shieldcortex 2.8.3 → 2.9.0

package/dist/audit/report-formatter.js

@@ -0,0 +1,237 @@
+/**
+ * Report Formatter
+ *
+ * Formats the audit report for terminal output with:
+ *   - ASCII art shield header
+ *   - Security grade (A-F)
+ *   - Colour-coded findings by severity
+ *   - Summary statistics
+ *   - Markdown export mode for CI/GitHub
+ */
+// ── ANSI Colours ──
+const c = {
+    reset: '\x1b[0m',
+    bold: '\x1b[1m',
+    dim: '\x1b[2m',
+    red: '\x1b[31m',
+    green: '\x1b[32m',
+    yellow: '\x1b[33m',
+    blue: '\x1b[34m',
+    magenta: '\x1b[35m',
+    cyan: '\x1b[36m',
+    white: '\x1b[37m',
+    bgRed: '\x1b[41m',
+    bgGreen: '\x1b[42m',
+    bgYellow: '\x1b[43m',
+    brightRed: '\x1b[91m',
+};
+// ── Grade Colours ──
+function gradeColour(grade) {
+    switch (grade) {
+        case 'A': return c.green;
+        case 'B': return c.blue;
+        case 'C': return c.yellow;
+        case 'D': return c.brightRed;
+        case 'F': return c.red;
+    }
+}
+function severityColour(severity) {
+    switch (severity) {
+        case 'critical': return c.red;
+        case 'high': return c.brightRed;
+        case 'medium': return c.yellow;
+        case 'low': return c.cyan;
+        case 'info': return c.dim;
+    }
+}
+function severityIcon(severity) {
+    switch (severity) {
+        case 'critical': return 'X';
+        case 'high': return '!';
+        case 'medium': return '~';
+        case 'low': return '-';
+        case 'info': return 'i';
+    }
+}
+// ── ASCII Art ──
+const SHIELD_ART = `
+   _____ __    _      __    ______           __
+  / ___// /_  (_)__  / /___/ / ____/___  _____/ /____  _  __
+  \\__ \\/ __ \\/ / _ \\/ / __  / /   / __ \\/ ___/ __/ _ \\| |/_/
+ ___/ / / / / /  __/ / /_/ / /___/ /_/ / /  / /_/  __/>  <
+/____/_/ /_/_/\\___/_/\\__,_/\\____/\\____/_/   \\__/\\___/_/|_|
+`;
+const GRADE_ART = {
+    A: `
+  ╔═══════════════════╗
+  ║    Grade:  A       ║
+  ║    ALL CLEAR       ║
+  ╚═══════════════════╝`,
+    B: `
+  ╔═══════════════════╗
+  ║    Grade:  B       ║
+  ║    LOW RISK        ║
+  ╚═══════════════════╝`,
+    C: `
+  ╔═══════════════════╗
+  ║    Grade:  C       ║
+  ║    MODERATE RISK   ║
+  ╚═══════════════════╝`,
+    D: `
+  ╔═══════════════════╗
+  ║    Grade:  D       ║
+  ║    HIGH RISK       ║
+  ╚═══════════════════╝`,
+    F: `
+  ╔═══════════════════════╗
+  ║    Grade:  F           ║
+  ║    CRITICAL RISK       ║
+  ╚═══════════════════════╝`,
+};
+// ── Terminal Formatter ──
+/**
+ * Format an audit report for terminal display.
