@bouncesecurity/aghast 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -6
- package/config/prompts/generic-instructions.md +2 -0
- package/config/prompts/openant-security-instructions.md +94 -0
- package/config/prompts/sarif-validation-instructions.md +58 -0
- package/dist/check-library.d.ts.map +1 -1
- package/dist/check-library.js +61 -7
- package/dist/check-library.js.map +1 -1
- package/dist/check-types.d.ts +35 -0
- package/dist/check-types.d.ts.map +1 -0
- package/dist/check-types.js +66 -0
- package/dist/check-types.js.map +1 -0
- package/dist/claude-code-provider.d.ts +4 -1
- package/dist/claude-code-provider.d.ts.map +1 -1
- package/dist/claude-code-provider.js +18 -8
- package/dist/claude-code-provider.js.map +1 -1
- package/dist/discoveries/openant-discovery.d.ts +10 -0
- package/dist/discoveries/openant-discovery.d.ts.map +1 -0
- package/dist/discoveries/openant-discovery.js +44 -0
- package/dist/discoveries/openant-discovery.js.map +1 -0
- package/dist/discoveries/sarif-discovery.d.ts +9 -0
- package/dist/discoveries/sarif-discovery.d.ts.map +1 -0
- package/dist/discoveries/sarif-discovery.js +55 -0
- package/dist/discoveries/sarif-discovery.js.map +1 -0
- package/dist/discoveries/semgrep-discovery.d.ts +9 -0
- package/dist/discoveries/semgrep-discovery.d.ts.map +1 -0
- package/dist/discoveries/semgrep-discovery.js +51 -0
- package/dist/discoveries/semgrep-discovery.js.map +1 -0
- package/dist/discovery.d.ts +74 -0
- package/dist/discovery.d.ts.map +1 -0
- package/dist/discovery.js +41 -0
- package/dist/discovery.js.map +1 -0
- package/dist/error-codes.d.ts +3 -1
- package/dist/error-codes.d.ts.map +1 -1
- package/dist/error-codes.js +4 -1
- package/dist/error-codes.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +122 -29
- package/dist/index.js.map +1 -1
- package/dist/logging.d.ts +108 -8
- package/dist/logging.d.ts.map +1 -1
- package/dist/logging.js +269 -43
- package/dist/logging.js.map +1 -1
- package/dist/mock-ai-provider.d.ts +4 -1
- package/dist/mock-ai-provider.d.ts.map +1 -1
- package/dist/mock-ai-provider.js +4 -1
- package/dist/mock-ai-provider.js.map +1 -1
- package/dist/new-check.d.ts.map +1 -1
- package/dist/new-check.js +81 -33
- package/dist/new-check.js.map +1 -1
- package/dist/openant-loader.d.ts +105 -0
- package/dist/openant-loader.d.ts.map +1 -0
- package/dist/openant-loader.js +135 -0
- package/dist/openant-loader.js.map +1 -0
- package/dist/openant-runner.d.ts +22 -0
- package/dist/openant-runner.d.ts.map +1 -0
- package/dist/openant-runner.js +102 -0
- package/dist/openant-runner.js.map +1 -0
- package/dist/runtime-config.d.ts.map +1 -1
- package/dist/runtime-config.js +15 -0
- package/dist/runtime-config.js.map +1 -1
- package/dist/scan-runner.d.ts.map +1 -1
- package/dist/scan-runner.js +174 -142
- package/dist/scan-runner.js.map +1 -1
- package/dist/types.d.ts +24 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +4 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-code-provider.js","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAClE,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhF,MAAM,GAAG,GAAG,aAAa,CAAC;AAC1B,MAAM,qBAAqB,GAAG,KAAK,CAAC,CAAC,yCAAyC;AAC9E,MAAM,qBAAqB,GAAG,CAAC,CAAC,CAAC,8CAA8C;
|
|
1
|
+
{"version":3,"file":"claude-code-provider.js","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAClE,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhF,MAAM,GAAG,GAAG,aAAa,CAAC;AAC1B,MAAM,qBAAqB,GAAG,KAAK,CAAC,CAAC,yCAAyC;AAC9E,MAAM,qBAAqB,GAAG,CAAC,CAAC,CAAC,8CAA8C;AAC/E,MAAM,0BAA0B,GAAG,GAAG,CAAC,CAAC,2FAA2F;AAQnI,+DAA+D;AAC/D,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACxB,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC9B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC5B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC/B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,UAAU,EAAE;gCACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gCACxB,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gCAC/B,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;6BAC1B;4BACD,QAAQ,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC;4BACzC,oBAAoB,EAAE,KAAK;yBAC5B;qBACF;iBACF;gBACD,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,CAAC;gBACzD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACpB,oBAAoB,EAAE,KAAK;CACnB,CAAC;AAEX,