verification-layer 0.17.0 → 0.20.0

package/README.md

@@ -15,6 +15,8 @@ vlayer is a CLI tool that scans your codebase for HIPAA compliance issues. It's
 
 **Key capabilities:**
 - Scan for 50+ security vulnerabilities and PHI exposure patterns
+- **AI Agent Skills scanner** - First HIPAA-focused scanner for SKILL.md files (Claude Code, MCP, Cursor)
+- **AI-powered analysis** with Claude API for complex violations and false positive reduction
 - Auto-fix common issues with one command
 - Generate professional audit reports (HTML, PDF, JSON)
 - Detect your tech stack and provide tailored recommendations
@@ -46,15 +48,70 @@ node dist/cli.js score /path/to/project
 
 # Generate auditor-ready report
 node dist/cli.js report /path/to/project -o audit-report.html
+
+# Scan AI Agent Skills (NEW!)
+node dist/cli.js skill-scan ~/Downloads/patient-lookup.SKILL.md
 ```
 
 ---
 
-## 🌐 Web Dashboard
+## 🛡️ AI Agent Skills Security Scanner
+
+**vlayer is the first HIPAA-focused security scanner for AI Agent Skills.**
+
+Protect your healthcare environment from malicious skills before installation:
+
+```bash
+# Scan before installing any skill
+vlayer skill-scan ~/Downloads/patient-exporter.SKILL.md
+
+# Scan all skills in directory
+vlayer skill-scan ~/.claw/skills/
+
+# CI/CD integration
+vlayer skill-scan ./custom-skills/ || exit 1
+```
+
+### The Problem
+
+- **36.82%** of AI Agent Skills have security flaws (Snyk, Feb 2026)
+- **341 malicious skills** distribute Atomic Stealer malware
+- **283 skills** expose credentials in plaintext
+- **Zero existing scanners** have HIPAA-specific rules
+
+### What It Detects
 
-**Live Dashboard**: [https://dashboard-silk-zeta-55.vercel.app](https://dashboard-silk-zeta-55.vercel.app)
+- ✅ PHI exposure (SSN, MRN, DOB in examples)
+- ✅ Hardcoded credentials (API keys, passwords)
+- ✅ Malicious patterns (reverse shells, data exfiltration)
+- ✅ HIPAA violations (HTTP transmission, no audit logging)
+
+### Example Output
+
+```
+🚨 Critical: 7  |  ⚠️ High: 14  |  ⚡ Medium: 1
 
-Enterprise-grade HIPAA compliance monitoring platform with professional dark theme and real-time visualizations.
+Issues:
+  PHI Exposure: 8
+  Credential Leaks: 1
+  Data Exfiltration: 1
+
+❌ DO NOT INSTALL THIS SKILL
+   Critical HIPAA violations detected.
+```
+
+📖 **[Full Documentation](docs/SKILLS-SCANNER.md)**
+
+---
+
+## 🌐 VLayer Ecosystem
+
+**Dashboard**: [https://app.vlayer.app](https://app.vlayer.app) - Compliance monitoring platform
+**Playground**: [https://play.vlayer.app](https://play.vlayer.app) - Try vlayer in your browser
+**Documentation**: [https://docs.vlayer.app](https://docs.vlayer.app) - Complete guides and API reference
+**Landing Page**: [https://vlayer.app](https://vlayer.app) - Marketing site
+
+Enterprise-grade HIPAA compliance monitoring platform for tracking violations, compliance scores, and generating audit reports.
