npm - secretless-ai - Versions diffs - 0.3.0 - Mend

secretless-ai 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/detect.js ADDED Viewed

@@ -0,0 +1,129 @@
+"use strict";
+/**
+ * Auto-detect which AI tools are present in a project.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectAITools = detectAITools;
+exports.toolDisplayName = toolDisplayName;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const DETECTORS = [
+    {
+        tool: 'claude-code',
+        markers: ['.claude', 'CLAUDE.md', '.claude/settings.json'],
+        configDir: '.claude',
+        settingsFile: '.claude/settings.json',
+        hooksSupported: true,
+    },
+    {
+        tool: 'cursor',
+        markers: ['.cursor', '.cursorrules', '.cursor/rules'],
+        configDir: '.cursor',
+        settingsFile: '.cursor/settings.json',
+        hooksSupported: false,
+    },
+    {
+        tool: 'copilot',
+        markers: ['.github/copilot-instructions.md', '.copilot'],
+        configDir: '.github',
+        settingsFile: '.github/copilot-instructions.md',
+        hooksSupported: false,
+    },
+    {
+        tool: 'windsurf',
+        markers: ['.windsurfrules', '.windsurf'],
+        configDir: '.windsurf',
+        settingsFile: '.windsurfrules',
+        hooksSupported: false,
+    },
+    {
+        tool: 'cline',
+        markers: ['.clinerules', '.cline'],
+        configDir: '.cline',
+        settingsFile: '.clinerules',
+        hooksSupported: false,
+    },
+    {
+        tool: 'aider',
+        markers: ['.aider.conf.yml', '.aiderignore'],
+        configDir: '.',
+        settingsFile: '.aider.conf.yml',
+        hooksSupported: false,
+    },
+];
+/**
+ * Detect AI tools present in the project directory.
+ * Returns all detected tools sorted by priority (hooks-capable first).
+ */
+function detectAITools(projectDir) {
+    const results = [];
+    for (const detector of DETECTORS) {
+        const found = detector.markers.some(marker => {
+            const fullPath = path.join(projectDir, marker);
+            return fs.existsSync(fullPath);
+        });
+        if (found) {
+            results.push({
+                tool: detector.tool,
+                configDir: detector.configDir,
+                settingsFile: detector.settingsFile,
+                hooksSupported: detector.hooksSupported,
+            });
+        }
+    }
+    // Sort: hooks-capable tools first
+    results.sort((a, b) => {
+        if (a.hooksSupported && !b.hooksSupported)
+            return -1;
+        if (!a.hooksSupported && b.hooksSupported)
+            return 1;
+        return 0;
+    });
+    return results;
+}
+/** Get display name for a tool */
+function toolDisplayName(tool) {
+    const names = {
+        'claude-code': 'Claude Code',
+        'cursor': 'Cursor',
+        'copilot': 'GitHub Copilot',
+        'windsurf': 'Windsurf',
+        'cline': 'Cline',
+        'aider': 'Aider',
+    };
+    return names[tool];
+}
+//# sourceMappingURL=detect.js.map

package/dist/detect.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"detect.js","sourceRoot":"","sources":["../src/detect.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqEH,sCA2BC;AAGD,0CAUC;AA3GD,uCAAyB;AACzB,2CAA6B;AAW7B,MAAM,SAAS,GAMV;IACH;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,uBAAuB,CAAC;QAC1D,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,uBAAuB;QACrC,cAAc,EAAE,IAAI;KACrB;IACD;QACE,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,CAAC,SAAS,EAAE,cAAc,EAAE,eAAe,CAAC;QACrD,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,uBAAuB;QACrC,cAAc,EAAE,KAAK;KACtB;IACD;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,CAAC,iCAAiC,EAAE,UAAU,CAAC;QACxD,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,iCAAiC;QAC/C,cAAc,EAAE,KAAK;KACtB;IACD;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC,gBAAgB,EAAE,WAAW,CAAC;QACxC,SAAS,EAAE,WAAW;QACtB,YAAY,EAAE,gBAAgB;QAC9B,cAAc,EAAE,KAAK;KACtB;IACD;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,CAAC;QAClC,SAAS,EAAE,QAAQ;QACnB,YAAY,EAAE,aAAa;QAC3B,cAAc,EAAE,KAAK;KACtB;IACD;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,CAAC,iBAAiB,EAAE,cAAc,CAAC;QAC5C,SAAS,EAAE,GAAG;QACd,YAAY,EAAE,iBAAiB;QAC/B,cAAc,EAAE,KAAK;KACtB;CACF,CAAC;AAEF;;;GAGG;AACH,SAAgB,aAAa,CAAC,UAAkB;IAC9C,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAC/C,OAAO,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,SAAS,EAAE,QAAQ,CAAC,SAAS;gBAC7B,YAAY,EAAE,QAAQ,CAAC,YAAY;gBACnC,cAAc,EAAE,QAAQ,CAAC,cAAc;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,IAAI,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,OAAO,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,cAAc;YAAE,OAAO,CAAC,CAAC;QACpD,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,kCAAkC;AAClC,SAAgB,eAAe,CAAC,IAAY;IAC1C,MAAM,KAAK,GAA2B;QACpC,aAAa,EAAE,aAAa;QAC5B,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,gBAAgB;QAC3B,UAAU,EAAE,UAAU;QACtB,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,OAAO;KACjB,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export { init } from './init';
+export { scan, type ScanFinding, type ScanOptions } from './scan';
+export { status, type StatusResult } from './status';
+export { verify, type VerifyResult } from './verify';
+export { detectAITools, toolDisplayName, type AITool } from './detect';
+export { CREDENTIAL_PATTERNS, SECRET_FILE_PATTERNS, CONFIG_FILES, type CredentialPattern } from './patterns';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,IAAI,EAAE,KAAK,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,QAAQ,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,KAAK,MAAM,EAAE,MAAM,UAAU,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONFIG_FILES = exports.SECRET_FILE_PATTERNS = exports.CREDENTIAL_PATTERNS = exports.toolDisplayName = exports.detectAITools = exports.verify = exports.status = exports.scan = exports.init = void 0;
+var init_1 = require("./init");
+Object.defineProperty(exports, "init", { enumerable: true, get: function () { return init_1.init; } });
+var scan_1 = require("./scan");
+Object.defineProperty(exports, "scan", { enumerable: true, get: function () { return scan_1.scan; } });
+var status_1 = require("./status");
+Object.defineProperty(exports, "status", { enumerable: true, get: function () { return status_1.status; } });
+var verify_1 = require("./verify");
+Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return verify_1.verify; } });
+var detect_1 = require("./detect");
+Object.defineProperty(exports, "detectAITools", { enumerable: true, get: function () { return detect_1.detectAITools; } });
+Object.defineProperty(exports, "toolDisplayName", { enumerable: true, get: function () { return detect_1.toolDisplayName; } });
+var patterns_1 = require("./patterns");
+Object.defineProperty(exports, "CREDENTIAL_PATTERNS", { enumerable: true, get: function () { return patterns_1.CREDENTIAL_PATTERNS; } });
+Object.defineProperty(exports, "SECRET_FILE_PATTERNS", { enumerable: true, get: function () { return patterns_1.SECRET_FILE_PATTERNS; } });
+Object.defineProperty(exports, "CONFIG_FILES", { enumerable: true, get: function () { return patterns_1.CONFIG_FILES; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,+BAA8B;AAArB,4FAAA,IAAI,OAAA;AACb,+BAAkE;AAAzD,4FAAA,IAAI,OAAA;AACb,mCAAqD;AAA5C,gGAAA,MAAM,OAAA;AACf,mCAAqD;AAA5C,gGAAA,MAAM,OAAA;AACf,mCAAuE;AAA9D,uGAAA,aAAa,OAAA;AAAE,yGAAA,eAAe,OAAA;AACvC,uCAA6G;AAApG,+GAAA,mBAAmB,OAAA;AAAE,gHAAA,oBAAoB,OAAA;AAAE,wGAAA,YAAY,OAAA"}

package/dist/init.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Initialize Secretless for a project.
+ * Auto-detects AI tools and installs appropriate protections.
