vibe-checking 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -0
- package/dist/claude/correlator.d.ts +2 -0
- package/dist/claude/correlator.js +179 -0
- package/dist/claude/correlator.js.map +1 -0
- package/dist/claude/reader.d.ts +5 -0
- package/dist/claude/reader.js +191 -0
- package/dist/claude/reader.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +102 -0
- package/dist/index.js.map +1 -0
- package/dist/repl/display.d.ts +16 -0
- package/dist/repl/display.js +153 -0
- package/dist/repl/display.js.map +1 -0
- package/dist/repl/repl.d.ts +9 -0
- package/dist/repl/repl.js +110 -0
- package/dist/repl/repl.js.map +1 -0
- package/dist/report/html.d.ts +9 -0
- package/dist/report/html.js +174 -0
- package/dist/report/html.js.map +1 -0
- package/dist/scanners/aggregator.d.ts +12 -0
- package/dist/scanners/aggregator.js +126 -0
- package/dist/scanners/aggregator.js.map +1 -0
- package/dist/scanners/deps.d.ts +6 -0
- package/dist/scanners/deps.js +73 -0
- package/dist/scanners/deps.js.map +1 -0
- package/dist/scanners/gitleaks.d.ts +7 -0
- package/dist/scanners/gitleaks.js +103 -0
- package/dist/scanners/gitleaks.js.map +1 -0
- package/dist/scanners/installer.d.ts +3 -0
- package/dist/scanners/installer.js +121 -0
- package/dist/scanners/installer.js.map +1 -0
- package/dist/scanners/rls.d.ts +6 -0
- package/dist/scanners/rls.js +177 -0
- package/dist/scanners/rls.js.map +1 -0
- package/dist/scanners/semgrep.d.ts +7 -0
- package/dist/scanners/semgrep.js +121 -0
- package/dist/scanners/semgrep.js.map +1 -0
- package/dist/types.d.ts +45 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/package.json +29 -0
|
@@ -0,0 +1,153 @@
|
|
|
1
|
+
import pc from "picocolors";
|
|
2
|
+
import { computeScore } from "../scanners/aggregator.js";
|
|
3
|
+
const RULE_LINE = "─────────────────────────────────────────────────────────────";
|
|
4
|
+
function sevTag(sev) {
|
|
5
|
+
return sev === "critical"
|
|
6
|
+
? pc.bold(pc.red("CRITICAL"))
|
|
7
|
+
: pc.bold(pc.yellow("MEDIUM "));
|
|
8
|
+
}
|
|
9
|
+
function colorByCol(text, col) {
|
|
10
|
+
switch (col) {
|
|
11
|
+
case "rust":
|
|
12
|
+
return pc.red(text);
|
|
13
|
+
case "amber":
|
|
14
|
+
return pc.yellow(text);
|
|
15
|
+
case "green":
|
|
16
|
+
return pc.green(text);
|
|
17
|
+
default:
|
|
18
|
+
return text;
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
export function printBoot(stats, withClaude) {
|
|
22
|
+
const parts = [];
|
|
23
|
+
if (stats.gitHistory)
|
|
24
|
+
parts.push("git history");
|
|
25
|
+
if (stats.sourceScanned)
|
|
26
|
+
parts.push("source");
|
|
27
|
+
if (stats.supabaseMigrations)
|
|
28
|
+
parts.push("supabase migrations");
|
|
29
|
+
if (withClaude && stats.claudeSessions > 0) {
|
|
30
|
+
parts.push(pc.green(`${stats.claudeSessions} claude code sessions`));
|
|
31
|
+
}
|
|
32
|
+
console.log(pc.dim(`scanned ${parts.join(" · ")}`));
|
|
33
|
+
const stackParts = [];
|
|
34
|
+
if (stats.stack.length > 0)
|
|
35
|
+
stackParts.push(stats.stack.join(" · "));
|
|
36
|
+
if (stats.contributors > 0)
|
|
37
|
+
stackParts.push(`${stats.contributors} contributor${stats.contributors !== 1 ? "s" : ""}`);
|
|
38
|
+
if (stackParts.length > 0) {
|
|
39
|
+
console.log(pc.dim(pc.gray(`stack: ${stackParts.join(" · ")}`)));
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
export function printList(findings, statuses) {
|
|
43
|
+
const { score, verdict, col } = computeScore(findings, statuses);
|
|
44
|
+
const open = statuses.filter((s) => s === "open").length;
|
|
45
|
+
const cleared = findings.length - open;
|
|
46
|
+
console.log();
|
|
47
|
+
console.log(`${colorByCol(pc.bold(verdict), col)} score ${colorByCol(pc.bold(String(score)), col)}${pc.dim(pc.gray("/10"))} · ${pc.dim(`${open} open · ${cleared} cleared`)}`);
|
|
48
|
+
console.log(pc.dim(pc.gray(RULE_LINE)));
|
|
49
|
+
for (let i = 0; i < findings.length; i++) {
|
|
50
|
+
const f = findings[i];
|
|
51
|
+
const n = String(i + 1).padStart(2, "0");
|
|
52
|
+
const status = statuses[i];
|
|
53
|
+
let tag = "";
|
|
54
|
+
if (status === "fixed")
|
|
55
|
+
tag = " " + pc.green("✓ fix shown");
|
|
56
|
+
if (status === "ignored")
|
|
57
|
+
tag = " " + pc.dim("⊘ ignored");
|
|
58
|
+
const line = ` ${pc.dim(n)} ${sevTag(f.severity)} ${pc.dim(f.path)}${tag}`;
|
|
59
|
+
const titleText = status === "open" ? f.title : pc.dim(pc.strikethrough(f.title));
|
|
60
|
+
const title = ` ${titleText}`;
|
|
61
|
+
console.log(line);
|
|
62
|
+
console.log(title);
|
|
63
|
+
}
|
|
64
|
+
console.log(pc.dim(pc.gray(RULE_LINE)));
|
|
65
|
+
console.log(pc.dim(pc.gray(`type a ${pc.magenta("number")} to inspect · ${pc.magenta("list")} · ${pc.magenta("help")} · ${pc.magenta("q")} to finish`)));
|
|
66
|
+
console.log();
|
|
67
|
+
}
|
|
68
|
+
export function printInspect(finding, index) {
|
|
69
|
+
const n = String(index + 1).padStart(2, "0");
|
|
70
|
+
console.log();
|
|
71
|
+
console.log(pc.dim(`finding ${n} ──────────────────────────────────────────────────`));
|
|
72
|
+
console.log(`${sevTag(finding.severity)} ${pc.bold(finding.title)}`);
|
|
73
|
+
console.log(pc.dim(pc.gray(finding.path)));
|
|
74
|
+
console.log(pc.dim(finding.meta));
|
|
75
|
+
console.log();
|
|
76
|
+
if (finding.trace) {
|
|
77
|
+
console.log(pc.bold(pc.magenta("PROMPT TRACE")));
|
|
