@avi770/testteam 3.0.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +166 -5
- package/README.md +92 -19
- package/bin/testteam.js +32 -4
- package/dist/agents/01-analyst.d.ts +2 -2
- package/dist/agents/01-analyst.js +1 -1
- package/dist/agents/02-seed-architect.d.ts +2 -2
- package/dist/agents/02-seed-architect.js +2 -2
- package/dist/agents/03-test-generator.d.ts +2 -2
- package/dist/agents/03-test-generator.js +2 -2
- package/dist/agents/04-unit-runner.d.ts +2 -2
- package/dist/agents/04-unit-runner.d.ts.map +1 -1
- package/dist/agents/04-unit-runner.js +12 -3
- package/dist/agents/04-unit-runner.js.map +1 -1
- package/dist/agents/05-browser-crawler.d.ts +2 -2
- package/dist/agents/05-browser-crawler.d.ts.map +1 -1
- package/dist/agents/05-browser-crawler.js +24 -12
- package/dist/agents/05-browser-crawler.js.map +1 -1
- package/dist/agents/06-api-exerciser.d.ts +2 -2
- package/dist/agents/06-api-exerciser.js +2 -2
- package/dist/agents/07-security-scout.d.ts +2 -2
- package/dist/agents/07-security-scout.js +2 -2
- package/dist/agents/08-a11y-guardian.d.ts +2 -2
- package/dist/agents/08-a11y-guardian.d.ts.map +1 -1
- package/dist/agents/08-a11y-guardian.js +9 -5
- package/dist/agents/08-a11y-guardian.js.map +1 -1
- package/dist/agents/09-healer.d.ts +2 -2
- package/dist/agents/09-healer.js +2 -2
- package/dist/agents/10-reporter.d.ts +2 -2
- package/dist/agents/10-reporter.d.ts.map +1 -1
- package/dist/agents/10-reporter.js +55 -27
- package/dist/agents/10-reporter.js.map +1 -1
- package/dist/agents/100-error-handling-auditor.d.ts +63 -0
- package/dist/agents/100-error-handling-auditor.d.ts.map +1 -0
- package/dist/agents/100-error-handling-auditor.js +334 -0
- package/dist/agents/100-error-handling-auditor.js.map +1 -0
- package/dist/agents/101-rate-limit-auditor.d.ts +72 -0
- package/dist/agents/101-rate-limit-auditor.d.ts.map +1 -0
- package/dist/agents/101-rate-limit-auditor.js +295 -0
- package/dist/agents/101-rate-limit-auditor.js.map +1 -0
- package/dist/agents/102-dockerfile-auditor.d.ts +62 -0
- package/dist/agents/102-dockerfile-auditor.d.ts.map +1 -0
- package/dist/agents/102-dockerfile-auditor.js +337 -0
- package/dist/agents/102-dockerfile-auditor.js.map +1 -0
- package/dist/agents/103-ci-workflow-auditor.d.ts +57 -0
- package/dist/agents/103-ci-workflow-auditor.d.ts.map +1 -0
- package/dist/agents/103-ci-workflow-auditor.js +247 -0
- package/dist/agents/103-ci-workflow-auditor.js.map +1 -0
- package/dist/agents/104-n-plus-one-detector.d.ts +57 -0
- package/dist/agents/104-n-plus-one-detector.d.ts.map +1 -0
- package/dist/agents/104-n-plus-one-detector.js +329 -0
- package/dist/agents/104-n-plus-one-detector.js.map +1 -0
- package/dist/agents/105-unbounded-query-auditor.d.ts +50 -0
- package/dist/agents/105-unbounded-query-auditor.d.ts.map +1 -0
- package/dist/agents/105-unbounded-query-auditor.js +284 -0
- package/dist/agents/105-unbounded-query-auditor.js.map +1 -0
- package/dist/agents/106-hardcoded-config-auditor.d.ts +54 -0
- package/dist/agents/106-hardcoded-config-auditor.d.ts.map +1 -0
- package/dist/agents/106-hardcoded-config-auditor.js +251 -0
- package/dist/agents/106-hardcoded-config-auditor.js.map +1 -0
- package/dist/agents/107-open-redirect-detector.d.ts +52 -0
- package/dist/agents/107-open-redirect-detector.d.ts.map +1 -0
- package/dist/agents/107-open-redirect-detector.js +263 -0
- package/dist/agents/107-open-redirect-detector.js.map +1 -0
- package/dist/agents/108-sql-injection-detector.d.ts +51 -0
- package/dist/agents/108-sql-injection-detector.d.ts.map +1 -0
- package/dist/agents/108-sql-injection-detector.js +323 -0
- package/dist/agents/108-sql-injection-detector.js.map +1 -0
- package/dist/agents/109-path-traversal-detector.d.ts +51 -0
- package/dist/agents/109-path-traversal-detector.d.ts.map +1 -0
- package/dist/agents/109-path-traversal-detector.js +244 -0
- package/dist/agents/109-path-traversal-detector.js.map +1 -0
- package/dist/agents/11-fixer.d.ts +4 -2
- package/dist/agents/11-fixer.d.ts.map +1 -1
- package/dist/agents/11-fixer.js +52 -11
- package/dist/agents/11-fixer.js.map +1 -1
- package/dist/agents/110-mass-assignment-detector.d.ts +52 -0
- package/dist/agents/110-mass-assignment-detector.d.ts.map +1 -0
- package/dist/agents/110-mass-assignment-detector.js +199 -0
- package/dist/agents/110-mass-assignment-detector.js.map +1 -0
- package/dist/agents/111-dynamic-eval-detector.d.ts +46 -0
- package/dist/agents/111-dynamic-eval-detector.d.ts.map +1 -0
- package/dist/agents/111-dynamic-eval-detector.js +233 -0
- package/dist/agents/111-dynamic-eval-detector.js.map +1 -0
- package/dist/agents/112-taint-tracker.d.ts +226 -0
- package/dist/agents/112-taint-tracker.d.ts.map +1 -0
- package/dist/agents/112-taint-tracker.js +1273 -0
- package/dist/agents/112-taint-tracker.js.map +1 -0
- package/dist/agents/113-response-contract-auditor.d.ts +92 -0
- package/dist/agents/113-response-contract-auditor.d.ts.map +1 -0
- package/dist/agents/113-response-contract-auditor.js +694 -0
- package/dist/agents/113-response-contract-auditor.js.map +1 -0
- package/dist/agents/114-static-a11y-auditor.d.ts +66 -0
- package/dist/agents/114-static-a11y-auditor.d.ts.map +1 -0
- package/dist/agents/114-static-a11y-auditor.js +377 -0
- package/dist/agents/114-static-a11y-auditor.js.map +1 -0
- package/dist/agents/115-multihop-taint-tracker.d.ts +84 -0
- package/dist/agents/115-multihop-taint-tracker.d.ts.map +1 -0
- package/dist/agents/115-multihop-taint-tracker.js +340 -0
- package/dist/agents/115-multihop-taint-tracker.js.map +1 -0
- package/dist/agents/116-runtime-contract-capture.d.ts +79 -0
- package/dist/agents/116-runtime-contract-capture.d.ts.map +1 -0
- package/dist/agents/116-runtime-contract-capture.js +274 -0
- package/dist/agents/116-runtime-contract-capture.js.map +1 -0
- package/dist/agents/117-aria-rule-engine.d.ts +52 -0
- package/dist/agents/117-aria-rule-engine.d.ts.map +1 -0
- package/dist/agents/117-aria-rule-engine.js +415 -0
- package/dist/agents/117-aria-rule-engine.js.map +1 -0
- package/dist/agents/118-insecure-crypto-auditor.d.ts +48 -0
- package/dist/agents/118-insecure-crypto-auditor.d.ts.map +1 -0
- package/dist/agents/118-insecure-crypto-auditor.js +232 -0
- package/dist/agents/118-insecure-crypto-auditor.js.map +1 -0
- package/dist/agents/119-secrets-scanner.d.ts +44 -0
- package/dist/agents/119-secrets-scanner.d.ts.map +1 -0
- package/dist/agents/119-secrets-scanner.js +242 -0
- package/dist/agents/119-secrets-scanner.js.map +1 -0
- package/dist/agents/12-ux-inspector.d.ts +2 -2
- package/dist/agents/12-ux-inspector.d.ts.map +1 -1
- package/dist/agents/12-ux-inspector.js +8 -4
- package/dist/agents/12-ux-inspector.js.map +1 -1
- package/dist/agents/120-async-safety-auditor.d.ts +48 -0
- package/dist/agents/120-async-safety-auditor.d.ts.map +1 -0
- package/dist/agents/120-async-safety-auditor.js +250 -0
- package/dist/agents/120-async-safety-auditor.js.map +1 -0
- package/dist/agents/13-performance-profiler.d.ts +2 -2
- package/dist/agents/13-performance-profiler.d.ts.map +1 -1
- package/dist/agents/13-performance-profiler.js +5 -4
- package/dist/agents/13-performance-profiler.js.map +1 -1
- package/dist/agents/14-data-integrity-auditor.d.ts +2 -2
- package/dist/agents/14-data-integrity-auditor.js +4 -4
- package/dist/agents/14-data-integrity-auditor.js.map +1 -1
- package/dist/agents/15-regression-sentinel.d.ts +6 -5
- package/dist/agents/15-regression-sentinel.d.ts.map +1 -1
- package/dist/agents/15-regression-sentinel.js +5 -4
- package/dist/agents/15-regression-sentinel.js.map +1 -1
- package/dist/agents/16-chaos-agent.d.ts +2 -2
- package/dist/agents/16-chaos-agent.d.ts.map +1 -1
- package/dist/agents/16-chaos-agent.js +11 -4
- package/dist/agents/16-chaos-agent.js.map +1 -1
- package/dist/agents/17-documentation-validator.d.ts +2 -2
- package/dist/agents/17-documentation-validator.d.ts.map +1 -1
- package/dist/agents/17-documentation-validator.js +5 -2
- package/dist/agents/17-documentation-validator.js.map +1 -1
- package/dist/agents/18-integration-watchdog.d.ts +2 -2
- package/dist/agents/18-integration-watchdog.d.ts.map +1 -1
- package/dist/agents/18-integration-watchdog.js +5 -2
- package/dist/agents/18-integration-watchdog.js.map +1 -1
- package/dist/agents/19-tenant-isolation-auditor.d.ts +2 -2
- package/dist/agents/19-tenant-isolation-auditor.js +4 -4
- package/dist/agents/19-tenant-isolation-auditor.js.map +1 -1
- package/dist/agents/20-workflow-completion-tester.d.ts +2 -2
- package/dist/agents/20-workflow-completion-tester.d.ts.map +1 -1
- package/dist/agents/20-workflow-completion-tester.js +10 -6
- package/dist/agents/20-workflow-completion-tester.js.map +1 -1
- package/dist/agents/21-state-session-tester.d.ts +2 -2
- package/dist/agents/21-state-session-tester.d.ts.map +1 -1
- package/dist/agents/21-state-session-tester.js +15 -5
- package/dist/agents/21-state-session-tester.js.map +1 -1
- package/dist/agents/22-email-notification-verifier.d.ts +2 -2
- package/dist/agents/22-email-notification-verifier.js +2 -2
- package/dist/agents/23-migration-tester.d.ts +2 -2
- package/dist/agents/23-migration-tester.js +1 -1
- package/dist/agents/24-signup-onboarding-tester.d.ts +2 -2
- package/dist/agents/24-signup-onboarding-tester.d.ts.map +1 -1
- package/dist/agents/24-signup-onboarding-tester.js +13 -10
- package/dist/agents/24-signup-onboarding-tester.js.map +1 -1
- package/dist/agents/25-crud-flow-tester.d.ts +2 -2
- package/dist/agents/25-crud-flow-tester.d.ts.map +1 -1
- package/dist/agents/25-crud-flow-tester.js +12 -6
- package/dist/agents/25-crud-flow-tester.js.map +1 -1
- package/dist/agents/26-form-validator.d.ts +2 -2
- package/dist/agents/26-form-validator.d.ts.map +1 -1
- package/dist/agents/26-form-validator.js +12 -6
- package/dist/agents/26-form-validator.js.map +1 -1
- package/dist/agents/27-search-filter-tester.d.ts +2 -2
- package/dist/agents/27-search-filter-tester.d.ts.map +1 -1
- package/dist/agents/27-search-filter-tester.js +12 -6
- package/dist/agents/27-search-filter-tester.js.map +1 -1
- package/dist/agents/28-navigation-routing-tester.d.ts +2 -2
- package/dist/agents/28-navigation-routing-tester.d.ts.map +1 -1
- package/dist/agents/28-navigation-routing-tester.js +12 -6
- package/dist/agents/28-navigation-routing-tester.js.map +1 -1
- package/dist/agents/29-responsive-interaction-tester.d.ts +2 -2
- package/dist/agents/29-responsive-interaction-tester.d.ts.map +1 -1
- package/dist/agents/29-responsive-interaction-tester.js +12 -6
- package/dist/agents/29-responsive-interaction-tester.js.map +1 -1
- package/dist/agents/30-multi-user-scenario-tester.d.ts +2 -2
- package/dist/agents/30-multi-user-scenario-tester.d.ts.map +1 -1
- package/dist/agents/30-multi-user-scenario-tester.js +20 -13
- package/dist/agents/30-multi-user-scenario-tester.js.map +1 -1
- package/dist/agents/31-load-tester.d.ts +2 -2
- package/dist/agents/31-load-tester.js +2 -2
- package/dist/agents/32-memory-leak-detector.d.ts +2 -2
- package/dist/agents/32-memory-leak-detector.d.ts.map +1 -1
- package/dist/agents/32-memory-leak-detector.js +5 -4
- package/dist/agents/32-memory-leak-detector.js.map +1 -1
- package/dist/agents/33-bundle-analyzer.d.ts +2 -2
- package/dist/agents/33-bundle-analyzer.js +1 -1
- package/dist/agents/34-xss-scanner.d.ts +2 -2
- package/dist/agents/34-xss-scanner.d.ts.map +1 -1
- package/dist/agents/34-xss-scanner.js +12 -6
- package/dist/agents/34-xss-scanner.js.map +1 -1
- package/dist/agents/35-csrf-tester.d.ts +2 -2
- package/dist/agents/35-csrf-tester.js +2 -2
- package/dist/agents/36-auth-fuzzer.d.ts +2 -2
- package/dist/agents/36-auth-fuzzer.js +2 -2
- package/dist/agents/37-dependency-scanner.d.ts +2 -2
- package/dist/agents/37-dependency-scanner.js +1 -1
- package/dist/agents/38-secrets-scanner.d.ts +2 -2
- package/dist/agents/38-secrets-scanner.d.ts.map +1 -1
- package/dist/agents/38-secrets-scanner.js +39 -4
- package/dist/agents/38-secrets-scanner.js.map +1 -1
- package/dist/agents/39-api-contract-tester.d.ts +2 -2
- package/dist/agents/39-api-contract-tester.js +2 -2
- package/dist/agents/40-rate-limit-tester.d.ts +2 -2
- package/dist/agents/40-rate-limit-tester.js +2 -2
- package/dist/agents/41-api-pagination-tester.d.ts +2 -2
- package/dist/agents/41-api-pagination-tester.js +2 -2
- package/dist/agents/42-graphql-tester.d.ts +2 -2
- package/dist/agents/42-graphql-tester.js +2 -2
- package/dist/agents/43-data-consistency-checker.d.ts +2 -2
- package/dist/agents/43-data-consistency-checker.js +3 -3
- package/dist/agents/44-backup-recovery-tester.d.ts +2 -2
- package/dist/agents/44-backup-recovery-tester.js +1 -1
- package/dist/agents/45-data-privacy-scanner.d.ts +2 -2
- package/dist/agents/45-data-privacy-scanner.js +3 -3
- package/dist/agents/46-seo-auditor.d.ts +2 -2
- package/dist/agents/46-seo-auditor.d.ts.map +1 -1
- package/dist/agents/46-seo-auditor.js +12 -6
- package/dist/agents/46-seo-auditor.js.map +1 -1
- package/dist/agents/47-social-preview-tester.d.ts +2 -2