+ */
+import { type AITool } from './detect';
+interface InitResult {
+    toolsDetected: AITool[];
+    toolsConfigured: AITool[];
+    filesCreated: string[];
+    filesModified: string[];
+    secretsFound: number;
+}
+/**
+ * Initialize Secretless protections for the project.
+ * This is the main entry point called by `npx secretless-ai init`.
+ */
+export declare function init(projectDir: string): InitResult;
+export {};
+//# sourceMappingURL=init.d.ts.map

package/dist/init.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAkC,KAAK,MAAM,EAAE,MAAM,UAAU,CAAC;AAkBvE,UAAU,UAAU;IAClB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAoDnD"}

package/dist/init.js ADDED Viewed

@@ -0,0 +1,411 @@
+"use strict";
+/**
+ * Initialize Secretless for a project.
+ * Auto-detects AI tools and installs appropriate protections.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.init = init;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const detect_1 = require("./detect");
+const patterns_1 = require("./patterns");
+/** Known API services with their auth header formats */
+const SERVICE_HINTS = {
+    ANTHROPIC_API_KEY: { service: 'Anthropic Messages API', authHeader: 'x-api-key: $ANTHROPIC_API_KEY' },
+    OPENAI_API_KEY: { service: 'OpenAI API', authHeader: 'Authorization: Bearer $OPENAI_API_KEY' },
+    GAMMA_API_KEY: { service: 'Gamma API', authHeader: 'X-API-KEY: $GAMMA_API_KEY' },
+    AWS_ACCESS_KEY_ID: { service: 'AWS', authHeader: '(use AWS SDK or aws configure)' },
+    GITHUB_TOKEN: { service: 'GitHub API', authHeader: 'Authorization: Bearer $GITHUB_TOKEN' },
+    SLACK_TOKEN: { service: 'Slack API', authHeader: 'Authorization: Bearer $SLACK_TOKEN' },
+    GOOGLE_API_KEY: { service: 'Google API', authHeader: 'key=$GOOGLE_API_KEY (query param)' },
+    STRIPE_SECRET_KEY: { service: 'Stripe API', authHeader: 'Authorization: Bearer $STRIPE_SECRET_KEY' },
+    SENDGRID_API_KEY: { service: 'SendGrid API', authHeader: 'Authorization: Bearer $SENDGRID_API_KEY' },
+    SUPABASE_SERVICE_ROLE_KEY: { service: 'Supabase', authHeader: 'apikey: $SUPABASE_SERVICE_ROLE_KEY' },
+    AZURE_API_KEY: { service: 'Azure', authHeader: 'api-key: $AZURE_API_KEY' },
+};
+/**
+ * Initialize Secretless protections for the project.
+ * This is the main entry point called by `npx secretless-ai init`.
+ */
+function init(projectDir) {
+    const result = {
+        toolsDetected: [],
+        toolsConfigured: [],
+        filesCreated: [],
+        filesModified: [],
+        secretsFound: 0,
+    };
+    // Detect AI tools
+    const detected = (0, detect_1.detectAITools)(projectDir);
+    result.toolsDetected = detected.map(d => d.tool);
+    // If no tools detected, default to Claude Code (most common for npx users)
+    if (detected.length === 0) {
+        detected.push({
+            tool: 'claude-code',
+            configDir: '.claude',
+            settingsFile: '.claude/settings.json',
+            hooksSupported: true,
+        });
+    }
+    // Quick scan for existing secrets
+    result.secretsFound = quickScan(projectDir);
+    // Configure each detected tool
+    for (const tool of detected) {
+        switch (tool.tool) {
+            case 'claude-code':
+                configureClaudeCode(projectDir, result);
+                break;
+            case 'cursor':
+                configureCursor(projectDir, result);
+                break;
+            case 'copilot':
+                configureCopilot(projectDir, result);
+                break;
+            case 'windsurf':
+                configureWindsurf(projectDir, result);
+                break;
+            case 'cline':
+                configureCline(projectDir, result);
+                break;
+            case 'aider':
+                configureAider(projectDir, result);
+                break;
+        }
+        result.toolsConfigured.push(tool.tool);
+    }
+    return result;
+}
+// ============================================================================
+// Claude Code Configuration
+// ============================================================================
