npm - @dcyfr/ai - Versions diffs - 2.1.3 → 3.0.0 - Mend

@dcyfr/ai 2.1.3 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (468) hide show

package/dist/ai/src/plugins/runtime/wasm-plugin-runner.js ADDED Viewed

@@ -0,0 +1,307 @@
+/**
+ * WebAssembly Plugin Runner
+ *
+ * Executes plugins compiled to WebAssembly using WASI (WebAssembly System Interface).
+ * Provides near-native performance with configurable linear memory limits,
+ * filesystem preopening, and environment variable injection.
+ *
+ * Specification: Plugin Runtime Isolation Specification (plugin-runtime-isolation)
+ *
+ * @module plugins/runtime/wasm-plugin-runner
+ * @version 1.0.0
+ * @date 2026-03-01
+ * @license MIT
+ */
+import { WASI } from 'node:wasi';
+import { readFile } from 'node:fs/promises';
+import { performance } from 'node:perf_hooks';
+// ---------------------------------------------------------------------------
+// Memory limit parsing
+// ---------------------------------------------------------------------------
+const MEMORY_REGEX = /^(\d+(?:\.\d+)?)\s*(kb?|mb?|gb?)/i;
+/**
+ * Convert memory string to WASM linear memory pages (64KB per page)
+ * Examples: "16MB" → 256 pages, "64MB" → 1024 pages
+ */
+function memoryToPages(memoryStr) {
+    const match = MEMORY_REGEX.exec(memoryStr.trim());
+    if (!match) {
+        throw new Error(`Invalid memory value: "${memoryStr}". Expected format: "16MB", "64MB"`);
+    }
+    const amount = Number.parseFloat(match[1] ?? '16');
+    const unit = (match[2] ?? 'mb')[0].toLowerCase();
+    let bytes = 0;
+    switch (unit) {
+        case 'k':
+            bytes = amount * 1024;
+            break;
+        case 'm':
+            bytes = amount * 1024 * 1024;
+            break;
+        case 'g':
+            bytes = amount * 1024 * 1024 * 1024;
+            break;
+        default: bytes = amount * 1024 * 1024; // default MB
+    }
+    // WASM pages are 64KB (65536 bytes)
+    const pages = Math.ceil(bytes / 65536);
+    return pages;
+}
+// ---------------------------------------------------------------------------
+// Duration parsing
+// ---------------------------------------------------------------------------
+const DURATION_REGEX = /^(\d+(?:\.\d+)?)(ms|s|m|h)$/i;
+/**
+ * Parse a human-readable duration string to milliseconds.
+ * Supports: "30s", "5m", "1h", "500ms"
+ */
+function parseDurationMs(value) {
+    const match = DURATION_REGEX.exec(value.trim());
+    if (!match) {
+        throw new Error(`Invalid duration: "${value}". Expected format: "5m", "30s", "1h", "500ms"`);
+    }
+    const amount = Number.parseFloat(match[1] ?? '0');
+    const unit = (match[2] ?? 's').toLowerCase();
+    switch (unit) {
+        case 'ms': return Math.ceil(amount);
+        case 's': return Math.ceil(amount * 1_000);
+        case 'm': return Math.ceil(amount * 60_000);
+        case 'h': return Math.ceil(amount * 3_600_000);
+        default: return Math.ceil(amount * 1_000);
+    }
+}
+function isWasiArgumentCompatibilityError(err) {
+    if (!(err instanceof Error))
+        return false;
+    const message = err.message.toLowerCase();
+    return ('code' in err &&
+        err.code === 'ERR_INVALID_ARG_TYPE' &&
+        (message.includes('memory') || message.includes('instance')));
+}
+// ---------------------------------------------------------------------------
+// WebAssembly Plugin Runner
+// ---------------------------------------------------------------------------
+/**
+ * WebAssembly Plugin Runner
+ *
+ * Executes plugins compiled to WebAssembly with WASI support.
+ * Provides:
+ * - Linear memory limits (configurable initial/max pages)
+ * - Filesystem access control via preopens
+ * - Environment variable injection
+ * - Execution time limits with timeout
+ * - Isolated execution (no network access by default)
+ *
+ * Performance Target: <5% overhead vs native execution
+ */
+export class WasmPluginRunner {
+    /** Check if WebAssembly support is available in the current Node.js version */
+    static async probe() {
+        try {
+            // Check if WASI is available
+            if (typeof WASI === 'undefined') {
+                return {
+                    available: false,
+                    error: 'WASI not available. Node.js 18+ required.',
+                };
+            }
+            // Check if WebAssembly is available
+            if (typeof WebAssembly === 'undefined') {
+                return {
+                    available: false,
+                    error: 'WebAssembly not available in this environment.',
+                };
+            }
+            // Verify we can create a WASI instance
+            const testWasi = new WASI({
+                version: 'preview1',
+                args: [],
+                env: {},
+            });
+            if (!testWasi) {
+                throw new Error('WASI initialization failed');
+            }
+            return {
+                available: true,
+                version: `Node.js ${process.version} with WASI preview1`,
+            };
+        }
+        catch (err) {
+            return {
+                available: false,
+                error: err instanceof Error ? err.message : String(err),
+            };
+        }
+    }
+    /**
+     * Load and compile a WebAssembly module from disk
+     *
+     * @param config - WASM execution configuration
+     * @returns Compiled module instance with WASI
+     */
+    static async loadModule(config) {
+        // Read WASM file
+        const wasmBuffer = await readFile(config.wasmPath);
+        // Configure WASI with preopens and env
+        const wasi = new WASI({
+            version: 'preview1',
+            args: config.args ?? [],
+            env: config.env ?? {},
+            preopens: config.preopens ?? {},
+            returnOnExit: true, // Return instead of process.exit()
+        });
+        // Compile the module
+        const module = await WebAssembly.compile(wasmBuffer);
+        // Calculate memory limits
+        const initialPages = config.initialMemoryPages ??
+            memoryToPages(config.resourceLimits?.maxMemory ?? '16MB');
+        const maxPages = config.maxMemoryPages ??
+            memoryToPages(config.resourceLimits?.maxMemory ?? '64MB');
+        // Create linear memory with limits
+        const memory = new WebAssembly.Memory({
+            initial: initialPages,
+            maximum: maxPages,