- package/dist/agents/47-social-preview-tester.d.ts.map +1 -1
- package/dist/agents/47-social-preview-tester.js +12 -6
- package/dist/agents/47-social-preview-tester.js.map +1 -1
- package/dist/agents/48-lighthouse-auditor.d.ts +2 -2
- package/dist/agents/48-lighthouse-auditor.d.ts.map +1 -1
- package/dist/agents/48-lighthouse-auditor.js +5 -4
- package/dist/agents/48-lighthouse-auditor.js.map +1 -1
- package/dist/agents/49-i18n-tester.d.ts +2 -2
- package/dist/agents/49-i18n-tester.d.ts.map +1 -1
- package/dist/agents/49-i18n-tester.js +12 -6
- package/dist/agents/49-i18n-tester.js.map +1 -1
- package/dist/agents/50-timezone-tester.d.ts +2 -2
- package/dist/agents/50-timezone-tester.d.ts.map +1 -1
- package/dist/agents/50-timezone-tester.js +40 -33
- package/dist/agents/50-timezone-tester.js.map +1 -1
- package/dist/agents/51-error-recovery-tester.d.ts +2 -2
- package/dist/agents/51-error-recovery-tester.d.ts.map +1 -1
- package/dist/agents/51-error-recovery-tester.js +12 -7
- package/dist/agents/51-error-recovery-tester.js.map +1 -1
- package/dist/agents/52-offline-mode-tester.d.ts +2 -2
- package/dist/agents/52-offline-mode-tester.d.ts.map +1 -1
- package/dist/agents/52-offline-mode-tester.js +12 -7
- package/dist/agents/52-offline-mode-tester.js.map +1 -1
- package/dist/agents/53-graceful-degradation-tester.d.ts +2 -2
- package/dist/agents/53-graceful-degradation-tester.d.ts.map +1 -1
- package/dist/agents/53-graceful-degradation-tester.js +10 -3
- package/dist/agents/53-graceful-degradation-tester.js.map +1 -1
- package/dist/agents/54-websocket-tester.d.ts +2 -2
- package/dist/agents/54-websocket-tester.d.ts.map +1 -1
- package/dist/agents/54-websocket-tester.js +12 -6
- package/dist/agents/54-websocket-tester.js.map +1 -1
- package/dist/agents/55-realtime-sync-tester.d.ts +2 -2
- package/dist/agents/55-realtime-sync-tester.d.ts.map +1 -1
- package/dist/agents/55-realtime-sync-tester.js +101 -96
- package/dist/agents/55-realtime-sync-tester.js.map +1 -1
- package/dist/agents/56-file-upload-tester.d.ts +2 -2
- package/dist/agents/56-file-upload-tester.d.ts.map +1 -1
- package/dist/agents/56-file-upload-tester.js +17 -13
- package/dist/agents/56-file-upload-tester.js.map +1 -1
- package/dist/agents/57-export-tester.d.ts +2 -2
- package/dist/agents/57-export-tester.d.ts.map +1 -1
- package/dist/agents/57-export-tester.js +8 -4
- package/dist/agents/57-export-tester.js.map +1 -1
- package/dist/agents/58-payment-flow-tester.d.ts +2 -2
- package/dist/agents/58-payment-flow-tester.d.ts.map +1 -1
- package/dist/agents/58-payment-flow-tester.js +8 -4
- package/dist/agents/58-payment-flow-tester.js.map +1 -1
- package/dist/agents/59-ssl-tls-auditor.d.ts +2 -2
- package/dist/agents/59-ssl-tls-auditor.js +2 -2
- package/dist/agents/60-dns-cdn-tester.d.ts +2 -2
- package/dist/agents/60-dns-cdn-tester.js +2 -2
- package/dist/agents/61-docker-health-checker.d.ts +2 -2
- package/dist/agents/61-docker-health-checker.js +1 -1
- package/dist/agents/62-env-config-validator.d.ts +2 -2
- package/dist/agents/62-env-config-validator.js +1 -1
- package/dist/agents/63-log-quality-auditor.d.ts +2 -2
- package/dist/agents/63-log-quality-auditor.js +1 -1
- package/dist/agents/64-analytics-tracker-tester.d.ts +2 -2
- package/dist/agents/64-analytics-tracker-tester.d.ts.map +1 -1
- package/dist/agents/64-analytics-tracker-tester.js +8 -4
- package/dist/agents/64-analytics-tracker-tester.js.map +1 -1
- package/dist/agents/65-gdpr-compliance-tester.d.ts +2 -2
- package/dist/agents/65-gdpr-compliance-tester.d.ts.map +1 -1
- package/dist/agents/65-gdpr-compliance-tester.js +55 -40
- package/dist/agents/65-gdpr-compliance-tester.js.map +1 -1
- package/dist/agents/66-soc2-control-validator.d.ts +2 -2
- package/dist/agents/66-soc2-control-validator.d.ts.map +1 -1
- package/dist/agents/66-soc2-control-validator.js +29 -21
- package/dist/agents/66-soc2-control-validator.js.map +1 -1
- package/dist/agents/67-wcag-aaa-tester.d.ts +2 -2
- package/dist/agents/67-wcag-aaa-tester.d.ts.map +1 -1
- package/dist/agents/67-wcag-aaa-tester.js +12 -6
- package/dist/agents/67-wcag-aaa-tester.js.map +1 -1
- package/dist/agents/68-dead-code-detector.d.ts +2 -2
- package/dist/agents/68-dead-code-detector.d.ts.map +1 -1
- package/dist/agents/68-dead-code-detector.js +6 -3
- package/dist/agents/68-dead-code-detector.js.map +1 -1
- package/dist/agents/69-type-safety-auditor.d.ts +2 -2
- package/dist/agents/69-type-safety-auditor.js +1 -1
- package/dist/agents/70-complexity-analyzer.d.ts +2 -2
- package/dist/agents/70-complexity-analyzer.js +1 -1
- package/dist/agents/71-unit-testing-agent.d.ts +15 -0
- package/dist/agents/71-unit-testing-agent.d.ts.map +1 -0
- package/dist/agents/71-unit-testing-agent.js +220 -0
- package/dist/agents/71-unit-testing-agent.js.map +1 -0
- package/dist/agents/72-integration-testing-agent.d.ts +13 -0
- package/dist/agents/72-integration-testing-agent.d.ts.map +1 -0
- package/dist/agents/72-integration-testing-agent.js +243 -0
- package/dist/agents/72-integration-testing-agent.js.map +1 -0
- package/dist/agents/73-system-testing-agent.d.ts +11 -0
- package/dist/agents/73-system-testing-agent.d.ts.map +1 -0
- package/dist/agents/73-system-testing-agent.js +175 -0
- package/dist/agents/73-system-testing-agent.js.map +1 -0
- package/dist/agents/74-acceptance-testing-agent.d.ts +13 -0
- package/dist/agents/74-acceptance-testing-agent.d.ts.map +1 -0
- package/dist/agents/74-acceptance-testing-agent.js +254 -0
- package/dist/agents/74-acceptance-testing-agent.js.map +1 -0
- package/dist/agents/75-sanity-testing-agent.d.ts +15 -0
- package/dist/agents/75-sanity-testing-agent.d.ts.map +1 -0
- package/dist/agents/75-sanity-testing-agent.js +240 -0
- package/dist/agents/75-sanity-testing-agent.js.map +1 -0
- package/dist/agents/76-regression-testing-agent.d.ts +14 -0
- package/dist/agents/76-regression-testing-agent.d.ts.map +1 -0
- package/dist/agents/76-regression-testing-agent.js +230 -0
- package/dist/agents/76-regression-testing-agent.js.map +1 -0
- package/dist/agents/77-browser-load-testing-agent.d.ts +11 -0
- package/dist/agents/77-browser-load-testing-agent.d.ts.map +1 -0
- package/dist/agents/77-browser-load-testing-agent.js +128 -0
- package/dist/agents/77-browser-load-testing-agent.js.map +1 -0
- package/dist/agents/78-stress-testing-agent.d.ts +11 -0
- package/dist/agents/78-stress-testing-agent.d.ts.map +1 -0
- package/dist/agents/78-stress-testing-agent.js +146 -0
- package/dist/agents/78-stress-testing-agent.js.map +1 -0
- package/dist/agents/79-endurance-testing-agent.d.ts +12 -0
- package/dist/agents/79-endurance-testing-agent.d.ts.map +1 -0
- package/dist/agents/79-endurance-testing-agent.js +165 -0
- package/dist/agents/79-endurance-testing-agent.js.map +1 -0
- package/dist/agents/80-usability-testing-agent.d.ts +11 -0
- package/dist/agents/80-usability-testing-agent.d.ts.map +1 -0
- package/dist/agents/80-usability-testing-agent.js +196 -0
- package/dist/agents/80-usability-testing-agent.js.map +1 -0
- package/dist/agents/81-compatibility-testing-agent.d.ts +11 -0
- package/dist/agents/81-compatibility-testing-agent.d.ts.map +1 -0
- package/dist/agents/81-compatibility-testing-agent.js +224 -0
- package/dist/agents/81-compatibility-testing-agent.js.map +1 -0
- package/dist/agents/82-exploratory-testing-agent.d.ts +14 -0
- package/dist/agents/82-exploratory-testing-agent.d.ts.map +1 -0
- package/dist/agents/82-exploratory-testing-agent.js +345 -0
- package/dist/agents/82-exploratory-testing-agent.js.map +1 -0
- package/dist/agents/83-static-analysis-agent.d.ts +14 -0
- package/dist/agents/83-static-analysis-agent.d.ts.map +1 -0
- package/dist/agents/83-static-analysis-agent.js +261 -0
- package/dist/agents/83-static-analysis-agent.js.map +1 -0
- package/dist/agents/84-governance-testing-agent.d.ts +28 -0
- package/dist/agents/84-governance-testing-agent.d.ts.map +1 -0
- package/dist/agents/84-governance-testing-agent.js +591 -0
- package/dist/agents/84-governance-testing-agent.js.map +1 -0
- package/dist/agents/85-stagehand-agent.d.ts +22 -0
- package/dist/agents/85-stagehand-agent.d.ts.map +1 -0
- package/dist/agents/85-stagehand-agent.js +81 -0
- package/dist/agents/85-stagehand-agent.js.map +1 -0
- package/dist/agents/86-browser-use-agent.d.ts +31 -0
- package/dist/agents/86-browser-use-agent.d.ts.map +1 -0
- package/dist/agents/86-browser-use-agent.js +121 -0
- package/dist/agents/86-browser-use-agent.js.map +1 -0
- package/dist/agents/87-connection-mapper.d.ts +93 -0
- package/dist/agents/87-connection-mapper.d.ts.map +1 -0
- package/dist/agents/87-connection-mapper.js +658 -0
- package/dist/agents/87-connection-mapper.js.map +1 -0
- package/dist/agents/88-localhost-walkthrough.d.ts +272 -0
- package/dist/agents/88-localhost-walkthrough.d.ts.map +1 -0
- package/dist/agents/88-localhost-walkthrough.js +1203 -0
- package/dist/agents/88-localhost-walkthrough.js.map +1 -0
- package/dist/agents/89-repair-retest.d.ts +63 -0
- package/dist/agents/89-repair-retest.d.ts.map +1 -0
- package/dist/agents/89-repair-retest.js +227 -0
- package/dist/agents/89-repair-retest.js.map +1 -0
- package/dist/agents/90-response-shape-validator.d.ts +35 -0
- package/dist/agents/90-response-shape-validator.d.ts.map +1 -0
- package/dist/agents/90-response-shape-validator.js +156 -0
- package/dist/agents/90-response-shape-validator.js.map +1 -0
- package/dist/agents/91-boundary-fuzzer.d.ts +99 -0
- package/dist/agents/91-boundary-fuzzer.d.ts.map +1 -0
- package/dist/agents/91-boundary-fuzzer.js +0 -0
- package/dist/agents/91-boundary-fuzzer.js.map +1 -0
- package/dist/agents/92-repair-simulator.d.ts +89 -0
- package/dist/agents/92-repair-simulator.d.ts.map +1 -0
- package/dist/agents/92-repair-simulator.js +401 -0
- package/dist/agents/92-repair-simulator.js.map +1 -0
- package/dist/agents/93-env-var-auditor.d.ts +64 -0
- package/dist/agents/93-env-var-auditor.d.ts.map +1 -0
- package/dist/agents/93-env-var-auditor.js +435 -0
- package/dist/agents/93-env-var-auditor.js.map +1 -0
- package/dist/agents/94-schema-validator.d.ts +148 -0
- package/dist/agents/94-schema-validator.d.ts.map +1 -0
- package/dist/agents/94-schema-validator.js +567 -0
- package/dist/agents/94-schema-validator.js.map +1 -0
- package/dist/agents/95-contract-drift.d.ts +87 -0
- package/dist/agents/95-contract-drift.d.ts.map +1 -0
- package/dist/agents/95-contract-drift.js +335 -0
- package/dist/agents/95-contract-drift.js.map +1 -0
- package/dist/agents/96-cookie-security-auditor.d.ts +86 -0
- package/dist/agents/96-cookie-security-auditor.d.ts.map +1 -0
- package/dist/agents/96-cookie-security-auditor.js +339 -0
- package/dist/agents/96-cookie-security-auditor.js.map +1 -0
- package/dist/agents/97-healthcheck-validator.d.ts +62 -0
- package/dist/agents/97-healthcheck-validator.d.ts.map +1 -0
- package/dist/agents/97-healthcheck-validator.js +204 -0
- package/dist/agents/97-healthcheck-validator.js.map +1 -0
- package/dist/agents/98-cors-csp-auditor.d.ts +70 -0
- package/dist/agents/98-cors-csp-auditor.d.ts.map +1 -0
- package/dist/agents/98-cors-csp-auditor.js +308 -0
- package/dist/agents/98-cors-csp-auditor.js.map +1 -0
- package/dist/agents/99-logging-hygiene-auditor.d.ts +67 -0
- package/dist/agents/99-logging-hygiene-auditor.d.ts.map +1 -0
- package/dist/agents/99-logging-hygiene-auditor.js +325 -0
- package/dist/agents/99-logging-hygiene-auditor.js.map +1 -0
- package/dist/agents/base-agent.d.ts +74 -4
- package/dist/agents/base-agent.d.ts.map +1 -1
- package/dist/agents/base-agent.js +106 -1
- package/dist/agents/base-agent.js.map +1 -1
- package/dist/agents/browser-use-client.d.ts +68 -0
- package/dist/agents/browser-use-client.d.ts.map +1 -0
- package/dist/agents/browser-use-client.js +92 -0
- package/dist/agents/browser-use-client.js.map +1 -0
- package/dist/agents/lib/source-scan.d.ts +53 -0
- package/dist/agents/lib/source-scan.d.ts.map +1 -0
- package/dist/agents/lib/source-scan.js +279 -0
- package/dist/agents/lib/source-scan.js.map +1 -0
- package/dist/agents/registry.d.ts +27 -9
- package/dist/agents/registry.d.ts.map +1 -1
- package/dist/agents/registry.js +365 -151
- package/dist/agents/registry.js.map +1 -1
- package/dist/agents/stagehand-runner.d.ts +104 -0
- package/dist/agents/stagehand-runner.d.ts.map +1 -0
- package/dist/agents/stagehand-runner.js +153 -0
- package/dist/agents/stagehand-runner.js.map +1 -0
- package/dist/bridge/agent-registry.d.ts +21 -0
- package/dist/bridge/agent-registry.d.ts.map +1 -0
- package/dist/bridge/agent-registry.js +224 -0
- package/dist/bridge/agent-registry.js.map +1 -0
- package/dist/bridge/api-contract-reader.d.ts +55 -0
- package/dist/bridge/api-contract-reader.d.ts.map +1 -0
- package/dist/bridge/api-contract-reader.js +103 -0
- package/dist/bridge/api-contract-reader.js.map +1 -0
- package/dist/bridge/compliance-reader.d.ts +47 -0
- package/dist/bridge/compliance-reader.d.ts.map +1 -0
- package/dist/bridge/compliance-reader.js +91 -0