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAAqB;IAC3B,cAAc,GAAY,KAAK,CAAC;IAChC,KAAK,GAAW,gBAAgB,CAAC;IACjC,QAAQ,CAAsB;IAC9B,YAAY,GAAY,KAAK,CAAC;IAEtC,YAAY,OAAgC;QAC1C,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAsB;QACrC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,CAAC;QACjE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC7D,yGAAyG;QACzG,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,WAAW,CAAC,GAAG,EAAE,oDAAoD,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;QACpD,CAAC;QACD,QAAQ,CAAC,GAAG,EAAE,mCAAmC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,QAAQ,CAAC,KAAa;QACpB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,WAAW;QACT,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,YAAoB,EACpB,cAAsB,EACtB,SAAkB,EAClB,OAA+B;QAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC,KAAK,CAAC;QACxF,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,MAAM,iBAAiB,GAAG,OAAO,EAAE,QAAQ,IAAI,GAAG,CAAC;QAEnD,MAAM,MAAM,GAAG,YAAY,CAAC;QAE5B,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,yBAAyB,IAAI,CAAC,KAAK,SAAS,cAAc,eAAe,MAAM,CAAC,MAAM,cAAc,iBAAiB,EAAE,CAAC,CAAC;QAChJ,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,GAAG,EAAE,GAAG,MAAM,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC;YAC3B,MAAM;YACN,OAAO,EAAE;gBACP,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,GAAG,EAAE,cAAc;gBACnB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,CAAC;gBACvE,QAAQ,EAAE,iBAAiB;gBAC3B,cAAc,EAAE,mBAAmB;gBACnC,YAAY,EAAE;oBACZ,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,aAAa;iBACtB;aACF;SACF,CAAC,CAAC;QAEH,kEAAkE;QAClE,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,gBAA2C,CAAC;QAChD,IAAI,YAAgC,CAAC;QACrC,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,UAAkC,CAAC;QAEvC,IAAI,oBAAoB,GAAG,CAAC,CAAC;QAC7B,IAAI,eAAmC,CAAC;QACxC,IAAI,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAElC,+DAA+D;QAC/D,MAAM,iBAAiB,GAAG,WAAW,CAAC,GAAG,EAAE;YACzC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC;YACzE,IAAI,aAAa,IAAI,qBAAqB,GAAG,IAAI,EAAE,CAAC;gBAClD,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,eAAe,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC1E,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,SAAS,MAAM,QAAQ,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC,EAAE,qBAAqB,CAAC,CAAC;QAE1B,IAAI,CAAC;YACH,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACzC,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChC,qEAAqE;gBACrE,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;oBACrC,MAAM,QAAQ,GAAG,OAA8D,CAAC;oBAChF,eAAe,GAAG,QAAQ,CAAC,SAAS,CAAC;oBACrC,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,WAAW,QAAQ,CAAC,SAAS,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAChH,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBACjC,SAAS,EAAE,CAAC;oBACZ,eAAe,GAAG,SAAS,CAAC;oBAC5B,0CAA0C;oBAC1C,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,QAAQ,SAAS,KAAK,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;oBAEvE,MAAM,OAAO,GAAI,OAAe,CAAC,OAAO,EAAE,OAAO,CAAC;oBAClD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC3B,oDAAoD;wBACpD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;4BAC5B,IAAI,KAAK,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;gCAC/B,aAAa,EAAE,CAAC;gCAChB,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC;gCAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gCAC7C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;gCACvF,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,QAAQ,aAAa,MAAM,KAAK,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC,CAAC;4BAClF,CAAC;wBACH,CAAC;wBAED,oCAAoC;wBACpC,MAAM,UAAU,GAAG,OAAO;6BACvB,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;6BACpE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;6BAC9B,MAAM,CAAC,OAAO,CAAC,CAAC;wBACnB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC1B,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,cAAc,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;4BAE/D,2EAA2E;4BAC3E,2EAA2E;4BAC3E,kFAAkF;4BAClF,uBAAuB;4BACvB,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,0BAA0B,CAAC,CAAC;4BAE5F,2EAA2E;4BAC3E,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CACpD,+DAA+D,CAAC,IAAI,CAAC,CAAC,CAAC,CACxE,CAAC;4BACF,IAAI,cAAc,EAAE,CAAC;gCACnB,MAAM,IAAI,kBAAkB,CAAC,mCAAmC,cAAc,EAAE,CAAC,CAAC;4BACpF,CAAC;4BAED,uEAAuE;4BACvE,