verification-layer 0.20.0 → 0.22.0

package/dist/utils/npm-audit.js

@@ -0,0 +1,95 @@
+import { exec } from 'child_process';
+import { promisify } from 'util';
+const execAsync = promisify(exec);
+export async function runNpmAudit(projectPath) {
+    try {
+        // Execute npm audit --json in the project directory
+        const { stdout } = await execAsync('npm audit --json', {
+            cwd: projectPath,
+            maxBuffer: 10 * 1024 * 1024, // 10MB buffer
+            timeout: 30000, // 30 second timeout
+        });
+        // Parse the JSON output
+        const auditResult = JSON.parse(stdout);
+        // Extract and transform vulnerabilities
+        const vulnerabilities = [];
+        for (const [packageName, vuln] of Object.entries(auditResult.vulnerabilities || {})) {
+            // Extract URL from via if it's an array
+            let url;
+            let via = '';
+            if (Array.isArray(vuln.via)) {
+                // via is an array of vulnerability details
+                const firstVia = vuln.via[0];
+                if (typeof firstVia === 'object' && 'url' in firstVia) {
+                    url = firstVia.url;
+                    via = firstVia.title || packageName;
+                }
+                else {
+                    via = String(firstVia);
+                }
+            }
+            else {
+                via = String(vuln.via);
+            }
+            vulnerabilities.push({
+                name: packageName,
+                severity: vuln.severity,
+                via,
+                range: vuln.range,
+                fixAvailable: vuln.fixAvailable,
+                url,
+            });
+        }
+        return { vulnerabilities };
+    }
+    catch (error) {
+        // npm audit exits with non-zero if vulnerabilities are found
+        // Check if error contains JSON output
+        if (error.stdout) {
+            try {
+                const auditResult = JSON.parse(error.stdout);
+                const vulnerabilities = [];
+                for (const [packageName, vuln] of Object.entries(auditResult.vulnerabilities || {})) {
+                    let url;
+                    let via = '';
+                    if (Array.isArray(vuln.via)) {
+                        const firstVia = vuln.via[0];
+                        if (typeof firstVia === 'object' && 'url' in firstVia) {
+                            url = firstVia.url;
+                            via = firstVia.title || packageName;
+                        }
+                        else {
+                            via = String(firstVia);
+                        }
+                    }
+                    else {
+                        via = String(vuln.via);
+                    }
+                    vulnerabilities.push({
+                        name: packageName,
+                        severity: vuln.severity,
+                        via,
+                        range: vuln.range,
+                        fixAvailable: vuln.fixAvailable,
+                        url,
+                    });
+                }
+                return { vulnerabilities };
+            }
+            catch {
+                // Failed to parse JSON from error output
+            }
+        }
+        // Real error - npm audit failed or not available
+        const errorMessage = error.message || 'Unknown error';
+        // Common error scenarios
+        if (errorMessage.includes('ENOENT') || errorMessage.includes('not found')) {
+            return { vulnerabilities: [], error: 'npm command not found. Is Node.js/npm installed?' };
+        }
+        if (errorMessage.includes('package.json')) {
+            return { vulnerabilities: [], error: 'No package.json found in project directory' };
+        }
+        return { vulnerabilities: [], error: `npm audit failed: ${errorMessage}` };
+    }
+}
+//# sourceMappingURL=npm-audit.js.map