78
|
+
console.log(` ${pc.dim(pc.gray("prompt "))} ${pc.white(finding.trace.prompt)}`);
|
|
79
|
+
console.log(` ${pc.magenta("↓")} ${pc.dim(pc.gray(finding.trace.session))}`);
|
|
80
|
+
console.log(` ${pc.dim(pc.gray("generated"))} ${pc.dim(finding.trace.file)}`);
|
|
81
|
+
console.log(` ${pc.magenta("↓")}`);
|
|
82
|
+
console.log(` ${pc.dim(pc.gray("result "))} ${finding.trace.result}`);
|
|
83
|
+
console.log();
|
|
84
|
+
console.log(pc.dim(pc.gray(`commands: ${pc.magenta("fix")} show secure prompt · ${pc.magenta("ignore")} · ${pc.magenta("next")} · ${pc.magenta("list")}`)));
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
console.log(pc.dim(finding.manual || "No additional details."));
|
|
88
|
+
console.log();
|
|
89
|
+
console.log(pc.dim(pc.gray(`commands: ${pc.magenta("ignore")} · ${pc.magenta("next")} · ${pc.magenta("list")} ${pc.dim(pc.gray("(no prompt rewrite for this one)"))}`)));
|
|
90
|
+
}
|
|
91
|
+
console.log();
|
|
92
|
+
}
|
|
93
|
+
export function printFix(finding) {
|
|
94
|
+
if (!finding.fix) {
|
|
95
|
+
console.log(pc.dim(pc.gray("this finding has no prompt rewrite — it isn't a generation issue.")));
|
|
96
|
+
console.log();
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
console.log(`${pc.bold(pc.green("REWRITTEN PROMPT"))} ${pc.dim(pc.gray("— same task, generated securely the first time"))}`);
|
|
100
|
+
for (let i = 0; i < finding.fix.length; i++) {
|
|
101
|
+
if (i === 0) {
|
|
102
|
+
console.log(` ${finding.fix[i]}`);
|
|
103
|
+
}
|
|
104
|
+
else {
|
|
105
|
+
console.log(` ${pc.green(finding.fix[i])}`);
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
console.log();
|
|
109
|
+
console.log(pc.dim(pc.gray(`→ regenerated against this prompt: ${pc.green("0 findings")}. vibecheck shows the fix — it never edits your code.`)));
|
|
110
|
+
console.log();
|
|
111
|
+
}
|
|
112
|
+
export function printIgnore(index, ignored) {
|
|
113
|
+
const n = String(index + 1).padStart(2, "0");
|
|
114
|
+
console.log(pc.dim(`finding ${n} ${ignored ? "ignored" : "restored"}.`));
|
|
115
|
+
console.log();
|
|
116
|
+
}
|
|
117
|
+
export function printHelp(findingCount) {
|
|
118
|
+
console.log();
|
|
119
|
+
console.log(pc.dim("commands"));
|
|
120
|
+
console.log(` ${pc.magenta(`1-${findingCount}`)} inspect a finding (shows summary + prompt trace)`);
|
|
121
|
+
console.log(` ${pc.magenta("fix")} show the secure prompt for the current finding`);
|
|
122
|
+
console.log(` ${pc.magenta("ignore")} dismiss the current finding`);
|
|
123
|
+
console.log(` ${pc.magenta("next")} jump to the next open finding`);
|
|
124
|
+
console.log(` ${pc.magenta("list")} show all findings again`);
|
|
125
|
+
console.log(` ${pc.magenta("q")} finish and write the report`);
|
|
126
|
+
console.log();
|
|
127
|
+
}
|
|
128
|
+
export function printFinish(findings, statuses, reportPath) {
|
|
129
|
+
const generationCaused = findings.filter((f) => f.trace !== null).length;
|
|
130
|
+
console.log();
|
|
131
|
+
console.log(pc.dim("writing report…"));
|
|
132
|
+
console.log(pc.green(`✓ ${reportPath} saved`));
|
|
133
|
+
console.log();
|
|
134
|
+
if (generationCaused > 0) {
|
|
135
|
+
console.log(pc.bold(pc.red(`${generationCaused} of these findings would never have been generated.`)));
|
|
136
|
+
}
|
|
137
|
+
console.log(pc.dim("vibecheck looked back at what happened. It can't stop the next insecure"));
|
|
138
|
+
console.log(pc.dim("prompt — Symbiotic does that at generation time, continuously."));
|
|
139
|
+
console.log(pc.dim(pc.gray("→ https://www.symbioticsec.ai")));
|
|
140
|
+
console.log();
|
|
141
|
+
console.log(pc.dim(pc.gray("no code, prompts, or secrets left this machine.")));
|
|
142
|
+
console.log();
|
|
143
|
+
}
|
|
144
|
+
export function printNoFindings() {
|
|
145
|
+
console.log();
|
|
146
|
+
console.log(pc.bold(pc.green("HARDENED")) + " score " + pc.bold(pc.green("10.0")) + pc.dim(pc.gray("/10")));
|
|
147
|
+
console.log();
|
|
148
|
+
console.log(pc.green("no security findings detected — looking good."));
|
|
149
|
+
console.log();
|
|
150
|
+
console.log(pc.dim(pc.gray("no code, prompts, or secrets left this machine.")));
|
|
151
|
+
console.log();
|
|
152
|
+
}
|
|
153
|
+
//# sourceMappingURL=display.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"display.js","sourceRoot":"","sources":["../../src/repl/display.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAE5B,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEzD,MAAM,SAAS,GACb,+DAA+D,CAAC;AAElE,SAAS,MAAM,CAAC,GAA0B;IACxC,OAAO,GAAG,KAAK,UAAU;QACvB,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7B,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,GAAW;IAC3C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtB,KAAK,OAAO;YACV,OAAO,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,KAAK,OAAO;YACV,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxB;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,KAOC,EACD,UAAmB;IAEnB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,KAAK,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAChD,IAAI,KAAK,CAAC,aAAa;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,KAAK,CAAC,kBAAkB;QAAE,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAChE,IAAI,UAAU,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,cAAc,uBAAuB,