vskill 0.5.2 → 0.5.3

package/dist/audit/file-discovery.test.js

@@ -0,0 +1,120 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, mkdir, writeFile, rm } from "node:fs/promises";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { discoverAuditFiles } from "./file-discovery.js";
+import { createDefaultAuditConfig } from "./audit-types.js";
+describe("file-discovery", () => {
+    let tmpDir;
+    beforeEach(async () => {
+        tmpDir = await mkdtemp(join(tmpdir(), "vskill-audit-test-"));
+    });
+    afterEach(async () => {
+        await rm(tmpDir, { recursive: true, force: true });
+    });
+    it("TC-003: discovers .ts, .js, .py files in a directory tree", async () => {
+        await mkdir(join(tmpDir, "src"), { recursive: true });
+        await writeFile(join(tmpDir, "src", "app.ts"), "const x = 1;");
+        await writeFile(join(tmpDir, "src", "utils.js"), "module.exports = {};");
+        await writeFile(join(tmpDir, "script.py"), "print('hello')");
+        // Non-scannable file
+        await writeFile(join(tmpDir, "image.png"), Buffer.from([0x89, 0x50, 0x4e, 0x47]));
+        const config = createDefaultAuditConfig();
+        const files = await discoverAuditFiles(tmpDir, config);
+        const paths = files.map((f) => f.path).sort();
+        expect(paths).toContain("src/app.ts");
+        expect(paths).toContain("src/utils.js");
+        expect(paths).toContain("script.py");
+        expect(paths).not.toContain("image.png");
+    });
+    it("TC-004: skips node_modules and .git directories", async () => {
+        await mkdir(join(tmpDir, "src"), { recursive: true });
+        await mkdir(join(tmpDir, "node_modules", "pkg"), { recursive: true });
+        await mkdir(join(tmpDir, ".git", "objects"), { recursive: true });
+        await writeFile(join(tmpDir, "src", "app.ts"), "const x = 1;");
+        await writeFile(join(tmpDir, "node_modules", "pkg", "index.js"), "bad");
+        await writeFile(join(tmpDir, ".git", "objects", "data.js"), "bad");
+        const config = createDefaultAuditConfig();
+        const files = await discoverAuditFiles(tmpDir, config);
+        const paths = files.map((f) => f.path);
+        expect(paths).toContain("src/app.ts");
+        expect(paths).not.toContain("node_modules/pkg/index.js");
+        expect(paths).not.toContain(".git/objects/data.js");
+    });
+    it("TC-005: scans a single file when path points to a file", async () => {
+        const filePath = join(tmpDir, "app.ts");
+        await writeFile(filePath, "const x = 1;");
+        const config = createDefaultAuditConfig();
+        const files = await discoverAuditFiles(filePath, config);
+        expect(files).toHaveLength(1);
+        expect(files[0].path).toBe("app.ts");
+        expect(files[0].content).toBe("const x = 1;");
+    });
+    it("TC-006: respects maxFiles limit", async () => {
+        await mkdir(join(tmpDir, "src"), { recursive: true });
+        for (let i = 0; i < 10; i++) {
+            await writeFile(join(tmpDir, "src", `file${i}.ts`), `const x = ${i};`);
+        }
+        const config = createDefaultAuditConfig();
+        config.maxFiles = 5;
+        const files = await discoverAuditFiles(tmpDir, config);
+        expect(files.length).toBeLessThanOrEqual(5);
+    });
+    it("TC-007: skips binary files", async () => {
+        await writeFile(join(tmpDir, "text.ts"), "const x = 1;");
+        // Create a file with null bytes (binary indicator)
+        const binaryContent = Buffer.alloc(100);
+        binaryContent[50] = 0; // null byte
+        binaryContent.write("const y = 2;", 0);
+        await writeFile(join(tmpDir, "binary.ts"), binaryContent);
+        const config = createDefaultAuditConfig();
+        const files = await discoverAuditFiles(tmpDir, config);
+        const paths = files.map((f) => f.path);
+        expect(paths).toContain("text.ts");
+        expect(paths).not.toContain("binary.ts");
+    });
+    it("TC-008: respects exclude patterns", async () => {
+        await mkdir(join(tmpDir, "src"), { recursive: true });
+        await mkdir(join(tmpDir, "test"), { recursive: true });
+        await writeFile(join(tmpDir, "src", "app.ts"), "const x = 1;");
+        await writeFile(join(tmpDir, "test", "app.test.ts"), "test code");
+        const config = createDefaultAuditConfig();
+        config.excludePaths = ["**/test/**"];
+        const files = await discoverAuditFiles(tmpDir, config);
+        const paths = files.map((f) => f.path);
+        expect(paths).toContain("src/app.ts");
+        expect(paths).not.toContain("test/app.test.ts");
+    });
+    it("skips dist, build, coverage, .next directories", async () => {
+        await mkdir(join(tmpDir, "src"), { recursive: true });
+        await mkdir(join(tmpDir, "dist"), { recursive: true });
+        await mkdir(join(tmpDir, "build"), { recursive: true });
+        await mkdir(join(tmpDir, "coverage"), { recursive: true });
+        await mkdir(join(tmpDir, ".next"), { recursive: true });
+        await writeFile(join(tmpDir, "src", "app.ts"), "const x = 1;");
+        await writeFile(join(tmpDir, "dist", "app.js"), "compiled");
+        await writeFile(join(tmpDir, "build", "app.js"), "compiled");
+        await writeFile(join(tmpDir, "coverage", "lcov.js"), "data");
+        await writeFile(join(tmpDir, ".next", "server.js"), "data");
+        const config = createDefaultAuditConfig();
+        const files = await discoverAuditFiles(tmpDir, config);
+        const paths = files.map((f) => f.path);
+        expect(paths).toContain("src/app.ts");
+        expect(paths).not.toContain("dist/app.js");
+        expect(paths).not.toContain("build/app.js");
+        expect(paths).not.toContain("coverage/lcov.js");
+        expect(paths).not.toContain(".next/server.js");
+    });
+    it("respects maxFileSize limit", async () => {
+        await writeFile(join(tmpDir, "small.ts"), "x");
+        // Create a file larger than default maxFileSize
+        const largeContent = "x".repeat(200 * 1024);
+        await writeFile(join(tmpDir, "large.ts"), largeContent);
+        const config = createDefaultAuditConfig();
+        const files = await discoverAuditFiles(tmpDir, config);
+        const paths = files.map((f) => f.path);
+        expect(paths).toContain("small.ts");
+        expect(paths).not.toContain("large.ts");
+    });
+});
+//# sourceMappingURL=file-discovery.test.js.map