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CACpD,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAC5B,CAAC;4BACF,IAAI,cAAc,EAAE,CAAC;gCACnB,MAAM,IAAI,kBAAkB,CAAC,4CAA4C,cAAc,EAAE,CAAC,CAAC;4BAC7F,CAAC;4BAED,8EAA8E;4BAC9E,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CACxD,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CACzB,CAAC;4BACF,IAAI,kBAAkB,EAAE,CAAC;gCACvB,MAAM,IAAI,kBAAkB,CAAC,8BAA8B,kBAAkB,6CAA6C,CAAC,CAAC;4BAC9H,CAAC;4BAED,0DAA0D;4BAC1D,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;4BAChF,IAAI,aAAa,EAAE,CAAC;gCAClB,oBAAoB,EAAE,CAAC;gCACvB,IAAI,oBAAoB,IAAI,qBAAqB,EAAE,CAAC;oCAClD,MAAM,IAAI,KAAK,CAAC,gCAAgC,qBAAqB,eAAe,aAAa,EAAE,CAAC,CAAC;gCACvG,CAAC;4BACH,CAAC;iCAAM,CAAC;gCACN,oBAAoB,GAAG,CAAC,CAAC;4BAC3B,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC9B,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;wBAClC,UAAU,GAAG,OAAO,CAAC,MAAgB,CAAC;wBACtC,yCAAyC;wBACzC,MAAM,SAAS,GAAG,OAKjB,CAAC;wBACF,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;4BAChC,gBAAgB,GAAG,SAAS,CAAC,iBAAiB,CAAC;4BAC/C,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,sBAAsB,gBAAgB,CAAC,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;wBACxF,CAAC;wBACD,oCAAoC;wBACpC,uFAAuF;wBACvF,IAAI,SAAS,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACzE,IAAI,WAAW,GAAG,CAAC,CAAC;4BACpB,IAAI,YAAY,GAAG,CAAC,CAAC;4BACrB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;gCACxD,WAAW,IAAI,KAAK,CAAC,WAAW,CAAC;gCACjC,YAAY,IAAI,KAAK,CAAC,YAAY,CAAC;4BACrC,CAAC;4BACD,UAAU,GAAG,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,YAAY,EAAE,CAAC;4BACpF,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,gBAAgB,UAAU,CAAC,WAAW,QAAQ,UAAU,CAAC,YAAY,SAAS,UAAU,CAAC,WAAW,QAAQ,CAAC,CAAC;wBACvI,CAAC;6BAAM,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;4BAC3B,UAAU,GAAG;gCACX,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,YAAY;gCACzC,YAAY,EAAE,SAAS,CAAC,KAAK,CAAC,aAAa;gCAC3C,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa;6BAC1E,CAAC;4BACF,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,gBAAgB,UAAU,CAAC,WAAW,QAAQ,UAAU,CAAC,YAAY,SAAS,UAAU,CAAC,WAAW,QAAQ,CAAC,CAAC;wBACvI,CAAC;wBACD,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,gBAAgB,KAAK,CAAC,UAAU,EAAE,KAAK,SAAS,WAAW,aAAa,cAAc,CAAC,CAAC;oBACpH,CAAC;yBAAM,CAAC;wBACN,MAAM,WAAW,GAAG,OAAiD,CAAC;wBACtE,YAAY,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,sBAAsB,WAAW,CAAC,OAAO,EAAE,CAAC;wBAC7F,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,WAAW,WAAW,CAAC,OAAO,KAAK,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;oBACtF,CAAC;gBACH,CAAC;YACH,CAAC;QACD,CAAC;gBAAS,CAAC;YACT,aAAa,CAAC,iBAAiB,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,UAAU,YAAY,EAAE,CAAC,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,IAAI,CAAC,YAAY,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,WAAW,UAAU,CAAC,MAAM,QAAQ,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,GAAG,EAAE,GAAG,MAAM,kBAAkB,EAAE,UAAU,CAAC,CAAC;QAC7D,CAAC;QAED,+EAA+E;QAC/E,+EAA+E;QAC/E,mFAAmF;QACnF,2EAA2E;QAC3E,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC;QACnE,CAAC;QAED,0EAA0E;QAC1E,sCAAsC;QACtC,8CAA8C;QAC9C,2DAA2D;QAC3D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,cAAc,CAAC;IAC9C,CAAC;CACF"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenAnt-based target discovery.
|
|
3
|
+
*
|
|
4
|
+
* Runs `openant parse` against the repository (or uses a mock dataset),
|
|
5
|
+
* filters the resulting code units, and returns them as targets with
|
|
6
|
+
* rich prompt enrichment (call graph, entry points, metadata).
|
|
7
|
+
*/
|
|
8
|
+
import type { TargetDiscovery } from '../discovery.js';
|
|
9
|
+
export declare const openantDiscovery: TargetDiscovery;
|
|
10
|
+
//# sourceMappingURL=openant-discovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openant-discovery.d.ts","sourceRoot":"","sources":["../../src/discoveries/openant-discovery.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAsC,MAAM,iBAAiB,CAAC;AAK3F,eAAO,MAAM,gBAAgB,EAAE,eAuC9B,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenAnt-based target discovery.
|
|
3
|
+
*
|
|
4
|
+
* Runs `openant parse` against the repository (or uses a mock dataset),
|
|
5
|
+
* filters the resulting code units, and returns them as targets with
|
|
6
|
+
* rich prompt enrichment (call graph, entry points, metadata).
