tryassay 0.33.0 → 0.33.2

package/dist/hunt/discovery.js

@@ -16,7 +16,7 @@ const LOW_PRIORITY_DIRS = [
     'node_modules/', '.git/', 'dist/', 'build/',
 ];
 export function discoverSecurityFiles(targetPath, options = {}) {
-    const { maxLines = 500, maxFiles = 100 } = options;
+    const { maxLines = 2000, maxFiles = 500 } = options;
     const allFiles = walkDirectory(targetPath);
     const discovered = [];
     for (const absPath of allFiles) {
@@ -28,7 +28,7 @@ export function discoverSecurityFiles(targetPath, options = {}) {
         const matchesKeyword = SECURITY_KEYWORDS.some(kw => lowerPath.includes(kw));
         if (!matchesKeyword) {
             try {
-                const preview = readFileSync(absPath, 'utf-8').split('\n').slice(0, 50).join('\n').toLowerCase();
+                const preview = readFileSync(absPath, 'utf-8').split('\n').slice(0, 100).join('\n').toLowerCase();
                 const contentMatch = SECURITY_KEYWORDS.some(kw => preview.includes(kw));
                 if (!contentMatch)
                     continue;

package/dist/hunt/discovery.js.map

@@ -1 +1 @@
-{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../src/hunt/discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAY,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAkBpC,MAAM,iBAAiB,GAAG;IACxB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;IAC1E,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY;IACjE,gBAAgB,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU;IACtE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO;CAClE,CAAC;AAEF,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM;CAC1E,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG;IACxB,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY;IACvE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW;IACzE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ;CAC5C,CAAC;AAEF,MAAM,UAAU,qBAAqB,CACnC,UAAkB,EAClB,UAA4B,EAAE;IAE9B,MAAM,EAAE,QAAQ,GAAG,GAAG,EAAE,QAAQ,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IACnD,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAE7C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5E,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBACjG,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBACxE,IAAI,CAAC,YAAY;oBAAE,SAAS;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC7C,IAAI,SAAS,GAAG,QAAQ;gBAAE,SAAS;YAEnC,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAEvE,UAAU,CAAC,IAAI,CAAC;gBACd,YAAY,EAAE,OAAO;gBACrB,YAAY,EAAE,OAAO;gBACrB,OAAO;gBACP,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC;gBAChC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC;gBAChC,SAAS,EAAE,gBAAgB,CAAC,OAAO,CAAC;gBACpC,WAAW,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5E,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvB,IAAI,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,aAAa;YAAE,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,OAAO,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;oBAAE,SAAS;gBAC9F,OAAO,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,qEAAqE,CAAC;IACjF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,kFAAkF,CAAC;IAC9F,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,EAAE,GAAG,uEAAuE,CAAC;IACnF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../src/hunt/discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAY,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAkBpC,MAAM,iBAAiB,GAAG;IACxB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;IAC1E,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY;IACjE,gBAAgB,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU;IACtE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO;CAClE,CAAC;AAEF,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM;CAC1E,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG;IACxB,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY;IACvE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW;IACzE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ;CAC5C,CAAC;AAEF,MAAM,UAAU,qBAAqB,CACnC,UAAkB,EAClB,UAA4B,EAAE;IAE9B,MAAM,EAAE,QAAQ,GAAG,IAAI,EAAE,QAAQ,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IACpD,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAE7C,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5E,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClG,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBACxE,IAAI,CAAC,YAAY;oBAAE,SAAS;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC7C,IAAI,SAAS,GAAG,QAAQ;gBAAE,SAAS;YAEnC,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAEvE,UAAU,CAAC,IAAI,CAAC;gBACd,YAAY,EAAE,OAAO;gBACrB,YAAY,EAAE,OAAO;gBACrB,OAAO;gBACP,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC;gBAChC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC;gBAChC,SAAS,EAAE,gBAAgB,CAAC,OAAO,CAAC;gBACpC,WAAW,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5E,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvB,IAAI,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,aAAa;YAAE,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,OAAO,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;oBAAE,SAAS;gBAC9F,OAAO,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,qEAAqE,CAAC;IACjF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,kFAAkF,CAAC;IAC9F,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,EAAE,GAAG,uEAAuE,CAAC;IACnF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/hunt/finding-to-template.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Finding-to-Template Pipeline
+ *
+ * Converts confirmed HuntFindings into VulnerabilityTemplates that can
+ * augment future hunt scans. This closes the learning loop:
+ *   hunt finds bugs -> bounty confirms them -> confirmed findings become new templates
+ *
+ * Learned templates are stored as JSON on disk (project-local or global)
+ * and merged into the template registry at load time.
+ */
+import type { HuntFinding, VulnerabilityTemplate } from '../types.js';
+export interface LearnedTemplate {
+    id: string;
+    source: 'bounty-finding';
+    sourceFinding: string;
+    createdAt: string;
+    template: VulnerabilityTemplate;
+}
+/**
+ * Extract file-matching keywords from a finding's file path, evidence,
+ * and attack scenario. These become the `filePatterns` on the learned template.
+ */
+export declare function extractFilePatterns(finding: HuntFinding): string[];
+/**
+ * Extract bypass techniques mentioned in the attack scenario.
+ */
+export declare function extractBypasses(finding: HuntFinding): string[];
+/**
+ * Convert a confirmed HuntFinding into a LearnedTemplate.
+ * The template captures the vulnerability pattern so future scans
+ * can detect similar issues without re-discovering from scratch.
+ */
+export declare function findingToTemplate(finding: HuntFinding): LearnedTemplate;
+/**
+ * Save a learned template to disk.
+ * Deduplicates by template ID — if the same ID exists, it's replaced.
+ */
+export declare function saveLearnedTemplate(template: LearnedTemplate, options?: {
+    global?: boolean;
+    projectRoot?: string;
+}): void;
+/**
+ * Load all learned templates from disk.
+ * Merges global + project-local, deduplicating by ID
+ * (project-local wins over global).
+ */
+export declare function loadLearnedTemplates(projectRoot?: string): VulnerabilityTemplate[];