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CACvC,CAAC;IAEF,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IACrE,IAAI,KAAK,CAAC,YAAY,GAAG,CAAC;QACxB,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,YAAY,eAAe,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE7F,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,QAAmB,EACnB,QAAyB;IAEzB,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACzD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC;IAEvC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CACT,GAAG,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,WAAW,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,IAAI,WAAW,OAAO,UAAU,CAAC,EAAE,CACrK,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAE3B,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,IAAI,MAAM,KAAK,OAAO;YAAE,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAI,MAAM,KAAK,SAAS;YAAE,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAG,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QAC9E,MAAM,SAAS,GACb,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,SAAS,SAAS,EAAE,CAAC;QAEnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,UAAU,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAC3H,CACF,CACF,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,OAAgB,EAChB,KAAa;IAEb,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAE7C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,qDAAqD,CAAC,CAC1E,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CACrE,CAAC;QACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,CACjE,CAAC;QACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAClE,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAC3D,CAAC;QACF,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,aAAa,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAC9H,CACF,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,wBAAwB,CAAC,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,aAAa,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,EAAE,CAC5I,CACF,CACF,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAAgB;IACvC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,mEAAmE,CACpE,CACF,CACF,CAAC;QACF,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CACT,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,EAAE,CAChH,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,sCAAsC,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,uDAAuD,CACpH,CACF,CACF,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,OAAgB;IACzD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAC5D,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,YAAoB;IAC5C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,KAAK,YAAY,EAAE,CAAC,wDAAwD,CAC7F,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,sDAAsD,CAC7E,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,gCAAgC,CAC1D,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,oCAAoC,CAC5D,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,8BAA8B,CACtD,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAC1D,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,QAAmB,EACnB,QAAyB,EACzB,UAAkB;IAElB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IAEzE,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,UAAU,QAAQ,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,IAAI,CACL,EAAE,CAAC,GAAG,CACJ,GAAG,gBAAgB,qDAAqD,CACzE,CACF,CACF,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,yEAAyE,CAC1E,CACF,CAAC;IACF,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,gEAAgE,CACjE,CACF,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC,CACnE,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,UAAU,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7G,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC,CACnE,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { Finding } from "../types.js";
|
|
2
|
+
export declare function startRepl(findings: Finding[], stats: {
|
|
3
|
+
gitHistory: boolean;
|
|
4
|
+
sourceScanned: boolean;
|
|
5
|
+
supabaseMigrations: boolean;
|
|
6
|
+
claudeSessions: number;
|
|
7
|
+
stack: string[];
|
|
8
|
+
contributors: number;
|
|
9
|
+
}, repoPath: string): Promise<void>;
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
import * as readline from "node:readline";
|
|
2
|
+
import pc from "picocolors";
|
|
3
|
+
import { printList, printInspect, printFix, printIgnore, printHelp, printFinish, } from "./display.js";
|
|
4
|
+
import { generateReport } from "../report/html.js";
|
|
5
|
+
export async function startRepl(findings, stats, repoPath) {
|
|
6
|
+
const statuses = findings.map(() => "open");
|
|
7
|
+
let current = -1;
|
|
8
|
+
printList(findings, statuses);
|
|
9
|
+
const rl = readline.createInterface({
|
|
10
|
+
input: process.stdin,
|
|
11
|
+
output: process.stdout,
|
|
12
|
+
prompt: pc.bold(pc.magenta("vibecheck>")) + " ",
|
|
13
|
+
terminal: true,
|
|
14
|
+
});
|
|
15
|
+
rl.prompt();
|
|
16
|
+
return new Promise((resolve) => {
|
|
17
|
+
rl.on("line", async (raw) => {
|
|
18
|
+
const cmd = raw.trim().toLowerCase();
|
|
19
|
+
if (cmd === "") {
|
|
20
|
+
rl.prompt();
|
|
21
|
+
return;
|
|
22
|
+
}
|
|
23
|
+
// Number → inspect finding
|
|
24
|
+
if (/^[1-9][0-9]*$/.test(cmd)) {
|
|
25
|
+
const i = parseInt(cmd, 10) - 1;
|
|
26
|
+
if (i >= 0 && i < findings.length) {
|
|