|
|
7
|
+
*/
|
|
8
|
+
import { runOpenAnt } from '../openant-runner.js';
|
|
9
|
+
import { loadDatasetFromFile, filterUnits, formatUnitPromptSection } from '../openant-loader.js';
|
|
10
|
+
import { logProgress, logDebug } from '../logging.js';
|
|
11
|
+
const TAG = 'openant-discovery';
|
|
12
|
+
export const openantDiscovery = {
|
|
13
|
+
name: 'openant',
|
|
14
|
+
defaultGenericPrompt: 'openant-security-instructions.md',
|
|
15
|
+
needsInstructions: false,
|
|
16
|
+
async discover(check, repoPath, _options) {
|
|
17
|
+
const checkTarget = check.checkTarget;
|
|
18
|
+
// Run openant parse (or use mock)
|
|
19
|
+
const { datasetPath, cleanup } = await runOpenAnt(repoPath);
|
|
20
|
+
try {
|
|
21
|
+
// Load and filter units
|
|
22
|
+
const dataset = await loadDatasetFromFile(datasetPath);
|
|
23
|
+
const totalUnits = dataset.units.length;
|
|
24
|
+
const units = filterUnits(dataset.units, checkTarget.openant);
|
|
25
|
+
logProgress(TAG, `Loaded ${totalUnits} units (${units.length} after filtering)`);
|
|
26
|
+
return units.map((unit, idx) => {
|
|
27
|
+
const origin = unit.code.primary_origin;
|
|
28
|
+
return {
|
|
29
|
+
file: origin.file_path,
|
|
30
|
+
startLine: origin.start_line,
|
|
31
|
+
endLine: origin.end_line,
|
|
32
|
+
label: `[unit ${idx + 1}/${units.length}]`,
|
|
33
|
+
promptEnrichment: formatUnitPromptSection(unit),
|
|
34
|
+
aiOptions: { maxTurns: 20 },
|
|
35
|
+
};
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
finally {
|
|
39
|
+
await cleanup();
|
|
40
|
+
logDebug(TAG, 'Cleaned up temporary OpenAnt output');
|
|
41
|
+
}
|
|
42
|
+
},
|
|
43
|
+
};
|
|
44
|
+
//# sourceMappingURL=openant-discovery.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openant-discovery.js","sourceRoot":"","sources":["../../src/discoveries/openant-discovery.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AACjG,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAItD,MAAM,GAAG,GAAG,mBAAmB,CAAC;AAEhC,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,IAAI,EAAE,SAAS;IACf,oBAAoB,EAAE,kCAAkC;IACxD,iBAAiB,EAAE,KAAK;IAExB,KAAK,CAAC,QAAQ,CACZ,KAAoB,EACpB,QAAgB,EAChB,QAA2B;QAE3B,MAAM,WAAW,GAAG,KAAK,CAAC,WAAY,CAAC;QAEvC,kCAAkC;QAClC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE5D,IAAI,CAAC;YACH,wBAAwB;YACxB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,CAAC;YACvD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;YACxC,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;YAE9D,WAAW,CAAC,GAAG,EAAE,UAAU,UAAU,WAAW,KAAK,CAAC,MAAM,mBAAmB,CAAC,CAAC;YAEjF,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC;gBACxC,OAAO;oBACL,IAAI,EAAE,MAAM,CAAC,SAAS;oBACtB,SAAS,EAAE,MAAM,CAAC,UAAU;oBAC5B,OAAO,EAAE,MAAM,CAAC,QAAQ;oBACxB,KAAK,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG;oBAC1C,gBAAgB,EAAE,uBAAuB,CAAC,IAAI,CAAC;oBAC/C,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;iBAC5B,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,EAAE,CAAC;YAChB,QAAQ,CAAC,GAAG,EAAE,qCAAqC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SARIF-based target discovery.
|
|
3
|
+
*
|
|
4
|
+
* Reads an external SARIF file (e.g. from another SAST tool) and
|
|
5
|
+
* returns findings as targets for AI validation.
|
|
6
|
+
*/
|
|
7
|
+
import type { TargetDiscovery } from '../discovery.js';
|
|
8
|
+
export declare const sarifDiscovery: TargetDiscovery;
|
|
9
|
+
//# sourceMappingURL=sarif-discovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif-discovery.d.ts","sourceRoot":"","sources":["../../src/discoveries/sarif-discovery.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,KAAK,EAAE,eAAe,EAAsC,MAAM,iBAAiB,CAAC;AA2B3F,eAAO,MAAM,cAAc,EAAE,eA6C5B,CAAC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SARIF-based target discovery.
|
|
3
|
+
*
|
|
4
|
+
* Reads an external SARIF file (e.g. from another SAST tool) and
|
|
5
|
+
* returns findings as targets for AI validation.
