0xray 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.opencode/agents/api-design.yml +31 -0
- package/.opencode/agents/architect.yml +15 -0
- package/.opencode/agents/architecture-patterns.yml +14 -0
- package/.opencode/agents/auto-format.yml +14 -0
- package/.opencode/agents/backend-engineer.yml +12 -0
- package/.opencode/agents/boot-orchestrator.yml +14 -0
- package/.opencode/agents/bug-triage-specialist.yml +15 -0
- package/.opencode/agents/code-analyzer.yml +12 -0
- package/.opencode/agents/code-reviewer.yml +14 -0
- package/.opencode/agents/content-creator.yml +12 -0
- package/.opencode/agents/database-engineer.yml +12 -0
- package/.opencode/agents/devops-engineer.yml +12 -0
- package/.opencode/agents/framework-compliance-audit.yml +14 -0
- package/.opencode/agents/frontend-engineer.yml +12 -0
- package/.opencode/agents/frontend-ui-ux-engineer.yml +12 -0
- package/.opencode/agents/git-workflow.yml +15 -0
- package/.opencode/agents/growth-strategist.yml +12 -0
- package/.opencode/agents/hermes-agent.yml +12 -0
- package/.opencode/agents/inference-improve.yml +12 -0
- package/.opencode/agents/lint.yml +14 -0
- package/.opencode/agents/log-monitor.yml +12 -0
- package/.opencode/agents/mobile-developer.yml +12 -0
- package/.opencode/agents/model-health-check.yml +12 -0
- package/.opencode/agents/multimodal-looker.yml +12 -0
- package/.opencode/agents/performance-analysis.yml +12 -0
- package/.opencode/agents/performance-engineer.yml +12 -0
- package/.opencode/agents/performance-optimization.yml +12 -0
- package/.opencode/agents/processor-pipeline.yml +14 -0
- package/.opencode/agents/project-analysis.yml +12 -0
- package/.opencode/agents/refactorer.yml +12 -0
- package/.opencode/agents/researcher.yml +12 -0
- package/.opencode/agents/security-auditor.yml +12 -0
- package/.opencode/agents/security-scan.yml +12 -0
- package/.opencode/agents/seo-consultant.yml +12 -0
- package/.opencode/agents/session-management.yml +12 -0
- package/.opencode/agents/state-manager.yml +12 -0
- package/.opencode/agents/storyteller.yml +12 -0
- package/.opencode/agents/strategist.yml +12 -0
- package/.opencode/agents/tech-writer.yml +12 -0
- package/.opencode/agents/testing-best-practices.yml +12 -0
- package/.opencode/agents/testing-lead.yml +12 -0
- package/.opencode/agents/ui-ux-design.yml +12 -0
- package/.opencode/codex.codex +8 -0
- package/.opencode/commands/auto-format.md +99 -0
- package/.opencode/commands/auto-summary-capture.md +90 -0
- package/.opencode/commands/dependency-audit.md +184 -0
- package/.opencode/commands/enforcer-daily-scan.md +137 -0
- package/.opencode/commands/framework-compliance-audit.md +205 -0
- package/.opencode/commands/interactive-validator.md +75 -0
- package/.opencode/commands/job-summary-logger.md +68 -0
- package/.opencode/commands/lint.md +11 -0
- package/.opencode/commands/mode-switch.md +95 -0
- package/.opencode/commands/model-health-check.md +186 -0
- package/.opencode/commands/performance-analysis.md +144 -0
- package/.opencode/commands/pre-commit-introspection.md +185 -0
- package/.opencode/commands/pre-commit-introspection.sh +133 -0
- package/.opencode/commands/security-scan.md +157 -0
- package/.opencode/commands/sisyphus-validation.md +128 -0
- package/.opencode/commands/summary-logger.md +83 -0
- package/.opencode/enforcer-config.json +285 -0
- package/.opencode/hooks/hook-metrics.json +380 -0
- package/.opencode/hooks/post-commit +114 -0
- package/.opencode/hooks/post-push +34 -0
- package/.opencode/init.sh +151 -0
- package/.opencode/skills/api-design/SKILL.md +37 -0
- package/.opencode/skills/architect-tools/SKILL.md +37 -0
- package/.opencode/skills/architecture-patterns/SKILL.md +37 -0
- package/.opencode/skills/auto-format/SKILL.md +37 -0
- package/.opencode/skills/backend-engineer/SKILL.md +49 -0
- package/.opencode/skills/boot-orchestrator/SKILL.md +37 -0
- package/.opencode/skills/bug-triage/SKILL.md +43 -0
- package/.opencode/skills/code-analyzer/SKILL.md +45 -0
- package/.opencode/skills/code-review/SKILL.md +52 -0
- package/.opencode/skills/content-creator/SKILL.md +38 -0
- package/.opencode/skills/database-engineer/SKILL.md +46 -0
- package/.opencode/skills/devops-engineer/SKILL.md +49 -0
- package/.opencode/skills/enforcer/SKILL.md +37 -0
- package/.opencode/skills/framework-compliance-audit/SKILL.md +37 -0
- package/.opencode/skills/frontend-engineer/SKILL.md +49 -0
- package/.opencode/skills/frontend-ui-ux-engineer/SKILL.md +41 -0
- package/.opencode/skills/git-workflow/SKILL.md +37 -0
- package/.opencode/skills/growth-strategist/SKILL.md +48 -0
- package/.opencode/skills/hermes-agent/SKILL.md +212 -0
- package/.opencode/skills/inference-improve/SKILL.md +97 -0
- package/.opencode/skills/lint/SKILL.md +37 -0
- package/.opencode/skills/log-monitor/SKILL.md +44 -0
- package/.opencode/skills/mobile-developer/SKILL.md +42 -0
- package/.opencode/skills/model-health-check/SKILL.md +37 -0
- package/.opencode/skills/multimodal-looker/SKILL.md +45 -0
- package/.opencode/skills/orchestrator/SKILL.md +37 -0
- package/.opencode/skills/performance-analysis/SKILL.md +37 -0
- package/.opencode/skills/performance-engineer/SKILL.md +41 -0
- package/.opencode/skills/performance-optimization/SKILL.md +37 -0
- package/.opencode/skills/processor-pipeline/SKILL.md +37 -0
- package/.opencode/skills/project-analysis/SKILL.md +42 -0
- package/.opencode/skills/refactoring-strategies/SKILL.md +37 -0
- package/.opencode/skills/registry.json +66 -0
- package/.opencode/skills/researcher/SKILL.md +37 -0
- package/.opencode/skills/security-audit/SKILL.md +47 -0
- package/.opencode/skills/security-scan/SKILL.md +37 -0
- package/.opencode/skills/seo-consultant/SKILL.md +43 -0
- package/.opencode/skills/session-management/SKILL.md +36 -0
- package/.opencode/skills/state-manager/SKILL.md +37 -0
- package/.opencode/skills/storyteller/SKILL.md +130 -0
- package/.opencode/skills/strategist/SKILL.md +32 -0
- package/.opencode/skills/tech-writer/SKILL.md +37 -0
- package/.opencode/skills/testing-best-practices/SKILL.md +37 -0
- package/.opencode/skills/testing-strategy/SKILL.md +43 -0
- package/.opencode/skills/ui-ux-design/SKILL.md +603 -0
- package/.opencode/workflows/post-deployment-audit.yml +123 -0
- package/AGENTS.md +110 -0
- package/LICENSE +21 -0
- package/README.md +131 -0
- package/dist/AGENTS.md +110 -0
- package/dist/CHANGELOG.md +2182 -0
- package/dist/LICENSE +21 -0
- package/dist/README.md +131 -0
- package/dist/agents/architect.js +56 -0
- package/dist/agents/backend-engineer.js +81 -0
- package/dist/agents/bug-triage-specialist.js +74 -0
- package/dist/agents/code-analyzer.js +150 -0
- package/dist/agents/code-reviewer.js +69 -0
- package/dist/agents/content-creator.js +72 -0
- package/dist/agents/database-engineer.js +76 -0
- package/dist/agents/devops-engineer.js +84 -0
- package/dist/agents/frontend-engineer.js +78 -0
- package/dist/agents/frontend-ui-ux-engineer.js +64 -0
- package/dist/agents/growth-strategist.js +111 -0
- package/dist/agents/index.js +45 -0
- package/dist/agents/librarian-agents-updater.js +333 -0
- package/dist/agents/log-monitor.js +109 -0
- package/dist/agents/mobile-developer.js +102 -0
- package/dist/agents/multimodal-looker.js +93 -0
- package/dist/agents/performance-engineer.js +86 -0
- package/dist/agents/refactorer.js +80 -0
- package/dist/agents/registry.js +340 -0
