@avi770/testteam 3.0.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +166 -5
- package/README.md +92 -19
- package/bin/testteam.js +32 -4
- package/dist/agents/01-analyst.d.ts +2 -2
- package/dist/agents/01-analyst.js +1 -1
- package/dist/agents/02-seed-architect.d.ts +2 -2
- package/dist/agents/02-seed-architect.js +2 -2
- package/dist/agents/03-test-generator.d.ts +2 -2
- package/dist/agents/03-test-generator.js +2 -2
- package/dist/agents/04-unit-runner.d.ts +2 -2
- package/dist/agents/04-unit-runner.d.ts.map +1 -1
- package/dist/agents/04-unit-runner.js +12 -3
- package/dist/agents/04-unit-runner.js.map +1 -1
- package/dist/agents/05-browser-crawler.d.ts +2 -2
- package/dist/agents/05-browser-crawler.d.ts.map +1 -1
- package/dist/agents/05-browser-crawler.js +24 -12
- package/dist/agents/05-browser-crawler.js.map +1 -1
- package/dist/agents/06-api-exerciser.d.ts +2 -2
- package/dist/agents/06-api-exerciser.js +2 -2
- package/dist/agents/07-security-scout.d.ts +2 -2
- package/dist/agents/07-security-scout.js +2 -2
- package/dist/agents/08-a11y-guardian.d.ts +2 -2
- package/dist/agents/08-a11y-guardian.d.ts.map +1 -1
- package/dist/agents/08-a11y-guardian.js +9 -5
- package/dist/agents/08-a11y-guardian.js.map +1 -1
- package/dist/agents/09-healer.d.ts +2 -2
- package/dist/agents/09-healer.js +2 -2
- package/dist/agents/10-reporter.d.ts +2 -2
- package/dist/agents/10-reporter.d.ts.map +1 -1
- package/dist/agents/10-reporter.js +55 -27
- package/dist/agents/10-reporter.js.map +1 -1
- package/dist/agents/100-error-handling-auditor.d.ts +63 -0
- package/dist/agents/100-error-handling-auditor.d.ts.map +1 -0
- package/dist/agents/100-error-handling-auditor.js +334 -0
- package/dist/agents/100-error-handling-auditor.js.map +1 -0
- package/dist/agents/101-rate-limit-auditor.d.ts +72 -0
- package/dist/agents/101-rate-limit-auditor.d.ts.map +1 -0
- package/dist/agents/101-rate-limit-auditor.js +295 -0
- package/dist/agents/101-rate-limit-auditor.js.map +1 -0
- package/dist/agents/102-dockerfile-auditor.d.ts +62 -0
- package/dist/agents/102-dockerfile-auditor.d.ts.map +1 -0
- package/dist/agents/102-dockerfile-auditor.js +337 -0
- package/dist/agents/102-dockerfile-auditor.js.map +1 -0
- package/dist/agents/103-ci-workflow-auditor.d.ts +57 -0
- package/dist/agents/103-ci-workflow-auditor.d.ts.map +1 -0
- package/dist/agents/103-ci-workflow-auditor.js +247 -0
- package/dist/agents/103-ci-workflow-auditor.js.map +1 -0
- package/dist/agents/104-n-plus-one-detector.d.ts +57 -0
- package/dist/agents/104-n-plus-one-detector.d.ts.map +1 -0
- package/dist/agents/104-n-plus-one-detector.js +329 -0
- package/dist/agents/104-n-plus-one-detector.js.map +1 -0
- package/dist/agents/105-unbounded-query-auditor.d.ts +50 -0
- package/dist/agents/105-unbounded-query-auditor.d.ts.map +1 -0
- package/dist/agents/105-unbounded-query-auditor.js +284 -0
- package/dist/agents/105-unbounded-query-auditor.js.map +1 -0
- package/dist/agents/106-hardcoded-config-auditor.d.ts +54 -0
- package/dist/agents/106-hardcoded-config-auditor.d.ts.map +1 -0
- package/dist/agents/106-hardcoded-config-auditor.js +251 -0
- package/dist/agents/106-hardcoded-config-auditor.js.map +1 -0
- package/dist/agents/107-open-redirect-detector.d.ts +52 -0
- package/dist/agents/107-open-redirect-detector.d.ts.map +1 -0
- package/dist/agents/107-open-redirect-detector.js +263 -0
- package/dist/agents/107-open-redirect-detector.js.map +1 -0
- package/dist/agents/108-sql-injection-detector.d.ts +51 -0
- package/dist/agents/108-sql-injection-detector.d.ts.map +1 -0
- package/dist/agents/108-sql-injection-detector.js +323 -0
- package/dist/agents/108-sql-injection-detector.js.map +1 -0
- package/dist/agents/109-path-traversal-detector.d.ts +51 -0
- package/dist/agents/109-path-traversal-detector.d.ts.map +1 -0
- package/dist/agents/109-path-traversal-detector.js +244 -0
- package/dist/agents/109-path-traversal-detector.js.map +1 -0
- package/dist/agents/11-fixer.d.ts +4 -2
- package/dist/agents/11-fixer.d.ts.map +1 -1
- package/dist/agents/11-fixer.js +52 -11
- package/dist/agents/11-fixer.js.map +1 -1
- package/dist/agents/110-mass-assignment-detector.d.ts +52 -0
- package/dist/agents/110-mass-assignment-detector.d.ts.map +1 -0
- package/dist/agents/110-mass-assignment-detector.js +199 -0
- package/dist/agents/110-mass-assignment-detector.js.map +1 -0
- package/dist/agents/111-dynamic-eval-detector.d.ts +46 -0
- package/dist/agents/111-dynamic-eval-detector.d.ts.map +1 -0
- package/dist/agents/111-dynamic-eval-detector.js +233 -0
- package/dist/agents/111-dynamic-eval-detector.js.map +1 -0
- package/dist/agents/112-taint-tracker.d.ts +226 -0
- package/dist/agents/112-taint-tracker.d.ts.map +1 -0
- package/dist/agents/112-taint-tracker.js +1273 -0
- package/dist/agents/112-taint-tracker.js.map +1 -0
- package/dist/agents/113-response-contract-auditor.d.ts +92 -0
- package/dist/agents/113-response-contract-auditor.d.ts.map +1 -0
- package/dist/agents/113-response-contract-auditor.js +694 -0
- package/dist/agents/113-response-contract-auditor.js.map +1 -0
- package/dist/agents/114-static-a11y-auditor.d.ts +66 -0
- package/dist/agents/114-static-a11y-auditor.d.ts.map +1 -0
- package/dist/agents/114-static-a11y-auditor.js +377 -0
- package/dist/agents/114-static-a11y-auditor.js.map +1 -0
- package/dist/agents/115-multihop-taint-tracker.d.ts +84 -0
- package/dist/agents/115-multihop-taint-tracker.d.ts.map +1 -0
- package/dist/agents/115-multihop-taint-tracker.js +340 -0
- package/dist/agents/115-multihop-taint-tracker.js.map +1 -0
- package/dist/agents/116-runtime-contract-capture.d.ts +79 -0
- package/dist/agents/116-runtime-contract-capture.d.ts.map +1 -0
- package/dist/agents/116-runtime-contract-capture.js +274 -0
- package/dist/agents/116-runtime-contract-capture.js.map +1 -0
- package/dist/agents/117-aria-rule-engine.d.ts +52 -0
- package/dist/agents/117-aria-rule-engine.d.ts.map +1 -0
- package/dist/agents/117-aria-rule-engine.js +415 -0
- package/dist/agents/117-aria-rule-engine.js.map +1 -0
- package/dist/agents/118-insecure-crypto-auditor.d.ts +48 -0
- package/dist/agents/118-insecure-crypto-auditor.d.ts.map +1 -0
- package/dist/agents/118-insecure-crypto-auditor.js +232 -0
- package/dist/agents/118-insecure-crypto-auditor.js.map +1 -0
- package/dist/agents/119-secrets-scanner.d.ts +44 -0
- package/dist/agents/119-secrets-scanner.d.ts.map +1 -0
- package/dist/agents/119-secrets-scanner.js +242 -0
- package/dist/agents/119-secrets-scanner.js.map +1 -0
- package/dist/agents/12-ux-inspector.d.ts +2 -2
- package/dist/agents/12-ux-inspector.d.ts.map +1 -1
- package/dist/agents/12-ux-inspector.js +8 -4
- package/dist/agents/12-ux-inspector.js.map +1 -1
- package/dist/agents/120-async-safety-auditor.d.ts +48 -0
- package/dist/agents/120-async-safety-auditor.d.ts.map +1 -0
- package/dist/agents/120-async-safety-auditor.js +250 -0
- package/dist/agents/120-async-safety-auditor.js.map +1 -0
- package/dist/agents/13-performance-profiler.d.ts +2 -2
- package/dist/agents/13-performance-profiler.d.ts.map +1 -1
- package/dist/agents/13-performance-profiler.js +5 -4
- package/dist/agents/13-performance-profiler.js.map +1 -1
- package/dist/agents/14-data-integrity-auditor.d.ts +2 -2
- package/dist/agents/14-data-integrity-auditor.js +4 -4
- package/dist/agents/14-data-integrity-auditor.js.map +1 -1
- package/dist/agents/15-regression-sentinel.d.ts +6 -5
- package/dist/agents/15-regression-sentinel.d.ts.map +1 -1
- package/dist/agents/15-regression-sentinel.js +5 -4
- package/dist/agents/15-regression-sentinel.js.map +1 -1
- package/dist/agents/16-chaos-agent.d.ts +2 -2
- package/dist/agents/16-chaos-agent.d.ts.map +1 -1
- package/dist/agents/16-chaos-agent.js +11 -4
- package/dist/agents/16-chaos-agent.js.map +1 -1
- package/dist/agents/17-documentation-validator.d.ts +2 -2
- package/dist/agents/17-documentation-validator.d.ts.map +1 -1
- package/dist/agents/17-documentation-validator.js +5 -2
- package/dist/agents/17-documentation-validator.js.map +1 -1
- package/dist/agents/18-integration-watchdog.d.ts +2 -2
- package/dist/agents/18-integration-watchdog.d.ts.map +1 -1
- package/dist/agents/18-integration-watchdog.js +5 -2
- package/dist/agents/18-integration-watchdog.js.map +1 -1
- package/dist/agents/19-tenant-isolation-auditor.d.ts +2 -2
- package/dist/agents/19-tenant-isolation-auditor.js +4 -4
- package/dist/agents/19-tenant-isolation-auditor.js.map +1 -1
- package/dist/agents/20-workflow-completion-tester.d.ts +2 -2
- package/dist/agents/20-workflow-completion-tester.d.ts.map +1 -1
- package/dist/agents/20-workflow-completion-tester.js +10 -6
- package/dist/agents/20-workflow-completion-tester.js.map +1 -1
- package/dist/agents/21-state-session-tester.d.ts +2 -2
- package/dist/agents/21-state-session-tester.d.ts.map +1 -1
- package/dist/agents/21-state-session-tester.js +15 -5
- package/dist/agents/21-state-session-tester.js.map +1 -1
- package/dist/agents/22-email-notification-verifier.d.ts +2 -2
- package/dist/agents/22-email-notification-verifier.js +2 -2
- package/dist/agents/23-migration-tester.d.ts +2 -2
- package/dist/agents/23-migration-tester.js +1 -1
- package/dist/agents/24-signup-onboarding-tester.d.ts +2 -2
- package/dist/agents/24-signup-onboarding-tester.d.ts.map +1 -1
- package/dist/agents/24-signup-onboarding-tester.js +13 -10
- package/dist/agents/24-signup-onboarding-tester.js.map +1 -1
- package/dist/agents/25-crud-flow-tester.d.ts +2 -2
- package/dist/agents/25-crud-flow-tester.d.ts.map +1 -1
- package/dist/agents/25-crud-flow-tester.js +12 -6
- package/dist/agents/25-crud-flow-tester.js.map +1 -1
- package/dist/agents/26-form-validator.d.ts +2 -2
- package/dist/agents/26-form-validator.d.ts.map +1 -1
- package/dist/agents/26-form-validator.js +12 -6
- package/dist/agents/26-form-validator.js.map +1 -1
- package/dist/agents/27-search-filter-tester.d.ts +2 -2
- package/dist/agents/27-search-filter-tester.d.ts.map +1 -1
- package/dist/agents/27-search-filter-tester.js +12 -6
- package/dist/agents/27-search-filter-tester.js.map +1 -1
- package/dist/agents/28-navigation-routing-tester.d.ts +2 -2
- package/dist/agents/28-navigation-routing-tester.d.ts.map +1 -1
- package/dist/agents/28-navigation-routing-tester.js +12 -6
- package/dist/agents/28-navigation-routing-tester.js.map +1 -1
- package/dist/agents/29-responsive-interaction-tester.d.ts +2 -2
- package/dist/agents/29-responsive-interaction-tester.d.ts.map +1 -1
- package/dist/agents/29-responsive-interaction-tester.js +12 -6
- package/dist/agents/29-responsive-interaction-tester.js.map +1 -1
- package/dist/agents/30-multi-user-scenario-tester.d.ts +2 -2
- package/dist/agents/30-multi-user-scenario-tester.d.ts.map +1 -1
- package/dist/agents/30-multi-user-scenario-tester.js +20 -13
- package/dist/agents/30-multi-user-scenario-tester.js.map +1 -1
- package/dist/agents/31-load-tester.d.ts +2 -2
- package/dist/agents/31-load-tester.js +2 -2
- package/dist/agents/32-memory-leak-detector.d.ts +2 -2
- package/dist/agents/32-memory-leak-detector.d.ts.map +1 -1
- package/dist/agents/32-memory-leak-detector.js +5 -4
- package/dist/agents/32-memory-leak-detector.js.map +1 -1
- package/dist/agents/33-bundle-analyzer.d.ts +2 -2
- package/dist/agents/33-bundle-analyzer.js +1 -1
- package/dist/agents/34-xss-scanner.d.ts +2 -2
- package/dist/agents/34-xss-scanner.d.ts.map +1 -1
- package/dist/agents/34-xss-scanner.js +12 -6
- package/dist/agents/34-xss-scanner.js.map +1 -1
- package/dist/agents/35-csrf-tester.d.ts +2 -2
- package/dist/agents/35-csrf-tester.js +2 -2
- package/dist/agents/36-auth-fuzzer.d.ts +2 -2
- package/dist/agents/36-auth-fuzzer.js +2 -2
