vaspera 2.7.0 → 2.9.0

package/dist/exporters/sonarqube.d.ts

@@ -0,0 +1,18 @@
+/**
+ * SonarQube Exporter
+ *
+ * Exports findings to SonarQube Generic Issue Import Format.
+ *
+ * @module exporters/sonarqube
+ */
+import type { Certification } from "../certification/types.js";
+import type { ExportOptions, ExportResult, Exporter } from "./types.js";
+/**
+ * Export certification to SonarQube format
+ */
+export declare function exportToSonarQube(certification: Certification, options?: ExportOptions): Promise<ExportResult>;
+/**
+ * SonarQube exporter instance
+ */
+export declare const sonarqubeExporter: Exporter;
+//# sourceMappingURL=sonarqube.d.ts.map

package/dist/exporters/sonarqube.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sonarqube.d.ts","sourceRoot":"","sources":["../../src/exporters/sonarqube.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAqB,MAAM,2BAA2B,CAAC;AAClF,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,QAAQ,EAGT,MAAM,YAAY,CAAC;AAqFpB;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,aAAa,EAAE,aAAa,EAC5B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,CAuCvB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,QAG/B,CAAC"}

package/dist/exporters/sonarqube.js

@@ -0,0 +1,125 @@
+/**
+ * SonarQube Exporter
+ *
+ * Exports findings to SonarQube Generic Issue Import Format.
+ *
+ * @module exporters/sonarqube
+ */
+import { writeFile } from "fs/promises";
+/**
+ * Map Vaspera severity to SonarQube severity
+ */
+const SEVERITY_MAP = {
+    critical: "BLOCKER",
+    high: "CRITICAL",
+    medium: "MAJOR",
+    low: "MINOR",
+    info: "INFO",
+};
+/**
+ * Map category to SonarQube issue type
+ */
+function categoryToType(category) {
+    const securityCategories = [
+        "injection",
+        "xss",
+        "authentication",
+        "authorization",
+        "cryptography",
+        "secrets",
+        "api-security",
+    ];
+    if (securityCategories.some((c) => category.toLowerCase().includes(c))) {
+        return "VULNERABILITY";
+    }
+    const bugCategories = ["error-handling", "null-safety", "type-safety", "memory"];
+    if (bugCategories.some((c) => category.toLowerCase().includes(c))) {
+        return "BUG";
+    }
+    return "CODE_SMELL";
+}
+/**
+ * Estimate effort to fix in minutes based on severity
+ */
+function estimateEffort(severity) {
+    switch (severity) {
+        case "critical":
+            return 120;
+        case "high":
+            return 60;
+        case "medium":
+            return 30;
+        case "low":
+            return 15;
+        case "info":
+            return 5;
+    }
+}
+/**
+ * Convert a finding to SonarQube issue
+ */
+function findingToIssue(finding, projectRoot) {
+    let filePath = finding.file || "unknown";
+    if (projectRoot && filePath.startsWith(projectRoot)) {
+        filePath = filePath.slice(projectRoot.length).replace(/^\//, "");
+    }
+    return {
+        engineId: "vaspera",
+        ruleId: finding.scanner_rule_id || `vaspera-${finding.category}`,
+        primaryLocation: {
+            message: finding.description,
+            filePath,
+            textRange: finding.line
+                ? {
+                    startLine: finding.line,
+                    endLine: finding.line,
+                }
+                : undefined,
+        },
+        type: categoryToType(finding.category),
+        severity: SEVERITY_MAP[finding.severity],
+        effortMinutes: estimateEffort(finding.severity),
+    };
+}
+/**
+ * Export certification to SonarQube format
+ */
+export async function exportToSonarQube(certification, options = {}) {
+    const { outputPath, minSeverity = "info", projectRoot, includeResolved = false } = options;
+    const severityOrder = ["critical", "high", "medium", "low", "info"];
+    const minIndex = severityOrder.indexOf(minSeverity);
+    // Collect all findings
+    const allFindings = [];
+    for (const [, agentData] of Object.entries(certification.agents)) {
+        if (agentData?.findings) {
+            allFindings.push(...agentData.findings);
+        }
+    }
+    // Filter by severity
+    const filteredFindings = allFindings.filter((f) => {
+        const sevIndex = severityOrder.indexOf(f.severity);
+        return sevIndex <= minIndex;
+    });
+    // Convert to SonarQube format
+    const issues = filteredFindings.map((f) => findingToIssue(f, projectRoot));
+    const report = { issues };
+    const content = JSON.stringify(report, null, 2);
+    // Write to file if path provided
+    if (outputPath) {
+        await writeFile(outputPath, content, "utf-8");
+    }
+    return {
+        format: "sonarqube",
+        outputPath,
+        findingsExported: issues.length,
+        content,
+    };
+}
+/**
+ * SonarQube exporter instance
+ */
+export const sonarqubeExporter = {
+    format: "sonarqube",
+    export: exportToSonarQube,
+};
+//# sourceMappingURL=sonarqube.js.map

