npm - @hatem427/code-guard-ci - Versions diffs - 1.0.5 → 1.1.0 - Mend

@hatem427/code-guard-ci 1.0.5 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/README.md +37 -8
package/dist/scripts/cli.js +15 -4
package/dist/scripts/cli.js.map +1 -1
package/dist/scripts/precommit-check.d.ts.map +1 -1
package/dist/scripts/precommit-check.js +32 -15
package/dist/scripts/precommit-check.js.map +1 -1
package/dist/scripts/setup-supabase.d.ts +8 -0
package/dist/scripts/setup-supabase.d.ts.map +1 -0
package/dist/scripts/setup-supabase.js +172 -0
package/dist/scripts/setup-supabase.js.map +1 -0
package/dist/scripts/test-remote-db.d.ts +8 -0
package/dist/scripts/test-remote-db.d.ts.map +1 -0
package/dist/scripts/test-remote-db.js +15 -0
package/dist/scripts/test-remote-db.js.map +1 -0
package/dist/scripts/utils/bypass-manager.d.ts +1 -1
package/dist/scripts/utils/bypass-manager.d.ts.map +1 -1
package/dist/scripts/utils/bypass-manager.js +29 -1
package/dist/scripts/utils/bypass-manager.js.map +1 -1
package/dist/scripts/utils/remote-logger.d.ts +49 -0
package/dist/scripts/utils/remote-logger.d.ts.map +1 -0
package/dist/scripts/utils/remote-logger.js +251 -0
package/dist/scripts/utils/remote-logger.js.map +1 -0
package/dist/scripts/utils/security-check.d.ts +12 -0
package/dist/scripts/utils/security-check.d.ts.map +1 -0
package/dist/scripts/utils/security-check.js +126 -0
package/dist/scripts/utils/security-check.js.map +1 -0
package/dist/scripts/view-bypass-log.js +35 -2
package/dist/scripts/view-bypass-log.js.map +1 -1
package/package.json +5 -1
package/scripts/cli.ts +16 -4
package/scripts/precommit-check.ts +38 -14
package/scripts/setup-supabase.ts +158 -0
package/scripts/test-remote-db.ts +14 -0
package/scripts/utils/bypass-manager.ts +30 -2
package/scripts/utils/remote-logger.ts +256 -0
package/scripts/utils/security-check.ts +108 -0
package/scripts/view-bypass-log.ts +37 -2