- package/dist/agents/37-dependency-scanner.d.ts +2 -2
- package/dist/agents/37-dependency-scanner.js +1 -1
- package/dist/agents/38-secrets-scanner.d.ts +2 -2
- package/dist/agents/38-secrets-scanner.d.ts.map +1 -1
- package/dist/agents/38-secrets-scanner.js +39 -4
- package/dist/agents/38-secrets-scanner.js.map +1 -1
- package/dist/agents/39-api-contract-tester.d.ts +2 -2
- package/dist/agents/39-api-contract-tester.js +2 -2
- package/dist/agents/40-rate-limit-tester.d.ts +2 -2
- package/dist/agents/40-rate-limit-tester.js +2 -2
- package/dist/agents/41-api-pagination-tester.d.ts +2 -2
- package/dist/agents/41-api-pagination-tester.js +2 -2
- package/dist/agents/42-graphql-tester.d.ts +2 -2
- package/dist/agents/42-graphql-tester.js +2 -2
- package/dist/agents/43-data-consistency-checker.d.ts +2 -2
- package/dist/agents/43-data-consistency-checker.js +3 -3
- package/dist/agents/44-backup-recovery-tester.d.ts +2 -2
- package/dist/agents/44-backup-recovery-tester.js +1 -1
- package/dist/agents/45-data-privacy-scanner.d.ts +2 -2
- package/dist/agents/45-data-privacy-scanner.js +3 -3
- package/dist/agents/46-seo-auditor.d.ts +2 -2
- package/dist/agents/46-seo-auditor.d.ts.map +1 -1
- package/dist/agents/46-seo-auditor.js +12 -6
- package/dist/agents/46-seo-auditor.js.map +1 -1
- package/dist/agents/47-social-preview-tester.d.ts +2 -2
- package/dist/agents/47-social-preview-tester.d.ts.map +1 -1
- package/dist/agents/47-social-preview-tester.js +12 -6
- package/dist/agents/47-social-preview-tester.js.map +1 -1
- package/dist/agents/48-lighthouse-auditor.d.ts +2 -2
- package/dist/agents/48-lighthouse-auditor.d.ts.map +1 -1
- package/dist/agents/48-lighthouse-auditor.js +5 -4
- package/dist/agents/48-lighthouse-auditor.js.map +1 -1
- package/dist/agents/49-i18n-tester.d.ts +2 -2
- package/dist/agents/49-i18n-tester.d.ts.map +1 -1
- package/dist/agents/49-i18n-tester.js +12 -6
- package/dist/agents/49-i18n-tester.js.map +1 -1
- package/dist/agents/50-timezone-tester.d.ts +2 -2
- package/dist/agents/50-timezone-tester.d.ts.map +1 -1
- package/dist/agents/50-timezone-tester.js +40 -33
- package/dist/agents/50-timezone-tester.js.map +1 -1
- package/dist/agents/51-error-recovery-tester.d.ts +2 -2
- package/dist/agents/51-error-recovery-tester.d.ts.map +1 -1
- package/dist/agents/51-error-recovery-tester.js +12 -7
- package/dist/agents/51-error-recovery-tester.js.map +1 -1
- package/dist/agents/52-offline-mode-tester.d.ts +2 -2
- package/dist/agents/52-offline-mode-tester.d.ts.map +1 -1
- package/dist/agents/52-offline-mode-tester.js +12 -7
- package/dist/agents/52-offline-mode-tester.js.map +1 -1
- package/dist/agents/53-graceful-degradation-tester.d.ts +2 -2
- package/dist/agents/53-graceful-degradation-tester.d.ts.map +1 -1
- package/dist/agents/53-graceful-degradation-tester.js +10 -3
- package/dist/agents/53-graceful-degradation-tester.js.map +1 -1
- package/dist/agents/54-websocket-tester.d.ts +2 -2
- package/dist/agents/54-websocket-tester.d.ts.map +1 -1
- package/dist/agents/54-websocket-tester.js +12 -6
- package/dist/agents/54-websocket-tester.js.map +1 -1
- package/dist/agents/55-realtime-sync-tester.d.ts +2 -2
- package/dist/agents/55-realtime-sync-tester.d.ts.map +1 -1
- package/dist/agents/55-realtime-sync-tester.js +101 -96
- package/dist/agents/55-realtime-sync-tester.js.map +1 -1
- package/dist/agents/56-file-upload-tester.d.ts +2 -2
- package/dist/agents/56-file-upload-tester.d.ts.map +1 -1
- package/dist/agents/56-file-upload-tester.js +17 -13
- package/dist/agents/56-file-upload-tester.js.map +1 -1
- package/dist/agents/57-export-tester.d.ts +2 -2
- package/dist/agents/57-export-tester.d.ts.map +1 -1
- package/dist/agents/57-export-tester.js +8 -4
- package/dist/agents/57-export-tester.js.map +1 -1
- package/dist/agents/58-payment-flow-tester.d.ts +2 -2
- package/dist/agents/58-payment-flow-tester.d.ts.map +1 -1
- package/dist/agents/58-payment-flow-tester.js +8 -4
- package/dist/agents/58-payment-flow-tester.js.map +1 -1
- package/dist/agents/59-ssl-tls-auditor.d.ts +2 -2
- package/dist/agents/59-ssl-tls-auditor.js +2 -2
- package/dist/agents/60-dns-cdn-tester.d.ts +2 -2
- package/dist/agents/60-dns-cdn-tester.js +2 -2
- package/dist/agents/61-docker-health-checker.d.ts +2 -2
- package/dist/agents/61-docker-health-checker.js +1 -1
- package/dist/agents/62-env-config-validator.d.ts +2 -2
- package/dist/agents/62-env-config-validator.js +1 -1
- package/dist/agents/63-log-quality-auditor.d.ts +2 -2
- package/dist/agents/63-log-quality-auditor.js +1 -1
- package/dist/agents/64-analytics-tracker-tester.d.ts +2 -2
- package/dist/agents/64-analytics-tracker-tester.d.ts.map +1 -1
- package/dist/agents/64-analytics-tracker-tester.js +8 -4
- package/dist/agents/64-analytics-tracker-tester.js.map +1 -1
- package/dist/agents/65-gdpr-compliance-tester.d.ts +2 -2
- package/dist/agents/65-gdpr-compliance-tester.d.ts.map +1 -1
- package/dist/agents/65-gdpr-compliance-tester.js +55 -40
- package/dist/agents/65-gdpr-compliance-tester.js.map +1 -1
- package/dist/agents/66-soc2-control-validator.d.ts +2 -2
- package/dist/agents/66-soc2-control-validator.d.ts.map +1 -1
- package/dist/agents/66-soc2-control-validator.js +29 -21
- package/dist/agents/66-soc2-control-validator.js.map +1 -1
- package/dist/agents/67-wcag-aaa-tester.d.ts +2 -2
- package/dist/agents/67-wcag-aaa-tester.d.ts.map +1 -1
- package/dist/agents/67-wcag-aaa-tester.js +12 -6
- package/dist/agents/67-wcag-aaa-tester.js.map +1 -1
- package/dist/agents/68-dead-code-detector.d.ts +2 -2
- package/dist/agents/68-dead-code-detector.d.ts.map +1 -1
- package/dist/agents/68-dead-code-detector.js +6 -3
- package/dist/agents/68-dead-code-detector.js.map +1 -1
- package/dist/agents/69-type-safety-auditor.d.ts +2 -2
- package/dist/agents/69-type-safety-auditor.js +1 -1
- package/dist/agents/70-complexity-analyzer.d.ts +2 -2
- package/dist/agents/70-complexity-analyzer.js +1 -1
- package/dist/agents/71-unit-testing-agent.d.ts +15 -0
- package/dist/agents/71-unit-testing-agent.d.ts.map +1 -0
- package/dist/agents/71-unit-testing-agent.js +220 -0
- package/dist/agents/71-unit-testing-agent.js.map +1 -0
- package/dist/agents/72-integration-testing-agent.d.ts +13 -0
- package/dist/agents/72-integration-testing-agent.d.ts.map +1 -0
- package/dist/agents/72-integration-testing-agent.js +243 -0
- package/dist/agents/72-integration-testing-agent.js.map +1 -0
- package/dist/agents/73-system-testing-agent.d.ts +11 -0
- package/dist/agents/73-system-testing-agent.d.ts.map +1 -0
- package/dist/agents/73-system-testing-agent.js +175 -0
- package/dist/agents/73-system-testing-agent.js.map +1 -0
- package/dist/agents/74-acceptance-testing-agent.d.ts +13 -0
- package/dist/agents/74-acceptance-testing-agent.d.ts.map +1 -0
- package/dist/agents/74-acceptance-testing-agent.js +254 -0
- package/dist/agents/74-acceptance-testing-agent.js.map +1 -0
- package/dist/agents/75-sanity-testing-agent.d.ts +15 -0
- package/dist/agents/75-sanity-testing-agent.d.ts.map +1 -0
- package/dist/agents/75-sanity-testing-agent.js +240 -0
- package/dist/agents/75-sanity-testing-agent.js.map +1 -0
- package/dist/agents/76-regression-testing-agent.d.ts +14 -0
- package/dist/agents/76-regression-testing-agent.d.ts.map +1 -0
- package/dist/agents/76-regression-testing-agent.js +230 -0
- package/dist/agents/76-regression-testing-agent.js.map +1 -0
- package/dist/agents/77-browser-load-testing-agent.d.ts +11 -0
- package/dist/agents/77-browser-load-testing-agent.d.ts.map +1 -0
- package/dist/agents/77-browser-load-testing-agent.js +128 -0
- package/dist/agents/77-browser-load-testing-agent.js.map +1 -0
- package/dist/agents/78-stress-testing-agent.d.ts +11 -0
- package/dist/agents/78-stress-testing-agent.d.ts.map +1 -0
- package/dist/agents/78-stress-testing-agent.js +146 -0
- package/dist/agents/78-stress-testing-agent.js.map +1 -0
- package/dist/agents/79-endurance-testing-agent.d.ts +12 -0
- package/dist/agents/79-endurance-testing-agent.d.ts.map +1 -0
- package/dist/agents/79-endurance-testing-agent.js +165 -0
- package/dist/agents/79-endurance-testing-agent.js.map +1 -0
- package/dist/agents/80-usability-testing-agent.d.ts +11 -0
- package/dist/agents/80-usability-testing-agent.d.ts.map +1 -0
- package/dist/agents/80-usability-testing-agent.js +196 -0
- package/dist/agents/80-usability-testing-agent.js.map +1 -0
- package/dist/agents/81-compatibility-testing-agent.d.ts +11 -0
- package/dist/agents/81-compatibility-testing-agent.d.ts.map +1 -0
- package/dist/agents/81-compatibility-testing-agent.js +224 -0
- package/dist/agents/81-compatibility-testing-agent.js.map +1 -0
- package/dist/agents/82-exploratory-testing-agent.d.ts +14 -0
- package/dist/agents/82-exploratory-testing-agent.d.ts.map +1 -0
- package/dist/agents/82-exploratory-testing-agent.js +345 -0
- package/dist/agents/82-exploratory-testing-agent.js.map +1 -0
- package/dist/agents/83-static-analysis-agent.d.ts +14 -0
- package/dist/agents/83-static-analysis-agent.d.ts.map +1 -0
- package/dist/agents/83-static-analysis-agent.js +261 -0
- package/dist/agents/83-static-analysis-agent.js.map +1 -0
- package/dist/agents/84-governance-testing-agent.d.ts +28 -0
- package/dist/agents/84-governance-testing-agent.d.ts.map +1 -0
- package/dist/agents/84-governance-testing-agent.js +591 -0
- package/dist/agents/84-governance-testing-agent.js.map +1 -0
- package/dist/agents/85-stagehand-agent.d.ts +22 -0
- package/dist/agents/85-stagehand-agent.d.ts.map +1 -0
- package/dist/agents/85-stagehand-agent.js +81 -0
- package/dist/agents/85-stagehand-agent.js.map +1 -0
- package/dist/agents/86-browser-use-agent.d.ts +31 -0
- package/dist/agents/86-browser-use-agent.d.ts.map +1 -0
- package/dist/agents/86-browser-use-agent.js +121 -0
- package/dist/agents/86-browser-use-agent.js.map +1 -0
- package/dist/agents/87-connection-mapper.d.ts +93 -0
- package/dist/agents/87-connection-mapper.d.ts.map +1 -0
- package/dist/agents/87-connection-mapper.js +658 -0
- package/dist/agents/87-connection-mapper.js.map +1 -0
- package/dist/agents/88-localhost-walkthrough.d.ts +272 -0
- package/dist/agents/88-localhost-walkthrough.d.ts.map +1 -0
- package/dist/agents/88-localhost-walkthrough.js +1203 -0
- package/dist/agents/88-localhost-walkthrough.js.map +1 -0
- package/dist/agents/89-repair-retest.d.ts +63 -0
- package/dist/agents/89-repair-retest.d.ts.map +1 -0
- package/dist/agents/89-repair-retest.js +227 -0
- package/dist/agents/89-repair-retest.js.map +1 -0
- package/dist/agents/90-response-shape-validator.d.ts +35 -0
- package/dist/agents/90-response-shape-validator.d.ts.map +1 -0
- package/dist/agents/90-response-shape-validator.js +156 -0
- package/dist/agents/90-response-shape-validator.js.map +1 -0
- package/dist/agents/91-boundary-fuzzer.d.ts +99 -0
- package/dist/agents/91-boundary-fuzzer.d.ts.map +1 -0
- package/dist/agents/91-boundary-fuzzer.js +0 -0
- package/dist/agents/91-boundary-fuzzer.js.map +1 -0
- package/dist/agents/92-repair-simulator.d.ts +89 -0
- package/dist/agents/92-repair-simulator.d.ts.map +1 -0
- package/dist/agents/92-repair-simulator.js +401 -0
- package/dist/agents/92-repair-simulator.js.map +1 -0
- package/dist/agents/93-env-var-auditor.d.ts +64 -0
- package/dist/agents/93-env-var-auditor.d.ts.map +1 -0
- package/dist/agents/93-env-var-auditor.js +435 -0
- package/dist/agents/93-env-var-auditor.js.map +1 -0
- package/dist/agents/94-schema-validator.d.ts +148 -0
- package/dist/agents/94-schema-validator.d.ts.map +1 -0
- package/dist/agents/94-schema-validator.js +567 -0
- package/dist/agents/94-schema-validator.js.map +1 -0
- package/dist/agents/95-contract-drift.d.ts +87 -0
