0xray 2.0.0 → 2.0.1

package/dist/processors/processor-types.d.ts

@@ -0,0 +1,190 @@
+/**
+ * Processor Types
+ *
+ * Type definitions for the processor activation system.
+ * Replaces `any` types with proper interfaces for type safety.
+ * This file is the central source of truth for shared processor types
+ * to avoid circular dependencies.
+ *
+ * @version 1.2.0
+ * @since 2026-01-07
+ */
+/**
+ * Tool argument structure passed to processors
+ */
+export interface ToolInputArgs {
+    filePath?: string;
+    content?: string;
+    operation?: string;
+    directory?: string;
+    args?: Record<string, string>;
+}
+/**
+ * Tool input containing execution details
+ */
+export interface ToolInput {
+    tool?: string;
+    args?: ToolInputArgs;
+}
+/**
+ * Processor execution context - used by processors to understand their environment
+ */
+export interface ProcessorContext {
+    /** Tool input (for pre-processors) */
+    toolInput?: ToolInput;
+    /** File path being processed */
+    filePath?: string;
+    /** Operation being performed */
+    operation?: string;
+    /** Content being processed */
+    content?: string;
+    /** Working directory */
+    directory?: string;
+    /** Tool being executed */
+    tool?: string;
+    /** Additional context - string, numeric, boolean, or object values */
+    [key: string]: ToolInput | ToolInputArgs | string | number | boolean | object | undefined;
+}
+/**
+ * Standard result returned by all processors
+ * Uses unknown for data to handle any processor-specific return type
+ */
+export interface ProcessorResult {
+    success: boolean;
+    data?: unknown;
+    error?: string;
+    duration: number;
+    processorName: string;
+}
+export interface PreValidateContext {
+    operation: string;
+    data?: string;
+    syntaxCheck?: boolean;
+    codexCompliance?: boolean;
+    agentName?: string;
+    filesChanged?: string[];
+    riskLevel?: "low" | "medium" | "high" | "critical";
+    tool?: string;
+    directory?: string;
+    args?: ToolInputArgs;
+    config?: Record<string, unknown>;
+}
+export interface PostValidateContext {
+    operation: string;
+    data?: string;
+    preResults: ProcessorExecutionResult[];
+    testResults?: TestResults;
+    regressionResults?: RegressionResults;
+    stateValidation?: boolean;
+    tool?: string;
+    directory?: string;
+    args?: ToolInputArgs;
+}
+export interface ProcessorHook {
+    name: string;
+    execute: (context: PreValidateContext | PostValidateContext) => Promise<ProcessorExecutionResult>;
+    priority: number;
+    enabled: boolean;
+    before?: (context: PreValidateContext | PostValidateContext) => Promise<void>;
+    after?: (result: ProcessorExecutionResult) => Promise<void>;
+    onError?: (error: Error) => Promise<void>;
+}
+export interface ProcessorRegistration {
+    name: string;
+    type: "pre" | "post";
+    hook: ProcessorHook;
+}
+export interface ProcessorExecutionResult {
+    success: boolean;
+    result?: unknown;
+    error?: string;
+    duration: number;
+    processorName: string;
+    data?: unknown;
+}
+export interface ProcessorHealthCheck {
+    name: string;
+    status: "healthy" | "degraded" | "failed";
+    lastRun: number;
+    successRate: number;
+    averageExecutionTime: number;
+    totalRuns: number;
+    failedRuns: number;
+}
+export interface TestResults {
+    passed: number;
+    failed: number;
+    total: number;
+    duration: number;
+}
+export interface RegressionResults {
+    issues: string[];
+    passed: boolean;
+}
+export interface VersionComplianceProcessorResult {
+    success: boolean;
+    errors: string[];
+    warnings: string[];
+    checkedAt: string;
+}
+export interface CodexComplianceProcessorResult {
+    compliant: boolean;
+    violations: string[];
+    warnings: string[];
+    termsChecked: number;
+    operation: string;
+    timestamp: string;
+    error?: boolean;
+}
+export interface ErrorBoundaryResult {
+    boundaries: string;
+}
+export interface LogProtectionProcessorResult {
+    allowed: boolean;
+    reason?: string;
+}
+export interface AgentsMdValidationProcessorResult {
+    success: boolean;
+    blocked: boolean;
+    message?: string;
+    errors: string[];
+    warnings: string[];
+    checkedAt: string;
+}
+export interface TestExecutionResult {
+    testsExecuted: number;
+    passed: number;
+    failed: number;
+    exitCode?: number;
+    output?: string;
+    success: boolean;
+    error?: string;
+}
+export interface RegressionTestingResult {
+    regressions: string;
+    issues: string[];
+}
+export interface StateValidationResult {
+    stateValid: boolean;
+}
+export interface RefactoringLoggingResult {
+    logged: boolean;
+    success: boolean;
+    message: string;
+    error?: string;
+}
+export interface TestAutoCreationResult {
+    success: boolean;
+    message?: string;
+    data?: string[];
+    error?: string;
+}
+export interface CoverageAnalysisResult {
+    success: boolean;
+    message: string;
+    coverage: number;
+}
+export interface RuleViolationEntry {
+    rule: string;
+    message: string;
+}