 
 ### Design
 
@@ -68,6 +125,7 @@ Enterprise-grade HIPAA compliance monitoring platform with professional dark the
 
 ### Features
 
+- 🔐 **Supabase Authentication** - Secure email/password authentication with session management
 - 📊 **Visual Compliance Dashboard** - 4-metric overview with real-time scores and status distribution
 - 📈 **Historical Score Tracking** - Interactive charts showing compliance trends over time
 - 🗂️ **Multi-Project Management** - Monitor unlimited projects with inline progress indicators
@@ -75,18 +133,20 @@ Enterprise-grade HIPAA compliance monitoring platform with professional dark the
 - 📋 **Executive Summaries** - Professional reports with grade assignments (A-F)
 - 🎨 **Enterprise Tables** - Sortable project lists with circular scores and status badges
 - 📱 **Responsive Design** - Optimized for desktop, tablet, and mobile devices
+- 👤 **User Management** - User profiles with logout functionality in sidebar
 
 ### Quick Start
 
-1. **Visit Dashboard**: Navigate to [dashboard-silk-zeta-55.vercel.app](https://dashboard-silk-zeta-55.vercel.app)
-2. **Create Project**: Click "+ New Project" and enter your project details
-3. **Run Scan**: Execute a compliance scan on your codebase
+1. **Create Account**: Sign up at [app.vlayer.app/signup](https://app.vlayer.app/signup) with your email
+2. **Login**: Access the dashboard at [app.vlayer.app](https://app.vlayer.app)
+3. **Create Project**: Click "+ New Project" and enter your project details
+4. **Run Scan**: Execute a compliance scan on your codebase
    ```bash
    node dist/cli.js scan ./src --format json --output scan.json
    ```
-4. **Upload Results**: Send scan data to your project via API
+5. **Upload Results**: Send scan data to your project via API
    ```bash
-   curl -X POST https://dashboard-silk-zeta-55.vercel.app/api/projects/{projectId}/scans \
+   curl -X POST https://app.vlayer.app/api/projects/{projectId}/scans \
      -H "Content-Type: application/json" \
      -d @scan.json
    ```
@@ -399,6 +459,96 @@ node dist/cli.js audit ./my-app --generate-report --org "Healthcare Inc" --audit
 
 ---
 
+### 6. AI-Powered Scanning (Beta)
+
+**Reduce false positives and catch complex violations with Claude AI.**
+
+vlayer now includes optional AI-powered analysis using Anthropic's Claude API:
+
+#### Features
+
+- **🤖 LLM-Powered Rules**: 6 specialized AI rules for detecting complex HIPAA violations
+- **🎯 AI Triage**: Automatically classify findings to reduce false positives by 50%+
+- **🔒 PHI Scrubbing**: All code is sanitized before sending to the LLM (HIPAA-safe)
+- **💰 Cost Control**: Budget limits, caching, and rate limiting built-in
+- **📊 Confidence Scores**: AI provides reasoning and confidence for each finding
+
+#### Quick Start
+
+```bash
+# Set your API key
+export ANTHROPIC_API_KEY="sk-ant-..."
+
+# Run AI-powered scan (default: 50¢ budget)
+node dist/cli.js ai-scan ./my-app
+
+# Adjust budget
+node dist/cli.js ai-scan ./my-app --budget 100
+
+# Run LLM rules only (skip triage)
+node dist/cli.js ai-scan ./my-app --rules-only
+
+# Enable AI triage in regular scan
+node dist/cli.js scan ./my-app  # AI triage runs automatically if API key is set
+
+# Disable AI features
+node dist/cli.js scan ./my-app --no-ai
+```
+
+#### AI Rules
+
+The AI scanner includes 6 specialized rules:
+
+| Rule ID | Name | Detects |
+|---------|------|---------|
+| **HIPAA-PHI-003** | Minimum Necessary Access | APIs returning more PHI than needed (SELECT * violations) |
+| **HIPAA-SEC-001** | PHI Encryption | Unencrypted PHI in transit or at rest |
+| **HIPAA-ACCESS-001** | Role-Based Access Control | Missing auth checks, hardcoded roles, IDOR vulnerabilities |
+| **HIPAA-AUDIT-001** | Audit Logging | PHI operations without proper audit trails |
+| **HIPAA-RETENTION-001** | Data Retention | Improper deletion, missing retention policies |
+| **HIPAA-AUTH-001** | Session Management | Weak session configs, missing timeouts |
+
+#### Configuration
+
+Add AI settings to `.vlayerrc.json`:
+
+```json
+{
+  "ai": {
+    "enabled": true,
+    "enableTriage": true,
+    "enableLLMRules": true,
+    "filterFalsePositives": true,
+    "budgetCents": 50
+  }
+}
+```
+
+#### Cost & Performance
+
+- **Typical scan**: 5-20 API calls, $0.10-$0.50
+- **Caching**: Results cached for 24 hours by file hash
+- **Rate limiting**: Max 20 calls/minute, 50 calls/scan
+- **PHI protection**: All sensitive data scrubbed before API call
+
+**Example output:**
+```
+🤖 Starting AI-powered HIPAA scan...
