vaspera 2.9.2 → 2.10.0

package/dist/scanners/dast/zap.js

@@ -0,0 +1,453 @@
+/**
+ * OWASP ZAP Scanner Integration
+ *
+ * Integrates with OWASP ZAP (Zed Attack Proxy) for dynamic
+ * application security testing.
+ *
+ * @module scanners/dast/zap
+ */
+import spawn from "cross-spawn";
+import { logger } from "../../logger.js";
+import { ZAP_RISK_MAPPING, ZAP_CONFIDENCE_MAPPING, } from "./types.js";
+/**
+ * ZAP API endpoint (default local)
+ */
+const ZAP_API_URL = process.env.ZAP_API_URL || "http://localhost:8080";
+const ZAP_API_KEY = process.env.ZAP_API_KEY || "";
+/**
+ * Check if ZAP is available
+ */
+export async function checkZapAvailable() {
+    return new Promise((resolve) => {
+        // Try docker first
+        const dockerChild = spawn("docker", ["images", "owasp/zap2docker-stable", "--format", "{{.Repository}}"], {
+            timeout: 10000,
+        });
+        let dockerOutput = "";
+        dockerChild.stdout?.on("data", (data) => {
+            dockerOutput += data.toString();
+        });
+        dockerChild.on("close", (dockerCode) => {
+            if (dockerCode === 0 && dockerOutput.includes("owasp/zap2docker-stable")) {
+                resolve({
+                    scanner: "zap",
+                    available: true,
+                    version: "docker",
+                    path: "docker",
+                    features: {
+                        passiveScan: true,
+                        activeScan: true,
+                        apiScan: true,
+                        authentication: true,
+                    },
+                });
+                return;
+            }
+            // Try zap-cli
+            const cliChild = spawn("zap-cli", ["--version"], { timeout: 5000 });
+            let cliVersion = "";
+            cliChild.stdout?.on("data", (data) => {
+                cliVersion += data.toString();
+            });
+            cliChild.on("close", (cliCode) => {
+                if (cliCode === 0) {
+                    resolve({
+                        scanner: "zap",
+                        available: true,
+                        version: cliVersion.trim(),
+                        path: "zap-cli",
+                        features: {
+                            passiveScan: true,
+                            activeScan: true,
+                            apiScan: true,
+                            authentication: true,
+                        },
+                    });
+                    return;
+                }
+                // Try checking if ZAP API is running
+                checkZapApi().then((apiAvailable) => {
+                    if (apiAvailable) {
+                        resolve({
+                            scanner: "zap",
+                            available: true,
+                            version: "api",
+                            path: ZAP_API_URL,
+                            features: {
+                                passiveScan: true,
+                                activeScan: true,
+                                apiScan: true,
+                                authentication: true,
+                            },
+                        });
+                    }
+                    else {
+                        resolve({
+                            scanner: "zap",
+                            available: false,
+                            error: "ZAP not found. Install via Docker (owasp/zap2docker-stable), zap-cli, or start ZAP with API enabled.",
+                        });
+                    }
+                });
+            });
+            cliChild.on("error", () => {
+                checkZapApi().then((apiAvailable) => {
+                    if (apiAvailable) {
+                        resolve({
+                            scanner: "zap",
+                            available: true,
+                            version: "api",
+                            path: ZAP_API_URL,
+                            features: {
+                                passiveScan: true,
+                                activeScan: true,
+                                apiScan: true,
+                                authentication: true,
+                            },
+                        });
+                    }
+                    else {
+                        resolve({
+                            scanner: "zap",
+                            available: false,
+                            error: "ZAP not found. Install via Docker (owasp/zap2docker-stable), zap-cli, or start ZAP with API enabled.",