+ */
+export function formatTerminalReport(report) {
+    const lines = [];
+    const gc = gradeColour(report.grade);
+    // Header
+    lines.push(`${c.cyan}${SHIELD_ART}${c.reset}`);
+    lines.push(`${c.bold}  Security Audit${c.reset}  v${report.version}  ${c.dim}${report.timestamp}${c.reset}`);
+    lines.push('');
+    // Grade box
+    lines.push(`${gc}${c.bold}${GRADE_ART[report.grade]}${c.reset}`);
+    lines.push('');
+    // Summary bar
+    const summaryParts = [];
+    if (report.bySeverity.critical > 0)
+        summaryParts.push(`${c.red}${report.bySeverity.critical} critical${c.reset}`);
+    if (report.bySeverity.high > 0)
+        summaryParts.push(`${c.brightRed}${report.bySeverity.high} high${c.reset}`);
+    if (report.bySeverity.medium > 0)
+        summaryParts.push(`${c.yellow}${report.bySeverity.medium} medium${c.reset}`);
+    if (report.bySeverity.low > 0)
+        summaryParts.push(`${c.cyan}${report.bySeverity.low} low${c.reset}`);
+    if (report.bySeverity.info > 0)
+        summaryParts.push(`${c.dim}${report.bySeverity.info} info${c.reset}`);
+    if (summaryParts.length > 0) {
+        lines.push(`  ${c.bold}Findings:${c.reset} ${summaryParts.join('  ')}`);
+    }
+    else {
+        lines.push(`  ${c.green}${c.bold}No security issues found.${c.reset}`);
+    }
+    lines.push('');
+    // Scanner results
+    lines.push(`  ${c.bold}Scanners${c.reset}`);
+    lines.push(`  ${'─'.repeat(60)}`);
+    for (const scanner of report.scanners) {
+        const findingCount = scanner.findings.length;
+        const icon = scanner.skipped ? `${c.dim}○${c.reset}` :
+            findingCount === 0 ? `${c.green}✓${c.reset}` :
+                `${c.red}✗${c.reset}`;
+        const countStr = scanner.skipped ? `${c.dim}skipped${c.reset}` :
+            findingCount === 0 ? `${c.green}clean${c.reset}` :
+                `${c.red}${findingCount} finding(s)${c.reset}`;
+        const scannedStr = scanner.skipped ? '' : ` (${scanner.itemsScanned} scanned)`;
+        const timeStr = `${c.dim}${scanner.durationMs}ms${c.reset}`;
+        lines.push(`  ${icon}  ${scanner.name.padEnd(25)} ${countStr}${scannedStr}  ${timeStr}`);
+        if (scanner.skipped && scanner.skipReason) {
+            lines.push(`     ${c.dim}${scanner.skipReason}${c.reset}`);
+        }
+    }
+    lines.push('');
+    // Detailed findings (grouped by severity)
+    const severityOrder = ['critical', 'high', 'medium', 'low', 'info'];
+    const hasPrintableFindings = report.findings.some(f => f.severity !== 'info');
+    if (hasPrintableFindings) {
+        lines.push(`  ${c.bold}Findings${c.reset}`);
+        lines.push(`  ${'─'.repeat(60)}`);
+        for (const severity of severityOrder) {
+            const findings = report.findings.filter(f => f.severity === severity);
+            if (findings.length === 0)
+                continue;
+            // Skip info findings in the detailed view (they're noise)
+            if (severity === 'info')
+                continue;
+            for (const finding of findings) {
+                const sc = severityColour(finding.severity);
+                const icon = severityIcon(finding.severity);
+                lines.push(`  ${sc}[${icon}] ${finding.severity.toUpperCase().padEnd(8)}${c.reset} ${finding.title}`);
+                lines.push(`     ${c.dim}${finding.description}${c.reset}`);
+                if (finding.filePath) {
+                    lines.push(`     ${c.dim}File: ${finding.filePath}${c.reset}`);
+                }
+                if (finding.matchedText) {
+                    lines.push(`     ${c.dim}Match: ${finding.matchedText}${c.reset}`);
+                }
+                lines.push('');
+            }
+        }
+    }
+    // Footer
+    lines.push(`  ${'─'.repeat(60)}`);
+    lines.push(`  ${c.dim}Scan completed in ${report.durationMs}ms${c.reset}`);
+    lines.push(`  ${c.dim}Learn more: https://shieldcortex.ai/docs/audit${c.reset}`);
+    lines.push('');
+    return lines.join('\n');
+}
+// ── Markdown Formatter (for CI/GitHub) ──
+/**
+ * Format an audit report as markdown (for GitHub PR comments).
