@bouncesecurity/aghast 0.4.4 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -3
- package/config/pricing.json +42 -0
- package/config/prompts/false-positive-validation.md +1 -0
- package/config/prompts/general-vuln-discovery.md +8 -3
- package/config/prompts/generic-instructions.md +3 -2
- package/dist/budget.d.ts +62 -0
- package/dist/budget.d.ts.map +1 -0
- package/dist/budget.js +137 -0
- package/dist/budget.js.map +1 -0
- package/dist/build-config.d.ts +15 -0
- package/dist/build-config.d.ts.map +1 -0
- package/dist/build-config.js +568 -0
- package/dist/build-config.js.map +1 -0
- package/dist/check-library.d.ts +1 -0
- package/dist/check-library.d.ts.map +1 -1
- package/dist/check-library.js +26 -7
- package/dist/check-library.js.map +1 -1
- package/dist/check-types.d.ts +1 -1
- package/dist/check-types.d.ts.map +1 -1
- package/dist/claude-code-provider.d.ts +6 -6
- package/dist/claude-code-provider.d.ts.map +1 -1
- package/dist/claude-code-provider.js +151 -66
- package/dist/claude-code-provider.js.map +1 -1
- package/dist/cli.js +19 -3
- package/dist/cli.js.map +1 -1
- package/dist/colors.js +4 -4
- package/dist/colors.js.map +1 -1
- package/dist/cost-calculator.d.ts +80 -0
- package/dist/cost-calculator.d.ts.map +1 -0
- package/dist/cost-calculator.js +226 -0
- package/dist/cost-calculator.js.map +1 -0
- package/dist/defaults.d.ts +21 -0
- package/dist/defaults.d.ts.map +1 -0
- package/dist/defaults.js +21 -0
- package/dist/defaults.js.map +1 -0
- package/dist/discoveries/openant-discovery.d.ts.map +1 -1
- package/dist/discoveries/openant-discovery.js +3 -2
- package/dist/discoveries/openant-discovery.js.map +1 -1
- package/dist/discoveries/sarif-discovery.d.ts.map +1 -1
- package/dist/discoveries/sarif-discovery.js +2 -1
- package/dist/discoveries/sarif-discovery.js.map +1 -1
- package/dist/discoveries/semgrep-discovery.d.ts.map +1 -1
- package/dist/discoveries/semgrep-discovery.js +11 -2
- package/dist/discoveries/semgrep-discovery.js.map +1 -1
- package/dist/discovery.d.ts +8 -2
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +8 -0
- package/dist/discovery.js.map +1 -1
- package/dist/error-codes.d.ts +3 -1
- package/dist/error-codes.d.ts.map +1 -1
- package/dist/error-codes.js +10 -3
- package/dist/error-codes.js.map +1 -1
- package/dist/formatters/types.d.ts +1 -1
- package/dist/formatters/types.js +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +257 -82
- package/dist/index.js.map +1 -1
- package/dist/logging.d.ts +1 -1
- package/dist/logging.d.ts.map +1 -1
- package/dist/logging.js +50 -31
- package/dist/logging.js.map +1 -1
- package/dist/{mock-ai-provider.d.ts → mock-agent-provider.d.ts} +10 -7
- package/dist/mock-agent-provider.d.ts.map +1 -0
- package/dist/{mock-ai-provider.js → mock-agent-provider.js} +15 -8
- package/dist/mock-agent-provider.js.map +1 -0
- package/dist/new-check.js +2 -2
- package/dist/new-check.js.map +1 -1
- package/dist/opencode-provider.d.ts +63 -0
- package/dist/opencode-provider.d.ts.map +1 -0
- package/dist/opencode-provider.js +614 -0
- package/dist/opencode-provider.js.map +1 -0
- package/dist/prompt-template.d.ts.map +1 -1
- package/dist/prompt-template.js +2 -1
- package/dist/prompt-template.js.map +1 -1
- package/dist/provider-registry.d.ts +6 -6
- package/dist/provider-registry.d.ts.map +1 -1
- package/dist/provider-registry.js +6 -4
- package/dist/provider-registry.js.map +1 -1
- package/dist/provider-utils.d.ts +52 -0
- package/dist/provider-utils.d.ts.map +1 -0
- package/dist/provider-utils.js +40 -0
- package/dist/provider-utils.js.map +1 -0
- package/dist/response-parser.d.ts +8 -6
- package/dist/response-parser.d.ts.map +1 -1
- package/dist/response-parser.js +8 -6
- package/dist/response-parser.js.map +1 -1
- package/dist/runtime-config.d.ts +4 -4
- package/dist/runtime-config.d.ts.map +1 -1
