vaspera 2.14.0 → 2.15.0

package/dist/eval/llm-analyzer.js

@@ -0,0 +1,154 @@
+/**
+ * LLM security analyzer for the accuracy benchmark.
+ *
+ * Runs the LLM layer (Anthropic, optionally OpenAI for cross-model
+ * consensus) over a code sample and returns structured findings in the
+ * same shape the eval harness matches against ground truth. This lets
+ * the benchmark measure the *full pipeline*, not just the deterministic
+ * scanners — and it's where the logic/semantic classes (auth-bypass,
+ * RLS, deserialization) the scanners miss should get caught.
+ *
+ * Providers are loaded via dynamic import so neither SDK is a hard
+ * runtime dependency (openai is only needed for consensus).
+ *
+ * @module eval/llm-analyzer
+ */
+import { parseJson } from "../util/json.js";
+const ANTHROPIC_MODEL = process.env.VASPERA_ANTHROPIC_MODEL || "claude-opus-4-8";
+const OPENAI_MODEL = process.env.VASPERA_OPENAI_MODEL || "gpt-4o";
+const SYSTEM_PROMPT = `You are a precise application-security code reviewer. \
+Identify only REAL, exploitable security vulnerabilities in the given code — \
+not style issues, not theoretical concerns. For each, give the 1-indexed line \
+of the dangerous sink, a category, a severity, and a short description. \
+Do not report safe/parameterized/validated code. Prefer precision over recall: \
+if you are not confident it is exploitable, omit it.`;
+const INSTRUCTIONS = `Analyze this file for security vulnerabilities. \
+Categories to consider: sql-injection, xss, command-injection, ssrf, \
+path-traversal, auth-bypass, broken-access-control, rls-bypass, \
+insecure-deserialization, xxe, hardcoded-secret, pii-exposure, \
+prompt-injection, excessive-agency, exfil-path. \
+Return JSON only.`;
+/** JSON schema for the structured response (Anthropic output_config). */
+const RESPONSE_SCHEMA = {
+    type: "object",
+    properties: {
+        findings: {
+            type: "array",
+            items: {
+                type: "object",
+                properties: {
+                    line: { type: "integer" },
+                    category: { type: "string" },
+                    severity: {
+                        type: "string",
+                        enum: ["critical", "high", "medium", "low", "info"],
+                    },
+                    description: { type: "string" },
+                },
+                required: ["line", "category", "severity", "description"],
+                additionalProperties: false,
+            },
+        },
+    },
+    required: ["findings"],
+    additionalProperties: false,
+};
+function toActualFindings(provider, file, parsed) {
+    return (parsed.findings || []).map((f) => ({
+        scanner: `llm:${provider}`,
+        ruleId: `${provider}:${f.category}`,
+        file,
+        line: f.line,
+        severity: f.severity,
+        message: `${f.category}: ${f.description}`,
+        confidence: 100,
+    }));
+}
+function userPrompt(file, code) {
+    return `${INSTRUCTIONS}\n\n## File: ${file}\n\`\`\`\n${code}\n\`\`\``;
+}
+/** Whether a given provider can run (API key present). */
+export function providerAvailable(provider) {
+    return provider === "anthropic"
+        ? !!process.env.ANTHROPIC_API_KEY
+        : !!process.env.OPENAI_API_KEY;
+}
+async function analyzeWithAnthropic(file, code) {
+    const { default: Anthropic } = await import("@anthropic-ai/sdk");
+    const client = new Anthropic();
+    const response = await client.messages.create({
+        model: ANTHROPIC_MODEL,
+        max_tokens: 4096,
+        system: SYSTEM_PROMPT,
+        output_config: { format: { type: "json_schema", schema: RESPONSE_SCHEMA } },
+        messages: [{ role: "user", content: userPrompt(file, code) }],
+    });
+    const block = response.content.find((b) => b.type === "text");
+    const text = block?.text ?? "{\"findings\":[]}";
+    const parsed = parseJson(text, "anthropic analysis");
+    return toActualFindings("anthropic", file, parsed);
+}
+async function analyzeWithOpenAI(file, code) {
+    // Variable specifier: keeps `openai` an OPTIONAL dependency — not in the
+    // build, loaded only if installed (`npm install openai`) for consensus.
+    const pkg = "openai";
+    const mod = (await import(pkg));
+    const client = new mod.default();
+    const response = await client.chat.completions.create({
+        model: OPENAI_MODEL,
+        // Structured outputs: force the EXACT same {findings:[...]} shape
+        // Anthropic returns. Plain json_object mode does not enforce a schema
+        // — OpenAI would otherwise return {vulnerabilities:[...]} and nothing
+        // would ever match for consensus. strict requires every property in
+        // `required` and additionalProperties:false (RESPONSE_SCHEMA already
+        // satisfies both).
+        response_format: {
+            type: "json_schema",
+            json_schema: { name: "security_findings", strict: true, schema: RESPONSE_SCHEMA },
+        },
+        messages: [
+            { role: "system", content: SYSTEM_PROMPT },
+            { role: "user", content: userPrompt(file, code) },
+        ],
+    });
+    const text = response.choices[0]?.message?.content ?? "{\"findings\":[]}";
+    const parsed = parseJson(text, "openai analysis");
+    return toActualFindings("openai", file, parsed);
+}
+/** Analyze a single file with one provider. */
+export async function analyzeCode(file, code, provider) {
+    return provider === "anthropic"
+        ? analyzeWithAnthropic(file, code)
+        : analyzeWithOpenAI(file, code);
+}
+/** Line proximity (in lines) within which two findings are "the same spot". */
+const CONSENSUS_LINE_TOLERANCE = 3;
+/**
+ * Two findings agree if they name the same file, the same category, and a
+ * line within tolerance. Category is the part after the `<provider>:`
+ * prefix in ruleId, so cross-provider findings compare correctly.
+ */
+export function findingsAgree(a, b) {
+    return (a.file === b.file &&
+        a.ruleId.split(":")[1] === b.ruleId.split(":")[1] &&
+        Math.abs(a.line - b.line) <= CONSENSUS_LINE_TOLERANCE);
+}
+/** The findings from `primary` that at least one `other` finding agrees with. */
+export function consensusOf(primary, other) {
+    return primary.filter((a) => other.some((b) => findingsAgree(a, b)));
+}
+/**
+ * Cross-model consensus: run both providers and keep findings both agree
+ * on (same file, category, and line within tolerance). Trades recall for
+ * confidence — every kept finding has two-model corroboration. That's the
+ * value proposition of multi-model consensus for certification.
+ */
+export async function analyzeWithConsensus(file, code) {
+    const [anthropic, openai] = await Promise.all([
+        analyzeCode(file, code, "anthropic"),
+        analyzeCode(file, code, "openai"),
+    ]);
+    const consensus = consensusOf(anthropic, openai);
+    return { consensus, byProvider: { anthropic, openai } };
+}
+//# sourceMappingURL=llm-analyzer.js.map