- package/dist/bridge/compliance-reader.js.map +1 -0
- package/dist/bridge/data-integrity-reader.d.ts +77 -0
- package/dist/bridge/data-integrity-reader.d.ts.map +1 -0
- package/dist/bridge/data-integrity-reader.js +110 -0
- package/dist/bridge/data-integrity-reader.js.map +1 -0
- package/dist/bridge/design-reader.d.ts +51 -0
- package/dist/bridge/design-reader.d.ts.map +1 -0
- package/dist/bridge/design-reader.js +105 -0
- package/dist/bridge/design-reader.js.map +1 -0
- package/dist/bridge/file-scanner.d.ts +21 -0
- package/dist/bridge/file-scanner.d.ts.map +1 -0
- package/dist/bridge/file-scanner.js +117 -0
- package/dist/bridge/file-scanner.js.map +1 -0
- package/dist/bridge/finding-normalize.d.ts +24 -0
- package/dist/bridge/finding-normalize.d.ts.map +1 -0
- package/dist/bridge/finding-normalize.js +46 -0
- package/dist/bridge/finding-normalize.js.map +1 -0
- package/dist/bridge/http-client.d.ts +44 -0
- package/dist/bridge/http-client.d.ts.map +1 -0
- package/dist/bridge/http-client.js +130 -0
- package/dist/bridge/http-client.js.map +1 -0
- package/dist/bridge/knowledge-reader.d.ts +10 -0
- package/dist/bridge/knowledge-reader.d.ts.map +1 -0
- package/dist/bridge/knowledge-reader.js +46 -0
- package/dist/bridge/knowledge-reader.js.map +1 -0
- package/dist/bridge/loop-engine-reader.d.ts +77 -0
- package/dist/bridge/loop-engine-reader.d.ts.map +1 -0
- package/dist/bridge/loop-engine-reader.js +73 -0
- package/dist/bridge/loop-engine-reader.js.map +1 -0
- package/dist/bridge/playwright-pool.d.ts +33 -0
- package/dist/bridge/playwright-pool.d.ts.map +1 -0
- package/dist/bridge/playwright-pool.js +89 -0
- package/dist/bridge/playwright-pool.js.map +1 -0
- package/dist/bridge/rate-limiter.d.ts +40 -0
- package/dist/bridge/rate-limiter.d.ts.map +1 -0
- package/dist/bridge/rate-limiter.js +33 -0
- package/dist/bridge/rate-limiter.js.map +1 -0
- package/dist/bridge/reliability-reader.d.ts +67 -0
- package/dist/bridge/reliability-reader.d.ts.map +1 -0
- package/dist/bridge/reliability-reader.js +146 -0
- package/dist/bridge/reliability-reader.js.map +1 -0
- package/dist/bridge/router.d.ts +26 -0
- package/dist/bridge/router.d.ts.map +1 -0
- package/dist/bridge/router.js +137 -0
- package/dist/bridge/router.js.map +1 -0
- package/dist/bridge/run-stream.d.ts +47 -0
- package/dist/bridge/run-stream.d.ts.map +1 -0
- package/dist/bridge/run-stream.js +67 -0
- package/dist/bridge/run-stream.js.map +1 -0
- package/dist/bridge/runs-reader.d.ts +41 -0
- package/dist/bridge/runs-reader.d.ts.map +1 -0
- package/dist/bridge/runs-reader.js +185 -0
- package/dist/bridge/runs-reader.js.map +1 -0
- package/dist/bridge/sentinel-reader.d.ts +55 -0
- package/dist/bridge/sentinel-reader.d.ts.map +1 -0
- package/dist/bridge/sentinel-reader.js +88 -0
- package/dist/bridge/sentinel-reader.js.map +1 -0
- package/dist/bridge/server.d.ts +83 -0
- package/dist/bridge/server.d.ts.map +1 -0
- package/dist/bridge/server.js +1103 -0
- package/dist/bridge/server.js.map +1 -0
- package/dist/bridge/shell-executor.d.ts +49 -0
- package/dist/bridge/shell-executor.d.ts.map +1 -0
- package/dist/bridge/shell-executor.js +181 -0
- package/dist/bridge/shell-executor.js.map +1 -0
- package/dist/bridge/tech-debt-reader.d.ts +57 -0
- package/dist/bridge/tech-debt-reader.d.ts.map +1 -0
- package/dist/bridge/tech-debt-reader.js +119 -0
- package/dist/bridge/tech-debt-reader.js.map +1 -0
- package/dist/bridge/types.d.ts +63 -0
- package/dist/bridge/types.d.ts.map +1 -0
- package/dist/bridge/types.js +7 -0
- package/dist/bridge/types.js.map +1 -0
- package/dist/clients/agent-mvp.d.ts +3 -1
- package/dist/clients/agent-mvp.d.ts.map +1 -1
- package/dist/clients/agent-mvp.js +16 -5
- package/dist/clients/agent-mvp.js.map +1 -1
- package/dist/clients/llm-council.d.ts +47 -0
- package/dist/clients/llm-council.d.ts.map +1 -0
- package/dist/clients/llm-council.js +52 -0
- package/dist/clients/llm-council.js.map +1 -0
- package/dist/clients/total-recall.d.ts +2 -2
- package/dist/clients/total-recall.d.ts.map +1 -1
- package/dist/clients/total-recall.js +18 -3
- package/dist/clients/total-recall.js.map +1 -1
- package/dist/core/agent-contract.d.ts +21 -0
- package/dist/core/agent-contract.d.ts.map +1 -0
- package/dist/core/agent-contract.js +18 -0
- package/dist/core/agent-contract.js.map +1 -0
- package/dist/core/api-contract/api-contract-validator.d.ts +178 -0
- package/dist/core/api-contract/api-contract-validator.d.ts.map +1 -0
- package/dist/core/api-contract/api-contract-validator.js +796 -0
- package/dist/core/api-contract/api-contract-validator.js.map +1 -0
- package/dist/core/api-contract/index.d.ts +16 -0
- package/dist/core/api-contract/index.d.ts.map +1 -0
- package/dist/core/api-contract/index.js +24 -0
- package/dist/core/api-contract/index.js.map +1 -0
- package/dist/core/api-contract/types.d.ts +235 -0
- package/dist/core/api-contract/types.d.ts.map +1 -0
- package/dist/core/api-contract/types.js +27 -0
- package/dist/core/api-contract/types.js.map +1 -0
- package/dist/core/blackboard/blackboard.d.ts +34 -0
- package/dist/core/blackboard/blackboard.d.ts.map +1 -0
- package/dist/core/blackboard/blackboard.js +133 -0
- package/dist/core/blackboard/blackboard.js.map +1 -0
- package/dist/core/blackboard/coordination.d.ts +27 -0
- package/dist/core/blackboard/coordination.d.ts.map +1 -0
- package/dist/core/blackboard/coordination.js +31 -0
- package/dist/core/blackboard/coordination.js.map +1 -0
- package/dist/core/blackboard/direct-channel.d.ts +26 -0
- package/dist/core/blackboard/direct-channel.d.ts.map +1 -0
- package/dist/core/blackboard/direct-channel.js +26 -0
- package/dist/core/blackboard/direct-channel.js.map +1 -0
- package/dist/core/blackboard/index.d.ts +10 -0
- package/dist/core/blackboard/index.d.ts.map +1 -0
- package/dist/core/blackboard/index.js +4 -0
- package/dist/core/blackboard/index.js.map +1 -0
- package/dist/core/blackboard/types.d.ts +36 -0
- package/dist/core/blackboard/types.d.ts.map +1 -0
- package/dist/core/blackboard/types.js +2 -0
- package/dist/core/blackboard/types.js.map +1 -0
- package/dist/core/canvas/schema.d.ts +81 -0
- package/dist/core/canvas/schema.d.ts.map +1 -0
- package/dist/core/canvas/schema.js +144 -0
- package/dist/core/canvas/schema.js.map +1 -0
- package/dist/core/canvas/store.d.ts +41 -0
- package/dist/core/canvas/store.d.ts.map +1 -0
- package/dist/core/canvas/store.js +121 -0
- package/dist/core/canvas/store.js.map +1 -0
- package/dist/core/ci-output.d.ts +1 -1
- package/dist/core/ci-output.d.ts.map +1 -1
- package/dist/core/ci-output.js +2 -0
- package/dist/core/ci-output.js.map +1 -1
- package/dist/core/cli.d.ts +12 -1
- package/dist/core/cli.d.ts.map +1 -1
- package/dist/core/cli.js +308 -43
- package/dist/core/cli.js.map +1 -1
- package/dist/core/compliance/auditor.d.ts +119 -0
- package/dist/core/compliance/auditor.d.ts.map +1 -0
- package/dist/core/compliance/auditor.js +577 -0
- package/dist/core/compliance/auditor.js.map +1 -0
- package/dist/core/compliance/index.d.ts +11 -0
- package/dist/core/compliance/index.d.ts.map +1 -0
- package/dist/core/compliance/index.js +10 -0
- package/dist/core/compliance/index.js.map +1 -0
- package/dist/core/compliance/types.d.ts +174 -0
- package/dist/core/compliance/types.d.ts.map +1 -0
- package/dist/core/compliance/types.js +12 -0
- package/dist/core/compliance/types.js.map +1 -0
- package/dist/core/conductor/conductor.d.ts +37 -0
- package/dist/core/conductor/conductor.d.ts.map +1 -0
- package/dist/core/conductor/conductor.js +96 -0
- package/dist/core/conductor/conductor.js.map +1 -0
- package/dist/core/conductor/index.d.ts +9 -0
- package/dist/core/conductor/index.d.ts.map +1 -0
- package/dist/core/conductor/index.js +3 -0
- package/dist/core/conductor/index.js.map +1 -0
- package/dist/core/conductor/model-router.d.ts +17 -0
- package/dist/core/conductor/model-router.d.ts.map +1 -0
- package/dist/core/conductor/model-router.js +29 -0
- package/dist/core/conductor/model-router.js.map +1 -0
- package/dist/core/conductor/types.d.ts +33 -0
- package/dist/core/conductor/types.d.ts.map +1 -0
- package/dist/core/conductor/types.js +2 -0
- package/dist/core/conductor/types.js.map +1 -0
- package/dist/core/config.d.ts +148 -1
- package/dist/core/config.d.ts.map +1 -1
- package/dist/core/config.js +53 -4
- package/dist/core/config.js.map +1 -1
- package/dist/core/data-integrity/data-integrity.d.ts +291 -0
- package/dist/core/data-integrity/data-integrity.d.ts.map +1 -0
- package/dist/core/data-integrity/data-integrity.js +892 -0
- package/dist/core/data-integrity/data-integrity.js.map +1 -0
- package/dist/core/data-integrity/index.d.ts +16 -0
- package/dist/core/data-integrity/index.d.ts.map +1 -0
- package/dist/core/data-integrity/index.js +17 -0
- package/dist/core/data-integrity/index.js.map +1 -0
- package/dist/core/data-integrity/types.d.ts +236 -0
- package/dist/core/data-integrity/types.d.ts.map +1 -0
- package/dist/core/data-integrity/types.js +14 -0
- package/dist/core/data-integrity/types.js.map +1 -0
- package/dist/core/disaster-recovery/index.d.ts +13 -0
- package/dist/core/disaster-recovery/index.d.ts.map +1 -0
- package/dist/core/disaster-recovery/index.js +3 -0
- package/dist/core/disaster-recovery/index.js.map +1 -0
- package/dist/core/disaster-recovery/simulator.d.ts +158 -0
- package/dist/core/disaster-recovery/simulator.d.ts.map +1 -0
- package/dist/core/disaster-recovery/simulator.js +553 -0
- package/dist/core/disaster-recovery/simulator.js.map +1 -0
- package/dist/core/disaster-recovery/types.d.ts +299 -0
- package/dist/core/disaster-recovery/types.d.ts.map +1 -0
- package/dist/core/disaster-recovery/types.js +33 -0
- package/dist/core/disaster-recovery/types.js.map +1 -0
- package/dist/core/escalation/heal-or-ask.d.ts +20 -0
- package/dist/core/escalation/heal-or-ask.d.ts.map +1 -0
- package/dist/core/escalation/heal-or-ask.js +19 -0
- package/dist/core/escalation/heal-or-ask.js.map +1 -0
- package/dist/core/escalation/index.d.ts +9 -0
- package/dist/core/escalation/index.d.ts.map +1 -0
- package/dist/core/escalation/index.js +3 -0
- package/dist/core/escalation/index.js.map +1 -0
- package/dist/core/escalation/pause-gate.d.ts +48 -0
- package/dist/core/escalation/pause-gate.d.ts.map +1 -0
- package/dist/core/escalation/pause-gate.js +96 -0
- package/dist/core/escalation/pause-gate.js.map +1 -0
- package/dist/core/escalation/types.d.ts +33 -0
- package/dist/core/escalation/types.d.ts.map +1 -0
- package/dist/core/escalation/types.js +9 -0
- package/dist/core/escalation/types.js.map +1 -0
- package/dist/core/evidence.d.ts +32 -1
- package/dist/core/evidence.d.ts.map +1 -1
- package/dist/core/evidence.js +99 -1
- package/dist/core/evidence.js.map +1 -1
- package/dist/core/feature-bdd/fix.d.ts +84 -0
- package/dist/core/feature-bdd/fix.d.ts.map +1 -0
- package/dist/core/feature-bdd/fix.js +121 -0
- package/dist/core/feature-bdd/fix.js.map +1 -0
- package/dist/core/feature-bdd/generate.d.ts +96 -0
- package/dist/core/feature-bdd/generate.d.ts.map +1 -0
- package/dist/core/feature-bdd/generate.js +228 -0
- package/dist/core/feature-bdd/generate.js.map +1 -0
- package/dist/core/feature-bdd/llm-provider.d.ts +92 -0
- package/dist/core/feature-bdd/llm-provider.d.ts.map +1 -0
- package/dist/core/feature-bdd/llm-provider.js +187 -0
- package/dist/core/feature-bdd/llm-provider.js.map +1 -0
- package/dist/core/feature-bdd/run.d.ts +56 -0
- package/dist/core/feature-bdd/run.d.ts.map +1 -0
- package/dist/core/feature-bdd/run.js +175 -0
- package/dist/core/feature-bdd/run.js.map +1 -0
- package/dist/core/feature-bdd/schema.d.ts +111 -0
- package/dist/core/feature-bdd/schema.d.ts.map +1 -0
- package/dist/core/feature-bdd/schema.js +272 -0
- package/dist/core/feature-bdd/schema.js.map +1 -0
- package/dist/core/feature-bdd/store.d.ts +145 -0
- package/dist/core/feature-bdd/store.d.ts.map +1 -0
- package/dist/core/feature-bdd/store.js +470 -0
- package/dist/core/feature-bdd/store.js.map +1 -0
- package/dist/core/finding-correlation.d.ts +55 -0
- package/dist/core/finding-correlation.d.ts.map +1 -0
- package/dist/core/finding-correlation.js +96 -0
- package/dist/core/finding-correlation.js.map +1 -0
- package/dist/core/fix-loop.d.ts +20 -1
- package/dist/core/fix-loop.d.ts.map +1 -1
- package/dist/core/fix-loop.js +34 -0
- package/dist/core/fix-loop.js.map +1 -1
- package/dist/core/governance/calibration.d.ts +31 -0
- package/dist/core/governance/calibration.d.ts.map +1 -0
- package/dist/core/governance/calibration.js +78 -0
- package/dist/core/governance/calibration.js.map +1 -0
- package/dist/core/governance/degradation.d.ts +35 -0
- package/dist/core/governance/degradation.d.ts.map +1 -0
- package/dist/core/governance/degradation.js +25 -0
- package/dist/core/governance/degradation.js.map +1 -0
- package/dist/core/governance/ethical-constraint.d.ts +55 -0
- package/dist/core/governance/ethical-constraint.d.ts.map +1 -0
- package/dist/core/governance/ethical-constraint.js +98 -0
- package/dist/core/governance/ethical-constraint.js.map +1 -0