- package/dist/runtime-config.js +107 -8
- package/dist/runtime-config.js.map +1 -1
- package/dist/scan-history.d.ts +82 -0
- package/dist/scan-history.d.ts.map +1 -0
- package/dist/scan-history.js +127 -0
- package/dist/scan-history.js.map +1 -0
- package/dist/scan-runner.d.ts +67 -4
- package/dist/scan-runner.d.ts.map +1 -1
- package/dist/scan-runner.js +267 -51
- package/dist/scan-runner.js.map +1 -1
- package/dist/stats.d.ts +11 -0
- package/dist/stats.d.ts.map +1 -0
- package/dist/stats.js +197 -0
- package/dist/stats.js.map +1 -0
- package/dist/types.d.ts +74 -8
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +3 -3
- package/dist/types.js.map +1 -1
- package/package.json +6 -4
- package/dist/mock-ai-provider.d.ts.map +0 -1
- package/dist/mock-ai-provider.js.map +0 -1
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Scan history: persisted record of completed scans for cost dashboards
|
|
3
|
+
* and budget controls.
|
|
4
|
+
*
|
|
5
|
+
* Storage: `~/.aghast/history.json` by default (one file per user). When the
|
|
6
|
+
* home directory cannot be resolved, falls back to project-local
|
|
7
|
+
* `.aghast-history.json`. The path can be overridden in tests via the
|
|
8
|
+
* `AGHAST_HISTORY_FILE` env var or by passing `historyFile` to the helpers.
|
|
9
|
+
*
|
|
10
|
+
* Format: a single JSON document `{ "records": [...] }`. We keep this simple
|
|
11
|
+
* (no SQLite) so the file is human-readable and can be edited / pruned by
|
|
12
|
+
* hand. Corrupt files are logged and rebuilt to avoid blocking scans on a
|
|
13
|
+
* malformed history file.
|
|
14
|
+
*/
|
|
15
|
+
import { readFile, writeFile, mkdir } from 'node:fs/promises';
|
|
16
|
+
import { homedir } from 'node:os';
|
|
17
|
+
import { resolve, dirname } from 'node:path';
|
|
18
|
+
import { logProgress } from './logging.js';
|
|
19
|
+
const TAG = 'scan-history';
|
|
20
|
+
const DEFAULT_FILENAME = 'history.json';
|
|
21
|
+
const FALLBACK_FILENAME = '.aghast-history.json';
|
|
22
|
+
const SCHEMA_VERSION = 1;
|
|
23
|
+
/**
|
|
24
|
+
* Resolve the history file path.
|
|
25
|
+
*
|
|
26
|
+
* Precedence:
|
|
27
|
+
* 1. explicit `historyFile` argument
|
|
28
|
+
* 2. AGHAST_HISTORY_FILE env var
|
|
29
|
+
* 3. ~/.aghast/history.json when homedir is available
|
|
30
|
+
* 4. project-local `.aghast-history.json`
|
|
31
|
+
*/
|
|
32
|
+
export function resolveHistoryFilePath(historyFile) {
|
|
33
|
+
if (historyFile)
|
|
34
|
+
return resolve(historyFile);
|
|
35
|
+
const envOverride = process.env.AGHAST_HISTORY_FILE;
|
|
36
|
+
if (envOverride && envOverride.length > 0)
|
|
37
|
+
return resolve(envOverride);
|
|
38
|
+
let home;
|
|
39
|
+
try {
|
|
40
|
+
home = homedir();
|
|
41
|
+
}
|
|
42
|
+
catch {
|
|
43
|
+
home = undefined;
|
|
44
|
+
}
|
|
45
|
+
if (home && home.length > 0) {
|
|
46
|
+
return resolve(home, '.aghast', DEFAULT_FILENAME);
|
|
47
|
+
}
|
|
48
|
+
return resolve(process.cwd(), FALLBACK_FILENAME);
|
|
49
|
+
}
|
|
50
|
+
async function readHistoryFile(path) {
|
|
51
|
+
let content;
|
|
52
|
+
try {
|
|
53
|
+
content = await readFile(path, 'utf-8');
|
|
54
|
+
}
|
|
55
|
+
catch (err) {
|
|
56
|
+
if (err.code === 'ENOENT') {
|
|
57
|
+
return { version: SCHEMA_VERSION, records: [] };
|
|
58
|
+
}
|
|
59
|
+
throw err;
|
|
60
|
+
}
|
|
61
|
+
try {
|
|
62
|
+
const parsed = JSON.parse(content);
|
|
63
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
|
|
64
|
+
throw new Error('not an object');
|
|
65
|
+
}
|
|
66
|
+
const obj = parsed;
|
|
67
|
+
const records = Array.isArray(obj.records) ? obj.records : [];
|
|
68
|
+
const version = typeof obj.version === 'number' ? obj.version : SCHEMA_VERSION;
|
|
69
|
+
return { version, records };
|
|
70
|
+
}
|
|
71
|
+
catch (err) {
|
|
72
|
+
// Corrupt history: log and rebuild, never block a scan.
