@bouncesecurity/aghast 0.4.4 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/prompts/general-vuln-discovery.md +7 -3
- package/dist/build-config.d.ts +15 -0
- package/dist/build-config.d.ts.map +1 -0
- package/dist/build-config.js +568 -0
- package/dist/build-config.js.map +1 -0
- package/dist/check-library.d.ts.map +1 -1
- package/dist/check-library.js +4 -1
- package/dist/check-library.js.map +1 -1
- package/dist/check-types.d.ts +1 -1
- package/dist/check-types.d.ts.map +1 -1
- package/dist/claude-code-provider.d.ts +6 -4
- package/dist/claude-code-provider.d.ts.map +1 -1
- package/dist/claude-code-provider.js +86 -51
- package/dist/claude-code-provider.js.map +1 -1
- package/dist/cli.js +8 -2
- package/dist/cli.js.map +1 -1
- package/dist/colors.js +4 -4
- package/dist/colors.js.map +1 -1
- package/dist/defaults.d.ts +21 -0
- package/dist/defaults.d.ts.map +1 -0
- package/dist/defaults.js +21 -0
- package/dist/defaults.js.map +1 -0
- package/dist/discoveries/openant-discovery.d.ts.map +1 -1
- package/dist/discoveries/openant-discovery.js +3 -2
- package/dist/discoveries/openant-discovery.js.map +1 -1
- package/dist/discoveries/sarif-discovery.d.ts.map +1 -1
- package/dist/discoveries/sarif-discovery.js +2 -1
- package/dist/discoveries/sarif-discovery.js.map +1 -1
- package/dist/discoveries/semgrep-discovery.d.ts.map +1 -1
- package/dist/discoveries/semgrep-discovery.js +11 -2
- package/dist/discoveries/semgrep-discovery.js.map +1 -1
- package/dist/discovery.d.ts +8 -2
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +8 -0
- package/dist/discovery.js.map +1 -1
- package/dist/error-codes.d.ts +2 -1
- package/dist/error-codes.d.ts.map +1 -1
- package/dist/error-codes.js +8 -3
- package/dist/error-codes.js.map +1 -1
- package/dist/formatters/types.d.ts +1 -1
- package/dist/formatters/types.js +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +91 -78
- package/dist/index.js.map +1 -1
- package/dist/logging.d.ts.map +1 -1
- package/dist/logging.js +36 -9
- package/dist/logging.js.map +1 -1
- package/dist/{mock-ai-provider.d.ts → mock-agent-provider.d.ts} +5 -5
- package/dist/mock-agent-provider.d.ts.map +1 -0
- package/dist/{mock-ai-provider.js → mock-agent-provider.js} +3 -3
- package/dist/mock-agent-provider.js.map +1 -0
- package/dist/new-check.js +2 -2
- package/dist/new-check.js.map +1 -1
- package/dist/opencode-provider.d.ts +65 -0
- package/dist/opencode-provider.d.ts.map +1 -0
- package/dist/opencode-provider.js +541 -0
- package/dist/opencode-provider.js.map +1 -0
- package/dist/prompt-template.d.ts.map +1 -1
- package/dist/prompt-template.js +2 -1
- package/dist/prompt-template.js.map +1 -1
- package/dist/provider-registry.d.ts +6 -6
- package/dist/provider-registry.d.ts.map +1 -1
- package/dist/provider-registry.js +6 -4
- package/dist/provider-registry.js.map +1 -1
- package/dist/provider-utils.d.ts +52 -0
- package/dist/provider-utils.d.ts.map +1 -0
- package/dist/provider-utils.js +40 -0
- package/dist/provider-utils.js.map +1 -0
- package/dist/response-parser.d.ts +8 -6
- package/dist/response-parser.d.ts.map +1 -1
- package/dist/response-parser.js +8 -6
- package/dist/response-parser.js.map +1 -1
- package/dist/runtime-config.d.ts +4 -4
- package/dist/runtime-config.d.ts.map +1 -1
- package/dist/runtime-config.js +15 -8
- package/dist/runtime-config.js.map +1 -1
- package/dist/scan-runner.d.ts +4 -4
- package/dist/scan-runner.d.ts.map +1 -1
- package/dist/scan-runner.js +99 -42
- package/dist/scan-runner.js.map +1 -1
- package/dist/types.d.ts +34 -7
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +3 -3
- package/dist/types.js.map +1 -1
- package/package.json +5 -3
- package/dist/mock-ai-provider.d.ts.map +0 -1
- package/dist/mock-ai-provider.js.map +0 -1
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Agent Provider Registry.
