@chain305/x-security 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -10,16 +10,16 @@ npx @chain305/x-security --help
10
10
 
11
11
  | Command | What it does |
12
12
  | --- | --- |
13
- | `xsecurity generate <spec> --target <t>` | Compile an annotated OpenAPI spec into gateway config (`kong`, `coraza`, `bunkerweb`, `openappsec`, `firewall`, `envoy`) |
14
- | `xsecurity validate <spec> --target kong --gateway <url\|file>` | Detect drift between the spec and a running/exported gateway config |
15
- | `xsecurity test <spec> --target <t>` | Closed-loop test: generate config, spin up Docker, send traffic, assert |
16
- | `xsecurity verify <spec> --target <t> --gateway <addr>` | Read-only post-deploy check that the gateway loaded the emitted artifacts |
17
- | `xsecurity report <spec>` | OWASP API Top 10 coverage and annotation reports |
18
- | `xsecurity diff <old> <new> --target <t>` | Diff the generated config for two spec versions |
19
- | `xsecurity init <spec>` | Add empty `x-security` blocks to operations missing them |
20
- | `xsecurity migrate <spec> --from 0.4 --to 0.5` | Rewrite a spec between schema versions |
21
-
22
- Run `xsecurity <command> --help` for full flags.
13
+ | `x-security generate <spec> --target <t>` | Compile an annotated OpenAPI spec into gateway config (`kong`, `coraza`, `bunkerweb`, `openappsec`, `firewall`, `envoy`) |
14
+ | `x-security validate <spec> --target kong --gateway <url\|file>` | Detect drift between the spec and a running/exported gateway config |
15
+ | `x-security test <spec> --target <t>` | Closed-loop test: generate config, spin up Docker, send traffic, assert |
16
+ | `x-security verify <spec> --target <t> --gateway <addr>` | Read-only post-deploy check that the gateway loaded the emitted artifacts |
17
+ | `x-security report <spec>` | OWASP API Top 10 coverage and annotation reports |
18
+ | `x-security diff <old> <new> --target <t>` | Diff the generated config for two spec versions |
19
+ | `x-security init <spec>` | Add empty `x-security` blocks to operations missing them |
20
+ | `x-security migrate <spec> --from 0.4 --to 0.5` | Rewrite a spec between schema versions |
21
+
22
+ Run `x-security <command> --help` for full flags.
23
23
 
