@feiyoug/skill-lab 0.0.0 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +73 -0
- package/esm/analyzer/astgrep/client.d.ts +20 -8
- package/esm/analyzer/astgrep/client.d.ts.map +1 -1
- package/esm/analyzer/astgrep/client.js +58 -31
- package/esm/analyzer/config/default.d.ts +8 -0
- package/esm/analyzer/config/default.d.ts.map +1 -0
- package/esm/analyzer/config/default.js +91 -0
- package/esm/analyzer/config/helpers.d.ts +8 -0
- package/esm/analyzer/config/helpers.d.ts.map +1 -0
- package/esm/analyzer/config/helpers.js +72 -0
- package/esm/analyzer/config/mod.d.ts +4 -0
- package/esm/analyzer/config/mod.d.ts.map +1 -0
- package/esm/analyzer/config/mod.js +3 -0
- package/esm/analyzer/config/types.d.ts +58 -0
- package/esm/analyzer/config/types.d.ts.map +1 -0
- package/esm/analyzer/{config.js → config/types.js} +0 -28
- package/esm/analyzer/logging.d.ts +3 -0
- package/esm/analyzer/logging.d.ts.map +1 -0
- package/esm/analyzer/logging.js +6 -0
- package/esm/analyzer/mod.d.ts +12 -5
- package/esm/analyzer/mod.d.ts.map +1 -1
- package/esm/analyzer/mod.js +25 -12
- package/esm/analyzer/result.d.ts +35 -0
- package/esm/analyzer/result.d.ts.map +1 -0
- package/esm/analyzer/result.js +311 -0
- package/esm/analyzer/rules/bash/commands/mod.d.ts +1 -0
- package/esm/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
- package/esm/analyzer/rules/bash/commands/mod.js +3 -0
- package/esm/analyzer/rules/bash/commands/pip.d.ts +3 -0
- package/esm/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
- package/esm/analyzer/rules/bash/commands/pip.js +14 -0
- package/esm/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
- package/esm/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/bash/extractFileRefs.js +2 -2
- package/esm/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
- package/esm/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
- package/esm/analyzer/rules/bash/inline-command-classifier.js +4 -4
- package/esm/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
- package/esm/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/javascript/extractFileRefs.js +3 -4
- package/esm/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
- package/esm/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
- package/esm/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/markdown/extractFileRefs.js +2 -0
- package/esm/analyzer/rules/python/extractFileRefs.d.ts +1 -1
- package/esm/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/python/extractFileRefs.js +2 -2
- package/esm/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
- package/esm/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
- package/esm/analyzer/steps/001-discovery/discover-files.js +18 -2
- package/esm/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
- package/esm/analyzer/steps/001-discovery/mod.js +39 -9
- package/esm/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
- package/esm/analyzer/steps/002-permissions/mod.js +156 -73
- package/esm/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
- package/esm/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
- package/esm/analyzer/steps/002-permissions/scan-file.js +40 -5
- package/esm/analyzer/steps/002-permissions/seed-frontmatter.js +2 -2
- package/esm/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
- package/esm/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
- package/esm/analyzer/steps/003-risks/dep-risks.js +74 -0
- package/esm/analyzer/steps/003-risks/helpers.d.ts +1 -0
- package/esm/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/helpers.js +1 -0
- package/esm/analyzer/steps/003-risks/mod.d.ts +3 -2
- package/esm/analyzer/steps/003-risks/mod.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/mod.js +41 -4
- package/esm/analyzer/steps/003-risks/policy.d.ts +7 -0
- package/esm/analyzer/steps/003-risks/policy.d.ts.map +1 -0
- package/esm/analyzer/steps/003-risks/policy.js +23 -0
- package/esm/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
- package/esm/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/rule-mapped.js +83 -2
- package/esm/analyzer/steps/003-risks/scoring.d.ts +9 -1
- package/esm/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/scoring.js +55 -42
- package/esm/analyzer/treesitter/client.d.ts +31 -0
- package/esm/analyzer/treesitter/client.d.ts.map +1 -0
- package/esm/analyzer/{treesiter → treesitter}/client.js +43 -39
- package/esm/analyzer/treesitter/registry.d.ts +73 -0
- package/esm/analyzer/treesitter/registry.d.ts.map +1 -0
- package/esm/analyzer/treesitter/registry.js +165 -0
- package/esm/analyzer/types.d.ts +14 -28
- package/esm/analyzer/types.d.ts.map +1 -1
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +3 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +297 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +268 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.js +45 -0
- package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
- package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
- package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.js +903 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/types.js +15 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/write_all.js +61 -0
- package/esm/shared/deep_merge.d.ts +12 -0
- package/esm/shared/deep_merge.d.ts.map +1 -0
- package/esm/shared/deep_merge.js +49 -0
- package/esm/shared/mod.d.ts +1 -0
- package/esm/shared/mod.d.ts.map +1 -1
- package/esm/shared/mod.js +1 -0
- package/esm/shared/types/filetypes.d.ts +2 -2
- package/esm/shared/types/filetypes.d.ts.map +1 -1
- package/esm/shared/types/permissions.d.ts +1 -1
- package/esm/shared/types/permissions.d.ts.map +1 -1
- package/esm/shared/types/risks.d.ts +4 -1
- package/esm/shared/types/risks.d.ts.map +1 -1
- package/esm/skillreader/types.d.ts +2 -2
- package/esm/skillreader/types.d.ts.map +1 -1
- package/esm/skillreader/types.js +2 -2
- package/package.json +1 -1
- package/script/analyzer/astgrep/client.d.ts +20 -8
- package/script/analyzer/astgrep/client.d.ts.map +1 -1
- package/script/analyzer/astgrep/client.js +58 -64
- package/script/analyzer/config/default.d.ts +8 -0
- package/script/analyzer/config/default.d.ts.map +1 -0
- package/script/analyzer/config/default.js +94 -0
- package/script/analyzer/config/helpers.d.ts +8 -0
- package/script/analyzer/config/helpers.d.ts.map +1 -0
- package/script/analyzer/config/helpers.js +76 -0
- package/script/analyzer/config/mod.d.ts +4 -0
- package/script/analyzer/config/mod.d.ts.map +1 -0
- package/script/analyzer/config/mod.js +21 -0
- package/script/analyzer/config/types.d.ts +58 -0
- package/script/analyzer/config/types.d.ts.map +1 -0
- package/script/analyzer/{config.js → config/types.js} +1 -29
- package/script/analyzer/logging.d.ts +3 -0
- package/script/analyzer/logging.d.ts.map +1 -0
- package/script/analyzer/logging.js +9 -0
- package/script/analyzer/mod.d.ts +12 -5
- package/script/analyzer/mod.d.ts.map +1 -1
- package/script/analyzer/mod.js +35 -20
- package/script/analyzer/result.d.ts +35 -0
- package/script/analyzer/result.d.ts.map +1 -0
- package/script/analyzer/result.js +315 -0
- package/script/analyzer/rules/bash/commands/mod.d.ts +1 -0
- package/script/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
- package/script/analyzer/rules/bash/commands/mod.js +3 -0
- package/script/analyzer/rules/bash/commands/pip.d.ts +3 -0
- package/script/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
- package/script/analyzer/rules/bash/commands/pip.js +17 -0
- package/script/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
- package/script/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/bash/extractFileRefs.js +2 -2
- package/script/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
- package/script/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
- package/script/analyzer/rules/bash/inline-command-classifier.js +4 -4
- package/script/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
- package/script/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/javascript/extractFileRefs.js +3 -4
- package/script/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
- package/script/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
- package/script/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/markdown/extractFileRefs.js +2 -0
- package/script/analyzer/rules/python/extractFileRefs.d.ts +1 -1
- package/script/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/python/extractFileRefs.js +2 -2
- package/script/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
- package/script/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
