verification-layer 0.4.0

package/dist/fixer/strategies.js

@@ -0,0 +1,199 @@
+function toScreamingSnakeCase(varName) {
+    return varName
+        .replace(/([a-z])([A-Z])/g, '$1_$2')
+        .replace(/[-\s]+/g, '_')
+        .toUpperCase();
+}
+function extractVarName(line) {
+    // Match variable declarations: const/let/var name = or name: or name =
+    const match = line.match(/(?:const|let|var)\s+(\w+)|(\w+)\s*[:=]/);
+    if (match) {
+        return match[1] || match[2];
+    }
+    return null;
+}
+const fixStrategies = {
+    'sql-injection-template': (line) => {
+        // Pattern: query(`SELECT * FROM users WHERE id = ${userId}`)
+        // Convert to: query('SELECT * FROM users WHERE id = ?', [userId])
+        const templateMatch = line.match(/(\w+)\s*\(\s*`([^`]*)\$\{([^}]+)\}([^`]*)`\s*\)/);
+        if (templateMatch) {
+            const [, funcName, before, variable, after] = templateMatch;
+            // Replace all template interpolations with ?
+            let sql = before + '?' + after;
+            const vars = [variable.trim()];
+            // Handle multiple interpolations
+            let remaining = sql;
+            const additionalMatches = remaining.match(/\$\{([^}]+)\}/g);
+            if (additionalMatches) {
+                for (const match of additionalMatches) {
+                    const varMatch = match.match(/\$\{([^}]+)\}/);
+                    if (varMatch) {
+                        vars.push(varMatch[1].trim());
+                        remaining = remaining.replace(match, '?');
+                    }
+                }
+                sql = remaining;
+            }
+            return line.replace(/(\w+)\s*\(\s*`[^`]*`\s*\)/, `${funcName}('${sql}', [${vars.join(', ')}])`);
+        }
+        return null;
+    },
+    'sql-injection-concat': (line) => {
+        // Pattern: query("SELECT * FROM users WHERE id = " + userId + " AND ...")
+        // Convert to: query("SELECT * FROM users WHERE id = ? AND ...", [userId])
+        // This is a complex pattern - we'll be conservative and only fix simple cases
+        // Match: func("sql part" + variable + "sql part")
+        const simpleMatch = line.match(/(\w+)\s*\(\s*"([^"]+)"\s*\+\s*(\w+)\s*\+\s*"([^"]*)"\s*\)/);
+        if (simpleMatch) {
+            const [, funcName, sqlBefore, variable, sqlAfter] = simpleMatch;
+            // Remove any trailing quote marks from sqlBefore that were meant for the variable
+            const cleanBefore = sqlBefore.replace(/'?\s*$/, '');
+            // Remove any leading quote marks from sqlAfter
+            const cleanAfter = sqlAfter.replace(/^\s*'?/, '');
+            const sql = cleanBefore + '?' + cleanAfter;
+            return line.replace(/(\w+)\s*\(\s*"[^"]+"\s*\+\s*\w+\s*\+\s*"[^"]*"\s*\)/, `${funcName}('${sql}', [${variable}])`);
+        }
+        // For more complex patterns, don't attempt auto-fix
+        return null;
+    },
+    'hardcoded-password': (line) => {
+        // Pattern: password = "secret" or password: "secret"
+        // Convert to: password = process.env.PASSWORD
+        const match = line.match(/(password|pwd)\s*[:=]\s*(['"`])[^'"`]+\2/i);
+        if (match) {
+            const varName = extractVarName(line);
+            const envVarName = varName ? toScreamingSnakeCase(varName) : 'PASSWORD';
+            return line.replace(/(password|pwd)\s*[:=]\s*(['"`])[^'"`]+\2/i, `$1 = process.env.${envVarName}`);
+        }
+        return null;
+    },
+    'hardcoded-secret': (line) => {
+        // Pattern: secret = "xyz"
+        // Convert to: secret = process.env.SECRET
+        const match = line.match(/secret\s*[:=]\s*(['"`])[^'"`]+\1/i);
+        if (match) {
+            const varName = extractVarName(line);
+            const envVarName = varName ? toScreamingSnakeCase(varName) : 'SECRET';
+            return line.replace(/secret\s*[:=]\s*(['"`])[^'"`]+\1/i, `secret = process.env.${envVarName}`);
+        }
+        return null;
+    },
+    'api-key-exposed': (line) => {
+        // Pattern: apiKey = "abc123xyz" or api_key: "abc123xyz"
+        // Convert to: apiKey = process.env.API_KEY
+        const match = line.match(/(api[_-]?key|apikey)\s*[:=]\s*(['"`])[^'"`]+\2/i);
+        if (match) {
+            const varName = extractVarName(line);
+            const envVarName = varName ? toScreamingSnakeCase(varName) : 'API_KEY';
+            return line.replace(/(api[_-]?key|apikey)\s*[:=]\s*(['"`])[^'"`]+\2/i, `$1 = process.env.${envVarName}`);
+        }
+        return null;
+    },
+    'phi-console-log': (line) => {
+        // Pattern: console.log(patient) or console.log("Patient:", patient)
+        // Convert to: // [VLAYER] PHI logging removed - review needed: console.log(...)
