npm - @ayurak/aribot-cli - Versions diffs - 1.0.5 → 1.0.7 - Mend

@ayurak/aribot-cli 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +222 -39
package/aribot-report-183b4bd7.json +1569 -0
package/dist/cli.d.ts +10 -1
package/dist/cli.js +945 -8
package/dist/index.d.ts +19 -0
package/dist/index.js +35 -0
package/dist/sdk.d.ts +349 -0
package/dist/sdk.js +808 -0
package/package.json +34 -4
package/src/cli.ts +1004 -9
package/src/index.ts +42 -0
package/src/sdk.ts +1017 -0

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Aribot - Economic, Regulatory & Security APIs for Modern Applications
+ *
+ * Analyze your tech stack. Optimize architecture. Model costs. Identify threats dynamically.
+ * APIs that help you build better systems with practical, actionable recommendations.
+ *
+ * Features:
+ *   - Advanced Threat Modeling (STRIDE, PASTA, NIST, Aristiun Framework)
+ *   - Cloud Security (CSPM/CNAPP)
+ *   - 100+ Compliance Standards
+ *   - Economic Intelligence & FinOps
+ *   - Red Team Automation
+ *   - Secure AI Usage Management
+ *
+ * @packageDocumentation
+ */
+export { AribotClient, AribotConfig, Diagram, Threat, ComplianceAssessment, SecurityFinding, PaginatedResponse, AribotError, AuthenticationError, RateLimitError, APIError, analyzeDiagram, runComplianceCheck, RequestSigner, SecureCredentialManager, } from './sdk';
+import { AribotClient } from './sdk';
+export default AribotClient;

package/dist/index.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+/**
+ * Aribot - Economic, Regulatory & Security APIs for Modern Applications
+ *
+ * Analyze your tech stack. Optimize architecture. Model costs. Identify threats dynamically.
+ * APIs that help you build better systems with practical, actionable recommendations.
+ *
+ * Features:
+ *   - Advanced Threat Modeling (STRIDE, PASTA, NIST, Aristiun Framework)
+ *   - Cloud Security (CSPM/CNAPP)
+ *   - 100+ Compliance Standards
+ *   - Economic Intelligence & FinOps
+ *   - Red Team Automation
+ *   - Secure AI Usage Management
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecureCredentialManager = exports.RequestSigner = exports.runComplianceCheck = exports.analyzeDiagram = exports.APIError = exports.RateLimitError = exports.AuthenticationError = exports.AribotError = exports.AribotClient = void 0;
+var sdk_1 = require("./sdk");
+// Main client
+Object.defineProperty(exports, "AribotClient", { enumerable: true, get: function () { return sdk_1.AribotClient; } });
+// Errors
+Object.defineProperty(exports, "AribotError", { enumerable: true, get: function () { return sdk_1.AribotError; } });
+Object.defineProperty(exports, "AuthenticationError", { enumerable: true, get: function () { return sdk_1.AuthenticationError; } });
+Object.defineProperty(exports, "RateLimitError", { enumerable: true, get: function () { return sdk_1.RateLimitError; } });
+Object.defineProperty(exports, "APIError", { enumerable: true, get: function () { return sdk_1.APIError; } });
+// Convenience functions
+Object.defineProperty(exports, "analyzeDiagram", { enumerable: true, get: function () { return sdk_1.analyzeDiagram; } });
+Object.defineProperty(exports, "runComplianceCheck", { enumerable: true, get: function () { return sdk_1.runComplianceCheck; } });
+// Security utilities
+Object.defineProperty(exports, "RequestSigner", { enumerable: true, get: function () { return sdk_1.RequestSigner; } });
+Object.defineProperty(exports, "SecureCredentialManager", { enumerable: true, get: function () { return sdk_1.SecureCredentialManager; } });
+const sdk_2 = require("./sdk");
+exports.default = sdk_2.AribotClient;

package/dist/sdk.d.ts ADDED Viewed

@@ -0,0 +1,349 @@
+/**
+ * Aribot Node.js SDK - Economic, Regulatory & Security APIs for Modern Applications
+ *
+ * Analyze your tech stack. Optimize architecture. Model costs. Identify threats dynamically.
