vaspera 2.11.0 → 2.13.0

package/dist/persistence/__tests__/json-fallback.test.js

@@ -0,0 +1,249 @@
+/**
+ * JSON Fallback Storage Tests
+ */
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm, readFile } from "fs/promises";
+import { existsSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+import { JsonFallbackStorage } from "../json-fallback.js";
+describe("JSON Fallback Storage", () => {
+    let tempDir;
+    let storage;
+    beforeEach(async () => {
+        tempDir = await mkdtemp(join(tmpdir(), "fallback-test-"));
+        storage = await JsonFallbackStorage.create(tempDir);
+    });
+    afterEach(async () => {
+        storage.close();
+        await rm(tempDir, { recursive: true, force: true });
+    });
+    describe("Projects", () => {
+        it("creates and retrieves a project", () => {
+            const project = storage.findOrCreateProject("/test/project");
+            expect(project.id).toBeDefined();
+            expect(project.path).toBe("/test/project");
+            expect(project.name).toBe("project");
+        });
+        it("returns existing project on second call", () => {
+            const first = storage.findOrCreateProject("/test/project");
+            const second = storage.findOrCreateProject("/test/project");
+            expect(first.id).toBe(second.id);
+        });
+        it("finds project by path", () => {
+            storage.findOrCreateProject("/test/project");
+            const found = storage.findProjectByPath("/test/project");
+            expect(found).toBeDefined();
+            expect(found?.path).toBe("/test/project");
+        });
+    });
+    describe("Findings", () => {
+        it("creates and retrieves a finding", () => {
+            const project = storage.findOrCreateProject("/test");
+            const finding = storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection",
+                scannerSource: "semgrep",
+                confidence: 95,
+                status: "open",
+            });
+            expect(finding.id).toBeDefined();
+            expect(finding.severity).toBe("high");
+            expect(finding.firstSeenAt).toBeDefined();
+        });
+        it("upserts findings correctly", () => {
+            const project = storage.findOrCreateProject("/test");
+            const { finding: first, isNew: isNew1 } = storage.upsertFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection",
+                scannerSource: "semgrep",
+                confidence: 95,
+            });
+            const { finding: second, isNew: isNew2 } = storage.upsertFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection",
+                scannerSource: "semgrep",
+                confidence: 95,
+            });
+            expect(isNew1).toBe(true);
+            expect(isNew2).toBe(false);
+            expect(first.id).toBe(second.id);
+        });
+        it("filters findings correctly", () => {
+            const project = storage.findOrCreateProject("/test");
+            storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection",
+                scannerSource: "semgrep",
+                confidence: 95,
+                status: "open",
+            });
+            storage.createFinding({
+                projectId: project.id,
+                severity: "low",
+                category: "style",
+                file: "src/utils.ts",
+                line: 10,
+                description: "Style issue",
+                scannerSource: "eslint",
+                confidence: 100,
+                status: "open",
+            });
+            const highSeverity = storage.findFindings({ severity: "high" });
+            expect(highSeverity).toHaveLength(1);
+            const allOpen = storage.findFindings({ status: "open" });
+            expect(allOpen).toHaveLength(2);
+        });
+        it("marks findings as fixed", () => {
+            const project = storage.findOrCreateProject("/test");
+            const finding = storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "test",
+                file: "test.ts",
+                line: 1,
+                description: "Test",
+                scannerSource: "semgrep",
+                confidence: 100,
+                status: "open",
+            });
+            const count = storage.markFixed([finding.id], "user@test.com");
+            expect(count).toBe(1);
+            const updated = storage.findById(finding.id);
+            expect(updated?.status).toBe("fixed");
+            expect(updated?.fixedBy).toBe("user@test.com");
+        });
+        it("marks findings as false positive", () => {
+            const project = storage.findOrCreateProject("/test");
+            const finding = storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "test",
+                file: "test.ts",
+                line: 1,
+                description: "Test",
+                scannerSource: "semgrep",
+                confidence: 100,
+                status: "open",
+            });
+            const result = storage.markFalsePositive(finding.id, "Not a real issue");
+            expect(result).toBe(true);
+            const updated = storage.findById(finding.id);
+            expect(updated?.status).toBe("false_positive");
+            expect(updated?.falsePositive).toBe(true);
+            expect(updated?.falsePositiveReason).toBe("Not a real issue");
+        });
+    });
+    describe("Stats", () => {
+        it("calculates project stats", () => {
+            const project = storage.findOrCreateProject("/test");
+            storage.createFinding({
+                projectId: project.id,
+                severity: "critical",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection",
+                scannerSource: "semgrep",
+                confidence: 95,
