@avi770/testteam 1.2.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (324) hide show
  1. package/CHANGELOG.md +53 -1
  2. package/README.md +72 -7
  3. package/agents/15-regression-sentinel.ts +3 -2
  4. package/agents/24-signup-onboarding-tester.ts +429 -0
  5. package/agents/25-crud-flow-tester.ts +302 -0
  6. package/agents/26-form-validator.ts +297 -0
  7. package/agents/27-search-filter-tester.ts +326 -0
  8. package/agents/28-navigation-routing-tester.ts +425 -0
  9. package/agents/29-responsive-interaction-tester.ts +350 -0
  10. package/agents/30-multi-user-scenario-tester.ts +319 -0
  11. package/agents/31-load-tester.ts +134 -0
  12. package/agents/32-memory-leak-detector.ts +194 -0
  13. package/agents/33-bundle-analyzer.ts +132 -0
  14. package/agents/34-xss-scanner.ts +191 -0
  15. package/agents/35-csrf-tester.ts +82 -0
  16. package/agents/36-auth-fuzzer.ts +194 -0
  17. package/agents/37-dependency-scanner.ts +176 -0
  18. package/agents/38-secrets-scanner.ts +137 -0
  19. package/agents/39-api-contract-tester.ts +199 -0
  20. package/agents/40-rate-limit-tester.ts +94 -0
  21. package/agents/41-api-pagination-tester.ts +97 -0
  22. package/agents/42-graphql-tester.ts +222 -0
  23. package/agents/43-data-consistency-checker.ts +205 -0
  24. package/agents/44-backup-recovery-tester.ts +152 -0
  25. package/agents/45-data-privacy-scanner.ts +125 -0
  26. package/agents/46-seo-auditor.ts +294 -0
  27. package/agents/47-social-preview-tester.ts +232 -0
  28. package/agents/48-lighthouse-auditor.ts +213 -0
  29. package/agents/49-i18n-tester.ts +198 -0
  30. package/agents/50-timezone-tester.ts +173 -0
  31. package/agents/51-error-recovery-tester.ts +155 -0
  32. package/agents/52-offline-mode-tester.ts +180 -0
  33. package/agents/53-graceful-degradation-tester.ts +156 -0
  34. package/agents/54-websocket-tester.ts +151 -0
  35. package/agents/55-realtime-sync-tester.ts +194 -0
  36. package/agents/56-file-upload-tester.ts +194 -0
  37. package/agents/57-export-tester.ts +174 -0
  38. package/agents/58-payment-flow-tester.ts +183 -0
  39. package/agents/59-ssl-tls-auditor.ts +141 -0
  40. package/agents/60-dns-cdn-tester.ts +117 -0
  41. package/agents/61-docker-health-checker.ts +111 -0
  42. package/agents/62-env-config-validator.ts +152 -0
  43. package/agents/63-log-quality-auditor.ts +136 -0
  44. package/agents/64-analytics-tracker-tester.ts +165 -0
  45. package/agents/65-gdpr-compliance-tester.ts +215 -0
  46. package/agents/66-soc2-control-validator.ts +210 -0
  47. package/agents/67-wcag-aaa-tester.ts +241 -0
  48. package/agents/68-dead-code-detector.ts +135 -0
  49. package/agents/69-type-safety-auditor.ts +164 -0
  50. package/agents/70-complexity-analyzer.ts +179 -0
  51. package/agents/__tests__/24-signup-onboarding-tester.test.ts +274 -0
  52. package/agents/__tests__/25-crud-flow-tester.test.ts +322 -0
  53. package/agents/__tests__/26-form-validator.test.ts +345 -0
  54. package/agents/__tests__/27-search-filter-tester.test.ts +311 -0
  55. package/agents/__tests__/28-navigation-routing-tester.test.ts +328 -0
  56. package/agents/__tests__/29-responsive-interaction-tester.test.ts +297 -0
  57. package/agents/__tests__/30-multi-user-scenario-tester.test.ts +328 -0
  58. package/agents/__tests__/31-load-tester.test.ts +189 -0
  59. package/agents/__tests__/32-memory-leak-detector.test.ts +251 -0
  60. package/agents/__tests__/33-bundle-analyzer.test.ts +237 -0
  61. package/agents/__tests__/34-xss-scanner.test.ts +258 -0
  62. package/agents/__tests__/35-csrf-tester.test.ts +200 -0
  63. package/agents/__tests__/36-auth-fuzzer.test.ts +214 -0
  64. package/agents/__tests__/37-dependency-scanner.test.ts +266 -0
  65. package/agents/__tests__/38-secrets-scanner.test.ts +224 -0
  66. package/agents/__tests__/39-api-contract-tester.test.ts +312 -0
  67. package/agents/__tests__/40-rate-limit-tester.test.ts +192 -0
  68. package/agents/__tests__/41-api-pagination-tester.test.ts +198 -0
  69. package/agents/__tests__/42-graphql-tester.test.ts +252 -0
  70. package/agents/__tests__/43-data-consistency-checker.test.ts +232 -0
  71. package/agents/__tests__/44-backup-recovery-tester.test.ts +222 -0
  72. package/agents/__tests__/45-data-privacy-scanner.test.ts +223 -0
  73. package/agents/__tests__/46-seo-auditor.test.ts +261 -0
  74. package/agents/__tests__/47-social-preview-tester.test.ts +245 -0
  75. package/agents/__tests__/48-lighthouse-auditor.test.ts +276 -0
  76. package/agents/__tests__/49-i18n-tester.test.ts +201 -0
  77. package/agents/__tests__/50-timezone-tester.test.ts +172 -0
  78. package/agents/__tests__/51-error-recovery-tester.test.ts +162 -0
  79. package/agents/__tests__/52-offline-mode-tester.test.ts +164 -0
  80. package/agents/__tests__/53-graceful-degradation-tester.test.ts +168 -0
  81. package/agents/__tests__/54-websocket-tester.test.ts +157 -0
  82. package/agents/__tests__/55-realtime-sync-tester.test.ts +181 -0
  83. package/agents/__tests__/56-file-upload-tester.test.ts +172 -0
  84. package/agents/__tests__/57-export-tester.test.ts +169 -0
  85. package/agents/__tests__/58-payment-flow-tester.test.ts +182 -0
  86. package/agents/__tests__/59-ssl-tls-auditor.test.ts +179 -0
  87. package/agents/__tests__/60-dns-cdn-tester.test.ts +176 -0
  88. package/agents/__tests__/61-docker-health-checker.test.ts +150 -0
  89. package/agents/__tests__/62-env-config-validator.test.ts +166 -0
  90. package/agents/__tests__/63-log-quality-auditor.test.ts +175 -0
  91. package/agents/__tests__/64-analytics-tracker-tester.test.ts +158 -0
  92. package/agents/__tests__/65-gdpr-compliance-tester.test.ts +174 -0
  93. package/agents/__tests__/66-soc2-control-validator.test.ts +183 -0
  94. package/agents/__tests__/67-wcag-aaa-tester.test.ts +190 -0
  95. package/agents/__tests__/68-dead-code-detector.test.ts +174 -0
  96. package/agents/__tests__/69-type-safety-auditor.test.ts +173 -0
  97. package/agents/__tests__/70-complexity-analyzer.test.ts +177 -0
  98. package/agents/__tests__/registry.test.ts +13 -13
  99. package/agents/base-agent.ts +8 -0
  100. package/agents/registry.ts +171 -28
  101. package/core/__tests__/integration.test.ts +4 -4
  102. package/core/__tests__/orchestrator.test.ts +17 -16
  103. package/core/cli.ts +128 -6
  104. package/core/license.ts +208 -211
  105. package/core/orchestrator.ts +78 -5
