npm - 0xray - Versions diffs - 2.1.2 → 2.1.3 - Mend

0xray 2.1.2 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/.opencode/codex.codex +1 -1
package/.opencode/commands/dependency-audit.md +3 -3
package/.opencode/enforcer-config.json +2 -2
package/AGENTS.md +2 -1
package/README.md +12 -11
package/dist/AGENTS.md +2 -1
package/dist/CHANGELOG.md +26 -0
package/dist/README.md +12 -11
package/dist/agents/code-reviewer.js +1 -1
package/dist/analytics/routing-refiner.js +1 -1
package/dist/cli/index.js +11 -1
package/dist/cli/server.js +3 -3
package/dist/core/activity-logger.d.ts +2 -2
package/dist/core/activity-logger.js +4 -4
package/dist/core/boot-orchestrator.d.ts +1 -1
package/dist/core/boot-orchestrator.js +13 -28
package/dist/core/bridge.mjs +3 -3
package/dist/core/codex-formatter.js +2 -2
package/dist/core/codex-injector.d.ts +0 -1
package/dist/core/codex-injector.js +2 -3
package/dist/core/config-loader.d.ts +1 -1
package/dist/core/config-loader.js +1 -1
package/dist/core/config-paths.d.ts +0 -2
package/dist/core/config-paths.js +7 -8
package/dist/core/context-loader.d.ts +1 -1
package/dist/core/context-loader.js +1 -1
package/dist/core/errors.d.ts +3 -0
package/dist/core/errors.js +10 -0
package/dist/core/features-config.js +1 -1
package/dist/core/framework-logger.d.ts +3 -3
package/dist/core/framework-logger.js +17 -9
package/dist/core/index.d.ts +2 -2
package/dist/core/index.js +4 -2
package/dist/core/logging-config.d.ts +2 -1
package/dist/core/logging-config.js +7 -7
package/dist/enforcement/loaders/codex-loader.js +1 -1
package/dist/execution/opencode-cli-invoker.js +5 -5
package/dist/governance/governance-service.js +1 -1
package/dist/index.d.ts +3 -3
package/dist/index.js +3 -3
package/dist/inference/inference-cycle.d.ts +1 -1
package/dist/inference/inference-cycle.js +10 -10
package/dist/integrations/base/Integration.js +1 -1
package/dist/integrations/base/registry.js +19 -19
package/dist/integrations/grok/grok-cli.js +17 -17
package/dist/integrations/grok/hooks/pre-tool-use.js +1 -1
package/dist/integrations/hermes-agent/bridge.mjs +1 -1
package/dist/integrations/openclaw/api-server.d.ts +0 -1
package/dist/integrations/openclaw/api-server.js +7 -10
package/dist/integrations/openclaw/client.d.ts +0 -1
package/dist/integrations/openclaw/client.js +22 -24
package/dist/integrations/openclaw/hooks/xray-hooks.d.ts +0 -1
package/dist/integrations/openclaw/hooks/xray-hooks.js +17 -18
package/dist/integrations/plugins/plugin-registry.js +5 -5
package/dist/mcps/architect-tools.server.d.ts +2 -4
package/dist/mcps/architect-tools.server.js +112 -195
package/dist/mcps/auto-format.server.d.ts +2 -4
package/dist/mcps/auto-format.server.js +49 -95
package/dist/mcps/boot-orchestrator.server.d.ts +2 -4
package/dist/mcps/boot-orchestrator.server.js +73 -105
package/dist/mcps/config/server-config-registry.js +3 -3
package/dist/mcps/enforcer-tools.server.d.ts +2 -4
package/dist/mcps/enforcer-tools.server.js +202 -285
package/dist/mcps/estimation.server.d.ts +2 -4
package/dist/mcps/estimation.server.js +63 -107
package/dist/mcps/framework-compliance-audit.server.d.ts +2 -4
package/dist/mcps/framework-compliance-audit.server.js +53 -82
package/dist/mcps/framework-help.server.d.ts +2 -4
package/dist/mcps/framework-help.server.js +63 -101
package/dist/mcps/governance.server.js +2 -2
package/dist/mcps/knowledge-skills/api-design.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/api-design.server.js +35 -67
package/dist/mcps/knowledge-skills/architecture-patterns.server.d.ts +2 -10
package/dist/mcps/knowledge-skills/architecture-patterns.server.js +35 -74