24
24
  ## Requirements
25
25
 
@@ -30810,26 +30810,26 @@ var init_dist3 = __esm({
30810
30810
  });
30811
30811
 
30812
30812
  // ../core/dist/errors.js
30813
- var WritError, SchemaValidationError, UnresolvedVariableError, UnsupportedDialectError, STRICT_EXIT_CODES, StrictnessViolation;
30813
+ var XSecurityError, SchemaValidationError, UnresolvedVariableError, UnsupportedDialectError, STRICT_EXIT_CODES, StrictnessViolation;
30814
30814
  var init_errors2 = __esm({
30815
30815
  "../core/dist/errors.js"() {
30816
30816
  "use strict";
30817
- WritError = class extends Error {
30817
+ XSecurityError = class extends Error {
30818
30818
  code;
30819
30819
  details;
30820
30820
  constructor(message, code, details) {
30821
30821
  super(message);
30822
30822
  this.code = code;
30823
30823
  this.details = details;
30824
- this.name = "WritError";
30824
+ this.name = "XSecurityError";
30825
30825
  }
30826
30826
  };
30827
- SchemaValidationError = class extends WritError {
30827
+ SchemaValidationError = class extends XSecurityError {
30828
30828
  constructor(message, details) {
30829
30829
  super(message, "SCHEMA_VALIDATION", details);
30830
30830
  }
30831
30831
  };
30832
- UnresolvedVariableError = class _UnresolvedVariableError extends WritError {
30832
+ UnresolvedVariableError = class _UnresolvedVariableError extends XSecurityError {
30833
30833
  variables;
30834
30834
  paths;
30835
30835
  constructor(variables, paths = {}) {
@@ -30858,7 +30858,7 @@ var init_errors2 = __esm({
30858
30858
  return lines.join("\n");
30859
30859
  }
30860
30860
  };
30861
- UnsupportedDialectError = class extends WritError {
30861
+ UnsupportedDialectError = class extends XSecurityError {
30862
30862
  constructor(version) {
30863
30863
  super(`Unsupported OpenAPI version: ${version}`, "UNSUPPORTED_DIALECT");
30864
30864
  }
@@ -30869,7 +30869,7 @@ var init_errors2 = __esm({
30869
30869
  S3: 4,
30870
30870
  S4: 5
30871
30871
  };
30872
- StrictnessViolation = class extends WritError {
30872
+ StrictnessViolation = class extends XSecurityError {
30873
30873
  gate;
30874
30874
  constructor(gate, message, details) {
30875
30875
  super(message, `STRICT_${gate}`, details);
@@ -62062,7 +62062,7 @@ ${plan.yaml}`,
62062
62062
  endpoint: "(gateway)",
62063
62063
  rule: "load-coverage",
62064
62064
  verdict: "FAIL",
62065
- message: "x-security-emitted artifacts are not loaded by the gateway (xsecurity verify reported <90%). Aborting traffic phase \u2014 the results would be unattributable.",
62065
+ message: "x-security-emitted artifacts are not loaded by the gateway (x-security verify reported <90%). Aborting traffic phase \u2014 the results would be unattributable.",
62066
62066
  durationMs: 0
62067
62067
  });
62068
62068
  } else {
@@ -72137,7 +72137,7 @@ import { execFile } from "node:child_process";
72137
72137
  import { promisify } from "node:util";
72138
72138
  import yaml15 from "js-yaml";
72139
72139
  function resolveApiUrl(env2) {
72140
- const override = (env2.X_SECURITY_API_URL ?? env2.X_SECURITY_API_URL)?.trim();
72140
+ const override = env2.X_SECURITY_API_URL?.trim();
72141
72141
  if (!override) return DEFAULT_API_URL2;
72142
72142
  let parsed;
72143
72143
  try {
@@ -72162,7 +72162,7 @@ function resolveApiUrl(env2) {
72162
72162
  return override.replace(/\/+$/, "");
72163
72163
  }
72164
72164
  function resolveToken(env2) {
72165
- const token = (env2.X_SECURITY_API_TOKEN ?? env2.X_SECURITY_API_TOKEN)?.trim();
72165
+ const token = env2.X_SECURITY_API_TOKEN?.trim();
72166
72166
  if (!token) {
72167
72167
  throw new PushError(
72168
72168
  "X_SECURITY_API_TOKEN is not set. Export your x-security API key (X_SECURITY_API_TOKEN=...) \u2014 push reads it from the environment only, never from a flag."
@@ -73908,8 +73908,8 @@ function registerUpdateCheck(program2) {
73908
73908
  }
73909
73909
  });
73910
73910
  program2.hook("postAction", async () => {
73911
- if (!truthyEnv(process.env.XSECURITY_UPDATE_CHECK)) return;
73912
- if (truthyEnv(process.env.NO_UPDATE_NOTIFIER) || truthyEnv(process.env.XSECURITY_NO_UPDATE_CHECK)) return;
73911
+ if (!truthyEnv(process.env.X_SECURITY_UPDATE_CHECK)) return;
73912
+ if (truthyEnv(process.env.NO_UPDATE_NOTIFIER) || truthyEnv(process.env.X_SECURITY_NO_UPDATE_CHECK)) return;
73913
73913
  try {
73914
73914
  const { name, version } = resolvePackageMeta();
73915
73915
  const latest = await fetchLatestVersion(name);
@@ -73959,20 +73959,20 @@ function firstExisting(candidates) {
73959
73959
  }
73960
73960
  function loadConfig2(cwd = process.cwd(), home = os3.homedir()) {
73961
73961
  const homeFile = firstExisting([
73962
- path28.join(home, ".config", "xsecurity", "config.yaml"),
73963
- path28.join(home, ".config", "xsecurity", "config.yml"),
73964
- path28.join(home, ".config", "xsecurity", "config.json")
73962
+ path28.join(home, ".config", "x-security", "config.yaml"),
73963
+ path28.join(home, ".config", "x-security", "config.yml"),
73964
+ path28.join(home, ".config", "x-security", "config.json")
73965
73965
  ]);
73966
73966
  const projectFile = firstExisting([
73967
- path28.join(cwd, ".xsecurityrc.yaml"),
73968
- path28.join(cwd, ".xsecurityrc.yml"),
73969
- path28.join(cwd, ".xsecurityrc.json"),
73970
- path28.join(cwd, ".xsecurityrc")
73967
+ path28.join(cwd, ".x-securityrc.yaml"),
73968
+ path28.join(cwd, ".x-securityrc.yml"),
73969
+ path28.join(cwd, ".x-securityrc.json"),
73970
+ path28.join(cwd, ".x-securityrc")
73971
73971
  ]);
73972
73972
  let merged = {};
73973
73973
  if (homeFile) merged = { ...merged, ...readConfigFile(homeFile) };
73974
73974
  if (projectFile) merged = { ...merged, ...readConfigFile(projectFile) };
73975
- const envPath = process.env.XSECURITY_CONFIG;
73975
+ const envPath = process.env.X_SECURITY_CONFIG;
73976
73976
  if (envPath) merged = { ...merged, ...readConfigFile(envPath) };
73977
73977
  return merged;
73978
73978
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@chain305/x-security",
3
- "version": "0.4.0",
3
+ "version": "0.4.2",
4
4
  "description": "x-security CLI — generate/validate/test/report/diff/init against multiple gateway targets",
5
5
  "license": "Apache-2.0",
6
6
  "homepage": "https://usewaf.com",