- package/dist/agents/95-contract-drift.d.ts.map +1 -0
- package/dist/agents/95-contract-drift.js +335 -0
- package/dist/agents/95-contract-drift.js.map +1 -0
- package/dist/agents/96-cookie-security-auditor.d.ts +86 -0
- package/dist/agents/96-cookie-security-auditor.d.ts.map +1 -0
- package/dist/agents/96-cookie-security-auditor.js +339 -0
- package/dist/agents/96-cookie-security-auditor.js.map +1 -0
- package/dist/agents/97-healthcheck-validator.d.ts +62 -0
- package/dist/agents/97-healthcheck-validator.d.ts.map +1 -0
- package/dist/agents/97-healthcheck-validator.js +204 -0
- package/dist/agents/97-healthcheck-validator.js.map +1 -0
- package/dist/agents/98-cors-csp-auditor.d.ts +70 -0
- package/dist/agents/98-cors-csp-auditor.d.ts.map +1 -0
- package/dist/agents/98-cors-csp-auditor.js +308 -0
- package/dist/agents/98-cors-csp-auditor.js.map +1 -0
- package/dist/agents/99-logging-hygiene-auditor.d.ts +67 -0
- package/dist/agents/99-logging-hygiene-auditor.d.ts.map +1 -0
- package/dist/agents/99-logging-hygiene-auditor.js +325 -0
- package/dist/agents/99-logging-hygiene-auditor.js.map +1 -0
- package/dist/agents/base-agent.d.ts +74 -4
- package/dist/agents/base-agent.d.ts.map +1 -1
- package/dist/agents/base-agent.js +106 -1
- package/dist/agents/base-agent.js.map +1 -1
- package/dist/agents/browser-use-client.d.ts +68 -0
- package/dist/agents/browser-use-client.d.ts.map +1 -0
- package/dist/agents/browser-use-client.js +92 -0
- package/dist/agents/browser-use-client.js.map +1 -0
- package/dist/agents/lib/source-scan.d.ts +53 -0
- package/dist/agents/lib/source-scan.d.ts.map +1 -0
- package/dist/agents/lib/source-scan.js +279 -0
- package/dist/agents/lib/source-scan.js.map +1 -0
- package/dist/agents/registry.d.ts +27 -9
- package/dist/agents/registry.d.ts.map +1 -1
- package/dist/agents/registry.js +365 -151
- package/dist/agents/registry.js.map +1 -1
- package/dist/agents/stagehand-runner.d.ts +104 -0
- package/dist/agents/stagehand-runner.d.ts.map +1 -0
- package/dist/agents/stagehand-runner.js +153 -0
- package/dist/agents/stagehand-runner.js.map +1 -0
- package/dist/bridge/agent-registry.d.ts +21 -0
- package/dist/bridge/agent-registry.d.ts.map +1 -0
- package/dist/bridge/agent-registry.js +224 -0
- package/dist/bridge/agent-registry.js.map +1 -0
- package/dist/bridge/api-contract-reader.d.ts +55 -0
- package/dist/bridge/api-contract-reader.d.ts.map +1 -0
- package/dist/bridge/api-contract-reader.js +103 -0
- package/dist/bridge/api-contract-reader.js.map +1 -0
- package/dist/bridge/compliance-reader.d.ts +47 -0
- package/dist/bridge/compliance-reader.d.ts.map +1 -0
- package/dist/bridge/compliance-reader.js +91 -0
- package/dist/bridge/compliance-reader.js.map +1 -0
- package/dist/bridge/data-integrity-reader.d.ts +77 -0
- package/dist/bridge/data-integrity-reader.d.ts.map +1 -0
- package/dist/bridge/data-integrity-reader.js +110 -0
- package/dist/bridge/data-integrity-reader.js.map +1 -0
- package/dist/bridge/design-reader.d.ts +51 -0
- package/dist/bridge/design-reader.d.ts.map +1 -0
- package/dist/bridge/design-reader.js +105 -0
- package/dist/bridge/design-reader.js.map +1 -0
- package/dist/bridge/file-scanner.d.ts +21 -0
- package/dist/bridge/file-scanner.d.ts.map +1 -0
- package/dist/bridge/file-scanner.js +117 -0
- package/dist/bridge/file-scanner.js.map +1 -0
- package/dist/bridge/finding-normalize.d.ts +24 -0
- package/dist/bridge/finding-normalize.d.ts.map +1 -0
- package/dist/bridge/finding-normalize.js +46 -0
- package/dist/bridge/finding-normalize.js.map +1 -0
- package/dist/bridge/http-client.d.ts +44 -0
- package/dist/bridge/http-client.d.ts.map +1 -0
- package/dist/bridge/http-client.js +130 -0
- package/dist/bridge/http-client.js.map +1 -0
- package/dist/bridge/knowledge-reader.d.ts +10 -0
- package/dist/bridge/knowledge-reader.d.ts.map +1 -0
- package/dist/bridge/knowledge-reader.js +46 -0
- package/dist/bridge/knowledge-reader.js.map +1 -0
- package/dist/bridge/loop-engine-reader.d.ts +77 -0
- package/dist/bridge/loop-engine-reader.d.ts.map +1 -0
- package/dist/bridge/loop-engine-reader.js +73 -0
- package/dist/bridge/loop-engine-reader.js.map +1 -0
- package/dist/bridge/playwright-pool.d.ts +33 -0
- package/dist/bridge/playwright-pool.d.ts.map +1 -0
- package/dist/bridge/playwright-pool.js +89 -0
- package/dist/bridge/playwright-pool.js.map +1 -0
- package/dist/bridge/rate-limiter.d.ts +40 -0
- package/dist/bridge/rate-limiter.d.ts.map +1 -0
- package/dist/bridge/rate-limiter.js +33 -0
- package/dist/bridge/rate-limiter.js.map +1 -0
- package/dist/bridge/reliability-reader.d.ts +67 -0
- package/dist/bridge/reliability-reader.d.ts.map +1 -0
- package/dist/bridge/reliability-reader.js +146 -0
- package/dist/bridge/reliability-reader.js.map +1 -0
- package/dist/bridge/router.d.ts +26 -0
- package/dist/bridge/router.d.ts.map +1 -0
- package/dist/bridge/router.js +137 -0
- package/dist/bridge/router.js.map +1 -0
- package/dist/bridge/run-stream.d.ts +47 -0
- package/dist/bridge/run-stream.d.ts.map +1 -0
- package/dist/bridge/run-stream.js +67 -0
- package/dist/bridge/run-stream.js.map +1 -0
- package/dist/bridge/runs-reader.d.ts +41 -0
- package/dist/bridge/runs-reader.d.ts.map +1 -0
- package/dist/bridge/runs-reader.js +185 -0
- package/dist/bridge/runs-reader.js.map +1 -0
- package/dist/bridge/sentinel-reader.d.ts +55 -0
- package/dist/bridge/sentinel-reader.d.ts.map +1 -0
- package/dist/bridge/sentinel-reader.js +88 -0
- package/dist/bridge/sentinel-reader.js.map +1 -0
- package/dist/bridge/server.d.ts +83 -0
- package/dist/bridge/server.d.ts.map +1 -0
- package/dist/bridge/server.js +1103 -0
- package/dist/bridge/server.js.map +1 -0
- package/dist/bridge/shell-executor.d.ts +49 -0
- package/dist/bridge/shell-executor.d.ts.map +1 -0
- package/dist/bridge/shell-executor.js +181 -0
- package/dist/bridge/shell-executor.js.map +1 -0
- package/dist/bridge/tech-debt-reader.d.ts +57 -0
- package/dist/bridge/tech-debt-reader.d.ts.map +1 -0
- package/dist/bridge/tech-debt-reader.js +119 -0
- package/dist/bridge/tech-debt-reader.js.map +1 -0
- package/dist/bridge/types.d.ts +63 -0
- package/dist/bridge/types.d.ts.map +1 -0
- package/dist/bridge/types.js +7 -0
- package/dist/bridge/types.js.map +1 -0
- package/dist/clients/agent-mvp.d.ts +3 -1
- package/dist/clients/agent-mvp.d.ts.map +1 -1
- package/dist/clients/agent-mvp.js +16 -5
- package/dist/clients/agent-mvp.js.map +1 -1
- package/dist/clients/llm-council.d.ts +47 -0
- package/dist/clients/llm-council.d.ts.map +1 -0
- package/dist/clients/llm-council.js +52 -0
- package/dist/clients/llm-council.js.map +1 -0
- package/dist/clients/total-recall.d.ts +2 -2
- package/dist/clients/total-recall.d.ts.map +1 -1
- package/dist/clients/total-recall.js +18 -3
- package/dist/clients/total-recall.js.map +1 -1
- package/dist/core/agent-contract.d.ts +21 -0
- package/dist/core/agent-contract.d.ts.map +1 -0
- package/dist/core/agent-contract.js +18 -0
- package/dist/core/agent-contract.js.map +1 -0
- package/dist/core/api-contract/api-contract-validator.d.ts +178 -0
- package/dist/core/api-contract/api-contract-validator.d.ts.map +1 -0
- package/dist/core/api-contract/api-contract-validator.js +796 -0
- package/dist/core/api-contract/api-contract-validator.js.map +1 -0
- package/dist/core/api-contract/index.d.ts +16 -0
- package/dist/core/api-contract/index.d.ts.map +1 -0
- package/dist/core/api-contract/index.js +24 -0
- package/dist/core/api-contract/index.js.map +1 -0
- package/dist/core/api-contract/types.d.ts +235 -0
- package/dist/core/api-contract/types.d.ts.map +1 -0
- package/dist/core/api-contract/types.js +27 -0
- package/dist/core/api-contract/types.js.map +1 -0
- package/dist/core/blackboard/blackboard.d.ts +34 -0
- package/dist/core/blackboard/blackboard.d.ts.map +1 -0
- package/dist/core/blackboard/blackboard.js +133 -0
- package/dist/core/blackboard/blackboard.js.map +1 -0
- package/dist/core/blackboard/coordination.d.ts +27 -0
- package/dist/core/blackboard/coordination.d.ts.map +1 -0
- package/dist/core/blackboard/coordination.js +31 -0
- package/dist/core/blackboard/coordination.js.map +1 -0
- package/dist/core/blackboard/direct-channel.d.ts +26 -0
- package/dist/core/blackboard/direct-channel.d.ts.map +1 -0
- package/dist/core/blackboard/direct-channel.js +26 -0
- package/dist/core/blackboard/direct-channel.js.map +1 -0
- package/dist/core/blackboard/index.d.ts +10 -0
- package/dist/core/blackboard/index.d.ts.map +1 -0
- package/dist/core/blackboard/index.js +4 -0
- package/dist/core/blackboard/index.js.map +1 -0
- package/dist/core/blackboard/types.d.ts +36 -0
- package/dist/core/blackboard/types.d.ts.map +1 -0
- package/dist/core/blackboard/types.js +2 -0
- package/dist/core/blackboard/types.js.map +1 -0
- package/dist/core/canvas/schema.d.ts +81 -0
- package/dist/core/canvas/schema.d.ts.map +1 -0
- package/dist/core/canvas/schema.js +144 -0
- package/dist/core/canvas/schema.js.map +1 -0
- package/dist/core/canvas/store.d.ts +41 -0
- package/dist/core/canvas/store.d.ts.map +1 -0
- package/dist/core/canvas/store.js +121 -0
- package/dist/core/canvas/store.js.map +1 -0
- package/dist/core/ci-output.d.ts +1 -1
- package/dist/core/ci-output.d.ts.map +1 -1
- package/dist/core/ci-output.js +2 -0
- package/dist/core/ci-output.js.map +1 -1
- package/dist/core/cli.d.ts +12 -1
- package/dist/core/cli.d.ts.map +1 -1
- package/dist/core/cli.js +308 -43
- package/dist/core/cli.js.map +1 -1
- package/dist/core/compliance/auditor.d.ts +119 -0
- package/dist/core/compliance/auditor.d.ts.map +1 -0
- package/dist/core/compliance/auditor.js +577 -0
- package/dist/core/compliance/auditor.js.map +1 -0
- package/dist/core/compliance/index.d.ts +11 -0
- package/dist/core/compliance/index.d.ts.map +1 -0
- package/dist/core/compliance/index.js +10 -0
- package/dist/core/compliance/index.js.map +1 -0
- package/dist/core/compliance/types.d.ts +174 -0
- package/dist/core/compliance/types.d.ts.map +1 -0
- package/dist/core/compliance/types.js +12 -0
- package/dist/core/compliance/types.js.map +1 -0
- package/dist/core/conductor/conductor.d.ts +37 -0
- package/dist/core/conductor/conductor.d.ts.map +1 -0
- package/dist/core/conductor/conductor.js +96 -0
- package/dist/core/conductor/conductor.js.map +1 -0
- package/dist/core/conductor/index.d.ts +9 -0
- package/dist/core/conductor/index.d.ts.map +1 -0
- package/dist/core/conductor/index.js +3 -0
- package/dist/core/conductor/index.js.map +1 -0
- package/dist/core/conductor/model-router.d.ts +17 -0
- package/dist/core/conductor/model-router.d.ts.map +1 -0
- package/dist/core/conductor/model-router.js +29 -0
- package/dist/core/conductor/model-router.js.map +1 -0
- package/dist/core/conductor/types.d.ts +33 -0
- package/dist/core/conductor/types.d.ts.map +1 -0
- package/dist/core/conductor/types.js +2 -0
- package/dist/core/conductor/types.js.map +1 -0
- package/dist/core/config.d.ts +148 -1
- package/dist/core/config.d.ts.map +1 -1
- package/dist/core/config.js +53 -4
- package/dist/core/config.js.map +1 -1
- package/dist/core/data-integrity/data-integrity.d.ts +291 -0
- package/dist/core/data-integrity/data-integrity.d.ts.map +1 -0
- package/dist/core/data-integrity/data-integrity.js +892 -0
- package/dist/core/data-integrity/data-integrity.js.map +1 -0
- package/dist/core/data-integrity/index.d.ts +16 -0
- package/dist/core/data-integrity/index.d.ts.map +1 -0
- package/dist/core/data-integrity/index.js +17 -0
- package/dist/core/data-integrity/index.js.map +1 -0
- package/dist/core/data-integrity/types.d.ts +236 -0
- package/dist/core/data-integrity/types.d.ts.map +1 -0
- package/dist/core/data-integrity/types.js +14 -0