27
|
+
current = i;
|
|
28
|
+
printInspect(findings[i], i);
|
|
29
|
+
}
|
|
30
|
+
else {
|
|
31
|
+
console.log(pc.dim(pc.gray(`no finding ${cmd}. there are ${findings.length}.`)));
|
|
32
|
+
console.log();
|
|
33
|
+
}
|
|
34
|
+
rl.prompt();
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
if (cmd === "fix" || cmd === "f") {
|
|
38
|
+
if (current < 0) {
|
|
39
|
+
console.log(pc.dim(pc.gray("inspect a finding first — type its number.")));
|
|
40
|
+
console.log();
|
|
41
|
+
}
|
|
42
|
+
else {
|
|
43
|
+
printFix(findings[current]);
|
|
44
|
+
if (findings[current].fix &&
|
|
45
|
+
statuses[current] !== "ignored") {
|
|
46
|
+
statuses[current] = "fixed";
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
rl.prompt();
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
if (cmd === "ignore" || cmd === "i") {
|
|
53
|
+
if (current < 0) {
|
|
54
|
+
console.log(pc.dim(pc.gray("inspect a finding first — type its number.")));
|
|
55
|
+
console.log();
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
statuses[current] =
|
|
59
|
+
statuses[current] === "ignored" ? "open" : "ignored";
|
|
60
|
+
printIgnore(current, statuses[current] === "ignored");
|
|
61
|
+
}
|
|
62
|
+
rl.prompt();
|
|
63
|
+
return;
|
|
64
|
+
}
|
|
65
|
+
if (cmd === "next" || cmd === "n") {
|
|
66
|
+
let found = false;
|
|
67
|
+
for (let k = 0; k < findings.length; k++) {
|
|
68
|
+
const idx = (current + 1 + k) % findings.length;
|
|
69
|
+
if (statuses[idx] === "open") {
|
|
70
|
+
current = idx;
|
|
71
|
+
printInspect(findings[idx], idx);
|
|
72
|
+
found = true;
|
|
73
|
+
break;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
if (!found) {
|
|
77
|
+
console.log(pc.green(`nothing left open. type ${pc.magenta("list")} to review or ${pc.magenta("q")} to finish.`));
|
|
78
|
+
console.log();
|
|
79
|
+
}
|
|
80
|
+
rl.prompt();
|
|
81
|
+
return;
|
|
82
|
+
}
|
|
83
|
+
if (cmd === "list" || cmd === "l") {
|
|
84
|
+
printList(findings, statuses);
|
|
85
|
+
rl.prompt();
|
|
86
|
+
return;
|
|
87
|
+
}
|
|
88
|
+
if (cmd === "help" || cmd === "h" || cmd === "?") {
|
|
89
|
+
printHelp(findings.length);
|
|
90
|
+
rl.prompt();
|
|
91
|
+
return;
|
|
92
|
+
}
|
|
93
|
+
if (cmd === "q" || cmd === "quit" || cmd === "exit") {
|
|
94
|
+
const reportPath = "vibecheck-report.html";
|
|
95
|
+
await generateReport(findings, statuses, stats, repoPath);
|
|
96
|
+
printFinish(findings, statuses, reportPath);
|
|
97
|
+
rl.close();
|
|
98
|
+
resolve();
|
|
99
|
+
return;
|
|
100
|
+
}
|
|
101
|
+
console.log(pc.dim(pc.gray(`unknown command: ${cmd} — type ${pc.magenta("help")}`)));
|
|
102
|
+
console.log();
|
|
103
|
+
rl.prompt();
|
|
104
|
+
});
|
|
105
|
+
rl.on("close", () => {
|
|
106
|
+
resolve();
|
|
107
|
+
});
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
//# sourceMappingURL=repl.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"repl.js","sourceRoot":"","sources":["../../src/repl/repl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,MAAM,YAAY,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,SAAS,EACT,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAmB,EACnB,KAOC,EACD,QAAgB;IAEhB,MAAM,QAAQ,GAAoB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC;IAEjB,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE9B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,GAAG;QAC/C,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;IAEH,EAAE,CAAC,MAAM,EAAE,CAAC;IAEZ,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QACnC,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE;YAClC,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAErC,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;gBACf,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,2BAA2B;YAC3B,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAClC,OAAO,GAAG,CAAC,CAAC;oBACZ,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC/B,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,cAAc,GAAG,eAAe,QAAQ,CAAC,MAAM,GAAG,CACnD,CACF,CACF,CAAC;oBACF,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,CAAC;gBACD,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBACjC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;oBAChB,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CAAC,4CAA4C,CAAC,CACtD,CACF,CAAC;oBACF,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;oBAC5B,IACE,QAAQ,CAAC,OAAO,CAAC,CAAC,GAAG;wBACrB,QAAQ,CAAC,OAAO,CAAC,KAAK,SAAS,EAC/B,CAAC;wBACD,QAAQ,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;oBAC9B,CAAC;gBACH,CAAC;gBACD,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBACpC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;oBAChB,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CAAC,4CAA4C,CAAC,CACtD,CACF,CAAC;oBACF,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,OAAO,CAAC;wBACf,QAAQ,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;oBACvD,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC;gBACxD,CAAC;gBACD,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAClC,IAAI,KAAK,GAAG,KAAK,CAAC;gBAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACzC,MAAM,GAAG,GAAG,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;oBAChD,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,MAAM,EAAE,CAAC;wBAC7B,OAAO,GAAG,GAAG,CAAC;wBACd,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