|
|
73
|
+
logProgress(TAG, `History file at ${path} is corrupt (${err instanceof Error ? err.message : String(err)}); rebuilding.`);
|
|
74
|
+
return { version: SCHEMA_VERSION, records: [] };
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
async function writeHistoryFile(path, file) {
|
|
78
|
+
await mkdir(dirname(path), { recursive: true });
|
|
79
|
+
await writeFile(path, JSON.stringify(file, null, 2) + '\n', 'utf-8');
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Append a record to the scan history, deduplicating by scanId.
|
|
83
|
+
* If a record with the same scanId already exists, it is replaced.
|
|
84
|
+
*/
|
|
85
|
+
export async function saveScanRecord(record, options = {}) {
|
|
86
|
+
const path = resolveHistoryFilePath(options.historyFile);
|
|
87
|
+
const file = await readHistoryFile(path);
|
|
88
|
+
const existingIdx = file.records.findIndex((r) => r.scanId === record.scanId);
|
|
89
|
+
if (existingIdx >= 0) {
|
|
90
|
+
file.records[existingIdx] = record;
|
|
91
|
+
}
|
|
92
|
+
else {
|
|
93
|
+
file.records.push(record);
|
|
94
|
+
}
|
|
95
|
+
await writeHistoryFile(path, file);
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Load all scan records, applying optional filters.
|
|
99
|
+
* Records are returned newest-first (descending startedAt).
|
|
100
|
+
*/
|
|
101
|
+
export async function queryScanHistory(filters = {}, options = {}) {
|
|
102
|
+
const path = resolveHistoryFilePath(options.historyFile);
|
|
103
|
+
const file = await readHistoryFile(path);
|
|
104
|
+
let out = file.records.slice();
|
|
105
|
+
if (filters.repository) {
|
|
106
|
+
const needle = filters.repository;
|
|
107
|
+
out = out.filter((r) => r.repository === needle ||
|
|
108
|
+
r.repositoryUrl === needle ||
|
|
109
|
+
r.repository.includes(needle) ||
|
|
110
|
+
(r.repositoryUrl ?? '').includes(needle));
|
|
111
|
+
}
|
|
112
|
+
if (filters.model) {
|
|
113
|
+
const needle = filters.model;
|
|
114
|
+
out = out.filter((r) => r.models.some((m) => m.includes(needle)));
|
|
115
|
+
}
|
|
116
|
+
if (filters.since) {
|
|
117
|
+
const since = filters.since;
|
|
118
|
+
out = out.filter((r) => r.startedAt >= since);
|
|
119
|
+
}
|
|
120
|
+
if (filters.until) {
|
|
121
|
+
const until = filters.until;
|
|
122
|
+
out = out.filter((r) => r.startedAt <= until);
|
|
123
|
+
}
|
|
124
|
+
out.sort((a, b) => (a.startedAt < b.startedAt ? 1 : a.startedAt > b.startedAt ? -1 : 0));
|
|
125
|
+
return out;
|
|
126
|
+
}
|
|
127
|
+
//# sourceMappingURL=scan-history.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan-history.js","sourceRoot":"","sources":["../src/scan-history.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,MAAM,GAAG,GAAG,cAAc,CAAC;AAC3B,MAAM,gBAAgB,GAAG,cAAc,CAAC;AACxC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AACjD,MAAM,cAAc,GAAG,CAAC,CAAC;AAmDzB;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,WAAoB;IACzD,IAAI,WAAW;QAAE,OAAO,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACpD,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC,WAAW,CAAC,CAAC;IACvE,IAAI,IAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,GAAG,OAAO,EAAE,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,GAAG,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAClD,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAY,CAAC;QAC9C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAE,GAAG,CAAC,OAAwB,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,MAAM,OAAO,GAAG,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