+ * APIs that help you build better systems with practical, actionable recommendations.
+ *
+ * Platform Capabilities:
+ *   - Advanced Threat Modeling: Multi-framework (STRIDE, PASTA, NIST, Aristiun Framework)
+ *   - Cloud Security: Real-time CSPM, CNAPP, misconfiguration detection
+ *   - Living Architecture: Dynamic architecture diagrams with real-time updates
+ *   - Economic Intelligence: Security ROI, TCO analysis, risk quantification in real dollars
+ *   - FinOps: Cloud cost optimization, security spend tracking
+ *   - Compliance: 100+ regulatory standards (SOC2, ISO27001, NIST, PCI-DSS, GDPR, HIPAA, etc.)
+ *   - Red Team: Automated attack simulations, penetration testing orchestration
+ *
+ * Usage:
+ *   import { AribotClient } from '@ayurak/aribot-cli';
+ *
+ *   const client = new AribotClient({ apiKey: 'ak_...' });
+ *
+ *   // Threat Modeling
+ *   const diagram = await client.threatModeling.upload('architecture.png');
+ *   const threats = await client.threatModeling.getThreats(diagram.id);
+ *
+ *   // Compliance
+ *   const assessment = await client.compliance.assess(diagramId, 'SOC2');
+ *
+ *   // Red Team
+ *   const simulation = await client.redteam.runSimulation(targetId, 'lateral_movement');
+ */
+export interface AribotConfig {
+    apiKey?: string;
+    baseUrl?: string;
+    timeout?: number;
+    maxRetries?: number;
+}
+export interface Diagram {
+    id: string;
+    name: string;
+    filename?: string;
+    stage: string;
+    threats_count: number;
+    created_at: string;
+    updated_at?: string;
+}
+export interface Threat {
+    id: string;
+    title: string;
+    description?: string;
+    severity: string;
+    category: string;
+    stride_category?: string;
+    mitigation?: string;
+    cvss_score?: number;
+    attack_vector?: string;
+}
+export interface ComplianceAssessment {
+    id: string;
+    standard: string;
+    score: number;
+    passed_controls: number;
+    failed_controls: number;
+    status: string;
+    created_at: string;
+}
+export interface SecurityFinding {
+    id: string;
+    title: string;
+    severity: string;
+    resource_type: string;
+    resource_id: string;
+    policy: string;
+    remediation?: string;
+    status: string;
+}
+export interface PaginatedResponse<T> {
+    count: number;
+    next?: string;
+    previous?: string;
+    results: T[];
+}
+export declare class AribotError extends Error {
+    constructor(message: string);
+}
+export declare class AuthenticationError extends AribotError {
+    constructor(message?: string);
+}
+export declare class RateLimitError extends AribotError {
+    retryAfter?: number;
+    constructor(message?: string, retryAfter?: number);
+}
+export declare class APIError extends AribotError {
+    statusCode?: number;
+    response?: any;
+    constructor(message: string, statusCode?: number, response?: any);
+}
+export declare class AribotClient {
+    private apiKey;
+    private baseUrl;
+    private timeout;
+    private maxRetries;
+    threatModeling: ThreatModelingResource;
+    cloudSecurity: CloudSecurityResource;
+    compliance: ComplianceResource;
+    economics: EconomicsResource;
+    finops: FinOpsResource;
+    redteam: RedTeamResource;
+    architecture: ArchitectureResource;
+    user: UserResource;
+    ai: AIResource;
+    diagrams: ThreatModelingResource;
+    constructor(config?: AribotConfig);
+    private getHeaders;
+    private getAuthHeader;
+    request<T = any>(method: string, endpoint: string, options?: {
+        body?: any;
+        params?: Record<string, string | number>;
+        formData?: FormData;
+    }): Promise<T>;
+    private sleep;
+}
+declare class ThreatModelingResource {