package/dist/audit/file-discovery.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-discovery.test.js","sourceRoot":"","sources":["../../src/audit/file-discovery.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,oBAAoB,CAAC,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,sBAAsB,CAAC,CAAC;QACzE,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC7D,qBAAqB;QACrB,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;QAElF,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAElE,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;QACxE,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;QAEnE,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QACzD,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,MAAM,SAAS,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAE1C,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEzD,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;QACpB,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE,cAAc,CAAC,CAAC;QACzD,mDAAmD;QACnD,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,aAAa,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY;QACnC,aAAa,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACvC,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,aAAa,CAAC,CAAC;QAE1D,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,WAAW,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,CAAC,YAAY,GAAG,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExD,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;QAC5D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;QAC7D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,CAAC;QAE5D,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/C,gDAAgD;QAChD,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAC5C,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;QAExD,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/audit/fix-suggestions.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/audit/fix-suggestions.test.js

@@ -0,0 +1,35 @@
+import { describe, it, expect } from "vitest";
+import { FIX_SUGGESTIONS, attachFixSuggestions } from "./fix-suggestions.js";
+import { AUDIT_PATTERNS } from "./audit-patterns.js";
+describe("fix-suggestions", () => {
+    it("TC-047: every audit pattern ID has a fix suggestion", () => {
+        for (const pattern of AUDIT_PATTERNS) {
+            expect(FIX_SUGGESTIONS[pattern.id], `Missing fix suggestion for pattern ${pattern.id}`).toBeDefined();
+            expect(FIX_SUGGESTIONS[pattern.id].length).toBeGreaterThan(0);
+        }
+    });
+    it("TC-048: fix suggestion is attached to finding when fix=true", () => {
+        const findings = [
+            {
+                id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high",
+                category: "command-injection", message: "exec() call",
+                filePath: "a.ts", line: 1, snippet: "code", source: "tier1",
+            },
+        ];
+        const result = attachFixSuggestions(findings, true);
+        expect(result[0].suggestedFix).toBeDefined();
+        expect(result[0].suggestedFix.length).toBeGreaterThan(0);
+    });
+    it("TC-049: fix suggestion is absent when fix=false", () => {
+        const findings = [
+            {
+                id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high",
+                category: "command-injection", message: "exec() call",
+                filePath: "a.ts", line: 1, snippet: "code", source: "tier1",
+            },
+        ];
+        const result = attachFixSuggestions(findings, false);
+        expect(result[0].suggestedFix).toBeUndefined();
+    });
+});
+//# sourceMappingURL=fix-suggestions.test.js.map

