@devshub198211/devguard 2.0.1

package/dist/chunk-KSFZPDFO.js

@@ -0,0 +1,366 @@
+// src/dx/api-contract.ts
+var Schema = class {
+  constructor() {
+    /** @internal */
+    this._isOptional = false;
+  }
+  safeParse(val) {
+    try {
+      let result = this._parse(val === void 0 ? this._default : val, "");
+      if (this._transform) result = this._transform(result);
+      return { success: true, data: result, errors: [] };
+    } catch (e) {
+      return { success: false, errors: parseErrors(e) };
+    }
+  }
+  parse(val) {
+    const r = this.safeParse(val);
+    if (!r.success) throw new Error(r.errors.map((e) => (e.path ? `${e.path}: ` : "") + e.message).join("; "));
+    return r.data;
+  }
+  optional() {
+    return new OptionalSchema(this);
+  }
+  nullable() {
+    return new NullableSchema(this);
+  }
+  default(val) {
+    const c2 = Object.create(this);
+    c2._default = val;
+    return c2;
+  }
+  describe(desc) {
+    const c2 = Object.create(this);
+    c2._description = desc;
+    return c2;
+  }
+  transform(fn) {
+    const c2 = Object.create(this);
+    c2._transform = fn;
+    return c2;
+  }
+  toJSONSchema() {
+    return {};
+  }
+};
+function parseErrors(e) {
+  if (e instanceof ValidationException) return e.errors;
+  return [{ path: "", message: e?.message ?? "Unknown error" }];
+}
+var ValidationException = class extends Error {
+  constructor(errors) {
+    super(errors.map((e) => e.message).join("; "));
+    this.errors = errors;
+  }
+};
+function fail(path, message) {
+  throw new ValidationException([{ path, message }]);
+}
+var OptionalSchema = class extends Schema {
+  constructor(inner) {
+    super();
+    this.inner = inner;
+  }
+  _parse(val, path) {
+    if (val === void 0 || val === null) return void 0;
+    return this.inner._parse(val, path);
+  }
+};
+var NullableSchema = class extends Schema {
+  constructor(inner) {
+    super();
+    this.inner = inner;
+  }
+  _parse(val, path) {
+    if (val === null || val === void 0) return null;
+    return this.inner._parse(val, path);
+  }
+};
+var StringSchema = class extends Schema {
+  constructor() {
+    super(...arguments);
+    this._email = false;
+    this._url = false;
+    this._trim = false;
+  }
+  _parse(val, path) {
+    if (typeof val !== "string") fail(path, `Expected string, got ${typeof val}`);
+    let s = val;
+    if (this._trim) s = s.trim();
+    if (this._min !== void 0 && s.length < this._min) fail(path, `Too short (min ${this._min})`);
+    if (this._max !== void 0 && s.length > this._max) fail(path, `Too long (max ${this._max})`);
+    if (this._enum && !this._enum.includes(s)) fail(path, `Must be one of: ${this._enum.join(", ")}`);
+    if (this._regex && !this._regex.test(s)) fail(path, `Does not match ${this._regex}`);
+    if (this._email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(s)) fail(path, "Invalid email address");
+    if (this._url) {
+      try {
+        new URL(s);
+      } catch {
+        fail(path, "Invalid URL");
+      }
+    }
+    return s;
+  }
+  min(n) {
+    const c2 = Object.create(this);
+    c2._min = n;
+    return c2;
+  }
+  max(n) {
+    const c2 = Object.create(this);
+    c2._max = n;
+    return c2;
+  }
+  length(n) {
+    return this.min(n).max(n);
+  }
+  enum(vals) {
+    const c2 = Object.create(this);
+    c2._enum = vals;
+    return c2;
+  }
+  regex(r) {
+    const c2 = Object.create(this);
+    c2._regex = r;
+    return c2;
+  }
+  email() {
+    const c2 = Object.create(this);
+    c2._email = true;
+    return c2;
+  }
+  url() {
+    const c2 = Object.create(this);
+    c2._url = true;
+    return c2;
+  }
+  trim() {
+    const c2 = Object.create(this);
+    c2._trim = true;
+    return c2;
+  }
+  toJSONSchema() {
+    return { type: "string", ...this._min ? { minLength: this._min } : {}, ...this._max ? { maxLength: this._max } : {}, ...this._enum ? { enum: this._enum } : {}, ...this._email ? { format: "email" } : {}, ...this._url ? { format: "uri" } : {} };
+  }
+};
+var NumberSchema = class extends Schema {
+  constructor() {
+    super(...arguments);
+    this._int = false;
+    this._positive = false;
+  }
+  _parse(val, path) {
+    const n = typeof val === "string" ? parseFloat(val) : val;
+    if (typeof n !== "number" || isNaN(n)) fail(path, `Expected number, got ${typeof val}`);