- package/script/analyzer/steps/001-discovery/discover-files.js +18 -2
- package/script/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
- package/script/analyzer/steps/001-discovery/mod.js +77 -11
- package/script/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
- package/script/analyzer/steps/002-permissions/mod.js +194 -75
- package/script/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
- package/script/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
- package/script/analyzer/steps/002-permissions/scan-file.js +40 -5
- package/script/analyzer/steps/002-permissions/seed-frontmatter.js +3 -3
- package/script/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
- package/script/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
- package/script/analyzer/steps/003-risks/dep-risks.js +77 -0
- package/script/analyzer/steps/003-risks/helpers.d.ts +1 -0
- package/script/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/helpers.js +1 -0
- package/script/analyzer/steps/003-risks/mod.d.ts +3 -2
- package/script/analyzer/steps/003-risks/mod.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/mod.js +77 -4
- package/script/analyzer/steps/003-risks/policy.d.ts +7 -0
- package/script/analyzer/steps/003-risks/policy.d.ts.map +1 -0
- package/script/analyzer/steps/003-risks/policy.js +29 -0
- package/script/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
- package/script/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/rule-mapped.js +83 -2
- package/script/analyzer/steps/003-risks/scoring.d.ts +9 -1
- package/script/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/scoring.js +55 -42
- package/script/analyzer/treesitter/client.d.ts +31 -0
- package/script/analyzer/treesitter/client.d.ts.map +1 -0
- package/script/analyzer/treesitter/client.js +136 -0
- package/script/analyzer/treesitter/registry.d.ts +73 -0
- package/script/analyzer/treesitter/registry.d.ts.map +1 -0
- package/script/analyzer/treesitter/registry.js +206 -0
- package/script/analyzer/types.d.ts +14 -28
- package/script/analyzer/types.d.ts.map +1 -1
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +10 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +334 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +305 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.js +48 -0
- package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
- package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
- package/script/deps/jsr.io/@std/fmt/1.0.3/colors.js +986 -0
- package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
- package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
- package/script/deps/jsr.io/@std/io/0.225.0/types.js +18 -0
- package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
- package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
- package/script/deps/jsr.io/@std/io/0.225.0/write_all.js +65 -0
- package/script/shared/deep_merge.d.ts +12 -0
- package/script/shared/deep_merge.d.ts.map +1 -0
- package/script/shared/deep_merge.js +53 -0
- package/script/shared/mod.d.ts +1 -0
- package/script/shared/mod.d.ts.map +1 -1
- package/script/shared/mod.js +1 -0
- package/script/shared/types/filetypes.d.ts +2 -2
- package/script/shared/types/filetypes.d.ts.map +1 -1
- package/script/shared/types/permissions.d.ts +1 -1
- package/script/shared/types/permissions.d.ts.map +1 -1
- package/script/shared/types/risks.d.ts +4 -1
- package/script/shared/types/risks.d.ts.map +1 -1
- package/script/skillreader/types.d.ts +2 -2
- package/script/skillreader/types.d.ts.map +1 -1
- package/script/skillreader/types.js +2 -2
- package/src/_dnt.polyfills.ts +27 -0
- package/src/_dnt.shims.ts +64 -0
- package/src/analyzer/astgrep/client.ts +184 -0
- package/src/analyzer/astgrep/mod.ts +2 -0
- package/src/analyzer/config/default.ts +98 -0
- package/src/analyzer/config/helpers.ts +107 -0
- package/src/analyzer/config/mod.ts +3 -0
- package/src/analyzer/config/types.ts +103 -0
- package/src/analyzer/logging.ts +8 -0
- package/src/analyzer/mod.ts +118 -0
- package/src/analyzer/result.ts +393 -0
- package/src/analyzer/rules/bash/astTypes.ts +5 -0
- package/src/analyzer/rules/bash/commands/bd.ts +23 -0
- package/src/analyzer/rules/bash/commands/cron.ts +21 -0
- package/src/analyzer/rules/bash/commands/docker.ts +37 -0
- package/src/analyzer/rules/bash/commands/eval.ts +52 -0
- package/src/analyzer/rules/bash/commands/generic.ts +16 -0
- package/src/analyzer/rules/bash/commands/gh.ts +21 -0
- package/src/analyzer/rules/bash/commands/git.ts +28 -0
- package/src/analyzer/rules/bash/commands/mod.ts +38 -0
- package/src/analyzer/rules/bash/commands/node.ts +64 -0
- package/src/analyzer/rules/bash/commands/openspec.ts +16 -0
- package/src/analyzer/rules/bash/commands/pip.ts +16 -0
- package/src/analyzer/rules/bash/commands/sudo.ts +21 -0
- package/src/analyzer/rules/bash/destructive.ts +28 -0
- package/src/analyzer/rules/bash/extractFileRefs.ts +101 -0
- package/src/analyzer/rules/bash/filesystem.ts +50 -0
- package/src/analyzer/rules/bash/injection.ts +21 -0
- package/src/analyzer/rules/bash/inline-command-classifier.ts +94 -0
- package/src/analyzer/rules/bash/mod.ts +23 -0
- package/src/analyzer/rules/bash/network.ts +64 -0
- package/src/analyzer/rules/bash/secret-detection.ts +43 -0
- package/src/analyzer/rules/javascript/astTypes.ts +8 -0
- package/src/analyzer/rules/javascript/extractFileRefs.ts +131 -0
- package/src/analyzer/rules/javascript/filesystem.ts +28 -0
- package/src/analyzer/rules/javascript/injection.ts +21 -0
- package/src/analyzer/rules/javascript/mod.ts +26 -0
- package/src/analyzer/rules/javascript/network.ts +27 -0
- package/src/analyzer/rules/javascript/secret-detection.ts +68 -0
- package/src/analyzer/rules/javascript/subprocess.ts +16 -0
- package/src/analyzer/rules/markdown/astTypes.ts +35 -0
- package/src/analyzer/rules/markdown/extractCodeBlocks.ts +101 -0
- package/src/analyzer/rules/markdown/extractFileRefs.ts +179 -0
- package/src/analyzer/rules/markdown/mod.ts +12 -0
- package/src/analyzer/rules/mod.ts +77 -0
- package/src/analyzer/rules/python/astTypes.ts +9 -0
- package/src/analyzer/rules/python/extractFileRefs.ts +92 -0
- package/src/analyzer/rules/python/mod.ts +15 -0
- package/src/analyzer/rules/python/network.ts +26 -0
- package/src/analyzer/rules/python/secret-detection.ts +30 -0
- package/src/analyzer/rules/shared/file-refs.ts +38 -0
- package/src/analyzer/rules/shared/network-evaluators.ts +107 -0
- package/src/analyzer/rules/shared/prompt-injection.ts +48 -0
- package/src/analyzer/rules/shared/secret-evaluators.ts +13 -0
- package/src/analyzer/rules/text/mod.ts +12 -0
- package/src/analyzer/rules/typescript/mod.ts +7 -0
- package/src/analyzer/steps/001-discovery/discover-files.ts +211 -0
- package/src/analyzer/steps/001-discovery/filter-files.ts +72 -0
- package/src/analyzer/steps/001-discovery/mod.ts +103 -0
- package/src/analyzer/steps/002-permissions/mod.ts +329 -0
- package/src/analyzer/steps/002-permissions/scan-file.ts +258 -0
- package/src/analyzer/steps/002-permissions/seed-frontmatter.ts +66 -0
- package/src/analyzer/steps/002-permissions/synthesize.ts +42 -0
- package/src/analyzer/steps/003-risks/dep-risks.ts +89 -0
- package/src/analyzer/steps/003-risks/helpers.ts +41 -0
- package/src/analyzer/steps/003-risks/mod.ts +86 -0
- package/src/analyzer/steps/003-risks/policy.ts +38 -0
- package/src/analyzer/steps/003-risks/rule-mapped.ts +206 -0
- package/src/analyzer/steps/003-risks/scoring.ts +117 -0
- package/src/analyzer/steps/mod.ts +3 -0
- package/src/analyzer/treesitter/client.ts +120 -0
- package/src/analyzer/treesitter/registry.ts +198 -0
- package/src/analyzer/types.ts +78 -0
- package/src/analyzer/utils/code-block-path.ts +33 -0
- package/src/analyzer/utils/id-generator.ts +59 -0
- package/src/analyzer/utils/secret-validator.ts +29 -0
- package/src/analyzer/utils/url-parser.ts +25 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/deps.ts +3 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/mod.ts +265 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/multi.ts +250 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/time.ts +69 -0
- package/src/deps/jsr.io/@std/fmt/1.0.3/colors.ts +1004 -0
- package/src/deps/jsr.io/@std/internal/1.0.12/_os.ts +15 -0
- package/src/deps/jsr.io/@std/internal/1.0.12/os.ts +7 -0
- package/src/deps/jsr.io/@std/io/0.225.0/types.ts +157 -0
