tryassay 0.32.0 → 0.33.1

package/dist/commands/bounty-scan.js

@@ -0,0 +1,312 @@
+import { resolve, basename, extname, relative, join } from 'node:path';
+import { readFile, stat, writeFile, mkdir, readdir } from 'node:fs/promises';
+import { safeExecSync } from '../runtime/safe-executor.js';
+import { forwardVerify, ScanSession } from '../sdk/forward-verify.js';
+import { getLearnedRulesSummary } from '../lib/learned-rules/index.js';
+import { checkNoveltyLocal } from '../lib/novelty-checker.js';
+// ── Security-critical file patterns ──────────────────────────
+const SECURITY_GLOBS = [
+    '**/auth*', '**/csrf*', '**/cors*', '**/session*', '**/proxy*',
+    '**/cookie*', '**/sanitiz*', '**/validat*', '**/encrypt*', '**/decrypt*',
+    '**/token*', '**/password*', '**/secret*', '**/permission*',
+    '**/access-control*', '**/rate-limit*', '**/xss*', '**/injection*',
+    '**/ssrf*', '**/redirect*', '**/origin*', '**/header*', '**/middleware*',
+    '**/security*', '**/firewall*', '**/block*', '**/allow*', '**/deny*',
+    '**/private*', '**/image-optim*',
+];
+// ── Security keyword matchers (derived from SECURITY_GLOBS basenames) ──
+const SECURITY_KEYWORDS = SECURITY_GLOBS.map(g => {
+    const base = g.split('/').pop() ?? '';
+    return base.replace(/^\*+/, '').replace(/\*+$/, '').toLowerCase();
+}).filter(k => k.length > 0);
+const IGNORED_DIRS = new Set([
+    'node_modules', '.git', 'dist', 'build', 'vendor',
+    'fixtures', 'examples', 'docs', '__tests__',
+]);
+const SUPPORTED_EXTENSIONS = new Set([
+    '.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs',
+    '.py', '.go', '.rs', '.java',
+]);
+// ── Helpers ──────────────────────────────────────────────────
+function isGitUrl(input) {
+    return input.startsWith('https://github.com/') ||
+        input.startsWith('git@') ||
+        input.startsWith('https://gitlab.com/');
+}
+function detectLanguage(filePath) {
+    const ext = extname(filePath).toLowerCase();
+    const map = {
+        '.ts': 'typescript', '.tsx': 'typescript',
+        '.js': 'javascript', '.jsx': 'javascript',
+        '.mjs': 'javascript', '.cjs': 'javascript',
+        '.py': 'python', '.go': 'go', '.rs': 'rust', '.java': 'java',
+    };
+    return map[ext] ?? 'unknown';
+}
+// ── File Discovery (recursive readdir, Node 20 compatible) ───
+async function discoverSecurityFiles(targetPath) {
+    const found = [];
+    async function walk(dir) {
+        let entries;
+        try {
+            entries = await readdir(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.isDirectory()) {
+                if (!IGNORED_DIRS.has(entry.name)) {
+                    await walk(join(dir, entry.name));
+                }
+                continue;
+            }
+            if (!entry.isFile())
+                continue;
+            const ext = extname(entry.name).toLowerCase();
+            if (!SUPPORTED_EXTENSIONS.has(ext))
+                continue;
+            // Skip test/spec/declaration files
+            if (entry.name.includes('.test.') || entry.name.includes('.spec.') ||
+                entry.name.endsWith('.d.ts') || entry.name.endsWith('.min.js') ||
+                entry.name.endsWith('.map'))
+                continue;
+            // Check if filename matches any security keyword
+            const nameLower = entry.name.toLowerCase();
+            const matches = SECURITY_KEYWORDS.some(kw => nameLower.includes(kw));
+            if (matches) {
+                found.push(relative(targetPath, join(dir, entry.name)));
+            }
+        }
+    }
+    await walk(targetPath);
+    return found.sort();
+}
+// ── Size Filter ──────────────────────────────────────────────
+async function filterBySize(targetPath, files, maxLines = 500) {
+    const result = [];
+    for (const file of files) {
+        try {
+            const content = await readFile(resolve(targetPath, file), 'utf-8');
+            const lines = content.split('\n').length;
+            if (lines <= maxLines) {
+                result.push(file);
+            }
+        }
+        catch {
+            // Unreadable files are skipped
+        }
+    }
+    return result;
+}
+export async function bountyScanCommand(target, options) {
+    const scanStart = Date.now();
+    const maxLines = parseInt(options.maxLines ?? '500', 10);
+    const maxFiles = parseInt(options.maxFiles ?? '50', 10);
+    console.log('\n╔══════════════════════════════════════════╗');
+    console.log('║       Assay Bounty Scanner               ║');
+    console.log('╚══════════════════════════════════════════╝\n');
+    // Resolve target
+    let targetPath;
+    let repoName;
+    if (isGitUrl(target) && !options.noclone) {
+        repoName = target.split('/').pop()?.replace('.git', '') ?? 'repo';
+        targetPath = resolve(`/tmp/assay-bounty-${repoName}-${Date.now()}`);
+        console.log(`Cloning ${target}...`);