package/dist/exporters/sonarqube.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sonarqube.js","sourceRoot":"","sources":["../../src/exporters/sonarqube.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAUxC;;GAEG;AACH,MAAM,YAAY,GAAiD;IACjE,QAAQ,EAAE,SAAS;IACnB,IAAI,EAAE,UAAU;IAChB,MAAM,EAAE,OAAO;IACf,GAAG,EAAE,OAAO;IACZ,IAAI,EAAE,MAAM;CACb,CAAC;AAEF;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,kBAAkB,GAAG;QACzB,WAAW;QACX,KAAK;QACL,gBAAgB;QAChB,eAAe;QACf,cAAc;QACd,SAAS;QACT,cAAc;KACf,CAAC;IAEF,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;IACjF,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAkB;IACxC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,GAAG,CAAC;QACb,KAAK,MAAM;YACT,OAAO,EAAE,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,EAAE,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAgB,EAAE,WAAoB;IAC5D,IAAI,QAAQ,GAAG,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IACzC,IAAI,WAAW,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,OAAO,CAAC,eAAe,IAAI,WAAW,OAAO,CAAC,QAAQ,EAAE;QAChE,eAAe,EAAE;YACf,OAAO,EAAE,OAAO,CAAC,WAAW;YAC5B,QAAQ;YACR,SAAS,EAAE,OAAO,CAAC,IAAI;gBACrB,CAAC,CAAC;oBACE,SAAS,EAAE,OAAO,CAAC,IAAI;oBACvB,OAAO,EAAE,OAAO,CAAC,IAAI;iBACtB;gBACH,CAAC,CAAC,SAAS;SACd;QACD,IAAI,EAAE,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC;QACtC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxC,aAAa,EAAE,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC;KAChD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,aAA4B,EAC5B,UAAyB,EAAE;IAE3B,MAAM,EAAE,UAAU,EAAE,WAAW,GAAG,MAAM,EAAE,WAAW,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAE3F,MAAM,aAAa,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAChF,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAEpD,uBAAuB;IACvB,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACjE,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;YACxB,WAAW,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,QAAQ,IAAI,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,MAAM,MAAM,GAAqB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1D,cAAc,CAAC,CAAC,EAAE,WAAW,CAAC,CAC/B,CAAC;IAEF,MAAM,MAAM,GAAoB,EAAE,MAAM,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEhD,iCAAiC;IACjC,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,UAAU;QACV,gBAAgB,EAAE,MAAM,CAAC,MAAM;QAC/B,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAa;IACzC,MAAM,EAAE,WAAW;IACnB,MAAM,EAAE,iBAAiB;CAC1B,CAAC"}