- package/dist/core/data-integrity/types.js.map +1 -0
- package/dist/core/disaster-recovery/index.d.ts +13 -0
- package/dist/core/disaster-recovery/index.d.ts.map +1 -0
- package/dist/core/disaster-recovery/index.js +3 -0
- package/dist/core/disaster-recovery/index.js.map +1 -0
- package/dist/core/disaster-recovery/simulator.d.ts +158 -0
- package/dist/core/disaster-recovery/simulator.d.ts.map +1 -0
- package/dist/core/disaster-recovery/simulator.js +553 -0
- package/dist/core/disaster-recovery/simulator.js.map +1 -0
- package/dist/core/disaster-recovery/types.d.ts +299 -0
- package/dist/core/disaster-recovery/types.d.ts.map +1 -0
- package/dist/core/disaster-recovery/types.js +33 -0
- package/dist/core/disaster-recovery/types.js.map +1 -0
- package/dist/core/escalation/heal-or-ask.d.ts +20 -0
- package/dist/core/escalation/heal-or-ask.d.ts.map +1 -0
- package/dist/core/escalation/heal-or-ask.js +19 -0
- package/dist/core/escalation/heal-or-ask.js.map +1 -0
- package/dist/core/escalation/index.d.ts +9 -0
- package/dist/core/escalation/index.d.ts.map +1 -0
- package/dist/core/escalation/index.js +3 -0
- package/dist/core/escalation/index.js.map +1 -0
- package/dist/core/escalation/pause-gate.d.ts +48 -0
- package/dist/core/escalation/pause-gate.d.ts.map +1 -0
- package/dist/core/escalation/pause-gate.js +96 -0
- package/dist/core/escalation/pause-gate.js.map +1 -0
- package/dist/core/escalation/types.d.ts +33 -0
- package/dist/core/escalation/types.d.ts.map +1 -0
- package/dist/core/escalation/types.js +9 -0
- package/dist/core/escalation/types.js.map +1 -0
- package/dist/core/evidence.d.ts +32 -1
- package/dist/core/evidence.d.ts.map +1 -1
- package/dist/core/evidence.js +99 -1
- package/dist/core/evidence.js.map +1 -1
- package/dist/core/feature-bdd/fix.d.ts +84 -0
- package/dist/core/feature-bdd/fix.d.ts.map +1 -0
- package/dist/core/feature-bdd/fix.js +121 -0
- package/dist/core/feature-bdd/fix.js.map +1 -0
- package/dist/core/feature-bdd/generate.d.ts +96 -0
- package/dist/core/feature-bdd/generate.d.ts.map +1 -0
- package/dist/core/feature-bdd/generate.js +228 -0
- package/dist/core/feature-bdd/generate.js.map +1 -0
- package/dist/core/feature-bdd/llm-provider.d.ts +92 -0
- package/dist/core/feature-bdd/llm-provider.d.ts.map +1 -0
- package/dist/core/feature-bdd/llm-provider.js +187 -0
- package/dist/core/feature-bdd/llm-provider.js.map +1 -0
- package/dist/core/feature-bdd/run.d.ts +56 -0
- package/dist/core/feature-bdd/run.d.ts.map +1 -0
- package/dist/core/feature-bdd/run.js +175 -0
- package/dist/core/feature-bdd/run.js.map +1 -0
- package/dist/core/feature-bdd/schema.d.ts +111 -0
- package/dist/core/feature-bdd/schema.d.ts.map +1 -0
- package/dist/core/feature-bdd/schema.js +272 -0
- package/dist/core/feature-bdd/schema.js.map +1 -0
- package/dist/core/feature-bdd/store.d.ts +145 -0
- package/dist/core/feature-bdd/store.d.ts.map +1 -0
- package/dist/core/feature-bdd/store.js +470 -0
- package/dist/core/feature-bdd/store.js.map +1 -0
- package/dist/core/finding-correlation.d.ts +55 -0
- package/dist/core/finding-correlation.d.ts.map +1 -0
- package/dist/core/finding-correlation.js +96 -0
- package/dist/core/finding-correlation.js.map +1 -0
- package/dist/core/fix-loop.d.ts +20 -1
- package/dist/core/fix-loop.d.ts.map +1 -1
- package/dist/core/fix-loop.js +34 -0
- package/dist/core/fix-loop.js.map +1 -1
- package/dist/core/governance/calibration.d.ts +31 -0
- package/dist/core/governance/calibration.d.ts.map +1 -0
- package/dist/core/governance/calibration.js +78 -0
- package/dist/core/governance/calibration.js.map +1 -0
- package/dist/core/governance/degradation.d.ts +35 -0
- package/dist/core/governance/degradation.d.ts.map +1 -0
- package/dist/core/governance/degradation.js +25 -0
- package/dist/core/governance/degradation.js.map +1 -0
- package/dist/core/governance/ethical-constraint.d.ts +55 -0
- package/dist/core/governance/ethical-constraint.d.ts.map +1 -0
- package/dist/core/governance/ethical-constraint.js +98 -0
- package/dist/core/governance/ethical-constraint.js.map +1 -0
- package/dist/core/governance/index.d.ts +9 -0
- package/dist/core/governance/index.d.ts.map +1 -0
- package/dist/core/governance/index.js +9 -0
- package/dist/core/governance/index.js.map +1 -0
- package/dist/core/harness/audit-log.d.ts +12 -0
- package/dist/core/harness/audit-log.d.ts.map +1 -0
- package/dist/core/harness/audit-log.js +62 -0
- package/dist/core/harness/audit-log.js.map +1 -0
- package/dist/core/harness/authorization.d.ts +24 -0
- package/dist/core/harness/authorization.d.ts.map +1 -0
- package/dist/core/harness/authorization.js +48 -0
- package/dist/core/harness/authorization.js.map +1 -0
- package/dist/core/harness/harness.d.ts +64 -0
- package/dist/core/harness/harness.d.ts.map +1 -0
- package/dist/core/harness/harness.js +188 -0
- package/dist/core/harness/harness.js.map +1 -0
- package/dist/core/harness/index.d.ts +10 -0
- package/dist/core/harness/index.d.ts.map +1 -0
- package/dist/core/harness/index.js +4 -0
- package/dist/core/harness/index.js.map +1 -0
- package/dist/core/harness/types.d.ts +88 -0
- package/dist/core/harness/types.d.ts.map +1 -0
- package/dist/core/harness/types.js +2 -0
- package/dist/core/harness/types.js.map +1 -0
- package/dist/core/health-check.d.ts +6 -0
- package/dist/core/health-check.d.ts.map +1 -1
- package/dist/core/health-check.js +14 -2
- package/dist/core/health-check.js.map +1 -1
- package/dist/core/init.d.ts.map +1 -1
- package/dist/core/init.js +58 -18
- package/dist/core/init.js.map +1 -1
- package/dist/core/knowledge/cached-map.d.ts +17 -0
- package/dist/core/knowledge/cached-map.d.ts.map +1 -0
- package/dist/core/knowledge/cached-map.js +23 -0
- package/dist/core/knowledge/cached-map.js.map +1 -0
- package/dist/core/knowledge/index.d.ts +10 -0
- package/dist/core/knowledge/index.d.ts.map +1 -0
- package/dist/core/knowledge/index.js +4 -0
- package/dist/core/knowledge/index.js.map +1 -0
- package/dist/core/knowledge/system-map.d.ts +50 -0
- package/dist/core/knowledge/system-map.d.ts.map +1 -0
- package/dist/core/knowledge/system-map.js +121 -0
- package/dist/core/knowledge/system-map.js.map +1 -0
- package/dist/core/knowledge/traversal.d.ts +12 -0
- package/dist/core/knowledge/traversal.d.ts.map +1 -0
- package/dist/core/knowledge/traversal.js +37 -0
- package/dist/core/knowledge/traversal.js.map +1 -0
- package/dist/core/knowledge/types.d.ts +41 -0
- package/dist/core/knowledge/types.d.ts.map +1 -0
- package/dist/core/knowledge/types.js +2 -0
- package/dist/core/knowledge/types.js.map +1 -0
- package/dist/core/license-gen.d.ts +1 -1
- package/dist/core/license-gen.d.ts.map +1 -1
- package/dist/core/license-gen.js +10 -5
- package/dist/core/license-gen.js.map +1 -1
- package/dist/core/license.d.ts +12 -2
- package/dist/core/license.d.ts.map +1 -1
- package/dist/core/license.js +104 -28
- package/dist/core/license.js.map +1 -1
- package/dist/core/loop-engine/circuit-breaker.d.ts +24 -0
- package/dist/core/loop-engine/circuit-breaker.d.ts.map +1 -0
- package/dist/core/loop-engine/circuit-breaker.js +48 -0
- package/dist/core/loop-engine/circuit-breaker.js.map +1 -0
- package/dist/core/loop-engine/demo.d.ts +35 -0
- package/dist/core/loop-engine/demo.d.ts.map +1 -0
- package/dist/core/loop-engine/demo.js +71 -0
- package/dist/core/loop-engine/demo.js.map +1 -0
- package/dist/core/loop-engine/event-store.d.ts +8 -0
- package/dist/core/loop-engine/event-store.d.ts.map +1 -0
- package/dist/core/loop-engine/event-store.js +9 -0
- package/dist/core/loop-engine/event-store.js.map +1 -0
- package/dist/core/loop-engine/index.d.ts +11 -0
- package/dist/core/loop-engine/index.d.ts.map +1 -0
- package/dist/core/loop-engine/index.js +11 -0
- package/dist/core/loop-engine/index.js.map +1 -0
- package/dist/core/loop-engine/kernel.d.ts +66 -0
- package/dist/core/loop-engine/kernel.d.ts.map +1 -0
- package/dist/core/loop-engine/kernel.js +196 -0
- package/dist/core/loop-engine/kernel.js.map +1 -0
- package/dist/core/loop-engine/tracing.d.ts +12 -0
- package/dist/core/loop-engine/tracing.d.ts.map +1 -0
- package/dist/core/loop-engine/tracing.js +15 -0
- package/dist/core/loop-engine/tracing.js.map +1 -0
- package/dist/core/loop-engine/types.d.ts +92 -0
- package/dist/core/loop-engine/types.d.ts.map +1 -0
- package/dist/core/loop-engine/types.js +21 -0
- package/dist/core/loop-engine/types.js.map +1 -0
- package/dist/core/messages.d.ts +1 -1
- package/dist/core/messages.d.ts.map +1 -1
- package/dist/core/messages.js +101 -1
- package/dist/core/messages.js.map +1 -1
- package/dist/core/orchestrator.d.ts +79 -8
- package/dist/core/orchestrator.d.ts.map +1 -1
- package/dist/core/orchestrator.js +340 -33
- package/dist/core/orchestrator.js.map +1 -1
- package/dist/core/phase-gate.d.ts +2 -2
- package/dist/core/quality-score/calculator.d.ts +125 -0
- package/dist/core/quality-score/calculator.d.ts.map +1 -0
- package/dist/core/quality-score/calculator.js +489 -0
- package/dist/core/quality-score/calculator.js.map +1 -0
- package/dist/core/quality-score/from-run.d.ts +27 -0
- package/dist/core/quality-score/from-run.d.ts.map +1 -0
- package/dist/core/quality-score/from-run.js +64 -0
- package/dist/core/quality-score/from-run.js.map +1 -0
- package/dist/core/quality-score/index.d.ts +9 -0
- package/dist/core/quality-score/index.d.ts.map +1 -0
- package/dist/core/quality-score/index.js +9 -0
- package/dist/core/quality-score/index.js.map +1 -0
- package/dist/core/quality-score/types.d.ts +225 -0
- package/dist/core/quality-score/types.d.ts.map +1 -0
- package/dist/core/quality-score/types.js +26 -0
- package/dist/core/quality-score/types.js.map +1 -0
- package/dist/core/report-html-script.d.ts +3 -0
- package/dist/core/report-html-script.d.ts.map +1 -0
- package/dist/core/report-html-script.js +47 -0
- package/dist/core/report-html-script.js.map +1 -0
- package/dist/core/report-html-styles.d.ts +3 -0
- package/dist/core/report-html-styles.d.ts.map +1 -0
- package/dist/core/report-html-styles.js +231 -0
- package/dist/core/report-html-styles.js.map +1 -0
- package/dist/core/report-html.d.ts +1 -1
- package/dist/core/report-html.d.ts.map +1 -1
- package/dist/core/report-html.js +5 -280
- package/dist/core/report-html.js.map +1 -1
- package/dist/core/report-upload.d.ts +8 -0
- package/dist/core/report-upload.d.ts.map +1 -1
- package/dist/core/report-upload.js +17 -4
- package/dist/core/report-upload.js.map +1 -1
- package/dist/core/run-counter.d.ts.map +1 -1
- package/dist/core/run-counter.js +25 -1
- package/dist/core/run-counter.js.map +1 -1
- package/dist/core/run-events/emitter.d.ts +112 -0
- package/dist/core/run-events/emitter.d.ts.map +1 -0
- package/dist/core/run-events/emitter.js +234 -0
- package/dist/core/run-events/emitter.js.map +1 -0
- package/dist/core/run-events/frame-sink.d.ts +24 -0
- package/dist/core/run-events/frame-sink.d.ts.map +1 -0
- package/dist/core/run-events/frame-sink.js +32 -0
- package/dist/core/run-events/frame-sink.js.map +1 -0
- package/dist/core/run-events/index.d.ts +7 -0
- package/dist/core/run-events/index.d.ts.map +1 -0
- package/dist/core/run-events/index.js +5 -0
- package/dist/core/run-events/index.js.map +1 -0
- package/dist/core/run-events/loop-event-sink.d.ts +56 -0
- package/dist/core/run-events/loop-event-sink.d.ts.map +1 -0
- package/dist/core/run-events/loop-event-sink.js +60 -0
- package/dist/core/run-events/loop-event-sink.js.map +1 -0
- package/dist/core/run-events/sse.d.ts +47 -0
- package/dist/core/run-events/sse.d.ts.map +1 -0
- package/dist/core/run-events/sse.js +64 -0
- package/dist/core/run-events/sse.js.map +1 -0
- package/dist/core/run-events/types.d.ts +147 -0