+ */
+export function formatMarkdownReport(report) {
+    const lines = [];
+    const gradeEmoji = report.grade === 'A' ? '🟢' :
+        report.grade === 'B' ? '🔵' :
+            report.grade === 'C' ? '🟡' :
+                report.grade === 'D' ? '🟠' : '🔴';
+    lines.push(`## ${gradeEmoji} ShieldCortex Security Audit — Grade ${report.grade}`);
+    lines.push('');
+    // Summary table
+    if (report.totalFindings > 0) {
+        lines.push('| Severity | Count |');
+        lines.push('|----------|-------|');
+        if (report.bySeverity.critical > 0)
+            lines.push(`| 🔴 Critical | ${report.bySeverity.critical} |`);
+        if (report.bySeverity.high > 0)
+            lines.push(`| 🟠 High | ${report.bySeverity.high} |`);
+        if (report.bySeverity.medium > 0)
+            lines.push(`| 🟡 Medium | ${report.bySeverity.medium} |`);
+        if (report.bySeverity.low > 0)
+            lines.push(`| 🔵 Low | ${report.bySeverity.low} |`);
+        if (report.bySeverity.info > 0)
+            lines.push(`| ⚪ Info | ${report.bySeverity.info} |`);
+        lines.push('');
+    }
+    else {
+        lines.push('**No security issues found.** All checks passed.');
+        lines.push('');
+    }
+    // Findings
+    const printable = report.findings.filter(f => f.severity !== 'info');
+    if (printable.length > 0) {
+        lines.push('### Findings');
+        lines.push('');
+        for (const finding of printable) {
+            const icon = finding.severity === 'critical' ? '🔴' :
+                finding.severity === 'high' ? '🟠' :
+                    finding.severity === 'medium' ? '🟡' : '🔵';
+            lines.push(`- ${icon} **${finding.title}**`);
+            lines.push(`  ${finding.description}`);
+            if (finding.filePath)
+                lines.push(`  📄 \`${finding.filePath}\``);
+            lines.push('');
+        }
+    }
+    lines.push('---');
+    lines.push(`*Scanned by [ShieldCortex](https://shieldcortex.ai) v${report.version} in ${report.durationMs}ms*`);
+    return lines.join('\n');
+}
+// ── JSON Formatter ──
+/**
+ * Format an audit report as JSON (for programmatic consumption).
+ */
+export function formatJsonReport(report) {
+    return JSON.stringify(report, null, 2);
+}
+//# sourceMappingURL=report-formatter.js.map

package/dist/audit/report-formatter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-formatter.js","sourceRoot":"","sources":["../../src/audit/report-formatter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,qBAAqB;AAErB,MAAM,CAAC,GAAG;IACR,KAAK,EAAI,SAAS;IAClB,IAAI,EAAK,SAAS;IAClB,GAAG,EAAM,SAAS;IAClB,GAAG,EAAM,UAAU;IACnB,KAAK,EAAI,UAAU;IACnB,MAAM,EAAG,UAAU;IACnB,IAAI,EAAK,UAAU;IACnB,OAAO,EAAE,UAAU;IACnB,IAAI,EAAK,UAAU;IACnB,KAAK,EAAI,UAAU;IACnB,KAAK,EAAI,UAAU;IACnB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAC,UAAU;IACnB,SAAS,EAAE,UAAU;CACtB,CAAC;AAEF,sBAAsB;AAEtB,SAAS,WAAW,CAAC,KAAiB;IACpC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC;QACzB,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;QACxB,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC;QAC7B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC;IACzB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAuB;IAC7C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC;QAC9B,KAAK,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC;QAChC,KAAK,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAC/B,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;QAC1B,KAAK,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,QAAuB;IAC3C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,GAAG,CAAC;QAC5B,KAAK,MAAM,CAAC,CAAC,OAAO,GAAG,CAAC;QACxB,KAAK,QAAQ,CAAC,CAAC,OAAO,GAAG,CAAC;QAC1B,KAAK,KAAK,CAAC,CAAC,OAAO,GAAG,CAAC;QACvB,KAAK,MAAM,CAAC,CAAC,OAAO,GAAG,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,kBAAkB;AAElB,MAAM,UAAU,GAAG;;;;;;CAMlB,CAAC;AAEF,MAAM,SAAS,GAA+B;IAC5C,CAAC,EAAE;;;;wBAImB;IACtB,CAAC,EAAE;;;;wBAImB;IACtB,CAAC,EAAE;;;;wBAImB;IACtB,CAAC,EAAE;;;;wBAImB;IACtB,CAAC,EAAE;;;;4BAIuB;CAC3B,CAAC;AAEF,2BAA2B;AAE3B;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAmB;IACtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAErC,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,UAAU,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,mBAAmB,CAAC,CAAC,KAAK,MAAM,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC7G,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,YAAY;IACZ,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,cAAc;IACd,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,GAAG,CAAC;QAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,YAAY,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAClH,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;QAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5G,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/G,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC;QAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACpG,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;QAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAEtG,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,KAAK,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,4BAA4B,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,kBAAkB;IAClB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACzC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC9C,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/C,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBAClD,GAAG,CAAC,CAAC,GAAG,GAAG,YAAY,cAAc,CAAC,CAAC,KAAK,EAAE,CAAC;QAChE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,YAAY,WAAW,CAAC;QAC/E,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,OAAO,CAAC,UAAU,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;QAE5D,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,QAAQ,GAAG,UAAU,KAAK,OAAO,EAAE,CAAC,CAAC;QACzF,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,GAAG,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,0CAA0C;IAC1C,MAAM,aAAa,GAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACrF,MAAM,oBAAoB,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAE9E,IAAI,oBAAoB,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAElC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;YACtE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEpC,0DAA0D;YAC1D,IAAI,QAAQ,KAAK,MAAM;gBAAE,SAAS;YAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,MAAM,EAAE,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC5C,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,IAAI,KAAK,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACtG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,GAAG,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC5D,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACrB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,SAAS,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBACjE,CAAC;gBACD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;oBACxB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,UAAU,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBACrE,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,qBAAqB,MAAM,CAAC,UAAU,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC3E,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,iDAAiD,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACjF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,2CAA2C;AAE3C;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAmB;IACtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC7B,MAAM,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IAEtD,KAAK,CAAC,IAAI,CAAC,MAAM,UAAU,wCAAwC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IACnF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,gBAAgB;IAChB,IAAI,MAAM,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClG,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QACtF,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAC5F,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QACnF,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QACrF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,WAAW;IACX,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACrE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACxC,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBACpC,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACzD,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,MAAM,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YACvC,IAAI,OAAO,CAAC,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC;YACjE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,wDAAwD,MAAM,CAAC,OAAO,OAAO,MAAM,CAAC,UAAU,KAAK,CAAC,CAAC;IAEhH,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,uBAAuB;AAEvB;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAmB;IAClD,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/audit/rules-file-scanner.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Rules File Scanner
+ *
+ * Scans AI agent instruction/rules files for:
+ *   - Unicode-hidden backdoors (the "Rules File Backdoor" attack)
+ *   - Prompt injection in project configs
+ *   - Malicious instructions in CLAUDE.md, .cursorrules, etc.
+ *
+ * Reuses the skill scanner for threat detection and adds Unicode
+ * analysis that the skill scanner doesn't cover in depth.
+ */
+import type { ScannerResult } from './types.js';
+/**
+ * Run the rules file scanner.