+            shared: false,
+        });
+        // Instantiate with WASI imports and memory
+        const instance = await WebAssembly.instantiate(module, {
+            wasi_snapshot_preview1: wasi.wasiImport,
+            env: { memory },
+        });
+        return { module, instance, wasi };
+    }
+    /**
+     * Execute a WebAssembly plugin with resource limits and timeout
+     *
+     * @param config - WASM execution configuration
+     * @returns Execution result with stdout, stderr, exit code, and timing
+     */
+    static async run(config) {
+        const startTime = performance.now();
+        let timedOut = false;
+        let exitCode = null;
+        const stdoutChunks = [];
+        const stderrChunks = [];
+        try {
+            // Load and compile module
+            const { instance, wasi } = await this.loadModule(config);
+            // Parse execution time limit
+            const timeoutMs = parseDurationMs(config.resourceLimits?.maxExecutionTime ?? '5m');
+            // Create timeout promise
+            const timeoutPromise = new Promise((_, reject) => {
+                setTimeout(() => {
+                    timedOut = true;
+                    reject(new Error('Execution time limit exceeded'));
+                }, timeoutMs);
+            });
+            // Capture WASI stdout/stderr
+            // Note: WASI writes to process.stdout/stderr by default
+            // For full capture, we'd need to override fd_write in imports
+            // For now, we'll use the return code from WASI.start()
+            // Execute the WASM module with timeout
+            const executionPromise = new Promise((resolve, reject) => {
+                try {
+                    // Prefer WASI command execution path (supports proc_exit and
+                    // full command-module semantics).
+                    const result = wasi.start(instance);
+                    exitCode = typeof result === 'number' ? result : 0;
+                    resolve(exitCode);
+                }
+                catch (err) {
+                    // Handle WASI exit errors only when numeric exit code is present.
+                    if (err &&
+                        typeof err === 'object' &&
+                        'code' in err &&
+                        typeof err.code === 'number') {
+                        exitCode = err.code;
+                        resolve(exitCode);
+                    }
+                    else if (isWasiArgumentCompatibilityError(err)) {
+                        // Some Node.js versions throw when wasi.start() is used with
+                        // modules that don't expose linear memory. Fallback to direct
+                        // _start invocation for those compatibility cases.
+                        try {
+                            const startExport = instance.exports._start;
+                            if (typeof startExport !== 'function') {
+                                reject(new Error('WASM module does not export a callable _start function'));
+                                return;
+                            }
+                            const fallbackResult = startExport();
+                            exitCode = typeof fallbackResult === 'number' ? fallbackResult : 0;
+                            resolve(exitCode);
+                        }
+                        catch (fallbackErr) {
+                            if (fallbackErr &&
+                                typeof fallbackErr === 'object' &&
+                                'code' in fallbackErr &&
+                                typeof fallbackErr.code === 'number') {
+                                exitCode = fallbackErr.code;
+                                resolve(exitCode);
+                            }
+                            else {
+                                reject(fallbackErr);
+                            }
+                        }
+                    }
+                    else {
+                        // Real runtime error (not a clean WASI exit)
+                        reject(err);
+                    }
+                }
+            });
+            // Race between execution and timeout
+            exitCode = await Promise.race([executionPromise, timeoutPromise]);
+        }
+        catch (err) {
+            // Execution failed or timed out
+            if (timedOut) {
+                exitCode = null; // Killed by timeout
+                stderrChunks.push('Error: Execution time limit exceeded\n');
+            }
+            else {
+                exitCode = 1;
+                stderrChunks.push(`Error: ${err instanceof Error ? err.message : String(err)}\n`);
+            }
+        }
+        const endTime = performance.now();
+        const executionTimeMs = Math.ceil(endTime - startTime);
+        return {
+            exitCode,
+            stdout: stdoutChunks.join(''),
+            stderr: stderrChunks.join(''),
+            timedOut,
+            containerName: `wasm-${Date.now()}`, // Not a real container, but kept for API consistency
+            executionTimeMs,
+        };
+    }
+    /**
+     * Create a WASM execution config from a standard SandboxConfig
+     *
+     * This adapter allows using WasmPluginRunner with the same config
+     * interface as DockerPluginRunner.
+     *
+     * @param config - Standard sandbox config
+     * @param wasmPath - Path to the compiled .wasm file
+     * @returns WASM-specific execution config
+     */
+    static fromSandboxConfig(config, wasmPath) {
+        return {
+            wasmPath,
+            env: config.env,
+            resourceLimits: config.resourceLimits,
+            preopens: config.writableMounts?.reduce((acc, mount) => {
+                // Parse "host:container" format into preopens
+                const [host, container] = mount.split(':');
+                if (host && container) {
+                    acc[container] = host;
+                }
+                return acc;
+            }, {}) ?? {},
+            args: config.command, // Use command array as WASM args
+            // WASM-specific settings
+            initialMemoryPages: undefined, // Will use maxMemory from resourceLimits
+            maxMemoryPages: undefined, // Will use maxMemory from resourceLimits
+        };
+    }
+}
+//# sourceMappingURL=wasm-plugin-runner.js.map