+🔒 Scrubbed 3 PHI patterns from src/api/patients.ts
+📋 Running 6 LLM-powered rules...
+✅ AI scan complete: 12 findings, 48¢
+
+AI Scan Summary:
+  Files scanned: 8
+  AI findings: 12
+  AI calls made: 18
+  Cost: 48¢
+  Critical: 2
+  High: 5
+```
+
+---
+
 ## Report Examples
 
 ### HTML Report
@@ -524,6 +674,30 @@ Each finding maps to specific HIPAA regulations:
 ## Roadmap
 
 ### Recently Completed ✅
+- [x] **Phase 4E: Authentication & User Management**
+  - [x] Supabase Auth integration
+  - [x] Email/password authentication flow
+  - [x] Login and signup pages with dark theme
+  - [x] Protected routes via Next.js middleware
+  - [x] User session management
+  - [x] User profile display in sidebar
+  - [x] Logout functionality
+  - [x] Environment variables configured in Vercel
+- [x] **Phase 4D: Custom Domain Configuration**
+  - [x] Configured custom domains on vlayer.app
+  - [x] Dashboard: app.vlayer.app
+  - [x] Playground: play.vlayer.app
+  - [x] Documentation: docs.vlayer.app
+  - [x] Landing page: vlayer.app
+  - [x] Automatic DNS configuration via Vercel
+  - [x] SSL/TLS certificates provisioned for all domains
+  - [x] Updated all cross-project links
+- [x] **Phase 4C: Dashboard Consolidation**
+  - [x] Moved landing page to separate repo ([vlayer-website](https://github.com/Francosimon53/vlayer-website))
+  - [x] Dashboard now at root route (/) instead of /dashboard
+  - [x] Simplified route structure (/, /projects, /projects/[id])
+  - [x] Removed route groups for cleaner app organization
+  - [x] Dashboard-focused application architecture
 - [x] **Phase 4A: Web Dashboard (Enterprise Redesign)**
   - [x] Next.js dashboard deployed to Vercel
   - [x] Enterprise-grade dark navy theme with emerald accents
@@ -535,7 +709,6 @@ Each finding maps to specific HIPAA regulations:
   - [x] Demo data with 4 realistic projects
   - [x] Glassmorphism effects and professional shadows
   - [x] Responsive design optimized for all devices
-  - [x] Live at: https://dashboard-silk-zeta-55.vercel.app
 - [x] **Phase 3B: Dashboard & Compliance Score**
   - [x] HIPAA Compliance Score (0-100) with severity weighting
   - [x] Enhanced HTML reports with visual gauge

package/dist/ai/cache.d.ts

@@ -0,0 +1,15 @@
+/**
+ * AI Cache - Cache results by file hash
+ */
+export declare class AICache {
+    private cacheDir;
+    private ttlMs;
+    constructor();
+    ensureCacheDir(): Promise<void>;
+    getFileHash(content: string): string;
+    getCacheKey(fileHash: string, ruleId: string): string;
+    get(fileContent: string, ruleId: string): Promise<any | null>;
+    set(fileContent: string, ruleId: string, result: any): Promise<void>;
+    clear(): Promise<void>;
+}
+//# sourceMappingURL=cache.d.ts.map

package/dist/ai/cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../src/ai/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAeH,qBAAa,OAAO;IAClB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,KAAK,CAAS;;IAOhB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAQrC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAIpC,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM;IAI/C,GAAG,CACP,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IA2BhB,GAAG,CACP,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,GAAG,GACV,OAAO,CAAC,IAAI,CAAC;IAqBV,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAO7B"}

package/dist/ai/cache.js

@@ -0,0 +1,75 @@
+/**
+ * AI Cache - Cache results by file hash
+ */
+import * as crypto from 'crypto';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { AI_CONFIG } from './config.js';
+export class AICache {
+    cacheDir;
+    ttlMs;
+    constructor() {
+        this.cacheDir = AI_CONFIG.cache.directory;
+        this.ttlMs = AI_CONFIG.cache.ttlHours * 60 * 60 * 1000;
+    }
+    async ensureCacheDir() {
+        try {
