uneven-ai 0.11.1 → 0.12.1

package/CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to Uneven AI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.12.0] - 2026-04-12
+
+### Changed — Pure Clean Architecture Refactor (Stages 1 & 2)
+
+- **TypeScript Layer**: Complete migration of `src/core` to a modular 3-layer architecture:
+    - `src/domain/`: Core business entities, index planners, and safety guards.
+    - `src/application/`: High-level orchestration, security analyzers, and fix engines.
+    - `src/infrastructure/`: Low-level adapters including IO, DB loaders, terminal watchers, and the native bridge.
+- **Rust Core**: Refactored `crates/uneven-core` into modular domain, application, and infrastructure modules for enhanced maintainability and feature isolation.
+- **Barrels**: Introduced central entry points (`index.ts`) for each layer to standardize internal imports and discourage deep module coupling.
+- **Licensing**: Refined the license gate with refined error reporting and direct exports for core verification functions.
+- **Stability**: Fixed over 100 broken relative imports across the CLI and core engine caused by the directory structure changes.
+- **Build System**: Standardized on absolute paths for internal tooling stability across various Node.js environments.
+
 ## [0.7.3] - 2026-04-09
 
 ### Fixed — complete audit of unreviewed modules

package/README.md

@@ -11,7 +11,18 @@
 >
 > Embeds a **local LLM**, indexes your entire codebase, watches running terminals in real time, **autonomously fixes errors**, scans for **malicious code and compromised dependencies**, runs a built-in **AI data analyst**, performs **scoped security testing**, and generates **shareable reports** — all from a single CLI.
 >
-> **Rust-powered high-performance engine** with **TypeScript public API**. Zero network dependencies.
+> **Rust-powered high-performance engine** with **Modular Clean Architecture**. Zero network dependencies.
+
+## 🏗️ Architecture
+
+Starting with **v0.12.1**, Uneven AI is built on a robust modular architecture that ensures stability, privacy, and performance. The system is divided into clear layers of responsibility:
+
+- **🌍 Domain**: Pure business logic and safety rules (the "Brain").
+- **⚙️ Application**: Orchestrates analysis, terminal watching, and fix application.
+- **🔌 Infrastructure**: High-performance adapters for local vector search, Rust core bridge, and I/O.
+- **🖥️ CLI Layer**: Premium terminal user experience with rich visual feedback.
+
+This design ensures that your code and credentials stay strictly local, only interacting with the necessary technical adapters in a controlled, auditable way.
 
 ## Features
 
@@ -37,7 +48,7 @@ Requirements vary significantly depending on the **brain provider** you choose.
 | Node.js | v18 (ESM required) | v20+ recommended |
 | RAM | 256 MB | Only embeddings model loaded (~300 MB peak) |
 | Disk | 200 MB | Embeddings model only |
-| OS | Linux, macOS, Windows (WSL2) | |
+| OS | Linux, macOS, Windows 11 (Native) | |
 
 > API providers delegate processing to verified cloud endpoints. Uneven AI maintains a local semantic index for lightning-fast search while the core intelligence runs remotely. This is the optimal mode for low-resource environments.
 
@@ -48,7 +59,7 @@ Requirements vary significantly depending on the **brain provider** you choose.
 | Node.js | v18 (ESM required) | v20+ recommended |
 | RAM | 512 MB (Uneven AI) | Ollama manages model memory separately |
 | Disk | 200 MB + model size | Ollama stores models in its own directory |
-| OS | Linux, macOS, Windows (WSL2) | |
+| OS | Linux, macOS, Windows 11 (Native) | |
 
 > Uneven AI itself uses ~512 MB. The Ollama daemon handles model memory independently — RAM required depends on the model you pull (e.g. `llama3.2` ~2 GB).
 
@@ -59,7 +70,7 @@ Requirements vary significantly depending on the **brain provider** you choose.
 | Node.js | v18 (ESM required) | v20+ |
 | RAM | 4 GB | 8 GB+ |
 | Disk | 200 MB (embeddings) | 2 GB+ (local LLM) |
-| OS | Linux, macOS, Windows (WSL2) | Linux / macOS |
+| OS | Linux, macOS, Windows 11 (Native) | Linux / macOS |
 
 > The independent local mode loads a high-precision neural model directly into system memory. This ensures 100% offline operation and absolute data sovereignty with zero external dependencies.
 
@@ -125,8 +136,8 @@ uneven-ai ci
 If you are on a machine with limited RAM (VPS, CI, container, low-end laptop), use an API provider. Uneven AI in API mode loads only the embeddings model and stays well under 512 MB:
 
 ```typescript
-// uneven-ai.config.ts — optimized for API + low memory
-const config: Uneven AIConfig = {
+// uneven.config.ts — optimized for API + low memory
+const config: UnevenConfig = {
   brain: {
     provider: 'claude',                        // or 'openai' / 'gemini'
     model: 'claude-haiku-4-5-20251001',        // smaller/cheaper model = lower latency
@@ -153,7 +164,7 @@ const config: Uneven AIConfig = {
 
 ## Configuration
 
-Create `uneven-ai.config.ts` in your project root:
+Create `uneven.config.ts` in your project root:
 
 ```typescript
 import { UnevenConfig } from 'uneven-ai'
@@ -186,7 +197,7 @@ const config: UnevenConfig = {
     target: 'http://localhost:3000',
   },
   log: {
-    path: './.uneven-ai/log.md',
+    path: './.uneven/log.md',
   },
 }
 
@@ -298,14 +309,14 @@ Pipeline steps:
 2. **Malware scan** — `uneven-ai scan --json`
 3. **Test suite** — `npm test`
 
-Exit code 0 = pass, exit code 1 = fail. Writes `.uneven-ai/ci-summary.json`.
+Exit code 0 = pass, exit code 1 = fail. Writes `.uneven/ci-summary.json`.
 
