npm - @highflame/overwatch - Versions diffs - 1.0.0 - Mend

@highflame/overwatch 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/README.md +337 -0
package/bin/overwatch +12 -0
package/dist/auth/cli-oauth.d.ts +13 -0
package/dist/auth/cli-oauth.d.ts.map +1 -0
package/dist/auth/html-utils.d.ts +20 -0
package/dist/auth/html-utils.d.ts.map +1 -0
package/dist/auth/index.d.ts +10 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/oauth.d.ts +81 -0
package/dist/auth/oauth.d.ts.map +1 -0
package/dist/auth/pkce.d.ts +26 -0
package/dist/auth/pkce.d.ts.map +1 -0
package/dist/auth/token-store.d.ts +44 -0
package/dist/auth/token-store.d.ts.map +1 -0
package/dist/bin/overwatch +12 -0
package/dist/cli.d.ts +6 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +5449 -0
package/dist/cli.js.map +7 -0
package/dist/config/index.d.ts +5 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/manager.d.ts +54 -0
package/dist/config/manager.d.ts.map +1 -0
package/dist/daemon.d.ts +11 -0
package/dist/daemon.d.ts.map +1 -0
package/dist/daemon.js +6004 -0
package/dist/daemon.js.map +7 -0
package/dist/data/ingestor.d.ts +31 -0
package/dist/data/ingestor.d.ts.map +1 -0
package/dist/data/processor.d.ts +96 -0
package/dist/data/processor.d.ts.map +1 -0
package/dist/data/reader.d.ts +24 -0
package/dist/data/reader.d.ts.map +1 -0
package/dist/data/recorder.d.ts +12 -0
package/dist/data/recorder.d.ts.map +1 -0
package/dist/engines/cedar.d.ts +41 -0
package/dist/engines/cedar.d.ts.map +1 -0
package/dist/engines/remote.d.ts +21 -0
package/dist/engines/remote.d.ts.map +1 -0
package/dist/engines/yara.d.ts +12 -0
package/dist/engines/yara.d.ts.map +1 -0
package/dist/handlers/dashboard-handler.d.ts +7 -0
package/dist/handlers/dashboard-handler.d.ts.map +1 -0
package/dist/handlers/hook-handler.d.ts +23 -0
package/dist/handlers/hook-handler.d.ts.map +1 -0
package/dist/handlers/oauth-handler.d.ts +12 -0
package/dist/handlers/oauth-handler.d.ts.map +1 -0
package/dist/handlers/scan-handler.d.ts +13 -0
package/dist/handlers/scan-handler.d.ts.map +1 -0
package/dist/handlers/utils.d.ts +11 -0
package/dist/handlers/utils.d.ts.map +1 -0
package/dist/hooks/claudecode/hooks.json.template +20 -0
package/dist/hooks/cursor/hooks.json.template +74 -0
package/dist/hooks/universal-hook.sh +36 -0
package/dist/http/server.d.ts +38 -0
package/dist/http/server.d.ts.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +5941 -0
package/dist/index.js.map +7 -0
package/dist/installer.d.ts +25 -0
package/dist/installer.d.ts.map +1 -0
package/dist/javelin/admin-client.d.ts +75 -0
package/dist/javelin/admin-client.d.ts.map +1 -0
package/dist/javelin/client.d.ts +30 -0
package/dist/javelin/client.d.ts.map +1 -0
package/dist/javelin/config-reader.d.ts +70 -0
package/dist/javelin/config-reader.d.ts.map +1 -0
package/dist/javelin/index.d.ts +5 -0
package/dist/javelin/index.d.ts.map +1 -0
package/dist/javelin/types.d.ts +81 -0
package/dist/javelin/types.d.ts.map +1 -0
package/dist/lib/policy-engine.d.ts +34 -0
package/dist/lib/policy-engine.d.ts.map +1 -0
package/dist/lib/policy-manager.d.ts +86 -0
package/dist/lib/policy-manager.d.ts.map +1 -0
package/dist/module.d.ts +52 -0
package/dist/module.d.ts.map +1 -0
package/dist/pipeline/context-mapper.d.ts +16 -0
package/dist/pipeline/context-mapper.d.ts.map +1 -0
package/dist/pipeline/extractors/claude-extractor.d.ts +48 -0
package/dist/pipeline/extractors/claude-extractor.d.ts.map +1 -0
package/dist/pipeline/extractors/cursor-extractor.d.ts +44 -0
package/dist/pipeline/extractors/cursor-extractor.d.ts.map +1 -0
package/dist/pipeline/extractors/github-copilot-extractor.d.ts +49 -0
package/dist/pipeline/extractors/github-copilot-extractor.d.ts.map +1 -0
package/dist/pipeline/extractors/index.d.ts +47 -0
package/dist/pipeline/extractors/index.d.ts.map +1 -0
package/dist/pipeline/extractors/registry.d.ts +38 -0
package/dist/pipeline/extractors/registry.d.ts.map +1 -0
package/dist/pipeline/hook-pipeline.d.ts +25 -0
package/dist/pipeline/hook-pipeline.d.ts.map +1 -0
package/dist/policy.cedar +783 -0
package/dist/rules/pre/command_injection.yar +60 -0
package/dist/rules/pre/cross_origin_escalation.yar +106 -0
package/dist/rules/pre/mcp_config_risk.yar +35 -0
package/dist/rules/pre/path_traversal.yar +50 -0
package/dist/rules/pre/prompt_injection.yar +101 -0
package/dist/rules/pre/secrets_leakage.yar +100 -0
package/dist/rules/pre/sql_injection.yar +65 -0
package/dist/scanner.d.ts +80 -0
package/dist/scanner.d.ts.map +1 -0
package/dist/service.d.ts +18 -0
package/dist/service.d.ts.map +1 -0
package/dist/services/interface.d.ts +11 -0
package/dist/services/interface.d.ts.map +1 -0
package/dist/services/launchd.d.ts +12 -0
package/dist/services/launchd.d.ts.map +1 -0
package/dist/services/systemd.d.ts +12 -0
package/dist/services/systemd.d.ts.map +1 -0
package/dist/services/windows.d.ts +7 -0
package/dist/services/windows.d.ts.map +1 -0
package/dist/skills/index.d.ts +7 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/scanner.d.ts +44 -0
package/dist/skills/scanner.d.ts.map +1 -0
package/dist/skills/types.d.ts +29 -0
package/dist/skills/types.d.ts.map +1 -0
package/dist/types/config.d.ts +165 -0
package/dist/types/config.d.ts.map +1 -0
package/dist/types/events.d.ts +225 -0
package/dist/types/events.d.ts.map +1 -0
package/dist/types/index.d.ts +6 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/remote-policy.d.ts +129 -0
package/dist/types/remote-policy.d.ts.map +1 -0
package/dist/types/requests.d.ts +45 -0
package/dist/types/requests.d.ts.map +1 -0
package/dist/types/responses.d.ts +60 -0
package/dist/types/responses.d.ts.map +1 -0
package/dist/ui/images/highflame-mono.png +0 -0
package/dist/ui/views/dashboard.ejs +301 -0
package/dist/ui/views/dashboard.js +785 -0
package/dist/ui/views/partials/commands-table.ejs +54 -0
package/dist/ui/views/partials/events-table.ejs +36 -0
package/dist/ui/views/partials/filter-dropdown.ejs +12 -0
package/dist/ui/views/partials/overview-charts.ejs +149 -0
package/dist/ui/views/partials/scans-table.ejs +136 -0
package/dist/ui/views/partials/sessions-table.ejs +50 -0
package/dist/ui/views/partials/stats-grid.ejs +23 -0
package/dist/ui/views/partials/threats-table.ejs +60 -0
package/dist/utils/index.d.ts +3 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/logger.d.ts +28 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/performance.d.ts +26 -0
package/dist/utils/performance.d.ts.map +1 -0
package/dist/utils/port-manager.d.ts +6 -0
package/dist/utils/port-manager.d.ts.map +1 -0
package/dist/yara/engine.d.ts +58 -0
package/dist/yara/engine.d.ts.map +1 -0
package/dist/yara/index.d.ts +5 -0
package/dist/yara/index.d.ts.map +1 -0
package/lib/platform-loader.js +210 -0
package/package.json +63 -0
package/scripts/postinstall.js +121 -0