+            await fs.mkdir(this.cacheDir, { recursive: true });
+        }
+        catch (error) {
+            // Directory might already exist
+        }
+    }
+    getFileHash(content) {
+        return crypto.createHash('sha256').update(content).digest('hex');
+    }
+    getCacheKey(fileHash, ruleId) {
+        return `${fileHash}-${ruleId}.json`;
+    }
+    async get(fileContent, ruleId) {
+        if (!AI_CONFIG.cache.enabled) {
+            return null;
+        }
+        await this.ensureCacheDir();
+        const fileHash = this.getFileHash(fileContent);
+        const cacheKey = this.getCacheKey(fileHash, ruleId);
+        const cachePath = path.join(this.cacheDir, cacheKey);
+        try {
+            const data = await fs.readFile(cachePath, 'utf-8');
+            const entry = JSON.parse(data);
+            // Check if cache is expired
+            const age = Date.now() - entry.timestamp;
+            if (age > this.ttlMs) {
+                await fs.unlink(cachePath); // Delete expired cache
+                return null;
+            }
+            return entry.result;
+        }
+        catch (error) {
+            return null;
+        }
+    }
+    async set(fileContent, ruleId, result) {
+        if (!AI_CONFIG.cache.enabled) {
+            return;
+        }
+        await this.ensureCacheDir();
+        const fileHash = this.getFileHash(fileContent);
+        const cacheKey = this.getCacheKey(fileHash, ruleId);
+        const cachePath = path.join(this.cacheDir, cacheKey);
+        const entry = {
+            fileHash,
+            ruleId,
+            result,
+            timestamp: Date.now(),
+            ttl: this.ttlMs,
+        };
+        await fs.writeFile(cachePath, JSON.stringify(entry, null, 2), 'utf-8');
+    }
+    async clear() {
+        await this.ensureCacheDir();
+        const files = await fs.readdir(this.cacheDir);
+        await Promise.all(files.map((file) => fs.unlink(path.join(this.cacheDir, file))));
+    }
+}
+//# sourceMappingURL=cache.js.map

package/dist/ai/cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/ai/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAUxC,MAAM,OAAO,OAAO;IACV,QAAQ,CAAS;IACjB,KAAK,CAAS;IAEtB;QACE,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,CAAC;IAED,WAAW,CAAC,QAAgB,EAAE,MAAc;QAC1C,OAAO,GAAG,QAAQ,IAAI,MAAM,OAAO,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,GAAG,CACP,WAAmB,EACnB,MAAc;QAEd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACnD,MAAM,KAAK,GAAe,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAE3C,4BAA4B;YAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,CAAC;YACzC,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,uBAAuB;gBACnD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC,MAAM,CAAC;QACtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CACP,WAAmB,EACnB,MAAc,EACd,MAAW;QAEX,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErD,MAAM,KAAK,GAAe;YACxB,QAAQ;YACR,MAAM;YACN,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,GAAG,EAAE,IAAI,CAAC,KAAK;SAChB,CAAC;QAEF,MAAM,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,CAC/D,CAAC;IACJ,CAAC;CACF"}

package/dist/ai/client.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Anthropic AI Client (singleton)
+ */
+import Anthropic from '@anthropic-ai/sdk';
+export declare function getAIClient(): Anthropic;
+export declare function isAIAvailable(): boolean;
+/**
+ * Reset client (useful for testing)
+ */
+export declare function resetAIClient(): void;
+//# sourceMappingURL=client.d.ts.map

package/dist/ai/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/ai/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAI1C,wBAAgB,WAAW,IAAI,SAAS,CAavC;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAEpC"}

package/dist/ai/client.js

@@ -0,0 +1,27 @@
+/**
+ * Anthropic AI Client (singleton)
+ */
+import Anthropic from '@anthropic-ai/sdk';