  106. package/dist/agents/15-regression-sentinel.d.ts +2 -1
  107. package/dist/agents/15-regression-sentinel.d.ts.map +1 -1
  108. package/dist/agents/15-regression-sentinel.js +2 -2
  109. package/dist/agents/15-regression-sentinel.js.map +1 -1
  110. package/dist/agents/24-signup-onboarding-tester.d.ts +35 -0
  111. package/dist/agents/24-signup-onboarding-tester.d.ts.map +1 -0
  112. package/dist/agents/24-signup-onboarding-tester.js +357 -0
  113. package/dist/agents/24-signup-onboarding-tester.js.map +1 -0
  114. package/dist/agents/25-crud-flow-tester.d.ts +11 -0
  115. package/dist/agents/25-crud-flow-tester.d.ts.map +1 -0
  116. package/dist/agents/25-crud-flow-tester.js +253 -0
  117. package/dist/agents/25-crud-flow-tester.js.map +1 -0
  118. package/dist/agents/26-form-validator.d.ts +12 -0
  119. package/dist/agents/26-form-validator.d.ts.map +1 -0
  120. package/dist/agents/26-form-validator.js +257 -0
  121. package/dist/agents/26-form-validator.js.map +1 -0
  122. package/dist/agents/27-search-filter-tester.d.ts +20 -0
  123. package/dist/agents/27-search-filter-tester.d.ts.map +1 -0
  124. package/dist/agents/27-search-filter-tester.js +267 -0
  125. package/dist/agents/27-search-filter-tester.js.map +1 -0
  126. package/dist/agents/28-navigation-routing-tester.d.ts +32 -0
  127. package/dist/agents/28-navigation-routing-tester.d.ts.map +1 -0
  128. package/dist/agents/28-navigation-routing-tester.js +363 -0
  129. package/dist/agents/28-navigation-routing-tester.js.map +1 -0
  130. package/dist/agents/29-responsive-interaction-tester.d.ts +26 -0
  131. package/dist/agents/29-responsive-interaction-tester.d.ts.map +1 -0
  132. package/dist/agents/29-responsive-interaction-tester.js +272 -0
  133. package/dist/agents/29-responsive-interaction-tester.js.map +1 -0
  134. package/dist/agents/30-multi-user-scenario-tester.d.ts +24 -0
  135. package/dist/agents/30-multi-user-scenario-tester.d.ts.map +1 -0
  136. package/dist/agents/30-multi-user-scenario-tester.js +254 -0
  137. package/dist/agents/30-multi-user-scenario-tester.js.map +1 -0
  138. package/dist/agents/31-load-tester.d.ts +12 -0
  139. package/dist/agents/31-load-tester.d.ts.map +1 -0
  140. package/dist/agents/31-load-tester.js +110 -0
  141. package/dist/agents/31-load-tester.js.map +1 -0
  142. package/dist/agents/32-memory-leak-detector.d.ts +12 -0
  143. package/dist/agents/32-memory-leak-detector.d.ts.map +1 -0
  144. package/dist/agents/32-memory-leak-detector.js +167 -0
  145. package/dist/agents/32-memory-leak-detector.js.map +1 -0
  146. package/dist/agents/33-bundle-analyzer.d.ts +10 -0
  147. package/dist/agents/33-bundle-analyzer.d.ts.map +1 -0
  148. package/dist/agents/33-bundle-analyzer.js +111 -0
  149. package/dist/agents/33-bundle-analyzer.js.map +1 -0
  150. package/dist/agents/34-xss-scanner.d.ts +11 -0
  151. package/dist/agents/34-xss-scanner.d.ts.map +1 -0
  152. package/dist/agents/34-xss-scanner.js +164 -0
  153. package/dist/agents/34-xss-scanner.js.map +1 -0
  154. package/dist/agents/35-csrf-tester.d.ts +11 -0
  155. package/dist/agents/35-csrf-tester.d.ts.map +1 -0
  156. package/dist/agents/35-csrf-tester.js +70 -0
  157. package/dist/agents/35-csrf-tester.js.map +1 -0
  158. package/dist/agents/36-auth-fuzzer.d.ts +13 -0
  159. package/dist/agents/36-auth-fuzzer.d.ts.map +1 -0
  160. package/dist/agents/36-auth-fuzzer.js +163 -0
  161. package/dist/agents/36-auth-fuzzer.js.map +1 -0
  162. package/dist/agents/37-dependency-scanner.d.ts +11 -0
  163. package/dist/agents/37-dependency-scanner.d.ts.map +1 -0
  164. package/dist/agents/37-dependency-scanner.js +139 -0
  165. package/dist/agents/37-dependency-scanner.js.map +1 -0
  166. package/dist/agents/38-secrets-scanner.d.ts +11 -0
  167. package/dist/agents/38-secrets-scanner.d.ts.map +1 -0
  168. package/dist/agents/38-secrets-scanner.js +116 -0
  169. package/dist/agents/38-secrets-scanner.js.map +1 -0
  170. package/dist/agents/39-api-contract-tester.d.ts +12 -0
  171. package/dist/agents/39-api-contract-tester.d.ts.map +1 -0
  172. package/dist/agents/39-api-contract-tester.js +142 -0
  173. package/dist/agents/39-api-contract-tester.js.map +1 -0
  174. package/dist/agents/40-rate-limit-tester.d.ts +12 -0
  175. package/dist/agents/40-rate-limit-tester.d.ts.map +1 -0
  176. package/dist/agents/40-rate-limit-tester.js +79 -0
  177. package/dist/agents/40-rate-limit-tester.js.map +1 -0
  178. package/dist/agents/41-api-pagination-tester.d.ts +12 -0
  179. package/dist/agents/41-api-pagination-tester.d.ts.map +1 -0
  180. package/dist/agents/41-api-pagination-tester.js +79 -0
  181. package/dist/agents/41-api-pagination-tester.js.map +1 -0
  182. package/dist/agents/42-graphql-tester.d.ts +13 -0
  183. package/dist/agents/42-graphql-tester.d.ts.map +1 -0
  184. package/dist/agents/42-graphql-tester.js +187 -0
  185. package/dist/agents/42-graphql-tester.js.map +1 -0
  186. package/dist/agents/43-data-consistency-checker.d.ts +11 -0
  187. package/dist/agents/43-data-consistency-checker.d.ts.map +1 -0
  188. package/dist/agents/43-data-consistency-checker.js +176 -0
  189. package/dist/agents/43-data-consistency-checker.js.map +1 -0
  190. package/dist/agents/44-backup-recovery-tester.d.ts +11 -0
  191. package/dist/agents/44-backup-recovery-tester.d.ts.map +1 -0
  192. package/dist/agents/44-backup-recovery-tester.js +128 -0
  193. package/dist/agents/44-backup-recovery-tester.js.map +1 -0
  194. package/dist/agents/45-data-privacy-scanner.d.ts +11 -0
  195. package/dist/agents/45-data-privacy-scanner.d.ts.map +1 -0
  196. package/dist/agents/45-data-privacy-scanner.js +100 -0
  197. package/dist/agents/45-data-privacy-scanner.js.map +1 -0
  198. package/dist/agents/46-seo-auditor.d.ts +12 -0
  199. package/dist/agents/46-seo-auditor.d.ts.map +1 -0
  200. package/dist/agents/46-seo-auditor.js +275 -0
  201. package/dist/agents/46-seo-auditor.js.map +1 -0
  202. package/dist/agents/47-social-preview-tester.d.ts +11 -0
  203. package/dist/agents/47-social-preview-tester.d.ts.map +1 -0
  204. package/dist/agents/47-social-preview-tester.js +219 -0
  205. package/dist/agents/47-social-preview-tester.js.map +1 -0
  206. package/dist/agents/48-lighthouse-auditor.d.ts +11 -0
  207. package/dist/agents/48-lighthouse-auditor.d.ts.map +1 -0
  208. package/dist/agents/48-lighthouse-auditor.js +192 -0
  209. package/dist/agents/48-lighthouse-auditor.js.map +1 -0