package/dist/hunt/finding-to-template.js

@@ -0,0 +1,288 @@
+/**
+ * Finding-to-Template Pipeline
+ *
+ * Converts confirmed HuntFindings into VulnerabilityTemplates that can
+ * augment future hunt scans. This closes the learning loop:
+ *   hunt finds bugs -> bounty confirms them -> confirmed findings become new templates
+ *
+ * Learned templates are stored as JSON on disk (project-local or global)
+ * and merged into the template registry at load time.
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { join, basename, dirname, extname } from 'node:path';
+import { homedir } from 'node:os';
+// ── Pattern extraction helpers ─────────────────────────────────
+/** Technology keywords to detect from attack scenarios and evidence. */
+const TECH_KEYWORDS = [
+    'postmessage', 'csrf', 'oauth', 'jwt', 'cors', 'cookie', 'session',
+    'redirect', 'iframe', 'sandbox', 'csp', 'xss', 'sqli', 'ssrf',
+    'graphql', 'websocket', 'sse', 'fetch', 'xmlhttprequest', 'ajax',
+    'formdata', 'multipart', 'json', 'xml', 'yaml', 'toml',
+    'express', 'nextjs', 'next', 'react', 'vue', 'angular', 'svelte',
+    'middleware', 'proxy', 'nginx', 'apache', 'cloudflare', 'vercel',
+    'supabase', 'firebase', 'auth0', 'passport', 'bcrypt', 'argon2',
+    'hmac', 'sha256', 'sha1', 'md5', 'aes', 'rsa', 'ecdsa',
+    'localStorage', 'sessionStorage', 'indexeddb',
+    'header', 'origin', 'referer', 'host', 'authorization', 'bearer',
+    'token', 'nonce', 'state', 'pkce', 'saml', 'oidc',
+    'wildcard', 'regex', 'pattern', 'validation', 'sanitize', 'escape',
+    'prototype', 'constructor', '__proto__', 'pollution',
+    'path', 'traversal', 'directory', 'file', 'upload', 'download',
+    'injection', 'command', 'exec', 'spawn', 'eval', 'template',
+    'deserialization', 'pickle', 'marshal', 'serialize',
+];
+/**
+ * Extract file-matching keywords from a finding's file path, evidence,
+ * and attack scenario. These become the `filePatterns` on the learned template.
+ */
+export function extractFilePatterns(finding) {
+    const patterns = new Set();
+    // 1. Path-derived keywords
+    const filePath = finding.file.toLowerCase();
+    const base = basename(filePath, extname(filePath));
+    const dir = dirname(filePath);
+    // Split path segments into keywords (skip short/generic ones)
+    const pathSegments = [...dir.split('/'), base]
+        .map(s => s.replace(/[^a-z0-9-_]/gi, ''))
+        .filter(s => s.length >= 3 && !['src', 'lib', 'app', 'index', 'dist', 'node_modules'].includes(s));
+    for (const seg of pathSegments) {
+        patterns.add(seg.toLowerCase());
+    }
+    // 2. Technology keywords from text fields
+    const combinedText = [
+        finding.attackScenario,
+        finding.evidence,
+        finding.title,
+        finding.recommendation,
+    ].join(' ').toLowerCase();
+    for (const kw of TECH_KEYWORDS) {
+        if (combinedText.includes(kw.toLowerCase())) {
+            patterns.add(kw.toLowerCase());
+        }
+    }
+    // 3. Import/function names from evidence
+    // Matches: import { x } from 'module', import 'module', require('module')
+    const importMatches = finding.evidence.matchAll(/(?:from\s+['"]([^'"]+)['"]|import\s+['"]([^'"]+)['"]|require\s*\(\s*['"]([^'"]+)['"]\s*\))/g);
+    for (const m of importMatches) {
+        const modulePath = m[1] ?? m[2] ?? m[3];
+        if (!modulePath)
+            continue;
+        const moduleName = basename(modulePath).replace(/\.[^.]+$/, '');
+        if (moduleName.length >= 3) {
+            patterns.add(moduleName.toLowerCase());
+        }
+    }
+    const functionMatches = finding.evidence.matchAll(/(?:function|const|let|var)\s+(\w{3,})/g);
+    for (const m of functionMatches) {