package/dist/eval/llm-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-analyzer.js","sourceRoot":"","sources":["../../src/eval/llm-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,iBAAiB,CAAC;AACjF,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,QAAQ,CAAC;AAElE,MAAM,aAAa,GAAG;;;;;qDAK+B,CAAC;AAEtD,MAAM,YAAY,GAAG;;;;;kBAKH,CAAC;AAanB,yEAAyE;AACzE,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,QAAQ,EAAE;YACR,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC5B,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC;qBACpD;oBACD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAChC;gBACD,QAAQ,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,CAAC;gBACzD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,QAAQ,EAAE,CAAC,UAAU,CAAC;IACtB,oBAAoB,EAAE,KAAK;CACnB,CAAC;AAEX,SAAS,gBAAgB,CACvB,QAAqB,EACrB,IAAY,EACZ,MAAmB;IAEnB,OAAO,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,OAAO,EAAE,OAAO,QAAQ,EAAE;QAC1B,MAAM,EAAE,GAAG,QAAQ,IAAI,CAAC,CAAC,QAAQ,EAAE;QACnC,IAAI;QACJ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,OAAO,EAAE,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,WAAW,EAAE;QAC1C,UAAU,EAAE,GAAG;KAChB,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,IAAY;IAC5C,OAAO,GAAG,YAAY,gBAAgB,IAAI,aAAa,IAAI,UAAU,CAAC;AACxE,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,iBAAiB,CAAC,QAAqB;IACrD,OAAO,QAAQ,KAAK,WAAW;QAC7B,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB;QACjC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AACnC,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,IAAY,EAAE,IAAY;IAC5D,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5C,KAAK,EAAE,eAAe;QACtB,UAAU,EAAE,IAAI;QAChB,MAAM,EAAE,aAAa;QACrB,aAAa,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE;QAC3E,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;KACd,CAAC,CAAC;IAEnD,MAAM,KAAK,GAAI,QAAgE,CAAC,OAAO,CAAC,IAAI,CAC1F,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CACzB,CAAC;IACF,MAAM,IAAI,GAAG,KAAK,EAAE,IAAI,IAAI,mBAAmB,CAAC;IAChD,MAAM,MAAM,GAAG,SAAS,CAAc,IAAI,EAAE,oBAAoB,CAAC,CAAC;IAClE,OAAO,gBAAgB,CAAC,WAAW,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AACrD,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,IAAY,EAAE,IAAY;IACzD,yEAAyE;IACzE,wEAAwE;IACxE,MAAM,GAAG,GAAG,QAAQ,CAAC;IACrB,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,CAU7B,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;QACpD,KAAK,EAAE,YAAY;QACnB,kEAAkE;QAClE,sEAAsE;QACtE,sEAAsE;QACtE,oEAAoE;QACpE,qEAAqE;QACrE,mBAAmB;QACnB,eAAe,EAAE;YACf,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE;SAClF;QACD,QAAQ,EAAE;YACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE;YAC1C,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE;SAClD;KACF,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,mBAAmB,CAAC;IAC1E,MAAM,MAAM,GAAG,SAAS,CAAc,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAC/D,OAAO,gBAAgB,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,+CAA+C;AAC/C,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAY,EACZ,IAAY,EACZ,QAAqB;IAErB,OAAO,QAAQ,KAAK,WAAW;QAC7B,CAAC,CAAC,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC;QAClC,CAAC,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,+EAA+E;AAC/E,MAAM,wBAAwB,GAAG,CAAC,CAAC;AAEnC;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,CAAgB,EAAE,CAAgB;IAC9D,OAAO,CACL,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI;QACjB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,wBAAwB,CACtD,CAAC;AACJ,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,WAAW,CACzB,OAAwB,EACxB,KAAsB;IAEtB,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,IAAY,EACZ,IAAY;IAEZ,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC;QACpC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC;AAC1D,CAAC"}