package/dist/mcps/knowledge-skills/bug-triage-specialist.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/bug-triage-specialist.server.js +143 -162
package/dist/mcps/knowledge-skills/code-analyzer.server.d.ts +3 -4
package/dist/mcps/knowledge-skills/code-analyzer.server.js +20 -45
package/dist/mcps/knowledge-skills/code-review.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/code-review.server.js +109 -143
package/dist/mcps/knowledge-skills/content-creator.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/content-creator.server.js +205 -226
package/dist/mcps/knowledge-skills/database-design.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/database-design.server.js +117 -151
package/dist/mcps/knowledge-skills/devops-deployment.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/devops-deployment.server.js +71 -160
package/dist/mcps/knowledge-skills/git-workflow.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/git-workflow.server.js +36 -68
package/dist/mcps/knowledge-skills/growth-strategist.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/growth-strategist.server.js +303 -324
package/dist/mcps/knowledge-skills/log-monitor.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/log-monitor.server.js +141 -160
package/dist/mcps/knowledge-skills/mobile-development.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/mobile-development.server.js +92 -209
package/dist/mcps/knowledge-skills/multimodal-looker.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/multimodal-looker.server.js +123 -159
package/dist/mcps/knowledge-skills/performance-optimization.server.d.ts +2 -5
package/dist/mcps/knowledge-skills/performance-optimization.server.js +155 -296
package/dist/mcps/knowledge-skills/project-analysis.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/project-analysis.server.js +75 -226
package/dist/mcps/knowledge-skills/refactoring-strategies.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/refactoring-strategies.server.js +63 -156
package/dist/mcps/knowledge-skills/security-audit.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/security-audit.server.js +102 -136
package/dist/mcps/knowledge-skills/seo-consultant.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/seo-consultant.server.js +80 -203
package/dist/mcps/knowledge-skills/session-management.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/session-management.server.js +50 -203
package/dist/mcps/knowledge-skills/skill-invocation.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/skill-invocation.server.js +168 -347
package/dist/mcps/knowledge-skills/strategist.server.d.ts +2 -11
package/dist/mcps/knowledge-skills/strategist.server.js +72 -122
package/dist/mcps/knowledge-skills/tech-writer.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/tech-writer.server.js +87 -300
package/dist/mcps/knowledge-skills/testing-best-practices.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/testing-best-practices.server.js +147 -182
package/dist/mcps/knowledge-skills/testing-strategy.server.d.ts +2 -4
package/dist/mcps/knowledge-skills/testing-strategy.server.js +78 -153
package/dist/mcps/knowledge-skills/ui-ux-design.server.d.ts +2 -5
package/dist/mcps/knowledge-skills/ui-ux-design.server.js +90 -399
package/dist/mcps/lint.server.d.ts +2 -4
package/dist/mcps/lint.server.js +51 -92
package/dist/mcps/mcp-client.js +2 -2
package/dist/mcps/model-health-check.server.d.ts +2 -4
package/dist/mcps/model-health-check.server.js +32 -60
package/dist/mcps/performance-analysis.server.d.ts +2 -4
package/dist/mcps/performance-analysis.server.js +57 -88
package/dist/mcps/processor-pipeline.server.d.ts +2 -4
package/dist/mcps/processor-pipeline.server.js +69 -100