- package/dist/core/governance/index.d.ts +9 -0
- package/dist/core/governance/index.d.ts.map +1 -0
- package/dist/core/governance/index.js +9 -0
- package/dist/core/governance/index.js.map +1 -0
- package/dist/core/harness/audit-log.d.ts +12 -0
- package/dist/core/harness/audit-log.d.ts.map +1 -0
- package/dist/core/harness/audit-log.js +62 -0
- package/dist/core/harness/audit-log.js.map +1 -0
- package/dist/core/harness/authorization.d.ts +24 -0
- package/dist/core/harness/authorization.d.ts.map +1 -0
- package/dist/core/harness/authorization.js +48 -0
- package/dist/core/harness/authorization.js.map +1 -0
- package/dist/core/harness/harness.d.ts +64 -0
- package/dist/core/harness/harness.d.ts.map +1 -0
- package/dist/core/harness/harness.js +188 -0
- package/dist/core/harness/harness.js.map +1 -0
- package/dist/core/harness/index.d.ts +10 -0
- package/dist/core/harness/index.d.ts.map +1 -0
- package/dist/core/harness/index.js +4 -0
- package/dist/core/harness/index.js.map +1 -0
- package/dist/core/harness/types.d.ts +88 -0
- package/dist/core/harness/types.d.ts.map +1 -0
- package/dist/core/harness/types.js +2 -0
- package/dist/core/harness/types.js.map +1 -0
- package/dist/core/health-check.d.ts +6 -0
- package/dist/core/health-check.d.ts.map +1 -1
- package/dist/core/health-check.js +14 -2
- package/dist/core/health-check.js.map +1 -1
- package/dist/core/init.d.ts.map +1 -1
- package/dist/core/init.js +58 -18
- package/dist/core/init.js.map +1 -1
- package/dist/core/knowledge/cached-map.d.ts +17 -0
- package/dist/core/knowledge/cached-map.d.ts.map +1 -0
- package/dist/core/knowledge/cached-map.js +23 -0
- package/dist/core/knowledge/cached-map.js.map +1 -0
- package/dist/core/knowledge/index.d.ts +10 -0
- package/dist/core/knowledge/index.d.ts.map +1 -0
- package/dist/core/knowledge/index.js +4 -0
- package/dist/core/knowledge/index.js.map +1 -0
- package/dist/core/knowledge/system-map.d.ts +50 -0
- package/dist/core/knowledge/system-map.d.ts.map +1 -0
- package/dist/core/knowledge/system-map.js +121 -0
- package/dist/core/knowledge/system-map.js.map +1 -0
- package/dist/core/knowledge/traversal.d.ts +12 -0
- package/dist/core/knowledge/traversal.d.ts.map +1 -0
- package/dist/core/knowledge/traversal.js +37 -0
- package/dist/core/knowledge/traversal.js.map +1 -0
- package/dist/core/knowledge/types.d.ts +41 -0
- package/dist/core/knowledge/types.d.ts.map +1 -0
- package/dist/core/knowledge/types.js +2 -0
- package/dist/core/knowledge/types.js.map +1 -0
- package/dist/core/license-gen.d.ts +1 -1
- package/dist/core/license-gen.d.ts.map +1 -1
- package/dist/core/license-gen.js +10 -5
- package/dist/core/license-gen.js.map +1 -1
- package/dist/core/license.d.ts +12 -2
- package/dist/core/license.d.ts.map +1 -1
- package/dist/core/license.js +104 -28
- package/dist/core/license.js.map +1 -1
- package/dist/core/loop-engine/circuit-breaker.d.ts +24 -0
- package/dist/core/loop-engine/circuit-breaker.d.ts.map +1 -0
- package/dist/core/loop-engine/circuit-breaker.js +48 -0
- package/dist/core/loop-engine/circuit-breaker.js.map +1 -0
- package/dist/core/loop-engine/demo.d.ts +35 -0
- package/dist/core/loop-engine/demo.d.ts.map +1 -0
- package/dist/core/loop-engine/demo.js +71 -0
- package/dist/core/loop-engine/demo.js.map +1 -0
- package/dist/core/loop-engine/event-store.d.ts +8 -0
- package/dist/core/loop-engine/event-store.d.ts.map +1 -0
- package/dist/core/loop-engine/event-store.js +9 -0
- package/dist/core/loop-engine/event-store.js.map +1 -0
- package/dist/core/loop-engine/index.d.ts +11 -0
- package/dist/core/loop-engine/index.d.ts.map +1 -0
- package/dist/core/loop-engine/index.js +11 -0
- package/dist/core/loop-engine/index.js.map +1 -0
- package/dist/core/loop-engine/kernel.d.ts +66 -0
- package/dist/core/loop-engine/kernel.d.ts.map +1 -0
- package/dist/core/loop-engine/kernel.js +196 -0
- package/dist/core/loop-engine/kernel.js.map +1 -0
- package/dist/core/loop-engine/tracing.d.ts +12 -0
- package/dist/core/loop-engine/tracing.d.ts.map +1 -0
- package/dist/core/loop-engine/tracing.js +15 -0
- package/dist/core/loop-engine/tracing.js.map +1 -0
- package/dist/core/loop-engine/types.d.ts +92 -0
- package/dist/core/loop-engine/types.d.ts.map +1 -0
- package/dist/core/loop-engine/types.js +21 -0
- package/dist/core/loop-engine/types.js.map +1 -0
- package/dist/core/messages.d.ts +1 -1
- package/dist/core/messages.d.ts.map +1 -1
- package/dist/core/messages.js +101 -1
- package/dist/core/messages.js.map +1 -1
- package/dist/core/orchestrator.d.ts +79 -8
- package/dist/core/orchestrator.d.ts.map +1 -1
- package/dist/core/orchestrator.js +340 -33
- package/dist/core/orchestrator.js.map +1 -1
- package/dist/core/phase-gate.d.ts +2 -2
- package/dist/core/quality-score/calculator.d.ts +125 -0
- package/dist/core/quality-score/calculator.d.ts.map +1 -0
- package/dist/core/quality-score/calculator.js +489 -0
- package/dist/core/quality-score/calculator.js.map +1 -0
- package/dist/core/quality-score/from-run.d.ts +27 -0
- package/dist/core/quality-score/from-run.d.ts.map +1 -0
- package/dist/core/quality-score/from-run.js +64 -0
- package/dist/core/quality-score/from-run.js.map +1 -0
- package/dist/core/quality-score/index.d.ts +9 -0
- package/dist/core/quality-score/index.d.ts.map +1 -0
- package/dist/core/quality-score/index.js +9 -0
- package/dist/core/quality-score/index.js.map +1 -0
- package/dist/core/quality-score/types.d.ts +225 -0
- package/dist/core/quality-score/types.d.ts.map +1 -0
- package/dist/core/quality-score/types.js +26 -0
- package/dist/core/quality-score/types.js.map +1 -0
- package/dist/core/report-html-script.d.ts +3 -0
- package/dist/core/report-html-script.d.ts.map +1 -0
- package/dist/core/report-html-script.js +47 -0
- package/dist/core/report-html-script.js.map +1 -0
- package/dist/core/report-html-styles.d.ts +3 -0
- package/dist/core/report-html-styles.d.ts.map +1 -0
- package/dist/core/report-html-styles.js +231 -0
- package/dist/core/report-html-styles.js.map +1 -0
- package/dist/core/report-html.d.ts +1 -1
- package/dist/core/report-html.d.ts.map +1 -1
- package/dist/core/report-html.js +5 -280
- package/dist/core/report-html.js.map +1 -1
- package/dist/core/report-upload.d.ts +8 -0
- package/dist/core/report-upload.d.ts.map +1 -1
- package/dist/core/report-upload.js +17 -4
- package/dist/core/report-upload.js.map +1 -1
- package/dist/core/run-counter.d.ts.map +1 -1
- package/dist/core/run-counter.js +25 -1
- package/dist/core/run-counter.js.map +1 -1
- package/dist/core/run-events/emitter.d.ts +112 -0
- package/dist/core/run-events/emitter.d.ts.map +1 -0
- package/dist/core/run-events/emitter.js +234 -0
- package/dist/core/run-events/emitter.js.map +1 -0
- package/dist/core/run-events/frame-sink.d.ts +24 -0
- package/dist/core/run-events/frame-sink.d.ts.map +1 -0
- package/dist/core/run-events/frame-sink.js +32 -0
- package/dist/core/run-events/frame-sink.js.map +1 -0
- package/dist/core/run-events/index.d.ts +7 -0
- package/dist/core/run-events/index.d.ts.map +1 -0
- package/dist/core/run-events/index.js +5 -0
- package/dist/core/run-events/index.js.map +1 -0
- package/dist/core/run-events/loop-event-sink.d.ts +56 -0
- package/dist/core/run-events/loop-event-sink.d.ts.map +1 -0
- package/dist/core/run-events/loop-event-sink.js +60 -0
- package/dist/core/run-events/loop-event-sink.js.map +1 -0
- package/dist/core/run-events/sse.d.ts +47 -0
- package/dist/core/run-events/sse.d.ts.map +1 -0
- package/dist/core/run-events/sse.js +64 -0
- package/dist/core/run-events/sse.js.map +1 -0
- package/dist/core/run-events/types.d.ts +147 -0
- package/dist/core/run-events/types.d.ts.map +1 -0
- package/dist/core/run-events/types.js +17 -0
- package/dist/core/run-events/types.js.map +1 -0
- package/dist/core/run-mode/capture.d.ts +37 -0
- package/dist/core/run-mode/capture.d.ts.map +1 -0
- package/dist/core/run-mode/capture.js +43 -0
- package/dist/core/run-mode/capture.js.map +1 -0
- package/dist/core/run-mode/index.d.ts +9 -0
- package/dist/core/run-mode/index.d.ts.map +1 -0
- package/dist/core/run-mode/index.js +3 -0
- package/dist/core/run-mode/index.js.map +1 -0
- package/dist/core/run-mode/run-mode.d.ts +35 -0
- package/dist/core/run-mode/run-mode.d.ts.map +1 -0
- package/dist/core/run-mode/run-mode.js +51 -0
- package/dist/core/run-mode/run-mode.js.map +1 -0
- package/dist/core/run-mode/types.d.ts +36 -0
- package/dist/core/run-mode/types.d.ts.map +1 -0
- package/dist/core/run-mode/types.js +15 -0
- package/dist/core/run-mode/types.js.map +1 -0
- package/dist/core/run-quota.d.ts +22 -0
- package/dist/core/run-quota.d.ts.map +1 -0
- package/dist/core/run-quota.js +44 -0
- package/dist/core/run-quota.js.map +1 -0
- package/dist/core/security-audit/index.d.ts +9 -0
- package/dist/core/security-audit/index.d.ts.map +1 -0
- package/dist/core/security-audit/index.js +10 -0
- package/dist/core/security-audit/index.js.map +1 -0
- package/dist/core/security-audit/sentinel.d.ts +196 -0
- package/dist/core/security-audit/sentinel.d.ts.map +1 -0
- package/dist/core/security-audit/sentinel.js +725 -0
- package/dist/core/security-audit/sentinel.js.map +1 -0
- package/dist/core/security-audit/types.d.ts +240 -0
- package/dist/core/security-audit/types.d.ts.map +1 -0
- package/dist/core/security-audit/types.js +42 -0
- package/dist/core/security-audit/types.js.map +1 -0
- package/dist/core/tech-debt/index.d.ts +11 -0
- package/dist/core/tech-debt/index.d.ts.map +1 -0
- package/dist/core/tech-debt/index.js +11 -0
- package/dist/core/tech-debt/index.js.map +1 -0
- package/dist/core/tech-debt/tech-debt-tracker.d.ts +46 -0
- package/dist/core/tech-debt/tech-debt-tracker.d.ts.map +1 -0
- package/dist/core/tech-debt/tech-debt-tracker.js +533 -0
- package/dist/core/tech-debt/tech-debt-tracker.js.map +1 -0
- package/dist/core/tech-debt/types.d.ts +263 -0
- package/dist/core/tech-debt/types.d.ts.map +1 -0
- package/dist/core/tech-debt/types.js +2 -0
- package/dist/core/tech-debt/types.js.map +1 -0
- package/dist/core/tester/diff-planner.d.ts +18 -0
- package/dist/core/tester/diff-planner.d.ts.map +1 -0
- package/dist/core/tester/diff-planner.js +37 -0
- package/dist/core/tester/diff-planner.js.map +1 -0
- package/dist/core/tester/honest-report.d.ts +13 -0
- package/dist/core/tester/honest-report.d.ts.map +1 -0
- package/dist/core/tester/honest-report.js +64 -0
- package/dist/core/tester/honest-report.js.map +1 -0
- package/dist/core/tester/index.d.ts +9 -0
- package/dist/core/tester/index.d.ts.map +1 -0
- package/dist/core/tester/index.js +3 -0
- package/dist/core/tester/index.js.map +1 -0
- package/dist/core/tester/types.d.ts +55 -0
- package/dist/core/tester/types.d.ts.map +1 -0
- package/dist/core/tester/types.js +8 -0
- package/dist/core/tester/types.js.map +1 -0
- package/dist/core/triggers/index.d.ts +9 -0
- package/dist/core/triggers/index.d.ts.map +1 -0
- package/dist/core/triggers/index.js +3 -0
- package/dist/core/triggers/index.js.map +1 -0
- package/dist/core/triggers/trigger-bus.d.ts +49 -0
- package/dist/core/triggers/trigger-bus.d.ts.map +1 -0
- package/dist/core/triggers/trigger-bus.js +167 -0
- package/dist/core/triggers/trigger-bus.js.map +1 -0
- package/dist/core/triggers/types.d.ts +56 -0
- package/dist/core/triggers/types.d.ts.map +1 -0
- package/dist/core/triggers/types.js +13 -0
- package/dist/core/triggers/types.js.map +1 -0
- package/dist/core/trust.d.ts +12 -0
- package/dist/core/trust.d.ts.map +1 -0
- package/dist/core/trust.js +13 -0
- package/dist/core/trust.js.map +1 -0
- package/dist/core/types.d.ts +24 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/ui-ux/index.d.ts +12 -0
- package/dist/core/ui-ux/index.d.ts.map +1 -0
- package/dist/core/ui-ux/index.js +13 -0
- package/dist/core/ui-ux/index.js.map +1 -0
- package/dist/core/ui-ux/orchestrator.d.ts +206 -0
- package/dist/core/ui-ux/orchestrator.d.ts.map +1 -0
- package/dist/core/ui-ux/orchestrator.js +672 -0
- package/dist/core/ui-ux/orchestrator.js.map +1 -0
- package/dist/core/ui-ux/types.d.ts +339 -0
- package/dist/core/ui-ux/types.d.ts.map +1 -0
- package/dist/core/ui-ux/types.js +17 -0
- package/dist/core/ui-ux/types.js.map +1 -0
- package/dist/enterprise/audit-trail.d.ts +31 -0
- package/dist/enterprise/audit-trail.d.ts.map +1 -0
- package/dist/enterprise/audit-trail.js +111 -0
- package/dist/enterprise/audit-trail.js.map +1 -0
- package/dist/enterprise/sla.d.ts +26 -0
- package/dist/enterprise/sla.d.ts.map +1 -0
- package/dist/enterprise/sla.js +101 -0
- package/dist/enterprise/sla.js.map +1 -0
- package/dist/helpers/element-discovery.js +1 -1
- package/dist/helpers/element-discovery.js.map +1 -1
- package/dist/helpers/env-resolver.d.ts +2 -2
- package/dist/helpers/quality-gate.d.ts.map +1 -1
- package/dist/helpers/quality-gate.js +21 -3
- package/dist/helpers/quality-gate.js.map +1 -1
- package/dist/helpers/shape-fingerprint.d.ts +18 -0
- package/dist/helpers/shape-fingerprint.d.ts.map +1 -0
- package/dist/helpers/shape-fingerprint.js +40 -0
- package/dist/helpers/shape-fingerprint.js.map +1 -0
