@bouncesecurity/aghast 0.4.4 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -3
- package/config/pricing.json +42 -0
- package/config/prompts/false-positive-validation.md +1 -0
- package/config/prompts/general-vuln-discovery.md +8 -3
- package/config/prompts/generic-instructions.md +3 -2
- package/dist/budget.d.ts +62 -0
- package/dist/budget.d.ts.map +1 -0
- package/dist/budget.js +137 -0
- package/dist/budget.js.map +1 -0
- package/dist/build-config.d.ts +15 -0
- package/dist/build-config.d.ts.map +1 -0
- package/dist/build-config.js +568 -0
- package/dist/build-config.js.map +1 -0
- package/dist/check-library.d.ts +1 -0
- package/dist/check-library.d.ts.map +1 -1
- package/dist/check-library.js +26 -7
- package/dist/check-library.js.map +1 -1
- package/dist/check-types.d.ts +1 -1
- package/dist/check-types.d.ts.map +1 -1
- package/dist/claude-code-provider.d.ts +6 -6
- package/dist/claude-code-provider.d.ts.map +1 -1
- package/dist/claude-code-provider.js +151 -66
- package/dist/claude-code-provider.js.map +1 -1
- package/dist/cli.js +19 -3
- package/dist/cli.js.map +1 -1
- package/dist/colors.js +4 -4
- package/dist/colors.js.map +1 -1
- package/dist/cost-calculator.d.ts +80 -0
- package/dist/cost-calculator.d.ts.map +1 -0
- package/dist/cost-calculator.js +226 -0
- package/dist/cost-calculator.js.map +1 -0
- package/dist/defaults.d.ts +21 -0
- package/dist/defaults.d.ts.map +1 -0
- package/dist/defaults.js +21 -0
- package/dist/defaults.js.map +1 -0
- package/dist/discoveries/openant-discovery.d.ts.map +1 -1
- package/dist/discoveries/openant-discovery.js +3 -2
- package/dist/discoveries/openant-discovery.js.map +1 -1
- package/dist/discoveries/sarif-discovery.d.ts.map +1 -1
- package/dist/discoveries/sarif-discovery.js +2 -1
- package/dist/discoveries/sarif-discovery.js.map +1 -1
- package/dist/discoveries/semgrep-discovery.d.ts.map +1 -1
- package/dist/discoveries/semgrep-discovery.js +11 -2
- package/dist/discoveries/semgrep-discovery.js.map +1 -1
- package/dist/discovery.d.ts +8 -2
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +8 -0
- package/dist/discovery.js.map +1 -1
- package/dist/error-codes.d.ts +3 -1
- package/dist/error-codes.d.ts.map +1 -1
- package/dist/error-codes.js +10 -3
- package/dist/error-codes.js.map +1 -1
- package/dist/formatters/types.d.ts +1 -1
- package/dist/formatters/types.js +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +257 -82
- package/dist/index.js.map +1 -1
- package/dist/logging.d.ts +1 -1
- package/dist/logging.d.ts.map +1 -1
- package/dist/logging.js +50 -31
- package/dist/logging.js.map +1 -1
- package/dist/{mock-ai-provider.d.ts → mock-agent-provider.d.ts} +10 -7
- package/dist/mock-agent-provider.d.ts.map +1 -0
- package/dist/{mock-ai-provider.js → mock-agent-provider.js} +15 -8
- package/dist/mock-agent-provider.js.map +1 -0
- package/dist/new-check.js +2 -2
- package/dist/new-check.js.map +1 -1
- package/dist/opencode-provider.d.ts +63 -0
- package/dist/opencode-provider.d.ts.map +1 -0
- package/dist/opencode-provider.js +614 -0
- package/dist/opencode-provider.js.map +1 -0
- package/dist/prompt-template.d.ts.map +1 -1
- package/dist/prompt-template.js +2 -1
- package/dist/prompt-template.js.map +1 -1
- package/dist/provider-registry.d.ts +6 -6
- package/dist/provider-registry.d.ts.map +1 -1
- package/dist/provider-registry.js +6 -4
- package/dist/provider-registry.js.map +1 -1
- package/dist/provider-utils.d.ts +52 -0
- package/dist/provider-utils.d.ts.map +1 -0
- package/dist/provider-utils.js +40 -0
- package/dist/provider-utils.js.map +1 -0
- package/dist/response-parser.d.ts +8 -6
- package/dist/response-parser.d.ts.map +1 -1
- package/dist/response-parser.js +8 -6
- package/dist/response-parser.js.map +1 -1
- package/dist/runtime-config.d.ts +4 -4
- package/dist/runtime-config.d.ts.map +1 -1
- package/dist/runtime-config.js +107 -8
- package/dist/runtime-config.js.map +1 -1
- package/dist/scan-history.d.ts +82 -0
- package/dist/scan-history.d.ts.map +1 -0
- package/dist/scan-history.js +127 -0
- package/dist/scan-history.js.map +1 -0
- package/dist/scan-runner.d.ts +67 -4
- package/dist/scan-runner.d.ts.map +1 -1
- package/dist/scan-runner.js +267 -51
- package/dist/scan-runner.js.map +1 -1
- package/dist/stats.d.ts +11 -0
- package/dist/stats.d.ts.map +1 -0
- package/dist/stats.js +197 -0
- package/dist/stats.js.map +1 -0
- package/dist/types.d.ts +74 -8
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +3 -3
- package/dist/types.js.map +1 -1
- package/package.json +6 -4
- package/dist/mock-ai-provider.d.ts.map +0 -1
- package/dist/mock-ai-provider.js.map +0 -1
package/dist/stats.d.ts
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `aghast stats` subcommand: prints a cost summary table from the scan history.