package/dist/exporters/types.d.ts

@@ -0,0 +1,190 @@
+/**
+ * Exporter Types
+ *
+ * Defines types for exporting findings to various security tool formats.
+ *
+ * @module exporters/types
+ */
+import type { Certification, Severity } from "../certification/types.js";
+/**
+ * Supported export formats
+ */
+export type ExportFormat = "sarif" | "sonarqube" | "snyk" | "checkmarx";
+/**
+ * Export options
+ */
+export interface ExportOptions {
+    /** Output file path */
+    outputPath?: string;
+    /** Include resolved/fixed findings */
+    includeResolved?: boolean;
+    /** Minimum severity to include */
+    minSeverity?: Severity;
+    /** Project root path for relative file paths */
+    projectRoot?: string;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Export result
+ */
+export interface ExportResult {
+    format: ExportFormat;
+    outputPath?: string;
+    findingsExported: number;
+    content: string;
+}
+/**
+ * Exporter interface
+ */
+export interface Exporter {
+    format: ExportFormat;
+    export(certification: Certification, options?: ExportOptions): Promise<ExportResult>;
+}
+/**
+ * SonarQube Generic Issue Import Format
+ * https://docs.sonarqube.org/latest/analyzing-source-code/importing-external-issues/generic-issue-import-format/
+ */
+export interface SonarQubeReport {
+    issues: SonarQubeIssue[];
+}
+export interface SonarQubeIssue {
+    /** Engine ID (e.g., "vaspera") */
+    engineId: string;
+    /** Rule ID */
+    ruleId: string;
+    /** Primary location */
+    primaryLocation: {
+        message: string;
+        filePath: string;
+        textRange?: {
+            startLine: number;
+            endLine?: number;
+            startColumn?: number;
+            endColumn?: number;
+        };
+    };
+    /** Issue type */
+    type: "BUG" | "VULNERABILITY" | "CODE_SMELL";
+    /** Severity */
+    severity: "BLOCKER" | "CRITICAL" | "MAJOR" | "MINOR" | "INFO";
+    /** Effort to fix (in minutes) */
+    effortMinutes?: number;
+    /** Secondary locations */
+    secondaryLocations?: Array<{
+        message: string;
+        filePath: string;
+        textRange?: {
+            startLine: number;
+            endLine?: number;
+        };
+    }>;
+}
+/**
+ * Snyk JSON Output Format
+ * https://docs.snyk.io/snyk-cli/commands/test
+ */
+export interface SnykReport {
+    ok: boolean;
+    vulnerabilities: SnykVulnerability[];
+    dependencyCount: number;
+    org: string;
+    policy: string;
+    isPrivate: boolean;
+    licensesPolicy: Record<string, unknown>;
+    packageManager: string;
+    projectName: string;
+    summary: string;
+    filesystemPolicy: boolean;
+    filtered?: {
+        ignore: unknown[];
+        patch: unknown[];
+    };
+}
+export interface SnykVulnerability {
+    /** Vulnerability ID */
+    id: string;
+    /** Title */
+    title: string;
+    /** Description */
+    description: string;
+    /** Severity */
+    severity: "critical" | "high" | "medium" | "low";
+    /** CVSS score */
+    cvssScore?: number;
+    /** CVE IDs */
+    identifiers?: {
+        CVE?: string[];
+        CWE?: string[];
+    };
+    /** Affected package */
+    packageName?: string;
+    /** Affected version */
+    version?: string;
+    /** Fixed in version */
+    fixedIn?: string[];
+    /** File paths */
+    from?: string[];
+    /** Upgrade path */
+    upgradePath?: string[];
+    /** Exploit maturity */
+    exploit?: string;
+    /** Is patchable */
+    isPatchable?: boolean;
+    /** Is upgradeable */
+    isUpgradable?: boolean;
+    /** Publication time */
+    publicationTime?: string;
+    /** Disclosure time */
+    disclosureTime?: string;
+    /** SEMVER vulnerable */
+    semver?: {