package/dist/mcps/registry.json +1 -1
package/dist/mcps/researcher.server.d.ts +3 -5
package/dist/mcps/researcher.server.js +81 -154
package/dist/mcps/security-scan.server.d.ts +2 -4
package/dist/mcps/security-scan.server.js +54 -96
package/dist/mcps/shared/knowledge-skill-base.d.ts +14 -0
package/dist/mcps/shared/knowledge-skill-base.js +45 -0
package/dist/{security → mcps/shared}/security-scanner.js +1 -1
package/dist/mcps/state-manager.server.d.ts +2 -4
package/dist/mcps/state-manager.server.js +115 -160
package/dist/orchestrator/orchestrator.d.ts +1 -1
package/dist/orchestrator/orchestrator.js +1 -1
package/dist/orchestrator/universal-registry-bridge.js +1 -1
package/dist/plugin/xray-codex-injection.d.ts +1 -1
package/dist/plugin/xray-codex-injection.js +1 -1
package/dist/postprocessor/PostProcessor.d.ts +4 -44
package/dist/postprocessor/PostProcessor.js +39 -553
package/dist/postprocessor/analysis/CodeChangeAnalyzer.d.ts +11 -0
package/dist/postprocessor/analysis/CodeChangeAnalyzer.js +50 -0
package/dist/postprocessor/compliance/ArchitecturalComplianceChecker.d.ts +11 -0
package/dist/postprocessor/compliance/ArchitecturalComplianceChecker.js +356 -0
package/dist/postprocessor/config/ProcessorConfigLoader.d.ts +44 -0
package/dist/postprocessor/config/ProcessorConfigLoader.js +21 -0
package/dist/postprocessor/reporting/PostProcessorReporter.d.ts +19 -0
package/dist/postprocessor/reporting/PostProcessorReporter.js +96 -0
package/dist/postprocessor/triggers/GitHookTrigger.js +11 -11
package/dist/processors/implementations/refactoring-logging-processor-wrapper.d.ts +32 -0
package/dist/processors/implementations/refactoring-logging-processor-wrapper.js +95 -1
package/dist/processors/processor-manager.js +346 -314
package/dist/reporting/report-formatter.js +1 -1
package/dist/security/security-hardener.d.ts +69 -2
package/dist/security/security-hardener.js +129 -1
package/dist/skills/registry.json +1 -1
package/dist/state/index.d.ts +3 -5
package/dist/state/index.js +1 -7
package/dist/state/state-manager.d.ts +1 -1
package/dist/state/state-manager.js +2 -3
package/package.json +13 -10
package/scripts/node/universal-version-manager.js +11 -11
package/src/mcps/architect-tools.server.ts +112 -215
package/src/mcps/auto-format.server.ts +50 -110
package/src/mcps/boot-orchestrator.server.ts +75 -121
package/src/mcps/config/__tests__/server-config-registry.test.ts +21 -12
package/src/mcps/config/server-config-registry.ts +3 -3
package/src/mcps/enforcer-tools.server.ts +212 -310
package/src/mcps/estimation.server.ts +62 -122
package/src/mcps/framework-compliance-audit.server.ts +52 -97
package/src/mcps/framework-help.server.ts +64 -114
package/src/mcps/governance.server.ts +2 -2
package/src/mcps/knowledge-skills/api-design.server.ts +32 -77
package/src/mcps/knowledge-skills/architecture-patterns.server.ts +31 -87
package/src/mcps/knowledge-skills/bug-triage-specialist.server.ts +165 -193
package/src/mcps/knowledge-skills/code-analyzer.server.ts +20 -55
package/src/mcps/knowledge-skills/code-review.server.ts +114 -161
package/src/mcps/knowledge-skills/content-creator.server.ts +218 -255
package/src/mcps/knowledge-skills/database-design.server.ts +118 -165
package/src/mcps/knowledge-skills/devops-deployment.server.ts +67 -172
package/src/mcps/knowledge-skills/git-workflow.server.ts +32 -77
package/src/mcps/knowledge-skills/growth-strategist.server.ts +324 -361
package/src/mcps/knowledge-skills/log-monitor.server.ts +160 -187
package/src/mcps/knowledge-skills/mobile-development.server.ts +89 -223
package/src/mcps/knowledge-skills/multimodal-looker.server.ts +128 -175
package/src/mcps/knowledge-skills/performance-optimization.server.ts +156 -329