+    if (this._int && !Number.isInteger(n)) fail(path, "Expected integer");
+    if (this._positive && n <= 0) fail(path, "Must be positive");
+    if (this._min !== void 0 && n < this._min) fail(path, `Too small (min ${this._min})`);
+    if (this._max !== void 0 && n > this._max) fail(path, `Too large (max ${this._max})`);
+    return n;
+  }
+  min(n) {
+    const c2 = Object.create(this);
+    c2._min = n;
+    return c2;
+  }
+  max(n) {
+    const c2 = Object.create(this);
+    c2._max = n;
+    return c2;
+  }
+  int() {
+    const c2 = Object.create(this);
+    c2._int = true;
+    return c2;
+  }
+  positive() {
+    const c2 = Object.create(this);
+    c2._positive = true;
+    return c2;
+  }
+  toJSONSchema() {
+    return { type: this._int ? "integer" : "number", ...this._min !== void 0 ? { minimum: this._min } : {}, ...this._max !== void 0 ? { maximum: this._max } : {} };
+  }
+};
+var BooleanSchema = class extends Schema {
+  _parse(val, path) {
+    if (val === "true" || val === 1 || val === "1") return true;
+    if (val === "false" || val === 0 || val === "0") return false;
+    if (typeof val !== "boolean") fail(path, `Expected boolean, got ${typeof val}`);
+    return val;
+  }
+  toJSONSchema() {
+    return { type: "boolean" };
+  }
+};
+var ObjectSchema = class _ObjectSchema extends Schema {
+  constructor(shape, isStrict = false) {
+    super();
+    this.shape = shape;
+    this._isStrict = isStrict;
+  }
+  _parse(val, path) {
+    if (typeof val !== "object" || val === null || Array.isArray(val)) fail(path, `Expected object`);
+    const obj = val;
+    const result = {};
+    const errors = [];
+    for (const [key, schema] of Object.entries(this.shape)) {
+      try {
+        result[key] = schema._parse(obj[key], path ? `${path}.${key}` : key);
+      } catch (e) {
+        errors.push(...parseErrors(e));
+      }
+    }
+    if (this._isStrict) {
+      const knownKeys = new Set(Object.keys(this.shape));
+      for (const k of Object.keys(obj)) if (!knownKeys.has(k)) errors.push({ path: path ? `${path}.${k}` : k, message: "Unknown field" });
+    }
+    if (errors.length) throw new ValidationException(errors);
+    return result;
+  }
+  extend(extra) {
+    return new _ObjectSchema({ ...this.shape, ...extra });
+  }
+  pick(keys) {
+    const s = {};
+    keys.forEach((k) => s[k] = this.shape[k]);
+    return new _ObjectSchema(s);
+  }
+  omit(keys) {
+    const s = { ...this.shape };
+    keys.forEach((k) => delete s[k]);
+    return new _ObjectSchema(s);
+  }
+  strict() {
+    return new _ObjectSchema(this.shape, true);
+  }
+  toJSONSchema() {
+    const props = {};
+    const required = [];
+    for (const [k, v] of Object.entries(this.shape)) {
+      props[k] = v.toJSONSchema?.() ?? {};
+      if (!(v instanceof OptionalSchema) && !(v instanceof NullableSchema)) required.push(k);
+    }
+    return { type: "object", properties: props, ...required.length ? { required } : {} };
+  }
+};
+var ArraySchema = class extends Schema {
+  constructor(item) {
+    super();
+    this.item = item;
+  }
+  _parse(val, path) {
+    if (!Array.isArray(val)) fail(path, `Expected array`);
+    if (this._min !== void 0 && val.length < this._min) fail(path, `Too few items (min ${this._min})`);
+    if (this._max !== void 0 && val.length > this._max) fail(path, `Too many items (max ${this._max})`);
+    const errors = [];
+    const result = [];
+    val.forEach((item, i) => {
+      try {
+        result.push(this.item._parse(item, `${path}[${i}]`));
+      } catch (e) {
+        errors.push(...parseErrors(e));
+      }
+    });
+    if (errors.length) throw new ValidationException(errors);
+    return result;
+  }
+  min(n) {
+    const c2 = Object.create(this);
+    c2._min = n;
+    return c2;
+  }
+  max(n) {
+    const c2 = Object.create(this);
+    c2._max = n;
+    return c2;
+  }
+  nonempty() {
+    return this.min(1);
+  }
+  toJSONSchema() {
+    return { type: "array", items: this.item.toJSONSchema?.() ?? {} };
+  }
+};
+var RecordSchema = class extends Schema {
+  constructor(valueSchema) {
+    super();
+    this.valueSchema = valueSchema;
+  }
+  _parse(val, path) {
+    if (typeof val !== "object" || val === null || Array.isArray(val)) fail(path, "Expected object");
