,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,MAAe;IACpC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/C,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACnC,IAAI,OAAO,KAAK,UAAU;QAAE,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,WAAW,MAAM,CAAC,KAAK,EAAE,CAAC;IACxF,IAAI,OAAO,KAAK,cAAc;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,eAAe,MAAM,CAAC,KAAK,EAAE,CAAC;IAClG,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACrH,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACpF,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IAC7E,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,KAAK,CAAC,IAA6B;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,OAAO,IAAI;SACR,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;SACvH,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,IAAqC;IACxD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACzH,MAAM,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,iBAAiB,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,MAAM,CAAC,KAAK,EAAE,CAAC;IACnI,MAAM,OAAO,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACzH,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,EAAE,CACnD,KAAK,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,GAAG,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,CAC3L,CAAC;IACF,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAW;IAC1C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AACpD,CAAC;AAED,SAAS,IAAI,CAAC,KAAa,EAAE,KAAa;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,GAAG,OAAO,IAAI,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,37 @@
+export type Verdict = 'relevant' | 'not_relevant' | 'unknown';
+export type Risk = 'critical' | 'high' | 'medium' | 'low' | 'unknown';
+export interface AdvisoryRecord {
+    id: string;
+    title: string;
+    ecosystem: 'npm' | 'pypi';
+    packageName: string;
+    vulnerableRange: string;
+    fixedVersion?: string;
+    vulnerableSymbols: string[];
+    summary: string;
+    recommendedActions: string[];
+}
+export interface ServiceInventory {
+    name: string;
+    path: string;
+    exposure: 'internet' | 'partner' | 'internal' | 'unknown';
+    ingress?: string[];
+}
+export interface Inventory {
+    services: ServiceInventory[];
+}
+export interface DependencyFinding {
+    service: ServiceInventory;
+    packageName: string;
+    version: string;
+    manifestPath: string;
+}
+export interface RelevanceResult {
+    subject: string;
+    verdict: Verdict;
+    risk: Risk;
+    summary: string;
+    affectedComponents: string[];
+    evidence: string[];
+    recommendedActions: string[];
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/version-info.d.ts

@@ -0,0 +1 @@
+export declare const VERSION = "0.1.0";

package/dist/version-info.js

@@ -0,0 +1,2 @@
+export const VERSION = '0.1.0';
+//# sourceMappingURL=version-info.js.map

package/dist/version-info.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version-info.js","sourceRoot":"","sources":["../src/version-info.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC"}

package/dist/version.d.ts

@@ -0,0 +1,4 @@
+import type { AdvisoryRecord } from './types.js';
+type Ecosystem = AdvisoryRecord['ecosystem'];
+export declare function satisfiesVulnerableRange(version: string, range: string, ecosystem?: Ecosystem): boolean;
+export {};

package/dist/version.js

@@ -0,0 +1,74 @@
+import semver from 'semver';
+export function satisfiesVulnerableRange(version, range, ecosystem = 'npm') {
+    if (ecosystem === 'pypi')
+        return satisfiesPypiRange(version, range);
+    return semver.satisfies(version, range, { includePrerelease: true, loose: true });
+}
+function satisfiesPypiRange(version, range) {
+    const parsed = parsePypiVersion(version);
+    if (!parsed)
+        return false;
+    return range
+        .split(',')
+        .map((item) => item.trim())
+        .filter(Boolean)
+        .every((specifier) => satisfiesPypiSpecifier(parsed, specifier));
+}
+function satisfiesPypiSpecifier(version, specifier) {
+    const match = specifier.match(/^(<=|>=|==|!=|<|>)\s*([A-Za-z0-9._!*+-]+)$/);
+    if (!match)
+        return false;
+    const operator = match[1] ?? '';
+    const target = parsePypiVersion(match[2] ?? '');
+    if (!target)
+        return false;
+    const comparison = comparePypiVersions(version, target);
+    if (operator === '<')
+        return comparison < 0;
+    if (operator === '<=')
+        return comparison <= 0;
+    if (operator === '>')
+        return comparison > 0;
+    if (operator === '>=')
+        return comparison >= 0;
+    if (operator === '==')
+        return comparison === 0;
+    if (operator === '!=')
+        return comparison !== 0;
+    return false;
+}
+function parsePypiVersion(value) {
+    const normalized = value.trim().toLowerCase().replace(/_/g, '.').replace(/-/g, '.');
+    const match = normalized.match(/^v?(\d+(?:\.\d+)*)(?:(a|b|rc|post|dev)\.?(\d+)?)?$/);
+    if (!match)
+        return undefined;
+    const release = (match[1] ?? '').split('.').map((part) => Number.parseInt(part, 10));
+    const phase = pypiPhase(match[2]);
+    const phaseNumber = match[3] ? Number.parseInt(match[3], 10) : 0;
+    return { release, phase, phaseNumber };
+}
+function pypiPhase(value) {
+    if (value === 'dev')
+        return -4;
+    if (value === 'a')
+        return -3;
+    if (value === 'b')
+        return -2;
+    if (value === 'rc')
+        return -1;
+    if (value === 'post')
+        return 1;
+    return 0;
+}
+function comparePypiVersions(a, b) {
+    const releaseLength = Math.max(a.release.length, b.release.length);
+    for (let i = 0; i < releaseLength; i++) {
+        const diff = (a.release[i] ?? 0) - (b.release[i] ?? 0);
+        if (diff !== 0)
+            return diff;
+    }
+    if (a.phase !== b.phase)
+        return a.phase - b.phase;
+    return a.phaseNumber - b.phaseNumber;
+}
+//# sourceMappingURL=version.js.map