+                        });
+                    }
+                });
+            });
+        });
+        dockerChild.on("error", () => {
+            // Docker not available, try other methods
+            const cliChild = spawn("zap-cli", ["--version"], { timeout: 5000 });
+            cliChild.on("close", (code) => {
+                if (code === 0) {
+                    resolve({
+                        scanner: "zap",
+                        available: true,
+                        path: "zap-cli",
+                        features: {
+                            passiveScan: true,
+                            activeScan: true,
+                            apiScan: true,
+                            authentication: true,
+                        },
+                    });
+                }
+                else {
+                    resolve({
+                        scanner: "zap",
+                        available: false,
+                        error: "ZAP not found",
+                    });
+                }
+            });
+            cliChild.on("error", () => {
+                resolve({
+                    scanner: "zap",
+                    available: false,
+                    error: "ZAP not found",
+                });
+            });
+        });
+    });
+}
+/**
+ * Check if ZAP API is running
+ */
+async function checkZapApi() {
+    try {
+        const url = `${ZAP_API_URL}/JSON/core/view/version/?apikey=${ZAP_API_KEY}`;
+        const response = await fetch(url, { signal: AbortSignal.timeout(5000) });
+        return response.ok;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Run ZAP scan using Docker
+ */
+async function runZapDocker(target, policy) {
+    return new Promise((resolve) => {
+        const args = [
+            "run",
+            "--rm",
+            "-t",
+        ];
+        // Add network host for local targets
+        if (target.url.includes("localhost") || target.url.includes("127.0.0.1")) {
+            args.push("--network", "host");
+        }
+        args.push("owasp/zap2docker-stable");
+        // Choose scan type based on policy
+        if (policy.passiveOnly) {
+            args.push("zap-baseline.py");
+        }
+        else {
+            args.push("zap-full-scan.py");
+        }
+        args.push("-t", target.url);
+        args.push("-J", "zap-report.json"); // JSON output
+        args.push("-I"); // Don't fail on warnings
+        if (policy.maxDuration) {
+            args.push("-m", String(Math.floor(policy.maxDuration / 60))); // Minutes
+        }
+        if (policy.ajaxSpider) {
+            args.push("-j"); // Enable AJAX spider
+        }
+        logger.info("zap.docker_scan", { target: target.url, passiveOnly: policy.passiveOnly });
+        const child = spawn("docker", args, {
+            timeout: (policy.maxDuration || 300) * 1000 + 60000, // Add 1 min buffer
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout?.on("data", (data) => {
+            stdout += data.toString();
+        });
+        child.stderr?.on("data", (data) => {
+            stderr += data.toString();
+        });
+        child.on("close", (code) => {
+            // ZAP returns non-zero for warnings, which is OK
+            resolve({
+                success: code === 0 || code === 1 || code === 2,
+                output: stdout,
+                error: code !== 0 && code !== 1 && code !== 2 ? stderr : undefined,
+            });
+        });
+        child.on("error", (error) => {
+            resolve({
+                success: false,
+                output: stdout,
+                error: String(error),
+            });
+        });
+    });
+}
+/**
+ * Run ZAP scan via API
+ */
+async function runZapApi(target, policy) {
+    try {
+        const baseUrl = ZAP_API_URL;
+        const apiKey = ZAP_API_KEY;
+        // Start spider
+        logger.info("zap.api_spider", { target: target.url });
+        const spiderResponse = await fetch(`${baseUrl}/JSON/spider/action/scan/?apikey=${apiKey}&url=${encodeURIComponent(target.url)}&maxChildren=${policy.maxChildren || 10}&recurse=true`, { signal: AbortSignal.timeout(30000) });
+        if (!spiderResponse.ok) {
+            throw new Error(`Spider failed: ${spiderResponse.statusText}`);
+        }
+        const spiderResult = await spiderResponse.json();
+        const scanId = spiderResult.scan;
+        // Wait for spider to complete
+        let spiderStatus = "0";
+        const startTime = Date.now();
+        const maxWait = (policy.maxDuration || 300) * 1000;