- package/dist/agents/researcher.js +83 -0
- package/dist/agents/security-auditor.js +158 -0
- package/dist/agents/seo-consultant.js +53 -0
- package/dist/agents/strategist.js +47 -0
- package/dist/agents/tech-writer.js +84 -0
- package/dist/agents/testing-lead.js +95 -0
- package/dist/agents/types.js +1 -0
- package/dist/analytics/consent-manager.js +258 -0
- package/dist/analytics/emerging-pattern-detector.js +260 -0
- package/dist/analytics/pattern-learning-engine.js +278 -0
- package/dist/analytics/pattern-performance-tracker.js +336 -0
- package/dist/analytics/predictive-analytics.js +248 -0
- package/dist/analytics/prompt-pattern-analyzer.js +371 -0
- package/dist/analytics/routing-performance-analyzer.js +356 -0
- package/dist/analytics/routing-refiner.js +380 -0
- package/dist/analytics/simple-pattern-analyzer.js +297 -0
- package/dist/architect/architect-tools.js +437 -0
- package/dist/architect/architectural-integrity.js +78 -0
- package/dist/benchmark/performance-benchmark.js +372 -0
- package/dist/cli/commands/analytics-disable.js +72 -0
- package/dist/cli/commands/analytics-enable-action.js +82 -0
- package/dist/cli/commands/analytics-preview.js +106 -0
- package/dist/cli/commands/analytics-status.js +68 -0
- package/dist/cli/commands/antigravity-status.js +106 -0
- package/dist/cli/commands/archive-logs.js +161 -0
- package/dist/cli/commands/credible-init.js +82 -0
- package/dist/cli/commands/grok-install.js +16 -0
- package/dist/cli/commands/hermes-install.js +66 -0
- package/dist/cli/commands/mcp-install.js +253 -0
- package/dist/cli/commands/openclaw-install.js +44 -0
- package/dist/cli/commands/opencode-install.js +99 -0
- package/dist/cli/commands/plugin-commands.js +246 -0
- package/dist/cli/commands/publish-agent.js +184 -0
- package/dist/cli/commands/security-audit.js +219 -0
- package/dist/cli/commands/skill-install.js +481 -0
- package/dist/cli/commands/status.js +196 -0
- package/dist/cli/commands/storyteller.js +230 -0
- package/dist/cli/index.js +986 -0
- package/dist/cli/server.js +147 -0
- package/dist/config/default-agents.js +16 -0
- package/dist/core/activity-logger.js +260 -0
- package/dist/core/adaptive-kernel.js +192 -0
- package/dist/core/agent-spawn-gate.js +120 -0
- package/dist/core/boot-orchestrator.js +812 -0
- package/dist/core/bridge.mjs +945 -0
- package/dist/core/codex-formatter.js +220 -0
- package/dist/core/codex-injector.js +424 -0
- package/dist/core/config-loader.js +148 -0
- package/dist/core/config-paths.js +162 -0
- package/dist/core/context-loader.js +269 -0
- package/dist/core/context-validator.js +212 -0
- package/dist/core/features-config.js +457 -0
- package/dist/core/framework-logger.js +275 -0
- package/dist/core/index.js +6 -0
- package/dist/core/kernel-patterns.js +302 -0
- package/dist/core/logging-config.js +43 -0
- package/dist/core/model-router.js +175 -0
- package/dist/core/orchestrator.js +408 -0
- package/dist/core/system-prompt-generator.js +265 -0
- package/dist/core/trace-context.js +33 -0
- package/dist/core/xray-activation.js +134 -0
- package/dist/delegation/agent-delegator.js +769 -0
- package/dist/delegation/agent-expertise.js +156 -0
- package/dist/delegation/analytics/index.js +12 -0
- package/dist/delegation/analytics/learning-engine.js +277 -0
- package/dist/delegation/analytics/outcome-tracker.js +279 -0
- package/dist/delegation/analytics/routing-analytics.js +193 -0
- package/dist/delegation/ast-code-parser.js +878 -0
- package/dist/delegation/codebase-context-analyzer.js +1040 -0
- package/dist/delegation/complexity-analyzer.js +282 -0
- package/dist/delegation/complexity-core.js +219 -0
- package/dist/delegation/config/types.js +6 -0
- package/dist/delegation/dependency-graph-builder.js +409 -0
- package/dist/delegation/index.js +20 -0
- package/dist/delegation/metrics-aggregator.js +335 -0
- package/dist/delegation/session-coordinator.js +352 -0
- package/dist/delegation/strategy-selector.js +108 -0
- package/dist/delegation/voting-coordinator.js +375 -0
- package/dist/delegation/voting-types.js +10 -0
- package/dist/delegation/weighted-voting-aggregator.js +194 -0
- package/dist/enforcement/core/index.js +19 -0
- package/dist/enforcement/core/rule-executor.js +365 -0
- package/dist/enforcement/core/rule-hierarchy.js +259 -0
- package/dist/enforcement/core/rule-registry.js +240 -0
- package/dist/enforcement/core/violation-fixer.js +651 -0
- package/dist/enforcement/enforcer-tools.js +909 -0
- package/dist/enforcement/index.js +41 -0
- package/dist/enforcement/loaders/agent-triage-loader.js +222 -0
- package/dist/enforcement/loaders/agents-md-validation-loader.js +252 -0
- package/dist/enforcement/loaders/base-loader.js +86 -0
- package/dist/enforcement/loaders/codex-loader.js +396 -0
- package/dist/enforcement/loaders/index.js +40 -0
- package/dist/enforcement/loaders/loader-orchestrator.js +168 -0
- package/dist/enforcement/loaders/processor-loader.js +113 -0
- package/dist/enforcement/rule-enforcer.js +298 -0
- package/dist/enforcement/test-auto-healing.js +325 -0
- package/dist/enforcement/types.js +30 -0
- package/dist/enforcement/validators/architecture-validators.js +600 -0
- package/dist/enforcement/validators/base-validator.js +108 -0
- package/dist/enforcement/validators/code-quality-validators.js +336 -0
- package/dist/enforcement/validators/index.js +21 -0
- package/dist/enforcement/validators/security-validators.js +220 -0
- package/dist/enforcement/validators/testing-validators.js +253 -0
- package/dist/enforcement/validators/validator-registry.js +150 -0
- package/dist/execution/opencode-cli-invoker.js +173 -0
- package/dist/execution/proposal-applier.js +254 -0
- package/dist/governance/codex-policy.service.js +167 -0
- package/dist/governance/governance-core.js +152 -0
- package/dist/governance/governance-service.js +274 -0
- package/dist/governance/governance-types.js +6 -0
- package/dist/index.js +24 -0
- package/dist/inference/deploy-verifier.js +161 -0
- package/dist/inference/index.js +5 -0
- package/dist/inference/inference-accumulator.js +126 -0
- package/dist/inference/inference-cycle.js +1168 -0
- package/dist/inference/semantic-patterns.js +310 -0
- package/dist/inference/session-capture.js +308 -0
- package/dist/integrations/base/ExampleIntegration.js +181 -0
- package/dist/integrations/base/Integration.js +395 -0
- package/dist/integrations/base/README.md +446 -0
- package/dist/integrations/base/index.js +16 -0
- package/dist/integrations/base/registry.js +606 -0
- package/dist/integrations/base/types.js +118 -0
- package/dist/integrations/governance/governance-client.js +316 -0
- package/dist/integrations/governance/index.js +373 -0
- package/dist/integrations/governance/types.js +97 -0
- package/dist/integrations/grok/grok-cli.js +83 -0
- package/dist/integrations/grok/hooks/pre-tool-use.js +134 -0
- package/dist/integrations/grok/plugin/0xray/.mcp.json +15 -0
- package/dist/integrations/grok/plugin/0xray/hooks/hooks.json +30 -0
- package/dist/integrations/hermes-agent/__init__.py +718 -0
- package/dist/integrations/hermes-agent/after-install.md +71 -0
- package/dist/integrations/hermes-agent/bridge.mjs +861 -0
- package/dist/integrations/hermes-agent/conftest.py +14 -0
- package/dist/integrations/hermes-agent/plugin.yaml +12 -0
- package/dist/integrations/hermes-agent/schemas.py +100 -0