+        const result = safeExecSync('git', ['clone', '--shallow-since=90 days ago', target, targetPath]);
+        if (result.exitCode !== 0) {
+            console.error(`Clone failed: ${result.stderr}`);
+            process.exit(1);
+        }
+    }
+    else {
+        targetPath = resolve(target);
+        repoName = basename(targetPath);
+        try {
+            const info = await stat(targetPath);
+            if (!info.isDirectory()) {
+                console.error(`Not a directory: ${targetPath}`);
+                process.exit(1);
+            }
+        }
+        catch {
+            console.error(`Path not found: ${targetPath}`);
+            process.exit(1);
+        }
+    }
+    console.log(`Target: ${repoName} (${targetPath})\n`);
+    // Step 1: Discover security-critical files
+    console.log('[1/4] Discovering security-critical files...');
+    const allSecurityFiles = await discoverSecurityFiles(targetPath);
+    console.log(`       Found ${allSecurityFiles.length} security-related files`);
+    // Step 2: Filter by size (Assay works best on 50-500 line files)
+    console.log(`[2/4] Filtering to ≤${maxLines} lines...`);
+    let files = await filterBySize(targetPath, allSecurityFiles, maxLines);
+    if (files.length > maxFiles) {
+        console.log(`       Capping at ${maxFiles} files (use --max-files to increase)`);
+        files = files.slice(0, maxFiles);
+    }
+    console.log(`       ${files.length} files to scan\n`);
+    if (files.length === 0) {
+        console.log('No security-critical files found within size limit.');
+        console.log('Try: --max-lines 1000 or check the target directory.');
+        return;
+    }
+    // List files
+    for (const file of files) {
+        console.log(`  · ${file}`);
+    }
+    console.log('');
+    // Step 3: Scan each file
+    console.log('[3/4] Scanning files...');
+    const session = new ScanSession();
+    const findings = [];
+    let totalClaims = 0;
+    let totalInputTokens = 0;
+    let totalOutputTokens = 0;
+    let filesScanned = 0;
+    let filesErrored = 0;
+    for (const file of files) {
+        const filePath = resolve(targetPath, file);
+        const language = detectLanguage(file);
+        if (language === 'unknown') {
+            continue;
+        }
+        let code;
+        try {
+            code = await readFile(filePath, 'utf-8');
+        }
+        catch {
+            filesErrored++;
+            continue;
+        }
+        process.stdout.write(`  Scanning ${file}...`);
+        try {
+            const { result, inputTokens, outputTokens } = await forwardVerify(code, language, `Security audit of ${file} in ${repoName}. Focus on: CSRF, SSRF, injection, auth bypass, input validation, origin validation, cookie security, session management.`, session);
+            totalClaims += result.total;
+            totalInputTokens += inputTokens;
+            totalOutputTokens += outputTokens;
+            // Build a claim lookup map for joining metadata
+            const claimMap = new Map(result.claims.map(c => [c.id, c]));
+            // Collect FAIL and PARTIAL findings
+            for (const v of result.verifications) {
+                if (v.verdict === 'FAIL' || v.verdict === 'PARTIAL') {
+                    const meta = claimMap.get(v.claimId);
+                    const claimText = meta?.description ?? v.claimId;
+                    const novelty = checkNoveltyLocal(targetPath, file, claimText);
+                    findings.push({
+                        file,
+                        claimId: v.claimId,
+                        claim: claimText,
+                        verdict: v.verdict,
+                        severity: meta?.severity ?? 'medium',
+                        reasoning: v.reasoning,
+                        evidence: file,
+                        novelty: novelty.status,
+                        noveltyReason: novelty.reason,
+                    });
+                }
+            }
+            const fails = result.verifications.filter(v => v.verdict === 'FAIL').length;
+            const partials = result.verifications.filter(v => v.verdict === 'PARTIAL').length;
+            if (fails > 0 || partials > 0) {
+                process.stdout.write(` ${result.total} claims, ${fails} FAIL, ${partials} PARTIAL\n`);
+            }
+            else {
+                process.stdout.write(` ${result.total} claims, clean\n`);
+            }
+            filesScanned++;
+        }
+        catch (err) {
+            process.stdout.write(` ERROR: ${err instanceof Error ? err.message : err}\n`);
+            filesErrored++;
+        }
+    }
+    console.log('');
+    // Step 4: Generate report
+    console.log('[4/4] Generating bounty report...');
+    const elapsed = Math.round((Date.now() - scanStart) / 1000);
+    // Get catalog stats after learning
+    let catalogStats = { promoted: 0, total: 0 };
