safecrab 0.1.0

package/dist/engine/heuristics.js

@@ -0,0 +1,219 @@
+/**
+ * Risk heuristics - composable security rules
+ * Each rule returns Finding | null
+ */
+/**
+ * Run all heuristics on service exposures
+ * Returns findings sorted by severity (critical > warning > info)
+ */
+export function analyzeExposures(exposures, context) {
+    const findings = [];
+    // Run heuristics in severity order
+    for (const exposure of exposures) {
+        // Critical rules
+        const tunnelBypass = checkTunnelBypass(exposure);
+        if (tunnelBypass)
+            findings.push(tunnelBypass);
+        const aiServiceExposure = checkHighRiskAIService(exposure);
+        if (aiServiceExposure)
+            findings.push(aiServiceExposure);
+        // Warning rules
+        const publicExposure = checkPublicExposure(exposure);
+        if (publicExposure)
+            findings.push(publicExposure);
+        const tailscaleUnused = checkTailscaleUnused(exposure, context);
+        if (tailscaleUnused)
+            findings.push(tailscaleUnused);
+    }
+    // Add informational findings about context
+    const contextFindings = generateContextFindings(context);
+    findings.push(...contextFindings);
+    // Deduplicate findings (same rule + same port = one finding)
+    const deduplicated = deduplicateFindings(findings);
+    // Sort by severity
+    return sortBySeverity(deduplicated);
+}
+/**
+ * Rule 1: Tunnel bypass (CRITICAL)
+ * Service has both cloudflare-tunnel AND public-internet exposure
+ */
+function checkTunnelBypass(exposure) {
+    const { service, paths } = exposure;
+    if (paths.includes("cloudflare-tunnel") && paths.includes("public-internet")) {
+        return {
+            severity: "critical",
+            title: "Tunnel bypass detected",
+            description: `Port ${service.port} (${service.process}) is accessible via both Cloudflare Tunnel and directly from the public internet. The tunnel does not protect this service.`,
+            recommendation: "Bind the service to localhost (127.0.0.1) or restrict access via firewall to ensure traffic only flows through the tunnel.",
+            service,
+        };
+    }
+    return null;
+}
+/**
+ * Rule 2: High-risk AI service exposure (CRITICAL)
+ * AI/ML service exposed to public internet
+ */
+function checkHighRiskAIService(exposure) {
+    const { service, paths } = exposure;
+    if (!paths.includes("public-internet")) {
+        return null;
+    }
+    const highRiskProcesses = ["ollama", "llama", "python", "node", "uvicorn", "fastapi"];
+    const isHighRisk = highRiskProcesses.some((risk) => service.process.toLowerCase().includes(risk));
+    if (isHighRisk) {
+        return {
+            severity: "critical",
+            title: "High-risk service publicly exposed",
+            description: `Port ${service.port} (${service.process}) is reachable from the public internet. This process may be running AI models, APIs, or development servers that should not be publicly accessible.`,
+            recommendation: "Bind to localhost, use a VPN (like Tailscale), or configure firewall rules to restrict access.",
+            service,
+        };
+    }
+    return null;
+}
+/**
+ * Rule 3: Public exposure (WARNING)
+ * Service exposed to public internet (but not high-risk)
+ */
+function checkPublicExposure(exposure) {
+    const { service, paths } = exposure;
+    if (!paths.includes("public-internet")) {
+        return null;
+    }
+    // Skip if already flagged as critical
+    const highRiskProcesses = ["ollama", "llama", "python", "node", "uvicorn", "fastapi"];
+    const isHighRisk = highRiskProcesses.some((risk) => service.process.toLowerCase().includes(risk));
+    if (isHighRisk) {
+        return null; // Already handled by checkHighRiskAIService
+    }
+    return {
+        severity: "warning",
+        title: "Service exposed to public internet",
+        description: `Port ${service.port} (${service.process}) is accessible from the public internet.`,
+        recommendation: "Verify this service should be publicly accessible. If not, bind to localhost or use firewall rules.",
+        service,
+    };
+}
+/**
+ * Rule 4: Tailscale unused (WARNING)
+ * Tailscale is connected but service uses public internet instead
+ */
+function checkTailscaleUnused(exposure, context) {
+    const { service, paths } = exposure;
+    if (!context.tailscale.connected) {
+        return null;
+    }
+    if (!paths.includes("public-internet")) {
+        return null;
+    }
+    if (paths.includes("tailscale")) {
+        return null; // Already using Tailscale
+    }
+    return {
+        severity: "warning",
+        title: "Tailscale available but not used",
+        description: `Port ${service.port} (${service.process}) is publicly accessible, but Tailscale is connected. Consider using Tailscale for secure access instead.`,
+        recommendation: `Bind the service to the Tailscale interface or use Tailscale's subnet routing.`,
+        service,
+    };
+}
+/**
+ * Deduplicate findings by (severity, title, port)
+ * Prevents duplicate warnings for the same port (e.g. IPv4 + IPv6)
+ */
+function deduplicateFindings(findings) {
+    const seen = new Set();
+    const deduplicated = [];
+    for (const finding of findings) {
+        const key = `${finding.severity}:${finding.title}:${finding.service?.port ?? 0}`;
+        if (!seen.has(key)) {
+            seen.add(key);
+            deduplicated.push(finding);
+        }
+    }
+    return deduplicated;
+}
+/**
+ * Generate informational findings about network context
+ */
+function generateContextFindings(context) {
+    const findings = [];
+    // Firewall status
+    if (!context.firewall.statusKnown) {
+        // Could not determine firewall status (likely needs sudo)
+        findings.push({
+            severity: "warning",
+            title: "Firewall status could not be determined",
+            description: "Unable to read UFW status. This usually happens when running without root.",
+            recommendation: "Run with sudo to see accurate UFW firewall status.",
+            icon: "warning",
+        });
+    }
+    else if (context.firewall.enabled) {
+        // Firewall is active
+        findings.push({
+            severity: "info",
+            title: "Firewall is enabled",
+            description: `UFW firewall is active with default inbound policy: ${context.firewall.defaultInbound}.`,
+        });
+    }
+    else {
+        // Firewall is not active (negative finding)
+        findings.push({
+            severity: "warning",
+            title: "No firewall detected",
+            description: "UFW firewall is not active. All ports may be accessible from the internet.",
+            recommendation: "Consider enabling UFW to control inbound traffic: sudo ufw enable",
+            icon: "warning",
+        });
+    }
+    // Tailscale status
+    if (context.tailscale.connected) {
+        findings.push({
+            severity: "info",
+            title: "Tailscale is connected",
+            description: "Tailscale VPN is active and available for secure access.",
+        });
+    }
+    else if (context.tailscale.installed) {
+        // Tailscale is installed but not connected
+        findings.push({
+            severity: "warning",
+            title: "Tailscale is not connected",
+            description: "Tailscale VPN is not active. Secure private access to this machine is unavailable.",
+            recommendation: "Start Tailscale for secure access: tailscale up",
+            icon: "warning",
+        });
+    }
+    else {
+        // Tailscale is not installed
+        findings.push({
+            severity: "info",
+            title: "Tailscale not installed",
+            description: "Tailscale VPN is not installed. Consider installing it for secure private access to this machine.",
+            recommendation: "Install from https://tailscale.com or your package manager.",
+        });
+    }
+    // Cloudflare tunnel
+    if (context.cloudflare.tunnelDetected) {
+        findings.push({
+            severity: "info",
+            title: "Cloudflare Tunnel detected",
+            description: "A Cloudflare Tunnel is present. Ensure services are only accessible through the tunnel.",
+        });
+    }
+    return findings;
+}
+/**
+ * Sort findings by severity: critical > warning > info
+ */
+function sortBySeverity(findings) {
+    const severityOrder = {
+        critical: 0,
+        warning: 1,
+        info: 2,
+    };
+    return findings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+}
+//# sourceMappingURL=heuristics.js.map