- package/dist/integrations/hermes-agent/test_plugin.py +1100 -0
- package/dist/integrations/hermes-agent/tools.py +253 -0
- package/dist/integrations/openclaw/README.md +134 -0
- package/dist/integrations/openclaw/api-server.js +389 -0
- package/dist/integrations/openclaw/client.js +492 -0
- package/dist/integrations/openclaw/config.js +374 -0
- package/dist/integrations/openclaw/hooks/strray-hooks.js +280 -0
- package/dist/integrations/openclaw/index.js +351 -0
- package/dist/integrations/openclaw/types.js +153 -0
- package/dist/integrations/plugins/index.js +10 -0
- package/dist/integrations/plugins/plugin-integration.js +606 -0
- package/dist/integrations/plugins/plugin-registry.js +580 -0
- package/dist/mcps/agent-resolver.js +106 -0
- package/dist/mcps/architect-tools.server.js +277 -0
- package/dist/mcps/auto-format.server.js +413 -0
- package/dist/mcps/boot-orchestrator.server.js +853 -0
- package/dist/mcps/config/config-loader.js +103 -0
- package/dist/mcps/config/config-validator.js +101 -0
- package/dist/mcps/config/index.js +30 -0
- package/dist/mcps/config/plugin-server-registry.js +223 -0
- package/dist/mcps/config/server-config-registry.js +348 -0
- package/dist/mcps/connection/connection-manager.js +79 -0
- package/dist/mcps/connection/connection-pool.js +164 -0
- package/dist/mcps/connection/mcp-connection.js +233 -0
- package/dist/mcps/connection/process-spawner.js +34 -0
- package/dist/mcps/enforcer-tools.server.js +778 -0
- package/dist/mcps/estimation.server.js +192 -0
- package/dist/mcps/framework-compliance-audit.server.js +500 -0
- package/dist/mcps/framework-help.server.js +400 -0
- package/dist/mcps/governance.server.js +464 -0
- package/dist/mcps/in-process-skill-registry.js +48 -0
- package/dist/mcps/knowledge-skills/api-design.server.js +123 -0
- package/dist/mcps/knowledge-skills/architecture-patterns.server.js +113 -0
- package/dist/mcps/knowledge-skills/bug-triage-specialist.server.js +474 -0
- package/dist/mcps/knowledge-skills/code-analyzer.server.js +605 -0
- package/dist/mcps/knowledge-skills/code-review.server.js +847 -0
- package/dist/mcps/knowledge-skills/content-creator.server.js +256 -0
- package/dist/mcps/knowledge-skills/database-design.server.js +822 -0
- package/dist/mcps/knowledge-skills/devops-deployment.server.js +1180 -0
- package/dist/mcps/knowledge-skills/git-workflow.server.js +115 -0
- package/dist/mcps/knowledge-skills/growth-strategist.server.js +361 -0
- package/dist/mcps/knowledge-skills/log-monitor.server.js +451 -0
- package/dist/mcps/knowledge-skills/mobile-development.server.js +525 -0
- package/dist/mcps/knowledge-skills/multimodal-looker.server.js +1063 -0
- package/dist/mcps/knowledge-skills/performance-optimization.server.js +1587 -0
- package/dist/mcps/knowledge-skills/project-analysis.server.js +811 -0
- package/dist/mcps/knowledge-skills/refactoring-strategies.server.js +796 -0
- package/dist/mcps/knowledge-skills/security-audit.server.js +846 -0
- package/dist/mcps/knowledge-skills/seo-consultant.server.js +937 -0
- package/dist/mcps/knowledge-skills/session-management.server.js +470 -0
- package/dist/mcps/knowledge-skills/skill-invocation.server.js +729 -0
- package/dist/mcps/knowledge-skills/strategist.server.js +217 -0
- package/dist/mcps/knowledge-skills/tech-writer.server.js +1191 -0
- package/dist/mcps/knowledge-skills/testing-best-practices.server.js +866 -0
- package/dist/mcps/knowledge-skills/testing-strategy.server.js +827 -0
- package/dist/mcps/knowledge-skills/ui-ux-design.server.js +1538 -0
- package/dist/mcps/lint.server.js +381 -0
- package/dist/mcps/mcp-client.js +574 -0
- package/dist/mcps/model-health-check.server.js +228 -0
- package/dist/mcps/orchestrator/config/agent-capabilities.js +87 -0
- package/dist/mcps/orchestrator/execution/execution-planner.js +279 -0
- package/dist/mcps/orchestrator/handlers/complexity-handler.js +94 -0
- package/dist/mcps/orchestrator/handlers/status-handler.js +232 -0
- package/dist/mcps/orchestrator/handlers/task-handler.js +197 -0
- package/dist/mcps/orchestrator/server.js +305 -0
- package/dist/mcps/orchestrator/types.js +6 -0
- package/dist/mcps/orchestrator.server.js +19 -0
- package/dist/mcps/performance-analysis.server.js +519 -0
- package/dist/mcps/processor-pipeline.server.js +561 -0
- package/dist/mcps/protocol/protocol-constants.js +46 -0
- package/dist/mcps/registry.json +110 -0
- package/dist/mcps/researcher.server.js +504 -0
- package/dist/mcps/security-scan.server.js +531 -0
- package/dist/mcps/simulation/index.js +12 -0
- package/dist/mcps/simulation/server-simulations.js +219 -0
- package/dist/mcps/simulation/simulation-engine.js +96 -0
- package/dist/mcps/state-manager.server.js +637 -0
- package/dist/mcps/tools/index.js +14 -0
- package/dist/mcps/tools/tool-cache.js +112 -0
- package/dist/mcps/tools/tool-discovery.js +65 -0
- package/dist/mcps/tools/tool-executor.js +75 -0
- package/dist/mcps/tools/tool-registry.js +67 -0
- package/dist/mcps/types/index.js +15 -0
- package/dist/mcps/types/json-rpc.types.js +7 -0
- package/dist/mcps/types/mcp.types.js +7 -0
- package/dist/metrics/agent-metrics.js +574 -0
- package/dist/metrics/index.js +6 -0
- package/dist/monitoring/advanced-profiler.js +232 -0
- package/dist/monitoring/memory-monitor.js +315 -0
- package/dist/monitoring/nudge-watchdog.js +356 -0
- package/dist/monitoring/test-auto-generation-monitor.js +157 -0
- package/dist/orchestrator/agent-spawn-governor.js +559 -0
- package/dist/orchestrator/enhanced-multi-agent-orchestrator.js +399 -0
- package/dist/orchestrator/intelligent-commit-batcher.js +353 -0
- package/dist/orchestrator/multi-agent-orchestration-coordinator.js +456 -0
- package/dist/orchestrator/orchestrator.js +657 -0
- package/dist/orchestrator/self-direction-activation.js +245 -0
- package/dist/orchestrator/universal-librarian-consultation.js +216 -0
- package/dist/orchestrator/universal-registry-bridge.js +247 -0
- package/dist/performance/performance-budget-enforcer.js +434 -0
- package/dist/performance/performance-regression-tester.js +342 -0
- package/dist/plugin/xray-codex-injection.js +857 -0
- package/dist/postprocessor/PostProcessor.js +1048 -0
- package/dist/postprocessor/analysis/FailureAnalysisEngine.js +245 -0
- package/dist/postprocessor/autofix/AutoFixEngine.js +254 -0
- package/dist/postprocessor/autofix/FixValidator.js +56 -0
- package/dist/postprocessor/config.js +65 -0
- package/dist/postprocessor/escalation/EscalationEngine.js +492 -0
- package/dist/postprocessor/monitoring/MonitoringEngine.js +125 -0
- package/dist/postprocessor/redeploy/RedeployCoordinator.js +342 -0
- package/dist/postprocessor/services/RegressionAnalysisService.js +131 -0
- package/dist/postprocessor/success/SuccessHandler.js +134 -0
- package/dist/postprocessor/triggers/APITrigger.js +115 -0
- package/dist/postprocessor/triggers/GitHookTrigger.js +551 -0
- package/dist/postprocessor/triggers/WebhookTrigger.js +211 -0
- package/dist/postprocessor/types.js +4 -0
- package/dist/processors/doc-write-guard.js +46 -0
- package/dist/processors/implementations/agents-md-validation-processor.js +286 -0
- package/dist/processors/implementations/async-pattern-processor.js +158 -0
- package/dist/processors/implementations/codex-compliance-processor.js +57 -0
- package/dist/processors/implementations/commit-batcher-processor.js +71 -0
