/** * supply-chain-guard type definitions */ export type Severity = "critical" | "high" | "medium" | "low" | "info"; export interface Finding { /** Unique rule identifier */ rule: string; /** Human-readable description of the finding */ description: string; /** Severity level */ severity: Severity; /** File path relative to scan root (if applicable) */ file?: string; /** Line number (if applicable) */ line?: number; /** Matched content snippet */ match?: string; /** Recommendation for remediation */ recommendation: string; /** Confidence score 0.0-1.0 (v4.2) */ confidence?: number; /** Finding category (v4.2) */ category?: "malware" | "supply-chain" | "config" | "trust" | "info"; /** Correlation cluster ID (v4.2) */ correlationId?: string; /** Why this was flagged (v4.4) */ rationale?: string; /** Evidence snippet (v4.4) */ evidence?: string; /** Whether suppressed by policy/baseline (v4.4) */ suppressed?: boolean; } export interface ScanReport { /** Tool name and version */ tool: string; /** ISO 8601 timestamp */ timestamp: string; /** What was scanned (path, URL, package name) */ target: string; /** Type of scan performed */ scanType: "directory" | "github" | "npm" | "pypi" | "solana" | "cargo" | "go" | "docker"; /** Duration in milliseconds */ durationMs: number; /** All findings */ findings: Finding[]; /** Summary statistics */ summary: ScanSummary; /** Overall risk score (0-100) */ score: number; /** Risk level derived from score */ riskLevel: "clean" | "low" | "medium" | "high" | "critical"; /** Actionable recommendations */ recommendations: string[]; /** Correlated incident clusters (v4.2) */ incidents?: IncidentCluster[]; /** Trust breakdown for npm/pypi packages (v4.2) */ trustBreakdown?: TrustBreakdown; /** Number of findings suppressed by policy/baseline (v4.4) */ suppressedCount?: number; /** Whether scan completed fully (v4.4) */ partialScan?: boolean; /** Threat timeline for forensics (v4.5) */ timeline?: TimelineEvent[]; /** Adaptive risk dimensions (v4.5) */ riskDimensions?: RiskDimensions; /** Remediation plan (v4.6) */ remediations?: Remediation[]; /** Fix suggestions (v4.6) */ fixSuggestions?: FixSuggestion[]; /** Incident playbooks (v4.6) */ playbooks?: Playbook[]; /** Attack graph (v4.7) */ attackGraph?: AttackGraph; /** Risk history trend (v4.8) */ riskHistory?: RiskHistoryEntry[]; /** Security metrics (v4.8) */ metrics?: SecurityMetrics; /** CycloneDX 1.6 SBOM document generated from dependency inventory (v4.9) */ sbomDocument?: SbomDocument; /** SLSA provenance level 0-3 (v4.9) */ slsaLevel?: number; } export interface SbomComponent { type: "library" | "application" | "framework"; name: string; version: string; /** Package URL (pkg:npm/name@version or pkg:pypi/name@version) */ purl: string; hashes?: Array<{ alg: "SHA-256" | "SHA-512" | "SHA-1"; content: string; }>; licenses?: string[]; scope?: "required" | "optional" | "excluded"; } export interface VexStatement { /** CVE or finding ID */ id: string; source?: { name: string; url?: string; }; analysis: { state: "not_affected" | "affected" | "fixed" | "under_investigation"; justification?: string; detail?: string; }; affects?: Array<{ ref: string; versions?: string[]; }>; } export interface SbomDocument { bomFormat: "CycloneDX"; specVersion: "1.6"; serialNumber: string; version: number; metadata: { timestamp: string; tools: { components: Array<{ type: string; name: string; version: string; }>; }; component: { type: string; name: string; "bom-ref": string; }; }; components: SbomComponent[]; vulnerabilities?: VexStatement[]; } export type GraphNodeType = "repo" | "release" | "package" | "workflow" | "script" | "secret" | "ioc" | "maintainer" | "registry" | "artifact"; export type GraphEdgeType = "depends_on" | "downloads" | "executes" | "publishes" | "references" | "exfiltrates" | "resolves_to" | "inherits_trust_from" | "violates_policy"; export interface GraphNode { id: string; type: GraphNodeType; label: string; risk?: number; findings?: string[]; } export interface GraphEdge { source: string; target: string; type: GraphEdgeType; label?: string; risk?: number; } export interface AttackGraph { nodes: GraphNode[]; edges: GraphEdge[]; paths: AttackPath[]; } export interface AttackPath { id: string; description: string; severity: Severity; confidence: number; nodeIds: string[]; } export type ConfidenceTier = "heuristic" | "correlated" | "validated" | "confirmed"; export type ValidationMode = "static-only" | "safe-validate" | "detonate-isolated"; export type FindingStatus = "new" | "triaged" | "accepted-risk" | "in-remediation" | "resolved" | "false-positive"; export interface RiskHistoryEntry { timestamp: string; score: number; findingsCount: number; criticalCount: number; } export interface TriageDecision { findingRule: string; findingFile?: string; status: FindingStatus; owner?: string; team?: string; reason?: string; decidedAt: string; dueDate?: string; } export interface SlaConfig { critical: string; high: string; medium: string; } export interface SecurityMetrics { mttrCritical?: number; openCritical: number; openHigh: number; slaComplianceRate: number; riskTrend: "increasing" | "stable" | "decreasing"; topRiskContributors: string[]; } export interface TimelineEvent { event: string; rule?: string; timestamp: string; severity?: Severity; } export interface RiskDimensions { repoTrust: number; codeRisk: number; dependencyRisk: number; ciCdRisk: number; threatIntelMatches: number; overallScore: number; confidence: number; } export interface Remediation { id: string; title: string; description: string; priority: "low" | "medium" | "high" | "critical"; category: "dependency" | "ci" | "repo" | "release" | "secret" | "policy"; steps: string[]; automated: boolean; riskReduction?: number; } export interface FixSuggestion { targetFile: string; changeType: "replace" | "remove" | "insert" | "policy"; before?: string; after?: string; explanation: string; } export interface Playbook { incidentType: string; severity: Severity; summary: string; immediateActions: string[]; investigationSteps: string[]; remediationSteps: string[]; preventionMeasures: string[]; } export interface PolicyException { rule: string; scope?: string; reason: string; owner?: string; expires?: string; } export interface ThreatIntelSource { name: string; url: string; trustLevel: "low" | "medium" | "high"; lastUpdated?: string; } export interface PolicyConfig { rules?: { disable?: string[]; severityOverrides?: Record; }; allowlist?: { packages?: string[]; domains?: string[]; githubOrgs?: string[]; }; suppress?: Array<{ rule: string; reason: string; }>; baseline?: { file?: string; }; /** Validation problems collected while parsing (v5.3, fail-closed config validation) */ warnings?: PolicyWarning[]; } /** Rule ids emitted for policy config validation problems (v5.3) */ export type PolicyWarningRule = "POLICY_UNKNOWN_KEY" | "POLICY_SUPPRESSION_NO_REASON" | "POLICY_MALFORMED_RULE_ID"; /** * A problem found while parsing .supply-chain-guard.yml (v5.3). * * A security tool whose config silently ignores a typo like "supress:" * fails open: the user believes a policy is active when it is not. * These warnings are converted into findings by applyPolicy(). */ export interface PolicyWarning { /** Detection rule id this warning maps to */ rule: PolicyWarningRule; /** What exactly is wrong, naming the offending key or value */ message: string; /** 1-based line number in the config file (if known) */ line?: number; /** Config file name, e.g. ".supply-chain-guard.yml" (set by loadPolicyConfig) */ file?: string; } export interface ScanSummary { totalFiles: number; filesScanned: number; critical: number; high: number; medium: number; low: number; info: number; } export interface ScanOptions { /** Target path, URL, or package name */ target: string; /** Output format */ format: "text" | "json" | "markdown" | "sarif" | "sbom" | "html" | "badge"; /** Only report findings at or above this severity */ minSeverity?: Severity; /** Exclude specific rules */ excludeRules?: string[]; /** Maximum directory depth */ maxDepth?: number; /** Baseline file path (v4.4) */ baselineFile?: string; /** Policy config file path (v4.4) */ policyFile?: string; /** Only scan changed files since commit (v4.5) */ sinceCommit?: string; } export interface NpmPackageInfo { name: string; version: string; description?: string; scripts?: Record; dependencies?: Record; devDependencies?: Record; repository?: { url?: string; } | string; author?: string | { name?: string; email?: string; }; } export interface SolanaTransaction { signature: string; blockTime: number | null; memo: string | null; err: unknown; } export interface SolanaMonitorOptions { /** Wallet address to monitor */ address: string; /** Polling interval in seconds */ interval: number; /** Maximum number of transactions to check per poll */ limit: number; /** Output format */ format: "text" | "json"; } export interface PatternEntry { /** Pattern name or identifier */ name: string; /** Regex pattern string */ pattern: string; /** What this pattern detects */ description: string; /** Severity if matched */ severity: Severity; /** Rule ID */ rule: string; /** If set, only apply this pattern to files with these extensions (e.g. [".svg"]) */ onlyExtensions?: string[]; /** If set, only apply this pattern to files whose path matches this regex (e.g. README/docs) */ onlyFilePattern?: RegExp; /** If set, skip files whose path matches this regex (e.g. /\.min\.(js|css)$/ or /\.ya?ml$/) */ notFilePattern?: RegExp; /** If true, skip files that look like test/spec/mock/fixture files */ notTestFile?: boolean; } export interface WatchlistEntry { /** Solana wallet address */ address: string; /** Human-readable label for this wallet */ name: string; /** ISO 8601 timestamp when added */ addedAt: string; } export interface WatchlistConfig { entries: WatchlistEntry[]; } export interface WatchlistAlert { address: string; name: string; txid: string; memo: string; timestamp: string; } export interface IncidentCluster { /** Unique cluster ID */ id: string; /** Human-readable incident name */ name: string; /** Highest severity in cluster */ severity: Severity; /** Compound confidence (0.0-1.0) */ confidence: number; /** Findings in this cluster */ findings: Finding[]; /** Auto-generated attack narrative */ narrative: string; /** Rule IDs involved */ indicators: string[]; } export interface TrustIndicator { name: string; status: "green" | "yellow" | "red"; detail: string; } export interface TrustBreakdown { publisherTrust: { score: number; indicators: TrustIndicator[]; }; codeQuality: { score: number; indicators: TrustIndicator[]; }; dependencyTrust: { score: number; indicators: TrustIndicator[]; }; releaseProcess: { score: number; indicators: TrustIndicator[]; }; overallScore: number; } export declare const SEVERITY_SCORES: Record; //# sourceMappingURL=types.d.ts.map