package/dist/ai/src/plugins/runtime/wasm-plugin-runner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wasm-plugin-runner.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/wasm-plugin-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAgCH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAqC9C,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,YAAY,GAAG,mCAAmC,CAAC;AAEzD;;;GAGG;AACH,SAAS,aAAa,CAAC,SAAiB;IACtC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,oCAAoC,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAEjD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG;YAAE,KAAK,GAAG,MAAM,GAAG,IAAI,CAAC;YAAC,MAAM;QACvC,KAAK,GAAG;YAAE,KAAK,GAAG,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC;YAAC,MAAM;QAC9C,KAAK,GAAG;YAAE,KAAK,GAAG,MAAM,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;YAAC,MAAM;QACrD,OAAO,CAAC,CAAC,KAAK,GAAG,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,aAAa;IACtD,CAAC;IAED,oCAAoC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,cAAc,GAAG,8BAA8B,CAAC;AAEtD;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,gDAAgD,CAAC,CAAC;IAC/F,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,KAAK,GAAG,CAAC,CAAE,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC;QAC5C,KAAK,GAAG,CAAC,CAAE,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;QAC7C,KAAK,GAAG,CAAC,CAAE,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;QAChD,OAAO,CAAC,CAAG,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CAAC,GAAY;IACpD,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE1C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IAC1C,OAAO,CACL,MAAM,IAAI,GAAG;QACZ,GAA0B,CAAC,IAAI,KAAK,sBAAsB;QAC3D,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAC7D,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,gBAAgB;IAC3B,+EAA+E;IAC/E,MAAM,CAAC,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;gBAChC,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,2CAA2C;iBACnD,CAAC;YACJ,CAAC;YAED,oCAAoC;YACpC,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;gBACvC,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,gDAAgD;iBACxD,CAAC;YACJ,CAAC;YAED,uCAAuC;YACvC,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC;gBACxB,OAAO,EAAE,UAAU;gBACnB,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,EAAE;aACR,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,WAAW,OAAO,CAAC,OAAO,qBAAqB;aACzD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,MAA2B;QACzD,iBAAiB;QACjB,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEnD,uCAAuC;QACvC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC;YACpB,OAAO,EAAE,UAAU;YACnB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;YACvB,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,YAAY,EAAE,IAAI,EAAE,mCAAmC;SACxD,CAAC,CAAC;QAEH,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAErD,0BAA0B;QAC1B,MAAM,YAAY,GAAG,MAAM,CAAC,kBAAkB;YAC5C,aAAa,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,IAAI,MAAM,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc;YACpC,aAAa,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,IAAI,MAAM,CAAC,CAAC;QAE5D,mCAAmC;QACnC,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC;YACpC,OAAO,EAAE,YAAY;YACrB,OAAO,EAAE,QAAQ;YACjB,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,MAAM,EAAE;YACrD,sBAAsB,EAAE,IAAI,CAAC,UAAU;YACvC,GAAG,EAAE,EAAE,MAAM,EAAE;SAChB,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACpC,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAA2B;QAC1C,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACpC,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,QAAQ,GAAkB,IAAI,CAAC;QACnC,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAC;QAElC,IAAI,CAAC;YACH,0BAA0B;YAC1B,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAEzD,6BAA6B;YAC7B,MAAM,SAAS,GAAG,eAAe,CAC/B,MAAM,CAAC,cAAc,EAAE,gBAAgB,IAAI,IAAI,CAChD,CAAC;YAEF,yBAAyB;YACzB,MAAM,cAAc,GAAG,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;gBACtD,UAAU,CAAC,GAAG,EAAE;oBACd,QAAQ,GAAG,IAAI,CAAC;oBAChB,MAAM,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC;gBACrD,CAAC,EAAE,SAAS,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,6BAA6B;YAC7B,wDAAwD;YACxD,8DAA8D;YAC9D,uDAAuD;YAEvD,uCAAuC;YACvC,MAAM,gBAAgB,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC/D,IAAI,CAAC;oBACH,6DAA6D;oBAC7D,kCAAkC;oBAClC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACpC,QAAQ,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;oBACnD,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACpB,CAAC;gBAAC,OAAO,GAAY,EAAE,CAAC;oBACtB,kEAAkE;oBAClE,IACE,GAAG;wBACH,OAAO,GAAG,KAAK,QAAQ;wBACvB,MAAM,IAAI,GAAG;wBACb,OAAQ,GAA0B,CAAC,IAAI,KAAK,QAAQ,EACpD,CAAC;wBACD,QAAQ,GAAI,GAAwB,CAAC,IAAI,CAAC;wBAC1C,OAAO,CAAC,QAAQ,CAAC,CAAC;oBACpB,CAAC;yBAAM,IAAI,gCAAgC,CAAC,GAAG,CAAC,EAAE,CAAC;wBACjD,6DAA6D;wBAC7D,8DAA8D;wBAC9D,mDAAmD;wBACnD,IAAI,CAAC;4BACH,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;4BAC5C,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE,CAAC;gCACtC,MAAM,CAAC,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC,CAAC;gCAC5E,OAAO;4BACT,CAAC;4BAED,MAAM,cAAc,GAAI,WAA6B,EAAE,CAAC;4BACxD,QAAQ,GAAG,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;4BACnE,OAAO,CAAC,QAAQ,CAAC,CAAC;wBACpB,CAAC;wBAAC,OAAO,WAAoB,EAAE,CAAC;4BAC9B,IACE,WAAW;gCACX,OAAO,WAAW,KAAK,QAAQ;gCAC/B,MAAM,IAAI,WAAW;gCACrB,OAAQ,WAAkC,CAAC,IAAI,KAAK,QAAQ,EAC5D,CAAC;gCACD,QAAQ,GAAI,WAAgC,CAAC,IAAI,CAAC;gCAClD,OAAO,CAAC,QAAQ,CAAC,CAAC;4BACpB,CAAC;iCAAM,CAAC;gCACN,MAAM,CAAC,WAAW,CAAC,CAAC;4BACtB,CAAC;wBACH,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,6CAA6C;wBAC7C,MAAM,CAAC,GAAG,CAAC,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,qCAAqC;YACrC,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC;QAEpE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,gCAAgC;YAChC,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,GAAG,IAAI,CAAC,CAAC,oBAAoB;gBACrC,YAAY,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;YAC9D,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,CAAC,CAAC;gBACb,YAAY,CAAC,IAAI,CAAC,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAClC,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC;QAEvD,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,QAAQ;YACR,aAAa,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,qDAAqD;YAC1F,eAAe;SAChB,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,iBAAiB,CACtB,MAAqB,EACrB,QAAgB;QAEhB,OAAO;YACL,QAAQ;YACR,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBACrD,8CAA8C;gBAC9C,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3C,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;oBACtB,GAAG,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;gBACxB,CAAC;gBACD,OAAO,GAAG,CAAC;YACb,CAAC,EAAE,EAA4B,CAAC,IAAI,EAAE;YACtC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,iCAAiC;YACvD,yBAAyB;YACzB,kBAAkB,EAAE,SAAS,EAAE,yCAAyC;YACxE,cAAc,EAAE,SAAS,EAAE,yCAAyC;SACrE,CAAC;IACJ,CAAC;CACF"}