- package/dist/processors/implementations/console-log-guard-processor.js +163 -0
- package/dist/processors/implementations/coverage-analysis-processor.js +138 -0
- package/dist/processors/implementations/error-boundary-processor.js +44 -0
- package/dist/processors/implementations/inference-improvement-processor.js +270 -0
- package/dist/processors/implementations/log-protection-processor.js +118 -0
- package/dist/processors/implementations/nudge-processor.js +130 -0
- package/dist/processors/implementations/performance-budget-processor.js +217 -0
- package/dist/processors/implementations/postprocessor-chain-validator.js +149 -0
- package/dist/processors/implementations/pre-validate-processor.js +18 -0
- package/dist/processors/implementations/publish-preflight-processor.js +249 -0
- package/dist/processors/implementations/refactoring-logging-processor-wrapper.js +33 -0
- package/dist/processors/implementations/refactoring-logging-processor.js +96 -0
- package/dist/processors/implementations/regression-testing-processor.js +59 -0
- package/dist/processors/implementations/session-capture-processor.js +37 -0
- package/dist/processors/implementations/session-summary-processor.js +130 -0
- package/dist/processors/implementations/spawn-governance-processor.js +219 -0
- package/dist/processors/implementations/state-validation-processor.js +15 -0
- package/dist/processors/implementations/storytelling-trigger-processor.js +589 -0
- package/dist/processors/implementations/test-auto-creation-processor.js +484 -0
- package/dist/processors/implementations/test-execution-processor.js +132 -0
- package/dist/processors/implementations/typescript-compilation-processor.js +87 -0
- package/dist/processors/implementations/version-compliance-processor.js +350 -0
- package/dist/processors/processor-interfaces.js +126 -0
- package/dist/processors/processor-manager.js +826 -0
- package/dist/processors/processor-types.js +12 -0
- package/dist/public/about.html +228 -0
- package/dist/public/enterprise.html +27 -0
- package/dist/public/features.html +102 -0
- package/dist/public/index.html +145 -0
- package/dist/reporting/framework-reporting-system.js +187 -0
- package/dist/reporting/log-parser.js +281 -0
- package/dist/reporting/metrics.js +202 -0
- package/dist/reporting/report-formatter.js +146 -0
- package/dist/reporting/types.js +1 -0
- package/dist/scripts/activate-kernel-pipeline.js +101 -0
- package/dist/scripts/integration.js +234 -0
- package/dist/scripts/pre-command +26 -0
- package/dist/scripts/pre-command.mjs +358 -0
- package/dist/security/comprehensive-security-audit.js +1005 -0
- package/dist/security/index.js +13 -0
- package/dist/security/prompt-security-validator.js +148 -0
- package/dist/security/security-agent-coordinator.js +204 -0
- package/dist/security/security-auditor.js +584 -0
- package/dist/security/security-hardener.js +170 -0
- package/dist/security/security-hardening-system.js +727 -0
- package/dist/security/security-headers.js +118 -0
- package/dist/security/security-orchestration-layer.js +496 -0
- package/dist/security/security-scanner.js +429 -0
- package/dist/services/inference-tuner.js +301 -0
- package/dist/session/index.js +3 -0
- package/dist/session/session-cleanup-manager.js +366 -0
- package/dist/session/session-monitor.js +503 -0
- package/dist/session/session-state-manager.js +522 -0
- package/dist/skills/api-design/SKILL.md +37 -0
- package/dist/skills/architect-tools/SKILL.md +37 -0
- package/dist/skills/architecture-patterns/SKILL.md +37 -0
- package/dist/skills/auto-format/SKILL.md +37 -0
- package/dist/skills/backend-engineer/SKILL.md +49 -0
- package/dist/skills/boot-orchestrator/SKILL.md +37 -0
- package/dist/skills/bug-triage/SKILL.md +43 -0
- package/dist/skills/code-analyzer/SKILL.md +45 -0
- package/dist/skills/code-review/SKILL.md +52 -0
- package/dist/skills/content-creator/SKILL.md +38 -0
- package/dist/skills/database-engineer/SKILL.md +46 -0
- package/dist/skills/devops-engineer/SKILL.md +49 -0
- package/dist/skills/enforcer/SKILL.md +37 -0
- package/dist/skills/framework-compliance-audit/SKILL.md +37 -0
- package/dist/skills/frontend-engineer/SKILL.md +49 -0
- package/dist/skills/frontend-ui-ux-engineer/SKILL.md +41 -0
- package/dist/skills/git-workflow/SKILL.md +37 -0
- package/dist/skills/growth-strategist/SKILL.md +48 -0
- package/dist/skills/hermes-agent/SKILL.md +212 -0
- package/dist/skills/inference-improve/SKILL.md +97 -0
- package/dist/skills/lint/SKILL.md +37 -0
- package/dist/skills/log-monitor/SKILL.md +44 -0
- package/dist/skills/mobile-developer/SKILL.md +42 -0
- package/dist/skills/model-health-check/SKILL.md +37 -0
- package/dist/skills/multimodal-looker/SKILL.md +45 -0
- package/dist/skills/orchestrator/SKILL.md +37 -0
- package/dist/skills/performance-analysis/SKILL.md +37 -0
- package/dist/skills/performance-engineer/SKILL.md +41 -0
- package/dist/skills/performance-optimization/SKILL.md +37 -0
- package/dist/skills/processor-pipeline/SKILL.md +37 -0
- package/dist/skills/project-analysis/SKILL.md +42 -0
- package/dist/skills/refactoring-strategies/SKILL.md +37 -0
- package/dist/skills/registry.json +66 -0
- package/dist/skills/researcher/SKILL.md +37 -0
- package/dist/skills/security-audit/SKILL.md +48 -0
- package/dist/skills/security-scan/SKILL.md +37 -0
- package/dist/skills/seo-consultant/SKILL.md +43 -0
- package/dist/skills/session-management/SKILL.md +36 -0
- package/dist/skills/state-manager/SKILL.md +37 -0
- package/dist/skills/storyteller/SKILL.md +130 -0
- package/dist/skills/strategist/SKILL.md +32 -0
- package/dist/skills/tech-writer/SKILL.md +37 -0
- package/dist/skills/testing-best-practices/SKILL.md +37 -0
- package/dist/skills/testing-strategy/SKILL.md +43 -0
- package/dist/skills/ui-ux-design/SKILL.md +603 -0
- package/dist/state/context-providers.js +1 -0
- package/dist/state/index.js +7 -0
- package/dist/state/state-manager.js +208 -0
- package/dist/state/state-types.js +1 -0
- package/dist/testing/memory-regression-suite.js +258 -0
- package/dist/utils/batch-operations.js +292 -0
- package/dist/utils/codex-parser.js +445 -0
- package/dist/utils/command-runner.js +96 -0
- package/dist/utils/import-resolver.js +189 -0
- package/dist/utils/language-detector.js +383 -0
- package/dist/utils/path-resolver.js +112 -0
- package/dist/utils/shutdown-handler.js +75 -0
- package/dist/utils/test-template-generator.js +178 -0
- package/dist/utils/token-manager.js +163 -0
- package/dist/validation/estimation-validator.js +241 -0
- package/dist/validation/report-content-validator.js +218 -0
- package/opencode.json +153 -0
- package/package.json +170 -0
- package/scripts/helpers/resolve-config-path.cjs +57 -0
- package/scripts/helpers/resolve-config-path.mjs +73 -0
- package/scripts/hooks/pre-command +26 -0
- package/scripts/hooks/pre-command.mjs +358 -0
- package/scripts/hooks/run-hook.js +570 -0
- package/scripts/mjs/test-consumer-readiness.mjs +273 -0
- package/scripts/mjs/test-mcp-functionality.mjs +507 -0
- package/scripts/mjs/validate-mcp-connectivity.cjs +75 -0
- package/scripts/mjs/validate-postinstall-config.mjs +308 -0
- package/scripts/node/auto-reflection-generator.mjs +496 -0
- package/scripts/node/basic-security-audit.cjs +338 -0
- package/scripts/node/ci-cd-auto-fix.cjs +263 -0
- package/scripts/node/ci-report-generator.mjs +227 -0