  210. package/dist/agents/49-i18n-tester.d.ts +13 -0
  211. package/dist/agents/49-i18n-tester.d.ts.map +1 -0
  212. package/dist/agents/49-i18n-tester.js +172 -0
  213. package/dist/agents/49-i18n-tester.js.map +1 -0
  214. package/dist/agents/50-timezone-tester.d.ts +11 -0
  215. package/dist/agents/50-timezone-tester.d.ts.map +1 -0
  216. package/dist/agents/50-timezone-tester.js +152 -0
  217. package/dist/agents/50-timezone-tester.js.map +1 -0
  218. package/dist/agents/51-error-recovery-tester.d.ts +11 -0
  219. package/dist/agents/51-error-recovery-tester.d.ts.map +1 -0
  220. package/dist/agents/51-error-recovery-tester.js +134 -0
  221. package/dist/agents/51-error-recovery-tester.js.map +1 -0
  222. package/dist/agents/52-offline-mode-tester.d.ts +12 -0
  223. package/dist/agents/52-offline-mode-tester.d.ts.map +1 -0
  224. package/dist/agents/52-offline-mode-tester.js +161 -0
  225. package/dist/agents/52-offline-mode-tester.js.map +1 -0
  226. package/dist/agents/53-graceful-degradation-tester.d.ts +12 -0
  227. package/dist/agents/53-graceful-degradation-tester.d.ts.map +1 -0
  228. package/dist/agents/53-graceful-degradation-tester.js +130 -0
  229. package/dist/agents/53-graceful-degradation-tester.js.map +1 -0
  230. package/dist/agents/54-websocket-tester.d.ts +10 -0
  231. package/dist/agents/54-websocket-tester.d.ts.map +1 -0
  232. package/dist/agents/54-websocket-tester.js +132 -0
  233. package/dist/agents/54-websocket-tester.js.map +1 -0
  234. package/dist/agents/55-realtime-sync-tester.d.ts +11 -0
  235. package/dist/agents/55-realtime-sync-tester.d.ts.map +1 -0
  236. package/dist/agents/55-realtime-sync-tester.js +175 -0
  237. package/dist/agents/55-realtime-sync-tester.js.map +1 -0
  238. package/dist/agents/56-file-upload-tester.d.ts +12 -0
  239. package/dist/agents/56-file-upload-tester.d.ts.map +1 -0
  240. package/dist/agents/56-file-upload-tester.js +166 -0
  241. package/dist/agents/56-file-upload-tester.js.map +1 -0
  242. package/dist/agents/57-export-tester.d.ts +11 -0
  243. package/dist/agents/57-export-tester.d.ts.map +1 -0
  244. package/dist/agents/57-export-tester.js +155 -0
  245. package/dist/agents/57-export-tester.js.map +1 -0
  246. package/dist/agents/58-payment-flow-tester.d.ts +11 -0
  247. package/dist/agents/58-payment-flow-tester.d.ts.map +1 -0
  248. package/dist/agents/58-payment-flow-tester.js +159 -0
  249. package/dist/agents/58-payment-flow-tester.js.map +1 -0
  250. package/dist/agents/59-ssl-tls-auditor.d.ts +10 -0
  251. package/dist/agents/59-ssl-tls-auditor.d.ts.map +1 -0
  252. package/dist/agents/59-ssl-tls-auditor.js +132 -0
  253. package/dist/agents/59-ssl-tls-auditor.js.map +1 -0
  254. package/dist/agents/60-dns-cdn-tester.d.ts +10 -0
  255. package/dist/agents/60-dns-cdn-tester.d.ts.map +1 -0
  256. package/dist/agents/60-dns-cdn-tester.js +105 -0
  257. package/dist/agents/60-dns-cdn-tester.js.map +1 -0
  258. package/dist/agents/61-docker-health-checker.d.ts +10 -0
  259. package/dist/agents/61-docker-health-checker.d.ts.map +1 -0
  260. package/dist/agents/61-docker-health-checker.js +95 -0
  261. package/dist/agents/61-docker-health-checker.js.map +1 -0
  262. package/dist/agents/62-env-config-validator.d.ts +10 -0
  263. package/dist/agents/62-env-config-validator.d.ts.map +1 -0
  264. package/dist/agents/62-env-config-validator.js +132 -0
  265. package/dist/agents/62-env-config-validator.js.map +1 -0
  266. package/dist/agents/63-log-quality-auditor.d.ts +9 -0
  267. package/dist/agents/63-log-quality-auditor.d.ts.map +1 -0
  268. package/dist/agents/63-log-quality-auditor.js +121 -0
  269. package/dist/agents/63-log-quality-auditor.js.map +1 -0
  270. package/dist/agents/64-analytics-tracker-tester.d.ts +10 -0
  271. package/dist/agents/64-analytics-tracker-tester.d.ts.map +1 -0
  272. package/dist/agents/64-analytics-tracker-tester.js +146 -0
  273. package/dist/agents/64-analytics-tracker-tester.js.map +1 -0
  274. package/dist/agents/65-gdpr-compliance-tester.d.ts +13 -0
  275. package/dist/agents/65-gdpr-compliance-tester.d.ts.map +1 -0
  276. package/dist/agents/65-gdpr-compliance-tester.js +186 -0
  277. package/dist/agents/65-gdpr-compliance-tester.js.map +1 -0
  278. package/dist/agents/66-soc2-control-validator.d.ts +14 -0
  279. package/dist/agents/66-soc2-control-validator.d.ts.map +1 -0
  280. package/dist/agents/66-soc2-control-validator.js +178 -0
  281. package/dist/agents/66-soc2-control-validator.js.map +1 -0
  282. package/dist/agents/67-wcag-aaa-tester.d.ts +13 -0
  283. package/dist/agents/67-wcag-aaa-tester.d.ts.map +1 -0
  284. package/dist/agents/67-wcag-aaa-tester.js +207 -0
  285. package/dist/agents/67-wcag-aaa-tester.js.map +1 -0
  286. package/dist/agents/68-dead-code-detector.d.ts +9 -0
  287. package/dist/agents/68-dead-code-detector.d.ts.map +1 -0
  288. package/dist/agents/68-dead-code-detector.js +116 -0
  289. package/dist/agents/68-dead-code-detector.js.map +1 -0
  290. package/dist/agents/69-type-safety-auditor.d.ts +9 -0
  291. package/dist/agents/69-type-safety-auditor.d.ts.map +1 -0
  292. package/dist/agents/69-type-safety-auditor.js +148 -0
  293. package/dist/agents/69-type-safety-auditor.js.map +1 -0
  294. package/dist/agents/70-complexity-analyzer.d.ts +10 -0
  295. package/dist/agents/70-complexity-analyzer.d.ts.map +1 -0
  296. package/dist/agents/70-complexity-analyzer.js +154 -0
  297. package/dist/agents/70-complexity-analyzer.js.map +1 -0
  298. package/dist/agents/base-agent.d.ts +3 -1
  299. package/dist/agents/base-agent.d.ts.map +1 -1
  300. package/dist/agents/base-agent.js +7 -1
  301. package/dist/agents/base-agent.js.map +1 -1
  302. package/dist/agents/registry.d.ts +5 -4
  303. package/dist/agents/registry.d.ts.map +1 -1
  304. package/dist/agents/registry.js +170 -29
  305. package/dist/agents/registry.js.map +1 -1
  306. package/dist/clients/agent-mvp.d.ts +66 -0
  307. package/dist/clients/agent-mvp.d.ts.map +1 -0
  308. package/dist/clients/agent-mvp.js +91 -0
  309. package/dist/clients/agent-mvp.js.map +1 -0
  310. package/dist/clients/total-recall.d.ts +37 -0
  311. package/dist/clients/total-recall.d.ts.map +1 -0
  312. package/dist/clients/total-recall.js +224 -0
  313. package/dist/clients/total-recall.js.map +1 -0
  314. package/dist/core/cli.d.ts +3 -0
  315. package/dist/core/cli.d.ts.map +1 -1
  316. package/dist/core/cli.js +122 -6