+        while (spiderStatus !== "100" && Date.now() - startTime < maxWait) {
+            await new Promise((r) => setTimeout(r, 2000));
+            const statusResponse = await fetch(`${baseUrl}/JSON/spider/view/status/?apikey=${apiKey}&scanId=${scanId}`);
+            const statusResult = await statusResponse.json();
+            spiderStatus = statusResult.status;
+        }
+        // Run passive scan (always)
+        logger.info("zap.api_passive_scan", { target: target.url });
+        // Wait for passive scan
+        let pscanRecords = "1";
+        while (pscanRecords !== "0" && Date.now() - startTime < maxWait) {
+            await new Promise((r) => setTimeout(r, 2000));
+            const pscanResponse = await fetch(`${baseUrl}/JSON/pscan/view/recordsToScan/?apikey=${apiKey}`);
+            const pscanResult = await pscanResponse.json();
+            pscanRecords = pscanResult.recordsToScan;
+        }
+        // Run active scan if not passive-only
+        if (!policy.passiveOnly) {
+            logger.info("zap.api_active_scan", { target: target.url });
+            const ascanResponse = await fetch(`${baseUrl}/JSON/ascan/action/scan/?apikey=${apiKey}&url=${encodeURIComponent(target.url)}&recurse=true&scanPolicyName=${policy.zapPolicy || ""}`, { signal: AbortSignal.timeout(30000) });
+            if (ascanResponse.ok) {
+                const ascanResult = await ascanResponse.json();
+                const ascanId = ascanResult.scan;
+                // Wait for active scan
+                let ascanStatus = "0";
+                while (ascanStatus !== "100" && Date.now() - startTime < maxWait) {
+                    await new Promise((r) => setTimeout(r, 5000));
+                    const statusResponse = await fetch(`${baseUrl}/JSON/ascan/view/status/?apikey=${apiKey}&scanId=${ascanId}`);
+                    const statusResult = await statusResponse.json();
+                    ascanStatus = statusResult.status;
+                }
+            }
+        }
+        // Get alerts
+        const alertsResponse = await fetch(`${baseUrl}/JSON/core/view/alerts/?apikey=${apiKey}&baseurl=${encodeURIComponent(target.url)}&start=0&count=1000`);
+        const alertsResult = await alertsResponse.json();
+        return {
+            success: true,
+            alerts: alertsResult.alerts || [],
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            alerts: [],
+            error: String(error),
+        };
+    }
+}
+/**
+ * Parse ZAP JSON output to DASTFinding
+ */
+export function parseZapAlerts(alerts) {
+    return alerts.map((alert) => ({
+        scanner: "zap",
+        ruleId: `zap-${alert.pluginId}`,
+        name: alert.name || alert.alert,
+        description: alert.description,
+        severity: ZAP_RISK_MAPPING[alert.risk] || "info",
+        confidence: ZAP_CONFIDENCE_MAPPING[alert.confidence] || 50,
+        url: alert.url,
+        method: alert.method,
+        parameter: alert.param,
+        evidence: alert.evidence,
+        attack: alert.attack,
+        cweIds: alert.cweid ? [`CWE-${alert.cweid}`] : undefined,
+        references: alert.reference ? alert.reference.split("\n").filter(Boolean) : undefined,
+        solution: alert.solution,
+        tags: Object.keys(alert.tags || {}),
+        timestamp: new Date().toISOString(),
+        rawOutput: alert,
+    }));
+}
+/**
+ * Run ZAP scan
+ */
+export async function runZap(target, policy = {}) {
+    const startTime = new Date();
+    const mergedPolicy = { ...{ passiveOnly: true, maxDuration: 300 }, ...policy };
+    logger.info("zap.scan_start", {
+        target: target.url,
+        passiveOnly: mergedPolicy.passiveOnly,
+    });
+    // Check availability
+    const availability = await checkZapAvailable();
+    if (!availability.available) {
+        return {
+            scanner: "zap",
+            target,
+            findings: [],
+            duration: Date.now() - startTime.getTime(),
+            success: false,
+            error: availability.error || "ZAP not available",
+            stats: {
+                requestCount: 0,
+                urlsDiscovered: 0,
+                uniqueFindings: 0,
+                bySeverity: {},
+            },
+            startTime: startTime.toISOString(),
+            endTime: new Date().toISOString(),
+            policy: mergedPolicy,
+        };
+    }
+    let findings = [];
+    let success = false;
+    let error;
+    // Run scan based on available method
+    if (availability.path === "docker") {
+        const result = await runZapDocker(target, mergedPolicy);
+        success = result.success;