package/dist/ai/src/plugins/security/index.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Plugin Security Module
+ *
+ * Enterprise-grade multi-layer security scanning pipeline for the DCYFR
+ * plugin marketplace.
+ *
+ * @module plugins/security
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+export { scanPlugin } from './plugin-security-scanner.js';
+export type { ScanContext } from './plugin-security-scanner.js';
+export { generateSBOM } from './sbom-generator.js';
+export { scanVulnerabilities } from './vulnerability-scanner.js';
+export { detectSecrets } from './secret-detector.js';
+export { fetchCodeQuality } from './sonarcloud-client.js';
+export { scanMalware } from './malware-scanner.js';
+export { verifySignature } from './signature-verifier.js';
+export { checkLicenses, APPROVED_LICENSES, INCOMPATIBLE_LICENSES } from './license-checker.js';
+export { calculateTrustScore } from './trust-score.js';
+export type { TrustScoreInput, MaintenanceInput, CommunityInput } from './trust-score.js';
+export type { SBOMComponent, SBOMResult, Severity, VulnerabilityFinding, VulnerabilityCounts, VulnerabilityScanResult, SecretLocation, SecretDetectionResult, CodeQualityMetrics, CodeQualityResult, MalwareSignature, MalwareScanResult, SignatureVerificationResult, LicenseComplianceResult, TrustScoreDimensions, TrustScore, PluginScanInput, PluginSecurityReport, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/src/plugins/security/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAGhE,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,YAAY,EAAE,eAAe,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG1F,YAAY,EAEV,aAAa,EACb,UAAU,EAEV,QAAQ,EACR,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EAEvB,cAAc,EACd,qBAAqB,EAErB,kBAAkB,EAClB,iBAAiB,EAEjB,gBAAgB,EAChB,iBAAiB,EAEjB,2BAA2B,EAE3B,uBAAuB,EAEvB,oBAAoB,EACpB,UAAU,EAEV,eAAe,EACf,oBAAoB,GACrB,MAAM,YAAY,CAAC"}