 ## Programmatic API
 
 ```typescript
-import { Uneven AI } from 'uneven-ai'
+import { Uneven } from 'uneven-ai'
 
-const ai = new Uneven AI({
+const ai = new Uneven({
   brain: { provider: 'local', model: 'llama-3.2-1b-q8' },
   knowledge: { dirs: ['./src'] },
   watch: { terminal: 'npm run dev', autoFix: true },
@@ -335,6 +346,8 @@ await ai.stop()
 | Java | ✅ | ✅ |
 | PHP | ✅ | ✅ |
 | Ruby | ✅ | ✅ |
+| COBOL | ✅ | ✅ |
+| Assembly (x86/ARM) | ✅ | ✅ |
 
 ## Knowledge Sources
 
@@ -379,7 +392,7 @@ Privacy is not a feature; it's our foundation.
 ## Production Mode
 
 ```typescript
-const config: Uneven AIConfig = {
+const config: UnevenConfig = {
   watch: {
     terminal: 'node dist/server.js',
     autoFix: false,      // NEVER auto-fix in production
@@ -396,7 +409,7 @@ Uneven AI becomes a **monitoring agent** — detects issues but never modifies c
 
 ## Log Format
 
-All findings are logged to `.uneven-ai/log.md`:
+All findings are logged to `.uneven/log.md`:
 
 ```markdown
 ## [10:32:14] Error Detected
@@ -446,8 +459,8 @@ New to Uneven AI? Follow the step-by-step guide to verify each feature works cor
 ## Contributing
 
 ```bash
-git clone https://github.com/kreivesler/uneven-ai-ai
-cd uneven-ai-ai
+git clone https://github.com/kreivesler/uneven
+cd uneven
 npm install
 npm run build
 npm test
@@ -457,15 +470,15 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for the full guide.
 
 ## Support & Issues
 
-- 🐛 [Report issues](https://github.com/kreivesler/uneven-ai-ai/issues)
+- 🐛 [Report issues](https://github.com/kreivesler/uneven/issues)
 - 📧 [Email support](mailto:contato@rileysolucoes.com.br)
-- 💬 [Discussions](https://github.com/kreivesler/uneven-ai-ai/discussions)
+- 💬 [Discussions](https://github.com/kreivesler/uneven/discussions)
 
 ---
 
 Built by **KR Riley Soluções** — a software engineering consultancy in Brazil.
 
-- 🌐 [uneven-ai.dev](https://uneven-ai.dev)
+- 🌐 [uneven.dev](https://uneven.dev)
 - 📧 [contact@rileysolucoes.com.br](mailto:contato@rileysolucoes.com.br)
 - 🐙 [GitHub](https://github.com/kreivesler)
 

package/dist/{core → application/analysis}/active-scanner.d.ts

@@ -14,7 +14,7 @@
  * Every probe is guarded by PentestSecurityContext.checkTarget() before execution.
  * All results are written to .uneven/pentest-audit.log.
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 import { PentestSecurityContext } from './pentest-security-context.js';
 import { type SecurityFinding } from './security-analyzer.js';
 export declare class ActiveScanner {

package/dist/application/analysis/active-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"active-scanner.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/active-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAQH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AACtE,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAyI7D,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,GAAG,CAAwB;IACnC,OAAO,CAAC,QAAQ,CAAe;gBAEnB,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,sBAAsB;IAOjD,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8CrD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8GxD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA4EpD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAoEpD,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA0ChE,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAwBlE,OAAO,CAAC,KAAK;YAKC,aAAa;CAQ5B"}

package/dist/application/analysis/dashboard-generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dashboard-generator.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/dashboard-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAEpD,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,SAAS,GAAG,OAAO,CAAA;AAEzE,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,4DAA4D;IAC5D,cAAc,CAAC,EAAE,SAAS,CAAA;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,SAAS,CAAA;CACrB;AAED,qBAAa,kBAAkB;IACvB,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;CAazF"}

package/dist/{core → application/analysis}/data-analyst.d.ts

@@ -8,7 +8,7 @@
  *  - Credentials are never logged (sanitized URLs only)
  *  - All destructive SQL is blocked even if user manually edits the query
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 import { DataSecurityContext, SecurityPolicy } from './data-security-context.js';
 export type DbType = 'postgresql' | 'mysql' | 'sqlite' | 'mongodb';
 export interface ColumnInfo {

package/dist/application/analysis/data-analyst.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-analyst.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/data-analyst.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AAEtD,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAA;AAUhF,MAAM,MAAM,MAAM,GAAG,YAAY,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,CAAA;AAElE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAA;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,WAAW,EAAE,MAAM,CAAA;IACnB,gEAAgE;IAChE,cAAc,EAAE,OAAO,CAAA;CACxB;AAOD,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,MAAM,CAAoB;IAClC,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,CAAA;gBAE1B,MAAM,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC;IAO9D,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA+CrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAYjC;;;;;;;OAOG;IACG,gBAAgB,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAoDxE;;;OAGG;IACG,kBAAkB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAqC7C;;;OAGG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YA2B5B,kBAAkB;YAqBlB,eAAe;YAqBf,gBAAgB;YA4BhB,eAAe;IAwB7B;;;OAGG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAgE/D;;;OAGG;IACG,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG;QAAE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAiFpF,SAAS,IAAI,WAAW,EAAE;IAC1B,SAAS,IAAI,MAAM,GAAG,IAAI;CAC3B;AAID,8DAA8D;AAC9D,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOhD"}