+        error = result.error;
+        // Parse JSON output if available
+        if (result.output) {
+            try {
+                // Try to extract JSON from output
+                const jsonMatch = result.output.match(/\{[\s\S]*"alerts"[\s\S]*\}/);
+                if (jsonMatch) {
+                    const parsed = JSON.parse(jsonMatch[0]);
+                    if (parsed.site?.[0]?.alerts) {
+                        findings = parseZapAlerts(parsed.site[0].alerts);
+                    }
+                }
+            }
+            catch {
+                // JSON parsing failed, try line-by-line parsing
+                logger.debug("zap.parse_failed", { output: result.output.slice(0, 500) });
+            }
+        }
+    }
+    else if (availability.path === ZAP_API_URL || availability.version === "api") {
+        const result = await runZapApi(target, mergedPolicy);
+        success = result.success;
+        error = result.error;
+        findings = parseZapAlerts(result.alerts);
+    }
+    else {
+        // zap-cli not fully implemented, fallback to API check
+        const apiResult = await runZapApi(target, mergedPolicy);
+        success = apiResult.success;
+        error = apiResult.error;
+        findings = parseZapAlerts(apiResult.alerts);
+    }
+    const endTime = new Date();
+    // Calculate stats
+    const bySeverity = {};
+    for (const finding of findings) {
+        bySeverity[finding.severity] = (bySeverity[finding.severity] || 0) + 1;
+    }
+    const result = {
+        scanner: "zap",
+        target,
+        findings,
+        duration: endTime.getTime() - startTime.getTime(),
+        success,
+        error,
+        stats: {
+            requestCount: 0, // Not available from ZAP output
+            urlsDiscovered: new Set(findings.map((f) => f.url)).size,
+            uniqueFindings: findings.length,
+            bySeverity,
+        },
+        version: availability.version,
+        startTime: startTime.toISOString(),
+        endTime: endTime.toISOString(),
+        policy: mergedPolicy,
+    };
+    logger.info("zap.scan_complete", {
+        findings: findings.length,
+        duration: result.duration,
+        success,
+    });
+    return result;
+}
+/**
+ * Get ZAP installation instructions
+ */
+export function getZapInstallInstructions() {
+    return `
+# OWASP ZAP Installation
+
+## Docker (Recommended)
+\`\`\`bash
+docker pull owasp/zap2docker-stable
+\`\`\`
+
+## macOS
+\`\`\`bash
+brew install --cask owasp-zap
+\`\`\`
+
+## Linux
+\`\`\`bash
+# Download from https://www.zaproxy.org/download/
+wget https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz
+tar -xzf ZAP_2.14.0_Linux.tar.gz
+\`\`\`
+
+## Windows
+Download installer from https://www.zaproxy.org/download/
+
+## Start ZAP with API
+\`\`\`bash
+zap.sh -daemon -port 8080 -config api.key=your-api-key
+\`\`\`
+`;
+}
+//# sourceMappingURL=zap.js.map

package/dist/scanners/dast/zap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"zap.js","sourceRoot":"","sources":["../../../src/scanners/dast/zap.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAUzC,OAAO,EACL,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,uBAAuB,CAAC;AACvE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;AAElD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,mBAAmB;QACnB,MAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,yBAAyB,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE;YACxG,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,EAAE,CAAC;QAEtB,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACtC,YAAY,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE;YACrC,IAAI,UAAU,KAAK,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBACzE,OAAO,CAAC;oBACN,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,IAAI;oBACf,OAAO,EAAE,QAAQ;oBACjB,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE;wBACR,WAAW,EAAE,IAAI;wBACjB,UAAU,EAAE,IAAI;wBAChB,OAAO,EAAE,IAAI;wBACb,cAAc,EAAE,IAAI;qBACrB;iBACF,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,cAAc;YACd,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAEpE,IAAI,UAAU,GAAG,EAAE,CAAC;YAEpB,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBACnC,UAAU,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE;gBAC/B,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;oBAClB,OAAO,CAAC;wBACN,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,IAAI;wBACf,OAAO,EAAE,UAAU,CAAC,IAAI,EAAE;wBAC1B,IAAI,EAAE,SAAS;wBACf,QAAQ,EAAE;4BACR,WAAW,EAAE,IAAI;4BACjB,UAAU,EAAE,IAAI;4BAChB,OAAO,EAAE,IAAI;4BACb,cAAc,EAAE,IAAI;yBACrB;qBACF,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