;wBACjC,KAAK,GAAG,IAAI,CAAC;wBACb,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,KAAK,CACN,2BAA2B,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAC3F,CACF,CAAC;oBACF,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,CAAC;gBACD,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAClC,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC9B,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBACjD,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC3B,EAAE,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;gBACpD,MAAM,UAAU,GAAG,uBAAuB,CAAC;gBAC3C,MAAM,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC1D,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBAC5C,EAAE,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,OAAO,CAAC,GAAG,CACT,EAAE,CAAC,GAAG,CACJ,EAAE,CAAC,IAAI,CACL,oBAAoB,GAAG,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CACvD,CACF,CACF,CAAC;YACF,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,EAAE,CAAC,MAAM,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAClB,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { Finding, FindingStatus } from "../types.js";
|
|
2
|
+
export declare function generateReport(findings: Finding[], statuses: FindingStatus[], stats: {
|
|
3
|
+
gitHistory: boolean;
|
|
4
|
+
sourceScanned: boolean;
|
|
5
|
+
supabaseMigrations: boolean;
|
|
6
|
+
claudeSessions: number;
|
|
7
|
+
stack: string[];
|
|
8
|
+
contributors: number;
|
|
9
|
+
}, repoPath: string): Promise<void>;
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
import { writeFile } from "node:fs/promises";
|
|
2
|
+
import { join } from "node:path";
|
|
3
|
+
import { computeScore } from "../scanners/aggregator.js";
|
|
4
|
+
function escapeHtml(s) {
|
|
5
|
+
return s
|
|
6
|
+
.replace(/&/g, "&")
|
|
7
|
+
.replace(/</g, "<")
|
|
8
|
+
.replace(/>/g, ">")
|
|
9
|
+
.replace(/"/g, """);
|
|
10
|
+
}
|
|
11
|
+
export async function generateReport(findings, statuses, stats, repoPath) {
|
|
12
|
+
const { score, verdict, col } = computeScore(findings, statuses);
|
|
13
|
+
const open = statuses.filter((s) => s === "open").length;
|
|
14
|
+
const cleared = findings.length - open;
|
|
15
|
+
const generationCaused = findings.filter((f) => f.trace !== null).length;
|
|
16
|
+
const colMap = {
|
|
17
|
+
rust: "#d96b4a",
|
|
18
|
+
amber: "#e6a345",
|
|
19
|
+
green: "#b6d77a",
|
|
20
|
+
};
|
|
21
|
+
const verdictColor = colMap[col] || "#e8e2d2";
|
|
22
|
+
let findingsHtml = "";
|
|
23
|
+
for (let i = 0; i < findings.length; i++) {
|
|
24
|
+
const f = findings[i];
|
|
25
|
+
const status = statuses[i];
|
|
26
|
+
const n = String(i + 1).padStart(2, "0");
|
|
27
|
+
const sevColor = f.severity === "critical" ? "#d96b4a" : "#e6a345";
|
|
28
|
+
const sevLabel = f.severity === "critical" ? "CRITICAL" : "MEDIUM";
|
|
29
|
+
const statusTag = status === "fixed"
|
|
30
|
+
? '<span style="color:#b6d77a"> ✓ fix shown</span>'
|
|
31
|
+
: status === "ignored"
|
|
32
|
+
? '<span style="color:#8c8470"> ⊘ ignored</span>'
|
|
33
|
+
: "";
|
|
34
|
+
const titleStyle = status !== "open"
|
|
35
|
+
? 'style="text-decoration:line-through;color:#5f5847"'
|
|
36
|
+
: "";
|
|
37
|
+
findingsHtml += `
|
|
38
|
+
<div class="finding">
|
|
39
|
+
<div class="finding-header">
|
|
40
|
+
<span class="num">${n}</span>
|
|
41
|
+
<span class="sev" style="color:${sevColor}">${sevLabel}</span>
|
|
42
|
+
<span class="path">${escapeHtml(f.path)}</span>
|
|
43
|
+
${statusTag}
|
|
44
|
+
</div>
|
|
45
|
+
<div class="finding-title" ${titleStyle}>${escapeHtml(f.title)}</div>
|
|
46
|
+
<div class="finding-meta">${escapeHtml(f.meta)}</div>`;
|
|
47
|
+
if (f.trace) {
|
|
48
|
+
findingsHtml += `
|
|
49
|
+
<div class="trace">
|
|
50
|
+
<div class="trace-label">PROMPT TRACE</div>
|
|
51
|
+
<div class="trace-row"><span class="trace-key">prompt</span> <span class="quoted">${escapeHtml(f.trace.prompt)}</span></div>
|
|
52
|
+
<div class="trace-row"><span class="arrow">↓</span> <span class="trace-dim">${escapeHtml(f.trace.session)}</span></div>
|
|
53
|
+
<div class="trace-row"><span class="trace-key">generated</span> ${escapeHtml(f.trace.file)}</div>
|
|
54
|
+
<div class="trace-row"><span class="arrow">↓</span></div>
|
|
55
|
+
<div class="trace-row"><span class="trace-key">result</span> ${escapeHtml(f.trace.result)}</div>
|
|
56
|
+
</div>`;
|
|
57
|
+
if (f.fix) {
|
|
58
|
+
findingsHtml += `
|
|
59
|
+
<div class="fix">
|
|
60
|
+
<div class="fix-label">REWRITTEN PROMPT</div>`;
|
|
61
|
+
for (let j = 0; j < f.fix.length; j++) {
|
|
62
|
+
if (j === 0) {
|
|
63
|
+
findingsHtml += `\n <div class="fix-line">${escapeHtml(f.fix[j])}</div>`;
|
|
64
|
+
}
|
|
65
|
+
else {
|
|
66
|
+
findingsHtml += `\n <div class="fix-line fix-add">${escapeHtml(f.fix[j])}</div>`;
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
findingsHtml += `
|
|
70
|
+
<div class="fix-note">→ regenerated against this prompt: <span style="color:#b6d77a">0 findings</span>. vibecheck shows the fix — it never edits your code.</div>
|
|
71
|
+
</div>`;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
else if (f.manual) {
|
|
75
|
+
findingsHtml += `
|
|
76
|
+
<div class="manual">${escapeHtml(f.manual)}</div>`;
|
|
77
|
+
}
|
|
78
|
+
findingsHtml += `
|
|
79
|
+
</div>`;
|
|
80
|
+
}
|
|
81
|