package/dist/utils/npm-audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-audit.js","sourceRoot":"","sources":["../../src/utils/npm-audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAGjC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAwBlC,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAmB;IAEnB,IAAI,CAAC;QACH,oDAAoD;QACpD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,kBAAkB,EAAE;YACrD,GAAG,EAAE,WAAW;YAChB,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,cAAc;YAC3C,OAAO,EAAE,KAAK,EAAE,oBAAoB;SACrC,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,WAAW,GAAmB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEvD,wCAAwC;QACxC,MAAM,eAAe,GAA8B,EAAE,CAAC;QAEtD,KAAK,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YACpF,wCAAwC;YACxC,IAAI,GAAuB,CAAC;YAC5B,IAAI,GAAG,GAAG,EAAE,CAAC;YAEb,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,2CAA2C;gBAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC7B,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;oBACtD,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC;oBACnB,GAAG,GAAG,QAAQ,CAAC,KAAK,IAAI,WAAW,CAAC;gBACtC,CAAC;qBAAM,CAAC;oBACN,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAED,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,GAAG;aACJ,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,eAAe,EAAE,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,6DAA6D;QAC7D,sCAAsC;QACtC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,WAAW,GAAmB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7D,MAAM,eAAe,GAA8B,EAAE,CAAC;gBAEtD,KAAK,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;oBACpF,IAAI,GAAuB,CAAC;oBAC5B,IAAI,GAAG,GAAG,EAAE,CAAC;oBAEb,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;wBAC7B,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;4BACtD,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC;4BACnB,GAAG,GAAG,QAAQ,CAAC,KAAK,IAAI,WAAW,CAAC;wBACtC,CAAC;6BAAM,CAAC;4BACN,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;wBACzB,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACzB,CAAC;oBAED,eAAe,CAAC,IAAI,CAAC;wBACnB,IAAI,EAAE,WAAW;wBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,GAAG;wBACH,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,GAAG;qBACJ,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,EAAE,eAAe,EAAE,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,IAAI,eAAe,CAAC;QAEtD,yBAAyB;QACzB,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1E,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAE,CAAC;QAC5F,CAAC;QAED,IAAI,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC;QACtF,CAAC;QAED,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,qBAAqB,YAAY,EAAE,EAAE,CAAC;IAC7E,CAAC;AACH,CAAC"}

package/dist/utils/scan-history.d.ts

@@ -0,0 +1,59 @@
+import type { Finding } from '../types.js';
+export interface ScanHistoryEntry {
+    timestamp: string;
+    date: string;
+    complianceScore: number;
+    severity: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    failedRuleIds: string[];
+    totalFilesScanned: number;
+}
+export interface ScanComparison {
+    previousScan?: ScanHistoryEntry;
+    scoreChange: number;
+    severityChanges: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    newIssues: string[];
+    resolvedIssues: string[];
+}
+/**
+ * Get the history directory path for a project
+ */
+export declare function getHistoryDir(projectPath: string): string;
+/**
+ * Ensure the history directory exists
+ */
+export declare function ensureHistoryDir(projectPath: string): Promise<void>;
+/**
+ * Generate filename for a scan history entry
+ */
+export declare function generateHistoryFilename(): string;
+/**
+ * Save scan results to history
+ */
+export declare function saveScanHistory(projectPath: string, score: number, findings: Finding[], scannedFiles: number): Promise<void>;
+/**
+ * Get the most recent scan history entry
+ */
+export declare function getMostRecentScan(projectPath: string): Promise<ScanHistoryEntry | null>;
+/**
+ * Get all scan history entries
+ */
+export declare function getAllScans(projectPath: string): Promise<ScanHistoryEntry[]>;
+/**
+ * Compare current scan with previous scan
+ */
+export declare function compareScan(currentScore: number, currentFindings: Finding[], previousScan: ScanHistoryEntry | null): ScanComparison;
+/**
+ * Format a date string from history filename format
+ */
+export declare function formatHistoryDate(dateStr: string): string;
+//# sourceMappingURL=scan-history.d.ts.map

package/dist/utils/scan-history.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-history.d.ts","sourceRoot":"","sources":["../../src/utils/scan-history.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAKzE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAUhD;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,OAAO,EAAE,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,IAAI,CAAC,CA2Bf;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAwB7F;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CA4BlF;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,YAAY,EAAE,MAAM,EACpB,eAAe,EAAE,OAAO,EAAE,EAC1B,YAAY,EAAE,gBAAgB,GAAG,IAAI,GACpC,cAAc,CAgDhB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAUzD"}