+function configureClaudeCode(projectDir, result) {
+    const claudeDir = path.join(projectDir, '.claude');
+    const hooksDir = path.join(claudeDir, 'hooks');
+    // Ensure directories exist
+    fs.mkdirSync(hooksDir, { recursive: true });
+    // 1. Install PreToolUse hook
+    const hookPath = path.join(hooksDir, 'secretless-guard.sh');
+    if (!fs.existsSync(hookPath)) {
+        fs.writeFileSync(hookPath, generateClaudeHookScript(), { mode: 0o755 });
+        result.filesCreated.push('.claude/hooks/secretless-guard.sh');
+    }
+    // 2. Update settings.json with hook config and deny rules
+    const settingsPath = path.join(claudeDir, 'settings.json');
+    const settings = readJsonFile(settingsPath) || {};
+    // Add hooks config
+    if (!settings.hooks)
+        settings.hooks = {};
+    if (!settings.hooks.PreToolUse)
+        settings.hooks.PreToolUse = [];
+    const hookExists = settings.hooks.PreToolUse.some((h) => h.hooks?.some((hh) => hh.command?.includes('secretless-guard')));
+    if (!hookExists) {
+        settings.hooks.PreToolUse.push({
+            matcher: 'Read|Grep|Glob|Bash|Write|Edit',
+            hooks: [{
+                    type: 'command',
+                    command: '"$CLAUDE_PROJECT_DIR"/.claude/hooks/secretless-guard.sh',
+                }],
+        });
+        result.filesModified.push('.claude/settings.json');
+    }
+    // Add deny rules for secret files
+    if (!settings.permissions)
+        settings.permissions = {};
+    if (!settings.permissions.deny)
+        settings.permissions.deny = [];
+    const denyRules = [
+        'Read(.env*)',
+        'Read(*.key)',
+        'Read(*.pem)',
+        'Read(*.p12)',
+        'Read(*.pfx)',
+        'Read(*.tfstate)',
+        'Read(*.tfvars)',
+        'Read(.aws/credentials)',
+        'Read(.ssh/*)',
+        'Bash(cat .env*)',
+        'Bash(cat *.key)',
+        'Bash(echo $*SECRET*)',
+        'Bash(echo $*PASSWORD*)',
+        'Bash(echo $*API_KEY*)',
+    ];
+    for (const rule of denyRules) {
+        if (!settings.permissions.deny.includes(rule)) {
+            settings.permissions.deny.push(rule);
+        }
+    }
+    writeJsonFile(settingsPath, settings);
+    // 3. Add Secretless instructions to CLAUDE.md
+    const claudeMdPath = path.join(projectDir, 'CLAUDE.md');
+    addSecretlessInstructions(claudeMdPath, 'claude-code', result);
+}
+// ============================================================================
+// Cursor Configuration
+// ============================================================================
+function configureCursor(projectDir, result) {
+    const rulesPath = path.join(projectDir, '.cursorrules');
+    addSecretlessInstructions(rulesPath, 'cursor', result);
+}
+// ============================================================================
+// GitHub Copilot Configuration
+// ============================================================================
+function configureCopilot(projectDir, result) {
+    const githubDir = path.join(projectDir, '.github');
+    fs.mkdirSync(githubDir, { recursive: true });
+    const instructionsPath = path.join(githubDir, 'copilot-instructions.md');
+    addSecretlessInstructions(instructionsPath, 'copilot', result);
+}
+// ============================================================================
+// Windsurf Configuration
+// ============================================================================
+function configureWindsurf(projectDir, result) {
+    const rulesPath = path.join(projectDir, '.windsurfrules');
+    addSecretlessInstructions(rulesPath, 'windsurf', result);
+}
+// ============================================================================
+// Cline Configuration
+// ============================================================================
+function configureCline(projectDir, result) {
+    const rulesPath = path.join(projectDir, '.clinerules');
+    addSecretlessInstructions(rulesPath, 'cline', result);
+}
+// ============================================================================
+// Aider Configuration