package/dist/reporting/framework-reporting-system.d.ts

@@ -0,0 +1,19 @@
+import { type ReportConfig, type ScheduleConfig, type RealtimeStatus, type CustomReportTemplate } from "./types.js";
+export type { ReportConfig, ReportData, OrchestrationMetrics, ParsedLogEntry, RealtimeStatus, ScheduleConfig, CustomReportTemplate } from "./types.js";
+export declare class FrameworkReportingSystem {
+    private logRetentionHours;
+    private reportCache;
+    generateReport(config: ReportConfig): Promise<string>;
+    scheduleAutomatedReports(schedule: ScheduleConfig): void;
+    getRealtimeStatus(): Promise<RealtimeStatus>;
+    createCustomReport(template: CustomReportTemplate): string;
+    private generateReportId;
+    private getCachedReport;
+    private isCacheValid;
+    private cacheReport;
+    private collectReportData;
+    private saveReportToFile;
+    private cleanupOldReports;
+    private getIntervalMs;
+}
+export declare const frameworkReportingSystem: FrameworkReportingSystem;

package/dist/reporting/log-parser.d.ts

@@ -0,0 +1,10 @@
+import { type ParsedLogEntry, type ReportConfig } from "./types.js";
+export declare function levelToStatus(level: string): string;
+export declare function inferAgent(component: string): string;
+export declare function parseLogLine(line: string): ParsedLogEntry | null;
+export declare function frameworkLogToParsedEntry(entry: import("../core/framework-logger.js").FrameworkLogEntry): ParsedLogEntry;
+export declare function readCurrentLogFile(timeRange?: ReportConfig["timeRange"]): Promise<ParsedLogEntry[]>;
+export declare function parseCompressedLogFile(filePath: string, startTime: number, endTime: number): Promise<ParsedLogEntry[]>;
+export declare function readRotatedLogFiles(timeRange?: ReportConfig["timeRange"]): Promise<ParsedLogEntry[]>;
+export declare function getComprehensiveLogs(config: ReportConfig): Promise<ParsedLogEntry[]>;
+export declare function filterLogsByConfig(logs: ParsedLogEntry[], config: ReportConfig): ParsedLogEntry[];

package/dist/reporting/metrics.d.ts

@@ -0,0 +1,15 @@
+import type { ParsedLogEntry, OrchestrationMetrics, ReportConfig } from "./types.js";
+export declare function calculateTimeRange(logs: ParsedLogEntry[], timeRange?: ReportConfig["timeRange"]): {
+    start: Date;
+    end: Date;
+};
+export declare function calculateMetrics(logs: ParsedLogEntry[]): OrchestrationMetrics;
+export declare function calculatePeakActivity(logs: ParsedLogEntry[]): {
+    timestamp: Date;
+    eventsPerMinute: number;
+};
+export declare function calculateHealthScore(logs: ParsedLogEntry[]): number;
+export declare function generateInsights(logs: ParsedLogEntry[], metrics: OrchestrationMetrics): string[];
+export declare function generateRecommendations(metrics: OrchestrationMetrics): string[];
+export declare function generateAlerts(logs: ParsedLogEntry[]): string[];
+export declare function getHighFrequencyComponents(logs: ParsedLogEntry[]): string[];