package/dist/ai/src/plugins/security/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Plugin Security Module
+ *
+ * Enterprise-grade multi-layer security scanning pipeline for the DCYFR
+ * plugin marketplace.
+ *
+ * @module plugins/security
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+// Core orchestrator
+export { scanPlugin } from './plugin-security-scanner.js';
+// Individual scanners (for direct use or testing)
+export { generateSBOM } from './sbom-generator.js';
+export { scanVulnerabilities } from './vulnerability-scanner.js';
+export { detectSecrets } from './secret-detector.js';
+export { fetchCodeQuality } from './sonarcloud-client.js';
+export { scanMalware } from './malware-scanner.js';
+export { verifySignature } from './signature-verifier.js';
+export { checkLicenses, APPROVED_LICENSES, INCOMPATIBLE_LICENSES } from './license-checker.js';
+export { calculateTrustScore } from './trust-score.js';
+//# sourceMappingURL=index.js.map

package/dist/ai/src/plugins/security/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,oBAAoB;AACpB,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAG1D,kDAAkD;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/ai/src/plugins/security/license-checker.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * License Compliance Checker
+ *
+ * Validates plugin licenses against DCYFR-approved SPDX identifiers using
+ * npm-license-checker or by parsing package.json directly.
+ *
+ * @module plugins/security/license-checker
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import type { LicenseComplianceResult } from './types.js';
+/** SPDX identifiers unconditionally approved for use in DCYFR plugins */
+export declare const APPROVED_LICENSES: Set<string>;
+/** SPDX identifiers that are incompatible with Apache-2.0 workspace */
+export declare const INCOMPATIBLE_LICENSES: Set<string>;
+/**
+ * Check license compliance for a plugin directory.
+ *
+ * Tries `npx license-checker --json` first; falls back to reading
+ * `package.json` directly when license-checker is unavailable.
+ *
+ * @param pluginPath Absolute path to the extracted plugin directory
+ */
+export declare function checkLicenses(pluginPath: string): Promise<LicenseComplianceResult>;
+//# sourceMappingURL=license-checker.d.ts.map

package/dist/ai/src/plugins/security/license-checker.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"license-checker.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/license-checker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAQ1D,yEAAyE;AACzE,eAAO,MAAM,iBAAiB,aAU5B,CAAC;AAEH,uEAAuE;AACvE,eAAO,MAAM,qBAAqB,aAYhC,CAAC;AA2EH;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,uBAAuB,CAAC,CAmClC"}

package/dist/ai/src/plugins/security/license-checker.js ADDED Viewed

@@ -0,0 +1,137 @@
+/**
+ * License Compliance Checker
+ *
+ * Validates plugin licenses against DCYFR-approved SPDX identifiers using
+ * npm-license-checker or by parsing package.json directly.
+ *
+ * @module plugins/security/license-checker
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+const execFileAsync = promisify(execFile);
+// ---------------------------------------------------------------------------
+// Approved & incompatible license lists
+// ---------------------------------------------------------------------------
+/** SPDX identifiers unconditionally approved for use in DCYFR plugins */
+export const APPROVED_LICENSES = new Set([
+    'MIT',
+    'ISC',
+    'Apache-2.0',
+    'BSD-2-Clause',
+    'BSD-3-Clause',
+    'CC0-1.0',
+    'Unlicense',
+    '0BSD',
+    'BlueOak-1.0.0',
+]);
+/** SPDX identifiers that are incompatible with Apache-2.0 workspace */
+export const INCOMPATIBLE_LICENSES = new Set([
+    'GPL-2.0',
+    'GPL-2.0-only',
+    'GPL-2.0-or-later',
+    'GPL-3.0',
+    'GPL-3.0-only',
+    'GPL-3.0-or-later',
+    'AGPL-3.0',
+    'AGPL-3.0-only',
+    'AGPL-3.0-or-later',
+    'SSPL-1.0',
+    'BUSL-1.1',
+]);
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function normaliseSpdx(raw) {
+    // Handle compound: "MIT AND Apache-2.0" or "(MIT OR Apache-2.0)"
+    return raw
+        .replaceAll(/[()]/g, '')
+        .split(/\s+(?:AND|OR)\s+/)
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+function analyseDetected(detected) {
+    const incompatible = [];
+    const unknown = [];
+    for (const lic of detected) {
+        if (INCOMPATIBLE_LICENSES.has(lic)) {
+            incompatible.push(lic);
+        }
+        else if (!APPROVED_LICENSES.has(lic)) {
+            unknown.push(lic);
+        }
+    }
+    const compliant = incompatible.length === 0 && detected.length > 0;
+    return { incompatible, unknown, compliant };
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+async function collectFromLicenseChecker(pluginPath, acc) {
+    const { stdout } = await execFileAsync('npx', ['license-checker', '--json', '--production'], { cwd: pluginPath });
+    const entries = JSON.parse(stdout);
+    for (const entry of Object.values(entries)) {
+        if (entry.licenses) {
+            for (const lic of normaliseSpdx(entry.licenses))
+                acc.add(lic);
+        }
+    }
+}
+function collectFromPackageJson(pluginPath, acc) {
+    const pkgPath = join(pluginPath, 'package.json');
+    if (!existsSync(pkgPath))
+        return undefined;
+    const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
+    if (pkg.license) {
+        for (const lic of normaliseSpdx(pkg.license))
+            acc.add(lic);
+    }
+    return undefined;
+}
+/**
+ * Check license compliance for a plugin directory.
+ *
+ * Tries `npx license-checker --json` first; falls back to reading
+ * `package.json` directly when license-checker is unavailable.
+ *
+ * @param pluginPath Absolute path to the extracted plugin directory
+ */
+export async function checkLicenses(pluginPath) {
+    const allDetected = new Set();
+    try {
+        await collectFromLicenseChecker(pluginPath, allDetected);
+    }
+    catch {
+        try {
+            collectFromPackageJson(pluginPath, allDetected);
+        }
+        catch {
+            return {
+                success: false,
+                compliant: false,
+                detected: [],
+                incompatible: [],
+                unknown: [],
+                error: 'Could not parse package.json',
+            };
+        }
+    }
+    if (allDetected.size === 0) {
+        return {
+            success: true,
+            compliant: false,
+            detected: [],
+            incompatible: [],
+            unknown: ['UNLICENSED'],
+            error: 'No license declared — required for official marketplace submission',
+        };
+    }
+    const detected = [...allDetected];
+    const { incompatible, unknown, compliant } = analyseDetected(detected);
+    return { success: true, compliant, detected, incompatible, unknown };
+}
+//# sourceMappingURL=license-checker.js.map