|
|
3
3
|
*
|
|
4
4
|
* Allows providers to be registered by name and resolved at runtime.
|
|
5
|
-
* Adding a new provider requires only implementing the
|
|
5
|
+
* Adding a new provider requires only implementing the AgentProvider interface
|
|
6
6
|
* and calling registerProvider.
|
|
7
7
|
*/
|
|
8
8
|
import { ClaudeCodeProvider } from './claude-code-provider.js';
|
|
9
|
+
import { OpenCodeProvider } from './opencode-provider.js';
|
|
9
10
|
const registry = new Map();
|
|
10
11
|
export function registerProvider(name, factory) {
|
|
11
12
|
registry.set(name, factory);
|
|
@@ -13,15 +14,16 @@ export function registerProvider(name, factory) {
|
|
|
13
14
|
export function createProviderByName(name) {
|
|
14
15
|
const factory = registry.get(name);
|
|
15
16
|
if (!factory) {
|
|
16
|
-
throw new Error(`Unknown
|
|
17
|
+
throw new Error(`Unknown agent provider "${name}". Supported providers: ${[...registry.keys()].join(', ')}`);
|
|
17
18
|
}
|
|
18
19
|
return factory();
|
|
19
20
|
}
|
|
20
21
|
export function getProviderNames() {
|
|
21
22
|
return [...registry.keys()];
|
|
22
23
|
}
|
|
23
|
-
/** Default provider name — used as fallback in CLI when
|
|
24
|
+
/** Default provider name — used as fallback in CLI when agent provider / runtime config not set. */
|
|
24
25
|
export const DEFAULT_PROVIDER_NAME = 'claude-code';
|
|
25
26
|
// Register built-in providers
|
|
26
27
|
registerProvider(DEFAULT_PROVIDER_NAME, () => new ClaudeCodeProvider());
|
|
28
|
+
registerProvider('opencode', () => new OpenCodeProvider());
|
|
27
29
|
//# sourceMappingURL=provider-registry.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider-registry.js","sourceRoot":"","sources":["../src/provider-registry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"provider-registry.js","sourceRoot":"","sources":["../src/provider-registry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAI1D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;AAEpD,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,OAAwB;IACrE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,2BAA2B,IAAI,2BAA2B,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5F,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,EAAE,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,oGAAoG;AACpG,MAAM,CAAC,MAAM,qBAAqB,GAAG,aAAa,CAAC;AAEnD,8BAA8B;AAC9B,gBAAgB,CAAC,qBAAqB,EAAE,GAAG,EAAE,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;AACxE,gBAAgB,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared utilities for agent providers.