package/dist/eval/redteam-harness.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Red-Team Resistance Harness.
+ *
+ * The accuracy benchmark (`run-benchmark`, `run-llm-benchmark`) measures
+ * how well the engine *detects* vulnerabilities in code. This harness
+ * measures the complementary thing the roadmap calls for: a reproducible
+ * **behavioral resistance score** for an agent / MCP target — how well it
+ * survives a prompt-injection battery, plus the tool-scope / exfiltration
+ * surface it exposes.
+ *
+ * It is a scoring layer over primitives that already exist
+ * (`runAgentScanners` → the prompt-injection fuzzer, exfil-path graph,
+ * sandbox audit, credential-scope audit, manifest audit). Those scanners
+ * are deterministic and the payload corpus is fixed, so the score is
+ * reproducible run-to-run for a given manifest — a number you can put on a
+ * slide and a gate you can fail a build on.
+ *
+ * Two deliberately separate measures, because they behave differently:
+ *
+ *  - **Injection resistance (headline):** the share of tools that resisted
+ *    every payload in the battery. A behavioral, normalized 0–100 score.
+ *  - **Exposure surface (context):** counts of exfil paths / sandbox
+ *    escapes / over-scoped credentials / manifest issues. These scale with
+ *    tool count and breadth — a broad security tool legitimately has a
+ *    large surface (which is exactly why our own self-cert *exempts* the
+ *    sandbox/exfil scanners as false-positive-heavy for this codebase). So
+ *    they are reported as surface, NOT folded into the resistance score
+ *    where raw counts would meaninglessly floor it to zero.
+ *
+ * Honest scope: this is the reproducible, offline/static floor (tool
+ * surface, manifest hygiene, susceptibility patterns), not a live agent
+ * executing payloads against a running model. A live-runtime battery is a
+ * future extension.
+ *
+ * @module eval/redteam-harness
+ */
+import type { AgentScannerType, MCPManifest } from "../scanners/agent/types.js";
+import type { DeterministicFinding } from "../scanners/types.js";
+import type { Severity } from "../certification/types.js";
+/** Exposure dimensions and the scanner that feeds each. */
+export declare const EXPOSURE_DIMENSIONS: ReadonlyArray<{
+    dimension: string;
+    scanner: AgentScannerType;
+}>;
+export interface InjectionResistance {
+    /** 0–100: share of tools that resisted every payload in the battery. */
+    score: number;
+    grade: string;
+    toolsTested: number;
+    vulnerableTools: number;
+    resistantTools: number;
+}
+export interface ExposureDimension {
+    dimension: string;
+    scanner: AgentScannerType;
+    findingCount: number;
+    /** critical + high findings — the ones worth triage. */
+    criticalHigh: number;
+    bySeverity: Record<Severity, number>;
+    clean: boolean;
+}
+export interface RedTeamReport {
+    target: string;
+    manifestName: string;
+    manifestVersion?: string;
+    corpus: "quick" | "standard" | "thorough";
+    injectionResistance: InjectionResistance;
+    exposure: ExposureDimension[];
+    /** Headline resistance score (== injectionResistance.score). */
+    overallScore: number;
+    grade: string;
+}
+/**
+ * Tool-level injection resistance from the fuzzer's findings: a tool is
+ * "vulnerable" if it has any per-tool prompt-injection finding (the
+ * `prompt-injection:summary` aggregate is excluded). Resistance is the
+ * share of tested tools with no such finding. Pure and deterministic.
+ */
+export declare function injectionResistanceScore(findings: DeterministicFinding[], toolsTested: number): InjectionResistance;
+/** Summarize one exposure dimension's findings (counts, not a 0–100 score). */
+export declare function summarizeExposure(dimension: string, scanner: AgentScannerType, findings: DeterministicFinding[]): ExposureDimension;
+export interface RedTeamOptions {
+    manifest: MCPManifest;
+    target?: string;
+    corpus?: "quick" | "standard" | "thorough";
+    /** Source path for the source-reading scanners (sandbox audit). */
+    sourcePath?: string;
+}
+/**
+ * Run the red-team battery against a manifest and return a reproducible
+ * resistance report. Runs only the behavioral / red-team-relevant agent
+ * scanners (no supply-chain network calls, no baseline-dependent drift).
+ */
+export declare function runRedTeamBenchmark(options: RedTeamOptions): Promise<RedTeamReport>;
+//# sourceMappingURL=redteam-harness.d.ts.map

package/dist/eval/redteam-harness.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redteam-harness.d.ts","sourceRoot":"","sources":["../../src/eval/redteam-harness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAGH,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACZ,MAAM,4BAA4B,CAAC;AACpC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAG1D,2DAA2D;AAC3D,eAAO,MAAM,mBAAmB,EAAE,aAAa,CAAC;IAC9C,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,gBAAgB,CAAC;CAC3B,CAKA,CAAC;AAeF,MAAM,WAAW,mBAAmB;IAClC,wEAAwE;IACxE,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,gBAAgB,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACrC,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;IAC1C,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,gEAAgE;IAChE,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,oBAAoB,EAAE,EAChC,WAAW,EAAE,MAAM,GAClB,mBAAmB,CAkBrB;AAED,+EAA+E;AAC/E,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,gBAAgB,EACzB,QAAQ,EAAE,oBAAoB,EAAE,GAC/B,iBAAiB,CAWnB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;IAC3C,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,CAAC,CA6CxB"}

package/dist/eval/redteam-harness.js

@@ -0,0 +1,137 @@
+/**
+ * Red-Team Resistance Harness.
+ *
+ * The accuracy benchmark (`run-benchmark`, `run-llm-benchmark`) measures
+ * how well the engine *detects* vulnerabilities in code. This harness
+ * measures the complementary thing the roadmap calls for: a reproducible
+ * **behavioral resistance score** for an agent / MCP target — how well it
+ * survives a prompt-injection battery, plus the tool-scope / exfiltration
+ * surface it exposes.
+ *
+ * It is a scoring layer over primitives that already exist
+ * (`runAgentScanners` → the prompt-injection fuzzer, exfil-path graph,
+ * sandbox audit, credential-scope audit, manifest audit). Those scanners
+ * are deterministic and the payload corpus is fixed, so the score is
+ * reproducible run-to-run for a given manifest — a number you can put on a
+ * slide and a gate you can fail a build on.
+ *
+ * Two deliberately separate measures, because they behave differently:
+ *
+ *  - **Injection resistance (headline):** the share of tools that resisted
+ *    every payload in the battery. A behavioral, normalized 0–100 score.
+ *  - **Exposure surface (context):** counts of exfil paths / sandbox
+ *    escapes / over-scoped credentials / manifest issues. These scale with
+ *    tool count and breadth — a broad security tool legitimately has a
+ *    large surface (which is exactly why our own self-cert *exempts* the
+ *    sandbox/exfil scanners as false-positive-heavy for this codebase). So
+ *    they are reported as surface, NOT folded into the resistance score
+ *    where raw counts would meaninglessly floor it to zero.
+ *
+ * Honest scope: this is the reproducible, offline/static floor (tool
+ * surface, manifest hygiene, susceptibility patterns), not a live agent
+ * executing payloads against a running model. A live-runtime battery is a
+ * future extension.
+ *
+ * @module eval/redteam-harness
+ */
+import { runAgentScanners } from "../scanners/agent/index.js";
+import { getGrade } from "./metrics.js";
+/** Exposure dimensions and the scanner that feeds each. */
+export const EXPOSURE_DIMENSIONS = [
+    { dimension: "exfil-path", scanner: "exfil-path-graph" },
+    { dimension: "sandbox", scanner: "sandbox-audit" },
+    { dimension: "credential-scope", scanner: "credential-scope-audit" },
+    { dimension: "manifest-hygiene", scanner: "manifest-audit" },
+];
+function emptySeverityCount() {
+    return { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+}
+function countBySeverity(findings) {
+    const bySeverity = emptySeverityCount();
+    for (const f of findings) {
+        const severity = (f.severity ?? "info");
+        bySeverity[severity] = (bySeverity[severity] ?? 0) + 1;
+    }
+    return bySeverity;
+}
+/**
+ * Tool-level injection resistance from the fuzzer's findings: a tool is
+ * "vulnerable" if it has any per-tool prompt-injection finding (the
+ * `prompt-injection:summary` aggregate is excluded). Resistance is the
+ * share of tested tools with no such finding. Pure and deterministic.
+ */
+export function injectionResistanceScore(findings, toolsTested) {
+    const vulnerable = new Set();
+    for (const f of findings) {
+        if (!f.ruleId.startsWith("prompt-injection:"))
+            continue;
+        if (f.ruleId === "prompt-injection:summary")
+            continue;
+        const tool = f.metadata?.tool ?? f.message;
+        vulnerable.add(tool);
+    }
+    const vulnerableTools = vulnerable.size;
+    const resistantTools = Math.max(0, toolsTested - vulnerableTools);
+    const score = toolsTested === 0 ? 0 : Math.round((100 * resistantTools) / toolsTested);
+    return {
+        score,
+        grade: getGrade(score / 100),
+        toolsTested,
+        vulnerableTools,
+        resistantTools,
+    };
+}
+/** Summarize one exposure dimension's findings (counts, not a 0–100 score). */
+export function summarizeExposure(dimension, scanner, findings) {
+    const bySeverity = countBySeverity(findings);
+    const criticalHigh = bySeverity.critical + bySeverity.high;
+    return {
+        dimension,
+        scanner,
+        findingCount: findings.length,
+        criticalHigh,
+        bySeverity,
+        clean: findings.length === 0,
+    };
+}
+/**
+ * Run the red-team battery against a manifest and return a reproducible
+ * resistance report. Runs only the behavioral / red-team-relevant agent
+ * scanners (no supply-chain network calls, no baseline-dependent drift).
+ */
+export async function runRedTeamBenchmark(options) {
+    const corpus = options.corpus ?? "quick";
+    const result = await runAgentScanners({
+        target: { manifest: options.manifest, sourcePath: options.sourcePath },
+        authorized: true,
+        scanners: {
+            promptInjection: true,
+            exfilPath: true,
+            sandboxAudit: true,
+            credentialScope: true,
+            manifestAudit: true,
+            toolDrift: false,
+            permissionMinimiser: false,
+            supplyChain: false,
+        },
+        fuzzerCorpus: corpus,
+        createBaselineIfMissing: false,
+    });
+    const findingsByScanner = new Map();
+    for (const scan of result.scanners) {
+        findingsByScanner.set(scan.scanner, scan.findings);
+    }
+    const injectionResistance = injectionResistanceScore(findingsByScanner.get("prompt-injection-fuzzer") ?? [], options.manifest.tools.length);
+    const exposure = EXPOSURE_DIMENSIONS.filter((d) => findingsByScanner.has(d.scanner)).map((d) => summarizeExposure(d.dimension, d.scanner, findingsByScanner.get(d.scanner) ?? []));
+    return {
+        target: options.target ?? options.manifest.name,
+        manifestName: options.manifest.name,
+        manifestVersion: options.manifest.version,
+        corpus,
+        injectionResistance,
+        exposure,
+        overallScore: injectionResistance.score,
+        grade: injectionResistance.grade,
+    };
+}
+//# sourceMappingURL=redteam-harness.js.map