package/dist/engine/heuristics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"heuristics.js","sourceRoot":"","sources":["../../src/engine/heuristics.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAA4B,EAAE,OAAuB;IACpF,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,mCAAmC;IACnC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,iBAAiB;QACjB,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACjD,IAAI,YAAY;YAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE9C,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,iBAAiB;YAAE,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAExD,gBAAgB;QAChB,MAAM,cAAc,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,cAAc;YAAE,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,oBAAoB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChE,IAAI,eAAe;YAAE,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACtD,CAAC;IAED,2CAA2C;IAC3C,MAAM,eAAe,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACzD,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;IAElC,6DAA6D;IAC7D,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAEnD,mBAAmB;IACnB,OAAO,cAAc,CAAC,YAAY,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,QAAyB;IAClD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,QAAQ,CAAC;IAEpC,IAAI,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC7E,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,wBAAwB;YAC/B,WAAW,EAAE,QAAQ,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,6HAA6H;YAClL,cAAc,EACZ,4HAA4H;YAC9H,OAAO;SACR,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAyB;IACvD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,QAAQ,CAAC;IAEpC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAEtF,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAElG,IAAI,UAAU,EAAE,CAAC;QACf,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,QAAQ,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,sJAAsJ;YAC3M,cAAc,EACZ,gGAAgG;YAClG,OAAO;SACR,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAAyB;IACpD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,QAAQ,CAAC;IAEpC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sCAAsC;IACtC,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACtF,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAElG,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,CAAC,4CAA4C;IAC3D,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,QAAQ,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,2CAA2C;QAChG,cAAc,EACZ,qGAAqG;QACvG,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,QAAyB,EAAE,OAAuB;IAC9E,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,QAAQ,CAAC;IAEpC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC,CAAC,0BAA0B;IACzC,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,QAAQ,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,2GAA2G;QAChK,cAAc,EAAE,gFAAgF;QAChG,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAAmB;IAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,YAAY,GAAc,EAAE,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC;QACjF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,OAAuB;IACtD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,kBAAkB;IAClB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAClC,0DAA0D;QAC1D,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,4EAA4E;YACzF,cAAc,EAAE,oDAAoD;YACpE,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACpC,qBAAqB;QACrB,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,uDAAuD,OAAO,CAAC,QAAQ,CAAC,cAAc,GAAG;SACvG,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4CAA4C;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,sBAAsB;YAC7B,WAAW,EAAE,4EAA4E;YACzF,cAAc,EAAE,mEAAmE;YACnF,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB;IACnB,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wBAAwB;YAC/B,WAAW,EAAE,0DAA0D;SACxE,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACvC,2CAA2C;QAC3C,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,4BAA4B;YACnC,WAAW,EACT,oFAAoF;YACtF,cAAc,EAAE,iDAAiD;YACjE,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,6BAA6B;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,yBAAyB;YAChC,WAAW,EACT,mGAAmG;YACrG,cAAc,EAAE,6DAA6D;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,4BAA4B;YACnC,WAAW,EACT,yFAAyF;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAmB;IACzC,MAAM,aAAa,GAAoC;QACrD,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;QACV,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AACxF,CAAC"}