+// ============================================================================
+function configureAider(projectDir, result) {
+    const ignorePath = path.join(projectDir, '.aiderignore');
+    const existing = fs.existsSync(ignorePath) ? fs.readFileSync(ignorePath, 'utf-8') : '';
+    if (!existing.includes('# Secretless')) {
+        const secretPatterns = [
+            '',
+            '# Secretless: keep secrets out of AI context',
+            '.env',
+            '.env.*',
+            '*.key',
+            '*.pem',
+            '*.p12',
+            '*.pfx',
+            '*.tfstate',
+            '*.tfvars',
+            '.aws/',
+            '.ssh/',
+            'secrets/',
+            'credentials/',
+        ].join('\n');
+        fs.writeFileSync(ignorePath, existing + secretPatterns + '\n');
+        if (existing) {
+            result.filesModified.push('.aiderignore');
+        }
+        else {
+            result.filesCreated.push('.aiderignore');
+        }
+    }
+}
+// ============================================================================
+// Shared Utilities
+// ============================================================================
+const SECRETLESS_MARKER = '<!-- secretless:managed -->';
+function buildSecretlessInstructions() {
+    // Detect which env vars are actually set
+    const availableKeys = [];
+    for (const envVar of Object.keys(SERVICE_HINTS)) {
+        if (process.env[envVar] && process.env[envVar].length > 0) {
+            availableKeys.push(envVar);
+        }
+    }
+    let keyTable = '';
+    if (availableKeys.length > 0) {
+        keyTable = `\n**Available API keys** (set as env vars — use \`$VAR_NAME\` in commands, never ask for values):\n\n`;
+        keyTable += `| Env Var | Service | Auth Header |\n|---------|---------|-------------|\n`;
+        for (const envVar of availableKeys) {
+            const hint = SERVICE_HINTS[envVar];
+            keyTable += `| \`$${envVar}\` | ${hint.service} | \`${hint.authHeader}\` |\n`;
+        }
+    }
+    return `
+${SECRETLESS_MARKER}
+## Secretless Mode
+This project uses Secretless to protect credentials from AI context.
+${keyTable}
+**Blocked file patterns** (never read, write, or reference):
+- \`.env\`, \`.env.*\` — environment variable files
+- \`*.key\`, \`*.pem\`, \`*.p12\`, \`*.pfx\` — private key files
+- \`.aws/credentials\`, \`.ssh/*\` — cloud/SSH credentials
+- \`*.tfstate\`, \`*.tfvars\` — Terraform state with secrets
+- \`secrets/\`, \`credentials/\` — secret directories
+**If you need a credential:**
+1. Reference it via \`$VAR_NAME\` in shell commands or \`process.env.VAR_NAME\` in code
+2. Never hardcode credentials in source files
+3. Never print or echo key values — only reference them as variables
+**If you find a hardcoded credential:**
+1. Replace it with an environment variable reference
+2. Add the variable name to \`.env.example\`
+3. Warn the user to rotate the exposed credential
+Verify setup: \`npx secretless-ai verify\`
+`;
+}
+function addSecretlessInstructions(filePath, tool, result) {
+    const existing = fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf-8') : '';
+    if (existing.includes(SECRETLESS_MARKER)) {
+        return; // Already configured
+    }
+    fs.writeFileSync(filePath, existing + buildSecretlessInstructions());
+    if (existing) {
+        result.filesModified.push(path.relative(process.cwd(), filePath));
+    }
+    else {
+        result.filesCreated.push(path.relative(process.cwd(), filePath));
+    }
+}
+function generateClaudeHookScript() {
+    // Build pattern list for the shell script
+    const filePatterns = [
+        '.env', '.env.local', '.env.development', '.env.production', '.env.staging',
+        '.key', '.pem', '.p12', '.pfx', '.crt',
+        'credentials', '.aws/credentials', '.ssh/',
+        '.docker/config.json', '.git-credentials',
+        '.npmrc', '.pypirc',
+        '.tfstate', '.tfvars',
+        'secrets/', '.opena2a/secretless-ai/',
+    ];
+    return `#!/bin/bash
+# Secretless Guard — PreToolUse hook for Claude Code
+# Blocks file access to secrets before they enter AI context.