+let client = null;
+export function getAIClient() {
+    if (!client) {
+        const apiKey = process.env.ANTHROPIC_API_KEY || process.env.VLAYER_AI_KEY;
+        if (!apiKey) {
+            throw new Error('AI features require an Anthropic API key.\n' +
+                'Set ANTHROPIC_API_KEY or VLAYER_AI_KEY environment variable.\n' +
+                'Get your key at: https://console.anthropic.com/settings/keys');
+        }
+        client = new Anthropic({ apiKey });
+    }
+    return client;
+}
+export function isAIAvailable() {
+    return !!(process.env.ANTHROPIC_API_KEY || process.env.VLAYER_AI_KEY);
+}
+/**
+ * Reset client (useful for testing)
+ */
+export function resetAIClient() {
+    client = null;
+}
+//# sourceMappingURL=client.js.map

package/dist/ai/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/ai/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAE1C,IAAI,MAAM,GAAqB,IAAI,CAAC;AAEpC,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,6CAA6C;gBAC3C,gEAAgE;gBAChE,8DAA8D,CACjE,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,GAAG,IAAI,CAAC;AAChB,CAAC"}

package/dist/ai/config.d.ts

@@ -0,0 +1,29 @@
+/**
+ * AI Configuration
+ */
+export declare const AI_CONFIG: {
+    readonly model: "claude-sonnet-4-20250514";
+    readonly maxTokens: 2048;
+    readonly temperature: 0.1;
+    readonly maxFileSizeBytes: 50000;
+    readonly maxConcurrentCalls: 3;
+    readonly rateLimit: {
+        readonly maxCallsPerMinute: 20;
+        readonly maxCallsPerScan: 50;
+    };
+    readonly budget: {
+        readonly defaultMaxCentsPerScan: 50;
+        readonly estimatedCostPerCall: 1.5;
+    };
+    readonly cache: {
+        readonly enabled: true;
+        readonly directory: ".vlayer/ai-cache";
+        readonly ttlHours: 24;
+    };
+    readonly pricing: {
+        readonly inputCostPerMillion: 3;
+        readonly outputCostPerMillion: 15;
+    };
+};
+export type AIModel = typeof AI_CONFIG.model;
+//# sourceMappingURL=config.d.ts.map

package/dist/ai/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/ai/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;CAwBZ,CAAC;AAEX,MAAM,MAAM,OAAO,GAAG,OAAO,SAAS,CAAC,KAAK,CAAC"}

package/dist/ai/config.js

@@ -0,0 +1,29 @@
+/**
+ * AI Configuration
+ */
+export const AI_CONFIG = {
+    model: 'claude-sonnet-4-20250514',
+    maxTokens: 2048,
+    temperature: 0.1, // Deterministic for security
+    maxFileSizeBytes: 50_000, // Don't send files > 50KB
+    maxConcurrentCalls: 3,
+    rateLimit: {
+        maxCallsPerMinute: 20,
+        maxCallsPerScan: 50,
+    },
+    budget: {
+        defaultMaxCentsPerScan: 50, // $0.50 default
+        estimatedCostPerCall: 1.5, // ~$0.015 per call with Sonnet
+    },
+    cache: {
+        enabled: true,
+        directory: '.vlayer/ai-cache',
+        ttlHours: 24,
+    },
+    pricing: {
+        // Claude Sonnet 4 pricing (per million tokens)
+        inputCostPerMillion: 3.0,
+        outputCostPerMillion: 15.0,
+    },
+};
+//# sourceMappingURL=config.js.map

package/dist/ai/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/ai/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,KAAK,EAAE,0BAAmC;IAC1C,SAAS,EAAE,IAAI;IACf,WAAW,EAAE,GAAG,EAAE,6BAA6B;IAC/C,gBAAgB,EAAE,MAAM,EAAE,0BAA0B;IACpD,kBAAkB,EAAE,CAAC;IACrB,SAAS,EAAE;QACT,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,EAAE;KACpB;IACD,MAAM,EAAE;QACN,sBAAsB,EAAE,EAAE,EAAE,gBAAgB;QAC5C,oBAAoB,EAAE,GAAG,EAAE,+BAA+B;KAC3D;IACD,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,kBAAkB;QAC7B,QAAQ,EAAE,EAAE;KACb;IACD,OAAO,EAAE;QACP,+CAA+C;QAC/C,mBAAmB,EAAE,GAAG;QACxB,oBAAoB,EAAE,IAAI;KAC3B;CACO,CAAC"}

package/dist/ai/cost-tracker.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Cost Tracker - Track AI API usage and costs
+ */
+export declare class CostTracker {
+    private totalInputTokens;