- package/src/deps/jsr.io/@std/io/0.225.0/write_all.ts +65 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/assert_path.ts +10 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/basename.ts +53 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/common.ts +26 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/constants.ts +49 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/dirname.ts +9 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/format.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/from_file_url.ts +12 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/glob_to_reg_exp.ts +295 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize.ts +9 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize_string.ts +74 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/relative.ts +10 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/strip_trailing_separators.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/to_file_url.ts +17 -0
- package/src/deps/jsr.io/@std/path/1.1.4/basename.ts +37 -0
- package/src/deps/jsr.io/@std/path/1.1.4/common.ts +35 -0
- package/src/deps/jsr.io/@std/path/1.1.4/constants.ts +18 -0
- package/src/deps/jsr.io/@std/path/1.1.4/dirname.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/extname.ts +29 -0
- package/src/deps/jsr.io/@std/path/1.1.4/format.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/from_file_url.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/glob_to_regexp.ts +94 -0
- package/src/deps/jsr.io/@std/path/1.1.4/is_absolute.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/is_glob.ts +49 -0
- package/src/deps/jsr.io/@std/path/1.1.4/join.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/join_globs.ts +42 -0
- package/src/deps/jsr.io/@std/path/1.1.4/mod.ts +217 -0
- package/src/deps/jsr.io/@std/path/1.1.4/normalize.ts +33 -0
- package/src/deps/jsr.io/@std/path/1.1.4/normalize_glob.ts +45 -0
- package/src/deps/jsr.io/@std/path/1.1.4/parse.ts +44 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/_util.ts +10 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/basename.ts +62 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/constants.ts +15 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/dirname.ts +72 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/extname.ts +96 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/format.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/from_file_url.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/glob_to_regexp.ts +94 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/is_absolute.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/join.ts +46 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/join_globs.ts +45 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize.ts +63 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize_glob.ts +43 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/parse.ts +121 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/relative.ts +103 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/resolve.ts +71 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/to_file_url.ts +32 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/to_namespaced_path.ts +21 -0
- package/src/deps/jsr.io/@std/path/1.1.4/relative.ts +32 -0
- package/src/deps/jsr.io/@std/path/1.1.4/resolve.ts +32 -0
- package/src/deps/jsr.io/@std/path/1.1.4/to_file_url.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/to_namespaced_path.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/types.ts +40 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/_util.ts +28 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/basename.ts +54 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/constants.ts +15 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/dirname.ts +118 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/extname.ts +90 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/format.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/from_file_url.ts +34 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/glob_to_regexp.ts +92 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/is_absolute.ts +40 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/join.ts +78 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/join_globs.ts +46 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize.ts +136 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize_glob.ts +43 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/parse.ts +184 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/relative.ts +128 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/resolve.ts +178 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/to_file_url.ts +38 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/to_namespaced_path.ts +60 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_chars.ts +55 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_dumper_state.ts +841 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_loader_state.ts +1780 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_schema.ts +183 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/binary.ts +127 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/bool.ts +37 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/float.ts +112 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/int.ts +174 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/map.ts +17 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/merge.ts +13 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/nil.ts +27 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/omap.ts +30 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/pairs.ts +22 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/regexp.ts +33 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/seq.ts +13 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/set.ts +17 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/str.ts +12 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/timestamp.ts +101 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/undefined.ts +23 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type.ts +49 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_utils.ts +16 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/mod.ts +54 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/parse.ts +128 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/stringify.ts +118 -0
- package/src/shared/deep_merge.ts +73 -0
- package/src/shared/mod.ts +2 -0
- package/src/shared/types/filetypes.ts +101 -0
- package/src/shared/types/findings.ts +7 -0
- package/src/shared/types/mod.ts +6 -0
- package/src/shared/types/permissions.ts +17 -0
- package/src/shared/types/references.ts +62 -0
- package/src/shared/types/risks.ts +72 -0
- package/src/shared/types/syntaxNode.ts +7 -0
- package/src/skillreader/cloudStorage/mod.ts +170 -0
- package/src/skillreader/factory.ts +71 -0
- package/src/skillreader/fs/git.ts +153 -0
- package/src/skillreader/fs/mod.ts +84 -0
- package/src/skillreader/github/base.ts +162 -0
- package/src/skillreader/github/githubApi.ts +40 -0
- package/src/skillreader/github/githubRaw.ts +24 -0
- package/src/skillreader/github/mod.ts +45 -0
- package/src/skillreader/github/utils.ts +40 -0
- package/src/skillreader/manifest.ts +67 -0
- package/src/skillreader/mod.ts +26 -0
- package/src/skillreader/types.ts +150 -0
- package/src/skillreader/utils/frontmatter-parser.ts +72 -0
- package/src/skillreader/utils/http-range.ts +38 -0
- package/src/skillreader/utils/mod.ts +12 -0
- package/esm/analyzer/astgrep/registry.d.ts +0 -18
- package/esm/analyzer/astgrep/registry.d.ts.map +0 -1
- package/esm/analyzer/astgrep/registry.js +0 -71
- package/esm/analyzer/config.d.ts +0 -27
- package/esm/analyzer/config.d.ts.map +0 -1
- package/esm/analyzer/steps/003-risks/output.d.ts +0 -3
- package/esm/analyzer/steps/003-risks/output.d.ts.map +0 -1
- package/esm/analyzer/steps/003-risks/output.js +0 -16
- package/esm/analyzer/treesiter/client.d.ts +0 -26
- package/esm/analyzer/treesiter/client.d.ts.map +0 -1
- package/script/analyzer/astgrep/registry.d.ts +0 -18
- package/script/analyzer/astgrep/registry.d.ts.map +0 -1
- package/script/analyzer/astgrep/registry.js +0 -109
- package/script/analyzer/config.d.ts +0 -27
- package/script/analyzer/config.d.ts.map +0 -1
- package/script/analyzer/steps/003-risks/output.d.ts +0 -3
- package/script/analyzer/steps/003-risks/output.d.ts.map +0 -1
- package/script/analyzer/steps/003-risks/output.js +0 -19
- package/script/analyzer/treesiter/client.d.ts +0 -26
- package/script/analyzer/treesiter/client.d.ts.map +0 -1
- package/script/analyzer/treesiter/client.js +0 -165
package/README.md
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# Skill Lab
|
|
2
|
+
|
|
3
|
+
Skill Lab is a toolkit for analyzing and understanding AI agent skills.