package/dist/eval/redteam-harness.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redteam-harness.js","sourceRoot":"","sources":["../../src/eval/redteam-harness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAO9D,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC,2DAA2D;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAG3B;IACH,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,kBAAkB,EAAE;IACxD,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,eAAe,EAAE;IAClD,EAAE,SAAS,EAAE,kBAAkB,EAAE,OAAO,EAAE,wBAAwB,EAAE;IACpE,EAAE,SAAS,EAAE,kBAAkB,EAAE,OAAO,EAAE,gBAAgB,EAAE;CAC7D,CAAC;AAEF,SAAS,kBAAkB;IACzB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,eAAe,CAAC,QAAgC;IACvD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAa,CAAC;QACpD,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAiCD;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAgC,EAChC,WAAmB;IAEnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC;YAAE,SAAS;QACxD,IAAI,CAAC,CAAC,MAAM,KAAK,0BAA0B;YAAE,SAAS;QACtD,MAAM,IAAI,GAAI,CAAC,CAAC,QAA0C,EAAE,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC;QAC9E,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IACD,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC;IACxC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,eAAe,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,WAAW,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,cAAc,CAAC,GAAG,WAAW,CAAC,CAAC;IACvF,OAAO;QACL,KAAK;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC;QAC5B,WAAW;QACX,eAAe;QACf,cAAc;KACf,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,OAAyB,EACzB,QAAgC;IAEhC,MAAM,UAAU,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC;IAC3D,OAAO;QACL,SAAS;QACT,OAAO;QACP,YAAY,EAAE,QAAQ,CAAC,MAAM;QAC7B,YAAY;QACZ,UAAU;QACV,KAAK,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC;KAC7B,CAAC;AACJ,CAAC;AAUD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAuB;IAEvB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,MAAM,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE;QACtE,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE;YACR,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,IAAI;YACf,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,KAAK;YAChB,mBAAmB,EAAE,KAAK;YAC1B,WAAW,EAAE,KAAK;SACnB;QACD,YAAY,EAAE,MAAM;QACpB,uBAAuB,EAAE,KAAK;KAC/B,CAAC,CAAC;IAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAkC,CAAC;IACpE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACnC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,mBAAmB,GAAG,wBAAwB,CAClD,iBAAiB,CAAC,GAAG,CAAC,yBAAyB,CAAC,IAAI,EAAE,EACtD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAC9B,CAAC;IAEF,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAChD,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CACjC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACV,iBAAiB,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAClF,CAAC;IAEF,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI;QAC/C,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI;QACnC,eAAe,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO;QACzC,MAAM;QACN,mBAAmB;QACnB,QAAQ;QACR,YAAY,EAAE,mBAAmB,CAAC,KAAK;QACvC,KAAK,EAAE,mBAAmB,CAAC,KAAK;KACjC,CAAC;AACJ,CAAC"}

package/dist/evidence/collector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"collector.d.ts","sourceRoot":"","sources":["../../src/evidence/collector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,OAAO,KAAK,EACV,cAAc,EACd,gBAAgB,EAIhB,sBAAsB,EACtB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAqMpB;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,qBAAqB,CAAC,CA+JhC;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAG3E;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CA6D7E"}
+{"version":3,"file":"collector.d.ts","sourceRoot":"","sources":["../../src/evidence/collector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,KAAK,EACV,cAAc,EACd,gBAAgB,EAIhB,sBAAsB,EACtB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAqMpB;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,qBAAqB,CAAC,CAuLhC;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAG3E;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CA6D7E"}