package/scripts/utils/security-check.ts ADDED Viewed

@@ -0,0 +1,108 @@
+#!/usr/bin/env node
+/**
+ * ============================================================================
+ * first-run-check.ts — Force password change on first use
+ * ============================================================================
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+const BYPASS_DIR = '.code-guardian';
+const PASSWORD_FILE = 'bypass-password.hash';
+const ADMIN_FILE = 'admin-credentials.hash';
+const SETUP_COMPLETE_FILE = 'setup-complete';
+const DEFAULT_PASSWORD_HASH = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92';
+const DEFAULT_ADMIN_PASSWORD_HASH = '240be518fabd2724ddb6f04eeb1da5967448d7e831c08c8fa822809f74c720a9';
+function checkSecurity(): boolean {
+  const dir = path.join(process.cwd(), BYPASS_DIR);
+  const setupFile = path.join(dir, SETUP_COMPLETE_FILE);
+  // If setup already complete, skip
+  if (fs.existsSync(setupFile)) {
+    return true;
+  }
+  const passwordPath = path.join(dir, PASSWORD_FILE);
+  const adminPath = path.join(dir, ADMIN_FILE);
+  // Check if still using default passwords
+  const usingDefaultBypass = !fs.existsSync(passwordPath) ||
+    fs.readFileSync(passwordPath, 'utf-8').trim() === DEFAULT_PASSWORD_HASH;
+  const usingDefaultAdmin = !fs.existsSync(adminPath) ||
+    fs.readFileSync(adminPath, 'utf-8').trim() === DEFAULT_ADMIN_PASSWORD_HASH;
+  if (usingDefaultBypass || usingDefaultAdmin) {
+    console.error(`
+╔═══════════════════════════════════════════════════════════╗
+║              🔒 CRITICAL SECURITY WARNING 🔒              ║
+╚═══════════════════════════════════════════════════════════╝
+⚠️  You are using DEFAULT PASSWORDS! This is a SECURITY RISK!
+Default passwords are publicly known and published in the source code:
+  - Bypass password: "bypass123"
+  - Admin password: "admin123"
+Anyone who can see your repository can bypass ALL security checks!
+📋 REQUIRED ACTIONS (Run both commands):
+  1. Set bypass password:
+     npm run set-bypass-password
+  2. Set admin password:
+     npm run set-admin-password
+❌ ALL COMMITS ARE BLOCKED until you change these passwords.
+💡 To skip this check temporarily (NOT RECOMMENDED):
+   SKIP_SECURITY_CHECK=true git commit -m "message"
+`);
+    return false;
+  }
+  // Mark setup as complete
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  fs.writeFileSync(setupFile, new Date().toISOString());
+  console.log('✅ Security check passed - passwords have been changed from defaults.\n');
+  return true;
+}
+/**
+ * Allow skipping security check with env var (for emergencies)
+ */
+function shouldSkipSecurityCheck(): boolean {
+  return process.env.SKIP_SECURITY_CHECK === 'true';
+}
+/**
+ * Main security check with skip option
+ */
+function performSecurityCheck(): boolean {
+  // Allow skip in CI/CD or emergencies
+  if (shouldSkipSecurityCheck()) {
+    console.warn('⚠️  Security check skipped via SKIP_SECURITY_CHECK env var');
+    return true;
+  }
+  return checkSecurity();
+}
+// Export for use in precommit-check
+export { performSecurityCheck as checkSecurity };
+// Run if called directly
+if (require.main === module) {
+  if (!performSecurityCheck()) {
+    process.exit(1);
+  }
+}

package/scripts/view-bypass-log.ts CHANGED Viewed

@@ -11,6 +11,7 @@
  */
 import { generateBypassReport, getBypassesByAuthor, getRecentBypasses } from './utils/bypass-manager';
+import { fetchBypassLogs, isRemoteLoggingEnabled } from './utils/remote-logger';
 import * as logger from './utils/logger';
 function parseArgs(): { author?: string; days?: number } {
@@ -34,10 +35,41 @@ function parseArgs(): { author?: string; days?: number } {
   return opts;
 }
-function main() {
+async function main() {
   logger.header('📊 Code Guardian — Bypass Audit Log');
   const opts = parseArgs();
+  const remoteEnabled = isRemoteLoggingEnabled();
+  // Try remote logs first
+  if (remoteEnabled) {
+    try {
+      console.log('📡 Fetching from remote database...\n');
+      const remoteLogs = await fetchBypassLogs();
+      if (remoteLogs.length === 0) {
+        console.log('✅ No bypasses recorded.\n');
+        return;
+      }
+      console.log(`Found ${remoteLogs.length} bypass(es):\n`);
+      remoteLogs.forEach((entry: any, idx: number) => {
+        const date = new Date(entry.timestamp).toLocaleString();
+        console.log(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        console.log(`${idx + 1}. ${entry.author.name} <${entry.author.email}>`);
+        console.log(`   📅 ${date}`);
+        console.log(`   📝 ${entry.reason}`);
+        console.log(`   🌿 ${entry.branch}`);
+        console.log(`   🔑 ${entry.method}`);
+        console.log(`   📁 ${entry.files.length} file(s)`);
+        console.log('');
+      });
+      return;
+    } catch (error: any) {
+      console.warn('⚠️  Failed to fetch remote logs:', error.message);
+      console.log('Falling back to local logs...\n');
+    }
+  }
   if (opts.author) {
     logger.info(`Filtering by author: ${opts.author}`);
@@ -89,4 +121,7 @@ function main() {
   }
 }
-main();
+main().catch((err) => {
+  console.error('❌ Error:', err.message);
+  process.exit(1);
+});