|
|
3
|
+
*/
|
|
4
|
+
export declare const OUTPUT_SCHEMA: {
|
|
5
|
+
readonly type: "object";
|
|
6
|
+
readonly properties: {
|
|
7
|
+
readonly issues: {
|
|
8
|
+
readonly type: "array";
|
|
9
|
+
readonly items: {
|
|
10
|
+
readonly type: "object";
|
|
11
|
+
readonly properties: {
|
|
12
|
+
readonly file: {
|
|
13
|
+
readonly type: "string";
|
|
14
|
+
};
|
|
15
|
+
readonly startLine: {
|
|
16
|
+
readonly type: "integer";
|
|
17
|
+
};
|
|
18
|
+
readonly endLine: {
|
|
19
|
+
readonly type: "integer";
|
|
20
|
+
};
|
|
21
|
+
readonly description: {
|
|
22
|
+
readonly type: "string";
|
|
23
|
+
};
|
|
24
|
+
readonly dataFlow: {
|
|
25
|
+
readonly type: "array";
|
|
26
|
+
readonly items: {
|
|
27
|
+
readonly type: "object";
|
|
28
|
+
readonly properties: {
|
|
29
|
+
readonly file: {
|
|
30
|
+
readonly type: "string";
|
|
31
|
+
};
|
|
32
|
+
readonly lineNumber: {
|
|
33
|
+
readonly type: "integer";
|
|
34
|
+
};
|
|
35
|
+
readonly label: {
|
|
36
|
+
readonly type: "string";
|
|
37
|
+
};
|
|
38
|
+
};
|
|
39
|
+
readonly required: readonly ["file", "lineNumber", "label"];
|
|
40
|
+
readonly additionalProperties: false;
|
|
41
|
+
};
|
|
42
|
+
};
|
|
43
|
+
};
|
|
44
|
+
readonly required: readonly ["file", "startLine", "endLine", "description"];
|
|
45
|
+
readonly additionalProperties: false;
|
|
46
|
+
};
|
|
47
|
+
};
|
|
48
|
+
};
|
|
49
|
+
readonly required: readonly ["issues"];
|
|
50
|
+
readonly additionalProperties: false;
|
|
51
|
+
};
|
|
52
|
+
//# sourceMappingURL=provider-utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-utils.d.ts","sourceRoot":"","sources":["../src/provider-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiChB,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared utilities for agent providers.
|
|
3
|
+
*/
|
|
4
|
+
// JSON schema for structured output (matches spec Section 4.4).
|
|
5
|
+
// Shared across providers to ensure consistent output format.
|
|
6
|
+
export const OUTPUT_SCHEMA = {
|
|
7
|
+
type: 'object',
|
|
8
|
+
properties: {
|
|
9
|
+
issues: {
|
|
10
|
+
type: 'array',
|
|
11
|
+
items: {
|
|
12
|
+
type: 'object',
|
|
13
|
+
properties: {
|
|
14
|
+
file: { type: 'string' },
|
|
15
|
+
startLine: { type: 'integer' },
|
|
16
|
+
endLine: { type: 'integer' },
|
|
17
|
+
description: { type: 'string' },
|
|
18
|
+
dataFlow: {
|
|
19
|
+
type: 'array',
|
|
20
|
+
items: {
|
|
21
|
+
type: 'object',
|
|
22
|
+
properties: {
|
|
23
|
+
file: { type: 'string' },
|
|
24
|
+
lineNumber: { type: 'integer' },
|
|
25
|
+
label: { type: 'string' },
|
|
26
|
+
},
|
|
27
|
+
required: ['file', 'lineNumber', 'label'],
|
|
28
|
+
additionalProperties: false,
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
},
|
|
32
|
+
required: ['file', 'startLine', 'endLine', 'description'],
|
|
33
|
+
additionalProperties: false,
|
|
34
|
+
},
|
|
35
|
+
},
|
|
36
|
+
},
|
|
37
|
+
required: ['issues'],
|
|
38
|
+
additionalProperties: false,
|
|
39
|
+
};
|
|
40
|
+
//# sourceMappingURL=provider-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-utils.js","sourceRoot":"","sources":["../src/provider-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,gEAAgE;AAChE,8DAA8D;AAC9D,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACxB,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC9B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC5B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC/B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,UAAU,EAAE;gCACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gCACxB,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gCAC/B,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;6BAC1B;4BACD,QAAQ,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC;4BACzC,oBAAoB,EAAE,KAAK;yBAC5B;qBACF;iBACF;gBACD,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,CAAC;gBACzD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACpB,oBAAoB,EAAE,KAAK;CACnB,CAAC"}
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
* Parses raw
|
|
4
|
-
*
|
|
2
|
+
* Response parser.
|
|
3
|
+
* Parses the raw text body of an agent provider's response into
|
|
4
|
+
* CheckResponse format (spec Appendix A.3b). Handles malformed JSON,
|
|
5
|
+
* missing fields, and edge cases.
|
|
5
6
|
*/
|
|
6
7
|
import type { CheckResponse } from './types.js';
|
|
7
8
|
/**
|
|
8
|
-
* Attempt to parse
|
|
9
|
-
* Returns undefined if the response is not valid
|
|
9
|
+
* Attempt to parse the raw text body of an agent provider's response
|
|
10
|
+
* into a CheckResponse. Returns undefined if the response is not valid
|
|
11
|
+
* JSON or lacks the expected structure.