package/dist/evidence/collector.js

@@ -10,6 +10,7 @@ import { join, basename } from "path";
 import { createHash, randomUUID } from "crypto";
 import { platform, release, hostname } from "os";
 import { logger } from "../logger.js";
+import { signContent } from "../sbom/signing.js";
 const VASPERA_DIR = ".vaspera";
 const DEFAULT_MAX_INLINE_SIZE = 50 * 1024; // 50KB
 /**
@@ -183,7 +184,7 @@ function createInlineArtifact(content, type, name, description) {
  * Collect evidence artifacts
  */
 export async function collectEvidence(options) {
-    const { projectPath, certificationId, frameworks = [], includeSbom = true, includeHistory = true, includeScanResults = true, includeConfig = true, maxInlineSize = DEFAULT_MAX_INLINE_SIZE, } = options;
+    const { projectPath, certificationId, frameworks = [], includeSbom = true, includeHistory = true, includeScanResults = true, includeConfig = true, sign = false, maxInlineSize = DEFAULT_MAX_INLINE_SIZE, } = options;
     const warnings = [];
     const artifacts = [];
     logger.info("evidence.collect.start", { projectPath, certificationId });
@@ -270,6 +271,25 @@ export async function collectEvidence(options) {
             artifacts,
             bundleDigest,
         };
+        // Optionally sign the bundle digest with Sigstore. Mirrors the agent
+        // certificate: we sign the bundleDigest (the tamper-evidence anchor) and
+        // attach the full Sigstore bundle so verification is independent. Degrades
+        // gracefully to unsigned (with a warning) when no OIDC identity is present.
+        if (sign) {
+            const signed = await signContent(bundleDigest);
+            if (signed.signed) {
+                bundle.signature = {
+                    signed: true,
+                    digest: signed.digest,
+                    signedAt: signed.signedAt,
+                    rekorLogIndex: signed.bundle?.verificationMaterial?.tlogEntries?.[0]?.logIndex,
+                    bundle: signed.bundle,
+                };
+            }
+            else {
+                warnings.push(`Evidence bundle signing requested but produced an unsigned bundle: ${signed.error ?? "no OIDC signing identity available"}`);
+            }
+        }
         logger.info("evidence.collect.complete", {
             bundleId: bundle.id,
             artifactCount: artifacts.length,