package/dist/{core → application/analysis}/data-analyst.js

@@ -8,9 +8,9 @@
  *  - Credentials are never logged (sanitized URLs only)
  *  - All destructive SQL is blocked even if user manually edits the query
  */
-import { llmInfer, isNativeAvailable } from './bridge.js';
+import { llmInfer, isNativeAvailable } from '../../infrastructure/index.js';
 import { DataSecurityContext } from './data-security-context.js';
-import { withTimeout, TimeoutError } from './timeout.js';
+import { withTimeout, TimeoutError } from '../../infrastructure/index.js';
 // ─── Timeout budgets ──────────────────────────────────────────────────────────
 const DB_CONNECT_TIMEOUT_MS = 10_000; // initial connection + ping
 const DB_QUERY_TIMEOUT_MS = 30_000; // any single SELECT

package/dist/application/analysis/data-security-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-security-context.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/data-security-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAIjE,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IAEzB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IAExB;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEjC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,+CAA+C;IAC/C,UAAU,EAAE,OAAO,CAAA;IACnB,sDAAsD;IACtD,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB;AAID;;;GAGG;AACH,eAAO,MAAM,cAAc,EAAE,QAAQ,CAAC,cAAc,CAmDnD,CAAA;AAID,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAA0B;IACxC,kEAAkE;IAClE,OAAO,CAAC,cAAc,CAAyC;IAC/D,OAAO,CAAC,aAAa,CAA2C;gBAEpD,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM;IAiChD;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG;QAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;QAAC,KAAK,EAAE,WAAW,CAAA;KAAE;IA6BpF;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW;IAuClC;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG;QAAE,MAAM,EAAE,WAAW,CAAC;QAAC,KAAK,EAAE,WAAW,CAAA;KAAE;IA8C5E;;;OAGG;IACH,gBAAgB,IAAI,MAAM;IAiB1B,SAAS,IAAI,QAAQ,CAAC,cAAc,CAAC;IAIrC,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,cAAc;CAGvB"}

package/dist/application/analysis/excel-exporter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"excel-exporter.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/excel-exporter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAIpD,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,wCAAwC;IACxC,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,qBAAa,aAAa;IACxB;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAsBtF;;OAEG;IACG,cAAc,CAClB,OAAO,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,WAAW,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,EAC1D,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,YAAY,CAAC;IA2BxB,OAAO,CAAC,UAAU;CAwEnB"}

package/dist/{core → application/analysis}/llm-security-reviewer.d.ts

@@ -13,7 +13,7 @@
  * Skips review if no brain is configured or inference fails.
  */
 import { type SecurityFinding } from './security-analyzer.js';
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 export interface ReviewedFinding extends SecurityFinding {
     llmVerdict?: 'confirmed' | 'false_positive' | 'uncertain';
     llmNote?: string;

package/dist/application/analysis/llm-security-reviewer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-security-reviewer.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/llm-security-reviewer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AAEtD,MAAM,WAAW,eAAgB,SAAQ,eAAe;IACtD,UAAU,CAAC,EAAE,WAAW,GAAG,gBAAgB,GAAG,WAAW,CAAA;IACzD,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAgBD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,OAAO,CAAqC;IAEpD;;OAEG;gBACS,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC;IAKlE,cAAc,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;YAiD/D,cAAc;IAe5B;;OAEG;IACH,OAAO,CAAC,eAAe;YAqBT,MAAM;IA+BpB,OAAO,CAAC,YAAY;CASrB"}

package/dist/{core → application/analysis}/malware-scanner.d.ts

@@ -12,7 +12,7 @@
  * The LLM layer only activates for findings that pass static filters but have
  * a confidence < SEMANTIC_THRESHOLD. This keeps scan time low for clean projects.
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 export type MalwareCategory = 'remote-shell' | 'data-exfiltration' | 'obfuscation' | 'supply-chain' | 'credential-theft' | 'persistence' | 'crypto-mining' | 'typosquatting';
 export interface MaliciousFinding {
     severity: 'critical' | 'high' | 'medium' | 'low';

package/dist/application/analysis/malware-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"malware-scanner.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/malware-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AAKtD,MAAM,MAAM,eAAe,GACvB,cAAc,GACd,mBAAmB,GACnB,aAAa,GACb,cAAc,GACd,kBAAkB,GAClB,aAAa,GACb,eAAe,GACf,eAAe,CAAA;AAEnB,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;IAChD,QAAQ,EAAE,eAAe,CAAA;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kDAAkD;IAClD,OAAO,EAAE,MAAM,CAAA;IACf,gDAAgD;IAChD,WAAW,EAAE,MAAM,CAAA;IACnB,sEAAsE;IACtE,UAAU,EAAE,MAAM,CAAA;IAClB,0EAA0E;IAC1E,WAAW,EAAE,OAAO,CAAA;IACpB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,gBAAgB,EAAE,CAAA;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;CAC3D;AA8KD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAQ;gBAEV,MAAM,EAAE,MAAM;IAI1B;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,WAAW,GAAE,MAAsB,GAAG,OAAO,CAAC,UAAU,CAAC;IAgCpF,OAAO,CAAC,aAAa,CAAI;YAEX,eAAe;YAkBf,eAAe;IA8E7B,OAAO,CAAC,YAAY,CAAI;YAEV,gBAAgB;YAmFhB,oBAAoB;IAwDlC;;;;;;OAMG;YACW,kBAAkB;YAmClB,YAAY;IAkC1B,OAAO,CAAC,gBAAgB;CAOzB"}