+        patterns.add(m[1].toLowerCase());
+    }
+    // Ensure at least 2 patterns (required for matching threshold)
+    if (patterns.size < 2) {
+        patterns.add(finding.cwe.toLowerCase());
+    }
+    if (patterns.size < 2) {
+        patterns.add(finding.templateId.toLowerCase());
+    }
+    return [...patterns];
+}
+/**
+ * Extract bypass techniques mentioned in the attack scenario.
+ */
+export function extractBypasses(finding) {
+    const bypasses = [];
+    const text = finding.attackScenario + '\n' + finding.reproductionSteps;
+    // Look for numbered steps or bullet points that describe bypass
+    const lines = text.split('\n');
+    for (const line of lines) {
+        const trimmed = line.trim();
+        // Lines starting with "- " or numbered that mention bypass/exploit/attack/craft
+        if (trimmed.length > 10 &&
+            /^(?:\d+[\.\)]\s*|-\s*|\*\s*)/.test(trimmed) &&
+            /bypass|exploit|attack|craft|inject|spoof|forge|tamper|override|manipulat/i.test(trimmed)) {
+            bypasses.push(trimmed.replace(/^(?:\d+[\.\)]\s*|-\s*|\*\s*)/, '').trim());
+        }
+    }
+    // If no structured bypasses found, use the first sentence of attackScenario
+    if (bypasses.length === 0 && finding.attackScenario.length > 0) {
+        const firstSentence = finding.attackScenario.split(/[.!?\n]/)[0].trim();
+        if (firstSentence.length > 10) {
+            bypasses.push(firstSentence);
+        }
+    }
+    return bypasses;
+}
+/**
+ * Extract spec references from the recommendation text.
+ */
+function extractSpecReferences(finding) {
+    const refs = [];
+    const text = finding.recommendation + '\n' + finding.attackScenario;
+    // Match RFC references
+    const rfcMatches = text.matchAll(/RFC\s*\d+(?:\s*(?:Section|§)\s*[\d.]+)?/gi);
+    for (const m of rfcMatches) {
+        refs.push(m[0]);
+    }
+    // Match CWE references (beyond the finding's own CWE)
+    const cweMatches = text.matchAll(/CWE-\d+/gi);
+    for (const m of cweMatches) {
+        if (m[0].toUpperCase() !== finding.cwe.toUpperCase()) {
+            refs.push(m[0].toUpperCase());
+        }
+    }
+    // Match OWASP references
+    const owaspMatches = text.matchAll(/OWASP\s+[\w\s-]+(?:\d{4})?/gi);
+    for (const m of owaspMatches) {
+        refs.push(m[0].trim());
+    }
+    return [...new Set(refs)];
+}
+/**
+ * Map finding severity to a template severity range.
+ */
+function severityToRange(severity) {
+    switch (severity) {
+        case 'critical': return ['high', 'critical'];
+        case 'high': return ['medium', 'critical'];
+        case 'medium': return ['low', 'high'];
+        case 'low': return ['low', 'medium'];
+    }
+}
+// ── Core conversion ────────────────────────────────────────────
+/**
+ * Convert a confirmed HuntFinding into a LearnedTemplate.
+ * The template captures the vulnerability pattern so future scans
+ * can detect similar issues without re-discovering from scratch.
+ */
+export function findingToTemplate(finding) {
+    const slug = finding.title
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-|-$/g, '')
+        .slice(0, 50);
+    const id = `learned-${slug}-${Date.now().toString(36)}`;
+    const filePatterns = extractFilePatterns(finding);
+    const bypasses = extractBypasses(finding);
+    const specRefs = extractSpecReferences(finding);
+    const triagePrompt = `You are a security researcher hunting for vulnerabilities similar to a confirmed finding.
+
+CONFIRMED FINDING: ${finding.title}
+CWE: ${finding.cwe}
+
+ATTACK SCENARIO (proven to work):
+${finding.attackScenario}
+
+EVIDENCE (from confirmed exploit):
+${finding.evidence}
+
+Look for code that exhibits similar patterns:
+1. Same vulnerability class (${finding.cwe})