+    try {
+        const stats = await getLearnedRulesSummary(targetPath);
+        catalogStats = { promoted: stats.promoted, total: stats.total };
+    }
+    catch {
+        // Best effort
+    }
+    // Sort findings by severity
+    const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+    findings.sort((a, b) => (severityOrder[a.severity] ?? 3) - (severityOrder[b.severity] ?? 3));
+    // Console report
+    console.log('\n' + '='.repeat(60));
+    console.log(`  BOUNTY SCAN REPORT: ${repoName}`);
+    console.log('='.repeat(60));
+    console.log(`  Files scanned:   ${filesScanned}`);
+    console.log(`  Files errored:   ${filesErrored}`);
+    console.log(`  Claims checked:  ${totalClaims}`);
+    console.log(`  Findings:        ${findings.length}`);
+    console.log(`  Rules in catalog: ${catalogStats.promoted} promoted / ${catalogStats.total} total`);
+    console.log(`  Tokens:          ${totalInputTokens.toLocaleString()} in / ${totalOutputTokens.toLocaleString()} out`);
+    console.log(`  Duration:        ${elapsed}s`);
+    console.log('='.repeat(60));
+    if (findings.length === 0) {
+        console.log('\n  No findings. This target looks clean.');
+    }
+    else {
+        console.log('\n  FINDINGS:\n');
+        for (const f of findings) {
+            const badge = f.verdict === 'FAIL' ? '🔴' : '🟡';
+            const noveltyTag = f.novelty === 'likely-novel' ? '[LIKELY NOVEL]'
+                : f.novelty === 'likely-patched' ? '[LIKELY PATCHED]'
+                    : '[CHECK MANUALLY]';
+            console.log(`  ${badge} [${f.severity.toUpperCase()}] ${f.file}  ${noveltyTag}`);
+            console.log(`     Claim: ${f.claim}`);
+            console.log(`     Reasoning: ${f.reasoning}`);
+            console.log(`     Evidence: ${f.evidence}`);
+            console.log(`     Novelty: ${f.noveltyReason}`);
+            console.log('');
+        }
+    }
+    // Write JSON report
+    const outputDir = options.output ?? resolve(targetPath, '.assay');
+    await mkdir(outputDir, { recursive: true });
+    const reportData = {
+        repoName,
+        target,
+        scannedAt: new Date().toISOString(),
+        durationSeconds: elapsed,
+        filesScanned,
+        filesErrored,
+        totalClaims,
+        findings,
+        catalogStats,
+        tokens: { input: totalInputTokens, output: totalOutputTokens },
+    };
+    const reportPath = resolve(outputDir, 'bounty-scan.json');
+    await writeFile(reportPath, JSON.stringify(reportData, null, 2));
+    console.log(`\n  Report saved: ${reportPath}`);
+    // Write markdown report for easy sharing
+    const mdLines = [
+        `# Bounty Scan: ${repoName}`,
+        ``,
+        `**Scanned:** ${new Date().toISOString()}`,
+        `**Files:** ${filesScanned} scanned, ${findings.length} findings`,
+        `**Claims:** ${totalClaims} checked`,
+        ``,
+        `## Findings`,
+        ``,
+        `| Severity | File | Claim | Verdict | Novelty | Reasoning |`,
+        `|----------|------|-------|---------|---------|-----------|`,
+    ];
+    for (const f of findings) {
+        const claim = f.claim.replace(/\|/g, '\\|');
+        const reasoning = f.reasoning.replace(/\|/g, '\\|').slice(0, 150);
+        mdLines.push(`| ${f.severity} | ${f.file} | ${claim} | ${f.verdict} | ${f.novelty} | ${reasoning} |`);
+    }
+    mdLines.push('', `## Catalog Growth`, '', `Rules: ${catalogStats.promoted} promoted / ${catalogStats.total} total`);
+    const mdPath = resolve(outputDir, 'bounty-scan.md');
+    await writeFile(mdPath, mdLines.join('\n'));
+    console.log(`  Markdown report: ${mdPath}\n`);
+}
+//# sourceMappingURL=bounty-scan.js.map

package/dist/commands/bounty-scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bounty-scan.js","sourceRoot":"","sources":["../../src/commands/bounty-scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAsB,MAAM,2BAA2B,CAAC;AAElF,gEAAgE;AAEhE,MAAM,cAAc,GAAG;IACrB,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW;IAC9D,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa;IACxE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,gBAAgB;IAC3D,oBAAoB,EAAE,gBAAgB,EAAE,SAAS,EAAE,eAAe;IAClE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB;IACxE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU;IACpE,aAAa,EAAE,iBAAiB;CACjC,CAAC;AAEF,0EAA0E;AAE1E,MAAM,iBAAiB,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;IAC/C,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IACtC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AACpE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAE7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;IACjD,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW;CAC5C,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC5C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO;CAC7B,CAAC,CAAC;AAEH,gEAAgE;AAEhE,SAAS,QAAQ,CAAC,KAAa;IAC7B,OAAO