- package/dist/core/run-events/types.d.ts.map +1 -0
- package/dist/core/run-events/types.js +17 -0
- package/dist/core/run-events/types.js.map +1 -0
- package/dist/core/run-mode/capture.d.ts +37 -0
- package/dist/core/run-mode/capture.d.ts.map +1 -0
- package/dist/core/run-mode/capture.js +43 -0
- package/dist/core/run-mode/capture.js.map +1 -0
- package/dist/core/run-mode/index.d.ts +9 -0
- package/dist/core/run-mode/index.d.ts.map +1 -0
- package/dist/core/run-mode/index.js +3 -0
- package/dist/core/run-mode/index.js.map +1 -0
- package/dist/core/run-mode/run-mode.d.ts +35 -0
- package/dist/core/run-mode/run-mode.d.ts.map +1 -0
- package/dist/core/run-mode/run-mode.js +51 -0
- package/dist/core/run-mode/run-mode.js.map +1 -0
- package/dist/core/run-mode/types.d.ts +36 -0
- package/dist/core/run-mode/types.d.ts.map +1 -0
- package/dist/core/run-mode/types.js +15 -0
- package/dist/core/run-mode/types.js.map +1 -0
- package/dist/core/run-quota.d.ts +22 -0
- package/dist/core/run-quota.d.ts.map +1 -0
- package/dist/core/run-quota.js +44 -0
- package/dist/core/run-quota.js.map +1 -0
- package/dist/core/security-audit/index.d.ts +9 -0
- package/dist/core/security-audit/index.d.ts.map +1 -0
- package/dist/core/security-audit/index.js +10 -0
- package/dist/core/security-audit/index.js.map +1 -0
- package/dist/core/security-audit/sentinel.d.ts +196 -0
- package/dist/core/security-audit/sentinel.d.ts.map +1 -0
- package/dist/core/security-audit/sentinel.js +725 -0
- package/dist/core/security-audit/sentinel.js.map +1 -0
- package/dist/core/security-audit/types.d.ts +240 -0
- package/dist/core/security-audit/types.d.ts.map +1 -0
- package/dist/core/security-audit/types.js +42 -0
- package/dist/core/security-audit/types.js.map +1 -0
- package/dist/core/tech-debt/index.d.ts +11 -0
- package/dist/core/tech-debt/index.d.ts.map +1 -0
- package/dist/core/tech-debt/index.js +11 -0
- package/dist/core/tech-debt/index.js.map +1 -0
- package/dist/core/tech-debt/tech-debt-tracker.d.ts +46 -0
- package/dist/core/tech-debt/tech-debt-tracker.d.ts.map +1 -0
- package/dist/core/tech-debt/tech-debt-tracker.js +533 -0
- package/dist/core/tech-debt/tech-debt-tracker.js.map +1 -0
- package/dist/core/tech-debt/types.d.ts +263 -0
- package/dist/core/tech-debt/types.d.ts.map +1 -0
- package/dist/core/tech-debt/types.js +2 -0
- package/dist/core/tech-debt/types.js.map +1 -0
- package/dist/core/tester/diff-planner.d.ts +18 -0
- package/dist/core/tester/diff-planner.d.ts.map +1 -0
- package/dist/core/tester/diff-planner.js +37 -0
- package/dist/core/tester/diff-planner.js.map +1 -0
- package/dist/core/tester/honest-report.d.ts +13 -0
- package/dist/core/tester/honest-report.d.ts.map +1 -0
- package/dist/core/tester/honest-report.js +64 -0
- package/dist/core/tester/honest-report.js.map +1 -0
- package/dist/core/tester/index.d.ts +9 -0
- package/dist/core/tester/index.d.ts.map +1 -0
- package/dist/core/tester/index.js +3 -0
- package/dist/core/tester/index.js.map +1 -0
- package/dist/core/tester/types.d.ts +55 -0
- package/dist/core/tester/types.d.ts.map +1 -0
- package/dist/core/tester/types.js +8 -0
- package/dist/core/tester/types.js.map +1 -0
- package/dist/core/triggers/index.d.ts +9 -0
- package/dist/core/triggers/index.d.ts.map +1 -0
- package/dist/core/triggers/index.js +3 -0
- package/dist/core/triggers/index.js.map +1 -0
- package/dist/core/triggers/trigger-bus.d.ts +49 -0
- package/dist/core/triggers/trigger-bus.d.ts.map +1 -0
- package/dist/core/triggers/trigger-bus.js +167 -0
- package/dist/core/triggers/trigger-bus.js.map +1 -0
- package/dist/core/triggers/types.d.ts +56 -0
- package/dist/core/triggers/types.d.ts.map +1 -0
- package/dist/core/triggers/types.js +13 -0
- package/dist/core/triggers/types.js.map +1 -0
- package/dist/core/trust.d.ts +12 -0
- package/dist/core/trust.d.ts.map +1 -0
- package/dist/core/trust.js +13 -0
- package/dist/core/trust.js.map +1 -0
- package/dist/core/types.d.ts +24 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/ui-ux/index.d.ts +12 -0
- package/dist/core/ui-ux/index.d.ts.map +1 -0
- package/dist/core/ui-ux/index.js +13 -0
- package/dist/core/ui-ux/index.js.map +1 -0
- package/dist/core/ui-ux/orchestrator.d.ts +206 -0
- package/dist/core/ui-ux/orchestrator.d.ts.map +1 -0
- package/dist/core/ui-ux/orchestrator.js +672 -0
- package/dist/core/ui-ux/orchestrator.js.map +1 -0
- package/dist/core/ui-ux/types.d.ts +339 -0
- package/dist/core/ui-ux/types.d.ts.map +1 -0
- package/dist/core/ui-ux/types.js +17 -0
- package/dist/core/ui-ux/types.js.map +1 -0
- package/dist/enterprise/audit-trail.d.ts +31 -0
- package/dist/enterprise/audit-trail.d.ts.map +1 -0
- package/dist/enterprise/audit-trail.js +111 -0
- package/dist/enterprise/audit-trail.js.map +1 -0
- package/dist/enterprise/sla.d.ts +26 -0
- package/dist/enterprise/sla.d.ts.map +1 -0
- package/dist/enterprise/sla.js +101 -0
- package/dist/enterprise/sla.js.map +1 -0
- package/dist/helpers/element-discovery.js +1 -1
- package/dist/helpers/element-discovery.js.map +1 -1
- package/dist/helpers/env-resolver.d.ts +2 -2
- package/dist/helpers/quality-gate.d.ts.map +1 -1
- package/dist/helpers/quality-gate.js +21 -3
- package/dist/helpers/quality-gate.js.map +1 -1
- package/dist/helpers/shape-fingerprint.d.ts +18 -0
- package/dist/helpers/shape-fingerprint.d.ts.map +1 -0
- package/dist/helpers/shape-fingerprint.js +40 -0
- package/dist/helpers/shape-fingerprint.js.map +1 -0
- package/dist/sdk/custom-agent.d.ts +51 -0
- package/dist/sdk/custom-agent.d.ts.map +1 -0
- package/dist/sdk/custom-agent.js +94 -0
- package/dist/sdk/custom-agent.js.map +1 -0
- package/dist/sdk/index.d.ts +5 -0
- package/dist/sdk/index.d.ts.map +1 -0
- package/dist/sdk/index.js +3 -0
- package/dist/sdk/index.js.map +1 -0
- package/dist/sdk/loader.d.ts +28 -0
- package/dist/sdk/loader.d.ts.map +1 -0
- package/dist/sdk/loader.js +140 -0
- package/dist/sdk/loader.js.map +1 -0
- package/package.json +46 -20
- package/agents/01-analyst.ts +0 -100
- package/agents/02-seed-architect.ts +0 -59
- package/agents/03-test-generator.ts +0 -191
- package/agents/04-unit-runner.ts +0 -160
- package/agents/05-browser-crawler.ts +0 -790
- package/agents/06-api-exerciser.ts +0 -311
- package/agents/07-security-scout.ts +0 -188
- package/agents/08-a11y-guardian.ts +0 -212
- package/agents/09-healer.ts +0 -228
- package/agents/10-reporter.ts +0 -266
- package/agents/11-fixer.ts +0 -253
- package/agents/12-ux-inspector.ts +0 -444
- package/agents/13-performance-profiler.ts +0 -271
- package/agents/14-data-integrity-auditor.ts +0 -417
- package/agents/15-regression-sentinel.ts +0 -308
- package/agents/16-chaos-agent.ts +0 -228
- package/agents/17-documentation-validator.ts +0 -266
- package/agents/18-integration-watchdog.ts +0 -178
- package/agents/19-tenant-isolation-auditor.ts +0 -199
- package/agents/20-workflow-completion-tester.ts +0 -203
- package/agents/21-state-session-tester.ts +0 -262
- package/agents/22-email-notification-verifier.ts +0 -244
- package/agents/23-migration-tester.ts +0 -80
- package/agents/24-signup-onboarding-tester.ts +0 -429
- package/agents/25-crud-flow-tester.ts +0 -302
- package/agents/26-form-validator.ts +0 -297
- package/agents/27-search-filter-tester.ts +0 -326
- package/agents/28-navigation-routing-tester.ts +0 -425
- package/agents/29-responsive-interaction-tester.ts +0 -350
- package/agents/30-multi-user-scenario-tester.ts +0 -319
- package/agents/31-load-tester.ts +0 -134
- package/agents/32-memory-leak-detector.ts +0 -194
- package/agents/33-bundle-analyzer.ts +0 -132
- package/agents/34-xss-scanner.ts +0 -191
- package/agents/35-csrf-tester.ts +0 -82
- package/agents/36-auth-fuzzer.ts +0 -194
- package/agents/37-dependency-scanner.ts +0 -176
- package/agents/38-secrets-scanner.ts +0 -137
- package/agents/39-api-contract-tester.ts +0 -199
- package/agents/40-rate-limit-tester.ts +0 -94
- package/agents/41-api-pagination-tester.ts +0 -97
- package/agents/42-graphql-tester.ts +0 -222
- package/agents/43-data-consistency-checker.ts +0 -205
- package/agents/44-backup-recovery-tester.ts +0 -152
- package/agents/45-data-privacy-scanner.ts +0 -125
- package/agents/46-seo-auditor.ts +0 -294
- package/agents/47-social-preview-tester.ts +0 -232
- package/agents/48-lighthouse-auditor.ts +0 -213
- package/agents/49-i18n-tester.ts +0 -198
- package/agents/50-timezone-tester.ts +0 -173
- package/agents/51-error-recovery-tester.ts +0 -155
- package/agents/52-offline-mode-tester.ts +0 -180
- package/agents/53-graceful-degradation-tester.ts +0 -156
- package/agents/54-websocket-tester.ts +0 -151
- package/agents/55-realtime-sync-tester.ts +0 -194
- package/agents/56-file-upload-tester.ts +0 -194
- package/agents/57-export-tester.ts +0 -174
- package/agents/58-payment-flow-tester.ts +0 -183
- package/agents/59-ssl-tls-auditor.ts +0 -141
- package/agents/60-dns-cdn-tester.ts +0 -117
- package/agents/61-docker-health-checker.ts +0 -111
- package/agents/62-env-config-validator.ts +0 -152
- package/agents/63-log-quality-auditor.ts +0 -136
- package/agents/64-analytics-tracker-tester.ts +0 -165
- package/agents/65-gdpr-compliance-tester.ts +0 -215
- package/agents/66-soc2-control-validator.ts +0 -210
- package/agents/67-wcag-aaa-tester.ts +0 -241
- package/agents/68-dead-code-detector.ts +0 -135
- package/agents/69-type-safety-auditor.ts +0 -164
- package/agents/70-complexity-analyzer.ts +0 -179
- package/agents/__tests__/01-analyst.test.ts +0 -188
- package/agents/__tests__/02-seed-architect.test.ts +0 -152
- package/agents/__tests__/03-test-generator-full.test.ts +0 -321
- package/agents/__tests__/03-test-generator.test.ts +0 -318
- package/agents/__tests__/04-unit-runner.test.ts +0 -320
- package/agents/__tests__/05-browser-crawler-beta.test.ts +0 -492
- package/agents/__tests__/05-browser-crawler-release.test.ts +0 -412
- package/agents/__tests__/05-browser-crawler-uat.test.ts +0 -578
- package/agents/__tests__/05-browser-crawler.test.ts +0 -518
- package/agents/__tests__/06-api-exerciser.test.ts +0 -619
- package/agents/__tests__/07-security-scout.test.ts +0 -382
- package/agents/__tests__/08-a11y-guardian.test.ts +0 -530
- package/agents/__tests__/09-healer.test.ts +0 -384
- package/agents/__tests__/10-reporter.test.ts +0 -366
- package/agents/__tests__/11-fixer.test.ts +0 -406
- package/agents/__tests__/12-ux-inspector-extended.test.ts +0 -465
- package/agents/__tests__/12-ux-inspector.test.ts +0 -443
- package/agents/__tests__/13-performance-profiler.test.ts +0 -411
- package/agents/__tests__/14-data-integrity-auditor-extended.test.ts +0 -573
- package/agents/__tests__/14-data-integrity-auditor.test.ts +0 -407
- package/agents/__tests__/15-regression-sentinel.test.ts +0 -657
- package/agents/__tests__/16-chaos-agent.test.ts +0 -427
- package/agents/__tests__/17-documentation-validator.test.ts +0 -402
- package/agents/__tests__/18-integration-watchdog.test.ts +0 -263
- package/agents/__tests__/19-tenant-isolation-auditor.test.ts +0 -400
- package/agents/__tests__/20-workflow-completion-tester.test.ts +0 -586
- package/agents/__tests__/21-state-session-tester.test.ts +0 -374
- package/agents/__tests__/22-email-notification-verifier.test.ts +0 -441
- package/agents/__tests__/23-migration-tester.test.ts +0 -145
- package/agents/__tests__/24-signup-onboarding-tester.test.ts +0 -274
- package/agents/__tests__/25-crud-flow-tester.test.ts +0 -322
- package/agents/__tests__/26-form-validator.test.ts +0 -345
- package/agents/__tests__/27-search-filter-tester.test.ts +0 -311
- package/agents/__tests__/28-navigation-routing-tester.test.ts +0 -328
- package/agents/__tests__/29-responsive-interaction-tester.test.ts +0 -297
