scriptguard 1.0.0

package/dist/ai/analyzers/threat-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-detector.js","sourceRoot":"","sources":["../../../src/ai/analyzers/threat-detector.ts"],"names":[],"mappings":";AAAA,sDAAsD;;AAOtD,sDAwBC;AA3BD;;GAEG;AACH,SAAgB,qBAAqB,CACnC,QAAyB,EACzB,UAAuB;IAEvB,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,4BAA4B;IAC5B,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,CAAC;IAEpC,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,CAAC;IAEpC,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACnD,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAE9B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAyB;IAClD,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;IAEnC,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,2CAA2C;QAE3C,+CAA+C;QAC/C,MAAM,aAAa,GAAG;YACpB,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM;YAClD,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM;YAClD,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM;YAC1C,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM;YAC1C,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM;YAClD,CAAC,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM;SAClF,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;QAEzC,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,WAAW,UAAU,8BAA8B,aAAa,2GAA2G;gBACxL,eAAe,EAAE,0BAA0B;gBAC3C,WAAW,EAAE,mIAAmI;gBAChJ,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,GAAG,aAAa,GAAG,GAAG,CAAC;aACtD,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,MAAM,qBAAqB,GAAG;YAC5B,4EAA4E;YAC5E,4DAA4D;SAC7D,CAAC;QAEF,IAAI,kBAAkB,GAAG,CAAC,CAAC;QAC3B,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,OAAO;gBAAE,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC;QACpD,CAAC;QAED,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,WAAW,UAAU,0CAA0C,kBAAkB,0EAA0E;gBACxK,eAAe,EAAE,qBAAqB;gBACtC,WAAW,EAAE,kIAAkI;gBAC/I,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,GAAG,kBAAkB,GAAG,IAAI,CAAC;aAC5D,CAAC,CAAC;QACL,CAAC;QAED,6CAA6C;QAC7C,MAAM,oBAAoB,GAAG;YAC3B,yCAAyC,EAAG,qBAAqB;YACjE,sBAAsB;YACtB,0BAA0B,EAAG,sBAAsB;YACnD,yBAAyB,EAAI,qBAAqB;YAClD,0BAA0B,EAAG,kBAAkB;SAChD,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;YAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE,MAAM;oBAChB,WAAW,EAAE,WAAW,UAAU,+GAA+G;oBACjJ,eAAe,EAAE,wBAAwB;oBACzC,WAAW,EAAE,+HAA+H;oBAC5I,UAAU,EAAE,GAAG;iBAChB,CAAC,CAAC;gBACH,MAAM,CAAC,2BAA2B;YACpC,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,MAAM,kBAAkB,GAAG;YACzB,mBAAmB,EAAS,yBAAyB;YACrD,iBAAiB,EAAW,0BAA0B;YACtD,iBAAiB,EAAW,WAAW;YACvC,KAAK,EAAwB,WAAW;SACzC,CAAC;QAEF,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE,UAAU;oBACpB,WAAW,EAAE,WAAW,UAAU,sHAAsH;oBACxJ,eAAe,EAAE,yBAAyB;oBAC1C,WAAW,EAAE,iGAAiG;oBAC9G,UAAU,EAAE,GAAG;iBAChB,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,QAAyB;IACxD,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;IAEnC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,yCAAyC;IAEzC,yDAAyD;IACzD,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,mBAAmB,GAAG,gDAAgD,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACtG,MAAM,mBAAmB,GAAG,0CAA0C,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAEjG,IAAI,mBAAmB,IAAI,mBAAmB,EAAE,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,oIAAoI;gBACjJ,eAAe,EAAE,8BAA8B;gBAC/C,WAAW,EAAE,0HAA0H;gBACvI,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,oBAAoB,GAAG,CAAC,CAAC;IAC7B,MAAM,iBAAiB,GAAG;QACxB,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM;KAC7E,CAAC;IAEF,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,oBAAoB,EAAE,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,GAAG,oBAAoB,mHAAmH;YACvJ,eAAe,EAAE,uBAAuB;YACxC,WAAW,EAAE,oIAAoI;YACjJ,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,IAAI,mBAAmB,GAAG,CAAC,CAAC;IAC5B,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,MAAM,cAAc,GAAG,8EAA8E,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpH,IAAI,cAAc,EAAE,CAAC;YACnB,mBAAmB,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED,IAAI,mBAAmB,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,GAAG,mBAAmB,6GAA6G;YAChJ,eAAe,EAAE,+BAA+B;YAChD,WAAW,EAAE,iIAAiI;YAC9I,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAyB;IACpD,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;IAE7C,6DAA6D;IAC7D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC7D,OAAO,CAAC,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CACzE,CAAC;QAEF,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,4JAA4J;gBACzK,eAAe,EAAE,wBAAwB;gBACzC,WAAW,EAAE,iIAAiI;gBAC9I,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,MAAM,gBAAgB,GAAG;QACvB,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW;QACrD,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW;KAClD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,iBAAiB,IAAI,0HAA0H;gBAC5J,eAAe,EAAE,+BAA+B;gBAChD,WAAW,EAAE,4HAA4H;gBACzI,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YACH,MAAM;QACR,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,sFAAsF;IACtF,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,KAAK;YACf,WAAW,EAAE,eAAe,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,uIAAuI;YAC9L,eAAe,EAAE,4BAA4B;YAC7C,WAAW,EAAE,qHAAqH;YAClI,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,MAAM,aAAa,GAAG;QACpB,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;QACtD,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ;QAC7C,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;KAC7C,CAAC;IAEF,OAAO,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AACpE,CAAC"}