package/dist/evidence/collector.js.map

@@ -1 +1 @@
-{"version":3,"file":"collector.js","sourceRoot":"","sources":["../../src/evidence/collector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAYtC,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,uBAAuB,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO;AAElD;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACzD,OAAO,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB;IAC1B,iBAAiB;IACjB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,EAAE,CAAC;QAC1C,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE;YACxC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;YACvC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;YAC3B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC/B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;YACpC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;gBACvC,CAAC,CAAC;oBACE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAClD,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBACjD,GAAG,EAAE,sBAAsB,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;iBAC3D;gBACH,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,cAAc;gBAC3D,CAAC,CAAC;oBACE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;iBACnE;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED,YAAY;IACZ,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QACrC,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE;YACzC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE;YAC1C,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;YACnC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;YACpC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS;YAC5B,UAAU,EAAE;gBACV,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE;gBAC7C,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE;gBACvC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE;aACtC;YACD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;gBAC3C,CAAC,CAAC;oBACE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC;oBACtD,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;iBAC1C;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED,UAAU;IACV,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC5B,OAAO;YACL,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE;YACnC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;YACvC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;YAC3B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;SAChC,CAAC;IACJ,CAAC;IAED,WAAW;IACX,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpC,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE;YAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE;YACxC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;YAC9B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;YAClC,UAAU,EAAE;gBACV,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE;gBAChD,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE;gBAC/C,GAAG,EAAE,sBAAsB,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE;aACxG;YACD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;gBAC1C,CAAC,CAAC;oBACE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;oBAC7E,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;iBACrC;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC;QACxD,OAAO;YACL,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE;YAC/D,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;SAClE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB;IAC/B,MAAM,EAAE,GAAG,mBAAmB,EAAE,CAAC;IAEjC,OAAO;QACL,EAAE,EAAE,QAAQ,EAAE;QACd,SAAS,EAAE,OAAO,EAAE;QACpB,WAAW,EAAE,OAAO,CAAC,OAAO;QAC5B,cAAc,EAAE,MAAM,iBAAiB,EAAE;QACzC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,iCAAiC;QACpF,EAAE;QACF,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,OAAwB;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,QAAgB,EAChB,IAA0B,EAC1B,IAAY,EACZ,WAAmB,EACnB,aAAqB;IAErB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,QAAQ,GAAqB;YACjC,IAAI;YACJ,IAAI;YACJ,WAAW;YACX,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,UAAU,EAAE,QAAQ;SACrB,CAAC;QAEF,yBAAyB;QACzB,IAAI,KAAK,CAAC,IAAI,IAAI,aAAa,EAAE,CAAC;YAChC,QAAQ,CAAC,OAAO,GAAG,OAAO,CAAC;QAC7B,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,OAAe,EACf,IAA0B,EAC1B,IAAY,EACZ,WAAmB;IAEnB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO;QACL,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,aAAa,EAAE,eAAe,CAAC,YAAY,CAAC;QAC5C,SAAS,EAAE,YAAY,CAAC,MAAM;QAC9B,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA+B;IAE/B,MAAM,EACJ,WAAW,EACX,eAAe,EACf,UAAU,GAAG,EAAE,EACf,WAAW,GAAG,IAAI,EAClB,cAAc,GAAG,IAAI,EACrB,kBAAkB,GAAG,IAAI,EACzB,aAAa,GAAG,IAAI,EACpB,aAAa,GAAG,uBAAuB,GACxC,GAAG,OAAO,CAAC;IAEZ,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAuB,EAAE,CAAC;IAEzC,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC;IAExE,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAElD,uBAAuB;QACvB,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAC7C,UAAU,EACV,aAAa,EACb,gBAAgB,EAChB,4BAA4B,EAC5B,aAAa,CACd,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;YACtD,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAC9C,WAAW,EACX,kBAAkB,EAClB,eAAe,EACf,gDAAgD,EAChD,aAAa,CACd,CAAC;YACF,IAAI,eAAe,EAAE,CAAC;gBACpB,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,kBAAkB,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC3C,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACvB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACtC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,0BAA0B;gBAEnG,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;oBAC7B,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAC3C,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,EACpB,aAAa,EACb,QAAQ,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EACjC,+BAA+B,EAC/B,aAAa,CACd,CAAC;oBACF,IAAI,YAAY,EAAE,CAAC;wBACjB,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;gBACzB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC;gBAExC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;oBAC1E,IAAI,UAAU,EAAE,CAAC;wBACf,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAC7C,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,EAC5B,mBAAmB,EACnB,cAAc,SAAS,EAAE,EACzB,GAAG,SAAS,oBAAoB,EAChC,aAAa,CACd,CAAC;wBACF,IAAI,cAAc,EAAE,CAAC;4BACnB,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;wBACjC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YAC/C,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAC3C,QAAQ,EACR,MAAM,EACN,MAAM,EACN,wCAAwC,EACxC,aAAa,CACd,CAAC;YACF,IAAI,YAAY,EAAE,CAAC;gBACjB,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAEjD,sBAAsB;QACtB,MAAM,WAAW,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE/C,oBAAoB;QACpB,MAAM,MAAM,GAAmB;YAC7B,EAAE,EAAE,YAAY,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAC3C,eAAe;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,WAAW;YACX,SAAS;YACT,YAAY;SACb,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,aAAa,EAAE,SAAS,CAAC,MAAM;YAC/B,YAAY,EAAE,QAAQ,CAAC,MAAM;SAC9B,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM;YACN,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACzE,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAE5D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,OAAO;YACd,QAAQ;SACT,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,SAA6B;IACjE,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,OAAO,eAAe,CAAC,UAAU,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,MAAsB;IACnE,MAAM,KAAK,GAAa;QACtB,mBAAmB;QACnB,EAAE;QACF,kBAAkB,MAAM,CAAC,EAAE,EAAE;QAC7B,gBAAgB,MAAM,CAAC,SAAS,EAAE;QAClC,gBAAgB,MAAM,CAAC,WAAW,EAAE;QACpC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,sBAAsB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE;QAC5E,EAAE;QACF,gBAAgB;QAChB,EAAE;QACF,sBAAsB;QACtB,sBAAsB;QACtB,UAAU,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,SAAS,IAAI;QACnE,eAAe,MAAM,CAAC,WAAW,CAAC,WAAW,IAAI;QACjD,eAAe,MAAM,CAAC,WAAW,CAAC,cAAc,IAAI;KACrD,CAAC;IAEF,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CACR,mBAAmB,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,QAAQ,IAAI,EACrD,gBAAgB,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,OAAO,IAAI,EACjD,gBAAgB,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAClE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CACR,EAAE,EACF,cAAc,EACd,EAAE,EACF,iCAAiC,EACjC,iCAAiC,CAClC,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACtD,KAAK,CAAC,IAAI,CACR,KAAK,QAAQ,CAAC,IAAI,MAAM,QAAQ,CAAC,IAAI,MAAM,MAAM,UAAU,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CACxG,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CACR,EAAE,EACF,qBAAqB,EACrB,EAAE,EACF,wBAAwB,MAAM,CAAC,YAAY,IAAI,EAC/C,EAAE,CACH,CAAC;IAEF,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CACR,wBAAwB,EACxB,MAAM,CAAC,SAAS,CAAC,aAAa;YAC5B,CAAC,CAAC,wBAAwB,MAAM,CAAC,SAAS,CAAC,aAAa,EAAE;YAC1D,CAAC,CAAC,EAAE,CACP,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC"}
+{"version":3,"file":"collector.js","sourceRoot":"","sources":["../../src/evidence/collector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAYjD,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,uBAAuB,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO;AAElD;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACzD,OAAO,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB;IAC1B,iBAAiB;IACjB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,EAAE,CAAC;QAC1C,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE;YACxC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;YACvC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;YAC3B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC/B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;YACpC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;gBACvC,CAAC,CAAC;oBACE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAClD,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBACjD,GAAG,EAAE,sBAAsB,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;iBAC3D;gBACH,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,cAAc;gBAC3D,CAAC,CAAC;oBACE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;iBACnE;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED,YAAY;IACZ,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QACrC,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE;YACzC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE;YAC1C,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;YACnC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;YACpC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS;YAC5B,UAAU,EAAE;gBACV,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE;gBAC7C,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE;gBACvC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE;aACtC;YACD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;gBAC3C,CAAC,CAAC;oBACE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC;oBACtD,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;iBAC1C;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED,UAAU;IACV,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC5B,OAAO;YACL,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE;YACnC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;YACvC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;YAC3B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;SAChC,CAAC;IACJ,CAAC;IAED,WAAW;IACX,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpC,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE;YAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE;YACxC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;YAC9B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;YAClC,UAAU,EAAE;gBACV,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE;gBAChD,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE;gBAC/C,GAAG,EAAE,sBAAsB,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE;aACxG;YACD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;gBAC1C,CAAC,CAAC;oBACE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;oBAC7E,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;iBACrC;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC;QACxD,OAAO;YACL,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE;YAC/D,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;SAClE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB;IAC/B,MAAM,EAAE,GAAG,mBAAmB,EAAE,CAAC;IAEjC,OAAO;QACL,EAAE,EAAE,QAAQ,EAAE;QACd,SAAS,EAAE,OAAO,EAAE;QACpB,WAAW,EAAE,OAAO,CAAC,OAAO;QAC5B,cAAc,EAAE,MAAM,iBAAiB,EAAE;QACzC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,iCAAiC;QACpF,EAAE;QACF,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,OAAwB;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,QAAgB,EAChB,IAA0B,EAC1B,IAAY,EACZ,WAAmB,EACnB,aAAqB;IAErB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,QAAQ,GAAqB;YACjC,IAAI;YACJ,IAAI;YACJ,WAAW;YACX,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,UAAU,EAAE,QAAQ;SACrB,CAAC;QAEF,yBAAyB;QACzB,IAAI,KAAK,CAAC,IAAI,IAAI,aAAa,EAAE,CAAC;YAChC,QAAQ,CAAC,OAAO,GAAG,OAAO,CAAC;QAC7B,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,OAAe,EACf,IAA0B,EAC1B,IAAY,EACZ,WAAmB;IAEnB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO;QACL,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,aAAa,EAAE,eAAe,CAAC,YAAY,CAAC;QAC5C,SAAS,EAAE,YAAY,CAAC,MAAM;QAC9B,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA+B;IAE/B,MAAM,EACJ,WAAW,EACX,eAAe,EACf,UAAU,GAAG,EAAE,EACf,WAAW,GAAG,IAAI,EAClB,cAAc,GAAG,IAAI,EACrB,kBAAkB,GAAG,IAAI,EACzB,aAAa,GAAG,IAAI,EACpB,IAAI,GAAG,KAAK,EACZ,aAAa,GAAG,uBAAuB,GACxC,GAAG,OAAO,CAAC;IAEZ,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAuB,EAAE,CAAC;IAEzC,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC;IAExE,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAElD,uBAAuB;QACvB,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAC7C,UAAU,EACV,aAAa,EACb,gBAAgB,EAChB,4BAA4B,EAC5B,aAAa,CACd,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;YACtD,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAC9C,WAAW,EACX,kBAAkB,EAClB,eAAe,EACf,gDAAgD,EAChD,aAAa,CACd,CAAC;YACF,IAAI,eAAe,EAAE,CAAC;gBACpB,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,kBAAkB,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC3C,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACvB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACtC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,0BAA0B;gBAEnG,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;oBAC7B,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAC3C,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,EACpB,aAAa,EACb,QAAQ,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EACjC,+BAA+B,EAC/B,aAAa,CACd,CAAC;oBACF,IAAI,YAAY,EAAE,CAAC;wBACjB,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;gBACzB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC;gBAExC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;oBAC1E,IAAI,UAAU,EAAE,CAAC;wBACf,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAC7C,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,EAC5B,mBAAmB,EACnB,cAAc,SAAS,EAAE,EACzB,GAAG,SAAS,oBAAoB,EAChC,aAAa,CACd,CAAC;wBACF,IAAI,cAAc,EAAE,CAAC;4BACnB,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;wBACjC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YAC/C,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAC3C,QAAQ,EACR,MAAM,EACN,MAAM,EACN,wCAAwC,EACxC,aAAa,CACd,CAAC;YACF,IAAI,YAAY,EAAE,CAAC;gBACjB,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAEjD,sBAAsB;QACtB,MAAM,WAAW,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE/C,oBAAoB;QACpB,MAAM,MAAM,GAAmB;YAC7B,EAAE,EAAE,YAAY,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAC3C,eAAe;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW;YACX,UAAU;YACV,WAAW;YACX,SAAS;YACT,YAAY;SACb,CAAC;QAEF,qEAAqE;QACrE,yEAAyE;QACzE,2EAA2E;QAC3E,4EAA4E;QAC5E,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;YAC/C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,CAAC,SAAS,GAAG;oBACjB,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,oBAAoB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ;oBAC9E,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CACX,sEACE,MAAM,CAAC,KAAK,IAAI,oCAClB,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,aAAa,EAAE,SAAS,CAAC,MAAM;YAC/B,YAAY,EAAE,QAAQ,CAAC,MAAM;SAC9B,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM;YACN,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACzE,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAE5D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,OAAO;YACd,QAAQ;SACT,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,SAA6B;IACjE,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,OAAO,eAAe,CAAC,UAAU,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,MAAsB;IACnE,MAAM,KAAK,GAAa;QACtB,mBAAmB;QACnB,EAAE;QACF,kBAAkB,MAAM,CAAC,EAAE,EAAE;QAC7B,gBAAgB,MAAM,CAAC,SAAS,EAAE;QAClC,gBAAgB,MAAM,CAAC,WAAW,EAAE;QACpC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,sBAAsB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE;QAC5E,EAAE;QACF,gBAAgB;QAChB,EAAE;QACF,sBAAsB;QACtB,sBAAsB;QACtB,UAAU,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,SAAS,IAAI;QACnE,eAAe,MAAM,CAAC,WAAW,CAAC,WAAW,IAAI;QACjD,eAAe,MAAM,CAAC,WAAW,CAAC,cAAc,IAAI;KACrD,CAAC;IAEF,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CACR,mBAAmB,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,QAAQ,IAAI,EACrD,gBAAgB,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,OAAO,IAAI,EACjD,gBAAgB,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAClE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CACR,EAAE,EACF,cAAc,EACd,EAAE,EACF,iCAAiC,EACjC,iCAAiC,CAClC,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACtD,KAAK,CAAC,IAAI,CACR,KAAK,QAAQ,CAAC,IAAI,MAAM,QAAQ,CAAC,IAAI,MAAM,MAAM,UAAU,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CACxG,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CACR,EAAE,EACF,qBAAqB,EACrB,EAAE,EACF,wBAAwB,MAAM,CAAC,YAAY,IAAI,EAC/C,EAAE,CACH,CAAC;IAEF,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CACR,wBAAwB,EACxB,MAAM,CAAC,SAAS,CAAC,aAAa;YAC5B,CAAC,CAAC,wBAAwB,MAAM,CAAC,SAAS,CAAC,aAAa,EAAE;YAC1D,CAAC,CAAC,EAAE,CACP,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC"}