+                status: "open",
+            });
+            storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "xss",
+                file: "src/view.ts",
+                line: 10,
+                description: "XSS",
+                scannerSource: "semgrep",
+                confidence: 90,
+                status: "open",
+            });
+            const stats = storage.getStats(project.id);
+            expect(stats.totalFindings).toBe(2);
+            expect(stats.openFindings).toBe(2);
+            expect(stats.bySeverity.critical).toBe(1);
+            expect(stats.bySeverity.high).toBe(1);
+        });
+    });
+    describe("Persistence", () => {
+        it("saves and loads data", async () => {
+            const project = storage.findOrCreateProject("/test");
+            storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "test",
+                file: "test.ts",
+                line: 1,
+                description: "Test finding",
+                scannerSource: "semgrep",
+                confidence: 100,
+                status: "open",
+            });
+            await storage.save();
+            const filePath = join(tempDir, ".vaspera", "findings-fallback.json");
+            expect(existsSync(filePath)).toBe(true);
+            const content = await readFile(filePath, "utf-8");
+            const data = JSON.parse(content);
+            expect(data.version).toBe(1);
+            expect(Object.keys(data.projects)).toHaveLength(1);
+            expect(Object.keys(data.findings)).toHaveLength(1);
+        });
+        it("loads existing data on create", async () => {
+            const project = storage.findOrCreateProject("/test");
+            storage.createFinding({
+                projectId: project.id,
+                severity: "high",
+                category: "test",
+                file: "test.ts",
+                line: 1,
+                description: "Test finding",
+                scannerSource: "semgrep",
+                confidence: 100,
+                status: "open",
+            });
+            await storage.save();
+            storage.close();
+            const newStorage = await JsonFallbackStorage.create(tempDir);
+            const findings = newStorage.findFindings({ status: "open" });
+            expect(findings).toHaveLength(1);
+            expect(findings[0].description).toBe("Test finding");
+            newStorage.close();
+        });
+    });
+    describe("Scans", () => {
+        it("creates and completes scans", () => {
+            const project = storage.findOrCreateProject("/test");
+            const scan = storage.createScan(project.id, "cert-001");
+            expect(scan.id).toBeDefined();
+            expect(scan.status).toBe("running");
+            storage.completeScan(scan.id, {
+                totalFindings: 5,
+                newFindings: 3,
+                fixedFindings: 0,
+                bySeverity: { critical: 1, high: 2, medium: 2, low: 0, info: 0 },
+                byScanner: { semgrep: 5 },
+                duration: 1000,
+            });
+            const stats = storage.getStats(project.id);
+            expect(stats.lastScanAt).toBeDefined();
+        });
+    });
+});
+//# sourceMappingURL=json-fallback.test.js.map

package/dist/persistence/__tests__/json-fallback.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json-fallback.test.js","sourceRoot":"","sources":["../../../src/persistence/__tests__/json-fallback.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE1D,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,IAAI,OAAe,CAAC;IACpB,IAAI,OAA4B,CAAC;IAEjC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC1D,OAAO,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE7D,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC3C,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,KAAK,GAAG,OAAO,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE5D,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,OAAO,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE7C,MAAM,KAAK,GAAG,OAAO,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;YACzD,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;gBACpC,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,eAAe;gBAC5B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,EAAE;gBACd,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAErD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;gBAC9D,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,eAAe;gBAC5B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,EAAE;aACf,CAAC,CAAC;YAEH,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;gBAC/D,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,eAAe;gBAC5B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,EAAE;aACf,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAErD,OAAO,CAAC,aAAa,CAAC;gBACpB,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,eAAe;gBAC5B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,EAAE;gBACd,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,OAAO,CAAC,aAAa,CAAC;gBACpB,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,QAAQ;gBACvB,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YAChE,MAAM,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAErC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YACzD,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;gBACpC,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,MAAM;gBACnB,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;YAC/D,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAEtB,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;gBACpC,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,MAAM;gBACnB,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE1B,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC/C,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE;QACrB,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAErD,OAAO,CAAC,aAAa,CAAC;gBACpB,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAe;gBACzB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,eAAe;gBAC5B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,EAAE;gBACd,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,OAAO,CAAC,aAAa,CAAC;gBACpB,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,KAAK;gBAClB,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,EAAE;gBACd,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAE3C,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;YACpC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,CAAC,aAAa,CAAC;gBACpB,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YAErB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,wBAAwB,CAAC,CAAC;YACrE,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAExC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,CAAC,aAAa,CAAC;gBACpB,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,SAAS;gBACxB,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,EAAE,CAAC;YAEhB,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC7D,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YAE7D,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAErD,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE;QACrB,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YAExD,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAEpC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE;gBAC5B,aAAa,EAAE,CAAC;gBAChB,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,CAAC;gBAChB,UAAU,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE;gBAChE,SAAS,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE;gBACzB,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/persistence/__tests__/persistence.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Persistence Layer Tests
+ */
+export {};
+//# sourceMappingURL=persistence.test.d.ts.map

package/dist/persistence/__tests__/persistence.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistence.test.d.ts","sourceRoot":"","sources":["../../../src/persistence/__tests__/persistence.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/persistence/__tests__/persistence.test.js

@@ -0,0 +1,369 @@
+/**
+ * Persistence Layer Tests
+ */
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm } from "fs/promises";
+import { join } from "path";
+import { tmpdir } from "os";
+import { PersistenceManager } from "../index.js";
+describe("Persistence Layer", () => {
+    let manager;
+    let tempDir;
+    beforeEach(async () => {
+        tempDir = await mkdtemp(join(tmpdir(), `persistence-test-${Math.random().toString(36).slice(2, 8)}-`));
+        manager = PersistenceManager.createInMemory();
+    });
+    afterEach(async () => {
+        manager.close();
+        await rm(tempDir, { recursive: true, force: true });
+    });
+    describe("Projects Repository", () => {
+        it("creates a project", () => {
+            const project = manager.projects.create("/test/project", "Test Project");
+            expect(project.id).toBeDefined();
+            expect(project.path).toBe("/test/project");
+            expect(project.name).toBe("Test Project");
+            expect(project.createdAt).toBeDefined();
+        });
+        it("finds project by path", () => {
+            manager.projects.create("/test/project", "Test Project");
+            const found = manager.projects.findByPath("/test/project");
+            expect(found).toBeDefined();
+            expect(found?.name).toBe("Test Project");
+        });
+        it("finds or creates project", () => {
+            const first = manager.projects.findOrCreate("/test/project", "Test");
+            const second = manager.projects.findOrCreate("/test/project", "Different");
+            expect(first.id).toBe(second.id);
+        });
+        it("lists all projects", () => {
+            manager.projects.create("/project1");
+            manager.projects.create("/project2");
+            const projects = manager.projects.list();
+            expect(projects.length).toBe(2);
+        });
+    });
+    describe("Findings Repository", () => {
+        let projectId;
+        beforeEach(() => {
+            const project = manager.projects.create("/test/project");
+            projectId = project.id;
+        });
+        it("creates a finding", () => {
+            const finding = manager.findings.create({
+                projectId,
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection vulnerability",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 95,
+            });
+            expect(finding.id).toBeDefined();
+            expect(finding.severity).toBe("high");
+            expect(finding.firstSeenAt).toBeDefined();
+        });
+        it("upserts finding from scan", () => {
+            const first = manager.findings.upsertFromScan({
+                projectId,
+                severity: "high",
+                category: "xss",
+                file: "src/ui.ts",
+                line: 100,
+                description: "XSS vulnerability",
+                scannerSource: "semgrep",
+                confidence: 90,
+            });
+            expect(first.isNew).toBe(true);
+            const second = manager.findings.upsertFromScan({
+                projectId,
+                severity: "high",
+                category: "xss",
+                file: "src/ui.ts",
+                line: 100,
+                description: "XSS vulnerability",
+                scannerSource: "semgrep",
+                confidence: 90,
+            });
+            expect(second.isNew).toBe(false);
+            expect(second.finding.id).toBe(first.finding.id);
+        });