package/src/mcps/knowledge-skills/project-analysis.server.ts +72 -248
package/src/mcps/knowledge-skills/refactoring-strategies.server.ts +59 -171
package/src/mcps/knowledge-skills/security-audit.server.ts +104 -151
package/src/mcps/knowledge-skills/seo-consultant.server.ts +80 -220
package/src/mcps/knowledge-skills/session-management.server.ts +51 -232
package/src/mcps/knowledge-skills/skill-invocation.server.ts +165 -372
package/src/mcps/knowledge-skills/strategist.server.ts +72 -143
package/src/mcps/knowledge-skills/tech-writer.server.ts +85 -350
package/src/mcps/knowledge-skills/testing-best-practices.server.ts +146 -195
package/src/mcps/knowledge-skills/testing-strategy.server.ts +75 -161
package/src/mcps/knowledge-skills/ui-ux-design.server.ts +93 -487
package/src/mcps/lint.server.ts +53 -107
package/src/mcps/mcp-client.ts +2 -2
package/src/mcps/model-health-check.server.ts +34 -71
package/src/mcps/performance-analysis.server.ts +60 -104
package/src/mcps/processor-pipeline.server.ts +72 -110
package/src/mcps/registry.json +1 -1
package/src/mcps/researcher.server.ts +88 -177
package/src/mcps/security-scan.server.ts +55 -104
package/src/mcps/shared/knowledge-skill-base.ts +62 -0
package/src/mcps/shared/prompt-security-validator.ts +199 -0
package/src/mcps/shared/security-scanner.ts +599 -0
package/src/mcps/state-manager.server.ts +117 -175
package/src/opencode/codex.codex +1 -1
package/src/opencode/commands/dependency-audit.md +3 -3
package/src/opencode/enforcer-config.json +2 -2
package/src/skills/registry.json +1 -1
package/xray/codex.json +1 -1
package/xray/config.json +1 -1
package/xray/features.json +1 -1
package/xray/integrations.json +3 -3
package/dist/integrations/hermes-agent/__pycache__/__init__.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/conftest.cpython-313-pytest-9.0.2.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/schemas.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/test_plugin.cpython-313-pytest-9.0.2.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/test_plugin.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/__pycache__/tools.cpython-313.pyc +0 -0
package/dist/integrations/hermes-agent/conftest.py +0 -14
package/dist/integrations/hermes-agent/test_plugin.py +0 -1103
package/dist/processors/implementations/refactoring-logging-processor.d.ts +0 -31
package/dist/processors/implementations/refactoring-logging-processor.js +0 -96
package/dist/processors/implementations/session-capture-processor.d.ts +0 -14
package/dist/processors/implementations/session-capture-processor.js +0 -37
package/dist/scripts/activate-kernel-pipeline.d.ts +0 -7
package/dist/scripts/activate-kernel-pipeline.js +0 -101
package/dist/security/index.d.ts +0 -13
package/dist/security/index.js +0 -13
package/dist/security/security-agent-coordinator.d.ts +0 -72
package/dist/security/security-agent-coordinator.js +0 -204
package/dist/security/security-auditor.d.ts +0 -56
package/dist/security/security-auditor.js +0 -584
package/dist/security/security-hardening-system.d.ts +0 -239
package/dist/security/security-hardening-system.js +0 -727
package/dist/security/security-orchestration-layer.d.ts +0 -119
package/dist/security/security-orchestration-layer.js +0 -496
/package/dist/{security → mcps/shared}/prompt-security-validator.d.ts +0 -0
/package/dist/{security → mcps/shared}/prompt-security-validator.js +0 -0
/package/dist/{security → mcps/shared}/security-scanner.d.ts +0 -0

package/dist/security/security-hardening-system.d.ts DELETED Viewed

@@ -1,239 +0,0 @@
-/**
- * Security Hardening System
- *
- * Comprehensive security hardening implementation with OWASP compliance.