|
|
3
|
+
*
|
|
4
|
+
* The history file is written to by `aghast scan` (see scan-history.ts). Stats
|
|
5
|
+
* are aggregated by repository and by model. Output is plain text suitable for
|
|
6
|
+
* a terminal; users wanting to feed stats into Grafana / spreadsheets can read
|
|
7
|
+
* the underlying `~/.aghast/history.json` directly.
|
|
8
|
+
*/
|
|
9
|
+
import 'dotenv/config';
|
|
10
|
+
export declare function runStats(args: string[]): Promise<void>;
|
|
11
|
+
//# sourceMappingURL=stats.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"stats.d.ts","sourceRoot":"","sources":["../src/stats.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,eAAe,CAAC;AAyKvB,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsD5D"}
|
package/dist/stats.js
ADDED
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `aghast stats` subcommand: prints a cost summary table from the scan history.
|
|
3
|
+
*
|
|
4
|
+
* The history file is written to by `aghast scan` (see scan-history.ts). Stats
|
|
5
|
+
* are aggregated by repository and by model. Output is plain text suitable for
|
|
6
|
+
* a terminal; users wanting to feed stats into Grafana / spreadsheets can read
|
|
7
|
+
* the underlying `~/.aghast/history.json` directly.
|
|
8
|
+
*/
|
|
9
|
+
import 'dotenv/config';
|
|
10
|
+
import { ERROR_CODES, formatError } from './error-codes.js';
|
|
11
|
+
import { queryScanHistory } from './scan-history.js';
|
|
12
|
+
import { formatCostSourceLabel } from './cost-calculator.js';
|
|
13
|
+
const STATS_HELP = `Usage: aghast stats [options]
|
|
14
|
+
|
|
15
|
+
Print a cost summary from the scan history (~/.aghast/history.json).
|
|
16
|
+
|
|
17
|
+
Options:
|
|
18
|
+
--repo <substring> Filter to scans whose repository path or URL contains
|
|
19
|
+
the substring. Matches loosely — "alpha" matches both
|
|
20
|
+
"/repos/alpha" and "/repos/alpha2".
|
|
21
|
+
--model <substring> Filter to scans that used a model containing the
|
|
22
|
+
substring (loose match).
|
|
23
|
+
--since <iso-time> Only include scans started at or after this timestamp
|
|
24
|
+
--until <iso-time> Only include scans started at or before this timestamp
|
|
25
|
+
--json Output raw JSON instead of a formatted table
|
|
26
|
+
--history-file <path> Override the history file path (default: ~/.aghast/history.json)
|
|
27
|
+
--help Show this help message
|
|
28
|
+
|
|
29
|
+
Examples:
|
|
30
|
+
aghast stats
|
|
31
|
+
aghast stats --repo my-org/my-repo --since 2026-01-01
|
|
32
|
+
aghast stats --model claude-sonnet --json`;
|
|
33
|
+
function parseStatsArgs(args) {
|
|
34
|
+
if (args.includes('--help') || args.includes('-h')) {
|
|
35
|
+
console.log(STATS_HELP);
|
|
36
|
+
process.exit(0);
|
|
37
|
+
}
|
|
38
|
+
let repo;
|
|
39
|
+
let model;
|
|
40
|
+
let since;
|
|
41
|
+
let until;
|
|
42
|
+
let json = false;
|
|
43
|
+
let historyFile;
|
|
44
|
+
for (let i = 0; i < args.length; i++) {
|
|
45
|
+
switch (args[i]) {
|
|
46
|
+
case '--repo':
|
|
47
|
+
repo = args[i + 1];
|
|
48
|
+
if (!repo) {
|
|
49
|
+
console.error(formatError(ERROR_CODES.E1001, '--repo requires a value'));
|
|
50
|
+
process.exit(1);
|
|
51
|
+
}
|
|
52
|
+
i++;
|
|
53
|
+
break;
|
|
54
|
+
case '--model':
|
|
55
|
+
model = args[i + 1];
|
|
56
|
+
if (!model) {
|
|
57
|
+
console.error(formatError(ERROR_CODES.E1001, '--model requires a value'));
|
|
58
|
+
process.exit(1);
|
|
59
|
+
}
|
|
60
|
+
i++;
|
|
61
|
+
break;
|
|
62
|
+
case '--since':
|
|
63
|
+
since = args[i + 1];
|
|
64
|
+
if (!since) {
|
|
65
|
+
console.error(formatError(ERROR_CODES.E1001, '--since requires a timestamp'));
|
|
66
|
+
process.exit(1);
|
|
67
|
+
}
|
|
68
|
+
i++;
|
|
69
|
+
break;
|
|
70
|
+
case '--until':
|
|
71
|
+
until = args[i + 1];
|
|
72
|
+
if (!until) {
|
|
73
|
+