package/dist/{core → application/analysis}/malware-scanner.js

@@ -14,7 +14,7 @@
  */
 import * as fs from 'fs/promises';
 import * as path from 'path';
-import { llmInfer, isNativeAvailable } from './bridge.js';
+import { llmInfer, isNativeAvailable } from '../../infrastructure/index.js';
 const STATIC_RULES = [
     // ── Remote shell / RCE ─────────────────────────────────────────────────────
     {

package/dist/application/analysis/pentest-security-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pentest-security-context.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/pentest-security-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAA;IACb,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,8CAA8C;IAC9C,YAAY,EAAE,MAAM,CAAA;IACpB,4CAA4C;IAC5C,YAAY,EAAE,MAAM,CAAA;IACpB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAA;IACjB,yBAAyB;IACzB,OAAO,EAAE,gBAAgB,EAAE,CAAA;IAC3B,yBAAyB;IACzB,YAAY,EAAE,KAAK,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAA;IACxC,kDAAkD;IAClD,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,IAAI,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,KAAK,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,MAAM,UAAU,GAAG,cAAc,GAAG,SAAS,CAAA;AAuFnD,qBAAa,sBAAsB;IACjC,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,KAAK,CAA4B;gBAE7B,WAAW,GAAE,MAAsB;IAO/C;;;OAGG;IACG,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,gBAAgB,EAAE,EAC3B,YAAY,GAAE,YAAY,CAAC,cAAc,CAAc,EACvD,YAAY,GAAE,MAAiB,GAC9B,OAAO,CAAC,YAAY,CAAC;IAqBxB;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IA0B/C,mCAAmC;IAC7B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAUjC;;;OAGG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAiDtD;;;OAGG;IACG,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAqBhF;;;OAGG;IACH,sBAAsB,CAAC,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM;IAkCzD,QAAQ,IAAI,YAAY,GAAG,IAAI;IAE/B,cAAc,IAAI;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE;YAajF,KAAK;IASnB,OAAO,CAAC,WAAW;CAIpB"}

package/dist/application/analysis/report-packager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-packager.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/report-packager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AASH,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,yCAAyC;IACzC,MAAM,CAAC,EAAE,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,aAAa,GAAG,WAAW,CAAA;IAC5E,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,OAAO,CAAA;CACjB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAQ;gBAEZ,QAAQ,GAAE,MAAqD;IAI3E;;OAEG;IACG,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAqCpF;;;OAGG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAgC5E,OAAO,CAAC,iBAAiB;IA4FzB,OAAO,CAAC,MAAM;YAoCA,YAAY;CAyB3B"}

package/dist/{core → application/analysis}/sbom-generator.d.ts

@@ -13,7 +13,7 @@
  *   - Linked vulnerabilities from SecurityFinding list
  *   - Metadata: project name, timestamp, Uneven version, component counts
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 import { type SecurityFinding } from './security-analyzer.js';
 export declare class SBOMGenerator {
     private logger;

package/dist/application/analysis/sbom-generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sbom-generator.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/sbom-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AACtD,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAoE7D,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,GAAG,CAAQ;IACnB,OAAO,CAAC,SAAS,CAAQ;gBAEb,MAAM,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB,EAAE,SAAS,GAAE,MAAkB;IAMhF,QAAQ,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAqK9C,YAAY;CAG3B"}

package/dist/{core → application/analysis}/security-analyzer.d.ts

@@ -8,7 +8,7 @@
  *   - Expanded CVE database: +20 entries, Python requirements.txt, Cargo.toml support
  *   - npm audit integration already in Phase 1
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 export interface SecurityFinding {
     severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
     type: string;

package/dist/application/analysis/security-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-analyzer.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/security-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AAItD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;IACzD,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,CAAA;IACtB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAmFD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAQ;gBAEV,MAAM,EAAE,MAAM;IAMpB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA4IvD,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA2LrD,gBAAgB,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;IAoJ9C,WAAW,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;IAyHzC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAoE1D,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA2E9D,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAgL9D,wBAAwB,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;IAmFtD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;YA2BhD,YAAY;CAe3B"}

package/dist/{core → application/analysis}/security-analyzer.js

@@ -483,7 +483,7 @@ export class SecurityAnalyzer {
         // If npm audit --json is available, also surface its findings
         try {
             const { execSync } = await import('child_process');
-            const auditOutput = execSync('npm audit --json 2>/dev/null', {
+            const auditOutput = execSync('npm audit --json', {
                 cwd: process.cwd(),
                 timeout: 15000,
                 encoding: 'utf-8',