- package/scripts/node/enforce-agents-md.mjs +420 -0
- package/scripts/node/enforce-version-compliance.sh +22 -0
- package/scripts/node/enforce-version-compliance.ts +126 -0
- package/scripts/node/github-actions-monitor.cjs +23 -0
- package/scripts/node/govern-reflection.mjs +160 -0
- package/scripts/node/postinstall.cjs +78 -0
- package/scripts/node/pre-publish-guard.js +267 -0
- package/scripts/node/prepare-consumer.cjs +143 -0
- package/scripts/node/reflection-processor.cjs +213 -0
- package/scripts/node/reflection-validate.sh +194 -0
- package/scripts/node/release-tweet.mjs +39 -0
- package/scripts/node/release.js +159 -0
- package/scripts/node/release.mjs +213 -0
- package/scripts/node/setup-dev.cjs +83 -0
- package/scripts/node/setup.cjs +214 -0
- package/scripts/node/sync-versions.mjs +140 -0
- package/scripts/node/universal-version-manager.js +1025 -0
- package/scripts/node/validate-external-processes.js +265 -0
- package/scripts/node/validate-mcp-connectivity.js +258 -0
- package/scripts/node/version-manager.mjs +524 -0
- package/scripts/validate-stringray-comprehensive.js +636 -0
- package/src/integrations/grok/plugin/0xray/.mcp.json +15 -0
- package/src/integrations/grok/plugin/0xray/hooks/hooks.json +30 -0
- package/src/mcps/agent-resolver.ts +168 -0
- package/src/mcps/architect-tools.server.ts +343 -0
- package/src/mcps/auto-format.server.ts +529 -0
- package/src/mcps/boot-orchestrator.server.ts +1082 -0
- package/src/mcps/config/__tests__/config-loader.test.ts +338 -0
- package/src/mcps/config/__tests__/config-validator.test.ts +646 -0
- package/src/mcps/config/__tests__/server-config-registry.test.ts +257 -0
- package/src/mcps/config/config-loader.ts +127 -0
- package/src/mcps/config/config-validator.ts +127 -0
- package/src/mcps/config/index.ts +32 -0
- package/src/mcps/config/plugin-server-registry.ts +335 -0
- package/src/mcps/config/server-config-registry.ts +395 -0
- package/src/mcps/connection/connection-manager.ts +91 -0
- package/src/mcps/connection/connection-pool.ts +216 -0
- package/src/mcps/connection/mcp-connection.ts +327 -0
- package/src/mcps/connection/process-spawner.ts +47 -0
- package/src/mcps/enforcer-tools.server.ts +1106 -0
- package/src/mcps/estimation.server.ts +229 -0
- package/src/mcps/framework-compliance-audit.server.ts +635 -0
- package/src/mcps/framework-help.server.ts +467 -0
- package/src/mcps/governance.server.ts +551 -0
- package/src/mcps/in-process-skill-registry.ts +79 -0
- package/src/mcps/knowledge-skills/api-design.server.test.ts +41 -0
- package/src/mcps/knowledge-skills/api-design.server.ts +160 -0
- package/src/mcps/knowledge-skills/architecture-patterns.server.ts +152 -0
- package/src/mcps/knowledge-skills/bug-triage-specialist.server.ts +624 -0
- package/src/mcps/knowledge-skills/code-analyzer.server.test.ts +129 -0
- package/src/mcps/knowledge-skills/code-analyzer.server.ts +591 -0
- package/src/mcps/knowledge-skills/code-review.server.ts +1132 -0
- package/src/mcps/knowledge-skills/content-creator.server.ts +300 -0
- package/src/mcps/knowledge-skills/database-design.server.ts +1200 -0
- package/src/mcps/knowledge-skills/devops-deployment.server.ts +1622 -0
- package/src/mcps/knowledge-skills/git-workflow.server.ts +152 -0
- package/src/mcps/knowledge-skills/growth-strategist.server.ts +413 -0
- package/src/mcps/knowledge-skills/log-monitor.server.ts +619 -0
- package/src/mcps/knowledge-skills/mobile-development.server.ts +672 -0
- package/src/mcps/knowledge-skills/multimodal-looker.server.ts +1500 -0
- package/src/mcps/knowledge-skills/performance-optimization.server.ts +2065 -0
- package/src/mcps/knowledge-skills/project-analysis.server.ts +1111 -0
- package/src/mcps/knowledge-skills/refactoring-strategies.server.ts +1092 -0
- package/src/mcps/knowledge-skills/security-audit.server.test.ts +112 -0
- package/src/mcps/knowledge-skills/security-audit.server.ts +1193 -0
- package/src/mcps/knowledge-skills/seo-consultant.server.ts +1160 -0
- package/src/mcps/knowledge-skills/session-management.server.ts +576 -0
- package/src/mcps/knowledge-skills/skill-invocation.server.ts +941 -0
- package/src/mcps/knowledge-skills/strategist.server.ts +267 -0
- package/src/mcps/knowledge-skills/tech-writer.server.ts +1638 -0
- package/src/mcps/knowledge-skills/testing-best-practices.server.test.ts +136 -0
- package/src/mcps/knowledge-skills/testing-best-practices.server.ts +1232 -0
- package/src/mcps/knowledge-skills/testing-strategy.server.test.ts +100 -0
- package/src/mcps/knowledge-skills/testing-strategy.server.ts +1172 -0
- package/src/mcps/knowledge-skills/ui-ux-design.server.ts +2076 -0
- package/src/mcps/lint.server.ts +483 -0
- package/src/mcps/mcp-client.ts +706 -0
- package/src/mcps/model-health-check.server.ts +292 -0
- package/src/mcps/orchestrator/config/agent-capabilities.ts +108 -0
- package/src/mcps/orchestrator/execution/execution-planner.ts +353 -0
- package/src/mcps/orchestrator/handlers/complexity-handler.ts +125 -0
- package/src/mcps/orchestrator/handlers/status-handler.ts +295 -0
- package/src/mcps/orchestrator/handlers/task-handler.ts +268 -0
- package/src/mcps/orchestrator/server.ts +388 -0
- package/src/mcps/orchestrator/types.ts +81 -0
- package/src/mcps/orchestrator.server.ts +34 -0
- package/src/mcps/performance-analysis.server.ts +715 -0
- package/src/mcps/processor-pipeline.server.ts +778 -0
- package/src/mcps/protocol/protocol-constants.ts +51 -0
- package/src/mcps/registry.json +110 -0
- package/src/mcps/researcher.server.ts +595 -0
- package/src/mcps/security-scan.server.ts +651 -0
- package/src/mcps/simulation/__tests__/simulation-engine.test.ts +275 -0
- package/src/mcps/simulation/index.ts +23 -0
- package/src/mcps/simulation/server-simulations.ts +241 -0
- package/src/mcps/simulation/simulation-engine.ts +126 -0
- package/src/mcps/state-manager.server.ts +777 -0
- package/src/mcps/tools/__tests__/tool-cache.test.ts +205 -0
- package/src/mcps/tools/__tests__/tool-discovery.test.ts +189 -0
- package/src/mcps/tools/__tests__/tool-executor.test.ts +215 -0
- package/src/mcps/tools/__tests__/tool-registry.test.ts +230 -0
- package/src/mcps/tools/index.ts +15 -0
- package/src/mcps/tools/tool-cache.ts +145 -0
- package/src/mcps/tools/tool-discovery.ts +83 -0
- package/src/mcps/tools/tool-executor.ts +106 -0
- package/src/mcps/tools/tool-registry.ts +78 -0
- package/src/mcps/types/__tests__/types.test.ts +341 -0
- package/src/mcps/types/index.ts +17 -0
- package/src/mcps/types/json-rpc.types.ts +38 -0
- package/src/mcps/types/mcp.types.ts +115 -0
- package/src/opencode/agents/api-design.yml +31 -0
- package/src/opencode/agents/architect.yml +15 -0
- package/src/opencode/agents/architecture-patterns.yml +14 -0
- package/src/opencode/agents/auto-format.yml +14 -0
- package/src/opencode/agents/backend-engineer.yml +12 -0
- package/src/opencode/agents/boot-orchestrator.yml +14 -0
- package/src/opencode/agents/bug-triage-specialist.yml +15 -0
- package/src/opencode/agents/code-analyzer.yml +12 -0
- package/src/opencode/agents/code-reviewer.yml +14 -0
- package/src/opencode/agents/content-creator.yml +12 -0
- package/src/opencode/agents/database-engineer.yml +12 -0
- package/src/opencode/agents/devops-engineer.yml +12 -0
- package/src/opencode/agents/framework-compliance-audit.yml +14 -0
- package/src/opencode/agents/frontend-engineer.yml +12 -0