package/dist/evidence/store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/evidence/store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAoBpB;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAWhC;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAiCpG;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,oBAAoB,CAAC,CAgD/B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IACnE,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC,CA0CD"}
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/evidence/store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAsBpB;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAWhC;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAiCpG;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,oBAAoB,CAAC,CAsE/B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IACnE,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC,CA0CD"}

package/dist/evidence/store.js

@@ -10,6 +10,7 @@ import { join } from "path";
 import { createHash } from "crypto";
 import { logger } from "../logger.js";
 import { calculateBundleDigest } from "./collector.js";
+import { verifySignedArtifact } from "../sbom/signing.js";
 const EVIDENCE_DIR = ".vaspera/evidence";
 /**
  * Ensure evidence directory exists
@@ -115,13 +116,36 @@ export async function verifyEvidenceBundle(bundle) {
         }
         // Note: For non-inline artifacts, we can't verify without accessing the stored file
     }
-    // Verify signature if present
+    // Verify the Sigstore signature if present — real verification, not just
+    // presence. The bundle digest (verified above) is the signed content, so we
+    // reconstruct the SignedArtifact and run the same check the certificate path
+    // uses (digest match + transparency-log entries).
     if (bundle.signature) {
-        // Signature verification would call verifyBlob from src/sbom/signing.ts
-        // For now, we just check if the signature exists
-        result.signatureValid = true;
+        const sig = bundle.signature;
+        if (sig.signed && sig.bundle) {
+            const artifact = {
+                content: bundle.bundleDigest,
+                digest: sig.digest,
+                bundle: sig.bundle,
+                signedAt: sig.signedAt,
+                signed: true,
+            };
+            const sigResult = await verifySignedArtifact(artifact);
+            result.signatureValid = sigResult.valid;
+            if (!sigResult.valid) {
+                const detail = sigResult.errors.map((e) => `signature: ${e}`).join("; ");
+                result.error = result.error ? `${result.error}; ${detail}` : detail;
+            }
+        }
+        else {
+            // A signature object that is not actually signed is not valid.
+            result.signatureValid = false;
+        }
     }
-    result.verified = result.artifactsIntact && result.failedArtifacts.length === 0;
+    result.verified =
+        result.artifactsIntact &&
+            result.failedArtifacts.length === 0 &&
+            result.signatureValid !== false;
     logger.info("evidence.verify.complete", {
         bundleId: bundle.id,
         verified: result.verified,