+    private totalOutputTokens;
+    private totalCalls;
+    private budgetCents;
+    constructor(budgetCents?: number);
+    trackUsage(inputTokens: number, outputTokens: number): void;
+    getEstimatedCostCents(): number;
+    isOverBudget(): boolean;
+    getSummary(): string;
+    getEstimate(): string;
+    getStats(): {
+        totalCalls: number;
+        totalInputTokens: number;
+        totalOutputTokens: number;
+        estimatedCost: number;
+    };
+    reset(): void;
+}
+//# sourceMappingURL=cost-tracker.d.ts.map

package/dist/ai/cost-tracker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-tracker.d.ts","sourceRoot":"","sources":["../../src/ai/cost-tracker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,qBAAa,WAAW;IACtB,OAAO,CAAC,gBAAgB,CAAK;IAC7B,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,UAAU,CAAK;IACvB,OAAO,CAAC,WAAW,CAAS;gBAEhB,WAAW,GAAE,MAAgD;IAIzE,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAM3D,qBAAqB,IAAI,MAAM;IAW/B,YAAY,IAAI,OAAO;IAIvB,UAAU,IAAI,MAAM;IAUpB,WAAW,IAAI,MAAM;IAOrB,QAAQ;;;;;;IASR,KAAK,IAAI,IAAI;CAKd"}

package/dist/ai/cost-tracker.js

@@ -0,0 +1,55 @@
+/**
+ * Cost Tracker - Track AI API usage and costs
+ */
+import { AI_CONFIG } from './config.js';
+export class CostTracker {
+    totalInputTokens = 0;
+    totalOutputTokens = 0;
+    totalCalls = 0;
+    budgetCents;
+    constructor(budgetCents = AI_CONFIG.budget.defaultMaxCentsPerScan) {
+        this.budgetCents = budgetCents;
+    }
+    trackUsage(inputTokens, outputTokens) {
+        this.totalInputTokens += inputTokens;
+        this.totalOutputTokens += outputTokens;
+        this.totalCalls++;
+    }
+    getEstimatedCostCents() {
+        // Sonnet pricing: $3/M input, $15/M output
+        const inputCost = (this.totalInputTokens * AI_CONFIG.pricing.inputCostPerMillion) /
+            1_000_000;
+        const outputCost = (this.totalOutputTokens * AI_CONFIG.pricing.outputCostPerMillion) /
+            1_000_000;
+        return (inputCost + outputCost) * 100; // Convert to cents
+    }
+    isOverBudget() {
+        return this.getEstimatedCostCents() >= this.budgetCents;
+    }
+    getSummary() {
+        const cost = this.getEstimatedCostCents() / 100;
+        return (`AI scan: ${this.totalCalls} calls, ` +
+            `${this.totalInputTokens} input tokens, ` +
+            `${this.totalOutputTokens} output tokens, ` +
+            `~$${cost.toFixed(3)}`);
+    }
+    getEstimate() {
+        const estimatedCalls = this.totalCalls || 1;
+        const estimatedCost = (estimatedCalls * AI_CONFIG.budget.estimatedCostPerCall) / 100;
+        return `Estimated cost: ~$${estimatedCost.toFixed(3)} (${estimatedCalls} calls)`;
+    }
+    getStats() {
+        return {
+            totalCalls: this.totalCalls,
+            totalInputTokens: this.totalInputTokens,
+            totalOutputTokens: this.totalOutputTokens,
+            estimatedCost: this.getEstimatedCostCents(),
+        };
+    }
+    reset() {
+        this.totalInputTokens = 0;
+        this.totalOutputTokens = 0;
+        this.totalCalls = 0;
+    }
+}
+//# sourceMappingURL=cost-tracker.js.map

package/dist/ai/cost-tracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-tracker.js","sourceRoot":"","sources":["../../src/ai/cost-tracker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,OAAO,WAAW;IACd,gBAAgB,GAAG,CAAC,CAAC;IACrB,iBAAiB,GAAG,CAAC,CAAC;IACtB,UAAU,GAAG,CAAC,CAAC;IACf,WAAW,CAAS;IAE5B,YAAY,cAAsB,SAAS,CAAC,MAAM,CAAC,sBAAsB;QACvE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,UAAU,CAAC,WAAmB,EAAE,YAAoB;QAClD,IAAI,CAAC,gBAAgB,IAAI,WAAW,CAAC;QACrC,IAAI,CAAC,iBAAiB,IAAI,YAAY,CAAC;QACvC,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAED,qBAAqB;QACnB,2CAA2C;QAC3C,MAAM,SAAS,GACb,CAAC,IAAI,CAAC,gBAAgB,GAAG,SAAS,CAAC,OAAO,CAAC,mBAAmB,CAAC;YAC/D,SAAS,CAAC;QACZ,MAAM,