,qCAAqC;gBACrC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBAClC,IAAI,YAAY,EAAE,CAAC;wBACjB,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,IAAI;4BACf,OAAO,EAAE,KAAK;4BACd,IAAI,EAAE,WAAW;4BACjB,QAAQ,EAAE;gCACR,WAAW,EAAE,IAAI;gCACjB,UAAU,EAAE,IAAI;gCAChB,OAAO,EAAE,IAAI;gCACb,cAAc,EAAE,IAAI;6BACrB;yBACF,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,KAAK;4BAChB,KAAK,EAAE,sGAAsG;yBAC9G,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACxB,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBAClC,IAAI,YAAY,EAAE,CAAC;wBACjB,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,IAAI;4BACf,OAAO,EAAE,KAAK;4BACd,IAAI,EAAE,WAAW;4BACjB,QAAQ,EAAE;gCACR,WAAW,EAAE,IAAI;gCACjB,UAAU,EAAE,IAAI;gCAChB,OAAO,EAAE,IAAI;gCACb,cAAc,EAAE,IAAI;6BACrB;yBACF,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,KAAK;4BAChB,KAAK,EAAE,sGAAsG;yBAC9G,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC3B,0CAA0C;YAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAEpE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC5B,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,CAAC;wBACN,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,IAAI;wBACf,IAAI,EAAE,SAAS;wBACf,QAAQ,EAAE;4BACR,WAAW,EAAE,IAAI;4BACjB,UAAU,EAAE,IAAI;4BAChB,OAAO,EAAE,IAAI;4BACb,cAAc,EAAE,IAAI;yBACrB;qBACF,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC;wBACN,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,eAAe;qBACvB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACxB,OAAO,CAAC;oBACN,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,eAAe;iBACvB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,WAAW,mCAAmC,WAAW,EAAE,CAAC;QAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzE,OAAO,QAAQ,CAAC,EAAE,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CACzB,MAAkB,EAClB,MAAkB;IAElB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG;YACX,KAAK;YACL,MAAM;YACN,IAAI;SACL,CAAC;QAEF,qCAAqC;QACrC,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAErC,mCAAmC;QACnC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,cAAc;QAClD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,yBAAyB;QAE1C,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU;QAC1E,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,qBAAqB;QACxC,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QAExF,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE;YAClC,OAAO,EAAE,CAAC,MAAM,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,KAAK,EAAE,mBAAmB;SACzE,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,iDAAiD;YACjD,OAAO,CAAC;gBACN,OAAO,EAAE,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC;gBAC/C,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;aACnE,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,OAAO,CAAC;gBACN,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;aACrB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CACtB,MAAkB,EAClB,MAAkB;IAElB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC;QAC5B,MAAM,MAAM,GAAG,WAAW,CAAC;QAE3B,eAAe;QACf,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QAEtD,MAAM,cAAc,GAAG,MAAM,KAAK,CAChC,GAAG,OAAO,oCAAoC,MAAM,QAAQ,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,WAAW,IAAI,EAAE,eAAe,EACjJ,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACvC,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,kBAAkB,cAAc,CAAC,UAAU,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,IAAI,EAAsB,CAAC;QACrE,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;QAEjC,8BAA8B;QAC9B,IAAI,YAAY,GAAG,GAAG,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC;QAEnD,OAAO,YAAY,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;YAClE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;YAC9C,MAAM,cAAc,GAAG,MAAM,KAAK,CAChC,GAAG,OAAO,oCAAoC,MAAM,WAAW,MAAM,EAAE,CACxE,CAAC;YACF,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,IAAI,EAAwB,CAAC;YACvE,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC;QACrC,CAAC;QAED,4BAA4B;QAC5B,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QAE5D,wBAAwB;QACxB,IAAI,YAAY,GAAG,GAAG,CAAC;QACvB,OAAO,YAAY,KAAK,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;YAChE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;YAC9C,MAAM,aAAa,GAAG,MAAM,KAAK,CAC/B,GAAG,OAAO,0CAA0C,MAAM,EAAE,CAC7D,CAAC;YACF,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,IAAI,EAA+B,CAAC;YAC5E,YAAY,GAAG,WAAW,CAAC,aAAa,CAAC;QAC3C,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;YAE3D,MAAM,aAAa,GAAG,MAAM,KAAK,CAC/B,GAAG,OAAO,mCAAmC,MAAM,QAAQ,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,gCAAgC,MAAM,CAAC,SAAS,IAAI,EAAE,EAAE,EACjJ,