  317. package/dist/core/cli.js.map +1 -1
  318. package/dist/core/license.js +2 -5
  319. package/dist/core/license.js.map +1 -1
  320. package/dist/core/orchestrator.d.ts +10 -1
  321. package/dist/core/orchestrator.d.ts.map +1 -1
  322. package/dist/core/orchestrator.js +66 -5
  323. package/dist/core/orchestrator.js.map +1 -1
  324. package/package.json +2 -2
@@ -0,0 +1,11 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class CsrfTesterAgent extends BaseAgent {
4
+ readonly agentId = 35;
5
+ readonly agentName = "CSRF Tester";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private discoverEndpoints;
10
+ }
11
+ //# sourceMappingURL=35-csrf-tester.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"35-csrf-tester.d.ts","sourceRoot":"","sources":["../../agents/35-csrf-tester.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAYzC,qBAAa,eAAgB,SAAQ,SAAS;IAC5C,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,iBAAiB;IACnC,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAmD7C,OAAO,CAAC,iBAAiB;CAO1B"}
@@ -0,0 +1,70 @@
1
+ import { BaseAgent } from './base-agent';
2
+ import { resolveEnvironment } from '../helpers/env-resolver';
3
+ /** Common POST endpoints to test for CSRF protection. */
4
+ const DEFAULT_POST_ENDPOINTS = [
5
+ '/api/auth/login',
6
+ '/api/tasks',
7
+ '/api/clients',
8
+ ];
9
+ const REQUEST_TIMEOUT_MS = 10_000;
10
+ export class CsrfTesterAgent extends BaseAgent {
11
+ agentId = 35;
12
+ agentName = 'CSRF Tester';
13
+ baseUrl = '';
14
+ async preFlight() {
15
+ const { env } = await resolveEnvironment(this.config, this.phase);
16
+ this.baseUrl = env.baseUrl;
17
+ }
18
+ async execute() {
19
+ const findings = [];
20
+ const endpoints = this.discoverEndpoints();
21
+ for (const endpoint of endpoints) {
22
+ const url = `${this.baseUrl}${endpoint}`;
23
+ try {
24
+ const response = await Promise.race([
25
+ fetch(url, {
26
+ method: 'POST',
27
+ headers: { 'Content-Type': 'application/json' },
28
+ body: JSON.stringify({ test: 'csrf-probe' }),
29
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
30
+ }),
31
+ new Promise((_, reject) => setTimeout(() => reject(new Error('CSRF test timeout')), REQUEST_TIMEOUT_MS)),
32
+ ]);
33
+ if (response.status === 200 || response.status === 201) {
34
+ findings.push({
35
+ id: `${this.agentId}-no-csrf-${endpoint.replace(/\//g, '_')}`,
36
+ type: 'code-bug-security',
37
+ severity: 'high',
38
+ agentId: this.agentId,
39
+ module: 'csrf-tester',
40
+ description: `Endpoint ${endpoint} accepts POST requests without CSRF protection (status ${response.status})`,
41
+ });
42
+ }
43
+ this.addEvidence({
44
+ type: 'log',
45
+ path: `csrf-test-${endpoint.replace(/\//g, '_')}`,
46
+ description: `POST ${endpoint} without auth/CSRF headers: status=${response.status}`,
47
+ });
48
+ }
49
+ catch (error) {
50
+ findings.push({
51
+ id: `${this.agentId}-request-failed-${endpoint.replace(/\//g, '_')}`,
52
+ type: 'infra-issue',
53
+ severity: 'low',
54
+ agentId: this.agentId,
55
+ module: 'csrf-tester',
56
+ description: `Failed to test endpoint ${endpoint}: ${error instanceof Error ? error.message : String(error)}`,
57
+ });
58
+ }
59
+ }
60
+ return findings;
61
+ }
62
+ discoverEndpoints() {
63
+ if (this.config.modules && this.config.modules.length > 0) {
64
+ const moduleEndpoints = this.config.modules.map(m => `/api${m.route}`);
65
+ return [...new Set([...DEFAULT_POST_ENDPOINTS, ...moduleEndpoints])];
66
+ }
67
+ return [...DEFAULT_POST_ENDPOINTS];
68
+ }
69
+ }
70
+ //# sourceMappingURL=35-csrf-tester.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"35-csrf-tester.js","sourceRoot":"","sources":["../../agents/35-csrf-tester.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,yDAAyD;AACzD,MAAM,sBAAsB,GAAG;IAC7B,iBAAiB;IACjB,YAAY;IACZ,cAAc;CACN,CAAC;AAEX,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,MAAM,OAAO,eAAgB,SAAQ,SAAS;IACnC,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,aAAa,CAAC;IAC3B,OAAO,GAAG,EAAE,CAAC;IAEX,KAAK,CAAC,SAAS;QACvB,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE3C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,QAAQ,EAAE,CAAC;YAEzC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAClC,KAAK,CAAC,GAAG,EAAE;wBACT,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;wBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;wBAC5C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;qBAChD,CAAC;oBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAC7E;iBACF,CAAa,CAAC;gBAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACvD,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,YAAY,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;wBAC7D,IAAI,EAAE,mBAAmB;wBACzB,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,MAAM,EAAE,aAAa;wBACrB,WAAW,EAAE,YAAY,QAAQ,0DAA0D,QAAQ,CAAC,MAAM,GAAG;qBAC9G,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,CAAC,WAAW,CAAC;oBACf,IAAI,EAAE,KAAK;oBACX,IAAI,EAAE,aAAa,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;oBACjD,WAAW,EAAE,QAAQ,QAAQ,sCAAsC,QAAQ,CAAC,MAAM,EAAE;iBACrF,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,mBAAmB,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;oBACpE,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,aAAa;oBACrB,WAAW,EAAE,2BAA2B,QAAQ,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;iBAC9G,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACvE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,sBAAsB,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,CAAC,GAAG,sBAAsB,CAAC,CAAC;IACrC,CAAC;CACF"}
@@ -0,0 +1,13 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class AuthFuzzerAgent extends BaseAgent {
4
+ readonly agentId = 36;
5
+ readonly agentName = "Auth Fuzzer";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private testSqlInjection;
10
+ private testAccountLockout;
11
+ private testJwtAlgNone;
12
+ }
13
+ //# sourceMappingURL=36-auth-fuzzer.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"36-auth-fuzzer.d.ts","sourceRoot":"","sources":["../../agents/36-auth-fuzzer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAMzC,qBAAa,eAAgB,SAAQ,SAAS;IAC5C,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,iBAAiB;IACnC,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAkB/B,gBAAgB;YAkDhB,kBAAkB;YAmDlB,cAAc;CAyD7B"}
@@ -0,0 +1,163 @@
1
+ import { BaseAgent } from './base-agent';
2
+ import { resolveEnvironment } from '../helpers/env-resolver';
3