+        const match = line.match(/^(\s*)console\.(log|info|debug|warn|error)\s*\(/);
+        if (match) {
+            const indent = match[1];
+            return `${indent}// [VLAYER] PHI logging removed - review needed: ${line.trim()}`;
+        }
+        return null;
+    },
+    'http-url': (line) => {
+        // Pattern: http://example.com
+        // Convert to: https://example.com
+        if (line.includes('http://') && !line.includes('http://localhost') && !line.includes('http://127.0.0.1')) {
+            return line.replace(/http:\/\//g, 'https://');
+        }
+        return null;
+    },
+    'innerhtml-unsanitized': (line) => {
+        // Pattern: element.innerHTML = userText
+        // Convert to: element.textContent = userText
+        const match = line.match(/\.innerHTML\s*=\s*/);
+        if (match) {
+            return line.replace(/\.innerHTML\s*=/, '.textContent =');
+        }
+        return null;
+    },
+    'phi-localstorage': (line) => {
+        // Pattern: localStorage.setItem("patientData", data)
+        // Convert to: comment with suggestion to use server-side session
+        const match = line.match(/^(\s*)localStorage\.(setItem|getItem)\s*\(/);
+        if (match) {
+            const indent = match[1];
+            return `${indent}// [VLAYER] PHI in localStorage removed - use server-side session storage instead\n${indent}// TODO: Replace with: await sessionApi.store(key, encryptedData)\n${indent}// Original: ${line.trim()}`;
+        }
+        return null;
+    },
+    'phi-url-param': (line) => {
+        // Pattern: fetch(`/api?patientId=${id}`)
+        // Convert to: suggestion to use POST with body
+        const match = line.match(/^(\s*)(fetch|axios\.get|http\.get)\s*\(\s*[`'"]/);
+        if (match) {
+            const indent = match[1];
+            const method = match[2];
+            return `${indent}// [VLAYER] PHI in URL params - use POST with encrypted body instead\n${indent}// TODO: Replace with: ${method === 'fetch' ? "fetch(url, { method: 'POST', body: JSON.stringify({ patientId }) })" : 'axios.post(url, { patientId })'}\n${indent}// Original: ${line.trim()}`;
+        }
+        return null;
+    },
+    'phi-log-unredacted': (line) => {
+        // Pattern: logger.info("Patient data", patientData)
+        // Convert to: logger.info("Patient data", redactPHI(patientData))
+        const match = line.match(/(logger\.(log|info|debug|warn|error))\s*\(\s*(['"`][^'"`]*['"`])\s*,\s*(\w+)/);
+        if (match) {
+            const [, loggerCall, , message, variable] = match;
+            return line.replace(new RegExp(`(${loggerCall.replace('.', '\\.')}\\s*\\(\\s*${message.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\s*,\\s*)${variable}`), `$1redactPHI(${variable})`);
+        }
+        // Simpler pattern: logger.info(patientData)
+        const simpleMatch = line.match(/(logger\.(log|info|debug|warn|error))\s*\(\s*(\w*patient\w*)\s*\)/i);
+        if (simpleMatch) {
+            const [, loggerCall, , variable] = simpleMatch;
+            return line.replace(new RegExp(`(${loggerCall.replace('.', '\\.')}\\s*\\()${variable}(\\s*\\))`), `$1redactPHI(${variable})$2`);
+        }
+        return null;
+    },
+    'cookie-insecure': (line) => {
+        // Pattern: cookie: { maxAge: 3600 } or res.cookie('session', value)
+        // Add httpOnly: true, secure: true
+        // Pattern 1: cookie options object without httpOnly
+        const optionsMatch = line.match(/cookie\s*:\s*\{([^}]*)\}/);
+        if (optionsMatch && !line.includes('httpOnly')) {
+            const options = optionsMatch[1];
+            const newOptions = options.trim() ? `${options.trim()}, httpOnly: true, secure: true` : 'httpOnly: true, secure: true';
+            return line.replace(/cookie\s*:\s*\{[^}]*\}/, `cookie: { ${newOptions} }`);
+        }
+        // Pattern 2: res.cookie() without options
+        const resCookieMatch = line.match(/(res\.cookie\s*\(\s*['"`][^'"`]+['"`]\s*,\s*\w+)\s*\)/);
+        if (resCookieMatch && !line.includes('httpOnly')) {
+            return line.replace(/(res\.cookie\s*\(\s*['"`][^'"`]+['"`]\s*,\s*\w+)\s*\)/, '$1, { httpOnly: true, secure: true })');
+        }
+        return null;
+    },
+    'backup-unencrypted': (line) => {
+        // Pattern: writeFile('backup.sql', data) or backup.sql without encryption