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACvC,CAAC;YAEF,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,IAAI,EAAsB,CAAC;gBACnE,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC;gBAEjC,uBAAuB;gBACvB,IAAI,WAAW,GAAG,GAAG,CAAC;gBACtB,OAAO,WAAW,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;oBACjE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;oBAC9C,MAAM,cAAc,GAAG,MAAM,KAAK,CAChC,GAAG,OAAO,mCAAmC,MAAM,WAAW,OAAO,EAAE,CACxE,CAAC;oBACF,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,IAAI,EAAwB,CAAC;oBACvE,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,aAAa;QACb,MAAM,cAAc,GAAG,MAAM,KAAK,CAChC,GAAG,OAAO,kCAAkC,MAAM,YAAY,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAClH,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,IAAI,EAA4B,CAAC;QAE3E,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,EAAE;SAClC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;SACrB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC5B,OAAO,EAAE,KAAc;QACvB,MAAM,EAAE,OAAO,KAAK,CAAC,QAAQ,EAAE;QAC/B,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,KAAK;QAC/B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,QAAQ,EAAE,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,MAAM;QAChD,UAAU,EAAE,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE;QAC1D,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,SAAS,EAAE,KAAK,CAAC,KAAK;QACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;QACxD,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;QACrF,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;QACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,KAA2C;KACvD,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,MAAkB,EAClB,SAAqB,EAAE;IAEvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,YAAY,GAAG,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;IAE/E,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE;QAC5B,MAAM,EAAE,MAAM,CAAC,GAAG;QAClB,WAAW,EAAE,YAAY,CAAC,WAAW;KACtC,CAAC,CAAC;IAEH,qBAAqB;IACrB,MAAM,YAAY,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAE/C,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;YAC1C,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,mBAAmB;YAChD,KAAK,EAAE;gBACL,YAAY,EAAE,CAAC;gBACf,cAAc,EAAE,CAAC;gBACjB,cAAc,EAAE,CAAC;gBACjB,UAAU,EAAE,EAAE;aACf;YACD,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;YAClC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,GAAkB,EAAE,CAAC;IACjC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,KAAyB,CAAC;IAE9B,qCAAqC;IACrC,IAAI,YAAY,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACxD,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QACzB,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAErB,iCAAiC;QACjC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,kCAAkC;gBAClC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBACpE,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAA6C,CAAC;oBACpF,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;wBAC7B,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;gBAChD,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,YAAY,CAAC,IAAI,KAAK,WAAW,IAAI,YAAY,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;QAC/E,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACrD,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QACzB,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACrB,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,uDAAuD;QACvD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACxD,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAC5B,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QACxB,QAAQ,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,EAAE,CAAC;IAE3B,kBAAkB;IAClB,MAAM,UAAU,GAAoC,EAAE,CAAC;IACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,MAAM,GAAmB;QAC7B,OAAO,EAAE,KAAK;QACd,MAAM;QACN,QAAQ;QACR,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;QACjD,OAAO;QACP,KAAK;QACL,KAAK,EAAE;YACL,YAAY,EAAE,CAAC,EAAE,gCAAgC;YACjD,cAAc,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;YACxD,cAAc,EAAE,QAAQ,CAAC,MAAM;YAC/B,UAAU;SACX;QACD,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;QAClC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE;QAC9B,MAAM,EAAE,YAAY;KACrB,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;QAC/B,QAAQ,EAAE,QAAQ,CAAC,MAAM;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,OAAO;KACR,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BR,CAAC;AACF,CAAC"}

package/dist/scanners/fp-feedback.d.ts

@@ -0,0 +1,140 @@
+/**
+ * False Positive Feedback
+ *
+ * Handles user feedback on findings and maintains a feedback database
+ * for improving FP detection over time.
