@guava-parity/guard-scanner 13.0.0 → 16.0.0

package/src/vt-client.js

@@ -1,202 +0,0 @@
-/**
- * guard-scanner v7 — VirusTotal API v3 Client
- *
- * @security-manifest
- *   env-read: [VT_API_KEY]
- *   env-write: []
- *   network: [virustotal.com API v3]
- *   fs-read: [files for SHA256 hashing]
- *   fs-write: []
- *   exec: none
- *   purpose: VirusTotal threat intelligence integration
- */
-
-const https = require('https');
-const crypto = require('crypto');
-const fs = require('fs');
-
-const VT_API_BASE = 'https://www.virustotal.com/api/v3';
-const VT_RATE_LIMIT = 4; // requests per minute (free tier)
-
-class VTClient {
-    constructor(apiKey, options = {}) {
-        if (!apiKey) throw new Error('VirusTotal API key is required. Set VT_API_KEY environment variable.');
-        this.apiKey = apiKey;
-        this.timeout = options.timeout || 15000;
-        this.verbose = options.verbose || false;
-        this._requestCount = 0;
-        this._windowStart = Date.now();
-        this._httpGet = options._httpGet || null; // DI for testing
-        this._httpPost = options._httpPost || null;
-    }
-
-    // ── Rate limiter (4 req/min free tier) ──────────────────────
-    async _throttle() {
-        const now = Date.now();
-        const elapsed = now - this._windowStart;
-        if (elapsed >= 60000) {
-            this._requestCount = 0;
-            this._windowStart = now;
-        }
-        if (this._requestCount >= VT_RATE_LIMIT) {
-            const waitMs = 60000 - elapsed + 100;
-            if (this.verbose) console.log(`⏳ VT rate limit: waiting ${Math.ceil(waitMs / 1000)}s`);
-            await new Promise(r => setTimeout(r, waitMs));
-            this._requestCount = 0;
-            this._windowStart = Date.now();
-        }
-        this._requestCount++;
-    }
-
-    // ── HTTP helpers ────────────────────────────────────────────
-    async _get(path) {
-        await this._throttle();
-        if (this._httpGet) return this._httpGet(`${VT_API_BASE}${path}`);
-
-        return new Promise((resolve, reject) => {
-            const req = https.request({
-                hostname: 'www.virustotal.com',
-                path: `/api/v3${path}`,
-                method: 'GET',
-                headers: {
-                    'x-apikey': this.apiKey,
-                    'Accept': 'application/json',
-                },
-            }, (res) => {
-                let data = '';
-                res.on('data', chunk => { data += chunk; });
-                res.on('end', () => {
-                    try {
-                        const parsed = JSON.parse(data);
-                        if (res.statusCode === 429) {
-                            reject(new Error('VT rate limit exceeded'));
-                        } else if (res.statusCode === 404) {
-                            resolve({ found: false, data: null });
-                        } else if (res.statusCode >= 200 && res.statusCode < 300) {
-                            resolve({ found: true, data: parsed });
-                        } else {
-                            reject(new Error(`VT API error ${res.statusCode}: ${JSON.stringify(parsed).substring(0, 200)}`));
-                        }
-                    } catch (e) {
-                        reject(new Error(`VT response parse error: ${e.message}`));
-                    }
-                });
-            });
-            req.on('error', reject);
-            req.setTimeout(this.timeout, () => { req.destroy(); reject(new Error('VT API timeout')); });
-            req.end();
-        });
-    }
-
-    // ── File Hash Lookup ───────────────────────────────────────
-    async lookupHash(hash) {
-        if (!hash || hash.length < 32) throw new Error('Invalid hash: provide MD5, SHA1, or SHA256');
-        const result = await this._get(`/files/${hash}`);
-
-        if (!result.found) {
-            return { found: false, hash, malicious: 0, suspicious: 0, harmless: 0, undetected: 0, engines: {} };
-        }
-
-        const attrs = result.data.data?.attributes || {};
-        const stats = attrs.last_analysis_stats || {};
-        const results = attrs.last_analysis_results || {};
-
-        // Extract detected engines
-        const detectedEngines = {};
-        for (const [engine, info] of Object.entries(results)) {
-            if (info.category === 'malicious' || info.category === 'suspicious') {
-                detectedEngines[engine] = { category: info.category, result: info.result };
-            }
-        }
-
-        return {
-            found: true,
-            hash,
-            malicious: stats.malicious || 0,