+# Managed by secretless-ai. Do not edit manually.
+set -euo pipefail
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | grep -o '"tool_name":"[^"]*"' | head -1 | cut -d'"' -f4)
+# Extract file path from tool input (handles Read, Grep, Glob, Edit, Write)
+FILE_PATH=$(echo "$INPUT" | grep -o '"file_path":"[^"]*"' | head -1 | cut -d'"' -f4)
+if [ -z "$FILE_PATH" ]; then
+  FILE_PATH=$(echo "$INPUT" | grep -o '"path":"[^"]*"' | head -1 | cut -d'"' -f4)
+fi
+# For Bash tool, check the command for secret access patterns
+if [ "$TOOL_NAME" = "Bash" ]; then
+  COMMAND=$(echo "$INPUT" | grep -o '"command":"[^"]*"' | head -1 | cut -d'"' -f4)
+  # Block commands that dump secret files
+  if echo "$COMMAND" | grep -qiE '(cat|head|tail|less|more|type)\\s+.*\\.(env|key|pem|p12|pfx)'; then
+    echo '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"Secretless: blocked command that reads secret files"}}'
+    exit 0
+  fi
+  # Block commands that echo secret env vars
+  if echo "$COMMAND" | grep -qiE 'echo\\s+.*\\$(SECRET|PASSWORD|API_KEY|TOKEN|PRIVATE_KEY)'; then
+    echo '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"Secretless: blocked command that exposes secret environment variables"}}'
+    exit 0
+  fi
+  exit 0
+fi
+# Skip if no file path found
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+# Normalize path for matching
+BASENAME=$(basename "$FILE_PATH")
+LOWER_PATH=$(echo "$FILE_PATH" | tr '[:upper:]' '[:lower:]')
+# Block patterns
+${filePatterns.map(p => {
+        if (p.startsWith('.') && !p.includes('/')) {
+            // Extension or dotfile match
+            if (p.includes('*')) {
+                return `# Match ${p}\nif echo "$BASENAME" | grep -qE '\\${p.replace('*', '.*')}$'; then BLOCKED=1; REASON="${p}"; fi`;
+            }
+            return `# Match ${p}\nif [ "$BASENAME" = "${p}" ] || echo "$BASENAME" | grep -qE '^\\${p}'; then BLOCKED=1; REASON="${p}"; fi`;
+        }
+        // Path fragment match
+        return `# Match ${p}\nif echo "$LOWER_PATH" | grep -qi '${p}'; then BLOCKED=1; REASON="${p}"; fi`;
+    }).join('\n')}
+if [ "\${BLOCKED:-0}" = "1" ]; then
+  echo "{\\"hookSpecificOutput\\":{\\"hookEventName\\":\\"PreToolUse\\",\\"permissionDecision\\":\\"deny\\",\\"permissionDecisionReason\\":\\"Secretless: blocked access to secret file matching pattern '$REASON'\\"}}"
+  exit 0
+fi
+exit 0
+`;
+}
+function quickScan(projectDir) {
+    let count = 0;
+    for (const configFile of patterns_1.CONFIG_FILES) {
+        const fullPath = path.join(projectDir, configFile);
+        if (!fs.existsSync(fullPath))
+            continue;
+        try {
+            const stat = fs.statSync(fullPath);
+            if (stat.size > 10 * 1024 * 1024)
+                continue; // Skip files > 10MB
+            const content = fs.readFileSync(fullPath, 'utf-8');
+            for (const line of content.split('\n')) {
+                if (line.length > 4096)
+                    continue; // ReDoS protection
+                for (const pattern of patterns_1.CREDENTIAL_PATTERNS) {
+                    if (pattern.regex.test(line)) {
+                        count++;
+                        break; // One finding per line
+                    }
+                }
+            }
+        }
+        catch {
+            // Skip unreadable files
+        }
+    }
+    return count;
+}
+function readJsonFile(filePath) {
+    if (!fs.existsSync(filePath))
+        return null;
+    try {
+        return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+function writeJsonFile(filePath, data) {
+    fs.writeFileSync(filePath, JSON.stringify(data, null, 2) + '\n');
+}
+//# sourceMappingURL=init.js.map