- package/agents/__tests__/30-multi-user-scenario-tester.test.ts +0 -328
- package/agents/__tests__/31-load-tester.test.ts +0 -189
- package/agents/__tests__/32-memory-leak-detector.test.ts +0 -251
- package/agents/__tests__/33-bundle-analyzer.test.ts +0 -237
- package/agents/__tests__/34-xss-scanner.test.ts +0 -258
- package/agents/__tests__/35-csrf-tester.test.ts +0 -200
- package/agents/__tests__/36-auth-fuzzer.test.ts +0 -214
- package/agents/__tests__/37-dependency-scanner.test.ts +0 -266
- package/agents/__tests__/38-secrets-scanner.test.ts +0 -224
- package/agents/__tests__/39-api-contract-tester.test.ts +0 -312
- package/agents/__tests__/40-rate-limit-tester.test.ts +0 -192
- package/agents/__tests__/41-api-pagination-tester.test.ts +0 -198
- package/agents/__tests__/42-graphql-tester.test.ts +0 -252
- package/agents/__tests__/43-data-consistency-checker.test.ts +0 -232
- package/agents/__tests__/44-backup-recovery-tester.test.ts +0 -222
- package/agents/__tests__/45-data-privacy-scanner.test.ts +0 -223
- package/agents/__tests__/46-seo-auditor.test.ts +0 -261
- package/agents/__tests__/47-social-preview-tester.test.ts +0 -245
- package/agents/__tests__/48-lighthouse-auditor.test.ts +0 -276
- package/agents/__tests__/49-i18n-tester.test.ts +0 -201
- package/agents/__tests__/50-timezone-tester.test.ts +0 -172
- package/agents/__tests__/51-error-recovery-tester.test.ts +0 -162
- package/agents/__tests__/52-offline-mode-tester.test.ts +0 -164
- package/agents/__tests__/53-graceful-degradation-tester.test.ts +0 -168
- package/agents/__tests__/54-websocket-tester.test.ts +0 -157
- package/agents/__tests__/55-realtime-sync-tester.test.ts +0 -181
- package/agents/__tests__/56-file-upload-tester.test.ts +0 -172
- package/agents/__tests__/57-export-tester.test.ts +0 -169
- package/agents/__tests__/58-payment-flow-tester.test.ts +0 -182
- package/agents/__tests__/59-ssl-tls-auditor.test.ts +0 -179
- package/agents/__tests__/60-dns-cdn-tester.test.ts +0 -176
- package/agents/__tests__/61-docker-health-checker.test.ts +0 -150
- package/agents/__tests__/62-env-config-validator.test.ts +0 -166
- package/agents/__tests__/63-log-quality-auditor.test.ts +0 -175
- package/agents/__tests__/64-analytics-tracker-tester.test.ts +0 -158
- package/agents/__tests__/65-gdpr-compliance-tester.test.ts +0 -174
- package/agents/__tests__/66-soc2-control-validator.test.ts +0 -183
- package/agents/__tests__/67-wcag-aaa-tester.test.ts +0 -190
- package/agents/__tests__/68-dead-code-detector.test.ts +0 -174
- package/agents/__tests__/69-type-safety-auditor.test.ts +0 -173
- package/agents/__tests__/70-complexity-analyzer.test.ts +0 -177
- package/agents/__tests__/base-agent.test.ts +0 -188
- package/agents/__tests__/registry.test.ts +0 -218
- package/agents/base-agent.ts +0 -85
- package/agents/registry.ts +0 -279
- package/baselines/api-schemas/.gitkeep +0 -0
- package/baselines/performance/.gitkeep +0 -0
- package/baselines/screenshots/.gitkeep +0 -0
- package/core/__tests__/ci-output.test.ts +0 -430
- package/core/__tests__/cli.test.ts +0 -387
- package/core/__tests__/config.test.ts +0 -78
- package/core/__tests__/cost-tracker.test.ts +0 -158
- package/core/__tests__/evidence.test.ts +0 -265
- package/core/__tests__/fix-loop.test.ts +0 -210
- package/core/__tests__/health-check.test.ts +0 -44
- package/core/__tests__/init.test.ts +0 -609
- package/core/__tests__/integration.test.ts +0 -204
- package/core/__tests__/license-gen.test.ts +0 -227
- package/core/__tests__/license.test.ts +0 -326
- package/core/__tests__/multi-browser.test.ts +0 -278
- package/core/__tests__/orchestrator.test.ts +0 -520
- package/core/__tests__/phase-gate.test.ts +0 -43
- package/core/__tests__/report-html.test.ts +0 -398
- package/core/__tests__/report-upload.test.ts +0 -325
- package/core/__tests__/run-counter.test.ts +0 -234
- package/core/ci-output.ts +0 -240
- package/core/cli.ts +0 -354
- package/core/config.ts +0 -178
- package/core/cost-tracker.ts +0 -59
- package/core/evidence.ts +0 -132
- package/core/fix-loop.ts +0 -85
- package/core/health-check.ts +0 -54
- package/core/init.ts +0 -546
- package/core/license-gen.ts +0 -212
- package/core/license.ts +0 -208
- package/core/messages.ts +0 -67
- package/core/multi-browser.ts +0 -136
- package/core/orchestrator.ts +0 -427
- package/core/phase-gate.ts +0 -55
- package/core/report-html.ts +0 -657
- package/core/report-upload.ts +0 -188
- package/core/run-counter.ts +0 -175
- package/core/types.ts +0 -57
- package/dist/core/multi-browser.d.ts +0 -36
- package/dist/core/multi-browser.d.ts.map +0 -1
- package/dist/core/multi-browser.js +0 -88
- package/dist/core/multi-browser.js.map +0 -1
- package/helpers/__tests__/api-client.test.ts +0 -199
- package/helpers/__tests__/element-discovery.test.ts +0 -202
- package/helpers/__tests__/form-filler-extended.test.ts +0 -212
- package/helpers/__tests__/form-filler.test.ts +0 -99
- package/helpers/__tests__/modal-handler.test.ts +0 -152
- package/helpers/__tests__/navigation.test.ts +0 -214
- package/helpers/__tests__/quality-gate.test.ts +0 -117
- package/helpers/__tests__/screenshot.test.ts +0 -139
- package/helpers/__tests__/seed-validator.test.ts +0 -114
- package/helpers/api-client.ts +0 -111
- package/helpers/element-discovery.ts +0 -105
- package/helpers/env-resolver.ts +0 -69
- package/helpers/form-filler.ts +0 -126
- package/helpers/modal-handler.ts +0 -108
- package/helpers/navigation.ts +0 -100
- package/helpers/quality-gate.ts +0 -180
- package/helpers/screenshot.ts +0 -111
- package/helpers/seed-validator.ts +0 -70
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CORS / CSP Auditor — static scan for the two most common web
|
|
3
|
+
* security-header misconfigurations. Pairs with #96 (Cookie Security):
|
|
4
|
+
* #96 covers what the browser stores, #98 covers what the browser is
|
|
5
|
+
* allowed to do across origins and which scripts it will execute.
|
|
6
|
+
*
|
|
7
|
+
* CORS findings:
|
|
8
|
+
* - 98-cors-wildcard-origin medium code-bug-security
|
|
9
|
+
* Access-Control-Allow-Origin: * (or cors() with no config / origin:true).
|
|
10
|
+
* Any site can read authenticated responses if the API also sends
|
|
11
|
+
* credentials.
|
|
12
|
+
* - 98-cors-wildcard-with-credentials critical code-bug-security
|
|
13
|
+
* Wildcard origin AND credentials enabled. The dangerous combination —
|
|
14
|
+
* browsers block literal `*` + credentials, but frameworks that
|
|
15
|
+
* reflect the Origin header back while sending credentials are fully
|
|
16
|
+
* exploitable. This is the bug that combo signals.
|
|
17
|
+
*
|
|
18
|
+
* CSP findings:
|
|
19
|
+
* - 98-csp-unsafe-inline medium code-bug-security script-src 'unsafe-inline'
|
|
20
|
+
* - 98-csp-unsafe-eval medium code-bug-security script-src 'unsafe-eval'
|
|
21
|
+
* - 98-csp-wildcard-src medium code-bug-security default-src/script-src *
|
|
22
|
+
* - 98-no-csp low infra-issue no CSP header anywhere
|
|
23
|
+
*
|
|
24
|
+
* Detection sources: source files (via #87's connection-map, or a fresh
|
|
25
|
+
* walk). Recognises both raw header strings and the common middleware
|
|
26
|
+
* config shapes (Express `cors()`, `helmet()` CSP options).
|
|
27
|
+
*
|
|
28
|
+
* Persists `evidence/cors-csp-audit.json`. Read-only, parallel-safe,
|
|
29
|
+
* static analysis only.
|
|
30
|
+
*/
|
|
31
|
+
import type { Finding } from '../core/types.js';
|
|
32
|
+
import { BaseAgent } from './base-agent.js';
|
|
33
|
+
export interface CorsCspSignals {
|
|
34
|
+
wildcardOrigin: boolean;
|
|
35
|
+
credentialsEnabled: boolean;
|
|
36
|
+
hasCsp: boolean;
|
|
37
|
+
cspUnsafeInline: boolean;
|
|
38
|
+
cspUnsafeEval: boolean;
|
|
39
|
+
cspWildcardSrc: boolean;
|
|
40
|
+
}
|
|
41
|
+
export interface CorsCspHit {
|
|
42
|
+
kind: 'cors-wildcard-origin' | 'cors-wildcard-with-credentials' | 'csp-unsafe-inline' | 'csp-unsafe-eval' | 'csp-wildcard-src';
|
|
43
|
+
file: string;
|
|
44
|
+
line: number;
|
|
45
|
+
snippet: string;
|
|
46
|
+
}
|
|
47
|
+
export interface CorsCspAudit {
|
|
48
|
+
version: 1;
|
|
49
|
+
generatedAt: string;
|
|
50
|
+
projectRoot: string;
|
|
51
|
+
filesScanned: number;
|
|
52
|
+
cspSeenAnywhere: boolean;
|
|
53
|
+
hits: CorsCspHit[];
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Scan a single file's content for CORS / CSP misconfigurations.
|
|
57
|
+
* Stateless and exported so tests can exercise the matcher directly.
|
|
58
|
+
*/
|
|
59
|
+
export declare function scanCorsCsp(content: string): Array<Omit<CorsCspHit, 'file'>>;
|
|
60
|
+
/** Does this file mention CSP at all? Used for the project-wide "no CSP" check. */
|
|
61
|
+
export declare function mentionsCsp(content: string): boolean;
|
|
62
|
+
export declare class CorsCspAuditorAgent extends BaseAgent {
|
|
63
|
+
readonly agentId = 98;
|
|
64
|
+
readonly agentName = "CORS / CSP Auditor";
|
|
65
|
+
protected preFlight(): Promise<void>;
|
|
66
|
+
protected execute(): Promise<Finding[]>;
|
|
67
|
+
private toFinding;
|
|
68
|
+
private persistAudit;
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=98-cors-csp-auditor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"98-cors-csp-auditor.d.ts","sourceRoot":"","sources":["../../agents/98-cors-csp-auditor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AASzC,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,OAAO,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;IACzB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EACA,sBAAsB,GACtB,gCAAgC,GAChC,mBAAmB,GACnB,iBAAiB,GACjB,kBAAkB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,CAAC,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,UAAU,EAAE,CAAC;CACpB;AAqCD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAsE5E;AAED,mFAAmF;AACnF,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,wBAAwB;cAE1B,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAO1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IA4E7C,OAAO,CAAC,SAAS;IAuDjB,OAAO,CAAC,YAAY;CA+BrB"}
|
|
@@ -0,0 +1,308 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CORS / CSP Auditor — static scan for the two most common web
|
|
3
|
+
* security-header misconfigurations. Pairs with #96 (Cookie Security):
|
|
4
|
+
* #96 covers what the browser stores, #98 covers what the browser is
|
|
5
|
+
* allowed to do across origins and which scripts it will execute.
|
|
6
|
+
*
|
|
7
|
+
* CORS findings:
|
|
8
|
+
* - 98-cors-wildcard-origin medium code-bug-security
|
|
9
|
+
* Access-Control-Allow-Origin: * (or cors() with no config / origin:true).
|
|
10
|
+
* Any site can read authenticated responses if the API also sends
|
|
11
|
+
* credentials.
|
|
12
|
+
* - 98-cors-wildcard-with-credentials critical code-bug-security
|
|
13
|
+
* Wildcard origin AND credentials enabled. The dangerous combination —
|
|
14
|
+
* browsers block literal `*` + credentials, but frameworks that
|
|
15
|
+
* reflect the Origin header back while sending credentials are fully
|
|
16
|
+
* exploitable. This is the bug that combo signals.
|
|
17
|
+
*
|
|
18
|
+
* CSP findings:
|
|
19
|
+
* - 98-csp-unsafe-inline medium code-bug-security script-src 'unsafe-inline'
|
|
20
|
+
* - 98-csp-unsafe-eval medium code-bug-security script-src 'unsafe-eval'
|
|
21
|
+
* - 98-csp-wildcard-src medium code-bug-security default-src/script-src *
|
|
22
|
+
* - 98-no-csp low infra-issue no CSP header anywhere
|
|
23
|
+
*
|
|
24
|
+
* Detection sources: source files (via #87's connection-map, or a fresh
|
|
25
|
+
* walk). Recognises both raw header strings and the common middleware
|
|
26
|
+
* config shapes (Express `cors()`, `helmet()` CSP options).