package/dist/utils/scan-history.js

@@ -0,0 +1,170 @@
+import { readdir, readFile, writeFile, mkdir } from 'fs/promises';
+import { join } from 'path';
+import { existsSync } from 'fs';
+/**
+ * Get the history directory path for a project
+ */
+export function getHistoryDir(projectPath) {
+    return join(projectPath, '.vlayer', 'history');
+}
+/**
+ * Ensure the history directory exists
+ */
+export async function ensureHistoryDir(projectPath) {
+    const historyDir = getHistoryDir(projectPath);
+    if (!existsSync(historyDir)) {
+        await mkdir(historyDir, { recursive: true });
+    }
+}
+/**
+ * Generate filename for a scan history entry
+ */
+export function generateHistoryFilename() {
+    const now = new Date();
+    const yyyy = now.getFullYear();
+    const mm = String(now.getMonth() + 1).padStart(2, '0');
+    const dd = String(now.getDate()).padStart(2, '0');
+    const hh = String(now.getHours()).padStart(2, '0');
+    const min = String(now.getMinutes()).padStart(2, '0');
+    const ss = String(now.getSeconds()).padStart(2, '0');
+    return `scan-${yyyy}-${mm}-${dd}-${hh}${min}${ss}.json`;
+}
+/**
+ * Save scan results to history
+ */
+export async function saveScanHistory(projectPath, score, findings, scannedFiles) {
+    await ensureHistoryDir(projectPath);
+    // Filter to active findings (not baseline, not suppressed, not acknowledged)
+    const activeFindings = findings.filter(f => !f.isBaseline && !f.suppressed && !f.acknowledged);
+    const entry = {
+        timestamp: new Date().toISOString(),
+        date: generateHistoryFilename().replace('scan-', '').replace('.json', ''),
+        complianceScore: score,
+        severity: {
+            critical: activeFindings.filter(f => f.severity === 'critical').length,
+            high: activeFindings.filter(f => f.severity === 'high').length,
+            medium: activeFindings.filter(f => f.severity === 'medium').length,
+            low: activeFindings.filter(f => f.severity === 'low').length,
+        },
+        failedRuleIds: [...new Set(activeFindings.map(f => f.id))],
+        totalFilesScanned: scannedFiles,
+    };
+    const historyDir = getHistoryDir(projectPath);
+    const filename = generateHistoryFilename();
+    const filePath = join(historyDir, filename);
+    await writeFile(filePath, JSON.stringify(entry, null, 2), 'utf-8');
+}
+/**
+ * Get the most recent scan history entry
+ */
+export async function getMostRecentScan(projectPath) {
+    const historyDir = getHistoryDir(projectPath);
+    if (!existsSync(historyDir)) {
+        return null;
+    }
+    try {
+        const files = await readdir(historyDir);
+        const scanFiles = files
+            .filter(f => f.startsWith('scan-') && f.endsWith('.json'))
+            .sort()
+            .reverse(); // Most recent first
+        if (scanFiles.length === 0) {
+            return null;
+        }
+        const mostRecentFile = scanFiles[0];
+        const content = await readFile(join(historyDir, mostRecentFile), 'utf-8');
+        return JSON.parse(content);
+    }
+    catch (error) {
+        return null;
+    }
+}
+/**
+ * Get all scan history entries
+ */
+export async function getAllScans(projectPath) {
+    const historyDir = getHistoryDir(projectPath);
+    if (!existsSync(historyDir)) {
+        return [];
+    }
+    try {
+        const files = await readdir(historyDir);
+        const scanFiles = files
+            .filter(f => f.startsWith('scan-') && f.endsWith('.json'))
+            .sort()
+            .reverse(); // Most recent first
+        const scans = [];
+        for (const file of scanFiles) {
+            try {
+                const content = await readFile(join(historyDir, file), 'utf-8');
+                scans.push(JSON.parse(content));
+            }
+            catch {
+                // Skip corrupted files
+            }
+        }
+        return scans;
+    }
+    catch (error) {
+        return [];
+    }
+}
+/**
+ * Compare current scan with previous scan
+ */
+export function compareScan(currentScore, currentFindings, previousScan) {
+    if (!previousScan) {
+        return {
+            previousScan: undefined,
+            scoreChange: 0,
+            severityChanges: {
+                critical: 0,
+                high: 0,
+                medium: 0,
+                low: 0,
+            },
+            newIssues: [],
+            resolvedIssues: [],
+        };
+    }
+    // Filter to active findings
+    const activeFindings = currentFindings.filter(f => !f.isBaseline && !f.suppressed && !f.acknowledged);
+    const currentRuleIds = new Set(activeFindings.map(f => f.id));
+    const previousRuleIds = new Set(previousScan.failedRuleIds);
+    // Find new and resolved issues
+    const newIssues = [...currentRuleIds].filter(id => !previousRuleIds.has(id));
+    const resolvedIssues = [...previousRuleIds].filter(id => !currentRuleIds.has(id));
+    // Calculate severity changes
+    const currentSeverity = {
+        critical: activeFindings.filter(f => f.severity === 'critical').length,
+        high: activeFindings.filter(f => f.severity === 'high').length,
+        medium: activeFindings.filter(f => f.severity === 'medium').length,
+        low: activeFindings.filter(f => f.severity === 'low').length,
+    };
+    return {
+        previousScan,
+        scoreChange: currentScore - previousScan.complianceScore,
+        severityChanges: {
+            critical: currentSeverity.critical - previousScan.severity.critical,
+            high: currentSeverity.high - previousScan.severity.high,
+            medium: currentSeverity.medium - previousScan.severity.medium,
+            low: currentSeverity.low - previousScan.severity.low,
+        },
+        newIssues,
+        resolvedIssues,
+    };
+}
+/**
+ * Format a date string from history filename format
+ */
+export function formatHistoryDate(dateStr) {
+    // dateStr format: YYYY-MM-DD-HHmmss
+    const year = dateStr.substring(0, 4);
+    const month = dateStr.substring(5, 7);
+    const day = dateStr.substring(8, 10);
+    const hour = dateStr.substring(11, 13);
+    const minute = dateStr.substring(13, 15);
+    const second = dateStr.substring(15, 17);
+    return `${year}-${month}-${day} ${hour}:${minute}:${second}`;
+}
+//# sourceMappingURL=scan-history.js.map