-            suspicious: stats.suspicious || 0,
-            harmless: stats.harmless || 0,
-            undetected: stats.undetected || 0,
-            engines: detectedEngines,
-            reputation: attrs.reputation || 0,
-            tags: attrs.tags || [],
-        };
-    }
-
-    // ── URL Scan ───────────────────────────────────────────────
-    async scanURL(url) {
-        if (!url) throw new Error('URL is required');
-        // URL ID = base64url of the URL
-        const urlId = Buffer.from(url).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
-        const result = await this._get(`/urls/${urlId}`);
-
-        if (!result.found) {
-            return { found: false, url, malicious: 0, suspicious: 0, harmless: 0 };
-        }
-
-        const attrs = result.data.data?.attributes || {};
-        const stats = attrs.last_analysis_stats || {};
-
-        return {
-            found: true,
-            url,
-            malicious: stats.malicious || 0,
-            suspicious: stats.suspicious || 0,
-            harmless: stats.harmless || 0,
-            categories: attrs.categories || {},
-        };
-    }
-
-    // ── Domain Report ──────────────────────────────────────────
-    async checkDomain(domain) {
-        if (!domain) throw new Error('Domain is required');
-        const result = await this._get(`/domains/${domain}`);
-
-        if (!result.found) {
-            return { found: false, domain, reputation: 0, malicious: 0 };
-        }
-
-        const attrs = result.data.data?.attributes || {};
-        const stats = attrs.last_analysis_stats || {};
-
-        return {
-            found: true,
-            domain,
-            reputation: attrs.reputation || 0,
-            malicious: stats.malicious || 0,
-            suspicious: stats.suspicious || 0,
-            categories: attrs.categories || {},
-            registrar: attrs.registrar || 'unknown',
-        };
-    }
-
-    // ── IP Report ──────────────────────────────────────────────
-    async checkIP(ip) {
-        if (!ip) throw new Error('IP address is required');
-        const result = await this._get(`/ip_addresses/${ip}`);
-
-        if (!result.found) {
-            return { found: false, ip, reputation: 0, malicious: 0 };
-        }
-
-        const attrs = result.data.data?.attributes || {};
-        const stats = attrs.last_analysis_stats || {};
-
-        return {
-            found: true,
-            ip,
-            reputation: attrs.reputation || 0,
-            malicious: stats.malicious || 0,
-            suspicious: stats.suspicious || 0,
-            country: attrs.country || 'unknown',
-            as_owner: attrs.as_owner || 'unknown',
-        };
-    }
-
-    // ── File SHA256 helper ──────────────────────────────────────
-    static hashFile(filePath) {
-        const content = fs.readFileSync(filePath);
-        return crypto.createHash('sha256').update(content).digest('hex');
-    }
-}
-
-module.exports = { VTClient, VT_API_BASE, VT_RATE_LIMIT };

package/src/watcher.js

@@ -1,170 +0,0 @@
-/**
- * guard-scanner v8 — Real-time File Watcher
- *
- * @security-manifest
- *   env-read: []
- *   env-write: []
- *   network: none
- *   fs-read: [watched directory]
- *   fs-write: []
- *   exec: none
- *   purpose: Real-time file system monitoring for security threats
- */
-
-const fs = require('fs');
-const path = require('path');
-const { GuardScanner } = require('./scanner.js');
-const EventEmitter = require('events');
-
-class GuardWatcher extends EventEmitter {
-    constructor(options = {}) {
-        super();
-        this.verbose = options.verbose || false;
-        this.strict = options.strict || false;
-        this.soulLock = options.soulLock || false;
-        this.debounceMs = options.debounceMs || 300;
-        this.quiet = options.quiet || false;
-        this._watchers = [];
-        this._debounceTimers = new Map();
-        this._running = false;
-        this._scanCount = 0;
-        this._alertCount = 0;
-    }
-
-    watch(directory) {
-        if (!directory) throw new Error('Watch directory is required');
-        if (!fs.existsSync(directory)) throw new Error(`Directory not found: ${directory}`);
-        if (!fs.statSync(directory).isDirectory()) throw new Error(`Not a directory: ${directory}`);
-
-        this._running = true;
-
-        if (!this.quiet) {
-            console.log(`\n🛡️  guard-scanner watch mode`);
-            console.log(`👁️  Watching: ${path.resolve(directory)}`);
-            console.log(`⚡ Strict: ${this.strict ? 'ON' : 'OFF'}`);
-            console.log(`🔒 Soul Lock: ${this.soulLock ? 'ON' : 'OFF'}`);