package/dist/init.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCH,oBAoDC;AApFD,uCAAyB;AACzB,2CAA6B;AAC7B,qCAAuE;AACvE,yCAAqF;AAErF,wDAAwD;AACxD,MAAM,aAAa,GAA4D;IAC7E,iBAAiB,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,UAAU,EAAE,+BAA+B,EAAE;IACrG,cAAc,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,uCAAuC,EAAE;IAC9F,aAAa,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,2BAA2B,EAAE;IAChF,iBAAiB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,gCAAgC,EAAE;IACnF,YAAY,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,qCAAqC,EAAE;IAC1F,WAAW,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,oCAAoC,EAAE;IACvF,cAAc,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,mCAAmC,EAAE;IAC1F,iBAAiB,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,0CAA0C,EAAE;IACpG,gBAAgB,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,yCAAyC,EAAE;IACpG,yBAAyB,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,oCAAoC,EAAE;IACpG,aAAa,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,yBAAyB,EAAE;CAC3E,CAAC;AAUF;;;GAGG;AACH,SAAgB,IAAI,CAAC,UAAkB;IACrC,MAAM,MAAM,GAAe;QACzB,aAAa,EAAE,EAAE;QACjB,eAAe,EAAE,EAAE;QACnB,YAAY,EAAE,EAAE;QAChB,aAAa,EAAE,EAAE;QACjB,YAAY,EAAE,CAAC;KAChB,CAAC;IAEF,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAA,sBAAa,EAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,CAAC,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEjD,2EAA2E;IAC3E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,aAAa;YACnB,SAAS,EAAE,SAAS;YACpB,YAAY,EAAE,uBAAuB;YACrC,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IAE5C,+BAA+B;IAC/B,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,aAAa;gBAChB,mBAAmB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACxC,MAAM;YACR,KAAK,QAAQ;gBACX,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACpC,MAAM;YACR,KAAK,SAAS;gBACZ,gBAAgB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACrC,MAAM;YACR,KAAK,UAAU;gBACb,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACtC,MAAM;YACR,KAAK,OAAO;gBACV,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,OAAO;gBACV,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACnC,MAAM;QACV,CAAC;QACD,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,UAAkB,EAAE,MAAkB;IACjE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAE/C,2BAA2B;IAC3B,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5C,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,wBAAwB,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IAChE,CAAC;IAED,0DAA0D;IAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAElD,mBAAmB;IACnB,IAAI,CAAC,QAAQ,CAAC,KAAK;QAAE,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC;IACzC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU;QAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,GAAG,EAAE,CAAC;IAE/D,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAC/C,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CACjF,CAAC;IAEF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;YAC7B,OAAO,EAAE,gCAAgC;YACzC,KAAK,EAAE,CAAC;oBACN,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,yDAAyD;iBACnE,CAAC;SACH,CAAC,CAAC;QACH,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACrD,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,QAAQ,CAAC,WAAW;QAAE,QAAQ,CAAC,WAAW,GAAG,EAAE,CAAC;IACrD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI;QAAE,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,EAAE,CAAC;IAE/D,MAAM,SAAS,GAAG;QAChB,aAAa;QACb,aAAa;QACb,aAAa;QACb,aAAa;QACb,aAAa;QACb,iBAAiB;QACjB,gBAAgB;QAChB,wBAAwB;QACxB,cAAc;QACd,iBAAiB;QACjB,iBAAiB;QACjB,sBAAsB;QACtB,wBAAwB;QACxB,uBAAuB;KACxB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,aAAa,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAEtC,8CAA8C;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,yBAAyB,CAAC,YAAY,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;AACjE,CAAC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,SAAS,eAAe,CAAC,UAAkB,EAAE,MAAkB;IAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IACxD,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AACzD,CAAC;AAED,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E,SAAS,gBAAgB,CAAC,UAAkB,EAAE,MAAkB;IAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnD,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;IACzE,yBAAyB,