;QAC/E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,wDAAwD;QACxD,WAAW,CAAC,GAAG,EAAE,mBAAmB,IAAI,gBAAgB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC1H,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAClD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,IAAY,EAAE,IAAiB;IAC7D,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAkB,EAAE,UAAoC,EAAE;IAC7F,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9E,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,MAAM,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,gBAAgB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAA0B,EAAE,EAC5B,UAAoC,EAAE;IAEtC,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IAE/B,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;QAClC,GAAG,GAAG,GAAG,CAAC,MAAM,CACd,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,UAAU,KAAK,MAAM;YACvB,CAAC,CAAC,aAAa,KAAK,MAAM;YAC1B,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC7B,CAAC,CAAC,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC3C,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAC7B,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;IAChD,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,OAAO,GAAG,CAAC;AACb,CAAC"}
|
package/dist/scan-runner.d.ts
CHANGED
|
@@ -3,27 +3,90 @@
|
|
|
3
3
|
* Runs security checks against a repository and produces ScanResults.
|
|
4
4
|
* Implements the core workflow from spec Section 2.2.
|
|
5
5
|
*/
|
|
6
|
-
import { type
|
|
6
|
+
import { type AgentProvider, type RepositoryInfo, type CheckDetails, type SecurityCheck, type ScanResults, type TokenUsage } from './types.js';
|
|
7
|
+
import { type PricingConfig, type CostBreakdown } from './cost-calculator.js';
|
|
8
|
+
import { type BudgetLimits } from './budget.js';
|
|
9
|
+
import type { ScanRecord } from './scan-history.js';
|
|
10
|
+
/**
|
|
11
|
+
* Sum multiple TokenUsage values into one aggregate.
|
|
12
|
+
* Returns undefined if no inputs have token usage.
|
|
13
|
+
*
|
|
14
|
+
* reportedCost is aggregated only when every contributing call has it — a
|
|
15
|
+
* single missing cost means we cannot produce an accurate total, so we fall
|
|
16
|
+
* back to undefined (which triggers rate-based estimation later).
|
|
17
|
+
*/
|
|
18
|
+
export declare function sumTokenUsage(usages: (TokenUsage | undefined)[]): TokenUsage | undefined;
|
|
7
19
|
export interface MultiScanOptions {
|
|
8
20
|
repositoryPath: string;
|
|
9
21
|
checks: Array<{
|
|
10
22
|
check: SecurityCheck;
|
|
11
23
|
details: CheckDetails;
|
|
12
24
|
}>;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
25
|
+
agentProvider?: AgentProvider;
|
|
26
|
+
modelName?: string;
|
|
27
|
+
agentProviderName?: string;
|
|
16
28
|
concurrency?: number;
|
|
17
29
|
repositoryInfo?: RepositoryInfo;
|
|
18
30
|
configDir?: string;
|
|
19
31
|
genericPrompt?: string;
|
|
32
|
+
/** Pricing config for cost calculations. */
|
|
33
|
+
pricing?: PricingConfig;
|
|
34
|
+
/** Optional budget limits enforced before each AI call. */
|
|
35
|
+
budgetLimits?: BudgetLimits;
|
|
36
|
+
/** Pre-loaded scan history (for period budget checks). */
|
|
37
|
+
scanHistory?: ScanRecord[];
|
|
38
|
+
/** true when AGHAST_LOCAL_CLAUDE=true — triggers budget warning if limits are also set */
|
|
39
|
+
isLocalClaude?: boolean;
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Tracks accumulated tokens/cost across a scan so the budget can be evaluated
|
|
43
|
+
* before each AI call. Mutated in place by AI invocations.