+        it("filters findings", () => {
+            manager.findings.create({
+                projectId,
+                severity: "critical",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 10,
+                description: "Critical SQL injection",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 100,
+            });
+            manager.findings.create({
+                projectId,
+                severity: "low",
+                category: "code-smell",
+                file: "src/utils.ts",
+                line: 20,
+                description: "Minor issue",
+                scannerSource: "eslint",
+                status: "open",
+                confidence: 80,
+            });
+            const critical = manager.findings.find({ projectId, severity: "critical" });
+            expect(critical.length).toBe(1);
+            const semgrep = manager.findings.find({ projectId, scannerSource: "semgrep" });
+            expect(semgrep.length).toBe(1);
+        });
+        it("updates finding status", () => {
+            const finding = manager.findings.create({
+                projectId,
+                severity: "high",
+                category: "xss",
+                file: "src/ui.ts",
+                line: 50,
+                description: "XSS",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 90,
+            });
+            const updated = manager.findings.updateStatus(finding.id, "fixed", "developer");
+            expect(updated).toBe(true);
+            const fetched = manager.findings.findById(finding.id);
+            expect(fetched?.status).toBe("fixed");
+            expect(fetched?.fixedAt).toBeDefined();
+        });
+        it("marks finding as false positive", () => {
+            const finding = manager.findings.create({
+                projectId,
+                severity: "medium",
+                category: "security",
+                file: "src/test.ts",
+                line: 1,
+                description: "Test finding",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 70,
+            });
+            manager.findings.markFalsePositive(finding.id, "Not applicable in this context");
+            const fetched = manager.findings.findById(finding.id);
+            expect(fetched?.status).toBe("false_positive");
+            expect(fetched?.falsePositive).toBe(true);
+            expect(fetched?.falsePositiveReason).toBe("Not applicable in this context");
+        });
+        it("gets project stats", () => {
+            manager.findings.create({
+                projectId,
+                severity: "critical",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 10,
+                description: "Critical",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 100,
+            });
+            manager.findings.create({
+                projectId,
+                severity: "high",
+                category: "xss",
+                file: "src/ui.ts",
+                line: 20,
+                description: "High",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 90,
+            });
+            const stats = manager.findings.getStats(projectId);
+            expect(stats.totalFindings).toBe(2);
+            expect(stats.openFindings).toBe(2);
+            expect(stats.bySeverity.critical).toBe(1);
+            expect(stats.bySeverity.high).toBe(1);
+        });
+    });
+    describe("Scans Repository", () => {
+        let projectId;
+        beforeEach(() => {
+            const project = manager.projects.create("/test/project");
+            projectId = project.id;
+        });
+        it("creates a scan", () => {
+            const scan = manager.scans.create(projectId);
+            expect(scan.id).toBeDefined();
+            expect(scan.projectId).toBe(projectId);
+            expect(scan.status).toBe("running");
+        });
+        it("completes a scan", () => {
+            const scan = manager.scans.create(projectId);
+            manager.scans.complete(scan.id, {
+                totalFindings: 5,
+                newFindings: 3,
+                fixedFindings: 1,
+                bySeverity: { critical: 1, high: 2, medium: 2, low: 0, info: 0 },
+                byScanner: { semgrep: 4, gitleaks: 1 },
+                duration: 5000,
+            });
+            const fetched = manager.scans.findById(scan.id);
+            expect(fetched?.status).toBe("completed");
+            expect(fetched?.totalFindings).toBe(5);
+            expect(fetched?.completedAt).toBeDefined();
+        });
+        it("fails a scan", () => {
+            const scan = manager.scans.create(projectId);
+            manager.scans.fail(scan.id, "Scanner crashed");
+            const fetched = manager.scans.findById(scan.id);
+            expect(fetched?.status).toBe("failed");
+            expect(fetched?.error).toBe("Scanner crashed");
+        });
+        it("lists project scans", () => {
+            manager.scans.create(projectId);
+            manager.scans.create(projectId);
+            manager.scans.create(projectId);
+            const scans = manager.scans.findByProject(projectId);
+            expect(scans.length).toBe(3);
+        });
+    });
+    describe("Trends Repository", () => {
+        let projectId;
+        beforeEach(() => {
+            const project = manager.projects.create("/test/project");
+            projectId = project.id;
+            manager.findings.create({
+                projectId,
+                severity: "high",
+                category: "xss",
+                file: "src/ui.ts",
+                line: 10,
+                description: "XSS",
+                scannerSource: "semgrep",
+                status: "open",
+                confidence: 90,
+            });
+        });
+        it("calculates trends", () => {