package/dist/ai/gemini-client.d.ts

@@ -0,0 +1,47 @@
+/** ScriptGuard — Gemini AI client wrapper */
+import type { AIBatchRequest, AIBatchResponse } from '../types/index.js';
+export declare class GeminiClient {
+    private client;
+    private model;
+    private totalTokensUsed;
+    constructor(apiKey?: string);
+    /**
+     * Sanitize script content before sending to API
+     * Redacts API keys, tokens, and other sensitive data
+     */
+    private sanitizeScripts;
+    /**
+     * Generate cache key from request data
+     */
+    private getCacheKey;
+    /**
+     * Check cache for existing response
+     */
+    private getCachedResponse;
+    /**
+     * Cache a response
+     */
+    private setCachedResponse;
+    /**
+     * Get total tokens used across all requests
+     */
+    getTotalTokensUsed(): number;
+    /**
+     * Analyze a batch of packages using Gemini AI
+     */
+    analyzeBatch(request: AIBatchRequest): Promise<AIBatchResponse>;
+    /**
+     * Clear the response cache
+     */
+    clearCache(): void;
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): {
+        size: number;
+        keys: string[];
+    };
+}
+export declare function getGeminiClient(apiKey?: string): GeminiClient;
+export declare function resetGeminiClient(): void;
+//# sourceMappingURL=gemini-client.d.ts.map

package/dist/ai/gemini-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gemini-client.d.ts","sourceRoot":"","sources":["../../src/ai/gemini-client.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAG7C,OAAO,KAAK,EAAU,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAqCjF,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,KAAK,CAAkB;IAC/B,OAAO,CAAC,eAAe,CAAK;gBAEhB,MAAM,CAAC,EAAE,MAAM;IAa3B;;;OAGG;IACH,OAAO,CAAC,eAAe;IA+BvB;;OAEG;IACH,OAAO,CAAC,WAAW;IAQnB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAazB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;OAEG;IACI,kBAAkB,IAAI,MAAM;IAInC;;OAEG;IACU,YAAY,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC;IA8E5E;;OAEG;IACI,UAAU,IAAI,IAAI;IAIzB;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE;CAMzD;AAOD,wBAAgB,eAAe,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,YAAY,CAK7D;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAExC"}