+        // Add encryption suggestion
+        const match = line.match(/^(\s*)(fs\.)?writeFile\s*\(\s*(['"`][^'"`]*backup[^'"`]*['"`])/i);
+        if (match) {
+            const indent = match[1];
+            const filePath = match[3];
+            return `${indent}// [VLAYER] Unencrypted backup - encrypt before writing\n${indent}// TODO: const encrypted = await crypto.encrypt(data, process.env.BACKUP_KEY);\n${indent}// Then write encrypted data to ${filePath}.enc\n${indent}// Original: ${line.trim()}`;
+        }
+        // Pattern for backup config
+        const configMatch = line.match(/^(\s*).*backup.*=.*\.(sql|csv|json|txt)/i);
+        if (configMatch && !line.includes('encrypt') && !line.includes('gpg')) {
+            const indent = configMatch[1];
+            return `${indent}// [VLAYER] Use encrypted backup format (.gpg, .enc) or enable encryption\n${indent}${line.trim()}`;
+        }
+        return null;
+    },
+};
+export function applyFixStrategy(line, fixType) {
+    const strategy = fixStrategies[fixType];
+    if (!strategy) {
+        return null;
+    }
+    return strategy(line);
+}
+//# sourceMappingURL=strategies.js.map

package/dist/fixer/strategies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strategies.js","sourceRoot":"","sources":["../../src/fixer/strategies.ts"],"names":[],"mappings":"AAIA,SAAS,oBAAoB,CAAC,OAAe;IAC3C,OAAO,OAAO;SACX,OAAO,CAAC,iBAAiB,EAAE,OAAO,CAAC;SACnC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;SACvB,WAAW,EAAE,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,uEAAuE;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IACnE,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,aAAa,GAAiC;IAClD,wBAAwB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACxD,6DAA6D;QAC7D,kEAAkE;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACpF,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,GAAG,aAAa,CAAC;YAC5D,6CAA6C;YAC7C,IAAI,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC;YAC/B,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAE/B,iCAAiC;YACjC,IAAI,SAAS,GAAG,GAAG,CAAC;YACpB,MAAM,iBAAiB,GAAG,SAAS,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAC5D,IAAI,iBAAiB,EAAE,CAAC;gBACtB,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;oBACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;oBAC9C,IAAI,QAAQ,EAAE,CAAC;wBACb,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;wBAC9B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;gBACD,GAAG,GAAG,SAAS,CAAC;YAClB,CAAC;YAED,OAAO,IAAI,CAAC,OAAO,CACjB,2BAA2B,EAC3B,GAAG,QAAQ,KAAK,GAAG,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAC9C,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sBAAsB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACtD,0EAA0E;QAC1E,0EAA0E;QAC1E,8EAA8E;QAE9E,kDAAkD;QAClD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAC5F,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,GAAG,WAAW,CAAC;YAChE,kFAAkF;YAClF,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpD,+CAA+C;YAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAClD,MAAM,GAAG,GAAG,WAAW,GAAG,GAAG,GAAG,UAAU,CAAC;YAC3C,OAAO,IAAI,CAAC,OAAO,CACjB,qDAAqD,EACrD,GAAG,QAAQ,KAAK,GAAG,OAAO,QAAQ,IAAI,CACvC,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACpD,qDAAqD;QACrD,8CAA8C;QAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QACtE,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;YACxE,OAAO,IAAI,CAAC,OAAO,CACjB,2CAA2C,EAC3C,oBAAoB,UAAU,EAAE,CACjC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kBAAkB,EAAE,CAAC,IAAY,EAAiB,EAAE;QAClD,0BAA0B;QAC1B,0CAA0C;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC9D,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;YACtE,OAAO,IAAI,CAAC,OAAO,CACjB,mCAAmC,EACnC,wBAAwB,UAAU,EAAE,CACrC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACjD,wDAAwD;QACxD,2CAA2C;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAC5E,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACvE,OAAO,IAAI,CAAC,OAAO,CACjB,iDAAiD,EACjD,oBAAoB,UAAU,EAAE,CACjC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACjD,oEAAoE;QACpE,gFAAgF;QAChF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAC5E,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,GAAG,MAAM,oDAAoD,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACpF,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,EAAE,CAAC,IAAY,EAAiB,EAAE;QAC1C,8BAA8B;QAC9B,kCAAkC;QAClC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzG,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uBAAuB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACvD,wCAAwC;QACxC,6CAA6C;QAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kBAAkB,EAAE,CAAC,IAAY,EAAiB,EAAE;QAClD,qDAAqD;QACrD,iEAAiE;QACjE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACvE,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,GAAG,MAAM,sFAAsF,MAAM,sEAAsE,MAAM,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACxN,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe,EAAE,CAAC,IAAY,EAAiB,EAAE;QAC/C,yCAAyC;QACzC,+CAA+C;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAC5E,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,GAAG,MAAM,yEAAyE,MAAM,0BAA0B,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,qEAAqE,CAAC,CAAC,CAAC,gCAAgC,KAAK,MAAM,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACjS,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACpD,oDAAoD;QACpD,kEAAkE;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAC;QACzG,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,EAAE,UAAU,EAAE,AAAD,EAAG,OAAO,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;YAClD,OAAO,IAAI,CAAC,OAAO,CACjB,IAAI,MAAM,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,cAAc,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,aAAa,QAAQ,EAAE,CAAC,EACjI,eAAe,QAAQ,GAAG,CAC3B,CAAC;QACJ,CAAC;QACD,4CAA4C;QAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACrG,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,EAAE,UAAU,EAAE,AAAD,EAAG,QAAQ,CAAC,GAAG,WAAW,CAAC;YAC/C,OAAO,IAAI,CAAC,OAAO,CACjB,IAAI,MAAM,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,WAAW,QAAQ,WAAW,CAAC,EAC5E,eAAe,QAAQ,KAAK,CAC7B,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACjD,oEAAoE;QACpE,mCAAmC;QAEnC,oDAAoD;QACpD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC5D,IAAI,YAAY,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,gCAAgC,CAAC,CAAC,CAAC,8BAA8B,CAAC;YACvH,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE,aAAa,UAAU,IAAI,CAAC,CAAC;QAC7E,CAAC;QAED,0CAA0C;QAC1C,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3F,IAAI,cAAc,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,OAAO,CACjB,uDAAuD,EACvD,uCAAuC,CACxC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB,EAAE,CAAC,IAAY,EAAiB,EAAE;QACpD,0EAA0E;QAC1E,4BAA4B;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QAC5F,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,OAAO,GAAG,MAAM,4DAA4D,MAAM,mFAAmF,MAAM,mCAAmC,QAAQ,SAAS,MAAM,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACrQ,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC3E,IAAI,WAAW,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAC9B,OAAO,GAAG,MAAM,8EAA8E,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACvH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,OAAgB;IAC7D,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { scan } from './scan.js';
+export { generateReport } from './reporters/index.js';
+export type { Finding, ScanResult, ScanOptions, Report, ReportOptions, Scanner, Severity, ComplianceCategory, VlayerConfig, ContextLine, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,MAAM,EACN,aAAa,EACb,OAAO,EACP,QAAQ,EACR,kBAAkB,EAClB,YAAY,EACZ,WAAW,GACZ,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export { scan } from './scan.js';
+export { generateReport } from './reporters/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/reporters/audit-report.d.ts

@@ -0,0 +1,13 @@
+import type { AuditTrail, AuditReportOptions } from '../types.js';
+/**
+ * Generate PDF audit report
+ */
+export declare function generateAuditReport(trail: AuditTrail, options: AuditReportOptions): Promise<{
+    path: string;
+    hash: string;
+}>;
+/**
+ * Generate text-based audit report (for environments without PDF support)
+ */
+export declare function generateTextAuditReport(trail: AuditTrail): string;
+//# sourceMappingURL=audit-report.d.ts.map

package/dist/reporters/audit-report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-report.d.ts","sourceRoot":"","sources":["../../src/reporters/audit-report.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAmC,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAsBnG;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,UAAU,EACjB,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAkDzC;AAghBD;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAuEjE"}