+            const trends = manager.trends.calculateTrends(projectId, "day", 7);
+            expect(Array.isArray(trends)).toBe(true);
+        });
+        it("gets category breakdown", () => {
+            const breakdown = manager.trends.getCategoryBreakdown(projectId);
+            expect(breakdown.length).toBeGreaterThan(0);
+            expect(breakdown[0]).toHaveProperty("category");
+            expect(breakdown[0]).toHaveProperty("count");
+            expect(breakdown[0]).toHaveProperty("percentage");
+        });
+        it("gets scanner effectiveness", () => {
+            const effectiveness = manager.trends.getScannerEffectiveness(projectId);
+            expect(effectiveness.length).toBeGreaterThan(0);
+            expect(effectiveness[0]).toHaveProperty("scanner");
+            expect(effectiveness[0]).toHaveProperty("found");
+            expect(effectiveness[0]).toHaveProperty("accuracy");
+        });
+    });
+    describe("End-to-End Workflow", () => {
+        it("complete scan workflow with in-memory database", () => {
+            const localManager = PersistenceManager.createInMemory();
+            const project = localManager.projects.create("/test/project", "Test Project");
+            const scan = localManager.scans.create(project.id);
+            const { finding: finding1, isNew: isNew1 } = localManager.findings.upsertFromScan({
+                projectId: project.id,
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                description: "SQL injection",
+                scannerSource: "semgrep",
+                confidence: 95,
+            });
+            const { finding: finding2, isNew: isNew2 } = localManager.findings.upsertFromScan({
+                projectId: project.id,
+                severity: "medium",
+                category: "xss",
+                file: "src/ui.ts",
+                line: 100,
+                description: "XSS",
+                scannerSource: "semgrep",
+                confidence: 85,
+            });
+            expect(isNew1).toBe(true);
+            expect(isNew2).toBe(true);
+            localManager.scans.complete(scan.id, {
+                totalFindings: 2,
+                newFindings: 2,
+                fixedFindings: 0,
+                bySeverity: { critical: 0, high: 1, medium: 1, low: 0, info: 0 },
+                byScanner: { semgrep: 2 },
+                duration: 1000,
+            });
+            const completedScan = localManager.scans.findById(scan.id);
+            expect(completedScan?.status).toBe("completed");
+            expect(completedScan?.totalFindings).toBe(2);
+            const openFindings = localManager.findings.find({ projectId: project.id, status: "open" });
+            expect(openFindings.length).toBe(2);
+            localManager.findings.updateStatus(finding1.id, "fixed", "developer");
+            const afterFix = localManager.findings.find({ projectId: project.id, status: "open" });
+            expect(afterFix.length).toBe(1);
+            const stats = localManager.findings.getStats(project.id);
+            expect(stats.openFindings).toBe(1);
+            expect(stats.fixedFindings).toBe(1);
+            localManager.close();
+        });
+        it("tracks finding deduplication across scans", () => {
+            const localManager = PersistenceManager.createInMemory();
+            const project = localManager.projects.create("/test/project2");
+            const first = localManager.findings.upsertFromScan({
+                projectId: project.id,
+                severity: "critical",
+                category: "secrets",
+                file: "src/config.ts",
+                line: 5,
+                description: "Hardcoded secret",
+                scannerSource: "gitleaks",
+                confidence: 100,
+            });
+            expect(first.isNew).toBe(true);
+            const second = localManager.findings.upsertFromScan({
+                projectId: project.id,
+                severity: "critical",
+                category: "secrets",
+                file: "src/config.ts",
+                line: 5,
+                description: "Hardcoded secret",
+                scannerSource: "gitleaks",
+                confidence: 100,
+            });
+            expect(second.isNew).toBe(false);
+            expect(second.finding.id).toBe(first.finding.id);
+            const allFindings = localManager.findings.find({ projectId: project.id });
+            expect(allFindings.length).toBe(1);
+            localManager.close();
+        });
+        it("calculates project trends", () => {
+            const localManager = PersistenceManager.createInMemory();
+            const project = localManager.projects.create("/test/project3");
+            for (let i = 0; i < 5; i++) {
+                localManager.findings.create({
+                    projectId: project.id,
+                    severity: i < 2 ? "critical" : "high",
+                    category: "security",
+                    file: `src/file${i}.ts`,
+                    line: i * 10,
+                    description: `Finding ${i}`,
+                    scannerSource: "semgrep",
+                    status: "open",
+                    confidence: 90,
+                });
+            }
+            const trends = localManager.trends.calculateTrends(project.id, "day", 7);
+            expect(Array.isArray(trends)).toBe(true);
+            const breakdown = localManager.trends.getCategoryBreakdown(project.id);
+            expect(breakdown.length).toBeGreaterThan(0);
+            expect(breakdown[0].category).toBe("security");
+            expect(breakdown[0].count).toBe(5);
+            localManager.close();
+        });
+    });
+});
+//# sourceMappingURL=persistence.test.js.map