+        vulnerable: string[];
+    };
+}
+/**
+ * Checkmarx XML Report Format (simplified)
+ * Based on Checkmarx CxSAST report structure
+ */
+export interface CheckmarxReport {
+    projectName: string;
+    projectId: string;
+    scanId: string;
+    scanDate: string;
+    scanStatus: string;
+    resultsCount: number;
+    results: CheckmarxResult[];
+}
+export interface CheckmarxResult {
+    /** Query ID */
+    queryId: string;
+    /** Query name */
+    queryName: string;
+    /** Query group (category) */
+    queryGroup: string;
+    /** CWE ID */
+    cweId?: string;
+    /** Severity */
+    severity: "High" | "Medium" | "Low" | "Information";
+    /** Result state */
+    state: "To Verify" | "Not Exploitable" | "Confirmed" | "Urgent";
+    /** Source file */
+    sourceFile: string;
+    /** Source line */
+    sourceLine: number;
+    /** Source object */
+    sourceObject: string;
+    /** Destination file */
+    destFile?: string;
+    /** Destination line */
+    destLine?: number;
+    /** Destination object */
+    destObject?: string;
+    /** Result hash */
+    resultHash: string;
+    /** Detection date */
+    detectionDate: string;
+    /** Comment */
+    comment?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/exporters/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/exporters/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAElF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,WAAW,GAAG,MAAM,GAAG,WAAW,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uBAAuB;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kCAAkC;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,YAAY,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACtF;AAMD;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,cAAc,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,eAAe,EAAE;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE;YACV,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,SAAS,CAAC,EAAE,MAAM,CAAC;SACpB,CAAC;KACH,CAAC;IACF,iBAAiB;IACjB,IAAI,EAAE,KAAK,GAAG,eAAe,GAAG,YAAY,CAAC;IAC7C,eAAe;IACf,QAAQ,EAAE,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,OAAO,GAAG,MAAM,CAAC;IAC9D,iCAAiC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0BAA0B;IAC1B,kBAAkB,CAAC,EAAE,KAAK,CAAC;QACzB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE;YACV,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;KACH,CAAC,CAAC;CACJ;AAMD;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,eAAe,EAAE,iBAAiB,EAAE,CAAC;IACrC,eAAe,EAAE,MAAM,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE;QACT,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,KAAK,EAAE,OAAO,EAAE,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,uBAAuB;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc;IACd,WAAW,CAAC,EAAE;QACZ,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;QACf,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;KAChB,CAAC;IACF,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,iBAAiB;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,mBAAmB;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mBAAmB;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,qBAAqB;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,uBAAuB;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wBAAwB;IACxB,MAAM,CAAC,EAAE;QACP,UAAU,EAAE,MAAM,EAAE,CAAC;KACtB,CAAC;CACH;AAMD;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,eAAe,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,eAAe;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe;IACf,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,aAAa,CAAC;IACpD,mBAAmB;IACnB,KAAK,EAAE,WAAW,GAAG,iBAAiB,GAAG,WAAW,GAAG,QAAQ,CAAC;IAChE,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}