package/dist/pipeline/extractors/github-copilot-extractor.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * GitHub Copilot Extractor
+ *
+ * Converts GitHub Copilot Agent hook payloads into canonical OverwatchEvent format.
+ * Handles GitHub Copilot hook events as defined in .github/hooks/hooks.json
+ *
+ * GitHub Copilot uses repository-based hooks (.github/hooks/hooks.json) rather than
+ * global IDE hooks. See: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks
+ */
+import { IExtractor } from './index';
+import { OverwatchEvent, IDESource } from '../../types/events';
+export declare class GitHubCopilotExtractor implements IExtractor {
+    /**
+     * Check if the extractor can handle given event from GitHub Copilot
+     */
+    canHandle(event: string, source: IDESource): boolean;
+    /**
+     * Convert GitHub Copilot hook payload to canonical OverwatchEvent
+     */
+    toCanonical(event: string, input: Record<string, any>, source: IDESource): Promise<OverwatchEvent | null>;
+    /**
+     * Extract content to be scanned by security engines
+     */
+    private extractContent;
+    /**
+     * Extract tool name and MCP information
+     */
+    private extractToolInfo;
+    /**
+     * Extract file path from input
+     */
+    private extractFilePath;
+    /**
+     * Extract tool arguments
+     */
+    private extractArguments;
+    /**
+     * Resolve workspace root from various GitHub Copilot formats
+     */
+    private resolveWorkspaceRoot;
+    /**
+     * Generate default response format for GitHub Copilot
+     *
+     * GitHub Copilot hooks expect: { continue: boolean } for blocking hooks
+     * See: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks
+     */
+    getDefaultResponse(event: string, allowed: boolean, reason?: string): Record<string, any>;
+}
+//# sourceMappingURL=github-copilot-extractor.d.ts.map