- package/dist/sdk/custom-agent.d.ts +51 -0
- package/dist/sdk/custom-agent.d.ts.map +1 -0
- package/dist/sdk/custom-agent.js +94 -0
- package/dist/sdk/custom-agent.js.map +1 -0
- package/dist/sdk/index.d.ts +5 -0
- package/dist/sdk/index.d.ts.map +1 -0
- package/dist/sdk/index.js +3 -0
- package/dist/sdk/index.js.map +1 -0
- package/dist/sdk/loader.d.ts +28 -0
- package/dist/sdk/loader.d.ts.map +1 -0
- package/dist/sdk/loader.js +140 -0
- package/dist/sdk/loader.js.map +1 -0
- package/package.json +46 -20
- package/agents/01-analyst.ts +0 -100
- package/agents/02-seed-architect.ts +0 -59
- package/agents/03-test-generator.ts +0 -191
- package/agents/04-unit-runner.ts +0 -160
- package/agents/05-browser-crawler.ts +0 -790
- package/agents/06-api-exerciser.ts +0 -311
- package/agents/07-security-scout.ts +0 -188
- package/agents/08-a11y-guardian.ts +0 -212
- package/agents/09-healer.ts +0 -228
- package/agents/10-reporter.ts +0 -266
- package/agents/11-fixer.ts +0 -253
- package/agents/12-ux-inspector.ts +0 -444
- package/agents/13-performance-profiler.ts +0 -271
- package/agents/14-data-integrity-auditor.ts +0 -417
- package/agents/15-regression-sentinel.ts +0 -308
- package/agents/16-chaos-agent.ts +0 -228
- package/agents/17-documentation-validator.ts +0 -266
- package/agents/18-integration-watchdog.ts +0 -178
- package/agents/19-tenant-isolation-auditor.ts +0 -199
- package/agents/20-workflow-completion-tester.ts +0 -203
- package/agents/21-state-session-tester.ts +0 -262
- package/agents/22-email-notification-verifier.ts +0 -244
- package/agents/23-migration-tester.ts +0 -80
- package/agents/24-signup-onboarding-tester.ts +0 -429
- package/agents/25-crud-flow-tester.ts +0 -302
- package/agents/26-form-validator.ts +0 -297
- package/agents/27-search-filter-tester.ts +0 -326
- package/agents/28-navigation-routing-tester.ts +0 -425
- package/agents/29-responsive-interaction-tester.ts +0 -350
- package/agents/30-multi-user-scenario-tester.ts +0 -319
- package/agents/31-load-tester.ts +0 -134
- package/agents/32-memory-leak-detector.ts +0 -194
- package/agents/33-bundle-analyzer.ts +0 -132
- package/agents/34-xss-scanner.ts +0 -191
- package/agents/35-csrf-tester.ts +0 -82
- package/agents/36-auth-fuzzer.ts +0 -194
- package/agents/37-dependency-scanner.ts +0 -176
- package/agents/38-secrets-scanner.ts +0 -137
- package/agents/39-api-contract-tester.ts +0 -199
- package/agents/40-rate-limit-tester.ts +0 -94
- package/agents/41-api-pagination-tester.ts +0 -97
- package/agents/42-graphql-tester.ts +0 -222
- package/agents/43-data-consistency-checker.ts +0 -205
- package/agents/44-backup-recovery-tester.ts +0 -152
- package/agents/45-data-privacy-scanner.ts +0 -125
- package/agents/46-seo-auditor.ts +0 -294
- package/agents/47-social-preview-tester.ts +0 -232
- package/agents/48-lighthouse-auditor.ts +0 -213
- package/agents/49-i18n-tester.ts +0 -198
- package/agents/50-timezone-tester.ts +0 -173
- package/agents/51-error-recovery-tester.ts +0 -155
- package/agents/52-offline-mode-tester.ts +0 -180
- package/agents/53-graceful-degradation-tester.ts +0 -156
- package/agents/54-websocket-tester.ts +0 -151
- package/agents/55-realtime-sync-tester.ts +0 -194
- package/agents/56-file-upload-tester.ts +0 -194
- package/agents/57-export-tester.ts +0 -174
- package/agents/58-payment-flow-tester.ts +0 -183
- package/agents/59-ssl-tls-auditor.ts +0 -141
- package/agents/60-dns-cdn-tester.ts +0 -117
- package/agents/61-docker-health-checker.ts +0 -111
- package/agents/62-env-config-validator.ts +0 -152
- package/agents/63-log-quality-auditor.ts +0 -136
- package/agents/64-analytics-tracker-tester.ts +0 -165
- package/agents/65-gdpr-compliance-tester.ts +0 -215
- package/agents/66-soc2-control-validator.ts +0 -210
- package/agents/67-wcag-aaa-tester.ts +0 -241
- package/agents/68-dead-code-detector.ts +0 -135
- package/agents/69-type-safety-auditor.ts +0 -164
- package/agents/70-complexity-analyzer.ts +0 -179
- package/agents/__tests__/01-analyst.test.ts +0 -188
- package/agents/__tests__/02-seed-architect.test.ts +0 -152
- package/agents/__tests__/03-test-generator-full.test.ts +0 -321
- package/agents/__tests__/03-test-generator.test.ts +0 -318
- package/agents/__tests__/04-unit-runner.test.ts +0 -320
- package/agents/__tests__/05-browser-crawler-beta.test.ts +0 -492
- package/agents/__tests__/05-browser-crawler-release.test.ts +0 -412
- package/agents/__tests__/05-browser-crawler-uat.test.ts +0 -578
- package/agents/__tests__/05-browser-crawler.test.ts +0 -518
- package/agents/__tests__/06-api-exerciser.test.ts +0 -619
- package/agents/__tests__/07-security-scout.test.ts +0 -382
- package/agents/__tests__/08-a11y-guardian.test.ts +0 -530
- package/agents/__tests__/09-healer.test.ts +0 -384
- package/agents/__tests__/10-reporter.test.ts +0 -366
- package/agents/__tests__/11-fixer.test.ts +0 -406
- package/agents/__tests__/12-ux-inspector-extended.test.ts +0 -465
- package/agents/__tests__/12-ux-inspector.test.ts +0 -443
- package/agents/__tests__/13-performance-profiler.test.ts +0 -411
- package/agents/__tests__/14-data-integrity-auditor-extended.test.ts +0 -573
- package/agents/__tests__/14-data-integrity-auditor.test.ts +0 -407
- package/agents/__tests__/15-regression-sentinel.test.ts +0 -657
- package/agents/__tests__/16-chaos-agent.test.ts +0 -427
- package/agents/__tests__/17-documentation-validator.test.ts +0 -402
- package/agents/__tests__/18-integration-watchdog.test.ts +0 -263
- package/agents/__tests__/19-tenant-isolation-auditor.test.ts +0 -400
- package/agents/__tests__/20-workflow-completion-tester.test.ts +0 -586
- package/agents/__tests__/21-state-session-tester.test.ts +0 -374
- package/agents/__tests__/22-email-notification-verifier.test.ts +0 -441
- package/agents/__tests__/23-migration-tester.test.ts +0 -145
- package/agents/__tests__/24-signup-onboarding-tester.test.ts +0 -274
- package/agents/__tests__/25-crud-flow-tester.test.ts +0 -322
- package/agents/__tests__/26-form-validator.test.ts +0 -345
- package/agents/__tests__/27-search-filter-tester.test.ts +0 -311
- package/agents/__tests__/28-navigation-routing-tester.test.ts +0 -328
- package/agents/__tests__/29-responsive-interaction-tester.test.ts +0 -297
- package/agents/__tests__/30-multi-user-scenario-tester.test.ts +0 -328
- package/agents/__tests__/31-load-tester.test.ts +0 -189
- package/agents/__tests__/32-memory-leak-detector.test.ts +0 -251
- package/agents/__tests__/33-bundle-analyzer.test.ts +0 -237
- package/agents/__tests__/34-xss-scanner.test.ts +0 -258
- package/agents/__tests__/35-csrf-tester.test.ts +0 -200
- package/agents/__tests__/36-auth-fuzzer.test.ts +0 -214
- package/agents/__tests__/37-dependency-scanner.test.ts +0 -266
- package/agents/__tests__/38-secrets-scanner.test.ts +0 -224
- package/agents/__tests__/39-api-contract-tester.test.ts +0 -312
- package/agents/__tests__/40-rate-limit-tester.test.ts +0 -192
- package/agents/__tests__/41-api-pagination-tester.test.ts +0 -198
- package/agents/__tests__/42-graphql-tester.test.ts +0 -252
- package/agents/__tests__/43-data-consistency-checker.test.ts +0 -232
- package/agents/__tests__/44-backup-recovery-tester.test.ts +0 -222
- package/agents/__tests__/45-data-privacy-scanner.test.ts +0 -223
- package/agents/__tests__/46-seo-auditor.test.ts +0 -261
- package/agents/__tests__/47-social-preview-tester.test.ts +0 -245
- package/agents/__tests__/48-lighthouse-auditor.test.ts +0 -276
- package/agents/__tests__/49-i18n-tester.test.ts +0 -201
- package/agents/__tests__/50-timezone-tester.test.ts +0 -172
- package/agents/__tests__/51-error-recovery-tester.test.ts +0 -162
- package/agents/__tests__/52-offline-mode-tester.test.ts +0 -164
- package/agents/__tests__/53-graceful-degradation-tester.test.ts +0 -168
- package/agents/__tests__/54-websocket-tester.test.ts +0 -157
- package/agents/__tests__/55-realtime-sync-tester.test.ts +0 -181
- package/agents/__tests__/56-file-upload-tester.test.ts +0 -172
- package/agents/__tests__/57-export-tester.test.ts +0 -169
- package/agents/__tests__/58-payment-flow-tester.test.ts +0 -182
- package/agents/__tests__/59-ssl-tls-auditor.test.ts +0 -179
- package/agents/__tests__/60-dns-cdn-tester.test.ts +0 -176
- package/agents/__tests__/61-docker-health-checker.test.ts +0 -150
- package/agents/__tests__/62-env-config-validator.test.ts +0 -166
- package/agents/__tests__/63-log-quality-auditor.test.ts +0 -175
- package/agents/__tests__/64-analytics-tracker-tester.test.ts +0 -158
- package/agents/__tests__/65-gdpr-compliance-tester.test.ts +0 -174
- package/agents/__tests__/66-soc2-control-validator.test.ts +0 -183
- package/agents/__tests__/67-wcag-aaa-tester.test.ts +0 -190
- package/agents/__tests__/68-dead-code-detector.test.ts +0 -174
- package/agents/__tests__/69-type-safety-auditor.test.ts +0 -173
- package/agents/__tests__/70-complexity-analyzer.test.ts +0 -177
- package/agents/__tests__/base-agent.test.ts +0 -188
- package/agents/__tests__/registry.test.ts +0 -218
- package/agents/base-agent.ts +0 -85
- package/agents/registry.ts +0 -279
- package/baselines/api-schemas/.gitkeep +0 -0
- package/baselines/performance/.gitkeep +0 -0
- package/baselines/screenshots/.gitkeep +0 -0
- package/core/__tests__/ci-output.test.ts +0 -430
- package/core/__tests__/cli.test.ts +0 -387
- package/core/__tests__/config.test.ts +0 -78
- package/core/__tests__/cost-tracker.test.ts +0 -158
- package/core/__tests__/evidence.test.ts +0 -265
- package/core/__tests__/fix-loop.test.ts +0 -210
- package/core/__tests__/health-check.test.ts +0 -44
- package/core/__tests__/init.test.ts +0 -609
- package/core/__tests__/integration.test.ts +0 -204
- package/core/__tests__/license-gen.test.ts +0 -227
- package/core/__tests__/license.test.ts +0 -326
- package/core/__tests__/multi-browser.test.ts +0 -278
- package/core/__tests__/orchestrator.test.ts +0 -520
- package/core/__tests__/phase-gate.test.ts +0 -43
- package/core/__tests__/report-html.test.ts +0 -398
- package/core/__tests__/report-upload.test.ts +0 -325
- package/core/__tests__/run-counter.test.ts +0 -234
- package/core/ci-output.ts +0 -240
- package/core/cli.ts +0 -354
- package/core/config.ts +0 -178
- package/core/cost-tracker.ts +0 -59
- package/core/evidence.ts +0 -132
- package/core/fix-loop.ts +0 -85
- package/core/health-check.ts +0 -54
- package/core/init.ts +0 -546
- package/core/license-gen.ts +0 -212
- package/core/license.ts +0 -208
- package/core/messages.ts +0 -67
- package/core/multi-browser.ts +0 -136
- package/core/orchestrator.ts +0 -427
- package/core/phase-gate.ts +0 -55
- package/core/report-html.ts +0 -657
- package/core/report-upload.ts +0 -188
- package/core/run-counter.ts +0 -175
- package/core/types.ts +0 -57
- package/dist/core/multi-browser.d.ts +0 -36
- package/dist/core/multi-browser.d.ts.map +0 -1
- package/dist/core/multi-browser.js +0 -88
- package/dist/core/multi-browser.js.map +0 -1
- package/helpers/__tests__/api-client.test.ts +0 -199
- package/helpers/__tests__/element-discovery.test.ts +0 -202
- package/helpers/__tests__/form-filler-extended.test.ts +0 -212
- package/helpers/__tests__/form-filler.test.ts +0 -99
- package/helpers/__tests__/modal-handler.test.ts +0 -152
- package/helpers/__tests__/navigation.test.ts +0 -214
- package/helpers/__tests__/quality-gate.test.ts +0 -117
- package/helpers/__tests__/screenshot.test.ts +0 -139
- package/helpers/__tests__/seed-validator.test.ts +0 -114
- package/helpers/api-client.ts +0 -111
- package/helpers/element-discovery.ts +0 -105
- package/helpers/env-resolver.ts +0 -69
- package/helpers/form-filler.ts +0 -126
- package/helpers/modal-handler.ts +0 -108
- package/helpers/navigation.ts +0 -100
- package/helpers/quality-gate.ts +0 -180
- package/helpers/screenshot.ts +0 -111
- package/helpers/seed-validator.ts +0 -70
|
@@ -0,0 +1,725 @@
|
|
|
1
|
+
import { ENGINE_MODULE, } from './types.js';
|
|
2
|
+
// ---------------------------------------------------------------------------
|
|
3
|
+
// Internal constants
|
|
4
|
+
// ---------------------------------------------------------------------------
|
|
5
|
+
const AGENT_ID = 8;
|
|
6
|
+
/** Approximate cost units per scan tier. Used by the frugal governor. */
|
|
7
|
+
const SCAN_COST = {
|
|
8
|
+
passive: 1,
|
|
9
|
+
headerCheck: 2,
|
|
10
|
+
cveReachability: 3,
|
|
11
|
+
iacCheck: 3,
|
|
12
|
+
activeEndpoint: 5,
|
|
13
|
+
sandboxExploit: 10,
|
|
14
|
+
deepDast: 20,
|
|
15
|
+
};
|
|
16
|
+
/** Severity weights for priority scoring (show-the-math). */
|
|
17
|
+
const SEVERITY_WEIGHT = {
|
|
18
|
+
critical: 4,
|
|
19
|
+
high: 3,
|
|
20
|
+
medium: 2,
|
|
21
|
+
low: 1,
|
|
22
|
+
info: 0.5,
|
|
23
|
+
};
|
|
24
|
+
/** Blast-radius multiplier per data-sensitivity tier. */
|
|
25
|
+
const BLAST_RADIUS_WEIGHT = {
|
|
26
|
+
public: 0.5,
|
|
27
|
+
internal: 1.0,
|
|
28
|
+
pii: 2.0,
|
|
29
|
+
phi: 3.0,
|
|
30
|
+
payment: 3.0,
|
|
31
|
+
};
|
|
32
|
+
/**
|
|
33
|
+
* Compliance tags by engine module name.