package/dist/audit/fix-suggestions.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-suggestions.test.js","sourceRoot":"","sources":["../../src/audit/fix-suggestions.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAGrD,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;YACrC,MAAM,CACJ,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAC3B,sCAAsC,OAAO,CAAC,EAAE,EAAE,CACnD,CAAC,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,QAAQ,GAAmB;YAC/B;gBACE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM;gBACxE,QAAQ,EAAE,mBAAmB,EAAE,OAAO,EAAE,aAAa;gBACrD,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;aAC5D;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAEpD,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAa,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,QAAQ,GAAmB;YAC/B;gBACE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM;gBACxE,QAAQ,EAAE,mBAAmB,EAAE,OAAO,EAAE,aAAa;gBACrD,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;aAC5D;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAErD,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,aAAa,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/audit/formatters/json-formatter.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/audit/formatters/json-formatter.test.js

@@ -0,0 +1,49 @@
+import { describe, it, expect } from "vitest";
+import { formatJson } from "./json-formatter.js";
+import { createDefaultAuditConfig } from "../audit-types.js";
+function makeResult(overrides = {}) {
+    return {
+        rootPath: "/project",
+        startedAt: "2026-02-20T18:00:00Z",
+        completedAt: "2026-02-20T18:00:01Z",
+        durationMs: 1000,
+        filesScanned: 10,
+        filesWithFindings: 0,
+        findings: [],
+        summary: {
+            critical: 0, high: 0, medium: 0, low: 0, info: 0,
+            total: 0, score: 100, verdict: "PASS",
+        },
+        config: createDefaultAuditConfig(),
+        ...overrides,
+    };
+}
+describe("json-formatter", () => {
+    it("TC-030: output is valid JSON", () => {
+        const output = formatJson(makeResult());
+        expect(() => JSON.parse(output)).not.toThrow();
+    });
+    it("TC-031: all findings are present in output", () => {
+        const findings = Array.from({ length: 5 }, (_, i) => ({
+            id: `AF-${i}`, ruleId: `R-${i}`, severity: "high", confidence: "high",
+            category: "test", message: `msg ${i}`, filePath: `f${i}.ts`, line: i + 1,
+            snippet: "code", source: "tier1",
+        }));
+        const output = formatJson(makeResult({ findings, summary: { critical: 0, high: 5, medium: 0, low: 0, info: 0, total: 5, score: 25, verdict: "FAIL" } }));
+        const parsed = JSON.parse(output);
+        expect(parsed.findings).toHaveLength(5);
+    });
+    it("TC-032: summary statistics are included", () => {
+        const output = formatJson(makeResult({
+            summary: { critical: 1, high: 2, medium: 3, low: 4, info: 5, total: 15, score: 50, verdict: "CONCERNS" },
+        }));
+        const parsed = JSON.parse(output);
+        expect(parsed.summary.critical).toBe(1);
+        expect(parsed.summary.high).toBe(2);
+        expect(parsed.summary.medium).toBe(3);
+        expect(parsed.summary.low).toBe(4);
+        expect(parsed.summary.info).toBe(5);
+        expect(parsed.summary.total).toBe(15);
+    });
+});
+//# sourceMappingURL=json-formatter.test.js.map

package/dist/audit/formatters/json-formatter.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json-formatter.test.js","sourceRoot":"","sources":["../../../src/audit/formatters/json-formatter.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,wBAAwB,EAAoB,MAAM,mBAAmB,CAAC;AAE/E,SAAS,UAAU,CAAC,YAAkC,EAAE;IACtD,OAAO;QACL,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,sBAAsB;QACjC,WAAW,EAAE,sBAAsB;QACnC,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,EAAE;QAChB,iBAAiB,EAAE,CAAC;QACpB,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE;YACP,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;YAChD,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM;SACtC;QACD,MAAM,EAAE,wBAAwB,EAAE;QAClC,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACpD,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAe,EAAE,UAAU,EAAE,MAAe;YACvF,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;YACxE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAgB;SAC1C,CAAC,CAAC,CAAC;QACJ,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QACzJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC;YACnC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACzG,CAAC,CAAC,CAAC;QACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/audit/formatters/report-formatter.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/audit/formatters/report-formatter.test.js