console.error(formatError(ERROR_CODES.E1001, '--until requires a timestamp'));
|
|
74
|
+
process.exit(1);
|
|
75
|
+
}
|
|
76
|
+
i++;
|
|
77
|
+
break;
|
|
78
|
+
case '--json':
|
|
79
|
+
json = true;
|
|
80
|
+
break;
|
|
81
|
+
case '--history-file':
|
|
82
|
+
historyFile = args[i + 1];
|
|
83
|
+
if (!historyFile) {
|
|
84
|
+
console.error(formatError(ERROR_CODES.E1001, '--history-file requires a path'));
|
|
85
|
+
process.exit(1);
|
|
86
|
+
}
|
|
87
|
+
i++;
|
|
88
|
+
break;
|
|
89
|
+
default:
|
|
90
|
+
// Unknown flags are tolerated (forward-compat) but logged to stderr
|
|
91
|
+
if (args[i].startsWith('--')) {
|
|
92
|
+
console.error(`Warning: unknown stats option ${args[i]}`);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
return { repo, model, since, until, json, historyFile };
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Resolve the cost source for a history record. Records written before the
|
|
100
|
+
* cost-accuracy fix (lacking costSource) are tagged 'legacy'.
|
|
101
|
+
*/
|
|
102
|
+
function recordCostSource(r) {
|
|
103
|
+
return r.costSource ?? 'legacy';
|
|
104
|
+
}
|
|
105
|
+
function aggregateBy(records, selector) {
|
|
106
|
+
const map = new Map();
|
|
107
|
+
for (const r of records) {
|
|
108
|
+
const tokens = r.tokenUsage?.totalTokens ?? 0;
|
|
109
|
+
for (const key of selector(r)) {
|
|
110
|
+
const existing = map.get(key);
|
|
111
|
+
if (existing) {
|
|
112
|
+
existing.scans += 1;
|
|
113
|
+
existing.totalCost += r.totalCost;
|
|
114
|
+
existing.totalTokens += tokens;
|
|
115
|
+
}
|
|
116
|
+
else {
|
|
117
|
+
map.set(key, {
|
|
118
|
+
key,
|
|
119
|
+
scans: 1,
|
|
120
|
+
totalCost: r.totalCost,
|
|
121
|
+
totalTokens: tokens,
|
|
122
|
+
currency: r.currency,
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
return [...map.values()].sort((a, b) => b.totalCost - a.totalCost);
|
|
128
|
+
}
|
|
129
|
+
function formatTable(rows, keyHeader) {
|
|
130
|
+
if (rows.length === 0)
|
|
131
|
+
return ' (no records)';
|
|
132
|
+
const headers = [keyHeader, 'Scans', 'Tokens', 'Cost'];
|
|
133
|
+
const data = rows.map((r) => [
|
|
134
|
+
r.key,
|
|
135
|
+
String(r.scans),
|
|
136
|
+
r.totalTokens.toLocaleString(),
|
|
137
|
+
`${r.totalCost.toFixed(4)} ${r.currency}`,
|
|
138
|
+
]);
|
|
139
|
+
const widths = headers.map((h, i) => Math.max(h.length, ...data.map((row) => row[i].length)));
|
|
140
|
+
const fmtRow = (cols) => cols.map((c, i) => c.padEnd(widths[i])).join(' ');
|
|
141
|
+
const sep = widths.map((w) => '-'.repeat(w)).join(' ');
|
|
142
|
+
return [fmtRow(headers), sep, ...data.map(fmtRow)].join('\n');
|
|
143
|
+
}
|
|
144
|
+
function formatRecentRow(r) {
|
|
145
|
+
const source = recordCostSource(r);
|
|
146
|
+
const sourceLabel = formatCostSourceLabel(source, r.costReportedBy, r.costCoveredBySubscription);
|
|
147
|
+
const equiv = r.costCoveredBySubscription ? ' equivalent' : '';
|
|
148
|
+
return ` [${r.startedAt}] ${r.repositoryUrl ?? r.repository} models=${r.models.join(',')} tokens=${(r.tokenUsage?.totalTokens ?? 0).toLocaleString()} cost=${r.totalCost.toFixed(4)}${equiv} ${r.currency} ${sourceLabel}`;
|
|
149
|
+
}
|
|
150
|
+
export async function runStats(args) {
|
|
151
|
+
const parsed = parseStatsArgs(args);
|
|
152
|
+
const filters = {};
|
|
153
|
+
if (parsed.repo)
|
|
154
|
+
filters.repository = parsed.repo;
|
|
155
|
+
if (parsed.model)
|
|
156
|
+
filters.model = parsed.model;
|
|
157
|
+
if (parsed.since)
|
|
158
|
+
filters.since = parsed.since;
|
|
159
|
+
if (parsed.until)
|
|
160
|
+
filters.until = parsed.until;
|
|
161
|
+
const records = await queryScanHistory(filters, { historyFile: parsed.historyFile });
|
|
162
|
+
if (parsed.json) {
|
|
163
|
+
const enriched = records.map((r) => ({
|
|
164
|
+
...r,
|
|
165
|
+
costSource: recordCostSource(r),