package/dist/reporting/report-formatter.d.ts

@@ -0,0 +1,5 @@
+import type { ReportData } from "./types.js";
+import type { ReportConfig } from "./types.js";
+export declare function formatReport(data: ReportData, format: ReportConfig["outputFormat"]): string;
+export declare function formatAsMarkdown(data: ReportData): string;
+export declare function formatAsHtml(data: ReportData): string;

package/dist/reporting/types.d.ts

@@ -0,0 +1,102 @@
+export interface ParsedLogEntry {
+    timestamp: number;
+    component: string;
+    action: string;
+    message: string;
+    level: string;
+    status: string;
+    agent: string;
+    jobId: string | null;
+    sessionId?: string | undefined;
+    details?: Record<string, unknown> | undefined;
+}
+export interface ReportConfig {
+    type: "orchestration" | "agent-usage" | "context-awareness" | "performance" | "full-analysis";
+    sessionId?: string;
+    jobId?: string;
+    timeRange?: {
+        start?: Date;
+        end?: Date;
+        lastHours?: number;
+    };
+    outputFormat: "markdown" | "json" | "html";
+    outputPath?: string;
+    includeCharts?: boolean;
+    detailedMetrics?: boolean;
+}
+export interface OrchestrationMetrics {
+    totalDelegations: number;
+    agentUsage: Map<string, number>;
+    complexityDistribution: Map<string, number>;
+    successRate: number;
+    averageResponseTime: number;
+    contextOperations: number;
+    enhancementSuccessRate: number;
+    commandUsage: Map<string, number>;
+    toolExecutionStats: {
+        totalCommands: number;
+        uniqueTools: number;
+        mostUsedTool: string;
+        toolSuccessRate: Map<string, {
+            success: number;
+            total: number;
+            rate: number;
+        }>;
+    };
+    systemOperationDetails: {
+        fileOperations: number;
+        searchOperations: number;
+        terminalOperations: number;
+        analysisOperations: number;
+        orchestrationOperations: number;
+    };
+}
+export interface ReportData {
+    generatedAt: Date;
+    timeRange: {
+        start: Date;
+        end: Date;
+    };
+    metrics: OrchestrationMetrics;
+    chronologicalEvents: ParsedLogEntry[];
+    insights: string[];
+    recommendations: string[];
+    summary: {
+        totalEvents: number;
+        activeComponents: string[];
+        peakActivity: {
+            timestamp: Date;
+            eventsPerMinute: number;
+        };
+        healthScore: number;
+    };
+}
+export interface RealtimeStatus {
+    activeComponents: string[];
+    recentActivity: ParsedLogEntry[];
+    healthScore: number;
+    alerts: string[];
+}
+export interface ScheduleConfig {
+    frequency: "hourly" | "daily" | "weekly";
+    types: ReportConfig["type"][];
+    outputDir: string;
+    retentionDays: number;
+}
+export interface CustomReportTemplate {
+    name: string;
+    filters: {
+        components?: string[];
+        actions?: string[];
+        status?: string[];
+        timeRange?: {
+            start: Date;
+            end: Date;
+        };
+    };
+    aggregations: {
+        groupBy: "component" | "action" | "status" | "hour";
+        metrics: ("count" | "avgResponseTime" | "successRate")[];
+    };
+    visualizations: ("timeline" | "pie-chart" | "bar-chart")[];
+}

package/dist/scripts/activate-kernel-pipeline.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Kernel Pipeline Activation Script
+ *
+ * Triggers real delegations that should activate kernel patterns.
+ * Observes the full pipeline in action.
+ */
+export {};