package/dist/ai/gemini-client.js

@@ -0,0 +1,222 @@
+"use strict";
+/** ScriptGuard — Gemini AI client wrapper */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GeminiClient = void 0;
+exports.getGeminiClient = getGeminiClient;
+exports.resetGeminiClient = resetGeminiClient;
+const generative_ai_1 = require("@google/generative-ai");
+// Dynamic import for p-throttle to avoid ESM/CJS issues
+let pThrottle;
+async function getThrottle() {
+    if (!pThrottle) {
+        const module = await import('p-throttle');
+        pThrottle = module.default || module;
+    }
+    return pThrottle;
+}
+// Rate limiting: 5 requests per second to stay within free tier limits
+let throttle;
+async function getThrottledGenerateContent() {
+    if (!throttle) {
+        const pThrottleModule = await getThrottle();
+        throttle = pThrottleModule({
+            limit: 5,
+            interval: 1000,
+        });
+    }
+    return throttle(async (model, prompt) => {
+        return await model.generateContent(prompt);
+    });
+}
+// In-memory cache with 24-hour TTL
+const cache = new Map();
+const CACHE_TTL = 24 * 60 * 60 * 1000; // 24 hours
+class GeminiClient {
+    client;
+    model;
+    totalTokensUsed = 0;
+    constructor(apiKey) {
+        const key = apiKey || process.env.GOOGLE_AI_API_KEY;
+        if (!key) {
+            throw new Error('GOOGLE_AI_API_KEY environment variable not set. ' +
+                'Get your key at: https://makersuite.google.com/app/apikey');
+        }
+        this.client = new generative_ai_1.GoogleGenerativeAI(key);
+        this.model = this.client.getGenerativeModel({ model: 'gemini-3-flash-preview' });
+    }
+    /**
+     * Sanitize script content before sending to API
+     * Redacts API keys, tokens, and other sensitive data
+     */
+    sanitizeScripts(scripts) {
+        const sanitized = {};
+        for (const [name, content] of Object.entries(scripts)) {
+            let cleaned = content;
+            // Redact common secret patterns
+            const secretPatterns = [
+                /(?:api[_-]?key|apikey|secret[_-]?key|access[_-]?token|refresh[_-]?token)\s*[:=]\s*['"]?[a-zA-Z0-9_\-]{20,}['"]?/gi,
+                /bearer\s+[a-zA-Z0-9_\-]{20,}/gi,
+                /sk-[a-zA-Z0-9]{48}/g, // OpenAI API keys
+                /ghp_[a-zA-Z0-9]{36}/g, // GitHub tokens
+                /gho_[a-zA-Z0-9]{36}/g, // GitHub OAuth tokens
+                /ghu_[a-zA-Z0-9]{36}/g, // GitHub user tokens
+                /ghs_[a-zA-Z0-9]{36}/g, // GitHub server tokens
+                /ghr_[a-zA-Z0-9]{36}/g, // GitHub refresh tokens
+                /xoxb-[0-9]{13}-[0-9]{13}-[a-zA-Z0-9]{24}/g, // Slack bot tokens
+                /xoxp-[0-9]{13}-[0-9]{13}-[0-9]{12}-[a-zA-Z0-9]{24}/g, // Slack user tokens
+                /AKIA[0-9A-Z]{16}/g, // AWS access keys
+            ];
+            for (const pattern of secretPatterns) {
+                cleaned = cleaned.replace(pattern, '[REDACTED_SECRET]');
+            }
+            sanitized[name] = cleaned;
+        }
+        return sanitized;
+    }
+    /**
+     * Generate cache key from request data
+     */
+    getCacheKey(request) {
+        const packagesHash = request.packages
+            .map(p => `${p.name}@${p.version}:${Object.keys(p.scripts).join(',')}`)
+            .sort()
+            .join('|');
+        return `${request.mode}:${packagesHash}`;
+    }
+    /**
+     * Check cache for existing response
+     */
+    getCachedResponse(cacheKey) {
+        const cached = cache.get(cacheKey);
+        if (!cached)
+            return null;
+        const now = Date.now();
+        if (now - cached.timestamp > CACHE_TTL) {
+            cache.delete(cacheKey);
+            return null;
+        }
+        return cached.response;
+    }
+    /**
+     * Cache a response
+     */
+    setCachedResponse(cacheKey, response) {
+        cache.set(cacheKey, {
+            response,
+            timestamp: Date.now(),
+        });
+    }
+    /**
+     * Get total tokens used across all requests
+     */
+    getTotalTokensUsed() {
+        return this.totalTokensUsed;
+    }
+    /**
+     * Analyze a batch of packages using Gemini AI
+     */
+    async analyzeBatch(request) {
+        // Check cache first
+        const cacheKey = this.getCacheKey(request);
+        const cached = this.getCachedResponse(cacheKey);
+        if (cached) {
+            return cached;
+        }
+        // Import prompts dynamically
+        const { buildPrompt } = await import('./prompts.js');
+        // Sanitize all scripts before sending to API
+        const sanitizedRequest = {
+            ...request,
+            packages: request.packages.map(pkg => ({
+                ...pkg,
+                scripts: this.sanitizeScripts(pkg.scripts),
+            })),
+        };
+        // Build prompt based on mode
+        const prompt = buildPrompt(sanitizedRequest, request.mode);
+        try {
+            // Call Gemini API with rate limiting
+            const throttledGenerate = await getThrottledGenerateContent();
+            const result = await throttledGenerate(this.model, prompt);
+            const response = result.response;
+            const text = response.text();
+            // Track token usage
+            const usage = response.usageMetadata;
+            if (usage) {
+                this.totalTokensUsed += usage.totalTokenCount || 0;
+            }
+            // Parse JSON response
+            let jsonResponse;
+            try {
+                // Extract JSON from markdown code blocks if present
+                const jsonMatch = text.match(/```json\n?([\s\S]*?)\n?```/) || text.match(/\{[\s\S]*\}/);
+                const jsonText = jsonMatch ? jsonMatch[1] || jsonMatch[0] : text;
+                jsonResponse = JSON.parse(jsonText);
+            }
+            catch (parseError) {
+                // Fallback: return empty analysis if parsing fails
+                console.warn('Failed to parse AI response, returning empty analysis');
+                jsonResponse = {
+                    analyses: sanitizedRequest.packages.map(pkg => ({
+                        package: pkg.name,
+                        version: pkg.version,
+                        falsePositivesFiltered: 0,
+                        newThreatsDetected: 0,
+                        insights: [],
+                        confidence: 0,
+                        tokensUsed: 0,
+                    })),
+                    totalTokensUsed: usage?.totalTokenCount || 0,
+                };
+            }
+            // Cache the response
+            this.setCachedResponse(cacheKey, jsonResponse);
+            return jsonResponse;
+        }
+        catch (error) {
+            // Handle API errors gracefully
+            if (error.status === 429) {
+                throw new Error('Rate limit exceeded. Please try again later.');
+            }
+            else if (error.status === 401) {
+                throw new Error('Invalid API key. Please check your GOOGLE_AI_API_KEY.');
+            }
+            else if (error.code === 'ECONNABORTED' || error.message?.includes('timeout')) {
+                throw new Error('Request timeout. The AI service took too long to respond.');
+            }
+            else {
+                throw new Error(`AI analysis failed: ${error.message || 'Unknown error'}`);
+            }
+        }
+    }
+    /**
+     * Clear the response cache
+     */
+    clearCache() {
+        cache.clear();
+    }
+    /**
+     * Get cache statistics
+     */
+    getCacheStats() {
+        return {
+            size: cache.size,
+            keys: Array.from(cache.keys()),
+        };
+    }
+}
+exports.GeminiClient = GeminiClient;
+/**
+ * Create a singleton Gemini client instance
+ */
+let clientInstance = null;
+function getGeminiClient(apiKey) {
+    if (!clientInstance) {
+        clientInstance = new GeminiClient(apiKey);
+    }
+    return clientInstance;
+}
+function resetGeminiClient() {
+    clientInstance = null;
+}
+//# sourceMappingURL=gemini-client.js.map