,KAAK,CAAC,UAAU,CAAC,qBAAqB,CAAC;QACvC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;QACxB,KAAK,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,GAAG,GAA2B;QAClC,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;QACzC,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;QACzC,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;QAC1C,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;KAC7D,CAAC;IACF,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;AAC/B,CAAC;AAcD,gEAAgE;AAEhE,KAAK,UAAU,qBAAqB,CAAC,UAAkB;IACrD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,UAAU,IAAI,CAAC,GAAW;QAC7B,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBACpC,CAAC;gBACD,SAAS;YACX,CAAC;YAED,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;gBAAE,SAAS;YAE9B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAE7C,mCAAmC;YACnC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC9D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC9D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,SAAS;YAE1C,iDAAiD;YACjD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YACrE,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,gEAAgE;AAEhE,KAAK,UAAU,YAAY,CACzB,UAAkB,EAClB,KAAe,EACf,WAAmB,GAAG;IAEtB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YACnE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YACzC,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAWD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,OAA0B;IAE1B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,IAAI,KAAK,EAAE,EAAE,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IAExD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAE9D,iBAAiB;IACjB,IAAI,UAAkB,CAAC;IACvB,IAAI,QAAgB,CAAC;IAErB,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACzC,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC;QAClE,UAAU,GAAG,OAAO,CAAC,qBAAqB,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,KAAK,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,6BAA6B,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;QACjG,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,iBAAiB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,OAAO,CAAC,KAAK,CAAC,oBAAoB,UAAU,EAAE,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,mBAAmB,UAAU,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,WAAW,QAAQ,KAAK,UAAU,KAAK,CAAC,CAAC;IAErD,2CAA2C;IAC3C,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,MAAM,qBAAqB,CAAC,UAAU,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,gBAAgB,gBAAgB,CAAC,MAAM,yBAAyB,CAAC,CAAC;IAE9E,iEAAiE;IACjE,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,WAAW,CAAC,CAAC;IACxD,IAAI,KAAK,GAAG,MAAM,YAAY,CAAC,UAAU,EAAE,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IAEvE,IAAI,KAAK,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,qBAAqB,QAAQ,sCAAsC,CAAC,CAAC;QACjF,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,CAAC,MAAM,kBAAkB,CAAC,CAAC;IAEtD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,aAAa;IACb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAEtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,IAAI,IAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,MAAM,aAAa,CAC/D,IAAI,EACJ,QAAQ,EACR,qBAAqB,IAAI,OAAO,QAAQ,2HAA2H,EACnK,OAAO,CACR,CAAC;YAEF,WAAW,IAAI,MAAM,CAAC,KAAK,CAAC;YAC5B,gBAAgB,IAAI,WAAW,CAAC;YAChC,iBAAiB,IAAI,YAAY,CAAC;YAElC,gDAAgD;YAChD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAE5D,oCAAoC;YACpC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACrC,IAAI,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;oBACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;oBACrC,MAAM,SAAS,GAAG,IAAI,EAAE,WAAW,IAAI,CAAC,CAAC,OAAO,CAAC;oBACjD,MAAM,OAAO,GAAG,iBAAiB,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;oBAC/D,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI;wBACJ,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,KAAK,EAAE,SAAS;wBAChB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;wBACpC,SAAS,EAAE,CAAC,CAAC,SAAS;wBACtB,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE,OAAO,CAAC,MAAM;wBACvB,aAAa,EAAE,OAAO,CAAC,MAAM;qBAC9B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;YAC5E,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;YAElF,IAAI,KAAK,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,YAAY,KAAK,UAAU,QAAQ,YAAY,CAAC,CAAC;YACxF,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,kBAAkB,CAAC,CAAC;YAC3D,CAAC;YAED,YAAY,EAAE,CAAC;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAC9E,YAAY,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,0BAA0B;IAC1B,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IAEjD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;IAE5D,mCAAmC;IACnC,IAAI,YAAY,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACvD,YAAY,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;IAED,4BAA4B;IAC5B,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC1F,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACrB,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CACpE,CAAC;IAEF,iBAAiB;IACjB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,sBAAsB,YAAY,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,sBAAsB,YAAY,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,sBAAsB,WAAW,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,sBAAsB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,uBAAuB,YAAY,CAAC,QAAQ,eAAe,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC;IACnG,OAAO,CAAC,GAAG,CAAC,sBAAsB,gBAAgB,CAAC,cAAc,EAAE,SAAS,iBAAiB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IACtH,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAE/B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACjD,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC,CAAC,CAAC,gBAAgB;gBAChE,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC,CAAC,kBAAkB;oBACrD,CAAC,CAAC,kBAAkB,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,UAAU,GAAG;QACjB,QAAQ;QACR,MAAM;QACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,eAAe,EAAE,OAAO;QACxB,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,QAAQ;QACR,YAAY;QACZ,MAAM,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,iBAAiB,EAAE;KAC/D,CAAC;IAEF,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;IAC1D,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;IAE/C,yCAAyC;IACzC,MAAM,OAAO,GAAG;QACd,kBAAkB,QAAQ,EAAE;QAC5B,EAAE;QACF,gBAAgB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC1C,cAAc,YAAY,aAAa,QAAQ,CAAC,MAAM,WAAW;QACjE,eAAe,WAAW,UAAU;QACpC,EAAE;QACF,aAAa;QACb,EAAE;QACF,6DAA6D;QAC7D,6DAA6D;KAC9D,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC,CAAC,OAAO,MAAM,CAAC,CAAC,OAAO,MAAM,SAAS,IAAI,CAAC,CAAC;IACxG,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,mBAAmB,EAAE,EAAE,EAAE,UAAU,YAAY,CAAC,QAAQ,eAAe,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC;IAEpH,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,IAAI,CAAC,CAAC;AAChD,CAAC"}

package/dist/commands/bounty-watch.d.ts

@@ -0,0 +1,9 @@
+export interface BountyWatchOptions {
+    add?: string;
+    remove?: string;
+    list?: boolean;
+    dryRun?: boolean;
+    watchlist?: string;
+    stateFile?: string;
+}
+export declare function bountyWatchCommand(options: BountyWatchOptions): Promise<void>;

package/dist/commands/bounty-watch.js

@@ -0,0 +1,210 @@
+import { resolve, extname } from 'node:path';
+import { loadWatchlist, loadScanState, saveScanState, addRepo, removeRepo, } from '../lib/watchlist.js';
+import { hashFinding, isDuplicate } from '../lib/finding-dedup.js';
+import { detectChains } from '../lib/chain-analyzer.js';
+import { safeExecSync } from '../runtime/safe-executor.js';
+import { forwardVerify, ScanSession } from '../sdk/forward-verify.js';
+import { checkNoveltyLocal } from '../lib/novelty-checker.js';
+import { readFile, mkdir } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { retryWithBackoff } from '../lib/retry.js';
+import { findExistingIssue, createFindingIssue } from '../lib/issue-reporter.js';
+const SECURITY_KEYWORDS = [
+    'auth', 'csrf', 'cors', 'session', 'proxy', 'cookie', 'sanitiz', 'validat',
+    'encrypt', 'decrypt', 'token', 'password', 'secret', 'permission',
+    'access-control', 'rate-limit', 'xss', 'injection', 'ssrf', 'redirect',
+    'origin', 'header', 'middleware', 'security', 'firewall', 'nonce',
+];
+const SUPPORTED_EXTENSIONS = new Set([
+    '.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs', '.py', '.go', '.rs', '.java',
+]);
+// Directories that contain test fixtures, examples, and docs — deprioritize these
+const LOW_PRIORITY_DIRS = [
+    'fixtures/', 'examples/', 'test/', 'tests/', '__tests__/', '__mocks__/',
+    'e2e/', 'spec/', 'docs/', 'templates/', 'tools/', 'scripts/', 'cookbook/',
+];
+function isSecurityFile(filename) {
+    const ext = extname(filename).toLowerCase();
+    if (!SUPPORTED_EXTENSIONS.has(ext))
+        return false;
+    const lower = filename.toLowerCase();
+    return SECURITY_KEYWORDS.some(kw => lower.includes(kw));
+}
+/** Sort security files: real source code first, fixtures/tests/examples last */
+function prioritizeFiles(files) {
+    const isLowPriority = (f) => LOW_PRIORITY_DIRS.some(dir => f.toLowerCase().includes(dir));
+    const high = files.filter(f => !isLowPriority(f));
+    const low = files.filter(f => isLowPriority(f));
+    return [...high, ...low];
+}
+function getChangedFiles(repoPath, lastSha) {
+    const result = safeExecSync('git', ['-C', repoPath, 'diff', '--name-only', `${lastSha}..HEAD`]);
+    if (result.exitCode !== 0)
+        return [];
+    return result.stdout.trim().split('\n').filter(f => f.length > 0);
+}
+function getCurrentSha(repoPath) {
+    const result = safeExecSync('git', ['-C', repoPath, 'rev-parse', 'HEAD']);
+    return result.exitCode === 0 ? result.stdout.trim() : null;
+}
+export async function bountyWatchCommand(options) {