|
|
4
|
+
|
|
5
|
+
It helps to inspect skill behavior before enablement by producing deterministic
|
|
6
|
+
permission and risk output.
|
|
7
|
+
|
|
8
|
+
The project is still experimental. Feedback and PRs are welcome.
|
|
9
|
+
|
|
10
|
+
## What it provides
|
|
11
|
+
|
|
12
|
+
- Deterministic static analysis for skills from local paths or GitHub.
|
|
13
|
+
- Structured `permissions` and `risks` output for review and automation.
|
|
14
|
+
- Aggregate `score`, `riskLevel`, and `summary` for fast triage.
|
|
15
|
+
|
|
16
|
+
📖 [Documentation](https://skill-lab.pages.dev/)
|
|
17
|
+
|
|
18
|
+
## Install the CLI (`slab`)
|
|
19
|
+
|
|
20
|
+
### Homebrew
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
brew tap feiyoug/tap/slab
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
Or:
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
brew tap feiyoug/tap
|
|
30
|
+
brew install slab
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
Verify installation:
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
slab --help
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
For other install options, see [CLI Installation](https://skill-lab.pages.dev/cli/installation).
|
|
40
|
+
|
|
41
|
+
## Install the library
|
|
42
|
+
|
|
43
|
+
### npm
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
npm install @FeiyouG/skill-lab
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### pnpm
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
pnpm add @FeiyouG/skill-lab
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
### Deno
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
deno add npm:@FeiyouG/skill-lab
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
Use in code:
|
|
62
|
+
|
|
63
|
+
```ts
|
|
64
|
+
import { Analyzer } from "@FeiyouG/skill-lab";
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
## Quick example
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
slab analyze ./path/to/skill --json
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
The target directory should contain `SKILL.md` at its root.
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
import { parse } from "
|
|
1
|
+
import { parse } from "../../.npm-build-vendor/ast-grep-wasm/mod.js";
|
|
2
2
|
import type { Finding, PermissionScope, Reference, ReferenceType, RuleRiskMapping } from "../../shared/mod.js";
|
|
3
|
-
import {
|
|
3
|
+
import type { TreesitterGrammar } from "../treesitter/registry.js";
|
|
4
|
+
import type { AnalyzerLogger } from "../types.js";
|
|
5
|
+
export type AstGrepGrammar = Exclude<TreesitterGrammar, "markdown" | "markdown-inline" | "tsx">;
|
|
4
6
|
export type AstGrepRule = {
|
|
5
7
|
id: string;
|
|
6
8
|
description: string;
|
|
@@ -20,16 +22,26 @@ export type AstGrepMatch = {
|
|
|
20
22
|
lineEnd?: number;
|
|
21
23
|
extracted: Record<string, unknown>;
|
|
22
24
|
};
|
|
25
|
+
type SgRoot = ReturnType<typeof parse>;
|
|
23
26
|
export declare class AstGrepClient {
|
|
24
|
-
private
|
|
25
|
-
private
|
|
27
|
+
private readonly logger;
|
|
28
|
+
private readonly showProgressBar;
|
|
29
|
+
private REGISTERED_GRAMMARS;
|
|
30
|
+
private SG_ROOT_CACHE_BY_CONTENT;
|
|
31
|
+
/** Lazy runtime init promise — created on first use, shared across all calls. */
|
|
32
|
+
private parserInitialized;
|
|
33
|
+
constructor(logger?: AnalyzerLogger, showProgressBar?: boolean);
|
|
26
34
|
/** Parse content for direct AST traversal using kind/composite rules. */
|
|
27
|
-
parse(language:
|
|
28
|
-
scanWithRules(content: string, language:
|
|
35
|
+
parse(language: AstGrepGrammar, content: string): Promise<SgRoot>;
|
|
36
|
+
scanWithRules(content: string, language: AstGrepGrammar, rules: AstGrepRule[]): Promise<AstGrepMatch[]>;
|
|
29
37
|
matchesToFindings(file: string, type: ReferenceType, matches: AstGrepMatch[], referencedBy?: Reference): Finding[];
|
|
30
|
-
|
|
38
|
+
/** Initializes the ast-grep runtime once (without registering grammars yet). */
|
|
39
|
+
private ensureRuntimeInit;
|
|
40
|
+
/** Lazily register a single grammar the first time it is needed. */
|
|
41
|
+
private ensureLanguageRegistered;
|
|
31
42
|
private stripQuotes;
|
|
32
|
-
private
|
|
43
|
+
private getSgRootCache;
|
|
33
44
|
private hashContent;
|
|
34
45
|
}
|
|
46
|
+
export {};
|
|
35
47
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/analyzer/astgrep/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/analyzer/astgrep/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,EAA2B,MAAM,8CAA8C,CAAC;AACpH,OAAO,KAAK,EACR,OAAO,EACP,eAAe,EACf,SAAS,EACT,aAAa,EACb,eAAe,EAClB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAGlD,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,iBAAiB,EAAE,UAAU,GAAG,iBAAiB,GAAG,KAAK,CAAC,CAAC;AAEhG,MAAM,MAAM,WAAW,GAAG;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,cAAc,CAAC;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,eAAe,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAClC,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;KACnC,CAAC;CACL,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC,CAAC;AAEF,KAAK,MAAM,GAAG,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC;AAGvC,qBAAa,aAAa;IAQlB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe;IARpC,OAAO,CAAC,mBAAmB,CAA6B;IACxD,OAAO,CAAC,wBAAwB,CAAoD;IAEpF,iFAAiF;IACjF,OAAO,CAAC,iBAAiB,CAAkB;gBAGtB,MAAM,GAAE,cAA6B,EACrC,eAAe,GAAE,OAAe;IAGrD,yEAAyE;IAC5D,KAAK,CACd,QAAQ,EAAE,cAAc,EACxB,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAoBL,aAAa,CACtB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,cAAc,EACxB,KAAK,EAAE,WAAW,EAAE,GACrB,OAAO,CAAC,YAAY,EAAE,CAAC;IAyCnB,iBAAiB,CACpB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,aAAa,EACnB,OAAO,EAAE,YAAY,EAAE,EACvB,YAAY,CAAC,EAAE,SAAS,GACzB,OAAO,EAAE;IAcZ,gFAAgF;YAClE,iBAAiB;IAM/B,oEAAoE;YACtD,wBAAwB;IAYtC,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,cAAc;IAOtB,OAAO,CAAC,WAAW;CAStB"}