|
|
6
|
+
*/
|
|
7
|
+
import { readFile } from 'node:fs/promises';
|
|
8
|
+
import { resolve } from 'node:path';
|
|
9
|
+
import { parseSARIF, deduplicateTargets } from '../sarif-parser.js';
|
|
10
|
+
import { logDebug } from '../logging.js';
|
|
11
|
+
import { ERROR_CODES, formatError } from '../error-codes.js';
|
|
12
|
+
const TAG = 'sarif-discovery';
|
|
13
|
+
function buildFindingPromptEnrichment(file, startLine, endLine, message, snippet) {
|
|
14
|
+
const snippetSection = snippet ? `\n- Code snippet from tool: ${snippet}` : '';
|
|
15
|
+
return `\n\nFINDING DETAILS:
|
|
16
|
+
|
|
17
|
+
- File: ${file}
|
|
18
|
+
- Lines: ${startLine}-${endLine}
|
|
19
|
+
- Tool's finding description: ${message}${snippetSection}
|
|
20
|
+
|
|
21
|
+
You MUST:
|
|
22
|
+
- Analyze ONLY this specific finding — do not search for or report issues at other locations
|
|
23
|
+
- You may read other files to understand context (e.g., imports, type definitions, data flow), but only report issues for this finding
|
|
24
|
+
- If this finding is a false positive (not actually vulnerable), return {"issues": []}
|
|
25
|
+
- Do NOT scan the broader repository for other vulnerability patterns
|
|
26
|
+
`;
|
|
27
|
+
}
|
|
28
|
+
export const sarifDiscovery = {
|
|
29
|
+
name: 'sarif',
|
|
30
|
+
defaultGenericPrompt: 'sarif-validation-instructions.md',
|
|
31
|
+
needsInstructions: false,
|
|
32
|
+
async discover(check, repoPath, _options) {
|
|
33
|
+
const checkTarget = check.checkTarget;
|
|
34
|
+
if (!checkTarget.sarifFile) {
|
|
35
|
+
throw new Error(formatError(ERROR_CODES.E2004, `Check "${check.id}" uses sarif discovery but has no "sarifFile" in its check definition`));
|
|
36
|
+
}
|
|
37
|
+
// Resolve sarifFile relative to the target repo
|
|
38
|
+
const sarifFilePath = resolve(repoPath, checkTarget.sarifFile);
|
|
39
|
+
logDebug(TAG, `Reading SARIF file: ${sarifFilePath}`);
|
|
40
|
+
const sarifContent = await readFile(sarifFilePath, 'utf-8');
|
|
41
|
+
let targets = parseSARIF(sarifContent);
|
|
42
|
+
targets = deduplicateTargets(targets);
|
|
43
|
+
logDebug(TAG, `Discovered ${targets.length} findings`);
|
|
44
|
+
return targets.map((target, idx) => ({
|
|
45
|
+
file: target.file,
|
|
46
|
+
startLine: target.startLine,
|
|
47
|
+
endLine: target.endLine,
|
|
48
|
+
label: `[finding ${idx + 1}/${targets.length}]`,
|
|
49
|
+
message: target.message,
|
|
50
|
+
snippet: target.snippet,
|
|
51
|
+
promptEnrichment: buildFindingPromptEnrichment(target.file, target.startLine, target.endLine, target.message, target.snippet),
|
|
52
|
+
}));
|
|
53
|
+
},
|
|
54
|
+
};
|
|
55
|
+
//# sourceMappingURL=sarif-discovery.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif-discovery.js","sourceRoot":"","sources":["../../src/discoveries/sarif-discovery.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAI7D,MAAM,GAAG,GAAG,iBAAiB,CAAC;AAE9B,SAAS,4BAA4B,CACnC,IAAY,EACZ,SAAiB,EACjB,OAAe,EACf,OAAe,EACf,OAAgB;IAEhB,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,+BAA+B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,OAAO;;UAEC,IAAI;WACH,SAAS,IAAI,OAAO;gCACC,OAAO,GAAG,cAAc;;;;;;;CAOvD,CAAC;AACF,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C,IAAI,EAAE,OAAO;IACb,oBAAoB,EAAE,kCAAkC;IACxD,iBAAiB,EAAE,KAAK;IAExB,KAAK,CAAC,QAAQ,CACZ,KAAoB,EACpB,QAAgB,EAChB,QAA2B;QAE3B,MAAM,WAAW,GAAG,KAAK,CAAC,WAAY,CAAC;QAEvC,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,UAAU,KAAK,CAAC,EAAE,uEAAuE,CAAC,CAC1H,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC;QAE/D,QAAQ,CAAC,GAAG,EAAE,uBAAuB,aAAa,EAAE,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAE5D,IAAI,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;QACvC,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEtC,QAAQ,CAAC,GAAG,EAAE,cAAc,OAAO,CAAC,MAAM,WAAW,CAAC,CAAC;QAEvD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACnC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,YAAY,GAAG,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG;YAC/C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,gBAAgB,EAAE,4BAA4B,CAC5C,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,OAAO,CACf;SACF,CAAC,CAAC,CAAC;IACN,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Semgrep-based target discovery.
|
|
3
|
+
*
|
|
4
|
+
* Runs Semgrep rules against the repository, parses SARIF output,
|
|
5
|
+
* and returns discovered targets with inline prompt enrichment.
|
|
6
|
+
*/
|
|
7
|
+
import type { TargetDiscovery } from '../discovery.js';
|
|
8
|
+
export declare const semgrepDiscovery: TargetDiscovery;
|
|
9
|
+
//# sourceMappingURL=semgrep-discovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"semgrep-discovery.d.ts","sourceRoot":"","sources":["../../src/discoveries/semgrep-discovery.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAsC,MAAM,iBAAiB,CAAC;AAoB3F,eAAO,MAAM,gBAAgB,EAAE,eAmC9B,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Semgrep-based target discovery.
|
|
3
|
+
*
|
|
4
|
+
* Runs Semgrep rules against the repository, parses SARIF output,
|
|
5
|
+
* and returns discovered targets with inline prompt enrichment.