package/dist/application/analysis/security-reporter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-reporter.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/security-reporter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAExD,MAAM,MAAM,YAAY,GAAG,IAAI,GAAG,MAAM,GAAG,MAAM,CAAA;AAEjD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,YAAY,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AA0BD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,SAAS,CAAQ;gBAEb,SAAS,GAAE,MAAkB;IAInC,QAAQ,CACZ,QAAQ,EAAE,eAAe,EAAE,EAC3B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAkCxB,OAAO,CAAC,aAAa;IA4FrB,OAAO,CAAC,SAAS;IAgJjB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,GAAG;CAQZ"}

package/dist/{core → application/analysis}/supply-chain-auditor.d.ts

@@ -9,7 +9,7 @@
  *  4. Integrity mismatch — package-lock.json integrity hash vs installed package hash
  *  5. Typosquatting     — package names within edit-distance 2 of popular packages
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 import { type SecurityFinding } from './security-analyzer.js';
 export declare class SupplyChainAuditor {
     private logger;

package/dist/application/analysis/supply-chain-auditor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"supply-chain-auditor.d.ts","sourceRoot":"","sources":["../../../src/application/analysis/supply-chain-auditor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AACtD,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AA2D7D,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,GAAG,CAAQ;gBAEP,MAAM,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB;IAKjD,KAAK,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAwD3B,YAAY;CAuG3B"}

package/dist/{core → application/development}/analyst-job-manager.d.ts

@@ -1,4 +1,4 @@
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 export interface AnalystTask {
     id: string;
     tableName: string;

package/dist/application/development/analyst-job-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyst-job-manager.d.ts","sourceRoot":"","sources":["../../../src/application/development/analyst-job-manager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAEvD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,GAAG,YAAY,GAAG,WAAW,GAAG,QAAQ,CAAC;IAC1D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,WAAW,EAAE,CAAC;CACtB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,MAAsB;IAK3D;;OAEG;IACG,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAqB/F;;OAEG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAQpF;;OAEG;IACG,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAU7D;;OAEG;IACG,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAKlD;;OAEG;IACG,kBAAkB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAY7C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;YAerB,cAAc;CAG7B"}

package/dist/{core → application/development}/fix-engine.d.ts

@@ -3,10 +3,10 @@
  *
  * Generates and applies fixes for detected errors
  */
-import { Logger } from './logger/index.js';
-import { ParsedError } from './error-parser.js';
+import { Logger } from '../../infrastructure/io/logger/index.js';
+import { ParsedError } from '../../infrastructure/utils/error-parser.js';
 import { TestResult } from './test-runner.js';
-import { KnowledgeRetriever } from './knowledge-retriever.js';
+import { KnowledgeRetriever } from '../orchestration/knowledge-retriever.js';
 export interface FixSuggestion {
     error: ParsedError;
     explanation: string;

package/dist/application/development/fix-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-engine.d.ts","sourceRoot":"","sources":["../../../src/application/development/fix-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,yCAAyC,CAAA;AAChE,OAAO,EAAE,WAAW,EAAyB,MAAM,4CAA4C,CAAA;AAG/F,OAAO,EAAc,UAAU,EAAE,MAAM,kBAAkB,CAAA;AACzD,OAAO,EAAE,kBAAkB,EAAoB,MAAM,yCAAyC,CAAA;AAI9F,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,WAAW,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,4DAA4D;IAC5D,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,EAAE,UAAU,GAAG,IAAI,CAAA;IAC7B,aAAa,EAAE,OAAO,CAAA;IACtB,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,SAAS,CAAiB;IAClC,OAAO,CAAC,GAAG,CAAY;IACvB,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,SAAS,CAA2B;IAC5C,OAAO,CAAC,WAAW,CAAiC;IACpD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAI;IAChC,OAAO,CAAC,WAAW,CAAa;gBAEpB,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,kBAAkB;IAS1D;;OAEG;IACG,UAAU,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA2CnE;;;;;;;;;;OAUG;YACW,aAAa;IA4F3B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAoBlC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAc1B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA4C5B;;OAEG;IACH,OAAO,CAAC,cAAc;IAgCtB;;OAEG;IACH,OAAO,CAAC,YAAY;IAqEpB;;OAEG;IACH,OAAO,CAAC,cAAc;IAgFtB;;OAEG;IACH,OAAO,CAAC,aAAa;IA8DrB;;OAEG;IACH,OAAO,CAAC,cAAc;IAuEtB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA0CzB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA4BxB;;;OAGG;IACG,QAAQ,CACZ,GAAG,EAAE,aAAa,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,GAAE,UAAe,GACpB,OAAO,CAAC,cAAc,CAAC;YAyIZ,cAAc;IAe5B,OAAO,CAAC,aAAa;CAYtB"}

package/dist/{core → application/development}/fix-engine.js

@@ -3,12 +3,12 @@
  *
  * Generates and applies fixes for detected errors
  */
-import { readCodeBlockFromFile } from './error-parser.js';
-import { SnapshotManager } from './snapshot.js';
-import { GitManager } from './git-manager.js';
+import { readCodeBlockFromFile } from '../../infrastructure/utils/error-parser.js';
+import { SnapshotManager } from '../../domain/entities/snapshot.js';
+import { GitManager } from '../../infrastructure/io/git-manager.js';
 import { TestRunner } from './test-runner.js';
-import { llmInfer, isNativeAvailable } from './bridge.js';
-import { SafetyGuard } from './safety-guard.js';
+import { llmInfer, isNativeAvailable } from '../../infrastructure/adapters/bridge.js';
+import { SafetyGuard } from '../../domain/services/safety-guard.js';
 export class FixEngine {
     logger;
     snapshots;