package/dist/ai/gemini-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gemini-client.js","sourceRoot":"","sources":["../../src/ai/gemini-client.ts"],"names":[],"mappings":";AAAA,6CAA6C;;;AAiP7C,0CAKC;AAED,8CAEC;AAxPD,yDAA4E;AAG5E,wDAAwD;AACxD,IAAI,SAAc,CAAC;AACnB,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAC1C,SAAS,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC;IACvC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,uEAAuE;AACvE,IAAI,QAAa,CAAC;AAElB,KAAK,UAAU,2BAA2B;IACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,eAAe,GAAG,MAAM,WAAW,EAAE,CAAC;QAC5C,QAAQ,GAAG,eAAe,CAAC;YACzB,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC,KAAK,EAAE,KAAsB,EAAE,MAAc,EAAE,EAAE;QAC/D,OAAO,MAAM,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC;AAOD,mCAAmC;AACnC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;AAC5C,MAAM,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;AAElD,MAAa,YAAY;IACf,MAAM,CAAqB;IAC3B,KAAK,CAAkB;IACvB,eAAe,GAAG,CAAC,CAAC;IAE5B,YAAY,MAAe;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACpD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CACb,kDAAkD;gBAClD,2DAA2D,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,kCAAkB,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACnF,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,OAA+B;QACrD,MAAM,SAAS,GAA2B,EAAE,CAAC;QAE7C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,IAAI,OAAO,GAAG,OAAO,CAAC;YAEtB,gCAAgC;YAChC,MAAM,cAAc,GAAG;gBACrB,mHAAmH;gBACnH,gCAAgC;gBAChC,qBAAqB,EAAE,kBAAkB;gBACzC,sBAAsB,EAAE,gBAAgB;gBACxC,sBAAsB,EAAE,sBAAsB;gBAC9C,sBAAsB,EAAE,qBAAqB;gBAC7C,sBAAsB,EAAE,uBAAuB;gBAC/C,sBAAsB,EAAE,wBAAwB;gBAChD,2CAA2C,EAAE,mBAAmB;gBAChE,qDAAqD,EAAE,oBAAoB;gBAC3E,mBAAmB,EAAE,kBAAkB;aACxC,CAAC;YAEF,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;gBACrC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YAC1D,CAAC;YAED,SAAS,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;QAC5B,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,OAAuB;QACzC,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;aACtE,IAAI,EAAE;aACN,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,OAAO,GAAG,OAAO,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;IAC3C,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,QAAgB;QACxC,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS,EAAE,CAAC;YACvC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,QAAgB,EAAE,QAAyB;QACnE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;YAClB,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,kBAAkB;QACvB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,OAAuB;QAC/C,oBAAoB;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,6BAA6B;QAC7B,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;QAErD,6CAA6C;QAC7C,MAAM,gBAAgB,GAAG;YACvB,GAAG,OAAO;YACV,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACrC,GAAG,GAAG;gBACN,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC;aAC3C,CAAC,CAAC;SACJ,CAAC;QAEF,6BAA6B;QAC7B,MAAM,MAAM,GAAG,WAAW,CAAC,gBAAgB,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAE3D,IAAI,CAAC;YACH,qCAAqC;YACrC,MAAM,iBAAiB,GAAG,MAAM,2BAA2B,EAAE,CAAC;YAC9D,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;YAE7B,oBAAoB;YACpB,MAAM,KAAK,GAAG,QAAQ,CAAC,aAAa,CAAC;YACrC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC,eAAe,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,CAAC;YACrD,CAAC;YAED,sBAAsB;YACtB,IAAI,YAA6B,CAAC;YAClC,IAAI,CAAC;gBACH,oDAAoD;gBACpD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;gBACxF,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBACjE,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,mDAAmD;gBACnD,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;gBACtE,YAAY,GAAG;oBACb,QAAQ,EAAE,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC9C,OAAO,EAAE,GAAG,CAAC,IAAI;wBACjB,OAAO,EAAE,GAAG,CAAC,OAAO;wBACpB,sBAAsB,EAAE,CAAC;wBACzB,kBAAkB,EAAE,CAAC;wBACrB,QAAQ,EAAE,EAAE;wBACZ,UAAU,EAAE,CAAC;wBACb,UAAU,EAAE,CAAC;qBACd,CAAC,CAAC;oBACH,eAAe,EAAE,KAAK,EAAE,eAAe,IAAI,CAAC;iBAC7C,CAAC;YACJ,CAAC;YAED,qBAAqB;YACrB,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAE/C,OAAO,YAAY,CAAC;QACtB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,+BAA+B;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAClE,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC3E,CAAC;iBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/E,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC/E,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,KAAK,CAAC,OAAO,IAAI,eAAe,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACI,UAAU;QACf,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,aAAa;QAClB,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC/B,CAAC;IACJ,CAAC;CACF;AAlMD,oCAkMC;AAED;;GAEG;AACH,IAAI,cAAc,GAAwB,IAAI,CAAC;AAE/C,SAAgB,eAAe,CAAC,MAAe;IAC7C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAgB,iBAAiB;IAC/B,cAAc,GAAG,IAAI,CAAC;AACxB,CAAC"}