|
|
6
|
+
*/
|
|
7
|
+
import { runSemgrep } from '../semgrep-runner.js';
|
|
8
|
+
import { parseSARIF, deduplicateTargets } from '../sarif-parser.js';
|
|
9
|
+
import { logDebug } from '../logging.js';
|
|
10
|
+
const TAG = 'semgrep-discovery';
|
|
11
|
+
function buildTargetPromptEnrichment(file, startLine, endLine) {
|
|
12
|
+
return `\n\nTARGET LOCATION:
|
|
13
|
+
|
|
14
|
+
You are analyzing a specific code location:
|
|
15
|
+
- File: ${file}
|
|
16
|
+
- Lines: ${startLine}-${endLine}
|
|
17
|
+
|
|
18
|
+
You MUST:
|
|
19
|
+
- Analyze ONLY this specific target location — do not search for or report issues at other locations
|
|
20
|
+
- You may read other files to understand context (e.g., imports, type definitions, data flow), but only report issues for this target
|
|
21
|
+
- If the code at this location is not vulnerable, return {"issues": []}
|
|
22
|
+
- Do NOT scan the broader repository for other instances of this vulnerability pattern
|
|
23
|
+
`;
|
|
24
|
+
}
|
|
25
|
+
export const semgrepDiscovery = {
|
|
26
|
+
name: 'semgrep',
|
|
27
|
+
defaultGenericPrompt: 'generic-instructions.md',
|
|
28
|
+
needsInstructions: true,
|
|
29
|
+
async discover(check, repoPath, _options) {
|
|
30
|
+
const checkTarget = check.checkTarget;
|
|
31
|
+
logDebug(TAG, `Running Semgrep for check: ${check.id}`);
|
|
32
|
+
const sarifContent = await runSemgrep({
|
|
33
|
+
repositoryPath: repoPath,
|
|
34
|
+
rules: checkTarget.rules,
|
|
35
|
+
config: checkTarget.config,
|
|
36
|
+
});
|
|
37
|
+
let targets = parseSARIF(sarifContent);
|
|
38
|
+
targets = deduplicateTargets(targets);
|
|
39
|
+
logDebug(TAG, `Discovered ${targets.length} targets`);
|
|
40
|
+
return targets.map((target, idx) => ({
|
|
41
|
+
file: target.file,
|
|
42
|
+
startLine: target.startLine,
|
|
43
|
+
endLine: target.endLine,
|
|
44
|
+
label: `[target ${idx + 1}/${targets.length}]`,
|
|
45
|
+
message: target.message,
|
|
46
|
+
snippet: target.snippet,
|
|
47
|
+
promptEnrichment: buildTargetPromptEnrichment(target.file, target.startLine, target.endLine),
|
|
48
|
+
}));
|
|
49
|
+
},
|
|
50
|
+
};
|
|
51
|
+
//# sourceMappingURL=semgrep-discovery.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"semgrep-discovery.js","sourceRoot":"","sources":["../../src/discoveries/semgrep-discovery.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAIzC,MAAM,GAAG,GAAG,mBAAmB,CAAC;AAEhC,SAAS,2BAA2B,CAAC,IAAY,EAAE,SAAiB,EAAE,OAAe;IACnF,OAAO;;;UAGC,IAAI;WACH,SAAS,IAAI,OAAO;;;;;;;CAO9B,CAAC;AACF,CAAC;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,IAAI,EAAE,SAAS;IACf,oBAAoB,EAAE,yBAAyB;IAC/C,iBAAiB,EAAE,IAAI;IAEvB,KAAK,CAAC,QAAQ,CACZ,KAAoB,EACpB,QAAgB,EAChB,QAA2B;QAE3B,MAAM,WAAW,GAAG,KAAK,CAAC,WAAY,CAAC;QAEvC,QAAQ,CAAC,GAAG,EAAE,8BAA8B,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC;YACpC,cAAc,EAAE,QAAQ;YACxB,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,MAAM,EAAE,WAAW,CAAC,MAAM;SAC3B,CAAC,CAAC;QAEH,IAAI,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;QACvC,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEtC,QAAQ,CAAC,GAAG,EAAE,cAAc,OAAO,CAAC,MAAM,UAAU,CAAC,CAAC;QAEtD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACnC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,WAAW,GAAG,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG;YAC9C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,gBAAgB,EAAE,2BAA2B,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC;SAC7F,CAAC,CAAC,CAAC;IACN,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pluggable target discovery system.
|
|
3
|
+
*
|
|
4
|
+
* Separates "how targets are found" (discovery) from "what happens with them"
|
|
5
|
+
* (execution). Each discovery mechanism implements the TargetDiscovery interface
|
|
6
|
+
* and is registered in a central registry.
|
|
7
|
+
*/
|
|
8
|
+
import type { SecurityCheck } from './types.js';
|
|
9
|
+
/**
|
|
10
|
+
* A target discovered by a discovery mechanism, ready for AI analysis.
|
|
11
|
+
* Contains location information plus optional discovery-specific enrichment.