UAAU,GACd,CAAC,IAAI,CAAC,iBAAiB,GAAG,SAAS,CAAC,OAAO,CAAC,oBAAoB,CAAC;YACjE,SAAS,CAAC;QACZ,OAAO,CAAC,SAAS,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,mBAAmB;IAC5D,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,qBAAqB,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC;IAC1D,CAAC;IAED,UAAU;QACR,MAAM,IAAI,GAAG,IAAI,CAAC,qBAAqB,EAAE,GAAG,GAAG,CAAC;QAChD,OAAO,CACL,YAAY,IAAI,CAAC,UAAU,UAAU;YACrC,GAAG,IAAI,CAAC,gBAAgB,iBAAiB;YACzC,GAAG,IAAI,CAAC,iBAAiB,kBAAkB;YAC3C,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACvB,CAAC;IACJ,CAAC;IAED,WAAW;QACT,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,CAAC;QAC5C,MAAM,aAAa,GACjB,CAAC,cAAc,GAAG,SAAS,CAAC,MAAM,CAAC,oBAAoB,CAAC,GAAG,GAAG,CAAC;QACjE,OAAO,qBAAqB,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,cAAc,SAAS,CAAC;IACnF,CAAC;IAED,QAAQ;QACN,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;YACzC,aAAa,EAAE,IAAI,CAAC,qBAAqB,EAAE;SAC5C,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;IACtB,CAAC;CACF"}

package/dist/ai/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * AI-Powered HIPAA Scanning
+ * Export all AI functionality
+ */
+export { getAIClient, isAIAvailable } from './client.js';
+export { AI_CONFIG } from './config.js';
+export { sanitizeCodeForLLM } from './sanitizer.js';
+export type { SanitizationResult } from './sanitizer.js';
+export { CostTracker } from './cost-tracker.js';
+export { AICache } from './cache.js';
+export { RateLimiter } from './rate-limiter.js';
+export { RuleRunner, triageFinding, triageFindings, AI_RULES, } from './rules/index.js';
+export type { LLMRule, AIFinding, TriagedFinding, TriageClassification, LLMRuleResponse, TriageResponse, } from './rules/index.js';
+export { runAIScan, triageExistingFindings } from './scanner.js';
+export type { AIScanOptions, AIScanResult } from './scanner.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,UAAU,EACV,aAAa,EACb,cAAc,EACd,QAAQ,GACT,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,OAAO,EACP,SAAS,EACT,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,cAAc,GACf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACjE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}

package/dist/ai/index.js

@@ -0,0 +1,13 @@
+/**
+ * AI-Powered HIPAA Scanning
+ * Export all AI functionality
+ */
+export { getAIClient, isAIAvailable } from './client.js';
+export { AI_CONFIG } from './config.js';
+export { sanitizeCodeForLLM } from './sanitizer.js';
+export { CostTracker } from './cost-tracker.js';
+export { AICache } from './cache.js';
+export { RateLimiter } from './rate-limiter.js';
+export { RuleRunner, triageFinding, triageFindings, AI_RULES, } from './rules/index.js';
+export { runAIScan, triageExistingFindings } from './scanner.js';
+//# sourceMappingURL=index.js.map

package/dist/ai/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,UAAU,EACV,aAAa,EACb,cAAc,EACd,QAAQ,GACT,MAAM,kBAAkB,CAAC;AAS1B,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC"}

package/dist/ai/rate-limiter.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Rate Limiter - Prevent exceeding API rate limits
+ */
+export declare class RateLimiter {
+    private callTimestamps;
+    private totalCalls;
+    canMakeCall(): boolean;
+    recordCall(): void;
+    waitIfNeeded(): Promise<void>;
+    reset(): void;
+    getStats(): {
+        callsThisMinute: number;
+        totalCalls: number;
+    };
+}
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/ai/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/ai/rate-limiter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,qBAAa,WAAW;IACtB,OAAO,CAAC,cAAc,CAAgB;IACtC,OAAO,CAAC,UAAU,CAAK;IAEvB,WAAW,IAAI,OAAO;IAsBtB,UAAU,IAAI,IAAI;IAKZ,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAenC,KAAK,IAAI,IAAI;IAKb,QAAQ,IAAI;QAAE,eAAe,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE;CAM5D"}