package/dist/ai/index.d.ts

@@ -0,0 +1,8 @@
+/** ScriptGuard — AI module exports */
+export { GeminiClient, getGeminiClient, resetGeminiClient } from './gemini-client.js';
+export { buildPrompt, sanitizeForPrompt } from './prompts.js';
+export { analyzeFalsePositives, getFalsePositiveConfidence, } from './analyzers/false-positive-filter.js';
+export { detectAdvancedThreats, } from './analyzers/threat-detector.js';
+export { generateInsights, } from './analyzers/insight-generator.js';
+export type { AIOptions, AIMode, AIAnalysis, AIInsight, AIBatchRequest, AIBatchResponse, } from '../types/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EACL,qBAAqB,EACrB,0BAA0B,GAC3B,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACL,qBAAqB,GACtB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,gBAAgB,GACjB,MAAM,kCAAkC,CAAC;AAG1C,YAAY,EACV,SAAS,EACT,MAAM,EACN,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,GAChB,MAAM,mBAAmB,CAAC"}

package/dist/ai/index.js

@@ -0,0 +1,19 @@
+"use strict";
+/** ScriptGuard — AI module exports */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateInsights = exports.detectAdvancedThreats = exports.getFalsePositiveConfidence = exports.analyzeFalsePositives = exports.sanitizeForPrompt = exports.buildPrompt = exports.resetGeminiClient = exports.getGeminiClient = exports.GeminiClient = void 0;
+var gemini_client_js_1 = require("./gemini-client.js");
+Object.defineProperty(exports, "GeminiClient", { enumerable: true, get: function () { return gemini_client_js_1.GeminiClient; } });
+Object.defineProperty(exports, "getGeminiClient", { enumerable: true, get: function () { return gemini_client_js_1.getGeminiClient; } });
+Object.defineProperty(exports, "resetGeminiClient", { enumerable: true, get: function () { return gemini_client_js_1.resetGeminiClient; } });
+var prompts_js_1 = require("./prompts.js");
+Object.defineProperty(exports, "buildPrompt", { enumerable: true, get: function () { return prompts_js_1.buildPrompt; } });
+Object.defineProperty(exports, "sanitizeForPrompt", { enumerable: true, get: function () { return prompts_js_1.sanitizeForPrompt; } });
+var false_positive_filter_js_1 = require("./analyzers/false-positive-filter.js");
+Object.defineProperty(exports, "analyzeFalsePositives", { enumerable: true, get: function () { return false_positive_filter_js_1.analyzeFalsePositives; } });
+Object.defineProperty(exports, "getFalsePositiveConfidence", { enumerable: true, get: function () { return false_positive_filter_js_1.getFalsePositiveConfidence; } });
+var threat_detector_js_1 = require("./analyzers/threat-detector.js");
+Object.defineProperty(exports, "detectAdvancedThreats", { enumerable: true, get: function () { return threat_detector_js_1.detectAdvancedThreats; } });
+var insight_generator_js_1 = require("./analyzers/insight-generator.js");
+Object.defineProperty(exports, "generateInsights", { enumerable: true, get: function () { return insight_generator_js_1.generateInsights; } });
+//# sourceMappingURL=index.js.map

package/dist/ai/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":";AAAA,sCAAsC;;;AAEtC,uDAAsF;AAA7E,gHAAA,YAAY,OAAA;AAAE,mHAAA,eAAe,OAAA;AAAE,qHAAA,iBAAiB,OAAA;AACzD,2CAA8D;AAArD,yGAAA,WAAW,OAAA;AAAE,+GAAA,iBAAiB,OAAA;AACvC,iFAG8C;AAF5C,iIAAA,qBAAqB,OAAA;AACrB,sIAAA,0BAA0B,OAAA;AAE5B,qEAEwC;AADtC,2HAAA,qBAAqB,OAAA;AAEvB,yEAE0C;AADxC,wHAAA,gBAAgB,OAAA"}

package/dist/ai/prompts.d.ts

@@ -0,0 +1,11 @@
+/** ScriptGuard — AI prompt templates for different analysis modes */
+import type { AIMode, AIBatchRequest } from '../types/index.js';
+/**
+ * Build the analysis prompt based on mode
+ */
+export declare function buildPrompt(request: AIBatchRequest, mode: AIMode): string;
+/**
+ * Sanitize script content to remove obvious secrets before sending to AI
+ */
+export declare function sanitizeForPrompt(content: string): string;
+//# sourceMappingURL=prompts.d.ts.map

package/dist/ai/prompts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/ai/prompts.ts"],"names":[],"mappings":"AAAA,qEAAqE;AAErE,OAAO,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEhE;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAMzE;AAsMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQzD"}