|
|
44
|
+
*/
|
|
45
|
+
export interface ScanCostTracker {
|
|
46
|
+
pricing?: PricingConfig;
|
|
47
|
+
budgetLimits?: BudgetLimits;
|
|
48
|
+
scanHistory?: ScanRecord[];
|
|
49
|
+
totalTokens: number;
|
|
50
|
+
totalCostUsd: number;
|
|
51
|
+
/** Cost source from the last recorded AI call. Used for banner labelling. */
|
|
52
|
+
lastCostSource?: CostBreakdown['source'];
|
|
53
|
+
lastCostReportedBy?: CostBreakdown['reportedBy'];
|
|
54
|
+
lastCostCoveredBySubscription?: boolean;
|
|
55
|
+
/** Set true after the first warn so we don't log it repeatedly. */
|
|
56
|
+
warned: boolean;
|
|
57
|
+
/** Most recent budget action returned to the runner. */
|
|
58
|
+
lastAction: 'continue' | 'warn' | 'abort';
|
|
59
|
+
/** Reason from the most recent non-continue check. */
|
|
60
|
+
lastReason?: string;
|
|
20
61
|
}
|
|
21
62
|
/**
|
|
22
63
|
* Generate a scanId in the format: scan-<timestamp>-<hash>
|
|
23
64
|
*/
|
|
24
65
|
export declare function generateScanId(): string;
|
|
66
|
+
/** Aggregated ScanResults plus computed cost summary. */
|
|
67
|
+
export interface MultiScanOutcome {
|
|
68
|
+
results: ScanResults;
|
|
69
|
+
totalCostUsd: number;
|
|
70
|
+
currency: string;
|
|
71
|
+
models: string[];
|
|
72
|
+
/** How the cost was determined (for banner/stats labelling). */
|
|
73
|
+
costSource?: CostBreakdown['source'];
|
|
74
|
+
/** Which provider reported the cost when costSource === 'reported'. */
|
|
75
|
+
costReportedBy?: CostBreakdown['reportedBy'];
|
|
76
|
+
/** true when AGHAST_LOCAL_CLAUDE=true — amount is API-equivalent, not billed */
|
|
77
|
+
costCoveredBySubscription?: boolean;
|
|
78
|
+
/** True when the scan was halted by a budget abort. */
|
|
79
|
+
budgetAborted?: boolean;
|
|
80
|
+
/** Reason from the budget abort, when budgetAborted is true. */
|
|
81
|
+
budgetAbortReason?: string;
|
|
82
|
+
}
|
|
25
83
|
/**
|
|
26
84
|
* Run multiple security checks and return aggregated ScanResults.
|
|
27
85
|
*/
|
|
28
86
|
export declare function runMultiScan(options: MultiScanOptions): Promise<ScanResults>;
|
|
87
|
+
/**
|
|
88
|
+
* Same as runMultiScan but also returns the computed cost summary.
|
|
89
|
+
* Used by the CLI to record scan history.
|
|
90
|
+
*/
|
|
91
|
+
export declare function runMultiScanWithCost(options: MultiScanOptions): Promise<MultiScanOutcome>;
|
|
29
92
|
//# sourceMappingURL=scan-runner.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-runner.d.ts","sourceRoot":"","sources":["../src/scan-runner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"scan-runner.d.ts","sourceRoot":"","sources":["../src/scan-runner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAkBH,OAAO,EAGL,KAAK,aAAa,EAClB,KAAK,cAAc,EAInB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,WAAW,EAEhB,KAAK,UAAU,EAChB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAiB,KAAK,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC7F,OAAO,EAAoC,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAcpD;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,CAAC,UAAU,GAAG,SAAS,CAAC,EAAE,GAAG,UAAU,GAAG,SAAS,CA0BxF;AAiED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,aAAa,CAAC;QAAC,OAAO,EAAE,YAAY,CAAA;KAAE,CAAC,CAAC;IAC/D,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,0DAA0D;IAC1D,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,0FAA0F;IAC1F,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;IACzC,kBAAkB,CAAC,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACjD,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,mEAAmE;IACnE,MAAM,EAAE,OAAO,CAAC;IAChB,wDAAwD;IACxD,UAAU,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IAC1C,sDAAsD;IACtD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AA0DD;;GAEG;AACH,wBAAgB,cAAc,IAAI,MAAM,CAKvC;AAwnBD,yDAAyD;AACzD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,WAAW,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,gEAAgE;IAChE,UAAU,CAAC,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;IACrC,uEAAuE;IACvE,cAAc,CAAC,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAC7C,gFAAgF;IAChF,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,uDAAuD;IACvD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,CAGlF;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAsL/F"}
|