package/dist/evidence/store.js.map

@@ -1 +1 @@
-{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/evidence/store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAKtC,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAEvD,MAAM,YAAY,GAAG,mBAAmB,CAAC;AAEzC;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,WAAmB,EACnB,MAAsB;IAEtB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,EAAE,OAAO,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAEpE,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE7E,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,WAAmB,EACnB,QAAgB;IAEhB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,WAAmB;IAEnB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,MAAM,OAAO,GAA8F,EAAE,CAAC;IAE9G,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QAEtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YACjE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,MAAM,CAAC,EAAE;gBACb,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,eAAe,EAAE,MAAM,CAAC,eAAe;gBACvC,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM;aACvC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAE/D,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAsB;IAEtB,MAAM,MAAM,GAAyB;QACnC,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,eAAe,EAAE,IAAI;QACrB,eAAe,EAAE,EAAE;QACnB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;IAEF,uBAAuB;IACvB,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,IAAI,gBAAgB,KAAK,MAAM,CAAC,YAAY,EAAE,CAAC;QAC7C,MAAM,CAAC,KAAK,GAAG,oCAAoC,MAAM,CAAC,YAAY,SAAS,gBAAgB,EAAE,CAAC;QAClG,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2CAA2C;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC;iBACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;iBAC9C,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjB,IAAI,cAAc,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC9C,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC;gBAC/B,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QACD,oFAAoF;IACtF,CAAC;IAED,8BAA8B;IAC9B,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,wEAAwE;QACxE,iDAAiD;QACjD,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;IAC/B,CAAC;IAED,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,CAAC;IAEhF,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;QACtC,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,eAAe,CAAC,MAAM;KAC3C,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IAMxD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAE3D,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAA0B,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,SAAS,IAAI,KAAK,CAAC,IAAI,CAAC;QAExB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;YAErD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;gBACzC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC;YAC5B,CAAC;YACD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;gBACzC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,SAAS,CAAC,MAAM;QAC7B,cAAc,EAAE,SAAS;QACzB,YAAY,EAAE,MAAM;QACpB,YAAY,EAAE,MAAM;KACrB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/evidence/store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAKtC,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAG1D,MAAM,YAAY,GAAG,mBAAmB,CAAC;AAEzC;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,WAAmB,EACnB,MAAsB;IAEtB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,EAAE,OAAO,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAEpE,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE7E,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,WAAmB,EACnB,QAAgB;IAEhB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,WAAmB;IAEnB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,MAAM,OAAO,GAA8F,EAAE,CAAC;IAE9G,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QAEtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YACjE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,MAAM,CAAC,EAAE;gBACb,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,eAAe,EAAE,MAAM,CAAC,eAAe;gBACvC,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM;aACvC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAE/D,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAsB;IAEtB,MAAM,MAAM,GAAyB;QACnC,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,eAAe,EAAE,IAAI;QACrB,eAAe,EAAE,EAAE;QACnB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;IAEF,uBAAuB;IACvB,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,IAAI,gBAAgB,KAAK,MAAM,CAAC,YAAY,EAAE,CAAC;QAC7C,MAAM,CAAC,KAAK,GAAG,oCAAoC,MAAM,CAAC,YAAY,SAAS,gBAAgB,EAAE,CAAC;QAClG,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2CAA2C;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC;iBACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;iBAC9C,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjB,IAAI,cAAc,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC9C,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC;gBAC/B,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QACD,oFAAoF;IACtF,CAAC;IAED,yEAAyE;IACzE,4EAA4E;IAC5E,6EAA6E;IAC7E,kDAAkD;IAClD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;QAC7B,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAmB;gBAC/B,OAAO,EAAE,MAAM,CAAC,YAAY;gBAC5B,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM,EAAE,GAAG,CAAC,MAAoC;gBAChD,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,MAAM,EAAE,IAAI;aACb,CAAC;YACF,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YACvD,MAAM,CAAC,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC;YACxC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzE,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YACtE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,+DAA+D;YAC/D,MAAM,CAAC,cAAc,GAAG,KAAK,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,QAAQ;QACb,MAAM,CAAC,eAAe;YACtB,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC;YACnC,MAAM,CAAC,cAAc,KAAK,KAAK,CAAC;IAElC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;QACtC,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,eAAe,CAAC,MAAM;KAC3C,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IAMxD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAE3D,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAA0B,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,SAAS,IAAI,KAAK,CAAC,IAAI,CAAC;QAExB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;YAErD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;gBACzC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC;YAC5B,CAAC;YACD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;gBACzC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,SAAS,CAAC,MAAM;QAC7B,cAAc,EAAE,SAAS;QACzB,YAAY,EAAE,MAAM;QACpB,YAAY,EAAE,MAAM;KACrB,CAAC;AACJ,CAAC"}

package/dist/evidence/types.d.ts

@@ -101,16 +101,23 @@ export interface EvidenceBundle {
     artifacts: EvidenceArtifact[];
     /** Overall bundle digest (SHA-256 of all artifact digests) */
     bundleDigest: string;
-    /** Sigstore signature of the bundle */
+    /**
+     * Sigstore signature over the bundle digest. Shaped to mirror the agent
+     * certificate's signature so the same verification path (verifySignedArtifact)
+     * can be reused: it carries the full Sigstore bundle and the content digest,
+     * not just opaque fields.
+     */
     signature?: {
-        /** Base64-encoded signature */
-        value: string;
-        /** Signing certificate (Base64 PEM) */
-        certificate?: string;
-        /** Rekor transparency log index */
-        rekorLogIndex?: number;
-        /** Rekor log ID */
-        rekorLogId?: string;
+        /** Whether signing succeeded (only set when it did). */
+        signed: boolean;
+        /** sha256 of the signed content (the bundle digest). */
+        digest: string;
+        /** ISO timestamp of signing. */
+        signedAt: string;
+        /** Rekor transparency-log index, if the bundle was logged. */
+        rekorLogIndex?: string;
+        /** Full Sigstore bundle (needed to verify; omitted when unsigned). */
+        bundle?: unknown;
     };
     /** Bundle metadata */
     metadata?: Record<string, unknown>;