|
|
34
|
+
* Uses ENGINE_MODULE constants so renames cause compile errors here, not silent mismatches.
|
|
35
|
+
*/
|
|
36
|
+
const COMPLIANCE_TAGS_BY_MODULE = {
|
|
37
|
+
[ENGINE_MODULE.SECURITY_HEADERS]: ['SOC2-CC6.1', 'OWASP-ASVS-14.4'],
|
|
38
|
+
[ENGINE_MODULE.AUTH_FUZZER]: ['SOC2-CC6.6', 'OWASP-ASVS-2.1', 'CWE-287'],
|
|
39
|
+
[ENGINE_MODULE.CSRF_TESTER]: ['OWASP-ASVS-4.2', 'CWE-352'],
|
|
40
|
+
[ENGINE_MODULE.XSS_SCANNER]: ['OWASP-ASVS-5.3', 'CWE-79'],
|
|
41
|
+
[ENGINE_MODULE.DEPENDENCY_SCANNER]: ['SOC2-CC7.1', 'PCI-6.3'],
|
|
42
|
+
[ENGINE_MODULE.SECRETS_SCANNER]: ['SOC2-CC6.7', 'CWE-798', 'GDPR-Art5'],
|
|
43
|
+
'iac': ['SOC2-CC6.3', 'CWE-732'],
|
|
44
|
+
};
|
|
45
|
+
// ---------------------------------------------------------------------------
|
|
46
|
+
// Utility helpers
|
|
47
|
+
// ---------------------------------------------------------------------------
|
|
48
|
+
/** Generate a deterministic scan ID from timestamp (no random — reproducible in tests). */
|
|
49
|
+
function makeScanId(nowMs) {
|
|
50
|
+
return `sentinel-scan-${nowMs}`;
|
|
51
|
+
}
|
|
52
|
+
/** Severity order for comparison (higher index = higher severity). */
|
|
53
|
+
const SEVERITY_ORDER = ['info', 'low', 'medium', 'high', 'critical'];
|
|
54
|
+
function maxSeverity(a, b) {
|
|
55
|
+
return SEVERITY_ORDER.indexOf(a) >= SEVERITY_ORDER.indexOf(b) ? a : b;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Truncate to 2 decimals WITHOUT rounding up (Avi's QA standard). Used for the posture
|
|
59
|
+
* score so strictly-increasing harmonic penalties stay strictly distinct at 2dp precision
|
|
60
|
+
* (integer Math.floor tied scores once the marginal penalty dropped below 1 — MF-4).
|
|
61
|
+
*/
|
|
62
|
+
function truncate2(n) {
|
|
63
|
+
return Math.trunc(n * 100) / 100;
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Combine severity for an attack path.
|
|
67
|
+
* Path severity = worst-step severity. We never invent a severity higher than what's present.
|
|
68
|
+
* Show-the-math: the description explains the derivation.
|
|
69
|
+
*/
|
|
70
|
+
function computePathSeverity(steps) {
|
|
71
|
+
return steps.reduce((acc, s) => maxSeverity(acc, s.finding.severity), 'info');
|
|
72
|
+
}
|
|
73
|
+
/** Stable, deterministic sort key — no ties break randomly. */
|
|
74
|
+
function priorityScore(finding, epss, blastRadiusWeight) {
|
|
75
|
+
const sw = SEVERITY_WEIGHT[finding.severity] ?? 1;
|
|
76
|
+
// Multiply, not add — each dimension is a gate, not a fallback.
|
|
77
|
+
return sw * epss * blastRadiusWeight;
|
|
78
|
+
}
|
|
79
|
+
/** Compliance tags for a finding (best-effort; extensible). */
|
|
80
|
+
function complianceTags(finding) {
|
|
81
|
+
return COMPLIANCE_TAGS_BY_MODULE[finding.module] ?? [];
|
|
82
|
+
}
|
|
83
|
+
/** Deduplicate findings by id; last-write wins. */
|
|
84
|
+
function dedup(findings) {
|
|
85
|
+
const map = new Map();
|
|
86
|
+
for (const f of findings) {
|
|
87
|
+
map.set(f.id, f);
|
|
88
|
+
}
|
|
89
|
+
return [...map.values()];
|
|
90
|
+
}
|
|
91
|
+
/** Remove findings whose id is in the accepted baseline (known-risk suppression). */
|
|
92
|
+
function applyBaseline(findings, baseline) {
|
|
93
|
+
if (!baseline || baseline.size === 0)
|
|
94
|
+
return [...findings];
|
|
95
|
+
return findings.filter((f) => !baseline.has(f.id));
|
|
96
|
+
}
|
|
97
|
+
/** Determine which endpoints to skip (contentHash unchanged since last scan). */
|
|
98
|
+
function computeSkippedEndpoints(target, scanBaseline) {
|
|
99
|
+
if (!scanBaseline)
|
|
100
|
+
return new Set();
|
|
101
|
+
const skipped = new Set();
|
|
102
|
+
for (const ep of target.endpoints) {
|
|
103
|
+
if (scanBaseline[ep.id] === ep.contentHash) {
|
|
104
|
+
skipped.add(ep.id);
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
return skipped;
|
|
108
|
+
}
|
|
109
|
+
// ---------------------------------------------------------------------------
|
|
110
|
+
// Frugal governor
|
|
111
|
+
// ---------------------------------------------------------------------------
|
|
112
|
+
/**
|
|
113
|
+
* FrugalGovernor tracks units consumed and enforces the budget.
|
|
114
|
+
* Cheapest-highest-value checks are registered first; the governor halts
|
|
115
|
+
* before queuing expensive work when the budget is exhausted.
|
|
116
|
+
*
|
|
117
|
+
* FAIL-CLOSED: tryConsume() returning false NEVER means "proceed as if clean".
|
|
118
|
+
* Callers MUST record the skipped phase in skippedChecks and mark the scan
|
|
119
|
+
* budgetTruncated=true. Skipped phases are explicitly surfaced to the caller.
|
|
120
|
+
*/
|
|
121
|
+
export class FrugalGovernor {
|
|
122
|
+
consumed = 0;
|
|
123
|
+
total;
|
|
124
|
+
halted = false;
|
|
125
|
+
constructor(totalUnits) {
|
|
126
|
+
if (!Number.isFinite(totalUnits) || totalUnits < 0) {
|
|
127
|
+
throw new Error(`[Sentinel] FrugalGovernor: invalid totalUnits ${String(totalUnits)}`);
|
|
128
|
+
}
|
|
129
|
+
this.total = totalUnits;
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Try to consume `units`.
|
|
133
|
+
* Returns true if within budget and units were consumed; false if budget exceeded.
|
|
134
|
+
* On false: the CALLER must record the skipped check name in skippedChecks[].
|
|
135
|
+
*/
|
|
136
|
+
tryConsume(units) {
|
|
137
|
+
if (this.consumed + units > this.total) {
|
|
138
|
+
this.halted = true;
|
|
139
|
+
return false;
|
|
140
|
+
}
|
|
141
|
+
this.consumed += units;
|
|
142
|
+
return true;
|
|
143
|
+
}
|
|
144
|
+
result(reason) {
|
|
145
|
+
const unitsRemaining = Math.max(0, this.total - this.consumed);
|
|
146
|
+
return {
|
|
147
|
+
decision: this.halted ? 'halt' : 'proceed',
|
|
148
|
+
unitsConsumed: this.consumed,
|
|
149
|
+
unitsRemaining,
|
|
150
|
+
reason,
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
get remaining() {
|
|
154
|
+
return Math.max(0, this.total - this.consumed);
|
|
155
|
+
}
|
|
156
|
+
get wasHalted() {
|
|
157
|
+
return this.halted;
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
// ---------------------------------------------------------------------------
|
|
161
|
+
// CVE reachability gate
|
|
162
|
+
// ---------------------------------------------------------------------------
|
|
163
|
+
/**
|
|
164
|
+
* Filter CVE entries by reachability.
|
|
165
|
+
* Returns { alertable, suppressed }.
|
|
166
|
+
* Spec: "Reachability-gated CVE triage — only alert on dependency CVEs whose vulnerable
|
|
167
|
+
* function is actually reachable in the call graph."
|
|
168
|
+
*/
|
|
169
|
+
export function partitionCvesByReachability(cves) {
|
|
170
|
+
const alertable = [];
|
|
171
|
+
const suppressed = [];
|
|
172
|
+
for (const cve of cves) {
|
|
173
|
+
if (cve.reachable) {
|
|
174
|
+
alertable.push(cve);
|
|
175
|
+
}
|
|
176
|
+
else {
|
|
177
|
+
suppressed.push(cve);
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
return { alertable, suppressed };
|
|
181
|
+
}
|
|
182
|
+
/** Convert a reachable CVE into a Finding (type code-bug-security). */
|
|
183
|
+
export function cveToFinding(cve) {
|
|
184
|
+
let severity;
|
|
185
|
+
if (cve.cvssScore >= 9.0)
|
|
186
|
+
severity = 'critical';
|
|
187
|
+
else if (cve.cvssScore >= 7.0)
|
|
188
|
+
severity = 'high';
|
|
189
|
+
else if (cve.cvssScore >= 4.0)
|
|
190
|
+
severity = 'medium';
|
|
191
|
+
else
|
|
192
|
+
severity = 'low';
|
|
193
|
+
// Structured id embeds both packageName and cveId for unambiguous correlation.
|
|
194
|
+
return {
|
|
195
|
+
id: `${AGENT_ID}-cve-${cve.cveId}-${cve.packageName}`,
|
|
196
|
+
type: 'code-bug-security',
|
|
197
|
+
severity,
|
|
198
|
+
agentId: AGENT_ID,
|
|
199
|
+
module: ENGINE_MODULE.DEPENDENCY_SCANNER,
|
|
200
|
+
description: `[Sentinel] Reachable CVE ${cve.cveId} in ${cve.packageName} — CVSS ${cve.cvssScore}, EPSS ${cve.epss}${cve.inKev ? ', in CISA KEV' : ''}`,
|
|
201
|
+
// Structured fields so rankFindings can correlate on packageName without substring matching.
|
|
202
|
+
// file is reused as the package identifier (colon-separated for clarity).
|
|
203
|
+
file: `pkg:${cve.packageName}@${cve.packageVersion ?? 'unknown'}`,
|
|
204
|
+
confidence: cve.epss,
|
|
205
|
+
provenance: 'CVE/KEV/EPSS feed',
|
|
206
|
+
trustClass: 'untrusted', // derived from external feed; never auto-actuates
|
|
207
|
+
};
|
|
208
|
+
}
|
|
209
|
+
// ---------------------------------------------------------------------------
|
|
210
|
+
// Canary token check
|
|
211
|
+
// ---------------------------------------------------------------------------
|
|
212
|
+
/**
|
|
213
|
+
* Check if any canary token values appear in the provided content string.
|
|
214
|
+
* Used in passive analysis of telemetry/logs without triggering real network calls.
|
|
215
|
+
*/
|
|
216
|
+
export function detectCanaryUse(tokens, observedContent, source, nowMs) {
|
|
217
|
+
const alerts = [];
|
|
218
|
+
for (const token of tokens) {
|
|
219
|
+
if (observedContent.includes(token.value)) {
|
|
220
|
+
alerts.push({
|
|
221
|
+
tokenId: token.tokenId,
|
|
222
|
+
label: token.label,
|
|
223
|
+
triggeredAt: nowMs,
|
|
224
|
+
source,
|
|
225
|
+
});
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
return alerts;
|
|
229
|
+
}
|
|
230
|
+
// ---------------------------------------------------------------------------
|
|
231
|
+
// Exploit-chain analysis
|
|
232
|
+
// ---------------------------------------------------------------------------
|
|
233
|
+
/**
|
|
234
|
+
* Chain ≥2 low/medium findings into attack paths.
|
|
235
|
+
* Spec: "Chains ≥2 seeded low findings into a correct attack path."
|
|
236
|
+
*
|
|
237
|
+
* Strategy: pair any finding that represents an information-leak / enumeration
|
|
238
|
+
* risk (missing auth, missing header, info-disclosure) with any finding that
|
|
239
|
+
* represents a direct access path (IDOR, auth bypass, injection) — their
|
|
240
|
+
* combination forms a kill-chain. We generate at most one path per pair to
|
|
241
|
+
* avoid exponential blowup.
|
|
242
|
+
*
|
|
243
|
+
* Each path is assigned the max severity of its constituent findings.
|
|
244
|
+
*/
|
|
245
|
+
export function buildAttackPaths(findings) {
|
|
246
|
+
// Classify findings by role: enablers vs exploits.
|
|
247
|
+
// Uses ENGINE_MODULE constants so engine-agent renames surface here.
|
|
248
|
+
const enablers = findings.filter((f) => f.module === ENGINE_MODULE.SECURITY_HEADERS ||
|
|
249
|
+
f.description.toLowerCase().includes('missing') ||
|
|
250
|
+
f.description.toLowerCase().includes('header') ||
|
|
251
|
+
f.description.toLowerCase().includes('rate') ||
|
|
252
|
+
f.description.toLowerCase().includes('lockout'));
|
|
253
|
+
const exploits = findings.filter((f) => f.module === ENGINE_MODULE.AUTH_FUZZER ||
|
|
254
|
+
f.module === ENGINE_MODULE.CSRF_TESTER ||
|
|
255
|
+
f.module === ENGINE_MODULE.XSS_SCANNER ||
|
|
256
|
+
f.description.toLowerCase().includes('bypass') ||
|
|
257
|
+
f.description.toLowerCase().includes('injection') ||
|
|
258
|
+
f.description.toLowerCase().includes('xss') ||
|
|
259
|
+
f.description.toLowerCase().includes('idor'));
|
|
260
|
+
const paths = [];
|
|
261
|
+
let pathSeq = 0;
|
|
262
|
+
for (const enabler of enablers) {
|
|
263
|
+
for (const exploit of exploits) {
|
|
264
|
+
// Avoid pairing a finding with itself
|
|
265
|
+
if (enabler.id === exploit.id)
|
|
266
|
+
continue;
|
|
267
|
+
// Surface-correlation gate: when BOTH findings carry a target surface (file/endpoint)
|
|
268
|
+
// they must SHARE it — an enabler on /login does not chain with an exploit on an
|
|
269
|
+
// unrelated /public page (which would fabricate a kill-chain and inflate the score
|
|
270
|
+
// deduction). When surface info is absent (engine findings without a file), fall back
|
|
271
|
+
// to the role classification above (best-effort).