- * Implements defense-in-depth security architecture for enterprise applications.
- *
- * @version 1.0.0
- * @since 2026-01-08
- */
-import { EventEmitter } from "events";
-import { IncomingMessage, ServerResponse } from "http";
-export declare const SECURITY_CONFIG: {
-    readonly headers: {
-        readonly "X-Content-Type-Options": "nosniff";
-        readonly "X-Frame-Options": "DENY";
-        readonly "X-XSS-Protection": "1; mode=block";
-        readonly "Strict-Transport-Security": "max-age=31536000; includeSubDomains";
-        readonly "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
-        readonly "Referrer-Policy": "strict-origin-when-cross-origin";
-        readonly "Permissions-Policy": "geolocation=(), microphone=(), camera=()";
-        readonly "Cross-Origin-Embedder-Policy": "require-corp";
-        readonly "Cross-Origin-Opener-Policy": "same-origin";
-        readonly "Cross-Origin-Resource-Policy": "same-origin";
-    };
-    readonly rateLimiting: {
-        readonly windowMs: number;
-        readonly maxRequests: 100;
-        readonly skipSuccessfulRequests: false;
-        readonly skipFailedRequests: false;
-    };
-    readonly inputValidation: {
-        readonly maxStringLength: 10000;
-        readonly maxArrayLength: 1000;
-        readonly maxObjectDepth: 10;
-        readonly allowedCharacters: RegExp;
-        readonly sqlInjectionPatterns: readonly [RegExp, RegExp];
-        readonly xssPatterns: readonly [RegExp, RegExp, RegExp, RegExp];
-    };
-    readonly encryption: {
-        readonly algorithm: "aes-256-gcm";
-        readonly keyLength: 32;
-        readonly ivLength: 16;
-        readonly saltRounds: 12;
-    };
-    readonly audit: {
-        readonly logLevel: "detailed";
-        readonly retentionDays: 90;
-        readonly sensitiveFields: readonly ["password", "token", "secret", "key", "authorization"];
-    };
-};
-export type SecurityEventType = "input_validation_failure" | "rate_limit_exceeded" | "authentication_failure" | "authorization_failure" | "suspicious_activity" | "sql_injection_attempt" | "xss_attempt" | "csrf_attempt" | "security_header_missing" | "encryption_failure" | "audit_log_failure";
-export type SecuritySeverity = "low" | "medium" | "high" | "critical";
-export interface SecurityEvent {
-    id: string;
-    type: SecurityEventType;
-    severity: SecuritySeverity;
-    message: string;
-    source: string;
-    userId?: string;
-    ipAddress?: string;
-    userAgent?: string;
-    timestamp: number;
-    metadata: Record<string, unknown>;
-    stackTrace?: string;
-}
-export interface ValidationResult {
-    isValid: boolean;
-    errors: string[];
-    sanitizedValue?: unknown;
-    securityEvents: SecurityEvent[];
-}
-export interface RateLimitEntry {
-    count: number;
-    resetTime: number;
-    lastRequest: number;
-}
-export interface SecurityMiddlewareOptions {
-    enableRateLimiting?: boolean;
-    enableInputValidation?: boolean;
-    enableSecurityHeaders?: boolean;
-    enableAuditLogging?: boolean;
-    enableCsrfProtection?: boolean;
-    enableHsts?: boolean;
-    customHeaders?: Record<string, string>;
-    trustedOrigins?: string[];
-    rateLimitOptions?: Partial<typeof SECURITY_CONFIG.rateLimiting>;
-}
-/**
- * Core security hardening system
- */
-export declare class SecurityHardeningSystem extends EventEmitter {
-    private rateLimitStore;
-    private securityEvents;
-    private encryptionKey;
-    private auditLogEnabled;
-    private started;
-    private pendingEncryptionKey;
-    private boundSecurityEvent;
-    private boundRateLimitExceeded;
-    private boundValidationFailure;
-    constructor(encryptionKey?: string);
-    start(): void;
-    /**