-            console.log('───────────────────────────────');
-            console.log('Press Ctrl+C to stop\n');
-        }
-
-        try {
-            const watcher = fs.watch(directory, { recursive: true }, (eventType, filename) => {
-                if (!filename || !this._running) return;
-                const fullPath = path.join(directory, filename);
-
-                // Debounce
-                if (this._debounceTimers.has(fullPath)) {
-                    clearTimeout(this._debounceTimers.get(fullPath));
-                }
-                this._debounceTimers.set(fullPath, setTimeout(() => {
-                    this._debounceTimers.delete(fullPath);
-                    this._onFileChange(directory, filename, eventType);
-                }, this.debounceMs));
-            });
-
-            this._watchers.push(watcher);
-            this.emit('watching', { directory: path.resolve(directory) });
-        } catch (e) {
-            this.emit('error', e);
-        }
-
-        return this;
-    }
-
-    _onFileChange(baseDir, filename, eventType) {
-        if (!this._running) return;
-
-        // Skip hidden files, node_modules, .git
-        if (filename.startsWith('.') || filename.includes('node_modules') || filename.includes('.git')) {
-            return;
-        }
-
-        // Skip non-code files
-        const ext = path.extname(filename).toLowerCase();
-        const codeExts = ['.js', '.ts', '.py', '.sh', '.md', '.json', '.yaml', '.yml', '.toml'];
-        if (!codeExts.includes(ext)) return;
-
-        const fullPath = path.join(baseDir, filename);
-        if (!fs.existsSync(fullPath)) {
-            this.emit('deleted', { file: filename });
-            return;
-        }
-
-        this._scanCount++;
-        const scanner = new GuardScanner({
-            summaryOnly: true,
-            strict: this.strict,
-            soulLock: this.soulLock,
-            quiet: true,
-        });
-
-        // Find the skill directory (parent directory of the changed file)
-        const skillDir = path.dirname(fullPath);
-        const skillName = path.basename(skillDir);
-
-        try {
-            scanner.scanSkill(skillDir, skillName);
-            const findings = scanner.findings[0];
-
-            if (findings && findings.findings.length > 0) {
-                this._alertCount += findings.findings.length;
-                const result = {
-                    file: filename,
-                    skill: skillName,
-                    eventType,
-                    verdict: findings.verdict,
-                    risk: findings.risk,
-                    findingCount: findings.findings.length,
-                    findings: findings.findings,
-                    timestamp: new Date().toISOString(),
-                };
-
-                this.emit('alert', result);
-
-                if (!this.quiet) {
-                    const icon = findings.verdict === 'MALICIOUS' ? '🚨' :
-                        findings.verdict === 'SUSPICIOUS' ? '⚠️' : '🔶';
-                    console.log(`${icon} [${new Date().toLocaleTimeString()}] ${findings.verdict} — ${filename}`);
-                    console.log(`   Risk: ${findings.risk} | Findings: ${findings.findings.length}`);
-                    if (this.verbose) {
-                        for (const f of findings.findings.slice(0, 5)) {
-                            console.log(`   → [${f.severity}] ${f.id}: ${f.desc}`);
-                        }
-                    }
-                }
-            } else {
-                this.emit('clean', { file: filename, skill: skillName });
-                if (this.verbose && !this.quiet) {
-                    console.log(`✅ [${new Date().toLocaleTimeString()}] CLEAN — ${filename}`);
-                }
-            }
-        } catch (e) {
-            this.emit('error', { file: filename, error: e.message });
-        }
-    }
-
-    stop() {
-        this._running = false;
-        for (const w of this._watchers) {
-            try { w.close(); } catch (e) { /* ignore */ }
-        }
-        this._watchers = [];
-        for (const t of this._debounceTimers.values()) {
-            clearTimeout(t);
-        }
-        this._debounceTimers.clear();
-        this.emit('stopped', { scanCount: this._scanCount, alertCount: this._alertCount });
-        return { scanCount: this._scanCount, alertCount: this._alertCount };
-    }
-
-    getStats() {
-        return {
-            running: this._running,
-            scanCount: this._scanCount,
-            alertCount: this._alertCount,
-            watcherCount: this._watchers.length,
-        };
-    }
-}
-
-module.exports = { GuardWatcher };