+
const html = `<!DOCTYPE html>
|
|
82
|
+
<html lang="en">
|
|
83
|
+
<head>
|
|
84
|
+
<meta charset="UTF-8">
|
|
85
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
86
|
+
<title>vibecheck report</title>
|
|
87
|
+
<style>
|
|
88
|
+
:root {
|
|
89
|
+
--bg: #16140f; --panel: #1d1a13; --panel-edge: #2b271c;
|
|
90
|
+
--ink: #e8e2d2; --dim: #8c8470; --faint: #5f5847;
|
|
91
|
+
--green: #b6d77a; --amber: #e6a345; --rust: #d96b4a; --violet: #a98fd6;
|
|
92
|
+
--mono: "SF Mono", ui-monospace, "JetBrains Mono", "Menlo", "Consolas", monospace;
|
|
93
|
+
}
|
|
94
|
+
* { box-sizing: border-box; margin: 0; padding: 0; }
|
|
95
|
+
body {
|
|
96
|
+
background: var(--bg); color: var(--ink); font-family: var(--mono);
|
|
97
|
+
font-size: 13.5px; line-height: 1.55; padding: 40px 20px 80px; min-height: 100vh;
|
|
98
|
+
}
|
|
99
|
+
.wrap { max-width: 860px; margin: 0 auto; }
|
|
100
|
+
h1 { color: var(--ink); font-size: 18px; margin-bottom: 4px; }
|
|
101
|
+
.subtitle { color: var(--dim); font-size: 12px; margin-bottom: 24px; }
|
|
102
|
+
.verdict {
|
|
103
|
+
font-size: 16px; margin-bottom: 20px; padding: 16px;
|
|
104
|
+
background: var(--panel); border: 1px solid var(--panel-edge); border-radius: 8px;
|
|
105
|
+
}
|
|
106
|
+
.finding {
|
|
107
|
+
background: var(--panel); border: 1px solid var(--panel-edge); border-radius: 8px;
|
|
108
|
+
padding: 16px; margin-bottom: 12px;
|
|
109
|
+
}
|
|
110
|
+
.finding-header { display: flex; align-items: center; gap: 10px; flex-wrap: wrap; }
|
|
111
|
+
.num { color: var(--dim); }
|
|
112
|
+
.sev { font-weight: 700; }
|
|
113
|
+
.path { color: var(--dim); font-size: 12px; }
|
|
114
|
+
.finding-title { margin-top: 6px; font-weight: 600; }
|
|
115
|
+
.finding-meta { color: var(--dim); font-size: 12px; margin-top: 4px; }
|
|
116
|
+
.trace {
|
|
117
|
+
margin-top: 14px; padding: 12px; background: rgba(169,143,214,0.05);
|
|
118
|
+
border: 1px solid rgba(169,143,214,0.15); border-radius: 6px;
|
|
119
|
+
}
|
|
120
|
+
.trace-label { color: var(--violet); font-weight: 700; margin-bottom: 8px; }
|
|
121
|
+
.trace-row { margin: 4px 0; padding-left: 8px; }
|
|
122
|
+
.trace-key { color: var(--faint); display: inline-block; width: 80px; }
|
|
123
|
+
.trace-dim { color: var(--faint); }
|
|
124
|
+
.arrow { color: var(--violet); }
|
|
125
|
+
.quoted {
|
|
126
|
+
background: rgba(169,143,214,0.08); padding: 1px 5px;
|
|
127
|
+
border-radius: 4px; border: 1px solid rgba(169,143,214,0.18);
|
|
128
|
+
}
|
|
129
|
+
.fix {
|
|
130
|
+
margin-top: 14px; padding: 12px; background: rgba(182,215,122,0.05);
|
|
131
|
+
border: 1px solid rgba(182,215,122,0.15); border-radius: 6px;
|
|
132
|
+
}
|
|
133
|
+
.fix-label { color: var(--green); font-weight: 700; margin-bottom: 8px; }
|
|
134
|
+
.fix-line { padding-left: 8px; margin: 2px 0; }
|
|
135
|
+
.fix-add { color: var(--green); }
|
|
136
|
+
.fix-note { color: var(--faint); font-size: 12px; margin-top: 10px; padding-left: 8px; }
|
|
137
|
+
.manual { color: var(--dim); margin-top: 10px; padding: 8px; }
|
|
138
|
+
.bridge {
|
|
139
|
+
margin-top: 30px; padding: 20px; text-align: center;
|
|
140
|
+
background: var(--panel); border: 1px solid var(--panel-edge); border-radius: 8px;
|
|
141
|
+
}
|
|
142
|
+
.bridge-main { color: var(--rust); font-weight: 700; }
|
|
143
|
+
.bridge-dim { color: var(--dim); margin-top: 6px; }
|
|
144
|
+
.bridge-link { color: var(--faint); margin-top: 8px; }
|
|
145
|
+
.bridge-link a { color: var(--faint); }
|
|
146
|
+
.footer { text-align: center; color: var(--faint); margin-top: 20px; font-size: 11px; }
|
|
147
|
+
</style>
|
|
148
|
+
</head>
|
|
149
|
+
<body>
|
|
150
|
+
<div class="wrap">
|
|
151
|
+
<h1>vibecheck report</h1>
|
|
152
|
+
<div class="subtitle">generated ${new Date().toISOString().replace("T", " ").slice(0, 16)} · local scan · nothing uploaded</div>
|
|
153
|
+
|
|
154
|
+
<div class="verdict">
|
|
155
|
+
<span style="color:${verdictColor};font-weight:700;font-size:18px">${verdict}</span>
|
|
156
|
+
score <span style="color:${verdictColor};font-weight:700">${score}</span><span style="color:var(--faint)">/10</span>
|
|
157
|
+
· <span style="color:var(--dim)">${open} open · ${cleared} cleared</span>
|
|
158
|
+
</div>
|
|
159
|
+
|
|
160
|
+
${findingsHtml}
|
|
161
|
+
|
|
162
|
+
<div class="bridge">
|
|
163
|
+
<div class="bridge-main">${generationCaused} of these findings would never have been generated.</div>
|
|
164
|
+
<div class="bridge-dim">vibecheck looked back at what happened. It can't stop the next insecure<br>prompt — Symbiotic does that at generation time, continuously.</div>
|
|
165
|
+
<div class="bridge-link"><a href="https://www.symbioticsec.ai">→ symbioticsec.ai</a></div>
|
|
166
|
+
</div>
|
|
167
|
+
|
|
168
|
+
<div class="footer">no code, prompts, or secrets left this machine.</div>
|
|
169
|
+
</div>
|
|
170
|
+
</body>
|
|
171
|
+
</html>`;
|
|
172
|
+
await writeFile(join(repoPath, "vibecheck-report.html"), html, "utf-8");
|
|
173
|
+
}
|
|
174
|
+