+    private client;
+    constructor(client: AribotClient);
+    list(options?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<Diagram>>;
+    get(diagramId: string): Promise<Diagram>;
+    upload(filePath: string, options?: {
+        name?: string;
+        autoGenerateThreats?: boolean;
+    }): Promise<Diagram>;
+    getThreats(diagramId: string, options?: {
+        severity?: string;
+    }): Promise<Threat[]>;
+    generateThreats(diagramId: string, options?: {
+        waitForCompletion?: boolean;
+        timeout?: number;
+    }): Promise<Diagram>;
+    export(diagramId: string, options?: {
+        format?: string;
+        outputPath?: string;
+    }): Promise<any>;
+}
+declare class CloudSecurityResource {
+    private client;
+    constructor(client: AribotClient);
+    scanPosture(cloudProvider?: string): Promise<any>;
+    getFindings(options?: {
+        severity?: string;
+        status?: string;
+        limit?: number;
+    }): Promise<SecurityFinding[]>;
+    getDashboard(): Promise<any>;
+    remediate(findingId: string, autoFix?: boolean): Promise<any>;
+}
+declare class ComplianceResource {
+    private client;
+    static SUPPORTED_STANDARDS: string[];
+    constructor(client: AribotClient);
+    listStandards(): Promise<any[]>;
+    assess(diagramId: string, standard?: string, includeRecommendations?: boolean): Promise<ComplianceAssessment>;
+    getAssessment(assessmentId: string): Promise<ComplianceAssessment>;
+    listReports(limit?: number): Promise<ComplianceAssessment[]>;
+    runScan(targetId: string, standards?: string[], scanType?: string): Promise<any>;
+    getRemediation(findingId: string): Promise<any>;
+    getDashboard(): Promise<any>;
+}
+declare class EconomicsResource {
+    private client;
+    constructor(client: AribotClient);
+    calculateROI(securityInvestment: number, riskReductionPercent?: number, timeHorizonYears?: number): Promise<any>;
+    calculateTCO(cloudProvider: string, workloadType?: string, durationMonths?: number): Promise<any>;
+    analyzeCosts(diagramId: string): Promise<any>;
+    getMarketIntelligence(): Promise<any>;
+    getDashboard(): Promise<any>;
+    createForecast(months?: number): Promise<any>;
+}
+declare class FinOpsResource {
+    private client;
+    constructor(client: AribotClient);
+    getCloudCosts(options?: {
+        provider?: string;
+        period?: string;
+    }): Promise<any>;
+    getSecuritySpend(): Promise<any>;
+    getOptimizationRecommendations(): Promise<any[]>;
+    getPricing(service: string, provider?: string): Promise<any>;
+}
+declare class RedTeamResource {
+    private client;
+    static ATTACK_TYPES: string[];
+    constructor(client: AribotClient);
+    runSimulation(targetId: string, attackType?: string, intensity?: string): Promise<any>;
+    getAttackPaths(diagramId: string): Promise<any[]>;
+    listSimulations(limit?: number): Promise<any[]>;
+    getSimulation(simulationId: string): Promise<any>;
+}
+declare class ArchitectureResource {
+    private client;
+    constructor(client: AribotClient);
+    listComponents(diagramId: string): Promise<any[]>;
+    getComponent(diagramId: string, componentId: string): Promise<any>;
+    updateComponent(diagramId: string, componentId: string, updates: any): Promise<any>;
+    getConnections(diagramId: string): Promise<any[]>;
+}
+declare class UserResource {
+    private client;
+    constructor(client: AribotClient);
+    me(): Promise<any>;
+    apiKeys(): Promise<any[]>;
+    getUsage(): Promise<any>;
+    getRateLimits(): Promise<any>;
+}
+declare class AIResource {
+    private client;
+    /**
+     * Secure AI usage management and configuration.