|
|
27
|
+
*
|
|
28
|
+
* Persists `evidence/cors-csp-audit.json`. Read-only, parallel-safe,
|
|
29
|
+
* static analysis only.
|
|
30
|
+
*/
|
|
31
|
+
import * as fs from 'node:fs';
|
|
32
|
+
import * as path from 'node:path';
|
|
33
|
+
import { BaseAgent } from './base-agent.js';
|
|
34
|
+
import { maskNonCode, isTestPath } from './lib/source-scan.js';
|
|
35
|
+
const SRC_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs']);
|
|
36
|
+
const SKIP_DIRS = new Set([
|
|
37
|
+
'node_modules', '.git', 'dist', 'build', '.next', '.nuxt', 'coverage', 'reports', 'baselines', 'evidence',
|
|
38
|
+
]);
|
|
39
|
+
function walk(dir, results = []) {
|
|
40
|
+
if (!fs.existsSync(dir))
|
|
41
|
+
return results;
|
|
42
|
+
let entries;
|
|
43
|
+
try {
|
|
44
|
+
entries = fs.readdirSync(dir, { withFileTypes: true });
|
|
45
|
+
}
|
|
46
|
+
catch {
|
|
47
|
+
return results;
|
|
48
|
+
}
|
|
49
|
+
for (const entry of entries) {
|
|
50
|
+
if (SKIP_DIRS.has(entry.name))
|
|
51
|
+
continue;
|
|
52
|
+
const full = path.join(dir, entry.name);
|
|
53
|
+
if (entry.isDirectory()) {
|
|
54
|
+
walk(full, results);
|
|
55
|
+
}
|
|
56
|
+
else if (entry.isFile() && SRC_EXTENSIONS.has(path.extname(entry.name))) {
|
|
57
|
+
results.push(full);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return results;
|
|
61
|
+
}
|
|
62
|
+
function relativise(absPath, root) {
|
|
63
|
+
return path.relative(root, absPath).split(path.sep).join('/');
|
|
64
|
+
}
|
|
65
|
+
function lineOf(content, index) {
|
|
66
|
+
return content.slice(0, index).split('\n').length;
|
|
67
|
+
}
|
|
68
|
+
function snippetOf(content, index) {
|
|
69
|
+
const start = content.lastIndexOf('\n', index) + 1;
|
|
70
|
+
let end = content.indexOf('\n', index);
|
|
71
|
+
if (end === -1)
|
|
72
|
+
end = content.length;
|
|
73
|
+
return content.slice(start, end).trim().slice(0, 160);
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Scan a single file's content for CORS / CSP misconfigurations.
|
|
77
|
+
* Stateless and exported so tests can exercise the matcher directly.
|
|
78
|
+
*/
|
|
79
|
+
export function scanCorsCsp(content) {
|
|
80
|
+
const hits = [];
|
|
81
|
+
// Strip comments so the `// cors({ origin: '*' })`-style doc examples in this
|
|
82
|
+
// (and any) file don't read as real config. Strings are kept — the signal
|
|
83
|
+
// ('*', 'unsafe-inline', wildcard src) lives inside them. Line numbers and
|
|
84
|
+
// snippets come from the original (comment-only masking preserves offsets).
|
|
85
|
+
const masked = maskNonCode(content, { maskStrings: false });
|
|
86
|
+
// --- CORS ---
|
|
87
|
+
// Raw header: res.setHeader('Access-Control-Allow-Origin', '*') / header strings
|
|
88
|
+
const acaoWildcard = /Access-Control-Allow-Origin['"]?\s*[:,]\s*['"]\*['"]/gi;
|
|
89
|
+
// cors({ origin: '*' }) or cors({ origin: true }). Note: no trailing \b on
|
|
90
|
+
// the quoted alternative — a closing quote followed by space/comma is not a
|
|
91
|
+
// word boundary, so `\b` there would never match.
|
|
92
|
+
const corsOriginWildcard = /\borigin\s*:\s*(?:['"]\*['"]|true\b)/gi;
|
|
93
|
+
// bare cors() with no args defaults to reflecting any origin
|
|
94
|
+
const bareCors = /\bcors\s*\(\s*\)/g;
|
|
95
|
+
const wildcardMatches = [];
|
|
96
|
+
let m;
|
|
97
|
+
for (const re of [acaoWildcard, corsOriginWildcard, bareCors]) {
|
|
98
|
+
const r = new RegExp(re.source, re.flags);
|
|
99
|
+
while ((m = r.exec(masked)) !== null)
|
|
100
|
+
wildcardMatches.push(m.index);
|
|
101
|
+
}
|
|
102
|
+
// credentials: true OR Access-Control-Allow-Credentials: true — checked in a
|
|
103
|
+
// window *around each wildcard* (same cors()/header block), not file-wide: an
|
|
104
|
+
// unrelated `credentials: true` (axios/fetch/cookie opts elsewhere in the
|
|
105
|
+
// file) must not escalate every wildcard-origin hit to critical.
|
|
106
|
+
const credentialsRe = /\bcredentials\s*:\s*true\b|Access-Control-Allow-Credentials['"]?\s*[:,]\s*['"]?true/i;
|
|
107
|
+
for (const idx of wildcardMatches) {
|
|
108
|
+
const near = masked.slice(Math.max(0, idx - 250), idx + 250);
|
|
109
|
+
hits.push({
|
|
110
|
+
kind: credentialsRe.test(near) ? 'cors-wildcard-with-credentials' : 'cors-wildcard-origin',
|
|
111
|
+
line: lineOf(content, idx),
|
|
112
|
+
snippet: snippetOf(content, idx),
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
// --- CSP ---
|
|
116
|
+
// unsafe-inline / unsafe-eval inside any CSP-ish context
|
|
117
|
+
const unsafeInline = /'unsafe-inline'|"unsafe-inline"|unsafe-inline/gi;
|
|
118
|
+
const unsafeEval = /'unsafe-eval'|"unsafe-eval"|unsafe-eval/gi;
|
|
119
|
+
// Only treat unsafe-* as a CSP signal when the file actually mentions CSP /
|
|
120
|
+
// script-src / helmet to avoid matching unrelated strings.
|
|
121
|
+
const cspContext = /content-security-policy|contentSecurityPolicy|script-src|default-src|style-src/i.test(masked);
|
|
122
|
+
if (cspContext) {
|
|
123
|
+
let u;
|
|
124
|
+
const ui = new RegExp(unsafeInline.source, unsafeInline.flags);
|
|
125
|
+
while ((u = ui.exec(masked)) !== null) {
|
|
126
|
+
hits.push({ kind: 'csp-unsafe-inline', line: lineOf(content, u.index), snippet: snippetOf(content, u.index) });
|
|
127
|
+
break; // one per file is enough signal
|
|
128
|
+
}
|
|
129
|
+
const ue = new RegExp(unsafeEval.source, unsafeEval.flags);
|
|
130
|
+
while ((u = ue.exec(masked)) !== null) {
|
|
131
|
+
hits.push({ kind: 'csp-unsafe-eval', line: lineOf(content, u.index), snippet: snippetOf(content, u.index) });
|
|
132
|
+
break;
|
|
133
|
+
}
|
|
134
|
+
// default-src * / script-src *
|
|
135
|
+
const wildcardSrc = /(?:default-src|script-src)\s+[^;'"]*\*/i;
|
|
136
|
+
const ws = wildcardSrc.exec(masked);
|
|
137
|
+
if (ws) {
|
|
138
|
+
hits.push({ kind: 'csp-wildcard-src', line: lineOf(content, ws.index), snippet: snippetOf(content, ws.index) });
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
return hits;
|
|
142
|
+
}
|
|
143
|
+
/** Does this file mention CSP at all? Used for the project-wide "no CSP" check. */
|
|
144
|
+
export function mentionsCsp(content) {
|
|
145
|
+
return /content-security-policy|contentSecurityPolicy/i.test(content);
|
|
146
|
+
}
|
|
147
|
+
export class CorsCspAuditorAgent extends BaseAgent {
|
|
148
|
+
agentId = 98;
|
|
149
|
+
agentName = 'CORS / CSP Auditor';
|
|
150
|
+
async preFlight() {
|
|
151
|
+
const root = this.config.projectRoot ?? process.cwd();
|
|
152
|
+
if (!fs.existsSync(root)) {
|
|
153
|
+
throw new Error(`projectRoot does not exist: ${root}`);
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
async execute() {
|
|
157
|
+
const findings = [];
|
|
158
|
+
const projectRoot = this.config.projectRoot ?? process.cwd();
|
|
159
|
+
const sourceFiles = new Set();
|
|
160
|
+
const mapPath = path.join(this.runDir, 'evidence', 'connection-map.json');
|
|
161
|
+
try {
|
|
162
|
+
const map = JSON.parse(fs.readFileSync(mapPath, 'utf-8'));
|
|
163
|
+
for (const f of map.files) {
|
|
164
|
+
if (!f.isTest)
|
|
165
|
+
sourceFiles.add(path.join(projectRoot, f.path));
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
catch {
|
|
169
|
+
for (const f of walk(projectRoot))
|
|
170
|
+
sourceFiles.add(f);
|
|
171
|
+
}
|
|
172
|
+
const hits = [];
|
|
173
|
+
let cspSeenAnywhere = false;
|
|
174
|
+
let scanned = 0;
|
|
175
|
+
for (const file of sourceFiles) {
|
|
176
|
+
// Test files carry deliberate CORS/CSP fixtures — skip them, as the other
|
|
177
|
+
// static scanners do (the map path filters them too).
|
|
178
|
+
if (isTestPath(file, projectRoot))
|
|
179
|
+
continue;
|
|
180
|
+
let content;
|
|
181
|
+
try {
|
|
182
|
+
content = fs.readFileSync(file, 'utf-8');
|
|
183
|
+
}
|
|
184
|
+
catch {
|
|
185
|
+
continue;
|
|
186
|
+
}
|
|
187
|
+
scanned++;
|
|
188
|
+
if (mentionsCsp(content))
|
|
189
|
+
cspSeenAnywhere = true;
|
|
190
|
+
const rel = relativise(file, projectRoot);
|
|
191
|
+
for (const hit of scanCorsCsp(content)) {
|
|
192
|
+
hits.push({ ...hit, file: rel });
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
// Emit per-hit findings (dedup by kind+file+line; cap output).
|
|
196
|
+
const seen = new Set();
|
|
197
|
+
for (const hit of hits) {
|
|
198
|
+
const key = `${hit.kind}:${hit.file}:${hit.line}`;
|
|
199
|
+
if (seen.has(key))
|
|
200
|
+
continue;
|
|
201
|
+
seen.add(key);
|
|
202
|
+
findings.push(this.toFinding(hit));
|
|
203
|
+
if (seen.size >= 100)
|
|
204
|
+
break;
|
|
205
|
+
}
|
|
206
|
+
// Project-wide "no CSP at all" — only meaningful if the app actually
|
|
207
|
+
// serves HTML (has routes). Low severity / advisory.
|
|
208
|
+
const hasRoutes = sourceFiles.size > 0;
|
|
209
|
+
if (!cspSeenAnywhere && hasRoutes && hits.length >= 0) {
|
|
210
|
+
findings.push({
|
|
211
|
+
id: `${this.agentId}-no-csp`,
|
|
212
|
+
type: 'infra-issue',
|
|
213
|
+
severity: 'low',
|
|
214
|
+
agentId: this.agentId,
|
|
215
|
+
module: 'cors-csp-auditor',
|
|
216
|
+
description: 'No Content-Security-Policy header found anywhere in the codebase. A CSP is the strongest defence-in-depth against XSS — consider adding one (e.g. via helmet.contentSecurityPolicy).',
|
|
217
|
+
});
|
|
218
|
+
}
|
|
219
|
+
this.persistAudit(projectRoot, scanned, cspSeenAnywhere, hits);
|
|
220
|
+
findings.push({
|
|
221
|
+
id: `${this.agentId}-summary`,
|
|
222
|
+
type: 'infra-issue',
|
|
223
|
+
severity: 'info',
|
|
224
|
+
agentId: this.agentId,
|
|
225
|
+
module: 'cors-csp-auditor',
|
|
226
|
+
description: `CORS/CSP audit: scanned ${scanned} file(s), ${hits.length} issue(s) found; CSP ${cspSeenAnywhere ? 'present' : 'absent'}.`,
|
|
227
|
+
});
|
|
228
|
+
return findings;
|
|
229
|
+
}
|
|
230
|
+
toFinding(hit) {
|
|
231
|
+
const base = {
|
|
232
|
+
agentId: this.agentId,
|
|
233
|
+
module: 'cors-csp-auditor',
|
|
234
|
+
file: hit.file,
|
|
235
|
+
line: hit.line,
|
|
236
|
+
};
|
|
237
|
+
const slug = `${hit.file.replace(/[^\w]/g, '_')}-${hit.line}`;
|
|
238
|
+
switch (hit.kind) {
|
|
239
|
+
case 'cors-wildcard-with-credentials':
|
|
240
|
+
return {
|
|
241
|
+
...base,
|
|
242
|
+
id: `${this.agentId}-cors-wildcard-with-credentials-${slug}`,
|
|
243
|
+
type: 'code-bug-security',
|
|
244
|
+
severity: 'critical',
|
|
245
|
+
description: `Wildcard CORS origin combined with credentials at ${hit.file}:${hit.line}. If the server reflects the Origin header while sending credentials, any site can make authenticated cross-origin requests. \`${hit.snippet}\``,
|
|
246
|
+
};
|
|
247
|
+
case 'cors-wildcard-origin':
|
|
248
|
+
// Wildcard origin WITHOUT credentials is the recommended pattern for a
|
|
249
|
+
// public, cookie-less API — the browser blocks credentialed `*` requests,
|
|
250
|
+
// so there's no exploit. Advisory (low), not a security defect.