+ *
+ * @module scanners/fp-feedback
+ */
+import type { ScannerType, DeterministicFinding } from "./types.js";
+import type { Severity } from "../certification/types.js";
+/**
+ * Reason for marking a finding as FP
+ */
+export type FPReason = "test-code" | "false-pattern-match" | "sanitized-elsewhere" | "intentional" | "vendor-code" | "generated-code" | "example-code" | "configuration" | "other";
+/**
+ * FP reason descriptions for UI
+ */
+export declare const FP_REASON_DESCRIPTIONS: Record<FPReason, string>;
+/**
+ * A single feedback entry
+ */
+export interface FeedbackEntry {
+    /** Unique feedback ID */
+    id: string;
+    /** Finding ID this feedback relates to */
+    findingId: string;
+    /** Scanner that generated the finding */
+    scanner: ScannerType;
+    /** Rule ID */
+    ruleId: string;
+    /** File path */
+    file: string;
+    /** Line number */
+    line?: number;
+    /** Original severity */
+    severity: Severity;
+    /** Verdict: true positive or false positive */
+    verdict: "tp" | "fp";
+    /** Reason for FP (if verdict is FP) */
+    reason?: FPReason;
+    /** Additional details/notes */
+    details?: string;
+    /** Who submitted the feedback */
+    submittedBy?: string;
+    /** When the feedback was submitted */
+    submittedAt: string;
+    /** Hash of the code at feedback time (for invalidation) */
+    codeHash?: string;
+}
+/**
+ * Feedback database
+ */
+export interface FeedbackDatabase {
+    version: string;
+    projectPath: string;
+    entries: FeedbackEntry[];
+    stats: {
+        totalFeedback: number;
+        tpCount: number;
+        fpCount: number;
+        byScanner: Record<string, {
+            tp: number;
+            fp: number;
+        }>;
+        byReason: Record<string, number>;
+    };
+}
+/**
+ * Load feedback database
+ */
+export declare function loadFeedbackDatabase(projectPath: string): Promise<FeedbackDatabase>;
+/**
+ * Save feedback database
+ */
+export declare function saveFeedbackDatabase(projectPath: string, db: FeedbackDatabase): Promise<void>;
+/**
+ * Submit feedback for a finding
+ */
+export declare function submitFeedback(projectPath: string, finding: DeterministicFinding, verdict: "tp" | "fp", options?: {
+    reason?: FPReason;
+    details?: string;
+    submittedBy?: string;
+    codeHash?: string;
+}): Promise<FeedbackEntry>;
+/**
+ * Get feedback for a specific finding
+ */
+export declare function getFeedbackForFinding(projectPath: string, scanner: ScannerType, ruleId: string, file: string, line?: number): Promise<FeedbackEntry[]>;
+/**
+ * Get all feedback for a rule
+ */
+export declare function getFeedbackForRule(projectPath: string, scanner: ScannerType, ruleId: string): Promise<FeedbackEntry[]>;
+/**
+ * Check if a finding has existing feedback
+ */
+export declare function hasFeedback(projectPath: string, scanner: ScannerType, ruleId: string, file: string, line?: number): Promise<boolean>;
+/**
+ * Get suppression suggestions based on feedback
+ */
+export declare function getSuppressionSuggestions(projectPath: string, options?: {
+    minFPRate?: number;
+    minSampleSize?: number;
+}): Promise<Array<{
+    scanner: ScannerType;
+    ruleId: string;
+    fpRate: number;
+    sampleSize: number;
+    suggestion: "disable" | "review" | "keep";
+    commonReasons: FPReason[];
+}>>;
+/**
+ * Generate feedback summary report
+ */