+2. Similar code constructs to the evidence above
+3. Missing or weak validation that enables the attack scenario
+
+Focus on whether the code is vulnerable to the SPECIFIC attack technique that was confirmed.`;
+    const deepDivePrompt = `You are an expert security researcher verifying a vulnerability similar to a confirmed finding.
+
+ORIGINAL CONFIRMED FINDING: ${finding.title}
+CWE: ${finding.cwe}
+
+KNOWN REPRODUCTION STEPS:
+${finding.reproductionSteps}
+
+RECOMMENDATION FROM ORIGINAL FINDING:
+${finding.recommendation}
+
+Your task:
+1. Verify if this code has the same vulnerability class
+2. Adapt the reproduction steps to this specific codebase
+3. Build a concrete proof-of-concept (curl command, HTML form, or code snippet)
+4. Explain the exact code path that enables the attack
+5. Provide a specific fix recommendation`;
+    const template = {
+        id,
+        name: `[Learned] ${finding.title}`,
+        cwe: finding.cwe,
+        filePatterns,
+        triagePrompt,
+        deepDivePrompt,
+        knownBypasses: bypasses,
+        specReferences: specRefs,
+        severityRange: severityToRange(finding.severity),
+        negativePatterns: [],
+        minMatchScore: 2,
+    };
+    return {
+        id,
+        source: 'bounty-finding',
+        sourceFinding: finding.title,
+        createdAt: new Date().toISOString(),
+        template,
+    };
+}
+// ── Persistence ────────────────────────────────────────────────
+function getGlobalStorePath() {
+    return join(homedir(), '.assay', 'learned', 'templates.json');
+}
+function getProjectStorePath(projectRoot) {
+    return join(projectRoot, '.assay', 'learned', 'templates.json');
+}
+function readStore(path) {
+    if (!existsSync(path)) {
+        return { version: 1, templates: [] };
+    }
+    try {
+        const raw = readFileSync(path, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed.version !== 1 || !Array.isArray(parsed.templates)) {
+            return { version: 1, templates: [] };
+        }
+        return parsed;
+    }
+    catch {
+        return { version: 1, templates: [] };
+    }
+}
+function writeStore(path, store) {
+    const dir = dirname(path);
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(path, JSON.stringify(store, null, 2) + '\n', 'utf-8');
+}
+/**
+ * Save a learned template to disk.
+ * Deduplicates by template ID — if the same ID exists, it's replaced.
+ */
+export function saveLearnedTemplate(template, options = {}) {
+    const storePath = options.global
+        ? getGlobalStorePath()
+        : getProjectStorePath(options.projectRoot ?? process.cwd());
+    const store = readStore(storePath);
+    // Replace existing template with same ID, or append
+    const existingIdx = store.templates.findIndex(t => t.id === template.id);
+    if (existingIdx >= 0) {
+        store.templates[existingIdx] = template;
+    }
+    else {
+        store.templates.push(template);
+    }
+    writeStore(storePath, store);
+}
+/**
+ * Load all learned templates from disk.
+ * Merges global + project-local, deduplicating by ID
+ * (project-local wins over global).
+ */
+export function loadLearnedTemplates(projectRoot) {
+    const globalStore = readStore(getGlobalStorePath());
+    const projectStore = projectRoot
+        ? readStore(getProjectStorePath(projectRoot))
+        : { version: 1, templates: [] };
+    // Project-local templates override global ones with same ID
+    const byId = new Map();
+    for (const lt of globalStore.templates) {
+        byId.set(lt.id, lt.template);
+    }
+    for (const lt of projectStore.templates) {
+        byId.set(lt.id, lt.template);
+    }
+    return [...byId.values()];
+}
+//# sourceMappingURL=finding-to-template.js.map