|
|
251
|
+
return {
|
|
252
|
+
...base,
|
|
253
|
+
id: `${this.agentId}-cors-wildcard-origin-${slug}`,
|
|
254
|
+
type: 'infra-issue',
|
|
255
|
+
severity: 'low',
|
|
256
|
+
description: `Wildcard CORS origin (Access-Control-Allow-Origin: *) at ${hit.file}:${hit.line} with no credentials — safe for a public API, but confirm this endpoint is meant to be world-readable. \`${hit.snippet}\``,
|
|
257
|
+
};
|
|
258
|
+
case 'csp-unsafe-inline':
|
|
259
|
+
return {
|
|
260
|
+
...base,
|
|
261
|
+
id: `${this.agentId}-csp-unsafe-inline-${slug}`,
|
|
262
|
+
type: 'code-bug-security',
|
|
263
|
+
severity: 'medium',
|
|
264
|
+
description: `CSP allows 'unsafe-inline' at ${hit.file}:${hit.line} — inline scripts execute, defeating much of the XSS protection a CSP provides. \`${hit.snippet}\``,
|
|
265
|
+
};
|
|
266
|
+
case 'csp-unsafe-eval':
|
|
267
|
+
return {
|
|
268
|
+
...base,
|
|
269
|
+
id: `${this.agentId}-csp-unsafe-eval-${slug}`,
|
|
270
|
+
type: 'code-bug-security',
|
|
271
|
+
severity: 'medium',
|
|
272
|
+
description: `CSP allows 'unsafe-eval' at ${hit.file}:${hit.line} — eval()/new Function() execute, a common XSS sink. \`${hit.snippet}\``,
|
|
273
|
+
};
|
|
274
|
+
case 'csp-wildcard-src':
|
|
275
|
+
return {
|
|
276
|
+
...base,
|
|
277
|
+
id: `${this.agentId}-csp-wildcard-src-${slug}`,
|
|
278
|
+
type: 'code-bug-security',
|
|
279
|
+
severity: 'medium',
|
|
280
|
+
description: `CSP uses a wildcard source (default-src/script-src *) at ${hit.file}:${hit.line} — scripts can load from any origin. \`${hit.snippet}\``,
|
|
281
|
+
};
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
persistAudit(projectRoot, filesScanned, cspSeenAnywhere, hits) {
|
|
285
|
+
const audit = {
|
|
286
|
+
version: 1,
|
|
287
|
+
generatedAt: new Date().toISOString(),
|
|
288
|
+
projectRoot,
|
|
289
|
+
filesScanned,
|
|
290
|
+
cspSeenAnywhere,
|
|
291
|
+
hits,
|
|
292
|
+
};
|
|
293
|
+
try {
|
|
294
|
+
const evidenceDir = path.join(this.runDir, 'evidence');
|
|
295
|
+
fs.mkdirSync(evidenceDir, { recursive: true });
|
|
296
|
+
fs.writeFileSync(path.join(evidenceDir, 'cors-csp-audit.json'), JSON.stringify(audit, null, 2), 'utf-8');
|
|
297
|
+
this.addEvidence({
|
|
298
|
+
type: 'report',
|
|
299
|
+
path: 'evidence/cors-csp-audit.json',
|
|
300
|
+
description: `CORS/CSP audit: ${hits.length} issue(s) across ${filesScanned} file(s)`,
|
|
301
|
+
});
|
|
302
|
+
}
|
|
303
|
+
catch {
|
|
304
|
+
// non-fatal
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
//# sourceMappingURL=98-cors-csp-auditor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"98-cors-csp-auditor.js","sourceRoot":"","sources":["../../agents/98-cors-csp-auditor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE5D,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AACpG,MAAM,SAAS,GAAwB,IAAI,GAAG,CAAC;IAC7C,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU;CAC1G,CAAC,CAAC;AAgCH,SAAS,IAAI,CAAC,GAAW,EAAE,UAAoB,EAAE;IAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACxC,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACtB,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,IAAY;IAC/C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,MAAM,CAAC,OAAe,EAAE,KAAa;IAC5C,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,KAAa;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IACrC,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,IAAI,GAAoC,EAAE,CAAC;IACjD,8EAA8E;IAC9E,0EAA0E;IAC1E,2EAA2E;IAC3E,4EAA4E;IAC5E,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;IAE5D,eAAe;IACf,iFAAiF;IACjF,MAAM,YAAY,GAAG,wDAAwD,CAAC;IAC9E,2EAA2E;IAC3E,4EAA4E;IAC5E,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,wCAAwC,CAAC;IACpE,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,mBAAmB,CAAC;IAErC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,IAAI,CAAyB,CAAC;IAC9B,KAAK,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,kBAAkB,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI;YAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACtE,CAAC;IAED,+EAA+E;IAC/E,8EAA8E;IAC9E,0EAA0E;IAC1E,iEAAiE;IACjE,MAAM,aAAa,GACjB,sFAAsF,CAAC;IAEzF,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC;YACR,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,sBAAsB;YAC1F,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC;YAC1B,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC;SACjC,CAAC,CAAC;IACL,CAAC;IAED,cAAc;IACd,yDAAyD;IACzD,MAAM,YAAY,GAAG,iDAAiD,CAAC;IACvE,MAAM,UAAU,GAAG,2CAA2C,CAAC;IAC/D,4EAA4E;IAC5E,2DAA2D;IAC3D,MAAM,UAAU,GAAG,iFAAiF,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAElH,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAyB,CAAC;QAC9B,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC;QAC/D,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC/G,MAAM,CAAC,gCAAgC;QACzC,CAAC;QACD,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC3D,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC7G,MAAM;QACR,CAAC;QACD,+BAA+B;QAC/B,MAAM,WAAW,GAAG,yCAAyC,CAAC;QAC9D,MAAM,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,EAAE,EAAE,CAAC;YACP,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,OAAO,gDAAgD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IACvC,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,oBAAoB,CAAC;IAEhC,KAAK,CAAC,SAAS;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE7D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,qBAAqB,CAAC,CAAC;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAkB,CAAC;YAC3E,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC1B,IAAI,CAAC,CAAC,CAAC,MAAM;oBAAE,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC;gBAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,0EAA0E;YAC1E,sDAAsD;YACtD,IAAI,UAAU,CAAC,IAAI,EAAE,WAAW,CAAC;gBAAE,SAAS;YAC5C,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,OAAO,EAAE,CAAC;YACV,IAAI,WAAW,CAAC,OAAO,CAAC;gBAAE,eAAe,GAAG,IAAI,CAAC;YACjD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC1C,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,IAAI,IAAI,GAAG;gBAAE,MAAM;QAC9B,CAAC;QAED,qEAAqE;QACrE,qDAAqD;QACrD,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,eAAe,IAAI,SAAS,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtD,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,SAAS;gBAC5B,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,kBAAkB;gBAC1B,WAAW,EACT,sLAAsL;aACzL,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;QAE/D,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,UAAU;YAC7B,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,kBAAkB;YAC1B,WAAW,EAAE,2BAA2B,OAAO,aAAa,IAAI,CAAC,MAAM,wBAAwB,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,GAAG;SACzI,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,SAAS,CAAC,GAAe;QAC/B,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;SACf,CAAC;QACF,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9D,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,gCAAgC;gBACnC,OAAO;oBACL,GAAG,IAAI;oBACP,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,mCAAmC,IAAI,EAAE;oBAC5D,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE,UAAU;oBACpB,WAAW,EAAE,qDAAqD,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,kIAAkI,GAAG,CAAC,OAAO,IAAI;iBACxO,CAAC;YACJ,KAAK,sBAAsB;gBACzB,uEAAuE;gBACvE,0EAA0E;gBAC1E,gEAAgE;gBAChE,OAAO;oBACL,GAAG,IAAI;oBACP,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,yBAAyB,IAAI,EAAE;oBAClD,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,4DAA4D,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,4GAA4G,GAAG,CAAC,OAAO,IAAI;iBACzN,CAAC;YACJ,KAAK,mBAAmB;gBACtB,OAAO;oBACL,GAAG,IAAI;oBACP,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,sBAAsB,IAAI,EAAE;oBAC/C,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,iCAAiC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,qFAAqF,GAAG,CAAC,OAAO,IAAI;iBACvK,CAAC;YACJ,KAAK,iBAAiB;gBACpB,OAAO;oBACL,GAAG,IAAI;oBACP,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,oBAAoB,IAAI,EAAE;oBAC7C,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,+BAA+B,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,0DAA0D,GAAG,CAAC,OAAO,IAAI;iBAC1I,CAAC;YACJ,KAAK,kBAAkB;gBACrB,OAAO;oBACL,GAAG,IAAI;oBACP,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,qBAAqB,IAAI,EAAE;oBAC9C,IAAI,EAAE,mBAAmB;oBACzB,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,4DAA4D,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,0CAA0C,GAAG,CAAC,OAAO,IAAI;iBACvJ,CAAC;QACN,CAAC;IACH,CAAC;IAEO,YAAY,CAClB,WAAmB,EACnB,YAAoB,EACpB,eAAwB,EACxB,IAAkB;QAElB,MAAM,KAAK,GAAiB;YAC1B,OAAO,EAAE,CAAC;YACV,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,WAAW;YACX,YAAY;YACZ,eAAe;YACf,IAAI;SACL,CAAC;QACF,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACvD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/C,EAAE,CAAC,aAAa,CACd,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,EAC7C,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAC9B,OAAO,CACR,CAAC;YACF,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,8BAA8B;gBACpC,WAAW,EAAE,mBAAmB,IAAI,CAAC,MAAM,oBAAoB,YAAY,UAAU;aACtF,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Logging Hygiene Auditor — static scan for log statements that leak
|
|
3
|
+
* secrets or PII. Logs routinely get shipped to third-party aggregators
|
|
4
|
+
* (Datadog, Sentry, CloudWatch), so a `console.log(user)` that includes a
|
|
5
|
+
* password hash or a `logger.info(req.headers)` that includes an
|
|
6
|
+
* Authorization bearer token is a real exfiltration path.
|
|
7
|
+
*
|
|
8
|
+
* Detected log calls: console.{log,info,warn,error,debug,trace,dir},
|
|
9
|
+
* logger.{...}, log.{...}, req.log.{...}, fastify.log.{...},
|
|
10
|
+
* this.logger.{...}.
|
|
11
|
+
*
|
|
12
|
+
* Findings (scanned within each log call's argument list):
|
|
13
|
+
* - 99-logs-sensitive-var high code-bug-security
|
|
14
|
+
* A clearly-secret identifier/property is logged: password, secret,
|
|
15
|
+
* apiKey, privateKey, clientSecret, accessToken, authorization,
|
|
16
|
+
* creditCard, ssn (and snake_case variants).
|
|
17
|
+
* - 99-logs-process-env high code-bug-security
|
|
18
|
+
* process.env (whole object or a specific var) is logged — dumps
|
|
19
|
+
* secrets straight into the log stream.
|
|
20
|
+
* - 99-logs-request-object medium code-bug-security
|
|
21
|
+
* A raw request / req.body / req.headers / req.cookies is logged —
|
|
22
|
+
* may carry auth headers, session cookies, or PII in the body.
|
|
23
|
+
* - 99-summary info infra-issue
|
|
24
|
+
*
|
|
25
|
+
* Persists `evidence/logging-audit.json`. Read-only, parallel-safe,
|
|
26
|
+
* static analysis only.
|
|
27
|
+
*/
|
|
28
|
+
import type { Finding } from '../core/types.js';
|
|
29
|
+
import { BaseAgent } from './base-agent.js';
|
|
30
|
+
export type LogIssueKind = 'logs-sensitive-var' | 'logs-process-env' | 'logs-request-object';
|
|
31
|
+
export interface LogHit {
|
|
32
|
+
kind: LogIssueKind;
|
|
33
|
+
detail: string;
|
|
34
|
+
file: string;
|
|
35
|
+
line: number;
|
|
36
|
+
snippet: string;
|
|
37
|
+
}
|
|
38
|
+
export interface LoggingAudit {
|
|
39
|
+
version: 1;
|
|
40
|
+
generatedAt: string;
|
|
41
|
+
projectRoot: string;
|
|
42
|
+
filesScanned: number;
|
|
43
|
+
logCallsSeen: number;
|
|
44
|
+
hits: LogHit[];
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Inspect a log call's argument text for sensitive content. Returns the
|
|
48
|
+
* issues found (a single call can trip more than one).
|
|
49
|
+
*/
|
|
50
|
+
export declare function inspectLogArgs(args: string): Array<{
|
|
51
|
+
kind: LogIssueKind;
|
|
52
|
+
detail: string;
|
|
53
|
+
}>;
|
|
54
|
+
/** Find all log-call sites and the issues within their arguments. */
|
|
55
|
+
export declare function scanLogging(content: string): {
|
|
56
|
+
logCalls: number;
|
|
57
|
+
hits: Array<Omit<LogHit, 'file'>>;
|
|
58
|
+
};
|
|
59
|
+
export declare class LoggingHygieneAuditorAgent extends BaseAgent {
|
|
60
|
+
readonly agentId = 99;
|
|
61
|
+
readonly agentName = "Logging Hygiene Auditor";
|
|
62
|
+
protected preFlight(): Promise<void>;
|
|
63
|
+
protected execute(): Promise<Finding[]>;
|
|
64
|
+
private toFinding;
|
|
65
|
+
private persistAudit;
|
|
66
|
+
}
|
|
67
|
+
//# sourceMappingURL=99-logging-hygiene-auditor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"99-logging-hygiene-auditor.d.ts","sourceRoot":"","sources":["../../agents/99-logging-hygiene-auditor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAqBzC,MAAM,MAAM,YAAY,GAAG,oBAAoB,GAAG,kBAAkB,GAAG,qBAAqB,CAAC;AAE7F,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,CAAC,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAwDD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,KAAK,CAAC;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAkD1F;AAED,qEAAqE;AACrE,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAAE,CAkCpG;AAED,qBAAa,0BAA2B,SAAQ,SAAS;IACvD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,6BAA6B;cAE/B,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAO1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAwE7C,OAAO,CAAC,SAAS;IA+BjB,OAAO,CAAC,YAAY;CA+BrB"}
|