+ const REQUEST_TIMEOUT_MS = 10_000;
4
+ const LOCKOUT_ATTEMPTS = 10;
5
+ export class AuthFuzzerAgent extends BaseAgent {
6
+ agentId = 36;
7
+ agentName = 'Auth Fuzzer';
8
+ baseUrl = '';
9
+ async preFlight() {
10
+ const { env } = await resolveEnvironment(this.config, this.phase);
11
+ this.baseUrl = env.baseUrl;
12
+ }
13
+ async execute() {
14
+ const findings = [];
15
+ // Test 1: SQL injection in login
16
+ const sqlInjectionFindings = await this.testSqlInjection();
17
+ findings.push(...sqlInjectionFindings);
18
+ // Test 2: Account lockout
19
+ const lockoutFindings = await this.testAccountLockout();
20
+ findings.push(...lockoutFindings);
21
+ // Test 3: JWT alg:none bypass
22
+ const jwtFindings = await this.testJwtAlgNone();
23
+ findings.push(...jwtFindings);
24
+ return findings;
25
+ }
26
+ async testSqlInjection() {
27
+ const findings = [];
28
+ const loginUrl = `${this.baseUrl}/api/auth/login`;
29
+ try {
30
+ const response = await Promise.race([
31
+ fetch(loginUrl, {
32
+ method: 'POST',
33
+ headers: { 'Content-Type': 'application/json' },
34
+ body: JSON.stringify({
35
+ email: "' OR 1=1 --",
36
+ password: 'anything',
37
+ }),
38
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
39
+ }),
40
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
41
+ ]);
42
+ if (response.status === 200 || response.status === 201) {
43
+ findings.push({
44
+ id: `${this.agentId}-sql-injection-login`,
45
+ type: 'code-bug-security',
46
+ severity: 'critical',
47
+ agentId: this.agentId,
48
+ module: 'auth-fuzzer',
49
+ description: `SQL injection in login succeeded — endpoint returned ${response.status} for malicious email input`,
50
+ });
51
+ }
52
+ this.addEvidence({
53
+ type: 'log',
54
+ path: 'sql-injection-test',
55
+ description: `SQL injection login test: status=${response.status}`,
56
+ });
57
+ }
58
+ catch (error) {
59
+ findings.push({
60
+ id: `${this.agentId}-sql-injection-error`,
61
+ type: 'infra-issue',
62
+ severity: 'low',
63
+ agentId: this.agentId,
64
+ module: 'auth-fuzzer',
65
+ description: `SQL injection test failed to execute: ${error instanceof Error ? error.message : String(error)}`,
66
+ });
67
+ }
68
+ return findings;
69
+ }
70
+ async testAccountLockout() {
71
+ const findings = [];
72
+ const loginUrl = `${this.baseUrl}/api/auth/login`;
73
+ let got429 = false;
74
+ for (let i = 0; i < LOCKOUT_ATTEMPTS; i++) {
75
+ try {
76
+ const response = await Promise.race([
77
+ fetch(loginUrl, {
78
+ method: 'POST',
79
+ headers: { 'Content-Type': 'application/json' },
80
+ body: JSON.stringify({
81
+ email: 'lockout-test@example.com',
82
+ password: `wrong-password-${i}`,
83
+ }),
84
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
85
+ }),
86
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
87
+ ]);
88
+ if (response.status === 429) {
89
+ got429 = true;
90
+ break;
91
+ }
92
+ }
93
+ catch {
94
+ // Request failed — continue testing
95
+ }
96
+ }
97
+ if (!got429) {
98
+ findings.push({
99
+ id: `${this.agentId}-no-lockout`,
100
+ type: 'code-bug-security',
101
+ severity: 'medium',
102
+ agentId: this.agentId,
103
+ module: 'auth-fuzzer',
104
+ description: `No account lockout after ${LOCKOUT_ATTEMPTS} failed login attempts — no 429 response received`,
105
+ });
106
+ }
107
+ this.addEvidence({
108
+ type: 'log',
109
+ path: 'lockout-test',
110
+ description: `Account lockout test: ${got429 ? 'lockout triggered' : 'no lockout detected'} after ${LOCKOUT_ATTEMPTS} attempts`,
111
+ });
112
+ return findings;
113
+ }
114
+ async testJwtAlgNone() {
115
+ const findings = [];
116
+ // Create a JWT with alg: "none"
117
+ const header = Buffer.from(JSON.stringify({ alg: 'none', typ: 'JWT' })).toString('base64url');
118
+ const payload = Buffer.from(JSON.stringify({ sub: '1', email: 'admin@test.com', role: 'admin', iat: Math.floor(Date.now() / 1000) })).toString('base64url');
119
+ const fakeJwt = `${header}.${payload}.`;
120
+ // Try accessing a protected endpoint
121
+ const protectedUrl = `${this.baseUrl}/api/tasks`;
122
+ try {
123
+ const response = await Promise.race([
124
+ fetch(protectedUrl, {
125
+ method: 'GET',
126
+ headers: {
127
+ 'Authorization': `Bearer ${fakeJwt}`,
128
+ 'Content-Type': 'application/json',
129
+ },
130
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
131
+ }),
132
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
133
+ ]);
134
+ if (response.status === 200) {
135
+ findings.push({
136
+ id: `${this.agentId}-jwt-alg-none`,
137
+ type: 'code-bug-security',
138
+ severity: 'critical',
139
+ agentId: this.agentId,
140
+ module: 'auth-fuzzer',
141
+ description: `Protected endpoint accepts JWT with alg:"none" — authentication bypass vulnerability`,
142
+ });
143
+ }
144
+ this.addEvidence({
145
+ type: 'log',
146
+ path: 'jwt-alg-none-test',
147
+ description: `JWT alg:none test: status=${response.status}`,
148
+ });
149
+ }
150
+ catch (error) {
151
+ findings.push({
152
+ id: `${this.agentId}-jwt-test-error`,
153
+ type: 'infra-issue',
154
+ severity: 'low',
155
+ agentId: this.agentId,
156
+ module: 'auth-fuzzer',
157
+ description: `JWT alg:none test failed to execute: ${error instanceof Error ? error.message : String(error)}`,
158
+ });
159
+ }
160
+ return findings;
161
+ }
162
+ }
163
+ //# sourceMappingURL=36-auth-fuzzer.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"36-auth-fuzzer.js","sourceRoot":"","sources":["../../agents/36-auth-fuzzer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAE5B,MAAM,OAAO,eAAgB,SAAQ,SAAS;IACnC,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,aAAa,CAAC;IAC3B,OAAO,GAAG,EAAE,CAAC;IAEX,KAAK,CAAC,SAAS;QACvB,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,iCAAiC;QACjC,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,CAAC;QAEvC,0BAA0B;QAC1B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QAElC,8BAA8B;QAC9B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QAE9B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,OAAO,iBAAiB,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,QAAQ,EAAE;oBACd,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,KAAK,EAAE,aAAa;wBACpB,QAAQ,EAAE,UAAU;qBACrB,CAAC;oBACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,sBAAsB;oBACzC,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,aAAa;oBACrB,WAAW,EAAE,wDAAwD,QAAQ,CAAC,MAAM,4BAA4B;iBACjH,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,oBAAoB;gBAC1B,WAAW,EAAE,oCAAoC,QAAQ,CAAC,MAAM,EAAE;aACnE,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,sBAAsB;gBACzC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,aAAa;gBACrB,WAAW,EAAE,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;aAC/G,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,OAAO,iBAAiB,CAAC;QAClD,IAAI,MAAM,GAAG,KAAK,CAAC;QAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAClC,KAAK,CAAC,QAAQ,EAAE;wBACd,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;wBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,0BAA0B;4BACjC,QAAQ,EAAE,kBAAkB,CAAC,EAAE;yBAChC,CAAC;wBACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;qBAChD,CAAC;oBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;iBACF,CAAa,CAAC;gBAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,MAAM,GAAG,IAAI,CAAC;oBACd,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oCAAoC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,aAAa;gBAChC,IAAI,EAAE,mBAAmB;gBACzB,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,aAAa;gBACrB,WAAW,EAAE,4BAA4B,gBAAgB,mDAAmD;aAC7G,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,CAAC;YACf,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,yBAAyB,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,qBAAqB,UAAU,gBAAgB,WAAW;SAChI,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC9F,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CACzB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,CACzG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,MAAM,IAAI,OAAO,GAAG,CAAC;QAExC,qCAAqC;QACrC,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,OAAO,YAAY,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,YAAY,EAAE;oBAClB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE;wBACP,eAAe,EAAE,UAAU,OAAO,EAAE;wBACpC,cAAc,EAAE,kBAAkB;qBACnC;oBACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,eAAe;oBAClC,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,aAAa;oBACrB,WAAW,EAAE,sFAAsF;iBACpG,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EAAE,6BAA6B,QAAQ,CAAC,MAAM,EAAE;aAC5D,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,iBAAiB;gBACpC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,aAAa;gBACrB,WAAW,EAAE,wCAAwC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;aAC9G,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,11 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class DependencyScannerAgent extends BaseAgent {
4
+ readonly agentId = 37;
5
+ readonly agentName = "Dependency Scanner";
6
+ protected preFlight(): Promise<void>;
7
+ protected execute(): Promise<Finding[]>;
8
+ private runAudit;
9
+ private runOutdated;
10
+ }
11
+ //# sourceMappingURL=37-dependency-scanner.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"37-dependency-scanner.d.ts","sourceRoot":"","sources":["../../agents/37-dependency-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAiCzC,qBAAa,sBAAuB,SAAQ,SAAS;IACnD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,wBAAwB;cAE1B,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAI1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAe/B,QAAQ;YAuDR,WAAW;CA6D1B"}
@@ -0,0 +1,139 @@
1
+ import { execFile } from 'node:child_process';
2
+ import { promisify } from 'node:util';
3
+ import { BaseAgent } from './base-agent';
4
+ const execFileAsync = promisify(execFile);
5
+ const SEVERITY_MAP = {
6
+ critical: 'critical',
7
+ high: 'high',
8
+ moderate: 'medium',
9
+ low: 'low',
10
+ info: 'low',
11
+ };
12
+ export class DependencyScannerAgent extends BaseAgent {
13
+ agentId = 37;
14
+ agentName = 'Dependency Scanner';
15
+ async preFlight() {
16
+ // No special pre-conditions
17
+ }
18
+ async execute() {
19
+ const findings = [];
20
+ const projectRoot = this.config.projectRoot ?? process.cwd();
21
+ // Run npm audit
22
+ const auditFindings = await this.runAudit(projectRoot);
23
+ findings.push(...auditFindings);
24
+ // Run npm outdated
25
+ const outdatedFindings = await this.runOutdated(projectRoot);
26
+ findings.push(...outdatedFindings);
27
+ return findings;
28
+ }
29
+ async runAudit(projectRoot) {
30
+ const findings = [];
31
+ try {
32
+ let stdout;
33
+ try {
34
+ const result = await execFileAsync('npm', ['audit', '--json'], {
35
+ cwd: projectRoot,
36
+ timeout: 60_000,
37
+ });
38
+ stdout = result.stdout;
39
+ }
40
+ catch (execError) {
41
+ // npm audit exits non-zero when vulnerabilities are found
42
+ const err = execError;
43
+ if (err.stdout) {
44
+ stdout = err.stdout;
45
+ }
46
+ else {
47
+ throw execError;
48
+ }
49
+ }
50
+ const report = JSON.parse(stdout);
51
+ const vulnerabilities = report.vulnerabilities ?? {};
52
+ for (const [name, vuln] of Object.entries(vulnerabilities)) {
53
+ const severity = SEVERITY_MAP[vuln.severity] ?? 'medium';
54
+ findings.push({
55
+ id: `${this.agentId}-vuln-${name}`,
56
+ type: 'code-bug-security',
57
+ severity,
58
+ agentId: this.agentId,
59
+ module: 'dependency-scanner',
60
+ description: `Vulnerability in ${name}: ${vuln.title ?? vuln.severity} (${vuln.url ?? 'no URL'})`,
61
+ });
62
+ }
63
+ this.addEvidence({
64
+ type: 'report',
65
+ path: 'npm-audit',
66
+ description: `npm audit found ${Object.keys(vulnerabilities).length} vulnerable packages`,
67
+ });
68
+ }
69
+ catch (error) {
70
+ findings.push({
71
+ id: `${this.agentId}-audit-error`,
72
+ type: 'infra-issue',
73
+ severity: 'medium',
74
+ agentId: this.agentId,
75
+ module: 'dependency-scanner',
76
+ description: `npm audit failed: ${error instanceof Error ? error.message : String(error)}`,
77
+ });
78
+ }
79
+ return findings;
80
+ }
81
+ async runOutdated(projectRoot) {
82
+ const findings = [];
83
+ try {
84
+ let stdout;
85
+ try {
86
+ const result = await execFileAsync('npm', ['outdated', '--json'], {
87
+ cwd: projectRoot,
88
+ timeout: 60_000,
89
+ });
90
+ stdout = result.stdout;
91
+ }
92
+ catch (execError) {
93
+ // npm outdated exits non-zero when there are outdated packages
94
+ const err = execError;
95
+ if (err.stdout) {
96
+ stdout = err.stdout;
97
+ }
98
+ else {
99
+ throw execError;
100
+ }
101
+ }
102
+ if (!stdout || stdout.trim() === '') {
103
+ return findings;
104
+ }
105
+ const outdated = JSON.parse(stdout);
106
+ for (const [name, info] of Object.entries(outdated)) {
107
+ const currentMajor = parseInt(info.current.split('.')[0], 10);
108
+ const latestMajor = parseInt(info.latest.split('.')[0], 10);
109
+ if (latestMajor - currentMajor >= 1) {
110