package/dist/scripts/integration.d.ts

@@ -0,0 +1,37 @@
+#!/usr/bin/env node
+/**
+ * 0xRay Integration Script
+ *
+ * Main CLI bridge for external systems (like Jelly commercial modules) to call into 0xRay.
+ * Allows spawning OpenCode CLI with 0xRay agents to execute real tasks.
+ *
+ * @version 1.1.0
+ * @since 2026-02-14
+ *
+ * Usage:
+ *   node dist/scripts/integration.js enforcer '{"taskDescription": "Check code quality"}'
+ *   node dist/scripts/integration.js --version
+ *   node dist/scripts/integration.js --help
+ */
+export interface TaskContext {
+    taskDescription: string;
+    context?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+export interface AgentConfig {
+    name: string;
+    system?: string;
+    tools?: {
+        include?: string[];
+        exclude?: string[];
+    };
+    [key: string]: unknown;
+}
+export interface IntegrationResult {
+    success: boolean;
+    agent: string;
+    task?: string;
+    result?: unknown;
+    error?: string;
+    timestamp: string;
+}

package/dist/security/comprehensive-security-audit.d.ts

@@ -0,0 +1,158 @@
+/**
+ * 0xRay Comprehensive Security Audit System
+ *
+ * Multi-agent security audit system with vulnerability scanning,
+ * automated remediation, compliance checking, and weighted voting
+ * for architectural decisions.
+ *
+ * @version 1.22.13
+ */
+export type SeverityLevel = "critical" | "high" | "medium" | "low" | "info";
+export type ComplianceStandard = "owasp-top-10" | "cwe" | "nist" | "iso-27001" | "pci-dss";
+export interface Vulnerability {
+    id: string;
+    title: string;
+    severity: SeverityLevel;
+    category: VulnerabilityCategory;
+    cwe: string;
+    owasp?: string | undefined;
+    file: string;
+    line: number;
+    column?: number | undefined;
+    description: string;
+    impact: string;
+    recommendation: string;
+    codeSnippet: string;
+    confidence: number;
+    autoRemediation?: RemediationStep[] | undefined;
+}
+export type VulnerabilityCategory = "injection" | "authentication" | "authorization" | "cryptography" | "configuration" | "data-protection" | "input-validation" | "sensitive-data-exposure" | "security-misconfiguration" | "dependency-vulnerability";
+export interface RemediationStep {
+    step: number;
+    action: string;
+    code?: string | undefined;
+    file?: string | undefined;
+    line?: number | undefined;
+    estimatedEffort: "low" | "medium" | "high";
+    automated: boolean;
+}
+export interface SecurityAuditConfig {
+    projectPath: string;
+    scanDepth?: "shallow" | "medium" | "deep";
+    includeDependencies?: boolean;
+    complianceStandards?: ComplianceStandard[];
+    enableAutoRemediation?: boolean;
+    enableWeightedVoting?: boolean;
+    agentWeights?: Record<string, number>;
+    outputPath?: string | undefined;
+}
+export interface WeightedVote {
+    agentId: string;
+    agentName: string;
+    vote: "approve" | "reject" | "abstain";
+    weight: number;
+    reasoning: string;
+    concerns?: string[] | undefined;
+}
+export interface ArchitecturalDecision {
+    id: string;
+    title: string;
+    description: string;
+    proposedBy: string;
+    votes: WeightedVote[];
+    finalDecision: "approved" | "rejected" | "needs-revision";
+    approvedBy: WeightedVote[];
+    rejectedBy: WeightedVote[];
+    timestamp: Date;
+}
+export interface ComplianceResult {
+    standard: ComplianceStandard;
+    passed: boolean;
+    score: number;
+    findings: Vulnerability[];
+    recommendations: string[];
+}
+export interface SecurityAuditReport {
+    metadata: {
+        auditId: string;
+        timestamp: Date;
+        projectPath: string;
+        totalFilesScanned: number;
+        duration: number;
+    };
+    summary: {
+        totalVulnerabilities: number;
+        bySeverity: Record<SeverityLevel, number>;
+        byCategory: Record<VulnerabilityCategory, number>;
+        securityScore: number;
+        complianceScore: number;
+    };
+    vulnerabilities: Vulnerability[];
+    compliance: ComplianceResult[];
+    remediation: {
+        totalIssues: number;
+        automatable: number;
+        manualRequired: number;
+        estimatedFixTime: string;
+        prioritizedFixes: RemediationPlan[];
+    };
+    architecturalDecisions: ArchitecturalDecision[];
+    agentConsensus: {
+        participatingAgents: string[];
+        averageAgreement: number;
+        contentiousIssues: Vulnerability[];
+    } | undefined;
+}
+export interface RemediationPlan {
+    vulnerabilityId: string;
+    title: string;
+    severity: SeverityLevel;
+    priority: number;
+    steps: RemediationStep[];
+    dependencies: string[];
+    estimatedTime: string;
+}
+export declare class ComprehensiveSecurityAuditSystem {
+    private config;
+    private vulnerabilities;
+    private architecturalDecisions;
+    private agentVotes;
+    private readonly severityWeights;
+    private readonly defaultAgentWeights;
+    private readonly dangerousPatterns;
+    constructor(config: SecurityAuditConfig);
+    runAudit(): Promise<SecurityAuditReport>;
+    private getProjectFiles;
+    private auditFile;
+    private createVulnerability;
+    private isFalsePositive;
+    private auditImports;
+    private auditDependencies;
+    private checkCompliance;
+    private evaluateStandard;
+    private evaluateOWASP;
+    private evaluateCWE;
+    private evaluateNIST;
+    private evaluateISO27001;
+    private evaluatePCIDSS;
+    private groupByCategory;
+    private generateRemediationPlan;
+    private prioritizeFixes;
+    private estimateFixTime;
+    private estimateFixTimeForVuln;
+    private calculateSummary;
+    private collectAgentVotes;
+    private simulateAgentVote;
+    private resolveArchitecturalDecisions;
+    private calculateAgentConsensus;
+    private saveReport;
+    generateMarkdownReport(report: SecurityAuditReport): string;
+    private getScoreEmoji;
+    private getSeverityEmoji;
+    addVote(vote: WeightedVote): void;
+    getVulnerabilities(): Vulnerability[];
+    getArchitecturalDecisions(): ArchitecturalDecision[];
+}
+export declare function createSecurityAuditSystem(config: SecurityAuditConfig): ComprehensiveSecurityAuditSystem;
+export declare function runQuickSecurityAudit(projectPath: string): Promise<SecurityAuditReport>;
+export declare function runDeepSecurityAudit(projectPath: string, outputPath?: string): Promise<SecurityAuditReport>;