- package/src/opencode/agents/frontend-ui-ux-engineer.yml +12 -0
- package/src/opencode/agents/git-workflow.yml +15 -0
- package/src/opencode/agents/growth-strategist.yml +12 -0
- package/src/opencode/agents/hermes-agent.yml +12 -0
- package/src/opencode/agents/inference-improve.yml +12 -0
- package/src/opencode/agents/lint.yml +14 -0
- package/src/opencode/agents/log-monitor.yml +12 -0
- package/src/opencode/agents/mobile-developer.yml +12 -0
- package/src/opencode/agents/model-health-check.yml +12 -0
- package/src/opencode/agents/multimodal-looker.yml +12 -0
- package/src/opencode/agents/performance-analysis.yml +12 -0
- package/src/opencode/agents/performance-engineer.yml +12 -0
- package/src/opencode/agents/performance-optimization.yml +12 -0
- package/src/opencode/agents/processor-pipeline.yml +14 -0
- package/src/opencode/agents/project-analysis.yml +12 -0
- package/src/opencode/agents/refactorer.yml +12 -0
- package/src/opencode/agents/researcher.yml +12 -0
- package/src/opencode/agents/security-auditor.yml +12 -0
- package/src/opencode/agents/security-scan.yml +12 -0
- package/src/opencode/agents/seo-consultant.yml +12 -0
- package/src/opencode/agents/session-management.yml +12 -0
- package/src/opencode/agents/state-manager.yml +12 -0
- package/src/opencode/agents/storyteller.yml +12 -0
- package/src/opencode/agents/strategist.yml +12 -0
- package/src/opencode/agents/tech-writer.yml +12 -0
- package/src/opencode/agents/testing-best-practices.yml +12 -0
- package/src/opencode/agents/testing-lead.yml +12 -0
- package/src/opencode/agents/ui-ux-design.yml +12 -0
- package/src/opencode/codex.codex +8 -0
- package/src/opencode/commands/auto-format.md +99 -0
- package/src/opencode/commands/auto-summary-capture.md +90 -0
- package/src/opencode/commands/dependency-audit.md +184 -0
- package/src/opencode/commands/enforcer-daily-scan.md +137 -0
- package/src/opencode/commands/framework-compliance-audit.md +205 -0
- package/src/opencode/commands/interactive-validator.md +75 -0
- package/src/opencode/commands/job-summary-logger.md +68 -0
- package/src/opencode/commands/lint.md +11 -0
- package/src/opencode/commands/mode-switch.md +95 -0
- package/src/opencode/commands/model-health-check.md +186 -0
- package/src/opencode/commands/performance-analysis.md +144 -0
- package/src/opencode/commands/pre-commit-introspection.md +185 -0
- package/src/opencode/commands/pre-commit-introspection.sh +133 -0
- package/src/opencode/commands/security-scan.md +157 -0
- package/src/opencode/commands/sisyphus-validation.md +128 -0
- package/src/opencode/commands/summary-logger.md +83 -0
- package/src/opencode/enforcer-config.json +285 -0
- package/src/opencode/openclaw/config.json +25 -0
- package/src/opencode/workflows/post-deployment-audit.yml +123 -0
- package/src/skills/api-design/SKILL.md +37 -0
- package/src/skills/architect-tools/SKILL.md +37 -0
- package/src/skills/architecture-patterns/SKILL.md +37 -0
- package/src/skills/auto-format/SKILL.md +37 -0
- package/src/skills/backend-engineer/SKILL.md +49 -0
- package/src/skills/boot-orchestrator/SKILL.md +37 -0
- package/src/skills/bug-triage/SKILL.md +43 -0
- package/src/skills/code-analyzer/SKILL.md +45 -0
- package/src/skills/code-review/SKILL.md +52 -0
- package/src/skills/content-creator/SKILL.md +38 -0
- package/src/skills/database-engineer/SKILL.md +46 -0
- package/src/skills/devops-engineer/SKILL.md +49 -0
- package/src/skills/enforcer/SKILL.md +37 -0
- package/src/skills/framework-compliance-audit/SKILL.md +37 -0
- package/src/skills/frontend-engineer/SKILL.md +49 -0
- package/src/skills/frontend-ui-ux-engineer/SKILL.md +41 -0
- package/src/skills/git-workflow/SKILL.md +37 -0
- package/src/skills/growth-strategist/SKILL.md +48 -0
- package/src/skills/hermes-agent/SKILL.md +212 -0
- package/src/skills/inference-improve/SKILL.md +97 -0
- package/src/skills/lint/SKILL.md +37 -0
- package/src/skills/log-monitor/SKILL.md +44 -0
- package/src/skills/mobile-developer/SKILL.md +42 -0
- package/src/skills/model-health-check/SKILL.md +37 -0
- package/src/skills/multimodal-looker/SKILL.md +45 -0
- package/src/skills/orchestrator/SKILL.md +37 -0
- package/src/skills/performance-analysis/SKILL.md +37 -0
- package/src/skills/performance-engineer/SKILL.md +41 -0
- package/src/skills/performance-optimization/SKILL.md +37 -0
- package/src/skills/processor-pipeline/SKILL.md +37 -0
- package/src/skills/project-analysis/SKILL.md +42 -0
- package/src/skills/refactoring-strategies/SKILL.md +37 -0
- package/src/skills/registry.json +66 -0
- package/src/skills/researcher/SKILL.md +37 -0
- package/src/skills/security-audit/SKILL.md +48 -0
- package/src/skills/security-scan/SKILL.md +37 -0
- package/src/skills/seo-consultant/SKILL.md +43 -0
- package/src/skills/session-management/SKILL.md +36 -0
- package/src/skills/state-manager/SKILL.md +37 -0
- package/src/skills/storyteller/SKILL.md +130 -0
- package/src/skills/strategist/SKILL.md +32 -0
- package/src/skills/tech-writer/SKILL.md +37 -0
- package/src/skills/testing-best-practices/SKILL.md +37 -0
- package/src/skills/testing-strategy/SKILL.md +43 -0
- package/src/skills/ui-ux-design/SKILL.md +603 -0
|
@@ -0,0 +1,429 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 0xRay Framework - Security Scanner
|
|
3
|
+
*
|
|
4
|
+
* Automated security vulnerability scanning and compliance validation
|
|
5
|
+
* Integrates with security tools and provides comprehensive security reports
|
|
6
|
+
*/
|
|
7
|
+
import { exec } from "child_process";
|
|
8
|
+
import { promises as fs } from "fs";
|
|
9
|
+
import { frameworkLogger } from "../core/framework-logger.js";
|
|
10
|
+
import { promisify } from "util";
|
|
11
|
+
import { promptSecurityValidator, } from "./prompt-security-validator.js";
|
|
12
|
+
const execAsync = promisify(exec);
|
|
13
|
+
export class SecurityScanner {
|
|
14
|
+
config;
|
|
15
|
+
constructor(config = {}) {
|
|
16
|
+
this.config = {
|
|
17
|
+
enabled: true,
|
|
18
|
+
tools: {
|
|
19
|
+
npmAudit: true,
|
|
20
|
+
trivy: false, // Requires separate installation
|
|
21
|
+
eslintSecurity: true,
|
|
22
|
+
dependencyCheck: false, // Requires separate installation
|
|
23
|
+
...config.tools,
|
|
24
|
+
},
|
|
25
|
+
severityThreshold: "moderate",
|
|
26
|
+
reportPath: "./security-report.json",
|
|
27
|
+
failOnVulnerabilities: true,
|
|
28
|
+
...config,
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Run comprehensive security scan
|
|
33
|
+
*/
|
|
34
|
+
async runSecurityScan() {
|
|
35
|
+
const jobId = `security-scan-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
|
|
36
|
+
const startTime = Date.now();
|
|
37
|
+
if (!this.config.enabled) {
|
|
38
|
+
return this.createEmptyReport();
|
|
39
|
+
}
|
|
40
|
+
frameworkLogger.log("security-scanner", "scan-start", "info", {
|
|
41
|
+
jobId,
|
|
42
|
+
tools: this.config.tools,
|
|
43
|
+
severityThreshold: this.config.severityThreshold,
|
|
44
|
+
});
|
|
45
|
+
const results = await Promise.allSettled([
|
|
46
|
+
this.config.tools.npmAudit ? this.runNpmAudit() : Promise.resolve([]),
|
|
47
|
+
this.config.tools.trivy ? this.runTrivyScan() : Promise.resolve([]),
|
|
48
|
+
this.config.tools.eslintSecurity
|
|
49
|
+
? this.runEslintSecurity()
|
|
50
|
+
: Promise.resolve([]),
|
|
51
|
+
this.config.tools.dependencyCheck
|
|
52
|
+
? this.runDependencyCheck()