|
|
166
|
+
// Pre-feature records have no costCoveredBySubscription field; default to false
|
|
167
|
+
// (they were not subscription runs, so the value is correct for old records too).
|
|
168
|
+
costCoveredBySubscription: r.costCoveredBySubscription ?? false,
|
|
169
|
+
}));
|
|
170
|
+
console.log(JSON.stringify({ records: enriched }, null, 2));
|
|
171
|
+
return;
|
|
172
|
+
}
|
|
173
|
+
if (records.length === 0) {
|
|
174
|
+
console.log('No scan history found.');
|
|
175
|
+
console.log(' Run `aghast scan ...` to record scans, then re-run `aghast stats`.');
|
|
176
|
+
return;
|
|
177
|
+
}
|
|
178
|
+
const totalCost = records.reduce((sum, r) => sum + r.totalCost, 0);
|
|
179
|
+
const totalTokens = records.reduce((sum, r) => sum + (r.tokenUsage?.totalTokens ?? 0), 0);
|
|
180
|
+
const currency = records[0].currency;
|
|
181
|
+
console.log('=== AGHAST Scan Statistics ===');
|
|
182
|
+
console.log(` Scans: ${records.length}`);
|
|
183
|
+
console.log(` Total tokens: ${totalTokens.toLocaleString()}`);
|
|
184
|
+
console.log(` Total est. cost: ${totalCost.toFixed(4)} ${currency}`);
|
|
185
|
+
console.log('');
|
|
186
|
+
console.log('By repository:');
|
|
187
|
+
console.log(formatTable(aggregateBy(records, (r) => [r.repositoryUrl ?? r.repository]), 'Repository'));
|
|
188
|
+
console.log('');
|
|
189
|
+
console.log('By model:');
|
|
190
|
+
console.log(formatTable(aggregateBy(records, (r) => (r.models.length > 0 ? r.models : ['(none)'])), 'Model'));
|
|
191
|
+
console.log('');
|
|
192
|
+
console.log('Recent scans (newest first):');
|
|
193
|
+
for (const r of records.slice(0, 10)) {
|
|
194
|
+
console.log(formatRecentRow(r));
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
//# sourceMappingURL=stats.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"stats.js","sourceRoot":"","sources":["../src/stats.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,eAAe,CAAC;AACvB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAwC,MAAM,mBAAmB,CAAC;AAC3F,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;4CAmByB,CAAC;AAW7C,SAAS,cAAc,CAAC,IAAc;IACpC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAwB,CAAC;IAC7B,IAAI,KAAyB,CAAC;IAC9B,IAAI,KAAyB,CAAC;IAC9B,IAAI,KAAyB,CAAC;IAC9B,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,WAA+B,CAAC;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,QAAQ;gBACX,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACnB,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAC,CAAC;oBACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,CAAC,EAAE,CAAC;gBACJ,MAAM;YACR,KAAK,SAAS;gBACZ,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACpB,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,0BAA0B,CAAC,CAAC,CAAC;oBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,CAAC,EAAE,CAAC;gBACJ,MAAM;YACR,KAAK,SAAS;gBACZ,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACpB,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,8BAA8B,CAAC,CAAC,CAAC;oBAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,CAAC,EAAE,CAAC;gBACJ,MAAM;YACR,KAAK,SAAS;gBACZ,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACpB,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,8BAA8B,CAAC,CAAC,CAAC;oBAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,CAAC,EAAE,CAAC;gBACJ,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,GAAG,IAAI,CAAC;gBACZ,MAAM;YACR,KAAK,gBAAgB;gBACnB,WAAW,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC1B,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,gCAAgC,CAAC,CAAC,CAAC;oBAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,CAAC,EAAE,CAAC;gBACJ,MAAM;YACR;gBACE,oEAAoE;gBACpE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7B,OAAO,CAAC,KAAK,CAAC,iCAAiC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC5D,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAC1D,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,CAAa;IACrC,OAAO,CAAC,CAAC,UAAU,IAAI,QAAQ,CAAC;AAClC,CAAC;AAUD,SAAS,WAAW,CAClB,OAAqB,EACrB,QAAqC;IAErC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,IAAI,CAAC,CAAC;QAC9C,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC;gBACpB,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,CAAC;gBAClC,QAAQ,CAAC,WAAW,IAAI,MAAM,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE;oBACX,GAAG;oBACH,KAAK,EAAE,CAAC;oBACR,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,WAAW,EAAE,MAAM;oBACnB,QAAQ,EAAE,CAAC,CAAC,QAAQ;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,WAAW,CAAC,IAAoB,EAAE,SAAiB;IAC1D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC/C,MAAM,OAAO,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,CAAC,GAAG;QACL,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACf,CAAC,CAAC,WAAW,CAAC,cAAc,EAAE;QAC9B,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;KAC1C,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAClC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CACxD,CAAC;IACF,MAAM,MAAM,GAAG,CAAC,IAAc,EAAE,EAAE,CAChC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,CAAa;IACpC,MAAM,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,WAAW,GAAG,qBAAqB,CAAC,MAAM,EAAE,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,yBAAyB,CAAC,CAAC;IACjG,MAAM,KAAK,GAAG,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,OAAO,MAAM,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,UAAU,YAAY,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,IAAI,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;AAClO,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAc;IAC3C,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,IAAI,MAAM,CAAC,IAAI;QAAE,OAAO,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAC/C,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAC/C,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAE/C,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAErF,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnC,GAAG,CAAC;YACJ,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC/B,gFAAgF;YAChF,kFAAkF;YAClF,yBAAyB,EAAE,CAAC,CAAC,yBAAyB,IAAI,KAAK;SAChE,CAAC,CAAC,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC;QACpF,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1F,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IAErC,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,sBAAsB,WAAW,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,CAAC,WAAW,CACrB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,EAC9D,YAAY,CACb,CAAC,CAAC;IACH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,WAAW,CACrB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAC1E,OAAO,CACR,CAAC,CAAC;IACH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;AACH,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -2,16 +2,30 @@
|
|
|
2
2
|
* Core type definitions for aghast.
|
|
3
3
|
* Based on SPECIFICATION.md Appendix A.
|
|
4
4
|
*/
|
|
5
|
-
export declare const
|
|
5
|
+
export declare const DEFAULT_MODEL = "haiku";
|
|
6
6
|
export declare const MOCK_MODEL_NAME = "mock";
|
|
7
7
|
export interface TokenUsage {
|
|
8
8
|
inputTokens: number;
|
|
9
9
|
outputTokens: number;
|
|
10
|
+
cacheCreationInputTokens?: number;
|
|
11
|
+
cacheReadInputTokens?: number;
|
|
12
|
+
/** OpenCode-only; billed at output rate by the calculator fallback. */
|
|
13
|
+
reasoningTokens?: number;
|
|
10
14
|
totalTokens: number;
|
|
15
|
+
reportedCost?: {
|
|
16
|
+
amountUsd: number;
|
|
17
|
+
source: 'claude-agent-sdk' | 'opencode';
|
|
18
|
+
/**
|
|
19
|
+
* true when AGHAST_LOCAL_CLAUDE=true — user didn't pay this amount via API.
|
|
20
|
+
* Populated exclusively by ClaudeCodeProvider; other providers should leave it absent.
