Module Map

netbobr's source is split into 22 ES module files organized by responsibility. Every file lives in the same directory and is loaded directly by the browser - there is no bundling step.

Source files

File	LOC	Category	Responsibility
`app.js`	3,240	UI	Main orchestration, tab management, validation flow, results rendering
`autocomplete.js`	5,022	UI	Service name autocomplete widget with fuzzy matching
`policy-builder-ui.js`	~300	UI	Risk Score Weights UI (Rules tab)
`risk-score-overlay.js`	99	UI	Risk score hover tooltip breakdown
`validator.js`	437	Core	IP/port parsing, scope analysis, advice generation
`risk-score.js`	307	Core	Composite risk score computation (4 factors, floors, penalties)
`custom-rule-engine.js`	176	Core	Custom rule condition evaluation (internal, no UI)
`rule-test-engine.js`	~100	Core	Rule testing logic
`port-rules.js`	314	Data	217 port/service definitions with risk levels
`service-db.js`	1,626	Data	Service name lookup from PORT_RULES
`rule-registry.js`	196	Data	Rule metadata for all frameworks (display)
`pci-rules.js`	388	Rules	35 PCI-DSS v4.0.1 compliance checks
`cis-rules.js`	345	Rules	22 CIS Controls v8 compliance checks
`nist-rules.js`	346	Rules	21 NIST SP 800-53 compliance checks
`nis2-rules.js`	325	Rules	21 NIS2 Directive compliance checks
`dora-rules.js`	310	Rules	18 DORA Regulation compliance checks
`mitre-rules.js`	308	Rules	25 MITRE ATT&CK detection rules
`zone-matrix.js`	284	State	Zone CRUD, subnet matching, policy matrix
`zones.js`	~100	State	CIDR subnet matching and zone utilities
`zone-attributes.js`	76	State	Per-zone metadata (classification, environment, etc.)
`custom-rule-store.js`	186	State	Custom rule storage, export/import (internal, no UI)
`risk-weights.js`	113	State	Custom weight/threshold management and persistence
`escape-html.js`	~20	Utility	XSS sanitization

Dependency graph

The diagram below shows how modules import from each other. Modules are grouped by category.

graph TD subgraph UI["UI"] app["app.js"] autocomplete["autocomplete.js"] policyBuilderUi["policy-builder-ui.js"] riskScoreOverlay["risk-score-overlay.js"] end subgraph Core["Core"] validator["validator.js"] riskScore["risk-score.js"] customRuleEngine["custom-rule-engine.js"] ruleTestEngine["rule-test-engine.js"] end subgraph Rules["Rules"] pci["pci-rules.js"] cis["cis-rules.js"] nist["nist-rules.js"] nis2["nis2-rules.js"] dora["dora-rules.js"] mitre["mitre-rules.js"] end subgraph Data["Data"] portRules["port-rules.js"] serviceDb["service-db.js"] ruleRegistry["rule-registry.js"] end subgraph State["State"] zoneMatrix["zone-matrix.js"] zones["zones.js"] zoneAttributes["zone-attributes.js"] customRuleStore["custom-rule-store.js"] riskWeights["risk-weights.js"] end subgraph Utility["Utility"] escapeHtml["escape-html.js"] end %% app.js imports app --> validator app --> riskScore app --> riskWeights app --> riskScoreOverlay app --> portRules app --> serviceDb app --> autocomplete app --> ruleRegistry app --> zoneMatrix app --> zones app --> zoneAttributes app --> customRuleEngine app --> customRuleStore app --> policyBuilderUi app --> ruleTestEngine app --> escapeHtml %% app.js imports rule files app --> pci app --> cis app --> nist app --> nis2 app --> dora app --> mitre %% Inter-module imports validator --> portRules riskScore --> validator serviceDb --> portRules autocomplete --> serviceDb

app.js sits at the center as the sole orchestrator - it is the only module that touches the DOM for page-level rendering and is the entry point that wires every other module together. The Core and Rules modules have no DOM dependencies, which keeps them testable in isolation.

Design Principles