|
|
@@ -1,45 +1,64 @@
|
|
|
1
|
-
import
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
1
|
+
import { initializeTreeSitter, parse, registerDynamicLanguage } from "../../.npm-build-vendor/ast-grep-wasm/mod.js";
|
|
2
|
+
import { ensureGrammar } from "../treesitter/registry.js";
|
|
3
|
+
import { NO_OP_LOGGER } from "../logging.js";
|
|
4
4
|
export class AstGrepClient {
|
|
5
|
-
constructor() {
|
|
6
|
-
Object.defineProperty(this, "
|
|
5
|
+
constructor(logger = NO_OP_LOGGER, showProgressBar = false) {
|
|
6
|
+
Object.defineProperty(this, "logger", {
|
|
7
7
|
enumerable: true,
|
|
8
8
|
configurable: true,
|
|
9
9
|
writable: true,
|
|
10
|
-
value:
|
|
10
|
+
value: logger
|
|
11
|
+
});
|
|
12
|
+
Object.defineProperty(this, "showProgressBar", {
|
|
13
|
+
enumerable: true,
|
|
14
|
+
configurable: true,
|
|
15
|
+
writable: true,
|
|
16
|
+
value: showProgressBar
|
|
17
|
+
});
|
|
18
|
+
Object.defineProperty(this, "REGISTERED_GRAMMARS", {
|
|
19
|
+
enumerable: true,
|
|
20
|
+
configurable: true,
|
|
21
|
+
writable: true,
|
|
22
|
+
value: new Set()
|
|
11
23
|
});
|
|
12
|
-
Object.defineProperty(this, "
|
|
24
|
+
Object.defineProperty(this, "SG_ROOT_CACHE_BY_CONTENT", {
|
|
13
25
|
enumerable: true,
|
|
14
26
|
configurable: true,
|
|
15
27
|
writable: true,
|
|
16
28
|
value: {}
|
|
17
29
|
});
|
|
30
|
+
/** Lazy runtime init promise — created on first use, shared across all calls. */
|
|
31
|
+
Object.defineProperty(this, "parserInitialized", {
|
|
32
|
+
enumerable: true,
|
|
33
|
+
configurable: true,
|
|
34
|
+
writable: true,
|
|
35
|
+
value: false
|
|
36
|
+
});
|
|
18
37
|
}
|
|
19
38
|
/** Parse content for direct AST traversal using kind/composite rules. */
|
|
20
|
-
parse(language, content) {
|
|
21
|
-
this.
|
|
22
|
-
const
|
|
39
|
+
async parse(language, content) {
|
|
40
|
+
await this.ensureLanguageRegistered(language);
|
|
41
|
+
const sgRootByLen = this.getSgRootCache(language);
|
|
23
42
|
const len = content.length;
|
|
24
|
-
const rootByHash =
|
|
43
|
+
const rootByHash = sgRootByLen.get(len);
|
|
25
44
|
if (rootByHash) {
|
|
26
45
|
const hash = this.hashContent(content);
|
|
27
46
|
const cached = rootByHash.get(hash);
|
|
28
47
|
if (cached)
|
|
29
48
|
return cached;
|
|
30
49
|
}
|
|
31
|
-
const
|
|
50
|
+
const sgRoot = parse(language, content);
|
|
32
51
|
const hash = this.hashContent(content);
|
|
33
|
-
const bucket =
|
|
34
|
-
bucket.set(hash,
|
|
35
|
-
|
|
36
|
-
return
|
|
52
|
+
const bucket = sgRootByLen.get(len) ?? new Map();
|
|
53
|
+
bucket.set(hash, sgRoot);
|
|
54
|
+
sgRootByLen.set(len, bucket);
|
|
55
|
+
return sgRoot;
|
|
37
56
|
}
|
|
38
|
-
scanWithRules(content, language, rules) {
|
|
39
|
-
this.
|
|
57
|
+
async scanWithRules(content, language, rules) {
|
|
58
|
+
await this.ensureLanguageRegistered(language);
|
|
40
59
|
const matches = [];
|
|
41
60
|
try {
|
|
42
|
-
const ast = this.parse(language, content);
|
|
61
|
+
const ast = await this.parse(language, content);
|
|
43
62
|
const root = ast.root();
|
|
44
63
|
for (const rule of rules) {
|
|
45
64
|
for (const pattern of rule.patterns) {
|
|
@@ -83,15 +102,23 @@ export class AstGrepClient {
|
|
|
83
102
|
extracted: match.extracted,
|
|
84
103
|
}));
|
|
85
104
|
}
|
|
86
|
-
|
|
87
|
-
|
|
105
|
+
/** Initializes the ast-grep runtime once (without registering grammars yet). */
|
|
106
|
+
async ensureRuntimeInit() {
|
|
107
|
+
if (this.parserInitialized)
|
|
108
|
+
return;
|
|
109
|
+
await initializeTreeSitter();
|
|
110
|
+
}
|
|
111
|
+
/** Lazily register a single grammar the first time it is needed. */
|
|
112
|
+
async ensureLanguageRegistered(language) {
|
|
113
|
+
if (this.REGISTERED_GRAMMARS.has(language))
|
|
88
114
|
return;
|
|
89
|
-
|
|
90
|
-
const
|
|
91
|
-
|
|
92
|
-
:
|
|
93
|
-
|
|
94
|
-
|
|
115
|
+
await this.ensureRuntimeInit();
|
|
116
|
+
const wasmPath = await ensureGrammar(language, {
|
|
117
|
+
logger: this.logger,
|
|
118
|
+
showProgressBar: this.showProgressBar,
|
|
119
|
+
});
|
|
120
|
+
await registerDynamicLanguage({ [language]: { libraryPath: wasmPath } });
|
|
121
|
+
this.REGISTERED_GRAMMARS.add(language);
|
|
95
122
|
}
|
|
96
123
|
stripQuotes(value) {
|
|
97
124
|
return value
|
|
@@ -100,11 +127,11 @@ export class AstGrepClient {
|
|
|
100
127
|
.replace(/[;,)]+$/, "")
|
|
101
128
|
.trim();
|
|
102
129
|
}
|
|
103
|
-
|
|
104
|
-
if (!this.
|
|
105
|
-
this.
|
|
130
|
+
getSgRootCache(language) {
|
|
131
|
+
if (!this.SG_ROOT_CACHE_BY_CONTENT[language]) {
|
|
132
|
+
this.SG_ROOT_CACHE_BY_CONTENT[language] = new Map();
|
|
106
133
|
}
|
|
107
|
-
return this.