|
|
10
12
|
*/
|
|
11
|
-
export declare function
|
|
13
|
+
export declare function parseAgentResponse(raw: string): CheckResponse | undefined;
|
|
12
14
|
//# sourceMappingURL=response-parser.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"response-parser.d.ts","sourceRoot":"","sources":["../src/response-parser.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"response-parser.d.ts","sourceRoot":"","sources":["../src/response-parser.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,YAAY,CAAC;AAKvE;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAgHzE"}
|
package/dist/response-parser.js
CHANGED
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
* Parses raw
|
|
4
|
-
*
|
|
2
|
+
* Response parser.
|
|
3
|
+
* Parses the raw text body of an agent provider's response into
|
|
4
|
+
* CheckResponse format (spec Appendix A.3b). Handles malformed JSON,
|
|
5
|
+
* missing fields, and edge cases.
|
|
5
6
|
*/
|
|
6
7
|
import { logDebug } from './logging.js';
|
|
7
8
|
const TAG = 'parser';
|
|
8
9
|
/**
|
|
9
|
-
* Attempt to parse
|
|
10
|
-
* Returns undefined if the response is not valid
|
|
10
|
+
* Attempt to parse the raw text body of an agent provider's response
|
|
11
|
+
* into a CheckResponse. Returns undefined if the response is not valid
|
|
12
|
+
* JSON or lacks the expected structure.
|
|
11
13
|
*/
|
|
12
|
-
export function
|
|
14
|
+
export function parseAgentResponse(raw) {
|
|
13
15
|
logDebug(TAG, `Parsing response: ${raw.length} chars`);
|
|
14
16
|
const tryParse = (text) => {
|
|
15
17
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"response-parser.js","sourceRoot":"","sources":["../src/response-parser.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"response-parser.js","sourceRoot":"","sources":["../src/response-parser.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC,MAAM,GAAG,GAAG,QAAQ,CAAC;AAErB;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,QAAQ,CAAC,GAAG,EAAE,qBAAqB,GAAG,CAAC,MAAM,QAAQ,CAAC,CAAC;IAEvD,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAW,EAAE;QACzC,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;IAEF,kBAAkB;IAClB,IAAI,MAAM,GAAY,QAAQ,CAAC,GAAG,CAAC,CAAC;IAEpC,mEAAmE;IACnE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,QAAQ,CAAC,GAAG,EAAE,qCAAqC,CAAC,CAAC;YACrD,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,UAAU,KAAK,CAAC,CAAC,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,SAAS,GAAG,UAAU,EAAE,CAAC;YACpE,QAAQ,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;YACzC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC;YACnD,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC;QAC7C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAClD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,GAAG,GAAG,MAAiC,CAAC;IAE9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,GAAG,EAAE,+BAA+B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,IAA+B,CAAC;QAC9C,wEAAwE;QACxE,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC5E,SAAS;QACX,CAAC;QACD,qEAAqE;QACrE,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC7E,QAAQ,CAAC,GAAG,EAAE,iDAAiD,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7E,SAAS;QACX,CAAC;QACD,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC;QAEF,gCAAgC;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,UAAU,GAAmB,EAAE,CAAC;YACtC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAClC,IACE,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;oBACzC,OAAQ,IAAgC,CAAC,IAAI,KAAK,QAAQ;oBAC1D,OAAQ,IAAgC,CAAC,UAAU,KAAK,QAAQ;oBAChE,OAAQ,IAAgC,CAAC,KAAK,KAAK,QAAQ,EAC3D,CAAC;oBACD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAG,IAAgC,CAAC,IAAc;wBACtD,UAAU,EAAG,IAAgC,CAAC,UAAoB;wBAClE,KAAK,EAAG,IAAgC,CAAC,KAAe;qBACzD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC;YAChC,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,GAAG,EAAE,UAAU,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAkB,EAAE,MAAM,EAAE,CAAC;IAE3C,IAAI,GAAG,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;QACzB,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC;IAC1B,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACpC,QAAQ,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;QAC1C,QAAQ,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;IAC7C,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
package/dist/runtime-config.d.ts
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Runtime configuration loader.