package/dist/engine/types.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Core data models for Safecrab security scanner
+ */
+export interface ListeningService {
+    port: number;
+    protocol: "tcp" | "udp";
+    process: string;
+    pid: number;
+    interfaces: string[];
+    boundIp: string;
+}
+export interface NetworkContext {
+    firewall: {
+        enabled: boolean;
+        defaultInbound: "allow" | "deny" | "unknown";
+        statusKnown: boolean;
+    };
+    tailscale: {
+        installed: boolean;
+        connected: boolean;
+        interface?: string;
+    };
+    cloudflare: {
+        tunnelDetected: boolean;
+    };
+    interfaces: {
+        name: string;
+        ips: string[];
+        isPublic: boolean;
+    }[];
+}
+export type ExposurePath = "public-internet" | "tailscale" | "cloudflare-tunnel" | "localhost-only";
+export interface ServiceExposure {
+    service: ListeningService;
+    paths: ExposurePath[];
+}
+export type FindingSeverity = "info" | "warning" | "critical";
+export interface Finding {
+    severity: FindingSeverity;
+    title: string;
+    description: string;
+    recommendation?: string;
+    service?: ListeningService;
+    icon?: "tick" | "warning";
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/engine/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/engine/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,KAAK,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;QAC7C,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,SAAS,EAAE;QACT,SAAS,EAAE,OAAO,CAAC;QACnB,SAAS,EAAE,OAAO,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,UAAU,EAAE;QACV,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,UAAU,EAAE;QACV,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,EAAE,CAAC;QACd,QAAQ,EAAE,OAAO,CAAC;KACnB,EAAE,CAAC;CACL;AAED,MAAM,MAAM,YAAY,GAAG,iBAAiB,GAAG,WAAW,GAAG,mBAAmB,GAAG,gBAAgB,CAAC;AAEpG,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,KAAK,EAAE,YAAY,EAAE,CAAC;CACvB;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAE9D,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B"}