package/dist/ai/prompts.js

@@ -0,0 +1,212 @@
+"use strict";
+/** ScriptGuard — AI prompt templates for different analysis modes */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPrompt = buildPrompt;
+exports.sanitizeForPrompt = sanitizeForPrompt;
+/**
+ * Build the analysis prompt based on mode
+ */
+function buildPrompt(request, mode) {
+    const basePrompt = getBasePrompt();
+    const modePrompt = getModePrompt(mode);
+    const packageData = formatPackageData(request);
+    return `${basePrompt}\n\n${modePrompt}\n\n${packageData}\n\n${getOutputInstructions(mode)}`;
+}
+/**
+ * Base system prompt - context about ScriptGuard and npm security
+ */
+function getBasePrompt() {
+    return `You are ScriptGuard AI, an expert security analyst specializing in npm package supply chain attacks.
+
+Your task is to analyze npm package lifecycle scripts (postinstall, preinstall, prepare, etc.) and provide security insights.
+
+## Context
+
+- **Supply chain attacks**: Malicious code often hides in lifecycle scripts that run automatically during \`npm install\`
+- **Common threats**: Remote code execution (curl | bash), credential theft, data exfiltration, obfuscated payloads
+- **False positives**: Many legitimate packages use similar patterns for build tools, platform-specific binaries, or configuration
+
+## Your Role
+
+1. **Distinguish safe from unsafe**: Understand context to identify false positives
+2. **Detect advanced threats**: Identify obfuscated code, novel attack patterns, multi-stage attacks
+3. **Provide actionable insights**: Explain threats clearly and suggest remediation steps
+
+## Safety Rules
+
+- **DO NOT** execute any code - analyze only
+- **Assume malicious intent** unless there's clear evidence of legitimacy
+- **Flag suspicious patterns** even if they might be legitimate - better safe than sorry
+- **Consider the package context**: Unknown packages with risky scripts = higher suspicion`;
+}
+/**
+ * Mode-specific instructions
+ */
+function getModePrompt(mode) {
+    switch (mode) {
+        case 'basic':
+            return `## Analysis Mode: Basic
+
+Focus on identifying **false positives** from regex pattern matching.
+
+For each package with findings:
+1. Analyze the script content and context
+2. Determine if the pattern match represents a real threat or a false positive
+3. Consider: Is this a well-known package? Does the pattern serve a legitimate purpose?
+4. Provide brief explanation for your decision
+
+**Time constraint**: Quick analysis, focus on obvious false positives`;
+        case 'standard':
+            return `## Analysis Mode: Standard
+
+Provide comprehensive security analysis for each package.
+
+For each package:
+1. **False positive analysis**: Determine which regex matches are false positives
+2. **Threat detection**: Identify advanced threats (obfuscation, novel patterns, multi-stage attacks)
+3. **Contextual understanding**: What does this script actually do?
+4. **Risk assessment**: Overall confidence in your analysis
+
+**Output**: Balanced depth - detailed analysis without excessive detail`;
+        case 'thorough':
+            return `## Analysis Mode: Thorough
+
+Perform deep security analysis with cross-script correlation.
+
+For each package:
+1. **Comprehensive false positive analysis**: Examine each finding in detail
+2. **Advanced threat detection**: Identify obfuscation, encoding, polyglot code, novel attack patterns
+3. **Cross-script correlation**: Analyze relationships between multiple lifecycle scripts
+4. **Attack chain identification**: Detect multi-stage attacks across scripts
+5. **Package reputation context**: Consider package name, version patterns, script complexity
+6. **Detailed explanations**: Step-by-step breakdown of what the code does
+
+**Output**: Maximum depth - leave no stone unturned`;
+    }
+}
+/**
+ * Format package data for the AI
+ */
+function formatPackageData(request) {
+    const packages = request.packages.map((pkg, idx) => {
+        const scriptsList = Object.entries(pkg.scripts)
+            .map(([name, content]) => `\`${name}\`: ${content}`)
+            .join('\n    ');
+        const findingsList = pkg.findings.length > 0