package/dist/utils/scan-history.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-history.js","sourceRoot":"","sources":["../../src/utils/scan-history.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,IAAI,EAAW,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AA8BhC;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,OAAO,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACxD,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAErD,OAAO,QAAQ,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,GAAG,EAAE,OAAO,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,KAAa,EACb,QAAmB,EACnB,YAAoB;IAEpB,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAEpC,6EAA6E;IAC7E,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,CAAC;IAEF,MAAM,KAAK,GAAqB;QAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,uBAAuB,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QACzE,eAAe,EAAE,KAAK;QACtB,QAAQ,EAAE;YACR,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YACtE,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC9D,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YAClE,GAAG,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;SAC7D;QACD,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1D,iBAAiB,EAAE,YAAY;KAChC,CAAC;IAEF,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,uBAAuB,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAE5C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IACzD,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAE9C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,KAAK;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aACzD,IAAI,EAAE;aACN,OAAO,EAAE,CAAC,CAAC,oBAAoB;QAElC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,WAAmB;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAE9C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,KAAK;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aACzD,IAAI,EAAE;aACN,OAAO,EAAE,CAAC,CAAC,oBAAoB;QAElC,MAAM,KAAK,GAAuB,EAAE,CAAC;QACrC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;gBAChE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,YAAoB,EACpB,eAA0B,EAC1B,YAAqC;IAErC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,YAAY,EAAE,SAAS;YACvB,WAAW,EAAE,CAAC;YACd,eAAe,EAAE;gBACf,QAAQ,EAAE,CAAC;gBACX,IAAI,EAAE,CAAC;gBACP,MAAM,EAAE,CAAC;gBACT,GAAG,EAAE,CAAC;aACP;YACD,SAAS,EAAE,EAAE;YACb,cAAc,EAAE,EAAE;SACnB,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAC3C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,CAAC;IAEF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9D,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;IAE5D,+BAA+B;IAC/B,MAAM,SAAS,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAElF,6BAA6B;IAC7B,MAAM,eAAe,GAAG;QACtB,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QACtE,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC9D,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAClE,GAAG,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KAC7D,CAAC;IAEF,OAAO;QACL,YAAY;QACZ,WAAW,EAAE,YAAY,GAAG,YAAY,CAAC,eAAe;QACxD,eAAe,EAAE;YACf,QAAQ,EAAE,eAAe,CAAC,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ;YACnE,IAAI,EAAE,eAAe,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI;YACvD,MAAM,EAAE,eAAe,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM;YAC7D,GAAG,EAAE,eAAe,CAAC,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG;SACrD;QACD,SAAS;QACT,cAAc;KACf,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,oCAAoC;IACpC,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAEzC,OAAO,GAAG,IAAI,IAAI,KAAK,IAAI,GAAG,IAAI,IAAI,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;AAC/D,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verification-layer",
-  "version": "0.20.0",
+  "version": "0.22.0",
   "description": "CLI tool for HIPAA compliance scanning and reporting",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -16,6 +16,7 @@
   },
   "files": [
     "dist",
+    "templates",
     "README.md",
     "LICENSE"
   ],
@@ -74,12 +75,14 @@
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.73.0",
+    "@types/inquirer": "^9.0.9",
     "@types/pdfkit": "^0.17.4",
     "@typescript-eslint/typescript-estree": "^8.54.0",
     "chalk": "^5.3.0",
     "chokidar": "^5.0.0",
     "commander": "^12.0.0",
     "glob": "^10.3.0",
+    "inquirer": "^9.3.8",
     "minimatch": "^10.1.1",
     "ora": "^8.0.0",
     "pdfkit": "^0.17.2",