+ findings.push({
111
+ id: `${this.agentId}-outdated-${name}`,
112
+ type: 'test-bug',
113
+ severity: 'low',
114
+ agentId: this.agentId,
115
+ module: 'dependency-scanner',
116
+ description: `Package ${name} is ${latestMajor - currentMajor} major version(s) behind: current=${info.current}, latest=${info.latest}`,
117
+ });
118
+ }
119
+ }
120
+ this.addEvidence({
121
+ type: 'report',
122
+ path: 'npm-outdated',
123
+ description: `npm outdated found ${Object.keys(outdated).length} outdated packages`,
124
+ });
125
+ }
126
+ catch (error) {
127
+ findings.push({
128
+ id: `${this.agentId}-outdated-error`,
129
+ type: 'infra-issue',
130
+ severity: 'low',
131
+ agentId: this.agentId,
132
+ module: 'dependency-scanner',
133
+ description: `npm outdated failed: ${error instanceof Error ? error.message : String(error)}`,
134
+ });
135
+ }
136
+ return findings;
137
+ }
138
+ }
139
+ //# sourceMappingURL=37-dependency-scanner.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"37-dependency-scanner.js","sourceRoot":"","sources":["../../agents/37-dependency-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAuB1C,MAAM,YAAY,GAAgB;IAChC,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,QAAQ,EAAE,QAAQ;IAClB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,KAAK;CACZ,CAAC;AAEF,MAAM,OAAO,sBAAuB,SAAQ,SAAS;IAC1C,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,oBAAoB,CAAC;IAEhC,KAAK,CAAC,SAAS;QACvB,4BAA4B;IAC9B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE7D,gBAAgB;QAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;QAEhC,mBAAmB;QACnB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC7D,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC;QAEnC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,WAAmB;QACxC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,IAAI,CAAC;YACH,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE;oBAC7D,GAAG,EAAE,WAAW;oBAChB,OAAO,EAAE,MAAM;iBAChB,CAAC,CAAC;gBACH,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;YACzB,CAAC;YAAC,OAAO,SAAS,EAAE,CAAC;gBACnB,0DAA0D;gBAC1D,MAAM,GAAG,GAAG,SAAiD,CAAC;gBAC9D,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;oBACf,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBACtB,CAAC;qBAAM,CAAC;oBACN,MAAM,SAAS,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAgB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;YAErD,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC3D,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;gBACzD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,SAAS,IAAI,EAAE;oBAClC,IAAI,EAAE,mBAAmB;oBACzB,QAAQ;oBACR,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,oBAAoB;oBAC5B,WAAW,EAAE,oBAAoB,IAAI,KAAK,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,GAAG,IAAI,QAAQ,GAAG;iBAClG,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,WAAW;gBACjB,WAAW,EAAE,mBAAmB,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,sBAAsB;aAC1F,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,cAAc;gBACjC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,oBAAoB;gBAC5B,WAAW,EAAE,qBAAqB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,WAAmB;QAC3C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,IAAI,CAAC;YACH,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBAChE,GAAG,EAAE,WAAW;oBAChB,OAAO,EAAE,MAAM;iBAChB,CAAC,CAAC;gBACH,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;YACzB,CAAC;YAAC,OAAO,SAAS,EAAE,CAAC;gBACnB,+DAA+D;gBAC/D,MAAM,GAAG,GAAG,SAAiD,CAAC;gBAC9D,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;oBACf,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBACtB,CAAC;qBAAM,CAAC;oBACN,MAAM,SAAS,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACpC,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,QAAQ,GAAkC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEnE,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9D,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAE5D,IAAI,WAAW,GAAG,YAAY,IAAI,CAAC,EAAE,CAAC;oBACpC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,aAAa,IAAI,EAAE;wBACtC,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE,KAAK;wBACf,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,MAAM,EAAE,oBAAoB;wBAC5B,WAAW,EAAE,WAAW,IAAI,OAAO,WAAW,GAAG,YAAY,qCAAqC,IAAI,CAAC,OAAO,YAAY,IAAI,CAAC,MAAM,EAAE;qBACxI,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,cAAc;gBACpB,WAAW,EAAE,sBAAsB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,oBAAoB;aACpF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,iBAAiB;gBACpC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,oBAAoB;gBAC5B,WAAW,EAAE,wBAAwB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;aAC9F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,11 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class SecretsScannerAgent extends BaseAgent {
4
+ readonly agentId = 38;
5
+ readonly agentName = "Secrets Scanner";
6
+ protected preFlight(): Promise<void>;
7
+ protected execute(): Promise<Finding[]>;
8
+ private collectFiles;
9
+ private scanFile;
10
+ }
11
+ //# sourceMappingURL=38-secrets-scanner.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"38-secrets-scanner.d.ts","sourceRoot":"","sources":["../../agents/38-secrets-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAuBzC,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,qBAAqB;cAEvB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAI1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAoC/B,YAAY;YAkCZ,QAAQ;CAgCvB"}
@@ -0,0 +1,116 @@
1
+ import { readdir, readFile, stat } from 'node:fs/promises';
2
+ import { join, extname } from 'node:path';
3
+ import { BaseAgent } from './base-agent';
4
+ /** File extensions to scan for secrets. */
5
+ const SCANNABLE_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.json', '.env']);
6
+ /** Maximum file size to scan (1MB). */
7
+ const MAX_FILE_SIZE = 1024 * 1024;
8
+ /** Directories to skip. */
9
+ const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'out', 'coverage', '.next']);
10
+ const SECRET_PATTERNS = [
11
+ { name: 'AWS Access Key', regex: /AKIA[0-9A-Z]{16}/g },
12
+ { name: 'Stripe Live Key', regex: /sk_live_[a-zA-Z0-9]+/g },
13
+ { name: 'Hardcoded Password', regex: /password\s*[:=]\s*['"][^'"]+/gi },
14
+ { name: 'Private Key', regex: /-----BEGIN.*PRIVATE KEY-----/g },
15
+ ];
16
+ export class SecretsScannerAgent extends BaseAgent {
17
+ agentId = 38;
18
+ agentName = 'Secrets Scanner';
19
+ async preFlight() {
20