|
|
12
|
+
*/
|
|
13
|
+
export interface DiscoveredTarget {
|
|
14
|
+
/** File path relative to the repository root. */
|
|
15
|
+
file: string;
|
|
16
|
+
/** Start line number (1-based). */
|
|
17
|
+
startLine: number;
|
|
18
|
+
/** End line number (1-based). */
|
|
19
|
+
endLine: number;
|
|
20
|
+
/** Display label for logging (e.g. "[target 1/10]"). */
|
|
21
|
+
label: string;
|
|
22
|
+
/** Extra context appended to prompt per target (e.g. call graph for openant, finding details for sarif). */
|
|
23
|
+
promptEnrichment?: string;
|
|
24
|
+
/** Discovery-specific AI provider options (e.g. maxTurns for openant). */
|
|
25
|
+
aiOptions?: {
|
|
26
|
+
maxTurns?: number;
|
|
27
|
+
};
|
|
28
|
+
/** Message from the discovery tool (e.g. Semgrep finding description). */
|
|
29
|
+
message?: string;
|
|
30
|
+
/** Code snippet from the discovery tool (e.g. Semgrep snippet). */
|
|
31
|
+
snippet?: string;
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Options passed to a discovery implementation.
|
|
35
|
+
*/
|
|
36
|
+
export interface DiscoveryOptions {
|
|
37
|
+
/** Path to the target repository. */
|
|
38
|
+
repositoryPath: string;
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Interface for pluggable target discovery mechanisms.
|
|
42
|
+
* Each implementation knows how to find targets and enrich them with context.
|
|
43
|
+
*/
|
|
44
|
+
export interface TargetDiscovery {
|
|
45
|
+
/** Discovery mechanism name (e.g. 'semgrep', 'openant', 'sarif'). */
|
|
46
|
+
readonly name: string;
|
|
47
|
+
/** Default generic prompt filename used for this discovery type. */
|
|
48
|
+
readonly defaultGenericPrompt: string;
|
|
49
|
+
/** Whether checks using this discovery require an instructions file. */
|
|
50
|
+
readonly needsInstructions: boolean;
|
|
51
|
+
/**
|
|
52
|
+
* Discover targets in the repository for the given check.
|
|
53
|
+
* Returns an array of targets with optional prompt enrichment.
|
|
54
|
+
*/
|
|
55
|
+
discover(check: SecurityCheck, repoPath: string, options?: DiscoveryOptions): Promise<DiscoveredTarget[]>;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Register a discovery implementation.
|
|
59
|
+
*/
|
|
60
|
+
export declare function registerDiscovery(discovery: TargetDiscovery): void;
|
|
61
|
+
/**
|
|
62
|
+
* Get a discovery implementation by name.
|
|
63
|
+
* Throws if the discovery type is not registered.
|
|
64
|
+
*/
|
|
65
|
+
export declare function getDiscovery(name: string): TargetDiscovery;
|
|
66
|
+
/**
|
|
67
|
+
* Get all registered discovery type names.
|
|
68
|
+
*/
|
|
69
|
+
export declare function getRegisteredDiscoveries(): string[];
|
|
70
|
+
/**
|
|
71
|
+
* Clear all registered discoveries. For testing only.
|
|
72
|
+
*/
|
|
73
|
+
export declare function clearDiscoveryRegistry(): void;
|
|
74
|
+
//# sourceMappingURL=discovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,KAAK,EAAE,MAAM,CAAC;IACd,4GAA4G;IAC5G,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0EAA0E;IAC1E,SAAS,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAClC,0EAA0E;IAC1E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;CACxB;AAID;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,qEAAqE;IACrE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,oEAAoE;IACpE,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,wEAAwE;IACxE,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC;;;OAGG;IACH,QAAQ,CACN,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;CAChC;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,eAAe,GAAG,IAAI,CAElE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAS1D;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,EAAE,CAEnD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pluggable target discovery system.
|
|
3
|
+
*
|
|
4
|
+
* Separates "how targets are found" (discovery) from "what happens with them"
|
|
5
|
+
* (execution). Each discovery mechanism implements the TargetDiscovery interface
|
|
6
|
+
* and is registered in a central registry.
|
|
7
|
+
*/
|
|
8
|
+
import { ERROR_CODES, formatError } from './error-codes.js';
|
|
9
|
+
// --- Discovery Registry ---
|
|
10
|
+
const discoveryRegistry = new Map();
|
|
11
|
+
/**
|
|
12
|
+
* Register a discovery implementation.
|
|
13
|
+
*/
|
|
14
|
+
export function registerDiscovery(discovery) {
|
|
15
|
+
discoveryRegistry.set(discovery.name, discovery);
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Get a discovery implementation by name.
|
|
19
|
+
* Throws if the discovery type is not registered.
|
|
20
|
+
*/
|
|
21
|
+
export function getDiscovery(name) {
|
|
22
|
+
const discovery = discoveryRegistry.get(name);
|
|
23
|
+
if (!discovery) {
|
|
24
|
+
const available = [...discoveryRegistry.keys()].join(', ');
|
|
25
|
+
throw new Error(formatError(ERROR_CODES.E2004, `Unknown discovery type: "${name}". Available: ${available || '(none registered)'}`));
|
|
26
|
+
}
|
|
27
|
+
return discovery;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Get all registered discovery type names.