package/dist/security/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * 0xRay AI v1.22.60 - Security Module Index
+ * Unified exports for the comprehensive security system
+ */
+export { SecurityScanner, securityScanner } from "./security-scanner.js";
+export { PromptSecurityValidator, promptSecurityValidator, } from "./prompt-security-validator.js";
+export * from "./security-headers.js";
+export * from "./security-hardening-system.js";
+export * from "./security-hardener.js";
+export * from "./security-auditor.js";
+export { ComprehensiveSecurityAuditSystem, createSecurityAuditSystem, runQuickSecurityAudit, runDeepSecurityAudit, type Vulnerability, type VulnerabilityCategory, type SeverityLevel, type RemediationStep, type RemediationPlan, type SecurityAuditConfig, type SecurityAuditReport, type WeightedVote, type ArchitecturalDecision, type ComplianceResult, type ComplianceStandard, } from "./comprehensive-security-audit.js";
+export { SecurityOrchestrationLayer, createSecurityOrchestrationLayer, runSecurityOrchestration, type SecurityAgent, type SecurityAgentType, type AgentStatus, type SecurityTask, type SecurityTaskType, type AgentVote, type SecurityDecision, type OrchestrationConfig, type SecurityOrchestrationReport, } from "./security-orchestration-layer.js";
+export { SecurityAgentCoordinator, createSecurityAgentCoordinator, runMultiAgentSecurityScan, type SecurityAgentConfig, type SecurityAgentContext, type AgentVotingResult, type MultiAgentSecurityResult, } from "./security-agent-coordinator.js";