+ */
+export declare function scanRulesFiles(): ScannerResult;
+//# sourceMappingURL=rules-file-scanner.d.ts.map

package/dist/audit/rules-file-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules-file-scanner.d.ts","sourceRoot":"","sources":["../../src/audit/rules-file-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAgB,aAAa,EAAiB,MAAM,YAAY,CAAC;AAsJ7E;;GAEG;AACH,wBAAgB,cAAc,IAAI,aAAa,CA8B9C"}

package/dist/audit/rules-file-scanner.js

@@ -0,0 +1,176 @@
+/**
+ * Rules File Scanner
+ *
+ * Scans AI agent instruction/rules files for:
+ *   - Unicode-hidden backdoors (the "Rules File Backdoor" attack)
+ *   - Prompt injection in project configs
+ *   - Malicious instructions in CLAUDE.md, .cursorrules, etc.
+ *
+ * Reuses the skill scanner for threat detection and adds Unicode
+ * analysis that the skill scanner doesn't cover in depth.
+ */
+import { existsSync, readFileSync, statSync } from 'fs';
+import { join, basename } from 'path';
+import { scanSkill, discoverSkillFiles } from '../defence/skill-scanner/index.js';
+const LEARN_MORE = 'https://shieldcortex.ai/docs/threats/rules-file-backdoor';
+// ── Unicode Backdoor Detection ──
+/** Invisible Unicode characters used in the "Rules File Backdoor" attack. */
+const INVISIBLE_UNICODE = [
+    { char: '\u200B', name: 'Zero-Width Space', codePoint: 'U+200B' },
+    { char: '\u200C', name: 'Zero-Width Non-Joiner', codePoint: 'U+200C' },
+    { char: '\u200D', name: 'Zero-Width Joiner', codePoint: 'U+200D' },
+    { char: '\u200E', name: 'Left-to-Right Mark', codePoint: 'U+200E' },
+    { char: '\u200F', name: 'Right-to-Left Mark', codePoint: 'U+200F' },
+    { char: '\u2060', name: 'Word Joiner', codePoint: 'U+2060' },
+    { char: '\u2061', name: 'Function Application', codePoint: 'U+2061' },
+    { char: '\u2062', name: 'Invisible Times', codePoint: 'U+2062' },
+    { char: '\u2063', name: 'Invisible Separator', codePoint: 'U+2063' },
+    { char: '\u2064', name: 'Invisible Plus', codePoint: 'U+2064' },
+    { char: '\uFEFF', name: 'Zero-Width No-Break Space (BOM)', codePoint: 'U+FEFF' },
+    // Bidirectional text control characters
+    { char: '\u202A', name: 'Left-to-Right Embedding', codePoint: 'U+202A' },
+    { char: '\u202B', name: 'Right-to-Left Embedding', codePoint: 'U+202B' },
+    { char: '\u202C', name: 'Pop Directional Formatting', codePoint: 'U+202C' },
+    { char: '\u202D', name: 'Left-to-Right Override', codePoint: 'U+202D' },
+    { char: '\u202E', name: 'Right-to-Left Override', codePoint: 'U+202E' },
+    { char: '\u2066', name: 'Left-to-Right Isolate', codePoint: 'U+2066' },
+    { char: '\u2067', name: 'Right-to-Left Isolate', codePoint: 'U+2067' },
+    { char: '\u2068', name: 'First Strong Isolate', codePoint: 'U+2068' },
+    { char: '\u2069', name: 'Pop Directional Isolate', codePoint: 'U+2069' },
+];
+/**
+ * Detect invisible Unicode characters in content.
+ * BOM at position 0 is normal; all others are suspicious.
+ */
+function detectInvisibleUnicode(content) {
+    const found = [];
+    for (const { char, name, codePoint } of INVISIBLE_UNICODE) {
+        let count = 0;
+        let pos = -1;
+        while ((pos = content.indexOf(char, pos + 1)) !== -1) {
+            // Skip BOM at position 0
+            if (codePoint === 'U+FEFF' && pos === 0)
+                continue;
+            count++;
+        }
+        if (count > 0) {
+            found.push({ codePoint, name, count });
+        }
+    }
+    return found;
+}
+/** Maximum file size for rules files (512 KB) */
+const MAX_FILE_SIZE = 512 * 1024;
+/**
+ * Discover additional rules files beyond what discoverSkillFiles finds.