+            ? pkg.findings.map(f => `  - Pattern: \`${f.pattern}\` (Risk: ${f.riskLevel})\n` +
+                `    Match: \`${f.match.substring(0, 100)}${f.match.length > 100 ? '...' : ''}\``).join('\n')
+            : '  (No regex findings)';
+        return `## Package ${idx + 1}: ${pkg.name}@${pkg.version}
+
+**Lifecycle Scripts:**
+    ${scriptsList}
+
+**Regex Pattern Findings:**
+${findingsList}`;
+    }).join('\n\n');
+    return `## Packages to Analyze
+
+Total packages: ${request.packages.length}
+
+${packages}`;
+}
+/**
+ * Output format instructions for the AI
+ */
+function getOutputInstructions(mode) {
+    return `## Required Output Format
+
+Respond ONLY with valid JSON in this exact structure:
+
+\`\`\`json
+{
+  "analyses": [
+    {
+      "package": "package-name",
+      "version": "1.0.0",
+      "falsePositivesFiltered": 2,
+      "newThreatsDetected": 1,
+      "insights": [
+        {
+          "type": "false-positive",
+          "severity": "low",
+          "description": "Brief explanation of why this is a false positive",
+          "confidence": 0.9
+        },
+        {
+          "type": "threat",
+          "severity": "high",
+          "description": "Detailed explanation of the threat",
+          "attackTechnique": "e.g., DNS tunneling, reverse shell, credential theft",
+          "remediation": "Specific steps to mitigate",
+          "confidence": 0.85
+        }
+      ],
+      "confidence": 0.88,
+      "tokensUsed": 150
+    }
+  ],
+  "totalTokensUsed": 150
+}
+\`\`\`
+
+## Field Descriptions
+
+- **type**: Either "false-positive", "threat", or "mitigation"
+- **severity**: "low", "medium", "high", or "critical"
+- **description**: Clear, concise explanation
+- **attackTechnique**: (optional) Name of the attack technique (e.g., "reverse shell", "DNS exfiltration")
+- **remediation**: (optional) Specific steps to fix or mitigate the issue
+- **confidence**: Number from 0.0 to 1.0 indicating your certainty
+
+## Insight Type Guidelines
+
+**false-positive**: The regex match is actually safe
+  - Example: \`process.env.PORT\` is for config, not exfiltration
+  - Example: \`child_process\` compiling native modules
+  - Required fields: type, severity, description, confidence
+
+**threat**: Confirmed security issue (including missed threats)
+  - Example: Obfuscated base64 payload
+  - Example: Suspicious network request to unknown domain
+  - Required fields: type, severity, description, attackTechnique (optional), remediation, confidence
+
+**mitigation**: Remediation advice for confirmed threats
+  - Example: "Remove this script entirely" or "Replace with auditable alternative"
+  - Required fields: type, severity, description, remediation, confidence
+
+## Confidence Scoring
+
+- **0.9-1.0**: Very confident - clear evidence
+- **0.7-0.9**: Confident - strong indicators
+- **0.5-0.7**: Moderately confident - some ambiguity
+- **0.3-0.5**: Low confidence - significant uncertainty
+- **0.0-0.3**: Very uncertain - highly speculative
+
+## Additional Guidelines
+
+${mode === 'basic' ? `- Focus on obvious false positives
+- Keep descriptions brief (1-2 sentences)
+- Only report high-confidence findings (>0.7)` : mode === 'standard' ? `- Provide balanced detail
+- Include both obvious and subtle findings
+- Report moderate-confidence findings (>0.5)` : `- Be exhaustive in your analysis
+- Report all findings regardless of confidence
+- Provide detailed explanations and context
+- Correlate findings across multiple scripts
+- Consider package reputation and naming patterns`}
+
+**CRITICAL**: Respond with ONLY the JSON. No markdown formatting, no explanations outside the JSON structure.`;
+}
+/**
+ * Sanitize script content to remove obvious secrets before sending to AI
+ */
+function sanitizeForPrompt(content) {
+    // Redact API keys, tokens, secrets
+    return content
+        .replace(/(?:api[_-]?key|secret|token)\s*[:=]\s*['"]?[a-zA-Z0-9_\-]{20,}['"]?/gi, '[REDACTED_SECRET]')
+        .replace(/bearer\s+[a-zA-Z0-9_\-]{20,}/gi, 'bearer [REDACTED_TOKEN]')
+        .replace(/sk-[a-zA-Z0-9]{48}/g, 'sk-[REDACTED]')
+        .replace(/ghp_[a-zA-Z0-9]{36}/g, 'ghp_[REDACTED]')
+        .replace(/AKIA[0-9A-Z]{16}/g, 'AKIA[REDACTED]');
+}
+//# sourceMappingURL=prompts.js.map