package/dist/security/prompt-security-validator.d.ts

@@ -0,0 +1,44 @@
+/**
+ * 0xRay Framework - AI Prompt Security Validator
+ *
+ * Specialized security validation for AI agent prompts and responses
+ * Prevents prompt injection, system prompt override, and malicious inputs
+ */
+export interface PromptSecurityConfig {
+    enabled: boolean;
+    maxPromptLength: number;
+    allowedPatterns: RegExp[];
+    blockedPatterns: RegExp[];
+    sanitizeLevel: "basic" | "strict" | "paranoid";
+}
+export interface SecurityValidationResult {
+    isSafe: boolean;
+    violations: string[];
+    sanitizedPrompt?: string | undefined;
+    riskLevel: "low" | "medium" | "high" | "critical";
+}
+export declare class PromptSecurityValidator {
+    private config;
+    constructor(config?: Partial<PromptSecurityConfig>);
+    /**
+     * Validate AI prompt for security issues
+     */
+    validatePrompt(prompt: string): SecurityValidationResult;
+    /**
+     * Check for system prompt override attempts
+     */
+    private containsSystemPromptOverride;
+    /**
+     * Check for prompt injection attempts
+     */
+    private containsInjectionAttempts;
+    /**
+     * Sanitize prompt by removing dangerous patterns
+     */
+    private sanitizePrompt;
+    /**
+     * Validate agent response for safety
+     */
+    validateResponse(response: string): SecurityValidationResult;
+}
+export declare const promptSecurityValidator: PromptSecurityValidator;

package/dist/security/security-agent-coordinator.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Security Agent Integration
+ *
+ * Integrates the security orchestration layer with the framework's agent system.
+ * Provides coordination between security agents using weighted voting.
+ *
+ * @version 1.22.13
+ */
+import { EventEmitter } from "events";
+import { SecurityOrchestrationLayer, SecurityAgent, SecurityDecision, OrchestrationConfig } from "./security-orchestration-layer.js";
+import { Vulnerability } from "./comprehensive-security-audit.js";
+export interface SecurityAgentConfig {
+    agentId: string;
+    agentType: string;
+    capabilities: string[];
+    weight: number;
+}
+export interface SecurityAgentContext {
+    projectPath: string;
+    scanDepth: "shallow" | "medium" | "deep";
+    complianceStandards: string[];
+    enableAutoRemediation: boolean;
+}
+export interface AgentVotingResult {
+    agentId: string;
+    agentName: string;
+    vote: "approve" | "reject" | "abstain";
+    weight: number;
+    reasoning: string;
+    concerns: string[];
+    confidence: number;
+}
+export interface MultiAgentSecurityResult {
+    auditId: string;
+    timestamp: Date;
+    duration: number;
+    participatingAgents: string[];
+    vulnerabilities: Vulnerability[];
+    decisions: SecurityDecision[];
+    agentVotes: AgentVotingResult[];
+    summary: {
+        totalVulnerabilities: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        securityScore: number;
+        complianceScore: number;
+    };
+    weightedApproval: number;
+    approved: boolean;
+    recommendations: string[];
+}
+export declare class SecurityAgentCoordinator extends EventEmitter {
+    private orchestration;
+    private agentRegistry;
+    private isActive;
+    constructor(config?: Partial<OrchestrationConfig>);
+    private setupEventHandlers;
+    registerAgent(config: SecurityAgentConfig): void;
+    unregisterAgent(agentId: string): boolean;
+    getRegisteredAgents(): SecurityAgentConfig[];
+    runCoordinatedSecurityScan(context: SecurityAgentContext): Promise<MultiAgentSecurityResult>;
+    private collectAgentVotes;
+    private calculateWeightedApproval;
+    getOrchestrationLayer(): SecurityOrchestrationLayer;
+    getActiveAgents(): SecurityAgent[];
+    getPendingTasks(): import("./security-orchestration-layer.js").SecurityTask[];
+    isCoordinatorActive(): boolean;
+}
+export declare function createSecurityAgentCoordinator(config?: Partial<OrchestrationConfig>): SecurityAgentCoordinator;
+export declare function runMultiAgentSecurityScan(projectPath: string, context?: Partial<SecurityAgentContext>): Promise<MultiAgentSecurityResult>;