package/dist/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAK5B,MAAM,UAAU,wBAAwB,CAAC,OAAe,EAAE,KAAa,EAAE,YAAuB,KAAK;IACnG,IAAI,SAAS,KAAK,MAAM;QAAE,OAAO,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpE,OAAO,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe,EAAE,KAAa;IACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,OAAO,CAAC;SACf,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAoB,EAAE,SAAiB;IACrE,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAC5E,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACxD,IAAI,QAAQ,KAAK,GAAG;QAAE,OAAO,UAAU,GAAG,CAAC,CAAC;IAC5C,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,UAAU,IAAI,CAAC,CAAC;IAC9C,IAAI,QAAQ,KAAK,GAAG;QAAE,OAAO,UAAU,GAAG,CAAC,CAAC;IAC5C,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,UAAU,IAAI,CAAC,CAAC;IAC9C,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,UAAU,KAAK,CAAC,CAAC;IAC/C,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,UAAU,KAAK,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC;AACf,CAAC;AAQD,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpF,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACrF,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACrF,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,SAAS,CAAC,KAAyB;IAC1C,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,CAAC,CAAC,CAAC;IAC/B,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC,CAAC;IAC7B,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC,CAAC;IAC7B,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC,CAAC;IAC9B,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC;IAC/B,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAc,EAAE,CAAc;IACzD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,IAAI,IAAI,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;IAC9B,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAClD,OAAO,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;AACvC,CAAC"}

package/docs/RELEASE.md

@@ -0,0 +1,41 @@
+# Release Process
+
+`relsec` uses semantic versioning. The CLI binary is exposed as both `relevant` and `relsec`.
+
+## Versioning
+
+- Patch: bug fixes, detector tuning, documentation, non-breaking CLI improvements.
+- Minor: new commands, new modules, new supported input formats, additive output fields.
+- Major: breaking command syntax, removed fields, changed default output formats, incompatible config migrations.
+
+The package version in `package.json` must match `src/version-info.ts`.
+
+## Pre-Release Checklist
+
+Run:
+
+```bash
+npm run release:check
+npm run pack:dry-run
+```
+
+Verify:
+
+- `npm test` passes.
+- `npm run typecheck` passes.
+- `npm run build` passes.
+- `npm pack --dry-run` includes only expected files.
+- `node dist/cli.js --version` prints the intended version.
+- `node dist/cli.js help` renders usable help.
+- `SECURITY.md` and `README.md` accurately describe current limitations.
+
+## npm Publishing
+
+Publishing is intentionally not automated yet. When ready:
+
+```bash
+npm login
+npm publish --access public
+```
+
+Use provenance and signed release artifacts once the project is moved into a public repository with CI release automation.

package/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "relsec",
+  "version": "0.1.0",
+  "description": "Local-first security relevance CLI for CVEs, advisories, IOCs, repos, and enterprise evidence.",
+  "license": "MIT",
+  "author": "MistanKh",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/MistanKh/relsec.git"
+  },
+  "bugs": {
+    "url": "https://github.com/MistanKh/relsec/issues"
+  },
+  "homepage": "https://github.com/MistanKh/relsec#readme",
+  "type": "module",
+  "bin": {
+    "relevant": "dist/cli.js",
+    "relsec": "dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/cli.d.ts",
+      "import": "./dist/cli.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "SECURITY.md",
+    "LICENSE",
+    "docs"
+  ],
+  "scripts": {
+    "test": "vitest run",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsx src/cli.ts",
+    "release:check": "npm run typecheck && npm test && npm run build",
+    "pack:dry-run": "npm pack --dry-run",
+    "prepack": "npm run release:check"
+  },
+  "keywords": [
+    "security",
+    "cve",
+    "ioc",
+    "sbom",
+    "soc",
+    "appsec",
+    "cli"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "devDependencies": {
+    "@types/node": "^22.15.29",
+    "@types/semver": "^7.7.1",
+    "tsx": "^4.19.4",
+    "typescript": "^5.8.3",
+    "vitest": "^3.2.4"
+  },
+  "dependencies": {
+    "semver": "^7.8.1"
+  }
+}