package/templates/baa-verification-letter.md

@@ -0,0 +1,105 @@
+# Annual Business Associate Security Verification
+
+**Date:** [DATE]
+
+**To:** [COVERED ENTITY NAME]
+**Attention:** [CE CONTACT NAME]
+
+**From:** [BA COMPANY NAME]
+**Contact:** [BA CONTACT NAME]
+**Email:** [BA EMAIL]
+
+---
+
+## Certification Statement
+
+This letter certifies that **[BA COMPANY NAME]** has reviewed and verified deployment of the following HIPAA Security Rule technical safeguards as required under our Business Associate Agreement with **[COVERED ENTITY NAME]**.
+
+## Technical Safeguards Verification Checklist
+
+As required by 45 CFR §164.312, the following technical safeguards have been implemented and verified:
+
+### Required Safeguards (45 CFR §164.312)
+
+- ☐ **Access Controls** (§164.312(a)(1))
+  - Unique user identification
+  - Emergency access procedures
+  - Automatic logoff
+  - Encryption and decryption
+
+- ☐ **Audit Controls** (§164.312(b))
+  - Hardware, software, and/or procedural mechanisms to record and examine access and activity in systems containing ePHI
+
+- ☐ **Integrity** (§164.312(c)(1))
+  - Mechanisms to authenticate ePHI and ensure it has not been altered or destroyed in an unauthorized manner
+
+- ☐ **Person or Entity Authentication** (§164.312(d))
+  - Procedures to verify that a person or entity seeking access to ePHI is the one claimed
+
+- ☐ **Transmission Security** (§164.312(e)(1))
+  - Technical security measures to guard against unauthorized access to ePHI transmitted over electronic networks
+
+### Additional Security Measures Verified
+
+- ☐ **Encryption at Rest**
+  - ePHI stored in encrypted format using industry-standard algorithms (AES-256 or equivalent)
+
+- ☐ **Encryption in Transit**
+  - All ePHI transmissions protected with TLS 1.2 or higher
+
+- ☐ **Multi-Factor Authentication (MFA)**
+  - MFA implemented for all accounts with access to ePHI
+
+- ☐ **Role-Based Access Control (RBAC)**
+  - Access to ePHI restricted based on job function and minimum necessary principle
+
+## Compliance Report Attachment
+
+The vlayer HIPAA Compliance Report dated **[DATE]** is attached as **Exhibit A** to this verification letter.
+
+**Compliance Score:** [SCORE]/100
+
+This automated security assessment confirms the technical implementation of the above safeguards and identifies any gaps requiring remediation.
+
+## Security Incident Reporting
+
+[BA COMPANY NAME] confirms that:
+- No security incidents affecting ePHI have occurred during this reporting period, OR
+- All security incidents have been reported to [COVERED ENTITY NAME] in accordance with our BAA within the required timeframes
+
+## Signatures
+
+By signing below, both parties acknowledge receipt and review of this annual security verification.
+
+### Business Associate
+
+**Signature:** \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
+
+**Name:** [BA CONTACT NAME]
+
+**Title:** \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
+
+**Date:** \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
+
+### Covered Entity
+
+**Signature:** \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
+
+**Name:** [CE CONTACT NAME]
+
+**Title:** \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
+
+**Date:** \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
+
+---
+
+## Disclaimer
+
+This verification does not guarantee absolute security but confirms that technical safeguards have been deployed and verified as of the date above. Security is an ongoing process requiring continuous monitoring, assessment, and improvement. [BA COMPANY NAME] commits to maintaining these safeguards and promptly notifying [COVERED ENTITY NAME] of any material changes or security incidents affecting ePHI.
+
+**Retention:** This verification letter and attached compliance report must be retained for a minimum of six (6) years as required by 45 CFR §164.316(b)(2).
+
+---
+
+*Generated using vlayer - HIPAA Compliance Scanner*
+*https://github.com/Francosimon53/verification-layer*