package/dist/{core → application/development}/test-runner.d.ts

@@ -7,7 +7,7 @@
  *
  * Used by the fix engine to confirm fixes don't break existing tests.
  */
-import { Logger } from './logger/index.js';
+import { Logger } from '../../infrastructure/index.js';
 export type TestFramework = 'jest' | 'vitest' | 'mocha' | 'jasmine' | 'pytest' | 'cargo-test' | 'go-test' | 'phpunit' | 'rspec' | 'unknown';
 export interface TestResult {
     framework: TestFramework;

package/dist/application/development/test-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-runner.d.ts","sourceRoot":"","sources":["../../../src/application/development/test-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAA;AAItD,MAAM,MAAM,aAAa,GACrB,MAAM,GACN,QAAQ,GACR,OAAO,GACP,SAAS,GACT,QAAQ,GACR,YAAY,GACZ,SAAS,GACT,SAAS,GACT,OAAO,GACP,SAAS,CAAA;AAEb,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,aAAa,CAAA;IACxB,MAAM,EAAE,OAAO,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,MAAM,EAAE,CAAA;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC7B;AA6FD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,WAAW,CAAQ;gBAEf,MAAM,EAAE,MAAM,EAAE,WAAW,GAAE,MAAsB;IAK/D;;OAEG;IACH,MAAM,IAAI;QAAE,SAAS,EAAE,aAAa,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAUvD;;OAEG;IACG,GAAG,CAAC,MAAM,GAAE,gBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmF7D;;;OAGG;IACG,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,MAAM,GAAE,gBAAqB,GAC5B,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,UAAU,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA0BvE,OAAO,CAAC,WAAW;IA2BnB,OAAO,CAAC,eAAe;IA8BvB,OAAO,CAAC,gBAAgB;IAWxB,OAAO,CAAC,iBAAiB;IAYzB,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,aAAa;IAUrB,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,aAAa;CAatB"}

package/dist/application/index.d.ts

@@ -0,0 +1,20 @@
+export * from './orchestration/engine.js';
+export * from './orchestration/incremental-index.js';
+export * from './orchestration/knowledge-retriever.js';
+export * from './analysis/security-analyzer.js';
+export * from './analysis/active-scanner.js';
+export * from './analysis/malware-scanner.js';
+export * from './analysis/data-analyst.js';
+export * from './analysis/data-security-context.js';
+export * from './analysis/pentest-security-context.js';
+export * from './analysis/llm-security-reviewer.js';
+export * from './analysis/supply-chain-auditor.js';
+export * from './analysis/sbom-generator.js';
+export * from './analysis/dashboard-generator.js';
+export * from './analysis/excel-exporter.js';
+export * from './analysis/report-packager.js';
+export * from './analysis/security-reporter.js';
+export * from './development/fix-engine.js';
+export * from './development/test-runner.js';
+export * from './development/analyst-job-manager.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/application/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/application/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAA;AACzC,cAAc,sCAAsC,CAAA;AACpD,cAAc,wCAAwC,CAAA;AACtD,cAAc,iCAAiC,CAAA;AAC/C,cAAc,8BAA8B,CAAA;AAC5C,cAAc,+BAA+B,CAAA;AAC7C,cAAc,4BAA4B,CAAA;AAC1C,cAAc,qCAAqC,CAAA;AACnD,cAAc,wCAAwC,CAAA;AACtD,cAAc,qCAAqC,CAAA;AACnD,cAAc,oCAAoC,CAAA;AAClD,cAAc,8BAA8B,CAAA;AAC5C,cAAc,mCAAmC,CAAA;AACjD,cAAc,8BAA8B,CAAA;AAC5C,cAAc,+BAA+B,CAAA;AAC7C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,8BAA8B,CAAA;AAC5C,cAAc,sCAAsC,CAAA"}

package/dist/application/index.js

@@ -0,0 +1,19 @@
+export * from './orchestration/engine.js';
+export * from './orchestration/incremental-index.js';
+export * from './orchestration/knowledge-retriever.js';
+export * from './analysis/security-analyzer.js';
+export * from './analysis/active-scanner.js';
+export * from './analysis/malware-scanner.js';
+export * from './analysis/data-analyst.js';
+export * from './analysis/data-security-context.js';
+export * from './analysis/pentest-security-context.js';
+export * from './analysis/llm-security-reviewer.js';
+export * from './analysis/supply-chain-auditor.js';
+export * from './analysis/sbom-generator.js';
+export * from './analysis/dashboard-generator.js';
+export * from './analysis/excel-exporter.js';
+export * from './analysis/report-packager.js';
+export * from './analysis/security-reporter.js';
+export * from './development/fix-engine.js';
+export * from './development/test-runner.js';
+export * from './development/analyst-job-manager.js';