|
|
3
|
-
* Loads runtime-config.json from the config directory to override
|
|
3
|
+
* Loads runtime-config.json from the config directory to override agent provider and reporting settings.
|
|
4
4
|
* Spec Section 8.1 & Appendix C.10.
|
|
5
5
|
*/
|
|
6
6
|
import type { RuntimeConfig } from './types.js';
|
|
7
7
|
/**
|
|
8
8
|
* Load runtime configuration from file.
|
|
9
|
-
* @param configDir - Directory containing runtime-config.json.
|
|
9
|
+
* @param configDir - Directory containing runtime-config.json. Optional when explicitPath is given.
|
|
10
10
|
* @param explicitPath - Explicit path to the runtime config file (from --runtime-config CLI flag).
|
|
11
11
|
* @returns Parsed RuntimeConfig object, or empty object if file absent
|
|
12
|
-
* @throws Error if file exists but contains invalid JSON
|
|
12
|
+
* @throws Error if file exists but contains invalid JSON, or if neither argument resolves a path
|
|
13
13
|
*/
|
|
14
|
-
export declare function loadRuntimeConfig(configDir
|
|
14
|
+
export declare function loadRuntimeConfig(configDir?: string, explicitPath?: string): Promise<RuntimeConfig>;
|
|
15
15
|
//# sourceMappingURL=runtime-config.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-config.d.ts","sourceRoot":"","sources":["../src/runtime-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,
|
|
1
|
+
{"version":3,"file":"runtime-config.d.ts","sourceRoot":"","sources":["../src/runtime-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAmFzG"}
|
package/dist/runtime-config.js
CHANGED
|
@@ -1,18 +1,21 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Runtime configuration loader.
|
|
3
|
-
* Loads runtime-config.json from the config directory to override
|
|
3
|
+
* Loads runtime-config.json from the config directory to override agent provider and reporting settings.
|
|
4
4
|
* Spec Section 8.1 & Appendix C.10.
|
|
5
5
|
*/
|
|
6
6
|
import { readFile } from 'node:fs/promises';
|
|
7
7
|
import { resolve } from 'node:path';
|
|
8
8
|
/**
|
|
9
9
|
* Load runtime configuration from file.
|
|
10
|
-
* @param configDir - Directory containing runtime-config.json.
|
|
10
|
+
* @param configDir - Directory containing runtime-config.json. Optional when explicitPath is given.
|
|
11
11
|
* @param explicitPath - Explicit path to the runtime config file (from --runtime-config CLI flag).
|
|
12
12
|
* @returns Parsed RuntimeConfig object, or empty object if file absent
|
|
13
|
-
* @throws Error if file exists but contains invalid JSON
|
|
13
|
+
* @throws Error if file exists but contains invalid JSON, or if neither argument resolves a path
|
|
14
14
|
*/
|
|
15
15
|
export async function loadRuntimeConfig(configDir, explicitPath) {
|
|
16
|
+
if (!explicitPath && !configDir) {
|
|
17
|
+
throw new Error('loadRuntimeConfig: one of configDir or explicitPath is required');
|
|
18
|
+
}
|
|
16
19
|
const pathToLoad = explicitPath ?? resolve(configDir, 'runtime-config.json');
|
|
17
20
|
let content;
|
|
18
21
|
try {
|
|
@@ -39,15 +42,19 @@ export async function loadRuntimeConfig(configDir, explicitPath) {
|
|
|
39
42
|
// Validate field types
|
|
40
43
|
const obj = parsed;
|
|
41
44
|
if (obj.aiProvider !== undefined) {
|
|
42
|
-
|
|
43
|
-
|
|
45
|
+
throw new Error(`Runtime config "${pathToLoad}": "aiProvider" has been renamed to "agentProvider" in 0.5.0. ` +
|
|
46
|
+
`Update your runtime-config.json to use the new key.`);
|
|
47
|
+
}
|
|
48
|
+
if (obj.agentProvider !== undefined) {
|
|
49
|
+
if (typeof obj.agentProvider !== 'object' || obj.agentProvider === null || Array.isArray(obj.agentProvider)) {
|
|
50
|
+
throw new Error(`Runtime config "${pathToLoad}": "agentProvider" must be an object`);
|
|
44
51
|
}
|
|
45
|
-
const ap = obj.