@@ -0,0 +1,51 @@
+import { describe, it, expect } from "vitest";
+import { formatReport } from "./report-formatter.js";
+import { createDefaultAuditConfig } from "../audit-types.js";
+function makeResult(overrides = {}) {
+    return {
+        rootPath: "/project",
+        startedAt: "2026-02-20T18:00:00Z",
+        completedAt: "2026-02-20T18:00:01Z",
+        durationMs: 1000,
+        filesScanned: 10,
+        filesWithFindings: 0,
+        findings: [],
+        summary: {
+            critical: 0, high: 0, medium: 0, low: 0, info: 0,
+            total: 0, score: 100, verdict: "PASS",
+        },
+        config: createDefaultAuditConfig(),
+        ...overrides,
+    };
+}
+describe("report-formatter", () => {
+    it("TC-037: report contains all sections", () => {
+        const output = formatReport(makeResult({
+            findings: [
+                { id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high", category: "cmd", message: "exec", filePath: "a.ts", line: 1, snippet: "code", source: "tier1" },
+            ],
+            summary: { critical: 1, high: 0, medium: 0, low: 0, info: 0, total: 1, score: 75, verdict: "CONCERNS" },
+        }));
+        expect(output).toContain("Executive Summary");
+        expect(output).toContain("Findings");
+        expect(output).toContain("Recommendations");
+    });
+    it("TC-038: code snippets are in fenced code blocks", () => {
+        const output = formatReport(makeResult({
+            findings: [
+                { id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high", category: "cmd", message: "exec", filePath: "a.ts", line: 1, snippet: "> 1 | exec(cmd);", source: "tier1" },
+            ],
+            summary: { critical: 1, high: 0, medium: 0, low: 0, info: 0, total: 1, score: 75, verdict: "CONCERNS" },
+        }));
+        expect(output).toContain("```");
+    });
+    it("TC-039: summary table has correct counts", () => {
+        const output = formatReport(makeResult({
+            summary: { critical: 2, high: 3, medium: 1, low: 0, info: 0, total: 6, score: 32, verdict: "FAIL" },
+        }));
+        expect(output).toContain("2");
+        expect(output).toContain("3");
+        expect(output).toContain("1");
+    });
+});
+//# sourceMappingURL=report-formatter.test.js.map

package/dist/audit/formatters/report-formatter.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-formatter.test.js","sourceRoot":"","sources":["../../../src/audit/formatters/report-formatter.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,wBAAwB,EAAoB,MAAM,mBAAmB,CAAC;AAE/E,SAAS,UAAU,CAAC,YAAkC,EAAE;IACtD,OAAO;QACL,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,sBAAsB;QACjC,WAAW,EAAE,sBAAsB;QACnC,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,EAAE;QAChB,iBAAiB,EAAE,CAAC;QACpB,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE;YACP,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;YAChD,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM;SACtC;QACD,MAAM,EAAE,wBAAwB,EAAE;QAClC,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC;YACrC,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;aAC5K;YACD,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACxG,CAAC,CAAC,CAAC;QAEJ,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC;YACrC,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,OAAO,EAAE;aACxL;YACD,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACxG,CAAC,CAAC,CAAC;QAEJ,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC;YACrC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE;SACpG,CAAC,CAAC,CAAC;QAEJ,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/audit/formatters/sarif-formatter.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/audit/formatters/sarif-formatter.test.js