package/dist/ai/prompts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/ai/prompts.ts"],"names":[],"mappings":";AAAA,qEAAqE;;AAOrE,kCAMC;AAyMD,8CAQC;AA1ND;;GAEG;AACH,SAAgB,WAAW,CAAC,OAAuB,EAAE,IAAY;IAC/D,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,WAAW,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAE/C,OAAO,GAAG,UAAU,OAAO,UAAU,OAAO,WAAW,OAAO,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;AAC9F,CAAC;AAED;;GAEG;AACH,SAAS,aAAa;IACpB,OAAO;;;;;;;;;;;;;;;;;;;;;2FAqBkF,CAAC;AAC5F,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO;;;;;;;;;;sEAUyD,CAAC;QAEnE,KAAK,UAAU;YACb,OAAO;;;;;;;;;;wEAU2D,CAAC;QAErE,KAAK,UAAU;YACb,OAAO;;;;;;;;;;;;oDAYuC,CAAC;IACnD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAuB;IAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACjD,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;aAC5C,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,KAAK,IAAI,OAAO,OAAO,EAAE,CAAC;aACnD,IAAI,CAAC,QAAQ,CAAC,CAAC;QAElB,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAC1C,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACnB,kBAAkB,CAAC,CAAC,OAAO,aAAa,CAAC,CAAC,SAAS,KAAK;gBACxD,gBAAgB,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,CAClF,CAAC,IAAI,CAAC,IAAI,CAAC;YACd,CAAC,CAAC,uBAAuB,CAAC;QAE5B,OAAO,cAAc,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO;;;MAGtD,WAAW;;;EAGf,YAAY,EAAE,CAAC;IACf,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO;;kBAES,OAAO,CAAC,QAAQ,CAAC,MAAM;;EAEvC,QAAQ,EAAE,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuEP,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC;;8CAEyB,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC;;6CAE1B,CAAC,CAAC,CAAC;;;;kDAIE;;8GAE4D,CAAC;AAC/G,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAe;IAC/C,mCAAmC;IACnC,OAAO,OAAO;SACX,OAAO,CAAC,uEAAuE,EAAE,mBAAmB,CAAC;SACrG,OAAO,CAAC,gCAAgC,EAAE,yBAAyB,CAAC;SACpE,OAAO,CAAC,qBAAqB,EAAE,eAAe,CAAC;SAC/C,OAAO,CAAC,sBAAsB,EAAE,gBAAgB,CAAC;SACjD,OAAO,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;AACpD,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,4 @@
+#!/usr/bin/env node
+/** ScriptGuard — CLI entry point */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,oCAAoC"}