+    const watchlistPath = resolve(options.watchlist ?? 'watchlist.json');
+    const statePath = resolve(options.stateFile ?? '.assay/scan-state.json');
+    if (options.add) {
+        const repo = { url: options.add, program: 'unknown', asset: 'unknown', source: 'manual', priority: 'normal' };
+        await addRepo(watchlistPath, repo);
+        console.log(`Added ${options.add} to watchlist`);
+        return;
+    }
+    if (options.remove) {
+        await removeRepo(watchlistPath, options.remove);
+        console.log(`Removed ${options.remove} from watchlist`);
+        return;
+    }
+    if (options.list) {
+        const config = await loadWatchlist(watchlistPath);
+        const state = await loadScanState(statePath);
+        console.log('\nWatchlist:\n');
+        for (const repo of config.repos) {
+            const repoState = state.repoStates[repo.url];
+            const lastScan = repoState?.lastScanned ?? 'never';
+            const sha = repoState?.lastSha ?? 'none';
+            console.log(`  ${repo.url}`);
+            console.log(`    Program: ${repo.program} | Asset: ${repo.asset}`);
+            console.log(`    Last scan: ${lastScan} | SHA: ${sha.slice(0, 8)}`);
+            console.log('');
+        }
+        return;
+    }
+    // Default: run one scan cycle
+    console.log('\n╔══════════════════════════════════════════╗');
+    console.log('║       Assay Bounty Watcher               ║');
+    console.log('╚══════════════════════════════════════════╝\n');
+    const config = await loadWatchlist(watchlistPath);
+    const state = await loadScanState(statePath);
+    await mkdir(resolve('.assay'), { recursive: true });
+    let totalFindings = 0;
+    for (const repo of config.repos) {
+        const repoName = repo.url.split('/').pop() ?? 'repo';
+        console.log(`\n── ${repoName} ──────────────────────────`);
+        const cloneDir = resolve(`/tmp/assay-watch-${repoName}`);
+        if (existsSync(cloneDir)) {
+            // Fetch latest — use --depth 1 for shallow repos, full fetch for treeless
+            const isShallow = existsSync(resolve(cloneDir, '.git', 'shallow'));
+            if (isShallow) {
+                safeExecSync('git', ['-C', cloneDir, 'fetch', '--depth', '1', 'origin']);
+            }
+            else {
+                safeExecSync('git', ['-C', cloneDir, 'fetch', 'origin']);
+            }
+            safeExecSync('git', ['-C', cloneDir, 'reset', '--hard', 'origin/HEAD']);
+        }
+        else {
+            // Try treeless clone first (fast, keeps commit graph for diffing)
+            let cloneResult = safeExecSync('git', ['clone', '--filter=blob:none', '--single-branch', repo.url, cloneDir]);
+            if (cloneResult.exitCode !== 0) {
+                // Treeless clone failed (repo too large) — fall back to shallow depth-1 clone
+                // This loses diff capability but at least gets us the current files
+                console.log('  Treeless clone failed, trying shallow clone...');
+                cloneResult = safeExecSync('git', ['clone', '--depth', '1', '--single-branch', repo.url, cloneDir]);
+                if (cloneResult.exitCode !== 0) {
+                    console.log(`  ERROR: Clone failed, skipping`);
+                    continue;
+                }
+            }
+        }
+        const currentSha = getCurrentSha(cloneDir);
+        if (!currentSha) {
+            console.log('  ERROR: Could not determine HEAD SHA, skipping');
+            continue;
+        }
+        const repoState = state.repoStates[repo.url];
+        const lastSha = repoState?.lastSha;
+        let changedFiles = [];
+        if (!lastSha || repo.priority === 'fresh') {
+            console.log('  First scan or fresh priority — scanning all security files');
+            const lsResult = safeExecSync('git', ['-C', cloneDir, 'ls-files']);
+            changedFiles = lsResult.stdout.trim().split('\n');
+        }
+        else if (lastSha === currentSha) {
+            console.log('  No new commits since last scan');
+            state.repoStates[repo.url] = { lastSha: currentSha, lastScanned: new Date().toISOString() };
+            continue;
+        }
+        else {
+            changedFiles = getChangedFiles(cloneDir, lastSha);
+            console.log(`  ${changedFiles.length} files changed since ${lastSha.slice(0, 8)}`);
+        }
+        const securityFiles = prioritizeFiles(changedFiles.filter(isSecurityFile));
+        console.log(`  ${securityFiles.length} security-relevant files to scan`);
+        if (securityFiles.length === 0) {
+            state.repoStates[repo.url] = { lastSha: currentSha, lastScanned: new Date().toISOString() };
+            continue;
+        }
+        if (options.dryRun) {
+            console.log('  [DRY RUN] Would scan:');
+            for (const f of securityFiles) {
+                console.log(`    · ${f}`);
+            }