//# sourceMappingURL=html.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"html.js","sourceRoot":"","sources":["../../src/report/html.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEzD,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAmB,EACnB,QAAyB,EACzB,KAOC,EACD,QAAgB;IAEhB,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACzD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC;IACvC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IAEzE,MAAM,MAAM,GAA2B;QACrC,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,SAAS;KACjB,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;IAE9C,IAAI,YAAY,GAAG,EAAE,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QACnE,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;QACnE,MAAM,SAAS,GACb,MAAM,KAAK,OAAO;YAChB,CAAC,CAAC,iDAAiD;YACnD,CAAC,CAAC,MAAM,KAAK,SAAS;gBACpB,CAAC,CAAC,+CAA+C;gBACjD,CAAC,CAAC,EAAE,CAAC;QACX,MAAM,UAAU,GACd,MAAM,KAAK,MAAM;YACf,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,EAAE,CAAC;QAET,YAAY,IAAI;;;4BAGQ,CAAC;yCACY,QAAQ,KAAK,QAAQ;6BACjC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;UACrC,SAAS;;mCAEgB,UAAU,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC;kCAClC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QAEzD,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,YAAY,IAAI;;;4FAGsE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;sFAChC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC;0EACvC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;;uEAE3B,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;aACpF,CAAC;YAER,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;gBACV,YAAY,IAAI;;sDAE8B,CAAC;gBAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;wBACZ,YAAY,IAAI,mCAAmC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;oBAClF,CAAC;yBAAM,CAAC;wBACN,YAAY,IAAI,2CAA2C,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;oBAC1F,CAAC;gBACH,CAAC;gBACD,YAAY,IAAI;;aAEX,CAAC;YACR,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YACpB,YAAY,IAAI;4BACM,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QACrD,CAAC;QAED,YAAY,IAAI;WACT,CAAC;IACV,CAAC;IAED,MAAM,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oCAuEqB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;;;yBAGlE,YAAY,oCAAoC,OAAO;sCAC1C,YAAY,qBAAqB,KAAK;mDACzB,IAAI,WAAW,OAAO;;;IAGrE,YAAY;;;+BAGe,gBAAgB;;;;;;;;QAQvC,CAAC;IAEP,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAC1E,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { Finding, ScanResult } from "../types.js";
|
|
2
|
+
export interface ScanOptions {
|
|
3
|
+
repoPath: string;
|
|
4
|
+
dbUrl?: string;
|
|
5
|
+
withClaudeHistory: boolean;
|
|
6
|
+
}
|
|
7
|
+
export declare function runAllScanners(options: ScanOptions, onProgress: (msg: string) => void): Promise<ScanResult>;
|
|
8
|
+
export declare function computeScore(findings: Finding[], statuses: Array<"open" | "fixed" | "ignored">): {
|
|
9
|
+
score: number;
|
|
10
|
+
verdict: string;
|
|
11
|
+
col: string;
|
|
12
|
+
};
|
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
import { scanSecrets } from "./gitleaks.js";
|
|
2
|
+
import { scanSAST } from "./semgrep.js";
|
|
3
|
+
import { scanRLS } from "./rls.js";
|
|
4
|
+
import { scanDeps } from "./deps.js";
|
|
5
|
+
export async function runAllScanners(options, onProgress) {
|
|
6
|
+
const { repoPath, dbUrl } = options;
|
|
7
|
+
const allFindings = [];
|
|
8
|
+
const errors = [];
|
|
9
|
+
const stack = await detectStack(repoPath);
|
|
10
|
+
// Run all scanners concurrently (pass onProgress for auto-install)
|
|
11
|
+
onProgress("scanning…");
|
|
12
|
+
const [secrets, sast, rls, deps] = await Promise.all([
|
|
13
|
+
scanSecrets(repoPath, onProgress),
|
|
14
|
+
scanSAST(repoPath, onProgress),
|
|
15
|
+
scanRLS(repoPath, dbUrl),
|
|
16
|
+
scanDeps(repoPath),
|
|
17
|
+
]);
|
|
18
|
+
if (secrets.error)
|
|
19
|
+
errors.push(secrets.error);
|
|
20
|
+
if (sast.error)
|
|
21
|
+
errors.push(sast.error);
|
|
22
|
+
if (rls.error)
|
|
23
|
+
errors.push(rls.error);
|
|
24
|
+
if (deps.error)
|
|
25
|
+
errors.push(deps.error);
|
|
26
|
+
allFindings.push(...secrets.findings);
|
|
27
|
+
allFindings.push(...sast.findings);
|
|
28
|
+
allFindings.push(...rls.findings);
|
|
29
|
+
allFindings.push(...deps.findings);
|
|
30
|
+
for (const e of errors) {
|
|
31
|
+
onProgress(` ⚠ ${e}`);
|
|
32
|
+
}
|
|
33
|
+
// Assign sequential IDs
|
|
34
|
+
allFindings.forEach((f, i) => {
|
|
35
|
+
f.id = i + 1;
|
|
36
|
+
});
|
|
37
|
+
// Sort: critical first, then medium
|
|
38
|
+
allFindings.sort((a, b) => {
|
|
39
|
+
if (a.severity === "critical" && b.severity !== "critical")
|
|
40
|
+
return -1;
|
|
41
|
+
if (a.severity !== "critical" && b.severity === "critical")
|
|
42
|
+
return 1;
|
|
43
|
+
return 0;
|
|
44
|
+
});
|
|
45
|
+
// Re-assign IDs after sort
|
|
46
|
+
allFindings.forEach((f, i) => {
|
|
47
|
+
f.id = i + 1;
|
|
48
|
+
});
|
|
49
|
+
let contributors = 0;
|
|
50
|
+
try {
|
|
51
|
+
const { execFile: ef } = await import("node:child_process");
|
|
52
|
+
const { promisify: p } = await import("node:util");
|
|
53
|
+
const exec = p(ef);
|
|
54
|
+
const { stdout } = await exec("git", ["shortlog", "-sn", "--all"], {
|
|
55
|
+
cwd: repoPath,
|
|
56
|
+
timeout: 10_000,
|
|
57
|
+
});
|
|
58
|
+
contributors = stdout.trim().split("\n").filter(Boolean).length;
|
|
59
|
+
}
|
|
60
|
+
catch {
|
|
61
|
+
contributors = 1;
|
|
62
|
+
}
|
|
63
|
+
return {
|
|
64
|
+
findings: allFindings,
|
|
65
|
+
stats: {
|
|
66
|
+
gitHistory: secrets.available,
|
|
67
|
+
sourceScanned: sast.available,
|
|