package/dist/pipeline/extractors/github-copilot-extractor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"github-copilot-extractor.d.ts","sourceRoot":"","sources":["../../../src/pipeline/extractors/github-copilot-extractor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAkB,MAAM,oBAAoB,CAAC;AAG/E,qBAAa,sBAAuB,YAAW,UAAU;IACrD;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO;IAmBpD;;OAEG;IACG,WAAW,CACb,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1B,MAAM,EAAE,SAAS,GAClB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAiEjC;;OAEG;IACH,OAAO,CAAC,cAAc;IA2DtB;;OAEG;IACH,OAAO,CAAC,eAAe;IAoCvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAwB5B;;;;;OAKG;IACH,kBAAkB,CACd,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,GAChB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CAsBzB"}

package/dist/pipeline/extractors/index.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Input Extraction Layer - Core Interfaces
+ *
+ * This module defines the interfaces for extracting and normalizing
+ * diverse input payloads from various IDEs and AI agent frameworks
+ * into a canonical OverwatchEvent schema.
+ */
+import { OverwatchEvent, IDESource } from "../../types/events";
+export { CursorExtractor } from './cursor-extractor';
+export { ClaudeExtractor } from './claude-extractor';
+export { GitHubCopilotExtractor } from './github-copilot-extractor';
+export { ExtractorRegistry } from './registry';
+/**
+ * Extractor Interface
+ *
+ * Each IDE/framework provides an implementation of this interface
+ * to convert its native payload format into the canonical OverwatchEvent.
+ */
+export interface IExtractor {
+    /**
+     * Convert a raw hook payload into a canonical OverwatchEvent
+     *
+     * @param event - The hook event name (e.g., "beforeShellExecution", "PreToolUse")
+     * @param input - The raw payload from the IDE/framework
+     * @param source - The source IDE/framework identifier
+     * @returns Canonical OverwatchEvent or null if event cannot be processed
+     */
+    toCanonical(event: string, input: Record<string, any>, source: IDESource): Promise<OverwatchEvent | null>;
+    /**
+     * Check if this extractor can handle the given event from the given source
+     *
+     * @param event - The hook event name
+     * @param source - The source IDE/framework identifier
+     * @returns true if this extractor can process the event
+     */
+    canHandle(event: string, source: IDESource): boolean;
+    /**
+     * Generate default response format for IDE/framework
+     *
+     * @param event - hook event name
+     * @param allowed - action allowed or denied
+     * @param reason - reason for denial
+     * @returns default response object in the format expected by the IDE/framework
+     */
+    getDefaultResponse(event: string, allowed: boolean, reason?: string): Record<string, any>;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/pipeline/extractors/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/pipeline/extractors/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAG/D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACvB;;;;;;;OAOG;IACH,WAAW,CACP,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1B,MAAM,EAAE,SAAS,GAClB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAElC;;;;;;OAMG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IAErD;;;;;;;OAOG;IACH,kBAAkB,CACd,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,GAChB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC1B"}