package/dist/engine/types.js

@@ -0,0 +1,5 @@
+/**
+ * Core data models for Safecrab security scanner
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/engine/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/engine/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Safecrab - Security scanner for Linux VPS environments
+ * Package entry point for programmatic usage
+ */
+export type { ListeningService, NetworkContext, ExposurePath, ServiceExposure, Finding, FindingSeverity, } from "./engine/types.js";
+export { collectListeningServices } from "./system/collectors/services.js";
+export { buildNetworkContext } from "./engine/context.js";
+export { resolveAllExposures } from "./engine/exposure.js";
+export { analyzeExposures } from "./engine/heuristics.js";
+export { renderReport, getExitCode } from "./ui/renderer.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,YAAY,EACZ,eAAe,EACf,OAAO,EACP,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+/**
+ * Safecrab - Security scanner for Linux VPS environments
+ * Package entry point for programmatic usage
+ */
+export { collectListeningServices } from "./system/collectors/services.js";
+export { buildNetworkContext } from "./engine/context.js";
+export { resolveAllExposures } from "./engine/exposure.js";
+export { analyzeExposures } from "./engine/heuristics.js";
+export { renderReport, getExitCode } from "./ui/renderer.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/system/collectors/cloudflare.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Collector for Cloudflare Tunnel detection
+ */
+export interface CloudflareStatus {
+    tunnelDetected: boolean;
+}
+export declare function collectCloudflareStatus(): Promise<CloudflareStatus>;
+//# sourceMappingURL=cloudflare.d.ts.map

package/dist/system/collectors/cloudflare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare.d.ts","sourceRoot":"","sources":["../../../src/system/collectors/cloudflare.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CA2BzE"}

package/dist/system/collectors/cloudflare.js

@@ -0,0 +1,32 @@
+/**
+ * Collector for Cloudflare Tunnel detection
+ */
+import { constants, access } from "node:fs/promises";
+import { execCommand } from "../shell.js";
+export async function collectCloudflareStatus() {
+    try {
+        // Method 1: Check for cloudflared process
+        const psResult = await execCommand("ps", ["aux"], { ignoreErrors: true });
+        const hasProcess = psResult.success && psResult.stdout.includes("cloudflared");
+        // Method 2: Check for cloudflared config directory
+        let hasConfig = false;
+        try {
+            await access("/etc/cloudflared", constants.F_OK);
+            hasConfig = true;
+        }
+        catch {
+            hasConfig = false;
+        }
+        // Tunnel is detected if either condition is true
+        const tunnelDetected = hasProcess || hasConfig;
+        return {
+            tunnelDetected,
+        };
+    }
+    catch (error) {
+        return {
+            tunnelDetected: false,
+        };
+    }
+}
+//# sourceMappingURL=cloudflare.js.map

package/dist/system/collectors/cloudflare.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare.js","sourceRoot":"","sources":["../../../src/system/collectors/cloudflare.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM1C,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,CAAC;QACH,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1E,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAE/E,mDAAmD;QACnD,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,kBAAkB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YACjD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;QAED,iDAAiD;QACjD,MAAM,cAAc,GAAG,UAAU,IAAI,SAAS,CAAC;QAE/C,OAAO;YACL,cAAc;SACf,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,cAAc,EAAE,KAAK;SACtB,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/system/collectors/firewall.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Collector for firewall status (UFW)
+ */
+export interface FirewallStatus {
+    enabled: boolean;
+    defaultInbound: "allow" | "deny" | "unknown";
+    statusKnown: boolean;
+}
+export declare function collectFirewallStatus(): Promise<FirewallStatus>;
+//# sourceMappingURL=firewall.d.ts.map

package/dist/system/collectors/firewall.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"firewall.d.ts","sourceRoot":"","sources":["../../../src/system/collectors/firewall.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IAC7C,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,cAAc,CAAC,CAgErE"}