|
|
134
|
+
return this.SG_ROOT_CACHE_BY_CONTENT[language];
|
|
108
135
|
}
|
|
109
136
|
hashContent(content) {
|
|
110
137
|
// FNV-1a 32-bit (fast, non-cryptographic)
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { TreesitterGrammar } from "../treesitter/registry.js";
|
|
2
|
+
import type { AnalyzerConfig, LanguagePolicy, RiskReportConfig } from "./types.js";
|
|
3
|
+
export declare const NODE_BUILTIN_IMPORTS: readonly ["buffer", "child_process", "crypto", "events", "fs", "fs/promises", "http", "https", "os", "path", "stream", "timers", "url", "util", "node:buffer", "node:child_process", "node:crypto", "node:events", "node:fs", "node:fs/promises", "node:http", "node:https", "node:os", "node:path", "node:stream", "node:timers", "node:url", "node:util"];
|
|
4
|
+
export declare const PYTHON_BUILTIN_IMPORTS: readonly ["argparse", "collections", "datetime", "functools", "hashlib", "itertools", "json", "logging", "math", "os", "os.path", "pathlib", "re", "shutil", "subprocess", "sys", "tempfile", "typing", "urllib", "urllib.parse", "urllib.request"];
|
|
5
|
+
export declare const DEFAULT_ALLOWLIST_LANGUAGES: Partial<Record<TreesitterGrammar, LanguagePolicy>>;
|
|
6
|
+
export declare const DEFAULT_RISK_REPORT_CONFIG: Required<RiskReportConfig>;
|
|
7
|
+
export declare const DEFAULT_ANALYZER_CONFIG: AnalyzerConfig;
|
|
8
|
+
//# sourceMappingURL=default.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default.d.ts","sourceRoot":"","sources":["../../../src/analyzer/config/default.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnF,eAAO,MAAM,oBAAoB,6VA6BvB,CAAC;AAEX,eAAO,MAAM,sBAAsB,qPAsBzB,CAAC;AAEX,eAAO,MAAM,2BAA2B,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAK1F,CAAC;AAEF,eAAO,MAAM,0BAA0B,EAAE,QAAQ,CAAC,gBAAgB,CAmBjE,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAWrC,CAAC"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
export const NODE_BUILTIN_IMPORTS = [
|
|
2
|
+
"buffer",
|
|
3
|
+
"child_process",
|
|
4
|
+
"crypto",
|
|
5
|
+
"events",
|
|
6
|
+
"fs",
|
|
7
|
+
"fs/promises",
|
|
8
|
+
"http",
|
|
9
|
+
"https",
|
|
10
|
+
"os",
|
|
11
|
+
"path",
|
|
12
|
+
"stream",
|
|
13
|
+
"timers",
|
|
14
|
+
"url",
|
|
15
|
+
"util",
|
|
16
|
+
"node:buffer",
|
|
17
|
+
"node:child_process",
|
|
18
|
+
"node:crypto",
|
|
19
|
+
"node:events",
|
|
20
|
+
"node:fs",
|
|
21
|
+
"node:fs/promises",
|
|
22
|
+
"node:http",
|
|
23
|
+
"node:https",
|
|
24
|
+
"node:os",
|
|
25
|
+
"node:path",
|
|
26
|
+
"node:stream",
|
|
27
|
+
"node:timers",
|
|
28
|
+
"node:url",
|
|
29
|
+
"node:util",
|
|
30
|
+
];
|
|
31
|
+
export const PYTHON_BUILTIN_IMPORTS = [
|
|
32
|
+
"argparse",
|
|
33
|
+
"collections",
|
|
34
|
+
"datetime",
|
|
35
|
+
"functools",
|
|
36
|
+
"hashlib",
|
|
37
|
+
"itertools",
|
|
38
|
+
"json",
|
|
39
|
+
"logging",
|
|
40
|
+
"math",
|
|
41
|
+
"os",
|
|
42
|
+
"os.path",
|
|
43
|
+
"pathlib",
|
|
44
|
+
"re",
|
|
45
|
+
"shutil",
|
|
46
|
+
"subprocess",
|
|
47
|
+
"sys",
|
|
48
|
+
"tempfile",
|
|
49
|
+
"typing",
|
|
50
|
+
"urllib",
|
|
51
|
+
"urllib.parse",
|
|
52
|
+
"urllib.request",
|
|
53
|
+
];
|
|
54
|
+
export const DEFAULT_ALLOWLIST_LANGUAGES = {
|
|
55
|
+
javascript: { imports: [...NODE_BUILTIN_IMPORTS] },
|
|
56
|
+
typescript: { imports: [...NODE_BUILTIN_IMPORTS] },
|
|
57
|
+
tsx: { imports: [...NODE_BUILTIN_IMPORTS] },
|
|
58
|
+
python: { imports: [...PYTHON_BUILTIN_IMPORTS] },
|
|
59
|
+
};
|
|
60
|
+
export const DEFAULT_RISK_REPORT_CONFIG = {
|
|
61
|
+
baseScore: {
|
|
62
|
+
info: 0,
|
|
63
|
+
warning: 1,
|
|
64
|
+
critical: 5,
|
|
65
|
+
},
|
|
66
|
+
uplift: {
|
|
67
|
+
"NETWORK:data_exfiltration": 5,
|
|
68
|
+
"NETWORK:remote_code_execution": 5,
|
|
69
|
+
"NETWORK:credential_leak": 7,
|
|
70
|
+
"NETWORK:localhost_secret_exposure": 2,
|
|
71
|
+
},
|
|
72
|
+
thresholds: {
|
|
73
|
+
safe: 0,
|
|
74
|
+
caution: 1,
|
|
75
|
+
attention: 3,
|
|
76
|
+
risky: 5,
|
|
77
|
+
avoid: 7,
|
|
78
|
+
},
|
|
79
|
+
};
|
|
80
|
+
export const DEFAULT_ANALYZER_CONFIG = {
|
|
81
|
+
scan: {
|
|
82
|
+
maxFileSize: 1_000_000,
|
|
83
|
+
maxFileCount: 100,
|
|
84
|
+
maxScanDepth: 5,
|
|
85
|
+
},
|
|
86
|
+
allowlist: {
|
|
87
|
+
languages: DEFAULT_ALLOWLIST_LANGUAGES,
|
|
88
|
+
},
|
|
89
|
+
denylist: undefined,
|
|
90
|
+
riskReport: DEFAULT_RISK_REPORT_CONFIG,
|
|
91
|
+
};
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { AnalyzerConfig } from "./types.js";
|
|
2
|
+
type DeepPartial<T> = {
|
|
3
|
+
[K in keyof T]?: T[K] extends Array<infer U> ? Array<U> : T[K] extends Record<string, unknown> ? DeepPartial<T[K]> : T[K];
|
|
4
|
+
};
|
|
5
|
+
export declare function resolveConfig(partial?: Partial<AnalyzerConfig>): AnalyzerConfig;
|
|
6
|
+
export declare function deepMergeJson<T extends Record<string, unknown>>(base: T, override: DeepPartial<T>): T;
|
|
7
|
+
export {};
|
|
8
|
+
//# sourceMappingURL=helpers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/analyzer/config/helpers.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAa,cAAc,EAAiC,MAAM,YAAY,CAAC;AAE3F,KAAK,WAAW,CAAC,CAAC,IAAI;KACjB,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,GACjD,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GACxD,CAAC,CAAC,CAAC,CAAC;CACb,CAAC;AAEF,wBAAgB,aAAa,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,cAAc,CAY/E;AAED,wBAAgB,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3D,IAAI,EAAE,CAAC,EACP,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,GACzB,CAAC,CAqBH"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { DEFAULT_ANALYZER_CONFIG } from "./default.js";