package/dist/pipeline/extractors/registry.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+/**
+ * Extractor Registry
+ *
+ * Factory pattern for managing and retrieving extractors for different IDE/framework sources.
+ * Provides a centralized way to register and access extractors.
+ */
+import { IDESource } from '../../types/events';
+import { IExtractor } from './index';
+export declare class ExtractorRegistry {
+    private extractors;
+    /**
+     * Register an extractor for a source
+     */
+    register(source: IDESource, extractor: IExtractor): void;
+    /**
+     * Get extractor for source
+     * Returns null if no extractor is registered for the source
+     */
+    get(source: IDESource): IExtractor | null;
+    /**
+     * Find extractor that can handle the given event from the given source
+     * Checks both source match and canHandle() method
+     */
+    findExtractor(event: string, source: IDESource): IExtractor | null;
+    /**
+     * Check if an extractor is registered for the source
+     */
+    has(source: IDESource): boolean;
+    /**
+     * Get all registered sources
+     */
+    getRegisteredSources(): IDESource[];
+    /**
+     * Create a registry with default extractors (Cursor, Claude Code, GitHub Copilot)
+     */
+    static createDefault(): ExtractorRegistry;
+}
+//# sourceMappingURL=registry.d.ts.map

package/dist/pipeline/extractors/registry.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../src/pipeline/extractors/registry.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAKrC,qBAAa,iBAAiB;IAC1B,OAAO,CAAC,UAAU,CAAyC;IAE3D;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,GAAG,IAAI;IAIxD;;;OAGG;IACH,GAAG,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,IAAI;IAIzC;;;OAGG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,IAAI;IAQlE;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO;IAI/B;;OAEG;IACH,oBAAoB,IAAI,SAAS,EAAE;IAInC;;OAEG;IACH,MAAM,CAAC,aAAa,IAAI,iBAAiB;CAU5C"}

package/dist/pipeline/hook-pipeline.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { IDESource, HookEvent, DetectionResult, PolicyDecision, ThreatSummary, OverwatchEvent } from "../types";
+import { YaraExecutor } from "../engines/yara";
+import { RemoteExecutor } from "../engines/remote";
+import { PolicyManager } from "../lib/policy-manager";
+import { ExtractorRegistry } from "./extractors";
+export interface PipelineResult {
+    response: Record<string, unknown>;
+    evaluations: DetectionResult[];
+    threat_summary: ThreatSummary;
+    decision: PolicyDecision;
+    allowed: boolean;
+    contentLength?: number;
+    overwatchEvent?: OverwatchEvent;
+}
+export declare class HookPipeline {
+    private yaraExecutor;
+    private remoteExecutor;
+    private policyManager;
+    private onFirstInstall;
+    private extractorRegistry;
+    constructor(yaraExecutor: YaraExecutor, remoteExecutor: RemoteExecutor, policyManager: PolicyManager, onFirstInstall: (source: IDESource) => void, extractorRegistry: ExtractorRegistry);
+    process(source: IDESource, event: HookEvent, input: Record<string, unknown>): Promise<PipelineResult>;
+    private buildThreatSummary;
+}
+//# sourceMappingURL=hook-pipeline.d.ts.map

package/dist/pipeline/hook-pipeline.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hook-pipeline.d.ts","sourceRoot":"","sources":["../../src/pipeline/hook-pipeline.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,eAAe,EACf,cAAc,EACd,aAAa,EAEb,cAAc,EACf,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,WAAW,EAAE,eAAe,EAAE,CAAC;IAC/B,cAAc,EAAE,aAAa,CAAC;IAC9B,QAAQ,EAAE,cAAc,CAAC;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,qBAAa,YAAY;IAErB,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,iBAAiB;gBAJjB,YAAY,EAAE,YAAY,EAC1B,cAAc,EAAE,cAAc,EAC9B,aAAa,EAAE,aAAa,EAC5B,cAAc,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,IAAI,EAC3C,iBAAiB,EAAE,iBAAiB;IAGxC,OAAO,CACX,MAAM,EAAE,SAAS,EACjB,KAAK,EAAE,SAAS,EAChB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,cAAc,CAAC;IAwI1B,OAAO,CAAC,kBAAkB;CA8D3B"}