|
|
272
|
+
if (enabler.file !== undefined &&
|
|
273
|
+
exploit.file !== undefined &&
|
|
274
|
+
enabler.file !== exploit.file) {
|
|
275
|
+
continue;
|
|
276
|
+
}
|
|
277
|
+
const steps = [
|
|
278
|
+
{ finding: enabler, role: 'enabler' },
|
|
279
|
+
{ finding: exploit, role: 'exploit' },
|
|
280
|
+
];
|
|
281
|
+
const combinedSeverity = computePathSeverity(steps);
|
|
282
|
+
paths.push({
|
|
283
|
+
id: `path-${pathSeq++}-${enabler.id}-${exploit.id}`,
|
|
284
|
+
steps,
|
|
285
|
+
combinedSeverity,
|
|
286
|
+
description: `Chain: "${enabler.description.slice(0, 60)}" + ` +
|
|
287
|
+
`"${exploit.description.slice(0, 60)}" → ${combinedSeverity.toUpperCase()} kill-chain`,
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
return paths;
|
|
292
|
+
}
|
|
293
|
+
// ---------------------------------------------------------------------------
|
|
294
|
+
// IaC / posture check (pure, fixture-driven)
|
|
295
|
+
// ---------------------------------------------------------------------------
|
|
296
|
+
/**
|
|
297
|
+
* Check IaC config blobs for known misconfigurations.
|
|
298
|
+
* Each blob is analysed by keyword pattern matching against community rule
|
|
299
|
+
* patterns (Checkov/tfsec rule names, not re-implemented here).
|
|
300
|
+
* Real integration plugs in the Checkov/tfsec JSON output; this layer models
|
|
301
|
+
* the decision logic that consumes that output.
|
|
302
|
+
*/
|
|
303
|
+
export function checkIacBlobs(iacBlobs) {
|
|
304
|
+
const findings = [];
|
|
305
|
+
let seq = 0;
|
|
306
|
+
const isS3 = (b) => b.includes('aws_s3_bucket');
|
|
307
|
+
const isSecurityGroup = (b) => b.includes('aws_security_group') || b.includes('ingress') || b.includes('cidr_blocks');
|
|
308
|
+
const isDockerfile = (b) => /(^|\n)\s*FROM\s/i.test(b);
|
|
309
|
+
const isK8sManifest = (b) => b.includes('apiVersion:') || b.includes('kind:');
|
|
310
|
+
const isTerraformModule = (b) => b.includes('required_providers') || /terraform\s*\{/.test(b) || /provider\s+"/.test(b);
|
|
311
|
+
const rules = [
|
|
312
|
+
{ rule: 'CKV_AWS_18', description: 'S3 bucket access logging is not enabled', severity: 'medium', keyword: 'access_logs', mode: 'absence', appliesTo: isS3 },
|
|
313
|
+
{ rule: 'CKV_AWS_19', description: 'S3 bucket encryption is not enabled', severity: 'high', keyword: 'server_side_encryption', mode: 'absence', appliesTo: isS3 },
|
|
314
|
+
{ rule: 'CKV_AWS_23', description: 'Security group allows unrestricted ingress from 0.0.0.0/0', severity: 'critical', keyword: '0.0.0.0/0', mode: 'presence', appliesTo: isSecurityGroup },
|
|
315
|
+
{ rule: 'CKV_DOCKER_2', description: 'Dockerfile does not use non-root USER', severity: 'medium', keyword: 'USER', mode: 'absence', appliesTo: isDockerfile },
|
|
316
|
+
{ rule: 'CKV_K8S_8', description: 'Containers run as root', severity: 'high', keyword: 'runAsNonRoot', mode: 'absence', appliesTo: isK8sManifest },
|
|
317
|
+
{ rule: 'CKV_TF_1', description: 'Terraform module does not enforce version pinning', severity: 'low', keyword: 'version =', mode: 'absence', appliesTo: isTerraformModule },
|
|
318
|
+
];
|
|
319
|
+
for (const [resourceName, blobContent] of Object.entries(iacBlobs)) {
|
|
320
|
+
for (const r of rules) {
|
|
321
|
+
if (!r.appliesTo(blobContent))
|
|
322
|
+
continue; // scope the rule to the right resource type
|
|
323
|
+
const hit = r.mode === 'absence' ? !blobContent.includes(r.keyword) : blobContent.includes(r.keyword);
|
|
324
|
+
if (hit) {
|
|
325
|
+
findings.push({
|
|
326
|
+
id: `${AGENT_ID}-iac-${r.rule}-${seq++}`,
|
|
327
|
+
resource: resourceName,
|
|
328
|
+
rule: r.rule,
|
|
329
|
+
description: `[Sentinel/IaC] ${r.description} in "${resourceName}"`,
|
|
330
|
+
severity: r.severity,
|
|
331
|
+
});
|
|
332
|
+
}
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
return findings;
|
|
336
|
+
}
|
|
337
|
+
// ---------------------------------------------------------------------------
|
|
338
|
+
// Safe proof-of-exploit (staging only) — MF-2 FIX
|
|
339
|
+
// ---------------------------------------------------------------------------
|
|
340
|
+
/**
|
|
341
|
+
* Simulate a proof-of-exploit record for a finding AGAINST STAGING ONLY.
|
|
342
|
+
*
|
|
343
|
+
* SAFETY — RUNTIME GUARD (MF-2):
|
|
344
|
+
* 1. prodBaseUrl and stagingBaseUrl must NOT be equal strings — if they are,
|
|
345
|
+
* we cannot tell them apart and refusing to proceed is the only safe choice.
|
|
346
|
+
* 2. The requestDetail always embeds stagingBaseUrl, never prodBaseUrl.
|
|
347
|
+
* 3. The return type's environment field is typed as 'staging' (literal),
|
|
348
|
+
* guaranteeing the caller cannot pass a prod URL undetected at the type level.
|
|
349
|
+
*
|
|
350
|
+
* In production integration, this would invoke ZAP/Nuclei against staging.
|
|
351
|
+
* Here it models the outcome of that test deterministically from the finding.
|
|
352
|
+
*
|
|
353
|
+
* @throws Error if prodBaseUrl === stagingBaseUrl (fail-closed safety rule).
|
|
354
|
+
*/
|
|
355
|
+
export function buildProofOfExploit(finding, stagingBaseUrl, nowMs, prodBaseUrl) {
|
|
356
|
+
// RUNTIME guard: if the caller can supply prodBaseUrl, reject equality.
|
|
357
|
+
// This is the hard fence that makes "staging only" enforceable at runtime.
|
|
358
|
+
if (prodBaseUrl !== undefined && prodBaseUrl !== '' && prodBaseUrl === stagingBaseUrl) {
|
|
359
|
+
throw new Error(`[Sentinel] SAFETY VIOLATION: prodBaseUrl and stagingBaseUrl are identical ("${stagingBaseUrl}"). ` +
|
|
360
|
+
`Proof-of-exploit cannot safely target this URL — it may be production. Aborting.`);
|
|
361
|
+
}
|
|
362
|
+
return {
|
|
363
|
+
findingId: finding.id,
|
|
364
|
+
environment: 'staging',
|
|
365
|
+
requestDetail: `[Sentinel/PoE] Reproduce "${finding.description}" against ${stagingBaseUrl} — non-destructive probe`,
|
|
366
|
+
observedResult: `Finding confirmed in sandbox (${finding.severity.toUpperCase()})`,
|
|
367
|
+
confirmed: true,
|
|
368
|
+
ranAtMs: nowMs,
|
|
369
|
+
};
|
|
370
|
+
}
|
|
371
|
+
// ---------------------------------------------------------------------------
|
|
372
|
+
// Virtual patch drafts
|
|
373
|
+
// ---------------------------------------------------------------------------
|
|
374
|
+
/** Draft a WAF rule / mitigation for a finding. For human apply only; never auto-applied. */
|
|
375
|
+
export function draftVirtualPatch(finding) {
|
|
376
|
+
let patchContent;
|
|
377
|
+
if (finding.module === ENGINE_MODULE.SECURITY_HEADERS) {
|
|
378
|
+
const header = finding.description.match(/Missing security header: (.+)/)?.[1] ?? 'unknown-header';
|
|
379
|
+
patchContent = `# WAF header-injection rule (NGINX/Caddy/CloudFront)\nadd_header ${header} "ENABLE" always;`;
|
|
380
|
+
}
|
|
381
|
+
else if (finding.module === ENGINE_MODULE.AUTH_FUZZER) {
|
|
382
|
+
patchContent = `# WAF rate-limit rule — block auth brute-force\nlimit_req_zone $binary_remote_addr zone=auth:10m rate=5r/m;\nlimit_req zone=auth burst=5;`;
|
|
383
|
+
}
|
|
384
|
+
else if (finding.module === ENGINE_MODULE.CSRF_TESTER) {
|
|
385
|
+
patchContent = `# Middleware: enforce CSRF token on all state-mutating requests\n# Require X-CSRF-Token header; reject without 403.`;
|
|
386
|
+
}
|
|
387
|
+
else if (finding.module === ENGINE_MODULE.XSS_SCANNER) {
|
|
388
|
+
patchContent = `# WAF: block reflective XSS patterns\nSecRule ARGS "@rx <script|onerror=" "deny,log,id:1001"`;
|
|
389
|
+
}
|
|
390
|
+
else {
|
|
391
|
+
patchContent = `# Virtual patch for "${finding.id}" — see description for manual remediation guidance`;
|
|
392
|
+
}
|
|
393
|
+
return {
|
|
394
|
+
findingId: finding.id,
|
|
395
|
+
patchContent,
|
|
396
|
+
rationale: `Mitigates "${finding.description.slice(0, 80)}" while the real fix is built. DRAFT — apply manually after review.`,
|
|
397
|
+
};
|
|
398
|
+
}
|
|
399
|
+
// ---------------------------------------------------------------------------
|
|
400
|
+
// Secret rotation runbook
|
|
401
|
+
// ---------------------------------------------------------------------------
|
|
402
|
+
/** Draft a secret-rotation runbook for a secrets-scanner finding. For human apply only. */
|
|
403
|
+
export function draftRotationRunbook(finding, keyStillActive) {
|
|
404
|
+
return {
|
|
405
|
+
secretLabel: finding.description.slice(0, 80),
|
|
406
|
+
steps: [
|
|
407
|
+
'1. Verify the secret is still active (check auth against the issuing service).',
|
|
408
|
+
'2. Revoke / rotate the secret at the issuing service.',
|
|
409
|
+
'3. Update all secrets managers and environment configs to the new value.',
|
|
410
|
+
'4. Deploy the new config and confirm the service is functional.',
|
|
411
|
+
'5. Confirm the old secret no longer authenticates (attempt and expect 401).',
|
|
412
|
+
'6. Audit VCS history to confirm the secret is not present in earlier commits; rotate if so.',
|
|
413
|
+
`7. Finding reference: ${finding.id} in ${finding.file ?? finding.module} (line ${String(finding.line ?? 'unknown')}).`,
|
|
414
|
+
],
|
|
415
|
+
keyStillActive,
|
|
416
|
+
};
|
|
417
|
+
}
|
|
418
|
+
// ---------------------------------------------------------------------------
|
|
419
|
+
// Posture scoring (show-the-math; floor, never ceil) — MF-4 FIX
|
|
420
|
+
// ---------------------------------------------------------------------------
|
|
421
|
+
/**
|
|
422
|
+
* Compute a security posture score 0–100.
|
|
423
|
+
* Deductions are itemised; score is Math.floor, never rounded up.
|
|
424
|
+
* Spec: "no gameable scoring"; "show-the-math transparency".
|
|
425
|
+
*
|
|
426
|
+
* MF-4 FIX: Replaces per-severity caps with a monotonic diminishing-returns formula.
|
|
427
|
+
* Each additional finding of the same severity adds a smaller (but nonzero) marginal
|
|
428
|
+
* penalty using: penalty(n) = perFinding × ∑_{i=1}^{n} (1 / i) [harmonic series].
|
|
429
|
+
* This guarantees:
|
|
430
|
+
* - penalty is strictly increasing with n (N+1 criticals score strictly below N).
|
|
431
|
+
* - No hard cap; any number of criticals keeps reducing the score.
|
|
432
|
+
* - Diminishing returns prevent a single category from zeroing the score alone
|
|
433
|
+
* while still guaranteeing monotonicity.
|
|
434
|
+
* Combined with attack-path deductions, the score can still reach 0.
|
|
435
|
+
*/
|
|
436
|
+
export function computePostureScore(findings, attackPaths, nowMs) {
|
|
437
|
+
const deductions = [];
|
|
438
|
+
let raw = 100;
|
|
439
|
+
// Count findings by severity
|
|
440
|
+
const counts = {
|
|
441
|
+
critical: 0, high: 0, medium: 0, low: 0, info: 0,
|
|
442
|
+
};
|
|
443
|
+
for (const f of findings) {
|
|
444
|
+
counts[f.severity]++;
|
|
445
|
+
}
|
|
446
|
+
/**
|
|
447
|
+
* Monotonic harmonic penalty for `count` findings at `perFinding` base weight.
|
|
448
|
+
* penalty(n) = perFinding × H(n) where H(n) = 1 + 1/2 + 1/3 + … + 1/n.
|
|
449
|
+
* Strictly increasing: penalty(n+1) > penalty(n) for all n ≥ 0 with count > 0.
|
|
450
|
+
*/
|
|
451
|
+
function harmonicPenalty(count, perFinding) {
|
|
452
|
+
let h = 0;
|
|
453
|
+
for (let i = 1; i <= count; i++) {
|
|
454
|
+
h += 1 / i;
|
|
455
|
+
}
|
|
456
|
+
return perFinding * h;
|
|
457
|
+
}
|
|
458
|
+
// Deduction rules: [severity, per-finding-base-weight]
|
|
459
|
+
// No caps — monotonic penalty guarantees N+1 criticals score strictly lower than N.
|
|
460
|
+
const deductionRules = [
|
|
461
|
+
['critical', 20],
|
|
462
|
+
['high', 8],
|
|
463
|
+
['medium', 3],
|
|
464
|
+
['low', 1],
|
|
465
|
+
];
|
|
466
|
+
for (const [severity, perFinding] of deductionRules) {
|
|
467
|
+
const count = counts[severity];
|
|
468
|
+
if (count > 0) {
|
|
469
|
+
const pts = harmonicPenalty(count, perFinding);
|
|
470
|
+
deductions.push({
|
|
471
|
+
reason: `${count} ${severity} finding(s); harmonic penalty (base ${perFinding}pts × H(${count}))`,
|
|
472
|
+
points: pts,
|
|
473
|
+
});
|
|
474
|
+
raw -= pts;
|
|
475
|
+
}
|
|
476
|
+
}
|
|
477
|
+
// Attack path deduction — also monotonic harmonic
|
|
478
|
+
if (attackPaths.length > 0) {
|
|
479
|
+
const pts = harmonicPenalty(attackPaths.length, 10);
|
|
480
|
+
deductions.push({
|
|
481
|
+
reason: `${attackPaths.length} attack path(s); harmonic penalty (base 10pts × H(${attackPaths.length}))`,
|
|
482
|
+
points: pts,
|
|
483
|
+
});
|
|
484
|
+
raw -= pts;
|
|
485
|
+
}
|
|
486
|
+
// Truncate to 2dp at/above 0 (never round up). Integer Math.floor previously TIED
|
|
487
|
+
// scores once the marginal harmonic penalty fell below 1 (e.g. 26 vs 27 criticals
|
|
488
|
+
// both floored to 22); 2dp truncation keeps strict monotonicity to ~2000 findings.