package/dist/{core → application/orchestration}/engine.d.ts

@@ -4,8 +4,8 @@
  * Coordinates all components: LLM, knowledge base, watchers, pentester
  */
 import { EventEmitter } from 'events';
-import type { UnevenConfig, UnevenEventHandler, EventType } from '../../types/index.js';
-import { Logger } from './logger/index.js';
+import type { UnevenConfig, UnevenEventHandler, EventType } from '../../../types/index.js';
+import { Logger } from '../../infrastructure/io/logger/index.js';
 export declare class Uneven extends EventEmitter {
     private config;
     private logger;
@@ -40,7 +40,7 @@ export declare class Uneven extends EventEmitter {
      * Does NOT read or embed anything — pure stat() calls.
      * Use this to show a cost/time preview before running index().
      */
-    planIndex(maxFileBytes?: number): Promise<import("./index-planner.js").IndexPlan>;
+    planIndex(maxFileBytes?: number): Promise<import("../../domain/services/index-planner.js").IndexPlan>;
     /**
      * Index all knowledge sources
      */

package/dist/application/orchestration/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../src/application/orchestration/engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AACrC,OAAO,KAAK,EAAE,YAAY,EAAe,kBAAkB,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAgBvG,OAAO,EAAE,MAAM,EAAE,MAAM,yCAAyC,CAAA;AAsBhE,qBAAa,MAAO,SAAQ,YAAY;IACtC,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,gBAAgB,CAAkB;IAC1C,OAAO,CAAC,WAAW,CAAiB;IACpC,OAAO,CAAC,OAAO,CAAiB;IAChC,yEAAyE;IACzE,OAAO,CAAC,WAAW,CAAyB;IAC5C,4DAA4D;IAC5D,OAAO,CAAC,WAAW,CAA8B;IACjD,8EAA8E;IAC9E,OAAO,CAAC,kBAAkB,CAAiC;IAC3D,OAAO,CAAC,WAAW,CAAa;IAChC,OAAO,CAAC,gBAAgB,CAAkB;gBAE9B,MAAM,EAAE,YAAY;IAUhC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA+E3B;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAyBxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;;;OAIG;IACG,SAAS,CAAC,YAAY,SAAyB;IAiBrD;;OAEG;IACG,KAAK,CAAC,SAAS,GAAE,GAAG,CAAC,MAAM,CAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAkS9D;;OAEG;YACW,iBAAiB;IA+B/B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;YACW,YAAY;IAgB1B;;;;;;OAMG;YACW,aAAa;IAsF3B;;OAEG;YACW,YAAY;IAyB1B;;OAEG;YACW,WAAW;IAyBzB;;OAEG;IACG,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC;IAmF/E;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA6G5B;;;;;;;OAOG;YACW,cAAc;IAwF5B;;;;;OAKG;YACW,oBAAoB;IAkDlC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAM3B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAyJ9B;;OAEG;IACH,OAAO,CAAC,SAAS;IASjB;;OAEG;IACH,EAAE,CACA,KAAK,EAAE,SAAS,GAAG,MAAM,EACzB,OAAO,EAAE,kBAAkB,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,CAAC,GACvD,IAAI;IAIP;;OAEG;IACH,SAAS,IAAI,YAAY;IAIzB;;OAEG;IACH,SAAS,IAAI,MAAM;IAInB;;OAEG;IACH,aAAa,IAAI,OAAO;IAIxB;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;YACW,QAAQ;IAItB;;OAEG;IACH,OAAO,CAAC,QAAQ;CASjB"}