CAAC,gBAAgB,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;AACjE,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E,SAAS,iBAAiB,CAAC,UAAkB,EAAE,MAAkB;IAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;IAC1D,yBAAyB,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,SAAS,cAAc,CAAC,UAAkB,EAAE,MAAkB;IAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACvD,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,SAAS,cAAc,CAAC,UAAkB,EAAE,MAAkB;IAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEvF,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACvC,MAAM,cAAc,GAAG;YACrB,EAAE;YACF,8CAA8C;YAC9C,MAAM;YACN,QAAQ;YACR,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,WAAW;YACX,UAAU;YACV,OAAO;YACP,OAAO;YACP,UAAU;YACV,cAAc;SACf,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,GAAG,cAAc,GAAG,IAAI,CAAC,CAAC;QAC/D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,MAAM,iBAAiB,GAAG,6BAA6B,CAAC;AAExD,SAAS,2BAA2B;IAClC,yCAAyC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;QAChD,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,GAAG,uGAAuG,CAAC;QACnH,QAAQ,IAAI,4EAA4E,CAAC;QACzF,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACnC,QAAQ,IAAI,QAAQ,MAAM,QAAQ,IAAI,CAAC,OAAO,QAAQ,IAAI,CAAC,UAAU,QAAQ,CAAC;QAChF,CAAC;IACH,CAAC;IAED,OAAO;EACP,iBAAiB;;;;EAIjB,QAAQ;;;;;;;;;;;;;;;;;;;CAmBT,CAAC;AACF,CAAC;AAED,SAAS,yBAAyB,CAAC,QAAgB,EAAE,IAAY,EAAE,MAAkB;IACnF,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnF,IAAI,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,qBAAqB;IAC/B,CAAC;IAED,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,QAAQ,GAAG,2BAA2B,EAAE,CAAC,CAAC;IACrE,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB;IAC/B,0CAA0C;IAC1C,MAAM,YAAY,GAAG;QACnB,MAAM,EAAE,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,cAAc;QAC3E,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;QACtC,aAAa,EAAE,kBAAkB,EAAE,OAAO;QAC1C,qBAAqB,EAAE,kBAAkB;QACzC,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,yBAAyB;KACtC,CAAC;IAEF,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0CP,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACnB,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,6BAA6B;YAC7B,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,WAAW,CAAC,uCAAuC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC;YACxH,CAAC;YACD,OAAO,WAAW,CAAC,yBAAyB,CAAC,0CAA0C,CAAC,8BAA8B,CAAC,OAAO,CAAC;QACjI,CAAC;QACD,sBAAsB;QACtB,OAAO,WAAW,CAAC,uCAAuC,CAAC,8BAA8B,CAAC,OAAO,CAAC;IACpG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;CAQd,CAAC;AACF,CAAC;AAED,SAAS,SAAS,CAAC,UAAkB;IACnC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,UAAU,IAAI,uBAAY,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI;gBAAE,SAAS,CAAC,oBAAoB;YAEhE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI;oBAAE,SAAS,CAAC,mBAAmB;gBACrD,KAAK,MAAM,OAAO,IAAI,8BAAmB,EAAE,CAAC;oBAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC7B,KAAK,EAAE,CAAC;wBACR,MAAM,CAAC,uBAAuB;oBAChC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB,EAAE,IAAS;IAChD,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AACnE,CAAC"}

package/dist/patterns.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Credential patterns used across all Secretless integrations.
+ * Shared between scanner, hooks, and MCP server.
+ */
+export interface CredentialPattern {
+    id: string;
+    name: string;
+    regex: RegExp;
+    envPrefix: string;
+}
+export declare const CREDENTIAL_PATTERNS: CredentialPattern[];
+/** File patterns that should never be read by AI tools */
+export declare const SECRET_FILE_PATTERNS: string[];
+/** Config files that may contain hardcoded secrets */
+export declare const CONFIG_FILES: string[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/patterns.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../src/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,mBAAmB,EAAE,iBAAiB,EAalD,CAAC;AAEF,0DAA0D;AAC1D,eAAO,MAAM,oBAAoB,EAAE,MAAM,EAsBxC,CAAC;AAEF,sDAAsD;AACtD,eAAO,MAAM,YAAY,UAWxB,CAAC"}