+            state.repoStates[repo.url] = { lastSha: currentSha, lastScanned: new Date().toISOString() };
+            continue;
+        }
+        const session = new ScanSession();
+        const findings = [];
+        for (const file of securityFiles.slice(0, 20)) {
+            try {
+                const code = await readFile(resolve(cloneDir, file), 'utf-8');
+                if (code.split('\n').length > 500)
+                    continue;
+                const ext = extname(file).toLowerCase();
+                const langMap = { '.ts': 'typescript', '.tsx': 'typescript', '.js': 'javascript', '.jsx': 'javascript', '.py': 'python', '.go': 'go', '.rs': 'rust' };
+                const language = langMap[ext];
+                if (!language)
+                    continue;
+                const { result } = await retryWithBackoff(() => forwardVerify(code, language, `Security audit of ${file} in ${repoName}. Focus on CSRF, SSRF, injection, auth bypass, CORS, XSS.`, session), { maxRetries: 3, baseDelayMs: 1000 });
+                const claimMap = new Map(result.claims.map(c => [c.id, c]));
+                for (const v of result.verifications) {
+                    if (v.verdict === 'FAIL' || v.verdict === 'PARTIAL') {
+                        const meta = claimMap.get(v.claimId);
+                        findings.push({ file, claimId: v.claimId, claim: meta?.description ?? v.claimId, verdict: v.verdict, severity: meta?.severity ?? 'medium', reasoning: v.reasoning, evidence: file });
+                    }
+                }
+            }
+            catch { /* skip unreadable files */ }
+        }
+        console.log(`  ${findings.length} findings`);
+        for (const f of findings) {
+            const novelty = checkNoveltyLocal(cloneDir, f.file, f.claim);
+            if (novelty.status === 'likely-patched')
+                continue;
+            const hash = hashFinding(repo.url, f.file, f.claim);
+            if (isDuplicate(hash, state.reportedFindings))
+                continue;
+            console.log(`  🔴 [${f.severity.toUpperCase()}] ${f.file}: ${f.claim.slice(0, 80)}`);
+            state.reportedFindings.push(hash);
+            totalFindings++;
+            // Create GitHub Issue if not already reported
+            const hashPrefix = hash.slice(0, 8);
+            if (!findExistingIssue(hashPrefix)) {
+                createFindingIssue({
+                    repo: repo.url,
+                    program: repo.program,
+                    asset: repo.asset,
+                    file: f.file,
+                    claim: f.claim,
+                    severity: f.severity,
+                    reasoning: f.reasoning,
+                }, hashPrefix);
+                console.log(`    → GitHub Issue created`);
+            }
+        }
+        const chains = detectChains(findings);
+        for (const chain of chains) {
+            console.log(`  ⛓️ CHAIN ${chain.chainId}: ${chain.findingA.file} + ${chain.findingB.file} → ${chain.impact}`);
+        }
+        state.repoStates[repo.url] = { lastSha: currentSha, lastScanned: new Date().toISOString() };
+    }
+    await saveScanState(statePath, state);
+    console.log(`\nCycle complete. ${totalFindings} new finding(s). State saved.`);
+}
+//# sourceMappingURL=bounty-watch.js.map

package/dist/commands/bounty-watch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bounty-watch.js","sourceRoot":"","sources":["../../src/commands/bounty-watch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EACL,aAAa,EACb,aAAa,EACb,aAAa,EACb,OAAO,EACP,UAAU,GAEX,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAEjF,MAAM,iBAAiB,GAAG;IACxB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;IAC1E,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY;IACjE,gBAAgB,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU;IACtE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO;CAClE,CAAC;AAEF,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO;CAC3E,CAAC,CAAC;AAWH,kFAAkF;AAClF,MAAM,iBAAiB,GAAG;IACxB,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY;IACvE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW;CAC1E,CAAC;AAEF,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,gFAAgF;AAChF,SAAS,eAAe,CAAC,KAAe;IACtC,MAAM,aAAa,GAAG,CAAC,CAAS,EAAE,EAAE,CAClC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAE/D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,OAAe;IACxD,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,QAAQ,CAAC,CAAC,CAAC;IAChG,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1E,OAAO,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAA2B;IAClE,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,gBAAgB,CAAC,CAAC;IACrE,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,CAAC;IAEzE,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,IAAI,GAAkB,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;QAC7H,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