|
|
21
|
+
*/
|
|
22
|
+
coveredBySubscription?: boolean;
|
|
23
|
+
};
|
|
11
24
|
}
|
|
12
25
|
export interface CheckRegistryEntry {
|
|
13
26
|
id: string;
|
|
14
27
|
repositories: string[];
|
|
28
|
+
excludeRepositories?: string[];
|
|
15
29
|
enabled?: boolean;
|
|
16
30
|
}
|
|
17
31
|
export interface CheckDefinition {
|
|
@@ -29,6 +43,7 @@ export interface SecurityCheck {
|
|
|
29
43
|
id: string;
|
|
30
44
|
name: string;
|
|
31
45
|
repositories: string[];
|
|
46
|
+
excludeRepositories?: string[];
|
|
32
47
|
checkTarget?: CheckTargetDefinition;
|
|
33
48
|
instructionsFile?: string;
|
|
34
49
|
applicablePaths?: string[];
|
|
@@ -57,6 +72,8 @@ export interface CheckTargetDefinition {
|
|
|
57
72
|
sarifFile?: string;
|
|
58
73
|
maxTargets?: number;
|
|
59
74
|
concurrency?: number;
|
|
75
|
+
/** Cap on issues returned per target; omit for unlimited. See docs/configuration.md. */
|
|
76
|
+
maxIssuesPerTarget?: number;
|
|
60
77
|
/** Analysis mode: determines the AI's approach to each target. */
|
|
61
78
|
analysisMode?: 'custom' | 'false-positive-validation' | 'general-vuln-discovery';
|
|
62
79
|
openant?: OpenAntFilterConfig;
|
|
@@ -108,6 +125,13 @@ export interface CheckExecutionSummary {
|
|
|
108
125
|
executionTime: number;
|
|
109
126
|
targetsAnalyzed?: number;
|
|
110
127
|
error?: string;
|
|
128
|
+
/**
|
|
129
|
+
* Raw text body of the agent provider's response, included in ERROR results
|
|
130
|
+
* for debugging. Field name retains "AI" (rather than "Agent") because the
|
|
131
|
+
* stored content is the LLM's raw text output — same rationale as
|
|
132
|
+
* AGHAST_MOCK_AI / AGHAST_AI_MODEL: the model and its output are AI/LLM
|
|
133
|
+
* concerns, the harness around them is the agent.
|
|
134
|
+
*/
|
|
111
135
|
rawAiResponse?: string;
|
|
112
136
|
tokenUsage?: TokenUsage;
|
|
113
137
|
}
|
|
@@ -122,7 +146,7 @@ export interface ScanResults {
|
|
|
122
146
|
executionTime: number;
|
|
123
147
|
startTime: string;
|
|
124
148
|
endTime: string;
|
|
125
|
-
|
|
149
|
+
agentProvider: {
|
|
126
150
|
name: string;
|
|
127
151
|
models: string[];
|
|
128
152
|
};
|
|
@@ -144,8 +168,31 @@ export interface ScanSummary {
|
|
|
144
168
|
errorChecks: number;
|
|
145
169
|
totalIssues: number;
|
|
146
170
|
}
|
|
171
|
+
export interface RuntimeBudgetConfig {
|
|
172
|
+
perScan?: {
|
|
173
|
+
maxTokens?: number;
|
|
174
|
+
maxCostUsd?: number;
|
|
175
|
+
};
|
|
176
|
+
perPeriod?: {
|
|
177
|
+
window?: 'day' | 'week' | 'month';
|
|
178
|
+
maxCostUsd?: number;
|
|
179
|
+
};
|
|
180
|
+
thresholds?: {
|
|
181
|
+
warnAt?: number;
|
|
182
|
+
abortAt?: number;
|
|
183
|
+
};
|
|
184
|
+
}
|
|
185
|
+
export interface RuntimePricingConfig {
|
|
186
|
+
currency?: string;
|
|
187
|
+
models?: Record<string, {
|
|
188
|
+
inputPerMillion: number;
|
|
189
|
+
outputPerMillion: number;
|
|
190
|
+
cacheReadPerMillion?: number;
|
|
191
|
+
cacheWritePerMillion?: number;
|
|
192
|
+
}>;
|
|
193
|
+
}
|
|
147
194
|
export interface RuntimeConfig {
|
|
148
|
-
|
|
195
|
+
agentProvider?: {
|
|
149
196
|
name?: string;
|
|
150
197
|
model?: string;
|
|
151
198
|
};
|
|
@@ -160,6 +207,8 @@ export interface RuntimeConfig {
|
|
|
160
207
|
};
|
|
161
208
|
genericPrompt?: string;
|
|
162
209
|
failOnCheckFailure?: boolean;
|
|
210
|
+
budget?: RuntimeBudgetConfig;
|
|
211
|
+
pricing?: RuntimePricingConfig;
|
|
163
212
|
}
|
|
164
213
|
export interface AggregatedReport {
|
|
165
214
|
timestamp: string;
|
|
@@ -204,23 +253,40 @@ export interface ProviderConfig {
|
|
|
204
253
|
model?: string;
|
|
205
254
|
[key: string]: unknown;
|
|
206
255
|
}
|
|
207
|
-
export interface
|
|
256
|
+
export interface AgentResponse {
|
|
208
257
|
raw: string;
|
|
209
258
|
parsed?: CheckResponse;
|
|
210
259
|
tokenUsage?: TokenUsage;
|
|
211
260
|
}
|
|
212
|
-
|
|
261
|
+
/** Describes a single model exposed by a provider's `listModels()`. */
|
|
262
|
+
export interface ProviderModelInfo {
|
|
263
|
+
/** Model identifier as accepted by the provider (stored in runtime config). */
|
|
264
|
+
id: string;
|
|
265
|
+
/** Optional human-readable label shown in selection UIs. */
|
|
266
|
+
label?: string;
|
|
267
|
+
/** Optional one-line description shown in selection UIs. */
|
|
268
|
+
description?: string;
|
|
269
|
+
}
|
|
270
|
+
export interface AgentProvider {
|
|
213
271
|
initialize(config: ProviderConfig): Promise<void>;
|
|
214
272