package/dist/ai/src/plugins/security/license-checker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"license-checker.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/license-checker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,yEAAyE;AACzE,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IACvC,KAAK;IACL,KAAK;IACL,YAAY;IACZ,cAAc;IACd,cAAc;IACd,SAAS;IACT,WAAW;IACX,MAAM;IACN,eAAe;CAChB,CAAC,CAAC;AAEH,uEAAuE;AACvE,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,SAAS;IACT,cAAc;IACd,kBAAkB;IAClB,SAAS;IACT,cAAc;IACd,kBAAkB;IAClB,UAAU;IACV,eAAe;IACf,mBAAmB;IACnB,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAUH,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,aAAa,CAAC,GAAW;IAChC,iEAAiE;IACjE,OAAO,GAAG;SACP,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;SACvB,KAAK,CAAC,kBAAkB,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,eAAe,CACtB,QAAkB;IAElB,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;aAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACnE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAC9C,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,KAAK,UAAU,yBAAyB,CACtC,UAAkB,EAClB,GAAgB;IAEhB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,EAC7C,EAAE,GAAG,EAAE,UAAU,EAAE,CACpB,CAAC;IACF,MAAM,OAAO,GAAwC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACxE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,UAAkB,EAClB,GAAgB;IAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IACjD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAyB,CAAC;IAC9E,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAkB;IAElB,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,IAAI,CAAC;QACH,MAAM,yBAAyB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,KAAK;gBAChB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE;gBAChB,OAAO,EAAE,EAAE;gBACX,KAAK,EAAE,8BAA8B;aACtC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,EAAE;YACZ,YAAY,EAAE,EAAE;YAChB,OAAO,EAAE,CAAC,YAAY,CAAC;YACvB,KAAK,EAAE,oEAAoE;SAC5E,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC;IAClC,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAEvE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;AACvE,CAAC"}

package/dist/ai/src/plugins/security/malware-scanner.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Malware Scanner
+ *
+ * Scans plugin files for known malware signatures using ClamAV (clamscan).
+ * Also performs a lightweight pattern check for dangerous shell script patterns.
+ *
+ * @module plugins/security/malware-scanner
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import type { MalwareScanResult } from './types.js';
+/**
+ * Scan a plugin directory for malware using ClamAV.
+ *
+ * @param pluginPath Absolute path to the extracted plugin directory
+ */
+export declare function scanMalware(pluginPath: string): Promise<MalwareScanResult>;
+//# sourceMappingURL=malware-scanner.d.ts.map

package/dist/ai/src/plugins/security/malware-scanner.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"malware-scanner.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/malware-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,iBAAiB,EAAoB,MAAM,YAAY,CAAC;AA4EtE;;;;GAIG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,iBAAiB,CAAC,CA+B5B"}