,SAAS,OAAO,CAAC,GAAG,eAAe,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,UAAU,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,MAAM,iBAAiB,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,SAAS,EAAE,WAAW,IAAI,OAAO,CAAC;YACnD,MAAM,GAAG,GAAG,SAAS,EAAE,OAAO,IAAI,MAAM,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,OAAO,aAAa,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACnE,OAAO,CAAC,GAAG,CAAC,kBAAkB,QAAQ,WAAW,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,8BAA8B;IAC9B,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpD,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,QAAQ,QAAQ,6BAA6B,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,OAAO,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QAEzD,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,0EAA0E;YAC1E,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;YACnE,IAAI,SAAS,EAAE,CAAC;gBACd,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3E,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,CAAC;YACD,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,kEAAkE;YAClE,IAAI,WAAW,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC9G,IAAI,WAAW,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC/B,8EAA8E;gBAC9E,oEAAoE;gBACpE,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;gBAChE,WAAW,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,iBAAiB,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;gBACpG,IAAI,WAAW,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;oBAC/B,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,SAAS;gBACX,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU,EAAE,CAAC;YAAC,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;YAAC,SAAS;QAAC,CAAC;QAE9F,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,SAAS,EAAE,OAAO,CAAC;QACnC,IAAI,YAAY,GAAa,EAAE,CAAC;QAEhC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;YAC5E,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;YACnE,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;aAAM,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;YAChD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5F,SAAS;QACX,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC,MAAM,wBAAwB,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,aAAa,GAAG,eAAe,CAAC,YAAY,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,MAAM,kCAAkC,CAAC,CAAC;QAEzE,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5F,SAAS;QACX,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YAAC,CAAC;YAC7D,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5F,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAoI,EAAE,CAAC;QAErJ,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;gBAC9D,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;oBAAE,SAAS;gBAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBACxC,MAAM,OAAO,GAA2B,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;gBAC9K,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,CAAC,QAAQ;oBAAE,SAAS;gBACxB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,gBAAgB,CACvC,GAAG,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,qBAAqB,IAAI,OAAO,QAAQ,2DAA2D,EAAE,OAAO,CAAC,EACjJ,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CACrC,CAAC;gBACF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBACrC,IAAI,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;wBACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;wBACrC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;oBACvL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;QACzC,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAC;QAE7C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,gBAAgB;gBAAE,SAAS;YAClD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,gBAAgB,CAAC;gBAAE,SAAS;YACxD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;YACrF,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,aAAa,EAAE,CAAC;YAEhB,8CAA8C;YAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACpC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;gBACnC,kBAAkB,CAAC;oBACjB,IAAI,EAAE,IAAI,CAAC,GAAG;oBACd,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,SAAS,EAAE,CAAC,CAAC,SAAS;iBACvB,EAAE,UAAU,CAAC,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;QACtC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC,QAAQ,CAAC,IAAI,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAChH,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAC9F,CAAC;IAED,MAAM,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,qBAAqB,aAAa,+BAA+B,CAAC,CAAC;AACjF,CAAC"}

package/dist/commands/hunt.d.ts

@@ -0,0 +1,11 @@
+interface HuntCommandOptions {
+    dive?: string;
+    auto?: boolean;
+    template?: string;
+    json?: boolean;
+    minConfidence?: 'high' | 'medium' | 'low';
+    concurrency?: string;
+    stateDir?: string;
+}
+export declare function huntCommand(target: string, opts: HuntCommandOptions): Promise<void>;
+export {};