|
|
2
|
+
export function resolveConfig(partial) {
|
|
3
|
+
const defaultScan = DEFAULT_ANALYZER_CONFIG.scan ?? {};
|
|
4
|
+
const partialScan = partial?.scan ?? {};
|
|
5
|
+
const defaultRiskReport = DEFAULT_ANALYZER_CONFIG.riskReport ?? {};
|
|
6
|
+
const partialRiskReport = partial?.riskReport ?? {};
|
|
7
|
+
return {
|
|
8
|
+
scan: deepMergeJson(defaultScan, partialScan),
|
|
9
|
+
allowlist: mergeAllowlist(DEFAULT_ANALYZER_CONFIG.allowlist, partial?.allowlist),
|
|
10
|
+
denylist: mergeAllowlist(DEFAULT_ANALYZER_CONFIG.denylist, partial?.denylist),
|
|
11
|
+
riskReport: deepMergeJson(defaultRiskReport, partialRiskReport),
|
|
12
|
+
};
|
|
13
|
+
}
|
|
14
|
+
export function deepMergeJson(base, override) {
|
|
15
|
+
const result = { ...base };
|
|
16
|
+
for (const key of Object.keys(override)) {
|
|
17
|
+
const baseValue = result[key];
|
|
18
|
+
const overrideValue = override[key];
|
|
19
|
+
if (overrideValue === undefined)
|
|
20
|
+
continue;
|
|
21
|
+
if (isPlainObject(baseValue) && isPlainObject(overrideValue)) {
|
|
22
|
+
result[key] = deepMergeJson(baseValue, overrideValue);
|
|
23
|
+
continue;
|
|
24
|
+
}
|
|
25
|
+
result[key] = overrideValue;
|
|
26
|
+
}
|
|
27
|
+
return result;
|
|
28
|
+
}
|
|
29
|
+
function isPlainObject(value) {
|
|
30
|
+
if (typeof value !== "object" || value === null)
|
|
31
|
+
return false;
|
|
32
|
+
if (Array.isArray(value))
|
|
33
|
+
return false;
|
|
34
|
+
return Object.getPrototypeOf(value) === Object.prototype;
|
|
35
|
+
}
|
|
36
|
+
function mergeAllowlist(base, override) {
|
|
37
|
+
if (!base && !override)
|
|
38
|
+
return undefined;
|
|
39
|
+
const languages = mergeLanguagePolicies(base?.languages, override?.languages);
|
|
40
|
+
const network = mergeNetworkPolicy(base?.network, override?.network);
|
|
41
|
+
if (!languages && !network)
|
|
42
|
+
return undefined;
|
|
43
|
+
return { languages, network };
|
|
44
|
+
}
|
|
45
|
+
function mergeLanguagePolicies(base, override) {
|
|
46
|
+
if (!base && !override)
|
|
47
|
+
return undefined;
|
|
48
|
+
const keys = new Set([
|
|
49
|
+
...Object.keys(base ?? {}),
|
|
50
|
+
...Object.keys(override ?? {}),
|
|
51
|
+
]);
|
|
52
|
+
const result = {};
|
|
53
|
+
for (const key of keys) {
|
|
54
|
+
const imports = mergeStringList(base?.[key]?.imports, override?.[key]?.imports);
|
|
55
|
+
if (!imports)
|
|
56
|
+
continue;
|
|
57
|
+
result[key] = { imports };
|
|
58
|
+
}
|
|
59
|
+
return Object.keys(result).length > 0 ? result : undefined;
|
|
60
|
+
}
|
|
61
|
+
function mergeNetworkPolicy(base, override) {
|
|
62
|
+
if (!base && !override)
|
|
63
|
+
return undefined;
|
|
64
|
+
const domains = mergeStringList(base?.domains, override?.domains);
|
|
65
|
+
return domains ? { domains } : undefined;
|
|
66
|
+
}
|
|
67
|
+
function mergeStringList(base, override) {
|
|
68
|
+
if (!base && !override)
|
|
69
|
+
return undefined;
|
|
70
|
+
const values = new Set([...(base ?? []), ...(override ?? [])]);
|
|
71
|
+
return values.size > 0 ? [...values] : undefined;
|
|
72
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../../src/analyzer/config/mod.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
import type { RiskCode } from "../../shared/mod.js";
|
|
2
|
+
import { PermissionScope } from "../../shared/mod.js";
|
|
3
|
+
import type { TreesitterGrammar } from "../treesitter/registry.js";
|
|
4
|
+
export declare const DEFAULT_SKILL_VERSION = "0.0.1";
|
|
5
|
+
export type LanguagePolicy = {
|
|
6
|
+
imports?: string[];
|
|
7
|
+
};
|
|
8
|
+
export type NetworkPolicy = {
|
|
9
|
+
domains?: string[];
|
|
10
|
+
};
|
|
11
|
+
export type ScanConfig = {
|
|
12
|
+
maxFileSize?: number;
|
|
13
|
+
maxFileCount?: number;
|
|
14
|
+
maxScanDepth?: number;
|
|
15
|
+
};
|
|
16
|
+
export type Allowlist = {
|
|
17
|
+
languages?: Partial<Record<TreesitterGrammar, LanguagePolicy>>;
|
|
18
|
+
network?: NetworkPolicy;
|
|
19
|
+
};
|
|
20
|
+
export type Denylist = {
|
|
21
|
+
languages?: Partial<Record<TreesitterGrammar, LanguagePolicy>>;
|
|
22
|
+
network?: NetworkPolicy;
|
|
23
|
+
};
|
|
24
|
+
export type AnalyzerConfig = {
|
|
25
|
+
scan?: ScanConfig;
|
|
26
|
+
allowlist?: Allowlist;
|
|
27
|
+
denylist?: Denylist;
|
|
28
|
+
riskReport?: RiskReportConfig;
|
|
29
|
+
};
|
|
30
|
+
export type RiskUpliftConfig = Partial<Record<RiskCode, number>>;
|
|
31
|
+
export type RiskThresholdConfig = {
|
|
32
|
+
safe: number;
|
|
33
|
+
caution: number;
|
|
34
|
+
attention: number;
|
|
35
|
+
risky: number;
|
|
36
|
+
avoid: number;
|
|
37
|
+
};
|
|
38
|
+
export type RiskReportConfig = {
|
|
39
|
+
baseScore?: {
|
|
40
|
+
info?: number;
|
|
41
|
+
warning?: number;
|
|
42
|
+
critical?: number;
|
|
43
|
+
};
|
|
44
|
+
uplift?: RiskUpliftConfig;
|
|
45
|
+
thresholds?: Partial<RiskThresholdConfig>;
|
|
46
|
+
};
|
|
47
|
+
export declare const ALLOWED_TOOLS_MAPPING: Record<string, {
|
|
48
|
+
tool: string;
|
|
49
|
+
scope: PermissionScope;
|
|
50
|
+
permission: string;
|
|
51
|
+
}>;
|
|
52
|
+
export declare const TOOLS_MAPPING: Record<string, {
|
|
53
|
+
scope: PermissionScope;
|
|
54
|
+
permission: string;
|
|
55
|
+
}>;
|
|
56
|
+