-     * Setup event handlers for security events
-     */
-    private setupEventHandlers;
-    destroy(): void;
-    /**
-     * Create security middleware for HTTP requests
-     */
-    createSecurityMiddleware(options?: SecurityMiddlewareOptions): (req: IncomingMessage, res: ServerResponse) => Promise<boolean>;
-    /**
-     * Check rate limiting for requests
-     */
-    private checkRateLimit;
-    /**
-     * Apply security headers to response
-     */
-    private applySecurityHeaders;
-    /**
-     * Validate CSRF token
-     */
-    private validateCsrfToken;
-    /**
-     * Validate and sanitize input data
-     */
-    validateInput(input: unknown, context?: string): ValidationResult;
-    /**
-     * Validate string input
-     */
-    private validateString;
-    /**
-     * Validate object input
-     */
-    private validateObject;
-    /**
-     * Validate array input
-     */
-    private validateArray;
-    /**
-     * Check for security patterns in input
-     */
-    private checkSecurityPatterns;
-    /**
-     * Encrypt sensitive data using AES-256-GCM
-     * SECURITY: Proper encryption with random IV and authentication tag (H-001 fix)
-     *
-     * @param data - Plaintext data to encrypt
-     * @returns Base64-encoded string containing encrypted data + IV + auth tag
-     */
-    encryptData(data: string): string;
-    /**
-     * Decrypt sensitive data using AES-256-GCM
-     * SECURITY: Proper decryption with IV and auth tag verification (H-001 fix)
-     *
-     * @param encryptedData - Base64-encoded string containing encrypted data + IV + auth tag
-     * @returns Decrypted plaintext data
-     * @throws Error if decryption fails or authentication tag doesn't match
-     */
-    decryptData(encryptedData: string): string | null;
-    /**
-     * Hash password securely with unique salt
-     * SECURITY: Generates unique random salt for each password (H-003 fix)
-     */
-    hashPassword(password: string): Promise<{
-        hash: string;
-        salt: string;
-    }>;
-    /**
-     * Verify password hash
-     */
-    verifyPassword(password: string, hash: string, salt: string): Promise<boolean>;
-    /**
-     * Generate secure random token
-     */
-    generateSecureToken(length?: number): string;
-    /**
-     * Log audit event
-     */
-    private logAuditEvent;
-    /**
-     * Sanitize headers for audit logging
-     */
-    private sanitizeHeadersForAudit;
-    /**
-     * Emit security event
-     */
-    private emitSecurityEvent;
-    /**
-     * Handle security events
-     */
-    private handleSecurityEvent;
-    /**
-     * Handle rate limit exceeded
-     */
-    private handleRateLimitExceeded;
-    /**
-     * Handle validation failure
-     */
-    private handleValidationFailure;
-    /**
-     * Get client IP address
-     */
-    private getClientIP;
-    /**
-     * Get rate limit info for IP
-     */
-    private getRateLimitInfo;
-    /**
-     * Get object depth
-     */
-    private getObjectDepth;
-    /**
-     * Cleanup old rate limit entries
-     */
-    private cleanupRateLimitStore;
-    /**
-     * Get security events
-     */
-    getSecurityEvents(limit?: number): SecurityEvent[];
-    /**
-     * Clear security events
-     */
-    clearSecurityEvents(): void;
-    /**
-     * Get security statistics
-     */
-    getSecurityStats(): {
-        totalEvents: number;
-        eventsByType: Record<SecurityEventType, number>;
-        eventsBySeverity: Record<SecuritySeverity, number>;
-        recentEvents: SecurityEvent[];
-    };
-    /**
-     * Enable/disable audit logging
-     */
-    setAuditLogging(enabled: boolean): void;
-}
-export declare const securityHardeningSystem: SecurityHardeningSystem;