|
|
53
|
+
: Promise.resolve([]),
|
|
54
|
+
]);
|
|
55
|
+
const tools = {
|
|
56
|
+
npmAudit: results[0].status === "fulfilled" ? results[0].value : [],
|
|
57
|
+
trivy: results[1].status === "fulfilled" ? results[1].value : [],
|
|
58
|
+
eslintSecurity: results[2].status === "fulfilled" ? results[2].value : [],
|
|
59
|
+
dependencyCheck: results[3].status === "fulfilled" ? results[3].value : [],
|
|
60
|
+
};
|
|
61
|
+
const duration = Date.now() - startTime;
|
|
62
|
+
const report = this.generateReport(tools, duration);
|
|
63
|
+
// Save report
|
|
64
|
+
await this.saveReport(report, jobId);
|
|
65
|
+
// Log results
|
|
66
|
+
await this.logResults(report);
|
|
67
|
+
return report;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Run npm audit
|
|
71
|
+
*/
|
|
72
|
+
async runNpmAudit() {
|
|
73
|
+
try {
|
|
74
|
+
const { stdout } = await execAsync("npm audit --json");
|
|
75
|
+
const auditResult = JSON.parse(stdout);
|
|
76
|
+
const vulnerabilities = [];
|
|
77
|
+
if (auditResult.vulnerabilities) {
|
|
78
|
+
for (const [packageName, vuln] of Object.entries(auditResult.vulnerabilities)) {
|
|
79
|
+
vulnerabilities.push({
|
|
80
|
+
id: vuln.name || packageName,
|
|
81
|
+
title: vuln.title || "Security vulnerability",
|
|
82
|
+
description: vuln.overview || "No description available",
|
|
83
|
+
severity: this.mapNpmSeverity(vuln.severity),
|
|
84
|
+
package: packageName,
|
|
85
|
+
version: vuln.version,
|
|
86
|
+
cve: vuln.cwe,
|
|
87
|
+
url: vuln.url,
|
|
88
|
+
recommendation: vuln.recommendation || "Update to a secure version",
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
return vulnerabilities;
|
|
93
|
+
}
|
|
94
|
+
catch (error) {
|
|
95
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
96
|
+
frameworkLogger.log("security-scanner", "npm-audit-failed", "warning", { message: "ā ļø npm audit failed", error: errorMessage });
|
|
97
|
+
return [];
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Run Trivy security scan
|
|
102
|
+
*/
|
|
103
|
+
async runTrivyScan() {
|
|
104
|
+
try {
|
|
105
|
+
const { stdout } = await execAsync("trivy fs --format json .");
|
|
106
|
+
const trivyResult = JSON.parse(stdout);
|
|
107
|
+
const vulnerabilities = [];
|
|
108
|
+
if (trivyResult.Results) {
|
|
109
|
+
for (const result of trivyResult.Results) {
|
|
110
|
+
if (result.Vulnerabilities) {
|
|
111
|
+
for (const vuln of result.Vulnerabilities) {
|
|
112
|
+
vulnerabilities.push({
|
|
113
|
+
id: vuln.VulnerabilityID,
|
|
114
|
+
title: vuln.Title,
|
|
115
|
+
description: vuln.Description,
|
|
116
|
+
severity: this.mapTrivySeverity(vuln.Severity),
|
|
117
|
+
package: vuln.PkgName,
|
|
118
|
+
version: vuln.InstalledVersion,
|
|
119
|
+
cve: vuln.VulnerabilityID,
|
|
120
|
+
url: vuln.PrimaryURL,
|
|
121
|
+
recommendation: vuln.FixedVersion
|
|
122
|
+
? `Update to ${vuln.FixedVersion}`
|
|
123
|
+
: "Review and mitigate",
|
|
124
|
+
});
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
return vulnerabilities;
|
|
130
|
+
}
|
|
131
|
+
catch (error) {
|
|
132
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
133
|
+
frameworkLogger.log("security-scanner", "trivy-scan-failed", "warning", { message: "ā ļø Trivy scan failed", error: errorMessage });
|
|
134
|
+
return [];
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Run ESLint security rules
|
|
139
|
+
*/
|
|
140
|
+
async runEslintSecurity() {
|
|
141
|
+
try {
|
|
142
|
+
const { stdout } = await execAsync("npx eslint --format json src/");
|
|
143
|
+
const eslintResults = JSON.parse(stdout);
|
|
144
|
+
const vulnerabilities = [];
|
|
145
|
+
for (const result of eslintResults) {
|
|
146
|
+
for (const message of result.messages) {
|
|
147
|
+
if (message.ruleId &&
|
|
148
|
+
(message.ruleId.includes("security") ||
|
|
149
|
+
message.ruleId.includes("xss") ||
|
|
150
|
+
message.ruleId.includes("injection"))) {
|
|
151
|
+
vulnerabilities.push({
|
|
152
|
+
id: message.ruleId,
|
|
153
|
+
title: message.message,
|
|
154
|
+
description: `Security issue in ${result.filePath}:${message.line}:${message.column}`,
|
|
155
|
+
severity: "moderate",
|
|
156
|
+
recommendation: "Fix the security vulnerability according to ESLint recommendations",
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
return vulnerabilities;
|
|
162
|
+
}
|
|
163
|
+
catch (error) {
|
|
164
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
165
|
+
frameworkLogger.log("security-scanner", "eslint-scan-failed", "warning", { message: "ā ļø ESLint security scan failed", error: errorMessage });
|
|
166
|
+
return [];
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Run OWASP Dependency Check
|
|
171
|
+
*/
|
|
172
|
+
async runDependencyCheck() {
|
|
173
|
+
try {
|
|
174
|
+
const { stdout } = await execAsync("dependency-check --format JSON --out . --scan .");
|
|
175
|
+
const dcResult = JSON.parse(stdout);
|
|
176
|
+
const vulnerabilities = [];
|
|
177
|
+
if (dcResult.dependencies) {
|
|
178
|
+
for (const dep of dcResult.dependencies) {
|
|
179
|
+
if (dep.vulnerabilities) {
|
|
180
|
+
for (const vuln of dep.vulnerabilities) {
|
|
181
|
+
vulnerabilities.push({
|
|
182
|
+
id: vuln.name,
|
|
183
|
+
title: vuln.description,
|
|
184
|
+
description: vuln.description,
|
|
185
|
+
severity: this.mapDependencyCheckSeverity(vuln.severity),
|
|
186
|
+
package: dep.fileName,
|
|
187
|
+
cve: vuln.name,
|
|
188
|
+
url: vuln.references?.[0]?.url,
|
|
189
|
+
recommendation: "Update dependency or apply security patches",
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
return vulnerabilities;
|
|
196
|
+
}
|
|
197
|
+
catch (error) {
|
|
198
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
199
|
+
frameworkLogger.log("security-scanner", "dependency-check-failed", "warning", { message: "ā ļø Dependency check failed", error: errorMessage });
|
|
200
|
+
return [];
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Generate comprehensive security report
|
|
205
|
+
*/
|
|
206
|
+
generateReport(tools, duration) {
|
|
207
|
+
const allVulnerabilities = [
|
|
208
|
+
...tools.npmAudit,
|
|
209
|
+
...tools.trivy,
|
|
210
|
+
...tools.eslintSecurity,
|
|
211
|
+
...tools.dependencyCheck,
|
|
212
|
+
];
|
|
213
|
+
const bySeverity = allVulnerabilities.reduce((acc, vuln) => {
|
|
214
|
+
acc[vuln.severity] = (acc[vuln.severity] || 0) + 1;
|
|
215
|
+
return acc;
|
|
216
|
+
}, {});
|
|
217
|
+
const byTool = {
|
|
218
|
+
npmAudit: tools.npmAudit.length,
|
|
219
|
+
trivy: tools.trivy.length,
|
|
220
|
+
eslintSecurity: tools.eslintSecurity.length,
|
|
221
|
+
dependencyCheck: tools.dependencyCheck.length,
|
|
222
|
+
};
|
|
223
|
+
const highSeverityCount = (bySeverity.high || 0) + (bySeverity.critical || 0);
|
|
224
|
+
const shouldFail = this.config.failOnVulnerabilities &&
|
|
225
|
+
highSeverityCount > 0 &&
|
|
226
|
+
this.config.severityThreshold !== "low";
|
|
227
|
+
const recommendations = this.generateRecommendations(allVulnerabilities);
|
|
228
|
+
return {
|
|
229
|
+
timestamp: new Date().toISOString(),
|
|
230
|
+
duration,
|
|
231
|
+
tools,
|
|
232
|
+
summary: {
|
|
233
|
+
totalVulnerabilities: allVulnerabilities.length,
|
|
234
|
+
bySeverity,
|
|
235
|
+
byTool,
|
|
236
|
+
},
|
|
237
|
+
recommendations,
|
|
238
|
+
compliant: !shouldFail,
|
|
239
|
+
};
|
|
240
|
+
}
|
|
241
|
+