@@ -0,0 +1,71 @@
+import { describe, it, expect } from "vitest";
+import { formatSarif } from "./sarif-formatter.js";
+import { createDefaultAuditConfig } from "../audit-types.js";
+function makeResult(overrides = {}) {
+    return {
+        rootPath: "/project",
+        startedAt: "2026-02-20T18:00:00Z",
+        completedAt: "2026-02-20T18:00:01Z",
+        durationMs: 1000,
+        filesScanned: 10,
+        filesWithFindings: 0,
+        findings: [],
+        summary: {
+            critical: 0, high: 0, medium: 0, low: 0, info: 0,
+            total: 0, score: 100, verdict: "PASS",
+        },
+        config: createDefaultAuditConfig(),
+        ...overrides,
+    };
+}
+describe("sarif-formatter", () => {
+    it("TC-033: output matches SARIF v2.1.0 structure", () => {
+        const output = formatSarif(makeResult());
+        const parsed = JSON.parse(output);
+        expect(parsed.$schema).toContain("sarif");
+        expect(parsed.version).toBe("2.1.0");
+        expect(parsed.runs).toBeInstanceOf(Array);
+        expect(parsed.runs).toHaveLength(1);
+    });
+    it("TC-034: tool information is correct", () => {
+        const output = formatSarif(makeResult());
+        const parsed = JSON.parse(output);
+        const driver = parsed.runs[0].tool.driver;
+        expect(driver.name).toBe("vskill-audit");
+        expect(driver.informationUri).toContain("verified-skill.com");
+    });
+    it("TC-035: findings map to SARIF results with correct locations", () => {
+        const result = makeResult({
+            findings: [
+                { id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high", category: "cmd", message: "exec call", filePath: "src/a.ts", line: 42, snippet: "code", source: "tier1" },
+                { id: "AF-002", ruleId: "XSS-001", severity: "high", confidence: "high", category: "xss", message: "innerHTML", filePath: "src/b.ts", line: 10, snippet: "code", source: "tier1" },
+            ],
+            summary: { critical: 1, high: 1, medium: 0, low: 0, info: 0, total: 2, score: 60, verdict: "CONCERNS" },
+        });
+        const parsed = JSON.parse(formatSarif(result));
+        const results = parsed.runs[0].results;
+        expect(results).toHaveLength(2);
+        expect(results[0].locations[0].physicalLocation.artifactLocation.uri).toBe("src/a.ts");
+        expect(results[0].locations[0].physicalLocation.region.startLine).toBe(42);
+    });
+    it("TC-036: severity maps to correct SARIF levels", () => {
+        const result = makeResult({
+            findings: [
+                { id: "AF-001", ruleId: "R1", severity: "critical", confidence: "high", category: "c", message: "m", filePath: "f.ts", line: 1, snippet: "", source: "tier1" },
+                { id: "AF-002", ruleId: "R2", severity: "high", confidence: "high", category: "c", message: "m", filePath: "f.ts", line: 2, snippet: "", source: "tier1" },
+                { id: "AF-003", ruleId: "R3", severity: "medium", confidence: "high", category: "c", message: "m", filePath: "f.ts", line: 3, snippet: "", source: "tier1" },
+                { id: "AF-004", ruleId: "R4", severity: "low", confidence: "high", category: "c", message: "m", filePath: "f.ts", line: 4, snippet: "", source: "tier1" },
+                { id: "AF-005", ruleId: "R5", severity: "info", confidence: "high", category: "c", message: "m", filePath: "f.ts", line: 5, snippet: "", source: "tier1" },
+            ],
+            summary: { critical: 1, high: 1, medium: 1, low: 1, info: 1, total: 5, score: 49, verdict: "FAIL" },
+        });
+        const parsed = JSON.parse(formatSarif(result));
+        const results = parsed.runs[0].results;
+        expect(results[0].level).toBe("error"); // critical
+        expect(results[1].level).toBe("error"); // high
+        expect(results[2].level).toBe("warning"); // medium
+        expect(results[3].level).toBe("note"); // low
+        expect(results[4].level).toBe("note"); // info
+    });
+});
+//# sourceMappingURL=sarif-formatter.test.js.map

package/dist/audit/formatters/sarif-formatter.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-formatter.test.js","sourceRoot":"","sources":["../../../src/audit/formatters/sarif-formatter.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAoB,MAAM,mBAAmB,CAAC;AAE/E,SAAS,UAAU,CAAC,YAAkC,EAAE;IACtD,OAAO;QACL,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,sBAAsB;QACjC,WAAW,EAAE,sBAAsB;QACnC,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,EAAE;QAChB,iBAAiB,EAAE,CAAC;QACpB,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE;YACP,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;YAChD,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM;SACtC;QACD,MAAM,EAAE,wBAAwB,EAAE;QAClC,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAE1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;gBACrL,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;aACnL;YACD,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACxG,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAEvC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvF,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;gBAC9J,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;gBAC1J,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;gBAC5J,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;gBACzJ,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;aAC3J;YACD,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE;SACpG,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAEvC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAG,WAAW;QACrD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAG,OAAO;QACjD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACnD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAI,MAAM;QAChD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAI,OAAO;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/audit/formatters/terminal-formatter.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/audit/formatters/terminal-formatter.test.js