package/dist/hunt/finding-to-template.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-to-template.js","sourceRoot":"","sources":["../../src/hunt/finding-to-template.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAkBlC,kEAAkE;AAElE,wEAAwE;AACxE,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS;IAClE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IAC7D,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM;IAChE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACtD,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ;IAChE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ;IAChE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ;IAC/D,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO;IACtD,cAAc,EAAE,gBAAgB,EAAE,WAAW;IAC7C,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,QAAQ;IAChE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IACjD,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,QAAQ;IAClE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW;IACpD,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU;IAC9D,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU;IAC3D,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW;CACpD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAoB;IACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE9B,8DAA8D;IAC9D,MAAM,YAAY,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC;SAC3C,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;SACxC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAErG,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,0CAA0C;IAC1C,MAAM,YAAY,GAAG;QACnB,OAAO,CAAC,cAAc;QACtB,OAAO,CAAC,QAAQ;QAChB,OAAO,CAAC,KAAK;QACb,OAAO,CAAC,cAAc;KACvB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAE1B,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;QAC/B,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC5C,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,0EAA0E;IAC1E,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,6FAA6F,CAAC,CAAC;IAC/I,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAChE,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,wCAAwC,CAAC,CAAC;IAC5F,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;QAChC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,+DAA+D;IAC/D,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAoB;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAEvE,gEAAgE;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,gFAAgF;QAChF,IACE,OAAO,CAAC,MAAM,GAAG,EAAE;YACnB,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC;YAC5C,2EAA2E,CAAC,IAAI,CAAC,OAAO,CAAC,EACzF,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,8BAA8B,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,MAAM,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACxE,IAAI,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAoB;IACjD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,GAAG,OAAO,CAAC,cAAc,CAAC;IAEpE,uBAAuB;IACvB,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,2CAA2C,CAAC,CAAC;IAC9E,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sDAAsD;IACtD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;YACrD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,QAAiC;IACxD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC3C,KAAK,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACtC,KAAK,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,kEAAkE;AAElE;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAoB;IACpD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK;SACvB,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEhB,MAAM,EAAE,GAAG,WAAW,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IAExD,MAAM,YAAY,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAEhD,MAAM,YAAY,GAAG;;qBAEF,OAAO,CAAC,KAAK;OAC3B,OAAO,CAAC,GAAG;;;EAGhB,OAAO,CAAC,cAAc;;;EAGtB,OAAO,CAAC,QAAQ;;;+BAGa,OAAO,CAAC,GAAG;;;;6FAImD,CAAC;IAE5F,MAAM,cAAc,GAAG;;8BAEK,OAAO,CAAC,KAAK;OACpC,OAAO,CAAC,GAAG;;;EAGhB,OAAO,CAAC,iBAAiB;;;EAGzB,OAAO,CAAC,cAAc;;;;;;;yCAOiB,CAAC;IAExC,MAAM,QAAQ,GAA0B;QACtC,EAAE;QACF,IAAI,EAAE,aAAa,OAAO,CAAC,KAAK,EAAE;QAClC,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,YAAY;QACZ,YAAY;QACZ,cAAc;QACd,aAAa,EAAE,QAAQ;QACvB,cAAc,EAAE,QAAQ;QACxB,aAAa,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChD,gBAAgB,EAAE,EAAE;QACpB,aAAa,EAAE,CAAC;KACjB,CAAC;IAEF,OAAO;QACL,EAAE;QACF,MAAM,EAAE,gBAAgB;QACxB,aAAa,EAAE,OAAO,CAAC,KAAK;QAC5B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,kEAAkE;AAElE,SAAS,kBAAkB;IACzB,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,OAAO,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;QACvD,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,KAA2B;IAC3D,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAyB,EACzB,UAAsD,EAAE;IAExD,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,kBAAkB,EAAE;QACtB,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAE9D,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IAEnC,oDAAoD;IACpD,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,EAAE,CAAC,CAAC;IACzE,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,UAAU,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAoB;IACvD,MAAM,WAAW,GAAG,SAAS,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,WAAW;QAC9B,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAC7C,CAAC,CAAC,EAAE,OAAO,EAAE,CAAU,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAE3C,4DAA4D;IAC5D,MAAM,IAAI,GAAG,IAAI,GAAG,EAAiC,CAAC;IAEtD,KAAK,MAAM,EAAE,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IACD,KAAK,MAAM,EAAE,IAAI,YAAY,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5B,CAAC"}