|
|
52
|
+
const ap = obj.agentProvider;
|
|
46
53
|
if (ap.name !== undefined && typeof ap.name !== 'string') {
|
|
47
|
-
throw new Error(`Runtime config "${pathToLoad}": "
|
|
54
|
+
throw new Error(`Runtime config "${pathToLoad}": "agentProvider.name" must be a string`);
|
|
48
55
|
}
|
|
49
56
|
if (ap.model !== undefined && typeof ap.model !== 'string') {
|
|
50
|
-
throw new Error(`Runtime config "${pathToLoad}": "
|
|
57
|
+
throw new Error(`Runtime config "${pathToLoad}": "agentProvider.model" must be a string`);
|
|
51
58
|
}
|
|
52
59
|
}
|
|
53
60
|
if (obj.reporting !== undefined) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-config.js","sourceRoot":"","sources":["../src/runtime-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,
|
|
1
|
+
{"version":3,"file":"runtime-config.js","sourceRoot":"","sources":["../src/runtime-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAkB,EAAE,YAAqB;IAC/E,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,UAAU,GAAG,YAAY,IAAI,OAAO,CAAC,SAAU,EAAE,qBAAqB,CAAC,CAAC;IAC9E,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,wCAAwC;QACxC,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,wCAAwC;IACxC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wCAAwC,UAAU,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,wBAAwB,UAAU,8BAA8B,CAAC,CAAC;IACpF,CAAC;IAED,uBAAuB;IACvB,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,mBAAmB,UAAU,gEAAgE;YAC3F,qDAAqD,CACxD,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QACpC,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5G,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,sCAAsC,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,EAAE,GAAG,GAAG,CAAC,aAAwC,CAAC;QACxD,IAAI,EAAE,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,0CAA0C,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,2CAA2C,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAChC,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,GAAG,CAAC,SAAS,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAChG,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,kCAAkC,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,SAAoC,CAAC;QACrD,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,iDAAiD,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,8CAA8C,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,qCAAqC,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,GAAG,CAAC,kBAAkB,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACxF,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,2CAA2C,CAAC,CAAC;IAC5F,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1F,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,gCAAgC,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAkC,CAAC;QACnD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,uCAAuC,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,uCAAuC,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,qCAAqC,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,OAAO,MAAuB,CAAC;AACjC,CAAC"}
|
package/dist/scan-runner.d.ts
CHANGED
|
@@ -3,16 +3,16 @@
|
|
|
3
3
|
* Runs security checks against a repository and produces ScanResults.
|
|
4
4
|
* Implements the core workflow from spec Section 2.2.
|
|
5
5
|
*/
|
|
6
|
-
import { type
|
|
6
|
+
import { type AgentProvider, type RepositoryInfo, type CheckDetails, type SecurityCheck, type ScanResults } from './types.js';
|
|
7
7
|
export interface MultiScanOptions {
|
|
8
8
|
repositoryPath: string;
|
|
9
9
|
checks: Array<{
|
|
10
10
|
check: SecurityCheck;
|
|
11
11
|
details: CheckDetails;
|
|
12
12
|
}>;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
agentProvider?: AgentProvider;
|
|
14
|
+
modelName?: string;
|
|
15
|
+
agentProviderName?: string;
|
|
16
16
|
concurrency?: number;
|
|
17
17
|
repositoryInfo?: RepositoryInfo;
|
|
18
18
|
configDir?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-runner.d.ts","sourceRoot":"","sources":["../src/scan-runner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"scan-runner.d.ts","sourceRoot":"","sources":["../src/scan-runner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAkBH,OAAO,EAGL,KAAK,aAAa,EAClB,KAAK,cAAc,EAInB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,WAAW,EAGjB,MAAM,YAAY,CAAC;AAwFpB,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,aAAa,CAAC;QAAC,OAAO,EAAE,YAAY,CAAA;KAAE,CAAC,CAAC;IAC/D,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,MAAM,CAKvC;AAylBD;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,CA6HlF"}
|