package/dist/system/collectors/firewall.js

@@ -0,0 +1,69 @@
+/**
+ * Collector for firewall status (UFW)
+ */
+import { commandExists, execCommand } from "../shell.js";
+export async function collectFirewallStatus() {
+    try {
+        // Check if UFW is installed
+        const ufwExists = await commandExists("ufw");
+        if (!ufwExists) {
+            // No firewall detected - assume allow all
+            return {
+                enabled: false,
+                defaultInbound: "allow",
+                statusKnown: true,
+            };
+        }
+        // Get UFW status
+        const result = await execCommand("ufw", ["status", "verbose"], {
+            ignoreErrors: true,
+        });
+        if (!result.success) {
+            // UFW command failed (likely permission denied without sudo)
+            return {
+                enabled: false,
+                defaultInbound: "unknown",
+                statusKnown: false,
+            };
+        }
+        const output = result.stdout.toLowerCase();
+        // Check if active
+        const isActive = output.includes("status: active") || output.includes("status:active");
+        // Parse default policy
+        let defaultInbound = "unknown";
+        if (output.includes("default: deny (incoming)")) {
+            defaultInbound = "deny";
+        }
+        else if (output.includes("default: allow (incoming)")) {
+            defaultInbound = "allow";
+        }
+        else if (output.includes("default:deny(incoming)")) {
+            defaultInbound = "deny";
+        }
+        else if (output.includes("default:allow(incoming)")) {
+            defaultInbound = "allow";
+        }
+        else if (isActive) {
+            // UFW is active but can't parse policy - conservative assumption
+            defaultInbound = "deny";
+        }
+        else {
+            // UFW inactive - traffic flows freely
+            defaultInbound = "allow";
+        }
+        return {
+            enabled: isActive,
+            defaultInbound,
+            statusKnown: true,
+        };
+    }
+    catch (error) {
+        // Best-effort: could not determine status
+        return {
+            enabled: false,
+            defaultInbound: "allow",
+            statusKnown: false,
+        };
+    }
+}
+//# sourceMappingURL=firewall.js.map

package/dist/system/collectors/firewall.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"firewall.js","sourceRoot":"","sources":["../../../src/system/collectors/firewall.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAQzD,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC;QACH,4BAA4B;QAC5B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,0CAA0C;YAC1C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,cAAc,EAAE,OAAO;gBACvB,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE;YAC7D,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,6DAA6D;YAC7D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,cAAc,EAAE,SAAS;gBACzB,WAAW,EAAE,KAAK;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAE3C,kBAAkB;QAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAEvF,uBAAuB;QACvB,IAAI,cAAc,GAAiC,SAAS,CAAC;QAE7D,IAAI,MAAM,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;YAChD,cAAc,GAAG,MAAM,CAAC;QAC1B,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;YACxD,cAAc,GAAG,OAAO,CAAC;QAC3B,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;YACrD,cAAc,GAAG,MAAM,CAAC;QAC1B,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;YACtD,cAAc,GAAG,OAAO,CAAC;QAC3B,CAAC;aAAM,IAAI,QAAQ,EAAE,CAAC;YACpB,iEAAiE;YACjE,cAAc,GAAG,MAAM,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,sCAAsC;YACtC,cAAc,GAAG,OAAO,CAAC;QAC3B,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,cAAc;YACd,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0CAA0C;QAC1C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,cAAc,EAAE,OAAO;YACvB,WAAW,EAAE,KAAK;SACnB,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/system/collectors/network.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Collector for network interface information
+ */
+export interface NetworkInterface {
+    name: string;
+    ips: string[];
+    isPublic: boolean;
+}
+export declare function collectNetworkInterfaces(): Promise<NetworkInterface[]>;
+//# sourceMappingURL=network.d.ts.map

package/dist/system/collectors/network.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/system/collectors/network.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAY5E"}

package/dist/system/collectors/network.js

@@ -0,0 +1,18 @@
+/**
+ * Collector for network interface information
+ */
+import { getInterfaces } from "../parsers/ip-parser.js";
+import { execCommand } from "../shell.js";
+export async function collectNetworkInterfaces() {
+    try {
+        const result = await execCommand("ip", ["addr"], { ignoreErrors: true });
+        if (!result.success) {
+            return [];
+        }
+        return getInterfaces(result.stdout);
+    }
+    catch (error) {
+        return [];
+    }
+}
+//# sourceMappingURL=network.js.map

package/dist/system/collectors/network.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.js","sourceRoot":"","sources":["../../../src/system/collectors/network.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAQ1C,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/system/collectors/services.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Collector for listening services via ss -tulnp
+ */
+import type { ListeningService } from "../../engine/types.js";
+export declare function collectListeningServices(): Promise<ListeningService[]>;
+//# sourceMappingURL=services.d.ts.map

package/dist/system/collectors/services.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../../src/system/collectors/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAK9D,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC,CA0B5E"}