|
|
31
|
+
*/
|
|
32
|
+
export function getRegisteredDiscoveries() {
|
|
33
|
+
return [...discoveryRegistry.keys()];
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Clear all registered discoveries. For testing only.
|
|
37
|
+
*/
|
|
38
|
+
export function clearDiscoveryRegistry() {
|
|
39
|
+
discoveryRegistry.clear();
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=discovery.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AA6D5D,6BAA6B;AAE7B,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAA2B,CAAC;AAE7D;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAA0B;IAC1D,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,SAAS,GAAG,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,CAAC,GAAG,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,IAAI,KAAK,CACb,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,4BAA4B,IAAI,iBAAiB,SAAS,IAAI,mBAAmB,EAAE,CAAC,CACpH,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,CAAC,GAAG,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,iBAAiB,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC"}
|
package/dist/error-codes.d.ts
CHANGED
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
* E3xxx — AI provider
|
|
8
8
|
* E4xxx — Repository/target validation
|
|
9
9
|
* E5xxx — Semgrep
|
|
10
|
+
* E6xxx — OpenAnt
|
|
10
11
|
* E9xxx — Internal/fatal
|
|
11
12
|
*/
|
|
12
13
|
export interface ErrorCode {
|
|
@@ -27,7 +28,8 @@ export declare const ERROR_CODES: {
|
|
|
27
28
|
readonly E3003: ErrorCode;
|
|
28
29
|
readonly E4001: ErrorCode;
|
|
29
30
|
readonly E5001: ErrorCode;
|
|
30
|
-
readonly
|
|
31
|
+
readonly E6001: ErrorCode;
|
|
32
|
+
readonly E6002: ErrorCode;
|
|
31
33
|
readonly E9001: ErrorCode;
|
|
32
34
|
};
|
|
33
35
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"error-codes.d.ts","sourceRoot":"","sources":["../src/error-codes.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"error-codes.d.ts","sourceRoot":"","sources":["../src/error-codes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAMD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;CA8Bd,CAAC;AAEX;;;GAGG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAWzE"}
|
package/dist/error-codes.js
CHANGED
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
* E3xxx — AI provider
|
|
8
8
|
* E4xxx — Repository/target validation
|
|
9
9
|
* E5xxx — Semgrep
|
|
10
|
+
* E6xxx — OpenAnt
|
|
10
11
|
* E9xxx — Internal/fatal
|
|
11
12
|
*/
|
|
12
13
|
function ec(code, label) {
|
|
@@ -31,7 +32,9 @@ export const ERROR_CODES = {
|
|
|
31
32
|
E4001: ec('E4001', 'Repository path not found'),
|
|
32
33
|
// E5xxx — Semgrep
|
|
33
34
|
E5001: ec('E5001', 'Semgrep not installed'),
|
|
34
|
-
|
|
35
|
+
// E6xxx — OpenAnt
|
|
36
|
+
E6001: ec('E6001', 'OpenAnt not installed'),
|
|
37
|
+
E6002: ec('E6002', 'OpenAnt execution failed'),
|
|
35
38
|
// E9xxx — Internal
|
|
36
39
|
E9001: ec('E9001', 'Fatal internal error'),
|
|
37
40
|
};
|
package/dist/error-codes.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"error-codes.js","sourceRoot":"","sources":["../src/error-codes.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"error-codes.js","sourceRoot":"","sources":["../src/error-codes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,SAAS,EAAE,CAAC,IAAY,EAAE,KAAa;IACrC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,sBAAsB;IACtB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,gCAAgC,CAAC;IACpD,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,wBAAwB,CAAC;IAE5C,wBAAwB;IACxB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,gCAAgC,CAAC;IACpD,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,oCAAoC,CAAC;IACxD,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,0BAA0B,CAAC;IAC9C,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,qBAAqB,CAAC;IAEzC,sBAAsB;IACtB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,qBAAqB,CAAC;IACzC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iCAAiC,CAAC;IAErD,uCAAuC;IACvC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,2BAA2B,CAAC;IAE/C,kBAAkB;IAClB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,uBAAuB,CAAC;IAE3C,kBAAkB;IAClB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,uBAAuB,CAAC;IAC3C,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,0BAA0B,CAAC;IAE9C,mBAAmB;IACnB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,sBAAsB,CAAC;CAClC,CAAC;AAEX;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,SAAoB,EAAE,OAAe;IAC/D,OAAO,UAAU,SAAS,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe,EAAE,OAAe;IAC/D,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,OAAO,EAAE,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,kBAAkB,CAAC,gBAAgB,OAAO,mBAAmB,OAAO,EAAE,CAAC,CAAC;IACrF,MAAM,GAAG,GAAG,6DAA6D,KAAK,SAAS,IAAI,aAAa,CAAC;IACzG,OAAO;QACL,uBAAuB,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,OAAO,EAAE;QAC5D,YAAY,OAAO,EAAE;QACrB,EAAE;QACF,0CAA0C;QAC1C,KAAK,GAAG,EAAE;KACX,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,eAAe,CAAC;AAmSvB,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA0Q3D"}
|