+export declare function generateFeedbackReport(projectPath: string): Promise<{
+    overview: {
+        totalFeedback: number;
+        tpCount: number;
+        fpCount: number;
+        overallFPRate: number;
+    };
+    byScanner: Array<{
+        scanner: ScannerType;
+        total: number;
+        tp: number;
+        fp: number;
+        fpRate: number;
+    }>;
+    topFPReasons: Array<{
+        reason: FPReason;
+        count: number;
+        percentage: number;
+    }>;
+    recentFeedback: FeedbackEntry[];
+    suppressionSuggestions: Awaited<ReturnType<typeof getSuppressionSuggestions>>;
+}>;
+/**
+ * Clear old feedback entries
+ */
+export declare function pruneOldFeedback(projectPath: string, maxAgeDays?: number): Promise<number>;
+//# sourceMappingURL=fp-feedback.d.ts.map

package/dist/scanners/fp-feedback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fp-feedback.d.ts","sourceRoot":"","sources":["../../src/scanners/fp-feedback.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAI1D;;GAEG;AACH,MAAM,MAAM,QAAQ,GAChB,WAAW,GACX,qBAAqB,GACrB,qBAAqB,GACrB,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,cAAc,GACd,eAAe,GACf,OAAO,CAAC;AAEZ;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAU3D,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,EAAE,EAAE,MAAM,CAAC;IAEX,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAElB,yCAAyC;IACzC,OAAO,EAAE,WAAW,CAAC;IAErB,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IAEf,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,wBAAwB;IACxB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,+CAA+C;IAC/C,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC;IAErB,uCAAuC;IACvC,MAAM,CAAC,EAAE,QAAQ,CAAC;IAElB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,iCAAiC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IAEpB,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,KAAK,EAAE;QACL,aAAa,EAAE,MAAM,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACtD,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAClC,CAAC;CACH;AAgBD;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAoBzF;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,EAAE,EAAE,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,CAOf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,IAAI,GAAG,IAAI,EACpB,OAAO,CAAC,EAAE;IACR,MAAM,CAAC,EAAE,QAAQ,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,OAAO,CAAC,aAAa,CAAC,CA0DxB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,EAAE,CAAC,CAW1B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,EAAE,CAAC,CAM1B;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAGlB;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GACA,OAAO,CAAC,KAAK,CAAC;IACf,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC1C,aAAa,EAAE,QAAQ,EAAE,CAAC;CAC3B,CAAC,CAAC,CAyEF;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IACzE,QAAQ,EAAE;QACR,aAAa,EAAE,MAAM,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;QACf,OAAO,EAAE,WAAW,CAAC;QACrB,KAAK,EAAE,MAAM,CAAC;QACd,EAAE,EAAE,MAAM,CAAC;QACX,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,YAAY,EAAE,KAAK,CAAC;QAClB,MAAM,EAAE,QAAQ,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;IACH,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,sBAAsB,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,yBAAyB,CAAC,CAAC,CAAC;CAC/E,CAAC,CA2CD;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,WAAW,EAAE,MAAM,EACnB,UAAU,GAAE,MAAW,GACtB,OAAO,CAAC,MAAM,CAAC,CAwCjB"}