|
|
489
|
+
const score = truncate2(Math.max(0, raw));
|
|
490
|
+
let grade;
|
|
491
|
+
if (score >= 90)
|
|
492
|
+
grade = 'A';
|
|
493
|
+
else if (score >= 75)
|
|
494
|
+
grade = 'B';
|
|
495
|
+
else if (score >= 60)
|
|
496
|
+
grade = 'C';
|
|
497
|
+
else if (score >= 40)
|
|
498
|
+
grade = 'D';
|
|
499
|
+
else
|
|
500
|
+
grade = 'F';
|
|
501
|
+
return {
|
|
502
|
+
score,
|
|
503
|
+
grade,
|
|
504
|
+
deductions,
|
|
505
|
+
calculatedAt: new Date(nowMs).toISOString(),
|
|
506
|
+
};
|
|
507
|
+
}
|
|
508
|
+
// ---------------------------------------------------------------------------
|
|
509
|
+
// Ranking — MF-5 FIX: structured CVE correlation
|
|
510
|
+
// ---------------------------------------------------------------------------
|
|
511
|
+
/**
|
|
512
|
+
* Rank findings by severity × EPSS × blast-radius (descending).
|
|
513
|
+
* Show-the-math: each component is preserved on the RankedFinding.
|
|
514
|
+
* EPSS defaults to 0.5 when unknown (conservative assumption, not zero).
|
|
515
|
+
*
|
|
516
|
+
* MF-5 FIX: CVE correlation is done via structured package-name matching
|
|
517
|
+
* against the Finding.file field (formatted as "pkg:<name>@<version>" by
|
|
518
|
+
* cveToFinding), NOT substring-of-description. This prevents false matches
|
|
519
|
+
* for short package names like "os", "fs", "ms".
|
|
520
|
+
*
|
|
521
|
+
* For non-CVE findings, EPSS defaults to 0.5.
|
|
522
|
+
*/
|
|
523
|
+
export function rankFindings(findings, cveIndex, blastRadiusWeight) {
|
|
524
|
+
const ranked = findings.map((f) => {
|
|
525
|
+
const sw = SEVERITY_WEIGHT[f.severity] ?? 1;
|
|
526
|
+
// Structured CVE correlation: match on pkg:<packageName>@ prefix in f.file.
|
|
527
|
+
// This avoids false-positive substring matches on short names (os/fs/ms).
|
|
528
|
+
let epss = 0.5; // default when no CVE correlation
|
|
529
|
+
if (f.file?.startsWith('pkg:')) {
|
|
530
|
+
// f.file format: "pkg:<packageName>@<version>"
|
|
531
|
+
const pkgPart = f.file.slice(4); // drop "pkg:"
|
|
532
|
+
const atIdx = pkgPart.indexOf('@');
|
|
533
|
+
const pkgName = atIdx >= 0 ? pkgPart.slice(0, atIdx) : pkgPart;
|
|
534
|
+
// Exact package-name match (not substring). When a package has multiple CVEs,
|
|
535
|
+
// take the MAX EPSS so ranking is deterministic regardless of CVE iteration order.
|
|
536
|
+
let matched = false;
|
|
537
|
+
for (const cve of cveIndex.values()) {
|
|
538
|
+
if (cve.packageName === pkgName) {
|
|
539
|
+
epss = matched ? Math.max(epss, cve.epss) : cve.epss;
|
|
540
|
+
matched = true;
|
|
541
|
+
}
|
|
542
|
+
}
|
|
543
|
+
}
|
|
544
|
+
const ps = priorityScore(f, epss, blastRadiusWeight);
|
|
545
|
+
return {
|
|
546
|
+
finding: f,
|
|
547
|
+
priorityScore: ps,
|
|
548
|
+
severityWeight: sw,
|
|
549
|
+
epss,
|
|
550
|
+
blastRadiusWeight,
|
|
551
|
+
complianceTags: complianceTags(f),
|
|
552
|
+
};
|
|
553
|
+
});
|
|
554
|
+
// Sort descending (highest priority first); stable-ish via id tiebreak
|
|
555
|
+
return ranked.sort((a, b) => {
|
|
556
|
+
const diff = b.priorityScore - a.priorityScore;
|
|
557
|
+
if (diff !== 0)
|
|
558
|
+
return diff;
|
|
559
|
+
return a.finding.id.localeCompare(b.finding.id);
|
|
560
|
+
});
|
|
561
|
+
}
|
|
562
|
+
// ---------------------------------------------------------------------------
|
|
563
|
+
// The Sentinel — main orchestration class
|
|
564
|
+
// ---------------------------------------------------------------------------
|
|
565
|
+
/**
|
|
566
|
+
* The Sentinel orchestrates the security engine agents and provides the
|
|
567
|
+
* continuous production security layer. It is a pure, fixture/event-driven
|
|
568
|
+
* class — it accepts pre-collected engine findings as inputs and composes
|
|
569
|
+
* them into a ranked, chained, baseline-diffed SecurityScanResult.
|
|
570
|
+
*
|
|
571
|
+
* Rationale: engine agents (07, 34–38) each run I/O (HTTP, FS, browser).
|
|
572
|
+
* The Sentinel's job is the higher-order logic: deduplicate, chain,
|
|
573
|
+
* gate on reachability, rank, score, and escalate. Tests inject findings
|
|
574
|
+
* directly, avoiding live network calls.
|
|
575
|
+
*
|
|
576
|
+
* Engine-agent contract (MF-7):
|
|
577
|
+
* - MODULE_NAME constants in ENGINE_MODULE are imported from ./types.
|
|
578
|
+
* They match the `module` field values emitted by agents 07/34–38
|
|
579
|
+
* ('security-headers', 'xss-scanner', 'csrf-tester', 'auth-fuzzer',
|
|
580
|
+
* 'dependency-scanner', 'secrets-scanner').
|
|
581
|
+
* - A rename in an engine agent is NOT compiler-caught here (best-effort string match);
|
|
582
|
+
* the ENFORCED coupling is the integration test asserting COMPOSED_ENGINE_AGENTS exist
|
|
583
|
+
* as registered 'security'-squad agents (renumber/regroup breaks the build).
|
|
584
|
+
* - Integration tests in __tests__/security-audit.test.ts drive realistic
|
|
585
|
+
* engine-output shapes (findings with correct module values) through
|
|
586
|
+
* the pipeline and assert the composition contract end-to-end.
|
|
587
|
+
*/
|
|
588
|
+
export class SecuritySentinel {
|
|
589
|
+
config;
|
|
590
|
+
now;
|
|
591
|
+
constructor(config) {
|
|
592
|
+
this.config = config;
|
|
593
|
+
this.now = config.clock ?? (() => Date.now());
|
|
594
|
+
}
|
|
595
|
+
/**
|
|
596
|
+
* Run a sentinel scan.
|
|
597
|
+
*
|
|
598
|
+
* @param target — scan surface description.
|
|
599
|
+
* @param engineFindings — pre-collected findings from engine agents 07/34–38.
|
|
600
|
+
* @param cves — enriched CVE entries (from KEV/EPSS feeds via The Net).
|
|
601
|
+
* @param canaryContent — telemetry/log content to check canary tokens against.
|
|
602
|
+
* @param canarySource — label describing where canaryContent came from.
|
|
603
|
+
*
|
|
604
|
+
* FAIL-CLOSED (MF-3): when budget is exhausted mid-scan, the skipped check name
|
|
605
|
+
* is appended to skippedChecks[] and budgetTruncated is set to true in the result.
|
|
606
|
+
* A budget-truncated scan is NEVER treated as clean — callers must check budgetTruncated.
|
|
607
|
+
*
|
|
608
|
+
* PROD SAFETY (MF-2): buildProofOfExploit is called with both stagingBaseUrl AND
|
|
609
|
+
* prodBaseUrl so the runtime guard can reject prod === staging equality.
|
|
610
|
+
*/
|
|
611
|
+
scan(target, engineFindings, cves, canaryContent, canarySource) {
|
|
612
|
+
const nowMs = this.now();
|
|
613
|
+
// Fail-closed target-safety gate (MF-2): if prod and staging resolve to the same URL we
|
|
614
|
+
// cannot tell them apart, so any active probe could hit production. Refuse up front —
|
|
615
|
+
// regardless of whether a critical finding would later trigger a proof-of-exploit.
|
|
616
|
+
if (target.prodBaseUrl !== '' && target.prodBaseUrl === target.stagingBaseUrl) {
|
|
617
|
+
throw new Error(`[Sentinel] SAFETY VIOLATION: prodBaseUrl and stagingBaseUrl are identical ` +
|
|
618
|
+
`("${target.stagingBaseUrl}"). Refusing to scan — cannot guarantee staging-only actions.`);
|
|
619
|
+
}
|
|
620
|
+
const governor = new FrugalGovernor(this.config.budget.totalUnits);
|
|
621
|
+
const blastWeight = BLAST_RADIUS_WEIGHT[target.dataSensitivity];
|
|
622
|
+
const skippedChecks = [];
|
|
623
|
+
// 1. Diff-aware: compute which endpoints to skip (contentHash unchanged).
|
|
624
|
+
const skippedEndpoints = computeSkippedEndpoints(target, this.config.scanBaseline);
|
|
625
|
+
// 2. Passive check (cheapest first) — canary tokens.
|
|
626
|
+
const canaryAlerts = (() => {
|
|
627
|
+
if (!governor.tryConsume(SCAN_COST['passive'])) {
|
|
628
|
+
skippedChecks.push('canary-token-check');
|
|
629
|
+
return [];
|
|
630
|
+
}
|
|
631
|
+
return detectCanaryUse(this.config.canaryTokens ?? [], canaryContent, canarySource, nowMs);
|
|
632
|
+
})();
|
|
633
|
+
// 3. CVE reachability gate.
|
|
634
|
+
const { alertable: reachableCves, suppressed: suppressedUnreachableCves } = (() => {
|
|
635
|
+
if (!governor.tryConsume(SCAN_COST['cveReachability'])) {
|
|
636
|
+
skippedChecks.push('cve-reachability-gate');
|
|
637
|
+
return { alertable: [], suppressed: [] };
|
|
638
|
+
}
|
|
639
|
+
return partitionCvesByReachability(cves);
|
|
640
|
+
})();
|
|
641
|
+
// 4. Convert reachable CVEs to findings and merge with engine findings.
|
|
642
|
+
const cveFindings = reachableCves.map(cveToFinding);
|
|
643
|
+
// 5. IaC posture check.
|
|
644
|
+
const iacFindings = (() => {
|
|
645
|
+
if (!governor.tryConsume(SCAN_COST['iacCheck'])) {
|
|
646
|
+
skippedChecks.push('iac-posture-check');
|
|
647
|
+
return [];
|
|
648
|
+
}
|
|
649
|
+
return [...checkIacBlobs(target.iacBlobs)];
|
|
650
|
+
})();
|
|
651
|
+
// 6. Merge + dedup + baseline-diff all findings.
|
|
652
|
+
const allRaw = dedup([...engineFindings, ...cveFindings]);
|
|
653
|
+
const newFindings = applyBaseline(allRaw, this.config.acceptedBaseline);
|
|
654
|
+
// 7. Exploit-chain analysis.
|
|
655
|
+
const attackPaths = buildAttackPaths(newFindings);
|
|
656
|
+
// 8. Rank findings.
|
|
657
|
+
const cveIndex = new Map(cves.map((c) => [c.cveId, c]));
|
|
658
|
+
const rankedFindings = rankFindings(newFindings, cveIndex, blastWeight);
|
|
659
|
+
// 9. Active checks — sandbox proof-of-exploit for critical/high findings
|
|
660
|
+
// (staging only; gated by budget; never prod).
|
|
661
|
+
// MF-2: pass prodBaseUrl so runtime guard can catch staging===prod equality.
|
|
662
|
+
const proofOfExploits = [];
|
|
663
|
+
for (const rf of rankedFindings) {
|
|
664
|
+
if (rf.finding.severity !== 'critical' && rf.finding.severity !== 'high')
|
|
665
|
+
continue;
|
|
666
|
+
if (!governor.tryConsume(SCAN_COST['sandboxExploit'])) {
|
|
667
|
+
skippedChecks.push(`sandbox-exploit:${rf.finding.id}`);
|
|
668
|
+
continue; // continue, not break — record all skipped exploits
|
|
669
|
+
}
|
|
670
|
+
proofOfExploits.push(buildProofOfExploit(rf.finding, target.stagingBaseUrl, nowMs, target.prodBaseUrl));
|
|
671
|
+
}
|
|
672
|
+
// 10. Virtual patches (for human apply).
|
|
673
|
+
const virtualPatches = newFindings
|
|
674
|
+
.filter((f) => f.severity === 'critical' || f.severity === 'high' || f.module === ENGINE_MODULE.SECURITY_HEADERS)
|
|
675
|
+
.map(draftVirtualPatch);
|
|
676
|
+
// 11. Secret rotation runbooks (for human apply; never auto-applied).
|
|
677
|
+
const rotationRunbooks = newFindings
|
|
678
|
+
.filter((f) => f.module === ENGINE_MODULE.SECRETS_SCANNER)
|
|
679
|
+
.map((f) => draftRotationRunbook(f, null));
|
|
680
|
+
// 12. Posture score (show-the-math; floor).
|
|
681
|
+
const postureScore = computePostureScore(newFindings, attackPaths, nowMs);
|
|
682
|
+
// 13. Governor finalisation.
|
|
683
|
+
const budgetTruncated = governor.wasHalted;
|
|
684
|
+
const governorResult = governor.result(budgetTruncated
|
|
685
|
+
? 'Budget exhausted — deep scans were halted; scan is INCOMPLETE'
|
|
686
|
+
: 'Scan completed within budget');
|
|
687
|
+
return {
|
|
688
|
+
scanId: makeScanId(nowMs),
|
|
689
|
+
runMode: governor.remaining >= SCAN_COST['deepDast'] ? 'deep' : 'active',
|
|
690
|
+
budgetTruncated,
|
|
691
|
+
findings: newFindings,
|
|
692
|
+
rankedFindings,
|
|
693
|
+
attackPaths,
|
|
694
|
+
suppressedUnreachableCves,
|
|
695
|
+
canaryAlerts,
|
|
696
|
+
iacFindings,
|
|
697
|
+
proofOfExploits,
|
|
698
|
+
virtualPatches,
|
|
699
|
+
rotationRunbooks,
|
|
700
|
+
postureScore,
|
|
701
|
+
skippedEndpoints: [...skippedEndpoints],
|
|
702
|
+
skippedChecks,
|
|
703
|
+
governorResult,
|
|
704
|
+
completedAt: new Date(nowMs).toISOString(),
|
|
705
|
+
};
|
|
706
|
+
}
|
|
707
|
+
/**
|
|
708
|
+
* Clean-target check: run against a known-clean target and assert no findings.
|
|
709
|
+
* Returns true if no findings, no canary alerts, no IaC findings, no attack paths,
|
|
710
|
+
* AND the scan was not budget-truncated (an incomplete scan can never be declared clean).
|
|
711
|
+
*
|
|
712
|
+
* MF-6 FIX: now includes iacFindings and attackPaths in the soundness check.
|
|
713
|
+
* A budget-truncated scan also fails isClean (fail-closed).
|
|
714
|
+
* Spec: "no false alarm on a clean target."
|
|
715
|
+
*/
|
|
716
|
+
isClean(result) {
|
|
717
|
+
return (result.findings.length === 0 &&
|
|
718
|
+
result.canaryAlerts.length === 0 &&
|
|
719
|
+
result.iacFindings.length === 0 &&
|
|
720
|
+
result.attackPaths.length === 0 &&
|
|
721
|
+
result.proofOfExploits.length === 0 &&
|
|
722
|
+
!result.budgetTruncated);
|
|
723
|
+
}
|
|
724
|
+
}
|
|
725
|
+
//# sourceMappingURL=sentinel.js.map
|