@@ -0,0 +1,51 @@
+import { describe, it, expect } from "vitest";
+import { formatTerminal } from "./terminal-formatter.js";
+import { createDefaultAuditConfig } from "../audit-types.js";
+function makeResult(overrides = {}) {
+    return {
+        rootPath: "/project",
+        startedAt: "2026-02-20T18:00:00Z",
+        completedAt: "2026-02-20T18:00:01Z",
+        durationMs: 1000,
+        filesScanned: 10,
+        filesWithFindings: 0,
+        findings: [],
+        summary: {
+            critical: 0, high: 0, medium: 0, low: 0, info: 0,
+            total: 0, score: 100, verdict: "PASS",
+        },
+        config: createDefaultAuditConfig(),
+        ...overrides,
+    };
+}
+describe("terminal-formatter", () => {
+    it("TC-027: formats empty results correctly", () => {
+        const output = formatTerminal(makeResult());
+        expect(output).toContain("No security issues found");
+    });
+    it("TC-028: groups findings by file", () => {
+        const output = formatTerminal(makeResult({
+            filesWithFindings: 3,
+            findings: [
+                { id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high", category: "cmd", message: "exec", filePath: "src/a.ts", line: 1, snippet: "code", source: "tier1" },
+                { id: "AF-002", ruleId: "XSS-001", severity: "high", confidence: "high", category: "xss", message: "xss", filePath: "src/b.ts", line: 2, snippet: "code", source: "tier1" },
+                { id: "AF-003", ruleId: "SQLI-001", severity: "critical", confidence: "high", category: "sql", message: "sql", filePath: "src/c.ts", line: 3, snippet: "code", source: "tier1" },
+            ],
+            summary: { critical: 2, high: 1, medium: 0, low: 0, info: 0, total: 3, score: 35, verdict: "FAIL" },
+        }));
+        expect(output).toContain("src/a.ts");
+        expect(output).toContain("src/b.ts");
+        expect(output).toContain("src/c.ts");
+    });
+    it("TC-029: includes code snippets", () => {
+        const output = formatTerminal(makeResult({
+            filesWithFindings: 1,
+            findings: [
+                { id: "AF-001", ruleId: "CI-001", severity: "critical", confidence: "high", category: "cmd", message: "exec call", filePath: "src/a.ts", line: 1, snippet: "> 1 | exec(command);", source: "tier1" },
+            ],
+            summary: { critical: 1, high: 0, medium: 0, low: 0, info: 0, total: 1, score: 75, verdict: "CONCERNS" },
+        }));
+        expect(output).toContain("exec(command)");
+    });
+});
+//# sourceMappingURL=terminal-formatter.test.js.map

package/dist/audit/formatters/terminal-formatter.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal-formatter.test.js","sourceRoot":"","sources":["../../../src/audit/formatters/terminal-formatter.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,wBAAwB,EAAoB,MAAM,mBAAmB,CAAC;AAE/E,SAAS,UAAU,CAAC,YAAkC,EAAE;IACtD,OAAO;QACL,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,sBAAsB;QACjC,WAAW,EAAE,sBAAsB;QACnC,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,EAAE;QAChB,iBAAiB,EAAE,CAAC;QACpB,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE;YACP,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;YAChD,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM;SACtC;QACD,MAAM,EAAE,wBAAwB,EAAE;QAClC,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,cAAc,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC;YACvC,iBAAiB,EAAE,CAAC;YACpB,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;gBAC/K,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;gBAC3K,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;aACjL;YACD,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE;SACpG,CAAC,CAAC,CAAC;QAEJ,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC;YACvC,iBAAiB,EAAE,CAAC;YACpB,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,OAAO,EAAE;aACrM;YACD,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACxG,CAAC,CAAC,CAAC;QAEJ,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/blocklist/blocklist-e2e.test.d.ts

@@ -0,0 +1 @@
+export {};