/**
|
|
242
|
+
* Generate security recommendations
|
|
243
|
+
*/
|
|
244
|
+
generateRecommendations(vulnerabilities) {
|
|
245
|
+
const recommendations = [];
|
|
246
|
+
if (vulnerabilities.some((v) => v.severity === "critical")) {
|
|
247
|
+
recommendations.push("šØ Critical security vulnerabilities found - immediate action required");
|
|
248
|
+
}
|
|
249
|
+
if (vulnerabilities.some((v) => v.severity === "high")) {
|
|
250
|
+
recommendations.push("ā ļø High-severity vulnerabilities detected - prioritize fixes");
|
|
251
|
+
}
|
|
252
|
+
if (vulnerabilities.filter((v) => v.package).length > 0) {
|
|
253
|
+
recommendations.push("š¦ Update vulnerable dependencies to latest secure versions");
|
|
254
|
+
}
|
|
255
|
+
if (vulnerabilities.filter((v) => v.id.includes("eslint")).length > 0) {
|
|
256
|
+
recommendations.push("š§ Fix code security issues identified by ESLint");
|
|
257
|
+
}
|
|
258
|
+
recommendations.push("š Run regular security scans and keep dependencies updated");
|
|
259
|
+
recommendations.push("š Review security policies and implement security headers");
|
|
260
|
+
return recommendations;
|
|
261
|
+
}
|
|
262
|
+
/**
|
|
263
|
+
* Save report to file
|
|
264
|
+
*/
|
|
265
|
+
async saveReport(report, jobId) {
|
|
266
|
+
try {
|
|
267
|
+
await fs.writeFile(this.config.reportPath, JSON.stringify(report, null, 2));
|
|
268
|
+
frameworkLogger.log("security-scanner", "report-saved", "success", {
|
|
269
|
+
jobId,
|
|
270
|
+
reportPath: this.config.reportPath,
|
|
271
|
+
});
|
|
272
|
+
}
|
|
273
|
+
catch (error) {
|
|
274
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
275
|
+
frameworkLogger.log("security-scanner", "save-report-failed", "warning", { message: "ā ļø Failed to save security report", error: errorMessage });
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
/**
|
|
279
|
+
* Log security scan results
|
|
280
|
+
*/
|
|
281
|
+
async logResults(report) {
|
|
282
|
+
await frameworkLogger.log("security-scanner", "-n-security-scan-complete-report-duration-ms-", "info", { message: `\nš Security Scan Complete (${report.duration}ms)` });
|
|
283
|
+
await frameworkLogger.log("security-scanner", "-total-vulnerabilities-report-summary-totalvulnera", "info", {
|
|
284
|
+
message: `š Total vulnerabilities: ${report.summary.totalVulnerabilities}`,
|
|
285
|
+
});
|
|
286
|
+
await frameworkLogger.log("security-scanner", "-n-by-severity-", "info", {
|
|
287
|
+
message: "\nš By Severity:",
|
|
288
|
+
});
|
|
289
|
+
for (const [severity, count] of Object.entries(report.summary.bySeverity)) {
|
|
290
|
+
await frameworkLogger.log("security-scanner", "-severity-count-", "info", { message: ` ${severity}: ${count}` });
|
|
291
|
+
}
|
|
292
|
+
await frameworkLogger.log("security-scanner", "-n-by-tool-", "info", {
|
|
293
|
+
message: "\nš ļø By Tool:",
|
|
294
|
+
});
|
|
295
|
+
for (const [tool, count] of Object.entries(report.summary.byTool)) {
|
|
296
|
+
await frameworkLogger.log("security-scanner", "-tool-count-", "info", {
|
|
297
|
+
message: ` ${tool}: ${count}`,
|
|
298
|
+
});
|
|
299
|
+
}
|
|
300
|
+
if (report.recommendations.length > 0) {
|
|
301
|
+
await frameworkLogger.log("security-scanner", "-n-recommendations-", "info", { message: "\nš” Recommendations:" });
|
|
302
|
+
for (const rec of report.recommendations) {
|
|
303
|
+
await frameworkLogger.log("security-scanner", "-rec-", "info", {
|
|
304
|
+
message: ` ā¢ ${rec}`,
|
|
305
|
+
});
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
if (report.compliant) {
|
|
309
|
+
// Security scan result - kept as console.log for user visibility
|
|
310
|
+
}
|
|
311
|
+
else {
|
|
312
|
+
// Security scan failure - kept as console.log for user visibility
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
/**
|
|
316
|
+
* Map npm audit severity levels
|
|
317
|
+
*/
|
|
318
|
+
mapNpmSeverity(severity) {
|
|
319
|
+
switch (severity) {
|
|
320
|
+
case "critical":
|
|
321
|
+
return "critical";
|
|
322
|
+
case "high":
|
|
323
|
+
return "high";
|
|
324
|
+
case "moderate":
|
|
325
|
+
return "moderate";
|
|
326
|
+
case "low":
|
|
327
|
+
return "low";
|
|
328
|
+
default:
|
|
329
|
+
return "moderate";
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
/**
|
|
333
|
+
* Map Trivy severity levels
|
|
334
|
+
*/
|
|
335
|
+
mapTrivySeverity(severity) {
|
|
336
|
+
switch (severity.toUpperCase()) {
|
|
337
|
+
case "CRITICAL":
|
|
338
|
+
return "critical";
|
|
339
|
+
case "HIGH":
|
|
340
|
+
return "high";
|
|
341
|
+
case "MEDIUM":
|
|
342
|
+
return "moderate";
|
|
343
|
+
case "LOW":
|
|
344
|
+
return "low";
|
|
345
|
+
default:
|
|
346
|
+
return "moderate";
|
|
347
|
+
}
|
|
348
|
+
}
|
|
349
|
+
/**
|
|
350
|
+
* Map Dependency Check severity levels
|
|
351
|
+
*/
|
|
352
|
+
mapDependencyCheckSeverity(severity) {
|
|
353
|
+
switch (severity.toUpperCase()) {
|
|
354
|
+
case "CRITICAL":
|
|
355
|
+
return "critical";
|
|
356
|
+
case "HIGH":
|
|
357
|
+
return "high";
|
|
358
|
+
case "MEDIUM":
|
|
359
|
+
return "moderate";
|
|
360
|
+
case "LOW":
|
|
361
|
+
return "low";
|
|
362
|
+
default:
|
|
363
|
+
return "moderate";
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
/**
|
|
367
|
+
* Validate AI prompt security
|
|
368
|
+
*/
|
|
369
|
+
async validatePrompt(prompt) {
|
|
370
|
+
const result = promptSecurityValidator.validatePrompt(prompt);
|
|
371
|
+
if (!result.isSafe) {
|
|
372
|
+
frameworkLogger.log("security-scanner", "prompt-violation", "warning", {
|
|
373
|
+
message: `šØ Prompt security violation detected (risk: ${result.riskLevel})`,
|
|
374
|
+
violations: result.violations,
|
|
375
|
+
});
|
|
376
|
+
}
|
|
377
|
+
return {
|
|
378
|
+
isSafe: result.isSafe,
|
|
379
|
+
violations: result.violations,
|
|
380
|
+
riskLevel: result.riskLevel,
|
|
381
|
+
};
|
|
382
|
+
}
|
|
383
|
+
/**
|
|
384
|
+
* Validate AI response security
|
|
385
|
+
*/
|
|
386
|
+
async validateResponse(response) {
|
|
387
|
+
const result = promptSecurityValidator.validateResponse(response);
|
|
388
|
+
if (!result.isSafe) {
|
|
389
|
+
frameworkLogger.log("security-scanner", "response-violation", "warning", {
|
|
390
|
+
message: `šØ Response security violation detected (risk: ${result.riskLevel})`,
|
|
391
|
+
violations: result.violations,
|
|
392
|
+
});
|
|
393
|
+
}
|
|
394
|
+
return {
|
|
395
|
+
isSafe: result.isSafe,
|
|
396
|
+
violations: result.violations,
|
|
397
|
+
riskLevel: result.riskLevel,
|
|
398
|
+
};
|
|
399
|
+
}
|
|
400
|
+
/**
|
|
401
|
+
* Create empty report when scanning is disabled
|
|
402
|
+
*/
|
|
403
|
+
createEmptyReport() {
|
|
404
|
+
return {
|
|
405
|
+
timestamp: new Date().toISOString(),
|
|
406
|
+
duration: 0,
|
|
407
|
+
tools: {
|
|
408
|
+
npmAudit: [],
|
|
409
|
+
trivy: [],
|
|
410
|
+
eslintSecurity: [],
|
|
411
|
+
dependencyCheck: [],
|
|
412
|
+
},
|
|
413
|
+
summary: {
|
|
414
|
+
totalVulnerabilities: 0,
|
|
415
|
+
bySeverity: {},
|
|
416
|
+
byTool: {
|
|
417
|
+
npmAudit: 0,
|
|
418
|
+
trivy: 0,
|
|
419
|
+
eslintSecurity: 0,
|
|
420
|
+
dependencyCheck: 0,
|
|
421
|
+
},
|
|
422
|
+
},
|
|
423
|
+
recommendations: ["Security scanning is disabled"],
|
|
424
|
+
compliant: true,
|
|
425
|
+
};
|
|
426
|
+
}
|
|
427
|
+
}
|
|
428
|
+
// Export singleton instance
|
|
429
|
+
export const securityScanner = new SecurityScanner();
|