+ * Specifically looks for project-level configs that may have been
+ * added by malicious PRs.
+ */
+function discoverExtraRulesFiles() {
+    const files = [];
+    const cwd = process.cwd();
+    const candidates = [
+        join(cwd, '.github', 'copilot-instructions.md'),
+        join(cwd, '.github', 'CLAUDE.md'),
+        join(cwd, '.cursorrules'),
+        join(cwd, '.windsurfrules'),
+        join(cwd, '.clinerules'),
+        join(cwd, 'CLAUDE.md'),
+        join(cwd, '.aider.conf.yml'),
+        join(cwd, '.continue', 'config.json'),
+    ];
+    for (const p of candidates) {
+        try {
+            if (existsSync(p) && statSync(p).isFile() && statSync(p).size <= MAX_FILE_SIZE) {
+                files.push(p);
+            }
+        }
+        catch { /* ignore */ }
+    }
+    return files;
+}
+/**
+ * Scan a single rules/instruction file.
+ */
+function scanRulesFile(filePath) {
+    const findings = [];
+    const fileName = basename(filePath);
+    let content;
+    try {
+        content = readFileSync(filePath, 'utf-8');
+    }
+    catch {
+        return findings;
+    }
+    if (!content.trim())
+        return findings;
+    // 1. Unicode backdoor detection
+    const unicodeFindings = detectInvisibleUnicode(content);
+    if (unicodeFindings.length > 0) {
+        const totalHidden = unicodeFindings.reduce((sum, f) => sum + f.count, 0);
+        const types = unicodeFindings.map(f => `${f.name} (${f.codePoint}) ×${f.count}`).join(', ');
+        findings.push({
+            scanner: 'rules',
+            severity: 'critical',
+            title: `Unicode backdoor in ${fileName}`,
+            description: `Found ${totalHidden} invisible Unicode character(s) that could hide malicious instructions from code review. This matches the "Rules File Backdoor" attack pattern (CVE-2025-54135). Characters: ${types}`,
+            filePath,
+            learnMoreUrl: LEARN_MORE,
+        });
+    }
+    // 2. Run through the skill scanner for threat pattern detection
+    try {
+        const result = scanSkill(filePath);
+        if (!result.safe) {
+            for (const finding of result.findings) {
+                const severity = finding.severity === 'critical' ? 'critical' :
+                    finding.severity === 'high' ? 'high' :
+                        finding.severity === 'medium' ? 'medium' : 'low';
+                findings.push({
+                    scanner: 'rules',
+                    severity,
+                    title: `${finding.pattern} in ${fileName}`,
+                    description: finding.description,
+                    filePath,
+                    matchedText: finding.matchedText,
+                    learnMoreUrl: LEARN_MORE,
+                });
+            }
+        }
+    }
+    catch {
+        // Skill scanner errors shouldn't crash the audit
+    }
+    return findings;
+}
+/**
+ * Run the rules file scanner.