|
executeCheck(instructions: string, repositoryPath: string, logPrefix?: string, options?: {
|
|
215
273
|
maxTurns?: number;
|
|
216
|
-
}): Promise<
|
|
274
|
+
}): Promise<AgentResponse>;
|
|
217
275
|
validateConfig(): Promise<boolean>;
|
|
276
|
+
/**
|
|
277
|
+
* Check that required prerequisites (API keys, binaries, etc.) are available.
|
|
278
|
+
* Called before initialize() to give early feedback. Throws with a descriptive
|
|
279
|
+
* error message if a prerequisite is missing.
|
|
280
|
+
*/
|
|
281
|
+
checkPrerequisites?(): void;
|
|
218
282
|
getModelName?(): string;
|
|
219
283
|
setModel?(model: string): void;
|
|
220
|
-
|
|
284
|
+
cleanup?(): Promise<void>;
|
|
285
|
+
/** Closed list of models this provider accepts. Used by `aghast build-config`. */
|
|
286
|
+
listModels?(): Promise<readonly ProviderModelInfo[]>;
|
|
221
287
|
}
|
|
222
288
|
/**
|
|
223
|
-
* Error thrown by
|
|
289
|
+
* Error thrown by agent providers for unrecoverable failures (e.g. 401 auth, rate limits).
|
|
224
290
|
* When caught by the scan runner, this signals that the entire scan should abort —
|
|
225
291
|
* no further checks or targets should be attempted.
|
|
226
292
|
*/
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,eAAO,MAAM,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,eAAO,MAAM,aAAa,UAAU,CAAC;AACrC,eAAO,MAAM,eAAe,SAAS,CAAC;AAItC,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,kBAAkB,GAAG,UAAU,CAAC;QACxC;;;WAGG;QACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;KACjC,CAAC;CACH;AAID,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,eAAe,CAAC;IACpE,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAID,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,eAAe,CAAC;IACpE,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,iDAAiD;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,YAAY,CAAC;IAC3C,SAAS,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,OAAO,CAAC;IAC5C,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wFAAwF;IACxF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,kEAAkE;IAClE,YAAY,CAAC,EAAE,QAAQ,GAAG,2BAA2B,GAAG,wBAAwB,CAAC;IACjF,OAAO,CAAC,EAAE,mBAAmB,CAAC;CAC/B;AAID,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;CAC3B;AAID,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,2DAA2D;AAC3D,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;CAC3B;AAID,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAID,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,cAAc,CAAC;IAC3B,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAChC,OAAO,EAAE,WAAW,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE;QACb,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;IACF,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,WAAW,mBAAmB;IAClC,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,SAAS,CAAC,EAAE;QACV,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;QAClC,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,UAAU,CAAC,EAAE;QACX,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,eAAe,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAC;QAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAAC,oBAAoB,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC7I;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,EAAE;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,SAAS,CAAC,EAAE;QACV,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,OAAO,CAAC,EAAE,oBAAoB,CAAC;CAChC;AAID,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACjC,gBAAgB,EAAE,cAAc,EAAE,CAAC;IACnC,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,eAAgB,SAAQ,aAAa;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,sBAAuB,SAAQ,qBAAqB;IACnE,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED,uEAAuE;AACvE,MAAM,WAAW,iBAAiB;IAChC,+EAA+E;IAC/E,EAAE,EAAE,MAAM,CAAC;IACX,4DAA4D;IAC5D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,YAAY,CACV,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAC9B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1B,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IACnC;;;;OAIG;IACH,kBAAkB,CAAC,IAAI,IAAI,CAAC;IAC5B,YAAY,CAAC,IAAI,MAAM,CAAC;IACxB,QAAQ,CAAC,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,kFAAkF;IAClF,UAAU,CAAC,IAAI,OAAO,CAAC,SAAS,iBAAiB,EAAE,CAAC,CAAC;CACtD;AAED;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B"}
|
package/dist/types.js
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
* Core type definitions for aghast.