package/dist/exporters/types.js

@@ -0,0 +1,9 @@
+/**
+ * Exporter Types
+ *
+ * Defines types for exporting findings to various security tool formats.
+ *
+ * @module exporters/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/exporters/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/exporters/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/frontier/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Frontier Model Integration
+ *
+ * Provides interfaces and orchestration for integrating frontier AI models
+ * (Mythos, GPT-5.5-Cyber, etc.) into the certification pipeline.
+ *
+ * @module frontier
+ */
+export * from "./types.js";
+export * from "./orchestrator.js";
+export { StubFrontierProvider, createStubProvider } from "./providers/stub.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/frontier/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/frontier/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,cAAc,mBAAmB,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/frontier/index.js

@@ -0,0 +1,12 @@
+/**
+ * Frontier Model Integration
+ *
+ * Provides interfaces and orchestration for integrating frontier AI models
+ * (Mythos, GPT-5.5-Cyber, etc.) into the certification pipeline.
+ *
+ * @module frontier
+ */
+export * from "./types.js";
+export * from "./orchestrator.js";
+export { StubFrontierProvider, createStubProvider } from "./providers/stub.js";
+//# sourceMappingURL=index.js.map

package/dist/frontier/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/frontier/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,cAAc,mBAAmB,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/frontier/orchestrator.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Frontier Model Orchestrator
+ *
+ * Manages multiple frontier model providers, handles fallback,
+ * and implements consensus across models for high-confidence results.
+ *
+ * @module frontier/orchestrator
+ */
+import type { FrontierProvider, FrontierModelProvider, FrontierAnalysisRequest, FrontierAnalysisResult, ConsensusResult, FrontierConfig, CostEstimate } from "./types.js";
+/**
+ * Orchestrates frontier model analysis across multiple providers
+ */
+export declare class FrontierOrchestrator {
+    private providers;
+    private config;
+    constructor(config?: Partial<FrontierConfig>);
+    /**
+     * Register a model provider
+     */
+    registerProvider(provider: FrontierModelProvider): void;
+    /**
+     * Get a registered provider
+     */
+    getProvider(name: FrontierProvider): FrontierModelProvider | undefined;
+    /**
+     * List all registered providers
+     */
+    listProviders(): FrontierProvider[];
+    /**
+     * Check availability of all providers
+     */
+    checkAvailability(): Promise<Record<FrontierProvider, {
+        available: boolean;
+        error?: string;
+    }>>;
+    /**
+     * Run analysis with a single provider
+     */
+    runWithProvider(request: FrontierAnalysisRequest, providerName: FrontierProvider): Promise<FrontierAnalysisResult>;
+    /**
+     * Run analysis with fallback through multiple providers
+     */
+    runWithFallback(request: FrontierAnalysisRequest, providerNames: FrontierProvider[]): Promise<FrontierAnalysisResult>;
+    /**
+     * Run analysis with multiple providers for consensus
+     */
+    runWithConsensus(request: FrontierAnalysisRequest, providerNames: FrontierProvider[]): Promise<ConsensusResult>;
+    /**
+     * Calculate consensus across model results
+     */
+    private calculateConsensus;
+    /**
+     * Estimate cost for an analysis across providers
+     */
+    estimateCost(request: FrontierAnalysisRequest, providerNames?: FrontierProvider[]): Promise<Record<FrontierProvider, CostEstimate>>;
+    /**
+     * Get the default provider order based on config
+     */
+    getDefaultProviderOrder(): FrontierProvider[];
+    /**
+     * Run analysis with default configuration
+     */
+    run(request: FrontierAnalysisRequest): Promise<FrontierAnalysisResult | ConsensusResult>;
+}
+/**
+ * Get the singleton orchestrator instance
+ */
+export declare function getFrontierOrchestrator(config?: Partial<FrontierConfig>): FrontierOrchestrator;
+/**
+ * Reset the singleton (for testing)
+ */
+export declare function resetFrontierOrchestrator(): void;
+//# sourceMappingURL=orchestrator.d.ts.map

package/dist/frontier/orchestrator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"orchestrator.d.ts","sourceRoot":"","sources":["../../src/frontier/orchestrator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,sBAAsB,EACtB,eAAe,EAIf,cAAc,EACd,YAAY,EACb,MAAM,YAAY,CAAC;AAQpB;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,SAAS,CAA2D;IAC5E,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM;IAIhD;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,qBAAqB,GAAG,IAAI;IAKvD;;OAEG;IACH,WAAW,CAAC,IAAI,EAAE,gBAAgB,GAAG,qBAAqB,GAAG,SAAS;IAItE;;OAEG;IACH,aAAa,IAAI,gBAAgB,EAAE;IAInC;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAChC,MAAM,CAAC,gBAAgB,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CACjE;IAqBD;;OAEG;IACG,eAAe,CACnB,OAAO,EAAE,uBAAuB,EAChC,YAAY,EAAE,gBAAgB,GAC7B,OAAO,CAAC,sBAAsB,CAAC;IAgClC;;OAEG;IACG,eAAe,CACnB,OAAO,EAAE,uBAAuB,EAChC,aAAa,EAAE,gBAAgB,EAAE,GAChC,OAAO,CAAC,sBAAsB,CAAC;IA4BlC;;OAEG;IACG,gBAAgB,CACpB,OAAO,EAAE,uBAAuB,EAChC,aAAa,EAAE,gBAAgB,EAAE,GAChC,OAAO,CAAC,eAAe,CAAC;IA2C3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAuI1B;;OAEG;IACG,YAAY,CAChB,OAAO,EAAE,uBAAuB,EAChC,aAAa,CAAC,EAAE,gBAAgB,EAAE,GACjC,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;IA6BlD;;OAEG;IACH,uBAAuB,IAAI,gBAAgB,EAAE;IAI7C;;OAEG;IACG,GAAG,CACP,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,sBAAsB,GAAG,eAAe,CAAC;CAarD;AAQD;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAC/B,oBAAoB,CAKtB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,IAAI,CAEhD"}