68
|
+
supabaseMigrations: rls.available,
|
|
69
|
+
claudeSessions: 0,
|
|
70
|
+
stack,
|
|
71
|
+
contributors,
|
|
72
|
+
},
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
async function detectStack(repoPath) {
|
|
76
|
+
const { existsSync } = await import("node:fs");
|
|
77
|
+
const { join } = await import("node:path");
|
|
78
|
+
const { readFile } = await import("node:fs/promises");
|
|
79
|
+
const stack = [];
|
|
80
|
+
const pkgPath = join(repoPath, "package.json");
|
|
81
|
+
if (existsSync(pkgPath)) {
|
|
82
|
+
try {
|
|
83
|
+
const pkg = JSON.parse(await readFile(pkgPath, "utf-8"));
|
|
84
|
+
const allDeps = {
|
|
85
|
+
...pkg.dependencies,
|
|
86
|
+
...pkg.devDependencies,
|
|
87
|
+
};
|
|
88
|
+
if (allDeps["next"])
|
|
89
|
+
stack.push("next.js");
|
|
90
|
+
if (allDeps["react"])
|
|
91
|
+
stack.push("react");
|
|
92
|
+
if (allDeps["@supabase/supabase-js"] || allDeps["supabase"])
|
|
93
|
+
stack.push("supabase");
|
|
94
|
+
if (allDeps["stripe"] || allDeps["@stripe/stripe-js"])
|
|
95
|
+
stack.push("stripe");
|
|
96
|
+
}
|
|
97
|
+
catch {
|
|
98
|
+
/* ignore */
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
if (existsSync(join(repoPath, "vercel.json")) || existsSync(join(repoPath, ".vercel"))) {
|
|
102
|
+
stack.push("vercel");
|
|
103
|
+
}
|
|
104
|
+
if (existsSync(join(repoPath, "supabase"))) {
|
|
105
|
+
if (!stack.includes("supabase"))
|
|
106
|
+
stack.push("supabase");
|
|
107
|
+
}
|
|
108
|
+
return stack;
|
|
109
|
+
}
|
|
110
|
+
export function computeScore(findings, statuses) {
|
|
111
|
+
const open = statuses.filter((s) => s === "open").length;
|
|
112
|
+
const cleared = findings.length - open;
|
|
113
|
+
const score = Math.min(10, 2.4 + cleared * 1.2);
|
|
114
|
+
let verdict = "EXPOSED";
|
|
115
|
+
let col = "rust";
|
|
116
|
+
if (score >= 7) {
|
|
117
|
+
verdict = "HARDENED";
|
|
118
|
+
col = "green";
|
|
119
|
+
}
|
|
120
|
+
else if (score >= 4.5) {
|
|
121
|
+
verdict = "AT RISK";
|
|
122
|
+
col = "amber";
|
|
123
|
+
}
|
|
124
|
+
return { score: parseFloat(score.toFixed(1)), verdict, col };
|
|
125
|
+
}
|
|
126
|
+
//# sourceMappingURL=aggregator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aggregator.js","sourceRoot":"","sources":["../../src/scanners/aggregator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AASrC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAoB,EACpB,UAAiC;IAEjC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IACpC,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAE1C,mEAAmE;IACnE,UAAU,CAAC,WAAW,CAAC,CAAC;IACxB,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACnD,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC;QACjC,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC9B,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC;KACnB,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,GAAG,CAAC,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAExC,WAAW,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtC,WAAW,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnC,WAAW,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClC,WAAW,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEnC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,wBAAwB;IACxB,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3B,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,oCAAoC;IACpC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,OAAO,CAAC,CAAC,CAAC;QACtE,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3B,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC5D,MAAM,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;QACnB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE;YACjE,GAAG,EAAE,QAAQ;YACb,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QACH,YAAY,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,GAAG,CAAC,CAAC;IACnB,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,WAAW;QACrB,KAAK,EAAE;YACL,UAAU,EAAE,OAAO,CAAC,SAAS;YAC7B,aAAa,EAAE,IAAI,CAAC,SAAS;YAC7B,kBAAkB,EAAE,GAAG,CAAC,SAAS;YACjC,cAAc,EAAE,CAAC;YACjB,KAAK;YACL,YAAY;SACb;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACzC,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAEtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG;gBACd,GAAG,GAAG,CAAC,YAAY;gBACnB,GAAG,GAAG,CAAC,eAAe;aACvB,CAAC;YAEF,IAAI,OAAO,CAAC,MAAM,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3C,IAAI,OAAO,CAAC,OAAO,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,uBAAuB,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC;gBACzD,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzB,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC;gBACnD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;QACvF,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;QAC3C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,QAAmB,EACnB,QAA6C;IAE7C,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACzD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC;IAChD,IAAI,OAAO,GAAG,SAAS,CAAC;IACxB,IAAI,GAAG,GAAG,MAAM,CAAC;IACjB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,OAAO,GAAG,UAAU,CAAC;QACrB,GAAG,GAAG,OAAO,CAAC;IAChB,CAAC;SAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QACxB,OAAO,GAAG,SAAS,CAAC;QACpB,GAAG,GAAG,OAAO,CAAC;IAChB,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAC/D,CAAC"}
|