+ */
+export function scanRulesFiles() {
+    const start = Date.now();
+    // Combine skill-discovered files with extra project-level files
+    const skillFiles = discoverSkillFiles();
+    const extraFiles = discoverExtraRulesFiles();
+    const allFiles = [...new Set([...skillFiles, ...extraFiles])];
+    if (allFiles.length === 0) {
+        return {
+            name: 'Rules File Scanner',
+            itemsScanned: 0,
+            findings: [],
+            durationMs: Date.now() - start,
+            skipped: true,
+            skipReason: 'No agent instruction/rules files found',
+        };
+    }
+    const allFindings = [];
+    for (const file of allFiles) {
+        allFindings.push(...scanRulesFile(file));
+    }
+    return {
+        name: 'Rules File Scanner',
+        itemsScanned: allFiles.length,
+        findings: allFindings,
+        durationMs: Date.now() - start,
+    };
+}
+//# sourceMappingURL=rules-file-scanner.js.map

package/dist/audit/rules-file-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules-file-scanner.js","sourceRoot":"","sources":["../../src/audit/rules-file-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACxD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAGtC,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AAElF,MAAM,UAAU,GAAG,0DAA0D,CAAC;AAE9E,mCAAmC;AAEnC,6EAA6E;AAC7E,MAAM,iBAAiB,GAA6D;IAClF,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACjE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,uBAAuB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACtE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,QAAQ,EAAE;IAClE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,oBAAoB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACnE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,oBAAoB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACnE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE;IAC5D,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACrE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,iBAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE;IAChE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,qBAAqB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACpE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,QAAQ,EAAE;IAC/D,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,iCAAiC,EAAE,SAAS,EAAE,QAAQ,EAAE;IAChF,wCAAwC;IACxC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACxE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACxE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,4BAA4B,EAAE,SAAS,EAAE,QAAQ,EAAE;IAC3E,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,wBAAwB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACvE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,wBAAwB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACvE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,uBAAuB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACtE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,uBAAuB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACtE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACrE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,QAAQ,EAAE;CACzE,CAAC;AAEF;;;GAGG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,MAAM,KAAK,GAA8D,EAAE,CAAC;IAE5E,KAAK,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,iBAAiB,EAAE,CAAC;QAC1D,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC;QACb,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACrD,yBAAyB;YACzB,IAAI,SAAS,KAAK,QAAQ,IAAI,GAAG,KAAK,CAAC;gBAAE,SAAS;YAClD,KAAK,EAAE,CAAC;QACV,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iDAAiD;AACjD,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,CAAC;AAEjC;;;;GAIG;AACH,SAAS,uBAAuB;IAC9B,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAE1B,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,yBAAyB,CAAC;QAC/C,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC;QACjC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC;QACzB,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC;QAC3B,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC;QACxB,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC;QACtB,IAAI,CAAC,GAAG,EAAE,iBAAiB,CAAC;QAC5B,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,aAAa,CAAC;KACtC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,aAAa,EAAE,CAAC;gBAC/E,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEpC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IAErC,gCAAgC;IAChC,MAAM,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,SAAS,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE5F,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,OAAO;YAChB,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,uBAAuB,QAAQ,EAAE;YACxC,WAAW,EAAE,SAAS,WAAW,gLAAgL,KAAK,EAAE;YACxN,QAAQ;YACR,YAAY,EAAE,UAAU;SACzB,CAAC,CAAC;IACL,CAAC;IAED,gEAAgE;IAChE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;oBAC9C,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;wBACtC,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;gBAEnD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,OAAO;oBAChB,QAAQ;oBACR,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,OAAO,QAAQ,EAAE;oBAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ;oBACR,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,YAAY,EAAE,UAAU;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,gEAAgE;IAChE,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,UAAU,GAAG,uBAAuB,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,UAAU,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAE9D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,IAAI,EAAE,oBAAoB;YAC1B,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC9B,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,wCAAwC;SACrD,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAmB,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,WAAW,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,oBAAoB;QAC1B,YAAY,EAAE,QAAQ,CAAC,MAAM;QAC7B,QAAQ,EAAE,WAAW;QACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC"}

package/dist/audit/types.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Audit Types
+ *
+ * Shared types for the `shieldcortex audit` command — a comprehensive
+ * security scanner for AI agent environments.