|
|
3
3
|
* Based on SPECIFICATION.md Appendix A.
|
|
4
4
|
*/
|
|
5
|
-
// --- Default
|
|
6
|
-
export const
|
|
5
|
+
// --- Default Model ---
|
|
6
|
+
export const DEFAULT_MODEL = 'haiku';
|
|
7
7
|
export const MOCK_MODEL_NAME = 'mock';
|
|
8
8
|
/**
|
|
9
|
-
* Error thrown by
|
|
9
|
+
* Error thrown by agent providers for unrecoverable failures (e.g. 401 auth, rate limits).
|
|
10
10
|
* When caught by the scan runner, this signals that the entire scan should abort —
|
|
11
11
|
* no further checks or targets should be attempted.
|
|
12
12
|
*/
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,aAAa,GAAG,OAAO,CAAC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC;AAkVtC;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bouncesecurity/aghast",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"description": "AI Guided Hybrid Application Static Testing",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"repository": {
|
|
@@ -23,10 +23,12 @@
|
|
|
23
23
|
"test:ci": "node --import tsx --test --test-reporter=spec --test-reporter-destination=stdout --test-reporter=junit --test-reporter-destination=test-results.xml tests/*.test.ts",
|
|
24
24
|
"test:semgrep": "node --import tsx --test tests/semgrep-integration.itest.ts",
|
|
25
25
|
"test:openant": "node --import tsx --test tests/openant-integration.itest.ts",
|
|
26
|
+
"test:opencode": "node --import tsx --test --test-force-exit tests/opencode-integration.itest.ts",
|
|
26
27
|
"lint": "eslint src/ tests/",
|
|
27
28
|
"lint:fix": "eslint --fix src/ tests/",
|
|
28
29
|
"scan": "tsx src/cli.ts scan",
|
|
29
|
-
"new-check": "tsx src/cli.ts new-check"
|
|
30
|
+
"new-check": "tsx src/cli.ts new-check",
|
|
31
|
+
"build-config": "tsx src/cli.ts build-config"
|
|
30
32
|
},
|
|
31
33
|
"keywords": [],
|
|
32
34
|
"author": "",
|
|
@@ -47,13 +49,13 @@
|
|
|
47
49
|
},
|
|
48
50
|
"dependencies": {
|
|
49
51
|
"@anthropic-ai/claude-agent-sdk": "^0.2.92",
|
|
52
|
+
"@opencode-ai/sdk": "^1.4.6",
|
|
50
53
|
"dotenv": "^17.3.1",
|
|
51
|
-
"hono": "^4.12.14",
|
|
52
54
|
"picocolors": "^1.1.1",
|
|
53
55
|
"picomatch": "^4.0.4"
|
|
54
56
|
},
|
|
55
57
|
"overrides": {
|
|
56
58
|
"minimatch@<10.2.3": ">=10.2.3",
|
|
57
|
-
"@anthropic-ai/sdk@<0.
|
|
59
|
+
"@anthropic-ai/sdk@<0.91.1": ">=0.91.1"
|
|
58
60
|
}
|
|
59
61
|
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mock-ai-provider.d.ts","sourceRoot":"","sources":["../src/mock-ai-provider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEzE,qBAAa,cAAe,YAAW,UAAU;IAC/C,OAAO,CAAC,WAAW,CAAS;gBAEhB,OAAO,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;IAItC,UAAU,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlD,YAAY,CAChB,aAAa,EAAE,MAAM,EACrB,eAAe,EAAE,MAAM,EACvB,UAAU,CAAC,EAAE,MAAM,EACnB,QAAQ,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAC/B,OAAO,CAAC,UAAU,CAAC;IAOhB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;IAIxC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI9B,WAAW,IAAI,IAAI;CAGpB"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mock-ai-provider.js","sourceRoot":"","sources":["../src/mock-ai-provider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,OAAO,cAAc;IACjB,WAAW,CAAS;IAE5B,YAAY,OAAgC;QAC1C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAuB;QACtC,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,aAAqB,EACrB,eAAuB,EACvB,UAAmB,EACnB,QAAgC;QAEhC,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,WAAW;YACrB,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,0BAA0B;IAC5B,CAAC;IAED,WAAW;QACT,QAAQ;IACV,CAAC;CACF"}
|