package/dist/hunt/orchestrator.d.ts

@@ -20,6 +20,9 @@ export declare class HuntOrchestrator {
     private opts;
     private files;
     private templates;
+    private importGraph;
+    private taintSources;
+    private taintSinks;
     constructor(opts: HuntOptions);
     loadFiles(files: DiscoveredFile[]): void;
     triage(): Promise<TriageResult>;

package/dist/hunt/orchestrator.js

@@ -4,10 +4,14 @@ import { runTriage } from './triage.js';
 import { runDeepDive } from './deep-dive.js';
 import { getAllTemplates, getTemplateById } from './templates/index.js';
 import { retryWithBackoff } from '../lib/retry.js';
+import { buildImportGraph, findSources, findSinks, buildTaintContext, formatTaintContext } from './taint-analysis.js';
 export class HuntOrchestrator {
     opts;
     files = [];
     templates = [];
+    importGraph = [];
+    taintSources = [];
+    taintSinks = [];
     constructor(opts) {
         this.opts = opts;
     }
@@ -21,9 +25,14 @@ export class HuntOrchestrator {
             maxFiles: this.opts.maxFiles,
         });
         console.log(`  Found ${this.files.length} security-relevant files`);
+        // Build cross-file taint analysis
+        this.importGraph = buildImportGraph(this.files);
+        this.taintSources = findSources(this.files);
+        this.taintSinks = findSinks(this.files);
+        console.log(`  Taint analysis: ${this.importGraph.length} import edges, ${this.taintSources.length} sources, ${this.taintSinks.length} sinks`);
         this.templates = this.opts.templateFilter?.length
-            ? this.opts.templateFilter.map(id => getTemplateById(id)).filter((t) => t !== undefined)
-            : getAllTemplates();
+            ? this.opts.templateFilter.map(id => getTemplateById(id, this.opts.targetPath)).filter((t) => t !== undefined)
+            : getAllTemplates(this.opts.targetPath);
         console.log(`  Using ${this.templates.length} vulnerability templates`);
         const pairs = [];
         for (const file of this.files) {
@@ -39,7 +48,10 @@ export class HuntOrchestrator {
         const runOne = async (pair, index) => {
             const id = nextId++;
             console.log(`  [${index + 1}/${pairs.length}] Triaging ${pair.file.relativePath} (${pair.match.template.id})`);
-            const result = await retryWithBackoff(() => runTriage(pair.file, pair.match.template, id, this.opts.provider), { maxRetries: 2, baseDelayMs: 1000 });
+            // Build taint context for this file
+            const tCtx = buildTaintContext(pair.file, this.files, this.importGraph, this.taintSources, this.taintSinks);
+            const taintContextStr = formatTaintContext(tCtx) || undefined;
+            const result = await retryWithBackoff(() => runTriage(pair.file, pair.match.template, id, this.opts.provider, taintContextStr), { maxRetries: 2, baseDelayMs: 1000 });
             if (result)
                 hypotheses.push(result);
         };
@@ -65,7 +77,7 @@ export class HuntOrchestrator {
     async deepDive(hypotheses) {
         const findings = [];
         for (const hypothesis of hypotheses) {
-            const template = getTemplateById(hypothesis.templateId);
+            const template = getTemplateById(hypothesis.templateId, this.opts.targetPath);
             if (!template) {
                 console.error(`  Warning: Template ${hypothesis.templateId} not found, skipping`);
                 continue;
@@ -76,7 +88,10 @@ export class HuntOrchestrator {
                 continue;
             }
             console.log(`  Deep-diving hypothesis #${hypothesis.id}: ${hypothesis.summary}`);
-            const finding = await retryWithBackoff(() => runDeepDive(template, hypothesis, file, this.opts.provider), { maxRetries: 2, baseDelayMs: 2000 });
+            // Build taint context for deep dive
+            const tCtx = buildTaintContext(file, this.files, this.importGraph, this.taintSources, this.taintSinks);
+            const taintContextStr = formatTaintContext(tCtx) || undefined;
+            const finding = await retryWithBackoff(() => runDeepDive(template, hypothesis, file, this.opts.provider, taintContextStr), { maxRetries: 2, baseDelayMs: 2000 });
             if (finding) {
                 findings.push(finding);
                 console.log(`  CONFIRMED: ${finding.title} (${finding.severity})`);