+ */
+export type AuditSeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export interface AuditFinding {
+    /** Scanner that produced this finding */
+    scanner: string;
+    /** Severity of the finding */
+    severity: AuditSeverity;
+    /** Short human-readable title */
+    title: string;
+    /** Detailed description of the finding */
+    description: string;
+    /** File path where the finding was located (if applicable) */
+    filePath?: string;
+    /** Matched text snippet (truncated) */
+    matchedText?: string;
+    /** URL to learn more about this finding category */
+    learnMoreUrl?: string;
+}
+export interface ScannerResult {
+    /** Scanner name for display */
+    name: string;
+    /** Number of items scanned */
+    itemsScanned: number;
+    /** Findings from this scanner */
+    findings: AuditFinding[];
+    /** Duration in milliseconds */
+    durationMs: number;
+    /** Whether the scanner was skipped (e.g., no files found) */
+    skipped?: boolean;
+    /** Reason for skipping */
+    skipReason?: string;
+}
+export type AuditGrade = 'A' | 'B' | 'C' | 'D' | 'F';
+export interface AuditReport {
+    /** Security grade (A-F) */
+    grade: AuditGrade;
+    /** Total number of findings */
+    totalFindings: number;
+    /** Findings by severity */
+    bySeverity: Record<AuditSeverity, number>;
+    /** Results from each scanner */
+    scanners: ScannerResult[];
+    /** All findings sorted by severity */
+    findings: AuditFinding[];
+    /** Duration of the full audit in milliseconds */
+    durationMs: number;
+    /** Timestamp of the audit */
+    timestamp: string;
+    /** ShieldCortex version */
+    version: string;
+}
+/**
+ * Calculate grade from findings.
+ *
+ * A = no findings above info
+ * B = only low/info findings
+ * C = medium findings present
+ * D = high findings present
+ * F = critical findings present
+ */
+export declare function calculateGrade(bySeverity: Record<AuditSeverity, number>): AuditGrade;
+//# sourceMappingURL=types.d.ts.map

package/dist/audit/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/audit/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,MAAM,aAAa,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAI5E,MAAM,WAAW,YAAY;IAC3B,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,aAAa,CAAC;IACxB,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAID,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,iCAAiC;IACjC,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,MAAM,UAAU,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAErD,MAAM,WAAW,WAAW;IAC1B,2BAA2B;IAC3B,KAAK,EAAE,UAAU,CAAC;IAClB,+BAA+B;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC1C,gCAAgC;IAChC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,sCAAsC;IACtC,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG,UAAU,CAMpF"}

package/dist/audit/types.js

@@ -0,0 +1,27 @@
+/**
+ * Audit Types
+ *
+ * Shared types for the `shieldcortex audit` command — a comprehensive
+ * security scanner for AI agent environments.
+ */
+/**
+ * Calculate grade from findings.
+ *
+ * A = no findings above info
+ * B = only low/info findings
+ * C = medium findings present
+ * D = high findings present
+ * F = critical findings present
+ */
+export function calculateGrade(bySeverity) {
+    if (bySeverity.critical > 0)
+        return 'F';
+    if (bySeverity.high > 0)
+        return 'D';
+    if (bySeverity.medium > 0)
+        return 'C';
+    if (bySeverity.low > 0)
+        return 'B';
+    return 'A';
+}
+//# sourceMappingURL=types.js.map

package/dist/audit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/audit/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiEH;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,UAAyC;IACtE,IAAI,UAAU,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,UAAU,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACpC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACtC,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACnC,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/cli/audit.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Audit CLI Command
+ *
+ * Orchestrates all security scanners and produces a comprehensive
+ * audit report of the developer's AI agent environment.
+ *
+ * Usage:
+ *   npx shieldcortex audit                  # Terminal report
+ *   npx shieldcortex audit --json           # JSON output
+ *   npx shieldcortex audit --markdown       # Markdown output
+ *   npx shieldcortex audit --ci             # CI mode (exit code reflects grade)
+ */
+/**
+ * Run the full audit.
+ */
+export declare function handleAuditCommand(args: string[]): Promise<void>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/cli/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/cli/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA+BH;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuGtE"}