package/dist/{core → application/orchestration}/engine.js

@@ -4,29 +4,30 @@
  * Coordinates all components: LLM, knowledge base, watchers, pentester
  */
 import { EventEmitter } from 'events';
-import { initNativeEngine, getNativeVersion, isNativeAvailable, initLlmEngine, unloadLocalModel, llmEmbed, llmInfer, retrievalSearch, storeDocument, flushVectorStore, } from './bridge.js';
+import { initNativeEngine, getNativeVersion, isNativeAvailable, initLlmEngine, unloadLocalModel, llmEmbed, llmInfer, retrievalSearch, storeDocument, flushVectorStore, } from '../../infrastructure/adapters/bridge.js';
 import * as path from 'path';
 import * as fs from 'fs/promises';
-import { Logger } from './logger/index.js';
-import { chunkDocument } from './chunker.js';
-import { DatabaseLoader } from './db-loader.js';
-import { WebScraper } from './web-scraper.js';
-import { ProcessWatcher } from './process-watcher.js';
-import { FileWatcher } from './file-watcher.js';
-import { FixEngine } from './fix-engine.js';
-import { SecurityAnalyzer } from './security-analyzer.js';
-import { ActiveScanner } from './active-scanner.js';
-import { PentestSecurityContext } from './pentest-security-context.js';
-import { LLMSecurityReviewer } from './llm-security-reviewer.js';
-import { SupplyChainAuditor } from './supply-chain-auditor.js';
-import { SBOMGenerator } from './sbom-generator.js';
-import { ExternalProviders } from './external-providers.js';
-import { SessionManager } from './session.js';
+import { Logger } from '../../infrastructure/io/logger/index.js';
+import { chunkDocument } from '../../domain/services/chunker.js';
+import { DatabaseLoader } from '../../infrastructure/io/db-loader.js';
+import { WebScraper } from '../../infrastructure/io/web-scraper.js';
+import { ProcessWatcher } from '../../infrastructure/io/process-watcher.js';
+import { FileWatcher } from '../../infrastructure/io/file-watcher.js';
+import { FixEngine } from '../development/fix-engine.js';
+import { SecurityAnalyzer } from '../analysis/security-analyzer.js';
+import { ActiveScanner } from '../analysis/active-scanner.js';
+import { PentestSecurityContext } from '../analysis/pentest-security-context.js';
+import { LLMSecurityReviewer } from '../analysis/llm-security-reviewer.js';
+import { SupplyChainAuditor } from '../analysis/supply-chain-auditor.js';
+import { SBOMGenerator } from '../analysis/sbom-generator.js';
+import { ExternalProviders } from '../../infrastructure/adapters/external-providers.js';
+import { SessionManager } from '../../domain/entities/session.js';
 import { IncrementalIndex } from './incremental-index.js';
 import { KnowledgeRetriever } from './knowledge-retriever.js';
-import { IndexPlanner, DEFAULT_MAX_FILE_BYTES, formatBytes } from './index-planner.js';
-import { SafetyGuard } from './safety-guard.js';
-import { HardwareDetector } from './hardware-detector.js';
+import { IndexPlanner, DEFAULT_MAX_FILE_BYTES, HARD_SKIP_BYTES, formatBytes } from '../../domain/services/index-planner.js';
+import { SafetyGuard } from '../../domain/services/safety-guard.js';
+import { HardwareDetector } from '../../domain/services/hardware-detector.js';
+import { migrateLegacyStructure } from '../../infrastructure/utils/migration.js';
 export class Uneven extends EventEmitter {
     config;
     logger;
@@ -45,7 +46,7 @@ export class Uneven extends EventEmitter {
     constructor(config) {
         super();
         this.config = config;
-        this.logger = new Logger(config.log?.path || './.uneven/log.md');
+        this.logger = new Logger(config.log?.path || './.uneven/logs/main.md');
         this.session = new SessionManager();
         this.incrementalIndex = new IncrementalIndex();
         this.safetyGuard = new SafetyGuard(this.logger);
@@ -59,13 +60,17 @@ export class Uneven extends EventEmitter {
             throw new Error('Uneven already initialized');
         }
         try {
-            this.logger.info('Initializing Uneven engine...');
+            // 🚀 Clean up legacy structure before doing anything else
+            await migrateLegacyStructure();
+            this.logger.info('Initializing native engine...');
+            const threads = this.config.brain?.local?.threads ?? 4;
+            await initNativeEngine(this.config, threads);
+            this.logger.info('Engine initialized. Checking brain configuration...');
             this.logger.info(`Native binding available: ${isNativeAvailable()}`);
             this.logger.info(`Engine version: ${getNativeVersion()}`);
             const provider = this.config.brain?.provider ?? 'local';
             const model = this.config.brain?.model ?? 'llama3.2';
             if (isNativeAvailable()) {
-                await initNativeEngine(this.config);
                 // 🚀 Hardware Acceleration: Detect GPU if using local brain
                 if (provider === 'local') {
                     const gpuInfo = await this.hardwareDetector.detectGPU();
@@ -86,7 +91,8 @@ export class Uneven extends EventEmitter {
                 // Pass provider so local model is only loaded when explicitly configured.
                 // API providers (claude, openai, gemini, ollama) skip local model loading
                 // and stay under 512 MB RAM — only the embeddings model is loaded.
-                await initLlmEngine(provider);
+                const threads = this.config.brain?.local?.threads ?? 4;
+                await initLlmEngine(provider, threads);
             }
             this.logger.info('Uneven engine initialized successfully');
             this.initialized = true;
@@ -225,9 +231,8 @@ export class Uneven extends EventEmitter {
                                 const stats = await fs.stat(filePath).catch(() => null);
                                 if (!stats)
                                     return;
-                                const { HARD_SKIP_BYTES } = await import('./index-planner.js');
                                 if (stats.size >= HARD_SKIP_BYTES) {
-                                    this.logger.warning(`Files: skipping ${filePath} — ${formatBytes(stats.size)} exceeds hard limit`);
+                                    await this.logger.warning(`Files: skipping ${filePath} — ${formatBytes(stats.size)} exceeds hard limit`);
                                     this.emitEvent('warning', {
                                         message: `Skipped oversized file: ${filePath}`,
                                     });
@@ -468,7 +473,8 @@ export class Uneven extends EventEmitter {
             '.ts', '.tsx', '.js', '.jsx',
             '.json', '.md', '.txt', '.yaml', '.yml',
             '.rs', '.py', '.go', '.java', '.cpp', '.c', '.toml',
-            '.xls', '.xlsx', '.csv', '.docx', '.pdf'
+            '.xls', '.xlsx', '.csv', '.docx', '.pdf',
+            '.cbl', '.cob', '.asm', '.s'
         ];
         // Privacy: skip sensitive files even if extension matches
         const ignoredFiles = ['.env', '.pem', '.key', '.crt', '.pfx', '.db-shm', '.db-wal'];
@@ -687,12 +693,14 @@ export class Uneven extends EventEmitter {
             const maxTokens = this.config.brain?.maxTokens || 512;
             let response;
             if (provider === 'local') {
-                const result = await llmInfer(fullPrompt, maxTokens);
+                const threads = this.config.brain?.local?.threads ?? 4;
+                const result = await llmInfer(fullPrompt, maxTokens, threads);
                 response = result.content;
             }
             else {
                 const extProviders = new ExternalProviders(this.logger);
-                const result = await extProviders.infer(fullPrompt, provider, model, maxTokens, onToken);
+                const apiKey = this.config.brain?.apiKey;
+                const result = await extProviders.infer(fullPrompt, provider, model, maxTokens, onToken, apiKey);
                 response = result.content;
             }
             // 🛡️ Safety Guard Phase 3: Sanitize AI Output