package/dist/hunt/orchestrator.js.map

@@ -1 +1 @@
-{"version":3,"file":"orchestrator.js","sourceRoot":"","sources":["../../src/hunt/orchestrator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAA8C,MAAM,gBAAgB,CAAC;AACnG,OAAO,EAAE,cAAc,EAAsB,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAqBnD,MAAM,OAAO,gBAAgB;IACnB,IAAI,CAAc;IAClB,KAAK,GAAqB,EAAE,CAAC;IAC7B,SAAS,GAA4B,EAAE,CAAC;IAEhD,YAAY,IAAiB;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,SAAS,CAAC,KAAuB;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,IAAI,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,CAAC;QACjF,IAAI,CAAC,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;YACvD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;YAC5B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;SAC7B,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,0BAA0B,CAAC,CAAC;QAEpE,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM;YAC/C,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAA8B,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;YACpH,CAAC,CAAC,eAAe,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,0BAA0B,CAAC,CAAC;QAExE,MAAM,KAAK,GAAqD,EAAE,CAAC;QACnE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACrD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,mCAAmC,CAAC,CAAC;QAElE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAChD,MAAM,UAAU,GAAqB,EAAE,CAAC;QACxC,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,MAAM,MAAM,GAAG,KAAK,EAAE,IAAoD,EAAE,KAAa,EAAE,EAAE;YAC3F,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,cAAc,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC;YAE/G,MAAM,MAAM,GAAG,MAAM,gBAAgB,CACnC,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EACvE,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CACrC,CAAC;YAEF,IAAI,MAAM;gBAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC,CAAC;QAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,eAAe,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,KAAK,CAAC,CAAC;QAClE,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,CAAC;QAClF,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAEvF,MAAM,UAAU,GAA2B,EAAE,CAAC;QAC9C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC;QACnD,CAAC;QAED,OAAO;YACL,UAAU,EAAE,QAAQ;YACpB,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;YAC/B,UAAU;YACV,kBAAkB,EAAE,KAAK,CAAC,MAAM;SACjC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAA4B;QACzC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,UAAU,IAAI,UAAU,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,uBAAuB,UAAU,CAAC,UAAU,sBAAsB,CAAC,CAAC;gBAClF,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,CAAC,IAAI,CAAC,CAAC;YACtE,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,mBAAmB,UAAU,CAAC,IAAI,mCAAmC,CAAC,CAAC;gBACrF,SAAS;YACX,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,UAAU,CAAC,EAAE,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;YACjF,MAAM,OAAO,GAAG,MAAM,gBAAgB,CACpC,GAAG,EAAE,CAAC,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EACjE,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CACrC,CAAC;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
+{"version":3,"file":"orchestrator.js","sourceRoot":"","sources":["../../src/hunt/orchestrator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAA8C,MAAM,gBAAgB,CAAC;AACnG,OAAO,EAAE,cAAc,EAAsB,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,SAAS,EAAE,iBAAiB,EAAE,kBAAkB,EAAqD,MAAM,qBAAqB,CAAC;AAqBzK,MAAM,OAAO,gBAAgB;IACnB,IAAI,CAAc;IAClB,KAAK,GAAqB,EAAE,CAAC;IAC7B,SAAS,GAA4B,EAAE,CAAC;IACxC,WAAW,GAAiB,EAAE,CAAC;IAC/B,YAAY,GAAkB,EAAE,CAAC;IACjC,UAAU,GAAgB,EAAE,CAAC;IAErC,YAAY,IAAiB;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,SAAS,CAAC,KAAuB;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,IAAI,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,CAAC;QACjF,IAAI,CAAC,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;YACvD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;YAC5B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;SAC7B,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,0BAA0B,CAAC,CAAC;QAEpE,kCAAkC;QAClC,IAAI,CAAC,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,WAAW,CAAC,MAAM,kBAAkB,IAAI,CAAC,YAAY,CAAC,MAAM,aAAa,IAAI,CAAC,UAAU,CAAC,MAAM,QAAQ,CAAC,CAAC;QAE/I,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM;YAC/C,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAA8B,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;YAC1I,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,0BAA0B,CAAC,CAAC;QAExE,MAAM,KAAK,GAAqD,EAAE,CAAC;QACnE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACrD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,mCAAmC,CAAC,CAAC;QAElE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAChD,MAAM,UAAU,GAAqB,EAAE,CAAC;QACxC,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,MAAM,MAAM,GAAG,KAAK,EAAE,IAAoD,EAAE,KAAa,EAAE,EAAE;YAC3F,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,cAAc,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC;YAE/G,oCAAoC;YACpC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5G,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;YAE9D,MAAM,MAAM,GAAG,MAAM,gBAAgB,CACnC,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EACxF,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CACrC,CAAC;YAEF,IAAI,MAAM;gBAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC,CAAC;QAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,eAAe,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,KAAK,CAAC,CAAC;QAClE,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,CAAC;QAClF,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAEvF,MAAM,UAAU,GAA2B,EAAE,CAAC;QAC9C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC;QACnD,CAAC;QAED,OAAO;YACL,UAAU,EAAE,QAAQ;YACpB,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;YAC/B,UAAU;YACV,kBAAkB,EAAE,KAAK,CAAC,MAAM;SACjC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAA4B;QACzC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,UAAU,IAAI,UAAU,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9E,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,uBAAuB,UAAU,CAAC,UAAU,sBAAsB,CAAC,CAAC;gBAClF,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,CAAC,IAAI,CAAC,CAAC;YACtE,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,mBAAmB,UAAU,CAAC,IAAI,mCAAmC,CAAC,CAAC;gBACrF,SAAS;YACX,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,UAAU,CAAC,EAAE,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjF,oCAAoC;YACpC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;YACvG,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;YAE9D,MAAM,OAAO,GAAG,MAAM,gBAAgB,CACpC,GAAG,EAAE,CAAC,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAClF,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CACrC,CAAC;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/hunt/parse-utils.d.ts