package/dist/system/collectors/services.js

@@ -0,0 +1,31 @@
+/**
+ * Collector for listening services via ss -tulnp
+ */
+import { parseIPAddr } from "../parsers/ip-parser.js";
+import { parseSSOutput } from "../parsers/ss-parser.js";
+import { execCommand } from "../shell.js";
+export async function collectListeningServices() {
+    try {
+        // First, get IP to interface mapping
+        const ipAddrResult = await execCommand("ip", ["addr"], {
+            ignoreErrors: true,
+        });
+        const interfaceMap = ipAddrResult.success
+            ? parseIPAddr(ipAddrResult.stdout)
+            : new Map();
+        // Get listening services
+        const ssResult = await execCommand("ss", ["-tulnp"], {
+            ignoreErrors: true,
+        });
+        if (!ssResult.success) {
+            return [];
+        }
+        const services = parseSSOutput(ssResult.stdout, interfaceMap);
+        return services;
+    }
+    catch (error) {
+        // Best-effort: return empty array on failure
+        return [];
+    }
+}
+//# sourceMappingURL=services.js.map

package/dist/system/collectors/services.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"services.js","sourceRoot":"","sources":["../../../src/system/collectors/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,IAAI,CAAC;QACH,qCAAqC;QACrC,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;YACrD,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO;YACvC,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC;YAClC,CAAC,CAAC,IAAI,GAAG,EAAoB,CAAC;QAEhC,yBAAyB;QACzB,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;YACnD,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAC9D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,6CAA6C;QAC7C,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/system/collectors/tailscale.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Collector for Tailscale detection
+ */
+export interface TailscaleStatus {
+    installed: boolean;
+    connected: boolean;
+    interface?: string;
+}
+export declare function collectTailscaleStatus(): Promise<TailscaleStatus>;
+//# sourceMappingURL=tailscale.d.ts.map

package/dist/system/collectors/tailscale.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tailscale.d.ts","sourceRoot":"","sources":["../../../src/system/collectors/tailscale.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,eAAe,CAAC,CAsCvE"}

package/dist/system/collectors/tailscale.js

@@ -0,0 +1,39 @@
+/**
+ * Collector for Tailscale detection
+ */
+import { commandExists, execCommand } from "../shell.js";
+export async function collectTailscaleStatus() {
+    try {
+        // Check if tailscale command exists
+        const installed = await commandExists("tailscale");
+        if (!installed) {
+            return {
+                installed: false,
+                connected: false,
+            };
+        }
+        // Check connection status
+        const statusResult = await execCommand("tailscale", ["status"], {
+            ignoreErrors: true,
+        });
+        // Connected if command succeeds and has output
+        const connected = statusResult.success && statusResult.stdout.length > 0;
+        // Check for tailscale0 interface
+        const ipResult = await execCommand("ip", ["addr", "show", "tailscale0"], {
+            ignoreErrors: true,
+        });
+        const hasInterface = ipResult.success;
+        return {
+            installed: true,
+            connected,
+            interface: hasInterface ? "tailscale0" : undefined,
+        };
+    }
+    catch (error) {
+        return {
+            installed: false,
+            connected: false,
+        };
+    }
+}
+//# sourceMappingURL=tailscale.js.map

package/dist/system/collectors/tailscale.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tailscale.js","sourceRoot":"","sources":["../../../src/system/collectors/tailscale.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAQzD,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC;QACH,oCAAoC;QACpC,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,CAAC;QAEnD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE;YAC9D,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,+CAA+C;QAC/C,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;QAEzE,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE;YACvE,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC;QAEtC,OAAO;YACL,SAAS,EAAE,IAAI;YACf,SAAS;YACT,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;SACnD,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/system/parsers/ip-parser.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Parser for ip addr output
+ * Maps IP addresses to network interface names
+ */
+/**
+ * Parse ip addr output to create a mapping of IP addresses to interface names
+ *
+ * Example output:
+ * 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
+ *     inet 127.0.0.1/8 scope host lo
+ * 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
+ *     inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
+ * 3: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN
+ *     inet 100.64.0.1/32 scope global tailscale0
+ */
+export declare function parseIPAddr(output: string): Map<string, string[]>;
+/**
+ * Get list of all network interfaces from ip addr output
+ */
+export declare function getInterfaces(output: string): Array<{
+    name: string;
+    ips: string[];
+    isPublic: boolean;
+}>;
+//# sourceMappingURL=ip-parser.d.ts.map

package/dist/system/parsers/ip-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ip-parser.d.ts","sourceRoot":"","sources":["../../../src/system/parsers/ip-parser.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAyCjE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAC;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;CACnB,CAAC,CAuBD"}