+ // No special pre-conditions
21
+ }
22
+ async execute() {
23
+ const findings = [];
24
+ const projectRoot = this.config.projectRoot ?? process.cwd();
25
+ let scannedFiles = 0;
26
+ let totalMatches = 0;
27
+ try {
28
+ const files = await this.collectFiles(projectRoot);
29
+ scannedFiles = files.length;
30
+ for (const filePath of files) {
31
+ const fileFindings = await this.scanFile(filePath);
32
+ totalMatches += fileFindings.length;
33
+ findings.push(...fileFindings);
34
+ }
35
+ }
36
+ catch (error) {
37
+ findings.push({
38
+ id: `${this.agentId}-scan-error`,
39
+ type: 'infra-issue',
40
+ severity: 'medium',
41
+ agentId: this.agentId,
42
+ module: 'secrets-scanner',
43
+ description: `Failed to scan project files: ${error instanceof Error ? error.message : String(error)}`,
44
+ });
45
+ }
46
+ this.addEvidence({
47
+ type: 'report',
48
+ path: 'secrets-scan',
49
+ description: `Scanned ${scannedFiles} files, found ${totalMatches} potential secrets`,
50
+ });
51
+ return findings;
52
+ }
53
+ async collectFiles(dir, depth = 0) {
54
+ if (depth > 5)
55
+ return [];
56
+ const files = [];
57
+ try {
58
+ const entries = await readdir(dir, { withFileTypes: true });
59
+ for (const entry of entries) {
60
+ if (SKIP_DIRS.has(entry.name))
61
+ continue;
62
+ const fullPath = join(dir, entry.name);
63
+ if (entry.isDirectory()) {
64
+ const subFiles = await this.collectFiles(fullPath, depth + 1);
65
+ files.push(...subFiles);
66
+ }
67
+ else if (entry.isFile() && SCANNABLE_EXTENSIONS.has(extname(entry.name))) {
68
+ try {
69
+ const fileStat = await stat(fullPath);
70
+ if (fileStat.size <= MAX_FILE_SIZE) {
71
+ files.push(fullPath);
72
+ }
73
+ }
74
+ catch {
75
+ // Skip inaccessible files
76
+ }
77
+ }
78
+ }
79
+ }
80
+ catch {
81
+ // Skip inaccessible directories
82
+ }
83
+ return files;
84
+ }
85
+ async scanFile(filePath) {
86
+ const findings = [];
87
+ try {
88
+ const content = await readFile(filePath, 'utf-8');
89
+ const lines = content.split('\n');
90
+ for (const pattern of SECRET_PATTERNS) {
91
+ for (let lineIdx = 0; lineIdx < lines.length; lineIdx++) {
92
+ const line = lines[lineIdx];
93
+ // Reset regex lastIndex for global patterns
94
+ pattern.regex.lastIndex = 0;
95
+ if (pattern.regex.test(line)) {
96
+ findings.push({
97
+ id: `${this.agentId}-secret-${pattern.name.replace(/\s/g, '-').toLowerCase()}-${filePath.replace(/[\\/]/g, '_')}-L${lineIdx + 1}`,
98
+ type: 'code-bug-security',
99
+ severity: 'high',
100
+ agentId: this.agentId,
101
+ module: 'secrets-scanner',
102
+ file: filePath,
103
+ line: lineIdx + 1,
104
+ description: `Potential ${pattern.name} found in ${filePath} at line ${lineIdx + 1}`,
105
+ });
106
+ }
107
+ }
108
+ }
109
+ }
110
+ catch {
111
+ // Skip unreadable files
112
+ }
113
+ return findings;
114
+ }
115
+ }
116
+ //# sourceMappingURL=38-secrets-scanner.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"38-secrets-scanner.js","sourceRoot":"","sources":["../../agents/38-secrets-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,2CAA2C;AAC3C,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAE9E,uCAAuC;AACvC,MAAM,aAAa,GAAG,IAAI,GAAG,IAAI,CAAC;AAElC,2BAA2B;AAC3B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;AAOxF,MAAM,eAAe,GAAoB;IACvC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,mBAAmB,EAAE;IACtD,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,uBAAuB,EAAE;IAC3D,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,gCAAgC,EAAE;IACvE,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,+BAA+B,EAAE;CAChE,CAAC;AAEF,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IACvC,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,iBAAiB,CAAC;IAE7B,KAAK,CAAC,SAAS;QACvB,4BAA4B;IAC9B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE7D,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;YACnD,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC;YAE5B,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC7B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACnD,YAAY,IAAI,YAAY,CAAC,MAAM,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,aAAa;gBAChC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE,iCAAiC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;aACvG,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,CAAC;YACf,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,WAAW,YAAY,iBAAiB,YAAY,oBAAoB;SACtF,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAAW,EAAE,KAAK,GAAG,CAAC;QAC/C,IAAI,KAAK,GAAG,CAAC;YAAE,OAAO,EAAE,CAAC;QAEzB,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;oBAC9D,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;gBAC1B,CAAC;qBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC3E,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;wBACtC,IAAI,QAAQ,CAAC,IAAI,IAAI,aAAa,EAAE,CAAC;4BACnC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,0BAA0B;oBAC5B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,QAAgB;QACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;oBACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC5B,4CAA4C;oBAC5C,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;oBAC5B,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC7B,QAAQ,CAAC,IAAI,CAAC;4BACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,WAAW,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,KAAK,OAAO,GAAG,CAAC,EAAE;4BACjI,IAAI,EAAE,mBAAmB;4BACzB,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,IAAI,CAAC,OAAO;4BACrB,MAAM,EAAE,iBAAiB;4BACzB,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,OAAO,GAAG,CAAC;4BACjB,WAAW,EAAE,aAAa,OAAO,CAAC,IAAI,aAAa,QAAQ,YAAY,OAAO,GAAG,CAAC,EAAE;yBACrF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,12 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class ApiContractTesterAgent extends BaseAgent {
4
+ readonly agentId = 39;
5
+ readonly agentName = "API Contract Tester";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private testEndpoint;
10
+ private validateSchema;
11
+ }
12
+ //# sourceMappingURL=39-api-contract-tester.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"39-api-contract-tester.d.ts","sourceRoot":"","sources":["../../agents/39-api-contract-tester.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AA0BzC,qBAAa,sBAAuB,SAAQ,SAAS;IACnD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,yBAAyB;IAC3C,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YA4D/B,YAAY;IAqD1B,OAAO,CAAC,cAAc;CA8CvB"}