@@ -1,2 +1,8 @@
 export declare function stripCodeFences(text: string): string;
+/**
+ * Extract JSON from text that may contain code fences and trailing prose.
+ * Handles the common LLM pattern of returning:
+ *   ```json\n{...}\n```\n\n**Reasoning:**\n...
+ */
+export declare function extractJSON(text: string): string;
 export declare function safeParseJSON(text: string): any | null;

package/dist/hunt/parse-utils.js

@@ -6,9 +6,36 @@ export function stripCodeFences(text) {
         lines.pop();
     return lines.join('\n').trim();
 }
+/**
+ * Extract JSON from text that may contain code fences and trailing prose.
+ * Handles the common LLM pattern of returning:
+ *   ```json\n{...}\n```\n\n**Reasoning:**\n...
+ */
+export function extractJSON(text) {
+    // First try: extract content between code fences
+    const fenceMatch = text.match(/```(?:json)?\s*\n([\s\S]*?)\n```/);
+    if (fenceMatch)
+        return fenceMatch[1].trim();
+    // Second try: find the first { and its matching closing }
+    const start = text.indexOf('{');
+    if (start === -1)
+        return text.trim();
+    let depth = 0;
+    for (let i = start; i < text.length; i++) {
+        if (text[i] === '{')
+            depth++;
+        else if (text[i] === '}') {
+            depth--;
+            if (depth === 0)
+                return text.slice(start, i + 1);
+        }
+    }
+    // Fallback: return from first { to end (old behavior via stripCodeFences)
+    return stripCodeFences(text);
+}
 export function safeParseJSON(text) {
     try {
-        return JSON.parse(stripCodeFences(text));
+        return JSON.parse(extractJSON(text));
     }
     catch {
         return null;

package/dist/hunt/parse-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"parse-utils.js","sourceRoot":"","sources":["../../src/hunt/parse-utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,KAAK,EAAE,CAAC;IAC/C,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,GAAG,EAAE,CAAC;IAC5D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
+{"version":3,"file":"parse-utils.js","sourceRoot":"","sources":["../../src/hunt/parse-utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,KAAK,EAAE,CAAC;IAC/C,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,GAAG,EAAE,CAAC;IAC5D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,iDAAiD;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAClE,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE5C,0DAA0D;IAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;IAErC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACxB,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACzB,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/hunt/taint-analysis.d.ts

@@ -0,0 +1,49 @@
+import type { DiscoveredFile } from './discovery.js';
+export interface TaintSource {
+    file: string;
+    line?: number;
+    type: 'request-param' | 'request-body' | 'query-string' | 'url-param' | 'file-upload' | 'websocket' | 'env-var' | 'user-input';
+    identifier: string;
+}
+export interface TaintSink {
+    file: string;
+    line?: number;
+    type: 'sql-query' | 'command-exec' | 'file-op' | 'redirect' | 'template-render' | 'response-write' | 'eval' | 'inner-html';
+    identifier: string;
+}
+export interface ImportEdge {
+    from: string;
+    to: string;
+    symbols: string[];
+}
+export interface TaintContext {
+    file: string;
+    sources: TaintSource[];
+    sinks: TaintSink[];
+    dataFlowPaths: string[];
+    relatedFiles: {
+        path: string;
+        relevance: string;
+        snippet: string;
+    }[];
+}
+/**
+ * Build a graph of import edges between discovered files.
+ * Resolves relative imports (./foo, ../bar) to discovered file paths.
+ */
+export declare function buildImportGraph(files: DiscoveredFile[]): ImportEdge[];
+export declare function findSources(files: DiscoveredFile[]): TaintSource[];
+export declare function findSinks(files: DiscoveredFile[]): TaintSink[];
+/**
+ * Build a TaintContext for a target file, showing:
+ * - Sources and sinks within the file
+ * - Related files that import from or are imported by the target
+ * - Data flow paths tracing sources through imports to sinks
+ */
+export declare function buildTaintContext(targetFile: DiscoveredFile, allFiles: DiscoveredFile[], importGraph: ImportEdge[], sources: TaintSource[], sinks: TaintSink[]): TaintContext;
+/**
+ * Format a TaintContext into a human-readable string for injection into
+ * triage/deep-dive LLM prompts.
+ * Returns empty string if there's no cross-file context worth showing.
+ */
+export declare function formatTaintContext(ctx: TaintContext): string;