export declare const UNSUPPORTED_SKILL_FRONTMATTER_FIELDS: readonly ["argument-hint", "disable-model-invocation", "user-invocable", "model", "context", "agent", "hooks"];
|
|
57
|
+
export declare const FRONTMATTER_SUPPORTED_FIELDS: readonly ["name", "description", "license", "compatibility", "metadata", "allowed-tools"];
|
|
58
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analyzer/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,eAAO,MAAM,qBAAqB,UAAU,CAAC;AAE7C,MAAM,MAAM,cAAc,GAAG;IACzB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,EAAE,aAAa,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,EAAE,aAAa,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IACzB,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,UAAU,CAAC,EAAE,gBAAgB,CAAC;CACjC,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAEjE,MAAM,MAAM,mBAAmB,GAAG;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC3B,SAAS,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAC1B,UAAU,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;CAC7C,CAAC;AAEF,eAAO,MAAM,qBAAqB,EAAE,MAAM,CACtC,MAAM,EACN;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,eAAe,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAS/D,CAAC;AAEF,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,KAAK,EAAE,eAAe,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAaxF,CAAC;AAEF,eAAO,MAAM,oCAAoC,gHAQvC,CAAC;AAEX,eAAO,MAAM,4BAA4B,2FAO/B,CAAC"}
|
|
@@ -1,9 +1,4 @@
|
|
|
1
1
|
export const DEFAULT_SKILL_VERSION = "0.0.1";
|
|
2
|
-
export const DEFAULT_CONFIG = {
|
|
3
|
-
maxFileSize: 1_000_000,
|
|
4
|
-
maxFileCount: 100,
|
|
5
|
-
maxScanDepth: 5,
|
|
6
|
-
};
|
|
7
2
|
export const ALLOWED_TOOLS_MAPPING = {
|
|
8
3
|
Bash: { tool: "bash", scope: "sys", permission: "shell" },
|
|
9
4
|
Read: { tool: "read", scope: "fs", permission: "read" },
|
|
@@ -27,29 +22,6 @@ export const TOOLS_MAPPING = {
|
|
|
27
22
|
deno: { scope: "sys", permission: "shell" },
|
|
28
23
|
docker: { scope: "sys", permission: "shell" },
|
|
29
24
|
};
|
|
30
|
-
export const SCORING = {
|
|
31
|
-
severity: {
|
|
32
|
-
info: 0,
|
|
33
|
-
warning: 2,
|
|
34
|
-
critical: 4,
|
|
35
|
-
},
|
|
36
|
-
permissions: {
|
|
37
|
-
"fs:read": 1,
|
|
38
|
-
"env:read": 1,
|
|
39
|
-
"net:fetch": 1,
|
|
40
|
-
"fs:write": 2,
|
|
41
|
-
"sys:shell": 2,
|
|
42
|
-
"sys:subprocess": 2,
|
|
43
|
-
"sys:sudo": 3,
|
|
44
|
-
},
|
|
45
|
-
scopeWildcard: 1,
|
|
46
|
-
uplift: {
|
|
47
|
-
externalPost: 2,
|
|
48
|
-
pipeToShell: 3,
|
|
49
|
-
multipleCritical: 1,
|
|
50
|
-
secretsInRequest: 2,
|
|
51
|
-
},
|
|
52
|
-
};
|
|
53
25
|
export const UNSUPPORTED_SKILL_FRONTMATTER_FIELDS = [
|
|
54
26
|
"argument-hint",
|
|
55
27
|
"disable-model-invocation",
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../src/analyzer/logging.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,eAAO,MAAM,YAAY,EAAE,cAK1B,CAAC"}
|
package/esm/analyzer/mod.d.ts
CHANGED
|
@@ -1,21 +1,28 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { SkillAnalyzerResult } from "./result.js";
|
|
2
|
+
import type { AnalyzerConfig, AnalyzerLogger, AnalyzerState } from "./types.js";
|
|
2
3
|
import type { SkillReaderFactoryOptions } from "../skillreader/factory.js";
|
|
3
|
-
export type { AnalyzerConfig,
|
|
4
|
-
export {
|
|
4
|
+
export type { AnalyzerConfig, AnalyzerLogger, AnalyzerState } from "./types.js";
|
|
5
|
+
export type { Allowlist, Denylist, LanguagePolicy, NetworkPolicy, RiskReportConfig, ScanConfig, } from "./config/mod.js";
|
|
6
|
+
export { SkillAnalyzerResult } from "./result.js";
|
|
7
|
+
export { DEFAULT_ANALYZER_CONFIG, DEFAULT_SKILL_VERSION, resolveConfig } from "./config/mod.js";
|
|
5
8
|
export type AnalyzerAnalyzeInput = SkillReaderFactoryOptions & {
|
|
6
9
|
skillId?: string;
|
|
7
10
|
skillVersionId?: string;
|
|
8
11
|
config?: Partial<AnalyzerConfig>;
|
|
12
|
+
logger?: AnalyzerLogger;
|
|
13
|
+
showProgressBar?: boolean;
|
|
9
14
|
};
|
|
10
15
|
export declare class Analyzer {
|
|
11
|
-
analyze(input: AnalyzerAnalyzeInput): Promise<
|
|
16
|
+
analyze(input: AnalyzerAnalyzeInput): Promise<SkillAnalyzerResult>;
|
|
12
17
|
}
|
|
13
18
|
export declare function runAnalysis(input: {
|
|
14
19
|
options: SkillReaderFactoryOptions;
|
|
15
20
|
skillId?: string;
|
|
16
21
|
skillVersionId?: string;
|
|
17
22
|
config?: Partial<AnalyzerConfig>;
|
|
18
|
-
|
|
23
|
+
logger?: AnalyzerLogger;
|
|
24
|
+
showProgressBar?: boolean;
|
|
25
|
+
}): Promise<SkillAnalyzerResult>;
|
|
19
26
|
export declare function createInitialState(input?: {
|
|
20
27
|
skillId?: string;
|
|
21
28
|
skillVersionId?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/analyzer/mod.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AAK3E,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/analyzer/mod.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AAK3E,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChF,YAAY,EACR,SAAS,EACT,QAAQ,EACR,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,UAAU,GACb,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhG,MAAM,MAAM,oBAAoB,GAAG,yBAAyB,GAAG;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,qBAAa,QAAQ;IACjB,OAAO,CAAC,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAerE;AAED,wBAAsB,WAAW,CAAC,KAAK,EAAE;IACrC,OAAO,EAAE,yBAAyB,CAAC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA+B/B;AAED,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;CACpC,GAAG,aAAa,CAwBhB"}
|