+    const result = {};
+    for (const [k, v] of Object.entries(val)) {
+      if (k === "__proto__" || k === "constructor" || k === "prototype") continue;
+      result[k] = this.valueSchema._parse(v, `${path}.${k}`);
+    }
+    return result;
+  }
+};
+var LiteralSchema = class extends Schema {
+  constructor(literal) {
+    super();
+    this.literal = literal;
+  }
+  _parse(val, path) {
+    if (val !== this.literal) fail(path, `Expected ${JSON.stringify(this.literal)}, got ${JSON.stringify(val)}`);
+    return val;
+  }
+};
+var UnionSchema = class extends Schema {
+  constructor(options) {
+    super();
+    this.options = options;
+  }
+  _parse(val, path) {
+    for (const opt of this.options) {
+      try {
+        return opt._parse(val, path);
+      } catch {
+        continue;
+      }
+    }
+    fail(path, `Value does not match any union variant`);
+  }
+};
+var c = {
+  string: () => new StringSchema(),
+  number: () => new NumberSchema(),
+  boolean: () => new BooleanSchema(),
+  object: (shape) => new ObjectSchema(shape),
+  array: (item) => new ArraySchema(item),
+  record: (val) => new RecordSchema(val),
+  literal: (v) => new LiteralSchema(v),
+  union: (opts) => new UnionSchema(opts),
+  any: () => new class extends Schema {
+    _parse(v) {
+      return v;
+    }
+  }()
+};
+function validateBody(schema) {
+  return function(req, res, next) {
+    const result = schema.safeParse(req.body);
+    if (!result.success) return res.status(400).json({ error: "Validation failed", details: result.errors });
+    req.body = result.data;
+    next();
+  };
+}
+function validateQuery(schema) {
+  return function(req, res, next) {
+    const result = schema.safeParse(req.query);
+    if (!result.success) return res.status(400).json({ error: "Invalid query parameters", details: result.errors });
+    req.query = result.data;
+    next();
+  };
+}
+async function typedFetch(url, schema, init) {
+  if (typeof fetch === "undefined") throw new Error("[devguard] typedFetch requires Node.js >= 18 or a global fetch polyfill. See: https://nodejs.org/en/blog/announcements/v18-release-announce");
+  const response = await fetch(url, init);
+  if (!response.ok) throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+  const json = await response.json();
+  const data = schema.parse(json);
+  return { data, response };
+}
+
+export { Schema, c, typedFetch, validateBody, validateQuery };

package/dist/chunk-MT3VUCLS.js

@@ -0,0 +1,35 @@
+import { verifyLockfile, scanProject, enforceExactPins, checkTokenAge, loadTokensFromEnv } from './chunk-D7GNA6TS.js';
+import * as path from 'path';
+
+async function runAllChecks(root = process.cwd()) {
+  const resolvedRoot = path.resolve(root);
+  const [lockfile, hookFindings, unpinned] = await Promise.all([
+    Promise.resolve(verifyLockfile(resolvedRoot)),
+    Promise.resolve(scanProject(resolvedRoot)),
+    Promise.resolve(enforceExactPins(path.join(resolvedRoot, "package.json")))
+  ]);
+  const tokenNames = (process.env.DEVGUARD_TOKENS ?? "NPM_TOKEN,GITHUB_TOKEN").split(",").map((s) => s.trim()).filter(Boolean);
+  const tokenAlerts = checkTokenAge(loadTokensFromEnv(tokenNames));
+  const stale = tokenAlerts.filter((a) => a.status === "stale").map((a) => a.name);
+  const expiringSoon = tokenAlerts.filter((a) => a.status === "expiring_soon").map((a) => a.name);
+  const criticals = hookFindings.filter((h) => h.severity === "critical").length;
+  const passedAll = lockfile.valid && hookFindings.length === 0 && unpinned.length === 0 && stale.length === 0;
+  let score = 100;
+  if (!lockfile.valid) score -= 30;
+  score -= Math.min(40, criticals * 15 + (hookFindings.length - criticals) * 5);
+  score -= Math.min(15, unpinned.length * 2);
+  score -= stale.length * 10;
+  score -= expiringSoon.length * 3;
+  score = Math.max(0, score);
+  return {
+    lockfile: { valid: lockfile.valid, tampered: lockfile.tampered, missing: lockfile.missing },
+    hooks: { count: hookFindings.length, criticals, findings: hookFindings },
+    pins: { unpinned: unpinned.map((v) => v.name + "@" + v.specifier), autoFixAvailable: true },
+    tokens: { stale, expiringSoon },
+    passedAll,
+    score,
+    scannedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+
+export { runAllChecks };