+     *
+     * Features:
+     *   - AI model selection and configuration
+     *   - Usage tracking and quotas
+     *   - Cost monitoring for AI operations
+     *   - Secure prompt/response handling
+     *   - AI processing queue management
+     *
+     * Security:
+     *   - All AI requests are signed and authenticated
+     *   - Sensitive data is sanitized before AI processing
+     *   - Usage is tracked per API key for audit compliance
+     *   - Rate limiting prevents abuse
+     */
+    static AI_OPERATIONS: string[];
+    static MODEL_TIERS: string[];
+    constructor(client: AribotClient);
+    /**
+     * Get AI usage statistics for the current billing period.
+     */
+    getUsage(): Promise<any>;
+    /**
+     * Get current AI quota and limits.
+     */
+    getQuota(): Promise<any>;
+    /**
+     * List available AI models for your subscription tier.
+     */
+    getModels(): Promise<any[]>;
+    /**
+     * Configure AI settings for your account.
+     */
+    configure(options?: {
+        modelTier?: string;
+        maxTokens?: number;
+        temperature?: number;
+        enableCaching?: boolean;
+    }): Promise<any>;
+    /**
+     * Run AI analysis on content.
+     */
+    analyze(content: string, options?: {
+        operation?: string;
+        context?: Record<string, any>;
+        sanitizePii?: boolean;
+    }): Promise<any>;
+    /**
+     * Get status of pending AI processing jobs.
+     */
+    getQueueStatus(): Promise<any>;
+    /**
+     * List AI processing jobs.
+     */
+    listJobs(options?: {
+        status?: string;
+        limit?: number;
+    }): Promise<any[]>;
+    /**
+     * Get details of a specific AI job.
+     */
+    getJob(jobId: string): Promise<any>;
+    /**
+     * Cancel a pending AI job.
+     */
+    cancelJob(jobId: string): Promise<any>;
+    /**
+     * Get cost estimate for an AI operation before executing.
+     */
+    getCostEstimate(operation: string, contentLength: number, modelTier?: string): Promise<any>;
+    /**
+     * Get AI usage audit log for compliance.
+     */
+    getAuditLog(options?: {
+        startDate?: string;
+        endDate?: string;
+        limit?: number;
+    }): Promise<any[]>;
+}
+/**
+ * HMAC-SHA256 request signing for API request integrity.
+ */
+export declare class RequestSigner {
+    /**
+     * Generate HMAC-SHA256 signature for request.
+     */
+    static sign(apiKey: string, method: string, path: string, timestamp: string, body?: string): string;
+    /**
+     * Verify request signature and timestamp freshness.
+     */
+    static verify(apiKey: string, signature: string, method: string, path: string, timestamp: string, body?: string, maxAgeSeconds?: number): boolean;
+}
+/**
+ * Secure credential storage utilities.
+ */
+export declare class SecureCredentialManager {
+    private static SERVICE_NAME;
+    /**
+     * Store API key securely using environment variable.
+     * For production, use OS keyring via native modules.
+     */
+    static setApiKey(apiKey: string): void;
+    /**
+     * Retrieve API key from environment.
+     */
+    static getApiKey(): string | undefined;
+    /**
+     * Clear stored API key.
+     */
+    static clearApiKey(): void;
+    /**
+     * Validate API key format.
+     */
+    static isValidFormat(apiKey: string): boolean;
+}
+/**
+ * Quick function to analyze a diagram and get threats.
+ */
+export declare function analyzeDiagram(filePath: string, options?: {
+    apiKey?: string;
+    name?: string;
+    waitForThreats?: boolean;
+}): Promise<{
+    diagram: Diagram;
+    threats: Threat[];
+}>;
+/**
+ * Quick compliance check against multiple standards.
+ */
+export declare function runComplianceCheck(diagramId: string, standards?: string[], apiKey?: string): Promise<any>;
+export default AribotClient;